Category: Exchange 2010

Resolving Quarantined Mailboxes in Exchange 2010

Exchange 2010 has a security measure when it comes across a ‘poisoned’ mailbox’ in its Information Store database. If it deems the mailbox ‘dirty’ or ‘poisoned’, it will quarantine the mailbox. This keeps it safe from corruption and crashing.
Usually, quarantined mailboxes will be released after some hours (2-6hrs). In some cases, that may not be feasible, as user will have to stay without access to email.
You can follow these steps to resolve if critical: (you must be admin to do these)
1.Run Get-MailboxStatistics -identity ‘username’ | fl
2.Copy the mailbox GUID and keep it handy.
3.Open up the registry and navigate to HKLMSYSTEMCURRENTCONTROLSETSERVICESMSEXCHANGEIS<SERVERNAME>PRIVATE-(DB GUID)QUARANTINEDMAILBOXES(MAILBOX GUID)
4.Delete the key.
5.Restart the Information Store
6.Run an IISRESET

 
 
Important repair considerations:
Consider repairing the mailbox upon expiration of 6hrs(release of mailbox from quarantine)
 
A. This example detects and repairs the folder view for the mailboxob@domain.com
New-MailboxRepairRequest -Mailbox obtest@domain.com -CorruptionType FolderView
 
 
B.This example detects and repairs all corruption types for mailboxes that have CustomAttribute2 set to RepairCorruption.
 
Get-Mailbox -Filter {CustomAttribute2 -like “RepairCorruption”} | New-MailboxRepairRequest -CorruptionType SearchFolder,AggregateCounts,ProvisionedFolder,FolderView
 
During the repair operation, there will be no mailbox access for the user.
 

The output of New-MailboxRepairRequest will be a number of Event IDs with a source of “MSExchangeIS Mailbox Store” and you will need to watch for the following events related to a repair request “0044,10045,01146,10047,10048,10049,10050,10051,10059,10062”

Apply ad permission to multiple databases at once

Apply ad permission on multiple databases at once using these steps:
 
scenario: customer wants admin acct to have receive-as permissions on all databases that start with on
 
soln: use this powershell one liner
 
get-mailboxdatabase | where-object {$_.identity -like “on*”} | Add-ADPermission -user “admin” -accessrights extendedright -extendedrights receive-as, ms-exch-store-admin -inheritancetype ‘All’
 

Single Item Recovery

get-mailbox mailboxname| f1 singleitem*
–To set single item recovery on all users in a specific database run the following command:
Get-Mailbox -Database <DatabaseName> | Set-Mailbox -SingleItemRecoveryEnabled $true
–And for newly created mailboxes (24h):
Get-Mailbox -Database <DatabaseName> | Where { $_.WhenCreated -gt (get-date).adddays(-1) } | Set-Mailbox -SingleItemRecoveryEnabled $true
  
–Enabling Single Item Recovery
( By Server)
Get-Mailbox -Server servername| Set-Mailbox -SingleItemRecoveryEnabled $true
(By Database)
Get-mailbox -database dbname | Set-Mailbox -SingleItemRecoveryEnabled $true

Excluding Domain Controllers from Exchange servers

The directory team have started decommissioning old DC servers. New ones have already
been installed and operational. Please use the script below and the step-by-step instructions to exclude the old DC servers from your exchange servers. You will need to run the script using exchange powershell.
 
Set-ExchangeServer -Identity servername -StaticConfigDomainController $null
-StaticDomainControllers $null -StaticGlobalCatalogs $null
-StaticExcludedDomainControllers DC1.domain.com,DC2.Domain.com,DC3.domain.com
 
These steps apply to Exchange 2007 servers ONLY:
 
1. Run the powershell script on the active node of your cluster. Remember to use the
exchange server cluster name as the identity for Set-Exchangeserver command
2. Restart MSExchange Topology service. This will also restart transport log search,
service host, search indexer, replication service, mail submission and mailbox
assistants)
3. Verify by going to the exchange console, right click on cluster properties, system
settings. You will see only domain controllers in the list
4. Repeat the same procedure for the passive node of your cluster
5. You have completed the change
 
These steps apply to Exchange 2010 ONLY:
 
Step by Step Configuration Steps:
 
1. Run the powershell script on the each node of your DAG.
2. Restart Microsoft Exchange Active Directory Topology. This will also restart
(transport log search, service host, search indexer, RPC Client Access, replication
service, mail submission, mailbox replication, edgesync, file distribution, antispam
update, exchange addressbook, exchange throttling and mailbox assistants)
3. Verify by going to the exchange console, click on server configuration, right click on the server, properties, system settings.You will see only domain controllers in the list
4. Repeat the same procedure for the other DAG nodes
5. You have completed the change

You do not have sufficient permissions. This operation can only be performed by a manager of the group

Issue/Error: You do not have sufficient permissions. This operation can only be performed by a manager of the group.” error message when you try to change the “ManagedBy” attribute in an Exchange Server 2010 SP1 environment
Resolution: Install Update rollup 3 for SP1.