Exchange 2010 – Page 18

Add X500 Alias to Mailboxes with Old LegacyExchangeDN Value

Scenario: A user receives a bounce message (Non Delivery Report/NDR) when emailing to an internal user that contains the following:

Delivery has failed to these recipients or groups:

John Test<mailto:IMCEAEX-_O%3DYOUR%2B20ENTERPRISE%2B20EXCHANGE_OU%3DEXCHANGE%2B20ADMINISTRATIVE%2B20GROUP%2B20%2B28FYDIBOHF23SPDLT%2B29_CN%3DRECIPIENTS_CN%3DJTest451a@domain.edu<mailto:3DJTest451a@domain.edu>>
The e-mail address you entered couldn’t be found. Please check the recipient’s e-mail address and try to resend the message. If the problem continues, please contact your helpdesk.

Cause: This issue occurs because the value for the LegacyExchangeDN attribute changed. The auto-complete cache in Microsoft Outlook and in Microsoft Outlook Web App (OWA) uses the value of the LegacyExchangeDN attribute to route email messages internally.

Resolution: Global Fix – Creating an X500 address based on the LegacyExchangeDN and adding it as an email alias to the recipients Exchange mailbox.

Copy/Extract the LegacyExchangeDN info from the NDR. This is located under the Generating Server portion. It looks like this:

IMCEAEX-_O=YOUR+20ENTERPRISE+20EXCHANGE_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=JTest451a@domain.edu

Perform the following on that address:

•Replace any underscore character _ with a slash character /
•Replace +20 with a blank space.
•Replace +28 with an opening parenthesis character (.
•Replace +29 with a closing parenthesis character ).
•Delete IMCEAEX-.
•Delete @domain.edu.

Final Result: /O=YOUR ENTERPRISE EXCHANGE/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=JTest451a

Take the final result and add this as an X500 alias for the receiving mailbox by performing these steps:

1. Open the properties of the affected mailbox in Exchange 2010.

2. Click on the Email Addresses tab.

3. Click the drop down menu next to Add… and select Custom Address.

4. In the Custom Address properties window:

i. Email Address: /O=YOUR ENTERPRISE EXCHANGE/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=JTest451a

ii. Email Type: X500

5. Click OK out of all the mailbox windows and you are done.

Testing: You should be able to enter in the X500 into a new mail message and perform a check names. It should resolve to the users account.

Notes

This can be performed on the server to apply a global fix. The real issue is stemming from the ‘Type Ahead’ cache in the users Outlook/Outlook Web App. They can easily clear out the cache completely OR delete the type ahead address as they are entering it and reselect from the address book..
Reference: The Cause and Resolution have been taken and modified to fit our scenario from here.

Exchange PowerShell to Recover Mailbox Items in Exchange 2010.

Scenario: A user is missing mailbox items because they were accidentally deleted or moved from the mailbox and the user cannot find these missing items in their “Recover Deleted Items” folder accessible in Outlook. (Note: How to access the Recover Deleted Items section in Outlook: Outlook 2010 & Outlook 2007)

Next Step: In Exchange 2010 PowerShell, a administrator can use the New-MailboxExportRequest command to create a PST of the users mailbox. The command will export the contents of the mailbox into a PST, in addition reveal the RecoverableItems folder which is a hidden folder in the mailbox that is not seen by Outlook. This folder may contain the contents of the missing items.

Ex2010 Powershell Commands:

Creating the PST Requests:

New-MailboxExportRequest username -filepath ServernameShareFile.pst

This will copy everything from the mailbox and put it in a .PST file that you can open in Outlook.

Monitoring the PST Requests:

Get-MailboxExportRequest

-Shows the status of the move requests

Get-MailboxExportRequest | Get-MailboxExportRequestStatistics

-Shows the percentage of completion

You can also attach the |FL shell command to existing command it will show all of the available information attached to the move requests.

After the PST request completes:

Once the PST is finished building, you can open it up in Outlook and try to find the missing mailbox items in the recoverable items folders. If you cannot find the missing items, its possible a restore will need to be performed from backup in order to find the missing data.

“the source data is corrupted or not properly base 64 encoded”

Issue:

Encoding error trying to import cert from Comodo to Exchange or complete a pending Cert request on exchange server 2010:

“the source data is corrupted or not properly base 64 enocded”

Resolution: Download as X509 Certificate only, Base64 encoded from Cert Enrollment email sent by Comodo server. This is the enocding that worked for Exchange

Track message logs for a user

Step 1. Determine user’s mailbox server

run the following scripts from Exchange powershell

For eg, to check the log for the recipients from sendertest@test.com:

Get-MessageTrackingLog -server servname -sender test@test.com | ft recipients,subject

To Get log from a certain time/date to a specific time/date. you can also change eventid from send to deliver or fail etc

Get-MessageTrackingLog -server srvname -resultsize unlimited -start “9/29/2013 8:00am” -end “10/1/2013 3:00pm” -EventId “send” -Recipients test2@domain.edu

Remove role entry from a role–RBAC

For eg, to remove set-casmailbox role entry from mail recipient role, you can follow these steps:

scenario: user wants to remove set-casmailbox role entry from mail recipient role associated to a rolegroup called airwatch which has org client access, recipient policies and mail recipient roles

1. step 1

New-ManagementRole -name “Airwatch-Mail-Recipient-No-CASMailbox” -Parent “Mail Recipients”

2. Step 2

Get-ManagementRoleEntry “Airwatch-Mail-Recipient-No-Casmailbox*” | ?{$_.name -like “set-casmai
lbox”} | remove-managementroleentry -confirm:$false

3. Step 3

Add the new management role to existing role group. you can use the console to do this