- Access Rights
- InheritanceTypes
- Import Profile Picture
- AD settings
- Forwarding
- Auto-Reply message
- Mailbox Permissions
- Mailbox Search
- Logging
- Sizing
- Move Mailbox
- DAG/Cluster stuff
Access Rights
The Access Rights parameters are as below:
ReadItems: The user has the right to read items within the specified folder.
CreateItems: The user has the right to create items within the specified folder.
EditOwnedItems The user has the right to edit the items that the user owns in
the specified folder.
DeleteOwnedItems The user has the right to delete items that the user owns
in the specified folder.
EditAllItems The user has the right to edit all items in the specified folder.
DeleteAllItems The user has the right to delete all items in the specified folder.
CreateSubfolders The user has the right to create subfolders in the specified folder.
FolderOwner The user is the owner of the specified folder. The user has the right to
view and move the folder and create subfolders. The user can’t
read items, edit items, delete items, or create items.
FolderContact The user is the contact for the specified public folder.
FolderVisible The user can view the specified folder, but can’t read or edit items
within the specified public folder.
The Roles with which we can provide the access rights are as below:
None FolderVisible
Owner CreateItems, ReadItems, CreateSubfolders, FolderOwner, FolderContact,
FolderVisible, EditOwnedItems, EditAllItems, DeleteOwnedItems,
DeleteAllItems
PublishingEditor CreateItems, ReadItems, CreateSubfolders, FolderVisible,
EditOwnedItems, EditAllItems, DeleteOwnedItems, DeleteAllItems
Editor CreateItems, ReadItems, FolderVisible, EditOwnedItems, EditAllItems,
DeleteOwnedItems, DeleteAllItems
PublishingAuthor CreateItems, ReadItems, CreateSubfolders, FolderVisible,
EditOwnedItems, DeleteOwnedItems
Author CreateItems, ReadItems, FolderVisible, EditOwnedItems, DeleteOwnedItems
NonEditingAuthor CreateItems, ReadItems, FolderVisible
Reviewer ReadItems, FolderVisible
Contributor CreateItems, FolderVisible
Ref: http://technet.microsoft.com/en-us/library/dd298062(v=exchg.150).aspx
The following roles apply specifically to calendar folders:
AvailabilityOnly View only availability data
LimitedDetails View availability data with subject and location
InheritanceTypes
1.None
Description: This means no inheritance occurs. The properties or permissions are only applied to the entity itself and not passed down to any child entities.
Example: If you set a permission at a folder level with InheritanceType.None, the subfolders and files within that folder won’t inherit those permissions.
2.All (Default value)
Description: This means that all entities, including the entity itself and all of its descendants, inherit the properties or permissions.
Example: If a file directory has permissions set with InheritanceType.All, all files and subfolders within that directory will inherit the same permissions.
3.Children
Description: This means that only the immediate children of the entity inherit the properties or permissions, but not the entity itself or any further descendants.
Example: If a folder has permissions set with InheritanceType.Children, only the files and folders immediately within it will inherit the permissions; subfolders within subfolders will not.
4.Descendants
Description: This means that all entities beneath the current entity (i.e., children and their children, and so on) will inherit the properties or permissions, but not the entity itself.
Example: If a root folder has permissions set with InheritanceType.Descendants, all subfolders and files at any level below the root folder will inherit those permissions, but the root folder itself will not.
5.SelfAndChildren
Description: This means that the entity itself and its immediate children inherit the properties or permissions, but not the deeper descendants.
Example: If a folder has permissions set with InheritanceType.SelfAndChildren, the folder itself and the files/folders immediately within it will inherit the permissions. Subfolders within subfolders will not.
Import Profile Picture
Import-RecipientDataProperty -Identity <USERNAME> -Picture -FileData `
([Byte[]]$(Get-Content -path ".\thumb-USER.jpg" -Encoding Byte -ReadCount 0))AD settings
View entire forest
This is just needed if you have to deal with multiple subdomains/forests
This is an on premise exchange command only!
Set-AdServerSettings -ViewEntireForest $trueForwarding
External Mailbox
Set-Mailbox -Identity user.name@domain.tld `
-DeliverToMailboxAndForward $true `
-ForwardingSMTPAddress "user@gmail.com"Internal Mailbox
Set-Mailbox -Identity user.name@domain.tld `
-DeliverToMailboxAndForward $true `
-ForwardingAddress "other.user@domain.tld"Auto-Reply message
First create the message that should be replied
Get the Mailbox you want to change
Pipe it to Set-MailboxAutoReplyConfiguration command
$message = "<html>
<body>
<br>
Vielen Dank fuer Ihre Email.
Ich bin derzeit leider abwesend und habe keinen Zugriff auf meine Emails.
<br/>
Ihre Email wurde an other.user@domain.tld weitergeleitet,
der mich derzeit vertritt.
<br>
<br>
I'm currently out of office without access to my e-mails.<br/>
Your e-mail has been forwarded to other.user@domain.tld
who will take care of your request.
<br>
<br>
</body>
</html>"
$mb = GetMailbox user.name@domain.tld
$mb | Set-MailboxAutoReplyConfiguration -AutoReplyState enabled `
-ExternalAudience all `
-InternalMessage "$message" `
-ExternalMessage "$message"Disable Auto-Reply message
> $mb = GetMailbox user.name@domain.tld
> $mb | get-MailboxAutoReplyConfiguration # optional
AutoDeclineFutureRequestsWhenOOF : False
AutoReplyState : Enabled
CreateOOFEvent : False
DeclineAllEventsForScheduledOOF : False
DeclineEventsForScheduledOOF : False
EventsToDeleteIDs :
EndTime : <DATE>
ExternalAudience : All
ExternalMessage : <html>
<body>
<br>
[...]
> $mb | Set-MailboxAutoReplyConfiguration -AutoReplyState disabledMailbox Permissions
Get Mailbox Permissions
Get-MailboxPermission -Identity email@domain.de -User "username"
get-mailboxfolderpermission -identity username
Get-MailboxFolderPermission "USER:\Kalender" | Foreach-Object { $_.User.ADRecipient.UserPrincipalName }
Get-MailboxFolderPermission "USER:\Kalender" | Foreach-Object { $_.identity.adrecipient.identity }
# get all mailboxes that a user has permissions to
Get-Mailbox -RecipientType 'UserMailbox' -ResultSize Unlimited | Get-MailboxPermission | where { $_.user.tostring() -eq "DOMAIN\username" -and $_.IsInherited -eq $false }Add FullAccess user to a Mailbox
Add-MailboxPermission -Identity mailbox@domain.de -User DOMAIN\user -AccessRights Fullaccess -InheritanceType AllRemove FullAccess user from a Mailbox
Remove-MailboxPermission -Identity mailbox@domain.de -user DOMAIN\user -AccessRights Fullaccess -inheritance allAdd Send-As Permission
Be aware that ‘Send-As’ is an extended AD Permission
Add-ADPermission -Identity 'CN=Mailboxname,OU=Users,DC=domain,DC=de' -User 'DOMAIN\username' -ExtendedRights 'Send-as'Remove Send-As Permission
Remove-ADPermission -Identity 'CN=Mailboxname,OU=Users,DC=domain,DC=de' -User 'DOMAIN\username' -ExtendedRights 'Send-as'Sent Item Configuration
Even this is not a Mailbox Permission it is listed here, as you most likely change this settings on mailboxes that have Send-As users assigned.
The following command
Set-Mailbox -identity <UPN> [-DomainController <HOSTNAME>] -MessageCopyForSentAsEnabled $true -MessageCopyForSendOnBehalfEnabled $trueMailbox Search
onPrem Exchange only!
For Exchange Online look for *-ComplianceSearch* Cmdlets
Search for messages within a mailbox
The concept behind this is to match messages within a mailbox to a SearchQuery and copy all matched mails to another mailbox while keeping all folder structures intact.
For that matter I created a Folder named ‘SearchResults’ in my personal mailbox as the destination for all matched emails.
Search-Mailbox -Identity <USER-ID> `
-SearchQuery "received>=01/01/2017 AND received<=12/31/2018" `
-targetmailbox "<TARGET-MAILBOX-USER-ID>" -targetfolder "SearchResults"SearchQuery examples:
"Subject:Project Hamilton*" - all messages that start with that subject
"election OR candidate OR vote" - all messages that contain one
of the words in whole message
If the Subject you are searching for contains COLONS,
they need to be masked using back tick:
"Subject:AW`: yadda yadda"To delete the source emails on the source mailbox use
-deletecontentLogging
Message Tracking
get-messagetrackinglog -Sender 'system-mail.it@arifleet.de' `
-Start "6/01/2015 5:00:00 AM" `
-End "6/01/2015 10:30:00 AM" `
-resultsize unlimited | ft -WrapHandy options
-MessageSubject <String>
-Recipients <String[]>
-Start/-End (get-date).AddHours(-1).toString()
-ResultSize UnlimitedSizing
Get Mailbox Size
Get-MailboxDatabase "STG*" | `
Get-MailboxStatistics | sort -property TotalItemSize -desc | `
select DisplayName,ItemCount,TotalItemSize,TotalDeletedItemSize |ft -autoGet Mailbox Database Size
Get-MailboxDatabase -status | select ServerName,Name,DatabaseSize
Get-MailboxDatabase -status "STG*" | Sort -property DatabaseSize -Desc | `
select ServerName,Name,DatabaseSizeMove Mailbox
New-MoveRequest -Identity mailbox@domain.de -TargetDatabase ‘Whatever Database-Name 001’ | ft -AutoSize -WrapMove all Mailboxes which Alias starts with ‘jira’ from ‘Stuttgart Mailbox DB One’ to a new move request
Get-Mailbox -Database "Stuttgart Mailbox DB One" | Where-Object { $_.alias -like "jira*" } | New-MoveRequest -TargetDatabase [...]Options
-BadItemLimit 0
-Suspend
-SuspendComment "Resume after 11:00 p.m. PST"
-SuspendWhenReadyToComplete
-StartAfter <DateTime>
-BatchName "Some Name to identify the Batch-Moves"Get MoveRequest Status
Get-MoveRequestStatistics "BatchName"
Get-MoveRequest | Get-MoveRequestStatistics
Get-MoveRequest | Get-MoveRequestStatistics | select DisplayName,alias,Status,TotalMailboxSize,PercentComplete| ft -autoDAG/Cluster stuff
Check who’s master:
Get-ClusterGroup EU-DAG
Get detailed DAG info:
Get-DatabaseAvailabilityGroup STG-DAG -status | fl
Test replication health (do so on all cluster members):
Test-ReplicationHealth -server EXC02
Get mount status, copy/reply queue, Index state
Get-MailboxDatabaseCopyStatus -server exc01
Check Queues:
get-queue -server stgwpvinfexc02
Move queued messages to other server:
Redirect-Message -Server Mailbox01 -Target Mailbox02
Check service health (do so on all cluster members):
(test whether all the Microsoft Windows services that Exchange requires on a server have started)
Test-servicehealth –server EXC02
Test MapiConnectivity (Note: this will only test if the DB’s are mounted/active copy on the specific server):
Test-MapiConnectivity -server EXC02
Test/view replication:
Get-MailboxdatabaseCopystatus -server EXC02
Failover Cluster:
Get-ClusterNode EXC03 | Get-ClusterGroup | Move-ClusterGroup This will failover the 2 node cluster to the other node EXC01
Get-ClusterNode EXC03 | Get-ClusterGroup | Move-ClusterGroup -node EXC01
Move Databases:
This example performs a switchover of the database DB3 to the Mailbox server MBX4. When the command completes, MBX4 hosts the active copy of DB3. Because the MountDialOverride parameter isn’t specified, MBX4 mounts the database using a database auto mount dial setting of Lossless.
Move-ActiveMailboxDatabase DB3 -ActivateOnServer MBX4Same as above, but moves all databases starting with ‘STG-*’ to MBX04
Get-MailboxDatabase stg-* | Move-ActiveMailboxDatabase -ActivateOnServer MBX4This example performs a switchover of the database DB1 to the Mailbox server MBX3. When the command completes, MBX3 hosts the active copy of DB1. Because the MountDialOverride parameter is specified with a value of Good Availability, MBX3 mounts the database using a database auto mount dial setting of GoodAvailability.
Move-ActiveMailboxDatabase DB1 -ActivateOnServer MBX3 -MountDialOverride:GoodAvailability