Exchange – Display Mailbox’s by size

KB ID 0000469

Problem

Yesterday a client asked me how he could find out, which of his users were the “worst offenders” for mailbox size. Normally a simple Get-MailboxStatistics command would be fine, and we would sort the results in descending order.

Solution

On one of the Exchange servers, launch the Exchange Management Shell.

Issue the following command:

Note: That’s all one command, replace the name PNL-MAIL-2019 with your Exchange server name.

[box]

Get-MailboxStatistics -Server PNL-MAIL-2019  | Select DisplayName, ItemCount, TotalItemSize | Sort-Object TotalItemSize -Descending

[/box]

And here’s your nicely formatted list (Note: this is my test environment so there’s not much mail in it).

Fo Exchange 2010 use the following syntax;

[box]

Get-MailboxStatistics -Server DC2A | where {$_.ObjectClass –eq “Mailbox”} | Sort-Object TotalItemSize –Descending | ft @{label=”User”;expression={$_.DisplayName}},@{label=”Total Size (MB)”;expression={$_.TotalItemSize.Value.ToMB()}},@{label=”Items”;expression={$_.ItemCount}},@{label=”Storage Limit”;expression={$_.StorageLimitStatus}} -auto

[/box]

Note: To see the sizes of the individual Folders in users mailboxes see the following article;

Exchange – Display/Export Users Mailbox Folder Sizes

Related Articles, References, Credits, or External Links

NA

Exchange Exporting Mailboxes to PST Files

KB ID 0001360

Problem

Applicable To: This procedure works on all versions of Exchange Newer than Exchange 2010 SP1 (update rollup 8). If your Exchange server is OLDER than that you will need to use the following link;

Exchange 2007 / 2010 (Pre SP1)- Export Mailbox’s to PST files

The following procedure exports a user mailbox to a PST file on a network share.

Solution

Note: Not Even ‘Exchange Organisation Administrators” have the right to import / export mailboxes, you need to grant those rights to your user object, (or a better approach would be to create an admin account just for this purpose, then delete it when you are finished).

[box]

New-ManagementRoleAssignment –Role "Mailbox Import Export" –User {username}

[/box]

Note: This grants import, and export rights.

Create a file share on a drive with plenty of space, ensure the Exchange Trusted Subsystem has read / write access. And ensure the SYSTEM account has full control.

To create the ‘Export Request’

[box]

New-MailboxExportRequest -Mailbox “mailbox-alias” -FilePath \\server-name\share\file-name.pst

[/box]

Note: Add “-IsArchive” to the end of the command for Archive Mailboxes.
Note2: If the export repeatedly fails, add -BadItemLimit 200 to the end and try again, you can also use the -AcceptLargeDataLoss in exceptional circumstances

To view progress;

[box]

Get-MailboxExportRequest
OR
Get-MailboxExportRequest | Get-MailboxExportRequestStatistics

 

[/box]

When complete, you need to remove the move request(s);

[box]Get-MailboxExportRequest | Remove-MailboxExportRequest
OR (If you still have movement requests running)
Get-MailboxExportRequest -Status Completed | Remove-MailboxExportRequest[/box]

Using Content Filters

You can specify a content filter to only export emails after a certain date all mail received after 01/01/17 e.g.

[box]New-MailboxExportRequest -Mailbox {mailbox-alias} -ContentFilter {(Received -lt ’01/01/2017’)} -FilePath \\{server-name}\{folder}\{file-name}.pst[/box]

Or to export emails between two dates;[box]New-MailboxExportRequest -ContentFilter {(Received -lt ’31/12/2018‘) -and (Received -gt ’31/12/2017′)} -Mailbox {mailbox-alias} -FilePath {server-name}\{folder}\{file-name}.pst[/box]

Using IncludeFolders (and Exclude Folders)

You can specify IncludeFolders (or ExcludeFolders) to only export emails from certain folders, e.g.

Only export Inbox (and sub-folders) and Sent Items;

New-MailboxExportRequest -IncludeFolders “#Inbox#/*”,”#SentItems#” -Mailbox {mailbox-alias} -FilePath \\{server-name}\{folder}\{file-name}.pst

Don’t Export Sent Items and Deleted Items;

New-MailboxExportRequest -ExcludeFolders “#SentItems#”,”#DeletedItems#” -Mailbox {mailbox-alias} -FilePath \\{server-name}\{folder}\{file-name}.pst

Export ALL Mailboxes to  PST

[box]foreach ($Mailbox in (Get-Mailbox)) { New-MailboxExportRequest -Mailbox $Mailbox -FilePath “\\{server-name}\{folder-name}\$($Mailbox.Alias).pst” }[/box]

Related Articles, References, Credits, or External Links

Exchange 2000 / 2003 – Exporting Mail to .pst files with ExMerge

Exchange (2010 Post SP1 and Newer) Bulk Importing Mail From PST Files

Exchange 2007 / 2010 Update Rollups Wont Apply

KB ID 0001454

Problem

I had to do an SBS 2011, (Exchange 2010) to Exchange 2016 migration last week. The Exchange 2010 installation had not been updated for a long time, anyway common sense dictates that you should always upgrade the old Exchange server to the newest version first. But every time I did, the install launched, started, stopped, then rolled back the changes, and failed.

Setup wizard for Update Rollup {version} for Exchange server {version} Service Pack {version} {KB-version} ended prematurely because of an error. Your system has not been modified. To install the program at a later time , please run the installer again.

Solution

This is happening because the server has UAC (User Account Control) enabled. So the easiest way to bypass this problem is to use MSIEXEC to install the update. Open up an Administrative Command window

Change to the directory the update is in, (in my case on the root of the server E: drive), then execute the following command;

[box]msiexec /update {File-Name}.msp[/box]

The install should now launch and complete without error.

Related Articles, References, Credits, or External Links

NA

Exchange 2010 Stops Working after 6 – 12 Hours Uptime

KB ID 0001447

Problem

If your Exchange 2010 Server Stops working after a 6 to 12 hour window, then this is a known problem caused by last months (July 2018) security updates. You will also notice that the ‘transport service‘ becomes unresponsive.

Note: A reboot will temporarily fix the problem but the server then ceases to function after the same time.

Solution

Which update you need to uninstall, depends on your operating system (2008/2012)

Server 2008 R2

KB4338423 and KB4338823 
or
KB4338818 

Server 2012

KB4338820 
or
KB4338830 

Server 2012 R2

KB4338824 
or
KB4338815 

Microsofts Response

Related Articles, References, Credits, or External Links

NA

Exchange: “BuildToBuildUpgrade” Error

KB ID 0001436

Problem

In the middle of an Exchange upgrade I got a bit stuck with the following error;

“Setup previously failed while performing the action “”BuildToBuildUpgrade” You can’t resume setup by performing the action “Install”.

There are a couple of variations on this error as well, you can also see either of the following;

“Setup previously failed while performing the action “Install” You can’t resume setup by performing the action “BuildToBuildUpgrade”.

OR

“Setup previously failed while performing the action “Uninstall” You can’t resume setup by performing the action “Uninstall”.

That last of those I’ve covered before here.

Solution

As you are probably already aware this is because either an install/upgrade/uninstall has failed, and you are attempting to get the process going again, (or someone else has, and left it ‘broken’!)

This is happening because as Exchange performs installs/upgrades/uninstalls it creates some values in the registry as it progresses. And if you attempt to restart the process, it can see these entries, and that’s what causes the error.

So you simply need to remove them;

Open the registry editor (Windows Key+R > Regedit {Enter}).

Where you navigate to, depends on your version of Exchange;

[box]

HKLM\Software\Microsoft\ExchangeServer\v14\ (Exchange 2010)

HKLM\Software\Microsoft\ExchangeServer\v15\ (Exchange 2016 and 2013)

[/box]

Within all the sub keys (i.e. below v14 or v15) there will be a ‘Value’ thats within the role that was being installed/upgraded/uninstalled, when the process ‘fell-over’. That value will be called ‘Action‘ locate and delete it.

Also be on the lookout for a value called ‘Watermark’ if you see that, remove it also, and Exchange will start a fresh, install/upgrade/uninstall.

When you have checked all the sub keys, restart your install/upgrade/uninstall.

Related Articles, References, Credits, or External Links

Exchange – Setup previously failed while performing the action ‘Uninstall’

Office 365: Migrating To Exchange Online

KB ID 0001418

Problem

This is Part-One of a migration from ‘on-premise’ Microsoft Exchange, to Office 365 (Exchange Online). I’m using my spare ‘test domain’ (.co.uk). And I’m using the 5 user E3 Office 365 subscription that the good folk at Microsoft let me have, as part of my MVP benefits.

Note: I’m using Exchange 2016, with a ‘full-hybrid’ migration into Office 365.

Step 1: Pre-Requisites

DNS: You will need access to the DNS records for your public domain, both to ‘prove’ it is your domain, and to divert mail flow, and client requests to Exchange online, rather than your on premise Exchange.

Licenses/Subscription: You need an office 365 subscription, and available licences for all the users you want to migrate. At time of writing the minimum subscription level that includes Exchange Online is E3. (Note that’s not strictly true, you do get Exchange online with E1, but you dont get any office products, so I’ve never seen an E1 licensed migration). You’ll need to have access to Office 365 with a ‘global administrator‘ account.

Backups: Not really a pre-requisite, but how are you going to backup your cloud mailboxes? As far as Microsoft is concerned, your online email gets deleted after its retention period, (amount of time after a user deletes it, i.e. up to 100 days). If your business continuity plan, requires you to keep mail ‘x‘ years, then you will need to think about Azure Backup, or a third party backup solution.

Existing Exchange: Unless you are going to use a third party migration tool, then your on premise Exchange needs to be at Exchange 2010. So if you’re still at Exchange 2007/2003/2000, then you need to either; 1) Upgrade your on-prem Exchange, 2) Do another on-prem migration before you start, or 3) Purchase a third part migration tool. Note: With Exchange 2007 you can add one Exchange 2010 Exchange server, then migrate.

Certificates: You MUST HAVE a certificate on your Exchange that is publicly singed by a third party certificate vendor. There’s no excuse to use self signed certificates these days, (for Exchange). For this exercise I bought a certificate for a year and it cost me less than ten dollars, thats half the price of a one users monthly licence for Office 365? WARNING even with a correctly setup PKI environment with publicly published CRLs etc, your own certificates wont work, and you wont find out what’s wrong, until you have migrated users, and carnage/downtime will ensue! BUY A CERTIFICATE: I’d recommend a wildcard cert for your public mail domain.

 

User UPN’s: I’ve already covered this before in the past, things will be a lot easier, if you change all your users UPN’s to match their Email addresses.

 

For more information, see the following article;

Changing Domain Users’ ‘User Logon Names’ and UPN’s

Step 2: Onsite Preparation

Fail to prepare – prepare to fail.

What most people fail to do is make sure both their AD domain, and existing Exchange is healthy, (just because everything appears to be working, doesn’t mean everything is healthy). Install the latest cumulative update for your on-premise Exchange server ,and dig into the logs to make sure everything is as it should be!

Mailbox Replication Proxy Service

MRS Proxy is at the same solution we use for ‘cross-forest’ mailbox migrations, and your on-prem Exchange will act as the MRS proxy for your mailbox migration. To enable MRS Proxy: Exchange Admin Center > Servers > Virtual Directories > EWS > Edit.

General > Enable MRS Proxy Endpoint > Save

You can also check the service is running, (Windows Key +R > Services.msc {Enter}).

Exchange 2010 Note: If you’re running Exchange 2010, you can enable MRS Proxy with the following PowerShell command;

[box]Set-WebServicesVirtualDirectory -Identity “EWS (Default Web Site)” -MRSProxyEnabled $true -MRSProxyConnections 50[/box]

Azure Active Directory Connector

You can download the Azure AD connector from Microsoft, it can be installed on any member server. It will replicate your users and groups etc, into Office 365. Download and execute the installer > Tick ‘I agree….’ >  Continue.

Use Express Settings.

Note: You would only NOT use Express settings if you only wanted to replicate certain groups or sub domains, or if you wanted to use ADFS, (for example because you already had Azure secured services).

Provide your office 365 logon details > Next.

Provide logon details for your on-premise domain > Next.

You will probably only see your local domain, and it will be flagged ‘Not Added’ that’s fine, below you can see my public domain because it’s already been added to office 365, (I’ll cover that later) > Next.

Tick ‘Exchange hybrid deployment’ > Install.

Read and act on any warnings > Exit.

Note: If, (as above) it asks you to enable the ‘AD Recycle bin’, see the following post;

Windows Server 2016: Active Directory Recycle Bin

It will take a while, (depending on the size of your AD,) to replicate.

After a while you will start to see all your users appear in your office 365 portal, as they are replicated across.

Enable Exchange Hybrid Deployment

Back in Exchange admin Center > Hybrid > Configure > Sign into Office 365.

Once authenticated, notice the URL changes to Exchange online! > Configure.

Click here > Install.

Run.

Next.

I only have one on-premise Exchange server, so that’s selected,( if you had multiple servers, choose the one you want to use) > Next.

Sign in.

Once authenticated > Next.

Full Hybrid > Next.

Enable.

You need to create a ‘text’ record in your public DNS to proceed.

So I’ve jumped on my public DNS host management portal, and created the text record required.

Tick ‘I have created…..’ > Verify > Next.

I dont have any ‘Edge Transport Servers’ > Next.

Again I only have one, if you have multiple CAS servers, select the one you want > Next.

And again for the ‘Send Connector’ select the CAS server that will connect to Office 365 > Next.

Select your certificate. MAKE SURE it has selected a publicly signed one, NOT a self signed one! > Next.

Enter the correct public FQDN for your on-prem Exchange > Next.

Note: This must match either the CN on your certificate, or if it’s a wildcard certificate, the domain must be the same.

Update

Close

So far so good, in Part Two, I’ll add my public domain to my Office 365 account and start migrating some users.

 

Related Articles, References, Credits, or External Links

NA

Exchange: Apply Email Address Policy to All Distribution Groups

KB ID 0001361

Problem

While doing a migration I needed to update all of a clients ‘Distribution’ groups with an additional mail domain. This is not normally a problem we can do that with an Email address policy, well yes you can if all the groups have ‘update email addresses based on policy’ ticked, (which is the default!) However this client  had done everything manually. So that wasn’t an option.

Solution

Yes there’s only three below, but this client had over a hundred, and I wasn’t going to do them one by one. List all the Groups and their policy status by running the following command;

[box]Get-DistributionGroup | select Name,EmailAddressPolicyEnabled[/box]

As you can see (above,) they are all set ‘False’ i.e. policy not enabled. To change that;

[box]Get-DistributionGroup | Set-DistributionGroup -EmailAddressPolicyEnabled $true[/box]

Now if you recheck, they are all enabled.

Related Articles, References, Credits, or External Links

Exchange 2016 / 2013 Adding a New Email Domain

Exchange ‘Cross Forest’ Mail Migrations

KB ID 0001356

Problem

PeteNetLive is full of Exchange Migration walkthroughs, going all the way back to Exchange 2003. But what if you are migrating to another forest? Well for small migrations you can of course export mail from the old Exchange Server, and them import it into the new mailbox in the new domain/forest (usually via .PST files). I’ll provide links at the bottom of the page, if that’s what you would prefer to do.

Earlier this year, I got involved with a client that was migrating many domains into one, and this method seemed a better fit for them. The process/screenshots below are taken from my testing and proof of concept for this project.

As you can see, (above) I’ve got a source Exchange server, (Running Exchange 2010) in domaina.com, and I’ve got a target Exchange server, (Running Exchange 2016) in domainz.com

Note: You may guess from the server names, these are also domain controllers, (this is not recommended in a production environment!) My old Exchange server is also running Certificate Services, which will become apparent below.

 

Solution

The service that does all the ‘heavy lifting’, is the Microsoft Exchange Mailbox Replication Service. Out first task is to get it running on the legacy Exchange server. Open the Exchange Shell and execute the following command;

[box]Set-WebServicesVirtualDirectory -Identity “EWS (Default Web Site)” -MRSProxyEnabled $true -MRSProxyConnections 50[/box]

Ensure the service is running;

The front end of the MRS service is presented via IIS, and it’s secured with HTTPS, so it will use the certificate you have presented, (i.e the same one for OWA). Therefore the new (Target Exchange Server) needs to trust that certificate. If you have a publicly signed certificate from a third party vendor, then you don’t need to import anything you can skip this step.

The World is Full of People Who are Scared of Certificates! I have no idea why? For a certificate to work, you need to TICK TWO BOXES;

  • BOX ONE: You need the trust the Certificate Authority who issued the certificate, (this is printed onto the certificate, and in most cases can be extracted from the web certificate as well. This is the CA Certificate of the issuer, NOT the certificate you see in OWA.
  • BOX TWO: The certificate will have a name on it, it will be either the common name, or a subject alternative name (within the certificate), it will look something like, owa.your-domain.com, or *.your-domain.com for example. This must be resolvable via DNS, and also be the hostname you are looking at.

Below, I’m simply importing the Root CA Certificate, from DomainA into my Exchange server on DomainZ.

Note: Start > Run > mmc.msc > File > Add/Remove Snap-in > Certificates > Local Computer.

In production, I’d setup conditional forwarding between the two domains to handle DNS, but in this case I’m being lazy and just putting the FQDN of the Exchange 2010 server in the Exchange 2016’s hosts file, (old school eh!)

To Setup Conditional Forwarding; Take a look at the first three steps in this article.

Providing you have done everything correctly, you should be able to ‘browse’ from Exchange 2016, to Exchange 2010, to the following URL, and not receive any certificate errors, it should look like this;

[box]https://servername.domain-name.com/EWS/mrsproxy.svc[/box]

Note: If you get any certificate/untrusted errors, fix them before proceeding.

Pre-Staging the Cross Forest MailBox Migration

Actually moving the mailboxes is a ‘two-step‘ procedure, first you pre-stage the move, this creates a Mail User* in the new domain.

*Note: A Mail User is an a little bit like a Contact insofar as they both have external email addresses (i.e ‘username@domaina.com’, while the mail user is in domainz.com, (until the mailbox is migrated). The difference between a Mail user and a contact is, a mail user has a logon name and a password. Once migrated the Mail User is converted into a User Mailbox in the new domain, and the User Mailbox back in old domain gets converted into a Mail User with an email address of username@domainz.com for the mail user in domaina.com. This (while being cool) allows mail flow between the domains during migration. (Assuming your DNS is all setup correctly, of course).

The following procedure is carried out on the new Exchange server, open an Exchange Shell Window and execute the following command;

[box]$Rcred = Get-Credential[/box]

Then supply an administrative account in the SOURCE, (remote) domain.

Repeat the procedure, but this time use Lcred;

[box]$Lcred = Get-Credential[/box]

Then supply an administrative account in the TARGET, (local) domain.

Exchange has a script to do the do the staging for you, it’s in the Exchange install directory, in the ‘scripts’ folder. Mine is in the C: drive, but the path to yours may be different, (depending on how you installed Exchange). But once located, you need to change to the directory that the Prepare-MoveRequest.ps1 script is in i.e.;

[box]cd “c:\Program Files\Microsoft\Exchange Server\V15\Scripts”[/box]

Note: V15 denotes Exchange 2013 and 2016.

Now execute the following command, (this is all one command if it gets wrapped);

[box].\PrepareMoveRequest.ps1 -Identity “username@domaina.com” -RemoteForestDomainController dc2a.domaina.com -RemoteForestCredential $Rcred -LocalForestDomainController dc1z.domainz.com -LocalForestCredential $Lcred -TargetMailUserOU “OU=Migrated,DC=domainz,DC=com“[/box]

Note: This assumes you have created the OU to migrate into! And, (as you can see in the example below,) I’m using the public email address of my user, not the internal one, (it doesn’t matter).

Execute Cross Forest Mailbox Migration

Now the mailboxes are ‘pre-staged’ we can select them for migration, in the new Exchange environment, Recipients > Migration  >Add > Move to this forest.

Add.

Select the User(s) > Add > OK.

Next.

 

Enter the administrative credentials for the source domain > Next.

Enter the FQDN, of the legacy server, (use the SAME NAME that’s on the certificate) > Next.

Give the migration ‘Batch’ a name > Set the ‘target’ email domain > Select the target Exchange Database, (and Archive database if applicable) > Next.

Note: If you keep getting failed migrations, that say ‘FailedOther‘ then you can raise the bad item limit, and large item limits.

Select a user to get the mail notification > Select ‘Automatically Complete Migration Batch’ (or it will stop at 95% and you will have to complete this manually) > New.

You can now view progress in the ECP, (a big buggy and slow to update,) or by running ‘Get-MoveRequest | Get-MoveRequestStatistics

 If there’s a problem, both the ECP (Exchange Control Panel) and EMS (Exchange Management Shell) should give you a clue. You can remove and rerun a migration on a failed user and nothing will break! Sometimes you need to raise the bad item limit or make sure the source mailbox isn’t too large before proceeding for example. (Use the search box at the top of the page, I’ve posted a lot of Mailbox Move problems).

Related Articles, References, Credits, or External Links

Exchange 2007 / 2010 – Export Mailbox’s to PST files

Exchange 2003 – Exporting Mail to .pst files with ExMerge

Exchange (2010 Post SP1 and Newer) Bulk Importing Mail From PST Files

MRS Proxy Error ‘The connection to the server could not be completed’

Exchange 2010 – EMC Error ‘GetSteppablePipeline execution of scripts is disabled’

KB ID 0001351 

Problem

Seen when attempting to open the Exchange Management Console;

Exception calling “GetSteppablePipeline: with “1” argument(s): File C:\ProgramFiles\Exchange Server\v14\RemoteScripts\ConsoleInitialize.ps1 cannot be loaded because the  execution of scripts is disabled on this system. Please see “get-help about_signing” for more details.”

Solution

This is usually caused by an update rollup, and can be easily fixed by running the following command at an administrative PowerShell session.

[box]Set-ExecutionPolicy RemoteSigned -scope LocalMachine[/box]

Note: Sometimes you may get an error message;

Set-ExecutionPolicy : Access to the registry key ‘HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell’ is denied.

If that happens launch regedit.exe navigate to the above value and change it from ‘Restricted’ to ‘Unrestricted’.

Related Articles, References, Credits, or External Links

NA

Exchange Bulk Export / Import Mail Contacts

KB ID 0001349 

Problem

I had to do this today and realised, it’s been so long since I did it last, I’d forgotten how to do it. Before we go forward, please be clear, I’m talking about MAIL CONTACTS, these are Active Directory Objects that have an Email address, but DO NOT have a mailbox in your Exchange Organisation, and DO NOT have an Active Directory User. I point this out because you can have MAIL USERS that have an Active Directory User Object and have an External Email address (i.e. a Gmail or Hotmail address) associated with the MAIL USER object.

Traditionally mail contacts are used for listing outside mail addresses in your global address list, (like mail users do) but are also used to forward mail to as well.

Solution

I was exporting from Exchange 2010, from the EMC run the following command;

[box]Get-MailContact -ResultSize unlimited | Select DisplayName,Name,PrimarySMTPAddress | Export-Csv “c:\Contacts-Exported.csv“[/box]

And there’s my file.

You can see my exported CSV list in, DisplayName, Name, PrimarySmtpAddress format. You will need to do some work with it in Excel to get it in > Name, Firstname, Lastname, ExternalEmailAddress format.

Once you have you CSV file ready, import it into the Target Exchange Server with the following command;

[box]Import-Csv “C:\Contacts-Exported.csv” | ForEach {New-MailContact -Name $_.Name -Firstname $_.FirstName -LastName $_.LastName -ExternalEmailAddress $_.ExternalEmailAddress -OrganizationalUnit “OU=IMPORT,DC=PNL,DC=COM”}[/box]

There’s my new contacts 🙂

Related Articles, References, Credits, or External Links

NA