Glen's Exchange and Office 365 Dev Blog

Hot on the heels of last weeks resubmit tool I decided to rework this a little so it could also be used to resubmit messages from an NDR notification that may have been wrongly addressed. If you have configured your SMTP virtual servers to send a copy of Non delivery Recipients to a mailbox you’ll get a copy of all the NDR’s your server produces. Now in a large environment this is probably next to useless because of the number of messages you may receive but in small companies it may be a reasonable thing to do to allow you catch mis-addressed emails. But once you have received a badly addressed email if you try to resubmit that email from the NDR using Outlook (Resend) the sender address will be set to your email address which may confuse replies. So what this tool does it firstly extracts the original message from the NDR (if possible) and then allows you to specify the proper email address you want to submit it to and it will then resubmit the email so when it arrives at the recipi

I came up with this little application this week to solve one annoying problem I have with a small client that uses an anti-spam application that submits any SPAM it finds to a public folder. As with everything the cheaper the anti-spam software the more chance there will be false positives so occasionally there is a need to go though this public folder and forward any false positives on to the intended receiver. Using the normal Outlook or OWA method will change the reply address’s and also the subject line which is usually also altered by the anti spam program. So what I came up with was two simple ASP pages that could be used to firstly query all the mail in a public folder and then allow an export (which is sometimes useful for checking the X-headers added by this spam program) and also resubmit an email to a desired email address (and allow any fix-up to the subject) buy firstly getting the RFC822 stream of the message via CDOEX and then saving this stream with an added x:sender a

This is one for the Aussie’s and anyone who is managing a server on the East coast of Australia. Because of the Commonwealth games next year the date daylight saving starts on is being brought forward 1 week. If anyone remembers back a similar thing was done for the Olympics in 2000. First thing first is what is the overlap period? this is the period between when the new daylight saving starts and the period where it usually starts. This is between the dates 26/03/2006 and 2/04/2006. The long and short of it is that if your users currently have appointments created within this period including recurring appointments (no patches applied) these appointments are going to be out by 1 hour during this overlap period. Microsoft has released a patch that adds a new timezone to the registry but this patch doesn’t retrospectively fix appointments that already exist only those created after the patch has been applied. Because Timezone information isn’t year specific you now run into the problem

A while ago I wrote this script to audit the Mailbox DACL in a reverse fashion so instead of the normal way where you would see these people have rights to this mailbox it did this person has rights to the following mailbox’s. The one thing this script didn’t check was for Send-as and receive-as rights. These particular rights are extended rights there a good description of what an extended right is here . The bit that is needed for this script is (quoted from that article) “Extended rights are not defined by an access mask. Instead, each extended right is identified by a globally unique identifier (GUID). This GUID corresponds to a controlAccessRight object that is stored in the Extended-Rights container within a forest's Configuration container. An ACE that grants an extended right specifies a GUID corresponding to a particular controlAccessRight object.” The ACE’s themselves that pertain to send-as and receive-as are added to the Active Directory User object Security descriptor

I’ve been playing around a bit more this week with the MSH beta and decided I’d share some of the stuff you can do using the WMI functionality in Monad. To start off here’s some one-liners that can be used to get information from the Exchange 2003 WMI classes. Learning how to do things in monad is a little tricky at the moment other peoples blog’s tend to be the best source of information I worked out the one-liners using a post from Adam Barr’s blog http://www.proudlyserving.com/archives /2005/08/monad_and_wmi.html also the following blog was really useful as well as it has a whole bunch of samples that helped when I got stuck. http://mow001.blogspot.com/ Display the SMTP Message Queues get-wmiobject -class Exchange_SMTPQueue -Namespace ROOT\MicrosoftExchangev2 -ComputerName servername | select-object LinkName,MessageCount,Size Display Mailbox sizes get-wmiobject -class Exchange_Mailbox -Namespace ROOT\MicrosoftExchangev2 -ComputerName servername | select-object MailboxDisplayName,To

I’m a bit fan on using Syslog for monitoring and logging and after putting the new version of MSH on my machine that works with the release version of 2.0 .NET framework (make sure you uninstall any old versions of the monad beta before you install the new framework or your going to be in for some problems) I thought I’d have a go at seeing if I could use my C# code from this post in a monad script. After a little bit of translating and lot of learning I managed to get something that works. It’s about six lines so it’s nice and lean. The good part is you could throw it into a command-let and then use it as a one-liner in another script. The code itself looks like this. This sample sends a USER:Warning Priorty message $SL = New-Object System.Net.Sockets.UdpClient("192.168.1.115", 514) $Message = "<12>date=" + [DateTime]::get_Now().tostring("yyyy-MM-dd") + ",time=" + [DateTime]::get_Now().tostring("hh:mm:ss") $Message = $Message +

Someone asked me a question last week about using the Queue class’s in Exchange 2003 and this got me thinking about link monitors. Link monitors are a little bit old terminology these days although I really used to like the old site and link monitors in Exchange 5.5 especially the visual representation. Now there are monitors on Exchange 2003 and while useful they are really lacking in being able to tell you if there actually is a problem and what that problem might be. So I decided to see if I could build a better link monitor that would one tell me when there is a problem and also let me know in the warning email what that problem might be. Eg if there are lot of messages queuing up send me a dump of what the message queues looks like and tell me what messages are in the queue. Then with any luck I can tell from the email if there really is a problem that I might need to look at or if its just a temporarily large volume of email being sent. Eg the first thing you do when you get a wa

Modifying your own user details via GALMOD or one of it derivates has been around for sometime. I wrote this little app a few years ago at the bequest of a secretary to allow users with non admin rights to modify other people’s details using a WSC Com object. A question came up last week about being able to do this in OWA via a public folder for those users that might be outside your network that may only have access to OWA though a front backend setup etc. Exchange does give you the ability in OWA to register and run your own custom forms (do a search on WSS.forms in the Exchange SDK for more details). So one way of achieving what this person asked to do was to register a custom ASP WSS form and include some ADSI to do the work of modifying the user’s account and phone details. If you’re not running Exchange on a Domain controller (which should be the case for most people bar SBS users) you have to consider delegation issues when your page is going to request the changes be made on

When users are delegated exchange Administrator rights via Exchange System Manager’s delegation wizard these users are assigned specific rights depending on the role that is selected in Active Directory to Exchange objects that are in the configuration partition and the Exchange System objects container in the domain partition. If you want to show which users have been delegated rights via this method its a matter of checking the Access Control Entries in one of the DACL’s associated with one of these containers. Because these are defined roles the accessmask on the ACE will be consistent depending on the role you select. So after a little trial and error the following script can be used to check and display the users that have been assigned rights via the ESM delegation wizard. This script checks the root of the Exchange configuration container in the Active directory Configuration partition Set iAdRootDSE = GetObject("LDAP://RootDSE") strNameingContext = iAdRootDSE.Get(&qu

It seems I’m on a bit of a public folder theme of late. This script came up when I was working on the public folder audit log script unfortunately it was a little wasted but its still a useful sample of how you might go about finding the creator and public folder contacts of a public folder via WebDAV (or it should also work with Exoledb) using the XML security descriptors provided though the http://schemas.microsoft.com/exchange/security/ namespace. Documentation for the XML security descriptor can be found here . Also the appendix of the documentation that comes with Pfdavadmin is also very good if you trying to decode the descriptor. Getting the Folder Creator To get the folder creator via webdav this involves doing a propfind on the http://schemas.microsoft.com/exchange/security/creator property. You should then be able to parse the nt4_compatible_name from the XML that is returned to display the account that created the public folder. If you can’t get the nt4_compatible_name the

I was talking with someone this week about an issue where they wanted to maintain the functionality that existed pre going into native mode on Exchange 2003 that would allow public folders to be mail enabled and hidden from the Address list by default. Now there are a lot of good reasons why this is no longer the default action within Exchange but there are also some reasons why you may want this to still happen on a branch of your public folder tree. An event sink might be an obvious way to go about this but because an event sink can only have a shallow match scope on the default public folder tree there not a good choice for this job unless you only want this to work on one folder and not child folders. What you can do however using the Exchange_PublicFolder WMI class is setup something that will listen for Instance creation events which will happen when a new public folder is created then check the path where the folder is being created and then if you want to have that folder mail

Last week I posted this script that displayed the deleted public folder audit logs. At the time I was working on a extended version that would also show information about the size of the folder that was deleted and number of items, who owned it and who the folder contacts where. I’ve had a little bit of mixed success with this script I was able to do a shallow deleted traversal query using webdav to show the size and number of items of a deleted public folder based on the information in the event log. But this only worked if the parent of the deleted folder still existed. Further more when I tried to do a propfind to work out the owner and folder contacts using the http://schemas.microsoft.com/exchange/security/ xml descriptors. (even though I spent a fair bit of time coming up with some script to work out the contacts) this didn't work. It seems that you can't access the soft deleted folder item directly with a propfind but you can delete and copy them. So the final result wa

One of the new features introduced in ex 2003 sp2 is the ability to track public folder deletes. To turn this on you need to turn diagnostic logging on the public store general category to at least medium. For more details on this see the F1 help and look for the topic “Track Public Folder Deletions”. Once this option is turned on, when someone deletes a public folder Exchange then logs an event of type 9682 into the Application log on the server which tells you which folder was deleted and by whom it was deleted. Having this information in the event log is useful but for reporting purposes and proactive management (eg tracking folders that shouldn’t have been deleted) it’s a little impractical. So what I’ve come up with is a script that queries the eventlog on a server for a specified number of days retrieves any public folder delete entries parses all the values out and creates a CSV file with the result. It also outputs the result to the command line The script itself is very simp

Apart from message tracking logs one of the most useful things you can have when trying to track down message transfer problems are SMTP protocol logs. This is one thing I usually always enable on any Exchange server I’m managing. One of the things that is missing is a way in which you can manage these files over a long period of time if you leave logging enabled (something like the badmail detection and archiving would be nice actually most of the work is already done its just a matter of adaptation). So what I’ve decided to do was put together a script that would first enumerate all the SMTP virtual servers on all Exchange servers within a domain and then report on if logging was enabled, what type of logging is being used, how many logfiles are in the logging directory, how much space the log files are taking up and what the oldest log file in the directory is. Because the log settings for a SMTP VS are stored in the metabase the next part of the script uses the ADSI IIS provider

Now that SP2 is out in the wild and I’m starting to look more at what’s happening with SenderID (by the way if you haven't seen this already there is a great post on SenderID on the Exchange Team Blog). I wanted a way I could aggregate the information that is stored in the SMTP protocol logs so I could see for each domain that is sending me email what are the IP address’s of the mail servers and how many emails do have i recieved from each IP (and do this for a time period say the last 1-2 hours). I’ve had the beta of Monad which is the next version of the Windows Shell that will be in Vista (maybe) and E12 (downloadable for here ) installed on my machine for a while and this seemed like a good task to take it out for a test drive. The main advantage of Monad from my point of view is being able to get access to all the objects in the .NET framework so this means you can finally get access to hashtables in your scripts (Perl users have had this for years). Hashtables are very versa

I’ve had a few questions from people recently asking about the different methods you can mail enable a folder when your running Exchange 2003 in Native Mode. The standard method for mail enabling objects programmatically is to use CDOEXM and the IRecipient Interface . To mail enable a public folder you need to combine this with a little CDOEX like this FolderURL = "http://server/public/folder/" set objFolder1 = createobject("CDO.Folder") objFolder1.DataSource.Open FolderURL, , 3,-1 Set objRecip1 = objFolder1.Getinterface("IMailRecipient") objRecip1.MailEnable objFolder1.DataSource.Save Now because this uses CDOEX which runs over Exoledb it will only work locally on an Exchange server. To do this remotely you can use the Exchange_PublicFolder WMI class I posted a sample of doing the here previously. I was curious at the way Exchange System Manger went about mail enabling folders when you where using this on a remote machine as this obviously wasn’t using

Reporting on rules in mailboxes and public folders can get a little challenging for the humble sysadmin. Because most the time the setting of these rules is out of your control knowing where some rules are forwarding can be a little scary (and in some cases can be against company policy or breach privacy laws). There are a few ways to manipulate rules one of the most often used is the rule.dll which can be used to create and enumerate rules while this is useful it still only offers you the hex value of the binary action property which contains the list of the recipient addresses for a forwarding rule. An active rule in a mailbox or public folders is a special message in a mailbox of type IPM.Rule.Message. In CDO 1.2 you can access these messages by using the hidden messages collection on a folder. If a rule is a forwarding rule then the email address’s the rule is forwarding to gets stored in the PR_RuleMsgActions (0x65EF0102) Mapi Property on that IPM.Rule.Message. Unfortunately this