Managing mailboxes in Exchange Server 2007
Managing mailboxes in Exchange Server
2007 (Part 1)
Overview
In this article, we are going to approach
a simple but important subject: the mailbox user management for
Exchange Server 2007.
It may seem a simple issue to discuss,
but we will see some advanced points related to user management
tasks in order to assist beginners and advanced administrators. This
article will be split into two parts; in this first part we will
review mailbox management and user level functionalities.
Creating a mailbox using the Exchange
Management Console
This procedure is the starting point of
this article. Exchange Server 2007 allows administrators to create
objects such as Mailboxes, Contacts, Mail Users,
and Distribution Groups. In the following steps we will see
how to create a mailbox object:
- Open Exchange Management Console
- Expand Recipient Configuration
- Click on Mailbox
- In the Mailbox pane, click on
New Mailbox... (Figure 01)
Figure 01: Creating a new user in the Exchange
Management Console
- Introduction. We
have to choose what kind of object we are creating, in Exchange
Server 2007 we have four different mailbox types:
- User mailbox: This is a traditional mailbox.
- Resource mailbox: This is a mailbox specifically assigned to Meeting Rooms. Its associated user account will be disabled in Active Directory.
- Equipment mailbox: This is a mailbox specific to resources, (i.e. TV, Projector and so on). As with a Resource mailbox, this kind of mailbox will disable a user in Active Directory.
- Linked Mailbox: This kind of mailbox will be used in environments with multiple forests. This specific feature will be explained in a later article on MSExchange.org.
In the Introduction window, select the appropriate mailbox type and then click Next to continue. (Figure 02).
Figure 02: Choosing what kind of
mailbox will be created
- User Type. In
the User Type window, we can choose either to create a
new user or to assign an existing user to the new mailbox. If we
choose to assign it to an existing user, we will have to check
if the account does not already have a mailbox associated with
it. Click Next to continue (Figure 03).
Figure 03: Creating a new user for
a new mailbox
- User Information.
In the User Information window, we should fill out the
personal information of the user and select the Organization
Unit where it will be created. After that click on Next
(Figure 04).
Figure 04: Filling out the personal
user data and OU localization
- Mailbox Settings.
On the Mailbox Settings page, we can define the mailbox
information such as Alias, Mailbox Server, and Mailbox Store
where the new mailbox will be located. The policies for Mailbox
and ActiveSync can also be defined in this step. We can choose
which fields we are going to fill out and then click Next
to continue. (Figure 05).
Figure 05: Choosing Server, Storage
Group, Mailbox database and policies during the mailbox creation
process
- New Mailbox. In
the New Mailbox window, we will get a summary of all the
information that we selected in the previous steps. These
parameters will be used by the PowerShell engine for the
creation of this mailbox object. To create the mailbox, click on
New (Figure 06).
Figure 06: The parameters that will
be used in the creation of the new mailbox
- Completion. In
the Completion window, we will see the cmdlet New-mailbox
and the parameters that we used in the creation process of this
new mailbox.
Figure 07: The final screen of the
New Mailbox Wizard, showing us the cmdlet used in the creation of
the mailbox
Creating a mailbox through Exchange
Management Shell
Another way to create users is by using
the Exchange Management Shell. To do this, we can use a cmdlet
called New-Mailbox. There are many parameters associated with this
commandlet, and the required parameters for the cmdlet are the
following:
- Alias
- Name
- Database
- OrganizationalUnit
- UserPrincipalName
To create a user using Exchange
Management Shell, we can run the following cmdlet:
New-Mailbox –alias <alias> -name
<name> -Database <Database name> -OrganizationUnit
Users –UserPrincipalName <UPN value, example:
Anderson@contoso.local>
If we do not type all the required
parameters, we will get a prompt asking for the parameters that are
missing. In Figure 08, we can see that we have received the password
prompt to fill out the password. After the password was entered, the
user was created.
Figure 08: Creating a mailbox
through the cmdlet New-Mailbox in the Exchange Management Console
Using *.csv files to create mailboxes
Another interesting feature is the one
that lets an administrator create several users from a *.csv file.
In the following section, we will review a step by step procedure to
create mailboxes:
- First of all, we will have to create
a *.csv file called recipients.csv on the root drive (C:\)
and we will type the column names for the file in the first
line. Those columns will be the Alias, the Name
and UPN. in the following lines we will complete the user
information (Figure 09).
Figure 09: Creating a csv file to
be used in the creation of users through Exchange Management Shell
- Once the user information is
complete, we will have to create a variable in the Exchange
Management Shell that will keep the initial password for all of
the accounts on the recipients.csv file. To do so, we will type
the following:
$Password = Read-Host “Type the default password for the new accounts:” -AsSecureString
Figure 10: Creating a variable to
keep the initial password on the new accounts
- In the following step, we will run
two cmdlets using a pipe to create the new users using the *.csv
file. This is the syntax of our cmdlet:
Import-Csv recipients.csv | foreach { New-Mailbox –alias $_.Alias –name $_.Name –UserPrincipalName $_.UPN –Database “mailbox database” –OrganizationalUnit Users –Password $Password –ResetPasswordOnNextLogon:$true
The options are explained here:
- $_.<Name>: This
is the name of each column of the recipients.csv file.
- Foreach: For
each line of the file; Note: the first line is the header.
- $Password:
variable that we just typed in the previous step.
- -ResetPasswordOnNextLogon:$true:
If we set this parameter to true, all the users will have to
change their password on the first logon.
Figure 11: Creating users
through a *.csv file
- To check if the users were created,
we will go to the Exchange Management Console (Figure
12).
Figure 12: The new users created
through the csv file
Managing Mailbox Features
We can manage functionalities at the user
level, enabling or disabling the following features:
- OWA
- Exchange ActiveSync
- Unified Messaging
- MAPI access.
This task can be completed in two
different ways, both will be detailed in the following sections:
Using the Exchange Management Console
- Open Exchange Management Console
- Expand Recipient Configuration
- Click on Mailbox
- Click on the user and in Toolbox
Actions, click on Properties
- Click on Mailbox Features
tab
- Now we can see all the mailbox
features of the user and we can disable or enable each
functionality
Figure 13: Managing Mailbox
Features at user level
Listing all the users and their
features…
In some cases, we have to verify the
functionalities that users have, and there is no way to do this user
by user. In Exchange Server 2007, this task is very easy, and can be
done with a cmdlet called get-casmailbox (figure 14).
Using this cmdlet, we can export the
results to a *.csv file and analyze it in Microsoft Excel and
generate reports or analyze it any way we want.
Figure 14: All the users with their
functionalities through Exchange Management Shell
Using Exchange Management Shell to
change user features
To manage features using the Exchange
Management Shell, we can use the cmdlet called set-casmailbox,
as follows:
Set-casmailbox <User> -OWAEnabled:<Value>
Where: <user> is
the user name; <Value> can be $true
or $false
To show you the real impact of the use of
the Exchange Management Shell, here is an example.
Scenario: We have a
company with fifty (50) branch offices and we have to disable MAPI
access for all users in Toronto.
How can we do this with the least
administrative work?
First of all, we must insure that all the
Active Directory information is consistent. In our scenario, all of
the users have the attributes City and StateorProvince
filled out correctly. One example of this is shown in the Figure 15
through cmdlets get-user | select name,
recipientType, City, StateorProvince
Figure 15: Verifying the attributes
City, StateorProvince of all the users
If all of the Active Directory
information is consistent, we can use the pipe resource on the
Windows PowerShell where an output from one command is used as input
for another cmdlet.
We will need some specific user
attributes that we cannot get through get-mailbox because
this cmdlet only returns mailbox information. We will have to use
the get-user cmdlet to filter the city attribute from
users and combine these results with the set-casmailbox
cmdlet.
To resolve this, we can use this subset
of cmdlets, as is shown in figure 16.
Get-User | Where-Object { $_.City –eq
“Toronto”} | Set-CasMailbox –OWAEnabled:$false
Figure 16: Disabling OWA access of
all of the users located in Toronto city and Ontario State, and
after that a list of the new user features
Now, let’s check if everything worked as
expected. None of the users who had the OWA feature set as disabled
will be able to access their mailboxes through Outlook Web Access.
We can test it, trying to see if the user Anderson.Patricio
can access his mailbox with Outlook Web Access. We can see that
everything worked as shown in the next figure (Figure 17).
Figure 17: After authentication,
the user receives the message that OWA is disabled
Conclusion
We have reviewed the steps required to
create users (in the traditional way) by using the Exchange
Management Console. Then, we reviewed similar tasks using the
flexibility of the Exchange Management Shell to help us to create
one or more users through commandlets. At the end of this article,
we discussed how to manage some mailbox features at user level.