Archive for David Shackelford

Adding permissions in a cross-forest migration

This week I was working on a cross-forest migration, and instead of using linked mailboxes to set things up and moving mailboxes, I ended up using the CodeTwo migration tool. In that scenario I had live accounts in both forests, and I wanted to allow the users to continue to use their accounts in the original forest to access their mailboxes in the new forest.

To do this, I needed to use the Add-MailboxPermission command on each mailbox, giving their account in the other forest full access. Here’s what I ended up doing:

foreach ($Mailbox in (Get-Mailbox -ResultSize Unlimited)) { Add-MailboxPermission -identity "$($Mailbox.Name)" -AccessRights FullAccess -User "olddomain\$($Mailbox.Alias)" }

Handy way to manage Distro List maintenance

Some organizations end up having cluttered distribution lists still populated with mailboxes belonging to employees who have left the company. One strategy I’ve employed is when an employee leaves, to add their mailbox to a Distribution List I call “Sunset”. That list contains all non-active employees whose mailboxes have not been deleted yet.

Once the mailbox is listed there, I can simply run the following script.

$allgroups=get-distributiongroup -filter {DisplayName -ne "Sunset"}
Get-DistributionGroupMember Sunset | remove-distributiongroupmember $allgroups

This checks every distribution group’s membership against the Sunset DL’s membership and removes any members of the Sunset list from the other lists.

Finding messages stuck in outboxes

Sometimes you encounter problems with the transport queues or with mailflow that are difficult to track down. Maybe your mail.queue file is ballooning in size even though you’ve replaced it with a fresh one. Maybe outbound mail isn’t going out as quickly as it used to.

One diagnostic in this situation is to determine whether any of the mailboxes have messages sitting in the Outbox. Sometimes large messages in the outbox can create loops if they are too large but you’ve removed all max-send-size limits. Sometimes the message in the Outbox is corrupted and is continually resubmitted to queuing.

The following script will look at all the mailboxes for messages in the Outbox and will compile a report of the mailboxes with items in their outboxes. Once you have the report, you can look at certain mailboxes with OWA and delete any problem items you find.

Get-Mailbox -ResultSize Unlimited | Get-MailboxFolderStatistics | Where-Object {$_.Name -eq "Outbox" -and $_.ItemsInFolder -gt '0' } | Select-Object Identity, FolderType, ItemsinFolder, FolderSize | Export-CSV "C:\Outbox.csv"

Setting Anti-Spam and Junk Settings

If you are using the native Exchange 2013 anti-spam settings, you may also want to configure how the users are handling their junk mail and what the thresholds are for sending messages to their Junk folders. Since none of this is found in the GUI anymore, it’s helpful to know the PowerShell commands.

What I typically do when setting up a new Exchange 2013 server that is going to handle its own anti-spam settings is to first enable the anti-spam components. I do that by running the install-antispamagents.ps1 script in the Scripts directory from an escalated Exchange PowerShell prompt.

Once that’s done, I run the following to set the basic SpamConfidenceLevel to 8 and to reject messages for the ContentFiltering agent: Read more