Exchange Stuff

Get a list of addresses, export to c:\smtp.csv

Get-Mailbox -ResultSize Unlimited |Select-Object DisplayName,ServerName,PrimarySmtpAddress,@{Name="EmailAddresses";Expression={$_.EmailAddresses |Where-Object {$_.PrefixString -ceq "smtp"} | ForEach-Object {$_.SmtpAddress}}} | Export-CSV c:\smtp.csv -NoTypeInformation

Whitelist a domain or address

To check whats currently whitelisted

Get-ContentFilterConfig

To whitelist an address

$list = (Get-ContentFilterConfig).BypassedSenders
$list.add("new.mail@address.com")
Set-ContentFilterConfig -BypassedSenders $list

To whitelist a domain

$list = (Get-ContentFilterConfig).BypassedSenderDomains
$list.add("domain.com")
Set-ContentFilterConfig -BypassedSenderDomains $list

Connect an Outlook profile to two Exchange accounts (remember password for both accts)

In Registry Editor, locate and click the following registry subkey:

HKEY_CURRENT_USER\Software\Microsoft\Exchange

On the Edit menu, point to New, and then click DWORD Value.

Type AlwaysUseMSOAuthForAutoDiscover, and then press Enter.

Modify this key and give it a value of 1.

Configure Exchange antispam settings on mailboxes

Use the Exchange Management Shell to enable or disable the junk email rule in a mailbox.

To enable or disable the junk email rule on a mailbox, use the following syntax:

Set-MailboxJunkEmailConfiguration <MailboxIdentity> -Enabled <$true | $false>

This example disables the junk email rule on Ori Epstein’s mailbox.

Set-MailboxJunkEmailConfiguration "Ori Epstein" -Enabled $false

This example disables the junk email rule on all user mailboxes in the Organizational Unit named North America in the consoto.com domain.

Get-Mailbox -RecipientTypeDetails UserMailbox -OrganizationalUnit "contoso.com/North America" | Set-MailboxJunkEmailConfiguration -Enabled $false

This example disables the junk email rule on all user mailboxes in the mailbox database named MDB 01.

Get-Mailbox -RecipientTypeDetails UserMailbox -Database "MDB 01" | Set-MailboxJunkEmailConfiguration -Enabled $false

This example disables the junk email rule on all user mailboxes in the organization.

$All = Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited; $All | foreach {Set-MailboxJunkEmailConfiguration $_.Name -Enabled $false}

Notes:

Use the Exchange Management Shell to configure the safelist collection on a mailbox

The safelist collection on a mailbox includes the Safe Senders list, the Safe Recipients list, and the Blocked Senders list. By default, users can configure the safelist collection on their own mailbox in Outlook or Outlook on the web. Administrators can use the corresponding parameters on the Set-MailboxJunkEmailConfiguration cmdlet to configure the safelist collection on a user’s mailbox. These parameters are described in the following table.

To configure the safelist collection on a mailbox, use the following syntax:

Set-MailboxJunkEmailConfiguration <MailboxIdentity> -BlockedSendersAndDomains <EmailAddressesOrDomains | $null> -ContactsTrusted <$true | $false> -TrustedListsOnly <$true | $false> -TrustedSendersAndDomains  <EmailAddressesOrDomains | $null>

To enter multiple values and overwrite any existing entries for the BlockedSendersAndDomains and TrustedSendersAndDomains parameters, use the following syntax: “”,""….

To add or remove one or more values without affecting other existing entries, use the following syntax: @{Add=""," "… ; Remove=""," …}

This example configures the following settings for the safelist collection on Ori Epstein’s mailbox:

Set-MailboxJunkEmailConfiguration "Ori Epstein" -BlockedSendersAndDomains @{Add="shopping@fabrikam.com"} -TrustedSendersAndDomains @{Remove="chris@fourthcoffee.com"} -ContactsTrusted $true

This example empties the Blocked Senders list for all user mailboxes in the Organizational Unit named North America in the contoso.com domain.

Get-Mailbox -RecipientTypeDetails UserMailbox -OrganizationalUnit "contoso.com/North America" | Set-MailboxJunkEmailConfiguration -BlockedSendersAndDomains $null

This example adds michelle@tailspintoys.com to the Safe Senders list and Safe Recipients list on all user mailboxes in the mailbox database named MDB 01.

Get-Mailbox -RecipientTypeDetails UserMailbox -Database "MDB 01" | Set-MailboxJunkEmailConfiguration -TrustedSendersAndDomains @{Add="michelle@tailspintoys.com"}

This example removes the domain contoso.com from the Blocked Senders list in all user mailboxes in the organization.

$All = Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited; $All | foreach {Set-MailboxJunkEmailConfiguration $_.Name -BlockedSendersAndDomains @{Remove="contoso.com"}}

Notes:

Permissions to Import or Export Mailbox Data in Exchange 2010

In Exchange 2010 none of the preloaded role groups have the Mailbox Import Export role, The person performing the import or export must have the appropriate permissions within Exchange. The easiest way to grant this permission is by adding Mailbox Import Export role to a role group.

To create the role group we need to run the following:

New-RoleGroup "Mailbox Import-Export Management" -Roles "Mailbox Import Export"

This will create a group called ??Mailbox Import-Export Management??, every user added to this group will have the right to run the import/export cmdlets, adding a user can be done by running the following:

Add-RoleGroupMember "Mailbox Import-Export Management" -Member <user account>

If you try to run the cmdlets and you don’t have the correct permissions, you’ll receive an error stating that the cmdlet doesn’t exist. And by the way, you’ll need to restart the Exchange Management Shell after you add the Mailbox Import Export role to the role group.

Client Access Hostname Configuration

Client Access URLs

The client access URLs are what autodiscover gives to the clients, and also what is sent to the client web browser when access is made through the wrong server. These can be changed through ECP. However some changes have to be made through Power Shell, these are outlined below.

On servers where you have a single server holding all of the roles, set both the internal and external name to the external SSL certificate name - so replace host.domain.local with mail.example.net. Do take care to leave the rest of the URL as per the defaults.

Autodiscover URL

If you are using a single server or all servers are in the same AD site, then the following commands can be used:

Get-ClientAccessServer | Set-ClientAccessServer -AutodiscoverServiceInternalUri https://mail.example.net/autodiscover autodiscover.xml

However if you are using multiple servers in multiple AD sites, then you need to set the commands as per the box below, replacing “CAS-Server” with the real name of the server that holds the CAS role.

Set-ClientAccessServer -Identity "CAS-Server" -AutodiscoverServiceInternalUri https://mail.example.net/autodiscover/autodiscover.xml

Web Services URL

As with Autodiscover, if you are using a single server then the following commands can be used:

Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory -InternalUrl https://mail.example.net/ews/exchange.asmx -ExternalUrl https://mail.example.net/ews/exchange.asmx

However if you are using multiple servers, then you need to set the commands as per the box below, replacing “CAS-Server” with the real name of the server that holds the CAS role.

Set-WebServicesVirtualDirectory -Identity "CAS-Server\EWS (Default Web Site)" -InternalUrl https://mail.example.net ews/exchange.asmx -ExternalUrl https://mail.example.net/ews/exchange.asmx

MAPI Virtual Directory URL

The MAPI virtual directory is used by the new client access protocol MAPI over HTTPS. As before if you are using a single server then the following commands can be used:

Get-MAPIVirtualDirectory | Set-WebServicesVirtualDirectory -InternalUrl https://mail.example.net/mapi/ -ExternalUrl https://mail.example.net/mapi/

However if you are using multiple servers, then you need to set the commands as per the box below, replacing “CAS-Server” with the real name of the server that holds the CAS role.

Set-MAPIVirtualDirectory -Identity "CAS-Server\MAPI (Default Web Site)" -InternalUrl https://mail.example.net/mapi/ -ExternalUrl https://mail.example.net/mapi/

Outlook Anywhere URL

Right click on the Client Access Server and choose Properties. Click on the tab Outlook Anywhere and adjust the URL to match the external name on the SSL certificate.

Cycle the Exchange Services.

After making the changes, cycle the Exchange services to ensure that the changes are live.

To test the configuration, use Outlook 2007 or higher on a workstation.

Should you have everything configured correctly, then all of the URLs should appear as your external certificate name and you do not get any certificate prompts.

MSSTD URL

If the URL for Outlook Anywhere under MSSTD is not correct, then you may have to set that manually. To do that, use the following command in EMS:

Set-OutlookProvider expr -CertPrincipalName:"msstd:mail.example.net"

Create a Local Autodiscover.xml File

If your company doesn’t publish autodiscover in DNS, you can try creating an XML file. Paste this into notepad and save as autodiscover.xml. Don’t forget to change the domain in redirecturl. A sample file is here.

<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response
xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a">
    <Account>
      <AccountType>email</AccountType>
      <Action>redirectUrl</Action>
      <RedirectUrl>https://autodiscover.domain.com/autodiscover/autodiscover.xml</RedirectUrl>
    </Account>
  </Response>
</Autodiscover>

Next, edit the registry to add an autodiscover reference:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AutoDiscover
	REG_SZ: domain.com
	Value: C:\path\to\autodiscover.xml

Now try adding your account to your Outlook profile using Auto Account Setup, entering your name, email address and password. If the Exchange server is properly configured, your account will be configured in Outlook automatically. Note: you’ll get a redirect warning and may need to supply your username and password twice.

If the Exchange server is not properly configured, you’ll need to create an autodiscover.xml containing all of your account information. If you have access to a computer with Outlook 2013 or older, you may be able to use the autodiscover file it used.

Type or paste %localappdata%\microsoft\outlook in the address bar of Windows Explorer to open Explorer to the folder where the autodiscover file is stored. It will be named something like this: 9a2b291a2545a44e9fa74ac13aad98c2 - Autodiscover.xml. Copy it the folder you entered in the registry, delete the previously created autodiscover file and rename the copy to autodiscover.xml.

Virtual Directory Stuff

Set-ActiveSyncVirtualDirectory -Identity "servername\Microsoft-Server-ActiveSync (Default Web Site)" -ActiveSyncServer "https://mail.domain.com/Microsoft-Server-ActiveSync" -InternalUrl "https://mail.domain.com/Microsoft-Server-ActiveSync" -ExternalUrl "https://mail.domain.com/Microsoft-Server-ActiveSync"

Set-EcpVirtualDirectory -Identity "servername\ecp (Default Web Site)" -InternalUrl "https://mail.domain.com/ecp" -ExternalUrl "https://mail.domain.com/ecp"

Set-OabVirtualDirectory -Identity "servername\OAB (Default Web Site)" -InternalUrl "https://mail.domain.com/OAB" -ExternalUrl "https://mail.domain.com/OAB" -RequireSSL $true

Set-OwaVirtualDirectory -Identity "servername\owa (Default Web Site)" -InternalUrl "https://mail.domain.com/owa" -ExternalUrl "https://mail.domain.com/owa"

Set-PowerShellVirtualDirectory -Identity "servername\PowerShell (Default Web Site)" -InternalUrl "https://mail.domain.com/powershell" -ExternalUrl "https://mail.domain.com/powershell"

Set-WebServicesVirtualDirectory -Identity "servername\EWS (Default Web Site)" -InternalUrl "https://mail.domain.com/ews/exchange.asmx" -ExternalUrl "https://mail.domain.com/ews/exchange.asmx" -InternalNLBBypassUrl $null

Set-ClientAccessServer -Identity "servername" -AutoDiscoverServiceInternalUri "https://mail.domain.com/Autodiscover/Autodiscover.xml"

Set-OutlookAnywhere -Identity "servername\Rpc (Default Web Site)" -InternalHostname mail.domain.com -ExternalHostname mail.domain.com -InternalClientAuthenticationMethod Ntlm -ExternalClientAuthenticationMethod Basic -ExternalClientsRequireSsl $True -InternalClientsRequireSsl $true

Set-ClientAccessServer -Identity servername -AutoDiscoverServiceInternalUri https://mail.domain.com/autodiscover/autodiscover.xml

Enable-ExchangeCertificate -Thumbprint 9232c0140d1034b64f6ae4b2edaa82d26e2dc097 -Services POP,IMAP,IIS,SMTP

Get-MailboxDatabase | Set-MailboxDatabase -OfflineAddressBook "\Default Offline Address Book (Ex2013)"

Set-OutlookProvider -Identity EXCH -CertPrincipalName msstd:mail.domain.com
Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:mail.domain.com
Set-OutlookProvider -Identity WEB -CertPrincipalName msstd:mail.domain.com

Set-OutlookProvider EXCH -CertPrincipalName $null
Set-OutlookProvider EXPR -CertPrincipalName $null
Set-OutlookProvider WEB -CertPrincipalName $null

Set-OutlookProvider -Identity EXCH -CertPrincipalName msstd:mail.domain.com
Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:mail.domain.com
Set-OutlookProvider -Identity WEB -CertPrincipalName msstd:mail.domain.com

A.D. Setting That Can Break ActiveSync to Your Mobile Device