41 C
Dubai
Wednesday, April 30, 2025
Home Blog Page 106

How to install ADMT 3.2 in Windows Server 2008 R2

Satheshwaran Manoharan
-
17

Download Active Directory Migration Tool version 3.2

image

Type the Default Instance if you have a SQL Server ,I have the SQL server on DC itself , So I have typed

.\SQLEXPRESS

If you are not aware of SQLEXPRESS , Have the Explained the Steps below to configure it

Only SQLEXPRESS 2005 will work properly if you are planning to Install on DC itself

People who are aware of SQL , Please skip the SQL setup

image

If you don’t have a SQL Server , You can Download

Microsoft SQL Server 2005 Express Edition Service Pack 3

Accept

image

Next

image

Next

image

Next

image

Next

image

Next

image

Install

image

Finish

image

Choose No

image

Then Close

Great !

Now SQL is configured

 

Start  – Administrative Tools –> Active Directory Migration Tool

image

Now ADMT is Ready to Migrate Users

 

Creating a new Active Directory Site Might make your Exchange 2010 stop working

Satheshwaran Manoharan
-
1

imageIf you have Exchange 2010 in your Site , If you create a new Active Directory site , your Exchange may stop working ,

We will see why ?

Having only the Default-First-Site-Name, You would have not Define the subnet for your site,

If you have only one site , Which is the default website then All the subnet will look into your Default Active Directory site (Default-First-Site-Name)

But if you create a new site then your Exchange won’t know which site to look into , because of the not defined subnets

and Your services may stop and Restarting the server might struck in  “Applying computer settings”

To avoid this situation,Before your Create a new Active Directory site

Define the Subnet for your your Default Active Directory site (Default-First-Site-Name)

image

Now you can type the specific subnet

imageNow your Subnet is defined to your  Default Active Directory site

image

Great !!

Now you can overcome some downtime !!

 

Bulk – Export Mailboxes to PST in Exchange 2010

Satheshwaran Manoharan
-
26

Its easy to Export a Mailbox to PST using Mailbox Export Request in Exchange 2010

Lets see on how to Export 1 single mailbox to PST in Exchange 2010

To Acquire RBAC Permission

Add “Mailbox Import Export” RoleAssignment to the Admin ,

New-Managementroleassignment –Role "Mailbox Import Export" –User "Administrator"

Now Create a Folder , Share it

image

Now Run 

New-MailboxExportRequest –Mailbox "MailboxName" -FilePath \\ServerName\PST\MailboxName.pst

How to Export All the Mailboxes to PST

Step 1:

Open Exchange Management Shell

$Export = Get-Mailbox

(Saving to a Variable)

Step 2:

$Export|%{$_|New-MailboxExportRequest -FilePath "\\ServerName\pst\$($_.alias).pst"}

image

How to Export All the Mailboxes using a Specified date

Step 1:

Open Exchange Management Shell

$Export = Get-Mailbox

(Saving to a Variable)

Step 2:

Specifying lesser than (lt) 01-01-2012

$Export|%{$_|New-MailboxExportRequest -ContentFilter {(Received -lt "01/01-2012")} -FilePath "\\ServerName\pst\$($_.alias).pst"}

How to Export All the Mailboxes with Specific folders

Step 1:

Open Exchange Management Shell

$Export = Get-Mailbox

(Saving to a Variable)

Step 2:

Specifying folders Inbox and Sent Items

$Export|%{$_|New-MailboxExportRequest -InclueFolders "#Sentitems#,"#inbox#" -FilePath \\ServerName\pst\$($_.alias).pst}

Will look forward to add more Criteria’s in the future

 

How to Customize RBAC Permissions for “HelpDesk” in Exchange 2010

Satheshwaran Manoharan
-
7

Role Based Access Control is an Amazing feature in Exchange 2010 , where we can provide a set of permissions to a User and we can customize it widely

Am not going to Explain deep in RBAC , but we can learn how to customize the default role groups

My Default there are 11 Role Groups

image

One of an Best Example is assigning permission to use Discovery Search

https://www.azure365pro.com/deleting-a-specific-email-from-entire-organization-in-exchange-2010-2/

By Default, Administrator is a member of Organization Management , where he gets all the permission .

But if we want to Remove some permission for Helpdesk Admins to do some task , We can customize it.

First Initially , We have to decide what all the permission we got to provide to the Help Desk admin

And what all permission permission we got to remove for the HelpDesk admin

Get-Managementrole will list all the Roles available

image

Lets say Help Desk Engineer Can Create Distribution Groups , Can Create Mailboxes ,Distribution Groups, They Can manage them

But they should not have permissions to remove them or Disable them

Go through the Management Roles listed , We can Find Mail Recipient Creation , Distribution Groups , Mail Recipients Role ,

To Know the ability of a role,  you Can run

Get-ManagementRole "Mail Recipient Creation" | fl Description 
Get-ManagementRole "Distribution Groups" | fl Description 
Get-ManagementRole "Mail Recipients" | fl Description 

image

image

Where We can assign these Management Roles to a Custom Role Group and assign to a Help Desk Engineer , But the problem is they will have the ability to Remove Mailboxes , Remove Distribution Groups as well

So we got to remove those abilities for them ,befor assigning to them

Now we have to find what alll Role Entries (Commands) we have to remove from them , To find what all the commands inside the Management role

You can run

Get-ManagementRoleEntry "Mail Recipient creation\*" | FT -Autosize 
Get-ManagementRoleEntry "Distribution Groups\*" | FT -Autosize 
Get-ManagementRoleEntry "Mail Recipients\*" | FT -Autosize 

image

So i Dont want to Touch the Default Roles , and which is not Recommended too

So first will Create a Copy of the roles and Remove the Commands from the the copy which i have created

New-ManagementRole -Parent "Mail Recipients" -Name "Copy of Mail Recipients"
New-ManagementRole -Parent "Mail Recipient Creation" -Name "Copy of Mail Recipient Creation"
New-ManagementRole -Parent "Distribution Groups" -Name "Copy of Distribution Groups"

Now I have a Copy of it Created

image

Going through the Commands , I found some Potentially risky commands like “Remove-Mailbox , Remove –Distribution Group” where we got to remove from them

Get-ManagementRoleEntry "Copy of Mail Recipient creation\*" | FT -Autosize 
Get-ManagementRoleEntry "Copy of Distribution Groups\*" | FT -Autosize 
Get-ManagementRoleEntry "Copy of Mail Recipients\*" | FT –Autosize 

Removing Commands from the Copy of the Roles which we created

Removing Potential Commands from — Copy of Mail Recipient Creation

Remove-ManagementRoleEntry "Copy of Mail Recipient Creation\Remove-Mailbox" –Confirm:$false 
Remove-ManagementRoleEntry "Copy of Mail Recipient Creation\Remove-MailUser" –Confirm:$false 
Remove-ManagementRoleEntry "Copy of Mail Recipient Creation\Remove-MailContact" –Confirm:$false 

image

image

Removing Potential Commands from — Copy of Mail Recipients

Remove-ManagementRoleEntry "Copy of Mail Recipients\disable-Mailbox" –Confirm:$false 
Remove-ManagementRoleEntry "Copy of Mail Recipients\disable-MailUser" –Confirm:$false 
Remove-ManagementRoleEntry "Copy of Mail Recipients\disable-MailContact" –Confirm:$false 

image

Removing Potential Commands from — Copy of Distribution Groups

Remove-ManagementRoleEntry "Copy of Distribution Groups\Remove-Distributiongroup" –Confirm:$false 
Remove-ManagementRoleEntry "Copy of Distribution Groups\disable-Distributiongroup" –Confirm:$false 

image

Now we are creating a Custom Role Group

New-RoleGroup -Name "Role Group for Help Desk" –Roles “Copy of Mail Recipients","Copy of Mail Recipient Creation","Copy of Distribution Groups" 

image

Now am Adding a Member(Help Desk Engr)  to the Role Group

Add-RoleGroupMember "Role Group for Help Desk" -Member Helpdesk 

image

Refer the below link to add users it bulk :

http://technet.microsoft.com/en-us/library/dd638207

Now Logging into the Server as “Helpdesk”

Making sure is a Domain Admin as well , So log into the server

image

Now you can See Console Looks Different for them

image

Now you can see – Disable and Remove option disappeared

image

Great !! Role Bases Access Control is ready for the Help Desk

 

How to Recreate Corrupted Microsoft Security Groups in Exchange 2010

Satheshwaran Manoharan
-
27

Some Times Reinstalling Exchange 2010 Corrupts the Security Groups or It will Duplicate the Security Groups.

Creating Console Permission issues or Role may not load properly or User Might get Access Denied Error.

We will learn how to cleanup and recreate Microsoft Exchange Security Groups as a last option.

We will delete all the Security Groups in the Microsoft Exchange Security Groups Container.

image

image

Now Running Setup.com /preparead won’t allow you to recreate it as OtherWellKnownObjects attribute on the Microsoft Exchange Container  will be pointing to Deleted Objects , It has to be Removed

image

It cannot be Removed via Adsiedit

And we got to Use LDP to Clear the attribute

Those who are new to  LDP, Am not able to edit the OtherWellKnownObjects in Adsiedit as Shown Below . So am Using LDP

image

Start –> Run –> LDP

Click Connection – Connect –

image

Click Ok if you running on the Server itself

image

View –> Tree

image

Choose –> Configuration Container

image

Now You won’t be Expand it . Unless you Bind it

Connection –> Bind

image

Double Click on Configuration –> To Expand

Scroll down to Microsoft Exchange Container –> Right Click –> Modify

image

Now we got to Edit OtherWellKnownObject attribute

Attribute – > OtherWellKnownObject

Values –>

Choose Replace

Click On Enter

image

Now Empty Value has been Added –

Click Run

image

Now you could see Other Well known Objects have been Cleared

image

Now Setup.com /preparead is successful

image

Now Security Groups are back

image

Now Console and Exchange Management Shell may not open

Or It may show Partial information.

Because the Role Base Access Control Information is lost as Security Groups have been deleted and Recreated

Showing Partial Information –

image

Or Role May not Load Properly

image

To get the Roles Installed Back for the Users

Add-PSSnapin *Setup 

image

Install-CannedRbacRoleAssignments –InvocationMode Install 

image

Now Exchange Management Console and Exchange Management Shell is back online

image

Now Still you might not be able to Create or Remove are Edit anything in the EMC or EMS

you will get an Error

Active Directory operation failed on DC.CareExchange.in . This error is not retriable. Additional information: Access is denied. Active directory response: 00000005: SecErr: DSID-03151E04, problem 4003 (INSUFF_ACCESS_RIGHTS)

Because the group memberships might have been removed

Add the Exchange Server Computer Account in Exchange Servers Group & Exchange Trusted Subsystem Group

Now you got to reboot the Exchange Server after adding it , To update Group memberships

image image

 

How to Create Managed Custom Folder in Exchange 2010

Satheshwaran Manoharan
-
2

Good to know ** MRM 1.0 is Used in Exchange 2003 & Exchange 2007

MRM 2.0 is Introduced in Exchange 2010 ,

As MRM 2.0 is lacking in some important features . MRM 1.0 can be still used in Exchange 2010 , But not via GUI , Using Power shell we can Create and Manage MRM 1.0

Today we will learn how to create a Managed Custom Folder in Exchange 2010

As MRM 2.0 doesn’t has that feature of creating Managed Custom Folders , we will use MRM 1.0

Note * Only Users have a Enterprise Client Access License will be able to view Managed Custom Folder in OWA and Outlook

* Managed Custom Folders cannot be deleted by the Client

For Example we will create a Managed Custom Folder where Items inside that will be archived which is older than 30 days

First we will create a Managed Custom Folder –

New-ManagedFolder -Name "Custom Retention Folder - 30 days" -FolderName "Custom Retention – 30 days"

image

Now we got to Find the GUID VALUE to apply Content Settings for the Folder :

Get-ManagedFolder "Custom Retention Folder - 30 days"  | fl Name,Guid 

Name : “Custom Retention Folder – 30 days”

Guid : fb30f2df-b9a7-45fa-9b9e-bae6e18d244c

image

Creating MANAGED CONTENT SETTINGS for the custom Folder using GUID :

New-ManagedContentSettings "Custom Retention Folder - 30 days" -AgeLimitForRetention 30.00:00:00 -MessageClass * -RetentionEnabled $true -RetentionAction DeleteAndAllowRecovery -FolderName 'fb30f2df-b9a7-45fa-9b9e-bae6e18d244c' 

 

image

Creating MANAGED FOLDER MAILBOX POLICY : (Where this policy can be applied for Users)

New-ManagedFolderMailboxPolicy -Name "Retention Policy for Managed Custom Folder" –ManagedFolderLinks "Custom Retention Folder - 30 days" 

image

APPLY THE POLICY TO MAILBOXES:

Get-Mailbox "UserAlias" | Set-Mailbox -ManagedFolderMailboxPolicy "Retention Policy for Managed Custom Folder"

image

Now To Force the Managed Folder Assistant to run Instantly

Start-ManagedFolderAssistant "UserAlias"

image

Now you can See the Managed Custom Folder in Outlook Web Access And Outlook for the user CEO

image

Now in order to Run it Automatically We got to Schedule the Managed Folder Assistant to run on the Mailbox Server

Set-MailboxServer –Identity "ServerName" -ManagedFolderAssistantSchedule "Monday.11:00 PM-Tuesday.07:00 AM","Tuesday.11:00 PM-Wednesday.07:00 AM","Wednesday.11:00 PM-Thursday.07:00 AM","Thursday.11:00 PM-Friday.07:00 AM","Friday.11:00 PM-Saturday.07:00 AM" 

image

Good to know —

you have 2 more important parameters

The ManagedFolderWorkCycle parameter specifies the time span in which all mailboxes on the specified server will be processed by the Managed Folder Assistant. The Managed Folder Assistant applies retention policies according to theManagedFolderWorkCycleCheckpoint interval

The ManagedFolderWorkCycleCheckpoint parameter specifies the time span at which to refresh the list of mailboxes so that new mailboxes that have been created or moved will be part of the work queue. Also, as mailboxes are prioritized, existing mailboxes that haven’t been successfully processed for a long time will be placed higher in the queue and will have a greater chance of being processed again in the same work cycle.

To Customize the above Parameters –

Set-MailboxServer -Identity Exchange2010 -ManagedFolderWorkCycleCheckpoint 1.00:00:00 -ManagedFolderWorkCycle 1.00:00:00

Great !! now Items which are older than 30 days in the Managed Custom Folder will be deleted Automatically

 

1...105106107...113Page 106 of 113

EDITOR PICKS

POPULAR POSTS

POPULAR CATEGORY

ABOUT ME

Satheshwaran Manoharan - Microsoft MVP - Award-winning Technology Leader with a wealth of experience running large teams and diversified industry exposure in cloud computing. From shipping lines to rolling stocks.In-depth expertise in driving cloud adoption strategies and modernizing systems to cloud native. Specialized in Microsoft Cloud, DevOps, and Microsoft 365 Stack and conducted numerous successful projects worldwide. Also, Acting as a Technical Advisor for various start-ups.

Contact : Info@Azure365Pro.com

FOLLOW US

© Azure365Pro.com

× How can I help you?