OWA 2010 change password

If you want your users to be able to change their expired passwords in Outlook Web App 2010, you must change the registry on all your CAS servers. For the change you can use the following .REG file and double-click it:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSExchange OWA]
@="Automatically managed by Exchange"
"ChangeExpiredPasswordEnabled"=dword:00000001

Or run the following command:

REG ADD "HKLM\SYSTEM\CurrentControlSet\services\MSExchange OWA" /v ChangeExpiredPasswordEnabled /t REG_DWORD /d 1

You will need to do iisreset after making those changes.

Another move mailbox script

This script will get mailboxes from a specified database and moves them around to other databases one-by-one and shows progress in PowerShell window.

while (get-mailbox -database mail*)
    {
    "starting hard work"
    if (get-moverequest)
        {
        "got existing move requests, not starting a new one"
        }
    else
        {
        "starting a mailbox move"
        $var1 = get-mailbox -database mail*
        $var2 = $var1 | Get-MailboxStatistics
        $var3 = $var2 | sort itemcount
        New-MoveRequest $var3[0].Displayname
        "started a mailbox move"
        }
    while (get-moverequest)
        {
        for ($i=1; $i -le 60; $i++)
            {
                Write-Host "." -nonewline
                sleep 1
            }
        Write-Host
        get-moverequest | Get-MoveRequestStatistics | select displayname,bytestransferred,bytestransferredperminute,itemstransferred,totalmailboxitemcount,percentcomplete
        if (get-moverequest -movestatus completed)
            {
            "got a completed move request"
            get-moverequest -movestatus completed | select -first 1 | remove-moverequest -confirm:$false
            "deleted that completed request"
            }
        }
    "no ongoing move requests"
    }
"no mailboxes left to move"

Reduce the number of move requests

At a previous post (http://raunomagi.blogspot.com/2012/06/display-move-request-statistics-on.html) I found out that resuming all move-requests at once is probably not the best idea. First I would suspend all move requests and then start only few of them. Using the following script I will find completed ones and delete those requests and start new ones (in order small mailboxes –> huge mailboxes). Then the list gets smaller quicly, but last items will to their work quite long time.

while (get-moverequest)
{
if (get-moverequest -movestatus completed)
{
"get one completed move request"
get-moverequest -movestatus completed | select -first 1 | remove-moverequest -confirm:$false
"deleted that completed request, trying to find a suspended request to resume"
get-moverequest -movestatus suspended | Get-MoveRequestStatistics | sort totalmailboxsize | select -first 1 | foreach {Resume-MoveRequest $_.displayname}
"move request having smallest mailbox size is resumed"
}
"now sleeping a minute"
for ($i=1; $i -le 60; $i++)
{
Write-Host "." -nonewline
sleep 1
}
Write-Host
"waking up"
}
"seems like everything is done now"

Display move request statistics on Exchange 2010

When all your mailboxes are being transmitted to new mailbox database with the option -SuspendWhenReadyToComplete, you may need to get information, how many mailboxes are at the final stage, and how many are in the progress or queued. This command is quite helpful:

Get-MoveRequest | group status

In the off-hours you can execute the following command to finalize the moves:

Get-MoveRequest | ?{$_.status -eq "autosuspended"} | Resume-MoveRequest

Remember that in Exchange 2010 mailboxes will be accessible during the migration, and only during the final phase they will be briefly inaccessible (when CAS server is the same on both source and destination database, then even on last stage Outlook will remain connected).

Remove mailbox Full Access permission (hide mailbox in Outlook 2010)

Outlook 2010 introduces a nice feature. When you add a full access permission to a user for a mailbox (Recipient Configuration/Mailbox right click on specific user),

then this mailbox will be visible automatically in Outlook (not instantly, but at least after Outlook restart and waiting for few seconds).

But when you remove the Full Access permission using Exchange Management Console, strangely two commands are issued:

1. First command removes the permission and
2. Second one adds the DENY permission.

It wouldn’t be a problem, but Outlook still shows the extra mailbox and doesn’t allow to remove it. The solution is to remove this permission using Exchange Management Shell:

Remove-MailboxPermission user1 -User user2 -AccessRights FullAccess

Where user1 is the extra mailbox displayed in your Outlook (for example a room mailbox) and user2 is your mailbox. After closing and opening the Outlook (or waiting several minutes/hours without closing) the extra mailbox will disappear.

Portraits of users from Active Directory shown in Outlook 2010

To make users more happy, you can upload pictures to Active Directory, to be shown in Outlook (it’s stored on thumbnailphoto attribute on users and distribution lists):

A nice tool for this is Exclaimer Outlook Photos (http://bit.ly/Mg4efT). But a problem is, that this software uses by default PNG format for uploading photos. You should change this to JPG, so you won’t run into problems when using photos later with SharePoint.

To analyze pictures already uploaded (to see, whether its JPEG/JPG or PNG), you can run a little PowerShell command on your domain controller:

get-aduser -LDAPFilter "(thumbnailphoto=*)" -Properties thumbnailphoto | ft name,thumbnailphoto

This will list all user objects having thumbnailphoto present. When thumbnailphoto starts with 255, it’s probably JPG. 137 in the beginning of thumbnailphoto is probably PNG file.

Also groups can have pictures, although they are not visible everywhere in Outlook, but when an e-mail is being viewed, the picture is present (as the first picture in this post). For groups listing the command is as follows:

get-adgroup -LDAPFilter "(thumbnailphoto=*)" -Properties thumbnailphoto | ft name,thumbnailphoto

Dynamic distribution lists don’t have thumbnailphoto attribute in AD schema, so try to minimize using those lists.

Change Send Connector outgoing port number on Exchange 2010

Imagine a situation, where a custom application in your internal LAN receives e-mail, but with different e-mail domain as your default and with a custom port. Then you will need a send connector in Exchange configuration. This can be easily done using Exchange Management Console (Organization\Hub Transport\Send Connectors):

After creating the connector, you don’t find any option for changing the port used for sending the e-mail in graphic interface.

The port still can be changed, but with Exchange Management Shell:

Get-SendConnector custom | Set-SendConnector -Port 1025

Where’s “custom” is your send connectors name and 1025 is port used to send e-mails to this domain.

Single Outlook Offline Address Book limitation!

Outlook uses Active Directory for recipient name resolution, when online. When Outlook is offline, then name resolution is done using Offline Address Book (OAB).

OAB includes by default only Global Address List:

When selecting “All Rooms”, then this message is displayed:

If you try to avoid this situation, you probably figure out, that you can include other address lists on OAB, shown in the following picture (Organization\Mailbox\Offline Address Book in Exchange Management Console):

After adding other address books, you can download OAB-s using Outlook:

But problem is, that you can have only one OAB active in Outlook. So, if you choose to download “All Rooms”, then you cannot send e-mails to other users or distribution groups. To be specific – you cannot check names, autocomplete works. Automatic download seems to choose random OAB. That’s bad.

I recommend to choose following (default) setting on OAB-s configuration on server side (Organization\Mailbox\Offline Address Book in Exchange Management Console):

Disable Outlook network connectivity balloon with Group Policy

As an administrator you might want to give users smoother Outlook experience by disabling messages like “Connection to Microsoft Exchange has been lost…”

and “Connection to Microsoft Exchange has been restored”

To disable this message you should right-click Outlook tray icon and uncheck “Show Network Connectivity Changes”

After closing Outlook, the following registry key is created:

[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Display Types\Balloons]
"NetConn"=dword:00000000

To do it to all users, it’s easier to create a new Group Policy and assign it to all users. Group policy preferences is the right thing to do plain registry changes. Locate User Configuration\Preferences\Windows Settings\Registry and create a new registry item there.

If you want administrators to be notified about Exchange Server connection information, then you should apply this policy only to normal users. After Group Policy is in effect (you can speed it up with gpupdate /force on client machine), then Outlook needs to restarted to see the check box change.

Make Outlook/Exchange 2010 resource booking more informative

To make Outlook/Exchange 2010 booking more informative, you can:

• Include custom message on responses sent to meeting requests.

get-mailbox resourcename | Set-CalendarProcessing -AddAdditionalResponse:$true -AdditionalResponse:"<a href=http://yourinformationserver/>Instructions how to use the resource</a>"

• Additionally you can use mailtips to warn people in advance, even before sending the meeting request.

get-mailbox resource | set-mailbox -mailtips "this resource doesn’t contain video projector"

When testing mailtips, use the outlook address book speed-up procedure LINK. Outlook need to download the latest address book and it caches the received information – so to see changed mailtip, you need to close and re-open Outlook