Difference between revisions of "Powershell Commands"
(→Users and Mailbox Items) |
(→Install IIS) |
||
| (32 intermediate revisions by one user not shown) | |||
| Line 1: | Line 1: | ||
| − | There are | + | There are multiple command lines now. |
*The original command line DOS prompt | *The original command line DOS prompt | ||
*Powershell | *Powershell | ||
*Exchange Management Shell (EMS) | *Exchange Management Shell (EMS) | ||
| + | *SharePoint Online Management Shell | ||
Most of these will be used in the EMS as part of Exchange 2013. | Most of these will be used in the EMS as part of Exchange 2013. | ||
| + | |||
| + | ==Install IIS== | ||
| + | You can install IIS on a server with the following cmdlets: | ||
| + | Import-Module ServerManager | ||
| + | Add-WindowsFeature -Name Web-Server -IncludeManagementTools | ||
| + | Add-WindowsFeature -Name Web-ISAPI-Ext | ||
| + | Add-WindowsFeature -Name Web-ISAPI-Filter | ||
| + | |||
| + | If IIS is already installed, this will tell you that, and is safe to use. | ||
| + | |||
| + | ==Connect to Remote Exchange server== | ||
| + | To connect remotely [https://technet.microsoft.com/en-us/library/dd335083%28v=exchg.160%29.aspx], (change FQDN to your exchange server): | ||
| + | $UserCredential = Get-Credential | ||
| + | $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://<FQDN of Exchange 2016 Mailbox server>/PowerShell/ -Authentication Kerberos -Credential $UserCredential | ||
| + | Import-PSSession $Session | ||
| + | To disconnect: | ||
| + | Remove-PSSession $Session | ||
| + | |||
| + | ==Change Execution Policy== | ||
| + | You may have to change the Execution Policy to get a script to run. The following command will allow execution for the current process. | ||
| + | |||
<code> | <code> | ||
| + | Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process | ||
| + | </code> | ||
| + | ==Check PowerShell Version== | ||
| + | You may need to detemine the PowerShell version. | ||
| + | |||
| + | <code> | ||
| + | $PSVersionTable.PSVersion | ||
</code> | </code> | ||
| + | |||
| + | ==Training== | ||
| + | MS Script Center [https://technet.microsoft.com/en-us/scriptcenter/dd742419.aspx] | ||
| + | |||
| + | ==Office365== | ||
| + | Connect to Exchange Online using remote PowerShell [https://technet.microsoft.com/library/jj984289%28v=exchg.160%29.aspx] | ||
| + | |||
| + | You can use the following versions of Windows: | ||
| + | * Windows 8 or Windows 8.1 | ||
| + | * Windows Server 2012 or Windows Server 2012 R2 | ||
| + | * Windows 7 Service Pack 1 (SP1)* | ||
| + | * Windows Server 2008 R2 SP1* | ||
| + | * You need to install the Microsoft .NET Framework 4.5 or 4.5.1 and then either the Windows Management Framework 3.0 or the Windows Management Framework 4.0. For more information, see Installing the .NET Framework 4.5, 4.5.1 and Windows Management Framework 3.0 or Windows Management Framework 4.0. | ||
| + | |||
| + | To connect: | ||
| + | |||
| + | <code> | ||
| + | $UserCredential = Get-Credential | ||
| + | </code> | ||
| + | |||
| + | <code> | ||
| + | $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection | ||
| + | </code> | ||
| + | |||
| + | <code> | ||
| + | Import-PSSession $Session | ||
| + | </code> | ||
| + | |||
| + | To disconnect: | ||
| + | |||
| + | <code> | ||
| + | Remove-PSSession $Session | ||
| + | </code> | ||
| + | |||
| + | Manage inactive mailboxes in Exchange Online | ||
| + | [https://technet.microsoft.com/en-us/library/dn144876%28v=exchg.150%29.aspx] | ||
| + | |||
| + | ==General guides== | ||
| + | Server health, monitoring, and performance cmdlets [https://technet.microsoft.com/en-us/library/jj150524%28v=exchg.150%29.aspx] | ||
| + | |||
| + | Ask the Perf Guy: Sizing Exchange 2013 Deployments [http://blogs.technet.com/b/exchange/archive/2013/05/06/ask-the-perf-guy-sizing-exchange-2013-deployments.aspx] | ||
| + | |||
| + | Exchange 2013 Performance Counters [https://technet.microsoft.com/en-us/library/dn904093%28v=exchg.150%29.aspx] | ||
==Basic Authentication== | ==Basic Authentication== | ||
| Line 16: | Line 88: | ||
<code> | <code> | ||
| − | Get-WebServicesVirtualDirectory | ft server,basicauthentication | + | Get-WebServicesVirtualDirectory | ft server,basicauthentication |
</code> | </code> | ||
| Line 22: | Line 94: | ||
<code> | <code> | ||
| − | Set-WebServicesVirtualDirectory -Identity "EWS (Default Web Site)" -BasicAuthentication $true | + | Set-WebServicesVirtualDirectory -Identity "EWS (Default Web Site)" -BasicAuthentication $true |
</code> | </code> | ||
| Line 29: | Line 101: | ||
<code> | <code> | ||
| − | Get-AutoDiscoverVirtualDirectory | ft server,basicauthentication | + | Get-AutoDiscoverVirtualDirectory | ft server,basicauthentication |
</code> | </code> | ||
| Line 35: | Line 107: | ||
<code> | <code> | ||
| − | Set-AutodiscoverVirtualDirectory -Identity 'autodiscover (Default Web Site)' -BasicAuthentication $true | + | Set-AutodiscoverVirtualDirectory -Identity 'autodiscover (Default Web Site)' -BasicAuthentication $true |
</code> | </code> | ||
==ApplicationImpersonation user== | ==ApplicationImpersonation user== | ||
| − | |||
How to check the status of the Exchange Impersonation User [http://support.gwava.com/kb/?View=entry&EntryID=2362] | How to check the status of the Exchange Impersonation User [http://support.gwava.com/kb/?View=entry&EntryID=2362] | ||
| − | ==IIS== | + | The [impersonationUserName] is the impersonation user Retain uses to access Exchange mailboxes. |
| − | To restart IIS from Powershell: | + | |
| + | To check the impersonation account, run this command in Exchange Management Shell: | ||
| + | |||
| + | Get-ManagementRoleAssignment -RoleAssignee "[impersonationUserName]" -Role ApplicationImpersonation -RoleAssigneeType user | ||
| + | |||
| + | If the command line returns without any output then the user does not have rights. | ||
| + | |||
| + | To get a list of all the rights the impersonation account has: | ||
| + | |||
| + | Get-ManagementRoleAssignment -RoleAssignee "[impersonationUserName]" | ||
| + | |||
| + | To remove ApplicationImpersonation rights from a user you can use this command. | ||
| + | |||
| + | Get-ManagementRoleAssignment -RoleAssignee "[impersonationUserName]" -Role ApplicationImpersonation -RoleAssigneeType user | Remove-ManagementRoleAssignment | ||
| + | |||
| + | If you wish to create a new Impersonation Account user. Create a new user in Exchange and run the PowerShell script : | ||
| + | Give the Role a name [ImpersonationAssignmentName] | ||
| + | |||
| + | New-ManagementRoleAssignment –Name [ImpersonationAssignmentName] –Role ApplicationImpersonation –User "[impersonationUserName]" | ||
| + | |||
| + | Note: The Impersonation User cannot have Administrator rights. That is a MS built-in security measure. | ||
| + | |||
| + | ==Throttling Policy== | ||
| + | Exchange Throttling Policy and Bandwidth/Performance (2013) [http://support.gwava.com/kb/?View=entry&EntryID=2343] | ||
| + | How to remove throttling from the ApplicationImpersonation user. [http://support.gwava.com/kb/?View=entry&EntryID=2343] [https://msdn.microsoft.com/en-us/library/office/jj945066%28v=exchg.150%29.aspx] | ||
| + | |||
| + | New-ThrottlingPolicy [give it a policy name of your choosing] | ||
| + | |||
| + | Set-ThrottlingPolicy [policy name from step "a"] -RCAMaxConcurrency Unlimited -EWSMaxConcurrency Unlimited -EWSMaxSubscriptions Unlimited -CPAMaxConcurrency Unlimited -EwsCutoffBalance Unlimited -EwsMaxBurst Unlimited -EwsRechargeRate Unlimited | ||
| + | |||
| + | Set-Mailbox [Retain impersonation user account] -ThrottlingPolicy [policy name from step "a"] | ||
| + | |||
| + | To check the policy run the command: | ||
| + | |||
| + | Get-ThrottlingPolicy -Identity [policy name from step "a"] | Format-List | ||
| + | |||
| + | In very rare cases, you may have to change the policy company-wide to improve Retain job performance, this is not recommended as it can overload the Exchange server(s). For example, Monday mornings everyone logs in and downloads their weekend mail at about the same time. This creates an Organization-wide throttling policy named GwavaUnlimited. | ||
| + | |||
| + | Set-ThrottlingPolicy ''GwavaUnlimited'' -ThrottlingPolicyScope Organization | ||
| + | |||
| + | ==Control IIS== | ||
| + | To stop, start or restart IIS from Powershell: | ||
<code> | <code> | ||
| − | IISRESET | + | IISRESET /start|/stop|/restart |
| + | </code> | ||
| + | |||
| + | ==Server Health== | ||
| + | You can get a quick overview of the server's health with Get-ServerHealth [https://technet.microsoft.com/en-us/library/jj218703%28v=exchg.150%29.aspx] to sort it so it is a little more useful you can use this script which puts the Unhealthy and Disabled items at the bottom. | ||
| + | |||
| + | <code> | ||
| + | Get-ServerHealth -Identity server1 | Sort-Object AlertValue | ft Name, AlertValue | ||
</code> | </code> | ||
| Line 54: | Line 173: | ||
<code> | <code> | ||
| − | Get-Mailbox | Get-MailboxStatistics | + | Get-Mailbox | Get-MailboxStatistics |
</code> | </code> | ||
| Line 60: | Line 179: | ||
<code> | <code> | ||
| − | Get-Mailbox | Get-MailboxStatistics | FL > c:\stats.txt | + | Get-Mailbox | Get-MailboxStatistics | FL > c:\stats.txt |
</code> | </code> | ||
| Line 66: | Line 185: | ||
<code> | <code> | ||
| − | Get-Mailbox -ResultSize Unlimited | Get-MailboxStatistics | Sort-Object TotalItemSize -Descending | Select-Object DisplayName,TotalItemSize -First 30 | + | Get-Mailbox -ResultSize Unlimited | Get-MailboxStatistics | Sort-Object TotalItemSize -Descending | Select-Object DisplayName,TotalItemSize -First 30 |
</code> | </code> | ||
| Line 72: | Line 191: | ||
<code> | <code> | ||
| − | Get-MailboxFolderStatistics [userName] | Select Name,FolderSize,ItemsinFolder | + | Get-MailboxFolderStatistics [userName] | Select Name,FolderSize,ItemsinFolder |
</code> | </code> | ||
| Line 84: | Line 203: | ||
<code> | <code> | ||
| − | Get-Mailbox | Get-MailboxStatistics | Select DisplayName,@{N="Total Item Size (MB)";E={$_.TotalItemSize.value.tomb()}},@{N="Total Deleted Item Size (MB)";E={$_.TotalDeletedItemSize.value.tomb()}},@{N="IssueWarningQuota (MB)";E={(Get-Mailbox $_).IssueWarningQuota.Value.toMB()}},@{N="ProhibitSendQuota (MB)";E={(Get-Mailbox $_).prohibitsendquota.Value.ToMB()}} | export-csv "c:\export\exchangecsv.csv" -NoTypeInformation | + | Get-Mailbox | Get-MailboxStatistics | Select DisplayName,@{N="Total Item Size (MB)";E={$_.TotalItemSize.value.tomb()}},@{N="Total Deleted Item Size (MB)";E={$_.TotalDeletedItemSize.value.tomb()}},@{N="IssueWarningQuota (MB)";E={(Get-Mailbox $_).IssueWarningQuota.Value.toMB()}},@{N="ProhibitSendQuota (MB)";E={(Get-Mailbox $_).prohibitsendquota.Value.ToMB()}} | export-csv "c:\export\exchangecsv.csv" -NoTypeInformation |
</code> | </code> | ||
| Line 90: | Line 209: | ||
<code> | <code> | ||
| − | Get-MailboxFolderStatistics -Identity [userName] | + | Get-MailboxFolderStatistics -Identity [userName] |
</code> | </code> | ||
| − | + | To get data on the Monitoring mailboxes (HealthMailbox) | |
| − | + | ||
| − | + | ||
<code> | <code> | ||
| − | Get- | + | Get-Mailbox -Monitoring | Get-MailboxStatistics |
</code> | </code> | ||
| − | + | ==Remote powershell== | |
| − | + | How to connect to a remote Exchange server called ams-exch01.contoso.com [http://jaapwesselius.com/2013/07/21/ise-remote-powershell-and-exchange-2013/] | |
| − | == | + | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
<code> | <code> | ||
| − | + | $Session = New-PSSession –ConfigurationName Microsoft.Exchange –ConnectionUri http://ams-exch01.contoso.com/PowerShell -Authentication Kerberos | |
| − | + | ||
| − | $Session = New-PSSession | + | |
| − | + | ||
Import-PSSession $Session | Import-PSSession $Session | ||
</code> | </code> | ||
| − | + | ==Queues== | |
| + | An Exchange server can become bogged down if the queues cannot clear. [https://technet.microsoft.com/en-us/library/bb123535%28v=exchg.150%29.aspx] You can see the queue status with: | ||
<code> | <code> | ||
| − | + | Get-Queue | |
</code> | </code> | ||
| − | + | If there are thousands of messages (e.g. in \Unreachable) and they are not clearing then there is an issue. You can open Exchange Toolbox and in Queue Viewer delete messages. If that is not successful then you need to restart the Microsoft Exchange Edge Transport, Microsoft Exchange Mailbox Transport Delivery and/or SMTP services. | |
| − | + | ||
==Global Catalog== | ==Global Catalog== | ||
| Line 135: | Line 238: | ||
<code> | <code> | ||
| − | Get-ADDomainController -Discover -Service "GlobalCatalog" | + | Get-ADDomainController -Discover -Service "GlobalCatalog" |
</code> | </code> | ||
==Retention== | ==Retention== | ||
| − | Set Retention of Deleted Items | + | Set Retention of Deleted Items to 30 days (default 14). |
<code> | <code> | ||
| − | Get-MailboxDatabase | Set-MailboxDatabase -DeletedItemRetention 30 | + | Get-MailboxDatabase | Set-MailboxDatabase -DeletedItemRetention 30 |
</code> | </code> | ||
| Line 149: | Line 252: | ||
<code> | <code> | ||
| − | Get-ADOrganizationalUnit -Filter 'Name -like "*"' | FT Name, DistinguishedName -A | + | Get-ADOrganizationalUnit -Filter 'Name -like "*"' | FT Name, DistinguishedName -A |
</code> | </code> | ||
| Line 158: | Line 261: | ||
<code> | <code> | ||
| − | New-MailboxRepairRequest -Mailbox [username] -CorruptionType FolderView | + | New-MailboxRepairRequest -Mailbox [username] -CorruptionType FolderView |
</code> | </code> | ||
| Line 164: | Line 267: | ||
<code> | <code> | ||
| − | New-MailboxRepairRequest -Database [MailboxDatabaseName] -CorruptionType AggregateCounts | + | New-MailboxRepairRequest -Database [MailboxDatabaseName] -CorruptionType AggregateCounts |
</code> | </code> | ||
| Line 170: | Line 273: | ||
[https://technet.microsoft.com/en-us/library/dn440164%28v=exchg.150%29.aspx] | [https://technet.microsoft.com/en-us/library/dn440164%28v=exchg.150%29.aspx] | ||
| − | == | + | ==SCP== |
| − | + | You can find your SCP record(s) in AD DS. However, you can also run the Get-ClientAccessServer cmdlet in an Exchange Management Shell by typing: | |
| + | Get-ClientAccessServer | fl | ||
| + | |||
| + | ==See Connected Users== | ||
| + | To see the number of Active users | ||
| + | |||
| + | <code> | ||
| + | Get-Counter "\MSExchange RpcClientAccess\User Count" -ComputerName [ServerName] | ||
| + | </code> | ||
| + | |||
| + | To see the number of Current Unique Users | ||
| + | |||
| + | <code> | ||
| + | Get-Counter "\MSExchange OWA\Current Unique Users" -ComputerName [ServerName] | ||
| + | </code> | ||
| + | |||
| + | ==SharePoint Scripts== | ||
| + | Add rights to archive Office365 SharePoint Online/OneDrive attachments [http://support.gwava.com/kb/?View=entry&EntryID=2674] references this script | ||
| + | [http://sharepointjack.com/2015/add-a-person-as-a-site-collection-administrator-to-every-office-365-site-sharepoint-online-site-collection/] | ||
| + | |||
| + | ==Holds== | ||
| + | You will first have to set up a distribution list, for example All_Mailboxes, that contains all mailboxes. It will be best to create a policy to add new users to this distribution list by default. | ||
| + | |||
| + | You can set up a hold in the EAC or in the Exchange Management Shell: | ||
| + | |||
| + | An In-Place Hold can be set up for all mailboxes for 90 days: | ||
| + | |||
| + | New-MailboxSearch "Retain90DayHold" -ItemHoldPeriod 90 -InPlaceHoldEnabled $true -SourceMailboxes All_Mailboxes | ||
| + | |||
| + | It will take time for the hold to take effect. You can detemine how many mailboxes were placed under hold with the script: | ||
| + | |||
| + | ((Get-Mailbox).InPlaceHolds).Count | ||
| + | |||
| + | Alternatively you can use a Litigation Hold for just user mailboxes: | ||
| + | |||
| + | Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox"} | Set-Mailbox -LitigationHoldEnabled $true -LitigationHoldDuration 90 | ||
| + | |||
| + | For Exchange 2010 systems you can use Single Item Recovery, but it is limited to a maximum of 30 day and sets to 14 days by default. This script enables it for all mailboxes: | ||
| + | |||
| + | Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox')} | Set-Mailbox -SingleItemRecoveryEnabled $true | ||
Latest revision as of 14:40, 24 October 2018
There are multiple command lines now.
- The original command line DOS prompt
- Powershell
- Exchange Management Shell (EMS)
- SharePoint Online Management Shell
Most of these will be used in the EMS as part of Exchange 2013.
[edit] Install IIS
You can install IIS on a server with the following cmdlets:
Import-Module ServerManager Add-WindowsFeature -Name Web-Server -IncludeManagementTools Add-WindowsFeature -Name Web-ISAPI-Ext Add-WindowsFeature -Name Web-ISAPI-Filter
If IIS is already installed, this will tell you that, and is safe to use.
[edit] Connect to Remote Exchange server
To connect remotely [1], (change FQDN to your exchange server):
$UserCredential = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://<FQDN of Exchange 2016 Mailbox server>/PowerShell/ -Authentication Kerberos -Credential $UserCredential Import-PSSession $Session
To disconnect:
Remove-PSSession $Session
[edit] Change Execution Policy
You may have to change the Execution Policy to get a script to run. The following command will allow execution for the current process.
Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process
[edit] Check PowerShell Version
You may need to detemine the PowerShell version.
$PSVersionTable.PSVersion
[edit] Training
MS Script Center [2]
[edit] Office365
Connect to Exchange Online using remote PowerShell [3]
You can use the following versions of Windows:
- Windows 8 or Windows 8.1
- Windows Server 2012 or Windows Server 2012 R2
- Windows 7 Service Pack 1 (SP1)*
- Windows Server 2008 R2 SP1*
- You need to install the Microsoft .NET Framework 4.5 or 4.5.1 and then either the Windows Management Framework 3.0 or the Windows Management Framework 4.0. For more information, see Installing the .NET Framework 4.5, 4.5.1 and Windows Management Framework 3.0 or Windows Management Framework 4.0.
To connect:
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
To disconnect:
Remove-PSSession $Session
Manage inactive mailboxes in Exchange Online [4]
[edit] General guides
Server health, monitoring, and performance cmdlets [5]
Ask the Perf Guy: Sizing Exchange 2013 Deployments [6]
Exchange 2013 Performance Counters [7]
[edit] Basic Authentication
Retain needs Basic Authentication enabled across the system not just on one CAS.
[edit] EWS
This script shows if Basic Authentication was enabled for EWS.
Get-WebServicesVirtualDirectory | ft server,basicauthentication
To enable Basic Authentication you can use this script if you are a Domain or higher admin and you are using the default web site.
Set-WebServicesVirtualDirectory -Identity "EWS (Default Web Site)" -BasicAuthentication $true
[edit] AutoDiscover
This script shows if Basic Authentication was enabled for AutoDiscover.
Get-AutoDiscoverVirtualDirectory | ft server,basicauthentication
To enable Basic Authentication you can use this script if you are a Domain or higher admin and you are using the default web site.
Set-AutodiscoverVirtualDirectory -Identity 'autodiscover (Default Web Site)' -BasicAuthentication $true
[edit] ApplicationImpersonation user
How to check the status of the Exchange Impersonation User [8]
The [impersonationUserName] is the impersonation user Retain uses to access Exchange mailboxes.
To check the impersonation account, run this command in Exchange Management Shell:
Get-ManagementRoleAssignment -RoleAssignee "[impersonationUserName]" -Role ApplicationImpersonation -RoleAssigneeType user
If the command line returns without any output then the user does not have rights.
To get a list of all the rights the impersonation account has:
Get-ManagementRoleAssignment -RoleAssignee "[impersonationUserName]"
To remove ApplicationImpersonation rights from a user you can use this command.
Get-ManagementRoleAssignment -RoleAssignee "[impersonationUserName]" -Role ApplicationImpersonation -RoleAssigneeType user | Remove-ManagementRoleAssignment
If you wish to create a new Impersonation Account user. Create a new user in Exchange and run the PowerShell script : Give the Role a name [ImpersonationAssignmentName]
New-ManagementRoleAssignment –Name [ImpersonationAssignmentName] –Role ApplicationImpersonation –User "[impersonationUserName]"
Note: The Impersonation User cannot have Administrator rights. That is a MS built-in security measure.
[edit] Throttling Policy
Exchange Throttling Policy and Bandwidth/Performance (2013) [9] How to remove throttling from the ApplicationImpersonation user. [10] [11]
New-ThrottlingPolicy [give it a policy name of your choosing]
Set-ThrottlingPolicy [policy name from step "a"] -RCAMaxConcurrency Unlimited -EWSMaxConcurrency Unlimited -EWSMaxSubscriptions Unlimited -CPAMaxConcurrency Unlimited -EwsCutoffBalance Unlimited -EwsMaxBurst Unlimited -EwsRechargeRate Unlimited
Set-Mailbox [Retain impersonation user account] -ThrottlingPolicy [policy name from step "a"]
To check the policy run the command:
Get-ThrottlingPolicy -Identity [policy name from step "a"] | Format-List
In very rare cases, you may have to change the policy company-wide to improve Retain job performance, this is not recommended as it can overload the Exchange server(s). For example, Monday mornings everyone logs in and downloads their weekend mail at about the same time. This creates an Organization-wide throttling policy named GwavaUnlimited.
Set-ThrottlingPolicy GwavaUnlimited -ThrottlingPolicyScope Organization
[edit] Control IIS
To stop, start or restart IIS from Powershell:
IISRESET /start|/stop|/restart
[edit] Server Health
You can get a quick overview of the server's health with Get-ServerHealth [12] to sort it so it is a little more useful you can use this script which puts the Unhealthy and Disabled items at the bottom.
Get-ServerHealth -Identity server1 | Sort-Object AlertValue | ft Name, AlertValue
[edit] Users and Mailbox Items
A quick overview of users and how many items they have in their mailbox, this is the same as if we piped through "| FT" to format as a table.
Get-Mailbox | Get-MailboxStatistics
For more detail you can format as a list by adding "| FL" but it would be best to pipe to a file because it will provide more information then the screen can hold.
Get-Mailbox | Get-MailboxStatistics | FL > c:\stats.txt
This script will get the size of the mailboxes of the first 30 users.
Get-Mailbox -ResultSize Unlimited | Get-MailboxStatistics | Sort-Object TotalItemSize -Descending | Select-Object DisplayName,TotalItemSize -First 30
You can even restrict it to a single user once you know which one is the largest. [13]
Get-MailboxFolderStatistics [userName] | Select Name,FolderSize,ItemsinFolder
You can move items from one folder to another [14]
Creating a Mailbox Folder Growth Map with Powershell, EWS and eDiscovery [15]
Search-Mailbox for eDiscovery [16]
Mailbox size and quota data
Get-Mailbox | Get-MailboxStatistics | Select DisplayName,@{N="Total Item Size (MB)";E={$_.TotalItemSize.value.tomb()}},@{N="Total Deleted Item Size (MB)";E={$_.TotalDeletedItemSize.value.tomb()}},@{N="IssueWarningQuota (MB)";E={(Get-Mailbox $_).IssueWarningQuota.Value.toMB()}},@{N="ProhibitSendQuota (MB)";E={(Get-Mailbox $_).prohibitsendquota.Value.ToMB()}} | export-csv "c:\export\exchangecsv.csv" -NoTypeInformation
Get user folder data [17]
Get-MailboxFolderStatistics -Identity [userName]
To get data on the Monitoring mailboxes (HealthMailbox)
Get-Mailbox -Monitoring | Get-MailboxStatistics
[edit] Remote powershell
How to connect to a remote Exchange server called ams-exch01.contoso.com [18]
$Session = New-PSSession –ConfigurationName Microsoft.Exchange –ConnectionUri http://ams-exch01.contoso.com/PowerShell -Authentication Kerberos
Import-PSSession $Session
[edit] Queues
An Exchange server can become bogged down if the queues cannot clear. [19] You can see the queue status with:
Get-Queue
If there are thousands of messages (e.g. in \Unreachable) and they are not clearing then there is an issue. You can open Exchange Toolbox and in Queue Viewer delete messages. If that is not successful then you need to restart the Microsoft Exchange Edge Transport, Microsoft Exchange Mailbox Transport Delivery and/or SMTP services.
[edit] Global Catalog
Find the Global Catalog host [20]
Get-ADDomainController -Discover -Service "GlobalCatalog"
[edit] Retention
Set Retention of Deleted Items to 30 days (default 14).
Get-MailboxDatabase | Set-MailboxDatabase -DeletedItemRetention 30
[edit] Organizational Units
Get the names of all OUs in the domain.
Get-ADOrganizationalUnit -Filter 'Name -like "*"' | FT Name, DistinguishedName -A
[edit] Repair Mailbox
There are tools to repair Exchange mailboxes [21]
For a specific mailbox
New-MailboxRepairRequest -Mailbox [username] -CorruptionType FolderView
For all mailboxes in a mailbox database
New-MailboxRepairRequest -Database [MailboxDatabaseName] -CorruptionType AggregateCounts
Export eDiscovery search results to a PST file [22]
[edit] SCP
You can find your SCP record(s) in AD DS. However, you can also run the Get-ClientAccessServer cmdlet in an Exchange Management Shell by typing:
Get-ClientAccessServer | fl
[edit] See Connected Users
To see the number of Active users
Get-Counter "\MSExchange RpcClientAccess\User Count" -ComputerName [ServerName]
To see the number of Current Unique Users
Get-Counter "\MSExchange OWA\Current Unique Users" -ComputerName [ServerName]
[edit]
Add rights to archive Office365 SharePoint Online/OneDrive attachments [23] references this script [24]
[edit] Holds
You will first have to set up a distribution list, for example All_Mailboxes, that contains all mailboxes. It will be best to create a policy to add new users to this distribution list by default.
You can set up a hold in the EAC or in the Exchange Management Shell:
An In-Place Hold can be set up for all mailboxes for 90 days:
New-MailboxSearch "Retain90DayHold" -ItemHoldPeriod 90 -InPlaceHoldEnabled $true -SourceMailboxes All_Mailboxes
It will take time for the hold to take effect. You can detemine how many mailboxes were placed under hold with the script:
((Get-Mailbox).InPlaceHolds).Count
Alternatively you can use a Litigation Hold for just user mailboxes:
Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox"} | Set-Mailbox -LitigationHoldEnabled $true -LitigationHoldDuration 90
For Exchange 2010 systems you can use Single Item Recovery, but it is limited to a maximum of 30 day and sets to 14 days by default. This script enables it for all mailboxes:
Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox')} | Set-Mailbox -SingleItemRecoveryEnabled $true
