Monday, February 27, 2012

HowTo Series Sample 1 - Unused Mailbox report for Exchange 2010

The is the first of my samples based on the EWS Managed API and Powershell how to series I've been writing. This one is actually an update to a script i wrote a few years ago to find unused mailboxes on Exchange 2007. This script is designed to be run from within a Remote Powershell session that is already connected to your Exchange 2010 org (or from a Exchange Online/Office365 remote powershell session).

 It uses Get-Mailbox to get all the mailboxes in your org and then it uses the EWS Managed API to connect to each mailbox and makes a query of the Inbox (using a AQS query String) to get all the Email in the mailbox for the last 6 months,  then it queries for all email in the last 6 months that is still marked unread. Then it queries the Sent Email folder for how many email where sent for the last 6 months. (this would only be accurate based on the user behavior of moving messages). Its combines this with the statistics from Get-MailboxStatistics to produce a csv file that would give you a report that looks like


If you want to understand how it works have a read of the How To Series posts and hopefully you should be able to work out how to customize it if you need to for your own environment. The Script as posted uses EWS Impersonation

If you want to customize which mailboxes it reports on then just change the Get-Mailbox line

Get-Mailbox -ResultSize Unlimited | ForEach-Object{  

eg if you want to limit to only checking one server you could use

Get-Mailbox -ResultSize Unlimited -Server servernameblah | ForEach-Object{

You could do similar with other filter properties such as Database or OU

I've posted a downloadable version here

The script itself looks like

  1. ## EWS Managed API Connect Module Script written by Glen Scales  
  2. ## Requires the EWS Managed API and Powershell V2.0 or greator  
  3. $RptCollection = @()  
  4. ## Load Managed API dll  
  5. Add-Type -Path "C:\Program Files\Microsoft\Exchange\Web Services\1.2\Microsoft.Exchange.WebServices.dll"  
  6.   
  7. ## Set Exchange Version  
  8. $ExchangeVersion = [Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2010_SP1  
  9.   
  10. ## Create Exchange Service Object  
  11. $service = New-Object Microsoft.Exchange.WebServices.Data.ExchangeService($ExchangeVersion)  
  12.   
  13. ## Set Credentials to use two options are availible Option1 to use explict credentials or Option 2 use the Default (logged On) credentials  
  14.   
  15. #Credentials Option 1 using UPN for the windows Account  
  16. $psCred = Get-Credential  
  17. $creds = New-Object System.Net.NetworkCredential($psCred.UserName.ToString(),$psCred.GetNetworkCredential().password.ToString())  
  18. $service.Credentials = $creds      
  19.   
  20. #Credentials Option 2  
  21. #service.UseDefaultCredentials = $true  
  22.   
  23. ## Choose to ignore any SSL Warning issues caused by Self Signed Certificates  
  24.   
  25. ## Code From http://poshcode.org/624  
  26. ## Create a compilation environment  
  27. $Provider=New-Object Microsoft.CSharp.CSharpCodeProvider  
  28. $Compiler=$Provider.CreateCompiler()  
  29. $Params=New-Object System.CodeDom.Compiler.CompilerParameters  
  30. $Params.GenerateExecutable=$False  
  31. $Params.GenerateInMemory=$True  
  32. $Params.IncludeDebugInformation=$False  
  33. $Params.ReferencedAssemblies.Add("System.DLL") | Out-Null  
  34.   
  35. $TASource=@' 
  36. namespace Local.ToolkitExtensions.Net.CertificatePolicy{ 
  37. public class TrustAll : System.Net.ICertificatePolicy { 
  38. public TrustAll() { 
  39. } 
  40. public bool CheckValidationResult(System.Net.ServicePoint sp, 
  41. System.Security.Cryptography.X509Certificates.X509Certificate cert, 
  42. System.Net.WebRequest req, int problem) { 
  43. return true; 
  44. } 
  45. } 
  46. } 
  47. '@  
  48. $TAResults=$Provider.CompileAssemblyFromSource($Params,$TASource)  
  49. $TAAssembly=$TAResults.CompiledAssembly  
  50.   
  51. ## We now create an instance of the TrustAll and attach it to the ServicePointManager  
  52. $TrustAll=$TAAssembly.CreateInstance("Local.ToolkitExtensions.Net.CertificatePolicy.TrustAll")  
  53. [System.Net.ServicePointManager]::CertificatePolicy=$TrustAll  
  54.   
  55. ## end code from http://poshcode.org/624  
  56.   
  57.   
  58. function CovertBitValue($String){  
  59.     $numItempattern = '(?=\().*(?=bytes)'  
  60.     $matchedItemsNumber = [regex]::matches($String$numItempattern)   
  61.     $Mb = [INT64]$matchedItemsNumber[0].Value.Replace("(","").Replace(",","")  
  62.     return [math]::round($Mb/1048576,0)  
  63. }  
  64.   
  65. Get-Mailbox -ResultSize Unlimited | ForEach-Object{   
  66. $MailboxName = $_.PrimarySMTPAddress.ToString()  
  67. "Processing Mailbox : " + $MailboxName  
  68. if($service.url -eq $null){  
  69.     ## Set the URL of the CAS (Client Access Server) to use two options are availbe to use Autodiscover to find the CAS URL or Hardcode the CAS to use  
  70.   
  71.     #CAS URL Option 1 Autodiscover  
  72.     $service.AutodiscoverUrl($MailboxName,{$true})  
  73.     "Using CAS Server : " + $Service.url   
  74.       
  75.     #CAS URL Option 2 Hardcoded  
  76.     #$uri=[system.URI] "https://casservername/ews/exchange.asmx"  
  77.     #$service.Url = $uri    
  78. }  
  79.   
  80.   
  81. $rptObj = "" | select  MailboxName,Mailboxsize,LastLogon,LastLogonAccount,Last6MonthsTotal,Last6MonthsUnread,LastMailRecieved,Last6MonthsSent,LastMailSent  
  82. $rptObj.MailboxName = $MailboxName  
  83.   
  84. $service.ImpersonatedUserId = new-object Microsoft.Exchange.WebServices.Data.ImpersonatedUserId([Microsoft.Exchange.WebServices.Data.ConnectingIdType]::SmtpAddress, $MailboxName)  
  85.   
  86.   
  87. $Range = [system.DateTime]::Now.AddMonths(-6).ToString("MM/dd/yyyy") + ".." + [system.DateTime]::Now.ToString("MM/dd/yyyy")   
  88. $AQSString1 = "System.Message.DateReceived:" + $Range   
  89. $AQSString2 = $AQSString1 + " and isread:false"  
  90. $folderid= new-object Microsoft.Exchange.WebServices.Data.FolderId([Microsoft.Exchange.WebServices.Data.WellKnownFolderName]::Inbox,$MailboxName)     
  91. $Inbox = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($service,$folderid)  
  92.   
  93. $folderid= new-object Microsoft.Exchange.WebServices.Data.FolderId([Microsoft.Exchange.WebServices.Data.WellKnownFolderName]::SentItems,$MailboxName)     
  94. $SentItems = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($service,$folderid)  
  95.   
  96. $ivItemView = New-Object Microsoft.Exchange.WebServices.Data.ItemView(1)  
  97.   
  98. $MailboxStats = Get-MailboxStatistics $MailboxName  
  99. $ts = CovertBitValue($MailboxStats.TotalItemSize.ToString())  
  100. "Total Size : " + $MailboxStats.TotalItemSize  
  101. $rptObj.MailboxSize = $ts  
  102. "Last Logon Time : " + $MailboxStats.LastLogonTime  
  103. $rptObj.LastLogon = $MailboxStats.LastLogonTime  
  104. "Last Logon Account : " + $MailboxStats.LastLoggedOnUserAccount  
  105. $rptObj.LastLogonAccount = $MailboxStats.LastLoggedOnUserAccount  
  106. $fiResults = $Inbox.findItems($AQSString1,$ivItemView)  
  107. $rptObj.Last6MonthsTotal = $fiResults.TotalCount  
  108. "Last 6 Months : " + $fiResults.TotalCount  
  109. if($fiResults.TotalCount -gt 0){  
  110.     "Last Mail Recieved : " + $fiResults.Items[0].DateTimeReceived  
  111.     $rptObj.LastMailRecieved = $fiResults.Items[0].DateTimeReceived  
  112. }  
  113. $ivItemView = New-Object Microsoft.Exchange.WebServices.Data.ItemView(1)  
  114. $fiResults = $Inbox.findItems($AQSString2,$ivItemView)  
  115. "Last 6 Months Unread : " + $fiResults.TotalCount  
  116. $rptObj.Last6MonthsUnread = $fiResults.TotalCount  
  117. $ivItemView = New-Object Microsoft.Exchange.WebServices.Data.ItemView(1)  
  118. $fiResults = $SentItems.findItems($AQSString1,$ivItemView)  
  119. "Last 6 Months Sent : " + $fiResults.TotalCount  
  120. $rptObj.Last6MonthsSent = $fiResults.TotalCount  
  121. if($fiResults.TotalCount -gt 0){  
  122.     "Last Mail Sent Date : " + $fiResults.Items[0].DateTimeSent  
  123.     $rptObj.LastMailSent = $fiResults.Items[0].DateTimeSent  
  124. }  
  125. $RptCollection +=$rptObj  
  126. }  
  127. $RptCollection | Export-Csv -NoTypeInformation  c:\temp\unreadReport.csv  

24 comments:

Anonymous said...

Thanks for this great script, but it doesn't work correctly for me.

Error message: FolderId can't be converted to type Microsoft.Exchange.WebServices.Data.Mailbox

the type is Microsoft.Exchange.Data.SmtpAddress

Best regards,
Marius

Glen said...

If your running this directly in the Exchange Management Shell vs a Remote powershell session you need to modify the following line

$MailboxName = $_.PrimarySMTPAddress

to

$MailboxName = $_.PrimarySMTPAddress.ToString()

Cheers
Glen

scurlaruntings said...

ForEach-Object : Exception calling "AutodiscoverUrl" with "2" argument(s): "The
Autodiscover service couldn't be located."
At C:\scripts\Unreadscp.ps1:36 char:51
+ Get-Mailbox -ResultSize Unlimited | ForEach-Object <<<< {
+ CategoryInfo : NotSpecified: (:) [ForEach-Object], MethodInvoca
tionException
+ FullyQualifiedErrorId : DotNetMethodException,Microsoft.PowerShell.Comma
nds.ForEachObjectCommand

I get the above error when running this script Glen. Autodiscover is configured correct. Any ideas?

Glen said...

Check the Credentials your using this is generally caused by bad credentials. Eg try using the UPN for the username of the account your using.

scurlaruntings said...

Thanks Glen. Ok i changed it to the UPN instead but am not getting this? As you can see it says there a value at the line that is nulled out?


Pipeline not executed because a pipeline is already executing. Pipelines cannot
be executed concurrently.
+ CategoryInfo : OperationStopped: (Microsoft.Power...tHelperRuns
pace:ExecutionCmdletHelperRunspace) [], PSInvalidOperationException
+ FullyQualifiedErrorId : RemotePipelineExecutionFailed

Pipeline not executed because a pipeline is already executing. Pipelines cannot
be executed concurrently.
+ CategoryInfo : OperationStopped: (Microsoft.Power...tHelperRuns
pace:ExecutionCmdletHelperRunspace) [], PSInvalidOperationException
+ FullyQualifiedErrorId : RemotePipelineExecutionFailed

ForEach-Object : You cannot call a method on a null-valued expression.
At C:\scripts\Unreadscp.ps1:36 char:51
+ Get-Mailbox -ResultSize Unlimited | ForEach-Object <<<< {
+ CategoryInfo : InvalidOperation: (ToString:String) [ForEach-Obj
ect], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull,Microsoft.PowerShell.Commands
.ForEachObjectCommand

Glen said...

Are you running this from a Remote powershell session or trying to run it directly on the server. I've set the script to run from remote powershell but if your trying to run this within the EMS then you need to change

$MailboxName = $_.PrimarySMTPAddress

to

$MailboxName = $_.PrimarySMTPAddress.ToString()

Cheers
Glen

scurlaruntings said...

Im running it from EMS. The line you specified already contains that value?

Anonymous said...

Hi Glenn,

Great Post!! I had to adjust some things though... First I adjusted $Range to the proper DateFormat for my country otherwise it wil fail.
Second I adjusted line 61 $AQSString2 into: $AQSString1 + " and isread:false" (Mark isread instead of unread, otherwise it won't work)

The only thing I got not working at the moment is run the script in Windows 7. The exact same script works on Windows 2008 R2 but wil fail on my Windows 7 Ent. x64 with the following error:

Exception calling "Bind" with "2" argument(s): "The request failed. De onderliggende verbinding is gesloten: Bij verzending is een onverwa
chte fout opgetreden."
At \\Netapp01\HOMEDIR$\rtiel\Desktop\test2b - kopie.ps1:30 char:61
+ $Inbox = [Microsoft.Exchange.WebServices.Data.Folder]::Bind <<<< ($service,$folderid)
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException

Cheers Remco

Anonymous said...

Hi Glen,

One more question (I thought I got it all working)
The administrator account is the account wich connects to all mailboxes (impersonation) and retrieves the info. For some reason for every mailbox it will search the administrator account retrieves it's own unread mail, so Last 6 Months Unread is for every mailbox the same. The last Logon Time/Accoutn etc is correct for each mailbox. Any idea how to fix this?

Thnx Remco

Glen said...

Good point about unread that would only work on English versions you should use the conical System.IsRead the other part of the script was a bug i had fixed in the download but hadn't updated.

Is sounds like you may not have impersonation setup properly check http://msdn.microsoft.com/en-us/library/bb204095.aspx

Cheers
Glen

Anonymous said...

Thnx for your reply! I got the script (use the same script on several machine's) working on one 2008 R2 server while it fails on my Windows 7 and other servers. I'm gettng bold of this one :-). I've setup the impersonation correctly though...
I will look in to it further next week.

By the way, thumbs up for the great scripts!!

Cheers Remco

Anonymous said...

I keep getting this error. Any suggestions? (line 62 and 65)

Exception calling "Bind" with "2" argument(s): "The request failed. The underlying connection was closed: An unexpected error occurred on a send."

Glen Scales said...

Remove the following line

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

Add this block in its place

## Code From http://poshcode.org/624
## Create a compilation environment
$Provider=New-Object Microsoft.CSharp.CSharpCodeProvider
$Compiler=$Provider.CreateCompiler()
$Params=New-Object System.CodeDom.Compiler.CompilerParameters
$Params.GenerateExecutable=$False
$Params.GenerateInMemory=$True
$Params.IncludeDebugInformation=$False
$Params.ReferencedAssemblies.Add("System.DLL") | Out-Null

$TASource=@'
namespace Local.ToolkitExtensions.Net.CertificatePolicy{
public class TrustAll : System.Net.ICertificatePolicy {
public TrustAll() {
}
public bool CheckValidationResult(System.Net.ServicePoint sp,
System.Security.Cryptography.X509Certificates.X509Certificate cert,
System.Net.WebRequest req, int problem) {
return true;
}
}
}
'@
$TAResults=$Provider.CompileAssemblyFromSource($Params,$TASource)
$TAAssembly=$TAResults.CompiledAssembly

## We now create an instance of the TrustAll and attach it to the ServicePointManager
$TrustAll=$TAAssembly.CreateInstance("Local.ToolkitExtensions.Net.CertificatePolicy.TrustAll")
[System.Net.ServicePointManager]::CertificatePolicy=$TrustAll

## end code from http://poshcode.org/624

And that should fix it (Make sure you close any existing power shell sessions before testing it)

Cheers
Glen

Anonymous said...

Superb, thank you very much! I noticed that the report "lastlogon" field gets set to the time the script was ran against that account. Is there a way to do this without changing the lastlogon timestamp? I have created a seperate AD Audit script that references the user's lastlogontimestamp. Is this time stamp different from the one in AD?

Glen Scales said...

No because basically when you access the Mailbox content via any Mailbox API the lastlogon will be updated. Yes its different from AD the lastlogon in Exchange is the last-time the mailbox was access in AD its the last-time the account was logged onto.

Cheers
Glen

CP said...

While this reply may be a little late, I wanted to share my findings as hopefully it can help someone else as much as this blog has helped me.

I too got the "Pipeline not executed because a pipeline is already executing" error, and it was not related to the SMTP ToString as indicated above. The problem was due to a known issue with executing a ForEach whilst processing additional cmdlets in the loop, or something (discovered in this thread http://social.technet.microsoft.com/Forums/en-US/exchangesvradminlegacy/thread/8600edfa-fa06-4f7b-bee0-9a2d95381f78).

The fix is to change this:

Get-Mailbox -ResultSize Unlimited | ForEach-Object{

To this:

$MailBoxes = Get-Mailbox -ResultSize Unlimited
$MailBoxes | ForEach-Object{


Once impersonation is setup, script works like a dream. Excellent scripting, Glen. Very impressed.

Jeff Marsh said...

Hi Glenn

I've managed to get the script running, but all the data is showing 0 (last 6 months, last 6 months sent and last 6 months unread). I've followed the impersonation configuration instructions, but still noluck.

Cheers

Anonymous said...

Thank you

Juan Echeverry said...

Hi Glenn,
i am trying to run the script from the EMC and i keep getting the same error, i have tried using the username on the UPN format, domain\uid and just uid and password, and regardless of how i do it i get the same error, i also confirm that i can access the EWS directory from a browser and using an EWS editor, i am using the option to specify the CAS, is there anything else that i need to modify on the script??

ForEach-Object : Exception calling "Bind" with "2" argument(s): "The request failed. The remote server returned an erro
r: (401) Unauthorized."
At C:\Unreadscp.ps1:65 char:51
+ Get-Mailbox -ResultSize Unlimited | ForEach-Object <<<< {
+ CategoryInfo : NotSpecified: (:) [ForEach-Object], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException,Microsoft.PowerShell.Commands.ForEachObjectCommand


Anonymous said...

Hi,

I used New-ManagementRoleAssignment –Name:impersonationAssignmentName –Role:ApplicationImpersonation –User:myadminaccount
for impersonation. I still get the error message:

ForEach-Object : Exception calling "Bind" with "2" argument(s): "The request failed. The remote server returned an erro
r: (401) Unauthorized."
At C:\temp\Unreadscp\Unreadscp.ps1:65 char:51
+ Get-Mailbox -ResultSize Unlimited | ForEach-Object <<<< {
+ CategoryInfo : NotSpecified: (:) [ForEach-Object], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException,Microsoft.PowerShell.Commands.ForEachObjectCommand

Did I use the correct parameter in setting up impersonation ?

Glen Scales said...

Does the account your trying to use for impersonation have a Mailbox you can't use non mailbox Eanbled account with impersonation. Your not getting a impersonation error you getting an error that indicate the user account details are wrong or you don't have access to Exchange. Impersonation will take up to 15 minutes to apply due to replication as well

Cheers
Glen

Anonymous said...

I see, my admin account does not have a mailbox. So should I create a mailbox for that account and then it should work ?

Thanks for your help
Thomas

Anonymous said...

I created a mailbox for my admin account and waited a few hours, still get the same error message. Any other reasons that could cause this ?
Thomas

Anonymous said...

any chance you have a version of this for Exchange 2013?