Get a list of all Exchange Management Shell Tips

January 1, 2011 17:02 by hiho

Do you enjoy the "Tip of the day" that EMS gives you whenever you open it up? Something like

Ever wanted to retrieve a list of all available tips? It's pretty easy. Just type

1..200 | foreach {get-tip -local:$_}

This will give you an output of all available Tips in the EMS.


Updated the Blog from 1.4.5 to 1.6.1

December 30, 2010 13:56 by hiho

Just a quick update here. I updated the blog from BlogEngine.Net 1.4.5 to 1.6.1. While the upgrade was rather painless and most of the things seem to work (i even re-enabled commenting thanks to reCaptcha), i would like to hear from you if something is nor working as expected. Just drop me a line if you find anything broken or odd while reading. Thanks!


The case of the non-working disclaimer transport rule for outgoing mail

December 26, 2010 16:04 by hiho

It's been a long time since my last post, but i thought i can use some of my christmas spare time to revitalize the blog. Today i want to talk about an odd issue that i helped one of customer with.

The goal was to implement a transport rule that will add a disclaimer to every OUTGOING mail only. Running Exchange 2010, this should be a piece of cake so the customer configured something like that:

Sounds about right, doesnt it? Sure enough, the rule didn't fire and wasn't applied to the outgoing messages. We checked the usual suspects like replication, transport service not aware of any change etc, but everything looked proper. Being rather stomped by the issue, i decided to go for ExTRA tracing to capture an .etl of the rules engine while processing outgoing emails.

The .etl revealed that the transport service was fully aware of the new transport rule, but for whatever reason didn't recognize outgoing mails as "outgoing", but rather treated them as internal.

Futher tracing revealed that the rules engine considered the "Default Remote Domain"-entry in the remote domains as internal, and therefore didnt apply the disclaimer rule and just bypassed it.

While looking into the issue, i discovered the following -

Notice how it says IsInternal:$true for the Default Remote Domain? This tells Exchange, in our special case the transport rules engine, to treat all mails going to an address space of * as internal, hence not to apply the disclaimer. We changed it backed to the default setting of false - and voila, disclaimers are being successfully applied.

Case closed!

Reading, modifying and deleting attributes of Active Directory Objects with Powershell

March 31, 2009 09:23 by hiho

I just thought i'd do a quick one on Powershell, and how it can be used to modify Active Directory attributes, especially regarding multi-valued ones. In this example, i'm using the [ADSI] accelerator for direct access to AD. I'm also utilizing the .putex method, for more granular control. For more information on .putex, please see

And there you go....


#Scripting example of using PS and [ADSI] accelerator to modify AD attributes
#This example reads, modifies and deletes all the values in the "proxyaddresses"-attribute of an user object.
#(c) 2009, Georg Hinterhofer

#Clear Screen

#Dim array to hold multi-valued attributes
[array] $proxy

#Set LDAP path
$LDAPPath ="LDAP://CN=test,CN=Users,DC=forest1,DC=local"
$ADUser = [ADSI]"$LDAPPath"

#Read multi-valued properties
$proxy = $aduser.proxyAddresses

#Delete a multi-valued properties

#Set a multi-valued property
[Array] $newProxy = "",""

#Add a property to multi-valued
[array] $smtpToAdd = ""

#Remove a property from multi-valued
[array]$smtpToRemove = ""


So enjoy this one,



Bulk modify linked mailboxes to user mailboxes in Exchange 2007

January 13, 2009 09:56 by hiho

I recently joined Microsoft as a Premier Field Engineer for Messaging. One of the top issue's i started seeing are mailboxes that are converted to linked or shared mailboxes after migration from Exchange 2003, whereas they should be plain user mailboxes.

While it's no problem to convert a shared mailbox to a user mailbox - Set-Mailbox UserMbx1 -Type Regular - you will have a hard time converting a large number of linked mailboxes to user mailboxes, as the official procedure calls for disconnecting and reconnecting (!) the mailbox.

Let's start and see why this happens and what we can do about it -

Back in the days of 5.5, every mailbox had to have a so called "Associated External Account" - or short "AEA". This was necessary because Exchange 5.5 had it's own directory service, and NT accounts had to be matched somehow. In Exchange 2000 / 2003 / 2007, the AEA account is mostly used for ressource forest deployments, where a disabled mailbox account needs to be matched with an enabled user account from a user forest.

The problem here is that most customers have always upgraded their enviroment since the earliest days - and therefore still have (obviously no longer existing) accounts carrying the AEA property in their mailbox rights ACL's - this probably looks something like below: More...

Outlook Anywhere / RPC over HTTPS and multiple AD Sites

December 12, 2008 16:59 by hiho

This one's for Jamie :-) There seems to be a lot of confusion with customers on how Outlook Anywhere works, especially when using a multiple AD-Site's setup.

Imagine the following scenario in the image below: 

And let us further assume that the users mailbox is located in "Site B" and the combined CAS/HT/MBX in "Site B" isn't accessible from the internet. The user tries to access his mailbox via RPC/HTTPS (Outlook Anywhere) on the CAS in "Site A". Oulook Anwhere is not enabled in "Site B"

So how does this work? More...

Exchange 2007 Rollups take that long to install.... really?

November 22, 2008 11:23 by hiho

Are you tired of Exchange 2007 Rollups taking 1h + to install, even on high end production servers? Don't panic, there's a possible workaround - disable the certificate revocation check in Internet Explorer. Yeah, you heard right.

 It can be found in the Internet Explorer options, see screenshot below:


Doing this brought my RU5 install time down to around 10 minutes instead of approx one and a half hours.

Hope you find this usefull!



Exchange 2003 and the PDC Emulator

September 15, 2008 15:05 by hiho

 "In what way do Exchange and the PDC Emulator relate?" Well, before starting this topic you should know what the PDC Emulator is.

The PDC Emulator is one of the 5 Active Directory FSMO Roles (in Full - "Flexible Single Master Operation Roles"). The others are Schema Master, Domaining Naming master, Infrastructure Master and the RID Master.

What are the duties of the PDC Emulator:

  • The PDC Emulator emulates a Windows NT 4.0 Primary Domain Controller - so that NT 4 Backup Domain Controllers can successfully replicate Directory Information (of course, in a pure Win2k/2k3 enviroment, this feature becomes obsolete).

  • When a User changes his/her password on another DC, the password change is preferentially replicated to the PDC Emulator before any other DC.

  • Furthermore, if a user tries to log on to a DC and the DC didn't receive the password change it will forward the logon request to the PDC Emulator (as mentioned before, the PDC Emulator gets preferential treatment on password changes).

  • Account lockouts are processed by the PDC Emulator.

  • When modifying or creating GPO's, this is always done on the SYSVOL - Share of the PDC Emulator.

  • The PDC Emulator is the authoritive source of time in the domain - all other servers and clients will try to obtain time information from the PDC Emulator (for that reason, the PDC Emulator should always be configured with an external accurate time source).

So the PDC Emulator is a pretty important role within a domain. But what's up with Exchange? More...

Passed MS Certs 70-647,70-649 and 70-620

August 29, 2008 12:11 by hiho

Well, i usually don't like bragging, but here goes... i've successfully completed the above mentioned exams (each > 950 points). As i also own the MCSA/MCSE Credentials for 2000/2003, i'am proud to announce that i have completed all necessary exams to be recognized as a

Microsoft Certified IT-Professional: Enterprise Administrator

As of now, i hold the following Microsoft Credentials: MCP, MCSA 2000/2003, MCSA+M,MCSE 2000/2003,MC:TS,MCITP:EA

I would like to thank everyone who made this possible, especially my employer, iT-Austria.

If you would like to learn more about Microsoft Certifications, i suggest you visit Microsoft Certification Overview.

Exchange 2000/2003: Changed Mailbox Limits are not enforced in an acceptable amount of time.

August 22, 2008 14:43 by hiho

I'am pretty sure you saw it before: User xy calls, his mailbox is over his size limit, but he must send or receive this one important piece of mail just now. You head to Active Directory, change the mailbox size limits. The User tries again, still not working.

You take a look into Exchange System Manager, and see that the new values have not been read by Exchange.

So what happens here?

Exchange 2000/2003 uses cached mailbox configuration data to determine the enforced mailbox size limits. By default, the cache has a TTL of 2 hours, meaning it can take as much as two hours for you changed size limits to be enforced. More...