Windows/exchange
Inhaltsverzeichnis
- 1 PowerShell
- 1.1 possible access rights
- 1.2 create mailbox
- 1.3 create linked mailbox
- 1.4 Repair Mailbox
- 1.5 add mailbox permissions
- 1.6 remove mailbox permissions
- 1.7 add/remove 'Send as' permissions
- 1.8 add mailbox folder permissions
- 1.9 get mailbox permissions
- 1.10 enable autoreply / vacation message
- 1.11 disable auto-reply / vacation message
- 1.12 get distribution group members
- 1.13 Get Mailbox by ExchangeGuid/Mapi-session
- 1.14 Logging
- 1.15 move mailbox between exchange-databases
- 1.16 set thumbnail-image
- 2 GUI
PowerShell
powershell commands
possible access rights
The Access Rights parameters are as below: ReadItems: The user has the right to read items within the specified folder. CreateItems The user has the right to create items within the specified folder. EditOwnedItems The user has the right to edit the items that the user owns in the specified folder. DeleteOwnedItems The user has the right to delete items that the user owns in the specified folder. EditAllItems The user has the right to edit all items in the specified folder. DeleteAllItems The user has the right to delete all items in the specified folder. CreateSubfolders The user has the right to create subfolders in the specified folder. FolderOwner The user is the owner of the specified folder. The user has the right to view and move the folder and create subfolders. The user can’t read items, edit items, delete items, or create items. FolderContact The user is the contact for the specified public folder. FolderVisible The user can view the specified folder, but can’t read or edit items within the specified public folder. The Roles with which we can provide the access rights are as below: None FolderVisible Owner CreateItems, ReadItems, CreateSubfolders, FolderOwner, FolderContact, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems PublishingEditor CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems Editor CreateItems, ReadItems, FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems PublishingAuthor CreateItems, ReadItems, CreateSubfolders, FolderVisible, EditOwnedItems, DeleteOwnedItems Author CreateItems, ReadItems, FolderVisible, EditOwnedItems, DeleteOwnedItems NonEditingAuthor CreateItems, ReadItems, FolderVisible Reviewer ReadItems, FolderVisible Contributor CreateItems, FolderVisible Ref: http://technet.microsoft.com/en-us/library/dd298062(v=exchg.150).aspx The following roles apply specifically to calendar folders: AvailabilityOnly View only availability data LimitedDetails View availability data with subject and location
create mailbox
Create a new mailbox
New-Mailbox -Name 'prospect NL' -Alias 'prospect.nl' -OrganizationalUnit 'arifleet.com/ARI Fleet Europe/Stuttgart/Rooms and Equipment' \ -UserPrincipalName 'prospect.nl@arifleet.com' -SamAccountName 'prospect.nl' -FirstName 'prospect' -Initials -LastName 'NL' \ -Password 'System.Security.SecureString' -ResetPasswordOnNextLogon $false -Database 'Stuttgart Mailbox DB One'
create linked mailbox
New-Mailbox -Name 'Koroch, Ernst' -Alias 'ekoroch' -OrganizationalUnit 'arifleet.com/ARI Fleet Europe/Stuttgart/Users' -UserPrincipalName \ 'ekoroch@arifleet.com' -SamAccountName 'ekoroch' -FirstName 'Ernst' -Initials -LastName 'Koroch' -Database 'Stuttgart Mailbox DB One' \ -LinkedMasterAccount 'fleetservices\ekoroch' -LinkedDomainController 'dc03.fleetservices.intra' -LinkedCredential \ 'System.Management.Automation.PSCredential'
Repair Mailbox
see: https://technet.microsoft.com/en-us/library/ff625221(v=exchg.141).aspx
New-MailboxRepairRequest -Mailbox <Emailaddress> -CorruptionType SearchFolder [-DetectOnly]
add mailbox permissions
Add full access to mailbox 'mailbox@arifleet.de' for user 'DOMAIN\user':
Add-MailboxPermission -Identity mailbox@arifleet.de -User DOMAIN\user -AccessRights Fullaccess -InheritanceType All
-AccessRights <right>
where <right> may be
FullAccess ExternalAccount DeleteItem ReadPermission ChangePermission ChangeOwner
disable auto-mapping of
-Automapping $false
remove mailbox permissions
remove-MailboxPermission -Identity mailbox@arifleet.de -user domari\user -AccessRights Fullaccess -inheritance all
add/remove 'Send as' permissions
Add-ADPermission -Identity 'CN=Mahnwesen,OU=Users,OU=Stuttgart,OU=ARI Fleet Europe,DC=arifleet,DC=com' -User 'DOMARI\ntrgovcevic' -ExtendedRights 'Send-as'
You can grant the permissions by using Active Directory Users & Computers. Simply open the properties of the group, switch to the Security tab, add the mailbox user or group, and then tick the Send As box and apply the change. After making this change you may notice that it does not take effect for up to 2 hours. This is due to caching on the Exchange servers. Though you can speed up the change by restarting the Information Store that is obviously not going to be practical in most production environments, so you’ll often find that you just need to wait.
Remove-ADPermission -Identity 'CN=Mahnwesen,OU=Users,OU=Stuttgart,OU=ARI Fleet Europe,DC=arifleet,DC=com' -User 'DOMARI\ntrgovcevic' -ExtendedRights 'Send-as'
'Send as'/'SendOnBehalf' Distributiongroups
Set-DistributionGroup <DistributionGroupName> -GrantSendOnBehalfTo USER@arifleet.com
and sendOnBehalf for Distributiongroups
add mailbox folder permissions
Add-MailboxFolderPermission -Identity poolcar@netcar24.com:\Calendar -user csteidl@arifleet.com -AccessRights <see RIGHTS>
Set default-rights for ressource mailboxes (to show up subjects a.s.o.):
Set-MailboxFolderPermission meetingroom:\Calendar -User Default -AccessRights Reviewer
get mailbox permissions
get permissions of fhess on mailbox prospect.be
Get-MailboxPermission -Identity prospect.be@arifleet.com -User "fhess"
get folder permissions
get-mailboxfolderpermission -identity fhess
enable autoreply / vacation message
set the message (optionally) and enable auto reply
$message = get-content message.txt Set-MailboxAutoReplyConfiguration <alias> -AutoReplyState enabled \ -ExternalAudience <none/all/known> \ -InternalMessage "$message" \ -ExternalMessage "$message"
disable auto-reply / vacation message
disable auto reply
Set-MailboxAutoReplyConfiguration <alias> -AutoReplyState disabled
get distribution group members
get-distributiongroupmember <group>
get-distributiongroupmember mailaddress@arifleet.de
Get Mailbox by ExchangeGuid/Mapi-session
get-mailbox -ResultSize unlimited | where {$_.ExchangeGuid -eq "265182e3-a31c-4a9f-e38e-687f5a7c2d6b"}
Logging
further logfiles can be found here:
C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ProtocolLog
Track accross multiple servers
get-transportserver
e.g. that to "get-messagetrackinglog":
get-transportserver | get-messagetrackinglog
message tracking
get-messagetrackinglog -Sender 'user@arifleet.de' -Start "5/04/2015 5:00:00 AM" -End "5/15/2015 8:30:00 AM"
get-transportserver | get-messagetrackinglog -Sender 'system-mail.it@arifleet.de' \ -Start "6/01/2015 5:00:00 AM" \ -End "6/01/2015 10:30:00 AM" \ -resultsize unlimited | ft -Wrap
-MessageSubject <String> -Recipients <String[]> -Start/-End (get-date).AddHours(-1).toString() -ResultSize Unlimited
some more examples:
get-messagetrackinglog -Recipients:recipient@email.be -Start "6/8/2015 4:42:00 AM" -End "6/9/2015 9:52:00 PM" | Select *,{$_.Recipients} | export-csv .\maillog.csv
Get-MessageTrackingLog -resultsize unlimited | \ where-object {$_.Recipients -like “*@gmail.com, *@yahoo.com” -AND $_.EventId -eq “Send”} |ft -auto >>C:\External mails.txt
Get-MessageTrackingLog -resultsize unlimited | sort -property Timestamp
move mailbox between exchange-databases
Move Mailboxes between exchange >= 2010 servers
the output is piped into 'ft' (format table) to get complete output and not stripped it...
New-MoveRequest -Identity mailbox@arifleet.de -TargetDatabase ‘Whatever Database-Name 001’ | ft -AutoSize -Wrap
set thumbnail-image
from an exchange server
Import-RecipientDataProperty -Identity dSchlenzig -Picture -FileData \ ([Byte[]]$(Get-Content -path ".\thumb-DOMARI.jpg" -Encoding Byte -ReadCount 0))
from an AD
$photo = [byte[]](Get-Content path of pic -Encoding byte) Set-ADUser username -Replace @{thumbnailPhoto=$photo}
GUI
some stuff i used the GUI for
Relay Configuration
Go:
Server-Configuration --> Hub Transport --> Receive Connectors (Tab)
- Select a valuable connector which matches you needs or create a new. - for me there was 'Relay internal' which was to allow anonymous connects from spec. hosts/nets --> Double-Click - Switch to 'Network'-Tab --> Add IP or rage to lower box.