Delete An Email From All Mailboxes – Exchange 2007


Another day, another user who decided to give away their username and password to a phishing email. Thankfully this time it happened on a Monday morning, the spammer was kind enough to send to my internal users, and even better sent a spam to our helpdesk email. In other words – they basically told me they were sending spam from one of our mailboxes.

I did the usual – disabled the account/changed the password, blocked the spam/phishing site, purged our (growing) mail queues. But this time I really wanted to get rid of the email. So…
Powershell (Exchange Management Shell) to the rescue. Continue reading “Delete An Email From All Mailboxes – Exchange 2007”

Script to Compare List of Email Addresses in Exchange

I was provided a list of email addresses of employees in a system that doesn’t interface with AD/Exchange and asked to validate those email addresses exist within our Exchange server. I figured the easiest way was to just script it (the list was close to 1000 people).  Total run time to compare the list was just a few seconds.

Here’s the (quite simplistic) script to accomplish the task.

$logFile = 'c:\scripts\IsAccountValid.log'

# Uncomment the entry below if not running from the EMS
# Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin

# Import the email addresses from text file
$Import=Get-Content "c:\Scripts\emailaddresses.txt"

ForEach ($address in $import) {
     $valid = get-mailbox -an $address
          If ($valid) {
          "$address is Valid" >> $logFile
          } else {
          "$address is Not Valid" >> $logFile

Forcing an Update of the Exchange 2007 GAL

Some things should be simple. Like just right clicking the GAL in the EMC and selecting update. Then updating Outlook. But Nooooooo… do you think that actually works when you need it to?! Of course not.

So, fire up the Exchange Management Shell —

PS> Get-OfflineAddressBook | Update-OfflineAddressBook

PS> Update-FileDistributionService -Identity YourCASServer

Head on over to Outlook and download the address book and your changes should be there.

Exchange 2007 Quick Tip: Find disabled AD users with active mailboxes and stop their email

Doing a little cleanup today and needed to check who was “disabled” in AD but still had mailboxes on our Exchange server. In case you weren’t aware, Exchange mailboxes remain active even if the user is disabled. As part of how we do things, we keep mailboxes around for a looooong time because people tend to leave/retire then come back on a temp basis. So when they return, they have all their old emails available. So, first let’s compare AD w/ Exchange and get a list of folks… (source for the code below)

Download Quest powershell.
Run the PS query below
> get-qaduser -includedproperties altrecipient, homeMDB -disabled | select-object -property “name”, “description” , “altrecipient”, “homeMDB” > c:\mailboxes.csv
Then sort by HomeMDB.

Now you have a list of folks to work with. The next step if you want to stop email flowing to that mailbox is to do one of a couple things ( there’s some other options too) -you can either restrict who can send email to that address (say a dummy account in your organization only) which will prevent anyone else sending to that mailbox or you can change the primary SMTP address to something else and the original address will cause a non-deliverable.

What’s the difference? Not much. If you restrict who can email you will get the following NDR:

Your message wasn’t delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator. #550 5.7.1 RESOLVER.RST.NotAuthorized; not authorized ##

If you change the primary address to something else you will get this:

The recipient’s e-mail address was not found in the recipient’s e-mail system. Microsoft Exchange will not try to redeliver this message for you. Please check the e-mail address and try resending this message, or provide the following diagnostic text to your system administrator. #550 5.1.1 RESOLVER.ADR.RecipNotFound; not found ##

I personally prefer the address not found. That to me is a little more definitive and doesn’t say oops you can’t do that, please call me and ask for permission to do it. It says oops, that address is wrong, check it and make sure you’re sending to someone who is still here.  My standard format for changing addresses is to leave the username and add in _DISABLED. So the new address looks like:

Then if you want to easily find everyone who has a disabled email… the search is like this:

> Get-Recipient -ResultSize Unlimited -Filter “EmailAddresses -like ‘*_DISABLED@domain.local’ -And RecipientType -eq ‘UserMailbox'”


Exchange 2007 Quick Tip: Getting Members of a Dynamic Distribution Group

If you need to get a listing of all the people (and email addresses) who will receive an email from a dynamic distribution group and then export that to CSV:

$members = Get-DynamicDistributionGroup -resultsize unlimited -Identity “Distribution Group Name”
Get-Recipient -resultsize unlimited -RecipientPreviewFilter $members.RecipientFilter | select Displayname,PrimarySmtpAddress | Export-Csv C:\temp\NameOfCSV.Csv

Exchange 2007 Quick Tip: Searching Email Addresses

A Couple quick tips since I had to do a similar search this morning. First let’s say you need to search all your recipients for an email address. Normally not a big deal since you should know their name and can check the mailbox. But what if its an email address that isn’t obvious and is on a different domain?

get-recipient -ResultSize Unlimited | where {$_.emailaddresses -match “”} | select name,emailaddresses | fl —- (source)

That will get all recipients then filter based on the domain listed. You can also of course just change the file to the full email address and that will work as well.

Unfortunately my search didn’t return what I was looking for so I wanted to check and see if maybe it was someone who was using a forwarding address. Here’s that search as well:

Get-Mailbox | Where {$_.ForwardingAddress -ne $null} |Select Name, ForwardingAddress, DeliverToMailboxAndForward | fl —- (source)

Exchange 2007 Add To Distribution Group From Text File

Another interesting request came my way. Since I work in a school district we have a decent amount of “turnover” or whatever you may want to call it every year and at random times throughout the year. This isn’t necessarily folks leaving the district but maybe moving from one grade level to another or taking leave and having a long term substitute take their place. So the request was to have these distribution groups which are populated with a listing of teachers per grade level, generated from our student information system. Naturally the information system doesn’t provide a way to update Exchange and is not at all AD integrated. So what I did was request an export of teachers by grade level (one text file per grade level) and their (thankfully aligned with AD) username. I then placed those text files in a folder, created the distribution groups and ran the below script.

First use powershell to create a distribution group: Continue reading “Exchange 2007 Add To Distribution Group From Text File”

Display Full Access Permission on Exchange Mailbox

This command will show you who has full access to a mailbox – explicitly added permissions only – using the EMS. You could of course do it one by one in the EMC if you like pain.

Get-Mailbox -Server “mailboxserver” | Get-MailboxPermission | where { ($_.AccessRights -eq “FullAccess”) -and ($_.IsInherited -eq $false) -and -not ($_.User -like “NT AUTHORITY\SELF”) } | fl


Exchange 2007 Public Folder Calendar and Management

No. Frankly it wasn’t helpful because I have full admin rights to Exchange. I have Public Folder rights to Exchange. I am the administrator. So no, as usual it wasn’t helpful.

Alright, let’s get to fixing the issue of not being able to create a new public folder in Exchange 2007 even though you should apparently have rights to do so.

First things first – I’m assuming you have at least Exchange 2007 SP1 which is when they included the Public Folder management snap-in. If you don’t – why not? Anyway, open up the Exchange Management Console –> Toolbox –> Public Folder Management Console. Expand Default Public Folders and click on that same folder. On the right hand column you’ll see the option to create a New Public Folder.

Click it  and give the folder a name – then click next.

Now head on over to Outlook. Expand Public Folders and your new Test Folder should be there. Right click on the folder and select New Folder. Change the drop down to Calendar Items and give it a name. Click Ok when you’re done.

Wait… did you get the same error as at the top of the post? I did. Here’s why: If your domain is setup like mine you have a normal (mail enabled) user and an admin (not mail enabled) user account. When you created the Public Folder in the EMC it was most likely under the admin user account which now has owner permissions to the folder, but your lowly Outlook user account doesn’t. That little issue will keep you from doing anything worthwhile on the folder.

Head back over to your Exchange box and open the Exchange Management Shell, then type in:

Get-PublicFolder “\Test Folder”| Add-PublicFolderClientPermission -User “domain\normaluser” -AccessRights Owner -whatIf

(NOTE: Remove the -whatIf at the end for the command to really take hold)

If all goes well you’ll get something like this:

Identity               User                      AccessRights
——–                   —-                       ————
\Test Folder     normaluser…          {Owner}

Guess what? You can now go back to Outlook and not only create your Public Folder Calendar – but you can also add other user permissions to the folder/calendar.

Here’s a slightly more handy command should you need to take ownership of multiple folders all at once:

Get-PublicFolder -recurse | Add-PublicFolderClientPermission -User “domain\normaluser” -AccessRights Owner -whatIf

How To: Export PST from Exchange 2007

  1. Launch Powershell on your machine as administrator (your logon needs Exchange Admin rights too)
  2. Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin
  3. Add-MailboxPermission -Identity <username> -User <yourusername> -AccessRights FullAccess
  4. Export-Mailbox -Identity <username> -PSTFolderPath <locationtosaveto> -baditemlimit 1000 -Confirm:$false
  5. Remove-MailboxPermission -Identity <username> -User <yourusername> -AccessRights FullAccess

That’s all there is too it. You’ll see a progress “meter” as it were as the export completes:
Moving messages. Sent Items (5594/10329)
[ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo                   ]