Windows/exchange: Unterschied zwischen den Versionen

Aus SchnallIchNet
Wechseln zu: Navigation, Suche
(message tracking)
(add mailbox folder permissions)
Zeile 103: Zeile 103:
  
 
  Add-MailboxFolderPermission -Identity poolcar@netcar24.com:\Calendar -user csteidl@arifleet.com -AccessRights [[Windows/exchange#possible_access_rights|<see RIGHTS>]]
 
  Add-MailboxFolderPermission -Identity poolcar@netcar24.com:\Calendar -user csteidl@arifleet.com -AccessRights [[Windows/exchange#possible_access_rights|<see RIGHTS>]]
 +
 +
Set default-rights for ressource mailboxes (to show up subjects a.s.o.):
 +
 +
Set-MailboxFolderPermission meetingroom:\Calendar -User Default -AccessRights Reviewer
  
 
=== get mailbox permissions ===
 
=== get mailbox permissions ===

Version vom 25. November 2015, 12:17 Uhr

PowerShell

powershell commands


possible access rights

 The Access Rights parameters are as below:

    ReadItems:  The user has the right to read items within the specified folder.
    CreateItems   The user has the right to create items within the specified folder.
    EditOwnedItems   The user has the right to edit the items that the user owns in the specified folder.
    DeleteOwnedItems   The user has the right to delete items that the user owns in the specified folder.
    EditAllItems   The user has the right to edit all items in the specified folder.
    DeleteAllItems   The user has the right to delete all items in the specified folder.
    CreateSubfolders   The user has the right to create subfolders in the specified folder.
    FolderOwner   The user is the owner of the specified folder. The user has the right to view and move the folder and create subfolders. The user can’t read items, edit items, delete items, or create items.
    FolderContact   The user is the contact for the specified public folder.
    FolderVisible   The user can view the specified folder, but can’t read or edit items within the specified public folder.

The Roles with which we can provide the access rights are as below:

    None   FolderVisible
    Owner   CreateItems, ReadItems, CreateSubfolders, FolderOwner, FolderContact, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
    PublishingEditor   CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
    Editor   CreateItems, ReadItems, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
    PublishingAuthor   CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, DeleteOwnedItems
    Author   CreateItems, ReadItems, FolderVisible, EditOwnedItems, DeleteOwnedItems
    NonEditingAuthor   CreateItems, ReadItems, FolderVisible
    Reviewer   ReadItems, FolderVisible
    Contributor   CreateItems, FolderVisible

Ref: http://technet.microsoft.com/en-us/library/dd298062(v=exchg.150).aspx

The following roles apply specifically to calendar folders:

    AvailabilityOnly   View only availability data
    LimitedDetails   View availability data with subject and location


create mailbox

Create a new mailbox

New-Mailbox -Name 'prospect NL' -Alias 'prospect.nl' -OrganizationalUnit 'arifleet.com/ARI Fleet Europe/Stuttgart/Rooms and Equipment' \
  -UserPrincipalName 'prospect.nl@arifleet.com' -SamAccountName 'prospect.nl' -FirstName 'prospect' -Initials  -LastName 'NL' \
  -Password 'System.Security.SecureString' -ResetPasswordOnNextLogon $false -Database 'Stuttgart Mailbox DB One'


create linked mailbox

New-Mailbox -Name 'Koroch, Ernst' -Alias 'ekoroch' -OrganizationalUnit 'arifleet.com/ARI Fleet Europe/Stuttgart/Users' -UserPrincipalName \
'ekoroch@arifleet.com' -SamAccountName 'ekoroch' -FirstName 'Ernst' -Initials  -LastName 'Koroch' -Database 'Stuttgart Mailbox DB One' \
-LinkedMasterAccount 'fleetservices\ekoroch' -LinkedDomainController 'dc03.fleetservices.intra' -LinkedCredential \
'System.Management.Automation.PSCredential'


add mailbox permissions

Add full access to mailbox 'mailbox@arifleet.de' for user 'DOMAIN\user':

Add-MailboxPermission -Identity mailbox@arifleet.de -User DOMAIN\user -AccessRights Fullaccess -InheritanceType All

-AccessRights <right>
where <right> may be

FullAccess
ExternalAccount
DeleteItem
ReadPermission
ChangePermission
ChangeOwner

disable auto-mapping of

-Automapping $false


remove mailbox permissions

remove-MailboxPermission -Identity mailbox@arifleet.de -user domari\user -AccessRights Fullaccess -inheritance all


add/remove 'Send as' permissions

Add-ADPermission -Identity 'CN=Mahnwesen,OU=Users,OU=Stuttgart,OU=ARI Fleet Europe,DC=arifleet,DC=com' -User 'DOMARI\ntrgovcevic' -ExtendedRights 'Send-as'

You can grant the permissions by using Active Directory Users & Computers. Simply open the properties of the group, switch to the Security tab, add the mailbox user or group, and then tick the Send As box and apply the change. After making this change you may notice that it does not take effect for up to 2 hours. This is due to caching on the Exchange servers. Though you can speed up the change by restarting the Information Store that is obviously not going to be practical in most production environments, so you’ll often find that you just need to wait.

Remove-ADPermission -Identity 'CN=Mahnwesen,OU=Users,OU=Stuttgart,OU=ARI Fleet Europe,DC=arifleet,DC=com' -User 'DOMARI\ntrgovcevic' -ExtendedRights 'Send-as'


'Send as'/'SendOnBehalf' Distributiongroups

Set-DistributionGroup <DistributionGroupName> -GrantSendOnBehalfTo USER@arifleet.com

and sendOnBehalf for Distributiongroups

add mailbox folder permissions

Add-MailboxFolderPermission -Identity poolcar@netcar24.com:\Calendar -user csteidl@arifleet.com -AccessRights <see RIGHTS>

Set default-rights for ressource mailboxes (to show up subjects a.s.o.):

Set-MailboxFolderPermission meetingroom:\Calendar -User Default -AccessRights Reviewer

get mailbox permissions

get permissions of fhess on mailbox prospect.be

Get-MailboxPermission -Identity prospect.be@arifleet.com -User "fhess"

get folder permissions

get-mailboxfolderpermission -identity fhess


enable autoreply / vacation message

set the message (optionally) and enable auto reply

$message = get-content message.txt
Set-MailboxAutoReplyConfiguration <alias> -AutoReplyState enabled \
                                          -ExternalAudience <none/all/known> \
                                          -InternalMessage "$message" \
                                          -ExternalMessage "$message"


disable auto-reply / vacation message

disable auto reply

Set-MailboxAutoReplyConfiguration <alias> -AutoReplyState disabled


get distribution group members

get-distributiongroupmember <group>
get-distributiongroupmember mailaddress@arifleet.de


Logging

further logfiles can be found here:

C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ProtocolLog


Track accross multiple servers

get-transportserver


e.g. that to "get-messagetrackinglog":

get-transportserver | get-messagetrackinglog


message tracking

get-messagetrackinglog -Sender 'user@arifleet.de' -Start "5/04/2015 5:00:00 AM" -End "5/15/2015 8:30:00 AM"
get-transportserver | get-messagetrackinglog -Sender 'system-mail.it@arifleet.de' \
                                             -Start "6/01/2015 5:00:00 AM" \
                                             -End "6/01/2015 10:30:00 AM" \
                                             -resultsize unlimited | ft -Wrap
-MessageSubject <String>
-Recipients <String[]>
-Start/-End (get-date).AddHours(-1).toString()
-ResultSize Unlimited

some more examples:

get-messagetrackinglog -Recipients:recipient@email.be -Start "6/8/2015 4:42:00 AM" -End "6/9/2015 9:52:00 PM" | Select *,{$_.Recipients} | export-csv .\maillog.csv
Get-MessageTrackingLog -resultsize unlimited | \
where-object {$_.Recipients -like “*@gmail.com, *@yahoo.com” -AND $_.EventId -eq “Send”} |ft -auto >>C:\External mails.txt
Get-MessageTrackingLog -resultsize unlimited | sort -property Timestamp

move mailbox between exchange-databases

Move Mailboxes between exchange >= 2010 servers
the output is piped into 'ft' (format table) to get complete output and not stripped it...

New-MoveRequest -Identity mailbox@arifleet.de -TargetDatabase ‘Whatever Database-Name 001’ | ft -AutoSize -Wrap


set thumbnail-image

Import-RecipientDataProperty -Identity dSchlenzig -Picture -FileData \
([Byte[]]$(Get-Content -path ".\thumb-DOMARI.jpg"  -Encoding Byte -ReadCount 0))


GUI

some stuff i used the GUI for


Relay Configuration

Go:

Server-Configuration --> Hub Transport --> Receive Connectors (Tab)
- Select a valuable connector which matches you needs or create a new.
- for me there was 'Relay internal' which was to allow anonymous connects from spec. hosts/nets --> Double-Click
- Switch to 'Network'-Tab --> Add IP or rage to lower box.