Ahmed Ali Speaking at MS Technology week about Microsoft Business ready Security
Exchange 2010 Issue: you might not be able to remove arbitration mailboxes from Exchange 2010
Consider the following scenario:
you try to remove the first Exchange server or remove arbitration mailboxes from a mailbox database, you might end up getting this error:
This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-03151D12, problem 4003 (INSUF
F_ACCESS_RIGHTS), data 0
At C:\Users\administrator\AppData\Local\Temp\tmp_84dd0a39-ae56-442c-9ddd-68
3333eb150a_lddaac3y.txf\tmp_84dd0a39-ae56-442c-9ddd-683333eb150a_lddaac3y.txf.p
sm1:19026 char:25
+ $scriptCmd = { & <<<< $script:InvokeCommand `
+ CategoryInfo : NotSpecified: (0:Int32) [Remove-Mailbox], ADOper
ationException
+ FullyQualifiedErrorId : 974A3CFF,Microsoft.Exchange.Management.Recipient
Tasks.RemoveMailbox
Solution:
This is a Known Issue, consider using LDP or ADSIEDIT to remove the mailbox, no workaround currently available
New-ManagementRoleAssignment gives access is denied
if you run the above cmdlet you might get:
Active directory response: 00000005: SecErr: DSID-03151E04, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
+ CategoryInfo : NotSpecified: (0:Int32) [New-ManagementRoleAssignment], ADOperationException
+ FullyQualifiedErrorId : 41057C37,Microsoft.Exchange.Management.RbacTasks.NewManagementRoleAssignment
also some additional cmdlets might gives access is denied,
Solution
to solve this issue make sure that Exchange computer account is member of Exchange Trusted Subsystem and restart the Exchange server
Exchange 2010 SP1 new trick : hiding GAL from OWA
Now in Exchange 2010 SP1 you can hide GAL from OWA Using
Set-OwaVirtualDirectory –GlobalAddressListEnabled
and
Set-OwaMailboxPolicy –GlobalAddressListEnabled
Exchange 2007 SP3 expired password reset tool
we all suffered from that, users with expired password cannot login to OWA or change their passwords, this have neen changed in Exchange 2007 SP3, there is a new web module that enables users with expired password to change their passwords.
- Log on Client Access Server | Registry Editor
- Go to HLKM\SYSTEM\CurrentControlSet\Services\MSExchange OWA
- Create the following DWORD value if it does not already exist:
Value name: ChangeExpiredPasswordEnabledValue type: REG_DWORD
Value data: 1
how to set spell checking language for users in OWA
here is a Nice Trick: to set the spell checking language for users you can use the following cmdlet:
how to prevent users from updating their info using RBAC and Exchange control panel
here is a nice quick tip, if you want to quickly prevent users from updating their info using the ECP in Exchange 2010, then you use cmdlet:
set-ManagementRoleAssignment -Identity “MyContactInformation-Default Role Assignment Policy” -Enabled $false
this stop users immediately from updating the info in the ECP, if you want to allow some users to still do this you will have to edit the default policies to include a custom management role.
Exchange 2010 Issue: you may receive 554 5.6.0 STOREDR .Deliver; Corrupt message content
Consider the following scenario:
a user send a message to:
Multiple recipients within the organization including 1 or attachments and Rule or software applied disclaimer.
you will receive the following error:
#554 5.6.0 STOREDRV.Deliver; Corrupt message content ##
Original message headers:
Received: from mail.domain.com ([fe80::b5a3:e52f:14f6:1733]) by
mail.domain.com ([fe80::b5a3:e52f:14f6:1733%11]) with mapi; Mon, 26
Apr 2010 16:05:28 -0500
Content-Type: application/ms-tnef; name=”winmail.dat”
Content-Transfer-Encoding: binary
This issue is a bug reported in Exchange 2010 RTM until RU3, this will be fixed in RU4 and SP1 RTM, there is no current fix for the issue.