Powershell – Page 31

fixing cas-mailboxes running in lite Mode for web experience

A funny Exchange Cmdlet, and how to fix it: Set-CASMailbox

In Exchange 2007 you can implement Outlook Web Access segmentation both server-side and client-side. The server-side segmentation can be done using both the power of the Exchange Management Shell, and the Exchange Management Console. To disable particular features, you will need the set-casmailbox to do so. Please read on
Issue: User can only run Outlook web access(owa) in lite version regardless of browser used
Solution: I have to use the EMS cmdlet Set-CASMailbox, as is stated in Technet “The Set-CASMailbox cmdlet sets client access-related attributes for Microsoft Exchange ActiveSync, Microsoft Office Outlook Web Access, Post Office Protocol version 3 (POP3), and Internet Message Access Protocol version 4rev1 (IMAP4) for a specified user.”
When running the cmdlet Get-CASMailbox ivancriekinge | fl, I can see that by default all features are enabled:

So, by running the following cmdlet I believe I’m disabling the ability to change my password using Outlook Web Access:Set-CasMailbox ivancriekinge -OWAChangePasswordEnabled:$False
But, it seems that running the specified line, it seems that all features are disabled…
And if you would on the other hand explicitely enable one feature, the result would be the same, all other features would be set to disabled 🙂

Solution = AdsiEdit…
When you check the properties of the mailbox using AdsiEdit, you can see that by running the cmdlet specified above, Exchange has changed the value of the attribute msExchMailboxFolderSet. By default this value is not set for a user, when all features are disabled, the value gets the value of 0.
If we change this value again, the default value would be reinstated.
In order to disable one feature, it’s very useful to first use AdsiEdit, or the Shell and set the value of MsExchMailboxFolderSet to 2147483647. And then, use the Set-CASMailbox cmdlet to disable the one feature wanted.
To use the shell, use the following commands:

To reset the value of the parameter to the default <not set>, just run the following line:
Set-QADUser ‘<domainname>/<OU>/username’ -objectattributes @{msExchMailboxFolderSet=$Null}
To set the value of all properties (starting with OWA) to $True, just run the following:
Set-QADUser ‘<domainname>/<OU>/username’ -objectattributes @{msExchMailboxFolderSet=2147483647}

Value of 2080374783 sets all to true except for ability to change password over the web

Reference:

Ilse, http://www.Proexchange.be, retrieved on November 13, 2008

How to Encrypt email messages

Sending and viewing encrypted e-mail messages requires both sender and recipient to share their digital ID (digital ID: Contains a private key that stays on the sender’s computer and a certificate (with a public key). The certificate is sent with digitally signed messages. Recipients save the certificate and use the public key to encrypt messages to the sender.), or certificate. This essentially means the recipient is given the private key that matches the sender’s public key. Once the parties have shared certificates, sending and viewing encrypted e-mail messages between them is the same as with any other e-mail messages. You can learn about digital IDs here and learn how to get and exchange digital IDs here.

Encrypt a single message

In the message, on the Message tab, in the Options group on the ribbon, click the Encrypt Message Contents and Attachments button . Note If you don’t see this button, click the Options Dialog Box Launcher in the lower right corner of the group to open the Message Options dialog box. Click the Security Settings button and in the Security Properties dialog box, select Encrypt message contents and attachments. Click OK and then close the Message Options dialog box.
Compose your message and send it.

Encrypt all outgoing messages
Choosing to encrypt all outgoing messages means, in effect, your e-mail is encrypted by default. You can write and send messages the same as with any other e-mail messages, but all potential recipients must have your digital ID to decode your messages.

On the Tools menu, click Trust Center, and then click E-mail Security.
Under Encrypted e-mail, select the Encrypt contents and attachments for outgoing messages check box.
To change additional settings, such as choosing a specific certificate to use, click Settings.
Click OK twice.

How to get messages sent from Delegates to appear in the Proxy’s Sent Items folder

Overview

When a delegate sends email as a delegate to a Proxy account, sent items are retained in the delegate’s Sent Items folder. Use the instructions below to setup Outlook to also keep sent items in proxy’s account

Step 1: Proxy sets up a Rule to move these messages to their Sent Items

While logged into the Proxy account, a rule can be set up that automatically moves certain messages. To do this, first select Tools then Rules and Alerts… and then click on the New Rule… button.

The Rules Wizard default is to “Start creating a rule from a template”. The Step 1 default is to “Move messages from someone to a folder” – both of these settings are fine.

In the Step 2 window click on “people or distribution list” and select the proxy account and all delegates from the address book window that pops up. Then click on “specified” and select the “Sent Items” folder from the list and then click the OK button.

Click the Next > button. The top item will be ticked (“move it to the specified folder”). Do not select any more actions.

Click the Next > button. Check the box next to “except if my name is in the To or Cc box”.

Click the Next > button. Give your rule a name e.g. “Move Delegate Sent Items”. ‘Run this rule on messages already in “Inbox”’ should be unchecked while “Turn on this Rule” should be ticked.

Click the Finish button. It is important that “OK” or “Apply” are selected from the remaining “Rules and Alerts” window that displays a list of the rules – if “Cancel” is chosen before either of these then the new rule will not be saved.

Step 2: Send Blind Copy to the Proxy

When sending a message as a delegate, using the proxy’s name in the “From…” field, you can use the “Bcc…” field within the original message to copy the manager for whom you are a delegate. The proxy for whom you are a delegate will receive a copy of the original message, but the recipient will not see any names that you list in the “Bcc…” field.

How to schedule a powershell script

How to Schedule a powershell script

Here is how you can schedule a Windows Powershell Script:
The first thing you need to do is make sure that Powershell is set to execute Powershell scripts,
instead of only allowing interactive commands to be run in the Powershell environment.

Type the following at the Powershell command prompt:

set-executionpolicy RemoteSigned

This will allow the system to run Powershell scripts that are created locally (Remote Powershell scripts that may be downloaded must be signed).
Once this is done, you can create your Powershell script using notepad. Just make sure you name the file with an extension of .ps1 .
Now to run the script outside of its Powershell environment you type a command similar to the following:

powershell -command “& script.ps1′ “

Just put the above command into a .bat or .cmd file and schedule it like you would normally schedule a script to be run with Windows task scheduler.

Now you can enjoy the weekend!

Address list service error on exchange 2007 server

Occasionally you may get this error:

“Address list service on server not running”

This error can prevent you from moving mailboxes.

To resolve, restart the system attendant services. On a CCR cluster, moving the cluster to another node can fix this as well

Set Explicit permissions to a mailbox you want to access from OWA 2007

How to set Explicit permissions to a mailbox you want to access from OWA 2007

Notes from troubleshooting

To open a user’s mailbox from OWA, you must have explicit full mailbox access granted by the administrator.

This explicit access must be granted by powershell.

If a user can’t access a user’s mailbox via owa 2007, you may follow these steps to troubleshoot and resolve the issue

step 1

for eg Get-MailboxPermission -identity “pbrown51” will tell you current permissions set for pbrown51

Access rights must be {FullAccess} and isInherited must be false. If this is not the case, you

must use this command to apply explicit fullaccess to the mailbox:

step 2

Add-MailboxPermission -identity “pbrown51” -User “ondubui1” -AccessRights “FullAccess”

Assign send-as permission to a user

Assign send-as permission to a user

Add-ADPermission epp-employees -User:’Help Desk Permissions Group’ -ExtendedRights:Send-As -AccessRights:ReadProperty, WriteProperty -Properties:’Personal Information’

Give user rights to delegate with powershell

Give user rights to delegate with powershell

For example:

Add-ADPermission epp-employees -user htaylor10 -AccessRi
ghts:readproperty, writeproperty -properties:’personal information’

customer needs to run premium version of OWA. Its currently set to basic

customer needs to run premium version of OWA. Customer checked basic upon initial launch of OWA.

To force owa to default back to premium, use the powershell command below to fix:

Set-CASMailbox -id jlederm2 -OWAPremiumclientenabled $true

outlook 2007 user could not get free busy data information neither in online nor cache mode.

outlook 2007 user could not get free busy data information neither in online nor cache mode.

These 2 methods below resolved this issue. Try any

1. Re-created outlook profile for user and problem was fixed

1. Exchange Admin moved the mailbox to new storage group and possible was resolved