0

Exchange 2010 Tip Of The Day – 76 To 101

For the final gripping chapter, here are tips #76 to 101 for your PowerShell pleasure!

For the related articles in this series please see:

Tips 1 – 25

Tips 26 - 50

Tips 51 – 75

Tip of the day #76:

Exchange 2010 uses management role groups and management role assignment policies to manage permissions.
Role groups enable you to grant permissions to groups of administrators and specialist end users. These are people who manage your organization or perform special tasks, like mailbox searches for compliance reasons.
Role assignment policies enable you to grant permissions to your end users. These permissions include whether users can manage their own distribution groups, edit their own profile information, access voice mail, and more.

Tip of the day #77:

Management role groups enable you to grant permissions to groups of administrators and specialist end users. These are people who manage your organization or perform special tasks, like mailbox searches for compliance reasons.
If you want to manage permissions for end users, use management role assignment policies.

Tip of the day #78:

Management role assignment policies enable you to grant permissions to your end users. These permissions include whether users can manage their own distribution groups, edit their own profile information, access voicemail, and more.
If you want to manage permissions for administrators and specialist users, use management role groups.

Tip of the day #79:

Management role assignments determine what management roles are associated with management role groups and management role assignment policies. Role assignments also control what objects users who are members of role groups or assignment policies can modify using the cmdlets available on the associated management roles.

Tip of the day #80:

The Get-RoleGroupMember cmdlet lists all the members on a management role group. But if you want to get more details about the members of the role group, use the Get-ManagementRoleAssignment cmdlet. The Get-ManagementRoleAssignment cmdlet enables you to view the members of universal security groups that are members of role groups, view the management scope t
hat applies, and more.

Tip of the day #81:

Do you need to store a value in a variable in a script and make sure it never changes? If so, make the variable a constant using the New-Variable cmdlet. Constants can be set once and don't allow their values to be changed. For example, the following creates the $IPAddress constant with the value 10.0.0.2.

New-Variable -Option Constant -Name IPAddress -Value "10.0.0.2"

Tip of the day #82:

To get a list of all parameters available for a cmdlet, type:

(Get-Command <Cmdlet Name>).Parameters | ft key

For example, to get all parameters for the New-TransportRule cmdlet, type:

(Get-Command New-TransportRule).Parameters | ft key

Tip of the day #83:

Did you know that you need to use the AssembleMessage script when exporting messages from a queue? For example, if you want to export the message with message ID 1234 from the contoso.com queue on server Hub1, you need to run the following command:

Export-Message -Identity Hub1\contoso.com\1234 | AssembleMessage –Path C:\ExportedMessages\Message1234.eml"

Tip of the day #84:

When you are creating a new Edge subscription, you need to run the New-EdgeSubscription cmdlet first on your Edge Transport server, and then on an administrator console that is connected to your internal Exchange organization. However, because Exchange 2010 uses remote Windows PowerShell, you can no longer use the Path parameter when importing an Edge subscription file. Instead you need to use the Get-Content cmdlet to first retrieve and encode the data, and then pass it to the New-EdgeSubscription cmdlet, like so:

New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path "C:\EdgeServerSubscription.xml" -Encoding Byte -ReadCount 0) ) -Site "Default-First-Site"

Tip of the day #85:

Wondering how many log files are generated per server every minute? Quickly find out by typing:

Get-MailboxDatabase -Server $env:ComputerName | ?{ %{$_.DatabaseCopies | ?{$_.ReplayLagTime -ne [TimeSpan]::Zero -And $_ .HostServerName -eq $env:ComputerName} } } | %{ $count = 0; $MinT = [DateTime]::MaxValue; $MaxT = [DateTime]::MinValue; Get-ChildItem -Path $_.LogFolderPath -Filter "*????.log" | %{ $count = $count + 1; if($_.LastWriteTime -gt $MaxT){ $MaxT = $_.LastWriteTime}; if($_.LastWriteTime -lt $MinT){ $MinT= $_.LastWriteTime} }; ($count / ($MaxT.Subtract($MinT)).TotalMinutes) } | Measure-Object -Min -Max -Ave

Tip of the day #86:

Wondering how many log files are generated per database every minute? Quickly find out by typing:

Get-MailboxDatabase -Server $env:ComputerName | %{ Get-ChildItem -Path $_.LogFolderPath -Filter "*????.log" | Group-Object -Property {$_.LastWriteTime.Day,$_.LastWriteTime.Hour,$_.LastWriteTime.minute} | ?{$_.Count -gt 1} | Measure-Object -Property Count -Min -Max -Ave }

Tip of the day #87:

Get quick health and status information for your mailbox database copies by typing:

Get-DatabaseAvailabilityGroup DAG1 | %{ $_.Servers | %{ Get-MailboxDatabaseCopyStatus -Server $_ } }

Tip of the day #88:

Did you know that you can share your calendar and contacts folders with other federated Exchange 2010 organizations by first creating a federation trust with the Microsoft Federation Gateway with a valid digital certificate? Just use the New-FederationTrust cmdlet and the certificate thumbprint to get started. Type:

New-FederationTrust -Name "Microsoft Federation Gateway" -Thumbprint <cetificate thumbprint>

Finish by setting up an organization relationship with another federated Exchange organization to share limited calendar  free/busy information. Type:

Get-FederationInformation -DomainName <other domain name> | New-OrganizationRelationship -Name "<name of relationship>" -FreeBusyAccessEnabled $true -FreeBusyAccessLevel -LimitedDetails

Tip of the day #89:

Need to quickly get a list of your Exchange certificates and their thumbprints? Just use the Get-ExchangeCertificate cmdlet. Type:

Get-ExchangeCertificate | fl

Want to filter the list and include just the self-signed certificates? No problem! Type:

Get-ExchangeCertificate | where {$_.IsSelfSigned -eq $true} | fl

Tip of the day #90:

Not sure your Federation Trust with the Microsoft Federation Gateway is working correctly? To test if a security token c
an be retrieved, just type:

Test-FederationTrust

Tip of the day #91:

Need a report on the status of each Exchange certificate installed on all Hub Transport and Client Access servers? Try this:

Test-FederationTrustCertificate

Tip of the day #92:

Need to verify that an organization relationship is correctly configured and functioning as expected for a user in an external Exchange organization? Just type:

Test-OrganizationRelationship -UserIdentity <user email address> -Identity <external domain> -Confirm

Tip of the day #93:

Use this command to get all active mailbox move requests on a mailbox server:

$(Get-MailboxDatabaseCopyStatus -Server MBX | ?{ $_.status -eq "Mounted" }) | %{ Get-MoveRequest -TargetDatabase $_.DatabaseName } | ?{ $_.Status -ne "Completed" -and $_.Status -ne "CompletedWithWarning" }

Tip of the day #94:

Use this command to find all non-completed move requests and group them by target database:

Get-MoveRequest | ?{ $_.Status -ne "Completed" -and $_.Status -ne "CompletedWithWarning" } | group targetdatabase | sort  Count -Descending

Tip of the day #95:

Use this command to find failure messages for all failed moves:

Get-MoveRequest -MoveStatus Failed | Get-MoveRequestStatistics | ft Alias, percentcomplete, message -auto

Tip of the day #96:

Use these commands to get a snapshot of the move throughput for completed moves.

$stats = Get-MoveRequest -MoveStatus Completed | Get-MoveRequestStatistics
$stats | sort totalmailboxsize | ft Alias,{$_.totalmailboxsize.ToMB()},totalinprogressduration -auto

Tip of the day #97:

Use this command to view the last move report for a mailbox:

(Get-MailboxStatistics aylakol -IncludeMoveReport).MoveHistory[0] | fl

Tip of the day #98:

Use this command to view how many move requests are in the queue to be moved:

(Get-MoveRequest -MoveStatus Queued).count

Tip of the day #99:

Use this command to find all mailbox move requests for mailboxes on the active mailbox database copies that are hosted on the specified mailbox server. This command returns the display name, status of the move request, and the database to which the mailbox is being moved.

$(Get-MailboxDatabaseCopyStatus -Server MBX01 | ?{ $_.status -eq "Mounted" }) | %{ Get-MoveRequest -TargetDatabase $_.DatabaseName }

Tip of the day #100:

Did you know that you can allow users in your Exchange organization to publish their calendars to the Internet so that anyone can view their free/busy availability? Just configure a few settings to get started. To enable an Outlook Web App Virtual Directory and allow calendar publishing, type:

Set-OWAVirtualDirectory -Identity <Client Access server> -ExternalURL <External URL for Client Access server> -CalendarPublishingEnabled $true

To set the web proxy for the Mailbox server, type:

Set-ExchangeServer -Identity "<Mailbox server>" -InternalWebProxy <webproxy URL>

Finish by setting up a sharing policy for the "Anonymous" Internet domain and assign the sharing policy to a user mailbox. First type:

New-SharingPolicy -Name "<policy name>" -Domains 'Anonymous: CalendarSharingFreeBusySimple' -Enabled $True

Then type:

Get-Mailbox -Identity <user alias> | Set-Mailbox -SharingPolicy "<policy name>"

Tip of the day #101:

Need to see a list of the URLs for a user's calendar that has been published for Internet access? Just type:

Get-MailboxCalendarFolder -Identity <user alias>:\calendar | fl

Cheers,

Rhoderick

Rhoderick Milne [MSFT]

Leave a Reply

Your email address will not be published. Required fields are marked *