ExMerge has been around for a long time, its used (as the name implies) to merge pst files into existing mailbox’s. However its also a great tool to export/backup users mail box’s if you’re doing a migration, or if you have got your “Disaster Recovery” hat on.
The following is a run through of how to export from a mail store to pst files – Note on a live system this can take some time, the example below was done in VMware on a test Exchange box that had 1000 users (as it was a test server the mailbox’s were tiny) If you need to do this on a production server plan in a LOT of time if your moving a large amount of data.
Solution
Note: I’ve mentioned it in the video, but just to reiterate, your mailbox’s need to be smaller than 2GB, if that can not be achieved, you can either;
1. Use ExMerge and export particular “date ranges” and produce multiple .pst files for the same mailbox (hopefully less than 2GB).
Saw this asked in a forum today, and my response was;
It never gets smaller, if you delete things out of it, it just creates more ‘whitespace’ within the database, unless you;
a) Take it offline, and defragment it using eseutil.
b) Move the mailboxes out of it, to another database and delete it.
Which is true, but even Microsoft say you should not need to defragment a database! Before you do anything make sure you have a good backup of Exchange and the mailbox databases!
Defragment an Exchange Database
Stop! Why are you doing this, if it’s because you are running out of room, then migrating mailboxes out of a database into another database, on another piece of storage with more room is what you should be doing, and does not involve long periods of downtime!
If you have just deleted hundreds of GB from a mailbox database, and you simply want to compress the DB, and you have a BIG window for downtime, (allow 1 hour for every 9GB of database size). Then you are in about the only use case scenario I can think of to want to do this!
Before You start: This process creates a temporary mailbox database, (you need to tell it where), if you are pressed for room, I suggest you add another volume/drive and put it there. (Though in my example I have room in the same folder). Allow for the entire database’s existing size plus ten percent to be on the safe side.
Let’s have a look, and see how much room we might be able to reclaim (whitespace);
The database has to be dismounted before you can run Eseutil on it (downtime starts here).
[box]
Dismount –Database Database Name
Eseutil /d C:\Folder\DatabaseName.edb> /t T:\Folder\TempDB.edb>"
[/box]
When complete, mount the datastore again, (downtime ends here).
[box]
Mount-Database Database Name
[/box]
Hopefully you should see the whitespace has decreased.
Don’t forget to set off a full backup of the store as soon at it’s back online.
Move Mailboxes To Another Exchange Database (To Reclaim Space)
This is the much more elegant solution, create a shiny new database move everything from the old database into the new one, and delete the old database.
Will This Impact My Users? Any user using their mailbox while it is getting moved wont be affected, until the move is complete then they will see a popup that looks like;
The Microsoft Exchange administrator has made a change that requires you quit and restart Outlook.
Cool eh! So lets start by creating a New Mailbox Database.
[box]
New-MailboxDatabase -Name New Database Name -EdbFilePath C:\Folder\DB-Name.edb -LogFolderPath C:\Folder\Folder\
[/box]
Make sure you follow the advice and restart the information store, (yes you can mount the new DB and proceed, but Exchange does not allocate the resources correctly if you do this).
[box]
Restart-Service MSExchangeIS
[/box]
Let’s move our ‘Normal’ mailboxes to the new DB.
[box]
Get-Mailbox -Resultsize Unlimited | New-MoveRequest -TargetDatabase Target Database Name
[/box]
Depending on how many (and how large) mailboxes there are this can take a while, (days for large databases!) When they’ve all completed you need to remove the move requests, (if you have any failures, or speed issues use the search box above, I’ve had to cope with thousands of these things not working correctly in my time!)
Let’s assume we are all moved, so we want to remove the move requests.
Every iteration of Exchange comes up with some new system/hidden mailbox type that stops me deleting mailbox databases!
[box]
This mailbox database contains one or more mailboxes, mailbox plans, archive mailboxes, public folder mailboxes or arbitration mailboxes, Audit mailboxes. To get a list of all mailboxes in this database, run the command Get-Mailbox -Database <Database ID>. To get a list of all mailbox plans in this database, run the command Get-MailboxPlan. To get a list of archive mailboxes in this database, run the command Get-Mailbox -Database <Database ID> -Archive. To get a list of all public folder mailboxes in this database, run the command Get-Mailbox -Database <Database ID> -PublicFolder. To get a list of all arbitration mailboxes in this database, run the command Get-Mailbox -Database <Database ID> -Arbitration. To get a list of all Audit mailboxes in this database, run the command Get-Mailbox -Database <Database ID> -AuditLog. To disable a non-arbitration mailbox so that you can delete the mailbox database, run the command Disable-Mailbox <Mailbox ID>. To disable an archive mailbox so you can delete the mailbox database, run the command Disable-Mailbox <Mailbox ID> -Archive. To disable a public folder mailbox so that you can delete the mailbox database, run the command Disable-Mailbox <Mailbox ID> -PublicFolder. To disable a Audit mailbox so that you can delete the mailbox database, run the command Get-Mailbox -AuditLog | Disable-Mailbox. Arbitration mailboxes should be moved to another server; to do this, run the command New-MoveRequest <parameters>. If this is the last server in the organization, run the command Disable-Mailbox <Mailbox ID> -Arbitration -DisableLastArbitrationMailboxAllowed to disable the arbitration mailbox. Mailbox plans should be moved to another server; to do this, run the command Set-MailboxPlan <MailboxPlan ID> -Database <Database ID>.
[/box]
Solution
OK, I’m assuming you don’t actually have any mailboxes in the database? The following will tell you;
[box]Get-Mailbox -Database “Database-Name“[/box]
If you are running Exchange 2016 you might have an AudiLog account;
I Can’t Find Anything and it still Wont Let Me Delete the Datastore?
Well, there’s two things you can do;
1. On a Domain Controller, 0pen ADSIEdit.msc and Connect to ‘Configuration’. Navigate to Configuration > Services > Microsoft Exchange > {Organisation name} > Administrative Groups > {Administrative-Group-Name} > Databases >Delete the database from here (BE CAREFUL CHECK TWICE, DELETE ONCE!). Then have a coffee refresh you datastore view and the offender will disappear.
2. With the database dismounted, move its .edb file to another folder, then mount the store, it will complain and ask if you want to mount and empty store > select ‘yes’ > You can then delete it.
Related Articles, References, Credits, or External Links
1. On closer inspection, I noticed the Exchange System Attendant was not running, and when I tried to launch it is started then stopped?
2. And the Exchange Information Store service was also not running, (that explains why the database won’t mount).
3. And when I tried to start that:
Error Windows could not start the Microsoft Exchange Information Store on Local Computer. For more information review the System Event Log. If this is a non Microsoft service, contact the service vendor, and refer to server-specific error code -2147221213
4. Fair enough, the Event Viewer yielded this:
Event ID 5003
Error
Unable to initialize the Microsoft Exchange Information Store service because the clocks on the client
and on the server machine are skewed. This may be caused by a time change either in the client or the
server machine, and may require a reboot of that machine. Other than that, verify that your domain is
properly configured and is currently online.
Well the clock on the Exchange server was correct, as were the clocks on the domain controllers they were both sync’d and in the same time zone.
5. The Exchange server is a VMware virtual machine, and even though it is not set to take it’s time from the host, the time on the host was incorrect.
6. Firstly set the time correctly on the ESX host, (below I’ve used an external NTP server, though you can just manually set the time).
7. Then restart the Exchange Active Directory Topology Service, make sure all the services come up correctly, and check the database has mounted.
Related Articles, References, Credits, or External Links
This post comes form my colleague Andrew Dorrian, he usually follows my migrating public folders article. Recently after a couple of Exchange 2016 migrations he has seen a problem where the public folders are visible in the Exchange Admin Console, but the users can’t access them.
Solution
Open ADSIedit.msc and connect to the ‘Configuration’ context.
Navigate to;
CN=Services > CN=Microsoft Exchange > CN=(your organization name) > CN=Administrative Groups > CN=Exchange Administrative Group (FYDIBOHF23SPDLT) > CN=Databases.
Locate you mailbox database(s) > Right Click > Properties > Locate: msExchHomePublicMDB > Edit > Clear > OK > Apply > OK.
Open an Exchange administrative shell and run the following command;
Seen in Outlook when connecting to a mailbox on an Exchange Server, its caused by using a self signed certificate OR a purchased certificate, where the internal and external names are different.
The name of the security certificate is invalid or does not match the name of the site.
Solution
Before proceeding if you have an A or CNAME record in your DNS for autodiscover then DELETE it and setup an SRV record!
1. On the Exchange Server > Start > All Programs > Microsoft Exchange Server {version} > Exchange Management Console. Issue the following four commands;
Exchange 2019 and 2016 (change the values in red)
Note: This uses the new Set-ClientAccessService commandlet, for older versions of Exchange use Set-ClientAccessServer.
Exchange 2010 and SBS 2011 (change the values in red)
[box]
Set-ClientAccessServer -Identity EXCHANGE-MAIL -AutodiscoverServiceInternalUri https://mail.publicdomain.co.uk/autodiscover/autodiscover.xml
Set-WebServicesVirtualDirectory -Identity "EXCHANGE-MAIL/EWS (Default Web Site)" –InternalUrl https://mail.publicdomain.co.uk/EWS/Exchange.asmx
Set-OABVirtualDirectory -Identity “EXCHANGE-MAIL/OAB (Default Web Site)” -InternalURL https://mail.publicdomain.co.uk/OAB
Set-ActiveSyncVirtualDirectory -Identity “EXCHANGE-MAIL/Microsoft-Server-ActiveSync (Default Web Site)” -InternalURL https://mail.publicdomain.co.uk/Microsoft-Server-Activesync
[/box]
Note:If you get repeated certificate prompts for ‘autodiscover.domain.com’ that should be from ‘mail.domain.com’, create an SRV record (_autodiscover) to redirect to mail.domain.con
Outlook Anywhere Note
If you intend to use Outlook Anywhere, you may also want to execute the following command. Particularly if you use SBS, which has a habit of setting remote.publicdomain.com as the default outside name.
[box] Set-WebServicesVirtualDirectory –Identity ‘EXCHANGE-MAIL/EWS (Default Web Site)’ –ExternalUrl https://mail.publicdomain.co.uk/ews/exchange.asmx[/box]
Exchange 2007 (change the values in red)
[box]
Set-ClientAccessServer -Identity EXCHANGE-MAIL -AutodiscoverServiceInternalUri https://mail.publicdomain.co.uk/autodiscover/autodiscover.xml
Set-WebServicesVirtualDirectory -Identity "EXCHANGE-MAIL/EWS (Default Web Site)" -InternalUrl https://mail.publicdomain.co.uk/ews/exchange.asmx
Set-OABVirtualDirectory -Identity "EXCHANGE-MAIL/oab (Default Web Site)" -InternalUrl https://mail.publicdomain.co.uk/oab
Set-UMVirtualDirectory -Identity "EXCHANGE-MAIL/unifiedmessaging (Default Web Site)" -InternalUrl https://mail.publicdomain.co.uk/unifiedmessaging/service.asmx
[/box]
For Small Business Server 2008
For SBS 2008 the commands are Different! (the following commands are for Exchange 2007 on SBS 2008 ONLY;
[box]
Set-ClientAccessServer -Identity EXCHANGE-MAIL -AutodiscoverServiceInternalUri https://mail.publicdomain.co.uk/autodiscover/autodiscover.xml
Set-WebServicesVirtualDirectory -Identity "EXCHANGE-MAIL/EWS (SBS Web Applications)" -InternalUrl https://mail.publicdomain.co.uk/ews/exchange.asmx
Set-OABVirtualDirectory -Identity "EXCHANGE-MAIL/oab (SBS Web Applications)" -InternalUrl https://mail.publicdomain.co.uk/oab
et-UMVirtualDirectory -Identity "EXCHANGE-MAIL/unifiedmessaging (SBS Web Applications)" -InternalUrl https://mail.publicdomain.co.uk/unifiedmessaging/service.asmx
[/box]
Note: where EXCHANGE-MAIL is internal and mail.publicdomain.co.uk is external name
2. Then open the IIS Manager Expand Application Pools > MSExchangeAutodiscoverAppPool > Right Click > Recycle.
Note: You may have to enter the FQDN of the server rather than its Netbios name!!
Related Articles, References, Credits, or External Links
Original article written 04/11/11 – Updated 07/03/13
Later on in the year I’ve got a big RSA and SharePoint deployment, as I know ‘Zippity Squat’ about SharePoint, I thought the best way to get some hands on experience, was to work out how to integrate SecureID with Exchange 2013, (which I know a few things about!)
Solution
I’m assuming you already have RSA Authentication Manager setup and users/tokens deployed. This run though is simply to get your RSA solution working with Exchange/OWA
1. Create a user in Active Directory, (here I’m using SVC_RSA_Access), and ensure that user has a mailbox, you can do this in the Exchange Admin Center, but I prefer to use the shell.
6. We need to have the .Net 3.5 Feature added. (Server Manager > Add Roles and Features).
7. Log onto the Security Console of your RSA Authentication Manager appliance > Access > Authentication Agents > Generate Configuration File > Follow the wizard > Download the file.
8. Place the file you downloaded (sdconf.inf) on the Exchange server in the C:Windowssystem32 folder.
9. Download and install the RSA Authentication Agent for Web for IIS, Install and accept all the defaults, it should locate the config file you have just downloaded.
10. On the Exchange server launch ‘RSA Web Agent’, and don’t be surprised when IIS Manager opens.
“I seem to get a lot of spam”, and “I get a lot more spam than I used to” are right up there with “My computer is running slow”. It’s a problem that, eats up users time and fills your mail stores with junk, and time/disk space costs money.
SEM is tiny! In a world where a graphics driver is now over 100MB the entire install suite is less than 11MB. This is going into my test network so testing its ability to limit spam is NOT the point of this exercise, I’m looking at the ease of installation, configuration, and administration.
SEM Pre-Requisites
1. Exchange 2000, 2003, 2007, 2010, or 2013.
2. Windows Server 2000, 2003, 2003 R2, 2008, 2008 R2, or 2012.
3. .Net framework version 2.0 (SP1).
4. MDAC (Microsoft Data Access Components) version 2.7.
5. Internet Information Services.
Solution
Before You Start
1. If you have already installed the Microsoft Anti Spam agents you might want to remove them, (not that you have to). If you don’t know you can run the following command;
[box]
Get-TransportAgent[/box]
If you just have the four below then you DO NOT have the extra agents installed.
2. If yours looks like the one below, then YOU DO have them installed.
3. As stated you don’t have to remove them but if you want to simply execute the following two commands;
[box]
cd "Program FilesMicrosoftExchange ServerV15Scripts"
./Uninstall-AmtispamAgents.ps1
[/box]
4. Answer each question, then run;
[box]
services.msc[/box]
5. Restart the Microsoft Exchange Transport service.
7. The installer is pretty straight forward > Next > Accept the EULA > Next > Enter your details > Next > Accept or change the install location > Next.
8. The product will install.
9. At this point it’s downloading definitions form the internet, and it will take a while.
10. When complete it needs to setup a user that the services will run under. Just supply a password > Next.
Note: This user (by default) is added to the local administrators group, and the Exchange Organization Management group.
11. Finish.
12. The management console installs on TCP port 5000, so if you need to access it through a firewall you will need to open that port.
13. Toolbars Tab: From here, I’ll jump straight to the configuration section, this drops you straight onto the Plugins tab. From here you can change the logo that will be displayed with the toolbar (this is NOT visible with Outlook 2013). You can also change the URL it points to and adding rights to users.
14. Toolbar Tab > Outlook Toolbar: On a client running Outlook > Download Outlook Toolbar > Run the installer.
Note: The installer is a .exe file, I would have preferred a .msi file, so I could deploy this out (on mass), to domain clients via GPO.
17. Now when you launch Outlook you can see the plugin loading.
18. You will now have an extra toolbar with the following options.
BE AWARE: You install the OWA toolbar ONCE on the Exchange CAS server.
19. Toolbars > Outlook Web Application: Install OWA toolbar.
20. Yes.
21. Now when your clients access OWA, you have the toolbar.
22. Latest news: Essentially this is just an RSS feed from the manufacturer to keep you abreast of software updates etc. If you have some RSS aggregation software you can add this same feed.
23. Mailbox Tab > Mailboxes: Here it will list all the mailboxes, by default the ‘Default policy’ will be applied and virus filtering will NOT be enabled (this is an add on license). you can also access statistics for this particular mailbox, and view quarantined emails. The User filter settings are for applying an exception for this one mailbox (I’ll cover this later). If you can’t locate a particular user there is also a search function.
24. Mailbox Tab > Usergroups: Usergroups are used to apply policies, any new group requires you to maintain membership manually. But if your Active Directory is well designed, you can select your SPAMfighter groups based on your OU structure.
SEM – SPAMfighter – Configuring and Working with Policies
This is pretty intuitive, and the default policy comes preconfigured and already applied, though with all filtering systems it will probably take you a little while to get it streamlined to your requirements. The policies section has four main tabs;
Filter Settings: What tools you are going to use to look for spam. Accept Actions: What it will do if it finds nothing. Block Actions: What it will do if it finds something. User Filter settings: Exceptions to the filters for one or more users. Mailboxes: Puts you straight back to the mailbox section you saw earlier.
25. Out of the box there are five filters enabled.
26. But there are four further filters that you can add to the policies.
SPAMfighter – Filters
27. VIRUSfighter Antivirus Filter for SPAMfighter Exchange Module: Remember this is an ‘Add on’ so it would only apply to mailboxes that have this enabled. It’s on its most conservative setting, and will replace the infected email with safe content.
28. SPAMfighter Sender Filter > Whitelist:Simply add either a particular email address you want to allow or add in an entire domain.
29. If your lists get a little unwieldy you can import or export them, and chose weather to overwrite them or append the imported list to your existing list.
30. And where there is a Whitelist there is a Blacklist, it’s configured exactly the same.
31. Automatic Whitelist: This is a brilliant feature! It dynamically adds the addresses our users send to to the Whitelist, and maintains the cache for 10 days (which you can alter). I’m surprised this is disabled by default.
Note: This will be enabled by default in the next release.
32. SPAMfighter Content Filter > Whitelist phrases: Gives you the power to automatically Whitelist emails based on a phrase they contain i.e. Your corporate email disclaimer or default signature.
33. SPAMfighter Content Filter > Blacklist phrases: As the warning says be careful with this section, this is the sort of thing that is handy for blocking “We attempted to deliver your parcel but were unable to” emails that urge you to click an attached zip file full of infected spyware nastiness.
34. SPAMfighter Content Filter > Whitelist Attachments: Here you can upload an attachments (like your company logo from your email signatures) and the system will whitelist and allow through emails containing them.
35. SPAMfighter Content Filter > Blacklist Attachments: Thankfully this is disabled by default, the list of file extensions is quite long, and contains some commonly used file extensions, You will need to do some planning and testing with this one if you want to enable it.
36. SPAMfighter Community Filter: This will filter mail based on mails that have already been blocked by other SPAMfighter users, it uses a scoring/weighting system. You simply set a threshold the higher you set it the more mail will be stopped, this will require some fine tuning.
37. SPAMfighter Language Filter:This is enabled by default, but no languages are selected (which is sensible). If you are never expecting any emails in Chinese you can block them here.
SPAMfighter Filters that you can Manually Add to the Policy.
38. SPAMfighter IP-address Filter: Pretty much does what it says on the tin! Though blocking spammers by IP address is a little hard to manage, and it’s pretty easy to spoof an IP address anyway, which is probably when this is not on the default policy.
39. SPAMfighter Sender Policy Framework Filter: Personally I think you would be crazy to turn this on! If you don’t know what an SPF record is then read the following article.
40. SPAMfighter DNSBL Filter: A DNSBL is a dynamic DNS list of known spammers, if you are familiar with RBL block lists this is similar.
41. SPAMfighter Combined Spam Score Filter: All the other filters check the mail and give it a score, if the score is higher than a certain threshold this this filter will aggregate all those scores and block the mail.
SPAMfighter – Policies > Accept Actions
42. If the mail makes it through all the filters, then this section decides what happens with it.
43. And that is adding information to the mail header that says the mail was scanned and accepted.
SPAMfighter – Policies > Block Actions
44. If the mail gets blocked by any of the filters, this section decides how that is handled.
Note: You can add other actions from the drop-down list below if this does not do what you require.
45. Just as for the accept policy action, this modifies the email header, though this one says the mail was blocked.
46. SPAMfighter Move To Folder Policy Action > Mailboxes : The second default policy action takes that filtered email and places it within a folder called SPAMfighter within the users mailbox.
Note: You can redirect that mail to another mailbox if that is your preference.
47. The system for Public Folders (if you use them) is identical.
48. Contacts: As is says contacts do not have a mailbox, but you can redirect filters contact mail to a specific mailbox should you wish.
49. User Filter Settings: This section can create an exception for one particular user, it simply creates another policy that you can apply to that user.
50. You can create new policies and apply then to particular users or usergroups, and make the system as granular as you like.
51. Statistics: On my test network I didn’t have any throughput on which to pull some meaningful statistics.
52. Statistics > Notifications: You can have daily/weekly/monthly reports emailed to you.
53. If you decide to purchase, the licenses are priced per mailbox. Prices start at £14.50 each (or £29.00 with the Antivirus) And go down to £2.45 (or £4.90 with Antivirus) depending on the amount you buy. They are available for 1, 2, and 3 year periods. For an up to date price list go here.
Related Articles, References, Credits, or External Links
This was asked on Experts Exchange this morning, and so I thought I’d get it documented. There are loads of reasons why you might want to change a username, display name, and email address. It can be spelt wrong, a user has got married/divorced and changed their surname, or they have simply changed their name.
There are also some clients who don’t create a new user when a member of staff leaves. They just want to rename the old user and change the email address. The advantage of this approach is that all the group membership, and permissions will be correct for the replacement member of staff.
Solution
Step 1 Change the Username, Logon Name and Display Name.
1. On the Exchange server > Start > Run > dsa.msc {enter} > Locate the user in question > Right click and rename.
Note: You can do this on any Domain Controller but for Step 2 we will need to be on an Exchange server, or a machine with the Exchange Management tools installed.
2. As soon as you press {enter} > The rename user dialog will open, and you can change the display name, and the user logon name > OK.
Step 2 – Exchange 2000 / 2003 (Including SBS 2000 / 2003) Change the Email address.
Note: For newer versions of Exchange see below.
1. Whilst still in active Directory Users and Computers > Right click the affected user > Properties.
4. Untick the “Automatically update email…” option > Select the NEW email address >Set As Primary > Apply > OK.
Note: It can take a while for your global address list to update, then your Outlook clients need to get the updated list, sometimes this can take a couple of days! Be patient, the changes have been made.
Step 2 – Exchange 2007 / 2010 (Including SBS 2008 / 2011) Change the Email address.
1. On your Exchange 2007/2010 Server Launch the Exchange Management Console > Recipient Configuration > Mailbox > Locate the user > Properties.
2. E-mail Addresses tab > Add > Type in the new address > OK.
3. Untick the “Automatically update email…” option > Select the NEW email address > Set As Primary > Apply > OK.
Note: It can take a while for your global address list to update, then your Outlook clients need to get the updated list, sometimes this can take a couple of days! Be patient, the changes have been made.
Related Articles, References, Credits, or External Links