Changing the scope so you can view the entire domain in Powershell

The requested search root domain.local/Users’ is not within the scope of this operation. Cannot perform searches outside the scope ‘child.domain.local’.

 

2007 = $AdminSessionADSettings.ViewEntireForest = $true

2010 = Set-AdServerSettings -ViewEntireForest $True

or use –ignonreDefaultScope on the command if applicable, i.e. get-mailbox –ignonreDefaultScope

 

http://technet.microsoft.com/en-us/library/bb124527.aspx

Cannot remove a mailbox database in exchange 2010

Are you trying to remove a mailbox database and you have removed all the users mailboxes but you cant because it says: “mailbox database contains one or more mailboxes or arbitration mailboxes”

Solutions

• Move the mailboxes (if you have a database to move to)
  • Set-AdServerSettings -ViewEntireForest $True
  • get-mailbox –arbitration –database | new-MoveRequest –targetdatabase
  • get-moverequest  = Look for compleation
  • get-moverequest | remove-moverequest
  • Remove-mailboxdatabase –id

 

• Disable the mailboxes (no other database to move to, but don’t want to delete the ID)
  • Set-AdServerSettings -ViewEntireForest $True
  • get-mailbox –arbitration –database <databasename> | disable-mailbox
  • Remove-mailboxdatabase –id

 

• Remove the mailboxes (Completely removing Exchange 2010)
  • Set-AdServerSettings -ViewEntireForest $True
  • get-mailbox –arbitration –database <databasename> | remove-mailbox
  • Remove-mailboxdatabase –id

Note: Only do option 2 or 3 if you are removing exchange entirely, if you intend to keep exchange in your environment you should do a move, if for some reason that doesn’t work and you disable or remove it you need to create a new arbitration mailbox “new-mailbox -arbitration”

Error Installing Exchange 2010 Mailbox Role

Problem

Couldn’t mount the database that you specified. Specified database: Mailbox Database XYZ; Error code: An Active Manager operation failed. Error: The database action failed. Error: Operation failed with message: MapiExceptionNotFound: Unable to mount database. (hr=0x8004010f, ec=-2147221233)
[Database: Mailbox Database XYZ, Server: server.domain.local].

An Active Manager operation failed. Error: The database action failed. Error: Operation failed with message: MapiExceptionNotFound: Unable to mount database. (hr=0x8004010f, ec=-2147221233)
[Database: Mailbox Database XYZ, Server: server.domain.local]

An Active Manager operation failed. Error: Operation failed with message: MapiExceptionNotFound: Unable to mount database. (hr=0x8004010f, ec=-2147221233)
[Server: server.domain.local]

MapiExceptionNotFound: Unable to mount database. (hr=0x8004010f, ec=-2147221233)

Solution

1. Uninstall Mailbox role
2. Run Setup /prepareAD
3. Reinstall mailbox role
• If you have problem uninstalling the role you may have to remove the Mailbox and Public Folder database using ADSI (not recommended if there is any data in your databases!!)

Recover Exchange

Have you ever had have a situation where you need to just start over with your exchange server but don’t want to lose data? (OS corruption\ Hardware Failure\ too many undocumented changes that caused an outage)

Here are the “quick and easy steps to recover”

1. Stop the “Microsoft Exchange Information Store” service
2. Note the OS service pack level\patches\hotfixes
3. Copy or backup all your database files *.edb (if they are on a drive other than C you may not even have to do that)
4. Format the C: (that’s right format it, so if you have something else on it back it up)
5. Reinstall the OS and re-service pack it
6. Rejoin the domain using the same server name as before (this is critical)
7. install the exchange prerequisites.
   1. 2003
   2. 2007
   3. 2010
8. Reinstall using exchange media
   1. 2003 = setup /disasterrecovery
   2. 2007\2010 = setup /m:recoverserver
9. Copy or restore the exchange databases back to the original location
10. mount the databases
11. DONE! exchange should be back up and running!

Understanding the Self-Signed Certificate in Exchange 2007

 

Understanding the Self-Signed Certificate in Exchange 2007: Exchange 2007 Help

I have been saying for a long time now that you need to use a well known 3rd party multiname cert if you want to use ActiveSync or outlook anywhere.

MS now agrees with me

 

                 

When you create a certificate request you want to include the following:

• autodiscover.domain.com
• mail.domain.com (mail = your external name)
• host.domain.local

Here is an example of a cert request

New-ExchangeCertificate -GenerateRequest -SubjectName "C=US, O=Company, CN=mail.domain.com" -domainname mail.domain.com,autodiscover.domain.com,hostname,hostname.domain.local -FriendlyName mail.domain.com -privatekeyexportable:$true -path c:\cert_myserver.txt

And the import after you get the cert back

Import-ExchangeCertificate –Path “C:\CertificateFile.cer” | Enable-ExchangeCertificate -Services pop, smtp, iis, imap

Re-Creating a Linked Mailbox

Ran into this situation recently

Restored a mailbox to a user that was originally a “Linked Mailbox”, So we had a situation where we needed to convert the mailbox to a linked mailbox again.

1. Here are the steps to take
2. Disable-Mailbox -Identity User1
3. Disable the user account in AD where the mailbox resides (this is the one that is missing in the MS KB
4. Now link with the following

$cred = Get-Credential

Connect-Mailbox -Identity User1 -Database "Mailbox Database" -LinkedDomainController FabrikamDC01 -LinkedMasterAccount user1@fabrikam.com -LinkedCredential $cred

MS KB Reference

http://technet.microsoft.com/en-us/library/bb201694.aspx

New user takes a long time to show up in the GAL

Add these all together and you can have quite a lag in seeing new users in your GAL.

1. GAL generation (should happen at time of user creation but may be delayed by DC replication)
2. Offline address book generation (every 24 hrs)
3. OAB replicated to the CAS (can take up to 8 hours)
4. Outlook download of OAB (24 hours from last download)

Things you can do to reduce lag.

• Increase the OAB generation schedule (default is once a day @ 5:00 am)
  • EMC –> Organization Configuration –> Mail Box –> Offline address Book <tab> –> Properties of OAB –> Click Customize next to Update schedule –> modify to fit your needs (be careful to not make it often)
  • Sample script to set it to 4 times a day for every OAB (use caution as this could cause undue load on the server\client)
    • get-offlineaddressbook | set-offlineaddressbook -schedule “Sun.5:00 AM-Sun.6:00 AM, Sun.10:00 AM-Sun.11:00 AM, Sun.3:00 PM-Sun.4:00 PM, Sun.8:00 PM-Sun.9:00 PM, Mon.5:00 AM-Mon.6:00 AM, Mon.10:00 AM-Mon.11:00 AM, Mon.3:00 PM-Mon.4:00 PM, Mon.8:00 PM-Mon.9:00 PM, Tue.5:00 AM-Tue.6:00 AM, Tue.10:00 AM-Tue.11:00 AM, Tue.3:00 PM-Tue.4:00 PM, Tue.8:00 PM-Tue.9:00 PM, Wed.5:00 AM-Wed.6:00 AM, Wed.10:00 AM-Wed.11:00 AM, Wed.3:00 PM-Wed.4:00 PM, Wed.8:00 PM-Wed.9:00 PM”
• Change OAB download interval in outlook (From MSKB# 841273)
  1. On the Tools menu, point to Send/Receive, point to Send/Receive Settings, and then click Define Send/Receive Groups.
  2. Click New.
  3. Type a name for the custom group.
  4. Click your Exchange account, and then click to select the Include the selected account in this group check box.
  5. Under Select the options you want for the selected account group, make sure that the only check box that is selected is Download offline address book, and then click OK.
  6. In the Send/Receive Groups dialog box, click your new group.
  7. Under Setting for group Group_name, click to select only the Schedule an automatic send/receive every check box, and then enter the number of minutes.
  8. Under When Outlook is offline, click to clear the check boxes.
  9. Click Close.

Forcing update

1. Get-GlobalAddressList | Update-GlobalAddressList
2. Get-OfflineAddressBook | Update-OfflineAddressBook
3. Get-ClientAccessServer | Update-FileDistributionService
4. Download Full OAB in outlook
   1. On the Tools menu, point to Send/Receive, and then click Download Address Book.
   2. In the Offline Address Book dialog box, make sure that the Download changes since last Send/Receive check box is checked.
   3. Click OK.

Exchange 2007 Performance Troubleshooting

Perf Tips

• Don’t stop on the first possible problem, continue on to be sure that’s not simple a symptom
• Dont make any detrimental changes and ALWAYS have a backup!

If your having exchange perf issues here are some counters you should look at

1. First the RPC Counters – these counters will show you if the clients are “feeling” a resource issue
   • MsExchangeIS\RPCAveraged Latency – should be under  50 (100 if in cached)
     • RPC Operations/Sec – Relative (Baseline\Trending
     • RPC Requests – Rec  under 70
   • If you see RPC ops go at around time of latency may be adding too much load
2. Exchange Database health
   • MsExchangeDatabase(Information Store)\Database Page Faults Stalls/Sec  <not page faults>
     • Check health of DB it self – Page fault stalls indicate an issue writing to the DB, some are OK many are not.
     • Cache Size (Mem -2gb) – look at avail mem vs the Cache size | Check write\Read latency
     • (RTM = Database)
   • MSExchange Database\Log Record Stalls/Sec – large number = issues  <10 = Workload – this indicates an issue writing to log files
     • Correlate to disk and RPC
     • 10 MS writes recommended – solution could be add Disks, additional SG, balance servers.
     • Failure to add info into the log buffer
   • Msexchange Database\Log Threads Waiting/Sec – Disk issue
     • Correlate to \log Record Stalls/sec
     • Log Stall Issues (Disk or workload) – threads high along with log stalls indicate a workload issue, threads low indicate a disk issue
3. Active Directory to exchange
   • Should all be Average of 50 or less, spike should not be higher than 100, all of these indicate an issue accessing a GC
     • MsexchangeADAccess\LDAP read Time (MSec)
       •  \LDAP Search
     • MSExchangeADAccessProcesses
     • MSExchangeADAccess Domain Controllers
     • MSExchangeADAccess\LDAP Reads/sec
       •  \LDAP Search/sec
4. Hardware Counters
   • Storage - 
     • Physical or Logical Disk Read\Write Time -  Look at latency spikes in relation  to other (RPC Latency, Log Stalls, etc) – if RPC is ok disk is immaterial (unless dealing with transport or Edge)
     • Check Physical Disk or  logical if SAN or mount point
   • Memory –
     • Memory\Available Mbytes – Should always have Physical memory avail otherwise you will be paging to disk
     • Process, and Processor
       • \Working Set = RAM – See what process is using the most
       • \Virtual Bytes =- RAM + Page – See what process is using the most
       • \Private Bytes, etc  -  only it can use 486 (256 if /3gb used)
     • Note: X64 – will not crash but will start thrashing (memory leak)
   • Network
     • Network Interface\Output Queue Length – should be less than 2
       •  \Packet Outbound Errors – this is cumulative not a point in time, may have to reboot to check for new errors
       • \Current Bandwidth – correlate with NIC capability
       • Note: don’t capture loopback
   • Processor
     • Processor(_total)\% Processor Time  Average < 75%
     • Processor(_total)\% Privileged Time < half of Processor = problem, 75% real problem
     • Process(*)\% Processor – – See what process is using the most

Counters	Thresholds
MSExchangeIS\RPC Averaged Latency	< 25 ms
MSExchangeIS\RPC Operations/sec	used a baseline:  online – .75 and 1 RPC hop, cache mode higher
MSExchangeIS\RCP Requests	max 500, should be < 70
MSExchangeIS Client(*)\RPC Average Latency	< 50ms on average
MSExchangeIS\RPC Client Backoff/Sec	Identifies that the server is rejecting Connections
MSExchange Database\Database Page Fault Stalls/sec	0
MSExchange Database\Database Cache Size	Minus 2 GB from what RAM is in System, Servers with sync – minus 3 GB
MSExchange Database\Log Record Stalls/sec	Average of 10 or less, spike should not be higher than 100
MSExchange Database\Log Threads Waiting/sec	Average of 10 or less
MSExchange Database(Information Store)\Log Threads Waiting	Should be less than 10 on average.
MSExchangeIS Mailbox(_Total)\Messages Queued For Submission	Below 50
MSExchangeADAccess*\LDAP Read Time	Average of 50 or less, spike should not be higher than 100
MSExchangeADAccess*\LDAP Search Time	Average of 50 or less, spike should not be higher than 100
MSExchangeADAccess*\LDAP Read/sec	Average of 50 or less, spike should not be higher than 100
MSExchangeADAccess*\LDAP Search/sec	Average of 50 or less, spike should not be higher than 100
Memory\Available Mbytes	> 100 MB
Processor\Working Set	Review baseline look for large changes
Processor\Virtual Bytes	Review baseline look for large changes
Processor\Private Bytes	Review baseline look for large changes
Processor(_Total)\% Processor Time	Average < 75%
Processor(_Total)\% Privileged Time	Remain below 75%
Processor(*)\% Processor Time	Look for spikes
Network Interface\Output Queue Length\Packets Outbound	Should not be > 10
Network Interface\Output Queue Length\Current Bandwidth	Review baseline look for large changes
Database Drives
LogicalDisk(*)\Avg  Disk Sec/Read	below 50 MS (may need faster for +1000 users)
PhysicalDisk(*)\Avg  Disk Sec/Read	below 50 MS (may need faster for +1000 users)
LogicalDisk(*)\Avg  Disk Sec/Write	Below 100
PhysicalDisk(*)\Avg  Disk Sec/Write	Below 100
Log Drives
LogicalDisk(*)\Avg  Disk Sec/Read	Below 20
LogicalDisk(*)\Avg  Disk Sec/Write	Below 10
Temp Drives
LogicalDisk(*)\Avg  Disk Sec/Read	Below 20
LogicalDisk(*)\Avg  Disk Sec/Write	Below 10
Network
Network Interface\Output Que Length	Below 2
Network Interface\Packet Outbound Errors	No Greater than 0
Network Interface\current Bandwidth	Match NIC capability