This turns out to be somewhat tricky unless you experiment quite a lot with the values and operators, therefore I'm posting the quick solution here for those of you that (like me) like to find what you search for... :o)
If you use the Get-Mailbox cmdlet without parameters you will get all mailboxes listed in a table view like this:
| Name | Alias | ServerName | ProhibitSendQuota |
| ----- | ----- | ---------- | ----------------- |
| John Doe | JohnDoe | Server01 | 50MB |
| Jane Doe | JaneDoe | Server01 | unlimited |
So suppose you want to change the ProhibitSendQuota for all users that currently have a quota of 50MB to 100MB; in my mind the straight forward way to find all users with a 50MB quota would be to apply the filter: ProhibitSendQuota -eq 50MB but that will return exactly nothing...
Instead you have to use sizes like Exchange do (although Get-Mailbox returns the formatted output). So bearing in mind that 50MB in Exchange terms is 50 x 1024 = 51200 the string will look like this:
Get-Mailbox -Filter { ProhibitSendQuota -like 51200 } | Set-Mailbox -ProhibitSendQuota 100MB -UseDatabaseQuotaDefaults $false
Notice that you have to use "-like" instead of "-eq" which would be the more logical operator to use in this case. When setting the new size you can use KB, MB, GB, TB as you please...
The above will look like this in the GUI:
Enjoy...
Over the past couple of months I have worked on more than one project where the customer wanted to create a new forest for the new Exchange 2007 installation. Normally you would migrate users from the old domain(s) with ADMT or another product but in these cases brand new user accounts and mailboxes were desired.
So how do you create all your new users the easiest way? Well, with Exchange Management Shell of course! :o)
First you have to export existing users. Here I will use a Windows Server 2003 domain as an example source domain. I recommend using CSVDE for the export as it will give you a comma delimited file that is easy to manipulate in Excel.
The more time you spend cleaning up your data in Excel, the more time you save later by not having to re-iterate the whole process.
Example: csvde -d "ou=Domain Users,dc=contoso,dc=com" -f DomainUsersOU.txt
Make sure your output file has the ".txt" extension for Excel to be able to detect the content properly.
Now you fire up Excel, open the file and let Excel do its magic after you select comma delimited format.
Select the columns and rows you want to use for the import and get rid of the rest, the example below uses just the most basic fields - you may need to import more fields; e.g. if you have OCS and phone integration you would want to keep the msRTCSIP-Line and msRTCSIP-PrimaryUserAddress fields.
In this example a bunch of random passwords are created and saved in a column called "Password".
Save the file as tab delimited (this will save you a headache later) and use the following script to convert the file to a proper comma delimited format (borrowed from msgoodies):
| $v=new-object system.text.stringBuilder 1000
$input | % {
$v.length=0 # empty sb
$e=$_.split("`t")
$e | % {
$null=$v.append(",")
if ($_[0] -eq "`"" -and $_.endswith("`"")) {
# already quoted - strip them
$_=$_.substring(1,$_.length-2)
}
$null=$v.append('"'+$_.replace('"','""')+'"')
}
$v.tostring().substring(1)
} |
Save the script file as: Convert-TsvToCsv.ps1 (or really, whatever you like)
Syntax for converting: "type tabfile.txt | .\Convert-TsvToCsv.ps1 >csvfile.txt"
Now the fun begins!
Import the file into a variable by running the Import-Csv cmdlet:
$users = Import-Csv csvfile.txt
This will give you a chance to verify the format of the data one last time by simply typing "$users" in the Exchange Management Shell.
Now we need to parse the array of users by using a ForEach loop:
ForEach ($user in $users) { $pass = ConvertTo-SecureString $user.Password -asPlainText -Force; New-Mailbox -UserPrincipalName $user.userPrincipalName -Alias $user.sAMAccountName -Database $user.homeMDB -Name $user.sAMAccountName -DomainController dc01.contoso.com -OrganizationalUnit $user.ou -FirstName $user.givenName -LastName $user.sn -DisplayName $user.displayName -Password $pass -ResetPasswordOnNextLogon $true -WhatIf }
The first part of the command converts the included password to a SecureString format to be able to script the input of the password. The second part creates a new AD domain account and an Exchange 2007 mailbox.
Fields like "homeMDB" will of course need to be manipulated in Excel after the original export. If you use organization wide unique names for databases, you only need to specify the database name here.
The "ou" will not always be populated correctly when exporting but can be derived from the "DN" field by a simple Excel macro. That is, if you want the same OU structure in the destination domain.
After you have tested the script with the "-WhatIf" statement to verify success you can go ahead and remove the "-WhatIf" and create the users in your domain...
Hopefully this will save you some time.... Enjoy!
If you have a Office Communicator Phone Edition (aka. Tanjay) device, you might be wondering why your incoming, outgoing and missed calls as well as voice mails are not showing up in the lists on the device.
For the integration to work, the Tanjay needs to access your mailbox and for this to work it needs to be able to resolve the autodiscover.domain.ext for your domain to an internal server.
So make sure you have published your autodiscover properly in your internal DNS, mapping to your Client Access Server(s).
The Exchange 2007 Client Access Server(s) hosting the Autodiscover service must have the autodiscover.domain.ext as a SAN (Subject Alternate Name) in the certificate assigned to the web site hosting the Autodiscover service.
(Refer to my post on voice mails not submitted to HUB Transport to see syntax for requesting a certificate with SAN's)
Restart the Tanjay for it to pick up the changes faster.
Bonus information: To play voice mails on your Tanjay; VoIP security on your Exchange 2007 UM Dial Plan must be set to "Secured".
To quickly set up a lab for testing phone integration you need at least three servers for OCS and Exchange roles. One additional server is needed for Active Directory and Certificate Authority.
I would recommend using a 64-bit machine installed with Windows Server 2003 x64 and Virtual Server 2005 R2. Virtual Server can then host the Office Communication Server 2007 roles and even the Domain Controller if needed. Exchange Server 2007 will be installed on the host machine (all roles for this setup can co-exist on the same machine).
Then you need a VOIP/SIP gateway, for this documentation I'll be referring to the Audiocodes MP-114 FXO SIP Gateway but other products with same capabilities exist.
Note: The Audiocodes MP-114 product is not supported for enterprise deployment of OCS, the setup described here is only for lab use. Virtualization of OCS2007 is not supported in a production environment.
For this simple lab your existing desk phone will be handled by whatever PBX you have installed and the SIP gateway will "listen in" on a second line that the PBX has been configured to use for the same extension as your desk phone. You can also use a completely different extension for testing.
A very high level diagram of the communication flow in the lab set up will look like this:
Configuring the SIP gateway
First you need to download the OCS compatible .ini file from AudioCodes' web site - you need the "FXO (One-to-One option)" download for this setup.
Follow the quick guide available on the same page for basic setup of the MP-114. (Default IP address of the device may be 10.1.10.10 - it was in my case).
When configuring endpoint phone number, use your full phone number.
I prefer to do as little phone number manipulation as possible in the MP-114 but you need to convert the incoming phone extension into a full E.164 compliant number so it will match your phone number in OCS.
It is by far the easiest to do all your phone number normalization in OCS and just pass on the "finished" number to the MP-114, more about this in the Mediation Server section.
Just let the MP-114 route all inbound calls to your number.
As this is a test setup you may want your desk phone to ring a couple of times before your lab environment kicks in, this can be done by configuring the FXONumberOfRings under http://mp-114/AdminPage to the number of rings you want before the MP-114 reacts.
A good way to see what happens when inbound calls are made is to monitor the ports on the main page of the administration interface. Click the port (Port 3 in this case as only FXO ports should be connected to a PBX), select port settings and then SIP. This way you can see if inbound calls are translated and routed properly (fields are only populated during a call).
The MP-114 will allow you to connect an analog phone directly and use that for dialing in but it makes more sense to connect it to a PBX for testing.
Install Mediation Server
Essential reading before starting is the Enterprise Voice Planning and Deployment Guide.
I assume that you already have an OCS2007 front end server running with client connectivity so just install the Mediation Server role on a different server using the OCS2007 Deployment Wizard.
Configure listening IP address for both Communication Server and Gateway to the servers address. Leave location profile as "(None)" - we'll configure that later.
Next Hop Connections: FQDN of your front end server and IP address of the SIP gateway (MP-114 in this scenario).
Create a certificate for the the server from the same CA as you did for the front end server.
Assign a Line URI telephone number to your users in E.164 format through the OCS2007 console or ADUC; select "Enable Enterprise Voice" and input the full phone number as: "tel:+4544890100" (this is an example number, use one that fits into your numbering scheme).
Configuring Exchange UM
Under Organization Configuration\Unified Messaging:
Create a UM Dial Plan (Shell cmdlets are documented in the deployment guide so I'll show the GUI):
Give the dial plan a name and use as many digits for extension as you desire.
Add the dial plan to the UM server object under Server Configuration\Unified Messaging.
Create a new UM Auto Attendant; simply name it AutoAttendant and select the dial plan you created before. Associate an extension number with your Auto Attendant that doesn't conflict with other numbers. Make sure you enable and speech enable the Auto Attendant by checking the two checkboxes at the bottom.
Run the ExchUCUtil.ps1 script.
This will set permissions on the Exchange Org and UM containers and add the OCS front end server as IP gateway for the UM server.
Don't forget to enable users for UM... ;o)
Configure Mediation Server
Run the Exchange UM Integration Utility (found under: C:\Program Files\Microsoft Office Communications Server 2007\Server\Support\OcsUMUtil.exe on your front end server)
Press "Load Data"
If the list shows your Exchange UM dial plan, press "Add" and select phone number defined in Exchange UM under phone number and "Auto-Attendant" under Contact Type.
Press OK
The tool will say that no matching location profile exists so lets go ahead and create one now:
Right click the forest name in the OCS2007 console, select Properties; Voice Properties
Add a new profile, using the name OcsUMUtil found.
Add as many Normalization Rules to the profile as you need. This is very well documented in the deployment guide but a fast one to get you going:
Name: Local extension
Phone pattern regular expression: ^([1-9]\d{3})$
Translation pattern regular expression: +454489$1
The pattern regular expression will look for any 4 digit number starting with 1-9 and pass it on to the translation as variable $1 - the translation will prefix it with +454489 (so it conforms to E.164 numbering this way OCS can match a 4 digit local extension to the full number you have configured on your OCS/UM users).
Phone Usages and Policies are not very important for this small lab setup just assign "Default Usage" to "Default Policy".
In Routes, create a new route called "Default Route", set the Target regular expression to ".*" to let all numbers that does not match an internal user to be routed. (You can set it to "^\+45" to only allow national calls, other country codes will then fail to route).
Set the gateway address to your Mediation Server and select "Default Usage" under Phone usages.
Assign the Location Profile to the Mediation Server object in the OCS2007 console.
A very good tool to verify that your call routing is working is the Enterprise Voice Route Helper available for download in the Office Communications Server 2007 Resource Kit Tools.
Your OC client should look like this if phone integration is configured properly:
Enjoy...
After you have set up the Exchange Server 2007 UM role in a lab or in production and want to test Auto Attendant functionality by leaving voice mails for one or more users, you may experience that the Auto Attendant plays the greeting and asks for your message but the user doesn't receive anything although everything seems fine.
Voice mails are in fact recorded and will queue up in this directory: C:\Program Files\Microsoft\Exchange Server\UnifiedMessaging\voicemail
This situation can be identified by the following warning in the Application Event log:
Event Type: Warning
Event Source: MSExchange Unified Messaging
Event Category: UMCore
Event ID: 1185
Date: 17-12-2007
Time: 16:32:06
User: N/A
Computer: <Servername>
Description:
The Unified Messaging server was unable to submit a message to Hub Transport server "<Servername>" because the following error occurred: The Unified Messaging server failed to authenticate to the SMTP server: The specified target is unknown or unreachable.
There can be multiple reasons for this, some of these are listed below.
SPN's
If Service Principal Names (SPN) are not registered correctly for your Hub Transport Servers SMTP service, the UM service may fail to identify a usable receive connector and fail to deliver the voice mail.
One scenario where SPN's are registered incorrectly is if receive connectors have been installed on multiple servers (e.g. if the Exchange Organization used to be Exchange Server 2003 and mailboxes and services were migrated to Exchange Server 2007).
To verify that local SPN registration is correct, first run:
setspn -L <Servername>
This will list the locally registered SPN's, there should be only two "SmtpSvc" SPN's:
SmtpSvc/SERVER
SmtpSvc/server.domain.ext
The more likely situation is that another server that no longer has a receive connector installed still have a "SmtpSvc" SPN registered.
To search Active Directory for orphan SPN's, use LDP; connect and bind to AD and press Ctrl-S for the search dialog.
Base Dn: DC=domain,DC=ext
Filter: servicePrincipalName=smtpsvc*
This will result in a list like this:
Getting 2 entries:
>> Dn: CN=OLDSERVER,CN=Computers,DC=domain,DC=ext
5> objectClass: top; person; organizationalPerson; user; computer;
1> cn: OLDSERVER;
1> distinguishedName: CN=OLDSERVER,CN=Computers,DC=domain,DC=ext;
1> name: OLDSERVER;
1> canonicalName: domain.ext/Computers/OLDSERVER;
>> Dn: CN=NEWSERVER,CN=Computers,DC=domain,DC=ext
5> objectClass: top; person; organizationalPerson; user; computer;
1> cn: NEWSERVER;
1> distinguishedName: CN=NEWSERVER,CN=Computers,DC=domain,DC=ext;
1> name: NEWSERVER;
1> canonicalName: domain.ext/Computers/NEWSERVER;
Now use ldp or adsiedit to further drill down on the OLDSERVER object, I find using adsiedit easier as it allows for instant editing if required. If you're not familiar with editing directly on AD objects, get assistance from someone who is!
List the content of servicePrincipalName and verify that no SmtpSvc entry exists if no SMTP service is running on the machine and verify that only the servers' own name is listed for any SPN.
After removing any faulty SPN registrations; restart the Microsoft Exchange Transport Service on your Hub Transport Server. Then restart Microsoft Exchange Unified Messaging to pick up voice mails in the queue.
Certificates
Exchange UM submits the mails with voice content by using TLS, therefore UM may be unable to authenticate to the receive connector on the Hub Transport Server if the servers use the self signed certificate that Exchange supplies upon installation.
Verify what certificates are installed by running:
Get-ExchangeCertificate | ft services,thumbprint,isselfsigned -auto
The result will look somewhat like this:
Services Thumbprint IsSelfSigned
-------- ---------- ------------
IMAP, POP, UM, IIS, SMTP 1234567890ABCDEF1234567890ABCDEF12345678 True
As you can see the only existing certificate is self signed.
Create new certificates for all Exchange Servers in the organization by running this cmdlet:
New-ExchangeCertificate -GenerateRequest -domainname <Server FQDN>, <Server NetBIOS name>[, Server Alias] -FriendlyName <Server FQDN> -privatekeyexportable:$true -keysize 1024 -path c:\certreq.txt
Submit the request file to your internal CA (depending on your Public Key Infrastructure) and save the resulting certificate file as c:\certnew.cer
Then import the certificate by running this cmdlet:
Import-ExchangeCertificate -path c:\certnew.cer | Enable-ExchangeCertificate -services IIS, POP, IMAP, UM, SMTP
Verify again what certificates are installed with Get-ExchangeCertificate.
The result should look like this:
Services Thumbprint IsSelfSigned
-------- ---------- ------------
IMAP, POP, UM, IIS, SMTP ABCDEF1234567890ABCDEF1234567890ABFDEF12 False
IMAP, POP, UM, SMTP 1234567890ABCDEF1234567890ABCDEF12345678 True
As you can see, you now have a non self signed certificate in the certificate store. Remove the self signed certificate by running:
Remove-ExchangeCertificate 1234567890ABCDEF1234567890ABCDEF12345678
Restart Microsoft Exchange Transport and Microsoft Exchange Unified Messaging services and verify if voice mails are delivered.
