Go Postal – Exchange Report Manager plugin for LabTech

 

gopostal-logo

 

Go Postal Microsoft Exchange Report Manager

 

 

 

 

Go Postal is a Microsoft Exchange 2007, 2010 and 2013 reporting plugin for LabTech that uses Powershell to generate reports on each Exchange server being managed by the LabTech RMM platform. The plugin searches all systems for Exchange server software and if it finds a compatible system it adds it to the list of Exchange servers. By selecting an Exchange server you can request the report from that Exchange server in real time and it will retrieve that report directly from the exchange server.

 

 

mainview

 

Plugin can be viewed on the Dashboard -> Config -> Integration -> Going Postal

or

Selecting the View Menu from the main menu bar and selecting Go Postal.

 

What you will get when running the script, is an overall overview about:

1. Exchange Servers in your organization
[Break down by AD Site]
[Info about External and Internal Web services names]
[Mailbox Count per AD Site]
• O.S version
• O.S Service Pack level.
• Exchange Service health.
• Up time in days.
• Exchange Version.
• Exchange Service Level.
• Exchange Rollup Update Information.
• Exchange Role(s).
• Number of mailboxes in case of MBX role.

2. Database Full Inventory
[Break down by DAG]
[Separate Table for Recovery DBs]
[Separate Table for Non DAG DBs]
[Table per DAG]
• DB Name.
• Server Location.
• Mailbox Count.
• Average Mailbox Size.
• Archive Mailbox Count.
• Average Archive Mailbox Size.
• Mount Status.
• DB Size.
• Storage Group Name (Pre E2010).
• White Space.
• Circular Logging.
• DB Disk Free Percentage.
• Log Disk Free Percentage.
• Last Full Backup Date.
• Backed up Since (Days) – with customized thresholds.
• Quota Info: Prohibit Send.
• Quota Info: Prohibit Send and Receive.
• DB Activation Preference Check [Is it mounted on the preferred Server?].
• DB Copy Location and Activation Preference assignment.

3. Mailbox Type Aggregated Data:
• User Mailbox Count.
• Shared Mailbox Count.
• Room Mailbox Count.
• Discovery Mailbox Count.

4. Exchange Server Aggregated Data
• Total Number of Exchange Servers break down by
i. Version.
ii. Role.

5. Mailbox Aggregated Data
[Overall Statistics for the Organization]
• Total Mailbox Count.
• Total databases Size
• Total Archive Count.
• Total Archive Size.
• Average Archive Size.

 

 

Version 1.0.2 Available

download 

 

 

If your import of the scripts fails to create the PowerShell script in your L:\transfer\Scripts folder then you can download that script here

Get Powershell script

 

 

Copy members from one Distribution Group to another Distribution Group in PowerShell

As an Exchange and Active Directory administrator you may be asked at some point to make a new distribution group from one or more other distribution groups. Exchange 2010 and PowerShell make this a very easy task. So to get started log in to your exchange server and open your Exchange Management Console.

 

exchangeManagementshell

 

Now we need to create the new distribution group by running the following command. Replace (GroupX) with the name of the group you want to create, replace the OrganizationalUnit with the location you want the group to show up in under Active Directory and change the SAM account name to your group name.

New-DistributionGroup -Name “GroupX” -OrganizationalUnit  “cornetser.com/Users”  -SamAccountName  “GroupX” -Type “Distribution”

 

createNewgroup createNewgroup

 

Next lets list out our existing Distribution Group to see who we will be coping to the new group.

Get-DistributionGroupMember “Florida”

 

 

list-group-members

 

Now we need to add the Distribution Group Members from “Florida” distribution group to the new GroupX distribution group.

Get-DistributionGroupMember “Florida” | Get-Mailbox | Add-DistributionGroupMember “GroupX”

copyGroupMemberstoNewGroup

To add more groups to the GroupX distribution groups rerun the same command as above with new group name to copy from in the “Get-DistributionGroupMember” section. Any duplicate members will error out as a duplicate and will be skipped as the list is copied so you will have a nice clean list once completed.

 

 

Enjoy,

Cubert  8)

 

 

 

 

 

 

 

[Solved] Event ID’s 5015 & 5016 Microsoft Exchange 2010 cannot find a route to the source transport server or home MTA server

We were getting the following error after a migration to Exchange 2010 from 2003 which indicated that Exchange was still looking for the old server.

Event: Microsoft Exchange cannot find a route to the source transport server or home MTA server

The problem is during the migration the old server didn’t get pulled from Active Directory correctly so there were still settings that caused Exchange to believe that there was another MTA available.

 

To resolve we opened up ADSI Edit on the AD server and navigated to the following container:

[Configuration][CN=Configuration,DC=xxx,DC=local][CN=Services][CN=Microsoft Exchange][CN=MyDomainName][CN=Connections]

Inside this container you may find  entries that reference your old server. Just delete them and you should be good.

 

ADSI-Exchange

[Solved] – MS EXCHANGE 550 5.7.1 Client does not have permissions to send as this sender

 5.7.1 Client does not have permissions to send as this sender

This is what your Microsoft Exchange 2007 and or 2010 server may report when you try to send email through the Exchange server when permissions have been fouled up. The First this to check on is the “Manage Send As Permissions” under the user mailbox properties in the Exchange Management Console. Access the Exchange management console and select the user that is having the issue. Right Click, go to the send as permissions option.. now check that User NT AUTHORITY\SELF is listed.

Edit Send As Permissions
Exchange 2007

 

If it is not listed here then you need to add it in. This allows the authenticated user to send as their “Self”. Now retest your connection an try send a piece of mail.

 

 

Good Luck,

Cubert 😎

[Solved] IPhone passes Exchange 2010 setup but then gets ‘Cannot Get Mail. The connection to the server failed’

So your IPhone is not getting Exchange email after setting up your account and it verifying the account during the setup?

Here is what may be going on.

The ‘Cannot Get Mail.  The connection to the server failed’ error may be the cause of a simple mis-configuration in the Microsoft Active Directory services for that user. To see if it is this issue you will need to open the Active Directory Users and Computers, Select the VIEW menu from the top and click on “Advanced Features”. Now open the properties on the user having the issue and select the “Security” tab. Under this tab will be windows with user accounts listed and a “Advanced button” at the bottom. Select this button and find the check box “Include Inheritable permissions from this object’s parent” . If this is the problem you will find the box “unchecked”. Just check the box and try again. You should see mail start to flow.

 

 

Enjoy

Cubert

😎 BigMACDaddy 😎

 

App Assure – Replay Core Mountability check for ‘Mailbox Database’ failed: Exchange database engine error: Error closing database

App Asure Replay CoreWith App Assure you may get the following errors after a new install of a Replay Core server and an the agent running on a Exchange 2010 server database.

Error

Thread: 2520

Logger: DsmRpChecker

Context:

Source Location: DsmRecoveryPointChecker.cpp:341

Details:

Mountability check for ‘Mailbox Database 0401075076’ failed: Exchange database engine error: Error closing database

and/or

Error

Thread: 2520

Logger: DsmRpChecker

Context:

Source Location: DsmRecoveryPointChecker.cpp:341

Details:

Mountability check for ‘Mailbox Database 0401075076’ failed: Exchange database engine error: Unable to initialize JET session. See log for details.

 

There is a known issue with Exchange 2010 running on SP1 with RollUps where this problem is experienced.

Please apply the below registry fix to the Replay Core server, and capture a new recovery point (snapshot) from the protected server to resolve the issue. Furthermore, after deployment of this fix you can go back and check the past recovery points that failed and “Force Recovery Point Check” to confirm they are good as well and get the green check symbol assigned to them.

Modify the registry on the Replay Core at the following location and assigned the specified value below:

Navigate to the location: HKEY_LOCAL_MACHINE\SOFTWARE\AppAssure\ReplayDSM\EseConfig

Modify value for “ForceDeleteUnicodeIndex” (type REG_DWORD) and assign a value of 2.

 

I hope this helps some one out there..

Enjoy 😎

Cubert

How-to Create a SMTP Relay Connector for Microsoft Exchange Server 2010 using PowerShell

Create new connector and assign relay permissions.

Pretty simple really,

Open your exchange power shell and enter the following cmds to create and set permissions on your new connector. Use the New-ReceiveConnectorcmdlet to create the Receive connector Anonymous Relay that listens on local IP addresses.

New-ReceiveConnector -Name “Anonymous Relay” -Usage Custom -PermissionGroups AnonymousUsers -Bindings 192.168.1.5:25 -RemoteIpRanges 192.168.1.1-192.168.1.255

 

Now we must use the Exchange Shell to grant relay permission to anonymous connections on the new Receive connector.  The next cmd-let retrieves the specified Receive connector information and pipes the result to the Add-ADPermissioncmdlet to grant relay permission to anonymous connections on the new Receive connector.

Get-ReceiveConnector “Anonymous Relay” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “Ms-Exch-SMTP-Accept-Any-Recipient”

You can open up a telnet session to the IP of your exchange server and test the mail flow. This will confirm that your relay is up and running.

 

The first thing to do is to open a connection from your computer to your mail server.
telnet 192.168.1.5 25
You should receive a reply like:
Trying ???.???.???.???…
Connected to 192.168.1.5
Escape character is ‘^]’.
220 mail.domain.ext Microsoft Exchange Server XXX.YYY.xxx.yyy

You will then need to delcare where you are sending the email from:
HELO local.domain.name – dont worry too much about your local domain name.

This should give you:
250 192.168.1.5 Hello local.domain.name [Your IP address],

Now give your email address:
MAIL FROM:< mail@domain.com >

Should yeild:
250 2.1.0 mail@domain.com... Sender ok

Now give the recipients address:
RCPT TO:< mail@otherdomain.com >

Should yeild:
250 2.1.0 mail@otherdomain.com... Recipient ok

To start composing the message issue the command DATA

If you want a subject for your email type

Subject: type your subject here
You may now proceed to type the body of your message.

To tell the mail server that you have completed the message enter a single “.” on a line on it’s own.
The mail server should reply with: 250 2.0.0 ???????? Message accepted for delivery

You can close the connection by issuing the QUIT command.
The mailserver should reply with something like:

221 2.0.0 mail.domain.com closing connection Connection closed by foreign host.

Enjoy,

Cubert

Increasing MS Exchange 2010 message size limits

There’s a few places you must go to change this and that is in global settings under Organization Configurations as well as the HUB Transport connectors under Server Configuration.

To modify the global settings go to the following menu areas inside you Exchange Management Console. 

Organization Configuration->Hub Transport->Global Settings tab->Properties of Transport Settings

 

Here you can adjust your transport send/receive limits by editing the properties.

Then you must modify the connectors found inside the Send Connectors tab 

Organization Configuration->Hub Transport->Send Connectors tab->Properties of Default Send

 

Then you can adjust your send connectors default maximum message size under Server Configuration 

Receive Connector Server Configuration->Hub Transport->Receive Connectors Pane->Properties of Default

Here you can adjust your receive connectors default maximum message sizes. After the settings have been changed you will want to either restart your server or reload all exchange services (which ever is easier for you).

How-to: Exchange 2010 Using GoDaddy UCC Certificates For Multiple Sub Domains

When using GoDaddy UCC certificate with Exchange 2010 there are some termoil on how best to do it. Here is my quick how to on using the UCC Certificates with Exchange 2010.

You shoul edit the powershell command below to reflect your domain name and sub names. Remove all Squidworks.net from the command and insert your domain and sub domain names.

Set-Content -path “c:\temp\squidworks_net.csr” -Value (New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName “c=us, s=Florida, l=Melbourne, o=Squidworks, ou=IT, cn=squidworks.net” -DomainName mail.squidworks.net, autodiscover.squidworks.net, mail -PrivateKeyExportable $True)

Now we need to run the command in the Exchange Management Shell:

  1. Login to your Exchange 2010 server
  2. Click Start > Programs > Microsoft Exchange Server 2010 > Exchange Management Shell
  3. Paste the New-ExchangeCertificate command into the Exchange Management Shell and press Enter
  4. Your CSR file will appear in c:\temp.

    You can copy that text by opening this file with notepad, and then highlighting the entire body of text, including the Begin and End Certificate Request tags then pasting the text in the CSR area inside of GoDaddy’s Cert request process.

Once Godaddy issues the new cert we will need to import that back in to Exchange.  To Import the file you will need to copy the crt file from GoDaddy to your Exchange server then run the following command in the Exchange Power Shell.

Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\temp\squidworks.net.crt -Encoding byte -ReadCount 0)) | Enable-ExchangeCertificate -Services “IIS”

In this command we are registering it for the IIS services, afterwards we will go in and modify it replacing the current cert with this one. To do this we open the Exchange Console selecting Server Configuration. In this view we should see the new certification in the “Exchange Certification Tab”. Select this new cert and in the far right panel select “Assign Services to Certificate” Then follow the wizard and select the IMAP,POP and SMTP services. I should ask you once you select finish if you want to replace cert 1 with cert 2. Look at the dates and make sure it is the correct expire date.

Afterwards pull up your exchange server using SSL (https://) and see if your new GoDaddy Cert is being used.

Your all done..

Enjoy

Cubert

How-to Allow End Users To Manage Exchange 2010 (SP1) Distribution Groups

Distribution Groups in Exchange 2010 are managed from the OWA or what it’s now know as Outlook Web App. Owners of a distribution list can manage there own distribution list if you have correctly set the feature RBAC (Role Based Access Control)in Exchange 2010.  As you can guess Microsoft Exchange Server 2010 now comes with the new RBAC (Role Based Access Control) permissions model. This new permissions model allows you to define both a broad, as well as a more granular assignment of permissions.

While you can perform granular assignments in Exchange 2010, there are also Predefined Role Groups that you can use if you want an easier way of assigning permissions to end users. Below I will walk you through a very quick and easy way to provide end users the ability to modify distribution groups.

First we will need to create a new custom role based on the default ‘MyDistributionGroups’ Role. To do this we will use the Exchange Management Shell in Exchange 2010 aka Powershell with Exchange Modules.

Open up the Exchange Shell and copy and paste the following:

New-ManagementRole -Name MyUsersDistributionGroups -Parent MyDistributionGroups –Description “This role enables individual users to view distribution groups and add or remove members to distribution groups they own.”

The above cmd  made a new role based on MyDistributionGroups, we need to make change to this new role because we don’t want all the same settings as MyDistributionGroups.

Next we need to modify the new role.

Remove-ManagementRoleEntry MyUsersDistributionGroups\Set-Group -Confirm:$false
Remove-ManagementRoleEntry MyUsersDistributionGroups\Remove-DistributionGroup -Confirm:$false
Remove-ManagementRoleEntry MyUsersDistributionGroups\New-DistributionGroup -Confirm:$false

Then we set the DistributionGroup parameters:

set-ManagementRoleEntry MyUsersDistributionGroups\Set-DistributionGroup -parameter Confirm ,ErrorAction ,ErrorVariable ,Identity ,MailTip ,MailTipTranslations , OutBuffer ,OutVariable ,WarningAction ,WarningVariable ,WhatIf

Then finally we need to apply this role to our users. For all people to get these setting you must add the new role to the existing “Default Role Assignment Policy” which is applied to every one.

New-ManagementRoleAssignment -Role MyUsersDistributionGroups -Policy “Default Role Assignment Policy”

Once that’s done you must add the user who will manage group to the distribution list so the user can modify the members of the Distribution Group. This is done inside the Exchange Management Console under recipients / Distribution Groups.  Find the Group you want to allow the user to manage and place them in the “Managed By” box under the Group Information Tab.

 

That’s It!!!  Now we let the user login to the Outlook Web App and make  modifications to the distribution groups the now own. To make edits they should login and select the options menu then select all options. It will display a menu that will provide access to Groups. Select groups and you should see 2 lists, The 1st list is all groups your a member of and the 2nd list is all groups you own or manage. Double click the group name to manage that group and its memberships.

 

 

I hope this helps someone else get group management working after a upgrade from Exchange 2007, and in less time than it took me.

Enjoy

Cubert