Category: Powershell

15 Minute Message Delays when Receiving email

Scenario:  It was reported that mailboxes were receiving message delays when receiving a message.​ The customer stated the time was 15-20 minutes before the message would make it into the mailbox. The message header was showing the delay, but not showing what was causing the delay.

Cause: We found that one of the servers was not accepting any messages, thus causing that hop to be delayed.  15 minutes was how long it would take for the next hop to occur again. When the next hop would happen it would select a different server to send the message.

Troubleshooting: We ran the following command to see where the message was being delayed.

get-transportserver | Get-messagetrackinglog -eventID Defer -Start 3/18/15 | Export-csv C:defer.csv

When we opened the csv file we found the common Servername that was having the issue.  When we logged onto the server to attempt to restart some Exchange services, it was apparent the server was having other issues. We rebooted the server and all was well when it came online again.

 

Exchange Powershell Script to output certificate information

Scenario:  You need to export specific certificate info for all Exchange 2013 Servers.  The script below will output to a txt file the server names along with the Thumbprint, NotAfter, Services, and Subject  properties.

Script:

$servers = Get-ExchangeServer  | Where AdminDisplayVersion -like *15*

$servers | %{

$Name = $_.Name
$Cert = Get-ExchangeCertificate -server $_.name | Where Subject -like *mail.* | FT Thumbprint, NotAfter, Services, Subject -autosize
Write-Host $_.name
$name, $cert | Out-file C:certs.txt -append
}

 

A Mailbox Move Request Failed with the following Error: “An error occurred while updating a user object after the move operation. –> You cannot have ArchiveDomain set when archive is not enabled for this user”

Scenario: A mailbox fails once it tries to complete the move request. When you run get-moverequeststatistics mailboxname | FL , you see the following listed in the Message property:

An error occurred while updating a user object after the move operation. –> You cannot have ArchiveDomain set when archive is not enabled for this user

Cause: Its a mailbox attribute thats left over from a previous Office 365 migration.

Resolution: Run the following:

Set-mailbox mailboxname -archivedomain $null

Script to output the LastLogon in a readable format from a list of users

Scenario: You need to determine the LastLogon date in a readable format from a list of AD users in a csv file.

Edit your users.csv file  so that row1 = name and the following rows have the SamAccountName (or other get-ADUser property) separated by a new line.

Example of contents of users.csv =

name
testusr
testuser2
testuser3
testuser4

 

Script:

$users = Import-csv C:users.csv

$users | %{
$user = Get-ADUser $_.name

$dcs = Get-ADDomainController -Filter {Name -like “*”}
$time = 0
foreach($dc in $dcs)
{
$hostname = $dc.HostName
$user1 = Get-ADUser $user -Properties lastLogon
if($user1.LastLogon -gt $time)
{
$time = $user1.LastLogon
}
}
$dt = [DateTime]::FromFileTime($time)
Write-Host $user.name “last logged on at:” $dt
$x = $user.name + “:” + $dt
$x | Out-File C:results.txt -append
}

Exchange 2013 Connect mailbox

Exchange 2013 this cmdlet no longer exists but the same problem persists: disconnected mailboxes are not visible immediately after being removed or disabled…. Clean-MailboxDatabase has been replaced by Update-StoreMailboxState, which forces the mailbox store state in the Exchange store to be synchronized with Active Directory.

Its syntax is as follows:

Update-StoreMailboxState -Database “DatabaseIdParameter” -Identity “StoreMailboxIdParameter” [-Confirm [SwitchParameter]] [-WhatIf [SwitchParameter]]

Both the –Database and –Identity parameters are required, meaning we need to know the identity of the mailbox (mailbox GUID) that we want to update the store state for. To do so, we can run the following cmdlet for example:

Get-MailboxDatabase | Get-MailboxStatistics | Format-List DisplayName, MailboxGuid, Database, DisconnectReason, DisconnectDate

Once we know the mailbox’s GUID and in which database it was located, we can update its mailbox state by running:

Update-StoreMailboxState -Database “db_name” -Identity “mailbox_guid”

If we want to update the mailbox state for all mailboxes on a particular database, we can adapt the cmdlet to:

Get-MailboxStatistics -Database “db_name” | ForEach {Update-StoreMailboxState -Database $_.Database -Identity $_.MailboxGuid -Confirm:$False}

Finally, if we want to just update the mailbox state for all disconnected mailboxes on a particular database:

Get-MailboxStatistics -Database “db_name” | Where {$_.DisconnectReason -ne $null } | ForEach { Update-StoreMailboxState -Database $_.Database -Identity $_.MailboxGuid -Confirm:$False}

 

“The Message can’t be moderated because the approval system is too busy and can’t accept messages now” when emailing to a moderated distribution group.

Scenario: You receive the following bounce back when sending to a distribution group that has moderation enabled:

Delivery has failed to these recipients or groups:

The Message can’t be moderated because the approval system is too busy and can’t accept messages now. Please try resending this message later, or contact the recipient directly.

Resolution:  The arbitration mailbox that the distribution group is using for moderation is having problems processing the message or located on legacy Exchange servers that is no longer accessible.  To resolve this,  set the arbitration mailbox to another arbitration mailbox.

To determine the arbitration mailbox that the distribution group is currently using, run this:

get-distributiongroup “All Users” | Select ArbitrationMailbox

To determine the arbitration mailboxes in the organization to choose from:

get-mailbox -arbitration   

-or get-mailbox -arbitration -domaincontroller RootDCName

Now set the new arbitration mailbox on the distribution group:

Set-distributiongroup “All Users” -arbitrationmailbox “SystemMailbox”be42da……..02ed2}”

Create a CSV of mailbox delegate permissions to a mailbox

Scenario: You want to find who has delegate permissions to a mailbox and export the users, folders, and access permissions to a CSV File.

Run the following:

$AllUsers = get-mailbox  test*

ForEach ($Alias in $AllUsers)
 {
 $Mailbox = “” + $Alias.Name
 Write-Host “Getting folders for mailbox: ” $Mailbox
 $Folders = Get-MailboxFolderStatistics $Mailbox | % {$_.folderpath} | % {$_.replace(“/”,””)}

 $list = ForEach ($F in $Folders)
  {
  $FolderKey = $Mailbox + “:” + $F
  $Permissions = Get-MailboxFolderPermission -identity $FolderKey -ErrorAction SilentlyContinue
  $Permissions | Where-Object {$_.User -notlike “Default” -and $_.User -notlike “Anonymous” -and $_.AccessRights -notlike “None” -and $_.AccessRights -notlike  “Owner” }| Select $Mailbox, User, FolderName, AccessRights, *path*
  }
 }

$list | Export-csv C:delegates.csv

Reference: This code is edited from the original

When removing Mobile Devices from Exchange Mailboxes, you get the error message: DeviceId cannot contain hyphens.

Scenario:  When you attempt to remove a mobile device from a users mailbox, you receive the error below.

Error:  An unexpected error has occurred and a Watson dump is being generated: DeviceId cannot contain hyphens.  


Resolution: Remove the mobile device object via ADSI Edit.

1. Open ADSI Edit.
2. Under the Default Naming Context, navigate to the user object of the mailbox that has the mobile device.
3. Expand that user object, and click on the CN=ExchangeActiveSyncDevices.
4. Delete the Mobile Device for this user.

Time your Powershell Commands

Task:  You want to measure your Powershell commands so you can time your commands for efficiency. In the example below, I want to time how fast my results are returned for finding all Mailboxes in our organization.

Resolution:   Select from #Start to #End and copy and paste it all into PowerShell. Make sure you paste it all at once.  It will execute the start and end time variables and then subtract it.  It will then display the $total in these various units of measure; TotalMilliseconds, TotalSeconds, TotalMinutes, TotalHours, TotalDays, and Ticks.

#Start
$Start = Get-Date
Get-Mailbox -resultsize unlimited
$End = Get-Date
$total = $End-$Start
$total
#End

Retrieve all mailboxes assigned to a specific ActiveSyncMailboxPolicy

Task: Retrieve all mailboxes assigned to a specific ActiveSyncMailboxPolicy.  The ActiveSyncMailboxPolicy we are searching for is labeled “VIP”.

Run the following:

Get-CASMailbox -ResultSize unlimited | Where ActiveSyncMailboxPolicy -like “VIP” | Select SamAccountName, DisplayName,ActivesyncMailboxPolicy,ServerName | Export-csv C:VIP_EASPolicy.csv