Sie sind auf Seite 1von 64

Exchange Server 2010 Mailbox Server

Backup and Recovery


*The

Exchange Server 2010 Mailbox server role is responsible for hosting the
mailbox and public folder databases in the organization. Mailbox servers can
be standalone, or members of a Database Availability Group.
*Of all the Exchange 2010 server roles the Mailbox server is the most
important to ensure a good backup and recovery strategy is in place.

WHAT NEEDS TO BE BACKED UP ON


MAILBOX SERVERS?
*

To create a strategy for backup and recovery of Exchange 2010 Mailbox


servers you should first understand where the server stores data and
configuration settings.
Active Directory the majority of the Mailbox server configuration is stored in
Active Directory.

Exchange 2010
Mailbox Server settings in Active Directory

The mailbox and public folder databases also have their configuration settings
stored in Active Directory.

Exchange 2010 Mailbox


Database storage quota settings in Active Directory

System State the system state of the Mailbox server stores information
such as the SSL certificates that are installed on the server (usually only a
self-signed certificate on dedicated Mailbox servers), and service
configuration information (eg dependencies and startup options). If there are
other applications also installed on the server then they will likely have
settings stored in the registry as well.
File System though the mailbox and public folder databases are stored on
the server file system they are not backed up using normal file system
backups. Instead they must be backed up with an Exchange applicationaware backup product that supports Volume ShadowCopy Service (VSS), for
example Windows Server Backup.

Databases the most critical data on an Exchange 2010 Mailbox server is


stored in the mailbox databases and public folder databases. These consist
of two basic parts; the database transaction logs, and the database file itself.
*The

Mailbox server backups are the most important of all of the Exchange
Server 2010 roles in an organization. At an absolute minimum the mailbox
and public folder databases must be backed up regularly to protect from data
loss. Although deploying a Database Availablility Group reduces this risk
somewhat due to the replication of data between multiple servers, I would
always recommend backing up the databases anyway.

*PLANNING THE MAILBOX SERVER


BACKUP
When you are planning your Exchange 2010 Mailbox server backup strategy
there are different techniques that you can consider depending on your
requirements.

BACKING UP EVERYTHING
A full system and database backup of the Exchange 2010 Mailbox server,
along with a working Active Directory, will have all of the required data to
recover the Mailbox server. Mailbox servers can have very large volumes of
data depending on the size of the organization, so full backups will take the
longest and consume the most backup storage.

BACKING UP THE MINIMUM


At a minimum the mailbox databases and public folder databases should be
backed up so that the Exchange 2010 Mailbox server can be recovered.
Depending on the backup application being used the system state and
system volume may also need to be included in the backup.

Exchange 2010 database backups can also be minimized by using


incremental or differential backups if the backup application supports them.
However a full backup is still required on a regular basis, and the use of
incremental and differential backups does increase recovery times.

BACKING UP NOTHING
It may be practical to perform no Mailbox server backups at all if:

An Exchange 2010 Database Availability Group has been deployed with


at least:

3 servers as members each with a copy of all databases in case


of single-host failure

2 physical locations to protect from site failure

1 lagged database copy in case of application-level corruption

2 Single Item Recovery is enabled to meet the RPO of the organization


3 Appropriate Roles-Based Access Control restrictions have been
implemented to prevent data loss by administrative error
If all of those conditions are true then Mailbox server backups may not be
required.
__________________________________________

Exchange 2010 ports - What firewall


ports need to be open

Hello Experts,
Trying to get some questions knocked out for my Exchange installation. I have been getting some
excellent help and I'll hopefully be closing many questions shortly.
Question: What outside internet ports need to be opened for Exchange 2010 to work behind a
firewall? I have port tcp 110, 25, 993,995, 563,80,443, 465
I'm reading this article http://technet.microsoft.com/en-us/library/bb331973.aspx
I don't have an Edge Transport Server so i would just be the Hub Transport server role connected
directly to the internet behind a firewall.
I also need to connect with OWA
Ans-For OWA/ActiveStn you would be using port 443

you need port 25 for your SMTP

you shouldnt need POP3 or IMAP but if you do then:

POP3 110
SSL-POP3 995
IMAP 143
IMAPS 993
SMTPS 465

____________

Email Ports

For networks, a port means an endpoint to a logical connection. The port number identifies what type of port it is.
Here are the default email ports for:
POP3 - port 110
IMAP - port 143
SMTP - port 25
HTTP - port 80
Secure SMTP (SSMTP) - port 465
Secure IMAP (IMAP4-SSL) - port 585
IMAP4 over SSL (IMAPS) - port 993
Secure POP3 (SSL-POP) - port 995

_____________

How to Change Your SMTP Port to Allow Sending Email


If you can't send email and you're using a commercial ISP (Comcast, ATT, Sprint, Verizon), they may be blocking
SMTP port 25. This port is standard for sending email. But it's also standard for sending spam, so ISPs often block it.
In order to send email again, you'll have to change to a different port number. PlanetMagpie recommends our clients
use either Port 2525 or Port 587.
Here's how to change the port number in your favorite email client. Instructions below are for Microsoft Outlook,
Outlook Express, Mozilla Thunderbird, Mac Mail and Eudora.

In Outlook
(NOTE: This how-to assumes you're using POP/SMTP for email. It does not apply if you're using Microsoft Exchange
for email.)

1.

Open Tools > Account Settings.

2.

Select your PlanetMagpie Email account from the list. Click Change.

3.

Click More Settings.

4.

Check the "My outgoing server (SMTP) requires authentication" box.

5.

Make sure that "Use same settings as my incoming mail server" is selected.

6.

Click the Advanced tab.

7.

Change the Outgoing Server field number from 25 to 2525. (If this doesn't work, repeat these steps and
change the number to 587.)

8.

Select "SSL" from the "Use the following type of encrypted connection" pull-down menu.

9.

Click OK.

10. Click Next until you reach the Finish button. Click Finish.

_____________________________

What is POP3 and which are the default POP3 ports


Post Office Protocol version 3 (POP3) is a standard mail protocol used to receive emails from a
remote server to a local email client. POP3 allows you to download email messages on your local

computer and read them even when you are offline. Note, that when you use POP3 to connect to
your email account, messages are downloaded locally and removed from the servers. This means
that if you access your account from multiple locations, that may not be the best option for you. On
the other hand, if you use POP3, your messages are stored on your local computer, which reduces
the space your email account uses on your web server.
By default, the POP3 protocol works on two ports:

Port 110 - this is the default POP3 non-encrypted port


Port 995 - this is the port you need to use if you want to connect using POP3 securely

What is IMAP and which are the default IMAP ports


The Internet Message Access Protocol (IMAP) is a mail protocol used for accessing email on a
remote web server from a local client. IMAP and POP3 are the two most commonly used Internet
mail protocols for retrieving emails. Both protocols are supported by all modern email clients and
web servers.
While the POP3 protocol assumes that your email is being accessed only from one application,
IMAP allows simultaneous access by multiple clients. This is why IMAP is more suitable for you if
you're going to access your email from different locations or if your messages are managed by
multiple users.
By default, the IMAP protocol works on two ports:

Port 143 - this is the default IMAP non-encrypted port


Port 993 - this is the port you need to use if you want to connect using IMAP securely

What is SMTP and which are the default SMTP ports


Simple Mail Transfer Protocol (SMTP) is the standard protocol for sending emails across the
Internet.
By default, the SMTP protocol works on three ports:

Port 25 - this is the default SMTP non-encrypted port


Port 2525 - this port is opened on all SiteGround servers in case port 25 is filtered (by
your ISP for example) and you want to send non-encrypted emails with SMTP
Port 465 - this is the port used, if you want to send messages using SMTP securely

_________________

SSL vs TLS vs STARTTLS


There's often quite a bit of confusion around the different terms SSL, TLS and STARTTLS.
SSL and TLS both provide a way to encrypt a communication channel between two
computers (e.g. your computer and our server). TLS is the successor to SSL and the terms
SSL and TLS are used interchangeably unless you're referring to a specific version of the
protocol.
STARTTLS is a way to take an existing insecure connection and upgrade it to a secure
connection using SSL/TLS. Note that despite having TLS in the name, STARTTLS doesn't
mean you have to use TLS, you can use SSL.

SSL/TLS version numbers


Version numbering is inconsistent between SSL and TLS versions. When TLS took over
from SSL as the preferred protocol name, it began a new version number, and also began
using sub-versions. So the ordering of protocols in terms of oldest to newest is: SSL v2,
SSL v3, TLS v1.0, TLS v1.1, TLS v1.2.
When you connect to an SSL/TLS encrypted port, or use STARTTLS to upgrade an existing
connection, both sides will negotiate which protocol and which version to use based on
what has been configured in the software and what each side supports.
Support for SSL/TLS is virtually universal these days, however which versions are
supported is variable. Pretty much everything supports SSL v3 (except a few very old Palm
Treo devices as we discovered). Most things support TLS v1.0. As at May 2012, support for
TLS v1.1 and TLS v1.2 is more limited.

TLS vs STARTTLS naming problem


One significant complicating factor is that some email software incorrectly uses the term
TLS when they should have used STARTTLS. Older versions of Thunderbird in particular
used "TLS" to mean "enforce use of STARTTLS to upgrade the connection, and fail if
STARTTLS is not supported" and "TLS, if available" to mean "use STARTTLS to upgrade

the connection if the server advertises support for it, otherwise just use an insecure
connection".

SSL/TLS vs plaintext/STARTTLS port numbers


The above is particularly problematic when combined with having to configure a port
number for each protocol.
To add security to some existing protocols (e.g. IMAP, POP, etc.), it was decided to just add
SSL/TLS encryption as a layer underneath the existing protocol. However, to distinguish
that software should talk the SSL/TLS encrypted version of the protocol rather than the
plaintext one, a different port number was used for each protocol. So you have:

IMAP uses port 143, but SSL/TLS encrypted IMAP uses port 993.
POP uses port 110, but SSL/TLS encrypted POP uses port 995.
SMTP uses port 25, but SSL/TLS encrypted SMTP uses port 465.

At some point, it was decided that having 2 ports for every protocol was wasteful, and
instead you should have 1 port that starts off as plaintext, but the client can upgrade the
connection to an SSL/TLS encrypted one. This is what STARTTLS was created to do.
There were a few problems with this though. There was already existing software that used
the alternate port numbers with pure SSL/TLS connections. Client software can be very
long lived, so you can't just disable the encrypted ports until all software has been
upgraded.
Mechanisms were added to each protocol to tell clients that the plaintext protocol supported
upgrading to SSL/TLS (i.e. STARTTLS), and that they should not attempt to log in without
doing the STARTTLS upgrade. This created two unfortunate situations:
1.

Some software just ignored the "login disabled until upgraded"announcement and
just tried to log in anyway, sending the username and password over plaintext. Even if
the server then rejected the login, the details had already been sent over the Internet
in plaintext.
2. Other software saw the "login disabled until upgraded" announcement, but then
wouldn't upgrade the connection automatically, and thus reported login errors back to
the user, which caused confusion about what was wrong.

Both of these problems resulted in significant compatibility issues with existing clients, and
so most system administrators continued to just use plaintext connections on one port
number, and encrypted connections on a separate port number.
This has now basically become the de facto standard that everyone uses. IMAP SSL/TLS
encrypted over port 993 or POP SSL/TLS encrypted over port 995. Many sites (including
FastMail) now disable plain IMAP (port 143) and plain POP (port 110) altogether so
people must use an SSL/TLS encrypted connection. By disabling ports 143 and 110, this
removes completely STARTTLS as even an option for IMAP/POP connections.

SMTP STARTTLS as an exception


The one real exception to the above is SMTP. However that's for a different reason again.
Most email software used SMTP on port 25 to submit messages to the email server for
onward transmission to the destination. However, SMTP was originally designed for
transfer, not submission. So yet another port ( 587) was defined for message submission.
Although port 587doesn't mandate requiring STARTTLS, the use of port 587 became popular
around the same time as the realisation that SSL/TLS encryption of communications
between clients and servers was an important security and privacy issue.
The result is that in most cases, systems that offer message submission over
port 587 requireclients to use STARTLS to upgrade the connection and also require a
username and password to authenticate. There has been an added benefit to this approach
as well. By moving users away from using port 25 for email submission, ISPs are now able
to block outgoing port 25 connections from users' computers, which were a significant
source of spam due to infection with spam-sending viruses.
Currently, things seem relatively randomly split between people using SMTP SSL/TLS
encrypted over port 465, and people using SMTP with STARTTLS upgrading over port 587.
___________________________________________

And the complete PORT LIST:


Transport Servers
Hub Transport server to Hub Transport server: 25/TCP (SMTP)
Hub Transport server to Edge Transport server: 25/TCP (SMTP)
Edge Transport server to Hub Transport server: 25/TCP (SMTP)
Edge Transport server to Edge Transport server: 25/TCP SMTP
Mailbox server to Hub Transport server via the Microsoft Exchange Mail Submission
Service:135/TCP (RPC)
Hub Transport to Mailbox server via MAPI: 135/TCP (RPC)
Unified Messaging server to Hub Transport server: 25/TCP (SMTP)
Microsoft Exchange EdgeSync service from Hub Transport server to Edge Transport
server:50636/TCP (SSL)

Active Directory access from Hub Transport server: 389/TCP/UDP (LDAP), 3268/TCP (LDAP
GC), 88/TCP/UDP (Kerberos), 53/TCP/UDP (DNS), 135/TCP (RPC netlogon)
Active Directory Rights Management Services (AD RMS) access from Hub Transport
server:443/TCP (HTTPS)
SMTP clients to Hub Transport server: 587 (SMTP) / 25/TCP (SMTP)
Mailbox Servers
Active Directory access: 389/TCP/UDP (LDAP), 3268/TCP (LDAP GC), 88/TCP/UDP (Kerberos),
53/TCP/UDP (DNS), 135/TCP (RPC netlogon)
Admin remote access (Remote Registry): 135/TCP (RPC)
Admin remote access (SMB/File): 445/TCP (SMB)
Availability Web service (Client Access to Mailbox): 135/TCP (RPC)
Clustering: 135/TCP (RPC)
Content indexing: 135/TCP (RPC)
Log shipping: 64327 (customizable)
Seeding: 64327 (customizable)
Volume shadow copy service (VSS) backup: Local Message Block (SMB)
Mailbox Assistants: 135/TCP (RPC)
MAPI access: 135/TCP (RPC)
Microsoft Exchange Active Directory Topology service access: 135/TCP (RPC)
Microsoft Exchange System Attendant service legacy access (Listen to requests): 135/TCP
(RPC)
Microsoft Exchange System Attendant service legacy access to Active
Directory: 389/TCP/UDP (LDAP), 3268/TCP (LDAP GC), 88/TCP/UDP (Kerberos), 53/TCP/UDP
(DNS), 135/TCP (RPC netlogon)
Microsoft Exchange System Attendant service legacy access (As MAPI client) 135/TCP (RPC)
Offline address book (OAB) accessing Active Directory: 135/TCP (RPC)
Recipient update to Active Directory: 389/TCP/UDP (LDAP), 3268/TCP (LDAP GC), 88/TCP/UDP
(Kerberos), 53/TCP/UDP (DNS), 135/TCP (RPC netlogon)
Client Access Servers
Active Directory access: 389/TCP/UDP (LDAP), 3268/TCP (LDAP GC), 88/TCP/UDP (Kerberos),
53/TCP/UDP (DNS), 135/TCP (RPC netlogon)
Autodiscover service: 80/TCP, 443/TCP (SSL)
Availability service: 80/TCP, 443/TCP (SSL)
Outlook accessing OAB: 80/TCP, 443/TCP (SSL)
Outlook Web App: 80/TCP, 443/TCP (SSL)
POP3: 110/TCP (TLS), 995/TCP (SSL)

IMAP4: 143/TCP (TLS), 993/TCP (SSL)


Outlook Anywhere (formerly known as RPC over HTTP ): 80/TCP, 443/TCP (SSL)
Exchange ActiveSync application: 80/TCP, 443/TCP (SSL)
Client Access server to Unified Messaging server: 5060/TCP, 5061/TCP, 5062/TCP, a dynamic
port
Client Access server to a Mailbox server that is running an earlier version of Exchange
Server:80/TCP, 443/TCP (SSL)
Client Access server to Exchange 2010 Mailbox server: RPC
Client Access server to Client Access server (Exchange ActiveSync): 80/TCP, 443/TCP (SSL)
Client Access server to Client Access server (Outlook Web Access): 80/TCP, 443/TCP (HTTPS)
Client Access server to Client Access server (Exchange Web Services): 443/TCP (HTTPS)
Client Access server to Client Access server (POP3): 995 (SSL)
Client Access server to Client Access server (IMAP4): 993 (SSL)
Office Communications Server access to Client Access server: 5075-5077/TCP
Unified Messaging server data paths
Active Directory access: 389/TCP/UDP (LDAP), 3268/TCP (LDAP GC), 88/TCP/UDP (Kerberos),
53/TCP/UDP (DNS), 135/TCP (RPC netlogon)
Unified Messaging Phone interaction (IP PBX/VoIP Gateway): 5060/TCP , 5065/TCP, 5067/TCP
(unsecured), 5061/TCP, 5066/TCP, 5068/TCP (secured), a dynamic port from the range 1600017000/TCP (control), dynamic UDP ports from the range 1024-65535/UDP (RTP)
Unified Messaging Web Service: 80/TCP, 443/TCP (SSL)
Unified Messaging server to Client Access server: 5075, 5076, 5077 (TCP)
Unified Messaging server to Client Access server (Play on Phone): Dynamic RPC
Unified Messaging server to Hub Transport server: 25/TCP (TLS)
Unified Messaging server to Mailbox server: 135/TCP (RPC)

__________________

Create new users and Exchange 2010 mailboxes in PowerShell


Using a .csv as a data source, you can quickly populate your Active Directory with users
and make mailboxes for them at the same time. The script below can be used as a quick
way to get started with this.

Data hosted with by Pastebin.com - Download Raw - See Original


1.
2.

add-pssnapin Microsoft.Exchange.Management.PowerShell.E2010

3.

#Used as the default password for all new users. Use better logic if you need more security.

4.

$DefaultPW = read-host "Enter Password" -AsSecureString

5.
6.

#Assume you have a csv with three fields: fname, lname, username

7.

import-csv C:\users.csv | Foreach-object {

8.
9.

$Fname = $_.FName

10.

$LName = $_.LName

11.

$DisplayName = "$LName, $FName"

12.

$User = $_.Username

13.
14.
15.

New-Mailbox -UserPrincipalName $User@example.com -Alias $User -Database "Mailbox


Database 1xxxx" -Name $DisplayName -Password $DefaultPW -FirstName $FName LastName$LName -DisplayName $DisplayName -ResetPasswordOnNextLogon $true

16.
17.

_____________________
The Exchange Control Panel (ECP) in Exchange 2010

Performing Administrative Tasks in Outlook Web App


New to Exchange 2010 is the Exchange Control Panel, or ECP.
This is a component of Outlook Web App 2010 where an
administrator can sit in their OWA screen and not only check their
emails, calendar appointments, and contacts, but can perform
administrative tasks. So instead of the administrator having to
find a computer and terminal server remote into a system to add
a user, delete a user, make configuration changes in public
folders, delegate administration or the like, the administrator can
now run those tasks straight within OWA 2010.

The ECP is primarily targeted to be used by


End usersPersonnel granted the authority to self-manage
aspects of their accounts such as the ability to track messages
they have sent and received, create and manage distribution lists,
or edit aspects of their personal account information.
Hosted tenantsTenant administrators for hosted customers.
SpecialistsPersonnel such as Help Desk operators,
Department Administrators, and eDiscovery Administrators who
have had the appropriate level of access delegated by
administrators.
The ECP can be accessed through Outlook Web Access 2010 by
logging into OWA and selecting the Options link. It can also be
accessed directly via a URL which, by default, is located at
https://CASServerName/ecp
The Exchange Control Panel (ECP) is a web-based management
console that can be accessed from web browsers that have no
Exchange specific client-side software installed. It can be
accessed from the same Internet browsers that are support the
Outlook Web Access premium clientInternet Explorer 7+,
Mozilla Firefox, and Apple Safari 3+. This AJAX-based
application is built into the Client Access Server role in an
Exchange environment and, although it shares some code with
OWA, it is a separate application.
It is important to note the Exchange Control Panel is RBACaware, meaning that administrative options are available only to
those who have the appropriate permissions to utilize them. ECP
can show a user logged in with full administrative access several
administrative tasks (note the Select What to Manage option in

the top-left corner and the Manage your Organization option in


the bottom-right corner) which shows the same interface as
viewed by a standard user.

By default, the standard user does have the ability to selfadminister his account, as shown by the Edit link that when
clicked allows the user to modify his Account Information. This
default ability can be removed (or limited to certain fields only)
using RBAC. For example

If a user has been restricted from message tracking, that


button does not appear in the ECP.

If a user can edit mailboxes, but not create new ones, the
New mailbox button will not display, but the Details button
does.

If users are allowed to edit their department but not their


display name, the display name is visible but grayed out
and read-only.

After an administrator elects to manage My Organization, the four


main components of the Exchange Control Panel display, as
shown in 18.6. These components are:

UI Scope ControlAt the top of the screen, identified by the


text stating elect What to Manage (and the drop-down box
beside it), the UI Scope Control enables those with the
appropriate RBAC permissions to select whether they want
to manage themselves, their organization, or another user.

Primary Navigation PanelTo the left of the screen is the


Primary Navigation panel, enabling the administrator to
select which area of administration she wants to work with.

Secondary Navigation PanelNext to the Primary


Navigation Panel and identified by icons in the figure
labeled Mailboxes, Groups, External Contacts, and so on, is

the Secondary Navigation Panel, which enables the user to


further specify the area to administer.

The SlabAt the bottom of the pane, identified in the figure


by the list of Display Names and E-mail addresses, is the
slab the list of items that can be administered based on the
preceding selections.

Creating a New Mailbox in the Exchange Control Panel


Creating a new mailbox in the Exchange Control Panel is so easy
that its hardly worth the time to explain it. However, because the
ECP is brand new, this section runs through the process to show
how quick and easy it is.
To create a new mailbox user in the Exchange Control Panel,
perform the following steps:

1. Log in to the OWA server with administrative credentials.


2. From the OWA page, select Options.
3. Select Manage Your Organization.
4. Ensure My Organization is selected in the UI Scope
Control, Users & Groups is selected in the Primary
Navigation Panel, and Mailboxes is selected in the
Secondary Navigation Panel.
5. Click the New Mailboxes icon.
6. On the New Mailbox page, enter the information for the new
account. Those marked with asterisks (*) are required
fields. An example of the New Mailbox page
7. When finished, click the Save button.

The ECP passes the information on to the CAS server, which, in


turn, uses Remote PowerShell commands to perform the actual
operation and create the account.
Creating Distribution Groups in the ECP
New in Exchange Server 2010 is the ability to create and manage
distribution lists from within the Exchange Control Panel web
interface.
Before we discuss the process, there are a few items to note:

Although both Mail Universal Distribution Groups and Mail


Universal Security Groups are visible from within the ECP,
there is no noticeable differentiation between the two.

All distribution groups created from within the ECP are


created as Mail Universal Distribution Groups; there is no
option to create a security group.

Dynamic Distribution Groups are not visible from within the


ECP, nor can new ones be created there.

To create a new distribution group in the ECP, perform the


following steps:
1. Connect to the ECP by logging into OWA as an
administrator and selecting the Options page, clicking
Manage Your Organization, and selecting the Groups icon.
Alternatively, you can go directly to https://{CAS server
name}/ecp and authenticating through OWA.
2. Under Groups, click the New button.
3. In the New Group window complete the following fields:

Display Name(Required)This name must be unique in


the domain. This is the name that displays in the address
book and on the To: line when mail is sent to the group. The
display name should be user-friendly to help people
recognize the purpose or membership of the group

Alias(Required)This is the name portion of the e-mail


address that appears to the left of the @ symbol. The alias
must be unique in the domain and, because it is part of the
e-mail address, cannot contain any spaces.

Description(Not Required)This description populates


the Notes field for the object. This descriptive name can be
viewed by employees who view the properties of the
distribution list. If populated, the field should describe the
purpose or membership of the group.

Ownership(Required)Owners can add members to the


group, approve or reject requests to join, and approve or
reject messages sent to the group.

By default, the person creating the group is added as a group


owner. If an administrator creates the group at the request of an
employee, the administrator can add the employee as an owner
and then remove herself.

Membership(Not Required)By default, all group owners


are added as group members. If this behavior is not
desired, deselect the check box for this option. Add or
remove members to the group as desired.

Membership Approval(Required)New to distribution


groups in Exchange Server 2010 is the ability for users to
self-manage their distribution lists, joining those that interest
them and leaving those that dont.

During the creation of the distribution group using the ECP, the
following options are available:

Owner ApprovalOpenAnyone can join the group


without being approved by the group owners.

Owner ApprovalClosedMembers can be added only by


the group owners. All requests to join will be rejected
automatically.

Owner ApprovalOwner ApprovalAll requests are


approved or rejected by the group owners.

Group Open to LeaveOpenAnyone can leave the group


without being approved by the group owners.

Group Open to LeaveClosedMembers can be removed


only by the group owners. All requests to leave will be
rejected automatically.

After all fields have been populated and all options selected, click
Save to create the distribution group.

______________
Introducing Outlook WebApp in Exchange 2010

Microsoft Renames Outlook Web Access to Outlook Web App in E2010


It came as a surprise to many of us on the early adopter program
with Microsoft when on one of the very last builds of Exchange
2010 all of a sudden Outlook Web Access was renamed Outlook
Web App. Same OWA for web mail as weve used for years, but
just a different name. Why the different name? Because
Microsoft is branding all of their Web applications as Web Apps
like the new Terminal Services Web Access is Remote Desktop
Web App and the like. Made for a lot of fun when we had written
the Outlook Web Access chapter for my Exchange 2010
Unleashed book and were about to send the book off to final print

when we caught the name change. Meant we had to scour


thorugh the chapters for all uses of the term Outlook Web
Access and change the name AND we had to redo 40+
screenshots for the book, but we caught it in time.
What whats new in Outlook Web App other than the name? The
biggest thing is that OWA now supports more than just Internet
Explorer for Windows. In fact, OWA in Exchange 2010 (which we
frequently shorten to OWA/2010) supports Safari for the Apple
Mac, FireFox for various operating systems (including Windows,
Mac, and Linux), and Google Chrome! And not just that it
supports these various browsers, but it supports thebrowers in
full Premium Mode, not in the limited basic Light mode. So for
non-Windows users, you are no longer 2nd class OWA citizens!

Some of the other things youll find in the new Outlook Web App
2010:

Conversation View: this is new to Outlook 2010 and


Outlook Web App 2010 has the same look and feel, that
basically email threads are grouped together by
conversation so that all emails, replies, replies of replies are
all clustered together in your view

Mail Tips: this is also new to Outlook 2010 and OWA 2010
where the client software tracks policies and if you try to
send an email with an attachment greater than the
supported attachment size, rather than attemping to send
the attachment only to have it bounce back to you, Mail Tips
pops up and tells you the attachment is too big and tells you
what the policy is regarding the attachment size allowing
you to fix the problem before it is a problem. Similarly, Mail
Tips will notify you when you reply all and potentially send
a message back to everyone when you really didnt intend
to do so

Integrated Instant Messaging: For organizations that


have Office Communications Server 2007 R2, you can
configure OWA/2010 and OCS/2007 R2 to have the
presence screen embedded right within OWA.

All other traditionally known features are included in OWA/2010


like email, calendar, contacts, configuration options, out of office
rules, spell check, etc.

In my next blog entry, tomorrow, Ill post how to configure Outlook


Web App 2010 with OCS 2007 R2 for integration of presence and
Instant Messaging in the single OWA/2010 screen.
And Ill post a third entry later this week on the new Exchange
Control Panel in OWA/2010, a really slick feature that allows
administrators to do administrative tasks right within OWA. So
instead of having to find a workstation and terminal server into
an Exchange server or AD Global Catalog server to do things like
add a user, delegate rights, create a public folder, modify public
folder rights, look at Exchange queues, etc, you can now just go
to Outlook Web App 2010 and go into the Exchange Control
Panel to perform administrative tasks.

More to follow, stay tuned


___________________

Disaster Recovery using Exchange 2010


Database Availability Groups (DAGs)

Leveraging Exchange 2010's Built-in High Availability and Site Failover


Technology
For this blog post, I'm going to jump right into a topic of most
interest to organizations deploying Exchange Server 2010, which
is Disaster Recovery of databases. New to Exchange 2010 is the
concept of the Database Availability Group, or DAG, which
effectively allows an organization to have up to 16 replicated
copies of an Exchange Database (EDB).

Six TED Talks that can change your career

Of the hundreds of TED talks available online, many are geared toward helping people
view life in a new
READ NOW

With Exchange 2003 and prior, there was only a single EDB that
held a user's mailbox. If the EDB got corrupt, was offline due to a
server or disk failure, or offline because of a site failure, the
user(s) could not access their mail, calendars, or contact type
information. A whole industry arose around Exchange database

recovery of a single database that included Storage Area


Network (SAN) vendors doing snapshots of Exchange databases
with Network Appliance (NetApp) having their SnapManager for
Exchange (SME) that effectively allows their SANs to replicate
Exchange databases for redundancy. Other solutions include
software-based database replication from companies like
DoubleTake. Or appliance-based Exchange availability solutions
from companies like Teneros. All of these 3rd party products
effectively replicated the Exchange database so that the
organization could either quickly recover from a server or
database failure, or have real time failover to a secondary copy of
mail.
Then Exchange 2007 came out where Microsoft replicated the
entire Exchange EDB database from a primary active server to a
secondary passive server. This technology, called Cluster
Continous Replication (CCR) provided an organization with a
duplicate copy of the Exchange database on a secondary system
with the failover from the primary to the secondary server that
occurred in about 1-2 minutes. Nice about CCR is that it also
provided failback from the secondary system back to the primary
system also in a 1-2 minute timeframe. And with Exchange 2007
SP1 and the support for Windows Server 2008 failover clustering,
an organization was able to failover and failback Exchange CCR
between sites in different geographies.
As an organization, my company has helped hundreds of
organizations (including some of the largest companies in the
world) setup, test, and implement geo-cluster failovers of
Exchange 2007 databases so that if a server in Site A fails, a
server in Site B would come online and host the organization's
email automatically.

Microsoft also released Standby Continous Replication, or SCR


with Exchange 2007 SP1 that provided a 3rd copy of the mail in
yet another location so that effectively an organization would now
have an active and passive copy of their mail, plus a replica of
their mail in a 3rd location for purely DR reasons. CCR and SCR
were revolutionary in terms of providing "out of the box" high
availability and disaster recovery of Exchange databases and
servers.
The major challenge with CCR and SCR is that the failover is
done server to server, and primary to secondary in nature. So
Site A / Server 1 fails to a backup server in Site B / Server 2,
however if Site B wanted to have a local copy of their mail, they
had to setup a completely separate server so Site B / Server 3
would failover to Site A / Server 4. This meant that an
organization would have several servers running that were
completely under-utilized as the passive nodes would only be
online in the event of an Active node failure.
This is where Exchange 2010 Database Availability Groups come
in. Database failover is now done at the database level, and
each Exchange 2010 Enterprise license server can have 100
databases running on a system. So effectively Site A / Server 1
could have 10 databases of which 5 databases failover to Site A /
Server 2, and 5 database failover to say Site B / Server 3. AND,
since the failover is done database by database, the server in
Site B / Server 3 can also host say 20 databases of which 10 of
those databases failover to Site A / Server 2, and 10 databases
failover to Site A / Server 1. In this fully meshed failover / failback
environment and the support for up to 16 copies of a database
across the enterprise, an organization could have full meshed
high availability and disaster recovery of Exchange databases.
The failover and failback of Exchange 2010 databases is

between 30-60 seconds, and running on top of Windows 2008


SP2 or higher, the organization can failover and back across a
wide area network.
The basic process of creating a Database Availability Group is as
follows:
Install Exchange 2010 on to a Windows 2008 SP2 or higher
server with the Mailbox Server role.
1. Launch the Exchange Management Console.
RESOURCES

2 Quick Steps for Incrementally Migrating to Office 365


SEE ALL
Go

2. Expand Organization Configuration.


3. Click Mailbox.
4. In the middle pane, click the Database Availability Group tab.

5. In the right pane, click New Database Availability Group


6. When prompted, enter a unique name for the Database
Availability Group along with the file share witness path and
directory which were created earlier. Click New.

7. When the wizard has completed, click Finish.


At this point, the DAG has been created, however it has no
members. Add member mailbox servers to the DAG with the
following steps:
1. Launch the Exchange Management Console.
2. Expand Organization Configuration.
3. Click Mailbox.
4. In the middle pane, click the Database Availability Group tab.
RELATED STORIES

How to train your Surface Pro 3: Tips, tricks, hacks

Researchers debunk marketers' claims that Americans are cool with trading...

Tying up the loose ends ahead of Microsoft's Windows 10 launch

5. Right click the DAG created in the previous steps and choose
Manage Database Availability Group Membership.
6. When the wizard appears, click Add and choose the mailbox
servers from the list that you want to join to the DAG. Click
Manage.

7. The wizard might take several minutes to complete. When it


had added all the necessary nodes, click Finish.
When this process has been completed on one or more nodes,
the system(s) are ready for the rest of the configuration process
to continue.
1. Return to Exchange Management Console and expand
Organization Configuration.
2. Click Mailbox. In the middle pane, click the Database
Management tab.

3. In the lower pane, right-click the database you wish to replicate


within the DAG.
4. Choose Add Mailbox Database Copy.
5. When the wizard launches, browse for the server in the DAG to
which you want to replicate the mailbox database. Pick a Replay
lag time and a truncation lag time.

6. Enter a unique preferred list sequence number and click Add.


7. When the wizard completes, click Finish.
When the Database Availability Group is created, a computer
object is created in Ac-tive Directory to represent the Failover
cluster virtual network name account. If a DAG is going to be
recreated with the same name, it is necessary to disable or
delete this computer account or the process will error out and fail.
{note: the preceding content is excerpts from my book "Exchange
Server 2010 Unleashed" from Sams Publishing (authors:
Morimoto, Noel, et al) where I cover DAG specifics in more detail

such as getting into the pre-requisites, debugging, creating


failover sites, etc}
While the failover of the Mailbox Server role makes sesnse, the
next question that is asked is "what about Client Access Server
(CAS) failover and Hub Transport Server (HT) failover?" The
answer is quite simple, that CAS and HT servers by basic
definition can be setup to failover across a LAN or WAN through
simple Network Load Balancing (NLB). As a new CAS or HT is
added to a Site, the server(s) take on the failover and redundancy
of other CAS and/or HT servers in the Site. By default, the CAS
server frontending Mailboxes for a user will allow client
communications to pass through the CAS server into the Mailbox
server. In the event of a CAS server failure, NLB will fail the
user's connection over to another CAS server.
Over the past 2-yrs that we have been on the early adopter
program for Exchange 2010, we tested the DAG failover and
failback process including site to site failover. This is a proven
process that leverages the same failover cluster continuous
replication technology that originally released with Exchange
2007 for server to server failure, but instead has expanded the
same failover cluster continuous replication across multiple
servers.
Some Best Practices we've come up with relative to using
Database Availability Groups:

Run an additional network adapter in the DAG member


nodes to properly support Windows clustering.

Ensure that hardware is chosen to not only support its


dedicated load, but to take over additional loads when its
acting as a replica for other master copies of a mailbox
database.

Base your disk subsystem primarily on storage, as the


performance requirements have dropped drastically.

Always plan for a sufficient amount of TCP/IP addresses


in advance to support current and future cluster needs.

Do not run both clustering and NLB on the same


computer; it is unsupported by Microsoft because of
potential hardware-sharing conflicts between MSCS and
NLB.

Always plan for the additional WAN traffic created by


adding another DAG replica that isnt on the local LAN.

To avoid unwanted failover, power management should


be disabled on each of the cluster nodes, both in the
motherboard BIOS and in the power applet in Control
Panel.

Thoroughly test failover and failback mechanisms after


the configuration is complete and before migrating users
to a Database Availability Group.

Make sure that mailbox databases have unique names.

When utilizing load balancing, make sure to only load


balances the ports necessary. This will avoid the
possibility of network related issues when talking to
Active Directory.

Be sure to regularly monitor replicate between DAG


nodes to ensure that rep-lication is healthy.

Periodically test the move of master status between


various copies of mailbox database groups to ensure that
the data is valid and the cluster is working correctly.

I'll post more on DAGs and Storage in general in upcoming


postings as Database Availability Groups is one of the most
innovative technologies coming out of Redmond in a very long
time. A technology that has helped organizations save hundreds
of thousands of dollars on 3rd party high availability and disaster
recovery products while providing better failover and failback
capabilities straight out of the box. Stay tuned for more on best

practices around strategies to leverage DAGs and the use of


cheap storage that drive down costs and increases recoverability.
_______________________________________________________

Configure User and


Resource Mailbox Properties
Exchange 2010
12 out of 27 rated this helpful - Rate this topic

Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Topic Last Modified: 2011-10-26
Mailboxes are the most common recipient type used by information workers in an Exchange
organization. Each mailbox is associated with an Active Directory user account. The user can
use the mailbox to send and receive messages, and to store messages, appointments, tasks,
notes, and documents. You can also use mailboxes for resources such as meeting rooms and
equipment. Mailboxes are the primary messaging and collaboration tools for the users in
your organization. To learn more about mailboxes, see Understanding Recipients.
Looking for other management tasks related to mailboxes? See Managing User Mailboxes.

What Do You Want to Do?

Use the EMC to view or configure user mailbox properties

Use the EMC to configure resource mailbox properties

Use the Shell to configure user mailbox properties

Use the EMC to view or configure user mailbox


properties
You need to be assigned permissions before you can perform this procedure. To see what
permissions you need, see the "Provisioning Recipient Permissions" section in the Mailbox
Permissions topic.

Properties specific to a mailbox user are controlled by the Set-Mailbox cmdlet. The EMC
allows you to set additional properties and the permissions may vary depending upon the
feature that you're configuring. The permissions listed above grant permission to edit all of
the properties of the < User Mailbox> Properties dialog box.
1. In the console tree, navigate to Recipient Configuration > Mailbox.
2. In the result pane, select the user or resource mailbox you want to configure.
3. In the action pane, click Properties.
4. Use the General tab to view or modify the following settings:
o

Display name Use this unlabeled box at the top of the page to view or
change the display name.

Organizational unit This read-only field displays the organizational unit


(OU) that contains the user account.

Last logged on by This read-only field displays the Active Directory user
that last logged on to the mailbox.

Note:

To obtain the information that's displayed in this field, the Exchange Management C
the EMC is unable to communicate with the Exchange store that contains the mailbo
user has logged on to the mailbox since the Microsoft Exchange Information Store se

Total items
mailbox.

This read-only field displays the total number of items in the

Note:

To obtain the information that's displayed in this field, the EMC queries the mailbox d
with the Exchange store that contains the mailbox database, this field will be blank.

Size (KB) This read-only field displays the total size of the mailbox in
kilobytes (KB).

Note:

To obtain the information that's displayed in this field, the EMC queries the mailbox d
with the Exchange store that contains the mailbox database, this field will be blank.

Mailbox database This read-only field displays the name of the storage
group and mailbox database that host the mailbox.

Archive database This read-only field displays the name of the mailbox
database that host the archive mailbox. If an archive doesn't exist for the
mailbox, this field will be blank.

Modified This read-only field displays the last date and time that a
configuration change was made to the user mailbox.
Configuration changes made through any other method, such as the
Exchange Management Shell or Active Directory Service Interfaces (ADSI)
Edit, will also update this field.

Alias Use this text box to view or change the user's alias. The alias cannot
exceed 64 characters and must be unique in the forest. One of the reasons
why the alias must be unique is because it is used to generate the SMTP
address in a default installation.

Hide from Exchange address lists Select this check box to prevent the
recipient from appearing in the global address list (GAL) and other address
lists that are defined in your Exchange organization.
After you select this check box, users in your Exchange organization can still
send messages to the recipient by using the e-mail address.

Custom Attributes Click this button to open the Custom Attributes dialog
box. You can specify up to 15 custom attributes for the recipient. To specify
the custom attribute values, use the corresponding boxes, and then click OK.
To learn more, see Understanding Custom Attributes.

5. Use the User Information tab to modify the following fields.

First name

Use this box to modify the recipient's first name.

Initials Use this box to modify the recipient's middle initials.

Last name

Name Use this box to modify the recipient's directory name. This is the
name that's listed in Active Directory.

Simple display name Use this box to modify the recipient's simple display
name. The simple display name field accepts only ASCII characters.

Use this box to modify the recipient's last name.

In Exchange 2010, the Display name field (located on the General tab) can
contain Unicode characters. However, third-party applications and older
clients may not support Unicode characters. If the system that is displaying
the recipient properties doesn't support Unicode characters, you can use the
simple display name. For more information about Unicode characters,
see Unicode.
o

Web page Use this box to modify the recipient's Web page address.

Notes

Use this box to modify administrative notes about the recipient.

These notes are also visible in Outlook. When a user views the recipient's
properties in Outlook, the notes will be displayed on the Phone/Notes tab.
6. Use the Address and Phone tab to view or modify the following fields:
o

Street address

Use this box to view or change the recipient's street.

City

State/Province Use this box to view or change the state or province where
the recipient is located.

Use this box to view or change the city where the recipient is located.

You can use the State/Province field as a condition for dynamic distribution
groups and e-mail address policies. If you plan to use this field as a condition,
you must devise and follow a consistent naming convention to ensure
accurate results for dynamic distribution groups and e-mail address policies.
o

ZIP/Postal code Use this box to view or change the ZIP code or the postal
code where the recipient is located.

Country/region Use this list to view or change the country or region where
the recipient is located.

Business
number.

Pager

Fax

Home

Mobile

Use this box to view or change the recipient's business phone

Use this box to view or change the recipient's pager number.

Use this box to view or change the recipient's fax number.


Use this box to view or change the recipient's home phone number.
Use this box to view or change the recipient's mobile phone number.

7. Use the Organization tab to view or change the information about the recipient's
role in your organization.
o

Title

Use this box to view or change the recipient's title.

Company Use this box to view or change the company for which the
recipient works. You can use this field to create recipient conditions for
dynamic distribution groups, e-mail address policies, or address lists.

Department Use this box to view or change the department in which the
recipient works. You can use this field to create recipient conditions for
dynamic distribution groups, e-mail address policies, or address lists.

Office

Manager Select this check box if you want to specify this recipient's
manager. By specifying the manager for each recipient in your organization,
you can create a virtual organization chart that is accessible from e-mail
clients such as Outlook.

Use this box to view or change the office location for the recipient.

Click Browse to open the Select Recipient User or Contact dialog box.
Select the recipient's manager, and then click OK to return to the property
page.
o

Direct Reports Use this box to view the list of mailbox users and contacts
that are managed by this recipient. This field is read-only and is populated
automatically when this recipient is designated as a manager for another
recipient.

8. Use the Account tab to modify the logon names for the Active Directory domain
service user account that is associated with the recipient:
o

User logon name (User Principal Name) The user logon name consists of
a user name and a suffix. Use this box to type the user name that the user will
use to log on to the Active Directory domain. The user logon name cannot
exceed 1,024 characters and must be unique in the forest.

Use the corresponding drop-down list to select the suffix for this user.
Typically, the suffix is the Active Directory domain name in which the user
account resides. To view or change the list of available domain suffixes in your
forest, use Active Directory Domains and Trusts. In the Active Directory
Domains and Trusts console tree, right-click Active Directory Domains and
Trusts, and then clickProperties. In the property page, use the UPN
suffixes tab to view the list of available domain suffixes in the forest.
o

User logon name (pre-Windows 2000) Use this box to type a user name
that is compatible with legacy versions of Windows (prior to the release of
Windows 2000 Server). The user logon name for a version of Windows earlier
than Windows 2000 Server can't exceed 20 characters and can't contain any
of the following characters: \/ [] : | <> + = ; ? , *.
When the user account is first created, this field is automatically populated
based on the User logon name (User Principal Name) field.

User must change password at next logon Select this check box if you
want the user to change the password at next logon. The user won't be able to
log on until the password is successfully changed.

9. Use the Mail Flow Settings tab to configure delivery options and message size or
message delivery restrictions for the mailbox.
o

Delivery Options Select this setting and then click Properties to open
the Delivery Options dialog box. Use this dialog box to configure the
following settings:
Send on behalf Click Add to open the Select Mailbox or Mail-Enabled
User dialog box. Use this dialog box to grant a recipient the permissions to
send e-mail on behalf of the selected mailbox. Click
to remove a recipient
from the list.
Forward to Select this check box, and then click Browse to open
the Select Recipient dialog box. Use this dialog box to select a recipient to
whom you want to forward all e-mail messages that are sent to this mailbox.
Deliver message to both forwarding address and mailbox If you
selected the Forward to check box, you can select this check box to specify
that e-mail messages be delivered to both the mailbox and to the forwarding
address.
Maximum Recipients Select this check box to limit the number of
recipients to which this mailbox can send e-mail messages at one time.

Message Size Restrictions Select this setting and then click Properties to
open the Message Size Restrictions dialog box. In this dialog box, use

the Maximum message size (in KB) check boxes to set the maximum size
for messages that can be sent and received by this recipient. Use the
corresponding text boxes to type the maximum message size allowed (in KB).
The message size must be between 0 and 2,097,151 KB. If a message larger
than the specified size is sent to the recipient, the message will be returned to
the sender with a descriptive error message.
o

Message Delivery Restrictions Select this setting and then


click Properties to open the Message Delivery Restrictions dialog box.
Use this dialog box to configure the following settings:
All senders Click this button to specify that the recipient can accept
messages from all senders. This includes senders in both your Exchange
organization and external senders. This button is selected by default. This
option includes external users only if you clear the Require that all senders
are authenticated check box. If you select this check box, messages from
external users will be rejected.
Only senders in the following list Click this button to specify that the
recipient can accept messages only from a specified set of senders in your
Exchange organization. Click Add to open the Select Recipient dialog box.
This dialog box displays a list of all recipients in the Active Directory forest.
Select the recipients you want, and then click OK. You can also search for a
specific recipient by typing its name in the Search box and then clicking Find
Now.
Require that all senders are authenticated Select this check box to
prevent anonymous users from sending messages to the recipient.
No senders Click this button to specify that the recipient will not reject
messages from any senders in the Exchange organization. This button is
selected by default.
Senders in the following list Click this button to specify that the recipient
will reject messages from a specified set of senders in your Exchange
organization. Click Add to open the Select Recipientdialog box. This dialog
box displays a list of all recipients in the Active Directory forest. Select the
recipients you want, and then click OK. You can also search for a specific
recipient by typing its name in the Search box and then clicking Find Now.

10. Use the Mailbox Features tab to view or modify the following mailbox features:
o

Outlook Web App This feature is enabled by default. Click Disable to


disable this feature for the mailbox. Click Properties, and then use the
corresponding property page to add an Outlook Web App mailbox policy to the
user's mailbox. Outlook Web App enables access to an Exchange mailbox from

a Web browser. To learn more, see Understanding Outlook Web App Mailbox
Policies.
o

Exchange ActiveSync This feature is enabled by default. Click Disable to


disable this feature for the mailbox. Click Properties, and then use the
corresponding property page to apply an Exchange ActiveSync mailbox policy
to the user's mailbox. Exchange ActiveSync enables access to an Exchange
mailbox from a mobile device. To learn more, see Understanding Exchange
ActiveSync Mailbox Policies.

Unified Messaging This feature is disabled by default. To enable Unified


Messaging (UM) for the mailbox, in the EMC result pane, select the mailbox,
and then, in the action pane, click Enable Unified Messaging. For details,
see Enable a User for Unified Messaging.
If UM is enabled, click Properties and use the corresponding property page to
configure UM settings for the user. For details see View or Configure the
Properties of a UM-Enabled User.

MAPI This feature is enabled by default. Click Disable to disable this feature
for the mailbox. MAPI enables access to an Exchange mailbox from a MAPI
client such as Outlook. There is no property page available for this feature.

POP3 and IMAP4 These features are enabled by default. Click Disable to
disable these features for the mailbox. Click Properties, and then use the
corresponding property pages to specify the MIME format of messages that
are retrieved from the server.

Archive If an archive doesn't exist for the mailbox, this feature is disabled .
To enable an archive for this mailbox, in the EMC result pane, select the
mailbox and then, in the action pane, click Enable Archive. If an archive does
exist for the mailbox, click Properties, and then use the corresponding
property page to specify a name for the archive associated with this mailbox.
For more information, seeEnable a Personal (On-Premises) or Cloud-Based
Archive for an Existing Mailbox.

11. Use the Calendar Settings tab to modify the Calendar Attendant settings for this
mailbox. The Calendar Attendant processes meeting requests as they come in, even
if users are not currently logged on by means of a client such as Outlook. Meetings
are automatically placed on the calendar as "Tentative" so timeslots won't be
overbooked. You can use the Calendar Attendant to accept and decline requests for
users.

Note:

This tab isn't displayed for resource mailboxes. To configure calendar settings for resource
properties later in this topic.

Enable the Calendar attendant Select this check box to enable the
Calendar Attendant or clear the check box to disable it. It is enabled by
default. When Calendar Attendant is enabled, the following settings are made
available:
Remove meeting forward notifications to the Deleted Items folder If
you select this check box, meeting forwarding notifications are moved to the
Deleted Items folder after they are processed by the Calendar Attendant. This
setting is disabled by default.
Remove old meeting requests and responses If you select this check
box, the Calendar Attendant removes old and redundant updates and
responses. This setting is enabled by default.
Mark new meeting requests as Tentative If you select this check box,
incoming meeting requests are marked as "Tentative" on the calendar. If you
don't select this check box, pending requests are marked as "Free". This
setting is enabled by default.
Process meeting requests and responses originating outside the
Exchange organization If you select this check box, the Calendar
Attendant will process meeting requests that originate outside the Exchange
organization. This setting is disabled by default.

12. Use the Member Of tab to view a list of the groups to which this recipient belongs.
Some of these groups may not be mail-enabled. Mail-enabled groups will have an
envelope icon next to them. You can't use this tab to modify membership information.
The recipient may match the criteria for one or more dynamic distribution groups in
your organization. However, dynamic distribution groups aren't displayed on this tab
because their membership is calculated each time they are used. For more
information, see Managing Distribution Groups.
13. Use the E-Mail Addresses tab to configure the e-mail addresses for the recipient.
You can modify the existing addresses or create additional ones. Each recipient must
have at least one primary STMP address that is internal to your Exchange
organization and one external address.
o

Add Click Add to add a new e-mail address for this recipient. Use the dropdown box to select from the following address types:

SMTP Address This is the default address type. Click this button and use
the corresponding dialog box to add an SMTP address.
EUM Address This address type is available only for user mailboxes. It's not
available for mail users, mail contacts, distribution groups, or mail-enabled
public folders. An EUM (Exchange Unified Messaging) address is used by
Unified Messaging servers to locate UM-enabled users within an Exchange
2010 organization. EUM addresses contain the extension number and the UM
dial plan for the UM-enabled user. Click this button and use the corresponding
dialog box to add an EUM address.
Custom Address Click this button and use the corresponding dialog box to
add a custom address (for example, fax or X.400).

Note:

With the exception of X.400 addresses, Exchange doesn't validate custom addresses
you specify complies with the format requirements for that address type.

o
o
o

Edit Click this button to modify the selected e-mail address.


Click this button to remove the selected e-mail address.
Set as Reply Click this button to set your selected address as the "reply to"
address. A recipient can have multiple e-mail addresses for a specific address
type. This allows the recipient to receive messages that are addressed to any
one of these e-mail addresses. However, a single address must be used for
any messages that are sent by the recipient. If a recipient has multiple e-mail
addresses, the primary address is used for any messages sent by the
recipient.
This button is available only when an address other than the primary address
is selected. Primary addresses for each address type are displayed in bold
type.
If an e-mail address policy in your Exchange organization applies to this
mailbox, the Set as Reply setting will be controlled by that policy. To change
the primary address for a specific address type, you must clear
the Automatically update e-mail addresses based on e-mail address
policy check box.

Set as External This button is available only for mail users and mail
contacts. It's not available for user mailboxes, distribution groups, or mailenabled public folders. Click Set as External to designate the selected e-mail
address as the external e-mail address for the recipient.

Note:

This button is enabled when an address other than the external e-mail address is se

Automatically update e-mail addresses based on e-mail address


policy Select this check box to have the recipient's e-mail addresses
automatically updated based on changes made to e-mail address policies in
your organization. This box is selected by default.

14. Use the Mailbox Settings tab to configure the following settings for this mailbox.
o

Messaging Records Management Select this setting and then


click Properties to open the Messaging Records Management dialog box.
Use this dialog box to configure the following settings:
Apply Retention Policy Select this check box and then click Browse to
select a retention policy for the mailbox. To learn more about retention
policies, see Understanding Retention Tags and Retention Policies.
Halt Retention Policy during this period Select this check box to place
the mailbox on retention hold, and then use the Start Date and End
Date settings to specify a timeframe for the retention hold. To learn more
about retention holds, see Understanding Retention Tags and Retention
Policies.
Enable Litigation Hold Select this check box to place the mailbox on
litigation hold. Litigation hold preserves deleted mailbox items and records
changes made to mailbox items. Deleted items and all instances of changed
items are returned in a discovery search. To learn more about Litigation Hold,
see Understanding Litigation Hold.
Messaging Records Management Description URL Use this box to enter
the location of a Web page or document that contains more information about
the litigation hold or retention hold policies in your organization. The URL is
displayed in the Backstage area of Microsoft Outlook 2010. This makes it
easier for users to access linked Help documents, and may reduce calls to
your Help desk or Legal department by answering common questions.

Comments Use this field to type a comment that you want to be displayed
to the mailbox user in the Backstage view of Microsoft Outlook 2010.
o

Sharing Select this setting and then click Properties to open


the Sharing dialog box. Use this dialog box to set the sharing policy for this
mailbox. For more information, see Apply a Sharing Policy to Mailboxes.

Storage Quotas Select this setting and then click Properties to open
the Storage Quotas dialog box. Use this dialog box to set the storage quotas
for this mailbox. For more information, see Configure Storage Quotas for a
Mailbox.

Archive Quota Select this setting and then click Properties to open
the Archive Quota dialog box. Use this dialog box to set the archive quotas
for this mailbox. If archiving isn't enabled for this mailbox,
the Properties button will be unavailable. For more information,
see Configure Archive Quotas for a Personal (On-Premises) Archive.

Role Assignment Policy Select this setting and then click Properties to
open the Role Assignment Policy dialog box. Use this dialog box to apply a
role assignment policy for this user. Click Browse to view the available role
assignment policies. For more information, see Change the Assignment Policy
on a Mailbox.

Address book policy Select this setting and then click Properties to open
the Address Book Policy dialog box. Use this dialog box to apply an address
book policy (ABP) for this mailbox. Click Browseto open the Select Address
Book Policy dialog box. Use this dialog box to select the policy you want
associated with this mailbox. To learn more, see Understanding Address Book
Policies.

Use the EMC to configure resource mailbox properties


You need to be assigned permissions before you can perform this procedure. To see what
permissions you need, see the "Provisioning Recipient Permissions" section in the Mailbox
Permissions topic.
In addition to the properties listed in the previous section, resource mailboxes have specific
settings that you can configure by using the EMC. For more information about how to
configure resource mailboxes by using the Shell, see Configure Custom Resource Properties
for a Resource Mailbox.
1. In the console tree, navigate to Recipient Configuration > Mailbox.
2. In the result pane, select the resource mailbox that you want to configure.
3. In the action pane, under the name of the resource mailbox, click Properties.

4. Use the Resource General tab to configure general settings for the resource
mailbox:
o

Resource capacity Use this box to specify the capacity of this resource. For
example, if this is a room resource, specify the maximum occupancy of the
room.

Resource custom properties Use this box to specify custom resource


properties that can be searched by users. In Outlook, the properties appear in
the Description column when users select the All Rooms address book.

Enable the Resource Booking Attendant Select this check box to allow
the Resource Booking Attendant to process resource requests and
cancellations automatically.

Note:

If you don't select this check box, the settings that you configure on the Resource P
Out-of-Policy Requests tab aren't enabled.

5. Use the Resource Policy tab to specify under which conditions the resource mailbox
automatically accepts requests:
o

Allow conflict meeting requests Select this check box to allow conflicting
meeting requests to be scheduled by the Resource Booking Attendant.

Allow repeating meetings Select this check box to allow repeating or


recurring meetings to be scheduled.

Allow scheduling only during working hours Select this check box to
allow scheduling for the resource to occur during working hours. Users can set
working hours either by using Outlook or Outlook Web App. Administrators can
set working hours by using the Set-MailboxCalendarConfiguration cmdlet
on the resource mailbox.

Reject repeating meetings that have an end date beyond the booking
window Select this check box to allow the Resource Booking Attendant to
reject recurring meeting requests that are outside of the resources booking
window.

Booking window (days) Use this box to specify the number of days that
the room can be booked in advance. For example, if the booking window is set
for 90 days and a request is received for scheduling the resource 4 months
from today's date, the Resource Booking Attendant rejects the request.

Maximum duration (minutes) Use this box to specify the maximum


number of minutes that the resource can be scheduled for.

Maximum conflict instances Use this box to specify the maximum number
of conflicts allowed for recurring meetings. If the number of instances for a
recurring meeting in conflict exceeds this number, the recurring meeting
request is declined.

Conflict percentage allowed Use this box to specify the conflict


percentage threshold from recurring meetings. If the percentage of instances
of a recurring meeting that conflicts with other meetings exceeds the
threshold, the recurring meeting request is denied.

Specify delegates of this mailbox Click Add to add delegates who can
control the scheduling options for the resource mailbox. Click Remove to
remove delegates from this resource mailbox.

Forward meeting requests to delegates


all meeting requests to the delegates.

Select this check box to forward

6. Use the Resource Information tab to specify the meeting information that appears
in the resource's calendar:
o

Delete attachments Select this check box to remove attachments from all
incoming requests.

Delete comments Select this check box to remove comments from all
incoming requests.

Delete the subject Select this check box to remove the subject of all
incoming requests.

Delete non-calendar items Select this check box to remove non-calendar


items from all incoming requests.

Add the organizer's name to the subject Select this check box to specify
whether the resource requestor's name is added to the subject of the request.

Remove the private flag on an accepted meeting Select this check box
to remove the private flag for all incoming requests.

Send organizer information when a meeting request is declined


because of conflicts Select this check box to send the meeting organizer
information regarding a denied request.

Customize the response message that organizers will receive Select


the Add additional text check box to customize the message that the
requester receives when the meeting has been declined, and then type the
additional information in the Additional text field.

Mark pending requests as Tentative on the calendar Select this


checkbox to specify that all pending requests are marked as Tentative in the
resource's calendar. The delegate can then accept or deny the request as
needed.

7. Use the Resource In-Policy Requests tab to specify users who are allowed to
submit requests within the resource policy's configuration:
o

Specify users who are allowed to submit in-policy meeting requests


that will be automatically approved Click All users or Selected
recipients. If you click Selected recipients, you need to clickAdd to select
the recipients. You can also remove selected recipients by clicking Remove.

Specify who can submit in-policy meeting requests that are subject
to approval by a resource mailbox delegate Click All
users or Selected recipients. If you click Selected recipients, you need to
click Add to select the recipients. You can also remove selected recipients by
clicking Remove.

8. Use the Resource Out-of-Policy Requests tab to specify the users who are allowed
to submit out-of-policy requests. Users who have permission to submit out-of-policy
requests won't have their request denied, but the requests require approval by one of
the resource's delegates:
o

All users Click this button to allow all users to submit resource requests that
don't meet the resource policy's configuration.

Selected recipients Click this button to select specific users who can
submit out-of-policy requests.

Use the Shell to configure user mailbox properties


You need to be assigned permissions before you can perform this procedure. To see what
permissions you need, see the "Provisioning Recipient Permissions" section in the Mailbox
Permissions topic.
This example shows how to forward John Peoples' e-mail messages to Jose De Oliveira's
(jose@contoso.com) mailbox.

Set-Mailbox -Identity John -DeliverToMailboxAndForward $true


-ForwardingAddress jose@contoso.com
This example uses the Get-Mailbox command to find all the mailboxes in the Marketing
organizational unit, and then uses the Set-Mailbox command to configure these mailboxes.
The custom warning, prohibit send, and prohibit send and receive limits are set to
200 megabytes (MB), 250 MB, and 280 MB respectively, and the mailbox database's default
limits are ignored. This command can be used to configure a specific set of mailboxes to
have larger or smaller limits than other mailboxes in the organization.
Get-Mailbox -OrganizationalUnit "Marketing" | Set-Mailbox -IssueWarningQuota
209715200 -ProhibitSendQuota 262144000 -ProhibitSendReceiveQuota 293601280
-UseDatabaseQuotaDefaults $false
This example uses the Get-User command to find all users in the Customer Service
department, and then uses the Set-Mailbox command to change the maximum message
size for sending messages to 2 MB.
Get-User -Filter "Department -eq 'Customer Service'" | Set-Mailbox
-MaxSendSize 2097152
This example sets the MailTip translation in French and Chinese.
Set-Mailbox JohnD@contoso.com -MailTipTranslations ("FR: C'est la langue
franaise", "CHT: ")

____________________________

Working with Mailbox Properties in Exchange Online

Tom Lineen
December 05, 2013 16:40

Open the Exchange Admin Centre by selecting Exchange from the drop downAdmin tab at the
top of your Office365 portal screen.

In the EAC, navigate to Recipients > Mailboxes.

In the list of user mailboxes, click the mailbox that you want to change the properties for, and
then click Edit
.
On the mailbox properties page, click one of the following sections to view or change properties.

General

Mailbox Usage

Contact Information

Organization

Email Address

Mailbox Features

Member Of

MailTip

Mailbox Delegation

General
Use the General section to view or change basic information about the user.

First name, Initials, Last name

* Display name This name appears in your organizations address book, on


the To: and From: lines in email, and in the Mailbox list. This name cant contain empty
spaces before or after the display name.

* Alias This specifies the email alias for the user. The users alias is the portion of
the email address on the left side of the at (@) symbol. It must be unique.

* User ID This is the name that the user uses to sign in to their mailbox and to log
on to Office365. Typically the user logon name consists of the users alias on the left
side of the @ symbol, and the domain name in which the user account resides on the
right side of the @ symbol.

Hide from address lists Select this check box to prevent the recipient from
appearing in the address book and other address lists that are defined in your Exchange
organization. After you select this check box, users can still send messages to the
recipient by using the email address.
Click More options to view or change these additional properties:

Custom attributes This section displays the custom attributes defined for the
user mailbox. To specify custom attribute values, click Edit. You can specify up to 15
custom attributes for the recipient.

Mailbox Usage
Use the Mailbox Usage section to view or change the mailbox storage quota and deleted item
retention settings for the mailbox. These settings are configured by default when the mailbox is
created. They use the values that are configured for the mailbox database and apply to all
mailboxes in that database. You can customize these settings for each mailbox instead of using
the mailbox database defaults.

Last logon This read-only box displays the last time that the user signed in to
their mailbox.

Mailbox usage This area shows the total size of the mailbox and the
percentage of the total mailbox quota that has been used.

Note
The online message says Use this page if you want to change the quota for this user or specify
how long to keep deleted items but these settings arent available in the EAC in Exchange
Online

Contact Information

Use the Contact Information section to view or change the user's contact information.
The information on this page is displayed in the address book. Click More options to
display additional boxes.

Organization

Use the Organization section to record detailed information about the user's role in the
organization. This information is displayed in the address book. Also, you can create a virtual
organization chart that is accessible from email clients such as Outlook.

Email Address
Use the Email Address section to view or change the email addresses associated with the user
mailbox. This includes the users primary SMTP address and any associated proxy addresses.
The primary SMTP address (also known as the default reply address) is displayed in bold text in
the address list, with the uppercase SMTP value in the Typecolumn. In Exchange Online there
will also be a SIP address which is used for Lync DO NOT CHANGE THIS.
To add a secondary email address also known as a proxy address it is simply a matter of
selecting Add here and typing the new address. Exchange Online mailboxes can have multiple
email addresses through which they receive email.

Add

Click Add

to add a new email address for this mailbox. Select one of

following address types:

SMTP This is the default address type. Click this button and then type
the new SMTP address in the * Email address box.
Other Types Please do not add EUM or any other addresss types.
Make this the reply address In Exchange Online, you can select this check
box to make the new email address the primary email address

Mailbox Features
Use the Mailbox Features section to view or change the following mailbox features and
settings:

Sharing policy This box shows the sharing policy applied to the mailbox. A
sharing policy controls how users in your organization can share calendar and contact
information with users outside your Exchange organization. The Default Sharing Policy
is assigned to mailboxes when they are created. To change the sharing policy thats
assigned to the user, select a different one from the drop-down list.

Role assignment policy This box shows the role assignment policy assigned
to the mailbox. The role assignment policy specifies the role-based access control
(RBAC) roles that are assigned to the user and control what specific mailbox and
distribution group configuration settings users can modify. To change the role
assignment policy thats assigned to the user, select a different one from the drop-down
list.

Retention policy This box shows the retention policy assigned to the mailbox.
A retention policy is a group of retention tags that are applied to the users mailbox.
They allow you to control how long to keep items in users' mailboxes and define what
action to take on items that have reached a certain age. A retention policy isnt assigned
to mailboxes when they are created. To assign a retention policy to the user, select one
from the drop-down list.

Address book policy This box shows the address book policy applied to the
mailbox. An address book policy allows you to segment users into specific groups to
provide customized views of the address book. To apply or change the address book
policy applied to the mailbox, select one from the drop-down list.
Phone and Voice Features - Unified Messaging This feature is disabled by default. When
you enable Unified Messaging (UM), the user will be able to use your organizations UM
features and a default set of UM properties are applied to the user. A UM dial plan and a UM
mailbox policy must exist before you can enable UM.

Mobile Devices Use this section to view and change the settings for Exchange
ActiveSync, which is enabled by default. Exchange ActiveSync enables access to an
Exchange mailbox from a mobile device. Click Disable Exchange ActiveSyncto
disable this feature for the mailbox.

Email Connectivity - Outlook Web App This feature is enabled by default.


Outlook Web App enables access to an Exchange mailbox from a web browser.
Click Disable to disable Outlook Web App for the mailbox. Click Edit details to add or
change an Outlook Web App mailbox policy for the mailbox.

IMAP This feature is enabled by default. Click Disable to disable IMAP for the
mailbox.

POP3 This feature is enabled by default. Click Disable to disable POP3 for the
mailbox.

MAPI This feature is enabled by default. MAPI enables access to an Exchange


mailbox from a MAPI client such as Outlook. Click Disable to disable MAPI for the
mailbox.

Litigation hold This feature is disabled by default. Litigation hold preserves


deleted mailbox items and records changes made to mailbox items. Deleted items and
all instances of changed items are returned in a discovery search. ClickEnable to put
the mailbox on litigation hold. If the mailbox is on litigation hold, clickDisable to remove
the litigation hold. Mailboxes on litigation hold cant be deleted. To delete the mailbox,
remove the litigation hold. If the mailbox is on litigation hold, click Edit details to view
and change the following litigation hold settings:

Hold date This read-only box indicates the date and time when the
mailbox was put on litigation hold.

Put on hold by This read-only box indicates the user who put the
mailbox on litigation hold.

Note Use this box to notify the user about the litigation hold, explain why
the mailbox is on litigation hold, or provide additional guidance to the user, such as
informing them that the litigation hold won't affect their day-to-day use of email.

URL Use this box to provide a URL to a website that provides information
or guidance about the litigation hold on the mailbox.
Note:

The text from these boxes appears in the user's mailbox only if they are using Outlook 2010 or
later versions. It doesn't appear in Outlook Web App or other email clients. To view the text
from the Note and URL boxes in Outlook, click the File tab, and on theInfo page,
under Account Settings, you'll see the litigation hold comment.

Archiving If an archive mailbox doesn't exist for the user, this feature is
disabled. To enable an archive mailbox, click Enable. If the user has an archive
mailbox, the size of the archive mailbox and usage statistics are displayed. ClickEdit
details to view and change the following archive mailbox settings:
Status This read-only box indicates whether an archive mailbox exists.

Delivery Options Use to forward email messages sent to the user to another
recipient and to set the maximum number of recipients that the user can send a
message to. Click View details to view and change these settings.

Forwarding address Select the Enable forwarding check box and then
click Browse to display the Select Mail User and Mailbox page. Use this page to
select a recipient to whom you want to forward all email messages that are sent to this
mailbox.

Deliver message to both forwarding address and mailbox Select this


check box so that messages will be delivered to both the forwarding address and the
users mailbox.
Recipient limit This setting controls the maximum number of recipients the user can send a
message to. Select the Maximum recipients check box to limit the number of recipients
allowed in the To:, Cc:, and Bcc: boxes of an email message and then specify the maximum
number of recipients. The Maximum is 500.

Message Size Restrictions These settings control the size of messages that
the user can send and receive. Click View details to view and change maximum size
for sent and received messages.

Note:
These settings cant be changed in Exchange Online.

Message Delivery Restrictions These settings control who can send email
messages to this user. Click View details to view and change these restrictions.

Accept messages from Use this section to specify who can send
messages to this user.

All senders Select this option to specify that the user can accept
messages from all senders. This includes both senders in your Exchange organization
and external senders. This option is selected by default. This option includes external
users only if you clear the Require that all senders are authenticated check box. If
you select this check box, messages from external users will be rejected.

Only senders in the following list Select this option to specify


that the user can accept messages only from a specified set of senders in your
Exchange organization. Click Add
to display the Select Recipientspage, which
displays a list of all recipients in your Exchange organization. Select the recipients you
want, add them to the list, and then click OK. You can also search for a specific recipient
by typing the recipients name in the search box and then clicking Search
.

Require that all senders are authenticated Select this option to


prevent anonymous users from sending messages to the user.

Reject messages from Use this section to block people from sending
messages to this user.

No senders Select this option to specify that the mailbox wont


reject messages from any senders in the Exchange organization. This option is selected
by default.

Senders in the following list Select this option to specify that the
mailbox will reject messages from a specified set of senders in your Exchange

organization. Click Add

to display the Select Recipientspage, which displays a list

of all recipients in your Exchange organization. Select the recipients you want, add them
to the list, and then click OK. You can also search for a specific recipient by typing the
recipients name in the search box and then clicking Search
.

Member Of
Use the Member Of section to view a list of the distribution groups or security groups to
which this user belongs. You can't change membership information on this page. Note that the
user may match the criteria for one or more dynamic distribution groups in your organization.
However, dynamic distribution groups aren't displayed on this page because their membership is
calculated each time they are used.

MailTip
Use the MailTip section to add a MailTip to alert users of potential issues if they send a message
to this recipient. A MailTip is text that is displayed in the InfoBar when this recipient is added to
the To, Cc, or Bcc boxes of a new email message.

Mailbox Delegation
Use the Mailbox Delegation section to assign permissions to other users (also calleddelegates)
to allow them to sign in to the users mailbox or send messages on behalf of the user. You can
assign the following permissions:

Send As This permission allows users other than the mailbox owner to use the
mailbox to send messages. After this permission is assigned to a delegate, any
message that a delegate sends from this mailbox will appear as if it was sent by the
mailbox owner. However, this permission doesnt allow a delegate to sign in to the users
mailbox.

Send on Behalf Of This permission also allows a delegate to use this mailbox
to send messages. However, after this permission is assigned to a delegate,
theFrom: address in any message sent by the delegate indicates that the message was
sent by the delegate on behalf of the mailbox owner.

Full Access This permission allows a delegate to sign in to the users mailbox
and view the contents of the mailbox. However, after this permission is assigned to a
delegate, the delegate cant send messages from the mailbox. To allow a delegate to

send email from the users mailbox, you still have to assign the delegate the Send As or
the Send on Behalf Of permission.
To assign permissions to delegates, click Add

under the appropriate permission to display a

page that displays a list of all recipients in your Exchange organization that can be assigned the
permission. Select the recipients you want, add them to the list, and then click OK. You can also
search for a specific recipient by typing the recipients name in the search box and then
clicking Search
Note:
Granting a delegate access to another mailbox will not add the mailbox in Outlook.