Chapter 7. Mailbox administration
The difference between a good Microsoft Exchange Server administrator and a great one is the attention he or she pays to mailbox administration. Mailboxes are private storage places for messages you’ve sent and received, and they are created as part of private mailbox databases in Exchange. Mailboxes have many properties that control mail delivery, permissions, and storage limits. You can configure most mailbox settings on a per-mailbox basis. However, with Exchange Online, some settings are configured for all users of the service while other settings are fixed as part of the service and cannot be changed. With on-premises Exchange, you cannot change some settings without moving mailboxes to another mailbox database or changing the settings of the mailbox database itself. For example, with on-premises Exchange, you set the storage location on the file system, the storage limits, the deleted item retention, and the default offline address book on a per-mailbox-database basis. Keep this in mind when performing capacity planning and when deciding which mailbox location to use for a particular mailbox.
Creating special-purpose mailboxes
Exchange Server 2013 and Exchange Online make it easy to create several special-purpose mailbox types, including the following:
Room mailbox. A room mailbox is a mailbox for room scheduling.
Equipment mailbox. An equipment mailbox is a mailbox for equipment scheduling.
Linked mailbox. A linked mailbox is a mailbox for a user from a separate, trusted forest.
Forwarding mailbox. A forwarding mailbox is a mailbox that can receive mail and forward it off site.
Archive mailbox. An archive mailbox is used to store a user’s messages, such as might be required for executives and needed by some managers.
Arbitration mailbox. An arbitration mailbox is used to manage approval requests, such as may be required for handling moderated recipients and distribution group membership approval.
Discovery mailbox. A Discovery mailbox is the target for Discovery searches and can’t be converted to another mailbox type after it’s created. In-Place eDiscovery is a feature of Exchange 2013 that allows authorized users to search mailboxes for specific types of content that might be required to meet legal discovery requirements.
Shared mailbox. A shared mailbox is a mailbox that is shared by multiple users, such as a general mailbox for customer inquiries.
Public folder mailbox. A public folder mailbox is a shared mailbox for storing public folder data.
The sections that follow discuss techniques for working with these special-purpose mailboxes.
Using room and equipment mailboxes
You use room and equipment mailboxes for scheduling purposes only. You’ll find that:
Room mailboxes are useful when you have conference rooms, training rooms, and other rooms for which you need to coordinate the use.
Equipment mailboxes are useful when you have projectors, media carts, or other items of equipment for which you need to coordinate the use. Every room and equipment mailbox must have a separate user account associated with it. Although these accounts are required so that the mailboxes can be used for scheduling, the accounts are disabled by default so that they cannot be used for logon. To ensure that the resource accounts do not get enabled accidentally, you need to coordinate closely with other administrators in your organization.
Important
Each room or piece of equipment must have a separate user account. This is necessary to track the unique free/busy data for each resource.
Note
Exchange Admin Center doesn’t show the enabled or disabled status of user accounts. The only way to check the status is to use domain administration tools.
Because the number of scheduled rooms and amount of equipment grows as your organization grows, you’ll want to carefully consider the naming conventions you use with rooms and equipment:
With rooms, you may want to use display names that clearly identify the rooms’ physical locations. For example, you might have rooms named “Conference Room B on Fifth Floor” or “Building 83 Room 15.”
With equipment, you may want the display name to identify the type of equipment, the equipment’s characteristics, and the equipment’s relative location. For example, you might have equipment named “NEC HD Projector at Seattle Office” or “Fifth Floor Media Cart.”
As with standard user mailboxes, room and equipment mailboxes have contact information associated with them (see Figure 7-1). To make it easier to find rooms and equipment, you should provide as much information as possible. If a room has a conference or call-in phone, be sure to provide this phone number. Also, provide location details that help people find the conference room and specify the room capacity. The phone, location, and capacity are displayed in Microsoft Office Outlook.
After you’ve set up mailboxes for your rooms and equipment, scheduling the rooms and equipment is straightforward. In Exchange, room and equipment availability is tracked using free/busy data. In Outlook, a user who wants to reserve rooms, equipment, or both simply makes a meeting request that includes the rooms and equipment that are required for the meeting.
The steps to schedule a meeting and reserve equipment are as follows:
Create a meeting request:
In Outlook 2007, tap or click New, and then select Meeting Request. Or press Ctrl+Shift+Q.
In Outlook 2010 or Outlook 2013, tap or click New Items, and then select Meeting. Or press Ctrl+Shift+Q.
In the To text box, invite the individuals who should attend the meeting by typing their display names, Exchange aliases, or email addresses, as appropriate (see Figure 7-2).
Type the display name, Exchange alias, or email address for any equipment you need to reserve.
Tap or click Rooms to the right of the Location text box. The Select Rooms dialog box appears, as shown in Figure 7-3. By default, the Select Rooms dialog box uses the All Rooms address book. Rooms are added to this address book automatically when you create them.
Double-tap or double-click the room you’d like to use. This adds the room to the Rooms list. Tap or click OK to close the Select Rooms dialog box.
In the Subject text box, type the meeting subject.
Use the Start Time and End Time options to schedule the start and end times for the meeting.
Tap or click Scheduling Assistant to view the free/busy data for the invited users and the selected resources. Use the free/busy data to make changes if necessary.
Type a message to accompany the meeting request, then tap or click Send.
Exchange can be configured to accept booking requests automatically, based on availability, or to route requests through delegates, such as office administrators, who review requests. Although small organizations might not need coordinators for rooms and equipment, most large organizations will need coordinators to prevent conflicts.
Both on-premises Exchange and Exchange Online provide additional booking options that can help to reduce conflicts (see Figure 7-4). The booking options are the same for both rooms and equipment. The options allow you to:
Specify whether repeat bookings are allowed. By default, repeat bookings are allowed. If you disable the related settings, users won’t be able to schedule repeating meetings.
Specify whether the room or equipment can be scheduled only during working hours. By default, this option is disabled, which allows rooms and equipment to be scheduled for use at any time. The standard working hours are defined as 8:00 A.M. to 5:00 P.M. Monday through Friday but can be changed using the Calendaring options in Outlook.
Specify the maximum number of days in advance the room or equipment can be booked. By default, rooms and equipment can be booked up to 180 days in advance. You can change the default to any value from 0 to 1080. A value of 0 removes the lead time restriction completely.
Specify the maximum duration that the room or equipment can be reserved. By default, rooms and equipment can be reserved for up to 24 hours, which allows for preparation and maintenance that may be required. You can change the default to any value from 0 to 35791394.1. A value of 0 removes the duration restriction completely.
You can configure booking options after you create the room or equipment mailbox. In Exchange Admin Center, navigate to Recipients > Resources and then double-tap or double-click the resource you want to configure. Next, in the properties dialog box for the resource, select Booking Options. After you change the booking options, tap or click Save to apply the changes.
Creating room mailboxes
In Exchange Admin Center, room mailboxes are displayed under Recipients > Resources. In Exchange Management Shell, you can find all room mailboxes in the organization by entering:
Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails
-eq 'RoomMailbox')}You can create room mailboxes by completing the following steps:
In Exchange Admin Center, select Recipients in the feature pane and then select Resources.
Tap or click New, and then select Room Mailbox. This opens the New Room Mailbox dialog box. Figure 7-5 shows on-premises Exchange options on the left and Exchange Online options on the right.
Type a descriptive display name in the Room Name text box.
In the Email Address text box, type the Exchange alias. The Exchange alias is used to set the default email address.
Use the drop-down list to select the domain with which the room is to be associated. The Exchange Alias and the domain name are combined to set the fully qualified name, such as [email protected].
For on-premises Exchange, the Organizational Unit text box shows where in Active Directory the user account will be created. By default, this is the Users container in the current domain. Because you’ll usually need to create room and equipment accounts in a specific organizational unit rather than in the Users container, tap or click Browse to the right of the Organizational Unit text box. Use the Select Organizational Unit dialog box to choose the location in which to store the account, and then tap or click OK.
Specify the room location, phone number, and capacity using the text boxes provided.
If your organization has resource coordinators, choose the Select Delegates option. Next, use the options under Delegates to specify the coordinator. Tap or click Add, use the Select Delegates dialog box to select a coordinator for the room, and then select OK. Repeat this procedure to specify additional coordinators.
In on-premises Exchange, tap or click More Options to configure these additional options:
Alias. Sets the Exchange alias and overrides the default value you set previously using the Email Address text box. This allows a resource to have an alias that is different from the name portion of its email address.
Mailbox Database. If you want to specify a mailbox database rather than use an automatically selected one, tap or click Browse to the right of the Mailbox Database text box. In the Select Mailbox Database dialog box, choose the mailbox database in which the mailbox should be stored. Mailbox databases are listed by name as well as by associated server and Exchange version running on the server.
Address Book Policy. If you’ve implemented address book policies to provide customized address book views, select the address book policy to associate with the equipment mailbox.
Tap or click Save to create the room mailbox. If an error occurs during account or mailbox creation, neither the account nor the related mailbox will be created. You need to correct the problem before you can complete this procedure.
In Exchange Management Shell, you can create a user account with a mailbox for rooms by using the New-Mailbox cmdlet. Creating room mailboxes provides the syntax and usage.
Note
For rooms, you must use the -Room parameter. For equipment, you must use the -Equipment parameter. By default, when you use either parameter, the related value is set as $true. Additionally, although with earlier releases of Exchange you needed to set a password for the related user account, this is no longer required. When you create mailboxes for Exchange Online, you cannot specify a database.
Creating equipment mailboxes
In Exchange Admin Center, equipment mailboxes are displayed under Recipients > Resources. In Exchange Management Shell, you can find all equipment mailboxes in the organization by entering:
Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails
-eq 'EquipmentMailbox')}You can create equipment mailboxes by completing the following steps:
In Exchange Admin Center, select Recipients in the feature pane and then select Resources.
Tap or click New, and then select Equipment Mailbox. This opens the New Equipment Mailbox dialog box. Figure 7-6 shows on-premises Exchange options on the left and Exchange Online options on the right.
Type a descriptive display name in the Equipment Name text box.
In the Email Address text box, type the Exchange alias. The Exchange alias is used to set the default email address.
Use the drop-down list to select the domain with which the equipment is to be associated. The Exchange alias and the domain name are combined to set the fully qualified name, such as [email protected].
For on-premises Exchange, the Organizational Unit text box shows where in Active Directory the related user account will be created. By default, this is the Users container in the current domain. Because you’ll usually need to create equipment and equipment accounts in a specific organizational unit rather than in the Users container, tap or click Browse to the right of the Organizational Unit text box. Use the Select Organizational Unit dialog box to choose the location in which to store the account, and then tap or click OK.
If your organization has resource coordinators, choose the Select Delegates option. Next, use the options under Delegates to specify the coordinator. Tap or click Add, use the Select Delegates dialog box to select a coordinator for the equipment, and then select OK. Repeat this procedure to specify additional coordinators.
With on-premises Exchange, tap or click More Options to configure these additional options:
Alias. Sets the Exchange alias and overrides the default value you set previously using the Email Address text box. This allows a resource to have an alias that is different from the name portion of its email address.
Mailbox Database. If you want to specify a mailbox database rather than use an automatically selected one, tap or click Browse to the right of the Mailbox Database text box. In the Select Mailbox Database dialog box, choose the mailbox database in which the mailbox should be stored. Mailbox databases are listed by name as well as by associated server and Exchange version running on the server.
Address Book Policy. If you’ve implemented address book policies to provide customized address book views, select the address book policy to associate with the equipment mailbox.
Tap or click Save to create the equipment mailbox. If an error occurs during account or mailbox creation, neither the account nor the related mailbox will be created. You need to correct the problem before you can complete this procedure.
In Exchange Management Shell, you can create a user account with a mailbox for equipment by using the New-Mailbox cmdlet. Creating equipment mailboxes provides the syntax and usage. Although with earlier releases of Exchange you needed to set a password for the related user account, this is no longer required. When you create mailboxes for Exchange Online, you cannot specify a database.
Creating linked mailboxes
A linked mailbox is a mailbox that is accessed by a user in a separate, trusted forest. Typically, you use linked mailboxes when your organization’s mailbox servers are in a separate resource forest and you want to ensure that users can access free/busy data across these forests. You use linked mailboxes with on-premises Exchange organizations.
All linked mailboxes have two user account associations:
A unique user account in the same forest as the Mailbox server. The same forest user account is disabled automatically so that it cannot be used for logon.
A unique user account in a separate forest for which you are creating a link. The separate forest user account is enabled so that it can be used for logon.
In Exchange Admin Center, linked mailboxes are displayed under Recipients > Mailboxes. In Exchange Management Shell, you can find all linked mailboxes in the organization by entering:
Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails
-eq 'LinkedMailbox')}You can create a linked mailbox by completing the following steps:
In Exchange Admin Center, select Recipients in the feature pane and then select Mailboxes.
Tap or click New, and then select Linked Mailbox. This starts the New Linked Mailbox Wizard. A linked mailbox cannot be created with a forest or domain trust in place between the source and target forests.
On the New Linked Mailbox page, tap or click Browse to the right of the Linked Forest text box. In the Select Trusted Forest Or Domain dialog box, select the linked forest or domain in which the user’s original account is located, and then tap or click OK. This is the separate forest that contains the user account that you want to create the linked mailbox for in the current forest. Tap or click Next.
If your organization has configured a one-way, outgoing trust where the current forest trusts the linked forest, you’re prompted for administrator credentials in the linked forest so that you can gain access to a domain controller in that forest. Type the user name and password for an administrator account in the account forest, and then tap or click Next.
Tap or click Browse to the right of the Linked Domain Controller text box. In the Select Domain Controller dialog box, select a domain controller in the linked forest, and then tap or click OK.
Tap or click Browse to the right of the Linked Master Account text box. Use the options in the Select User dialog box to select the original user account in the linked forest, and then tap or click OK.
Tap or click Next. On the General Information page, the Organizational Unit text box shows where in Active Directory the user account will be created. By default, this is the Users container in the current domain. Select the Specify The Organizational Unit check box and then tap or click Browse to create the new user account in a different container. Use the Select Organizational Unit dialog box to choose the location in which to store the account, and then tap or click OK.
In the User Logon Name text box, type the user’s logon name. Use the drop-down list to select the domain with which the account is to be associated. This sets the fully qualified logon name.
Tap or click More Options. Type the user’s first name, middle initial, and last name in the text boxes provided. These values are used to create the Name entry, which is the user’s display name.
Optionally, enter an Exchange alias for the user. The alias must be unique in the forest. If you don’t specify an alias, the logon name is used as the alias.
If you want to specify a mailbox database rather than use an automatically selected one, tap or click Browse to the right of the Mailbox Database text box. In the Select Mailbox Database dialog box, choose the mailbox database in which the mailbox should be stored. Mailbox databases are listed by name as well as by associated server and Exchange version running on the server.
Tap or click Save to create the account and the related mailbox. If an error occurs during account or mailbox creation, neither the account nor the related mailbox will be created. You will need to correct the problem.
In Exchange Management Shell, you can create a user account with a linked mailbox by using the New-Mailbox cmdlet. Creating linked mailboxes provides the syntax and usage. You’ll be prompted for the credentials of an administrator account in the linked forest. Although with earlier releases of Exchange you needed to set a password for the related user account, this is no longer required.
Creating forwarding mailboxes
Custom recipients, such as mail-enabled users, don’t normally receive mail from users outside the organization because a custom recipient doesn’t have an email address that resolves to a specific mailbox in your organization. At times, though, you might want external users, applications, or mail systems to be able to send mail to an address within your organization and then have Exchange forward this mail to an external mailbox.
Tip
You can send and receive text messages using Outlook Web App in Exchange 2013, or you can send text messages the old-fashioned way. In my organization, I’ve created forwarding mailboxes for text-messaging and pager alerts. This simple solution lets managers (and monitoring systems) within the organization quickly and easily send text messages to IT personnel. In this case, I’ve set up mail-enabled users for each text messaging email address, such as [email protected], and then created a mailbox that forwards email to the custom recipient. Generally, the display name of the mail-enabled user is in the form Alert User Name, such as Alert William Stanek. The display name and email address for the mailbox are in the form Z LastName and AE-[email protected], such as Z Stanek and [email protected], respectively. Afterward, I hide the mailbox so that it isn’t displayed in the global address list or in other address lists; this way, users can see only the Alert William Stanek mailbox.
To create a user account to receive mail and forward it off site, follow these steps:
Using Exchange Admin Center, create a mail-enabled user. Name the account Alert User Name, such as Alert William Stanek. Be sure to establish an external email address that refers to the user’s Internet address.
Using Exchange Admin Center, create a mailbox-enabled user account in the domain. Name the account with the appropriate display name, such as Z Stanek, William. Be sure to create an Exchange mailbox for the account, but don’t grant any special permission to the account. You might want to restrict the account so that the user can’t log on to any servers in the domain. Optionally, hide this mailbox from address lists.
Using Exchange Admin Center, access the properties dialog box for the mailbox user account (see Figure 7-7).
On the Mailbox Features page, select the View Details option under Mail Flow. This displays the Delivery Options dialog box.
In the Delivery Options dialog box, select the Enable Forwarding check box and then tap or click Browse.
In the Select Recipient dialog box, select the mail-enabled user you created earlier and then tap or click OK twice. Tap or click Save. You can now use the user account to forward mail to the external mailbox.
Creating and using archive mailboxes
Each user can have an alternate mailbox for archives. An archive mailbox is used to store a user’s old messages, such as might be required for executives and needed by some managers and users. In Outlook and Outlook Web App, users can access archive mailboxes in much the same way as they access a regular mailbox.
Archive mailboxes are created in one of two ways. The standard approach is to create an in-place archive. Both on-premises Exchange and Exchange Online use in-place archives by default. With hybrid organizations, you also can use online archives. With an online archive, the archive for an on-premises mailbox is created in the online service.
Creating in-place archives
You can create an in-place archive mailbox at the same time you create the user’s standard mailbox. To create an in-place archive mailbox, complete the following steps:
In Exchange Admin Center, select Recipients in the feature pane and then select Mailboxes. Double-tap or double-click the entry for the user’s standard mailbox. Any user that already has an archive mailbox has “User (Archive)” as the mailbox type.
On the Mailbox Features page, select Enable under the Archiving heading.
With on-premises Exchange, if the mailbox had an archive previously and that archive still exists, this archive is used in its original location. Otherwise, the Create In-Place Archive dialog box is displayed. If you want to specify a mailbox database rather than use an automatically selected one, tap or click Browse to the right of the Mailbox Database text box. In the Select Mailbox Database dialog box, choose the mailbox database in which the mailbox should be stored, and then tap or click OK. Mailbox databases are listed by name as well as by associated server and Exchange version running on the server.
Tap or click Save. If an error occurs during mailbox creation, the archive mailbox will not be created. You need to correct the problem before you can complete this procedure and create the archive mailbox.
When you are working with Exchange Admin Center, you can enable in-place archiving for multiple mailboxes as well. When you select multiple mailboxes using the Shift or Ctrl keys, the details pane displays bulk editing options. Scroll down the list of available options and then tap or click More Options. Next, under Archive, tap or click Enable.
The Bulk Enable Archive dialog box is displayed. If you want to specify a mailbox database for the archives rather than use an automatically selected one, tap or click Browse to the right of the Mailbox Database text box. In the Select Mailbox Database dialog box, choose the mailbox database in which the archive mailboxes should be stored, and then tap or click OK.
Using Exchange Management Shell, you can create an archive mailbox using the Enable-Mailbox cmdlet. The basic syntax is as follows:
Enable-Mailbox [-Identity] Identity -Archive [-Database DatabaseID]
such as:
Enable-Mailbox pocket-consultant.com/engineering/tonyg -archive
Because each user can have only one archive mailbox, you get an error if the user already has an archive mailbox. Items in the user’s mailbox will be moved automatically to the archive mailbox based on the archive and retention policy. When you install Exchange Server, a default archive and retention policy is created for all archive mailboxes. This policy is named Default MRM Policy. Because of this policy, email messages from the entire mailbox are moved to the archive after two years by default.
For bulk editing, you can use various techniques. Generally, you’ll want to:
Ensure you are working with mailboxes for regular users and not mailboxes for rooms, equipment, and so on. To do this, filter the results based on the RecipientTypeDetails.
Ensure the mailbox doesn’t already have an on-premises or online archive. To do this, filter the results based on whether the mailbox has an associated ArchiveGuid and the ArchiveDomain.
Ensure you don’t enable archives on mailboxes that shouldn’t have them, such as the Discovery Search Mailbox. To do this, filter based on the name or partial name of mailboxes to exclude.
Consider the following example:
Get-Mailbox -Database Sales -Filter {RecipientTypeDetails -eq 'UserMailbox'
-AND ArchiveGuid -eq $null -AND ArchiveDomain -eq $null -AND Name -NotLike
"DiscoverySearchMailbox*"} | Enable-Mailbox -ArchiveIn this example, Get-Mailbox retrieves all mailboxes for regular users in the Sales database that don’t have in-place or online archiving enabled and that also don’t have a name starting with: DiscoverySearchMailbox. The results are then piped through Enable-Mailbox to add an archive mailbox to these mailboxes.
Creating online archives
In hybrid organizations, several features, including online archives, are enabled by default. If you are unsure whether online archives have been enabled for your hybrid deployment, enter Get-HybridConfiguration | fl at a PowerShell prompt and then verify that the OnlineArchive flag is set on the -Features parameter. To modify the hybrid configuration, you can use Set-HybridConfiguration. However, do not use Set-HybridConfiguration without a solid understanding of hybrid configurations. Keep in mind that when you use the -Features parameter with Set-HybridConfiguration, you must explicitly specify all the features that you want enabled. Any feature that you omit will be disabled.
In Exchange Management Shell, you create online archives using the Enable-Mailbox cmdlet with the -RemoteArchive, -ArchiveDatabase, and -ArchiveDomain parameters. The required -RemoteArchive parameter is a flag that specifies you want to create the archive online. The optional -ArchiveDatabase sets the name or GUID of the archive database in the online organization. The optional -ArchiveDomain sets the fully qualified domain name of the domain for the online organization. Consider the following examples:
Enable-Mailbox -Identity [email protected] -RemoteArchive Enable-Mailbox -Identity [email protected] -RemoteArchive -ArchiveDatabase "D919BA05-46A6-415f-80AD-7E09334BB852" -ArchiveDomain "pocket-consultant.onmicrosoft.com"
The first example creates the online archive using the default database and online domain. The second example explicitly sets the GUID of the database and domain parameters.
Managing archive settings
Whether you use Exchange Admin Center or Exchange Management Shell, several other parameters are set for archive mailboxes. The default name for the archive mailbox is set as In-Place Archive – UserDisplayName, such as In-Place Archive – Henrik Larsen. With on-premises Exchange, the default quota and warning quota are set as 50 GB and 45 GB, respectively. With Exchange Online, the default quota and warning quota are set as 25 GB and 22.5 GB, respectively.
You can confirm the details for a user’s archive mailbox by entering the following command:
Get-Mailbox "Name" | fl name, alias, servername, *archive*where name is the display name or alias of the user you want to work with, such as:
Get-Mailbox "Henrik Larsen" | fl name, alias, servername, *archive*
You can change the archive name and set quotas by using Set-Mailbox. The basic syntax is as follows:
Set-Mailbox [-Identity] Identity -ArchiveName Name -ArchiveQuota Quota -ArchiveWarningQuota Quota
When you set a quota, specify the value with MB (for megabytes), GB (for gigabytes), or TB (for terabytes), or enter ‘Unlimited’ to remove the quota. Here is an example:
set-mailbox pocket-consultant.com/engineering/tonyg -ArchiveQuota '28GB' -ArchiveWarningQuota '27GB'
For bulk editing, you can use Get-Mailbox to retrieve the user mailboxes you want to work with and then apply the changes by piping the results to Set-Mailbox. If you do so, ensure that you filter the results appropriately. Consider the following example:
Get-Mailbox -ResultSize unlimited -Filter {RecipientTypeDetails -eq
'UserMailbox' -AND ArchiveGuid -ne $null} | Set-Mailbox -ArchiveQuota
'20GB' -ArchiveWarningQuota '18GB'In this example, Get-Mailbox retrieves all mailboxes for regular users in the entire organization that have archiving enabled. The results are then piped through Set-Mailbox to modify the quota and quota warning values.
In Exchange Admin Center, you manage archive settings by completing these steps:
In Exchange Admin Center, select Recipients in the feature pane and then select Mailboxes. Double-tap or double-click the entry for the user’s standard mailbox. Any user that already has an archive mailbox has “User (Archive)” as the mailbox type.
On the Mailbox Features page, tap or click View Details under the Archiving heading.
To change the name of the archive mailbox, enter the new name in the Name text box.
To set a quota, enter the desired value in gigabytes in the Archive Quota combo box.
To set a quota warning, enter a quota warning in gigabytes in the Issue Warning At combo box.
To disable an archive mailbox, open the properties dialog box for the user to the Mailbox Features page and then select Disable under the Archiving heading. Tap or click Yes when prompted to confirm.
Real World
When you disable an archive mailbox for a user, the archive mailbox is marked for deletion and disconnected from the user account. The archive mailbox is retained according to the mailbox retention policy. To connect the disabled archive mailbox to the existing mailbox, you must use the Connect-Mailbox cmdlet with the -Archive parameter. Otherwise, if you disable an archive mailbox for a user mailbox and then enable an archive mailbox for that same user, a new archive mailbox is created for the user.
When you are working with Exchange Admin Center, you can disable in-place archiving for multiple mailboxes as well. When you select multiple mailboxes using the Shift or Ctrl keys, the detail pane displays bulk editing options. Scroll down the list of available options and then tap or click More Options. Next, under Archive, tap or click Disable. When the Bulk Disable Archive dialog box is displayed, tap or click OK.
In Exchange Management Shell, you can disable an archive mailbox by using Disable-Mailbox. The basic syntax is as follows:
Disable-Mailbox [-Identity] Identity -Archivesuch as:
disable-mailbox pocket-consultant.com/engineering/tonyg -archive
For bulk editing, you can use a technique similar to the one discussed for enabling archives. Consider the following example:
Get-Mailbox -Database Sales -Filter {RecipientTypeDetails -eq 'UserMailbox'
-AND ArchiveGuid -ne $null} | Disable-Mailbox -ArchiveIn this example, Get-Mailbox retrieves all mailboxes for regular users in the Sales database that have archiving enabled. The results are then piped through Disable-Mailbox to remove the archive mailbox from these mailboxes.
Creating arbitration mailboxes
Exchange moderated transport requires all email messages sent to specific recipients to be approved by moderators. You can configure any type of recipient as a moderated recipient, and Exchange will ensure that all messages sent to those recipients go through an approval process.
Distribution groups are the only types of recipients that use moderation by default. Membership in distribution groups can be closed, owner approved, or open. While any Exchange recipient can join or leave an open distribution group, joining or leaving a closed group requires approval. Group owners receive join and remove requests and can either approve or deny those requests.
Distribution groups can also be unmoderated or moderated. With unmoderated groups, any approved sender (which is all senders by default) can send messages to the group. With moderated groups, messages are sent to moderators for approval before being distributed to members of the group. The only exception is for a message sent by a moderator. A message from a moderator is delivered immediately because a moderator has the authority to determine what is and isn’t an appropriate message.
Arbitration mailboxes are used to store messages that are awaiting approval. When you install Exchange Server 2013, a default arbitration mailbox is created. For the purposes of load balancing or for other reasons, you can convert other mailboxes to the arbitration mailbox type by using the Enable-Mailbox cmdlet. The basic syntax is as follows:
Enable-Mailbox [-Identity] Identity -Arbitrationsuch as:
enable-mailbox pocket-consultant.com/users/moderatedmail -Arbitration
You can create an arbitration mailbox by using New-Mailbox as shown in this example:
New-Mailbox ModeratedMail -Arbitration -UserPrincipalName [email protected]
Creating Discovery mailboxes
Exchange Discovery helps organizations comply with legal discovery requirements and can also be used as an aid in internal investigations or as part of regular monitoring of email content. Exchange Discovery uses content indexes created by Exchange Search to speed up the search process.
Note
By default, Exchange administrators do not have sufficient rights to perform Discovery searches. Only users with the Discovery Management role can perform Discovery searches. If a user is not a member of the role, she doesn’t have access to the related options. This means she can’t access the In-Place eDiscovery & Hold interface in Exchange Admin Center or the In-Place eDiscovery & Hold cmdlets in PowerShell.
Whether you are working in an online, on-premises, or hybrid organization, you use Exchange Admin Center to perform searches. With hybrid configurations, an on-premises search will return results from the online organization.
Discovery searches are performed against designated mailboxes or all mailboxes in the Exchange organization. Items in mailboxes that match the Discovery search are copied to a target mailbox. Only mailboxes specifically designated as Discovery mailboxes can be used as targets. In a hybrid configuration, you must copy items to an on-premises mailbox, regardless of whether the items are from the online or on-premises organization.
Tip
By default, Discovery search does not include items that cannot be indexed by Exchange Search. To include such items in the search results, select the Include Items That Can’t Be Searched check box in Exchange Admin Center.
In Exchange Admin Center, you can access the discovery and hold settings by selecting Compliance Management in the feature pane and then selecting In-Place eDiscovery & Hold. While working with In-Place eDiscovery & Hold, you can create searches across mailboxes by specifying filters and hold options for search results.
When you install Exchange Server 2013, a default Discovery mailbox is created. You can convert other mailboxes to the Discovery mailbox type by using the Enable-Mailbox cmdlet. The basic syntax is as follows:
Enable-Mailbox [-Identity] Identity -Discoverysuch as:
enable-mailbox pocket-consultant.com/hr/legalsearch -discovery
You can create a Discovery mailbox by using New-Mailbox as shown in this example:
New-Mailbox LegalSearch -Discovery -UserPrincipalName [email protected]
Once a Discovery mailbox is established, you can’t convert it to another mailbox type. You can’t use Exchange Admin Center to create Discovery mailboxes.
Creating shared mailboxes
Shared mailboxes are mailboxes that are shared by multiple users. Although shared mailboxes must have an associated user account, this account is not used for logon in the domain and is disabled by default. Users who access the shared mailbox do so using access permissions.
You can create a shared mailbox by using New-Mailbox, as shown in this example:
New-Mailbox -Shared -Name "Customer Service" -DisplayName "Customer Service" -Alias Service -UserPrincipalName [email protected]
In this example, a user account named CustomerService is created for this mailbox. This user account is disabled by default to prevent logon using this account. After creating the mailbox, you need to grant Send On Behalf Of permission to the appropriate users or security groups by using Set-Mailbox and the -GrantSendOnBehalfTo parameter. Finally, you need to add access rights that allow these users or security groups to log on to the mailbox by using Add-MailboxPermission and the -AccessRights parameter. Ensure these rights are inherited at all levels of the mailbox using -InheritanceType All as well. One way this would all come together is shown in the following example:
New-Mailbox -Shared -Name "Customer Service" -DisplayName "Customer Service" -Alias Service -UserPrincipalName [email protected] | Set-Mailbox -GrantSendOnBehalfTo CustomerServiceGroup | Add-MailboxPermission -User CustomerServiceGroup -AccessRights FullAccess -InheritanceType All
In Exchange Admin Center, you can create a shared mailbox by following these steps:
Select Recipients in the feature pane and then select Shared.
Tap or click New. This opens the New Shared Mailbox dialog box. Figure 7-8 shows on-premises Exchange options on the left and Exchange Online options on the right.
In the Display Name text box, type a descriptive name for the shared mailbox.
For on-premises Exchange, the Organizational Unit text box shows where in Active Directory the associated user account will be created. By default, this is the Users container in the current domain. If you want to use a different container, tap or click Browse to the right of the Organizational Unit text box. Use the Select Organizational Unit dialog box to choose the location in which to store the account, and then tap or click OK.
In the Email Address text box, type the Exchange alias. The Exchange alias is used to set the default email address.
Use the drop-down list to select the domain with which the shared mailbox is to be associated. The Exchange Alias and the domain name are combined to set the fully qualified name, such as [email protected].
Under Full Access, tap or click Add. In the Select Full Access dialog box, select users, security groups, or both that should have full access to the shared mailbox. Select multiple users and groups using the Shift or Ctrl keys.
Under Send As, tap or click Add. In the Select Send As dialog box, select users, security groups, or both that should be able to send email from the shared mailbox. Select multiple users and groups using the Shift or Ctrl keys.
With on-premises Exchange, tap or click More Options to configure these additional options:
Alias. Sets the Exchange alias and overrides the default value you set previously using the Email Address text box. This allows a resource to have an alias that is different from the name portion of its email address.
Mailbox Database. If you want to specify a mailbox database rather than use an automatically selected one, tap or click Browse to the right of the Mailbox Database text box. In the Select Mailbox Database dialog box, choose the mailbox database in which the mailbox should be stored. Mailbox databases are listed by name as well as by associated server and Exchange version running on the server.
Archive. If you want to create an on-premises archive mailbox as well, select the related check box. Optionally, tap or click Browse to choose the mailbox database for the archive.
Address Book Policy. If you’ve implemented address book policies to provide customized address book views, select the address book policy to associate with the shared mailbox.
Tap or click Save to create the shared mailbox. If an error occurs during account or mailbox creation, neither the account nor the related mailbox will be created. You need to correct the problem before you can complete this procedure.
Creating public folder mailboxes
Public folders are used to share messages and files in an organization. Public folder trees define the structure of an organization’s public folders. You can make the default public folder tree accessible to users based on criteria you set, and then users can create folders and manage their content.
Each public folder in the default public folder tree can have specific access permissions. For example, you can create public folders called CompanyWide, Marketing, and Engineering. Whereas you would typically make the CompanyWide folder accessible to all users, you would make the Marketing folder accessible only to users in the marketing department and the Engineering folder accessible only to users in the engineering department.
Users access public folders from Outlook clients, including Outlook Web App and Outlook 2007 or later. With Outlook Web App and Outlook 2007 or later, users can add and remove favorite public folders and perform item-level operations, such as creating and managing posts. However, users can create or delete public folders only from Outlook 2007 or later. As an administrator, you can manage public folders in Exchange Admin Center.
Beginning with Exchange 2013, Exchange servers no longer use public folder databases or store public folder data separately from mailbox data. Instead, Exchange 2013 and Exchange Online store public folder data in mailboxes. This significant architecture change greatly simplifies public folder management.
In Exchange Admin Center, you work with public folders by selecting Public Folders in the feature pane and then selecting either Public Folder Mailboxes or Public Folders as appropriate. You use the options under Public Folder Mailboxes to create and manage the mailboxes that store public folder data. You use the options under Public Folders to view and manage the public folder hierarchy.
An Exchange organization can have one or more public folder mailboxes and those mailboxes can be created on one or more Mailbox servers throughout the organization. While each public folder mailbox can contain public folder content, only the first public folder mailbox created in an Exchange organization contains the writable copy of the public folder hierarchy. This mailbox is referred to as the hierarchy mailbox. Any additional public folder mailboxes contain read-only copies of the public-folder hierarchy.
Because there’s only one writeable copy of the public folder hierarchy, proxying is used to relay folder changes to the hierarchy mailbox. This means that any time users working with folders in an additional mailbox create new subfolders, the folder creation, modification, or removal is proxied to the hierarchy mailbox by the content mailbox users are connected to.
In Exchange Admin Center, you can create a public folder mailbox by following these steps:
Select Public Folders in the feature pane and then select Public Folder Mailboxes.
Tap or click New. This opens the New Public Folder Mailbox dialog box.
Type a descriptive name for the mailbox.
With on-premises Exchange, you can associate the mailbox with a specific organizational unit. Tap or click Browse to the right of the Organizational Unit text box. Use the Select Organizational Unit dialog box to choose the location in which to store the account, and then tap or click OK. A user account for the mailbox is created in the selected organizational unit (with the account disabled for login).
With on-premises Exchange, you can specify a mailbox database rather than use an automatically selected one. Tap or click Browse to the right of the Mailbox Database text box. In the Select Mailbox Database dialog box, choose the mailbox database in which the mailbox should be stored, and then tap or click OK.
Tap or click Save to create the public folder mailbox. If an error occurs during account or mailbox creation, neither the account nor the related mailbox will be created. You need to correct the problem before you can complete this procedure.
Public folder content can include email messages, documents, and more. The content is stored in the public folder mailbox but isn’t replicated across multiple public folder mailboxes. Instead, all users access the same public folder mailbox for the same set of content.
When you create the first public folder in the organization, you establish the root of the public folder hierarchy. You can then create subfolders and assign access permissions on folders. In Exchange Admin Center, select Public Folders in the feature pane and then select Public Folders. Use the available options to create subfolders and set permissions on those folders.
When you create public folder mailboxes, they inherit the quota limits of the mailbox database in which they are stored. You can modify the quota limits using the properties dialog for the mailbox. Double-tap or double-click the mailbox entry. In the Public Folder Mailbox dialog box, on the Mailbox Usage page, tap or click More Options and then select Customize The Settings For This Mailbox. Next, use the selection lists provided to specify when warnings are issued, what posts are prohibited, and the maximum size of items. Apply the changes by tapping or clicking Save.
When users are connected to public folder mailboxes and make routine changes to an Exchange store hierarchy or content, the changes are synchronized every 15 minutes using Incremental Change Synchronization (ICS). Immediate syncing is used for non-routine changes, such as folder creation. If no users are connected to public folder mailboxes, synchronization occurs once every 24 hours by default.
Managing mailboxes: The essentials
You often need to manage user mailboxes the way you do user accounts. Some of the management tasks are intuitive and others aren’t. If you have questions, be sure to read the sections that follow.
Whether you are working with on-premises Exchange or Exchange Online, you can use bulk editing techniques to work with multiple user mailboxes at the same time. To select multiple user mailboxes not in sequence, hold down the Ctrl key and then tap or click the left mouse button on each user mailbox you want to select. To select a series of user mailboxes, select the first mailbox, hold down the Shift key, and then tap or click the last mailbox.
The actions you can perform on multiple resources depend on the types of recipients you’ve selected. The actions you can perform on multiple user mailboxes include the following:
Updating contact information, organization information, or custom attributes
Changing mailbox quotas or deleted item retention settings
Enabling or disabling Outlook Web App, POP3, IMAP, MAPI, or ActiveSync
Managing policy for Outlook Web App, ActiveSync, Address Books, Retention, Role Assignment, or Sharing
Enabling or disabling mailbox archives
Moving mailboxes to another database
Although you cannot bulk edit room or equipment mailboxes, you can perform these actions on shared mailboxes.
Viewing current mailbox size, message count, and last logon
You can use Exchange Admin Center to view the last logon date and time, the mailbox size, and how much of the total mailbox quota has been used by completing these steps:
Select Recipients in the feature pane and then select Mailboxes.
Double-tap or double-click the mailbox with which you want to work.
On the Mailbox Usage page, review the Last Logon text box to see the last logon date and time (see Figure 7-9). If a user hasn’t logged on to the mailbox, you can’t get mailbox statistics and will get an error when you view this page.
Under the last logon time, notice the mailbox usage statistics, depicted in a bar graph and numerically as a percentage of the total mailbox quota that has been used.
If you want to view similar information for all mailboxes on a server, the easiest way is to use the Get-MailboxStatistics cmdlet with the -Server or -Database parameter. Getting statistics for multiple mailboxes shows examples using Get-MailboxStatistics. Use the -Archive parameter to return mailbox statistics for the archive mailbox associated with a specified mailbox.
When you are working with Exchange Management Shell, the standard output won’t necessarily provide all the information you are looking for. Often, you need to format the output as a list or table using Format-List or Format-Table, respectively, to get the additional information you are looking for. Format-List is useful when you are working with a small set of resources or want to view all the properties that are available. Once you know what properties are available for a particular resource, you can format the output as a table to view specific properties. For example, if you format the output of Get-MailboxStatistics as a list, you see all the properties that are available for mailboxes, as shown in this example and sample output:
get-mailboxstatistics -identity "pocket-consultaerika" | format-list
AssociatedItemCount : 21622 DeletedItemCount : 1211 DisconnectDate : DisplayName : Erik Andersen ItemCount : 20051 LastLoggedOnUserAccount : NT AUTHORITYSYSTEM LastLogoffTime : 5/17/2015 11:51:42 PM LastLogonTime : 5/17/2015 12:14:22 PM LegacyDN : /O=FIRST ORGANIZATION/OU=EXCHANGE ADMINISTRATIVE GROUP/CN=RECIPIENTS/CN=ERIK ANDERSEN MailboxGuid : b7fb0ca8-936b-410f-a2a1-59825eebbdfe MailboxType : Private ObjectClass : Mailbox StorageLimitStatus : TotalDeletedItemSize : 1927 KB (1927,535 bytes) TotalItemSize : 191121.2 KB (191,121,225 bytes) Database : Customer Service Primary ServerName : MAILSERVER92 DatabaseName : Customer Service Primary IsQuarantined : False IsArchiveMailbox : False IsMoveDestination : False DatabaseIssueWarningQuota : 1.899 GB (2,039,480,320 bytes) DatabaseProhibitSendQuota : 2 GB (2,147,483,648 bytes) DatabaseProhibitSendReceiveQuota : 2.3 GB (2,469,396,480 bytes) Identity : b7fb0ca8-936b-410f-a2a1-59825eebbdfe MapiIdentity : b7fb0ca8-936b-410f-a2a1-59825eebbdfe OriginatingServer : mailserver92.pocket-consultant.com IsValid : True ObjectState : Unchanged
Once you know the available properties, you can format the output as a table to get exactly the information you want to see. The following example gets information about all the mailboxes in the Engineering Primary database and formats the output as a table:
Get-MailboxStatistics -Database 'Engineering Primary' | format-table DisplayName, TotalItemSize, TotalDeletedItemSize, Database, ServerName
Configuring apps for mailboxes
With both on-premises Exchange and Exchange Online, you can add apps to the Outlook Web App interface to add functionality. Several apps are installed and made available to users by default, including the following apps created by Microsoft:
Action Items. Makes action item suggestions based on message content.
Bing Maps. Allows users to map addresses found in their messages.
Suggested Meetings. Shows meeting suggestions found in messages and allows users to add the meetings to their calendars.
Unsubscribe. Allows users to easily block or unsubscribe from email subscription feeds.
Other apps can be added from the Office Store, from a URL, or from a file. All of these apps have various levels of read, read/write, or other permissions on user mailboxes. Because apps also may send data to a third-party service, you may want to consider carefully whether apps should be enabled in your organization. Where strict, high security is a requirement, my recommendation is to disable all apps.
In Exchange Admin Center, you manage apps as part of the organization configuration. Select Organization in the feature pane and then select Apps. As shown in Figure 7-10, you’ll then see the installed apps and their status. To work with Apps for Outlook, you must have View-Only Organization Management, Help Desk, or Organization Management permissions.
To add an app, do one of the following:
To add an app from the Office store, tap or click New, select Add From The Office Store to open a new browser window to the Office store, and then select an app to add. Select the app’s Add option, review the app details, and then tap or click Add. When prompted to confirm, select Yes.
If you know the URL of the manifest file for the app you want to add, tap or click New and then select Add From URL. In the Add From URL dialog box, enter the URL and then tap or click Install. Be sure to use the full path.
If you’ve copied the manifest file to a local server, tap or click New and then select Add From File. In the Add From File dialog box, select Browse. In the Choose File To Upload dialog box, locate and select the manifest file and then select Open. Manifest files end with the .xml extension.
When you install a new app, the app is made available to all users but disabled by default. This is reflected in the status of Disabled for User Default and Everyone for Provided To.
If you have appropriate permissions, you can manage app status by tapping or clicking the app and then tapping or clicking Edit. In the Action Items dialog box, shown in Figure 7-11, do one of the following:
If you don’t want the app to be available to users, clear the Make This App Available check box and then tap or click Save.
If you want the app to be available to users, select the Make This App Available check box and then specify the app status as optional and enabled by default, optional and disabled by default, or mandatory and always enabled. Finally, tap or click Save.
Any app you install can be removed by selecting it and then selecting the Delete option. Although you can’t uninstall the defaults apps, you can make any or all of the default apps unavailable to users.
Hiding mailboxes from address lists
Occasionally, you might want to hide a mailbox so that it doesn’t appear in the global address list or other address lists. One reason for doing this is if you have administrative mailboxes that you use only for special purposes. To hide a mailbox from the address lists, follow these steps:
Open the Properties dialog box for the mailbox-enabled user account by double-tapping or double-clicking the user name in Exchange Admin Center.
On the General page, select the Hide From Address Lists check box and then tap or click Save.
Defining custom mailbox attributes for address lists
Address lists, such as the global address list, make it easier for users and administrators to find available Exchange resources, including users, contacts, distribution groups, and public folders. The fields available for Exchange resources are based on the type of resource. If you want to add more values that should be displayed or searchable in address lists, such as an employee identification number, you can assign these values as custom attributes.
Exchange provides 15 custom attributes—labeled Customer Attribute 1, Custom Attribute 2, and so on through Custom Attribute 15. You can assign a value to a custom attribute by completing the following steps:
Open the Properties dialog box for the mailbox-enabled user account by double-tapping or double-clicking the user name in Exchange Admin Center.
On the general page, tap or click More Options. Under the Custom Attributes heading, you’ll see any currently defined custom attributes. Tap or click Edit to display the Custom Attributes dialog box.
Enter attribute values in the text boxes provided. Tap or click OK and then tap or click Save.
Restoring on-premises users and mailboxes
When you disable or delete a mailbox, on-premises Exchange retains the deleted mailbox in the mailbox database and puts the mailbox in a disabled state. There is, however, an important distinction between disabling and deleting a mailbox, and this difference affects recovery. When you disable a mailbox, the Exchange attributes are removed from the user account and the mailbox is marked for removal, but the user account is retained. When you delete a mailbox, the Exchange attributes are removed from the user account, the mailbox is marked for removal, and the user account itself is either marked for deletion or deleted entirely. Additionally, with either, if the mailbox has an in-place archive, the in-place archive will also be marked for removal. However, if the mailbox has a remote archive, the remote archive is removed permanently.
Disabled and deleted mailboxes are referred to as disconnected mailboxes. Disconnected mailboxes are retained in a mailbox database until the deleted mailbox retention period expires, which is 30 days by default. Deleted users may be retained as well.
In Exchange Admin Center, you can find disconnected mailboxes and reconnect them by completing these steps:
Select Recipients in the feature pane and then select Mailboxes.
Tap or click the More button (this button shows three dots) and then select Connect A Mailbox. The Connect A Mailbox dialog box shows all mailboxes marked for deletion but currently retained regardless of whether those mailboxes were disabled, deleted, or soft deleted.
Important
When you move mailboxes between databases, mailboxes in the original (source) database are soft deleted. This means they are disconnected, marked as soft deleted, but retained in the original database until the deleted mailbox retention period expires. In Exchange Management Shell, you can use a DisconnectReason of “SoftDeleted” to find soft-deleted mailboxes.
In the Connect A Mailbox dialog box, shown in Figure 7-12, use the selection list provided to select the server where you want to look for disconnected mailboxes.
Tap or click the mailbox to restore it and then tap or click Connect.
Connect the mailbox to the user account to which it was connected previously or to a different user account. If the original user account is available, select the Yes option to reconnect the mailbox to the original user account. If the original user isn’t available or you want to associate the mailbox with a different user, select the No option and follow the prompts.
You can find all disabled mailboxes in an on-premises Exchange organization by entering the following command:
Get-MailboxDatabase | Get-MailboxStatistics | Where { $_.DisconnectReason
-eq "Disabled" } | ft DisplayName,Database,DisconnectDate,DisconnectReasonOr you can find disabled mailboxes in a particular database using the following command:
Get-MailboxStatistics -Database DatabaseName | Where { $_.DisconnectReason
-eq "Disabled" } | ft DisplayName,Database,DisconnectDate,DisconnectReasonNote
You can’t use this technique with Exchange Online. See “Restoring online users and mailboxes” later in this chapter.
If you find that you need a mail-enabled or mailbox user account that was deleted, you may be able to restore the deleted account. For on-premises Exchange, you can restore user accounts from Active Directory. When Active Directory Recycle Bin is enabled, you can recover deleted objects using Active Directory Administrative Center (as long as the deleted object and recycled object lifetimes have not expired).
In Active Directory Administrative Center, select the Deleted Object container to see the available deleted objects. When you select a deleted user by tapping or clicking it, you can use the Restore option to restore the user to its original container. For example, if the user account was deleted from the Users container, the user account is restored to this container. Once the user account is restored, you can restore the Exchange settings and data. You can use Connect-Mailbox to connect the user account to its disconnected mailbox.
When you connect a disconnected mailbox using Connect-Mailbox, you associate the mailbox with a user account that isn’t mail-enabled, which means the user account cannot have an existing mailbox associated with it. Connect-Mailbox has a slightly different syntax for standard mailboxes, shared mailboxes, and linked mailboxes. For standard mailbox users, the basic syntax for Connect-Mailbox is:
Connect-Mailbox -Identity ExchangeId -Database DatabaseName -User ADUserId -Alias ExchangeAlias
where ExchangeID identifies the disconnected mailbox in the Exchange organization, DatabaseName is the name of the database where the disconnected mailbox resides, ADUserID identifies the Active Directory user account to reconnect the mailbox to, and ExchangeAlias sets the desired Exchange Alias. Consider the following example:
Connect-Mailbox -Identity "Thomas Axen" -Database "Sales Database" -User "Thomas Axen" -Alias ThomasA
This example reconnects the Exchange mailbox for Thomas Axen with the related user account in Active Directory and sets the Exchange alias as ThomasA. The alias is combined with the user logon domain to set the User Principal Name (referred to in the UI as the User Logon Name). The User Principal Name must be unique within the organization. If another user account has the same User Principal Name, you’ll see a warning about a user name conflict. You will need to resolve this conflict before you can connect the mailbox.
When you disable or remove an archive mailbox from a mailbox, the archive mailbox is disconnected from the source mailbox, marked for deletion, and retained according to the retention settings. To connect a disabled archive mailbox to the original source mailbox, you use the Connect-Mailbox cmdlet with the -Archive parameter.
Although Connect-Mailbox has restrictions, you can connect a disconnected mailbox to a user account that already has a mailbox. When you restore the mailbox, its contents are copied into the target user’s existing mailbox while the deleted mailbox itself is retained in the mailbox database until the retention period expires (or it is purged by an administrator).
You use New-MailboxRestoreRequest to restore mailboxes to accounts with existing mailboxes. The basic syntax is:
New-MailboxRestoreRequest -SourceMailbox MailboxID -SourceDatabase DatabaseName -TargetMailbox ExchangeID
where MailboxID is the display name or GUID of the disconnected mailbox to restore, DatabaseName is the name of the database where the disconnected mailbox resides, and ExchangeID is an Exchange alias or name for the account where the mailbox should be added. Consider the following example:
New-MailboxRestoreRequest -SourceMailbox "Karen Berg" -SourceDatabase "Marketing Database" -TargetMailbox "Dag Rovik"
You can restore archive mailboxes to users with existing accounts as well. Use the -TargetIsArchive parameter as shown in this example:
New-MailboxRestoreRequest -SourceMailbox "In-Place Archive - Karen Berg" -SourceDatabase "Marketing Database" -TargetMailbox "Dag Rovik" -TargetIsArchive
Restoring online users and mailboxes
If you remove the Exchange Online license for an online user account, the user’s account is marked as an unlicensed account. Exchange Online deletes mailboxes from unlicensed accounts automatically after the grace period expires. By default, this grace period is 30 days. If you delete a user account in the online organization, the user account is marked as deleted but retained until the retention period expires, which is 30 days by default.
In Office 365 Admin Center, select Users And Groups, and then Deleted Users to view deleted users, as shown in Figure 7-13. If the online organization has available licenses, you can restore the deleted users.
To restore deleted user accounts, select the accounts to restore and then tap or click Restore Users. Each user account successfully restored will be confirmed. Account restoration will fail if there are any naming or other conflicts. The User Principal Name must be unique within the organization. If another user account has the same User Principal Name, you’ll see a warning about a user name conflict. As shown in Figure 7-14, you’ll then be able to edit the user name or replace the active user with the deleted user.
When you connect to Microsoft Online Services as discussed in Chapter 6 you can get information about accounts in Windows PowerShell. Enter Get-MsolUser to get a list of active user accounts. As shown in the following example, the default output shows the User Principal Name, display name, and licensing status of user accounts:
UserPrincipalName DisplayName isLicensed ----------------- ----------- ---------- [email protected] Media Cart 3 False [email protected] William Stanek True [email protected] Conference Room 3 False [email protected] George Schaller True [email protected] Conference Room 42 False
The output shows the user accounts associated with all types of users, including the user accounts associated with room and equipment mailboxes. Although room and equipment mailboxes don’t need to be licensed, standard user accounts require licenses.
You can get a list of users whose accounts have been marked for deletion by entering Get-MsolUser –ReturnDeletedUsers. Accounts marked for deletion are listed by User Principal Name, display name, and licensing status. To restore a deleted account, use Restore-MsolUser. The basic syntax for this command is:
Restore-MsolUser -UserPrincipalName OnlineIdwhere OnlineId is the User Principal Name of the account to restore:
Restore-MsolUser -UserPrincipalName [email protected]
The account restore will fail if there are any naming or other conflicts. To resolve a name conflict, use the -NewUserPrincipalName parameter to set a new User Principal Name for the user.
Repairing mailboxes
You can use New-MailboxRepairRequest to detect and repair mailbox corruption. By default, the command attempts to repair all types of mailbox corruption issues, including issues associated with search folders, aggregate counts, provisioned folders, and folder views.
The basic syntax for New-MailboxRepairRequest is:
New-MailboxRepairRequest -Mailbox ExchangeIDwhere ExchangeID identifies the mailbox to repair, such as:
New-MailboxRepairRequest -Mailbox TonyS New-MailboxRepairRequest -Mailbox [email protected] New-MailboxRepairRequest -Mailbox "Tony Smith"
During the repair process, the mailbox cannot be accessed. Once started, the detect and repair process cannot be stopped, unless you dismount the associated database. Add the -Archive parameter to repair the archive mailbox associated with an Exchange identifier rather than the primary mailbox.
You also can use New-MailboxRepairRequest to examine and repair all mailboxes in a database. As the repair process works its way through all the mailboxes in the database, only the mailbox being repaired is locked and inaccessible. All other mailboxes in the database remain accessible to users.
Moving mailboxes
Exchange Server 2013 supports online mailbox moves. To complete an upgrade, balance the server load, manage drive space, or relocate mailboxes, you can move mailboxes from one server or database to another server or database. The process you use to move mailboxes depends on where the mailbox or mail data is stored:
When you want to work with mail data stored on a user’s computer, you can use the import or export process to move mail data.
When a user’s mailbox is stored on an on-premises Exchange server and you want to move the mailbox to a database on the same server or another server in the same forest, you can use an online mailbox move or batch migration to move the mailbox.
When a user’s mailbox is stored on an on-premises Exchange server in one Active Directory forest and you want to move the mailbox to an on-premises Exchange server in another forest, you can use a cross-forest move to move the mailbox.
When a user’s mailbox is stored on-premises and you want to move the mailbox to Exchange Online or vice versa, you can use a remote move to move the mailbox.
Importing and exporting mail data
When Microsoft Outlook uses Exchange Server, a user’s mail data can be delivered in one of two ways:
Server mailbox with local copies
Personal folders
With server mailboxes, messages are delivered to mailboxes on the Exchange server and users can view or receive new mail only when they are connected to Exchange. A local copy of the user’s mail data is stored in an .ost file on her computer.
Personal folders are alternatives to server mailboxes. Personal folders are stored in a .pst file on the user’s computer. With personal folders, you can specify that mail should be delivered to the user’s inbox and stored on the server or that mail should be delivered only to the user’s inbox. Users have personal folders when Outlook is configured to use Internet email or other email servers. Users might also have personal folders if the auto-archive feature is used to archive messages.
When you are working with on-premises Exchange, you can:
Import mail data from .pst files using mailbox import request cmdlets
Export mail data to .pst files using mailbox export request cmdlets
Important
You must have the Mailbox Import Export role to be able to import or export mailbox data. Because this role isn’t assigned to any role group, you must be explicitly assigned this role.
The import and export processes are asynchronous. They are queued and processed independently of Exchange Management Shell. The related commands are shown in the following list:
IMPORT MAILBOX DATA | EXPORT MAILBOX DATA |
Get-MailboxImportRequest | Get-MailboxExportRequest |
New-MailboxImportRequest | New-MailboxExportRequest |
Set-MailboxImportRequest | Set-MailboxExportRequest |
Suspend-MailboxImportRequest | Suspend-MailboxExportRequest |
Resume-MailboxImportRequest | Resume-MailboxExportRequest |
Remove-MailboxImportRequest | Remove-MailboxExportRequest |
Get-MailboxImportRequestStatistics | Get-MailboxExportRequestStatistics |
Mailbox imports and exports are initiated with Mailbox Import and Mailbox Export requests, respectively. These requests are sent to the Microsoft Exchange Mailbox Replication Service (MRS) running on a Client Access server in the source forest. The MRS queues the request for processing, handling all requests on a first-in, first-out basis. When a request is at the top of the queue, the replication service begins importing or exporting mail data.
Before you can import or export data, you need to create a shared network folder that is accessible to your Exchange servers, and the Exchange Trusted Subsystem group must have read/write access to this share.
You use New-MailboxImportRequest to import data from a .pst file to a mailbox or personal archive. Keep in mind you can’t import data to a user account that doesn’t have a mailbox and that the destination mailbox must be already available. The import process will not create a mailbox. By default, all mail folders are imported. However, you can specifically include or exclude folders. You also can import mail data to only the user’s personal archive.
You use New-MailboxExportRequest to export mailbox data to a .pst file. The command allows you to export one or more mailboxes, with each mailbox export handling a separate request. When exporting mail data, you can specify folders to include or exclude and export mail data from the user’s archive. You also can filter the messages so only messages that match your content filter are exported.
Performing on-premises mailbox moves and migrations
The destination database for an on-premises mailbox move can be on the same server, on a different server, in a different domain, or in a different Active Directory site. Exchange Server 2013 performs move operations as a series of steps that allows a mailbox to remain available to a user while the move operation is being completed. When the move is completed, the user begins accessing the mailbox in the new location. Because users can continue to access their email account during the move, you can perform online moves at any time.
The online move process hasn’t changed substantially since it was introduced with Exchange Server 2010:
On-premises mailbox moves are initiated with a Move Mailbox request that is sent to the Microsoft Exchange MRS running on a Client Access server in the source forest. The MRS queues the request for processing, handling all requests on a first-in, first-out basis. When a request is at the top of the queue, the replication service begins replicating mailbox data to the destination database.
When the replication service finishes its initial replication of a mailbox, it marks the mailbox as Ready To Complete and periodically performs data synchronization between the source and destination database to ensure that the contents of a mailbox are up to date. After a mailbox has been moved, you can complete the move request and finalize the move.
When you are working with PowerShell, you initiate a move using New-MoveRequest and then start the actual move using Start-MoveRequest. Although the online move process allows you to move multiple mailboxes, with each move handled as a separate request, the process isn’t ideal for batch moves of multiple mailboxes, and this is where mailbox migrations come in. With mailbox migration, you can move multiple mailboxes in an Exchange on-premises organization, migrate on-premises mailboxes to Exchange Online, or migrate Exchange Online mailboxes back to an on-premises Exchange organization.
Note
You can use the batch migration process to move single or multiple mailboxes within on-premises Exchange. With a single mailbox, the batch migration is handled as a local move.
From a high level, the standard batch migration process is similar to a mailbox move:
Batch mailbox migration is initiated with a Migration Batch request that is sent to the Microsoft Exchange MRS running on a Client Access server in the source forest. The MRS queues the request for processing, handling all requests on a first-in, first-out basis. When a request is at the top of the queue, the replication service begins replicating mailbox data to the destination database.
When the replication service finishes its initial replication of a mailbox, it marks the mailbox as Ready To Complete and periodically performs data synchronization between the source and destination database to ensure that the contents of a mailbox are up to date. After a mailbox has been migrated, you can complete the migration request and finalize the migration.
Where things get complicated are on cross-forest batch migrations and remote migrations. With a cross-forest migration, you perform a batch mailbox migration from an Exchange server in one Active Directory forest to an Exchange server in another Active Directory forest. With a remote migration, you perform a batch mailbox migration from on-premises Exchange to Exchange Online or vice versa.
Cross-forest and remote migrations use migration endpoints. You create a migration endpoint in the target environment. The endpoint identifies the source environment where the mailboxes are currently located. You then initiate the migration in the target environment. With a cross-forest migration, this means you:
Create a migration endpoint in the target domain.
Initiate the migration in the target domain.
With a migration from on-premises Exchange to Exchange Online, this means you:
Create a migration endpoint in Exchange Online.
Initiate the migration from Exchange Online.
With a migration from Exchange Online to on-premises Exchange, this means you:
Create a migration endpoint in on-premises Exchange.
Initiate the migration from on-premises Exchange.
A complete cross-forest or remote migration has four parts. You create a migration endpoint using New-MigrationEndpoint and then create the migration batch using New-MigrationBatch. You start the migration using Start-MigrationBatch. When the migration has finished initial synchronization, you can finalize the migration using Complete-MigrationBatch.
In Exchange Admin Center, you can initiate move and migration requests using the options on the Migration page. To access this page, select Recipients in the feature pane and then select Migration (see Figure 7-15). Although the PowerShell commands for moves and migrations give you complete control over the process, you’ll find that Exchange Admin Center greatly simplifies the process:
For local moves, you log on to a Client Access server in the Active Directory forest where the source mailboxes are located. On the Migration page, select New and then select Move To A Different Database. Follow the prompts in the New Local Mailbox Move dialog box to perform the move.
For remote migrations, you can use the options in Exchange Admin Center for Exchange Online to initiate the process, whether migrating from or to Exchange Online. On the Migration page, select More Options, select Migration Endpoints, and then follow the prompts to create the required migration endpoint. Next, select New and then select either Migrate To Exchange Online or Migrate From Exchange Online as appropriate. Follow the prompts in the New Migration Batch dialog box to perform the migration.
For cross-forest moves, you log on to a Client Access server in the target Active Directory forest. On the Migration page, select More Options, select Migration Endpoints, and then follow the prompts to create the required migration endpoint. Next, select New and then select Move To This Forest. Follow the prompts in the New Cross-Forest Mailbox Move dialog box to perform the move.
On the Migration page, you also can track the status of move and migration requests. If a move or migration request fails, you can get more information about the failure by double-tapping or double-clicking the request and then tapping or clicking View to the right of the Failed Message entry.
When you move mailboxes from one server to another, to a different organization, or even to a different database on the same server, keep in mind that the Exchange policies of the new mailbox database might be different from the old one. Because of this, consider the following issues before you move mailboxes to a new server or database:
General policy. Changes to watch out for include the storage limits, the deleted item retention, and the default offline address book settings. The risk is that the users whose mailboxes you move could lose or gain access to public folders. They might have a different offline address book, which might have different entries. This address book will also have to be downloaded in its entirety the first time the user’s mail client connects to Exchange after the move.
Database policy. Changes to watch out for pertain to the maintenance interval and automatic mounting. If Exchange performs maintenance when these users are accessing their mail, they might have slower response times. If the mailbox database is configured so that it isn’t mounted at startup, restarting the Exchange services could result in the users not being able to access their mailboxes.
Limits. Changes to watch out for pertain to storage limits and deletion settings. Users might be prohibited from sending and receiving mail if their mailbox exceeds the storage limits of the new mailbox database. Users might notice that deleted items stay in their Deleted Items folder longer or are deleted sooner than expected if the Keep Deleted Items setting is different.
Performing on-premises mailbox moves
With online moves and batch migrations, you can move mailboxes between databases on the same server. You also can move mailboxes from a database on one server to a database on another server regardless of whether the servers are in a different Active Directory site or in another Active Directory forest.
Normally, when you perform online migrations, the move process looks like this:
You create a batch migration request for the mailboxes that you want to move using either Exchange Admin Center or Exchange Management Shell.
The request is sent to the Mailbox Replication Service running on a Client Access server in the current Active Directory site. This server acts as the Mailbox Replication Service proxy.
MRS adds the mailboxes to the Request queue and assigns the status Created to the request. This indicates the move has been requested but not started.
When a request is at the top of the queue, MRS begins replicating the related mailboxes to the destination database and assigns the Syncing status to the request.
When MRS finishes its initial replication of the mailboxes, the service assigns the Synced status to the request.
The request remains in the Synced state until you or another administrator specifies that you want to complete the request. MRS performs a final data synchronization and then marks the request as Completed.
When the request is completed, the mailboxes are available in the new location. Because users can continue to access their email accounts during the move, you can perform online moves and migrations at any time.
One way to perform online mailbox moves and migrations is by using Exchange Management Shell. The commands for performing online mailbox moves include the following:
Get-MoveRequest. Displays the detailed status of an ongoing mailbox move that was initiated using the New-MoveRequest cmdlet.
New-MoveRequest. Starts a mailbox move. You also can verify readiness to move by using the -WhatIf parameter. Use the -Priority parameter to set the relative priority of the request.
Resume-MoveRequest. Resumes a move request that has been suspended or failed.
Set-MoveRequest. Changes a move request after it has been started.
Suspend-MoveRequest. Suspends a move request that has been started but has not yet been completed.
Remove-MoveRequest. Cancels a mailbox move initiated using the New-MoveRequest cmdlet. You can use the Remove-MoveRequest command any time after initiating the move but only if the move request is not yet complete.
The commands for performing batch mailbox migrations include the following:
Get-MigrationBatch. Displays the detailed status of an ongoing mailbox migration that was initiated using the New-MigrationBatch cmdlet.
Set-MigrationBatch. Changes a migration request after it has been started.
New-MigrationBatch. Submits a new mailbox migration request. You also can verify readiness to migrate by using the -WhatIf parameter. Use the -AutoStart parameter to allow immediate processing of the request. Use the -AutoComplete parameter to automatically finalize the batch when the initial synchronization is complete.
Start-MigrationBatch. Submits a migration request for processing; required when the -AutoStart parameter is not used with New-MigrationBatch.
Stop-MigrationBatch. Stops a migration request that has been started but has not yet been completed.
Complete-MigrationBatch. Finalizes a migration request that has been synchronized; required when the -AutoComplete parameter is not used with New-MigrationBatch.
Remove-MigrationBatch. Deletes a mailbox migration request that either isn’t running or has been completed. If you created a new request but haven’t submitted it, you can use this command to remove the request so that the mailboxes specified in the request aren’t migrated. If the request is completed, the mailboxes are already migrated, and you can use this command to remove the request from the queue.
Get-MigrationUser. Retrieves information about the ongoing migration of a particular mailbox.
Remove-MigrationUser. Allows you to remove a mailbox from a migration request.
Test-MigrationServerAvailability. Ensures the target server for a cross-premises move is available and verifies the connection settings.
Other batch migration commands include: Get-MigrationStatistics, Get-Migration-UserStatistics, Get-MigrationConfig, Set-MigrationConfig, Get-MigrationEndpoint, Set-MigrationEndpoint, New-MigrationEndpoint, and Remove-MigrationEndpoint.
Moving mailboxes within a single forest
You perform online mailbox moves within a single forest by using Exchange Management Shell. To verify move readiness, use New-MoveRequest with the -WhatIf parameter for each mailbox you plan to move. The following examples show two different ways you can verify whether Morgan Skinner’s mailbox can be moved:
New-MoveRequest -Identity 'morgans' -TargetDatabase "Engineering Primary" -WhatIf 'pocket-consultant.com/users/Morgan Skinner' | New-MoveRequest -TargetDatabase 'Engineering Primary' -WhatIf
To initiate an online move, you use New-MoveRequest for each mailbox you want to move. The following examples show two different ways you can move Morgan Skinner’s mailbox:
New-MoveRequest -Identity 'morgans' -Remote -RemoteHostName 'mailserver17. pocket-consultant.com' -mrsserver 'casserver21.pocket-consultant.com' -TargetDatabase "Engineering Primary" 'pocket-consultant.com/users/Morgan Skinner' | New-MoveRequest -Remote -RemoteHostName 'mailserver17.pocket-consultant.com' -mrsserver 'casserver21.pocket-consultant.com' -TargetDatabase 'Engineering Primary'
After you initiate a move, you can check the status of the online move using Get-MoveRequest. As shown in the following example, the key parameter to provide is the identity of the mailbox you want to check:
Get-MoveRequest -Identity 'morgans'
You can use Suspend-MoveRequest to suspend a move request that has not yet completed, and Resume-MoveRequest to resume a suspended move request. Resuming a suspended request allows it to complete.
You can cancel a move at any time prior to running the move request being completed by Exchange. To do this, run Remove-MoveRequest and specify the identity of the mailbox that shouldn’t be moved. An example follows:
Remove-MoveRequest -Identity 'morgans'
When your source and destination Mailbox servers are running Exchange Server 2013 and are in the same forest, you can move mailboxes by completing these steps:
Log on to Exchange Admin Center via a Client Access server in the domain or forest you want to work with. In Exchange Admin Center, select Recipients in the feature pane and then select Migration.
On the Migration page, select New and then select Move To A Different Database. This starts the New Local Mailbox Move Wizard.
On the Select The Users page, shown in Figure 7-16, you can select the mailboxes to migrate by doing one of the following:
Select the mailboxes that you want to migrate using the graphic interface. Tap or click Add. Use the Select Mailbox dialog box to select the mailboxes to move and then tap or click Add. Next, tap or click OK.
You can select and move multiple mailboxes at the same time. To select multiple mailboxes individually, hold down the Ctrl key, and then tap or click each mailbox that you want to select. To select a sequence of mailboxes, select the first mailbox, hold down the Shift key, and then tap or click the last user mailbox.
Select the mailboxes that you want to migrate using a file containing a list of comma-separated Exchange identifiers. Tap or click Specify The Users With A CSV File and then tap or click Browse. Use the Choose File To Upload dialog box to select the .csv file and then tap or click OK.
The file you use should be named with the .csv extension. The first line of the file should identify the column of data to import as: EmailAddress and each successive line in the file should be the email address of a mailbox to migrate, as shown in the following example:
EmailAddress [email protected] [email protected] [email protected] [email protected] [email protected]
Tap or click Next. On the Move Configuration page, shown in Figure 7-17, enter a descriptive name for the migration batch.
Use the Archive options to specify whether you want to move only the primary mailbox for the selected recipients, only the archive mailbox for the selected recipients, or both.
If you are moving the primary mailboxes for recipients, tap or click Browse to the right of the Target Database text box. In the Select Mailbox Database dialog box, choose the mailbox database to which the mailbox should be moved. Mailbox databases are listed by name as well as by associated server and Exchange version.
If you are moving the archive mailboxes for recipients, tap or click Browse to the right of the Target Archive Database text box. In the Select Mailbox Database dialog box, choose the mailbox database to which the mailbox should be moved. Mailbox databases are listed by name as well as by associated server and Exchange version.
If corrupted messages are found in a mailbox that you are migrating, the messages are skipped automatically and not migrated as part of the mailbox. By default, the wizard skips an unlimited number of bad items in each mailbox which ensures mailboxes are migrated regardless of the level of corruption. If you want to specify the maximum number of bad items that can be skipped in each mailbox, tap or click More Options and then enter this value in the Bad Item Limit text box.
Tap or click Next. On the Start The Batch page, your current login is selected as the recipient for the batch report. This report will contain details about errors encountered during the migration. To add or change recipients for this report, tap or click Browse. In the Select Members dialog box, select the recipients that should receive the report and then tap or click OK. You must select at least one recipient.
By default, Exchange Server creates and starts the batch migration request. When the request is completed, Exchange Server will also automatically finalize it. If you want to manually start the batch, select the Manual option. If you want to manually finalize the batch, clear the Automatically Complete check box.
Tap or click New. Migrating mailboxes can take several hours, depending on the size of the mailboxes you are moving. You can check the status of move requests by refreshing the view on the Migration page. While the request is in the Synced state, you can cancel the request by selecting it and then tapping or clicking Delete. You cannot cancel a request that has started syncing.
Moving mailboxes between forests
You can perform online mailbox moves between different Exchange forests using Exchange Admin Center or Exchange Management Shell. When you are moving mailboxes between forests, verify that mailboxes are ready to be moved before you submit a move request. To verify readiness, the Microsoft Exchange Mailbox Replication service proxy in the source forest checks the status of each mailbox you are moving and also ensures you have the permissions required to move the mailboxes from the source forest to the target forest. If a user has an archive mailbox or subscriptions, you will likely need to remove the archive mailbox, the subscriptions, or both before you are able to move the mailbox.
You can verify move readiness in Exchange Management Shell by using New-MoveRequest with the -WhatIf parameter for each mailbox you plan to move. The following examples show two different ways you can verify whether Rob Cason’s mailbox can be moved:
New-MoveRequest -Identity 'robc' -Remote -RemoteHost 'mailserver17.pocket-consultant.com'-mrsserver 'casserver21.pocket-consultant.com' -TargetDatabase "Engineering Primary" -WhatIf 'pocket-consultant.com/users/Rob Cason' | New-MoveRequest -Remote -RemoteHost 'mailserver17.pocket-consultant.com' -mrsserver 'casserver21.pocket-consultant.com' -TargetDatabase 'Engineering Primary' -WhatIf
You can perform online mailbox moves between forests by following these steps:
Log on to Exchange Admin Center via a Client Access server in the target forest. In Exchange Admin Center, select Recipients in the feature pane and then select Migration.
On the Migration page, select New and then select Move To This Forest. This starts the New Cross-Forest Mailbox Move Wizard.
On the Select The Users page, select the mailboxes to migrate and then tap or click Next.
The target forest is the forest to which you are connected. The source forest is the forest where the mailboxes are located currently. In the Source Forest Administrator Name text box, enter the name of a user account that has appropriate administrative privileges in the source forest. Enter the name in DomainUserName format, such as Pocket-ConsultaWilliams.
Note
The administrator must have sufficient permissions to create the required migration endpoint and move accounts. Typically, this means the account must be a member of both the Recipient Management and Server Management groups in the Exchange organization or have Organization Management permissions. However, if you previously migrated accounts between these forests, the migration endpoint created previously may still be available, in which case only Recipient Management permissions are required.
In the Source Forest Administrator Password text box, enter the password for the previously specified account.
When you tap or click Next, Exchange uses the Autodiscover service to try to detect the availability of the migration endpoint as well as to test connectivity. If errors occur, the Confirm The Migration Endpoint page is displayed. At this point, you have several options. You can:
Enter the fully qualified domain name of a Client Access server in the source forest that can act as the remote MRS proxy server and then tap or click Next to have Exchange try to connect to a migration endpoint on this server and test connectivity.
Tap or click Back to provide alternate credentials and then tap or click Next to retry the connection with those credentials. (Or simply tap or click Back and then tap or click Next to retry the connection with the original credentials.)
Use the Exchange Remote Connectivity Analyzer (https://testexchangeconnectivity.com) to diagnose the connectivity issues. Once the issues are resolved, you can tap or click Next to continue.
On the Start The Batch page, your current login is selected as the recipient for the batch report. This report will contain details about errors encountered during the migration. To add or change recipients for this report, tap or click Browse. In the Select Members dialog box, select the recipients that should receive the report and then tap or click OK. You must select at least one recipient.
By default, Exchange Server creates and starts the batch migration request. When the request is completed, Exchange Server will also automatically finalize it. If you want to manually start the batch, select the Manual option. If you want to manually finalize the batch, clear the Automatically Complete check box.
Tap or click New. Migrating mailboxes can take several hours, depending on the size and number of the mailboxes you are moving. You can check the status of move requests by refreshing the view on the Migration page. While the request is in the Synced state, you can cancel the request by selecting it and then clicking Delete. You cannot cancel a request that has started syncing.
You can perform online moves in Exchange Management Shell by using New-MoveRequest for each mailbox you plan to move. The following examples show two different ways you can move Adam Carter’s mailbox:
New-MoveRequest -Identity 'adamc' -Remote -RemoteHost 'mailserver17.pocket-consultant.com'-mrsserver 'casserver21.pocket-consultant.com' -TargetDatabase "Engineering Primary" 'pocket-consultant.com/users/Adam Carter' | New-MoveRequest -Remote -RemoteHost 'mailserver17.pocket-consultant.com' -mrsserver 'casserver21.pocket-consultant.com' -TargetDatabase 'Engineering Primary'
After you initiate a move, you can check the status of the online move by using Get-MoveRequest. As shown in the following example, the key parameters to provide are the identity of the mailbox you want to check and the name of the proxy server:
Get-MoveRequest -Identity 'adamc' -mrsserver 'casserver21.pocket-consultant.com'
You can use Suspend-MoveRequest to suspend a move request that is not yet complete, and Resume-MoveRequest to resume a suspended move request. Resuming a suspended request allows it to complete.
At any time prior to the move request completing, you can cancel the move by running Remove-MoveRequest and specifying the identity of the mailbox that shouldn’t be moved, such as:
Remove-MoveRequest -Identity 'adamc' -mrsserver 'casserver21.pocket-consultant.com'
Configuring mailbox delivery restrictions, permissions, and storage limits
You use mailbox properties to set delivery restrictions, permissions, and storage limits. To change these configuration settings for mailboxes, follow the techniques discussed in this section.
Setting message size restrictions for contacts
You set message size restrictions for contacts in much the same way that you set size restrictions for users. Follow the steps listed in the next section.
Setting message size restrictions on delivery to and from individual mailboxes
Message size restrictions control the maximum size of messages that can be sent or received in the Exchange organization. With Exchange Online, the maximum size of messages that users can send is 35,840 KB and the maximum size of messages that users can receive is 36,864 KB by default. With on-premises Exchange, you can manage these settings in a variety of ways. Typically, you manage these restrictions for the organization as a whole using the Organization Transport Settings. To manage these settings complete these steps:
In Exchange Admin Center, select Mail Flow in the feature pane and then select Receive Connectors.
On the Receive Connectors page, tap or click More Options and then select Organization Transport Settings.
By default the maximum receive and send message size are both set to 10 MB. Use the options on the Limits page to set new defaults and then tap or click Save.
You also can manage these restrictions using transport rules that filter messages by size and have specific conditions that apply to the size of messages or attachments, including the Apply This Rule If The Message Size Is Greater Than Or Equal To condition and the Apply This Rule If Any Attachment Is Greater Than Or Equal To condition.
Using the Apply This Rule If The Message Size Is Greater Than Or Equal To condition, you can:
Set restrictions regarding the size of messages that can be sent or received.
Specify the action or actions to take if a message meets or exceeds this limit.
Define exceptions for specific users and groups as well as for messages that have specifically-defined characteristics.
In Exchange Admin Center, you can create and manage transport rules, using the options found under Mail Flow > Rules. Tap or click New and then select Filter Messages By Size. The shell commands for working with transport rules include: Disable-TransportRule, Enable-TransportRule, Get-TransportRule, New-TransportRule, Remove-TransportRule, and Set-TransportRule.
When setting these types of organization-wide restrictions, you’ll want to consider the global impact. Typically, you’ll want to apply organization-wide restrictions only to prevent abuse of the mail system. For example, you may want to configure rules that block sending and receiving of very large files and provide a message that encourages senders to use a site mailbox configured as part of a Microsoft SharePoint site for sharing large documents instead.
Sometimes, you need to set exceptions for specific users. For example, some users might need to be able to send large files as part of their job.
For online Exchange, delivery restrictions are fixed for individual users. For sending messages, the maximum message size is 35,840 KB. For received messages, the maximum message size is 36,864 KB.
For on-premises Exchange, you set individual delivery restrictions by completing the following steps:
Open the Properties dialog box for the mailbox-enabled user account by double-tapping or double-clicking the user name in Exchange Admin Center.
On the Mailbox Features page, scroll down and then tap or click View Details under Message Size Restrictions.
As shown in Figure 7-18, you can set the following send and receive restrictions:
Sent Messages > Maximum Message Size. Sets a limit on the size of messages the user can send. The value is set in kilobytes (KBs). If an outgoing message exceeds the limit, the message isn’t sent and the user receives a non-delivery report (NDR).
Received Messages > Maximum Message Size. Sets a limit on the size of messages the user can receive. The value is set in KBs. If an incoming message exceeds the limit, the message isn’t delivered and the sender receives an NDR.
Tap or click OK and then tap or click Save. The restrictions that you set override the global default settings.
Setting send and receive restrictions for contacts
You set message send and receive restrictions for contacts in the same way that you set these restrictions for users. Follow the steps listed in the next section.
Setting message send and receive restrictions on individual mailboxes
By default, user mailboxes are configured to accept messages from anyone. To override this behavior, you can do the following:
Specify that only messages from the listed users, contacts, or groups be accepted.
Specify that messages from specific users, contacts, or groups be rejected.
Specify that only messages from authenticated users—meaning users who have logged on to the Exchange system or the domain—be accepted.
With both on-premises Exchange and Exchange Online, you set message send and receive restrictions by completing the following steps:
Open the Properties dialog box for the mailbox-enabled user account by double-tapping or double-clicking the user name in Exchange Admin Center.
On the Mailbox Features page, scroll down and then tap or click View Details under Message Delivery Restrictions. As shown in Figure 7-19, you can set message acceptance restrictions.
If you want to ensure that messages are accepted only from authenticated users, select the Require That All Senders Are Authenticated check box.
To accept messages from all email addresses except those on the reject list, under Accept Messages From, select All Senders.
To specify that only messages from the listed users, contacts, or groups be accepted, select the Only Senders In The Following List option and then add acceptable recipients by following these steps:
Tap or click Add to display the Select Members dialog box.
Select a recipient, and then tap or click OK. Repeat as necessary.
Tip
You can select multiple recipients at the same time. To select multiple recipients individually, hold down the Ctrl key and then tap or click each recipient that you want to select. To select a sequence of recipients, select the first recipient, hold down the Shift key, and then tap or click the last recipient.
To specify that no recipients should be rejected, under Reject Messages From, select No Senders.
To reject messages from specific recipients, under Reject Messages From, select Senders In The Following List and then add unacceptable recipients by following these steps:
Tap or click Add to display the Select Members dialog box.
Select a recipient, and then tap or click OK. Repeat as necessary
Tap or click OK.
Permitting others to access a mailbox
Occasionally, users need to access someone else’s mailbox, and in certain situations, you should allow this. For example, if John is Susan’s manager and Susan is going on vacation, John might need access to her mailbox while she’s away. Another situation in which someone might need access to another mailbox is when you’ve set up special-purpose mailboxes, such as a mailbox for [email protected] or a mailbox for [email protected].
You can grant permissions for a mailbox in three ways:
You can grant access to a mailbox and its content. If you want to grant access to a mailbox and its contents but not grant Send As permissions, use the Full Access settings. In Exchange Admin Center, open the Properties dialog box for the mailbox you want to work with and then select Mailbox Delegation. On the Mailbox Delegation page, under Full Access, tap or click Add, and then use the Select Full Access dialog box to choose the recipients who should have access to the mailbox. To revoke the authority to access the mailbox, select an existing user name in the Display Name list box and then tap or click Remove.
You can grant the right to send messages as the mailbox owner. If you want to grant Send As permissions, use the Send As settings. In Exchange Admin Center, open the Properties dialog box for the mailbox you want to work with and then select Mailbox Delegation. On the Mailbox Delegation page, under Send As, tap or click Add, and then use the Select Send As dialog box to choose the recipients who should have this permission. To revoke this permission, select an existing user name in the Display Name list box and then tap or click Remove.
You can grant the right to send messages on behalf of the mailbox owner. If you want to allow a user to send messages from a user’s mailbox but want recipients to know a message was sent on behalf of the mailbox owner (rather than by the mailbox owner), grant Send On Behalf Of permissions. In Exchange Admin Center, open the Properties dialog box for the mailbox you want to work with and then select Mailbox Delegation. On the Mailbox Delegation page, under Send On Behalf Of, tap or click Add, and then use the Select Send On Behalf Of dialog box to choose the recipients who should have this permission. To revoke this permission, select an existing user name in the Display Name list box and then tap or click Remove.
In Exchange Management Shell, you can use the Add-MailboxPermission and Remove-MailboxPermission cmdlets to manage full access permissions. Adding full access permissions and Removing full access permissions show examples of using these cmdlets. In these examples, the AccessRights parameter is set to FullAccess to indicate full access permissions on the mailbox.
In Exchange Management Shell, you can use the Add-ADPermission and Remove-ADPermission cmdlets to manage Send As permissions. Adding send as permissions and Removing send as permissions show examples using these cmdlets. In these examples, the -ExtendedRights parameter is set to Send-As to grant Send As permissions for the mailbox.
Note
Another way to grant access permissions to mailboxes is to do so through Outlook. Using Outlook, you have more granular control over permissions. You can allow a user to log on as the mailbox owner, delegate mailbox access, and grant various levels of access. For more information on this issue, see the Accessing multiple Exchange mailboxes and Granting permission to access folders without delegating access sections in Chapter 5.
Forwarding email to a new address
Except when rights management prevents it, any messages sent to a user’s mailbox can be forwarded to another recipient. This recipient can be another user or a mail-enabled contact. To configure mail forwarding, follow these steps:
Open the Properties dialog box for the mailbox-enabled user account by double-tapping or double-clicking the user name in Exchange Admin Center.
On the Mailbox Features page, scroll down and then tap or click View Details under Mail Flow.
To remove forwarding, clear the Enable Forwarding check box.
To add forwarding, select the Enable Forwarding check box and then tap or click Browse. Use the Select Mailbox User And Mailbox dialog box to choose the alternate recipient.
In Exchange Admin Center, you cannot also specify that copies of forwarded messages should be retained in the original mailbox. However, if you use Exchange Management Shell to configure forwarding, you can specify that messages should be delivered to both the forwarding address and the current mailbox. To do this, set the -DeliverToMailboxAndForward parameter to $true when using Set-Mailbox.
Setting storage restrictions on mailbox and archives
In a standard configuration of Exchange Online, each licensed user gets 25 GB of mailbox storage, and a storage warning is issued when the mailbox reaches 22.5 GB. Similarly, if a user has a licensed in-place archive, the archive can have up to 25 GB of storage; a storage warning is issued when the archive mailbox reaches 22.5 GB. Other licensing options are available that may grant additional storage rights.
With on-premises Exchange, you can set storage restrictions on multiple mailboxes using global settings for each mailbox database or on individual mailboxes using per-user restrictions. Global restrictions are applied when you create a mailbox and are reapplied when you define new global storage restrictions. Per-user storage restrictions are set individually for each mailbox and override the global default settings. By default, users can store up to 2 GB in their mailboxes. The quotas are set to:
Issue a warning when the mailbox reaches 1.9 GB
Prohibit send when the mailbox reaches 2 GB
Prohibit send and receive when the mailbox reaches 2.3 GB
In contrast, the default settings for archive mailboxes allow users to store up to 50 GB in their archive mailboxes, and a warning is issued when the archive mailbox reaches 45 GB.
Note
Storage restrictions apply only to mailboxes stored on the server. They don’t apply to personal folders. Personal folders are stored on the user’s computer.
To configure global storage restrictions, you edit the properties of mailbox databases. In Exchange Admin Center, navigate to Servers > Databases. Open the Properties dialog box for the mailbox database by double-tapping or double-clicking the database name. On the Limits page, set the desired storage restrictions using the options provided.
Set individual storage restrictions for mailboxes by completing the following steps:
Open the Properties dialog box for the mailbox-enabled user account by double-tapping or double-clicking the user name in Exchange Admin Center.
On the Mailbox Usage page, tap or click More Options. You’ll then see the storage restrictions as shown in Figure 7-20.
To set mailbox storage limits, select Customize The Quota Settings For This Mailbox. Then set one or more of the following storage limits:
Issue Warning At (GB). This limit specifies the size, in gigabytes, that a mailbox can reach before a warning is issued to the user. The warning tells the user to clean out the mailbox.
Prohibit Send At (GB). This limit specifies the size, in gigabytes, that a mailbox can reach before the user is prohibited from sending any new mail. The restriction ends when the user clears out the mailbox and the mailbox size is under the limit.
Prohibit Send And Receive At (GB). This limit specifies the size, in gigabytes, that a mailbox can reach before the user is prohibited from sending and receiving mail. The restriction ends when the user clears out the mailbox and the mailbox size is under the limit.
Caution
Prohibiting send and receive might cause the user to think they’ve lost email. When someone sends a message to a user who is prohibited from receiving messages, an NDR is generated and delivered to the sender. The original recipient never sees the email. Because of this, you should rarely prohibit send and receive.
Tap or click Save.
Users who have an archive mailbox have the mailbox type User (Archive). You set individual storage restrictions for archive mailboxes by completing the following steps:
Select the user name in Exchange Admin Center.
In the detail pane, scroll down until you see the In-Place Archive heading and the related options. Tap or click View Details.
Enter the desired maximum size for the archive in the Archive Quota text box.
Enter the storage limit for issuing a storage warning in the Issue Warning At text box, and then tap or click OK.
Setting deleted item retention time on individual mailboxes
Normally, when a user deletes a message in Outlook, the message is placed in the Deleted Items folder. The message remains in the Deleted Items folder until the user deletes it manually or allows Outlook to clear out the Deleted Items folder. With personal folders, the message is then permanently deleted and can’t be restored. With server-based mailboxes, the message isn’t actually deleted from the Exchange database. Instead, the message is marked as hidden and kept for a specified period of time called the deleted item retention period.
Note
The standard processes can be modified in several different ways. A user could press Shift+Delete to bypass Deleted Items. As an administrator, you can create and apply policies that prevent users from deleting items (even if they try to use Shift+Delete). You can also configure policy to retain items indefinitely.
Default retention settings are configured for each mailbox database in the organization. With Exchange Online, the retention settings are as follows:
Deleted items are retained for a maximum of 30 days.
Items removed from the Deleted Items folder are retained for a maximum of 14 days.
Items in the Junk Folder are retained for a maximum of 30 days before they are removed.
To configure deleted item retention on a per database basis, you edit the properties of mailbox databases. In Exchange Admin Center, navigate to Servers > Databases. Open the Properties dialog box for the mailbox database by double-tapping or double-clicking the database name. On the Limits page, use the options provided to configure the deleted item retention settings.
To override the database settings on a per-user basis, complete these steps:
Open the Properties dialog box for the mailbox-enabled user account by double-tapping or double-clicking the user name in Exchange Admin Center.
On the Mailbox Usage page, tap or click More Options and then select Customize The Retention Settings For This Mailbox.
In the Keep Deleted Items For (Days) text box, enter the number of days to retain deleted items. An average retention period is 14 days. If you set the retention period to 0 and aren’t using policies that prevent deletion, messages aren’t retained and can’t be recovered. If you set the retention period to 0 but are using policies that prevent deletion, the messages are retained according to the established policies.
You can also specify that deleted messages should not be permanently removed until the mailbox database has been backed up. This option ensures that the deleted items are archived into at least one backup set. Tap or click Save.
Real World
Deleted item retention is convenient because it allows the administrator the chance to salvage accidentally deleted email without restoring a user’s mailbox from backup. I strongly recommend that you enable this setting, either in the mailbox database or for individual mailboxes, and configure the retention period accordingly.