Exchange Server Share

… Information sharing on Exchange Server …

Posts Tagged ‘Exchange 2003

Shared Mailbox added in outlook profile but, where will Sent Item be saved?

There is a common query across everywhere, when we add a shared mailbox in outlook profile and sending a mail from that account (using Send-As or Send On Behalf of) by specifying it in From field, mail item will be saved into ‘Sent Item’ of primary mailbox instead of ‘Sent Item’ folder of shared mailbox as per normal behaviour of Outlook.

Something like when I opened ‘Support’ mailbox in my outlook profile as an additional mailbox and sending mail from ‘Support’ mailbox by specifying it into From field. It will be saved into ‘Sent Item’ of Amit Tank’s mailbox and not in Sent Item of ‘Support’ mailbox.!!

So how do we configure it to be saved into Sent Item of Shared mailbox by default? So far we had to use some third-party utility like IvaSoft Unisent but now Microsoft has given an easy solution for it.

Solution:

Outlook 2007: Microsoft has released an Outlook 2007 hotfix package dated June 30, 2009 to resolve certain issues and this issue is addressed in that list.

So Install this hotfix package and add a registry key to make it enable.

1. Hotfix: Description of the Outlook 2007 hotfix package (Outlook.msp): June 30, 2009

2. Set below registry key as per KB972148 to enable this functionality.

[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Preferences]
"DelegateSentItemsStyle"=dword:00000001

Voila! Now all mails, sent from shared mailbox account, are being saved into ‘Sent Item’ of shared mailbox.

Update:

Outlook 2003: Similar hotfix KB953803 requires to be installed for Outlook 2003 and add the registry key mentioned in KB953804 to enable this functionality.

Advertisements

Written by Amit Tank

July 15, 2009 at 9:23 pm

How to: Setup Read Only Mailbox in Exchange 2003/2007

This is frequently asked question, “How to setup Read-only Mailbox?” or “How to give Read-Only permission to access mailbox?” in Exchange 2003/2007. Procedure is tricky but moderately possible.

We have two places where we can give minimum permission to access any mailbox. Refer below article at MS Exchange Team blog for more details.
Minimum permissions necessary to access mailbox data

  1. Active Directory Mailbox ACLs – Full Mailbox Permission requires in the mailbox ACLs at Active Directory level to access mails, so this is not correct place where we can configure Read-Only permission.
  2. MAPI Folder Permissions – This is the correct place for our requirement. Let’s discuss how to do so.

As always let’s take an example. I am owner of mailbox called “Support” mailbox and I have Full Mailbox Access on it. Now I want to share Support mailbox with any user or a set of users (in from of group) but as a Read-Only and don’t want to allow them deleting any items inside.

If you are selecting a group to configure permission then it should be Mail Enabled Security group. If you are using distribution group to assign permission then it gives you an error while assigning permission in Outlook. It is always recommended to use security group while assigning permissions.

Let’s say I am going use “#Support Team”  Mail Enabled Security group to assigned read only permission on “Support” mailbox hence member of “#Support Team” will be able to open it.

 

 

Now to open any mailbox and view all folders inside it, we need to give MAPI permission starting from Top of the Mailbox object “Mailbox – <Mailbox Display Name>” in Outlook.

1. Right Click on “Mailbox – Support” and click “Change Sharing Permission…” (“Sharing…” if you are using Outlook 2003).

2. Click on Add and select “#Support Team” from GAL, give at least “Folder
Visible” (or you can also give Reviewer) permission to view all mailbox folders.

 

3. Now, Right click on “Inbox” and click on “Change Sharing Permission…” or “Sharing…”.

4. Click “Add”  and select the “#Support Team” from GAL and give “Reviewer” permission.

Follow step 3 & 4 for all folders which you want to share with group.

Sheldon Labrooy is one of the member of “#Support Team”.

 

So Sheldon can add “Support” mailbox into Outlook profile by going to Tools –> Account Settings –> Change Email Account –> More Settings –> Advance Tab –> Click Add in “Mailboxes – Open these additional Mailboxes:” and select Support mailbox.

 

 

Sheldon can see all items available in Support mailbox and he will be able to Reply or Forward.

But he is not allowed to Delete or Move any items in it.

  

Its pretty simple to add and open any mailbox in Outlook but how to open it in OWA? Reason is OWA requires Full Mailbox access to open full content of OWA site, otherwise it gives an error telling that you don’t have permission to access mailbox, so what you can do in Read-Only mailbox case?

Sometime back I discussed how to open shared calendar in OWA and user can use same method here to open “Inbox” of any read only mailbox.

User can use below direct links for respective folders and give their own user id and password to open it in OWA.

Inbox https://<FQDN of server>/owa/<smtpaddress>/?cmd=contents
Subfolder of Inbox https://<FQDN of server>/owa/<smtpaddress>/?cmd=contents&f=inbox%2fSubFolder
Calendar https://<FQDN of server>/owa/<smtpaddress>/?cmd=contents&module=calendar
Contacts https://<FQDN of server>/owa/<smtpaddress>/?cmd=contents&module=Contacts
Tasks https://<FQDN of server>/owa/<smtpaddress>/?cmd=contents&module=Tasks

Written by Amit Tank

July 7, 2009 at 9:52 pm

How To: Open Shared Calendar in OWA

Sometime back I posted an article about how to “Give Calendar Read Permission on all Mailboxes” in your environment and anyone can open anybody’s calendar in Outlook easily if it is shared but how can anyone open in OWA? Let’s discuss the caveats in detail…

Let’s take an example, Sheldon Labrooy shared his calendar with me (Amit Tank) and I got a sharing invitation.

image

I can open his calendar by clicking on “Open this Calendar” button on top of the mail or with help of “Open a Shared Calendar”.

image 

But there isn’t any option to open Sheldon Labrooy’s calendar in OWA.

image

If I try to open his mailbox in “Open Other Mailbox”,…

image

I got an error that you don’t have permission to open this mailbox.

Pretty clear, he has shared only Calendar folder of his mailbox but not Full Mailbox.

image

When we try to open somebody else’s mailbox in OWA, OWA main web page has all modules (Mailbox, Calendar, Tasks, Notes, other options etc) listed and Exchange tries to check full mailbox permission which we don’t have and get permission error.

Hummm, to open other’s mailbox in OWA we need to have explicit “Full Mailbox” permission on that mailbox, very well explained in below article.

How to Open Another User’s Calendar in Outlook Web Access

When user or admin shares a calendar, it gives “Reviewer” MAPI Folder permission on just Calendar folder.

So how do we open shared mailbox in OWA, what’s the hack?

Instead of opening main page of OWA why don’t we directly open just calendar module part, and here are the links to open just calendar in various views…

Views Links
Calendar View – Default – Daily https://<server name>/owa/<SMTP address>/?cmd=contents&module=calendar
Calendar View – Daily https://<server name>/owa/<SMTP address>/?cmd=contents&f=Calendar&view=Daily
Calendar View – Weekly https://<server name>/owa/<SMTP address>/?cmd=contents&f=Calendar&view=Weekly
Calendar View – Daily – Specific Date by specifying Date, Month and Year

https://<server name>/owa/<SMTP address>/?cmd=contents&f=Calendar&view=Daily&d=3&m=7&y=2009

Where…

d=[1-31]
m=[1-12]
y=[four digit year]

Let’s see all examples here…

https://Ess-Exch701/owa/Sheldon.Labrooy@ExchangeShare.info/?cmd=contents&module=calendar

image

https://Ess-Exch701/owa/Sheldon.Labrooy@ExchangeShare.info/?cmd=contents&module=calendar&view=Weekly

image 

https://Ess-Exch701/owa/Sheldon.Labrooy@ExchangeShare.info/?cmd=contents&module=calendar&view=Daily&d=2&m=7&y=2009

image

Written by Amit Tank

June 15, 2009 at 1:09 pm

Exchange 2007 & Display Name Format

Here is another good question asked on TechNet forum about “Exchange 2007 & Display Name” – How to change the display name format from <First Name> <Initial> <Last Name> to <Last Name>, <First Name> <Initial> in Exchange 2007 user/mailbox creation process?”

 

Let’s start with some Exchange 2003 background…

Exchange 2003:

We use Active Directory Users & Computers (ADU&C) to create users/mailboxes. By default name & display name formats are “<First Name> <Initial>. <Last Name>” in ADU&C creation process but it can be changed to “<Last Name>, <First Name> <Initial>” by setting createDialog attribute of the user-Display object under CN=DisplaySpecifiers, CN=409 object (409 represent U.S. English language) in the configuration naming context by using ADSIEDIT.msc to value %<sn>, %<givenname> %<initials>.

Procedure is explained here: How to change display names of Active Directory users

image

After setting createDialog value while creating user/mailbox when we enter First name, Last name & Initials fields, it takes Full name in <Last Name>, <First Name> <Initial> format automatically (we don’t have to enter it manually) .

image

Display name sets same as Full Name automatically when you create any users.

image

 

Now, let’s talk about Exchange 2007.

Exchange 2007:

When we create mailbox for new user in Exchange Server 2007 Exchange Management Console, it does not recognize the value of the createDialog attribute of user-Display object of a displaySpecifier class and stays with default format <FN> <I> <LN>.

Dave explained here that it is by design and limitation of EMC. Workaround is to create users with ADU&C MMC and later create mailboxes for those users with EMC.

Changing the display name of active directory users.

 

Now, some questions come here…

1. How do I change Name & Display Name of existing users, if I already created some of the users with EMC?

Here is an example where users are already created in <FN> <I>. <LN> format with Exchange 2007 – EMC.

image

You don’t have to worry about changing all those one by one since PowerShell is your friend. Here is the script which changes the name & display name format of all mailbox users to <LN>, <FN> <I>.

To run PowerShell scripts you need to change Execution Policy in EMS.

Go to Exchange Management Shell and execute below command to set execution policy so you can run the ps1 scripts.

Set-ExecutionPolicy RemoteSigned

image

Now, save below script in C:\Scripts\Pre-Users.ps1 file.

=====================Pre-User.ps1=====================

# Pre-Users.ps1 - Change the name & display name of existing users.
# Created by - Amit Tank
$Users = Get-User -ResultSize unlimited | where {$_.RecipientTypeDetails -eq "UserMailbox"}
ForEach ($User in $Users)
{
$DName = $User.LastName + ", " + $User.FirstName + " " + $user.Initials
$DName = $Dname.Trim()
Set-User $User -Name $DName -DisplayName $DName
Get-User $User | FT Name, DisplayName
$DName = $Null
}

image

Go to Exchange Management Shell and execute the script with ./Pre-Users.ps1 command.

image 

Well, all Name & Display Name are set in <LN>, <FN> <I> format.

Depending on the format of Room/Shared mailboxes in your organization you can change name & display name of those also. You need to change below line in the script based on your requirement.

$Users = Get-User -ResultSize unlimited | where {$_.RecipientTypeDetails
-eq “RoomMailbox”}

$Users = Get-User -ResultSize unlimited | where {$_.RecipientTypeDetails
-eq “SharedMailbox”}

2. What should I do if I want to create users/mailboxes with EMC/EMS with  correct format?

EMC:

Make a practice or document it in user/mailbox creation process manual of your organization that “Name” filed should be given in <LN>, <FN> <I> format manually (EMC sets Display Name same as a Name).

image

image

EMS:

Same as EMC, Make a practice or document it in user/mailbox creation process manual of your organization that “Name” & “Display Name” should be given in <LN>, <FN> <I> format by specifying -Name & -DisplayName switches.

New-Mailbox -Alias HWood -Database “First Storage Group\Mailbox Database” -Name “Wood, Haley V” -OrganizationalUnit “ESS-Test.com/Users” -FirstName Haley -LastName Wood -Initial V -DisplayName “Wood, Haley V” -UserPrincipalName HWood@ESS-Test.com

image

3. How do I make sure that new users/mailboxes will be created with correct format?

Well, you can schedule a PowerShell script which runs every night and verifies the mailboxes which are created in last 24 hours and correct the format if it is not in correct one.

Create below two files in C:\Scripts folder on your Exchange server.

=============UserName.CMD=============

Powershell -command "& {C:\Scripts\UserName.ps1 }"

 

image

=====================UserName.PS1=====================

# UserName.ps1 - Change the name & display name of users which are created in last 24 hours.
# Created by - Amit Tank
 
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin
 
$Users = Get-User -ResultSize Unlimited | where {($_.WhenCreated -gt (get-date).adddays(-1)) -and ($_.RecipientTypeDetails -eq "UserMailbox")}
ForEach ($User in $Users)
{
$DName = $User.LastName + ", " + $User.FirstName + " " + $user.Initials
$DName = $Dname.Trim()
Set-User $User -Name $DName -DisplayName $DName
Get-User $User | FT Name, DisplayName
$DName = $Null
}

image

Now create a Task in windows task scheduler to run this script at 12:00AM midnight.

image

All set, now this automation will take care about newly created mailboxes every night.

eg. I have below user created with wrong name & display name format which has taken care by this midnight scheduled script.

image

image

You may also add a code in PowerShell script to trigger a mail to administrator for the confirmation that script has run and changed the display names successfully.

Written by Amit Tank

August 17, 2008 at 3:34 pm

Find Exceptional Mailboxes in Exchange Environment

In Exchange 2003, we are using Active Directory Users & Computers to find some of the exceptional users/mailboxes up to certain level (may be with custom LDAP query) in the environment but in Exchange 2007 Management Console we have certain limitations to find it but there PowerShell helps you.

In Exchange 2007 Management Console we can filter recipients for below attributes and values are matching, available or unavailable.

image

ActiveSynch Mailbox Policy
Alias
City
Company
Country/Region
Custom Attribute 1-15
Database
Department
Display Name
E-Mail Addresses
First Name
Last Name

Managed Folder Mailbox Policy
Name
Office
Postal Code
Recipient Type Details
Server
State Or Province
UM Enabled
Unified Messaging Mailbox Policy
User logon name (pre-Windows 2000)
User logon name (User Principal Name)

But how do we find find below exceptional users/mailboxes in Exchange environment?

  1. All users with Forwarding Address is set.
  2. All mailboxes with quota limit is NOT set to default.
  3. All users set as hidden in GAL.
  4. All users whose mail item retention period is NOT default.
  5. All users who has some “Send on Behalf Of” set.
  6. All mailboxes with antispam bypass is set.
  7. All mailboxes with rules quota increased.

Let’s discuss one by one in detail for Exchange 2007 as well as in Exchange 2003 with an example.

1. Find all users with Forwarding Address is set.

Please refer my previous post FAQ: Find all users with Forwarding Address is set

2. Find all mailboxes with quota limit is NOT set to default.

Exchange 2003:

Custom LDAP Search: (mailNickname=*)(mDBUseDefaults=FALSE)

Example: I have set mailbox quota limit of User 32 manually.

image

Now find it with Custom LDAP Search.

Active Directory Users & Computers -> Find -> Select Custom Search -> Enter (mailNickname=*)(mDBUseDefaults=FALSE) in LDAP Query Text Box -> Click Find Now.

image

Exchange 2007:

PowerShell Command: Get-Mailbox | Where {$_.UseDatabaseQuotaDefaults -eq $false} | Select Name, IssueWarningQuota, ProhibitSendQuota, ProhibitSendReceiveQuota

Example: I have set mailbox quota of User 22 manually.

image

Now find it with PowerShell.

image

3. Find all users set as hidden in GAL.

Exchange 2003:

Custom LDAP Search: (objectClass=*)(msExchHideFromAddressLists=*)

Example: I mark hide User 32 from Exchange Address Lists.

image

Now find it with Custom Search.

Active Directory Users & Computers -> Find -> Select Custom Search -> Enter (objectClass=*)(msExchHideFromAddressLists=*) in LDAP Query Text Box -> Click Find Now.

image

Note: Here in LDAP query is set to objectClass=* so it gives all hidden object, if you select objectClass=user then it gives only users. 

Exchange 2007:

PowerShell Command: Get-Mailbox | Where {$_.HiddenFromAddressListsEnabled -eq $True} | Select Name, HiddenFromAddressListsEnabled

Example: I mark hide User 22 from Exchange Address Lists.

image

Now find it with PowerShell.

image

4. Find all users whose mail item retention period is NOT default.

Exchange 2003:

Custom LDAP Search : (objectClass=*)(deletedItemFlags=*)

Example : I set custom retention period for mail items on User 32.

image

Now find it with Custom Search.

Active Directory Users & Computers -> Find -> Select Custom Search -> Enter (objectClass=*)(deletedItemFlags=*) in LDAP Query Text Box -> Click Find Now.

image

Exchange 2007:

PowerShell : Get-Mailbox | Where {$_.UseDatabaseRetentionDefaults -eq $False} | Select Name, UseDatabaseRetentionDefaults

Example: I set custom retention period for mail items on User 22.

image

Now find it with PowerShell.

image

5. Find all users who has some “Send on Behalf Of” set.

Exchange 2003:

Custom LDAP Search: (objectClass=*)(publicDelegates=*)

Example: I grant Send On Behalf Of for User 32.

image

Now find it with Custom Search.

Active Directory Users & Computers -> Find -> Select Custom Search -> Enter (objectClass=*)(publicDelegates=*) in LDAP Query Text Box -> Click Find Now.

image

Exchange 2007:

PowerShell : Get-Mailbox | Where {$_.GrantSendOnBehalfTo -ne $null} | Select Name, GrantSendOnBehalfTo

Example: I grant Send On Behalf Of for User 22.

image

Now find it with PowerShell.

image

6. Find all mailboxes with antispam bypass is set.

This is new feature of Exchange 2007.

Exchange 2007:

PowerShell: Get-Mailbox | Where {$_.AntispamBypassEnabled -eq $True} | Select Name, AntispamBypassEnabled

Example: I have set to bypass the antispam for User 22.

image

Now find it with PowerShell.

image

7. All mailboxes with rules quota increased.

This is new feature of Exchange 2007.

Exchange 2007:

PowerShell: Get-Mailbox | Where {$_.RulesQuota -ne "64KB"} | Select Name, RulesQuota

Example: I increased Rule Quota for User 22.

image

Now find it with PowerShell.

image

 

Note: You would have seen that Powershell command can handle Exchange 2003 queries also so in co-existing environment it is very easy with PowerShell cmdlets and scripts to generate this kind of reports.

==========================================================

Written by Amit Tank

June 11, 2008 at 4:02 pm