I recently migrated our organization to Exchange 2007 from 2003. I must say, the documentation from Microsoft was fairly well laid out and it seemed to be a straightforward migration, but alas, with many things from Microsoft, it was not to be.
Everything went really well for us until it was time to remove the last Exchange 2003 server from the organization.
The first sticking point was, for some reason or another, ten out of my forty or so public folders failed to replicate correctly/completely, even after I had issued the 'Move All Public Folders' command from ESM and ran the EMS script to move the public folders. To this day I do not know if it was some corrupted items within the folder or some other anomoly, but this is how I managed to get them moved.
My first step after monitoring the event viewers for several days full of frustration and hair pulling, I broke down and called Microsoft. This was a great use of time and money (oh, look at the puddles of sarcasm all around). Truthfully, more times than not, when I call Microsoft, what I receive as help is exactly what I have already tried. Really, do these support techs and more to the point, the support management, think we,as IT professionals, do not know how to search the internet for solutions to our problems before we call a support number. I personally despise calling support numbers because the techs you are normally able to talk to are just screen readers and do not have any real troubleshooting skills.
Anyway, that was my rant for today.
Once I realized the support person was not going to help that much, I started thinking of ways around my problem. I then realized, my users we all on 2007, and all of my mailbox stores were pointed to the 2007 Public Folders. The only reason for the existence of 2003 was the public folder referrals I was encountering because of the hung public folder instances. For the solution to this problem, I clicked and dragged the folder in question to basically make a copy of that folder, just like in Windows, I ended up with the same folder name with a number after it, i.e. Stuff & Stuff1. Since my mailstores were pointed to the new Public Folders store, the copy I just made instantly went into the 2007 Public Folders store. All I had to do next was delete the old public folder and rename the new one (remove the number from the end), and voila... problem solved.
The last piece of the problem came when I tried to uninstall the last Exchange 2003 server from the domain. The uninstaller was complaining that I couldn't do this until all users were moved to another mail store. I double checked all mailbox stores and had no users (other than the system mailbox) in the stores. I looked up to the sky and screamed to the gods of Microsoft, why oh why do you make my life hell. But that's why we do it, because it's interesting and a challenge, not really, but whatever makes you sleep at night. So, there I was.... again. The solution was so simple that it almost evaded me.
The first part of the solution is as follows:
On your Excahnge 2003 server open ADUC, right-click your domain, and click find. Now click on the Exchange tab and select'Show only Exchange recipients' and click Find Now. If you have not already done so, show the column for Exchange Home Server by addig it to your list under View-> Choose Columns. Sort your results by the Home Server and note all users that show up on the server you are trying to remove and verify that these users either do not have a mailbox or have been moved to another server.
Part two involves using ADSI Edit. If you have not used this tool before, I strongly advise against using in a production environment. Load up a test DC and play around a bit first because you can really mess up your environment if you delete the wrong thing.
Launch ADSI Edit and Expand Domain NC. Locate the objects you took note of earlier and look at their properties. Navigate to the msExchHomeServerName and click edit. Now click clear and OK. This will remove the home server attribute from the user(s) in question.
Once those issues were resolved, the last Exchange 2003 server un-installed without a problem.
Friday, March 6, 2009
Thursday, March 5, 2009
Exchange 2007 Full Mailbox Access Rights
With PowerShell becoming more prevalent and in Exchange 2007, unavoidable, it was time for me to start using it for a change. There are many sites on the Internet that have a plethora of great examples and starting points. One I never found for Exchange that I finally did a trial and error on was how to give a user Full Mailbox Access to all mailboxes in the organization. As with PowerShell, one liners are great (for those who are new to PowerShell, a one liner is a single line of code that accomplishes many things). My one liner for Full Mailbox Access is below:
Get-Mailbox ¦ Add-MailboxPermission -AccessRights FullAccess -user 'user principle name'
In the above one-liner, it breaks down like this.
Get-Mailbox - This gets all mailboxes within your Exchange organization
Add-MailboxPermission - The mailbox acquired in the Get-Mailbox is piped to this command. The switches used are easy to follow.
The -AccessRights switch determines what rights you will give the user specified, options for this switch are: FullAccess, SendAs, ExternalAccount, DeleteItem, ReadPermission, ChangePermission, and ChangeOwner.
The -User switch just allows you to specify which user you wish to add the permission for.
This should make is easier for those who are not indoctrinated into Exchange 2007 to regain some measure of normality that you had while managing Exchange 2000/2003 or even 5.5.
Get-Mailbox ¦ Add-MailboxPermission -AccessRights FullAccess -user 'user principle name'
In the above one-liner, it breaks down like this.
Get-Mailbox - This gets all mailboxes within your Exchange organization
Add-MailboxPermission - The mailbox acquired in the Get-Mailbox is piped to this command. The switches used are easy to follow.
The -AccessRights switch determines what rights you will give the user specified, options for this switch are: FullAccess, SendAs, ExternalAccount, DeleteItem, ReadPermission, ChangePermission, and ChangeOwner.
The -User switch just allows you to specify which user you wish to add the permission for.
This should make is easier for those who are not indoctrinated into Exchange 2007 to regain some measure of normality that you had while managing Exchange 2000/2003 or even 5.5.
Subscribe to:
Comments (Atom)