Posts Tagged ‘exchange 2010’

Recently had a user not be able to delete items from another Users exchange Mailbox ( 2010 )  apart from having full permissions to the Mailbox 

Exchange 2010 Mailbox has a 30GB limit of the Recoverable Items Folder

To find this current quota run : 

Get-MailboxFolderStatistics -Identity %username% -FolderScope RecoverableItems | Format-List

To delete them , run : 

Search-mailbox -identity %username% -SearchDumpsterOnly -DeleteContent


VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently had an SBS2011 Server with Exchange 2010 bring up SMTP Errors of

554 5.2.0 STOREDRV.Deliver.Exception:StoragePermanentException.MapiExceptionCallFailed; Failed to process message due to a permanent exception with message Cannot open mailbox

The DB was mounted fine and I could create new users

Mapi would not connect via Outlook 

Opening the mailbox in OWA would bring : 

Exception type: Microsoft.Exchange.Data.Storage.StoragePermanentException
Exception message: Cannot query rows in a table.

This was for all users

In the end I had to 

Dismount DB

eseutil /p “C:\Program Files\Microsoft\Exchange Server\V14\Mailbox\Mailbox Database\Mailbox Database.edb”

You can try mounting the database. If it mounts, you are good to go, if it doesn’t you have to check the logs:

Check and Repair the database logs

2. Check the exchange logs (don’t forget to specify E00 – the starting sequence for the logs)

eseutil /ml “C:\Program Files\Microsoft\Exchange Server\V14\Mailbox\Mailbox Database\E00”

2.a There will be a list of logs and depending on their state, you may get an error. (They should all say OK, if the logs are clean) Errors vary, but most likely it is a file corruption and needs a chkdsk to run.

As a sidenote, if the database state is Clean Shutdown you can safely remove the logs.

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently had a client delay receiving emails

A check of SMTP logs showed

4.7.0 SMTP; 403 4.7.0 TLS handshake failed

To investigate : 

Open Exchange Management Console

Go to Server Configuration and check Exchange Certificates check if there are any expired with SMTP next to them

Renew Self Signed Certificates  :

  1. type Get-ExchangeCertificate to list the installed certificates

  2. Match the certificate to the expired certificate (using subject the name and services) from the Console then copy the associated thumbprint

  3. Type Get-ExchangeCertificate –Thumbprint INSERTTHUMBPRINTHERE | New-ExchangeCertificate

Renew Third Party Cert

  1. Go through the process of Renewal with your Third Party SSL Authority

To disable Receiving email via TLS

Go to Hub Transport under Server Configuration, then Untick Transport Layer Security (TLS) for each Receiver Connector

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Opening OWA produced the following error : A mailbox couldn’t be found for Domain\User. If the problem continues, contact your helpdesk.

Opening Outlook produced  Outlook cannot open the file because it is not associated with the default

Even though the user was in the GAL , Sending a user an email produced the following bounce back:

#554-5.2.1 mailbox disabled 554 5.2.1 STOREDRV.Deliver.Exception:AccountDisabledException.MapiExceptionMailboxDisabled;

Run this after Disabling a Mailbox ( it’s a nightly job otherwise ) 

Get-MailboxDatabase | Clean-MailboxDatabase


VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)


The following will check members in a group and make sure they have a custom attritbute value

# Connect to Exchange server and load Exchange powershell modules
. 'C:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1'
Connect-ExchangeServer -auto
Import-Module ActiveDirectory
$groupdn = (Get-ADGroup '#Group Name').DistinguishedName
$users = Get-ADUser -Filter {(memberof -eq $groupdn)}
foreach($user in $users){
#If user is not
if($ -ne "Users Name"){
#if the CustomAttrribte is Blank
if((Get-Mailbox -Identity $ | select -ExpandProperty CustomAttribute1) -eq {}) {
#if the CustomAttrribte is not equal to a value
#if((Get-Mailbox -Identity $ | select -ExpandProperty CustomAttribute1) -ne "value") {
#Show their name
 ($ } } }


VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

This Exports a report of emails and also a copy of all the emails to a mailbox ( Disovery ) you can do this via the Web Based Gui : https://youwebmaildomain/ecp/?rfr=owa with the right user permissions

New-MailboxSearch -Name "WeekendOutage-Search" -StartDate "1/1/2009" -EndDate "12/31/2009" -SourceMailboxes "Amit Tank" -TargetMailbox "Discovery Search Mailbox" -SearchQuery '"Weekend" and "Outage"' -MessageTypes Email -IncludeUnsearchableItems -LogLevel Full

But you cannot exclude emails from specific domains from this discovery search .e.g only sent from Externally. You can exclude Generic Keywords using NOT in the -SearchQuery but its generic to the email like the search Query above.

The New-MailboxExportRequest Should be able to do this but it doesn’t , just exports everything probably because the operator is too specific and doesn’t suport -notlike 🙁

New-MailboxExportRequest -Mailbox "Discovery Search Mailbox" -contentfiler{sender -ne "*"} -Filepath \\samba\share\withexchangepermissions\file.pst

But we can actually just delete all the Internal Mail using Search Mailbox


Search-Mailbox -Identity "Discovery Search Mailbox" -searchquery 'From:""' -DeleteContent

Now we can just export this to a PST

New-MailboxExportRequest -Mailbox "Discovery Search Mailbox" -Filepath \\samba\share\withexchangepermissions\file.pst
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

sendonbehalfofSent items dissappear during an exchange migration between operators and secretaries due to mixes of Exchange 2010 and 2003 for example:

  • Exchange2003User1
  • Exchange2003User2
  • Exchange2010User3


Current Enviroment 2003 : When I send from Exchange2003User1 onbehalf of Exchange2003User2 at the moment it puts the email in the Sent Item of Exchange2003User1


Secretary 2003 and Operator 2010 : When I send from Exchange2003User1 ( 2003 Mailbox ) onbehalf of Exchange2010User3  it replicates the above and puts the Sent Item of Exchange2003User1


Secretary 2010 and Operator 2003 : When I send from Exchange2010User3 onbehalf of Exchange2003User1 the sent email disappears ( does not get stored anywhere )


This means we will need to migrate all the operators before the secretaries move, and the secretaries can move one at a time after. Hope this helps now with UAT group!

Exchange Commands

In Exchange 2010 you can configure this server side to duplicate to both sender and from address.

Set-MailboxSentItemsConfiguration <mailbox id> [-SendAsItemsCopiedTo [Sender|SenderAndFrom]] [-SendOnBehalfOfItemsCopiedTo [Sender|SenderAndFrom]]

Outlook Commands

*NB Outlook will need to be in Cached Mode

Consider the following scenario. You use Outlook 2010 and are a delegate for your manager. Even though theDelegateSentItemsStyle registry value is set to 1, an email message that you send on behalf of your manager is saved in yourSent Items folder.

Key: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Preferences
Name: DelegateSentItemsStyle
Value: 1


VN:F [1.9.22_1171]
Rating: 10.0/10 (1 vote cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Needed to check all users who had SEND AS Permissions for someone else in the Exchange Enviroment apart from themselves and e.g. BESADMIN or other service accounts. Below is the command line

Get-Mailbox -Resultsize Unlimited | Get-ADPermission | ? {($_.ExtendedRights -like "*send-as*") -and -not ($_.User -like "nt authority\self") -and -not ($_.User -like "Domain\BESAdmin") -and -not ($_.User -like "domain\user")} | ft Identity, User -auto

As per the track back , can be limited to a specific OU

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Modified from the tracked back URL , this goes through all mailbox’s on the Exchange server and export’s their Mailbox Access Perimissions to CSV Files inside C:\Export\ and also any extra folder permissions that have been assigned to any other folders :

(Blank Folder name means mailbox access! )


$Mailboxes = Get-Mailbox -ResultSize Unlimited
ForEach ($Mailbox in $Mailboxes) {
$MBXFolders = @() 
$MBXFoldersCorr = New-Object System.Collections.ArrayList 
$Permissions = @() 
$MBX_tocheck = "$Mailbox" $MBXFolders = Get-MailboxFolderStatistics 
$MBX_tocheck | select folderpath
$Permissions += Get-MailboxPermission -Identity "$Mailbox" | where {$_.user.tostring() -ne "NT AUTHORITY\SELF" -and $_.IsInherited -eq $false} |
Select User,@{Name='AccessRights';Expression={[string]::join(', ', $_.AccessRights)}}
foreach ($item in $MBXFolders) {  $temp = $item.FolderPath  $temp = $Temp.Replace("/","\")  $MBXFoldersCorr.Add($temp) | out-null } foreach ($item in $MBXFoldersCorr) { Try {  $MailboxFolder = $MBX_tocheck + ":" + $item  $Permissions += $(Get-MailboxFolderPermission $MailboxFolder -ErrorAction Stop | Select-Object FolderName,User,AccessRights | where {
($_.AccessRights -notcontains “None”)})  } Catch {
 Continue  } }
 $Permissions | Select FolderName,User,@{Name='AccessRights';Expression={[string]::join(";", ($_.AccessRights))}}  | export-csv -path "C:\Export\


Get list of Full Access Mailbox permissions 

Get-Mailbox | Get-MailboxPermission | where { ($_.AccessRights -eq "FullAccess") -and ($_.IsInherited -eq $false) -and -not ($_.User -like "NT AUTHORITY\SELF") } | ft @{Name="Identity";expression={($_.Identity -split "/")[-1]}}, User -AutoSize

For Office 365

$Mailboxes = Get-Mailbox -ResultSize Unlimited
ForEach ($Mailbox in $Mailboxes) {
Get-MailboxFolderPermission -identity $ | Where AccessRights -ne "None" |FL

$Mailboxes = Get-Mailbox -ResultSize Unlimited

ForEach ($Mailbox in $Mailboxes) {

Get-MailboxFolderPermission -identity $ | Where AccessRights -ne “None” |FL


Get all current Mailbox Forwards

Get-mailbox -ResultSize unlimited | select DisplayName,ForwardingAddress | where {$_.ForwardingAddress -ne $Null}

A cool feature to make this better , would be to email this report out to each user so they can see the permissions on their mailbox and alter themselves or speak to the helpdesk!

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

After a Windows Update, Mail Enabled Public Folders produce the following NDR

#554 5.2.0 STOREDRV.Deliver.Exception:ObjectNotFoundException; Failed to process message due to a permanent exception with message The Active Directory user wasn’t found. ObjectNotFoundException: The Active Directory user wasn’t found. ##

To Fix this do the following :

Go to adsiedit.msc.

Locate: CN=Configuration\services\Microsoft Exchange\Administrative Groups\Name of Legacy Admin Group\Servers

Check that the “Servers” container is empty. If so, right-click on “Servers” and delete the container.

VN:F [1.9.22_1171]
Rating: 6.0/10 (1 vote cast)
VN:F [1.9.22_1171]
Rating: +2 (from 2 votes)