Gettign rid of certificate warning errors for Outlook in Exchange 2007 2010

You may see an Outlook error “The name of the security certificate is invalid or does not match the name of the site.” if you order a UCC cert.  This is because you cannot add your internal server names to the certificate.  Therefore, it is necessary to change where Outlook clients connect.
Set-ClientAccessServer –Identity cas –AutodiscoverServiceInternalUri
Set-WebServicesVirtualDirectory –Identity “EWS (Default Web Site)” –InternalUrl
Set-OABVirtualDirectory –Identity “oab (Default Web Site)” –InternalUrl
If you are utilizing the Unified Messaging Service (UMS), you will also need to input the following:
Set-UMVirtualDirectory –Identity “unifiedmessaging (Default Web Site)” –InternalUrl

Users cannot manage distribution groups that they are owners of in Exchange 2013

If you have recently ran across an issue where users are unable to manage a distribution group in Outlook or Exchange even though you have made them owners of this group it is by design.  By default users in Exchange 2013 are assigned to the “Default Role Assignment Policy”.  This role does not have the permissions to edit group ownership even if they are owner’s of the distribution group.  In order to fix this you must login to the ECP by going to https://servername/ecp  Once here go into the permissions on the left hand side.
distribution groups i own
Click on admin roles in my instance I just assigned my user Recipient Management rights since they are an administrator level employee.  This resolves the issue.
If all of the following hold true then you can also just download and run this Powershell script.

  • I want my users to be able to manage distribution groups they own.
  • I don’t want them to be able to create distribution groups.
  • I don’t want them to be able to remove distribution groups even if they do own them.

# Script for creating a Role that can manage distributions groups but can’t create new ones
# The sample scripts are not supported under any Microsoft standard support
# program or service. The sample scripts are provided AS IS without warranty
# of any kind. Microsoft further disclaims all implied warranties including, without
# limitation, any implied warranties of merchantability or of fitness for a particular
# purpose. The entire risk arising out of the use or performance of the sample scripts
# and documentation remains with you. In no event shall Microsoft, its authors, or
# anyone else involved in the creation, production, or delivery of the scripts be liable
# for any damages whatsoever (including, without limitation, damages for loss of business
# profits, business interruption, loss of business information, or other pecuniary loss)
# arising out of the use of or inability to use the sample scripts or documentation,
# even if Microsoft has been advised of the possibility of such damages
# Written by Matthew Byrd
# Last Updated 10.15.09

# Parameter to get a different name than default for the new Role
Param([string]$name=”MyDistributionGroupsManagement”,[string]$policy=”Default Role Assignment Policy”,[switch]$creategroup,[switch]$removegroup)
# Help Function
Function Show-Help {

This script is will create or manage a management role designed to allow users to modify groups that they already own
but not create or remove any new distribution groups.
-name           Name of the managment role you want to create or modify
Defaults to: `”MyDistributionGroupsManagmenet`”
-policy         Name of the Role Policy you want to assign the role to
Defaults to: `”Default Role Assignement Policy`”
-creategroup    Adds or Removes the ability of the Role to Create DLs
-removegroup    Adds or Removes the ability of the Role to Remove DLs
This will Use the default names and Policy and will create a role that cannot
Create or remove groups but can still modify them.  If the role already exists
It will modify it by removing or adding the abiltity to create and remove groups
based on the current state.
Manage-GroupManagementRole -CreateGroup -RemoveGroup

# Function to modify a role by removing or adding Role Entries
# If no action is passed we assume remove
# $roleentry should be in the form RoleRoleentry e.g. MyRoleNew-DistributionGroup
Function ModifyRole {
Switch ($action){
Add {Add-ManagementRoleEntry $roleenty -confirm:$false}
Remove {Remove-ManagementRoleEntry $roleenty -confirm:$false}
Default {Remove-ManagementRoleEntry $roleenty -confirm:$false}
If (($creategroup -eq $false) -and ($removegroup -eq $false)){
# Test if we have a role that already has that name
If (([bool](Get-Managementrole $name -erroraction Silentlycontinue)) -eq $true){
Write-Warning “Found a Role with Name: $name”
Write-Warning “Trying to Modify Existing Role”
Else {
# Create the new Management Role
Write-Host “Creating Managmenet Role $name”
New-ManagementRole -name $name -parent MyDistributionGroups
# Determine if we have the New and Remove Role Entries on the Role Already
$create = [bool](Get-managementroleentry $nameNew-DistributionGroup -erroraction Silentlycontinue)
$remove = [bool](Get-managementroleentry $nameRemove-DistributionGroup -erroraction Silentlycontinue)
# If we have the switch CreateGroup add or remove the RoleEntry for New-DistributionGroup
If ($creategroup -eq $true){
If ($create -eq $true){ModifyRole $nameNew-DistributionGroup Remove;Write-Host “Removing ability to create distribution Groups from $name”}
elseif ($create -eq $false) {ModifyRole $nameNew-DistributionGroup Add;Write-Host “Adding ability to create distribution Groups to $name”}
# If we have the switch RemoveGroup add or remove the RoleEntry for New-DistributionGroup
If ($removegroup -eq $true){
If ($remove -eq $true){ModifyRole $nameRemove-DistributionGroup Remove;Write-Host “Removing ability to create distribution Groups from $name”}
elseif ($remove -eq $false) {ModifyRole $nameRemove-DistributionGroup Add;Write-Host “Adding ability to create distribution Groups to $name”}
# Test if we have the assignment for the Role and Policy
# If we do … write a warning
# If not create a new assignment
If (([bool](get-managementroleassignment $name-$policy -erroraction SilentlyContinue)) -eq $true){
Write-Warning “Found Existing Role Assignment: $name-$policy”
Write-Warning “Making no modifications to Role Assignments”
Else {
# Assign the Role to the Role Policy
Write-Host “Creating Managmenet Role Assignment $name-$policy”
New-ManagementRoleAssignment -name ($name + “-” + $policy) -role $name -policy $policy

If you just installed Exchange 2013 and you have an Exchange 2010 mailbox you cannot access EAC you get the old ECP management

If you just installed Exchange 2013 and you try to go to http://ServerName/ecp you’ll notice that you get the old Exchange 2010 interface and cannot manage your Exchange 2013 server.  There is a simple fix for this just simply use the following url syntax.

How to setup the Samsung S3 for Exchange Account

Setting up a Samsung SIII for an Exchange server can be a little tricky.  But with these steps it will help you get it done.
First you want to click on your bottom right menu button on your phone you will get a menu, select settings.
Once in settings select add account.
Now select Microsoft Exchange Activesync.
On the Exchange server settings window you will want to use the same login and password that you would use when you login to your web interface or OWA to normally check your email.  It is also the same domainusername that you use when you login to your PC.  For the Exchange server name use the name in the URL from OWA.
Click ok on this next screen.
On the next screen you can set your preferences but here is a guide.
optionsOnce you have successfully set it up you now need to look for an email icon on your phone.

Exchange 2010 how to view a users folders sizes in Powershell

If you have a user who is receiving the following message:
“The recipient’s mailbox is full and can’t accept messages now. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message later, or contact the recipient directly.”
They might be asking you what is taking up so much space.  There is a simply Powershell command you can run that will generate what folders are consuming the space.
Get-MailboxFolderStatistics -id | sort-object foldersize -descending | FT folderpath, foldersize, itemsinfolder -autosize
This will return something like this which you can give to the end user.
FolderPath                            FolderSize                    ItemsInFolder
———- ———- ————-
/Sent Items/Inbox                     1.793 GB (1,925,310,217 bytes)         16941
/Deletions                           1.046 GB (1,123,250,629 bytes)         10579
/Inbox                               865.8 MB (907,805,987 bytes)            7326
/Sent Items                          240.6 MB (252,339,324 bytes)            3194
/Sent Items/Deleted Items             45.5 MB (47,705,521 bytes)              672
/Recoverable Items                   8.272 MB (8,674,112 bytes)             2208
/Calendar                             5.487 MB (5,753,889 bytes)              1095
/Top of Information Store             3.216 MB (3,372,347 bytes)               38
/Drafts                              1000 KB (1,024,409 bytes)                18
/Contacts                             8.507 KB (8,711 bytes)                   20
/Deleted Items                        323 B (323 bytes)                         1
/Junk E-mail                          138 B (138 bytes)                          1
/Purges                               0 B (0 bytes)                             0
/Versions                             0 B (0 bytes)                              0
/Tasks                               0 B (0 bytes)                             0
/Journal                             0 B (0 bytes)                             0
/Conversation Action Settings         0 B (0 bytes)                             0
/Outbox                               0 B (0 bytes)                              0
/Notes                                0 B (0 bytes)                             0

All of my Exchange 2010 services are stopped and disabled. Have I been hacked?

Recently Microsoft release Exchange service pack 1 rollup 7 unfortunatly this software was not tested. We have had multiple clients experience issues. To resolve follow the steps below or contact N2 Network Solutions.
Time and Material – 10.12.12 – exchange down
1.Set all exchange services to startup type according to default values:
2.Check/set World Wide Web Publishing Service startup to auto
3.Check/set IIS Admin Service startup to auto
4.Check/set Windows Management Instrumentation startup to auto
5.Check/set Remote Registry startup type to auto
6.Restart server (starting services themselves did not seem to work properly)
7.Check System log for DistributedCOM 10016 error:
should it appear, find out which service is causing the problem by looking at HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CLSID in the log} (most likely IIS Admin Service), run component services->DCOM Config->IIS Admin Service, properties and set local launch permission for the user mentioned in the log (in my case IIS APPPOOLDefaultAppPool – just do add, paste the whole IIS APPPOOLDefaultAppPool and check names). Restat server. This should handle the DCOM problem.
8.should be able to access Exchange mgmt console.
9.Check if OWA works, actually if any IIS folders work (in my case IIS was running but returning error 500). In this case use this guide Reset Client Access Virtual Directories.

Removing the first Exchange 2010 database requirements

Run this command first
Set-AdServerSettings -ViewEntireForest $True
The first thing you must do is move all the mailboxes to another database. This can be accomplished via this command
get-mailbox –database “Database You’re trying to remove” | new-MoveRequest –targetdatabase “Database to move users to”
Now you must move the arbitration mailbox
get-mailbox –arbitration –database “Database You’re trying to remove” | new-MoveRequest –targetdatabase “Database to move users to”
You can now check the status of the mailbox move
Once they are all completed run this command to remove the request
get-moverequest | remove-moverequest
You can now remove your mailbox
Remove-mailboxdatabase –id “Database You’re trying to remove”

Outlook not finding Exchange 2010 server when trying to autoconfigure email

If you create your Mailbox database before the creation of a Client Access array or the installed a Client Access server within the Active Directory site, you’ll need to reconfigure the value of the RPCClientAccessServer property. If no Client Access server exists in the Active Directory site when the Mailbox database is created, the value of the RPCClientAccessServer property will be set to the FQDN of the Mailbox server. To configure the value of the RPCClientAccessServer property, use the following command.
Set-MailboxDatabase -RPCClientAccessServer
Once this command is ran reset IIS on your CAS server. Wait a few minutes and try Outlook again.

Deleting disconnected mailboxes in Exchange 2010

First you need to get a list of all the disconnected mailboxes –
Get-MailboxStatistics -Database “” | Where-Object {$_.DisconnectDate -Notlike $NULL} | FL DisplayName, DisconnectDate, MailboxGuid
Next step is to take the GUID of the account you want to delete and use this command –
Remove-Mailbox -Database “” -StoreMailboxIdentity

Changing the global catalog server for Exchange Server 2010

If you want to force the Exchange server to use a specific GC instead of letting the server automatically choose a GC, you can perform the following steps:
1.Open Exchange management console
2.Right click on “organization configuration” or “server configuration”
3.Select “modify configuration domain controller”
You can view which server Exchange is using by going to “server configuration”. Right click on your server name and select properties. Under the “system settings” tab you will find the servers being used by Exchange.