Export All Exchange Mailboxes with Send-As, Full Access & Send-On-Behalf-Of Permissions

There are many times when I need to get a list of all mailboxes that have full control or Send-As permissions assigned to them. In an organization with hundreds or thousands of mailboxes, using the console is not intuitive and sometimes you have to run multiple PowerShell scripts to get the results you need.

I created the script below to help with this. The script will:

  1. Export a list of ALL mailboxes in your Exchange organization
  2. dump all users who have full access to the mailbox
  3. dump all users who have send-as permission to the mailbox
  4. dump all users who have send-on-behalf-of permission to the mailbox

The script will create a TXT file but if you open it in using Excel, you can put the data into columns by using the character caret “^” symbol as the delimiter.

You will still need to do some formatting of the spreadsheet to properly separate the permissions column so that you can read the user list – will continue working on updating the script to better view the results.

Copy the contents below into Notepad and save it as a .PS1 file.

===========================SCRIPT START====================================

$OutFile = “C:\Permissions\Exported_List_of_ALL_Access_Permissions.txt”
“DisplayName” + “^” + “Email Address” + “^” + “Full Access” + “^” + “Send As” + “^” + “Send On Behalf Of” | Out-File $OutFile -Force
 
$Mailboxes = Get-Mailbox -resultsize unlimited | Select Identity, Alias, DisplayName, DistinguishedName, WindowsEmailAddress
ForEach ($Mailbox in $Mailboxes) {
#$SendOnBehalfOf = Get-mailbox $Mailbox.identity | select Alias, @{Name=’GrantSendOnBehalfTo’;Expression={[string]::join(“;”, ($_.GrantSendOnBehalfTo))}}

$SendOnBehalfOf = Get-mailbox $Mailbox.identity | % {$_.GrantSendOnBehalfTo}

$SendAs = Get-ADPermission $Mailbox.identity | where {($_.ExtendedRights -like “*Send-As*”) -and -not ($_.User -like “NT AUTHORITY\SELF”) -and -not ($_.User -like “s-1-5-21*”)} | % {$_.User}

#$FullAccess = Get-MailboxPermission $Mailbox.Identity | ? {$_.AccessRights -eq “FullAccess” -and !$_.IsInherited} | % {$_.User}
 
$FullAccess = Get-MailboxPermission $Mailbox.Identity | ?{($_.IsInherited -eq $False) -and -not ($_.User -match “NT AUTHORITY”)} |Select User,Identity,@{Name=”AccessRights”;Expression={$_.AccessRights}} | % {$_.User}

$Mailbox.DisplayName + “^” + $Mailbox.WindowsEmailAddress + “^” + $FullAccess + “^” + $SendAs + “^” + $SendOnBehalfOf  | Out-File $OutFile -Append    }

===========================SCRIPT END====================================

Advertisements

Sharing Non-Default Outlook Folders in Exchange (Online and On-Premise)

A client came to me one day and asked how he can share his Outlook folder to his executive assistant so that he can have read only access to one folder and its subfolders. Didn’t think it was really that difficult of a task until he showed me his Outlook folder structure. This user literally had over 1,500 folders in Outlook and the hierarchy was intense!

SNAG-0050

The user did not want to share the full mailbox so assigning full mailbox access was out of the question. He only wanted to share the “2011-2015” folder and all the subfolders under it, which itself was a series of at least 50 folders.

One way to do this is to go to each folder, right click and open properties. On the permissions tab, assign the executive assistant Reviewer rights – NOT GOING TO HAPPEN! Too many chances of error and takes too long.

Assigning Permissions to Outlook Folders

After researching online, I came across a blog (https://blogs.technet.microsoft.com/tips_from_the_inside/2011/11/03/set-outlook-folder-permissions-using-powershell/) that had a script doing this same thing. I have attached a copy of this and customized it for this example.

  • The user who wants to share the folder is called BWayne@thebatcave.com
  • His executive assistant is called Alfred@thebatcave.com
  • The folder we want to share is only the 2011-2015 with its subfolders

 

ForEach($f in (Get-MailboxFolderStatistics BWayne@thebatcave.com | where {$_.Folderpath.contains(“/Investments/2011-2015”) -eq $true} ) )
{
 $fname = “BWayne@thebatcave.com:” + $f.FolderPath.Replace(“/”,”\”);
 Add-MailboxFolderPermission $fname -User Alfred@thebatcave.com -AccessRights Reviewer
 Write-Host $fname
 Start-Sleep -Milliseconds 1000
}

Accessing Non-Default Outlook Shared Folders

Now that the permissions have been assigned how can Alfred access these shared folders. In order to do this, Alfred needs to be able to see the folder structure. These next steps must be performed from Outlook – you can either use Bruce Wayne’s machine or being the administrator, give yourself full access to his mailbox and open it in your Outlook

  1. In Outlook, right click the mailbox name and select Data File Properties.
  2. Click the Permissions tab.
  3. Click the Add button to select Alfred from the address list
  4. Select Folder Visible and click OK

    SNAG-0051
    Note: Permission for Alfred is still set to “None”
  5. Go down to the next folder in the hierarchy and open its Properties
  6. Repeat steps 2 to 4. This needs to be done for every folder Alfred needs to traverse through to get to the shared folder. In this example this would be:
    • BWayne@thebatcave.com mailbox \Real Estate\Investments
    • It must be noted that the Folder Visible permission only allows Alfred to view the folder but not its content.

Now that Alfred has been assigned the permission to view the folders (but not their content) he needs to get into the shared folder, he can open them using Outlook.

  1. On Alfred’s Outlook, open the properties of his account settings. Click on the File menu (in Outlook 2013 and 2016), Account Settings\Account Settings    
  2. On the Account Settings window, click Change SNAG-0053
  3. On the Server Settings page, click More Settings   SNAG-0054
  4. Go to the Advanced tab and click the Add button to add BWayne’s mailbox to Alfred’s Outlook. Note that Alfred will not be able to see the entire mailbox – only the folders that have been set to Folder Visible and the ones he has reviewer permissions to.
  5. After adding the mailbox as an additional mailbox, make sure to uncheck the Download Shared Folders  checkbox.              SNAG-0056
  6. Click OK and Next to close the windows.

 

 

Inter-Org Exchange Migration using PST Files

Exchange migrations are relatively straight forward – you install new Exchange servers in the Exchange organization, configure them and them move Exchange recipients to the new server. But this is assuming you are migrating with the same network, Active Directory forest or Exchange organizations.

What about when you want to migrate between Active Directory forests? Well the simplest and most direct way would be to setup a trust relationship between the forests for the two Exchange organizations may communicate with each other.

What if a trust relationship CANNOT be established due to security restrictions, network boundaries or some other reason? Well the only other option would be to use PST files.

Using PST files to do a migration has its limitations – main one being that calendar entries are broken when importing a PST file into another organization. This is because the x.500 address is unique in each organization and this is what is used when a calendar entry is created. Obviously there are other issues you need to worry about as well such as:

  • Replying to imported emails – when replying to an imported email from another member of the same organization, make sure the user exists in the address book before replying otherwise you will receive an NDR
  • Replying to a Distribution Group – Make sure the DL has been recreated in the new organization otherwise an NDR will be generated.

This blog talks about migrating an Exchange organization into another organization using PST files. Before we begin the steps taken, here are the prerequisites to this migration.

Prerequisites

Assuming that we are migrating from an Exchange organization called EXORG to another called EXNEW (wish same forest names). We are also assuming that the users will maintain their original email addresses.

  1. User accounts for all mailboxes to be migrated from EXORG must be created in the EXNEW forest. If possible, place all the users in the same OU.
  2. Create a new accepted domain for their original SMTP domain (exorg.com) and make it as an external relay domain.
  3. Create an Email address policy that assigns the SMTP address format %g.%s@exorg.com to all recipients in the OU where the users were created.
  4. Create mailboxes for these users ahead of time (you can have them hidden from the address book to avoid users sending emails to them. Also you can assign fake email addresses to the mailboxes so that valid emails from users in the EXNEW organization don’t send messages to these mailboxes).

At this point, the MX record still points to the original organization. The plan is to do the export to PST in 2 phases:

  • Phase one would be to export the bulk of the historic data from the mailboxes. The mailbox content will be exported to a certain date (for example June 30th 2015) and depending on the size of the mailboxes and the number of users, this may take some time to complete the export.
  • This will give you enough time to complete the export AND the import of this data into the empty mailboxes.
  • Phase two would be performed just before the cutover to EXNEW and would involve running another export but this time we would export everything from the last export (for example July 1st 2015) to the present. This should not take long to complete as the amount of data would be very little.

So let’s get into this!

Exporting Distribution Groups and their Members

This would be a task you need to perform only once as distribution groups hardly change.

  1. Export Distribution groups and members from EXORG environment
    1. Create a folder on the root of C:\ drive called DLS
    2. Using Notepad, create a script called EXORGDLs.PS1 and save it in the C:\DLs folder. This script will be used to export a list of all distribution groups with their unique identity (Update the script to contain the proper folder and file names for the CSV file export):

$DL = Get-distributiongroup –resultsize unlimited

$Groups = @()

Foreach ($D in $DL) {

$Groups += Get-distributiongroup –identity $D | Select DisplayName, Alias, Name, SamAccountName}

$Groups | export-csv Drive:\folderpath\FILENAME.csv -NoTypeInformation

This script will export all the distribution groups from the EXORG environment with the following attributes and their values – these will be used to create the Distribution groups in the EXNEW environment:

    • DisplayName
    • Alias
    • Name
    • SamAccountName
    1. Using Notepad, create a script called DLMembers.PS1 and save it in the C:\DLS\Members folder (a subfolder named Members must be created). The content of the script will be as follows:
    2. This script will export all the distribution group names with their members (Update the script to contain the proper folder and file names for the CSV file export).

$DL = Get-DistributionGroup –resultsize unlimited

$Output =@()

Foreach ($D in $DL) {

$Members = Get-DistributionGroupMember $D.name -resultsize unlimited

$Total = $Members.Count

$RemoveNull = $Total-1

For($i=0;$i -le $RemoveNull;$i++)

{

$userObj = New-Object PSObject

$userObj | Add-Member NoteProperty -Name “DisplayName” -Value $members[$i].Name

$userObj | Add-Member NoteProperty -Name “Alias” -Value $members[$i].Alias

$userObj | Add-Member NoteProperty -Name “Distribution Group” -Value $D.Name

$userObj | Add-Member NoteProperty -Name “Distribution Group Primary SMTP address” -Value $D.PrimarySmtpAddress

$output += $UserObj

}

$output | Export-csv -Path Drive:\folderpath\FILENAME.csv -NoTypeInformation

}

  1. Copy the C:\DLs folder to the primary exchange server at EXNEW and paste it in the same path.
  2. Create a new script in the C:\DLs folder of EXNEW Exchange called CreateEXORGDLs.PS1 using Notepad with the following content:
  3. This script will create new mail-enabled universal distribution groups in EXNEW in a predetermined OU and add the necessary members to the groups. Before running the script, update it with the proper OU path and folder\file path for the CSV file. This file was obtained in step 5-b earlier.

Write-host ”  “

Write-host “

This script will create all EXORG Distribution groups in an OU named ” Domain.com/OU-Path” in the EXNEW Active Directory”

$OU = “Domain.com/OU-Path”

$content = import-csv Drive:\folderpath\FILENAME.csv | foreach {

$Name = $_.”Name”

New-DistributionGroup -Name $_.”Name” -Alias $_.”Alias” -DisplayName $_.”DisplayName” -SAMAccountName $_.”SAMAccountName” -OrganizationalUnit $OU -Type Distribution

Write-host $Name ” DL has been created successfully”-foregroundcolor green

}

The format of the CSV file will contain columns with the following headings:

DisplayName Alias Name SamAccountName
  1. Once the groups have been created in Active Directory from the previous step, next is to add the members to the group. Previously in Step 5-c, the members of the groups were successfully exported to a CSV file. This file will be used to populate the group membership.
  2. On the EXNEW Exchange production server, create a new script named AddDLMembers.PS1 with the following content. Please update the content of this script before running it:

Write-host ”  “

Write-host “

This script will add the members to the distribution groups”

$content = import-csv Drive:\folderpath\FILENAME.csv | foreach {

$Alias = $_.”Alias”

$DL = $_.”Distribution group”

Add-DistributionGroupMember -Identity $DL -member $Alias

Write-host $Alias ” has been successfully added to the distribution group ” $DL -foregroundcolor blue

}

 

Steps required to export data from EXORG environment

  1. Assign a selected active directory group in EXORG the proper permissions to be able to import/export data from mailboxes to PST from Exchange Management Shell using the following command:
  2. New-ManagementRoleAssignment Role “Mailbox Import Export” –SecurityGroup “GroupName”
  3. Log onto Exchange 2010 as one of the users who is a member of the group
  4. Create a network shared folder.
    1. To export a mailbox or archive, you must first create a network shared folder.
    2. You need to grant read/write permission to the Import/export group  and the Exchange Trusted Subsystem group to the network share where you’ll export or import mailboxes
  5. Create a mailbox export request in Exchange.
    • A mailbox export request is a process of exporting mailbox or archive data to a PST file.
    • You can create more than one mailbox export request per mailbox, and each request must have a unique name. Microsoft Exchange automatically generates up to 10 unique names for a mailbox.
    • To create more than 10 export requests for a mailbox, you must specify a unique name when you create the request.
    • Although you can create multiple export requests per mailbox at one time, you can create only one request at a time per PST file. This is because the PST file is locked as in-use when the request begins to run.
    1. Open the Exchange Management Shell and run the following command to export mailbox content from a user’s primary mailbox to a PST using the following command:
    2. New-MailboxExportRequest -Mailbox UserName -FilePath \\Server\FileShare\FileName.PST

Run the following command to export mailbox content from a user’s archive mailbox to a PST:

New-MailboxExportRequest -Mailbox UserName -IsArchive –FilePath \\Server\FileShare\FileName_Archive.PST

  1. Open Notepad and paste the following script to be used to bulk export mailbox data for ALL mailboxes in the environment.
  2. Please note that the proper server name and shared folder path must be updated.

$Users = get-mailbox

foreach ($u in $users) {

$Batchname = “$u PrimaryExport”

$ArchiveName = “$U ArchiveExport”

new-mailboxexportrequest -batchname $Batchname -mailbox $U -filepath “\\SERVERNAME\SHARED_FOLDER\$U.pst”

write-host “Export of $U primary mailbox has begun”

 get-mailbox $U | where {$_.archivedatabase -ne $Null}

new-mailboxexportrequest -batchname $Archivename -mailbox $U -isarchive -filepath “\\ SERVERNAME\SHARED_FOLDER\$U-Archive.pst”

}

  1. In order to export the delta changes, copy the following script into a Notepad.

$Users = get-mailbox

foreach ($u in $users) {

 $Batchname = “$u PrimaryExport”

$ArchiveName = “$U ArchiveExport”

 new-mailboxexportrequest -batchname $Batchname -mailbox $U -filepath “\\ SERVERNAME\SHARED_FOLDER\$U.pst” -ContentFilter {(Received -ge ’07/01/2015′) -and (sent -ge ’07/01/2015′)}

write-host “Export of $U primary mailbox has begun”

}


 

Steps required to import data into EXNEW Environment

  1. Assign a selected active directory group in EXNEW the proper permissions to be able to import/export data from mailboxes to PST from Exchange Management Shell using the following command:
  2. New-ManagementRoleAssignment Role “Mailbox Import Export” –SecurityGroup “GroupName”
  3. Log onto the exchange server that will be used to import the PST data into the mailboxes as a member of the group
  4. Create a mailbox import request in Exchange
    1. You can create more than one mailbox import request per mailbox and each mailbox import request must have a unique name.
    2. Microsoft Exchange automatically generates up to 10 unique names for a mailbox import request. However, to create more than 10 import requests for a mailbox, you need to specify a unique name when creating the import request
    3. By default, the import checks for duplication of items and doesn’t copy the data from the PST file into the mailbox or archive if a matching item exists in the target mailbox or target archive
  1. Using the Exchange Management Shell, run the following command to import the contents of the PST back into an existing mailbox:

New-MailboxImportRequest MailboxName -FilePath \\server\Fileshare\FileName.pst

Run the following command to import PST content into an archive mailbox:

New-MailboxImportRequest MailboxName -IsArchive –FilePath  \\server\Fileshare\FileName_Archive.pst

Final Cutover Procedure

On the day of the Cutover, the following steps need to be taken in the EXNEW Exchange Environment:

  1. Prepare EXNEW to accept mail for EXORG domains
    1. In the EXNEW Exchange Administrative Center, change the accepted domain for EXORG.com to be authoritative
    2. Manually update each mailbox to have the proper email address of EXORG.COM
    3. Configure EXNEW SMTP gateway to accept mail for EXORG.COM domain forwarded to EXNEW`s exchange environment
    4. Change the MX record for  EXORG.COM to point to the EXNEW exchange environment (SMTP Gateway)
    5. At this point, any new mail generated externally destined to an EXORG recipient will be delivered to their new mailboxes at EXNEW.
  2. Prepare EXORG environment for cutover
    1. Change the  EXORG.COM accepted domains from authoritative to External Relay
    2. Reconfigure all mobile devices (BlackBerry and/or ActiveSync) to use EXNEW’s BES and ActiveSync settings
    3. Reconfigure Outlook profiles to connect to EXNEW’s Exchange environment for mail access
    4. Run a delta export of the mailboxes from EXORG exchange environment to copy data updated since the initial export
  3. Import the PST containing delta changes into the mailbox at EXNEW

“The Public Folder Database cannot be deleted” – Exchange 2007/2010

In migrating from Exchange 2007 to Exchange 2010, one of the decommissioning tasks for Exchange 2007 is to delete the public folder database however I kept getting the following error:
error-PF

I ran Get-PublicFolderStatistics -Server E2K7ServerName and it did not show anything! Tried numerous attempts and methods to no avail!

RESOLUTIONS
In order to resolve this issue, I performed the following steps:

  1. Dismount the public folder database on the Exchange 2007 server
  2. Go to the folder path of the EDB file
  3. delete\move the EDB file
  4. Go back to the management console and mount the public folder database. You will get a warning that one or more database files is missing. Go ahead and click OK to mount a blank database file.
  5. You should be able to go to the public folder management console and remove the server from all the system folders’ replication tab.
  6. Now you can delete the database successfully

Exchange 2010 Retention Policy to Clear Deleted Items

Creating Exchange 2010 Retention Policy Tags and Retention Policies

Retention policies can be used by organizations to limit the amount of data stored in their mailboxes and at the same time keep the amount of unnecessary mail items to a minimum.

Scenario – An organization would like to implement a policy that performs the following:

  1. Clear deleted items folder of items that have past their retention deadline of 30 days
  2. Only the last 365 days work of mail items should be in the mailbox
  3. These policies should not apply to default folders such as Notes and Contacts

Depending on how they’re applied to mailbox items, retention tags are categorized as the following three types.

  • Default Policy Tags (DPTs), which apply to untagged items in the mailbox – untagged items being items that don’t have a retention tag applied directly or by inheritance from parent folder. You can create three types of DPTs: an archive DPT, a delete DPT and a DPT for voicemail messages
  • Retention Policy Tags (RPTs), which are retention tags with a delete action, created for default folders such as Inbox and Deleted Items. Not all default folders are supported. Notably, Calendar, Tasks and Contacts folders aren’t supported
  • Personal Tags, which are retention tags that users can apply to items and folders in Outlook 2010 and Outlook Web App. Personal tags can either be delete tags or archive tags. They’re surfaced in Outlook 2010 and OWA as Retention policies and Archive policies

Create Retention Policy Tags

First step is to create the various tags for each of the tasks that need to be done. The first tag we are creating is for the Deleted items.

“Clear Deleted Items” Policy Tag

  1. In the console tree, expand the forest you want, and then navigate to Organization Configuration > Mailbox
  2. In the action pane, click New Retention Policy Tag
  3. the New Retention Policy Tag page, complete the following fields
    1. Tag Name Use this box to type a name for the retention tag. This is the name of the retention tag object in Active Directory. This name can contain up to 64 characters.
    2. Tag Type Use this list to select the type of retention tag that you want to create. To create a RPT for a default folder (for example, Inbox), select the default folder name. To create a DPT, select All other folders in the mailbox. To create a personal tag, select Personal Folder.
    3. Age limit for retention (days) Click this button to specify that items have a retention period. In the corresponding text box, type the number of days in the retention period. (The range of values is from 1 through 24,855 days.)
    4. Action to take when the age limit is reached After clicking Age limit for retention (days), you can use this list to specify what should happen to an item when it’s past the age limit for retention. The choices include:
  • Delete and Allow Recovery If you select this option, messages are deleted but can be recovered by using the Recover Deleted Items feature in Outlook or Outlook Web App
  • Permanently Delete If you select this option, messages are permanently deleted and aren’t recoverable by the user
  • Move to Archive If you select this option, messages are automatically moved to the user’s archive mailbox. If you haven’t created an archive mailbox for the user, no action is taken.
  1. Disable this tag Click this button to disable the processing of this tag. The Managed Folder Assistant won’t process messages that have a disabled tag applied.
  2. Comments Use this box to type a comment that will be displayed to the user in Outlook. For example, to alert users that MRM is enabled on the folder, you could type the following message: “Messages are removed from this folder after 120 days.” The maximum length of this comment is 255 characters.
  1. On the Completion page, click Finish to close the wizard

000 2-4-2013

“Retain 365 Days’ Worth of Mail Data” Policy Tag

This policy tag will be configured to remove any mail item in the mailbox that is over a year old – this would mean that the mailbox would only contain items that are 365 days in age.

Follow the same steps identified in the previous section to create a new retention policy tag with the following changes:

  • In the Tag Type option, select All other folders in the mailbox
  • In the Age Limit for Retention option, enter 365 days
  • In the Action to take when the age limit is reached select the desired action

002 2-4-2013

Default Folder Tags

To prevent the DPT from being applied to a default folder, you can create a disabled RPT for that folder (or disable any existing RPT for that folder). The Managed Folder Assistant, a mailbox assistant that processes mailbox items and applies retention policies, does not apply the retention action of a disabled tag. Since the item/folder still has a tag, it is not considered untagged and the DPT isn’t applied to it.

Create a retention policy tag for each of the folders (contacts, Notes, tasks and so on) you do not want a policy to apply to as shown in the image below

Create a Retention Policy to be associated with Retention Policy Tag

Using retention policies, you can group one or more retention tags and apply them to mailboxes. A mailbox can’t have more than one retention policy. Retention tags can be linked to or removed from a retention policy at any time. A retention policy with the same name as the one being created doesn’t already exist in your Exchange organization. One or more retention tags should exist so you can associate them to the new retention policy.

You can create a retention policy without linking any retention tags to it. Retention tags can be added or removed from a retention policy at any time. However, tags aren’t applied to a mailbox until they’re linked to a retention policy and the Managed Folder Assistant processes the mailbox.

  1. In the console tree, expand the forest you want, and then navigate to Organization Configuration > Mailbox
  2. In the action pane, click New Retention Policy
  3. On the Introduction page, complete the following fields:
    1. Name Use this box to type a name for the retention policy
    2. Add Click this button to add retention tags to the policy
  1. On the Select Mailboxes page, click Add to select the mailboxes to which you want to apply the retention policy
  2. On the New Retention Policy page, review your configuration settings. To create the retention policy, click New then click Finish to close the wizard

004 2-4-2013

Apply the policy to a mailbox

You can use retention policies to group one or more retention tags and apply them to mailboxes to enforce message retention settings. A mailbox can’t have more than one retention policy.

Messages are expired based on settings defined in the retention tags linked to the policy. These settings include actions such moving messages to the personal archive or permanently deleting them. Before applying a retention policy to one or more mailboxes, it is recommended that you test the policy and inspect each retention tag associated with it.

  1. In the console tree, expand the forest you want, and then navigate to Recipient Configuration > Mailbox
  2. In the result pane, select the mailbox to which you want to apply the retention policy. You can select multiple mailboxes by using the Shift or Ctrl keys
  3. In the action pane, click Properties
  4. In <Mailbox User> Properties, on the Mailbox Settings tab, select Messaging Records Management, and then click Properties
  5. In Messaging Records Management, select the Apply Retention Policy check box, and then click Browse to select the retention policy you want to apply to the mailbox.
  6. Click OK, and then in <Mailbox User> Properties, click Apply

014 2-4-2013

Configuring Mailbox Quota Messages to Messaging Administrators

In Exchange, storage quotas allow messaging administrators to control the size of mailboxes and manage the growth of mailbox databases. As storage is cheap these days, many organizations decide not to put any limits on mailbox storage sizes. This can cause the mailbox database sizes to balloon to unmanageable sizes, thus causing long backup and restore times, sometimes failure of backups, long and unfinished online maintenance and takes ridiculous amounts of time to perform any offline maintenance.
It is highly recommended to place mailbox storage quotas on all new deployments of Exchange to avoid these issues. Quota limits can always be changed on individual mailboxes that may require additional storage sizes. The following limits can be placed on mailbox databases:

  • Issue warning at (KB)   Use to specify the maximum storage limit in kilobytes (KB) before a warning is issued to the mailbox user. The value range is from 0 through 2,147,483,647 KB. If the mailbox size reaches or exceeds the value specified, Exchange sends a warning message to the mailbox user
  • Prohibit send at (KB)   Use to specify a prohibit send limit in KB for the mailbox. The value range is from 0 through 2,147,483,647 KB. If the mailbox size reaches or exceeds the specified limit, Exchange prevents the mailbox user from sending new messages and displays a descriptive error message
  • Prohibit send and receive at (KB)   Use to specify a prohibit send and receive limit in KB for the mailbox. The value range is from 0 through 2,147,483,647 KB. If the mailbox size reaches or exceeds the specified limit, Exchange prevents the mailbox user from sending new messages and won’t deliver any new messages to the mailbox. Any messages sent to the mailbox are returned to the sender with a descriptive error message

It is usually the case that users will ignore such warning messages and will attempt to contact administrators when their mailboxes cannot send or receive emails anymore. To workaround this, monitoring applications can be used to monitor the sizes of the mailboxes and notification sent to administrators. For those organizations that do not have any monitoring applications, Exchange transport rules can be used.

A quota message is an e-mail message that’s automatically sent by Microsoft Exchange to the owners of a mailbox when a size limit (called a storage quota) for the mailbox is exceeded. Quota messages are sent with high importance and aren’t subject to storage quotas. They’re always delivered, even if the recipient’s mailbox is full. The table below shows the mailbox quota messages sent by exchange

Event Subject of message Default message text
Mailbox of unlimited size exceeds its Issue warning quota Your mailbox is becoming too large Please reduce your mailbox size. Delete any items you don’t need from your mailbox and empty your Deleted Items folder.
Mailbox of limited size exceeds its Issue warningquota

Bb232173.important(en-us,EXCHG.141).gifImportant:
The message associated with the Issue warning quota won’t be sent to the user unless the value of the quota is greater than 50% of the value specified in the Prohibit send quota. For example, if you set the Prohibit send quota to 8 MB, you must set the Issue warning quota to at least 4 MB. If you don’t, the Issue warning quota message won’t be sent.
Your mailbox is almost full Please reduce your mailbox size. Delete any items you don’t need from your mailbox and empty your Deleted Items folder.
Mailbox of limited size exceeds its Prohibit send quota Your mailbox is full Your mailbox can no longer send messages. Please reduce your mailbox size. Delete any items you don’t need from your mailbox and empty your Deleted Items folder.
Mailbox of limited size exceeds its Prohibit send and receive quota Your mailbox is full Your mailbox can no longer send or receive messages. Please reduce your mailbox size. Delete any items you don’t need from your mailbox and empty your Deleted Items folder.

For an administrator to receive the quota messages as well, create a transport rule using the following steps:

  1. Navigate to Organization Configuration > Hub Transport.  In the result pane, click the Transport Rules tab. In the action pane, click New Transport Rule

    Create New Transport Rule
  2. On the Introduction page, provide a meaningful name for the rule and enter a descriptive comment (highly recommended) for the rule so other administrators know the function of it. The Enable Rule checkbox is selected by default – do not change it
  3. On the Conditions page, complete the following fields. In the Step 1. Select condition(s) box select When the Subject field contains specific words.
  4. This selected conditions requires additional value so in the Step 2. Edit the rule description by clicking an underlined value box, click the blue underlined word.
  5. Enter your mailbox is as the words, click Add then OK to return to the wizard. Click Next to continue
  6. On the Actions page, in the Step 1. Select actions box, select Blind carbon copy (Bcc) the message to addresses as the action to take.
  7. Click the blue underlined word and enter the address of the administrator (or the address of a distribution group containing multiple administrators). Once added click OK then. After you      configure all the actions, click Next
  8. On the Exceptions page, no changes were made so click Next to continue
  9. On the Create Rule page, review the Configuration Summary. If you’re satisfied with the configuration of the new rule, click New
  10. On the Completion page, review the following, and then click Finish to close the wizard:
    • A status of Completed indicates that the wizard completed the task successfully.
    • A status of Failed indicates that the task wasn’t completed. If the task fails, review the summary for an explanation and then click Back to make any configuration changes.