Author: Steve Man

reset cas-mailbox for a user

In some cases, due to improper login to at the onset, user may have issues with opening attachments in OWA
 
a faster way to resolve this is by using adsiedit
 
Resolution:
 
while in ADSI, go to properties of user and set this attribute MSExchMailboxFolderSet to 2147483647
 
This setting enables all OWA features.
 
Note: In some cases, user still has his/her outlook web access frozen and not able to do anything.
re-creating user’s profile on the workstation fixed the problem

Registry change to allow MDB files in Outlook

1.  Close Outlook. 
2.  Open the Registry Editor. 
3.  If you are using Windows XP/Office 2007, expand the branches to HKEY_CURRENT_USER Software Microsoft Office 12.0 Outlook Security
4.  Create a new string value by selecting New and then String Value from the Edit menu.
5.  Name the new value Level1Remove. 
6.  Double-click the new Level1Remove to edit it, and enter the filename extensions you’d like to stop Outlook from blocking. Extensions should be typed in lower case, without the dots (.), and separated by semicolons (;). For example, type 
exe;mdb;vbs to allow .exe, .mdb, and .vbs attachments, respectfully. 
7.  Click Ok and then close the Registry Editor when you’re done. 
8.  The next time you restart Outlook, you’ll now be able to open previously-blocked attachments. 

How to set-up Resource room to allow appointments over 6months in advance

Configuring Resource rooms to allow appointments over 6months in advance.
 

Notes: (a)The user that needs to open and setup this resource room must be given full access permission by an Administrator.
step by step:

1. Login to your mailbox via Outlook web Access

2. Click your name in the upper right corner of the window to open the Open Other Mailbox dialog box.

3. Enter the name or alias of the room mailbox that you want to open.
4. If more than one match is found, Outlook Web Access displays a list of possible matches.
5. Click the name of the room mailbox that you want to open. Note that the room mailbox will open in a new window
6. At the upper right corner, click on options. In the options page, scroll down to resource settings. This is only displayed for resource mailboxes
7. Under Resource Scheduling options, type 365 for maximum number of days. This box is used to set maximum number of days that a resource can be booked in advance.
8. Scroll to the top and Click on save
9. Configuration is now completed
 
Note: Use Resource Scheduling Permissions to control which users can automatically schedule the resource mailbox if it is available, which users must have approval to schedule the resource mailbox if it is available, and which users can automatically schedule the resource mailbox when it is available and can submit a request for approval when it is unavailable. Apply the settings as desired.
 
 

Important reading on Service Accounts and Delegation

please refer to this document for insights on service accounts, mailbox ownership, delegation, send-as, send-on-behalf, etc. 

 

Understanding & Configuring Service (Department) Mailbox Access Delegation
Terminology
Mailbox Owner: Mailbox ownership is established when an administrator creates a mailbox (mailbox-enables an account) in AD. The owner can login and has full control of the exchange mailbox. A mailbox owner or an administrator can delegate access to other accounts.
Mailbox Delegate: Mailbox designated to act on behalf of a mailbox. Some of the most commonly used options include the ability to read or manager another user’s calendar or to send mail on behalf of another user.
Access levels for sending mail as another user:
Send-on-behalf: This allows the delegate to send mail on behalf of the mailbox owner. The message sent by delegate indicates the sender “on behalf of the owner.
This can be granted using Outlook or by an administrator. Please note that this attribute called “publicdelegate” is written to the AD.
Send-As: This allows delegate to send mail as if they were the mailbox owner. The message sent does not indicate the sender was anyone other than the mailbox owner. This can only be granted by an administrator.
Service Account: A regular mailbox used for departmental use. The name service account is unique.
Service Account manager: Account that has been assigned full Access permission to a service mailbox. This person also has the username and password of the service account mailbox.
Resource Accounts:
Room mailbox: This is mailbox assigned specifically to meeting rooms. Associated users accounts are disabled in AD.
Equipment mailbox: This is a mailbox specific to equipment, for eg TV, Projector etc). Just like rooms, the associated AD accounts are disabled.
 
Delegating Access to users by service account managers
* As a matter of best practice, service account managers need to login to the service account on AD domain as domainservice account before they can start delegation.
* Create Outlook profile for the service account. Remember to login as domainservice account when prompted for login.
* While in Outlook, delegate access as needed to users. (Service account manager needs to add his/her account as a delegate if desired).
 
Basic questions for service account managers to consider before assigning or requesting for permissions:
* Do the users want to send on behalf of the service account?
 
If the answer is yes, the service account manager needs to delegate access to the service account mailbox to the users or the group.
If the answer is no, do not delegate access to users.
 
* Does the account manager want delegates to access inbox, calendar, contacts, etc of the service account?
If yes, while delegating in Outlook; assign the delegates required permissions to the folders as needed. After this is done, the delegates can access the delegated folders by clicking on file, open, other user’s folder, type the account name and choose the folder you want to open.
If no, while delegating in outlook, assign none permissions to all the folders.
 
* Does the service account manager want to assign specific permissions to specific folders beneath the inbox?
If yes, assign folder visible permission to the parent folder and the required permission to the child folder.
 
* Does the service account manager want to open the service account Outlook profile while logged in with his/her AD account?
If yes, administrator will need to assign full access rights to the service account mailbox. By so doing, they can login to the service account using mapi profile and assign outlook folder permissions as desired.
Important Notes/Gotchas:
1. The department account manager needs to add his/her account as a delegate to be able to send on behalf of the service account.
2. Full manage rights enables you to open the mailbox via outlook profile while department manager is logged into AD.
3. Mailbox owner and the administrator are the only ones that can delegate.
4. If rights are delegated properly, delegates can open the folder from
 Outlook. 
5. Send-on-behalf rights just like send-as is an AD attribute. Only Administrators can give send-as rights. Mailbox owners can give send-on-behalf rights using Outlook.
6. Users not on  domain must log in as domainmailbox owner to do delegation. In rare cases, you may experience replication issues. Check to make sure global catalog for  domain is within reach and responding in a timely manner.
7. Occasionally delegation may fail. While there are numerous reasons for such failure, it’s usually related to permissions. This can be fixed by doing this: While in Outlook, change outlook login behavior by clicking on tools, account settings, double click on your email account, click on more settings, click on security tab, Check the “Always prompt for logon credentials”, Click OK.
8. Logging into resource accounts is not required and not supported in Exchange 2007.
9. Note that full manage rights on a mailbox does not give the manager send-on-behalf rights for that mailbox.
10. Mailbox delegates can also open the service mailbox in outlook as secondary mailbox. This can be done by going to Tools, Account settings, double click mail account, more settings, advance tab, and under mailbox click on Add and type the mailbox name. Click OK 

Running Exmerge from Windows XP SP2

According to Microsoft’s website, Exmerge tool is used to extract data from mailboxes on a Microsoft Exchange Server and then merge this data into mailboxes on another Microsoft Exchange Server. The program copies data from the source server into Personal Folders (.PST files) and then merges the data, in the Personal Folders, into mailboxes on the destination server.
steps to install exmerge on windows xp with sp2
1. Install the Exchange 2003 System Management Tools from exchange 2003 cd
2. download exmerge from:
3. Install Exmerge
4. Configure permissions on the database by using this powershell command:
Get-MailboxDatabase -identity “servernameFirst Storage GroupMailbox Database” | Add-ADPermission -user “DomainUsername” -ExtendedRights Receive-As, Send-As
Note that this command assumes you have setup exmerge account on the domain and will be using it for exmerge operations.

windows/outlook search just stopped working in Vista

issue: Windows/Outlook search just stopped working in Windows Vista. As a result instant search in outlook won’t return any results. 
 
this is a known issue with windows vista
 
resolution:
 
step 1: try rebuilding the search index. go to indexing optioins, advanced tab and click rebuild. if this doesn’t work, try clicking on restore defaults
 
if stepy 1 doesn’t work, go to step 2
 
step 2: go to services in control panel, look for windows search or windows searcher as the case maybe
 
double click on the service and stop it. restart the service
 
this will initiate indexing and should fix the isue