OWA login without Domain Name

It has been asked so many times in newsgroups/forums to change the OWA login from “Domain\UserName” to just “User Name”. This is useful when you have Single Domain Exchange environment.

This task was difficult in Exchange 2003 since IIS uses DS2MB (Directory Services to MetaBase) process to sync with AD but in Exchange 2007 it is quite easy.

Have a look of OWA before procedure:

Now let’s change it through EMC.

• Select Client Access in Server Configuration & click on the Outlook Web Access tab.

• Select owa (Default Web Site) and click the Properties.
• Select Authentication tab.
• Under Use forms-based authentication: select User name only
• Click Browse and select the domain name, in my case it is ATS-Test.com.
• Click OK.

• Click Apply & OK, you get a warning that you need to restart the IIS to make these changes effective.

 

• Issue IISRESET /NOFORCE command in cmd prompt or in PowerShell to restart IIS.

Let’s change it through EMS (PowerShell)

There is always a way to do same task through EMS which we do in EMC.

Use below command to change the OWA settings.

Set-OWAVirtualDirectory -Identity "owa (default web site)" -LogonFormat username -DefaultDomain “Your Domain Name”

Set-OWAVirtualDirectory -Identity "owa (default web site)" -LogonFormat username -DefaultDomain ATS-Test.com

Then run IISRESET /NOFORCE to restart IIS.

After making these changes you can login into OWA by giving just “User name” instead of “Domain\User Name”.

Look of OWA after changes:

 

 

==========================================================

Technorati Tags: Exchange,Exchange 2007,OWA

del.icio.us Tags: Exchange,Exchange 2007,OWA

LiveJournal Tags: Exchange,Exchange 2007,OWA

Find Exceptional Mailboxes in Exchange Environment

In Exchange 2003, we are using Active Directory Users & Computers to find some of the exceptional users/mailboxes up to certain level (may be with custom LDAP query) in the environment but in Exchange 2007 Management Console we have certain limitations to find it but there PowerShell helps you.

In Exchange 2007 Management Console we can filter recipients for below attributes and values are matching, available or unavailable.

ActiveSynch Mailbox Policy Alias City Company Country/Region Custom Attribute 1-15 Database Department Display Name E-Mail Addresses First Name Last Name

Managed Folder Mailbox Policy Name Office Postal Code Recipient Type Details Server State Or Province UM Enabled Unified Messaging Mailbox Policy User logon name (pre-Windows 2000) User logon name (User Principal Name)

But how do we find find below exceptional users/mailboxes in Exchange environment?

1. All users with Forwarding Address is set.
2. All mailboxes with quota limit is NOT set to default.
3. All users set as hidden in GAL.
4. All users whose mail item retention period is NOT default.
5. All users who has some “Send on Behalf Of” set.
6. All mailboxes with antispam bypass is set.
7. All mailboxes with rules quota increased.

Let’s discuss one by one in detail for Exchange 2007 as well as in Exchange 2003 with an example.

1. Find all users with Forwarding Address is set.

Please refer my previous post FAQ: Find all users with Forwarding Address is set

2. Find all mailboxes with quota limit is NOT set to default.

Exchange 2003:

Custom LDAP Search: (mailNickname=*)(mDBUseDefaults=FALSE)

Example: I have set mailbox quota limit of User 32 manually.

Now find it with Custom LDAP Search.

Active Directory Users & Computers -> Find -> Select Custom Search -> Enter (mailNickname=*)(mDBUseDefaults=FALSE) in LDAP Query Text Box -> Click Find Now.

Exchange 2007:

PowerShell Command: Get-Mailbox | Where {$_.UseDatabaseQuotaDefaults -eq $false} | Select Name, IssueWarningQuota, ProhibitSendQuota, ProhibitSendReceiveQuota

Example: I have set mailbox quota of User 22 manually.

Now find it with PowerShell.

3. Find all users set as hidden in GAL.

Exchange 2003:

Custom LDAP Search: (objectClass=*)(msExchHideFromAddressLists=*)

Example: I mark hide User 32 from Exchange Address Lists.

Now find it with Custom Search.

Active Directory Users & Computers -> Find -> Select Custom Search -> Enter (objectClass=*)(msExchHideFromAddressLists=*) in LDAP Query Text Box -> Click Find Now.

Note: Here in LDAP query is set to objectClass=* so it gives all hidden object, if you select objectClass=user then it gives only users. 

Exchange 2007:

PowerShell Command: Get-Mailbox | Where {$_.HiddenFromAddressListsEnabled -eq $True} | Select Name, HiddenFromAddressListsEnabled

Example: I mark hide User 22 from Exchange Address Lists.

Now find it with PowerShell.

4. Find all users whose mail item retention period is NOT default.

Exchange 2003:

Custom LDAP Search : (objectClass=*)(deletedItemFlags=*)

Example : I set custom retention period for mail items on User 32.

Now find it with Custom Search.

Active Directory Users & Computers -> Find -> Select Custom Search -> Enter (objectClass=*)(deletedItemFlags=*) in LDAP Query Text Box -> Click Find Now.

Exchange 2007:

PowerShell : Get-Mailbox | Where {$_.UseDatabaseRetentionDefaults -eq $False} | Select Name, UseDatabaseRetentionDefaults

Example: I set custom retention period for mail items on User 22.

Now find it with PowerShell.

5. Find all users who has some “Send on Behalf Of” set.

Exchange 2003:

Custom LDAP Search: (objectClass=*)(publicDelegates=*)

Example: I grant Send On Behalf Of for User 32.

Now find it with Custom Search.

Active Directory Users & Computers -> Find -> Select Custom Search -> Enter (objectClass=*)(publicDelegates=*) in LDAP Query Text Box -> Click Find Now.

Exchange 2007:

PowerShell : Get-Mailbox | Where {$_.GrantSendOnBehalfTo -ne $null} | Select Name, GrantSendOnBehalfTo

Example: I grant Send On Behalf Of for User 22.

Now find it with PowerShell.

6. Find all mailboxes with antispam bypass is set.

This is new feature of Exchange 2007.

Exchange 2007:

PowerShell: Get-Mailbox | Where {$_.AntispamBypassEnabled -eq $True} | Select Name, AntispamBypassEnabled

Example: I have set to bypass the antispam for User 22.

Now find it with PowerShell.

7. All mailboxes with rules quota increased.

This is new feature of Exchange 2007.

Exchange 2007:

PowerShell: Get-Mailbox | Where {$_.RulesQuota -ne "64KB"} | Select Name, RulesQuota

Example: I increased Rule Quota for User 22.

Now find it with PowerShell.

 

Note: You would have seen that Powershell command can handle Exchange 2003 queries also so in co-existing environment it is very easy with PowerShell cmdlets and scripts to generate this kind of reports.

==========================================================

IceRocket Tags: Exchange,Exchange 2003,Exchange 2007,PowerShell

del.icio.us Tags: Exchange,Exchange 2003,Exchange 2007,PowerShell

Technorati Tags: Exchange,Exchange 2003,Exchange 2007,PowerShell

Curious to see where Free/Busy permission stored in Mailbox..!!

Some basic information of Free/Busy in Exchange 2007…

Autodiscover service helps Outlook 2007 to locate various Web services, like Availability services, Unified Messaging, Offline Address Book and Availability service retrieves the Free/Busy information for Outlook 2007 / OWA 2007.

The Availability service is part of the Exchange 2007 programming interface and available as a public Web service which allows developers to built custom tools as per requirement so in other way it allows to access mailbox contents via HTTP.

New Free/Busy Permission in Outlook 2007

We can see some new calendar rights in Outlook 2007 which allows users to see limited or full Free/Busy details. These permissions are stored in user’s mailbox.

None
Free/Busy time
Free/Busy time, subject, location
Full Detail (This is “Reviewer” permission)

Now let’s see where Free/Busy permission stored….!!!

Open the mailbox of Ex Admin account in MFCMapi on a machine where Outlook 2007 installed and configured with profile.

Go to the Root Container -> Top of Information Store -> Calendar.

In right hand side property list you can see a new security descriptor property PR_FREEBUSY_NT_SECURITY_DESCRIPTOR and Free/Busy permission stored as a value of this property.

Right Click on PR_FREEBUSY_NT_SECURITY_DESCRIPTOR and click on Display property as a Security Descriptor Prop Sheet…

 

Here,

Simple FreeBusy = Free/Busy time

Detailed FreeBusy = Free/Busy time, subject, location

In Outlook we can see that by default Free/Busy time permission is set for “Default”.

You can see here Everyone (which is Default in outlook) is set to Allow - Simple FreeBusy so everybody in the organization can see the free/busy time of anybody.

Secondly in outlook we can see that by default None permission is set for “Anonymous”.

You can see here ANONYMOUS LOGON (which is Anonymous in outlook) is set to Deny – Simple FreeBusy & Detailed FreeBusy so unauthenticated users can not see free/busy information.

Now lets access it in another way which gives us raw value and it is understandable by MAPI developer.

Right Click on PR_FREEBUSY_NT_SECURITY_DESCRIPTOR and click on Parse Property as Structure.

& pick the Security Descriptor structure to interpret.

You can see the value of this property in Security Descriptor structure.

Here..

frightsFreeBusySimple = Free/Busy time

frightsFreeBusyDetailed = Free/Busy time, subject, location

Thanks to Stephen Griffin who shared this information with us and also explained how to access/change it programmatically.

Note: Incorrect use of MFCMapi may give very bad result and mailbox may be inaccessible so take care while using it.

========================================================

Technorati Tags: Exchange,Exchange 2007,Free/Busy

del.icio.us Tags: Exchange,Exchange 2007,Free/Busy

IceRocket Tags: Exchange,Exchange 2007,Free/Busy