We had an issue with our Exchange 2010 outlook or server and for some reasons we had all our user receiving internally and externally duplicated mails with the same message ID.
I know there are third party software we can buy and we are not allowed to do so.
Is there any code we can run on PowerShell to delete all the duplicated mails on the all mailboxes on the server?
thanks
Mes
There is this script (https://gallery.technet.microsoft.com/office/Removing-Duplicate-Items-f706e1cc) which suggested by Microsoft, but you must specify the user mailbox.
Put this script to that destination
C:\Program Files\Microsoft\Exchange\Web Services\1.2
After that use this command:
.\Remove-DuplicateItems.ps1
-Mailbox "user#domain.com"
-Type All
-Impersonation
-DeleteMode HardDelete
-Mode Full
-Verbose
You can change the delete mode to 'SoftDelete' or 'MoveToDeletedItems' etc.
Related
I'm working on a System Service project with SYSTEM privilege (cleaning utility)... It does not interactive with any user interface.
My goal is to check files in "Desktop" and "AppData" folders for any user that exists on the PC.
I'm using NetUserEnum() to get the user list on the PC. Then I want to get the path of each user's Desktop and AppData with SHGetKnownFolderPath(), but I can't find a way to get each user's access token for SHGetKnownFolderPath(). Without a token defined in SHGetKnownFolderPath(), it returns the path for SYSTEM and not specific users.
Q1. How can I get the token of each user for SHGetKnownFolderPath()?
Q2. If no answer for Q1, is there any documented way to get the desktop & appdata path of each user in the PC?
I understand this can be achieved with dirty way ---> Registry key with some string replacement. However, the Registry key method is undocumented, which may easily break in future updates to Windows.
Edit Update:
#RaymondChen Thanks for pointing out that some user profiles may not exist. Also,
About Q1 : #Remy Lebeau provides a solution with LogonUser/Ex(),login to each user with their credentials,might be the only answer that fits the need of Q1.
About Q2 : There might have no documented way to achieve this. The only method might have to stick with Windows Registry (Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders) , as #Remy Lebeau and #Olaf Hess said. I tried to dig more information on Microsoft Community Forum and I got Microsoft would never allow access other users' profile with their native API for security reason. They do not provide APIs that can possibly violate the security rules. Each user profile can only access by its credentials.
btw, I totally understand that "Cleaning utility" aka "Windows-breaking tool", especially when the tool is not being well codded(ex. compatibility problem). For the sake of avoiding to make it become a totally Windows-Destroyer, I tried to use more documented API as possible.
For Windows Vista with SP1 / Server 2008 and better you can query the existing user profiles using the WMI class Win32_UserProfile. This allows you to retrieve the profile path and check whether it is a local or roaming profile and to get status information. The rest (retrieving the paths to APPDATA, DESKTOP, etc.) is likely going to involve reading values straight from the registry (HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders or HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders).
So whenever we get a new employee, we usually have to login to their rds account, open their outlook and give groups or individuals certain permissions / access (reviewer, editor, etc) to their calendar. Is there a way to automate this so the first time they log on these permissions are inherited and saves us the time? Thanks and I hope this is clear enough.
You should look at the Add-MailboxFolderPermission cmdlet in Exchange Management Shell. The account running it will need to have Full Access to the target mailboxes in order to logon to the mailbox and apply the appropriate permissions at the folder level, but that can be granted just before the folder permissions are applied, then removed afterwards.
A week back I upgraded my Exchange environment from E2K10 SP1 to E2K10 SP3.
Since then, I am unable to export mailboxes with New->MailboxExportRequest powershell script. Even though, I'm having right permission to export the mailboxes.
The cmdlet which I'm making use of is this:
New-MailboxExportRequest-Mailbox user-FilePath \\MailServer\PST\user.pst
The above cmdlet is identified and it is has been queued permanently.
Can anyone tell me why this has happened?
Did you have a DAG?
Have you tried to restart the Exchange Mailbox Replication service on all CAS servers to verify the result?
I suggest you to check the status of this mailbox database if it is mounted. You can use the following command to check this.
Get-MailboxDatabaseCopyStatus -Identity "mailbox database name"
Alongside, please make use of the Get-MoveRequestStatistics cmdlet to view full information about move requests.
I'm trying to use impersonation in my application to connect to user mailboxes and add/remove appointments.
I created an account called "EWSAdmin" and ran the following EMS commands on them:
New-ManagementScope -Name:"MyEWSImpersonation" -RecipientRestrictionFilter
{memberofgroup -eq "cn=My User Container,DC=MyDomain,DC=local"}
New-ManagementRoleAssignment -Name:"MyEWSImpersonation" -Role:ApplicationImpersonation
-User:"EWSAdmin#MyDomain.local" -CustomRecipientWriteScope:"MyEWSImpersonation"
Just to confuse the issue, I called my scope EWSImpersonation, too.
When I try to connect to the user's mailbox to view an appointment (Using a third party DLL), I get the following error:
Throwing GeneralException e=The account does not have permission to
impersonate the requested user.
If anybody could help me diagnose this, I'd appreciate it.
Thanks
Nick
We ran into this issue with a different cause, I want to share it here because when searching for the error message this post and a post on TechNet come up, but not the KB Articles that eventually helped us solve the issue.
It turns out that there is a limit to the amount of requests any windows server can do to Active Directory, at some point the NetLogon service just runs out of Threads and all kinds of things start to happen. The process is explained in this blog post and this KB article and this KB article, the fix is pretty simple, increase the number of threads available through a simple change to a Registry key on every CAS server in the Exchange cluster.
The process is simple:
Start Registry Editor.
Locate the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Create the following registry entry:
Name: MaxConcurrentApi
Type: REG_DWORD
Value: Set the value to the larger number, which you tested (any number greater than the default value).
At a command prompt, run net stop netlogon, and then run net start netlogon.
Notes
The maximum value that can be configured depends on the operating system version and whether a hotfix is available.
The maximum configurable setting in Windows Server 2003 is 10.
The maximum configurable setting in Windows Server 2008 (without the hotfix in this article) is 10. With the hotfix, the maximum is 150.
The maximum configurable setting in Windows Server 2008 R2 (without the hotfix in this article) is 10. With the hotfix, the maximum is 150.
If you decide to increase the MaxConcurrentApivalue to greater than 10, the load and the performance of the desired setting should be tested in a nonproduction environment before you implement in production. This is recommended to make sure that increasing this value does not cause other resource bottlenecks.
I know almost nothing about "admin" side of setting up impersonation for EWS but maybe you can take a look at this article and compare your actions with what this guy did to make it work
http://www.thesoftwaregorilla.com/2010/06/exchange-web-services-example-part-3-exchange-impersonation/
in my company admin setup impersonation according to msdn and it works for me so I presume it can't be so hard and probably you missed some steps or maybe that 3rd party dll needs some additional magic.
link to msdn article in case you didn't know it: http://msdn.microsoft.com/en-us/library/bb204095.aspx
It would be nice to have an example for E2010 as it is not as easy as 2007.
Here is an example to creating EWS impersonation for a group. Any member of the group would be impersonated by the service account. Just add additional members to the group as requirements demand. Two steps...create the New Management scope and then the Role assignment.
New-ManagementScope “Scope Name” -RecipientRestrictionFilter {(MemberOfGroup -eq 'CN=group name,CN=Users,DC=Contoso,DC=com')}
New-ManagementRoleAssignment -Name “EWS ROLE NAME” -Role applicationimpersonation -User Domain\Service Account -CustomRecipientWriteScope “Scope Name”
Where “Scope Name” is the management scope created in step one.
We have an Exchange Server running, we're trying to connect with it from an application in another server. Thing is, we have to set some permissions for it to work (we want to access any mailbox with an Administrator mailbox, but we have to set it Full Mailbox Access first). We somehow need to set this for every new user at the moment it's created. Could you tell us how do we do that?
Thanks in advance.
Here is one way to do it.
http://support.microsoft.com/kb/821897
Another way to do this is , type following command in the Exchange Management Shell
Add-MailboxPermission -Identity "" -User "" -AccessRights FullAccess -InheritanceType All
Using Exchange Management Shell commands, you can do many useful things easily.