Monday, 25 July 2011

Administrative and Maintenance Tasks for your Exchange 2010 Server

If you are like me, you like a nice clean Exchange environment. I recently migrated an environment from Exchange 2003 to Exchange 2010 and found the following tasks great to ensure a consistent and clean environment. Just add them to your exchange task scheduler and you can automate these reports to your mailbox.

Power Shell Commands (Actions)
  • Active Sync: Enabled by default, the below script disables it for all users. It only allows this feature to be enabled for members of the security group active sync users.
#Adding Exchange Snap In to execute Exchange CmdLets in this script
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin
# Disable ActiveSync for ALL accounts because Microsoft hates you
get-Mailbox -ResultSize:unlimited | set-CASMailbox -ActiveSyncEnabled:$False -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
# Assign all members of the group to a dynamic array
$allUsers = Get-DistributionGroupMember -Identity 'Active Sync Users'
# Loop through the array
foreach ($member in $allUsers) {
       # Set ActiveSync for each member of the array
       $member | Set-CASMailbox –ActiveSyncEnabled $true
  }
  • Outlook Anywhere: When enabled on Exchange 2010, this feature is enabled for all users. The below script disables it for all users. It only allows this feature to be enabled for members of the security group outlook anywhere users.
get-Mailbox -ResultSize:unlimited | Set-CASMailbox -MAPIBlockOutlookRpcHttp:$True -ErrorAction SilentlyContinue -WarningAction SilentlyContinue
# Assign all members of the group to a dynamic array
$allUsers = Get-DistributionGroupMember -Identity 'Outlook Anywhere Users'
# Loop through the array
foreach ($member in $allUsers) {
       # Set ActiveSync for each member of the array
       $member | Set-CASMailbox -MAPIBlockOutlookRpcHttp:$False
  }

PowerShell Commands (Reports)
  • Report on mailboxes so I can identify any anomalies. The report will show mailboxes over their limit, that don't empty their deleted items, and the database they belong too. We don't want mailboxes for casual staf on databases the reside on high performance drives.
Get-Mailbox -Server SERVERNAME -ResultSize Unlimited | Get-MailboxStatistics | Select DisplayName,StorageLimitStatus,@{name="TotalItemSize (MB)";expression={$_.TotalItemSize.Value.ToMB()}},@{name="TotalDeletedItemSize (MB)";expression={$_.TotalDeletedItemSize.Value.ToMB()}},ItemCount,DeletedItemCount,@{label="Database";expression={$_.database}} | Sort "TotalItemSize (MB)" -Descending | Export-Csv " EXPORT FILE LOCATION .CSV" –NoTypeInformation
  • Report on any mailboxes that do not have a quota set. If they don’t have a quota set then I want to know what their Send and Receive Quotas are.
Get-Mailbox -Server SERVERNAME -ResultSize Unlimited | Get-Mailbox -Filter { (UseDatabaseQuotaDefaults -eq $false) }  | SELECT DisplayName, ProhibitSendReceiveQuota,IssueWarningQuota,UseDatabaseQuotaDefaults | Export-Csv "D:\ExchangeScripts\AllMailboxeswithoutDatabaseQuota.csv" -NoTypeInformation
  • Report on all mailboxes that are disabled. This is wasting storage space and keeping AD untidy, it also keeps HR and our support team on top of user accounts.
Get-Mailbox -Filter 'UserAccountControl -eq "AccountDisabled, NormalAccount"' -Server SERVERNAME -RecipientTypeDetails UserMailbox | Get-MailboxStatistics | ft DisplayName, database, TotalItemSize, ItemCount | Out-File " EXPORT FILE LOCATION .TXT"
  • Report on all archive mailboxes so I can identify any anomalies. The report will show archive mailboxes over their limit, that don't empty their deleted items, and the database they belong too. We don't want archive mailboxes for casual staff on databases the reside on high performance drives.
Get-Mailbox -Archive -ResultSize Unlimited | Get-MailboxStatistics -Archive | Select DisplayName,StorageLimitStatus,@{name="TotalItemSize (MB)";expression={$_.TotalItemSize.Value.ToMB()}},@{name="TotalDeletedItemSize (MB)";expression={$_.TotalDeletedItemSize.Value.ToMB()}},ItemCount,DeletedItemCount,@{label="Database";expression={$_.database}} | Sort "TotalItemSize (MB)" -Descending | Export-Csv "D:\ExchangeScripts\AllArchiveMailboxes.csv" -NoTypeInformation
  • Report on all archive database quotas. We have a standard and want to ensure this is consistent for all archive mailboxes.
Get-Mailbox -Archive  | SELECT DisplayName,  @{name="ArchiveQuota (MB)";expression={$_.ArchiveQuota.Value.ToMB()}}, @{name="ArchiveWarningQuota (MB)";expression={$_.ArchiveWarningQuota.Value.ToMB()}} | Sort "ArchiveQuota (MB)" -Descending | Export-Csv " EXPORT FILE LOCATION .CSV" " -NoTypeInformation
  • Report on user’s retention policies. This ensures data is moving from their main mailbox to their archive. 
Get-Mailbox -Archive -ResultSize Unlimited | SELECT Name,RetentionPolicy | Export-Csv "EXPORT FILE LOCATION" -NoTypeInformation

If you use these scripts you will have to change the following:
  1. SERVERNAME: Your Exchange Server
  2. EXPORT FILE LOCATION.CSV: The location you wish to export this data too (CSV)
  3. EXPORT FILE LOCATION.TXT: The location you wish to export this data too (txt)

Creating a PS1 Script that can be run from Windows 2008 Task Scheduler
Here is an example of a ps1 script that can be run from the task scheduler. It collects the data and sends me an email.

Get-Mailbox -Filter 'UserAccountControl -eq "AccountDisabled, NormalAccount"' -Server ExchangeServer -RecipientTypeDetails UserMailbox | Get-MailboxStatistics | ft DisplayName, database, TotalItemSize, ItemCount | Out-File "D:\ExchangeScripts\AllDisabledMailboxes.txt"
$smtpServer = “ExchangeServer”
$msg = new-object Net.Mail.MailMessage
$att = new-object Net.Mail.Attachment("D:\ExchangeScripts\AllDisabledMailboxes.txt")
$smtp = new-object Net.Mail.SmtpClient($smtpServer)
$msg.From = “ExchangeServer@xyz.domain.com”
$msg.To.Add(“me@xyz.domain.com”)
$msg.Subject = “List of all Disabled Mailboxes & Databases”
$msg.Attachments.Add($att)
$smtp.Send($msg)


The Action for the Task

Program: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Add arguments: -command ". 'C:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1'; Connect-ExchangeServer -auto; SCRIPTFILELOCATION"


I hope this helps you manage your exchange environment. Don't hesitate to leave a comment or question.

If you want to disable ActiveSync, OWA, POP, IMAP and Outlook Anywhere by default follow the guide from here and change the follwoing line

set-casmailbox $newmailbox -ImapEnabled $false

With

Set-CASMailbox $user -ActiveSyncEnabled $false -owaenabled $false -IMAPEnabled $False -popenabled $False -MAPIBlockOutlookRpcHttp $true

4 comments:

  1. This Rocks! Thank you very much!

    -Ivan

    ReplyDelete
  2. Thanks Ivan, I'll upload another in the next couple of weeks.

    ReplyDelete
  3. Hello Blair...I was interested in using your active sync script but I had a few questions. Does disabling everything and then enabling cause any service interruptions?

    It looks like it also will disable item in the group until the array portion is run. What if I wanted to make sure the ones in the group remain enabled and I run that everyday as a scheduled task.

    -Dan

    ReplyDelete
  4. Hi Don,

    Your right, I was worried about the same thing. I have been running this for about 6 months now and haven’t seen any issues. They do run in the middle of the night.
    I think the script should actually check the members of the Security Group and not disable it for those users.
    I’m not PowerShell expert but I’m confident it could be done.

    ReplyDelete