Exchange – Server Reports

Here is some useful ways to get reports of your Exchange environments.

Here is a script that will give you an .html report of your environment: Exchange Server Report Script
*When you run the script it will ask you where you want to save it.

Here is a screenshot of the finished report:

Skærmbillede 2016-05-25 kl. 11.01.56





Here is some useful Powershell Commands for reports:

List All Email Adresses in a .txt file

Get-recipient -resultsize unlimited | select Name -expand emailaddresses > c:\emailadresses.txt

List All Mailbox Sizes in a .html file

Get-MailboxStatistics -server “?” | Sort-Object TotalItemSize -Descending | convertto-html DisplayName,TotalItemSize, ItemCount, LastLogonTime, @{label=”TotalItemSize(MB)”;expression={$_.TotalItemSize.Value.ToMB()}} | set-content c:\mailboxsizes.html

List Mailboxes by mailbox databases

Get-Mailbox | Sort database, name | Format-Table name, database

DPI Settings on RDP Sessions

The DPI settings are the settings that enables you to change the size of all fonts and other UI elements on the computer. But unfortunately, by default, you don’t get to change it through a remote desktop session that runs on a Windows 7 or Windows Server 2008 R2 computer. They are grayed out, like below.


You may want to ask why we need it to change the font size on a remote session. Believe me, when you use a laptop or tablet that runs on a very high resolution like Surface Pro 3, you will need a larger font on a remote desktop session. Otherwise, the font will be too small to read on the screen.

To fix it, you will need a special hotfix from Microsoft.

Download is here.

VBS Scripts – Drives,Printers & Fonts


'Remove Drives


DIM objNetwork,colDrives,i

SET objNetwork = CREATEOBJECT("Wscript.Network")

SET colDrives = objNetwork.EnumNetworkDrives

FOR i = 0 to colDrives.Count-1 Step 2
 ' Force Removal of network drive and remove from user profile 
 ' objNetwork.RemoveNetworkDrive strName, [bForce], [bUpdateProfile]
 objNetwork.RemoveNetworkDrive colDrives.Item(i),TRUE,TRUE

'Connect Drives

On Error Resume Next

Set objNetwork = CreateObject("WScript.Network")
Set objShell = CreateObject("Shell.Application")
brugernavn = objNetwork.UserName

' Attach Share
objNetwork.MapNetworkDrive "H:", "\\Server\Share", TRUE
objShell.NameSpace("H:").Self.Name = "Share"

' Attach User Share
objNetwork.MapNetworkDrive "U:", "\\Server\UserShare\" & brugernavn, TRUE
objShell.NameSpace("U:").Self.Name = brugernavn & "´s dokumenter"


Set objNetwork = CreateObject("WScript.Network")

on error resume next

objNetwork.AddWindowsPrinterConnection "\\Server\Printer1"
objNetwork.AddWindowsPrinterConnection "\\Server\Printer2"

objNetwork.RemovePrinterConnection "\\Server\Printer3"

objNetwork.SetDefaultPrinter "\\Server\Printer1"


Const FONTS = &H14&

Set objShell = CreateObject("Shell.Application")
Set objFolder = objShell.Namespace(FONTS)
objFolder.CopyHere "\\Server\Share\Fonts\HelveticaNeueLTStd-Cn.otf"


Robocopy Scripts – Sync network shares

Robocopy Script 


SET _source=\\Server1\Share1
SET _dest=D:\Shares\Share2

SET _what=/ZB /E
:: /COPYALL :: COPY ALL file info
:: /ZB :: Use restartable mode; if access denied use Backup mode
:: /SEC :: copy files with SECurity
:: /E :: Copy Subfolders, including Empty Subfolders.
:: /PURGE :: Delete dest files/folders that no longer exist in source.
:: /MIR :: MIRror a directory tree - equivalent to /PURGE plus all subfolders (/E)

SET _options=/R:5 /W:5 /XO /TEE /ETA /NDL /NP 
:: /R:n :: number of Retries
:: /W:n :: Wait time between retries
:: /LOG :: Output log file
:: /TEE :: Output to console window, as well as the log file
:: /NFL :: No file logging - don’t log file names
:: /NDL :: No dir logging - don’t log directory names

ROBOCOPY %_source% %_dest% %_what% %_options%

blat.exe -f -to -server -subject "RoboCopy Sync" -body "Robocopy script has completed" -attach RoboCopyLog.txt
:: Remember to copy blat.exe to "%SystemDrive%\Windows\System32\"

:: You can also download RoboMirror

Outlook – Error “The name of the security certificate is invalid or does not match the name of the site.”

Seen in Outlook when connecting to a mailbox on an Exchange Server, its caused by using a self signed certificate OR a purchased certificate, where the internal and external names are different.


1. On the Exchange Server > Start > All Programs > Microsoft Exchange Server {version} > Exchange Management Console. Issue the following four commands;
Exchange 2010 and SBS 2011 (change the values in red)

Set-ClientAccessServer -Identity EXCHANGE-MAIL -AutodiscoverServiceInternalUri

Set-WebServicesVirtualDirectory -Identity “EXCHANGE-MAIL\EWS (Default Web Site)” –InternalUrl

Set-OABVirtualDirectory -Identity “EXCHANGE-MAIL\OAB (Default Web Site)” -InternalURL

Set-ActiveSyncVirtualDirectory -Identity “EXCHANGE-MAIL\Microsoft-Server-ActiveSync (Default Web Site)” -InternalURL

Outlook Anywhere Note

If you intend to use Outlook Anywhere, you may also want to execute the following command. Particularly if you use SBS, which has a habit of setting as the default outside name.

Set-WebServicesVirtualDirectory –Identity ‘EXCHANGE-MAIL\EWS (Default Web Site)’ –ExternalUrl

Exchange 2007 (change the values in red)

Set-ClientAccessServer -Identity EXCHANGE-MAIL -AutodiscoverServiceInternalUri

Set-WebServicesVirtualDirectory -Identity “EXCHANGE-MAIL\EWS (Default Web Site)” -InternalUrl

Set-OABVirtualDirectory -Identity “EXCHANGE-MAIL\oab (Default Web Site)” -InternalUrl

Set-UMVirtualDirectory -Identity “EXCHANGE-MAIL\unifiedmessaging (Default Web Site)” -InternalUrl
For Small Business Server 2008
For SBS 2008 the commands are Different! (the following commands are for Exchange 2007 on SBS 2008 ONLY;

Set-ClientAccessServer -Identity EXCHANGE-MAIL -AutodiscoverServiceInternalUri

Set-WebServicesVirtualDirectory -Identity “EXCHANGE-MAIL\EWS (SBS Web Applications)” -InternalUrl

Set-OABVirtualDirectory -Identity “EXCHANGE-MAIL\oab (SBS Web Applications)” -InternalUrl

et-UMVirtualDirectory -Identity “EXCHANGE-MAIL\unifiedmessaging (SBS Web Applications)” -InternalUrl
Note: where EXCHANGE-MAIL is internal and is external name

2. Then open the IIS Manager Expand Application Pools > MSExchangeAutodiscoverAppPool > Right Click > Recycle.
Note: You may have to enter the FQDN of the server rather than its Netbios name!!

Linux – Expand a Hard Disk with Ubuntu LVM

After you make the additional space available in VMWare/Xen/Hyper-V, first reboot your Ubuntu server so it can see the new free space (commenter Michal, below, points out that you can avoid this restart by asking the kernel to rescan the disk with ‘echo 1 > /sys/class/block/sda/device/rescan’). Then we’ll run the GNU partition editor to examine our disk:

root@myserver:/# parted
GNU Parted 2.2
Using /dev/sda
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) print free
Model: VMware Virtual disk (scsi)
Disk /dev/sda: 42.5GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos 
Number  Start   End     Size    Type      File system  Flags
        32.3kB  32.8kB  512B              Free Space
 1      32.8kB  255MB   255MB   primary   ext2         boot
        255MB   255MB   8192B             Free Space
 2      255MB   16.1GB  15.8GB  extended
 5      255MB   16.1GB  15.8GB  logical                lvm
 3      16.1GB  21.5GB  5365MB  primary
        21.5GB  21.5GB  6856kB            Free Space 
        21.5GB  42.5GB  21.0GB            Free Space <------
You can see your free space, so let’s partition it:

Pick your free space, select New, then choose a Primary or Logical partition. For a small server, it probably doesn’t matter too much, but remember in x86 Linux that you can have a maximum of 4 primary + extended partitions per disk. Beyond that, you’ll need to begin adding logical partitions in your extended partitions.

Select the Write command to create the partition, then (if necessary) reboot your system.

When your system comes back up, check on your new partition:

fdisk-l /dev/sda
Disk /dev/sda: 42.5 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/Osize (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000d90ee
   Device Boot      Start         End      Blocks   Id  System
/dev/sda1*           1          31      248832   83  Linux
Partition 1 does not end on cylinder boundary.
/dev/sda231        1958    15476768    5  Extended
/dev/sda31958        2610     5239185   83  Linux
/dev/sda42610        3608    16815191   83  Linux <-----
/dev/sda531        1958    15476736   8e  Linux LVM 
So now let’s pull it into our LVM configuration. First we’ll create the physical volume:
$ pvcreate /dev/sda4
  Physical volume "/dev/sda4"successfully created
Let’s take a look at our physical volumes:
$ pvdisplay
  --- Physical volume ---
  PV Name               /dev/sda5
  VG Name               ubuntu-1004
  PV Size               14.76 GiB / not usable 2.00 MiB
  Allocatable           yes(but full)
  PE Size               4.00 MiB
  Total PE              3778
  Free PE               0
  Allocated PE          3778
  PV UUID               f3tYaB-YCoK-ZeRq-LfDX-spqd-ggeV-gdsemo
  --- Physical volume ---
  PV Name               /dev/sda3
  VG Name               ubuntu-1004
  PV Size               5.00 GiB / not usable 401.00 KiB
  Allocatable           yes
  PE Size               4.00 MiB
  Total PE              1279
  Free PE               11
  Allocated PE          1268
  PV UUID               rL0QG1-OmuS-d4qL-d9u3-K7Hk-4a1l-NP3DtQ
  "/dev/sda4"is a new physical volume of "20.00 GiB"
  --- NEW Physical volume ---
  PV Name               /dev/sda4
  VG Name
  PV Size               20.00 GiB
  Allocatable           NO
  PE Size               0
  Total PE              0
  Free PE               0
  Allocated PE          0
  PV UUID               uaJn0v-HbRz-YKv4-Ez83-jVUo-dfyH-Ky2oHV 
Now, extend our physical volume group (ubuntu-1004) into our new physical volume (/dev/sda4):
$ vgextend ubuntu-1004 /dev/sda4
  Volume group "ubuntu-1004"successfully extended
The whole purpose of this exercise is to expand the root filesystem, so let’s find our main logical volume:
$ lvdisplay
  --- Logical volume ---
  LV Name                /dev/ubuntu-1004/root
  VG Name                ubuntu-1004
  LV UUID                UJQUwV-f3rI-Tsd3-dQYO-exIk-LSpq-2qls13
  LV Write Access        read/write
  LV Status              available
  # open                 1
  LV Size                19.39 GiB
  Current LE             1892
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently setto     256
  Block device           254:0
Now, let’s extend the logical volume to all free space available:
$ lvextend -l+100%FREE /dev/ubuntu-1004/root
Next, extend the filesystem:
$ resize2fs /dev/mapper/ubuntu--1004-root
Finally, let’s check our free space:
df -h
Filesystem            Size  Used Avail Use% Mounted on
                       39G   14G   24G  37% /   <---- 
none                  495M  176K  495M   1% /dev
none                  500M     0  500M   0% /dev/shm
none                  500M   36K  500M   1% /var/run
none                  500M     0  500M   0% /var/lock
none                  500M     0  500M   0% /lib/init/rw
/dev/sda1             228M  144M   72M  67% /boot

Exchange – Useful Powershell Commands

  • Granting User Rights for Mailbox Exports in Exchange 2010

New-ManagementRoleAssignment -Role “Mailbox Import Export” -User Administrator


New-MailboxImportRequest -Mailbox “Administrator” -FilePath “\\Exchange\Backup_PSTs\administrator.pst”


New-MailboxExportRequest -Mailbox administrator -FilePath “\\Exchange\Backup_PSTs\administrator.pst”


foreach ($i in (Get-Mailbox)) { New-MailboxExportRequest -Mailbox $i -FilePath “\\Exchange\Backup_PSTs\$($i.Alias).pst” }


foreach ($i in (Get-Mailbox -OrganizationalUnit “”)) { New-MailboxExportRequest -Mailbox $i -FilePath “\\Exchange\Backup_PSTs\$($i.Alias).pst” }


Get-MailboxExportRequest | Get-MailboxExportRequestStatistics

  • Full Accesss to All Mailboxes

Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq ‘UserMailbox’) -and (Alias -ne ‘Admin’)} | Add-MailboxPermission -User -AccessRights fullaccess -InheritanceType all


  • List Mailboxes by mailbox databases

Get-Mailbox | Sort database, name | Format-Table name, database

  • Move all mailboxes from one database to another database

1. Launch the Exchange Management Shell > Firstly lets get the names of my Databases, then I can simply copy and paste them into the move mailbox command.


Get-Mailbox -Database “Source Database Name” -ResultSize Unlimited | New-MoveRequest -TargetDatabase “Target Database Name

2. The Mailbox moves should then be queued, depending on how many there are, this can take some time to complete.

3. To check on progress issue the following command;

Get-MoveRequestStatistics -MoveRequestQueue “Target Database Name

4. When complete you should remove the movement requests like so;

Get-MoveRequest | where {$_.status -eq “Completed”} | Remove-MoveRequest

5. That’s all the ‘user’ mailboxes, but your source database server may have system mailboxes in it. These will be either Arbitration mailboxes, or Archive Mailboxes (or both). I don’t have any archive mailboxes, but I do have Arbitration mailboxes. To find out for your databases, use the following commands;

Get-Mailbox -Database “Source Database Name” -Arbitration

Get-Mailbox -Database “Source Database Name” -Archive

6. To move Arbitration and Archive mailboxes, use the following commands;

Get-Mailbox -Database “Source Database Name” -Arbitration | New-MoveRequest -TargetDatabase “Target Database Name

Get-Mailbox -Database “Source Database Name” -Archive | New-MoveRequest -TargetDatabase “Target Database Name

7. You can monitor progress with the same command you used in step 3, and remove the move requests with the same command you used in step 4

Outlook – Manually Set up Office 365

Outlook 2013 (PC) Manually Set up for Office 365

Follow these instructions to do so:

1. Go to Control Panel, and click Mail.
2. Click Show Profiles and then click Add.
3. Type in a friendly name for the profile, and click OK.
4. Click to select the Manual setup, and click Next.
5. Click Microsoft Exchange, and then click Next.
6. In the Server box, enter
7. Make sure that the Use Cached Exchange Mode option is selected.
8. In the User Name box, type your name (Eg; ‘John Smith’) and then click More Settings.
9. Click the Security tab, make sure ‘Encryption’ box is unticked and choose Anonymous Authentication.
10. Click the Connection tab.
11. Make sure that the Connect to Microsoft Exchange using HTTP check box is selected, and then click Exchange Proxy Settings.
12. In the ‘Use this URL to connect to my proxy server for Exchange’ box,
13. Make sure that the ‘Only connect to proxy servers that have this principal name in their certificate’ check box is selected, and enter:
14. Click both ‘On fast networks, connect using HTTP first, then connect using TCP/IP check box, and ‘On slow networks, connect using HTTP first, then connect using TCP/IP’ check boxes.
15. Under Proxy authentication settings, click Basic Authentication.
16. Click OK twice.
17. Click Check Name. You will be prompted to login. Enter your VUW login ID followed by (Eg; Tick the box for ‘Remember my credentials’ .
18. When the server name and the user name are displayed with an underline, click Next.
18. Click Finish.

Remove a Failed/Offline Domain Controller Object.

In this post, I would like to talk about using the ntdsutil utility for metadata cleanup. A domain controller failure ‘DC00’ recently occurred in my lab. Running the repadmin /replsum command confirmed a replication error and showed DC00 as unavailable:


Since a dcpromo was obviously out of the question, I used the Ntdsutil metadata cleanup command to effect the removal in the following steps.

Start the Ntdsutil Tool:

Open a command prompt as an administrator. At the prompt, type ntdsutil and press enter. This put me directly in the ntdsutil mode. Entering ‘help’ shows all the options directly available :


At the Ntdsutil prompt, select and type metadata cleanup command and press enter.

At the metadata cleanup prompt, type connections and press enter.

At the server connections prompt, type connect to server ws2012r2 and press enter. Where ws2012r2 is a domain controller dns name.

After connecting to the domain controller, type quit at the server connections prompt to exit out to the metadata cleanup prompt.

Now at the metadata cleanup prompt, type select operation target and press enter. Entering this mode, will enable me select the sites, domains and servers I intend to work with.



From the help options available at select operation target, select, and type list domains. Press enter.

At the select operation target type select domain 0. Where domain 0 is the intended domain.

At the next select operation target prompt, type list sites and press enter.

At the next select operation target prompt, type select site 0 and press enter.

At the next select operation target prompt, type list servers in site and press enter.

At the next select operation target prompt, type select server 1 where server 1 is the offline domain controller object I intend to remove. Press enter.

At the next select operation target prompt, type quit to exit out to the metadata cleanupprompt.

At the next metadata cleanup prompt, type Remove selected server.




At the ‘Server Remove Confirmation Dialog’, click yes to remove the failed Domain Controller server object.After the removal is successful, I exit out of the ntdsutil tool by typing quit all the way up. I ran the repadmin /replsummary command again to verify and the result shows no replication errors.


I still had to go into the DNS forward lookup and reverse lookup zones to manually remove references to the offline domain controller object.I hope this helps.

To force Replication to all domain controllers from a specified DC.

type this command:

Repadmin /syncall DC_name /APed

Configure Domain Controller to synchronize time with external NTP server


Configure Domain Controller to synchronize time with external NTP server (
UDP port 123 must be open on firewall to allow NTP traffic in and out from this DC.
From DC command prompt type “telnet 123” to test if the port 123 traffic can go out.

Logon to Domain Controller (with PDC role) with Administrator account and open elevated command prompt.

If you have multiple domain controller and don’t know which DC holds PDC role then use following command:

netdom /query fsmo

Type following commands on elevated command prompt

Configure external time sources

w32tm /config /syncfromflags:manual /manualpeerlist:""


Make this DC a reliable time source for the clients.

w32tm /config /reliable:yes

net stop w32time && net start w32time

restart w32 time server, now DC should synchronize time with time servers.

If the DC is not synchronizing time with the external NTP server then check the event logs (Event Viewer >> System). Normally event id 47 which means it is unable to reach the external NTP server, check the firewall to make sure port 123 is open.

Some helpful w32tm commands:

Force synchronizing the time asap

w32tm /resync /nowait
 Check NTP configuration
w32tm /query /configuration
w32tm /query /source

Display time source

w32tm /query /peers
Display list of all configured NTP servers and their status
w32tm /query /status
Display time service status i.e whether it is getting time from local cmso clock/external NTP server

Force domain computers to synchronize the time with the DC; use elevated command prompt

w32tm /config /syncfromflags:domhier /update
net stop w32time && net start w32time

Following commands will reset the time service to default.

net stop w32time
w32tm /unregister
w32tm /register
net start w32time