Converting User Mailboxes to Linked Mailboxes

Similar Messages

• Preserve mailbox permissions after converting to linked mailboxes

  Hello,
  I am converting normal user mailboxes to linked mailboxes in Exchange 2007 SP3. After a pilot, we found that the linked accounts no longer had access to shared mailboxes (the share mailboxes will NOT be converted into linked accounts). The Full Access
  ACL references the OLDOMIAN\username AD account. Manually adding NEWDOMAIN\username to the ACL fixes things. Is there an easy way to export the Full Access and Send As permissions for the shared mailboxes and switch them to NEWDOMAIN\username with
  PowerShell? I have a feeling this will involve a lot data manipulation with Excel. Too bad there is no ADMT style security translation tool for Exchange mailboxes!

  It's definetly possible to do this entire task via powershell script but need to spend some time to write it... ;)
  But well, here is another quick way I can suggest it's two step process...
  1. Export Full Access and Send-As to csv files seperately by following this Exchange Powershell Tip #09
  2. Now you have two files, replace the domain name in exported csv files.
  3. Import the permission back using this...
  $FullAccess = import-csv mailboxaccess.csv
  $FullAccess | %{Add-MailboxPermission -Identity $_.Identity -User $_.user -AccessRights $_."Access Rights"}
  $SendAs = import-csv sendas.csv
  $SendAs | %{Add-ADPermission -Identity $_.identity -User $_.user -AccessRights Extended -ExtendedRights $_."Access Rights"}
  Blog |
  Get Your Exchange Powershell Tip of the Day from here

• Beware of Linked Mailbox status - Moving Unity_server mailboxes to Exchange 2010

  Hi all -
  Here is a problem I encountered that I want to pass along to you:
  When partnering Unity to Exchange 2010, the Unity_servername, USBMS_servername, EAdmin, and unitymsgstoresvc inboxes are moved from the old Exchange to the new 2010 server.  Using the Exchange Management Console, the users should show up as User Mailboxes, not Linked Mailbox.  A Linked mailbox in Exchange 2010 is an external account, i.e. an account in another forest.  If this occurs for the Unity_servername mailbox, external caller voice messages remain in UMR (UnityMTA) and you will see many application event log errors.  In EMC you will observe the account mailboxes show in Disconnected status.
  If this happens to you, here is the fix:
  Disable the Account from EMC in Exchange 2010.  Note you will get a prompt that the Exchange properties are being removed but the email inbox is NOT deleted.
  Re-enable the account from ADUC.
  In EMC, go to Disconnected Mailboxes, select the Unity mailbox and select Connect.  In the Connect wizard, re-associate with the existing account. Re-enter the user alias and complete the wizard.
  Restart AvUMRSynchSvr service on Unity.
  Hope this helps someone in the future!
  Sincerely, Ginger

  Thanks Brad :-)  I forgot to mention I discovered a number of Internet hits that say this can happen with Move Mailbox.  Here's the link I used to begin researching the problem (hint: go all the way to the bottom of the web page - http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_26308671.html).  Got to give kudo's to this most excellent Exchange resource - has helped me a bunch over the years!

• Cannot link mailbox to user in accounts forest

  original forest is a single domain configuration named mydomain.com.  A new accounts forest was created named ad.mydomain.com.  This domain is *not* a subdomain of the original domain, but a separate domain in a separate forest.  This forest
  also uses a single domain design. (It's a long story) All mailboxes reside in a single mailbox database on an Exchange 2010 server running on Windows Server 2008 R2.  I've used the ADMT to migrate some test accounts to the accounts forest. 
  The migration works and the account appears functional, i.e., SID history migrated and the account can still get to shares and files on machines located in the resource forest. 
  I then use the disable-mailbox and connect-mailbox commands to setup the linked mailbox.  My test account is user Joe Doakes (as listed in Get-MailboxStatistics), username is jdoakes, mailnickname is jdoakes and SMTP address is [email protected] 
  Here is the exact command I am using:
  Connect-Mailbox -Identity "Joe Doakes" -Database "Mailbox Database 0448361937" -LinkedDomainController MEDTMPDC01.ad.mydomain.com
  -LinkedMasterAccount "CN=Joe Doakes,OU=Testing,OU=Accounts,DC=ad,DC=mydomain,DC=com" -LinkedCredential $cred
  to which the command shell replies-
  Confirm
  Do you want to connect this mailbox to user "mydomain.com/Testing/Joe Doakes" with the alias "JoeDoakes"?
  [Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"):
  I've re-entered the credentials for the accounts forest twice.  The canonical name above is the name of the now disabled account in the resource forest.  If I select Y here, it reconnects to the old account and changes the alias from jdoakes
  to JoeDoakes.  This behavior is very strange.  I have confirmed the distinguished name used is correct.  Can anyone point out what I am doing wrong?
  TIA
  Tom

  I wanted to update this post in case anyone else runs into this problem.  I wound up opening
  a support ticket and spent a day and a half on the phone with Microsoft. 
  This issue was the result of several chance problems and my misinterpretation
  of the command's results.  To start off, when the command comes back to
  say that it wants to connect the mailbox to "mydomain.com/Testing/Joe Doakes", it
  really means that it is the disabled account in the Exchange (source) forest to which the
  mailbox will be connected.  It will be "linked" to the account in the accounts forest, but the command does not say that.  This behavior is by design.  We also found that I have to specify the alias in the command or a new alias is created that
  concatenates the target account's first
  and last names.  Last, we found that running a number of
  clean-mailboxdatabase commands was the trick that finally made things
  work.  To recap, the procedure that worked for me was:
  1. Disable-mailbox to disconnect the user in the source forest
  2. Verify the mailbox is actually disconnected.  If it does not show up in the
  Disconnected Mailbox node in the EMC, run the clean-mailboxdatabase "<database
  name>" command
  3. Disable the source forest user account.
  4. Enter the account forest credential ($cred = get-credential)
  5. Connect the mailbox to the linked account.  This is the command that worked for me:
    Connect-Mailbox -Identity "Joe Doakes" -Alias jdoakes
  -Database "Mailbox Database 0448361937" -LinkedDomainController MEDTMPDC01.ad.mydomain.com -LinkedMasterAccount "CN=Joe Doakes,OU=Testing,OU=Accounts,DC=ad,DC=mydomain,DC=com" -LinkedCredential
  $cred 
  6. The new account may not be able to get to the mailbox without running another clean-mailboxdatabase.
  I hope this saves someone else a call to Microsoft.

• Need help on Cross Forest Exchange 2007 - 2013 with Linked Mailboxes

  Hey all,
  So I'm in a bit of a pickle with my Exchange design and am trying to figure out if there's a way to migrate mailboxes across forests where Linked mailboxes are being used. I've done a bit of reading and have noted stuff like preparing the move request in
  AD, etc. But I'm wondering if someone can break it down for me.
  http://1drv.ms/1lWjLqG
  The above is a OneNote diagram of how we have moved over time. Please forgive my sloppy handwriting but I hope it gets the point across. I will text it out here as well:
  Original Design
  The original design of the domains when I joined the company were fabrikam and contoso. Contoso is a domain that sits entirely in the "DMZ". Fabrikam was the internal AD forest where most services and users authenticated to. In Contoso, there
  are 2 domain controllers, the "Front End" Exchange Server (Edge Transport), and the "Back End" server, which is CAS/Mailbox.
  There is a forest trust between contoso and fabrikam where "Linked Mailboxes" are created in Contoso, and then the LinkedMasterAccount is set to Fabrikam.
  Migration/Hybrid Design
  Due to the fact that these two domains were configured massively inappropriately, riddled with security holes as well as strange permissions configurations, the decision was made to create a new internal AD domain. In my OneNote, I've labeled this 'specialbank.com'.
  A long while ago we migrated users from Fabrikam to SpecialBank via trusts. To facilitate access to Exchange, a new trust was created between Contoso and SpecialBank to allow us to update the LinkedMasterAccount parameter to the new Specialbank domain.
  We have most of our users authenticating to their mailboxes via SpecialBank, while the mailboxes still reside in Contoso.
  Migration from Exchange 2007 to Exchange 2013
  I am attempting to now figure out the best way to migrate the mailboxes from Contoso to a new set of Mailbox servers in SpecialBank. This will also be an upgrade from Exchange 2007 (Current) to an Exchange 2013 installation.
  The latest Service Packs and CUs are installed in both.
  What would be the best procedure to move these mailboxes? To my knowledge, the current best practice/recommended way is to perform a user/SID migration from Contoso to SpecialBank. But I already have accounts in
  SpecialBank that users are actively using.
  I'm not opposed to doing a simple PST export from Contoso to SpecialBank, but we're looking at around 120 mailboxes. So I'm trying to make my life a little easier instead of spending a weekend here.
  If I try to do it in batches, I need to figure out how to handle autodiscover and CAS. Since I'm creating an entirely new Exchange environment, I'm trying to limit what I place in the existing configuration. But I'm not opposed to setting up something temporarily
  if I need to in order to make the migration transparent to users.
  Can anyone help?

  Hi ,
  From you description i came to know contoso is the resource forest and special bank is the account forest .
  You just wanted to migrate the linked mailboxes from resource forest to account forest and also you would want the migrated mailboxes to get merged to the respective user accounts in the account forest to become as a normal user mailbox.Am i right ?
  Please correct me if i am wrong . I have found some blogs in internet please have a look in to that especially the first one.
  http://www.outlookforums.com/threads/60210-cross-forest-mailbox-move-and-linked-mailbox/
  http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_27974905.html
  Regards
  S.Nithyanandham
  Thanks S.Nithyanandham

• Outlook Password prompt for Linked Mailboxes from certain Domain

  Hello,
  As part of a migration project, I'm trying to connect Outlook with Linked Mailboxes from users in a trusted domain.
  I'm able to create the linked mailbox on the Exchange 2013 (CU7) server without any issue, but when I try to configure Outlook for these mailboxes, it is prompting for credentials permanently and won't start. Log on to OWA with the same user from the trusted
  domain is working fine.
  I'm able to configure Linked mailboxes from another trusted domain without any problems.
  I've already recreated the trust between these two domains (validation tells everything is ok)
  DNS is configured with conditional forwarders in both domains and name resolution looks ok to me (ping and nslookup)
  When I look at the LinkedMasterAccount of the mailboxes from this domain, I can see that there is only the SID (S-1-5-21-4033829......). The other linked mailboxes (from the other domain where it's working) are showing the Account name (domain\user)
  Internal and External ClientAuthenticationMethod of OutlookAnywhere is set to NTLM
  Infos:
  DomainA: Domainlevel 2012 - Exchange 2013 - Forest trust to Domain B and C
  DomainB: Domainlevel 2008 - Exchange 2010 - Forest trust to Domain A - Outlook for linked Mailboxes of DomainA works fine
  DomainC: Domainlevel 2008 - Forest trust to Domain A --> can't connect Outlook to LinkedMailboxes of this domain.
  Is there anything else I can check?

  Hi,
  Please check whether the server is configured to only accept NTLM version 2 and reject NTLM and LM, and the Outlook client computer is not configured with the same LAN Mananger authentication level.
  Check DC, Start -> Programs -> Administrative Tools -> Security Options -> Note the LAN Manager authentication level.
  Check DC's policies, Start -> Programs -> Administrative Tools -> expand Security Settings\Local Policies -> Security Options -> Note the Lan Manager authentication level.
  IMPORTANT： You may also have to check policies that are linked at the site/domain/organizational unit levels to determine where the LAN Manager authentication level must be configured. Configure the LAN Manager authentication level to "Send
  NTLMv2 response only". If you want to implement NTLM version 2 in your network, make sure that all computers in the domain are set to use this authentication level.
  Thanks
  Mavis Huang
  TechNet Community Support

• Can't move Exchange 2003 mailbox to Exchange 2010 Resource forest (Linked Mailbox)

  Problem Description:
  Can’t move Exchange 2003 mailbox to Exchange 2010 resource forest
  Error message:
  Failed to reconnect to Active Directory server SRVUMVMDC02.umfolozi.local. Make sure the server is available, and that you have used the correct credentials.
  Source Environment Configuration:
  Active Directory
  FQDN: umfolozi.local
  Domain name (pre-Windows 2000): UMFOLOZI
  Domain Function Level: Windows Server 2003
  Domain Controllers:
  Hostname
  OS
  Operation Master
  SRVUMVMDC01.umfolozi.local
  Windows Server 2008 R2 Standard SP1
  Schema Master, Domain Naming, RID, PDC
  SRVUMVMDC01.umfolozi.local
  Windows Server 2008 R2 Standard SP1
  Infrastructure
  Exchange
  Version: Microsoft Exchange 2003 Standard SP2 Build 7638.2
  Server Information:
  Hostname
  OS
  TUSKUMFMAIL.umfolozi.local
  Windows Server 2003 R2 SP2
  DNS Zones
  Zone Name
  Zone Type
  Domain Controllers
  umfolozi.local
  Active Directory-Integrated (Primary)
  SRVUMVMDC01.umfolozi.local
  SRVUMVMDC01.umfolozi.local
  peermont.com
  Secondary
  SRVPGVMDC01.peermont.com
  SRVPGVMDC02.peermont.com
  Trusts
  Domain Name
  Trust Type
  Transitive
  Validated
  peermont.com
  Forest
  Yes
  Yes
  Target Environment Configuration:
  Active Directory
  FQDN: peermont.com
  Domain name (pre-Windows 2000): PG
  Domain Functional Level: Windows Server 2008 R2
  Domain Controllers:
  Hostname
  OS
  Operation Master
  SRVPGVMDC01.peermont.com
  Windows Server 2008 R2 Std SP1
  SRVPGVMDC02.peermont.com
  Windows Server 2008 R2 Std SP1
  Domain naming, RID, PDC, Infrastructure, Schema Master
  Exchange
  Resource Exchange Forest
  Server Information:
  Hostname
  OS
  Role
  Version
  Client Access Array
  SRVPGVMEXCH01.peermont.com
  Windows Server 2012 Std
  HUB, CAS
  Version 14.3 (Build 123.4)
  exchange.peermont.com
  SRVPGVMEXCH02.peermont.com
  Windows Server 2012 Std
  HUB, CAS
  Version 14.3 (Build 123.4)
  exchange.peermont.com
  Hostname
  OS
  Role
  Version
  Database Availibility Group
  SRVPGVMEXCH03.peermont.com
  Windows Server 2012 Std
  MBX
  Version 14.3 (Build 123.4)
  PeermontDAG
  SRVPGVMEXCH04.peermont.com
  Windows Server 2012 Std
  MBX
  Version 14.3 (Build 123.4)
  PeermontDAG
  DNS Zones
  Zone Name
  Zone Type
  Domain Controllers
  peermont.com
  Active Directory-Integrated (Primary)
  SRVPGVMDC01.peermont.com
  SRVPGVMDC02.peermont.com
  umfolozi.local
  Secondary
  SRVUMVMDC01.umfolozi.local
  SRVUMVMDC01.umfolozi.local
  Trusts       
  Domain Name
  Trust Type
  Transitive
  Validated
  umfolozi.local
  Forest
  Yes
  Yes
  Migration Process
  Task
  Description
  Successful/Error
  1
  SYNC AD Domain account from source forest (umfolozi.local) to target forest (peermont.com) using BinaryTree SMART Directory Sync (ADMT can be used as alternative)
  Successful
  2
  Create mailed enabled user
  Successful
  3
  Run Prepare-MoveRepuest with –OverWriteLocalObject
  Command Example:
  .\Prepare-MoveRequest.ps1 -Identity [email protected] -RemoteForestDomainController SRVUMVMDC01.umfolozi.local
  -RemoteForestCredential $RemoteCredentials -UseLocalObject -LocalForestDomainController SRVPGVMDC01.peermont.com -LocalForestCredential $LocalCredentials -OverWriteLocalObject
  Successful
  4
  Submit mailbox request
  Command Example:
  New-MoveRequest -Identity "0fa7d17e-3637-4708-a51b-f14eaae17968" -BadItemLimit "50" -TargetDeliveryDomain
  "internal.peermont.com" -TargetDatabase "{c5d6ea95-07b3-4a52-9868-e41e808a76fe}" -RemoteCredential (Get-Credential "umfolozi\svcmigration") -RemoteGlobalCatalog "SRVUMVMDC02.umfolozi.local" -RemoteLegacy:$True
  Error
  All the standard migration task works as expected until the mailbox migration move request is submitted. See move request verbose detail below:
  [PS] C:\Windows\system32>New-MoveRequest -Identity "0fa7d17e-3637-4708-a51b-f14eaae17968" -BadItemLimit "50" -TargetDeli
  veryDomain "internal.peermont.com" -TargetDatabase "{c5d6ea95-07b3-4a52-9868-e41e808a76fe}" -RemoteCredential (Get-Crede
  ntial "umfolozi\svcmigration") -RemoteGlobalCatalog "SRVUMVMDC02.umfolozi.local" -RemoteLegacy:$True -Verbose
  VERBOSE: [11:34:27.346 GMT] New-MoveRequest : Active Directory session settings for 'New-MoveRequest' are: View Entire
  Forest: 'False', Default Scope: 'peermont.com', Configuration Domain Controller: 'SRVPGVMDC02.peermont.com', Preferred
  Global Catalog: 'SRVPGVMDC02.peermont.com', Preferred Domain Controllers: '{ SRVPGVMDC02.peermont.com }'
  VERBOSE: [11:34:27.362 GMT] New-MoveRequest : Runspace context: Executing user: peermont.com/Admin/Users/Admin
  Accounts/Information Technology/SoarSoft/Johann Van Schalkwyk, Executing user organization: , Current organization: ,
  RBAC-enabled: Enabled.
  VERBOSE: [11:34:27.362 GMT] New-MoveRequest : Beginning processing &
  VERBOSE: [11:34:27.362 GMT] New-MoveRequest : Instantiating handler with index 0 for cmdlet extension agent "Admin
  Audit Log Agent".
  WARNING: When an item can't be read from the source database or it can't be written to the destination database, it
  will be considered corrupted. By specifying a non-zero BadItemLimit, you are requesting that Exchange not copy such
  items to the destination mailbox. At move completion, these corrupted items won't be available in the destination
  mailbox.
  VERBOSE: [11:34:27.362 GMT] New-MoveRequest : Searching objects "{c5d6ea95-07b3-4a52-9868-e41e808a76fe}" of type
  "MailboxDatabase" under the root "$null".
  VERBOSE: [11:34:27.362 GMT] New-MoveRequest : Previous operation run on domain controller 'SRVPGVMDC02.peermont.com'.
  VERBOSE: [11:34:27.393 GMT] New-MoveRequest : Current ScopeSet is: { Recipient Read Scope: {{, }}, Recipient Write
  Scopes: {{, }}, Configuration Read Scope: {{, }}, Configuration Write Scope(s): {{, }, }, Exclusive Recipient Scope(s):
   {}, Exclusive Configuration Scope(s): {} }
  VERBOSE: [11:34:27.393 GMT] New-MoveRequest : Searching objects "0fa7d17e-3637-4708-a51b-f14eaae17968" of type "ADUser"
   under the root "$null".
  VERBOSE: [11:34:27.471 GMT] New-MoveRequest : Previous operation run on domain controller 'SRVPGVMDC02.peermont.com'.
  VERBOSE: [11:34:27.471 GMT] New-MoveRequest : Processing object "$null".
  VERBOSE: [11:34:27.487 GMT] New-MoveRequest : [DEBUG] No RequestJob messages found.
  VERBOSE: [11:34:27.487 GMT] New-MoveRequest : [DEBUG] MDB c5d6ea95-07b3-4a52-9868-e41e808a76fe found to belong to Site:
   peermont.com/Configuration/Sites/Peermont
  VERBOSE: [11:34:27.487 GMT] New-MoveRequest : [DEBUG] MRSClient: attempting to connect to 'SRVPGVMEXCH02.peermont.com'
  VERBOSE: [11:34:27.627 GMT] New-MoveRequest : [DEBUG] MRSClient: connected to 'SRVPGVMEXCH02.peermont.com', version
  14.3.178.0 caps:07
  VERBOSE: [11:34:27.627 GMT] New-MoveRequest : [DEBUG] Loading source mailbox info
  VERBOSE: [11:34:28.844 GMT] New-MoveRequest : Failed to reconnect to Active Directory server
  SRVUMVMDC02.umfolozi.local. Make sure the server is available, and that you have used the correct credentials. --> A
  local error occurred.
  VERBOSE: [11:34:28.844 GMT] New-MoveRequest : Admin Audit Log: Entered Handler:OnComplete.
  Failed to reconnect to Active Directory server SRVUMVMDC02.umfolozi.local. Make sure the server is available, and that
  you have used the correct credentials.
      + CategoryInfo          : NotSpecified: (0:Int32) [New-MoveRequest], RemoteTransientException
      + FullyQualifiedErrorId : F48FD74B,Microsoft.Exchange.Management.RecipientTasks.NewMoveRequest
      + PSComputerName        : srvpgvmexch02.peermont.com
  VERBOSE: [11:34:28.859 GMT] New-MoveRequest : Ending processing &
  Troubleshooting Performed
  1. When submitting mailbox move request tried the following credential inputs:
  1.1. DOMAIN\Username
  1.2. FQDN\Username
  1.3. userPrincipalName
  2. Confirmed domain trust between source and target domain is in place and validated.
  3. Confirmed name resolution in source and target domain is functioning as expected.
  4. Confirmed network connectivity between source and target domain controllers as well as source and target exchange servers.
  5. Tried to create new Linked Mailbox to account in source forest, can’t select Global Catologue via the wizard;
  Tried to specify the credentials for the account forest and got the following error when tried to select Global Catalog from wizard:

  The error talk about the credential. Did you check the credential
  Did you tried this command?
  New-MoveRequest -Identity "Distinguished name of User in Target Forest" -RemoteLegacy -TargetDatabase "E2K10 Mailbox Database Name" -RemoteGlobalCatalog "FQDN of Source DC" -RemoteCredential $Remote -TargetDeliveryDomain "Target
  domain name"
  http://blogs.technet.com/b/exchange/archive/2010/08/10/3410619.aspx
  Cheers,
  Gulab Prasad
  Technology Consultant
  Blog:
  http://www.exchangeranger.com    Twitter:
    LinkedIn:
     Check out CodeTwo’s tools for Exchange admins
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Linked Mailboxes

  Hi,
  I have two domains, domain a and domain b.  In domain a I have an Exchange 2010 server and would like to setup mailboxes for some users who have active directory accounts in domain b.  I created Link mailboxes in exchange and all worked fine for
  a number of days.  Came in today and the users are being prompted for passwords when they open outlook and their own domain b\ username and password are not working.  They can however use outlook web access.
  Any ideas?
  Cheers

  Hi,
  Did we change anything else?
  Please run Outlook under safe mode to avoid some AVs, add-ins and firewall.
  Please re-create a new profile to refresh the caches.
  Please delete the credential, steps as below:
  1. Control Panel-->User Accounts-->click Manage your credentials in the left pane
  2. Click the vault that contains the credential that we want to remove.
  3. Click the credential that we want to remove, and then click Remove from vault.
  Please verify our Exchange Proxy Settings via Outlook.
  Steps as below:
  OutlookàToolsàAccount
  SettingsàE-mailàclick
  the Exchange accountàChangeàMore
  SettingsàConnectionàExchange
  Proxy Settings
  Outlook   Anywhere option
  Description
  On a fast network, connect using HTTP first, then connect using TCP/IP.
  By default on a fast network, Outlook attempts to connect by using the LAN connection first. This option is cleared by default.
  On a slow network, connect using HTTP first, then connect using TCP/IP.
  By default, on a slow network, Outlook attempts to connect by using HTTP first. This option is set by default.
  Password Authentication (NTLM).
  The default authentication method. We recommend that you specify this option together with
  Connect with SSL only and Mutually authenticate the session when connecting with SSL.
  Basic Password Authentication.
  With this option, users are prompted for a password each time a connection is made to the Exchange server. In addition, if users are not using Secure Sockets
  Layer (SSL), the password is sent in clear text. This can pose a security risk.
  If we are in the "Basic Password Authentication", please change to the "NTLM" for testing.
  If still not working unfortunately, please verify our SSL principal name. Steps as below:
  1. Please determine the FQDN that the client uses to access the resource. Steps as below:
  OutlookàToolsàAccount
  SettingsàE-mailàclick
  the Exchange accountàChangeàMore
  SettingsàConnectionàExchange
  Proxy Settingsànote the FQND that list in the
  Only connect to proxy servers that have this principal name in their certificate box.
  2. Please using EMS to determine the value for the CerPrincipalName attribute: Get-OutlookProvider
  This command returns the result for the EXPR name.
  3. Please re-setting the CertPrincipalName attribute to match the FQDN via following command:
  Set-OutlookProvider EXPR –CertPrincipalName: “msstd:<FQDN the certificate
  is issued to>”
  Hope it is helpful
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• Old user can still access mailbox after removing msexch-masteraccountsid

  Hi,
  I've changed the user mailbox and user by running the following command on the linked mailbox
  Set-User -Identity "alias" -LinkedMasterAccount $null
  Issue is that the previous user (the msexchmasteraccount) still has access, and yes, that user is still enabled. 
  My question is - how can I remove that access to the mailbox? The msexchmasteraccount is empty in adsiedit. 

  Hi,
  Any update?
  Thanks.
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Niko Cheng
  TechNet Community Support

• Exchange 2013 linked mailbox

  I am administering Exchange 2013 in organization where we have two separate forests witch two separate Exchange 2013 servers. There is AD trust between forests. Each user has two mailboxes connected in Outlook, one from forest A and one from forest B. Let's
  say [email protected] and [email protected] There is a plan that users from forest A will use and have only one mailbox connected in Outlook and get all emails data on Exchange server within forest A. What is a best approach
  to do it smoothly? We do not want to remove the email addresses from forest B because a lot of people outside the company know only this email address as a contact point.
  I am thinking about creating linked mailboxes. Any other ideas or advice's?

  Hi ,
  just remove the email address (i.e
  [email protected])
  from the mailbox in forest B and add it as an secondary smtp address on the mailbox residing on the mailbox in forest A.
  In case if you don want the mailbox for user 1 in forest B you can simply delete it instead of removing the email address.
  Note : Simply you cannot remove the email address (i.e
  [email protected])
  from the Mailbox of the user 1 in forest B is set as primary smtp address. So on such case just make some dummy email address as primary smtp address and simply remove
  the address [email protected]
  and add as an secondary smtp address on user 1 mailbox in forest A .
  Please feel free to reply me if you have any queries.
  Thanks & Regards S.Nithyanandham

• Exchange 2010 SP3 outlook prompot password for linked mailbox

  Hi All,
  I have forest A and forest B, there is an Exchange 2010 SP3 server in forest A, linked mailboxes are created for user inside forest B. Trust relationship can be verified , in place and active. Suddenly , some linked mailbox user got outlook password prompt
  repeatedly but OWA and Active Sync is still working fine.
  I have reset Exchange Web Services Virtual Directory. but the issue still persists. Please advise
  Regards,
  Zaw
  ZAW

  Step 1: Close Outlook program and create backup of PST file
  Step 2: Now run SCANPST.EXE on copy of your PST and repair
  SCANPST.EXE is found in these locations according to different Outlook versions:
  In MS Outlook 2002/XP: C:\Program Files\Common Files\System\MAPI\ \scanpst.exe
  In MS Outlook 2000:C:\Program Files\Common Files\System\MAPI\ \NT\scanpst.exe
  In MS Outlook 97/98:C:\Program Files\Common Files\Windows Messaging\scanpst.exe
  Note: Do not use backup option in SCANPST.EXE as you working with a duplicate copy of PST 
  file.
  Step 3: Then open the command prompt by clicking Start >> Run
  Step 4: Paste or type the file path to PST19UP and your PST name: PSTUPG19.EXE-filename.pst 
  and press Enter.
  Step 5: The command line will resemble: “C:\My Documents\pst19upg.exe”- Outlook.pst.
  Step 6: A new copy of the PST file will be created, which is called “filename.psx”.
  Step 7: Once you have completed, rename the original PST file.
  Step 8: Now at the Command Prompt, type “pst19upg.exe- filename.psx” and press Enter
  Step 9: A new password-free PST file will be created from PSX file.
  Step 10: Now open your MS Outlook program and open the PST file.

• Outlook 2013 Auto Account Setup for Linked Mailbox Not working

  We've created a linked mailbox, in Exchange 2013 (in domain1), for a user in another AD forest, domain2. We have the AutoDiscover service configured in the other AD forest as well. Our only issue now is trying to find a way to get the Outlook Auto Account
  Setup to automagically configure a user's profile the first time Outlook 2013 is started. If we type in the user's email address and name and click Next, the profile is created successfully.
  I spoke to Microsoft support who helped me confirm that AutoDiscovery was configured correctly in the other forest. Reading this information (
  https://technet.microsoft.com/en-us/library/bb124251.aspx ) on AutoDiscover, I found what may be the issue. It notes that
  "If the Outlook client is joined to a domain, the user's domain account is used."
  Since the linked mailbox is associated with domain1, Outlook looks like it cannot use the domain account from domain2. I wonder if there might be a registry hack to bypass this and force Outlook clients in domain2 to look at email addresses in domain1?
  Orange County District Attorney

  Hi,
  According to your description, I noticed that “If we type in the user's email address and name and click Next, the profile is created successfully”. Do you mean the linked mailbox can be setup automatically when you fill in the Name and E-mail Address in
  the Auto Account Setup page? For example:
  If that is the case, the autodiscover service in Exchange side should be configured correctly and it is working for Outlook client automatically account setup.
  If the account can’t be setup automatically when using autodiscover service, please
  verify that the Master Account (Domain2\User1) has full access to the Linked Mailbox ([email protected]) as well as the smtp address using the cmdlets Get-Mailbox and Get-MailboxPermission in Exchange server:
  Get-Mailbox [email protected] | fl PrimarySmtpAddress,*Type*,*Link*
  Get-MailboxPermission [email protected] | fl
  Regards,
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Winnie Liang
  TechNet Community Support

• User permissions for shared mailbox

  In a big organization, we've multiple shared mailboxes. Each mailbox is being looked at by different employees. We want to provide folder level restrictions to the employees and have primarily 3 type of access at a folder and root level:
  1) Owner access (Read, Create, Respond and Delete)
  2) Employee access (Read, Create and Respond)
  3) Read and View-only access
  Idea is to have a controlled access environment in the company where we don't want any employee to delete any e-mails and they're held accountable for their work.
  Million dollar question is - How do we achieve this in an Exchange Service 2010 Enterprise SP3 environment? Is it recommended to have such access levels? Can we've profile groups created to add users in future too with similar access restrictions?
  Please provide step by step.
  If this is not possible or advised, please suggest a better alternative with which we can track who deletes the e-mails and then change their behavior. May be some e-mail logs that help us determine this information? What is your suggestion?

  Hi,
  You can try Exfolders tool:
  http://gallery.technet.microsoft.com/office/Exchange-2010-SP1-ExFolders-e6bfd405
  How to use Exfolders:
  http://mouzzamh.wordpress.com/2012/04/01/how-to-use-exfolder-tool-for-exchange-2010/
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety,
  or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
  Thanks,
  Simon Wu
  TechNet Community Support

• Linked mailbox masteraccount

  Hi all,
  I need to migrate users from domain A to Domain B, but my Exchange 2010 global server installed on Domain C.
  User are now connected to Domain A with his master account to Exchange 2010 global server on Domain C to the linked mailbox shadow account.
  I have to move all users from Domain A to domain B and reconnect all master account from domain B.
  I create the Users-id already on the domain B can I use a power-shell or different command to disconnect and reconnect the new master account to the linked mailbox on the easy way.
  I export all the users to a CSV file, If I can use a power-shell script that read the Output CSV file and it will disconnect and reconnect the master account from Domain B. Did somebody use this before on the production environment with migration or can
  someone advice me on this case to use the best practice.
  Kind regards,
  Hakan
  Good luck everyone.

  You can use the cmdlet
  Set-User to change the LinkedMasterAccount.
  Example:
  Import-Csv X:\linked.csv | foreach {Set-User -Identity $_.Identity -LinkedMasterAccount $_.LinkedMasterAccount -LinkedDomainController gc.domainB.local}
  ...and all you would need in the CSV file is two fields like in this:
  Identity,LinkedMasterAcccount
  AndrewG,DOMAINB\Andrew.Gordon 
  MartinaM,DOMAINB\Martina.Miskovic
  Martina Miskovic

• How can I convert Mail rules into smart mailboxes

  I recently posted a report about faults in mail rules that move messages to mailboxes automatically. In light of this, I thought about converting my rules into smart mailboxes. I started, but looked at the number of rules that I have and thought 'there must be an easier way!'
  What I'm after is a script, or hints as to how to write a script, that will iterate over all my mailbox rules and add new smart mailboxes. I expect that the Mail program might provide some programatic interface for this, but don't know where to start looking.
  Hoping that someone can help me.
  Regards, Andy

  Well, if coding help is what you want then this isn't the place to ask. The Applescript and Unix forums are here. These are better places to ask about programming.
  If you do a Google search on "applescript" you should find the two or three major sites for finding prepared Applescripts or Automator actions, although I don't recall ever seeing one for your intended use. But it can't hurt to look. You'll also find the link to the Applescript language documentation site, but you will also need to examine Mail's provided Applescript programming facilities.
  Bash programming manuals abound although nothing necessarily specific to the Mac. OS X implements a reasonably standard Unix implementation of the various supported shell environments. Google searching for "bash tutorial" or programming guides will yield lots of resources.