Category Archives: MS Exchange server

Exchange 2010 to Exchange 2016 mailbox move useful Powershell cmdlets

It is time to migrate last Exchange 2010 servers as they are going end of support soon …
As I am doing this migrations I just wanted to put some Powershell cmdlets into this blog post that can be useful when doing it.

If you want to speed up things a bit:

New-MoveRequest -Identity “” -TargetDatabase “DBEX1601” -Priority Emergency

If you want to check status of your requests:


If you want to remove completed move requests you can do:

Get-MoveRequest -MoveStatus Completed | Remove-MoveRequest

If you want to get more information about the moves you can try:

Get-MoveRequest | Get-MoveRequestStatistics | Sort-Object PercentComplete -Descending



Get e-mail alert for failed logon attempt on Outlook Web Access (OWA)

Just for fun I tried to establish a mechanism that will allow me to get information for failed logon attempt on Outlook Web Access (OWA).

If you open event viewer on your CAS server (where OWA is located) you can find out that failed requests are logged with Event ID 4625.

In general information you can find interesting things like – username which was used and IPv4 or IPv6 address from where the attempt was made.
All you need to do is to Attach task to this event
As all other actions are deprecated you should use the option to Start a program – here we will run a Powershell script to do the job.
We need to create a PS1 (powershell script) with content:

$EventMessage = get-winevent -FilterHashtable @{Logname=’Security’;ID=4625} -MaxEvents 1 | fl TimeCreated, Message
$eventmessagetstring = $EventMessage | Out-String
$EventMessageAccountNameText3array = $EventMessagetstring | Select-String -Pattern “Account Name:\s+\S+” -AllMatches | Select -ExpandProperty matches | Select -ExpandProperty value
$EventMessageAccountNameText3 = $EventMessageAccountNameText3array[-1]
$EventMessageAccountNameText = $EventMessagetstring | Select-String -Pattern “Failure Reason:\s+\S+\s+\S+\s+\S+\s+\S+\s+\S+\s+\S+” -AllMatches | Select -ExpandProperty matches | Select -ExpandProperty value
$EventMessageAccountNameText2 = $EventMessagetstring | Select-String -Pattern “Source Network Address:\s+\S+” -AllMatches | Select -ExpandProperty matches | Select -ExpandProperty value

$EmailTo = “”
$EmailFrom = “”
$Subject = “OWA attack from $EventMessageAccountNameText2”
$Body = “Owa attack from: `n $EventMessageAccountNameText2 `n $EventMessageAccountNameText3 `n $EventMessageAccountNameText”
$SMTPServer = “IPOfYourSMTPServer”
$SMTPMessage = New-Object System.Net.Mail.MailMessage($EmailFrom,$EmailTo,$Subject,$Body)
$SMTPClient = New-Object Net.Mail.SmtpClient($SmtpServer, 25)

So in task properties we should choose:
In Add arguments (optional) field we should add:

-ExecutionPolicy ByPass -File X:\PathToScript\OwaAttack.ps1

So if everything is correct – next time someone fail to enter correct password or an attack on OWA is performed you will get an e-mail like this:


Getting ASP.NET – C# running a System center Orchestartor 2012 Runbook and survive :)

I wanted to create ASP.NET webpage with three simple fields name, surname and mobile and I wanted Orchestrator behind to create Exchange 2010 mailbox on my Exchange server…
My friends helped me out by giving me suggestions and help – I want to share this knowledge with you now…

What we have:
Exchange 2010 server on one server
SC 2012 – Orchestrator – on different server – with Exchange 2010 console instaled + SP2 applied

My friend Saso created a ps1 script that creates user in Exchange 2010 (with address book policy, active sync policy…) that I use on Exchange 2010 server by inserting a line of comma separated values name,surname,password.

I wanted this script to be run from Orchestrator server – so first thing you need to do if you want to run PS script against Exchange 2010 server you need to install Exchange 2010 console on Orchestartor! Hey! You need to install also SP2 if you want full functionality of Exchange Powershell Snapin!

You can not run Exchange Snapin and powershell scripts directly – Jure has more info how you can do it in Orchestrator

When this thing worked (I forgot SP2 for Exchange 2010 on Orchestrator and I lost 2 hours to figure it out! 🙂 ) I have started to write code for my website where I want to trigger my runbook with parameters…

I have fist set input parameters in my Runbook…

After that I have folowed this article to create costum class file (search for part Creating the custom interface).

So I created (name it however you want in a previous step) and imported it in my Visual Studio evironment…

You need to place it:

You should comment this line to get it work in your project…

and finaly you can go to your project and start coding…

1. Put the URL of your Orch web service
2. Enter credentials
3. Define the name of your runbook
4. runbookpars [X] – X is ID of the input parameter in rubook

and finaly you should be able to run your script…

I find System center Orchestator 2012 as fantastic product that can realy help you automate your IT processes…

So guys let’s automate! 🙂

Help: – thanks to Damien – thanks to Jure
voodoo C# help – thanks to Miha

SBS 2011 – Import PST in Exhange 2011

To enable import and export of mailboxes on SBS 2011 you need to:

Go to Windows SBS console and create a security group – that shuld be universal (by default) for example: Mailbox management

Add administrator / admin account to the group

Then you need to enable “import / export” feature on members of this group. To do that you need to open Exchange Management Shell (Powershell with Exchange 2010 modules) as administrator and write:

New-ManagementRoleAssignment -Name “Import Export Mailbox Admins” -SecurityGroup “Mailbox management” -Role “Mailbox Import Export”

After that you can folow my article to import or export mailboxes

Happy migration :) Exchange 2003 to Exchange 2010 SP1

We have setup a completely new environment with Exchange 2010 SP1… Old Exchange 2003 had around 100 mailboxes with quota from 300 MB – 1GB. I used Exmerge to export all mailboxes from Exchange 2003 (using ExMerge to extract PSTs from Exchange 2003 database) and sucessfuly used new Powershell cmdlets to import them to users in Exchange 2010…

You first need to add permissions to a group in which you put administrator to be able to use import / export features. You can read about that in this article.

Useful comdlets are:

Importing pst to existing mailbox:

New-MailboxImportRequest -FilePath \oldservershareuser1.pst -Mailbox user1

To check status of your import type:

Get-MailboxImportRequest | Get-MailboxImportRequestStatistics

If import fails you can try with option:

New-MailboxImportRequest -FilePath \oldservershareuser1.pst -Mailbox user1 -BadItemLimit 10

What it does? Saso (tnx man!) explained to me, that it might happen when you have used some antivirus solution that has “corrupted” some e-mails… So try with BadItemLimit 10 probably we are talking about one or two e-mails with problems.

If you want to remove old importrequest you can use:

Remove-MailboxImportRequest -Identity usernameMailboxImport or MailboxImport1 or 2…If you want to look at just a signle mailbox import progress you can use modified cmdlet:

Get-MailboxImportRequest -Identity usernamemailboximport | Get-MailboxImportRequestStatistics

At the end you will have alot of Completed malilboximport’s… If you want to cleane up your exchange you can run:

Get-MailboxImportRequest -Status Completed | Remove-MailboxImportRequest

Happy importing! 🙂

SBS 2008 / Exchange 2007 and TLS…

Everyone that has ever installed SBS 2008 has encountered the wizard that create certificate and remote workplace – by default called (yes, you can chose other prefixes but let say that I like remote becouse it is easy to remember for my users…).
SBS wizards generates a certificate for this hostname and uses it for all services (Outlook web access, Active Sync stuff and also for SMTP receive and send connectors…).
The problem is when you want to rename your SMTP receive and send connectors to match the records in DNS. It is a best practice to have same SMTP greetings as the records in DNS so for example if you have a domain and you have an host record A called and MX record pointed to it is correct and I suggest you to folow this rule to have SMTP greeting or fqdn for SMTP connectors to match

You can rename your connectors however you want by using Exchange management console but you will lose functionality of TLS in SMTP traffic – becouse the certificate does not match fqdn or smtp greeting of a connector that advertise You will also get an error in Event log saying:

Microsoft Exchange could not find a certificate that contains the domain name in the personal store on the local computer…

 Ok, what can we do now?

Well turn on Exchange Management Shell – that is Powershell with modules for Exchange 2007 management – you can find it in star menu… And first of all we want to see current Exchange certificates that are enabled for Exchange services by using cmdlet:

[PS] C:WindowsSystem32>Get-ExchangeCertificate 

and you wil receive something like this:

Thumbprint                                Services   Subject
———-                                ——–   ——-
42F146B12BEF918A6A8FC730F5AA87AC4ACB1CEB  IP..S
817F1311CB72FB70F962EC0FAD2D8FA857F114A4  ….S
4BAAC7906689AFF0129767CF492AAE058B5DF494  ….S      CN=Sites
8F1D9C5FEB6EF0C39F25175AFBDEA54FE9668EF9  …..      CN=xxxxxx-xxxxxxxx-CA
8E4F33523325500F38ECF41FCDFBBE684AFC6145  …..      CN=WMSvc-WIN-K7KGUV5MQ40
Now we should create a new certificate that we will use for SMTP connectors by using cmdlet:
New-ExchangeCertificate -domainname -PrivateKeyExportable:1
Warning! When you are asked if you want to overwrite certificates chose No!
Overwrite existing default SMTP certificate,
’45EEEB44DF4BFE2EB1B7A7592EA1DF5BF93F44B4′ (expires 14.1.2012 22:37:04), with
certificate ’59D62E7850EE4093AFF1EC73E2623D52058C2B35′ (expires 27.1.2015
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help
(default is “Y”): N
so we get output:
Thumbprint                                Services   Subject
———-                                ——–   ——-
59D62E7850EE4093AFF1EC73E2623D52058C2B35  …..
Great!  If we want to be shure that everything is working correctly and that Exchange SMTP service is using our new certificate we can use cmdlet:

[PS] C:WindowsSystem32>Get-ExchangeCertificate 

[PS] C:WindowsSystem32>

Thumbprint                                Services   Subject
———-                                ——–   ——-
59D62E7850EE4093AFF1EC73E2623D52058C2B35  ….S
42F146B12BEF918A6A8FC730F5AA87AC4ACB1CEB  IP..S
817F1311CB72FB70F962EC0FAD2D8FA857F114A4  ….S
4BAAC7906689AFF0129767CF492AAE058B5DF494  ….S      CN=Sites
8F1D9C5FEB6EF0C39F25175AFBDEA54FE9668EF9  …..      CN=xxxxxxxxxxx-xxxxxxxxxxxx01-CA
8E4F33523325500F38ECF41FCDFBBE684AFC6145  …..      CN=WMSvc-WIN-K7KGUV5MQ40
We can now see that SMTP connectors are using all certificates (S defnies SMTP service).
Ok… How can you test that TLS works?
You can try it by using telnet client and connect to your server:
telnet 25
Exchange should respond something like:
220 Microsoft ESMTP MAIL Service ready at Wed, 27 Jan 2010 17:
12:09 +0100
then you can write:
220 Microsoft ESMTP MAIL Service ready at Wed, 27 Jan 2010 17:
13:07 +0100
250 Hello []
after that enter command:


server should respond:

220 2.0.0 SMTP server ready
Server ready? Super! 🙂
If you did miss something you will receive error from server saying:
500 5.3.3 Unrecognized command
If you get that? Read this tutorial again 🙂
PS. PS. You do not need to restart anything when you apply this commands… No need for restarting Exchange services…
Special thanks to Saso Erdeljanov for some hints about this issue…

Exchange 2007 / 2010 – remove headers

If you are using Windows server 2008 SBS or Exchange 2007 or Exchange 2010 you send with your e-mail also mail headers that (I think) you would not like to “share” with external world:

Received: from ( by
 ( with Microsoft SMTP Server (TLS) id; Wed, 19 May
 2010 13:08:47 +0200
Received: from SRVEXCH01.domain.local ([]) by SRVEXCH01.domain.local
 ([]) with mapi; Wed, 19 May 2010 13:08:02 +0200
From: xxxxx xxxxx xxxxx@xxxxx
To: =?iso-8859-2?Q?xxxxx_xxxxx=E6_=28xxxxx=xxxxx=2Exxxxx=29?=
Return-Receipt-To: xxxxx@xxxxx
Date: Wed, 19 May 2010 13:08:00 +0200
Subject: xxxxx
Thread-Topic: xxxxx
Thread-Index: Acr3Q4r6dSBNnU37R9ypBLYy8PMzcA==
Message-ID: <13204AAD07BCDD4EB69C3367FF1783A9124C065BB2@SRVEXCH01.domain.local>
Accept-Language: sl-SI
Content-Language: en-US
acceptlanguage: sl-SI
Content-Type: multipart/alternative;
MIME-Version: 1.0
Return-Path: xxxxx@xxxxx
X-MS-Exchange-Organization-SenderIdResult: Pass
Received-SPF: Pass (xxxxx.xxxxx.xxxxx: domain of xxxxx@xxxxx
 designates as permitted sender) receiver=xxxxx.xxxxx.local;;;
X-MS-Exchange-Organization-SCL: 1
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-Antispam-Report: DV:3.3.8917.498;SV:3.3.8919.449;SID:SenderIDStatus Pass;

If you want to remove this stuff we need to create a Hub Transport Rule:
Open Microsoft Exchange Console
Navigate to:
Microsoft Exchange Organization Configuration Hub Transport Transport Rules

Right Click and select New Transport Rule and name it “Remove headers” click Next,

chose From users inside or outside the organization and select Inside click Next,chose Remove header and as message header just write: Received twice click Next…


You are done… Headers will not be sent any more to users outside the organization…

Luka (under influence of wonderful NT Konferenca 2010)

Blacklist providers to trust II

Almost two years ago I have posted a comment regarding Blacklist providers that I use and I trust… Well I would like to update this post by adding or commenting that now I use only two providers that sucessfuly eliminate or reduce spam that is coming to my mail servers …

I currently use: provided by
 provided by

As you should decide to use or not to use blocklist providers on your mail servers I am adding interesting article from august 2009 to better understand how this providers work:

I wish you luck in fighting spam! 🙂