Jul 8 2009

Exchange 2007: Purge mailboxes

With 2003 Exchange purging users was super simple through the GUI, you simply ran your clean up agent after deleting the mailbox and then you saw the disconnected mailbox then right click and purge, it was effortless. 2007 is certainly not effortless but its not all that hard either, you just have to start using more PowerShell, which is not such a bad thing, so here is how:

Step 1

First thing is first, Find the mailbox you wish to delete within the console, once you have located the account right click and choose remove, be warned this will also remove the AD account associated with the mailbox if you only want to remove the mailbox then choose disable.

Ok so you have now disconnected the mailbox you can no longer see this in the mailbox list, and there is a good chance you cant see it in the disconnected Mailbox just yet either.

Step 2

Open PowerShell and run this


This command will show you your database name, copy the database name and then issue the below command, replacing the MailboxDatabaseHere with your database name

Step 3

Clean-Mailboxdatabase "MailboxDatabaseHere"

This clean-Mailbox database is the same as the clean up agent that was found in 2003’s GUI, once you have successfully ran this command go back to the GUI and see if you can see the mailbox you removed in the ‘Disconnected Mailbox’, once you can see it you will be able to delete the mailbox if not see step 5.

Step 4

If you are unlucky and you cant yet see it then hit refresh in the right pane…. Still cant see it ok, open PowerShell once again and run the below command:

Get-MailboxStatistics | Sort-Object DisplayName -Descending | ft DisplayName,@{label="TotalItemSize(KB)";expression={$_.TotalItemSize.V alue.ToKB()}},ItemCount

This will return a list of all mailboxes in alphabetic order


With this list locate the mailbox you have just removed, and take note of the ‘DisplayName’

Step 5

Now that we can see the mailbox here we need can then purge the mailbox do this by running the below command be sure to change ‘MailboxDatabaseHere’ to your Exchange database and also change the ‘DisplayName’ to your account name, found using the above script.

Remove-Mailbox -Database "MailboxDatabaseHere" –StoreMailboxIdentity DisplayName -confirm:$true

That’s it your mailbox is no longer you have successfully purged it, not so hard after all.

Mar 3 2009

Exchange 2007 Offline Address Book (OAB) keeps asking for authentication

If you are getting a constant authentication box pop up for your users when outlook is trying to connect to the Offline Address book, then read on, I am sure this will help you:

First thing is first make sure you have a vaild OAB

1. open Exchange Management console

2. open organization Configuration > Go to mailbox > choose Offline address book tab.

3. Make sure you have at least one address book here if not create one.

4. Right click on the address book go to properties > distribution Tab . ensure all boxes are ticked. > click on the ADD here you need to locate the appropriate server. > hit Ok.

5. You should be back to the OAB listings, if you have more then one that’s fine leave them for the time being, but choose the one you would like to be the default OAB and right click on it and choose ’set as default’

6. Now we need to update this OAB, right click on the default OAB you have created and then choose ‘update’

7. to ensure that the OAB has updated go to the event viewer and check the application log.

If you get a successful update great move on to step 9

if you get a warning with this event log below:

Log Name:      Application
Source:        MSExchangeSA
Date:          3/03/2009 9:10:24 AM
Event ID:      9320
Task Category: OAL Generator
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      server.domain.com.au
OALGen could not generate full details for some entries in the offline address list for address list ‘\Global Address List’.  To see which entries are affected, event logging for the offline address list generator must be set to at least medium.
- xxxxxxx Offline Address Book
Event Xml:
<Event xmlns="
    <Provider Name="MSExchangeSA" />
    <EventID Qualifiers="32768">9320</EventID>
    <TimeCreated SystemTime="2009-03-02T22:10:24.000Z" />
    <Security />
    <Data>\Global Address List</Data>
    <Data>xxxxxx Offline Address Book</Data>


You need to set the event logging a little higher to do this open up the exchange powershell console and run the below command:

Set-EventLogLevel -Identity "MSExchangeSA\OAL Generator" -Level Expert

Now repeat step 7

you should now have some errors

event ID: 9330 MSExchangeSA

OALGen encountered error 80040115 (internal ID 50004ef) accessing Active Directory servername for ”.
- /o=Elcom Technology Pty Ltd/cn=addrlists/cn=oabs/cn=xxxxxx Offline Address Book



Event ID 9334 MSExchangeSA

OALGen encountered error 80040115 while initializing the offline address list generation process. No offline address lists have been generated. Please check the event log for more information.
- /o=Elcom Technology Pty Ltd/cn=addrlists/cn=oabs/cn=xxxxx Offline Address Book


8. If these are the same kind of errors you must open ADSIedit (only included in the support package supplied by micorosft)

once you have installed the support tools

start > run > adsiedit.msc

go to

Using ADSIEdit:
1. Navigate to the ‘Default Global Address List’ object
CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Domain,DC=local
2. Go to the properties of the ‘Default Global Address List’ object
3. Copy the distinguishedName attribute of the ‘Default Global Address List’.
It should look similar to the one below.
CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Domain,DC=local
4. Navigate to the ‘Microsoft Exchange’ container.
CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Domain,DC=local
5. Go to properties of the ‘Microsoft Exchange’ container
6. Select the GlobalAddressList attribute and click Edit.
7. Paste in the distinguishedName attribute of the ‘Default Global Address List’ and click Add
8. Click OK twice to close out of the properties.
9. Replicate domain controllers
10. Rebuild the OAB again

above taken from http://forums.msexchange.org/m_1800488370/tm.htm


9. Check your permissions on your OAB go to c:\Program Files\Microsoft\Exchange Server\Client Access\OAB\ find the correct GUID that related to your OAB, right click on the GUID and then go to the security tab. Ensure that administrators and system have full control and authenticated users have only read access. (leave the other permissions)

—- you can use this command to find out

get-offlineaddressbook | fl > c:\OAB_Version.txt


10. Ensure that the OAB has populated with an XML file you can find this in :\Program Files\Microsoft\Exchange Server\Client Access\OAB\GUID_here\oab.XML.

If you have not got an XML file the OAB has not populated revist your event viewer.


11. Now in IIS you should have an OAB virtual directory if you do not you must create this use the below

New-OABVirtualDirectory -DomainController <Fqdn> -ExternalUrl <Url> -InternalUrl <Url> -Path <String> -PollInterval <Int32> -RequireSSL <$true | $false> -Server <ServerIdParameter> -WebSiteName <String>

more info here: http://technet.microsoft.com/en-us/library/aa996917.aspx

If you do already have the virtual directory Change that virtual directory to an application.

That’s it, everything should work now!

this took me 2 days to work out and all it really was, was that darn virtual directory set by MS as default.

I hope I save someone the pain and frustration I went through with solving this.

Feb 23 2009

Enable Pop on Exchange Server 2007

We have just finished our Exchange 2007 server migration and it went rather well, however there where a few  things that I thought I would share that had me stumped for a while.

So Exchange 07 doesn’t initialise Pop by default, while you will see all accounts will be enabled for Pop by default, but the pop service must be started

there are 2 ways of doing this

1. through the GUI


2. Through powershell

Seems like powershell is the best method, why? Simply because exchange 07 relies heavily on powershell so its a good place to familiarise yourself if you haven’t started already.


through the GUI

start > run type ’services.msc’ > find ‘Microsoft Exchange POP3′ and start this

You will also want to change it from manual to Automatic if you have server 08 you may also want to change this to auto (delayed start) I have done this as Pop is not as vital as other services on the exchange.

Through powershell – Exchange console (recommenced)

set-service msExchangePOP3 -startuptype automatic

start-service -service msExchangePOP3


No that should be about it, your ready to go that’s not so hard at all.

BUT if you have configured this and you are getting the authentication box constantly popup as if its not authenticating then your not finished read on:

First this is first go to the mailbox and ensure that the mailbox has POP enabled.


through the GUI

Recipient Configuration > Mailbox > find your mail box and then right click properties > Mailbox features you can enabled and disable here


Through Console

set-CASMailbox -Identity MailboxNameHere -popEnabled $true


If this is enabled then your authentication is set incorrectly.

"Under a default Exchange 2007 installation, IMAP and POP3 only work when the connection from the client is secured. For many organizations, this is not a desirable configuration."

We must allow for allow plain text logins

this can only be done as far as I know through the console using the below command


Set-PopSettings -LoginType PlainTextLogin

Now for this to take effect you must restart your ‘Microsoft Exchange POP3′ Service.


Now you can enjoy pop again.

Jan 30 2009

Prepare for 2007 Exchange Server install

I thought I would blog about this, because we had so many issues, and I found Microsoft’s documentation to be rather poor on this occasion.

However it does explain the steps that need to be done in order to prepare (just not how to execute them easily)

So best to start with a quick read of the article


If you’re not patient and want to skip (little like me) then the steps are in short.


  1. setup /PrepareLegacyExchangePermissions: <domain name here>
    setup /pl <domain name here>
  2. Setup /PrepareSchema
    setup /ps
  3. Setup /PrepareAD [/OrganizationName: <organization name> ]
    setup /p [/on:<organization name>]
  4. Setup /PrepareDomain
    setup /pd


In order to run these commands you must run them from the command prompt on a server that is apart of the domain you are preparing, ensure you have the exchange 07 cd in the dvd drive and <DVD drive letter> then dir ensure you see the ’setup.exe’ and ’setup.com’ files in the DVD drive these should be in the root directory of the DVD


Now run the commands.

If you are unlucky like me you will get a few errors like:

"Exchange 2007 cannot be used with the version of Windows operating system running on this computer."

there are 2 possible reasons that this could happen for

you are trying to run the setup file which is a x64 bit file on a x86 system, you can not do this.

the other reason is that you are running the setup commands on a 2008 server, and you may be running exchange 2007 install not the exchange 2007 SP1. (2008 server requires SP1)

So if you are like us in the postion where you have many x64 bit 2008 servers but no x64 2003 servers then you’re going to have to download the 32 bit Exchange 2007 Management tools

get it from here:


the download is an EXE so I suggest installing winRAR and extracting it rather than installing it (unless you will use it), once extracted you will have the setup files, you can now run all of your prep on a x86 system.


Another good resource is this: http://support.microsoft.com/default.aspx/kb/555854