Exchange Stuff

Published 08-25-2017 18:24:55

Get a list of addresses, export to c:\smtp.csv

Get-Mailbox -ResultSize Unlimited |Select-Object DisplayName,ServerName,PrimarySmtpAddress,@{Name="EmailAddresses";Expression={$_.EmailAddresses |Where-Object {$_.PrefixString -ceq "smtp"} | ForEach-Object {$_.SmtpAddress}}} | Export-CSV c:\smtp.csv -NoTypeInformation

Whitelist a domain or address

To check whats currently whitelisted

Get-ContentFilterConfig

To whitelist an address

$list = (Get-ContentFilterConfig).BypassedSenders
$list.add("new.mail@address.com")
Set-ContentFilterConfig -BypassedSenders $list

To whitelist a domain

$list = (Get-ContentFilterConfig).BypassedSenderDomains
$list.add("domain.com")
Set-ContentFilterConfig -BypassedSenderDomains $list

Permissions to Import or Export Mailbox Data in Exchange 2010

In Exchange 2010 none of the preloaded role groups have the Mailbox Import Export role, The person performing the import or export must have the appropriate permissions within Exchange. The easiest way to grant this permission is by adding Mailbox Import Export role to a role group.

To create the role group we need to run the following:

New-RoleGroup "Mailbox Import-Export Management" -Roles "Mailbox Import Export"

This will create a group called ??Mailbox Import-Export Management??, every user added to this group will have the right to run the import/export cmdlets, adding a user can be done by running the following:

Add-RoleGroupMember "Mailbox Import-Export Management" -Member <user account>

If you try to run the cmdlets and you don’t have the correct permissions, you’ll receive an error stating that the cmdlet doesn’t exist. And by the way, you’ll need to restart the Exchange Management Shell after you add the Mailbox Import Export role to the role group.

Client Access Hostname Configuration”

Client Access URLs

The client access URLs are what autodiscover gives to the clients, and also what is sent to the client web browser when access is made through the wrong server. These can be changed through ECP. However some changes have to be made through Power Shell, these are outlined below.

On servers where you have a single server holding all of the roles, set both the internal and external name to the external SSL certificate name - so replace host.domain.local with mail.example.net. Do take care to leave the rest of the URL as per the defaults.

Autodiscover URL

If you are using a single server or all servers are in the same AD site, then the following commands can be used:

Get-ClientAccessServer | Set-ClientAccessServer -AutodiscoverServiceInternalUri https://mail.example.net/autodiscover autodiscover.xml

However if you are using multiple servers in multiple AD sites, then you need to set the commands as per the box below, replacing “CAS-Server” with the real name of the server that holds the CAS role.

Set-ClientAccessServer -Identity "CAS-Server" -AutodiscoverServiceInternalUri https://mail.example.net/autodiscover/autodiscover.xml

Web Services URL

As with Autodiscover, if you are using a single server then the following commands can be used:

Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -InternalUrl https://mail.example.net/ews/exchange.asmx -ExternalUrl https://mail.example.net/ews/exchange.asmx

However if you are using multiple servers, then you need to set the commands as per the box below, replacing “CAS-Server” with the real name of the server that holds the CAS role.

Set-WebServicesVirtualDirectory -Identity "CAS-Server\EWS (Default Web Site)" -InternalUrl https://mail.example.net ews/exchange.asmx -ExternalUrl https://mail.example.net/ews/exchange.asmx

MAPI Virtual Directory URL

The MAPI virtual directory is used by the new client access protocol MAPI over HTTPS. As before if you are using a single server then the following commands can be used:

Get-MAPIVirtualDirectory | Set-WebServicesVirtualDirectory -InternalUrl https://mail.example.net/mapi/ -ExternalUrl https://mail.example.net/mapi/

However if you are using multiple servers, then you need to set the commands as per the box below, replacing “CAS-Server” with the real name of the server that holds the CAS role.

Set-MAPIVirtualDirectory -Identity "CAS-Server\MAPI (Default Web Site)" -InternalUrl https://mail.example.net/mapi/ -ExternalUrl https://mail.example.net/mapi/

Outlook Anywhere URL

Right click on the Client Access Server and choose Properties. Click on the tab Outlook Anywhere and adjust the URL to match the external name on the SSL certificate.

Cycle the Exchange Services.

After making the changes, cycle the Exchange services to ensure that the changes are live.

To test the configuration, use Outlook 2007 or higher on a workstation.

  • Start Outlook and wait for it to connect
  • Then hold down CTRL and right click on the Outlook icon in the system tray
  • Choose Test Email AutoConfiguration
  • Select the option to test the configuration

Should you have everything configured correctly, then all of the URLs should appear as your external certificate name and you do not get any certificate prompts.

MSSTD URL

If the URL for Outlook Anywhere under MSSTD is not correct, then you may have to set that manually. To do that, use the following command in EMS:

Set-OutlookProvider expr -CertPrincipalName:"msstd:mail.example.net"

Create a Local Autodiscover.xml File

If your company doesn’t publish autodiscover in DNS, you can try creating an XML file. Paste this into notepad and save as autodiscover.xml. Don’t forget to change the domain in redirecturl. A sample file is here.

<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response
xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
    <Account>
      <AccountType>email</AccountType>
      <Action>redirectUrl</Action>
      <RedirectUrl>https://autodiscover.domain.com/autodiscover/autodiscover.xml</RedirectUrl>
    </Account>
  </Response>
</Autodiscover>

Next, edit the registry to add an autodiscover reference:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AutoDiscover
	REG_SZ: domain.com
	Value: C:\path\to\autodiscover.xml

Now try adding your account to your Outlook profile using Auto Account Setup, entering your name, email address and password. If the Exchange server is properly configured, your account will be configured in Outlook automatically. Note: you’ll get a redirect warning and may need to supply your username and password twice.

If the Exchange server is not properly configured, you’ll need to create an autodiscover.xml containing all of your account information. If you have access to a computer with Outlook 2013 or older, you may be able to use the autodiscover file it used.

Type or paste %localappdata%\microsoft\outlook in the address bar of Windows Explorer to open Explorer to the folder where the autodiscover file is stored. It will be named something like this: 9a2b291a2545a44e9fa74ac13aad98c2 - Autodiscover.xml. Copy it the folder you entered in the registry, delete the previously created autodiscover file and rename the copy to autodiscover.xml.

Virtual Directory Stuff

Set-ActiveSyncVirtualDirectory -Identity "servername\Microsoft-Server-ActiveSync (Default Web Site)" -ActiveSyncServer "https://mail.domain.com/Microsoft-Server-ActiveSync" -InternalUrl "https://mail.domain.com/Microsoft-Server-ActiveSync" -ExternalUrl "https://mail.domain.com/Microsoft-Server-ActiveSync"
Set-EcpVirtualDirectory -Identity "servername\ecp (Default Web Site)" -InternalUrl "https://mail.domain.com/ecp" -ExternalUrl "https://mail.domain.com/ecp"
Set-OabVirtualDirectory -Identity "servername\OAB (Default Web Site)" -InternalUrl "https://mail.domain.com/OAB" -ExternalUrl "https://mail.domain.com/OAB" -RequireSSL $true
Set-OwaVirtualDirectory -Identity "servername\owa (Default Web Site)" -InternalUrl "https://mail.domain.com/owa" -ExternalUrl "https://mail.domain.com/owa"
Set-PowerShellVirtualDirectory -Identity "servername\PowerShell (Default Web Site)" -InternalUrl "https://mail.domain.com/powershell" -ExternalUrl "https://mail.domain.com/powershell"
Set-WebServicesVirtualDirectory -Identity "servername\EWS (Default Web Site)" -InternalUrl "https://mail.domain.com/ews/exchange.asmx" -ExternalUrl "https://mail.domain.com/ews/exchange.asmx" -InternalNLBBypassUrl $null
Set-ClientAccessServer -Identity "servername" -AutoDiscoverServiceInternalUri "https://mail.domain.com/Autodiscover/Autodiscover.xml"
Set-OutlookAnywhere -Identity "servername\Rpc (Default Web Site)" -InternalHostname mail.domain.com -ExternalHostname mail.domain.com -InternalClientAuthenticationMethod Ntlm -ExternalClientAuthenticationMethod Basic -ExternalClientsRequireSsl $True -InternalClientsRequireSsl $true
Set-ClientAccessServer -Identity servername -AutoDiscoverServiceInternalUri https://mail.domain.com/autodiscover/autodiscover.xml
Enable-ExchangeCertificate -Thumbprint 9232c0140d1034b64f6ae4b2edaa82d26e2dc097 -Services POP,IMAP,IIS,SMTP
Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook "\Default Offline Address Book (Ex2013)"
Set-OutlookProvider -Identity EXCH -CertPrincipalName msstd:mail.domain.com
Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:mail.domain.com
Set-OutlookProvider -Identity WEB -CertPrincipalName msstd:mail.domain.com
Set-OutlookProvider EXCH -CertPrincipalName $null
Set-OutlookProvider EXPR -CertPrincipalName $null
Set-OutlookProvider WEB -CertPrincipalName $null
Set-OutlookProvider -Identity EXCH -CertPrincipalName msstd:mail.domain.com
Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:mail.domain.com
Set-OutlookProvider -Identity WEB -CertPrincipalName msstd:mail.domain.com

A.D. Setting That Can Break ActiveSync to Your Mobile Device

  • Open Active Directory Users and Computers
  • Click View menu
  • Select Advanced Features
  • Locate the user in Active Directory, select Properties on the user profile
  • Open the Security tab
  • Click Advanced button at the bottom of the Security tab
  • Make sure Include inheritable permissions from this object’s parent is checked