“Mailbox size exceeds target quota 2.3 GB” when moving the mailbox between databases / servers.

When receiving such error please check you quota on mailboxdatabase:

[PS] D:\Exchange Server\V15\Bin>Get-MailboxDatabase | fl

RunspaceId : 5aa6941c-eadf-4c8e-b9fb-8163b7426622
JournalRecipient :
MailboxRetention : 30.00:00:00
OfflineAddressBook :
OriginalDatabase :
PublicFolderDatabase :
ProhibitSendReceiveQuota : <strong>2.3 GB</strong> (2,469,396,480 bytes)
ProhibitSendQuota : 2 GB (2,147,483,648 bytes)
RecoverableItemsQuota : 30 GB (32,212,254,720 bytes)
RecoverableItemsWarningQuota : 20 GB (21,474,836,480 bytes)

Set it up ou to your needs, in my case this database will be hosted only to export mailboxes to PST files:

 Get-MailboxDatabase WROMR0-DB001 | Set-MailboxDatabase -ProhibitSendReceiveQuota 120GB -ProhibitSendQuota 120GB 

Exchange 2016, owa/auth.owa and error 500 on ECP.

I was receiving error 500 and website was landing on owa/auth.owa on my Exchange 2016 server.

Interesting thing was – that happened to all admins but me  – who installed the server.

I found this blog post:

https://blog.ollischer.com/exchange-2016-http-error-500-after-logging-into-ecpowa

I’ve done all the steps, I ran UpdateCas.ps1 – that didn’t help, so I ran multiple commands that Alexander proposed – unfortunately that didn’t help out as well, additionally now I was getting popup asking me for to log in instead of nice Exchange website.

So I thought at least I will get back to the settings I had – removed Windows authentication and enabled form based authentication on ECP and OWA virtual directories, so basically I went back to previous settings:

Get-owaVirtualDirectory "\owa (Default Web Site)" | Set-owaVirtualDirectory -FormsAuthentication $true -BasicAuthentication $true -WindowsAuthentication $false

Get-ecpVirtualDirectory "\owa (Default Web Site)" | Set-ecpVirtualDirectory -FormsAuthentication $true -BasicAuthentication $true -WindowsAuthentication $false

Done iisreset, and once again wanted to see my error, I refreshed the page on the test user I made aaaaaaannndd… it was all working well.

A mystery…

How to check last run of Mailboxes’ Managed Folder Assistants.

Let’s say you have published wrong retention policy and you would like to check which mailboxes got this policy applied. To check when the last run of Mailboxes’ Managed Folder Assistant took place you might use below simple script – it is a mess but I’m sure you guys will retrieve from it what you want ^^.

Continue reading →

DMARK, DKIM and SPF – deep dive useful links (with focus on O365)

Sometimes it is good enought to have a place where you got a reliable links where are all the information needed – as this blog purpose it to be my notepad also to let me remember thigs for a longer time, will place them here. Especially DKIM – it is broadly presented on the Internet, but I was not able to find a place where everything will be described from A to Z. So here is a portion of usefull links about mentioned mechanisms.

Continue reading →

Stellar Phoenix Mailbox Exchange Recovery software

Hey Guys,

So just recently I came across software from Stellar to recovery Exchange mailboxes.

There are plenty of videos that recommend that software.

Here you can find User guide and Installation guide.

Knowledge base is also easily accessible here.

Software is recommended by many MVPs and engineers, so it got my attention.

Reading the instruction you got impresion that recovery using this tool is very easy indeed, if offers few interesting options. So what does it do?

Continue reading →

X500 addresses – where is the beef?

Here is a great site that explains why x500 is needed and when it is used in on-prem and hybrid scenarios:

https://eightwone.com/2013/08/12/legacyexchangedn-attribute-myth/

Also, here is a little bit related subject about how to marry together a local AD account and already created o365 mailbox:

http://techgenix.com/match-office-365-mailbox-new-premises-user-hybrid-deployment/

Good article about history of x500:

https://www.experts-exchange.com/articles/9650/NDRs-and-the-legacyExchangeDN.html

And some good article about x400 history:

http://techgenix.com/x400-addresses-exchange-2010-part1/

Exchange – two ways to create new role assignments.

Forgotten this recently and got caught spending some time investigating.

Boys and girls, remember one thing – if you create role assignments like this:

New-ManagementRoleAssignment -Name "ASSIGNMENT NAME" -Role "ApplicationImpersonation" -CustomRecipientWriteScope "IMPERSONATION USERS" -SecurityGroup "IMPERSONATION ADMINS"

where “IMPERSONATION ADMINS” is your a security group created by you – this role assignment will NOT be visible in your “admin roles” area in Exchange Console:

Instead, you need firstly create a Role Group and assign role to it, for instance

New-RoleGroup -Name "ROLE GROUP IMPERSONATION ADMINS"

New-ManagementRoleAssignment -Name "ASSIGNMENT NAME" -Role "ApplicationImpersonation" -CustomRecipientWriteScope "IMPERSONATION USERS" -SecurityGroup "ROLE GROUP IMPERSONATION ADMINS"

Only assigning a role to a role group allows it to appear in the admin roles area.

Remember about that!

 

PowerShell script for Exchange mailbox item (email, meeting, contacts, etc.) removal.

You might have a situation when someone – it might have even been you – send or receive an email that shouldn’t be sent or received.

It might have been a SPAM sent to your organization or an email that supposed to be send to your colleague but was send to a bunch of other people and had naked ladies in the attachment.

After sending such email reaction chain is as follows:

First you noticed that you have might clicked “Send” button, maybe you clicked CTRL + Enter combination, but you still not sure…

Continue reading →

Exchange mailbox/folders permissions – dependency graph between users.

Following solution uses GraphViz application to visualize mailboxpermissions dependencies in the company.

Some time ago I published a scripts for reading mailbox permissions:

https://paweljarosz.wordpress.com/2016/03/04/script-to-check-mailbox-permissions/

and mailbox folder permissions:

https://paweljarosz.wordpress.com/2016/05/28/powershell-script-to-check-permissions-on-mailbox-folders-also-recursively/

If some of you are wondering what GraphViz is, a quick look on google graphics and phrase “graphviz”, gives us an idea of how gorgeous graphs it can create:

All the GraphViz needs is to have properly formatted input file – that’s it!

The need of having such script showed up as one time I was standing in front of migrating users to Exchange Online. I started to wonder how shall I visualize in a simply way, who need to be migrated together…

It was not an easy task, going though a excel/csv file, or even creating lists were not satisfying for me, so I started to think about it more, even during meals…

And then I found GraphViz:

http://www.graphviz.org/

It was looking really good! So now just a matter of quick reading about it checking if it will apply…

…reviewing the idea…

…some calculations…

And after all that research the idea became clear…

As I mentioned at the beginning, input file can be done with one of the mailbox permissions / mailbox folder permissions reading scripts – links provided on the top (you might need to change delimiters a little bit as I guess in these files are “;” but go for adventure and modify something :))

The proper input should look like:

So it has columns named “Mailbox”, “User” and “AccessRights”

And now the script. In organization I was building script for – it appeared that we have so many permissions I almost shat brikcs when I saw the actual output (graph)…

Just take a look by yourself, here is just a very small piece of graph when I was checking dependencies of just one mailbox – mine:

Let’s go closer:

Imagine now that whole dependency graph contained like 10 more same chunks/pieces, 10 more, 10 fuck*ng times!

Well, I needed somehow to…

So the idea of migrating people together in chunks fell down and broke into pieces :] but at least we have that nice script.

1. First thing is to get GraphViz application and install it:

Here you can find it:

http://www.graphviz.org/Download_windows.php

After installation all you need to to read your mailbox permissions – you can choose to read it with scripts from links given at the beginning of that article.

     2. Next thing, is to set up 3 variables:

$GraphImageFile = “GraphImageFile.png” -> this is the name/path of your output file – actual graph

$GraphGraphVizFile = “GraphVizFile.gv” -> this is the name/path of the input file that will be passed to GraphViz to visualize your data, it will look similar to this one:

$CSVPermissionsFile = “Permissions.csv” –> and finally this is the input file for the script – so output from your script that reads permissions from mailboxes

    3. Having CSV we can start reading permissions, so here are some examples.

After running below:

.\PermissionMatrixGraphBuilder.ps1 -users “Pawel Jarosz”, “Wladek Ksiegowicz”

We will get:

Users mentioned in “Users” array will be marked on blue, nice arrows will show direction of permissions 🙂

After running:

.\PermissionMatrixGraphBuilder.ps1 -users “Pawel Jarosz”, “Wladek Ksiegowicz” -SingleUser $true

We will get:

And finally after running same but with “level” set to 1 we will get:

.\PermissionMatrixGraphBuilder.ps1 -users “Pawel Jarosz”, “Wladek Ksiegowicz” -Level 1

That will runthough the whole file ONLY ONE TIME, and what we will get would be something like:

So summing up – for me script does a good job when it comes to visualize data that would be actually really hard to see from a excel file.

It is just an easy script, please note that you can add here features like:

• adding description to each “connection” saying to which folder permissions are given
• reading mailboxes sizes and adding them to the graph so it can ease planing of migration of certain groups of people
• remember – possibilities are endless:

 

 

Script can be found on TechNet and GitHub.

 

Exchange 2016 how to change ECP language

Just installed Exchange 2016, opened OWA – I chose polish language, then opened ECP and first impression was like: ‘Ok, Great! Now how to change language to English…’ 🙂 Same like Exchange 2013, if we choose timezone and language for OWA, same will be set for us in ECP (actually same like in other versions, but in Ex2013 we really use that ECP as we do not have other console).

So here is nice Nuno’s article telling how to change it:

http://www.msexchange.org/kbase/ExchangeServerTips/ExchangeServer2013/ManagementAdministration/how-change-exchange-2013-eac-language.html

Easiest way: simply add ?mkt=EN-us to the EAC’s URL: https://mail.domain.com/ecp?mkt=EN-us