Exchange 2010 Operations Reference

Exchange 2010 Operations Reference

Created: 5/6/2011 by: Jason Sherry – Jason.Sherry@service1.net

Last Updated: 7/12/2013

Version: 1.26 - Click here for the latest version

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Reference

A) Maintenance...........................................................21) Database\LUN Maintenance...................................................22) Server Maintenance.........................................................33) Redistributing Database....................................................44) Datacenter Maintenance.....................................................4

B) Disaster Recovery.....................................................61) Single Copy Database Failure...............................................62) Single Server Failure......................................................73) Datacenter Failure.........................................................84) Restoring Databases.......................................................105) Recovering Data from a Recovery Database..................................126) Lag Database Recovery.....................................................13

C) Mailbox Management...................................................151) Getting largest mailboxes.................................................152) Creating mailboxes........................................................153) Setting policy properties.................................................164) Revoking Exchange access..................................................175) Deleting data from a mailbox..............................................176) Recovering Deleted Data from a Pubic Folder...............................187) Recovering a Deleted and Purged Message...................................188) Legal Discovery and Hold..................................................189) Sending As Mailbox\Group..................................................1910) Setting Mailbox Retention and Archiving Policies..........................19

D) Outlook Policies....................................................20E) Personal Archive & PSTs..............................................20F) Troubleshooting and Additional Information...........................211) Errors....................................................................212) Auditing Administrator Actions............................................213) Remote Administration.....................................................214) Message Delivery..........................................................225) Checking Database Replication Status......................................276) General Database Management...............................................277) Offline Address Book......................................................288) Public Folders............................................................299) Key events................................................................2910) PowerShell “reports”......................................................3011) Exchange Performance......................................................3012) TMG, EDGE, & FPE Notes....................................................3213) Active Sync...............................................................3214) PowerShell Related Utilities..............................................32

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Reference

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Reference

A)Maintenance B)Database\LUN MaintenanceBlog: Performing Maintenance on DAG Members in Exchange 2010 SP1Use these steps to move the active database off its current server to another

Using EMC1) Goto \Organization Configuration\Mailbox\Database Management2) Select the database in the top pane3) Select which server should now host the active copy4) Click Move

Using EMSMove-ActiveMailboxDatabase -Server <server> [-Identity <DB>] [-ActivateOnServer <New Server>] This will make all databases on <server> active on another server based on activation preference order Add “-Identity <DB>” to move only certain DBs active on this server to another server Add “-ActivateOnServer <Server>” to control which server the database is active on, see Move-

ActiveMailboxDatabase for more information , otherwise moved based on DB health and activation preference

Database Management and Monitoring Scripts1) CheckDatabaseRedundancy.ps1

CheckDatabaseRedundancy.ps1 [–MailboxDatabaseName “<DB Name>”] EHLO Blog: Exchange 2010 Database Redundancy Check Scripta) Check the redundancy of replicated databasesb) Generates events if database resiliency is found to be in a compromised

state (for example, there's only one healthy copy of a replicated database).2) CollectOverMetrics.ps1

CollectOverMetrics.ps1 -DatabaseAvailabilityGroup “<DAG Name>” -Database:"<DB Name>" -GenerateHTMLReport -ShowHTMLReport

This example collects metrics for all databases that match DB* (which includes a wildcard character) in a DAG named DAG1. After the metrics are collected, an HTML report is generated and displayed

a) Reads DAG member event logs to gather information about database operations (such as database mounts, moves, and failovers) over a specific time period

b) Writes this information to .csv files with one operation per row3) CollectReplicationMetrics.ps1

CollectReplicationMetrics.ps1 -DagName “<DAG Name>” -Duration "01:00:00" -Frequency "00:01:00" -ReportPath

The example gathers one hour's worth of data from all the servers in the DAG "DAG1", sampled at one minute intervals, and then generates a summary report. In addition, the ReportPath parameter is used, which causes the script to place all the files in the current directory.

a) Monitoring that collects metrics related to continuous replication in real time while the script is running

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Reference

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Reference

C)Server MaintenanceUse these steps when installing Exchange\Windows updates, service packs, and\or rebooting Exchange servers.For more details see: Performing Maintenance on DAG Members in Exchange 2010 SP1

1) Log on as local administrator2) Download updates to D:\Install\Exchange\SP1\Updates, or similar directory3) Update source media \Updates folder or Updates folder

Needed to rebuild a new server4) Log off other users5) Close all MMC sessions6) Open EMS and run the following commands:

CD $EXScripts./StartDAGServerMaintenance.ps1 -ServerName <Server> This is step is not needed on EDGE servers This will move all active copies from <server> to the next DAG node, based on activation preference,

and prevent this node from having any databases activated/mounted on it. Steps carried out by script Moves active databases off of the server and block databases from moving to that server Make sure all critical DAG support functionality (for example, the Primary Active Manager PAM role)

that might be on the server is moved to another server, and blocked from moving back to the server

7) Close EMS8) Start an Administrative level Windows PowerShell session (Not EMS)9) Install updates, from above PS session

If installing an update, like a SP that updates the schema and there is a child forest, SETUP /PrepareAD must be run in it 1st as a root forest Domain and Schema Admin

If installing updates on servers with EDGE and FPE, mainly Service Packs, carry out the additional stepsi) Run a Windows (not Exchange) PowerShell session as Administratorii) Run the following commands

NET STOP MSExchangeTransport | NET STOP MSExchangeISCD “C:\Program Files (x86)\Microsoft Forefront Protection for Exchange Server”Get-Service | Where-Object {$_.DisplayName -like 'Microsoft Forefront*'} | Stop-

Service –Force.\FSCUtility.exe /disable

iii) Install updatesiv) Run the following commands

.\FSCUtility.exe /enabledGet-Service | Where-Object {$_.DisplayName -like 'Microsoft Forefront*'} | Stop-

Service –ForceNET START MSExchangeTransport | NET START fwsrv | NET START isasched | NET START

MSExchangeIS The NET START commands will take several minutes to finish since multiple dependent services

need to be started10) Restart server, if prompted toVersion: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Reference11) Open EMS and run the following commands:

CD $EXScripts./StopDAGServerMaintenance.ps1 -ServerName <Server> This will re-enable database activation on this server..\RedistributeActiveDatabases.ps1 -DagName <DAG NAME> -BalanceDbsByActivationPreference

-ShowFinalDatabaseDistribution -Confirm:$false This will activate database on the servers based on their activation preference.

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Reference

D)Redistributing DatabaseIf database are moved\activated on their non-primary server for any reason us thescript below to redistribute them to the server with the lowest activation preference. If a server crashes or is rebooted the database will automatically beactivated on another server, on restart they will NOT be moved back to the original server.1) In EMS run the following commands:

CD $EXScripts.\RedistributeActiveDatabases.ps1 -DagName <DAG NAME> -BalanceDbsByActivationPreference

-ShowFinalDatabaseDistribution -Confirm:$false2) Check DB status, this command should not return any results

Get-MailboxDatabaseCopyStatus * | Where-Object {$_.Status -ne "Healthy" -and $_.Status -ne "Mounted" -or $_.ContentIndexState -eq "Failed"}

E)Datacenter MaintenanceSwitchover to <SITE B>The steps below assume the <SITE A> datacenter, or Exchange mailbox servers in it, needs to be taken off-line gracefully and the <SITE B> datacenter needs to take over mailbox operations.

These steps are only required when this site will be down for an extended period of time, mainly to prevent errors from being logged by Exchange and to prevent Exchange from attempting to active database in this site. Carrying out these steps will prevent the databases on the servers in this site from being updated and from having transaction logs copied to them.

For regular maintenance the steps covered under Server Maintenance should be carried out.

1) Switchover mailbox services to <SITE B>a) Logon to SITEA-MBX-01b) Check database health with the following cmdlet

Get-MailboxDatabase | Get-MailboxDatabaseCopyStatus | Where-Object {$_.Status -eq "Mounted"}

3) Run the following cmdletStop-DatabaseAvailabilityGroup -Identity <DAG NAME> -ActiveDirectorySite “<SITE A>”

This command will mark all mailbox servers in the <SITE A> site as unavailable for activation, or Stopped, in Active Manager.

i) When prompted answer “Y” to stop the DAG members in <SITE A> AD sitec) Confirm the cluster service is stopped on all severs, or at least those in

the <SITE B> datacenteri) Run C:\Tools\Failover\CheckCluster.batii) Check status: sc \\<SITE B>-mbx-01 query clussvc

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Referenceiii) Stop service: sc \\<SITE B>-mbx-01 stop clussvc

d) Confirm there are no mounted database status is ONLY Dismounted or Healthy by running the following cmdlet:Get-MailboxDatabase | Get-MailboxDatabaseCopyStatus | Where-Object {$_.Status -ne "Mounted"}

e) Logon to <SITE B>-MBX-01f) Remove the auto activation block on all DBs

Get-MailboxServer | Set-MailboxServer -DatabaseCopyAutoActivationPolicy: Unrestricted

g) Start the DAG in <SITE B>Restore-DatabaseAvailabilityGroup -Identity <DAG NAME> -ActiveDirectorySite “<SITE B>”

h) Check that all DBs are on-line with the following cmdlet:Get-MailboxDatabase | Get-MailboxDatabaseCopyStatus | Where-Object {$_.Status -eq "Mounted"}

i) Check DAG replication with the following commands:CD $EXScriptsGet-MailboxServer | Test-ReplicationHealth The CluserNetwork should show *FAILED* for Results since clustering is stopped on <SITE A>

servers, it will also fail on DBCopySyspended on <SITE A>serversj) Confirm all database are Health or Mounted by running the following cmdlet:

Get-MailboxDatabase | Get-MailboxDatabaseCopyStatus | Where-Object {$_.Status -ne "Healthy" -and $_.Status -ne "Mounted"} | ft name, status, CopyQueueLength, ReplayQueueLength, contentIndexState, LastInspectedLogTime

k) Update mailboxes to access site B’s RPC CAS array name: Get-MailboxDatabase | Set-MailboxDatabase -RPCClientAccessServer

“rpcmailB.company.com” This will only work for Outlook 2007 and higher clients, so for Outlook 2003 clients the DNS entry

for rpcmail.company.com should be changed to point to the NLB in <SITE B>2) Change DNS entries (If not handled by a NLB or other solution)

a) Externali) mail.company.com -> 2.2.2.2 (<SITE B> Firewall IP)ii) autodiscover.company.com -> 2.2.2.2 (<SITE B> Firewall IP)

b) Internali) mail.company.com -> 192.2.2.2 (<SITE B> TMG or NLB or Primary CAS IP)ii) autodiscover.company.com -> 192.2.2.2 (<SITE B> TMG or NLB or Primary

CAS)iii) rpcmailA.company.com -> 192.2.2.3 (<SITE B> NLB or Primary CAS)

Outlook 2003 clients will not get the new RPC client access name3) Optional: Change SMTP mail routing

This is to force all mail routing to the <SITE B> servers.a) Change delivery rules to send mail to DR site

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations ReferenceSwitchback to <SITE A>1) Wait at least 15 minutes before switching back to allow for AD replication to

finish2) Run the following cmdlet from SITEA-MBX-01 in EMS:

Start-DatabaseAvailabilityGroup -Identity <DAG NAME> -ActiveDirectorySite “<SITE A>” This will restart the cluster server and re-add the <SITE A> servers to the DAG

3) Re-distribute database by running the following commands :$EXScripts.\RedistributeActiveDatabases.ps1 -DagName <DAG NAME> -BalanceDbsByActivationPreference-ShowFinalDatabaseDistribution -Confirm:$false See for This will activate database on the servers based on their activation preference. for more info

4) Check replication health by running the following commands:CD $EXScriptGet-MailboxServer | Test-ReplicationHealth All servers and checks should have “Passed” for Result before moving forward.

5) Reset auto activation block on all DBs:Get-MailboxServer | Set-MailboxServer -DatabaseCopyAutoActivationPolicy: IntrasiteOnly

6) Update mailboxes to access site A’s RPC CAS array name: Get-MailboxDatabase | Set-MailboxDatabase -RPCClientAccessServer

“rpcmailA.company.com”7) Change DNS entries (If not handled by a NLB or other solution)

a) Externali) mail.company.com -> 1.11.1 (<SITE A>Firewall IP)ii) autodiscover.company.com -> 1.11.1 (<SITE A>Firewall IP)

b) Internali) mail.company.com -> 192.1.1.1 (<SITE A> TMG or NLB or Primary CAS)ii) autodiscover.company.com -> 192.1.1.1 (<SITE A> TMG or NLB or Primary

CAS)iii) rpcmail.company.com -> 192.1.1.2 (<SITE A> NLB or Primary CAS)

8) Change SMTP mail routing This is to force all mail routing to the <SITE B> servers.a) Change delivery rules to send mail back to primary site

Related articles: Datacenter Switchovers How to Manage a Datacenter Failure or Disaster Recovery Scenario in Exchange

2010 Exchange 2010 DAG local and Site DR/Failover and Fail back

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Reference

F)Disaster RecoveryExchange 2010 DAG local and Site DR/Failover and Fail back

1)Single Copy Database FailureIf the active copy of a database fails\dismounts and won’t remount use the following process to move the active copy to another server. In most cases the database will automatically be activated on another server, based on activation preferences.

Active database on another server1) In EMC

a) Goto \Organization Configuration\Mailbox\Database Managementb) Right click on the failed database and choose Move Active Mailbox Database…c) Click Browse and select the server should now host the active copyd) Take the default of “None” for automatic database mount dial and click OK

Mount dial options:BestAvailability (default) – Mount the database if the copy queue length 12. Those logs are ≤replicated and the database is mounted

GoodAvailability – Mount the database if the copy queue length 6. Those logs are replicated and ≤the database is mounted

Lossless – Only mount the database if the copy queue length is 0, meaning all logs on the original active copy have been replicated. In that case the database is mounted.

BestEffort – Mount the database automatically, regardless of the size of the copy queue length

None – Use default

2) Or using EMSMove-ActiveMailboxDatabase <DB> -ActivateOnServer <New Server> -MountDialOverride:

<Dial option>

Resuming replicationIf a LUN were to fail on a server, due to temporary issue, Exchange will suspend replication and log replay on it. If you run Get-MailboxDataCopyStatus it will show “FailedAndSuspended” for Status and “Failed” for ContentIndexState. If it was a temporary failure and no data was loss or corrupted you can just resume logreplay and replication using the following command.

Resume-MailboxDatabaseCopy <DB>\<Server>If this command returns no results it ran successfully, otherwise it will return an error. If there was data loss or corruption a reseed of the database, covered below, or restoration from the most recent snapshot maybe required.

Reseeding a databaseThese steps assume a database has failed, either because of a data corruption or storage failure issue. Reseeding shouldn’t be require otherwise, normally.Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Reference

Depending upon storage and backup technology on the server, recovering the faileddatabase from a snapshot should be quicker than reseeding the database. If snapshot technology is in use then follow the steps in section “D) Restoring Databases . ”

1) Suspend replication to databaseSuspend-MailboxDatabaseCopy -Identity "<DB>\<Server>"

2) Start the reseeding processUpdate-MailboxDatabaseCopy -Identity "<DB>\<Server>" –DeleteExistingFiles

-SourceServer <Source Server> The duration of the reseed process will depend upon the network link to the active copy. DO NOT close

the EMS session, this will abort the reseeding process. If you do not specific the SourceServer parameter Exchange will use the active copy by default. If reseeding multiple databases at once you must include the “-DatabaseOnly” parameter.

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Reference

B)Single Server FailureIn a normal situation any database on a failed server will automatically be activated on another server. To just move all active database off a server run the following command:Move-ActiveMailboxDatabase -Server <Server> This will make all databases on <server> active on another server based on activation preference order.

Add “-ActivateOnServer <Server>” to control which server the database is active on, see Move-ActiveMailboxDatabase for more information.

Also see my Failover.ps1 that provides a single script to handle planned and unplanned failover events, including single server or entire datacenter failure.

Remove failed server from DAGThese command will need to be run from another Exchange 2010 server or EMS client1) Remove mailboxes on failed server from DAG

Remove-MailboxDatabaseCopy <DB>\<Failed server>2) Repeat above cmdlet for each DB that was on the failed server3) Remove the failed server from the DAG

Remove-DatabaseAvailabilityGroupServer -Identity <DAG> -MailboxServer <Failed server> -ConfigurationOnly

This assumes the server is completely dead and off-line. If the server and Exchange servers are running on it remove the “-ConfigurationOnly” switch

Build replacement serverIf the server is a complete loss the server will need to be replaced with a very similar server, were the following must be the same:4) Name

This will require resetting the computer account in the AD5) Domain membership6) Same or similar hardware or VM config7) OS, SP8) OS updates should be similar too9) # of NICs10) NIC settings (DNS, IP, Gateway)11) Drive paths to databases

Re-installed Exchange in recovery mode.12) Install the required OS prerequisites for Exchange

See your Exchange Build document for further details13) Use latest version of Exchange as running on other servers as possible

Exchange 2010 SP1 was the latest installable version as of this writing, Microsoft may repackage Exchange 2010 when SP3 comes out. Therefore, if the other servers are running SP3 and there is an installable version of SP3 it should be used. If not SP1 should be used, then updated after install

14) Run the following command from the Exchange install folderVersion: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations ReferenceSetup /m:RecoverServer /TargetDir:E:\Microsoft\Exchange This assumes Exchange was previously or should now be installed under E:\Microsoft\Exchange instead

of the default of C:\Program Files 15) Install the latest Exchange server pack and Update Rollups to match the

other Exchange 2010 servers16) Recover databases

a) Via backup snapshot softwarei) Recover the most recent snapshot of the databases to the same paths

b) Via reseedingi) Run this commend for each database

Update-MailboxDatabaseCopy -Identity "<DB>\<Failed Server>"17) Reboot the server18) After restart confirm the database have been mounted

Add replacement server back to DAG19) Run the following command to add the server back to the DAG

Add-DatabaseAvailabilityGroupServer -Identity <DAG> -MailboxServer <Server>20) Add database replicas back to the server

Add-MailboxDatabaseCopy -Identity <DB> -MailboxServer <Server> If the databases will be restored from snapshots then add the “-SeedingPostponed:$True” switch to the

above cmdlet. For details on how to restore the databases see “D) Restoring Databases ”21) Repeat above cmdlet for each DB that was on the failed server

C)Datacenter FailureUnderstanding Datacenter Activation Coordination (DAC) Mode

Also see my Failover.ps1 that provides a single script to handle planned and unplanned failover events, including single server or entire datacenter failure.

Failover to <Site B>The steps below assume the <SITE A> datacenter is unavailable and the <SITE B> datacenter needs to take over mailbox operations.1) Unplanned failover of mailbox services to <SITE B>

a) Optional (If possible): Logon to SITEA-MBX-01i) Check database health with the following cmdlet

Get-MailboxDatabase | Get-MailboxDatabaseCopyStatus | Where-Object {$_.Status -eq "Mounted"}

ii) Run the following cmdlet to gracefully stop the DAG and remove the <SITE A>servers:Stop-DatabaseAvailabilityGroup -Identity <DAG NAME> -ActiveDirectorySite “<SITE A>” This command will mark all mailbox servers in the <SITE A> site as unavailable for activation, or

Stopped, in Active Manager. (1) When prompted answer “Y” to stop the DAG members in <SITE A> AD

siteb) Logon to <SITE B>-MBX-01

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Referencec) Confirm the cluster service is stopped on all severs, or at least those in

the <SITE B> datacenter Exchange 2010 is in DAC mode and quorum will be lost if <SITE A>is inaccessible from <SITE B>.

Therefore the cluster services should automatically stop.i) Run C:\Tools\Failover\CheckCluster.bat or using the following commands

against each server(1) Check status: sc \\<SITE B>-mbx-01 query clussvc(2) Stop service: sc \\<SITE B>-mbx-01 stop clussvc

d) Confirm there are no mounted database status, status should ONLY show Dismounted or Healthy, by running the following cmdlet:Get-MailboxDatabase | Get-MailboxDatabaseCopyStatus | Where-Object {$_.Status -ne "Mounted"}

e) Stop-DatabaseAvailabilityGroup -Identity <DAG NAME> -ActiveDirectorySite “<SITE A>” -ConfigurationOnly This command will mark all mailbox servers in the <SITE A> site as unavailable for activation, or

Stopped, in Active Manager. If <SITE A>was on-line and step a) could be carried out this step should not be needed.

f) Run net start clussvc /fq to force quorum, from an administrative command prompt If <SITE A>was on-line and step a) could be carried out this step should not be needed.

g) Remove the auto activation block on all DBsGet-MailboxServer | Set-MailboxServer -DatabaseCopyAutoActivationPolicy: Unrestricted

h) Start the DAG in LARestore-DatabaseAvailabilityGroup -Identity <DAG NAME> -ActiveDirectorySite “<SITE B>”

i) Check that all DBs are on-line with the following cmdlet:Get-MailboxDatabase | Get-MailboxDatabaseCopyStatus | Where-Object {$_.Status -eq "Mounted"} All 49 databases should be listed, drop the Where-Object filter to see status of all replicas

j) Check DAG replication with the following commands:CD $EXScriptsGet-MailboxServer | Test-ReplicationHealth The CluserNetwork should show *FAILED* for Results since clustering is stopped on <SITE A>servers,

it will also fail on DBCopySyspended on <SITE A>serversk) Confirm all database are Health or Mounted by running the following cmdlet:

Get-MailboxDatabase | Get-MailboxDatabaseCopyStatus | Where-Object {$_.Status -ne "Healthy" -and $_.Status -ne "Mounted" -or $_.ContentIndexState -eq "Failed"} | ft name, status, CopyQueueLength, ReplayQueueLength, contentIndexState, LastInspectedLogTime

l) Update mailboxes to access new RPC CAS array name: Get-MailboxDatabase | Set-MailboxDatabase -RPCClientAccessServer “rpcmailB.company.com” This will only work for Outlook 2007 and higher clients, so for Outlook 2003 clients the DNS entry

for rpcmail.company.com should be changed to point to the NLB in <SITE B>2) Change DNS entries

a) ExternalVersion: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Referencei) mail.company.com -> 2.2.2.2 (<SITE B> Firewall IP)ii) autodiscover.company.com -> 2.2.2.2 (<SITE B> Firewall IP)

b) Internali) mail.company.com -> 2.2.2.2 (<SITE B> TMG or NLB or Primary CAS IP)ii) autodiscover.company.com -> 2.2.2.2 (<SITE B> TMG or NLB or Primary

CAS IP)3) Optional: Change SMTP mail routing

Postini should detect mail4 & mail5 are down and only deliver mail to mail6, but if the <SITE A> datacenter is in an unstable state messages should only be delivered to mail6. Otherwise message maybe stuck in delivery queues in <SITE A>.

c) Change Postini delivery rules to send mail to mail6.company.com only4) Failover mailbox data to <SITE B>

d) Stop-DatabaseAvailabilityGroup -Identity <DAG NAME> -ActiveDirectorySite “<SITE A>” –ConfigurationOnly

Failback to <SITE A>1) Run the following cmdlet from SITEA-MBX-01 in EMS:

Start-DatabaseAvailabilityGroup -Identity <DAG NAME> -ActiveDirectorySite “<SITE A>” This will restart the cluster server and re-add the <SITE A>servers to the DAG

2) Check replication health by running the following commands:CD $EXScriptGet-MailboxServer | Test-ReplicationHealth All servers and checks should have “Passed” for Result before moving forward. If the data centers have been disconnect for a hours or days it may take hours for replication and

replay to occur before databases are in a Healthy state with no logs in the queue.3) If all replicas are up to date, re-distribute database by running the following

commands :$EXScripts.\RedistributeActiveDatabases.ps1 -DagName <DAG NAME> -BalanceDbsByActivationPreference -ShowFinalDatabaseDistribution -Confirm:$false See for This will activate database on the servers based on their activation preference. for more info

4) If replicas are lost or very far out of synca) Run the following cmdlet to reseed a replica on a server:

Update-MailboxDatabaseCopy -Identity "<DB>\<Server>" -DeleteExistingFiles See How to Reseed a Failed Mailbox Database Copy in Exchange Server 2010 for more details.

5) Set the RPC CAS array value back to <SITE A>with the following cmdlet:Get-MailboxDatabase | Set-MailboxDatabase -RPCClientAccessServer “rpcmailA.company.com”

6) Reset auto activation block on all DBs:Get-MailboxServer | Set-MailboxServer -DatabaseCopyAutoActivationPolicy: IntrasiteOnly

7) Change DNS entriesa) External

i) mail.company.com -> 1.11.1 (<SITE A>Firewall IP)ii) autodiscover.company.com -> 1.11.1 (<SITE A>Firewall IP)

b) Internal

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Referencei) mail.company.com -> 1.11.1 (<SITE A> TMG or NLB or Primary CAS IP)ii) autodiscover.company.com -> 1.11.1 (<SITE A> TMG or NLB or Primary

CAS IP)8) Change SMTP mail routing

This is to force all mail routing to the <SITE B> servers.a) Change Postini delivery rules to send mail to mail4, mail5, and

mail6.company.com

D)Restoring DatabasesThe steps below cover getting a database back on-line from a backup/snapshot. Thesteps will vary based on the backup/snapshot solution being used

Replacing a failed Mailbox Databases copyA key assumption with these steps is that logs are not being truncated by Exchange, only by the backup software. If this is not the case the logs must exist from when the snapshot being restored was taken. Otherwise all database copies will need to be removed, one copy restored, and other copies reseeded. Seethe steps in for those steps.

In some cases reseed a database will provide the best recovery option, seeResuming replication for more details.

1) Remove the failed database replicaRemove-MailboxDatabaseCopy -Identity "<DB>\<Server>"

2) Re-add the database copy, with seeding suspendedAdd-MailboxDatabaseCopy -Identity "<DB>" -MailboxServer "<Server>"

–SeedingPostPoned:$True3) In the SAN\snapshot software create a clone of the most recent snapshot

Transaction logs MUST exist from when this snapshot was taken until current4) Remove data from existing LUN\folders\mount points5) Disconnect the LUN and remove it from the SAN6) Create a new LUN that points to the clone of the most recent snapshot7) Adjust the LUN size as needed8) Attach the new LUN to the server using the same path as the old one9) Check the health of the database by running this command

ESEUTIL /mh <Database file name>.edba) If the results return “State: Clean Shutdown” jump to step belowb) If “State: Dirty Shutdown” then run this command

ESEUTIL /r E## /d<path to database> /l<path to log files>o /R = Soft recovery, restoreo E## = the database log #, this can be gathered by looking at the first

log file prefix for the database being recoveredo Example: ESEUTIL /r E01 /d”E:\Data\Users-A.edb” /l E:\Logs\Users-A.edb

10) Resume replication

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations ReferenceResume-MailboxDatabaseCopy -Identity "<DB>\<Server>"

11) Confirm replica healthGet-MailboxDatabaseCopyStatus –Identity "<DB>\<Server>" It may take a long time before the replica shows as Health, but it should not say Failed at anytime.

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Reference

Restoring a loss or logically corrupt Mailbox DatabaseThese steps assume all copies of a mailbox database are unusable, this could be due to storage failure across all replicas or due to logical corruption, administrative accident, or other reason that prevents the current replicated copies from being used.

1) Export any data that is needed from the active database that does not exist in the one being restored This includes any new items since the snapshot being restored was taken. Transaction logs can be replayed up to a point in time, but anything after that point in time will be loss See Create a Mailbox Export Request for details on how to export mailbox data to a PST

2) Disable continuous replication circular logging (CRCL), if enabled This option tells Exchange to truncate transaction logs after all replicas have replayed/executed all

transaction in them.Set-MailboxDatabase <DB> -CircularLoggingEnabled $False

3) Remove the passive database replicasRemove-MailboxDatabaseCopy -Identity "<DB>\<Server>"

4) Dismount database on remaining active replicaDismount-Database “<DB>”

5) Attach LUN with database to be restored to server a) In the SAN\snapshot software create a clone of the most recent snapshot

o When carrying out this recovery steps check for any option that allows the database to be brought up to date or for logs to be replayed. If you know when the loss or logical corruption occurred you do NOT want to replay logs past this point. Therefore, you will need to adjust or disable the replay option.

b) Create a new LUN that points to the clone of the most recent snapshotc) Attach the new LUN to the server using the same path as the old one

6) Bring the database up to date, or to the recovery time desired This assumes the recovery software does not replaya) Determine which log files are required to replay into the database to meet

your point-in-time requirement for this recovery (based on log file date andtime, as shown in Windows Explorer)

b) Move all logs created after this point should be moved to a different directoryo Until the recovery process is completed, and the logs are no longer needed.

c) Delete the checkpoint (.chk) file for the database.d) Use Eseutil to perform the recovery operation

ESEUTIL /r E## /d<path to database> /l<path to log files>o Important: This step may take a considerable amount of time, depending on several factors, such

as the length of the replay lag time, the number of log files generated during that period, and the speed at which your hardware can replay those logs into the database being recovered.

o /R = Soft recovery, restore |

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Referenceo E## = the database log #, this can be gathered by looking at the first

log file prefix for the database being recoveredo Example: ESEUTIL /r E01 /d”E:\Data\Users-A.edb” /l E:\Logs\Users-A.edb

7) Remove and replace old drive\LUN with new onea) Remove data from existing LUN\folders\mount pointsb) Disconnect the LUN and remove it from the SANc) Adjust the LUN size if needed

8) Re-add database to DAG and replicasa) Add database replicas to other DAG members

Add-MailboxDatabaseCopy -Identity <DB> -MailboxServer <Passive Server> -SeedingPostponedo Seeding will fail since existing files are on the passive servers still, therefore seeding is postponed at

this timeb) Repeat above for any additional replicasc) Force an update and deletion of existing files

Update-MailboxDatabaseCopy -Identity "<DB>\<Passive Server>" -DeleteExistingFilesd) Repeat above for any additional replicase) Adjust Activation Preferences as needed

Set-MailboxDatabaseCopy -Identity "<DB>\<Passive Server>" -ActivationPreference '#'9) Confirm replica health

Get-MailboxDatabaseCopyStatus –Identity "<DB>\<Server>" It may take a long time before the replica shows as Health, but it should not say Failed at anytime

10) Once replication and indexing has finished, rebalance databases based on activation preferenceCD $ExScripts.\RedistributeActiveDatabases –DagName <DAG> -BalanceDbsByActivationPreference `

-ShowFinalDatabaseDistribution

Public Folder Databases1) Dismount the Public Folder database, if mounted2) In the SAN\snapshot software create a clone of the most recent snapshot

Transaction logs MUST exist from when this snapshot was taken until current3) Remove data from existing LUN\folders\mount points4) Disconnect the LUN and remove it from the SAN5) Create a new LUN that points to the clone of the most recent snapshot6) Adjust the LUN size as needed7) Attach the new LUN to the server using the same path as the old one8) Check the health of the database by running this command

ESEUTIL /mh <Database file name>.edba) If the results return “State: Clean Shutdown” jump to step belowb) If “State: Dirty Shutdown” then run this command

ESEUTIL /r E## /d<path to database> /l<path to log files>9) Mount the database in Exchange

The normal Public Folder replication process will get any missed updated replicated to this database.

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Reference

E)Recovering Data from a Recovery DatabaseThe first step required is to recover the EDB file of the mailbox database that you need to recover data from. These steps will vary based on the backup technology in use. The steps below assume a snapshot based solution is being used.

See this article for a full example and many more details: Restoring Mailbox Data from a Recovery Database in Exchange 2010 SP1

Attach the database to the server1) In the SAN\snapshot software create a clone of the most recent snapshot of the

database in question2) Create a new LUN that points to the clone3) Attach the new LUN to the server4) Check the health of the database by running this command

ESEUTIL /mh <Database file name>.edba) If the results return “State: Clean Shutdown” jump to step belowb) If “State: Dirty Shutdown” then run this command

ESEUTIL /r E## /d<path to database> /l<path to log files>o /R = Soft recovery, restoreo E## = the database log #, this can be gathered by looking at the first

log file prefix for the database being recoveredo Example: ESEUTIL /r E01 /d”E:\Data\Users-A.edb” /l E:\Logs\Users-A.edb

Setup a Recovery Database5) From EMS run the following cmdlet

New-MailboxDatabase -Recovery -Name "RecoveryDB" -Server <Server> -EdbFilePath "<Path to restored database>.EDB" -LogFolderPath "<Path to restored log files >"

6) Mount the Recovery DatabaesMount-Database "RecoveryDB"

Restore data from Recovery Database7) Confirm what mailboxes are in the database

Get-MailboxStatistics -Database RecoveryDB8) Use the Restore-Mailbox to restore data from the recovery database

New-MailboxRestoreRequest -SourceStoreMailbox <Mailbox to be recovered> -SourceDatabase“RecoveryDB” -TargetMailbox <Mailbox to recover data to> -TargetRootFolder <Folder path> -AllowLegacyDNMismatch

-AllowLegacyDNMismatch is only required if the data is being restored to a different mailbox Without the –RecoveryMailbox or –TargetFolder parameters the entire mailbox will be recovered into

the current mailbox for the user. See TechNet for more details and examples. You can also include the -IncludeFolders switch to specify specific folders to restore

o Default folder, like Inbox, but be included in hash marks. For example: '#Inbox#'o If you only want the root folder restored include the –SourceRootFolder parameter

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Referenceo See Restoring Mailbox Data from a Recovery Database in Exchange 2010 SP1 for many more

example

F)Lag Database RecoveryTo a specific time11) Suspend replication for the lagged copy being activated by using

the Suspend-MailboxDatabaseCopy cmdletSuspend-MailboxDatabaseCopy <DB>\<Lag Server>

12) Optionally (to preserve a lagged copy), take a file system-based (non-Exchange aware) Volume Shadow Copy Service (VSS) snapshot of the volumes containing the database copy and its log files. You can use the vssadmin.exe tool that's included in Windows to take a VSS snapshot, as shown in this example.vssadmin create shadow /For=<Path to EDB>vssadmin create shadow /For=<Path to Logs>

13) Determine which log files are required to replay into the database to meet your point-in-time requirement for this recovery (based on log file date and time, as shown in Windows Explorer)

14) Move all logs created after this point should be moved to a different directory Until the recovery process is completed, and the logs are no longer needed.

15) Delete the checkpoint (.chk) file for the database.16) Use Eseutil to perform the recovery operation

Eseutil.exe /r e## /a The e## is the log generation prefix for the database (for example, E00, E01, E02, and so on). Important: This step may take a considerable amount of time, depending on several factors, such as

the length of the replay lag time, the number of log files generated during that period, and the speed at which your hardware can replay those logs into the database being recovered.

17) After log replay is finished, the database is in a clean shutdown state and can be copied and used for recovery purposesa) To mount the database as a recovery database so data can be recovered from

iti) Copy EDB to new locationii) Mount the database as a recovery database

New-MailboxDatabase –Name “<Recovery database name>” –Server <Server> –EdbFilePath “<Path to EDB>” –LogFolderPath <path for log files> -Recovery

18) Restore data using the steps in Restore data from Recovery Database19) After the recovery process is complete, resume replication for the database

that was used as part of the recovery process, as shown in this example.Resume-MailboxDatabaseCopy <DB>\<Lag Server> This will bring the lagged database back up to date from the active DAG member. If this is not desired

the other database must be reseeded from the lagged copy.

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations ReferenceTechNet: Activate a Lagged Mailbox Database CopyTechNet: Managing Mailbox Database Copies\Using Replay Lag and Truncation Lag Options

Blog: Eliminating Traditional Backups using native Exchange 2010 FunctionalityPart 1: Overview of differences from 2003 and how you can go without traditional backupsPart 2: Overview of litigation hold feature and how to recovery deleted & purged itemsPart 3: How and when to use lagged copiesPart 4: How restore mailbox data from a specific point in time using a lagged database copy

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Reference

G)Mailbox Management1)Getting largest mailboxesGet 20 largest mailboxes

Get-Mailbox | where-object {$_.RecipientTypeDetails -ne 'LegacyMailbox'} | Get-MailboxStatistics | where {$_.ObjectClass -eq "Mailbox"} | Sort-Object TotalItemSize -Descending | Select-Object @{label="User";expression={$_.DisplayName}},@{label="Total Size (MB)";expression={$_.TotalItemSize.Value.ToMB()}},@{label="Items";expression={$_.ItemCount}},@{label="Storage Limit";expression={$_.StorageLimitStatus}} -first 20

Also see this article on how to create an e-mail of the largest mailboxes

2)Creating mailboxesSome properties cannot be set in the EMC, therefore a mailbox creation script or process will be needed.It is suggested that a provisioning system or script is put in place that createsthe user account and mailbox as part of a workflow to reduce human error and ensure accounts are created in a standard fashion.

1) Create a mailbox or an existing user in EMSEnable-Mailbox <user ID> -Database <Target DB> This will create a new mailbox for an existing user on the specified database. Not all of the settings

below can be set from the Enable-Mailbox or New-Mailbox cmdlets, therefore after the mailbox is created the Set-Mailbox command must be called to set them.

2) Optionally set the following after creating a mailbox in EMCa) Retention Policy:

Set-Mailbox <user ID> -RetentionPolicy '<Policy name>' b) Enable Single Item Recover

Set-Mailbox <user ID> –SingleItemRecoveryEnabled $truec) Override database level deleted item retention

See “Understanding Recoverable Items” for more information Set-Mailbox <user ID> -RetainDeletedItemsFor 90

d) Enable calendar sharing to the InternetSet-Mailbox <user ID> -SharingPolicy 'Default Sharing Policy'

e) Change recoverable item quotas, defaults to 20 & 30GBSet-Mailbox <user ID> -RecoverableItemsWarningQuota 12GB -RecoverableItemsQuota 15GB With the defaults each mailbox may take up an additional 30GB of storage in the database, by

reducing this in half this will prevent excessive space usage. SCOM should be setup to monitor for the warning event log message, ID: 10023

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Reference All of cmdlets can be run in single Set-Mailbox command. None of these are set when a mailbox is

move to Exchange 2010 or created with the New-Mailbox cmdlet.Set-Mailbox <User ID> -RetentionPolicy 'Default Archive Policy' –

SingleItemRecoveryEnabled $true -SharingPolicy 'Default Sharing Policy' -RecoverableItemsWarningQuota 12GB -RecoverableItemsQuota

To do this for all users on a certain database:Get-Mailbox –Database <DB Name> | Set-Mailbox -RetentionPolicy 'Default Archive

Policy' –SingleItemRecoveryEnabled $true -SharingPolicy 'Default Sharing Policy' -RecoverableItemsWarningQuota 12GB –RecoverableItemsQuota 15GB

f) Enable the personal archive for a mailboxEnable-Mailbox <user id> -Archive

g) Send a welcome message to the userSend-MailMessage -From "ExchangeAdmins@company.com" -To "<UserID>@company.com" -

Subject "Welcome to the Company!" -Body "<Message body text>" –SmtpServer mail.company.com

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Reference3) See this blog post for my Create-Mailbox.ps1 script:

http://blog.jasonsherry.net/2013/07/08/create-mailbox/, which does the followinga) Optional: Copies a template user account; including a set of attributes,

group members, and OU locationb) Checks to make sure the user ID existc) Gets smallest database, based on a supplied filter

By default only database that have a name that starts in “US-Mailboxes-” are checkedd) Mailbox enables the user IDe) Sets the Retention Policy, Sharing Policy, and enables Single Item Recoveryf) Optional: Send a “Welcome to the company” e-mail

4) Control which database the new mailbox gets created on via RBAC You can use RBAC to delegate limited access to objects in Exchange. So instead of adding all Exchange

admins to the “Organization Management” group, which gives them full access to all objects in Exchange, you can limit their access to just certain objects in the AD, by OU for example, and in Exchange, like database they can create mailboxes on.

a) Limit what databases are used For more information see TechNet

o Understanding Automatic Mailbox Distributiono Control Automatic Mailbox Distribution Using Database Scopes o Understanding Exclusive Scopes o Control Automatic Mailbox Distribution Using Database Scopes

i) Using RBAC see TechNet(1) Create management scope that contains each set of databases

New-ManagementScope -Name "US Databases" -DatabaseRestrictionFilter {Name -Like "US-Mailboxes-*" }

ii) Exclude a specific database:Set-MailboxDatabase <database name> -IsExcludedFromProvisioning $True

C)Setting policy propertiesAfter migration or if a mailbox is created in EMC or EMC and some setting aren’t set you can use the following example to find the mailboxes that aren’t set correctly and set the required properties.

First we should review which mailboxes doesn’t have certain properties set. The cmdlet below will return any mailbox that doesn’t have a Retention Policy OR Single Item Recover enabled:Get-mailbox | ? {$_.RetentionPolicy -eq $Null -or $_.SingleItemRecoveryEnabled -eq $False}

| ft name, alias, RetentionPolicy, SingleItemRecoveryEnabled

These properties can be enabled individually using the two cmdlet below.Get-Mailbox | ? {$_.RetentionPolicy -eq $Null} | Set-Mailbox -RetentionPolicy 'Standard

Retention Policy'

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Reference This example will find any mailbox that does not have a Retention Policy set and set it to the “Standard

Retention Policy”get-mailbox | ? {$_.SingleItemRecoveryEnabled -eq $False} | Set-Mailbox -

SingleItemRecoveryEnabled $True This will find all mailboxes with Single Item Recover disabled and enabled it

Or both properties can be set at once:Get-mailbox | ? {$_.RetentionPolicy -eq $Null -or $_.SingleItemRecoveryEnabled -eq $False}

| Set-Mailbox -RetentionPolicy 'Standard Retention Policy' -SingleItemRecoveryEnabled $True

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Reference

D)Revoking Exchange accessIn general you can just disable a user’s account to remove their access to their mailbox, but since ActiveSync maintains an active session with Exchange, users may still be able to access their e-mail for up to 24 hours!

Removing an ActiveSync device1) Get list of ActiveSync devices for the user

Get-ActiveSyncDevice -mailbox <user ID/alias/UPN>| fl DeviceId, FriendlyName, DeviceOS,DeviceType, DeviceUserAgent, DeviceTelephoneNumber, FirstSyncTime, Identity

2) If the device is lost it should be wiped:Clear-ActiveSyncDevice <Identity path from above> Could also use a string search like this to remove the devices:

Get-ActiveSyncDevice -mailbox <userID> | ? {$_.DeviceType -eq "WP8"} | Clear-ActiveSyncDevice

3) Remove the device Remove-ActiveSyncDevice <Identity path from above>

Immediately disable ActiveSync access Carrying out these steps below will prevent a user’s device from syncing e-mail as quick as possible, but this process can still allow a device to work for 5-10 minutes

For more detail see this article on TechNet: Disabled Accounts and ActiveSync Devices Continuing to Sync

1) Optional: Remotely wipe device This must be done before the ActiveSync relationship is broken/removed. Not all devices support

remote wipe alsoa) Confirm you have the correct user

Get-ActiveSyncDeviceStatistics -Mailbox <user ID> | fl DeviceId, FriendlyName, DeviceOS, DeviceType, DeviceUserAgent, DeviceTelephoneNumber, FirstSyncTime, Identity

b) Remove the device Remove-ActiveSyncDevice <Identity path from above>

2) Block all devices for this userSet-CASMailbox -Identity <userID> -ActiveSyncBlockedDeviceIDs “<DeviceID 1>,<DeviceID 2>”

3) Disable ActiveSync for userSet-CASMailbox -Identity <userID> -ActiveSyncEnabled $false

4) Lastly disable the account

E)Deleting data from a mailboxUse Mailbox Search to Delete Messages

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations ReferenceSearch for possible matches firstThis example searches April Stewart's mailbox for messages that contain the phrase "Your bank statement" in the Subject field and logs the search results in the SearchAndDeleteLog folder of the administrator's mailbox. Messages aren't copied to or deleted from the target mailbox.Search-Mailbox -Identity "April Stewart" -SearchQuery "Subject:'Your bank statement'" -

TargetMailbox "administrator" -TargetFolder "SearchAndDeleteLog" -LogOnly -LogLevel Full

Delete ContentsThis cmdlet will delete all items with the subject “Your bank statement” in AprilStewart’s mailbox:Search-Mailbox -Identity "April Stewart" -SearchQuery 'Subject:"Your bank statement"' -

DeleteContent

This cmdlet will search all mailboxes and delete all messages that start with thesubject “Mail servers coming down”Get-Mailbox | Search-Mailbox -SearchQuery 'Subject:"Mail servers coming down*"' -

DeleteContent -Force For more info on SearchQuery see: http://help.outlook.com/en-ca/140/gg315525.aspx Before the –DeleteContent parameter will work the “Mailbox Import Export” role must be assigned to

the user, this role is not assigned to any group by default. To assign this role to the “Organization Management” group run the following cmdlet:New-ManagementRoleAssignment -Name "Mailbox Import Export" -SecurityGroup

"Organization Management" -Role "Mailbox Import Export"

F)Recovering Deleted Data from a Pubic Folder<TO DO>For now see: http://blogs.technet.com/b/exchange/archive/2012/02/06/recovering-public-folders-after-accidental-deletion-part-1-recovery-process.aspx

G)Recovering a Deleted and Purged MessageSee: Perform Single Item Recovery and Understanding Recoverable Items for more details

By default in Exchange 2010 when a user Deletes an item it is moved to the Deleted Items folder. If they then clear the Deleted Items folder or SHIFT-DELETE(Soft Deletes) an item it is moved to the Recoverable Items folder. If a user goes to this folder, which takes multiple manual steps in OWA or Outlook, and then deletes an item (Hard Delete) or retention or managed folder policies deletes the item it is purged from the Exchange database and not recoverable.

With Single Item Retention enabled Hard Deletes do not purge the item from the Recoverable Items folder. In addition, modifications/versions of items are saved.The Deleted Item retention setting controls how long items are retained in the Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations ReferenceRecoverable Items folder in all cases. Once this period has expired items are purged from the Exchange database.

When Single Item Retention is enabled the Recoverable Items folder contains the following sub-folders:

Deletions This subfolder contains all items deleted from the Deleted Itemsfolder or soft deleted. This subfolder is exposed to users through the Recover Deleted Items feature in Outlook and Outlook Web App.

Versions If either litigation hold or single item recovery is enabled, this subfolder contains the original and modified copies of the deleted items. This folder isn't visible to end users.

Purges If either litigation hold or single item recovery is enabled, this subfolder contains all items that are hard deleted. This folder isn't visible to end users.

Audits If mailbox audit logging is enabled for a mailbox, this subfolder contains the audit log entries. To learn more about mailbox audit logging

Items in these folders are not visible to end users, but can be recovered by Exchange administrators with the correct rights.

1) Use EMS Search-Mailbox cmdlet to search for content and restore it to the user’s mailbox:Search-Mailbox "<User’s mailbox>" -SearchQuery "<search criteria>" -TargetMailbox “<User’s mailbox>” -TargetFolder "Restored Data" -LogLevel Full –SearchDumpsterOnly

H)Legal Discovery and HoldBelow are the steps that should be needed by legal, HR, or IT.Using Exchange Server 2010 e-discovery (Multi-mailbox search)Understanding Multi-Mailbox Search

Searching for a Message across Multiple Mailboxes1) Grant the discovery user or group Full Control to discovery mailbox

Multiple discovery mailboxes can be created as needed for different storage of discovery results that different users should have access to.

2) Grant the discovery user or group of users the “Discovery Management” role Add-RoleGroupMember -Identity "Discovery Management" -Member <user or group>

3) Start a discovery search a) Multi-Mailbox search in ECP

i) Select Options: Manage My Organization > Mail Control > Discovery > Newii) Enter search criteria and name iii) Once the search is done the discovery mailbox can be opened in OWAiv) Goto the folder that is named after the search to view the results

b) Multi-Mailbox search in EMS example:New-MailboxSearch -Name "Contoso-Case1" -StartDate "1/1/2009" -EndDate "12/31/2009"

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Reference-TargetMailbox "Discovery Search Mailbox" -SearchQuery '"Contoso" and "Project A"'-MessageTypes Email -IncludeUnsearchableItems -LogLevel Full

Putting a Mailbox on Legal Hold1) Using ECP

a) Goto Manage My Organization > Users & Groups > Mailboxesb) Select the mailbox to put on litigation hold and click Detailsc) Under Mailbox Features, select Litigation Hold and click Enabled) On the Litigation Hold page, you can configure the following optional

fields. The text from these fields appears in the user's mailbox.e) Click OK. At this point, the litigation hold is pending. You must click Save

to complete the process.f) Click Save to put the mailbox on litigation hold. A warning is displayed

saying it may take up to 60 minutes for the litigation hold to take effect.g) Click Close

2) Using EMSSet-Mailbox joe@contoso.com -LitigationHoldEnabled $true

I)Sending As Mailbox\Group1) Send As another Mailbox

a) In EMCi) Goto the mailbox under Recipient Configuration\Mailboxii) In the Task list click “Managed Send As Permission”

b) In EMSAdd-ADPermission "<User>" -User "<Domain>\<User or Group>" -Extendedrights "Send As"

c) In ADU&Ci) Open user object and add the “Send As” permission to the user\group

TechNet: Manage Send As Permissions for a Mailbox To force Outlook to save sent items to the “Send As” mailbox’s Sent Items

enable this by carrying out the steps in KB972148o Notes: Replace “Office\12.0\Outlook” with “Office\14.0\Outlook” for Outlook 2010. The user’s

primary mailbox must be in cached mode.o For more details see this blog post: Outlook, Delegated Access and the infamous “Sent Items” folder

behavior 2) Send as Group

a) In EMS (This can’t be done in the EMC)Add-ADPermission “<distribution group>” -ExtendedRights Send-As -User “<user or

group>” -AccessRights ExtendedRightb) In ADU&C

i) Open group and add the “Send As” permission to the user\group Blog: Send as distribution group

Note: The settings need to propagate through the Exchange server's cache. This can take up to 2 hours. Until this time when you try to send from the distribution list, you'll get a message back stating that it's not allowed to

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Referencesend as this distribution list. You can force an update by restarting the Information Store, however the mailboxes will be unavailable until the service has restarted.

J)Setting Mailbox Retention and Archiving PoliciesBy default these polices are not set on a mailbox at creation time or when it is migrated to Exchange 2010. Therefore you must set them in EMC\EMS. The cmdlet below will get all Exchange 2010 mailboxes that don’t have a policy set and set it to the “Default Archive and Retention Policy” one. This policy exists by default, but mailboxes are not automatically assigned to it. The default retention and archiving tags should be reviewed and edited as needed.Get-Mailbox | Where-Object {$_.RetentionPolicy -eq $null -and $_.RecipientTypeDetails -ne

'LegacyMailbox'} | Set-Mailbox -RetentionPolicy 'Default Archive and Retention Policy'

K)Outlook PoliciesManaging Outlook 2007 through Group Policies

Good article on managing PST, archiving, attachments, Outlook alerts, Deploying additional registry values in the Office Customization Tool for Outlook2007

L)Personal Archive & PSTsA personal archive is basically an option add-on mailbox to a user’s primary mailbox. To use this feature you much have an Enterprise CAL for each mailbox youplan on enabling a personal archive for. Once a user has been “archive enabled” they can manually move items into their archive mailbox, tag folders and items with archiving policies, or Exchange administrators can setup mailbox wide or built-in folder policies that automatically move items to a user’s archive.The personal archive feature was mainly added to eliminate PSTs in most organizations. Users can still move and delete items, subject to Single Item Recovery settings, in their archive. It does not provide the full archiving set of tools that larger or regulated companies might require.1) In EMC under Organization Configuration\Mailbox you have to create the desired

retention and archiving tags on the Retention Policies Tags tab then assign those tags to a policy on the Retention Policies tab

2) One the policy is created you need to assign it to the mailboxes:Set-Mailbox <user ID> -RetentionPolicy '<Policy name>'

3) Then you need to enable the personal archiveEnable-Mailbox <user ID> -Archive

See Setting Mailbox Retention and Archiving Policies for more examples.On 1/30/2012 Microsoft release a PST Capture (ingestion) tool for Exchange 2010, see this EHLO Blog post: .PST, Time to Walk the Plank.TechNet: Microsoft Exchange PST Capture

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations ReferenceArticles on Personal Archive feature in Exchange 2010

Exchange 2010 Personal Archiving vs. Exchange 2010 Organizational Archiving Managing Personal Archive in Exchange Server 2010 Why you should create personal archives in Exchange Server 2010

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Reference

M)Troubleshooting and Additional Information Blog: Exchange server 2010 : Troubleshooting Tools

1)ErrorsProperty can’t be set due to object being the wrong versionIf you get the error below and you know the mailbox is on Exchange 2010 it might be caused by the object being edited in the Exchange 2003 or other non-Exchange 2010 tools or the object may have been migrated across forest and some propertiesnot set correctly

Example error:Property RetentionPolicy can't be set on this object because it requires the object to have version 0.10 (14.0.100.0) or later. The object's current version is 0.1 (8.0.535.0).

To fix this issues run Update-Recipient <Object name>

2)Auditing Administrator ActionsExchange 2010 Administrator Audit Logginghttp://www.shudnow.net/2010/08/03/changes-in-exchange-2010-sp1-administrator-audit-logging/

1) Create a mailbox to contain the audit logs, for example “ExchAudit”2) Hide the mailbox from the GAL3) Run the following cmdlet

Set-AdminAuditLogConfig -AdminAuditLogMailbox ExchAudit -AdminAuditLogAgeLimit 30 -AdminAuditLogEnabled $True

C)Remote AdministrationInstalling Exchange 2010 Management ToolsWindows 7 or Windows 2008 and higher are required.

Install the following:1. Remote Server Administration Tools for Windows 7 or AD Remote Management

Tools on Windows 20082. IIS 6 Management Console3. IIS 6 WMI Compatibility4. IIS 6 Metabase and IIS 6 configuration compatibility

For more details see this blog post

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations ReferenceOnce the above Windows components are installed you can then run Exchange 2010 SP1 (or higher) setup and do a custom install and select only the “Management Tools”

Running Exchange cmdlets remotelyWith Exchange 2010 Remote PowerShell 2.0 supports so the Exchange management tools do not need to be installed locally. After running the two lines below you can run any Exchange cmdlet from any machine with PowerShell 2.0, which is included with Windows 2008 R2.$ExchangePS = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri

http://<Server>/PowerShell/ -Authentication KerberosImport-PSSession $ExchangePS

The first line starts a remote PowerShell session with <SERVER>. The 2nd line imports that session, which includes the Exchange cmdlets, into the current PowerShell session. After doing this you can run any of the command below

The EDGE role does NOT support remote PowerShell, so commands must be run on the server directly.

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Reference

D)Message DeliveryMessage Queues1) EMS cmdlets

a) Get any queues, except Shadow, that have one or more message in themGet-TransportServer | Get-Queue | Where-Object {$_.MessageCount -gt 0 -and

$_.Identity -notlike "*\Shadow\*"} | fl Identity, MessageCount, NextHopDomain, Status, LastError

b) Get queue details, excluding EDGE transport serverGet-Transportserver | where-object {$_.name -notlike '*edge*'} | Get-Queue | Where-

Object {$_.DeliveryType -ne 'ShadowRedundancy'} | ft Identity, MessageCount, NextHopDomain, Status, LastError -wrap

If you have an EDGE transport server you will need to run the cmdlets on it to check it’s queues.c) Get total message count

Get-TransportServer | Get-Queue | measure-object MessageCount -max | ft2) Scripts

a) PowerShell - Check Exchange 2010 Queue and mail alert on queue threshold Script can be set as a scheduled task to run every 30minutes and will monitor all exchange 2010

queue's3) Additional reading

a) Blog: Queue reporting in Exchange 2010b) A Deep Dive into Transport Queues

Message Tracking Logs

Check message tracking log settingsGet-TransportServer | fl name, MessageTrackingLog*Get-MailboxServer | fl name, MessageTrackingLog*

MessageTrackingLogEnabled = True [Default] MessageTrackingLogMaxAge = 30 MessageTrackingLogMaxDirectorySize = 1GB MessageTrackingLogMaxFileSize = 10MB MessageTrackingLogPath = <Should not be on the (C:\) system drive>

Setting up organization level message trackingExposing Organization Level Message Tracking in Exchange 2010 OWA

By default users can only track their own messages

SearchingGet message tracking SMTP RECEIVE event from only HT servers sent after 7/10/2010to two recipientsGet-Exchangeserver | where {$_.isHubTransportServer -eq $true -or $_.isMailboxServer -eq

$true} | Get-MessageTrackingLog -Recipients "sl4232@company.com","slawrie@company.com" -start "7/10/2012 12:00 AM" | ? {$_.Source -eq "SMTP" -and $_.EventId -eq "RECEIVE"} | Select-Object Timestamp, Clienthostname, sender, @{Name="Recipients";

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations ReferenceExpression={$_.recipients}}, Recipientcount, MessageSubject | export-csv -NoTypeInformation .\Messages.csv -Encoding unicode The first filter on this cmdlet will return all servers with message

tracking details, so dedicated CAS and EDGE servers will be excluded. Without this filter errors would be returned.

The Select-Object selection will format the output as text fields so the output can be exported to a CSV

The @{} expression will combined all receipts into a single text field, instead of an object, also so output can be exported to a CSV

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations ReferenceGet message tracking details for a specific user, message, and timeGet-Exchangeserver | where {$_.isHubTransportServer -eq $true -or $_.isMailboxServer -eq

$true} | Get-Messagetrackinglog -sender user @domain.com -MessageSubject "Subject of message” -Start "8/27/2010 7:00 AM" -End "8/27/2010 11:00 AM" | Select-Object Timestamp,Clienthostname,eventid,source,sender,@{Name="Recipients";Expression={$_.recipients}},Recipientcount,serverhostname,SourceContext The above cmdlet will only show routing details for messages sent by

user@domain.com with a subject of “Subject of message” sent between 8/27/2010 7:00 AM and 8/27/2010 11:00 AM

From blog post: Message Tracking tips in Exchange 2010 using cmdlets

Get message tracking details for messages received from a domain starting at a specific dateGet-Messagetrackinglog -ResultSize unlimited -Start "5/10/2012 12:00 AM" | ? {$_.Sender -

Like "*@company.com"} | Select-Object Timestamp,Clienthostname,eventid,source,sender,@{Name="Recipients";Expression={$_.recipients}},Recipientcount,serverhostname,SourceContext

Get message tracking details for messages sent to a domain within a time range from a userGet-Messagetrackinglog -Start "2/21/2012 12:00 AM" -End "2/23/2012 8:00 PM" -ResultSize

Unlimited | where {$_.Recipients -like '*@company.com' -and $_.Sender -like '*@hotmail.com'} | Select-Object Timestamp, Clienthostname, eventid, source, sender, Recipients, MessageSubject, serverhostname The above cmdlet will only show routing details for messages sent by

Jason.Sherry@service1.net between 12/06/2011 9:00PM and 12/07/2011 11:00 AM that were sent to e-mail addresses that end in @company.com

Additional InformationTechNet: How to Search Message Tracking Logs

Includes multiple examples of Get-MessageTrackingLogTechNet: Configure Message TrackingTechNet: Managing Message TrackingTechNet: Understanding Message Tracking

SMTP Transport LogsDefault location:A) Receive: C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\

ProtocolLog\SmtpReceiveB) Send: C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\

ProtocolLog\SmtpSend

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Reference

Searching Transport LogsThere is no built in tool in Exchange 2010 to search or analyze the SMTP logs forExchange, but the LogParser tool from Microsoft can be used for this.

Example 1: Get all entries with a 550 eventlogparser "select [#Fields: date-time] as date-time, REVERSEDNS(EXTRACT_PREFIX(remote-endpoint,0,':')) as RemoteSendingHost,data from RECV*.log Where data like'550%'" -i:csv -nSkipLines:4 -o:datagrid This example will return all entries that have an SMTP code of 550, using the GUI datagrid for output. It will also do a reverse DNS lookup on the sending IP address

Example 2: Get all non 220,221, or 250 eventslogparser "select [#Fields: date-time] as date-time, REVERSEDNS(EXTRACT_PREFIX(remote-endpoint,0,':')) as RemoteSendingHost,data from RECV*.log Where data NOT like '250%' AND data NOT like '220%' AND Data NOT Like '221%' AND event = '>'" -i:csv -nSkipLines:4 -o:datagrid This example returns results for any receive command, data line, that doesn’t start with 220, 221, or 250.

Example 3: All message received from @yahoo.com on 4/16/2011 or 4/17/2011logparser "select [#Fields: date-time] as date-time, REVERSEDNS(EXTRACT_PREFIX(remote-endpoint,0,':')) as RemoteSendingHost,data from RECV20110416*.log,RECV20110417*.log Where data Like '250%yahoo.com%' AND event = '>'" -i:csv -nSkipLines:4 -o:datagrid

Example 4: All message received in March 2013logparser "select REVERS`EDNS(EXTRACT_PREFIX(remote-endpoint,0,':')) as RemoteSendingHost,data from RECV201303*.log Where data like 'MAIL FROM%'" -i:csv -nSkipLines:4

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations ReferenceExample 5: Find all messages sent to AOL’s IPslogparser "select [#Fields: date-time] as date-time, data from SEND20130513*.log Where remote-endpoint Like '205.188.%'" -i:csv -nSkipLines:4 -rtp:-1 The –rtp:-1 tells logpaser to not pause after 10 lines, default. This command will also dump the output to

the command line.

General info Blog: Logging SMTP Protocol Activity in Exchange 2010 and Exchange 2007 TechNet: Understanding Protocol Logging – Includes details on each field

GUI for LogParser: Log Parser Lizard ($20)

Blogs posts on Logparser EHLO: Advanced Exchange 2007 Transport Logs Troubleshooting using Log Parser

- Part 1 Using the Logparser Utility to Analyze Exchange/IIS Logs LogParsing with Exchange SMTP Protocol Log SMTP Log Parsing – Includes a script that ask for basic info and then calls

LogParser and then color codes the output Blog post with examples:

http://info.izzy.org/Blog/archive/2011/12/20/Exchange_2010_SMTP_Logs.aspx Examples: LogParser from MS – Format/fields have changed from 2003 & 2007,

so these examples may not work on 2010 Links and other info: Issues & Tips: MS log parser tool - Get data out of

logs quickly!

Searching Forefront Protection for Exchange LogsForefront logs to the x:\Program Files (x86)\Microsoft Forefront Protection for Exchange Server\Data\FSEAgentLog folder A new log is generated daily and it's in theExchange Agent log format.

Launch the “Forefront Management Shell” under the “Microsoft Forefront Server Protection” Program Group.

Usage details on Get-FseIncidentGet-FseIncident -full

Get incidents from *@aol.com to juser@company.com Get-FseIncident | where-object {$_.SenderAddress -like '*@aol.com' –And

$_.RecipientAddresses -eq ‘juser@company.com'} | fl

Get incidents since 2/10/2012 from *yahoo.comVersion: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations ReferenceGet-FseIncident -Filter "DetectionTime > 2012-02-10" | where-object {$_.SenderAddress -

like '*yahoo.com'} | ft SenderIP, SenderHost, SenderAddress, RecipientAddresses, Subject, IncidentName –wrap

Get incidents since 2/10/2012 to joe@company.com Get-FseIncident -Filter "DetectionTime > 2012-02-10" | where-object {$_.RecipientAddresses

-eq 'joe@company.com'} | ft SenderIP, SenderHost, SenderAddress, Subject, IncidentName –wrap

Get top 50 Spammers, ordered by CountGet-FseIncident | Group-Object SenderIp | sort-Object count -Descending | Select-Object Name, Count -First 50

Top 100, ordered by IPGet-FseIncident | Group-Object SenderIp | sort-Object count –Descending | Select-Object Name, Count -First 100 | Sort-Object name

Get incidents from 10/20/2008 1:20 and 10/20/2008 23:30Get-FseIncident -Filter "DetectionTime BETWEEN 2008-10-20T01:20:00.00 AND 2008-10-20T23:30:00.00"

Get incidents since 2/13/2012 0:00Get-FseIncident –Filter "DetectionTime > 2012-02-13”

Enable spam incident logging (Enabled by default)Set-FseLoggingOptions -EnableTransportSpamIncidentLogging $True

Get Exchange Agent Logs Data for messages from yahoo.com in the last 2 daysGet-AgentLog -StartDate (Get-Date).AddDays(-2) | ?{$_.P1FromAddress -like '*yahoo.com'} |

ft IPAddress, P1FromAddress, Recipients, Agent, ReasonData

Also see the “Monitoring Forefront Protection 2010 for Exchange Server” document.

TechNet: Forefront Protection 2010 for Exchange Server cmdlets Forefront Protection 2010 for Exchange Server Operations

Additional InformationA) TechNet

1) Set-TransportServer2) Understanding Protocol Logging 3) Configure Protocol Logging

B) Blog: How to analyze Exchange Server SMTP log files in Microsoft ExcelC) Check IPs to see if they are black listed here

1) http://www.mxtoolbox.com/blacklists.aspx

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Reference2) http://www.dnsbl.info/dnsbl-database-check.php

Mail Flow Troubleshooter (ExTRA)In EMC under Toolbox\Mail Flow Troubleshooter

The Mail Flow Troubleshooter assists you in troubleshooting common mail flow problems. You can diagnose a problem by selecting the symptoms observed. Based onthe symptoms, the tool walks you through the correct troubleshooting path. It shows an analysis of possible root causes and provides suggestions for correctiveactions.

PINGs, checks ports, services, and send test messages

Delivery Reports (Message tracking for end-users)Exchange 2010 Delivery Reports

http://msexchangeteam.com/archive/2010/01/13/453792.aspx http://msexchangeteam.com/archive/2009/06/08/451562.aspx

Test Message Delivery<TO DO> Need to test further, have been unable to get this to work yet.The Test-Message cmdlet can be used to send a test message that will go through the transport hubs and get delivered to a mailbox, but will be deleted before it will show up in the mailbox. So Inbox rules and distribution list can be also be tested with it.

For more details see this article: Test-Message Improvements in Exchange 2010 Sp1

1. Grant “Support Diagnostics” role to Org ManagementNew-ManagementRoleAssignment -Role "Support Diagnostics" -SecurityGroup

"Organization Management"2.

E)Checking Database Replication StatusTechNet: Monitoring High Availability and Site Resilience for more commands and informationTechNet: Managing Mailbox Database Copies

Get status of a single databaseGet-MailboxDatabaseCopyStatus <DB> | ft name, status, CopyQueueLength, ReplayQueueLength,

contentIndexState, LastInspectedLogTime

Get status of all databasesGet-MailboxDatabase | Get-MailboxDatabaseCopyStatus | ft name, status, CopyQueueLength,

ReplayQueueLength, contentIndexState, LastInspectedLogTimeExclude healthy and mounted copies

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations ReferenceGet-MailboxDatabase | Get-MailboxDatabaseCopyStatus | Where-Object {$_.Status -ne

"Healthy" -and $_.Status -ne "Mounted" -or $_.ContentIndexState -eq "Failed"} | ft name, status, CopyQueueLength, ReplayQueueLength, contentIndexState, LastInspectedLogTime

Get status of replication infrastructureCD $EXScriptGet-MailboxServer | Test-ReplicationHealthAll servers and checks should have “Passed” for Result

Failed Database ReplicaIf a Get-MailboxCopyStatus cmdlet returns “Failed” for “Status”, and the server is operating normally, run the following command:Update-MailboxDatabaseCopy -Identity "<DB>\<Server>" -DeleteExistingFiles See How to Reseed a Failed Mailbox Database Copy in Exchange Server 2010 for more details.

Fixing Failed Content IndexThere should be an ExchangeStoreDB Event ID 123 generated on the server with the failed content index. A failed content index will prevent database failover from occurring, in addition from preventing on-line (Outlook or OWA) searches from working if the active copy has a failed content index.

You can get the status of database using the cmdlet in Get status of all databases.

If a Get-MailboxCopyStatus cmdlet returns “Failed” for “ContentIndexState” run the following command:Get-MailboxDatabase | Get-MailboxDatabaseCopyStatus | ? {$_.ContentIndexState -eq

"Failed"} | Update-MailboxDatabaseCopy -CatalogOnly

After doing this you can active this database on another server, if needed. It’s a bit common for the context index for a database to get corrupted when there is a storage or server failure. The context index isn’t repaired automatically from other copies or transaction logs, like the mailbox databases are. See for the script to redistribute databases if this is needed.

F)General Database ManagementMicrosoft made significant changes to the database structure in Exchange 2010 andthe maintenance process, so what was valid or needed in Exchange 2003 or 2007 is probably vastly different or not needed anymore. See TechNet: New Exchange Core Store Functionality for more details.For more details on database maintenance see this EHLO blog post: Database Maintenance in Exchange 2010 This is a MUST READ if you want to know many important things about Exchange 2010 automatic database

maintenance!

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations ReferenceCurrent free space in databasesGet-MailboxDatabase -Status | ft Server, Name, DatabaseSize, AvailableNewMailboxSpace

Off-line defragThis not be needed in normally, any free space in the EDB will be used for new data and the recommended method to reclaim disk space is to move all mailboxes off of a database and remove the old database. Exchange 2010 continuously defragments and reorganized databases to keep the data contiguous during idle I/Operiods.When an off-line defrag is carried out a temporary database is created and data is copied into it and then it is renamed. Therefore, the database signature and structure will be different and existing transaction logs and replicas (DAG copies) will be invalid. So after an off-line defrag existing differential based backups, of logs files, cannot be used and replicas must be reseeded.For more details see Blog: Eseutil Switches: Offline Defragmentation of a DatabaseEseutil /d “<database>.edb”

G)Offline Address BookBlog series: The Offline Address Book1) Make sure the database has an OAB set2) Check distribution methods of OAB under \Org\Mailbox

a) Web – Outlook 2007 & 2010 b) Public Folders – Outlook 2010 and earlier

3) Check URLs under Server\Client Access\OAB4) Check URL using the “Test E-mail AutoConfiguration” option in Outlook 2007+

clients and verify URL 5) Update OAB and check for errors6) Restart “Microsoft Exchange File Distribution” service7) Recreate OAB VD

a) Export settingsGet-OABVirtualDirectory -Identity "OAB (Default Web Site)" | fl | Out-File -filePath

"C:\OAB_DefWS_Settings.txt"b) Remove OAB VD

Remove-OABVirtualDirectory -Identity "OAB (Default Web Site)"c) Create new OAB VD

New-OABVirtualDirectory -RequireSSL $true -ExternalURL "https://mail.company.com/OAB"

d) Configure new OAB VD Settings 8) Increase logging on \Server\Client Access

a) Set “MSExchangeSA\OAL Generator” to Medium Set-EventLogLevel –Identity “<SERVER>\MSExchangeSA\OAL Generator” –Level Medium

b) Set MSExchangeFDS\FileReplication and General to HighSet-EventLogLevel –Identity <SERVER>\MSExchangeFDS\FileReplication –Level HighSet-EventLogLevel –Identity <SERVER>\MSExchangeFDS\General –Level High

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Reference

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Reference

H)Public FoldersGeneral Information: Exchange 2010 Public Folders

Get list of replicas:Get-PublicFolder -recurse |fl name,replicas

For System Folders: Get-PublicFolder -recurse \non_ipm_subtree |fl name, replicas

Check for a specific replicas:Get-PublicFolder -Recurse | Where-Object {$_.Replicas -notcontains 'Public Folders CST'} |fl name,replicas

This will return any public folder that is not set to replicate to the 'Public Folders CST' database

Get folders with more than 0 items:Get-PublicFolder -Identity '\' -Recurse | Get-PublicFolderStatistics | Where-Object {$_.ItemCount -gt 0} | fl name, ItemCount

No items:Get-PublicFolder -Identity '\' -Recurse | Get-PublicFolderStatistics | Where-Object {$_.ItemCount -eq 0} | ft name, ItemCount

I)Key eventsBlog: Log Management 101 for Exchange 20101) Setup custom view that hides any “normal” warning or error events and ones you

already know the resolution too2) AD Issues

a) Unable to find DC: 1b) Unable to query all DC needed: 2104

3) Resourcesa) Disk full: 1003b) Backpressure warning: 15004c) Backpressure failure: 15006

4) Databasea) Forcefully dismounted: 127b) Inconsistent record: 252c) Not redundant copies of DB: 4113d) Too large to finish checksumming in seven days: 733 or 735e) I/O Time outs exceeded: 10025 (server), 10026 (database), 10027 (mailbox)

5) CASa) CAS unable to connected to MBX server: 1022

6) ESE Hung I/O

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Referencea) Extensible Storage Engine (ESE) detects when I/O is hung and to take

corrective action to automatically recover the server.b) If an I/O for a database is outstanding for more than one minute, ESE logs

an eventc) If a database has an I/O outstanding for greater than 4 minutes, ESE logs a

specific failure event, if it’s possible to do sod) ESE events : 507, 508, 509, or 510 may or may not be loggede) If the events are logged MSExchangeRepl.exe intentionally terminates the

wininit.exe process to cause a bugcheck of Windows7) ESE also monitors the crimson channel by verifying that the event log can be

written toa) If writing to the event log fails for a long period of time, MSExchangeRepl

intentionally causes a bugcheck of Windows by terminating wininit.exe

J)PowerShell “reports”1) Useful Scripts

a) Get size details on mailboxes > 100MB with column formattingi) http://izzy.org/scripts/Exchange/Admin/Get-MBSize.ps1

b) Get size of mailbox database, exports information to .TXT file and consolei) http://izzy.org/scripts/Exchange/Admin/Get-DBSizeInfo.ps1

c) Create mailboxes based on input filei) http://izzy.org/scripts/Exchange/Admin/Create-MailUsers-CSV.ps1

d) Get mailbox size and AD attributes of the associated user accounti) http://info.izzy.org/Wiki/GetMailBoxInfo.aspx ii) http://izzy.org/scripts/Exchange/Admin/GetMailboxInfo.ps1

e) Get all SMTP address for all usersi) http://izzy.org/scripts/Exchange/Admin/GetAddressess.ps1

f) GUI Mailbox size reporti) http://izzy.org/scripts/Exchange/Admin/mbsizereportv6.ps1 ii) Script from Glen Scales - Blog: http://www.gsexdev.blogspot.com/ iii) Post http://gsexdev.blogspot.com/2010/03/mailbox-size-gui-exchange-

2010-remote.html 2) Additional Readings

a) Blog: Use PowerShell to Create an Exchange 2010 Database Reportb) Blog: Exchange 2010 Database Statistics with PowerShellc) Blog: Mailbox Size Gui - Exchange 2010 Remote PowerShell versiond) Steve Goodman's Exchange Blog e) Glen Scales PowerShell Blog Posts

K)Exchange Performance1) Key Performance counters to monitor

See 5 Performance Counters to Monitor on Your Exchange Servers for details on the first fivea) Processor\% Processor Time

i) Should average below 40% in most environmentVersion: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Referenceii) Servers in a DAG should have enough capacity to handle all the active

mailboxes database during a failure eventb) Processor\Queue Length

i) Should be below 5 in most environmentsc) Memory\Available Mbytes

i) Should be above 100 MB at all timesd) Memory Pool\Pages Bytes

i) No set threshold, but should stay about the same after a server has been running for a couple of business days

e) Physical Disk\Average Disk Queue Lengthi) Should average below 2 in most environments, with DAS should average

below the number of spindles being used f) Physical Disk\Avg. Disk sec/Transfer

i) Should average below 20ms with peaks under 50ms (100ms is OK, but should be very limited) on active copy

2) TechNet: Performance and Scalability Counters and Thresholds – Includes list ofthresholds

3) Exchange Team (EHLO) Bloga) Performance and Threshold Counters for Exchange Server 2010 XLS

4) For administrators who do not use System Center Operations Manager to monitor their Exchange 2010 environment, a thorough understanding of the most importantperformance counters and their thresholds is critical to establishing a performance baseline and monitoring plan to proactively monitor your Exchange 2010 environment and troubleshoot and resolve issues when they arise.a) Performance troubleshooting basics

5) Script to setup performance counters remotely http://izzy.org/scripts/bat/GetServerInfo/ a) Wiki Page: GetServerInfo

6) Exchange Performance Troubleshooter in EMC7) Blog: Exchange Server 2010 : Track Exchange Performance (part 1) - Use the

Performance Tools Available

Version: 1.25 Last Updated: 5/28/2013 P a g e |

Exchange 2010 Operations Reference

L)TMG, EDGE, & FPE NotesIf TMG, EDGE, and Forefront Protection for Exchange are all installed on the sameserver management of settings must all be done in TMG or FPE. TMG will then configure Exchange and FPE as needed. Any changed made in Exchange EDGE or FPE will be overwritten otherwise.

Transport/connector and Anti-Spam/Virus/Malware settings must be managed in TMG

This blog post is essential reading with this configuration:Installing and Configuring the Email Hygiene Solution on the TMG 2010 Firewall

Additional reading: Microsoft White Paper: Publishing Exchange 2010 with Forefront UAG 2010 and

Forefront TMG 2010 Publish Exchange 2010 with TMG (Forefront Threat Management Gateway) Using Mail Protection with Exchange EdgeSync on Forefront TMG

M)Active SyncGet Active Sync device info for all usersGet-CASMailbox -Filter {HasActiveSyncDevicePartnership -eq $true} | Select Name | Foreach{Get-ActiveSyncDeviceStatistics -Mailbox $_.Name | ft DeviceUserAgent, DeviceType, DeviceModel, DeviceOS, LastSuccessSync}

N)PowerShell Related UtilitiesSyntax highlighting editor: Programmer’s Notepad (Free)Additional PowerShell cmdlets for AD: Quest ActiveRoles Shell for AD (Free)GUI PowerShell script editors: PowerGUI (Free)

Version: 1.25 Last Updated: 5/28/2013 P a g e |