Monthly Archives: October 2011

E2003–2010 Cross-Forest Public Folder Part2 – Migrating Permission

by

0

 

http://blogs.technet.com/b/exchange/archive/2011/03/28/iorepl-and-exchange-2010-sp1.aspx 

Migrating Permissions

Once the preparation, installation, configuration and testing phases are complete and you are successfully able to replicate public folders and free/busy content between Exchange organizations, the next phase is to export Public folder permissions. In order to do that, we need PFDAVAdmin to export permissions on Exchange 2003 side andExFolders to import permissions on Exchange 2010 side.

Note: It’s important to retain public folder replicas on Exchange Server 2003 until all mailboxes have been migrated to Exchange Server 2010. This is to allow for access to public folders via Exchange 2003 OWA as well as Exchange 2010 Outlook Web App. It’s assumed that you have already followed the steps to move mailboxes cross forest as explained in Exchange 2010 Cross Forest Mailbox Moves.

You can use either the legacyExchangeDN or the account name (Domain\User) while exporting Public Folder permissions using PFDAVAdmin. Since the PrepareMoveRequest script will update the source object’sproxyAddresses to include the target object’s legacyDN as X500 address, it’s straightforward to just use thelegacyExchangeDN. Otherwise, you’ll need to edit the domain name in the exported "Account name" file to match the Exchange 2010 domain.

 

1. Microsoft Exchange Server Public Folder DAV-based Administration Tool
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=22427

clip_image002

Exchange 2010 SP1 ExFolders

  • http://gallery.technet.microsoft.com/Exchange-2010-SP1-ExFolders-e6bfd405
    ExFolders must be run from an Exchange 2010 server – it cannot be run from a workstation as PFDAVAdmin could. It can connect to Exchange 2010 or Exchange 2007, but not older versions.
  • Remove Item-Level Permissions is gone, because there are no item-level permissions in Exchange 2007 or 2010.
  • DACL fix functionality is gone. With no WebDAV and no M: drive, non-canonical DACLs should be practically unheard of.
  • Permissions export format between PFDAVAdmin and ExFolders are compatible.

2.
clip_image004

3.
clip_image005

4.
clip_image006

5.

Microsoft Exchange Server Public Folder DAV-based Administration Tool

Updated   April 4, 2007

The Microsoft® Exchange Server Public Folder Distributed Authoring and Versioning (DAV)-based Administration tool, version 2.8 (PFDAVAdmin 2.8) is an Exchange Server tool that you can use to perform several tasks related to public folder management. Tasks include the following:

· Modify folder permissions on folders in the MAPI tree by using an interface similar to Exchange System Manager (ESM).

· Propagate the addition, replacement, or removal of one or more access control entries (ACEs) in the public folder tree without overwriting the entire access control list (ACL).

· Fix non-canonical (does not follow standards) and otherwise damaged discretionary access control lists (DACLs) on folders in bulk.

· Export and import folder permissions on public folders and mailboxes.

· Export and import replica lists.

· Propagate changes to the replica list in the tree without overwriting.

· Look for and remove item-level permissions in bulk.

· Look for event registrations.

· Exceed the limits imposed by the ESM user interface for values on the Limits tab.

· Display and modify folder properties in bulk.

· Modify folder permissions in bulk selectively on folders by creating filters.

· Modify the permissions of the Calendar folder in bulk.

6.
If you select Public Folders, PFDAVAdmin tries to connect to the public store on the target Exchange server over Secure Sockets Lauer (SSL) port 443 port and to populate the navigation pane with the top-level folders. If this connection fails, PFDAVAdmin retries the connection using port 80 (non-SSL).

7.

System Requirements

PFDAVAdmin 2.8 must be run on a computer that has the following:

· .NET Framework 1.1

clip_image007Note:

You can run PFDAVAdmin if you also have .NET Framework 2.0 on your computer. However, you do not have to have version 2.0 on the computer, but you must have .NET Framework 1.1 installed.

· Microsoft Windows® 2000 Server, Windows XP, or Windows Server™ 2003, Windows™ Vista

· Exchange 2000 Server, Exchange Server 2003, or Exchange Server 2007

8.
clip_image008
clip_image009

9.
clip_image010
clip_image011

10.
http://social.technet.microsoft.com/Forums/en-US/exchangesvr3rdpartyapps/thread/abfc328c-00c1-48ee-8a45-e9b8d50779a3/
. I again use the InterOrg Replication Tool to achieve this. This allow single or bi-directional replication between Exchange Orgs. Note it is only support officially in Exchange 2010 SP1 and only then under these circumstances here: http://blogs.technet.com/b/exchange/archive/2011/03/28/iorepl-and-exchange-2010-sp1.aspx

To ensure you setup the relevant Public Folder permissions you use PFDavAdmin and ExFolders for SP1 to export and import Public Folder permission structures. I recommend exporting via LegacyExchangeDN – as this is capture during the Prepare-MoveRequest process and added to Target Forest users as an X500 address.

11.
clip_image012
clip_image013
clip_image014 clip_image015 clip_image017

Exchange 2010 SP1 ExFolders

ExFolders Tool Readme

12.

1. INSTALLATION:

– ExFolders must be run from an Exchange Server 2010 machine with the Microsoft Exchange Active Directory Topology service, which means it will not currently run on a tools-only install. This might change in the future.

ExFolders.exe must be placed in the server’s Exchange \bin folder. If you try to run it from anywhere else, it will simply crash.

This build is not signed. In order to allow it to run, you can import the included .reg file on the server where you want to run the tool or run "sn -Vr ExFolders.exe" (using the 64 bit version of the SN tool) to allow it to launch. If you don’t, it will crash. To read more about the SN tool, please go here: http://msdn.microsoft.com/en-us/library/k5b5tt23.aspx

2. VARIOUS TOOL NOTES:

– ExFolders can connect to stores on Exchange 2010 or 2007 only, both mailbox and public stores. Connection to Exchange 2003 and earlier is not possible (use PFDAVAdmin for that)

– ExFolders can now connect to more than one mailbox store at a time; just ctrl-click or shift-click to select multiple stores. This allows you to operate against multiple servers or every single mailbox in the org all at once if you need to do so.

– You’ll notice the Tools menu now gives you the option to Export Item Properties, which allows you to export item properties to a tab-delimited file (just like the Export Folder Properties option). Item property imports are not implemented.

– Folder property imports are implemented. Tools -> Import, just like any other import. Note that the default property list in Export Folder Properties contains a lot of properties that are not writable, so if you turn around and try to import that same file, you will see a lot of errors. Any properties that are not writable (other than the Folder Path) should be removed from the file before importing.

– The old Property Editor has been changed to Bulk Property Editor, and a new Property Editor has been added, which is better-suited to editing properties on a single folder or item. Also note you can File -> Save to save the window contents to a file.

– The permissions interface, including the Folder Permissions GUI and exports/imports, supports the special Free/Busy rights on Calendar folders. Exports/Imports have two new keywords, FreeBusyDetails and FreeBusyBasic.

– The format of mailbox folder paths in imports/exports has changed, so mailbox exports from PFDAVAdmin cannot be imported with ExFolders, and vice-versa.

– Set Calendar Permissions will throw an error and not make any changes to a mailbox if it doesn’t find the FreeBusy Data folder in the mailbox root, which means the user has never logged on to the mailbox. This is by design (because if we set rights on the Calendar folder and the FreeBusy Data folder later gets created, the permissions won’t match).

– When you connect to mailboxes, some folders will appear in blue. These are search folders. They are ignored when you run Content Report.

– Set Calendar Permissions and Item Property Export are not currently exposed through Custom Bulk Operation.

image

Replce netbios of target domain.

image

E14 – Stop Automatic Conversion of Universal Distribution Groups to Universal Security Groups

by

0

 

http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/2a6b612a-132f-4d91-a0ee-70daff8b039f/

http://technet.microsoft.com/zh-tw/library/bb430793.aspx

停止萬用通訊群組與萬用安全性群組的自動轉換

萬用通訊群組和萬用安全性群組,是為了迅速大量傳送電子郵件和其他資訊而建立的收件者群組。然而,與萬用通訊群組不同,萬用安全性群組還可以用來指派權限。

在 Microsoft Exchange 中,只有具有安全性主體的 Active Directory 物件才可以用來授與公用資料夾或信箱資料夾的權限。然而,Microsoft Outlook 使用者可以使用萬用通訊群組來授與公用資料夾或信箱資料夾的權限。在此情況下,Microsoft Exchange 資訊儲存庫服務會將萬用通訊群組自動轉換為萬用安全性群組。這是 Exchange Server 2010 和 Exchange Server 2007 中的預設行為。

您可以修改這個行為,防止將萬用通訊群組自動轉換為萬用安全性群組。在 Active Directory 中,Exchange 組織物件的msExchDisableUDGConversion 屬性是用來控制 Microsoft Exchange 資訊儲存庫服務如何回應萬用通訊群組與萬用安全性群組的轉換要求。下列是 msExchDisableUDGConversion 屬性的可接受值:

  • 0   如果屬性設為 0 或未設定,則會在使用萬用通訊群組授與公用資料夾或信箱資料夾的權限時,將萬用通訊群組自動轉換為萬用安全性群組。
  • 1   如果屬性設為 1,則 Outlook 無法要求轉換。然而,Exchange 系統處理程序仍然可以將萬用通訊群組轉換為萬用安全性群組。
  • 2   如果屬性設為 2,則不會進行自動轉換。

E2003–2010 Cross-Forest Public Folder Part1 – IORepl

by

0

E2003 <—> E2010 SP1 – Use IORepl to replcate content of Public Folder (* without Permission)

Inter-Organization Replication Tool (*****)
http://technet.microsoft.com/en-us/library/ee307369(EXCHG.80).aspx#Security

This topic describes the Inter-Organization Replication tool, which was first released as part of Microsoft Exchange Server 5.5 Service Pack 3 (SP3), with an updated version for Microsoft Exchange 2003. The tool is also compatible with Exchange Server 2007 and with Microsoft Exchange Server 2010 Service Pack 1 (SP1).

The Inter-Organization Replication tool is used to replicate free/busy information and public folder content between Exchange organizations. It enables the coordination of meetings, appointments, contacts, and public folder information between disjointed Exchange organizations.

The tool consists of two programs: the Replication Configuration program (Exscfg.exe) and the Replication service (Exssrv.exe). The Replication Configuration program creates a configuration file for setting the replication frequency, logging options, folders to be replicated, and accounts to be used. The Replication service uses a configuration file that is created by the Replication Configuration program to continuously update information from one server (designated as the Publisher) to one or more Exchange servers (designated as Subscribers).

Schedule+ free/busy information is replicated from Publisher to Subscriber only. Because of this, you must have two free/busy sessions to bidirectionally update free/busy information. Public folders can be replicated bidirectionally between Publisher and Subscriber. You can configure the replication frequency, the logging of message and folder replication, and how much processing power you want devoted to the replication process.

Preparing the Publisher Server

The first step to prepare an Exchange server to be a Publisher. The Publisher server collects information from an Exchange organization and packages it. Then, the Publisher sends the information to the Subscriber Exchange servers outside the Exchange organization based on a schedule that you create. The Publisher can be considered the source server from which the information is being replicated.

To prepare the Publisher server, you must create a service account and mailbox account for the Inter-Organization Replication tool to use during the replication process. The mailbox should reside on the Publisher server. You must also assign the appropriate permissions to the service account and the mailbox and create a public folder for the tool to use during replication.

clip_image001Important:

The service account and mailbox account that you create must be listed as owners of each public folder and subfolder that you want to replicate, on either the Publisher or the Subscriber.
clip_image002
clip_image003
This lets the Inter-Organization Replication tool replicate anonymous and default permissions from one organization to the other. You can use Microsoft Office Outlook or Exchange System Manager to change the ownership and permissions of public folders. For free/busy replication, you will have editor permissions on the free/busy folder. This is sufficient to prepare the Publisher for this scenario.

To prepare the Publisher server for inter-organization replication in Exchange 2003 organizations

  1. Create a Windows NT account and an associated Exchange mailbox for the tool to use as a MAPI service account. Create the mailbox on a mailbox store on the Publisher server. Make sure that the Display Name is unique in the Active Directory forest.
  2. For every public folder and every schedule+free/busy system folder that is to be replicated between organizations, use Exchange System Manager to make sure that a replica exists on the Publisher server.
  3. You can use Outlook or Exchange System Manager to add the service account mailbox that you created as an owner for every top-level public folder and subfolder you want to replicate. You do not have to change the default permissions on the Schedule+ Free/Busy folders.
    clip_image004
  4. You can use Exchange System Manager to create a public folder named ExchsyncSecurityFolder in the root public folder and to grant Folder Visible permissions to the service account mailbox that you created. Do not specify any default or anonymous permissions on this folder. It is used by the Replication service for additional security and must be present on both the Publisher and Subscriber servers.
    clip_image006
  5. You can use Outlook to log on to the MAPI service account to initialize the mailbox on the server. This step verifies that your permissions and access are correct.
    clip_image007

Preparing the Subscriber Server

A Subscriber is an Exchange server to which you want to replicate information by using the Inter-Organization Replication tool. To configure a Subscriber, you must create a Windows NT account and an associated Exchange mailbox that the tool can use as a service account. Additionally, you must create the top-level public folders that the tool needs for the replication process. A replica of every free/busy folder in the subscriber organization should exist on the Subscriber server if you are replicating free/busy data.

For Exchange 2010 or Exchange 2007, management is performed by using either the Exchange Management Console or the Exchange Management Shell. Use either management tool to perform the following steps. Outlook and Public Folder DAV-Based Administration (PFDavAdmin) may also be used to create public folders and configure permissions on public folders.

To prepare the Subscriber server for inter-organization replication in Exchange 2007 or Exchange 2010 organizations

  1. Create a Windows account and an associated Exchange mailbox for the Inter-Organization Replication tool to use as a service account. Make sure that the Display Name is unique in the Active Directory forest. For more information, see New-Mailbox.
    clip_image008
  2. Create a new public folder database on the Subscriber server if a public folder store does not already exist.

New-PublicFolderDatabase -name "<Public Folder Database Name>" -storagegroup "<Storage Group Name>"

For more information, see New-PublicFolderDatabase.

3. You can use Outlook to log on to the MAPI service account and initialize the mailbox on the server to verify that your permissions and access are correct.
clip_image009

4. Create a top-level folder for every part of the folder hierarchy that you are replicating. You do not have to create subfolders on the Subscriber server. The tool will create subfolders automatically.

New-PublicFolder -Name <Top-Level Folder>

For more information, see New-PublicFolder.
clip_image010

5. If you are replicating free/busy data, add a replica of each free/busy folder in the Subscriber organization to the Subscriber server.

For more information, see Set-PublicFolder.

6. Grant Publishing Editor permission for each top-level folder to the service account mailbox that you created.

Add-PublicFolderClientPermission -User <ServiceAccount> -AccessRights:PublishingEditor -Identity "\<Top-Level Folder>"

For more information, see Add-PublicFolderClientPermission.
clip_image011

7. Create a public folder named ExchsyncSecurityFolder in the root public folder and grant Folder Visiblepermissions to the service account mailbox that you created. Do not specify any default or anonymous permissions on this folder. It is used by the Replication service for additional security and must be present on both the Publisher and Subscriber servers. To create a new top-level public folder named ExchsyncSecurityFolder, use the following Management Shell cmdlet:

New-PublicFolder -Name "ExchsyncSecurityFolder"

For more information, see New-PublicFolder.

8. To set the appropriate permissions on the ExchsyncSecurityFolder, use the following Management Shell cmdlets:

9. Add-PublicFolderClientPermission -User <ServiceAccount> -AccessRights:FolderVisible -Identity "\ExchsyncSecurityFolder"

10. Remove-PublicFolderClientPermission -User Default -AccessRights:Author -Identity "\ExchsyncSecurityFolder"

Remove-PublicFolderClientPermission -User Anonymous -AccessRights:CreateItems -Identity "\ExchsyncSecurityFolder"

For more information, see Add-PublicFolderClientPermission and Remove-PublicFolderClientPermission.
clip_image012

11. Using Outlook, log on to the MAPI service account to initialize the mailbox on the server and to verify that your permissions and access are correct.

clip_image013Note:

A server can be both a Publisher and a Subscriber if you are replicating both ways.

Installation and Configuration Phase

There are several installation requirements that you must meet before deploying the Inter-Organization Replication tool. A common misconception is that each Exchange organization that acts as a Publisher should host its own running instance of the Inter-Organization Replication tool. Although this may be an acceptable configuration, only one running instance of the tool is required.

clip_image014 System Requirements

Computers that will host the Inter-Organization Replication Configuration tool and the Replication service should be joined to a Windows domain and must meet the following operating system requirements:

  • Microsoft Windows 2000 Server Service Pack 3 or a 32-bit version of Windows Server 2003 with any service pack.
  • Windows Server 2008 is not supported.

Additionally, Exchange Server or the Exchange Management Tools must be installed.

For example, you can install the Inter-Organization Replication Configuration tool on the following configurations:

  • On a server that is running Exchange Server 2003 with Service Pack 2
  • On a non-Exchange server that has the Exchange 2003 System Management Tools

Also, note the following:

  • Installation of this Inter-Organization Replication tool on a computer that is hosting an Exchange 2007 server role is not supported.
  • Installation of the Inter-Organization Replication tool on a computer that has the MAPI/CDO library is not supported.
  • You should not install the Inter-Organization Replication tool on any computer that has ever had any version of Outlook installed.
  • A trust relationship is not required between the participating Exchange organizations.
  • If you are replicating information to a server that is running Exchange 2010 Service Pack 1 (SP1), the Exchange 2010 SP1 server must have at least the Mailbox role and the CAS role installed.
  • One of the replication endpoints must be an Exchange 2003-based public folder server.

clip_image013[1]Note:

Although replication may work among pure Exchange 2010 or Exchange 2007 organizations, this configuration has not been tested. Therefore, it is an unsupported configuration.

clip_image002

clip_image004

clip_image006[5]

clip_image008

clip_image010
clip_image012
clip_image014
clip_image016
clip_image018

ADMT CrossForest 2003-2010 Part3 – Bulk Prepare-moverequest

by

0

http://www.myexchangeworld.com/tag/migration/

Prepare-MoveReuqest to Append X.500 address on source and target Object.

1. $Local = Get-Credential

image

2.

image

3. Create Import.CSV
image

 

4. Run Prepare-MoveRequest.ps1
Import-Csv c:\Temp\Import.csv | .\Prepare-MoveRequest.ps1 -RemoteForestDomainController JS-AD2.js_domain.TEST.com.tw -RemoteForestCredential $Remote -LocalForestDomainController NewDC1.JSFunds.com.tw -LocalForestCredential $Local -TargetMailUserOu "ou=TEST_Import,DC=TEST,DC=com,DC=tw" –UseLocalObject

image

E2003
image

E2010
image

image

 

=====================================

[PS] C:\> .\prepare-moverequest.ps1 identity "cn=admt.test2,ou=test,dc=js_domain,dc=TEST,dc=com,dc=tw" -RemoteForestDomainController s-ad1.js_domain.TEST.com.tw -RemoteForestCredential $Remote -localForestDomainController s-ad6.TEST.com.tw -localforestcredential $Local -TargetMailUserOu "ou=TestOU,DC=TEST,DC=com,DC=tw" –UseLocalObject

clip_image003

ADMT CrossForest 2003-2010 Part2 – Bulk Mail Enable MailUser

by

0

 

 

Part1 – ADMT Account & Group

Part2

1. Bulk Disable MailUser
image

image

2. Get-User

image

3. Get-User –OrganizationalUnit “Test_OU” –RecipientTypeDetails user

image

4.
[PS] C:\Windows\system32>Get-User -OrganizationalUnit "Tests_Import" -RecipientTypeDetails user | foreach ($_.SAMAccountName) {$Email = $_.SAMAccountName+"@Test.com.tw"; Enable-MailUser -Identity $_ -ExternalEmailAddress $Email -WhatIf}

WhatIf: 正在啟用外部電子郵件地址為 "smtp:JS.User5@Test.com.tw" 的郵件使用者 "Test.com.tw/Test_Import/JS.User5"。

WhatIf: 正在啟用外部電子郵件地址為 "smtp:JS.User6@Test.com.tw" 的郵件使用者 "Test.com.tw/Test_Import/JS.User6"。

WhatIf: 正在啟用外部電子郵件地址為 "smtp:JS.User7@Test.com.tw" 的郵件使用者 "Test.com.tw/Test_Import/JS.User7"。

WhatIf: 正在啟用外部電子郵件地址為 "smtp:JS.User8@Test.com.tw" 的郵件使用者 "Test.com.tw/Test_Import/JS.User8"。

WhatIf: 正在啟用外部電子郵件地址為 "smtp:JS.User9@Test.com.tw" 的郵件使用者 "Test.com.tw/Test_Import/JS.User9"。

P.S. 管線未執行,因為已經有個管線正在執行。管線不可並行執行。

http://help.outlook.com/zh-tw/140/cc875890.aspx 

image

image

image

5. [PS] C:\Windows\system32>Get-User -OrganizationalUnit "Tests_Import" -RecipientTypeDetails user | foreach ($_.SAMAccountName) {$Email = $_.SAMAccountName+"@Test.com.tw"; Enable-MailUser -Identity $_ -ExternalEmailAddress $Email }

Name                                     RecipientType
—-                                     ————-
JS.User4                                 MailUser
JS.User5                                 MailUser
JS.User6                                 MailUser
JS.User7                                 MailUser
JS.User8                                 MailUser
JS.User9                                 MailUser

image

=============*****============
[PS] C:\Windows\system32>$User = Get-User -OrganizationalUnit "Test_Import" -RecipientTypeDetails user

[PS] C:\Windows\system32>$User | foreach ($_.SAMAccountName) {$Email = $_.SAMAccountName+"@Test.com.tw"; Enable-MailUs
er -Identity $_ -ExternalEmailAddress $Email -WhatIf}
WhatIf: 正在啟用外部電子郵件地址為 "smtp:JS.User10@Test.com.tw" 的郵件使用者 "TestS.com.tw/Tests_Import/JS.User10"

WhatIf: 正在啟用外部電子郵件地址為 "smtp:JS.User3@Test.com.tw" 的郵件使用者 "TestS.com.tw/Tests_Import/JS.User3"。

WhatIf: 正在啟用外部電子郵件地址為 "smtp:JS.User4@Test.com.tw" 的郵件使用者 "TestS.com.tw/Tests_Import/JS.User4"。

WhatIf: 正在啟用外部電子郵件地址為 "smtp:JS.User5@Test.com.tw" 的郵件使用者 "TestS.com.tw/Tests_Import/JS.User5"。

WhatIf: 正在啟用外部電子郵件地址為 "smtp:JS.User6@Test.com.tw" 的郵件使用者 "TestS.com.tw/Tests_Import/JS.User6"。

WhatIf: 正在啟用外部電子郵件地址為 "smtp:JS.User7@Test.com.tw" 的郵件使用者 "TestS.com.tw/Tests_Import/JS.User7"。

WhatIf: 正在啟用外部電子郵件地址為 "smtp:JS.User8@Test.com.tw" 的郵件使用者 "TestS.com.tw/Tests_Import/JS.User8"。

WhatIf: 正在啟用外部電子郵件地址為 "smtp:JS.User9@Test.com.tw" 的郵件使用者 "TestS.com.tw/Tests_Import/JS.User9"。

[PS] C:\Windows\system32>$User | foreach ($_.SAMAccountName) {$Email = $_.SAMAccountName+"@Test.com.tw"; Enable-MailUser -Identity $_ -ExternalEmailAddress $Email}

image

6.
[PS] C:\Windows\system32>Get-MailUser -OrganizationalUnit "Tests_Import"

Name                                     RecipientType
—-                                     ————-
JS.User4                                 MailUser
JS.User5                                 MailUser
JS.User6                                 MailUser
JS.User7                                 MailUser
JS.User8                                 MailUser
JS.User9                                 MailUser

 

image

Get-User & Get-MailUser

[PS] C:\Windows\system32>Get -User -Identity JS.User10  | fl

RunspaceId               : f76d0203-ca9e-4579-b578-23842539ffe1
IsSecurityPrincipal      : True
SamAccountName           : JS.User10
Sid                      : S-1-5-21-3280115619-3012524529-1380902707-1163
SidHistory               : {S-1-5-21-387562510-2723945668-297530758-1616}
UserPrincipalName        : JS.User10@TestS.com.tw
ResetPasswordOnNextLogon : False
CertificateSubject       : {}
RemotePowerShellEnabled  : True
WindowsLiveID            :
NetID                    :
UserAccountControl       : NormalAccount
OrganizationalUnit       : Tests.com.tw/Tests_Import
IsLinked                 : False
LinkedMasterAccount      :
AssistantName            :
City                     :
Company                  :
CountryOrRegion          :
Department               :
DirectReports            : {}
DisplayName              : JS.User10
Fax                      :
FirstName                :
HomePhone                :
Initials                 :
LastName                 :
Manager                  :
MobilePhone              :
Notes                    :
Office                   :
OtherFax                 : {}
OtherHomePhone           : {}
OtherTelephone           : {}
Pager                    :
Phone                    :
PhoneticDisplayName      :
PostalCode               :
PostOfficeBox            : {}
RecipientType            : User
RecipientTypeDetails     : User
SimpleDisplayName        :
StateOrProvince          :
StreetAddress            :
Title                    :
UMDialPlan               :
UMDtmfMap                : {}
AllowUMCallsFromNonUsers : SearchEnabled
WebPage                  :
TelephoneAssistant       :
WindowsEmailAddress      :
UMCallingLineIds         : {}
SeniorityIndex           :
VoiceMailSettings        : {}
IsValid                  : True
ExchangeVersion          : 0.0 (6.5.6500.0)
Name                     : JS.User10
DistinguishedName        : CN=JS.User10,OU=Tests_Import,DC=TestS,DC=com,
Identity                 : TestS.com.tw/Tests_Import/JS.User10
Guid                     : f6ece772-e9ad-4e0a-98dc-cc7e368b7374
ObjectCategory           : TestS.com.tw/Configuration/Schema/Person
ObjectClass              : {top, person, organizationalPerson, user}
WhenChanged              : 2011/10/12 下午 04:48:10
WhenCreated              : 2011/10/12 下午 02:24:17
WhenChangedUTC           : 2011/10/12 上午 08:48:10
WhenCreatedUTC           : 2011/10/12 上午 06:24:17
OrganizationId           :
OriginatingServer        : NewDC1.TestS.com.tw

=====================================================

[PS] C:\Windows\system32>Get-User -Identity JS.User6 | fl

RunspaceId               : f76d0203-ca9e-4579-b578-23842539ffe1
IsSecurityPrincipal      : True
SamAccountName           : JS.User6
Sid                      : S-1-5-21-3280115619-3012524529-1380902707-1167
SidHistory               : {S-1-5-21-387562510-2723945668-297530758-1612}
UserPrincipalName        : JS.User6@TestS.com.tw
ResetPasswordOnNextLogon : True
CertificateSubject       : {}
RemotePowerShellEnabled  : True
WindowsLiveID            :
NetID                    :
UserAccountControl       : NormalAccount
OrganizationalUnit       : Tests.com.tw/Tests_Import
IsLinked                 : False
LinkedMasterAccount      :
AssistantName            :
City                     :
Company                  :
CountryOrRegion          :
Department               :
DirectReports            : {}
DisplayName              : JS.User6
Fax                      :
FirstName                :
HomePhone                :
Initials                 :
LastName                 :
Manager                  :
MobilePhone              :
Notes                    :
Office                   :
OtherFax                 : {}
OtherHomePhone           : {}
OtherTelephone           : {}
Pager                    :
Phone                    :
PhoneticDisplayName      :
PostalCode               :
PostOfficeBox            : {}
RecipientType            : MailUser
RecipientTypeDetails     : MailUser
SimpleDisplayName        :
StateOrProvince          :
StreetAddress            :
Title                    :
UMDialPlan               :
UMDtmfMap                : {emailAddress:5787376, lastNameFirstName:5787376, firstNameLastName:5787376}
AllowUMCallsFromNonUsers : SearchEnabled
WebPage                  :
TelephoneAssistant       :
WindowsEmailAddress      : JS.User6@Test.com.tw
UMCallingLineIds         : {}
SeniorityIndex           :
VoiceMailSettings        : {}
IsValid                  : True
ExchangeVersion          : 0.10 (14.0.100.0)
Name                     : JS.User6
DistinguishedName        : CN=JS.User6,OU=Tests_Import,DC=TestS,DC=com,DC=tw
Identity                 : TestS.com.tw/Tests_Import/JS.User6
Guid                     : 5b85dbcd-59d5-4cfd-9077-8f1ee0eca2e4
ObjectCategory           : TestS.com.tw/Configuration/Schema/Person
ObjectClass              : {top, person, organizationalPerson, user}
WhenChanged              : 2011/10/12 下午 04:43:45
WhenCreated              : 2011/10/12 下午 02:25:29
WhenChangedUTC           : 2011/10/12 上午 08:43:45
WhenCreatedUTC           : 2011/10/12 上午 06:25:29
OrganizationId           :
OriginatingServer        : NewDC1.TestS.com.tw

========================================

[PS] C:\Windows\system32>Get-MailUser -Identity js.user6 | fl

RunspaceId                             : f76d0203-ca9e-4579-b578-23842539ffe1
DeliverToMailboxAndForward             : False
ExchangeGuid                           : 00000000-0000-0000-0000-000000000000
ArchiveGuid                            : 00000000-0000-0000-0000-000000000000
ArchiveName                            : {}
ArchiveQuota                           : unlimited
ArchiveWarningQuota                    : unlimited
ForwardingAddress                      :
ArchiveDatabase                        :
ArchiveStatus                          : None
DisabledArchiveDatabase                :
DisabledArchiveGuid                    : 00000000-0000-0000-0000-000000000000
ExchangeUserAccountControl             : None
ExternalEmailAddress                   : SMTP:JS.User6@JSFund.com.tw
UsePreferMessageFormat                 : False
MessageFormat                          : Mime
MessageBodyFormat                      : TextAndHtml
MacAttachmentFormat                    : BinHex
ProtocolSettings                       : {}
RecipientLimits                        : unlimited
SamAccountName                         : JS.User6
UseMapiRichTextFormat                  : UseDefaultSettings
UserPrincipalName                      : JS.User6@JSFUNDS.com.tw
WindowsLiveID                          :
MailboxMoveTargetMDB                   :
MailboxMoveSourceMDB                   :
MailboxMoveFlags                       : None
MailboxMoveRemoteHostName              :
MailboxMoveBatchName                   :
MailboxMoveStatus                      : None
ImmutableId                            :
PersistedCapabilities                  : {}
SKUAssigned                            : False
WhenMailboxCreated                     :
LitigationHoldEnabled                  : False
SingleItemRecoveryEnabled              : False
RetentionHoldEnabled                   : False
EndDateForRetentionHold                :
StartDateForRetentionHold              :
RetentionComment                       :
RetentionUrl                           :
LitigationHoldDate                     :
LitigationHoldOwner                    :
RetainDeletedItemsFor                  : 14.00:00:00
CalendarVersionStoreDisabled           : False
UsageLocation                          :
Extensions                             : {}
HasPicture                             : False
HasSpokenName                          : False
AcceptMessagesOnlyFrom                 : {}
AcceptMessagesOnlyFromDLMembers        : {}
AcceptMessagesOnlyFromSendersOrMembers : {}
AddressListMembership                  : {\All Mail Users(VLV), \All Recipients(VLV), \預設全域通訊清單, \所有使用者}
Alias                                  : JS.User6
ArbitrationMailbox                     :
BypassModerationFromSendersOrMembers   : {}
OrganizationalUnit                     : jsfunds.com.tw/JSFunds_Import
CustomAttribute1                       :
CustomAttribute10                      :
CustomAttribute11                      :
CustomAttribute12                      :
CustomAttribute13                      :
CustomAttribute14                      :
CustomAttribute15                      :
CustomAttribute2                       :
CustomAttribute3                       :
CustomAttribute4                       :
CustomAttribute5                       :
CustomAttribute6                       :
CustomAttribute7                       :
CustomAttribute8                       :
CustomAttribute9                       :
DisplayName                            : JS.User6
EmailAddresses                         : {SMTP:JS.User6@JSFund.com.tw}
GrantSendOnBehalfTo                    : {}
ExternalDirectoryObjectId              :
HiddenFromAddressListsEnabled          : False
LastExchangeChangedTime                :
LegacyExchangeDN                       : /o=JSFunds/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/
                                         =JS.User6f9d
MaxSendSize                            : unlimited
MaxReceiveSize                         : unlimited
ModeratedBy                            : {}
ModerationEnabled                      : False
PoliciesIncluded                       : {4ee72cd0-e122-4c85-a5a3-40cbd5ab2bf3, {26491cfc-9e50-4857-861b-0cb8df22b5d7
PoliciesExcluded                       : {}
EmailAddressPolicyEnabled              : True
PrimarySmtpAddress                     : JS.User6@JSFund.com.tw
RecipientType                          : MailUser
RecipientTypeDetails                   : MailUser
RejectMessagesFrom                     : {}
RejectMessagesFromDLMembers            : {}
RejectMessagesFromSendersOrMembers     : {}
RequireSenderAuthenticationEnabled     : False
SimpleDisplayName                      :
SendModerationNotifications            : Always
UMDtmfMap                              : {emailAddress:5787376, lastNameFirstName:5787376, firstNameLastName:5787376}
WindowsEmailAddress                    : JS.User6@JSFund.com.tw
MailTip                                :
MailTipTranslations                    : {}
PartnerObjectId                        : 00000000-0000-0000-0000-000000000000
IsValid                                : True
ExchangeVersion                        : 0.10 (14.0.100.0)
Name                                   : JS.User6
DistinguishedName                      : CN=JS.User6,OU=JSFunds_Import,DC=JSFUNDS,DC=com,DC=tw
Identity                               : JSFUNDS.com.tw/JSFunds_Import/JS.User6
Guid                                   : 5b85dbcd-59d5-4cfd-9077-8f1ee0eca2e4
ObjectCategory                         : JSFUNDS.com.tw/Configuration/Schema/Person
ObjectClass                            : {top, person, organizationalPerson, user}
WhenChanged                            : 2011/10/12 下午 04:43:45
WhenCreated                            : 2011/10/12 下午 02:25:29
WhenChangedUTC                         : 2011/10/12 上午 08:43:45
WhenCreatedUTC                         : 2011/10/12 上午 06:25:29
OrganizationId                         :
OriginatingServer                      : NewDC1.JSFUNDS.com.tw

E14–Mail Enable after ADMT Mail Group

by

0

 

 

image

image

 

[PS] C:\Windows\system32>Get-Group -Identity JS.AllGroup | fl

RunspaceId           : f76d0203-ca9e-4579-b578-23842539ffe1
DisplayName          : JS.AllGroup
GroupType            : Universal, SecurityEnabled
ManagedBy            : {}
SamAccountName       : JS.AllGroup
Sid                  : S-1-5-21-3280115619-3012524529-1380902707-1155
SidHistory           : {S-1-5-21-387562510-2723945668-297530758-1624}
SimpleDisplayName    :
RecipientType        : MailUniversalSecurityGroup
RecipientTypeDetails : MailUniversalSecurityGroup
WindowsEmailAddress  :
Notes                :
Members              : {Test.com.tw/Test_Import/JS.Sales, Test.com.tw/Test_Import/JS.ITS, Test.com.tw/JS
                       Funds_Import/JS.Group5, Test.com.tw/Test_Import/JS.Group3, Test.com.tw/Test_Import/J
                       S.Group2, Test.com.tw/Test_Import/JS.Finance}
PhoneticDisplayName  :
OrganizationalUnit   : Test.com.tw/Test_Import
SeniorityIndex       :
IsHierarchicalGroup  : False
IsValid              : True
ExchangeVersion      : 0.0 (6.5.6500.0)
Name                 : JS.AllGroup
DistinguishedName    : CN=JS.AllGroup,OU=Test_Import,DC=Test,DC=com,DC=tw
Identity             : Test.com.tw/Test_Import/JS.AllGroup
Guid                 : 68471237-4e3c-4f12-9337-5a3bd615be73
ObjectCategory       : Test.com.tw/Configuration/Schema/Group
ObjectClass          : {top, group}
WhenChanged          : 2011/10/12 下午 02:22:38
WhenCreated          : 2011/10/12 下午 02:22:34
WhenChangedUTC       : 2011/10/12 上午 06:22:38
WhenCreatedUTC       : 2011/10/12 上午 06:22:34
OrganizationId       :
OriginatingServer    : NewDC1.Test.com.tw

===============================================
[PS] C:\Windows\system32>Get-Group -Identity JS.E14Group | fl

RunspaceId           : f76d0203-ca9e-4579-b578-23842539ffe1
DisplayName          : JS.E14Group
GroupType            : Universal
ManagedBy            : {Test.com.tw/Users/Administrator}
SamAccountName       : JS.E14Group
Sid                  : S-1-5-21-3280115619-3012524529-1380902707-1171
SidHistory           : {}
SimpleDisplayName    :
RecipientType        : MailUniversalDistributionGroup
RecipientTypeDetails : MailUniversalDistributionGroup
WindowsEmailAddress  : JS.E14Group@Test.com.tw
Notes                :
Members              : {}
PhoneticDisplayName  :
OrganizationalUnit   : Test.com.tw/JSfund_User
SeniorityIndex       :
IsHierarchicalGroup  : False
IsValid              : True
ExchangeVersion      : 0.10 (14.0.100.0)
Name                 : JS.E14Group
DistinguishedName    : CN=JS.E14Group,OU=JSfund_User,DC=Test,DC=com,DC=tw
Identity             : Test.com.tw/JSfund_User/JS.E14Group
Guid                 : 48f8081c-c284-4373-9ee8-ab8bfb308566
ObjectCategory       : Test.com.tw/Configuration/Schema/Group
ObjectClass          : {top, group}
WhenChanged          : 2011/10/12 下午 03:05:01
WhenCreated          : 2011/10/12 下午 03:05:01
WhenChangedUTC       : 2011/10/12 上午 07:05:01
WhenCreatedUTC       : 2011/10/12 上午 07:05:01
OrganizationId       :
OriginatingServer    : NewDC1.Test.com.tw
=============================================

image

image

image

image

image

image

image

image