Disconnect or block user
If you need to block all network access to a particular user so he/she can’t access or delete any files or emails you have number of option.
1. Disable user in AD
- If user tries to logon on the network will get a message – your account is disabled.
- Incoming emails are still delivered in Exchange 2007 environment. In Exchange 2003 environment without hotfixes 916783 and 903158 incoming emails will be rejected.
- If user is already logged on, he can still access network and Exchange emails until logon token expires. This may take quite a while (hours). Even after that Outlook connection to the Exchange may work until Outlook is restarted.
- To disconnect user immediately, force computer to restart or logoff
- To log off or restart remotely: Computer management > Connect to another computer > computername > Properties > Advanced > Startup and Recovery Settings > Shut Down > Log off Current User / Force Apps Closed
- To restart remotely: CMD > shutdown -r -f -m \\computername This will warn user and give 30 seconds to save his data. If user has local admin rights he could cancel shutdown with shutdown –a. If you don’t want to warn user about the restart use shutdown -r -f -m \\computername -t 0
2. Change user password
- If user tries to logon on the network will get a message – password is incorrect.
- Incoming emails are delivered.
- Everything else as in disabled user (see above).
3. Disable user in Exchange Management Console
- EMC > Recipient Configuration > Mailbox > User Name > Disable
- This removed link between AD user and Exchange mailbox
- Incoming emails gets rejected immediately
- User is disconnected from his mailbox in webmail immediately although if Outlook is open user may still be able to access and delete his emails there for a while.
- Mailbox is marked for deletion in Exchange
- If you want disconnected mailbox become visible in EMC > Recipient Configuration > Disconnected Mailbox immediately, open Exchange Management Shell and run Clean-MailboxDatabase "database name"
4. Initiate malbox move
- In emergency if you want to disconnect user from his mailbox immediately (to prevent email deletion, etc) without disabling user in Exchange (thus rejecting incoming email) you can initiate mailbox move to another database (in Exchange Management Console).
- EMC > Recipient Configuration > Mailbox > User Name > Move Mailbox.
- As soon as mailbox move starts user will be disconnected from his mailbox, including webmail and outlook.
- If user uses Outlook in cached mode and deletes his emails while mailbox is being moved this is not replicated to the server while move operation is in progress, but when mailbox goes back online after move and user restarts the Outlook deleted emails will be removed from server as well.
- After move is completed mailbox will immediately become available again.
- If you dismount mailbox store to which mailbox was moved it will become unavailable again (along with all other mailboxes in this database) and all incoming emails will be queued.
Windows Server 2003
Windows XP
Exchange 2007
Send Email from a .bat script
You can use mailsend.exe to send emails from the command line or a script via a known SMTP server. More information and more ways to use this little useful utility here.
In MS Exchange environment I used this method to send emails from batch jobs to internal email addresses. If you want to use this to send messages to external recipients you may need to configure Exchange relay options. Some additional info here.
MS Exchange Server 2007 - Export Message Tracking Results
You can't export message tracking results from GUI interface, however you can from Exchange Management Shell.
1. Open Exchange Management Console > Toolbox > Message Tracking
2. Customise your query as required and copy Shell command from the box below.
3. Paste the text into Exchange Management Shell and append | Export-Csv C:\Export.csv at the end.
For example get-messagetrackinglog -Server "servername" -MessageSubject "meeting" -Start "16/12/2010 13:40:00" -End "16/12/2010 13:41:00" | Export-Csv C:\Export.csv
This will export results into Export.csv file on the C: drive.
One problem with that is that it does not export recipients as it is passed as an array of strings. To get around the issue you can specify which columns needs to be exported with select and request recipients with {$_.recipients}
For example to get all columns you can use query:
get-messagetrackinglog -Server "servername" -MessageSubject "meeting" -Start "16/12/2010 13:40:00" -End "16/12/2010 13:41:00" | select timestamp, eventid, source, sourcecontext, messageid, messagesubject, sender, {$_.recipients}, internalmessageid, clientip, clienthostname, serverip, serverhostname, connectorid, {$_.recipientstatus}, totalbytes, recipientcount, relatedrecipientaddress, reference, returnpath, messageinfo | Export-Csv C:\Export.csv
Obviously you can select only these columns which you are interested in.
MS Exchange 2007
Renewing MS Exchange 2007 self-signed certificate
By default MS Exchange 2007 uses self signed certificates for various services (SMTP, IMAP, IIS, POP, etc). Normally these certificates are valid for one year.
Once certificate starts approaching its expiry date following events will be logged in Application Logs on Exchange server:
Event Type: Warning
Event Source: MSExchangeTransport
Event Category: TransportService
Event ID: 12018
Date:
Time:
User: N/A
Computer: <server name>
Description:
The STARTTLS certificate will expire soon: subject: <server.domain.local>, hours remaining: 177700433E5D67615E8564373CAF08AB5842DEA0. Run the New-ExchangeCertificate cmdlet to create a new certificate.
Event Type: Warning
Event Source: MSExchangeTransport
Event Category: TransportService
Event ID: 12017
Date: 13/04/2008
Time: 09:01:00
User: N/A
Computer: <server name>
Description:
An internal transport certificate will expire soon. Thumbprint:135645393F5D74715F825A865CAF08BB8332DC10, hours remaining: 156
Once certificate expires following event will be logged:
Event Type: Error
Event Source: MSExchangeTransport
Event Category: TransportService
Event ID: 12016
Date:
Time:
User: N/A
Computer: <server name>
Description:
The STARTTLS certificate will expire soon: subject: <server.domain.local>, hours remaining: 124543103F37D661E48559A73FFBA84A5832DBA0. Run the New-ExchangeCertificate cmdlet to create a new certificate.
To renew the certificate perform following steps:
1. Open Exchange Management Shell
2. Check status of existing certificate(s). Make note of the "Thumbprint" value:
Get-ExchangeCertificate | List
3. Get a new self-signed certificate. Use "Thumbprint" from the old certificate:
Get-ExchangeCertificate –thumbprint "C9A4BB6094A167BD324618D8492C4C5281FDD34A" | New-ExchangeCertificate
4. Examine properties of the new certificate. Make sure all required services are enabled.
Get-ExchangeCertificate | List
5. If some of the required services are not enabled you can enable them with following cmdlet:
Enable-ExchangeCertificate -thumbprint "A0BB986024A347BAC24438D8432C1B123AFDF11B" -services IIS, POP, SMTP, IMAP
6. Ensure that all required services are working with new certificate and then remove the old certificate:
Remove-ExchangeCertificate -thumbprint "C9A4BB6094A167BD324618D8492C4C5281FDD34A"
- Outlook 2007 and 2010 warning "The name of the security certificate is invalid or does not match the name of the site"
- Check Installed Programs Remotely (vbscript)
- Delete old files (vbscript)
- Configure NTP Time Service on Windows Server DC
- MS Exchange 2003 ActiveSync Mobile Administration Tool
- Installing PHP 5.2 on IIS6