If you are like me, you like a nice clean Exchange environment. I recently migrated an environment from Exchange 2003 to Exchange 2010 and found the following tasks great to ensure a consistent and clean environment. Just add them to your exchange task scheduler and you can automate these reports to your mailbox.
Power Shell Commands (Actions)
- Active Sync: Enabled by default, the below script disables it for all users. It only allows this feature to be enabled for members of the security group active sync users.
#Adding Exchange Snap In to execute Exchange CmdLets in this script
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin
# Disable ActiveSync for ALL accounts because Microsoft hates you
get-Mailbox -ResultSize:unlimited | set-CASMailbox -ActiveSyncEnabled:$False -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
# Assign all members of the group to a dynamic array
$allUsers = Get-DistributionGroupMember -Identity 'Active Sync Users'
# Loop through the array
foreach ($member in $allUsers) {
# Set ActiveSync for each member of the array
$member | Set-CASMailbox –ActiveSyncEnabled $true
}
- Outlook Anywhere: When enabled on Exchange 2010, this feature is enabled for all users. The below script disables it for all users. It only allows this feature to be enabled for members of the security group outlook anywhere users.
get-Mailbox -ResultSize:unlimited | Set-CASMailbox -MAPIBlockOutlookRpcHttp:$True -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
# Assign all members of the group to a dynamic array
$allUsers = Get-DistributionGroupMember -Identity 'Outlook Anywhere Users'
# Loop through the array
foreach ($member in $allUsers) {
# Set ActiveSync for each member of the array
$member | Set-CASMailbox -MAPIBlockOutlookRpcHttp:$False
}
PowerShell Commands (Reports)
- Report on mailboxes so I can identify any anomalies. The report will show mailboxes over their limit, that don't empty their deleted items, and the database they belong too. We don't want mailboxes for casual staf on databases the reside on high performance drives.
- Report on any mailboxes that do not have a quota set. If they don’t have a quota set then I want to know what their Send and Receive Quotas are.
Get-Mailbox -Server SERVERNAME -ResultSize Unlimited | Get-Mailbox -Filter { (UseDatabaseQuotaDefaults -eq $false) } | SELECT DisplayName, ProhibitSendReceiveQuota,IssueWarningQuota,UseDatabaseQuotaDefaults | Export-Csv "D:\ExchangeScripts\AllMailboxeswithoutDatabaseQuota.csv" -NoTypeInformation
- Report on all mailboxes that are disabled. This is wasting storage space and keeping AD untidy, it also keeps HR and our support team on top of user accounts.
- Report on all archive mailboxes so I can identify any anomalies. The report will show archive mailboxes over their limit, that don't empty their deleted items, and the database they belong too. We don't want archive mailboxes for casual staff on databases the reside on high performance drives.
- Report on all archive database quotas. We have a standard and want to ensure this is consistent for all archive mailboxes.
Get-Mailbox -Archive | SELECT DisplayName, @{name="ArchiveQuota (MB)";expression={$_.ArchiveQuota.Value.ToMB()}}, @{name="ArchiveWarningQuota (MB)";expression={$_.ArchiveWarningQuota.Value.ToMB()}} | Sort "ArchiveQuota (MB)" -Descending | Export-Csv " EXPORT FILE LOCATION .CSV" " -NoTypeInformation
- Report on user’s retention policies. This ensures data is moving from their main mailbox to their archive.
Get-Mailbox -Archive -ResultSize Unlimited | SELECT Name,RetentionPolicy | Export-Csv "EXPORT FILE LOCATION" -NoTypeInformation
If you use these scripts you will have to change the following:
- SERVERNAME: Your Exchange Server
- EXPORT FILE LOCATION.CSV: The location you wish to export this data too (CSV)
- EXPORT FILE LOCATION.TXT: The location you wish to export this data too (txt)
Creating a PS1 Script that can be run from Windows 2008 Task Scheduler
Here is an example of a ps1 script that can be run from the task scheduler. It collects the data and sends me an email.
Get-Mailbox -Filter 'UserAccountControl -eq "AccountDisabled, NormalAccount"' -Server ExchangeServer -RecipientTypeDetails UserMailbox | Get-MailboxStatistics | ft DisplayName, database, TotalItemSize, ItemCount | Out-File "D:\ExchangeScripts\AllDisabledMailboxes.txt"
$smtpServer = “ExchangeServer”
$msg = new-object Net.Mail.MailMessage
$att = new-object Net.Mail.Attachment("D:\ExchangeScripts\AllDisabledMailboxes.txt")
$smtp = new-object Net.Mail.SmtpClient($smtpServer)
$msg.From = “ExchangeServer@xyz.domain.com”
$msg.To.Add(“me@xyz.domain.com”)
$msg.Subject = “List of all Disabled Mailboxes & Databases”
$msg.Attachments.Add($att)
$smtp.Send($msg)
The Action for the Task
Program: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Add arguments: -command ". 'C:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto; SCRIPTFILELOCATION"
I hope this helps you manage your exchange environment. Don't hesitate to leave a comment or question.
If you want to disable ActiveSync, OWA, POP, IMAP and Outlook Anywhere by default follow the guide from here and change the follwoing line
set-casmailbox $newmailbox -ImapEnabled $false
With
Set-CASMailbox $user -ActiveSyncEnabled $false -owaenabled $false -IMAPEnabled $False -popenabled $False -MAPIBlockOutlookRpcHttp $true