Category Archives: Exchange 2010

Modify Send As Permission Exchange 2010

Open Exchange Management Console

 

Click Yes on the User Account Control Dialog if it appears

On the left hand side of the screen, navigate to Microsoft Exchange -> Microsoft Exchange On-Premises -> Recipient Configuration

 

Select Mailbox


Right click on the users mailbox you wish to send on behalf, and select Manage Send As Permission…

Click Add…

 

Select the name of the user you wish to give access to, and click OK
 

Click Manage
 

Click Finish   You can also accomplish this by using Powershell.  In this example, Andrew will be given Send As permission on Craig’s mailbox:

Add-ADPermission Craig -User Andrew -ExtendedRights “Send As”

You can also use groups.  In the example below, the group called Sales Users will be given Send As
permission on Craig’s mailbox:

Add-ADPermission Craig -User “Sales Users” -ExtendedRights “Send 
As”

To removing Send As:

Remove-ADPermission Craig -User Andrew -ExtendedRights “Send As”

This will prompt for confirmation, and the confirmation warning is a bit counter intuitive:

Confirm
Are you sure you want to perform this action?
Removing Active Directory permission “Craig” for user “Andrew” with access rights “‘Send As'”.
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is “Y”): y

This means that this will remove Andrew’s send as permission on Craig’s mailbox.

Adding and checking RBL and DNSBL in Exchange 2010

Open To add a RBL and DNSBL to Exchange 2010 using EMC:

Open the EMC, expand Microsoft Exchange On-Premises –> Organization Configuration –> Hub Transport.

Select the Anti-Spam tab.

Right click on IP Block List Providers and select Properties


Select the Providers tab, and click Add…


Enter the details of the block list provider.  EG:

Some basic providers you can use are:

zen.spamhaus.org
dnsbl.sorbs.net

To do the same thing in Exchange Management Shell:

Add-IPBlockListProvider -Name ‘%NAME%’ -LookupDomain ‘%LOOKUPDOMAIN%’ -Enabled $true -BitmaskMatch $null -IPAdressesMatch @0 -AnyMatch $true -Priority ‘%PRI%’ -RejectionResponse ”


Where:
%NAME% is the name you wish to give the DNSBL (Eg: Spamhaus, sorbs, etc);
%LOOKUPDOMAIN% is the domain that is queried (the DNSBL domain) (zen.spamhaus.org, dnsbl.sorbs.net, etc); and
%PRI% is priority, 1, 2, 3, etc

eg:
Add-IPBlockListProvider -Name ‘Spamhaus’ -LookupDomain ‘zen.spamhaus.org’ -Enabled $true -BitmaskMatch $null -IPAdressesMatch @0 -AnyMatch $true -Priority ‘1’ -RejectionResponse ”

To check if the RBL is working, or to check if it is rejecting legitimate emails, you can use the following commands from the Exchange Management Shell (mm/dd/yyyy date format, regardless of regional settings):

Get-Agentlog –StartDate “08/22/2014” | where {$_.Reason –eq “BlockListProvider”}


This will list all emails that failed due to Block List Provider from 22/08/2014 to current.
Using Get-Member we can see the properties: Action; Agent; Diagnostics; Event; IPAddress; MessageID; P1FromAddress; P2FromAddresses; Reason; ReasonData; Recipients; SessionID; SMTPResponse; and TimeStamp.


This will list all emails that were rejected that came from *example.org:

Get-Agentlog –StartDate “08/22/2014” | where {$_.Reason –eq “BlockListProvider” –AND $_.P1FromAddress –like “*example.org”}


This will list all emails that were rejected that were addressed to anonit@example.com:

Get-Agentlog –StartDate “08/22/2014” | where ($_.Reason –eq “BlockListProvider” –AND $_.recipients –like “anonit@example.com”}


Show all originating IP addresses that were blocked by a rule called SpamHaus:

Get-Agentlog –StartDate “08/22/2014” | where {$_.ReasonData –eq “SpamHaus} | select-object IPAddress

Viewing Delegates with Exchange 2010 and Powershell

When meeting requests are being delivered to the wrong people, it normally means that someone has added another user as a delegate in Outlook, or given the wrong permissions to the delegate. To find out which users have delegates using Powershell from the server can help identify these users. From the link (new window): http://gallery.technet.microsoft.com/office/Delegates-Report-for-e4cc3246/view/Discussions#content we can see a one liner that will provide this information, however we can modify it slightly for different needs:

Running the command as is:

Get-Mailbox -ResultSize unlimited | Get-CalendarProcessing | where { $_.ResourceDelegates -ne “” } | Select-Object identity,@{Name=’ResourceDelegates’;Expression={[string]::join(“,”, ($_.ResourceDelegates))}} | Export-csv -Path c:tempResourceDelegates.csv

Will produce a CSV file in c:temp with column A as the Mailbox, column B, C, etc as the delegates, ready for importing into Excel. The @ symbol and everything after in the {} brackets is an array of the delegates.

You can get the results on a single mailbox (%IDENTITY% is the mailbox alias) by using:

Get-CalendarProcessing -identity %IDENTITY% | select-object ResourceDelegates

In this example, both Lucas Knorr and Nicholas Deane are delegates of Beau Kenny’s mailbox.

To get a list of all delegates for all mailboxes, you can use:

Get-Mailbox | Get-CalendarProcessing | Select-Object Identity, ResourceDelegates

However this has drawbacks, such as including mailboxes that don’t have delegates, and column width limitations. To resolve this, use:

Get-Mailbox | Get-CalendarProcessing | Where {$_.ResourceDelegates –ne “”} | Select-Object Identity, ResourceDelegates | Format-List

Setup Exchange 2010 Full Access Permissions

To give a user full access to another users mailbox in Exchange 2010, follow these steps:
Open the Exchange Management Console


Click Yes on the User Account Control Dialog if it appears

On the left hand side of the screen, navigate to Microsoft Exchange –> Microsoft Exchange On-Premises –> Recipient Configuration


Select Mailbox





Right Click on the user’s mailbox you wish to give access to, and select Manage Full Access Permission…


Click Add…


Select the Name of the user you wish to give access to, and click OK


Click Manage


Click Finish


You can also accomplish this by using Powershell.  In this example, Andrew will be given full access to Craig’s mailbox:

Add-MailboxPermission -Identity Craig -User Andrew -AccessRights FullAccess

You can also use groups.  In the example below, the group called Sales Users will be given full access to Craig’s mailbox:

Add-MailboxPermission -Identity Craig -User “Sales Users” -AccessRights FullAccess

To do bulk changes, you can follow the post here (new window):  http://anonit.blogspot.com.au/2014/07/changing-exchange-2010-mailbox.html

Activesync Device Report Exchange 2010

To get a list of activesync devices for all mailboxes in organisation can be achieved using the scripts found on Brian Desmond’s blog, here:
http://briandesmond.com/blog/how-to-create-an-activesync-device-report/


You can use a single line to get the details of a specific user:
Get-Mailbox -Identity %USER% | ForEach-Object {Get-ActiveSyncDeviceStatistics -Mailbox $_.Identity}


EG:  Get the ActiveSync Statistics for user anonit:
Get-Mailbox -Identity anonit | ForEach-Object {Get-ActiveSyncDeviceStatistics -Mailbox $_.Identity}


If users have multiple devices, it may be best to use the EXPORT-CSV cmdlet.  EG:
Get-Mailbox -Identity anonit | ForEach-Object {Get-ActiveSyncDeviceStatistics -Mailbox $_.Identity} | Export-CSV ActiveSyncReport-anonit.csv

Exchange 2010 Tracking logs and Powershell

When using the EMC to search tracking logs, you cannot search with wildcards.  You can use the Exchange Shell to do this.
Get-MessageTrackingLog returns an object with the following properties and methods:

 

Name
MemberType
 Definition
—-
———-
 ———-
Equals
Method
 bool Equals(System.Object obj)
GetHashCode
Method
 int GetHashCode()
GetType
Method
 type GetType()
ToString
Method
 string ToString()
ClientHostname
Property
 System.String ClientHostname {get;}
ClientIp
Property
 System.String ClientIp {get;}
ConnectorId
Property
 System.String ConnectorId {get;}
EventData
Property
 System.Collections.Generic.KeyValuePair`2[[System.String, mscorlib, Version=2.0…
EventId
Property
 System.String EventId {get;}
InternalMessageId
Property
 System.String InternalMessageId {get;}
MessageId
Property
 System.String MessageId {get;}
MessageInfo
Property
 System.String MessageInfo {get;}
MessageLatency
Property
 System.Nullable`1[[Microsoft.Exchange.Data.EnhancedTimeSpan, Microsoft.Exchange…
MessageLatencyType
Property
 Microsoft.Exchange.Management.TransportLogSearchTasks.MessageLatencyType Messag…
MessageSubject
Property
 System.String MessageSubject {get;}
RecipientCount
Property
 System.Nullable`1[[System.Int32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
Recipients
Property
 System.String[] Recipients {get;}
RecipientStatus
Property
 System.String[] RecipientStatus {get;}
Reference
Property
 System.String[] Reference {get;}
ReturnPath
Property
 System.String ReturnPath {get;}
Sender
Property
 System.String Sender {get;}
ServerHostname
Property
 System.String ServerHostname {get;}
ServerIp
Property
 System.String ServerIp {get;}
Source
Property
 System.String Source {get;}
SourceContext
Property
 System.String SourceContext {get;}
Timestamp
Property
 System.DateTime Timestamp {get;}
TotalBytes
Property
 System.Nullable`1[[System.Int32, mscorlib, Version=2.0.0.0, Culture=neutral, Pu…
 
Given this information, we can use these properties to search tracking logs for required details.  EG:
To get a list of all emails from any address @gmail.com between the dates 10-07-14 and 15-07-14, use the following command (must use MM/DD/YYYY date format, even though regional settings are for Australia!) (one line):
Get-MessageTrackingLog –ResultSize Unlimited –Start “07-10-2014” –End “07-15-2014” | where {$_.sender –like “*@gmail.com”}
Combining this with a select-object we can get specific details about the object returned.  To show the TimeStamp, Source, Event ID, Sender, Recipients, Message Subject and Size, use the following (one line):
Get-MessageTrackingLog –ResultSize Unlimited –Start “07-10-2014” –End “07-15-2014” | where {$_.sender –like “*@gmail.com”} | Select-Object Timestamp, Source, EventID,Sender, {$_.Recipients}, MessageSubject,TotalBytes
You can also use Export-CSV to get the data into a CSV (one line):
Get-MessageTrackingLog –ResultSize Unlimited –Start “07-10-2014” –End “07-15-2014” | where {$_.sender –like “*@gmail.com”} | Select-Object Timestamp, Source, EventID,Sender, {$_.Recipients}, MessageSubject,TotalBytes | –Export-CSV –path export.csv
Search with a wildcard subject (not case sensitive) (one line):
Get-MessageTrackingLog –ResultSize Unlimited | where {$_.MessageSubject –like “*Dell*”} | Select-Object Timestamp, Source, EventID,Sender, {$_.Recipients}, MessageSubject,TotalBytes

Forward Emails in Exchange 2010

Open the Exchange Management Console

 

Expand Microsoft Exchange On-Premise and Recipient Configuration.  Select Mailbox

Right click on the mailbox you wish to forward and click Properties

Select the Mail Flow Settings tab.  Select Delivery Options and click Properties…

Select Forward To: and click Browse

Select the user you wish to forward emails to, and click OK

If you wish to send the email to the original mailbox and forward it, select Deliver message to both forwarding address and mailbox.

Click OK.

Click OK on the users Mailbox Properties

Close the Exchange Management Console

 

To do this in Powershell, Open the Exchange Management Shell and use the following commands:

Set-Mailbox –Identity “%IDENTITY%” –ForwardingAddress %ADDRESS%

eg:

Set-Mailbox –Identity “ANONIT” –FowardingAddress anonit@example.com

 

To deliver both to the mailbox and the forward address, use the –DeliverToMailboxAndForward $TRUE

eg: to deliver to ANONIT and anonit@example.com

Set-Mailbox –Identity “ANONIT” –FowardingAddress anonit@example.com –DeliverToMailboxAndForward $TRUE

Changing Exchange 2010 mailbox permissions using Powershell

I needed to give a user full control over every users mailbox in an Exchange 2010 environment.  After getting the required permissions and authority, I used the following powershell command:

get-mailbox | add-mailboxpermission -user ‘%ALIAS%’ – Accessrights ‘FullAccess’

where %ALIAS% is the alias of the user who will be given permissions to the mailbox.

EG: Bob needs access to every mailbox:

get-mailbox | add-mailboxpermission -user ‘BOB’ – Accessrights ‘FullAccess’