Wednesday, 10 October 2012

Managing mailboxes in Exchange Server 2007 (Part 1)

Overview

In this article, we are going to approach a simple but important subject: the mailbox user management for Exchange Server 2007.
It may seem a simple issue to discuss, but we will see some advanced points related to user management tasks in order to assist beginners and advanced administrators. This article will be split into two parts; in this first part we will review mailbox management and user level functionalities.

Creating a mailbox using the Exchange Management Console

This procedure is the starting point of this article. Exchange Server 2007 allows administrators to create objects such as Mailboxes, Contacts, Mail Users, and Distribution Groups. In the following steps we will see how to create a mailbox object:
  1. Open Exchange Management Console
  2. Expand Recipient Configuration
  3. Click on Mailbox
  4. In the Mailbox pane, click on New Mailbox... (Figure 01)

Figure 01:
Creating a new user in the Exchange Management Console
  1. Introduction. We have to choose what kind of object we are creating, in Exchange Server 2007 we have four different mailbox types:

    - User mailbox: This is a traditional mailbox.

    - Resource mailbox: This is a mailbox specifically assigned to Meeting Rooms. Its associated user account will be disabled in Active Directory.

    - Equipment mailbox: This is a mailbox specific to resources, (i.e. TV, Projector and so on). As with a Resource mailbox, this kind of mailbox will disable a user in Active Directory.

    - Linked Mailbox: This kind of mailbox will be used in environments with multiple forests. This specific feature will be explained in a later article on MSExchange.org.

    In the Introduction window, select the appropriate mailbox type and then click Next to continue. (Figure 02).

Figure 02: Choosing what kind of mailbox will be created
  1. User Type. In the User Type window, we can choose either to create a new user or to assign an existing user to the new mailbox. If we choose to assign it to an existing user, we will have to check if the account does not already have a mailbox associated with it. Click Next to continue (Figure 03).

Figure 03: Creating a new user for a new mailbox
  1. User Information. In the User Information window, we should fill out the personal information of the user and select the Organization Unit where it will be created. After that click on Next (Figure 04).

Figure 04: Filling out the personal user data and OU localization
  1. Mailbox Settings. On the Mailbox Settings page, we can define the mailbox information such as Alias, Mailbox Server, and Mailbox Store where the new mailbox will be located. The policies for Mailbox and ActiveSync can also be defined in this step. We can choose which fields we are going to fill out and then click Next to continue. (Figure 05).

Figure 05: Choosing Server, Storage Group, Mailbox database and policies during the mailbox creation process
  1. New Mailbox. In the New Mailbox window, we will get a summary of all the information that we selected in the previous steps. These parameters will be used by the PowerShell engine for the creation of this mailbox object. To create the mailbox, click on New (Figure 06).

Figure 06: The parameters that will be used in the creation of the new mailbox
  1. Completion. In the Completion window, we will see the cmdlet New-mailbox and the parameters that we used in the creation process of this new mailbox.

Figure 07: The final screen of the New Mailbox Wizard, showing us the cmdlet used in the creation of the mailbox

Creating a mailbox through Exchange Management Shell

Another way to create users is by using the Exchange Management Shell. To do this, we can use a cmdlet called New-Mailbox. There are many parameters associated with this commandlet, and the required parameters for the cmdlet are the following:
  • Alias
  • Name
  • Database
  • OrganizationalUnit
  • UserPrincipalName
To create a user using Exchange Management Shell, we can run the following cmdlet:
New-Mailbox –alias <alias> -name <name> -Database <Database name> -OrganizationUnit Users –UserPrincipalName <UPN value, example: Anderson@contoso.local>
If we do not type all the required parameters, we will get a prompt asking for the parameters that are missing. In Figure 08, we can see that we have received the password prompt to fill out the password. After the password was entered, the user was created.

Figure 08: Creating a mailbox through the cmdlet New-Mailbox in the Exchange Management Console

Using *.csv files to create mailboxes

Another interesting feature is the one that lets an administrator create several users from a *.csv file. In the following section, we will review a step by step procedure to create mailboxes:
  1. First of all, we will have to create a *.csv file called recipients.csv on the root drive (C:\) and we will type the column names for the file in the first line. Those columns will be the Alias, the Name and UPN. in the following lines we will complete the user information (Figure 09).

Figure 09: Creating a csv file to be used in the creation of users through Exchange Management Shell
  1. Once the user information is complete, we will have to create a variable in the Exchange Management Shell that will keep the initial password for all of the accounts on the recipients.csv file. To do so, we will type the following:

    $Password = Read-Host “Type the default password for the new accounts:” -AsSecureString

Figure 10: Creating a variable to keep the initial password on the new accounts
  1. In the following step, we will run two cmdlets using a pipe to create the new users using the *.csv file. This is the syntax of our cmdlet:

    Import-Csv recipients.csv | foreach { New-Mailbox –alias $_.Alias –name $_.Name –UserPrincipalName $_.UPN –Database “mailbox database” –OrganizationalUnit Users –Password $Password –ResetPasswordOnNextLogon:$true
The options are explained here:
  • $_.<Name>: This is the name of each column of the recipients.csv file.
  • Foreach: For each line of the file; Note: the first line is the header.
  • $Password: variable that we just typed in the previous step.
  • -ResetPasswordOnNextLogon:$true: If we set this parameter to true, all the users will have to change their password on the first logon.

Figure 11: Creating users through a *.csv file
  1. To check if the users were created, we will go to the Exchange Management Console (Figure 12).

Figure 12: The new users created through the csv file

Managing Mailbox Features

We can manage functionalities at the user level, enabling or disabling the following features:
  • OWA
  • Exchange ActiveSync
  • Unified Messaging
  • MAPI access.
This task can be completed in two different ways, both will be detailed in the following sections:
Using the Exchange Management Console
  1. Open Exchange Management Console
  2. Expand Recipient Configuration
  3. Click on Mailbox
  4. Click on the user and in Toolbox Actions, click on Properties
  5. Click on Mailbox Features tab
  6. Now we can see all the mailbox features of the user and we can disable or enable each functionality

Figure 13: Managing Mailbox Features at user level
Listing all the users and their features…
In some cases, we have to verify the functionalities that users have, and there is no way to do this user by user. In Exchange Server 2007, this task is very easy, and can be done with a cmdlet called get-casmailbox (figure 14).
Using this cmdlet, we can export the results to a *.csv file and analyze it in Microsoft Excel and generate reports or analyze it any way we want.

Figure 14: All the users with their functionalities through Exchange Management Shell

Using Exchange Management Shell to change user features

To manage features using the Exchange Management Shell, we can use the cmdlet called set-casmailbox, as follows:
Set-casmailbox <User> -OWAEnabled:<Value>
Where: <user> is the user name; <Value> can be $true or $false
To show you the real impact of the use of the Exchange Management Shell, here is an example.
Scenario: We have a company with fifty (50) branch offices and we have to disable MAPI access for all users in Toronto.
How can we do this with the least administrative work?
First of all, we must insure that all the Active Directory information is consistent. In our scenario, all of the users have the attributes City and StateorProvince filled out correctly. One example of this is shown in the Figure 15 through cmdlets get-user | select name, recipientType, City, StateorProvince

Figure 15: Verifying the attributes City, StateorProvince of all the users
If all of the Active Directory information is consistent, we can use the pipe resource on the Windows PowerShell where an output from one command is used as input for another cmdlet.
We will need some specific user attributes that we cannot get through get-mailbox because this cmdlet only returns mailbox information. We will have to use the get-user cmdlet to filter the city attribute from users and combine these results with the set-casmailbox cmdlet.
To resolve this, we can use this subset of cmdlets, as is shown in figure 16.
Get-User | Where-Object { $_.City –eq “Toronto”} | Set-CasMailbox –OWAEnabled:$false

Figure 16: Disabling OWA access of all of the users located in Toronto city and Ontario State, and after that a list of the new user features
Now, let’s check if everything worked as expected. None of the users who had the OWA feature set as disabled will be able to access their mailboxes through Outlook Web Access. We can test it, trying to see if the user Anderson.Patricio can access his mailbox with Outlook Web Access. We can see that everything worked as shown in the next figure (Figure 17).

Figure 17: After authentication, the user receives the message that OWA is disabled

Goto: Managing mailboxes in Exchange Server 2007 (Part 2)