FAQ: Give Calendar Read Permission on all Mailboxes – PFDavAdmin

Hello Guys,

Here one more question which asked by users frequently on forums and newsgroups. “How to give calendar read permission to all users on a server?”

And answer is we can do this either with PFDavAdmin or SetPerm.

Note: This method applies on Exchange 2003 as well as on Exchange 2007.

Procedure:

• Open PFDavAdmin.
• Click File -> Connect.

• Give Exchange Server name on which you want to set Calendar Read Permission for All Mailboxes & Global Catalog Server name.
• Select All Mailboxes and Click OK.

• You can see list of all mailboxes which are available on specified Exchange server.

• You may verify existing calendar permission before our operation by expanding any of the mailbox -> Top of Information Store -> Calendar -> Right Click & Select Folder Permission.

Now, lets set the calendar permission for all mailboxes.

• Select the Mailboxes on top of all listed Mailboxes in Left pane.
• Click Tools Menu -> Select Set Calendar Permissions.

• Click OK when you get information dialog box “In the following folder permissions dialog, please configure the permissions you would like to set on the Calendar folders.”

• New Permissions window opens, click Add.
• New window opens to Choose user, click on Browse.

• Select Everyone and click OK.

Note: When you open calendar permission in outlook, you can see Default None permission where default is Everyone.

Edit (05/30/08): In Exchange/outlook – 2007 if permission is set to Free/Busy Time and you change it to reviewer which is full free/busy detail then later if you want to revert back to Free/Busy Time then that option is not available in PFDavAdmin & need to set it at individual mailbox so make sure before doing change.

 

• Select the Permissions Reviewer, click OK.

• You get an information dialog box, “You will now be represented with a permissions dialog you can use to select the entities that will be removed. The role for each entity has no effect. Any selected entities will be removed from Calendar permissions regardless of their roles.”
• Click OK in below information dialog box.

• As it has given information in previous information dialog box, you can add users if you want to remove permission from all mailboxes. (I would suggest, not to select any users until you are sure about that and you need to remove a user from all of mailboxes.)
• Click OK.

Note: As PFDavAdmin can be used to add as well as to remove calendar permission, you get this window to remove permission. Don’t misunderstood this window, if you give here Everyone Reviewer permission again to remove then you get below error.

• When you click OK in previous window, it starts giving permission to calendar of all mailbox.
• Once it is finished you can see 100 in Percentage Completed then Close window.

 

• You may verify in some of the mailbox that Everyone Reviewer permission set correctly on Calendar.

That’s all, now all users have permission to read calendar on any of the mailbox on this server.

Hope this helps you….!!!

Put your comments / reply if you like or if you have any query….

 

del.icio.us Tags: Exchange,Exchange 2003,Exchange 2007,PFDavAdmin

Technorati Tags: Exchange,Exchange 2003,Exchange 2007,PFDavAdmin

How To: Remove Header from Outgoing Mails in Exchange 2007

This is frequently asked question, how to remove header from outgoing mails.

If SMTP send session on Exchange Server does not have “Send Routing Header” permission then it will remove all “Received:” headers.

In our example, ANONYMOUS LOGON has Send Routing Header permission on Send Connector named “Internet”

Verify with ADSIEdit.msc.

ADSIEdit.MSC -> CN=Configuration -> CN=Services -> CN=Microsoft Exchange -> CN=”Organization Name” -> CN=Administrative Groups -> CN=Exchange Administrative Group -> CN=Routing Groups -> CN=Exchange routing Group -> CN=Connections -> CN=”Send Connector Name”

Run below command to remove Send Routing Headers permission from send connector.

Get-SendConnector “Connector Name” | Remove-ADPermission -AccessRight ExtendedRight -ExtendedRights “ms-Exch-Send-Headers-Routing” -user “NT AUTHORITY\Anonymous Logon”

Verify with ADSIEdit that Anonymous Logon is removed.

Now, ANONYMOUS LOGON has NOT Send Routing Header permission on Send Connector named “Internet” so it doesn’t send internal header to internet.

Note: After removing permission you need to restart Microsoft Exchange Transport Service to get effective.

 

 

How To: Revert the Permission:

Now if you want to revert it back at some point of time like, management decided to send header info to internet then you can add the permission back.

Method 1: With PowerShell

Run below command to add Send Routing Headers permission back on send connector.

Get-SendConnector “Connector Name” | Add-ADPermission -AccessRight ExtendedRight -ExtendedRights “ms-Exch-Send-Headers-Routing” -user “NT AUTHORITY\Anonymous Logon”

You can verify with ADSIEdit that Anonymous Logon is added back.

Method 2: With ADSIEdit

Open ADSIEdit and go to below path and find your send connector which sends mail to internet.

ADSIEdit.MSC -> CN=Configuration -> CN=Services -> CN=Microsoft Exchange -> CN=”Organization Name” -> CN=Administrative Groups -> CN=Exchange Administrative Group -> CN=Routing Groups -> CN=Exchange routing Group -> CN=Connections -> CN=”Send Connector Name”

Right click on the connector, select the properties, in the Security tab, Add ANONYMOUS LOGON.

Select Send Routing Headers Allow Permission and click OK… and close ADSIEdit.

Permission is back and Send connector sends header to internet.

Note: After doing this operation you need to restart Microsoft Exchange Transport Service to get effective.

Hope this helps…!!!

 

Reference : Understanding Header Firewall

http://technet.microsoft.com/en-us/library/bb232136(EXCHG.80).aspx

 

Technorati Tags: Exchange,Exchange 2007,PowerShell

del.icio.us Tags: Exchange,Exchange 2007,PowerShell

FAQ: Find all users with Forwarding Address is set

This is most commonly asked question, how to get list of user with forwarding address is set.

Exchange 2003:

In native Exchange 2003 you can do a custom search in Active Directory Users & Computers to find all users with forwarding address is set with some internal or external address.

(objectClass=*)(altrecipient=*)

Example: I have set a forwarding address for User 32 to forward all mails to User 31.

Now find it with Custom Search.

Active Directory Users & Computers -> Find -> Select Custom Search -> Enter (objectClass=*)(altrecipient=*) in LDAP Query Text Box -> Click Find Now.

Exchange 2007:

If Exchange 2007 is in native mode or co-existence with Exchange 2003 then you can use PowerShell to find the same thing.

Get-Mailbox | Where {$_.ForwardingAddress -ne $null} | Select Name, ForwardingAddress, DeliverToMailboxAndForward

Example: I have set a forwarding address for User 22 to forward all mails to User 21.

Now find it with PowerShell.

Note: PowerShell gives all users who are on Exchange 2007 as well as Exchange 2003. You can see the Exchange Version in below screen.

Hope this helps you guys!!! Put your comments…!!!

 

del.icio.us Tags: Exchange,Exchange 2003,Exchange 2007,PowerShell

Technorati Tags: Exchange,Exchange 2003,Exchange 2007,PowerShell

Move Committed Exchange Transaction Logs

When your Exchange Transaction Logs drive run out of space then first thing you think about movement of committed log files to another drive where server has space so here is the way…!!

Note: If you move committed logs then you cannot perform incremental backup and need to take full backup.

To perform this operation you need Microsoft Exchange Troubleshooting Assistance tool.

Download: http://www.microsoft.com/downloads/details.aspx?familyid=4bdc1d6b-de34-4f1c-aeba-fed1256caf9a&displaylang=en

It is inbuilt tools in Exchange 2007 and available in Toolbox “Database Recovery Management”.

You need to install it manually in Exchange 2003.

After installation you can find it under Programs -> Microsoft Exchange -> Troubleshooting Assistant

Select Check for updates on startup (recommended) and click on Check for update now.

If no updates are available then Select Go to Welcome Screen.

Click on Select a Task.

Select Database Recovery Management.

Note: As discussed earlier, in Exchange 2007 you can directly select Database Recovery Management in Toolbox.

Give identifying label for this activity & Server name.

Click on Show Advance logon options if you want to give alternate credential.

Click Next.

It retrieves Exchange Server Information from Active Directory.

Click on Analyze log drive space.

It gives you Transaction log Drive Statistics.

You can see some important fact about your server…

• Available log disk space.
• Logs (GB).
• Average daily log generation rate.
• Estimated days to run before exhausting current log drive space.

Click on Select a storage group for log move.

Select the storage group(s) to move log files.

Click on Confirm the log move options.

You can see below things…

• Log File Name for Current Checkpoint
• Number of Removable Logs
• Recoverable Space (GB)

Select a Path where you want to move log files.

Click Perform Move Log Action.

It starts copying and removing logs operation.

Once it is finished, you can see the message, Successfully Copied the log files to new location and removed the logs.

Click on Go back to task center & Close Microsoft Exchange Troubleshooting Assistant.

Note : Make sure that you take backup after completion of this.

Hope this helps you…!!! Put your comments…!!!

 

del.icio.us Tags: Exchange,Exchange 2007,Tools

Technorati Tags: Exchange,Exchange 2007,Tools

IceRocket Tags: Exchange,Exchange 2007,Tools

Exchange 2007 Database Portability

Database Portability is a new feature of Exchange 2007 and it allows us to mount the exchange database on any of the exchange servers in same organization. Yes, database is portable.

In Exchange 2003 or earlier version it was possible in below conditions only.

• Server Name should be same.
• In Recovery storage group.
• Another server in the same administrative group (This required some additional precautions)

In Exchange 2007 only one restriction is there.

• Database should be moved to server which is in same Exchange Organization.

Note: Public Folder database cannot move. It can be moved by replicating to another server instead of using portability feature.

As per Microsoft, movement is supported when destination Server has equal or higher version of Windows & service pack level of Exchange 2007.

Permission Required: Exchange Server Admin & Local Server Administrator

Procedure to Move Database

In our example, we move the database from "ATS-Exch701\First Storage Group\Mailbox Database" to New store "ATS-Exch701\Third Storage Group\TMBS" on the same server (since I have only one server in test environment but it should be same while moving to different server)

I have below users in Mailbox Database.

• The first step is to verify DB state and it should show Clean Shutdown.

You can run eseutil /mh <Database Path.EDB> to verify it.

eseutil /mh "C:\Program Files\Microsoft\Exchange Server\Mailbox\First Storage Group\Mailbox Database.edb"

• Create a new mailbox database in the destination server but don’t mount it.

New-MailboxDatabase -StorageGroup <Server_Name>\<StorageGroup_Name> -Name <Database Name>

New-MailboxDatabase -StorageGroup "ATS-Exch701\Third Storage Group" -Name "TMBS"

You can create via Exchange Management Console or can verify after creation.

• Set the “This database can be over written by restore” attribute.

Set-MailboxDatabase <Database Name> -AllowFileRestore:$true

Set-MailboxDatabase "TMBS" – AllowFileRestore:$True

You can verify in GUI.

 

• Move the database files (.edb files, log files, and Exchange Search catalog) to the destination location.

Edit (06/09/2007) : You can copy & paste all files to new destination location and rename the edb file to new destination name.

Destination location can be checked with below command where we need to move our source database.

Get-MailboxDatabase "TMBS" | FL Name, EDBFilePath

• Mount the Database.

Mount-Database <Database Name>

Mount-Database "TMBS"

After this point if you try to open mailboxes then you won’t be able to access it because Mailbox location is still pointing to old database path in Active Directory.

 

• Now its time to change the configuration of user account settings to point this new server and database.

Get-Mailbox -Database “NAME-OF-SERVER1\DATABASE-NAME” |where {$_.ObjectClass -NotMatch ‘(SystemAttendantMailbox|ExOleDbSystemMailbox)’}| Move-Mailbox -ConfigurationOnly -TargetDatabase “NAME-OF-SERVER2\DATABASE-NAME”

Get-Mailbox -Database “ATS-Exch701\Mailbox Database" |where {$_.ObjectClass -NotMatch ‘(SystemAttendantMailbox|ExOleDbSystemMailbox)’}| Move-Mailbox -ConfigurationOnly -TargetDatabase “ATS-Exch701\TMBS”

You can also verify in Console.

 

After Active Directory replication users will be able to access their Mailboxes.

• Outlook 2007 clients should be redirected automatically because of the auto discovery service.
• For Outlook 2003 clients, user needs to manually change the server of mailbox to new name.
• Outlook Web Access users will be automatically redirected to the new server.

Put your comments guys..

 

Reference:
Database Portability
http://technet.microsoft.com/en-us/library/bb123954(EXCHG.80).aspx

 

del.icio.us Tags: Exchange,Exchange 2007,PowerShell

Technorati Tags: Exchange,Exchange 2007,PowerShell

LiveJournal Tags: Exchange,Exchange 2007,PowerShell