Saturday, July 07, 2012

Exchange 2007 Power Shell


This quick reference sheet describes the most commonly used Exchange shell cmdlets and provides examples. More about Exchange shell and all cmdlets in Exchange 2007: Exchange Management Shell.

Contents

Common Cmdlet Actions

Exchange Shell (and Windows PowerShell) cmdlets are made up of Verb-Noun combinations. Most cmdlets support the following easy-to-understand verbs.

GetThe Get verb retrieves:
- a specific object, such as a specific mailbox
- all objects of a specific type, such as mailboxes, distribution groups, or contacts
- a subset of objects of a specific type, such as mailboxes in a particular OU
SetThe Set verb modifies settings of an object, such as the alias of a contact or the deleted item retention of a mailbox database.
NewThe New verb creates a new object such as a new mailbox, a new configuration setting, a new mailbox database, or a new SMTP connector.
RemoveThe Remove verb removes an object, such as a mailbox or transport rule.All Remove cmdlets support the WhatIf and Confirm switches. For more information about these switches, seeImportant Parameters & Switches.
EnableThe Enable verb enables an object, such as a transport rule, or mail-enables a recipient.
DisableThe Disable verb disables an enabled object or mail-disables a recipient.
All Disable tasks also support the WhatIf and Confirm switches. For more information about these switches, seeImportant Parameters.

Important Parameters & Switches

The following parameters and switches help you control how commands run, and indicate exactly what a command will do before it affects data.
IdentityIdentifies the unique object for the task. It is typically used with EnableDisableRemoveSet, and Getcmdlets. Identity is a positional parameter— you don't have to specify the parameter name (-Identity) when you specify the parameter's value in a commad. For example, both of the following commands query the mailbox of user1:
Get-Mailbox -Identity user1
Get-Mailbox user1
WhatIfThe WhatIf switch instructs the cmdlet to simulate the actions that it would take on the object. It allows you to view changes that would occur without actually applying them. The default value is$True.
ConfirmThe Confirm switch causes the cmdlet to pause processing and requires the administrator to acknowledge what the cmdlet will do before processing continues. The default value is $True. To override confirmation for cmdlets that require a confirmation by default, set it to $False
ValidateThe Validate switch causes the cmdlet to check that all prerequisites for running the operation are satisfied and it will complete successfully.

Tips and Tricks

Get-CommandThis cmdlet lists all cmdlets available through the shell— Exchange Server 2007 as well as Windows PowerShell cmdlets.
Get-Command *keyword*This cmdlet lists all cmdlets that have keyword in the cmdlet.
Get-task | Get-MemberThis cmdlet lists all properties and methods of task.
Get-task | Format-ListThis cmdlet displays the output of the query in a formatted list. You can pipe the output of anyGet cmdlet to Format-List (or fl in short) to view all properties of the object returned by that command, or you can specify specific properties to view, separated by commas, as in the following example: Get-Mailbox *john* | Format-List alias,*quota
Help taskThis cmdlet retrieves shell help for a cmdlet, as in the following example: Help Get-Mailbox
Helptask<TAB>Enter a partial name for task, and then press the TAB key to cycle through all cmdlets that contain the specified text. You can also use wildcard characters, as in the following example:Help *UM*
Get-task | Format-List >filename.txtThis cmdlet exports the output of task to a text filefilename.txt

Recipients

Contacts

Enable-Mailcontact -Identity "John Smith” -alias smith -externalEmailAddresssmith@contoso.comThis command mail-enables the contact John Smith by specifying thedistinguishedName (DN) for the contact, and providing the alias smithand an external email address smith@contoso.com.
Disable-MailContact -IdentitysmithThis command mail-disables the contact by specifying the alias of the contact in the Identity parameter.
Set-MailContact -Identity smith -Alias jsmithThis command changes the alias of the mail-enabled contact specified in the Identity parameter from smith to jsmith by using the Aliasparameter.
Set-Contact -Identity jsmith -Manager user1This command modifies the contact jsmith’s manager attribute in Active Directory® to User1.Note: If the contact is not mail-enabled, you can't retrieve it by using an alias. You must use the contact's full name, GUID, or DN.

Distribution Groups

Enable-DistributionGroup -Identity“contoso\Distribution Group” -Alias DGThis command mail-enables the existing universal distribution group namedDistribution Group in the contoso domain. It has the alias DG.
Disable-DistributionGroup -Identity DGThis command mail-disables the mail-enabled universal distribution group named DG.
Set-DistributionGroup -Identity DG -Alias group1This command modifies the settings of the universal distribution group named DG in Exchange by changing its alias to group1.
Add-DistributionGroupMember-Identity DG -Member user1This command adds the recipient user1 as a member of the universal distribution group DG.
Get-DistributionGroupMember-Identity DGThis command retrieves all the members of the distribution group named DG.
Set-Group -Identity DG -DisplayName “Universal DG”This command modifies the Active Directory settings of the group named DGby changing its display name to "Universal DG".
New-DynamicDistributionGroup-Name DDG -Alias DDGAlias -OrganizationalUnit OU -IncludedRecipientsMailboxUsersThis command creates a dynamic distribution group (known as "query-based distribution list" in Exchange 2003) named DDG. The IncludedRecipientsparameter accepts the following values: None | MailboxUsers | Resources | MailContacts | MailGroups | | MailUsers | AppRecipients.
Set-DynamicDistributionGroup-Identity DDG -DisplayNameDDG1This command modifies the display name of the dynamic distribution group named DDG1 by changing the name to DDG1.

Mailbox Management

Enable-Mailbox -Identitycontoso\user1 -DatabaseMailboxDatabaseThis command mailbox-enables an existing Active Directory user with the domain and alias combination contoso\user1 by creating a mailbox in the mailbox database named MailboxDatabase.
Disable-Mailbox -Identityuser1This command mailbox-disables the user with the alias user1 by removing its associated mailbox.
Set-Mailbox -Identity user1-alias user2This command modifies a mailbox by changing the existing alias user1 to user2.
Get-Mailbox | Format-Table alias, *quotaThis command retrieves all mailbox users and formats the output as a table to include the alias of the mailbox and the mailbox quotas.
Get-Mailbox -Database"Mailbox Database"This command retrieves a summary list of all mailboxes in the mailbox database named Mailbox Database.
Get-Mailbox -Server EXCH01This command retrieves a summary list of all mailboxes on the server namedEXCH01.
Get-MailboxStatistics -Database MailboxDatabaseThis command retrieves the mailbox statistics for all mailboxes in the mailbox database named MailboxDatabase.
Get-MailboxStatistics -Server EXCH01This command retrieves the mailbox statistics for all mailboxes on the server named EXCH01.
Move-Mailbox -Identityuser1 -TargetDatabaseServer\MailboxDatabaseThis command moves the mailbox associated with the alias user1 to the server named Server. The mailbox is moved to the mailbox database namedMailboxDatabase.

Custom Mailbox Quota Messages

New-SystemMessage -QuotaMessageTypeProhibitSendMailbox -Text"Prohibit Send Mailbox Quota Message Text" -Language EnThis command creates a new customized quota message for theProhibitSendMailbox quota message type. The text "Prohibit Send Mailbox Quota Message Text" is displayed in English, as specified by the locale code En. The valid values for the QuotaMessageType parameter are WarningMailboxUnlimitedSize and WarningPublicFolder.
Set-SystemMessageEn\ProhibitSendMailbox -Text "New Prohibit Send Mailbox Quota Message Text"This command modifies the existing customized quota message for theProhibitSendMailbox quota message type that is displayed in English, as specified by the locale code En. The new text is "New Prohibit Send Mailbox Quota Message Text".
Get-SystemMessageEn\ProhibitSendMailboxThis command retrieves the existing customized quota message for theProhibitSendMailbox quota message type that is displayed in English, as specified by the locale code En.
Remove-SystemMessageEn\ProhibitSendMailboxThis command removes the existing customized quota message for theProhibitSendMailbox quota message type that is displayed in English, as specified by the locale code En.

Recipient

Get-Recipient-RecipientTypeMailboxUserThis command retrieves a summary list of all recipients that match the RecipientTypeMailboxUser. The RecipientType parameter accepts the following values: User | MailboxUser |MailEnabledUser | Contact | MailEnabledContact | Group |MailEnabledUniversalDistributionGroup | MailEnabledUniversalSecurityGroup |MailEnabledNonUniversalGroup | DynamicDL | PublicFolder | PublicDatabase |SystemAttendantMailbox | SystemMailbox | MicrosoftExchange.
Get-Recipient-Anr “userThis command retrieves a summary list of all recipients that contain the string “user” in the mailbox name. The Anr parameter indicates that the argument will be resolved by using ambiguous name resolution (ANR).
Get-Recipient-ResultSize100This command retrieves a summary list of recipients and returns only the first 100 recipients.

Unified Messaging

Get-UMMailboxThis command retrieves a summary list of all Unified Message (UM)-enabled recipients.
Get-UMMailbox -Identityuser1 | Format-ListThis command retrieves the detailed configuration of the UM mailbox that is associated with the alias user1.
Set-UMMailbox -Identityuser1 -UMEnabled $TrueThis command modifies the UM mailbox associated with the alias user1 by changing the value of the UMEnabled parameter to $True.

User

Enable-MailUser -Identitycontoso\user2 -ExternalEmailAddressuser2@northwindtraders.comThis command mail-enables the Active Directory user contoso\user2with an external address user2@northwindtraders.com. With this cmdlet, a default primary SMTP e-mail address user2@contoso.com is also created.
Disable-MailUser -Identity user2This command mail-disables the Active Directory mail-enabled useruser2.
Set-MailUser -Identity user2 -ExternalEmailAddressuser2@research.northwindtraders.comThis command modifies the Active Directory mail-enabled user user2by changing its external e-mail address touser@research.northwindtraders.com

Storage

Database Management

New-MailboxDatabase -NameMailboxDatabase -StorageGroupStorageGroupThis command creates a new mailbox database namedMailboxDatabase in the storage group StorageGroup.
Set-MailboxDatabase -IdentityMailboxDatabase -IssueWarningQuota500MBThis command modifies the mailbox database MailboxDatabase by changing its mailbox warning quota limit to 500MB.
Get-MailboxDatabase -StorageGroupStorageGroupThis command retrieves a summary list of all mailbox databases in the storage group named StorageGroup.
Get-MailboxDatabase -Server ServerThis command retrieves a summary list of all mailbox databases in the server named Server.
Mount-Database -IdentityMailboxDatabaseThis command mounts the existing mailbox database namedMailboxDatabase.
Dismount-Database -IdentityMailboxDatabaseThis command dismounts the existing mailbox database namedMailboxDatabase.
Enable-DatabaseCopy -IdentityMailboxDatabaseThis command enables local continuous backup for the mailbox database named MailboxDatabase.

Storage Group Management

New-StorageGroup -NameStorageGroup -Server server1This command creates a new storage group named StorageGroup on the server named server1.
Set-StorageGroup -IdentityStorageGroup -Name "Research Storage Group"This command modifies the storage group named StorageGroup by changing its display name to "Research Storage Group".
Enable-StorageGroupCopy -Identity StorageGroupThis command enables local continuous backup on storage group namedStorageGroup.Note: You must first enable local continuous backup by using the Enable-DatabaseCopy cmdlet for each database in the storage group on which you want to enable local continuous backup.
Disable-StorageGroupCopy -Identity StorageGroupThis command disables the continuous backup of storage group namedStorageGroup.

Transport

Connectors and Delivery

New-SendConnector -NameSendConnector -AddressSpacescontoso.comThis command creates a new Internet Send connector named SendConnector. The associated address space for the Send connector is contoso.com.
Set-SendConnector -IdentitySendConnector -AddressSpacesnorthwindtraders.comThis command modifies the Send connector named SendConnector by changing its address spaces to northwindtraders.com.
New-ReceiveConnector -NameReceiveConnector -RemoteIpRanges 10.149.0.1-10.151.0.1 -Bindings 0.0.0.0:25This command creates a new Receive connector named ReceiveConnector. The associated remote IP range is 10.149.0.1 to 10.151.0.1. By setting the Bindingsparameter to 0.0.0.0:25, you instruct the server to listen for connections on all locally configured IP addresses on port 25.
Set-ReceiveConnector -Identity ReceiveConnector -MaxMessageSize 20MBThis command modifies the Receive connector ReceiveConnector by changing the value of the MaxMessageSize parameter to 20MB.

Queues

Suspend-Queue -Identity Server\QueueThis command stops all messages in queue Server\Queue from being delivered.
Resume-Queue -Identity Server\QueueThis command allows the suspended queue Server\Queue to resume delivery of messages.
Get-Message -IdentityServer\Queue\MessageThis command retrieves the specific messageServer\Queue\Message.
Suspend-Message -IdentityServer\Queue\MessageThis command stops the message Server\Queue\Message in a queue from being delivered.
Get-Queue | Freeze-QueueThis command freezes all queues on the local server.
Resume-Message -IdentityServer\Queue\MessageThis command allows the suspended messageServer\Queue\Message in a queue to be delivered.
Delete-Message -IdentityServer\Queue\MessageThis command deletes the specified messageServer\Queue\Message.
Export-Message -IdentityServer\Queue\Message -Path FilePathThis command exports the specified messageServer\Queue\Message to FilePath.Note: Before you can export a message, you must first suspend it by using the Suspend-Message cmdlet.

Address Rewriting

New-AddressRewriteEntry -NameRewriteEntryName -InternalAddressdavid@contoso.com -ExternalAddresssupport@contoso.comThis command creates a new address rewrite entry for the internal e-mail address david@contoso.com. All e-mail messages sent fromdavid@contoso.com are rewritten to support@contoso.com, and all inbound messages to support@contoso.com are rewritten to david@contoso.com.
Set-AddressRewriteEntry -Identity RewriteEntryName -InternalAddresschris@contoso.comThis command modifies the existing address rewrite entryRewriteEntryName by changing the value of the InternalAddress parameter to chris@contoso.com.

Anti-Spam

Set-RecipientFilterConfig -BlockedRecipientsinfo@contoso.com, corp@contoso.comThis command modifies the recipient filtering configuration by adding the blocked recipients info@contoso.com and corp@contoso.com.
Set-SenderFilterConfig -BlockedSendersbadsender@northwindtraders.comThis command modifies the sender filtering configuration for spam by adding a blocked sender badsender@northwindtraders.com.
Add-ContentFilterPhrase -Phrase “spam” -InfluenceBadWordThis command adds the phrase “spam” to the content filter by setting its Influence parameter to BadWord. The Influence parameter accepts the values BadWord and GoodWord.
Add-IPAllowListEntry -IpRange127.1.0.0This command adds the IP address 127.1.0.0 to the IP Allow list. The IP mask defaults to 255.255.255.255 because it is not specified.
Add-IPAllowListEntry -IpRange “127.1.0.0(255.255.0.0)”This command adds the IP address 127.1.0.0 to the IP Allow list, which has a specified IP mask of 255.255.0.0.
Add-IPAllowListEntry -IpRange127.1.0.0-127.1.255.255This command adds an allowed range of IP addresses. In this case, the IP range is between 127.1.0.0 and 127.1.255.255.
Add-IPBlockListEntry -IpRange127.2.0.1This command adds the IP address 127.2.0.1 to the IP Block list. In this case, the IP mask defaults to 255.255.255.255 because it is not specified.
Test-IPAllowListProvider -Identity AllowListProvider -IPAddress 127.1.0.0This command tests a specified IP address 127.1.0.0 to see whether it is listed as an allowed IP address with the IP Allow List providerIPAllowListProvider.
Add-IPAllowListProvider -NameProvider1 -LookupDomainwww.contoso.com -IPAddressesMatch 127.1.0.0This command adds an IP Allow List provider called Provider1, which is used to verify which IP addresses are allowed. The associated lookup domain is www.contoso.com, and the IP address that must match the result returned by the IP Allow List provider is 127.1.0.0.
Add-IPBlockListProvider -NameProvider2 -LookupDomainwww.contoso.com -IPAddressesMatch 127.2.0.1This command adds an IP Block List provider named Provider2, which is used to verify which IP addresses should be blocked. The associated lookup domain is www.contoso.com, and the IP address that must match the result returned by the IP Block List provider is 127.2.0.1.
Get-SenderIdConfigThis command retrieves the Sender ID configuration settings.
Add-AttachmentFilterEntry -Nameimage/jpeg -Type ContentTypeThis command adds an attachment filter entry that is used to block all JPEG attachments, based on the attachment's content type image/jpeg, regardless of the file name.
Add-AttachmentFilterEntry -Name*.EXE -Type FileNameThis command adds an attachment file entry that is used to block all attachments that have the file name extension *.EXE.
Remove-AttachmentFilterEntryContentType:image/jpegThis command removes an attachment filter entry that is used to filter JPEG attachments based on the attachment's content type image/jpeg.
Remove-AttachmentFilterEntryFileName:*.EXEThis command removes an attachment filter entry that is used to filter all attachments that have the file name extension *.EXE.
Set-AttachmentFilterListConfig -RejectResponse "The attachment you included in your e-mail message was not allowed." -Action RejectThis command configures the Attachment Filter agent to reject all messages that contain filtered attachments. Both the attachment and e-mail message are blocked, and the configured text is used in the message body of the non-delivery report (NDR) that is sent to senders whose messages contain an attachment that is blocked. Available actions are RejectStrip andSilentDelete.

Custom Delivery Status Notification (DSN) Messages

New-SystemMessage -DsnCode 5.7.0 -Text"DSN Message Text" -Internal $False -Language EnThis command creates a new customized DSN message for the DSN code 5.7.0. The text of the DSN message is "DSN Message Text", the language the message is displayed in is English, specified by the locale code En, and the DSN message is sent to both internal and external senders.
Set-SystemMessage -IdentityEn\External\5.7.0 -Text"New DSN Message Text"This command modifies the existing customized DSN message for the DSN code 5.7.0. The identity consists of the language, specified by the locale code En, whether the DSN message scope is internal or external, and the DSN code En\External\5.7.0. The text of the DSN message is changed to "New DSN Message Text".
Get-SystemMessage -IdentityEn\External\5.7.0This command retrieves the existing customized DSN message for the DSN code 5.7.0 by using the identity En\External\5.7.0.
Get-SystemMessage -Original $TrueThis command retrieves a list of all built-in DSN messages.
Remove-SystemMessage -IdentityEn\External\5.7.0This command removes the existing customized DSN message for the DSN code 5.7.0 by using the identity En\External\5.7.0.

Messaging Policy and Compliance

Transport Rules

$Condition = Get-TransportRulePredicate BetweenMemberOf
$Condition.Addresses = (Get-DistributionGroup "Group1")
$Condition.Addreses2 = (Get-DistributionGroup "Group2")
$Action = Get-TransportRuleAction RejectMessage
$Action.RejectReason = "RejectText"
New-TransportRule -Name "RuleName" -Condition @($Condition) -Action @($Action)
This command creates the transport rule RuleName on a Hub Transport server. The rule rejects all messages sent between the Group1 and Group2 distribution groups. A NDR is sent to the sender of the messages that have the text RejectText.
Get-TransportRule -IdentityRuleName | Format-ListThis command retrieves the detailed configuration of the transport rule RuleName.
(Get-TransportRule -IdentityRuleName).Conditions | Format-ListThis command retrieves a list of conditions and their values that are configured on the transport rule RuleName.
(Get-TransportRule -IdentityRuleName).Exceptions | Format-ListThis command retrieves a list of exceptions and their values that are configured on the transport rule RuleName.
(Get-TransportRule -Identity RuleName).Actions | Format-ListThis command retrieves a list of actions and their values that are configured on the transport rule RuleName.
Remove-TransportRule -Identity RuleNameThis command removes the transport rule RuleName.

Journal Rules

New-JournalRule -Name "JournalRuleName" -RecipientMailboxToJournal@contoso.com -JournalEmailAddress "Journal Reports" -Scope GlobalThis command creates the journal rule JournalRuleName. For all messages sent to or received by the mailboxMailboxToJournal@contoso.com, a journal report is sent to the mailbox Journal Reports with the original message as an attachment. The journal rule is enabled upon creation. Valid values for the Scope parameter are InternalExternal, andGlobal.
Set-JournalRule -IdentityJournalRuleName -RecipientDistributionGroupToJournal@contoso.comThis command modifies the journal rule JournalRuleName by setting the value of the Recipient parameter toDistributionGroupToJournal@contoso.com.
Set-TransportConfig -JournalingReportNdrToAltJournalReports@contoso.comThis command configures Exchange to redirect journal reports toAltJournalReports@contoso.com if the primary journaling mailbox is temporarily unavailable.

Servers

Get-ExchangeServerThis command retrieves a summary list of all existing servers.
Get-ExchangeServer-Domaincontoso.comThis command retrieves a summary list of all servers in the domain contoso.com.
Get-ExchangeServer-StatusThis command retrieves a summary list of all existing servers and forces a call to update the server's current status. Without the Status parameter, some fields that display real-time information are not populated.

No comments:

Explaining DNS Concepts - DNS Servers-DNS Queries-DNS Records

3 types of DNS queries— recursive, iterative, and non-recursive 3 types of DNS servers— DNS Resolver, DNS Root Server and Authoritative Name...