ExchangePowershell: Difference between revisions

$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -DisableNameChecking

Then to close the session

Remove-PSSession $Session

Hide O365 group from GAL ( as this cannot be done on admin portal )

Set-UnifiedGroup <group> -HiddenFromAddressListsEnabled $true

Install the exchange online management module

Install-Module -Name ExchangeOnlineManagement -RequiredVersion 2.0.3

• Add permission to calendar:
  • This will give a user permissions to another calendar
    • Set-MailboxFolderPermission “CalendarName:\calendar” –User default –AccessRights reviewer

• Send on Behalf
  • This will grant Charles permissions to send on behalf of Gert.
    • Set-Mailbox gert.mailbox -GrantSendOnBehalfTo charles.surname
• Send As
  • This will grant Charles permissions to send as Gert.
    • Add-ADPermission gert.mailbox -ExtendedRights Send-As -user charles.surname
• Full Mailbox Access
  • This will grant Charles full access to Gert's mailbox.
    • Add-MailboxPermission -Identity gert.mailbox -User charles.surname

Add full access permission to all mailboxes to an account:

• Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox') -and (Alias -ne 'Admin')} | Add-MailboxPermission -User UserAccount@domain.com -AccessRights fullaccess -InheritanceType all -AutoMapping:$False

Add Send as permissions to mailboxes:

• $UserMailboxes = Get-Mailbox | Where {$_.RecipientTypeDetails -eq “<Type of mailbox>”}
  • $UserMailboxes | Add-RecipientPermission -AccessRights SendAs –Trustee <identity>

Get all disconnected mailboxes:

• $dbs = Get-MailboxDatabase; $dbs | foreach {Get-MailboxStatistics -Database $_.DistinguishedName} | where {$_.DisconnectReason -eq "Disabled"} | Format-Table DisplayName,Database,DisconnectDate

Reconnect Mailbox:

• Connect-Mailbox -Identity "<mailbox name>" -Database <database shown in previous check> -User "<user name>"

Get mailbox sizes

• Get-Mailbox -ResultSize Unlimited | Get-MailboxStatistics | Sort-Object TotalItemSize -Descending | Select-Object DisplayName,TotalItemSize
• Get-OutlookProvider | fl
• Get-OutlookAnywhere | fl
• Get-ClientAccessServer | fl
• Get-ActiveSyncVirtualDirectory | fl
• Get-AutodiscoverVirtualDirectory | fl
• Get-EcpVirtualDirectory | fl
• Get-OabVirtualDirectory | fl
• Get-OwaVirtualDirectory | fl
• Get-PowerShellVirtualDirectory | fl
• Get-WebServicesVirtualDirectory | fl
• Get-SendConnector | Where-Object {$_.Enabled -eq $true} | fl

Get and assign exchange certificates

Get-ExchangeCertificate | Format-List FriendlyName,Subject,CertificateDomains,Thumbprint,Services

Enable-ExchangeCertificate -Thumbprint <certificate thumbprint> -Services POP,IMAP,IIS,SMTP

Update send and receive connector certificates:

Find out what connectors may need updating with new certificate:

Get-ReceiveConnector | where {$_.TlsCertificateName -like "<certificate name>"}

Get-SendConnector | where {$_.TlsCertificateName -like "<certificate name>"}

Get new certificate:

$cert = Get-ExchangeCertificate -Thumbprint <NewCertificateThumbprint>

Get details required for send/receive connector format:

$tlscertificatename = "<i>$($cert.Issuer)<s>$($cert.Subject)"

Set the certificate for send/receive connector

Set-ReceiveConnector "<ReceiveConnectorName>" -TlsCertificateName $tlscertificatename

Get active backend components

• Get-ServerComponentState <ServerName> | ft Component,State –Autosize

Get Mail Queue

• Get-Queue

Check event viewer for Backpressure events: 15004 15005 15006 15007

• Get-EventLog -ComputerName <servername> -LogName Application -After (Get-Date).AddDays(-1) | where {$_.EventID -eq "15004"}

Check the Database availability groups cmdlet - use to find out if exchange server is the Primary or Secondary

• Get-DatabaseAvailabilityGroup

You can get all the details you need by using the following command:

• Get-DatabaseAvailabilityGroup | fl

• Get-DatabaseAvailabilityGroup -status

Sometimes the witness will fail, you can check the status of the witness by using the cluster resource cmdlet:

• ipmo failoverclusters

• Get-ClusterResource

This will tell you where the witness stores the file. If the DAG finds the resource unrelibale it might mark it as failed - you can restart this by using start-cluster resource:

• Get-ClusterResource | Start-ClusterResource

Get the log for the cluster

• Get-ClusterLog -Destination <File pathway>

For when there is on-prem and O365 mailboxes

- Need a local user in domain for the shared mailbox for permissions

In Office 365:

1. Get-Mailbox nameofmailbox@domain.com | fl ExchangeGuid

Get-Mailbox nameofmailbox@domain.com | fl ExchangeGuid

In Exchange on-premise powershell:

2. Enable-RemoteMailbox nameofmailbox@domain.com -RemoteRoutingAddress nameofmailbox@domain.mail.onmicrosoft.com

3. Set-RemoteMailbox nameofmailbox@domain.com -ExchangeGuid <GUID recorded from step 1>

Clear old problems with hybrid exchange conflicts by removing old mailbox configurations from user objects:

Log into exchange online with connect-exchangeonline:

• Set-User <problem user objectid> -PermanentlyClearPreviousMailboxInfo