Tuesday, 20 July 2010

Manage Distribution Groups

Messages can be sent to groups of recipients. These groups are called distribution groups. The following describes

1. How to create a new distribution group
2. How to mail enable an existing distribution group
3. How to modify the membership of the group

How to Create a New Distribution Group

An important initial consideration is that when you create a distribution group the group scope is universal and they can be security enabled (and can be assigned to an acl). When you create the group you decide this.
The following cmdlet will show you how to create a distribution group that is security enabled.

[PS] New-DistributionGroup "Sales" -Security

If the -Security parameter is left out then the group defaults to a distribution group.

How to Mail Enable an Existing Distribution Group

If you recall three different group scopes exist

1. Global
2. Domain local
3. Universal

You should understand that you can only mail enable existing universal groups (domain local and global groups have to be converted).

The following cmdlet will mail enable an existing universal group called HR

[PS] Enable-DistributionGroup "HR"

How to Modify the Membership of the Group

The following cmdlets will add and remove members from the distribution group called "HR"

[PS] Add-DistributionGroupMember "HR" -Member "Andrew Stevens"

[PS] Remove-DistributionGroupMember "HR" -Member "Andrew Stevens"

Dynamic Distribution Groups

In Exchange 2000/2003 these were called query based distribution groups. Membership is based on a recipient filter and can include all recipient types. By default these groups types only accept messages from authenticated users. Membership can change based on a particular attribute. For example, a recipient can be a member of DDG based on a department. The following example will create a DDG called 'students' and will include users that have mailboxes AND are in the students department.

[PS] New-DynamicDistributionGroup -Name "Students" -RecipientFilter {(RecipientType -eq 'UserMailbox') -and (Department -like 'Students*')}

To view the DDG type the following cmdlet

[PS] Get-DynamicDistributionGroup

To view the DDG membership, type the following cmdlet:

[PS]  $Group = Get-DynamicDistributionGroup -Identity "Students"
[PS] Get-Recipient -RecipientPreviewFilter $Group.RecipientFilter


Sunday, 18 July 2010

Recipient Bulk Management Tasks

You can create new mailboxes using the New-Mailbox cmdlet as described earlier in this post. Sometimes,  you may be asked to create a large number of user mailboxes based on a comma - separated value spreadsheet.
Fortunately, the Import-CSV cmdlet is helpful here. In this case you can easily import the CSV file and use the New-Mailbox cmdlet to quickly create the mailboxes.
The spreadsheet could look something like the following:
The spreadsheet provides minimal information (and needs to saved as a .CSV file).
To see the CSV file in powershell, simply type the following command:
[PS] Import-CSV c:\book3.csv | ft –au
To create new-mailboxes from this file try using the following cmdlet in powershell:
First you create a password variable
[PS] $Password = Read-Host “Enter a Password” –AsSecureString
Then, you can import the CSV file, loop through the file and create new mailboxes. Notice in the script below, that we can add the the new users to a specific organisational unit and we use the password variable to provide the needed passwords.
[PS] Import-Csv .\Book3.csv | foreach { New-Mailbox -Name $_.Name -FirstName $_.FirstName -LastName $_.LastName -Alias $_.Name -UserPrincipalName "$" -OrganizationalUnit Staff -Password $Password -Database "EX1\store2\db01" -ResetPasswordOnNextLogon $true }
As the above script does not include –Department, your new mailboxes will not be assigned relevant departments. Lets say you need to now include the department for these users. You can once again refer to your CSV file.
If you type the following cmdlet, you will see that the sales group is empty
The following command will set a department property for each user defined in the CSV file.
[PS] C:\>Import-Csv .\Book3.csv | foreach {Set-User -Identity $ -Department $_.Department}
The following result will be displayed

Friday, 16 July 2010

Manage Recipient Accounts

In Exchange 2010 their are many different recipient types. Recipients with user accounts have an Exchange mailbox connected or linked to the account.

Part One

Create a New User with a Mailbox (MailBox User)

This process serves two objectives; it will create an account in AD and will build a mailbox for the account in an Exchange database. To do this using the EMS type the following cmdlet:

[PS] New-Mailbox -Alias "Andrew" -Name "Andrew Stevens" -FirstName "Andrew" -LastName "Stevens" -UserPrinicipleName

You will be prompted to enter a password for the account and database

Mail Enable an Existing User

The following process will create a mailbox for an existing user account. To do this in the EMS, type the following cmdlet:

[PS] Enable-Mailbox [Username] or [DistinguishedName]

Part Two

Create a Mail-Enabled Contact (Mail Contact)

A contact is a type of recipient that doesn't have a mailbox in your Exchange organisation. Contacts are created when you want recipients to exist in an address list but those recipients don't own internal mailboxes. These are essentially the same type of contacts that are created in hotmail etc. and have external email addresses. Remember that contacts are objects in AD. To create a contact, type the following cmdlet:

[PS] New-MailContact [FullContactName] -ExternalEmailAddress [SMTPAddress]

Create a Mail Enabled User (Mail User)

This type of recipient has an AD account (you can log on with it) but has an external email address so the account will not own an internal mailbox. To create a mail user, type the following cmdlet:

[PS] New-MailUser -Name "Susan" -FirstName "Susan" -LastName "King" -ExternalEmailAddress -UserPrincipleName

Part Three

Modification of Mail Contact Information

To identify which attributes are associated with the mail-enabled contact just created, type the following cmdlet:

[PS] Get-Contact | Get-Member

As the output indicates, you can modify a number of different attributes. For example, to change the mobile phone number of a contact type the following cmdlet:

[PS] Set-Contact -Identity "Tony Almeida" -MobilePhone "1234567"

Modification of User Mailbox Information

To modify a user mailbox information like the address type the following cmdlet:

[PS] Set-User "Andrew Stevens" -StreetAddress "123 Exchange Street" -City "Exchange Town"

(Wow what an interesting place to live!)

Part Four

Hide a User From Address Lists using the EMS

You might want to hide a user from your address lists. Remember that once the user is hidden you will have problems creating an Outlook profile for the user. You should unhide the user account, create the profile and then rehide it again. Type the the following cmdlet:

[PS] Set-Mailbox "Andrew Stevens" -HiddenFromAddressListsEnabled $true

Part Five

Creating Resource Accounts

Why create resource accounts? A resource account can represent a physical item like a room or a projector. Recipients can request the use of such a resource perhaps in a meeting request and schedule its use. Resources can be configured to accept or reject meeting requests automatically (users have to manually accept  or reject a meeting invitation). Also, resource mailboxes have an account in AD but you can't log on to a computer with it; its disabled. Lets first create a resource mailbox called "Room 1"

[PS] New-Mailbox "Room 1" -UserPrincipalName -Room

You can replace the resource mailbox type of "-Room" with "-Equipment"

Now that you have created a resource mailbox it can be requested and booked. The 'Resource Booking Attendant' acts on behalf of the resource mailbox and automatically approves resource request. This needs to be turned on:

To do this in this in the EMS type the following:

[PS] Set-CalendarProcessing "Room 1" -AutomateProcessing AutoAccept

When someone makes a request for this resource (perhaps in a meeting request) you can reply to the requestor with a custom message. For example in the following example, if someone makes a request for Room 1 then you can remind the requestor that he/she can also request a projector:

You can do the same thing using the EMS. Type the following cmdlet:

[PS] Set-CalendarProcessing "Room 1" -AddAdditionalResponse $True -AdditionalResponse "If you need a projector make an additional request"

Part Six

Impose Storage Quotas on Specific Users

How much disk space is allowed for mail storage is set on the mailbox database but can be overridden on a per user basis. You can set this on the recipient properties of the user mailbox in the EMC or by using the shell:

[PS] Set-Mailbox "Andrew Stevens" -ProhibitSendQuota 150MB - ProhibitSendReceiveQuota 200MB -IssueWarrningQuota 100MB -UseDataBaseQuotaDefaults $False 

Please note the following:
  • The ProhibitSendQuota defines when messages cannot be sent
  • The ProhibitSendReceiveQuota defines when messages cannot be sent or received
  • The IssueWarningQuota defines when a warning will be sent to the recipient indicating that they are getting close to the limit
  • UseDataBaseQuotaDefaults defines that quotas set on the database should be overruled

Impose Message Size Limits on Specific Users

This defines how large the messages can be (sending and receiving). Large messages take up more disk space and quotas are reached faster. Also large messages take longer to deliver backing up the mail queues.

[PS] Set-Mailbox "Andrew Stevens" -MaxSendSize 10MB -MaxReceiveSize 10MB

Disabling a Mailbox Using the EMS

Disabling a mailbox disconnects an AD account from the mailbox. Unlike removing the mailbox, the AD account is not deleted from AD.

[PS] Disable-Mailbox "Andrew Stevens" -Confirm:$False

Give a Different User Access to Your Mailbox

A variety of access levels can be granted using the EMS:

The following cmdlet will allow the recipient logged in as Martina to send an email as if it came from Andrew Stevens (her boss!)

[PS] Add-ADPermission "Andrew Stevens" -User "compulinx\martina" -Extendedrights "Send As"

This requires a little more explanation. When Martina logs in using perhaps OWA, she will not be able to define an alternative sender by default. In other words she will not see the from field in the new email message and therefore will not be able define an alternative sender (Andrew Stevens in this case). This requires the following configuration:

You should first click options as indicated in the below screen print

Next click 'Settings' and then 'Mail' as indicated below

By default the 'Always show Bcc' and 'Always show From' boxes are not selected. Select both boxes as shown. Now click 'My Mail' to return to the main interface.

Once you create a new message you will see the 'From' field where you can define an alternative sender:

If you replace any other sender in the 'From' field you will receive an error as you will only have permission to replace Martina with Andrew Stevens. You should see this error when you click send. Also you wont be able to send on behalf of another user if that user is hidden from address lists.