Bulk mailbox-enabling users using Exchange Shell in Exchange 2010 and Exchange 2007

by Bharat Suneja

In Exchange Server 2007: Bulk creation of mailboxes using Exchange Management Shell, I wrote about how to bulk create mailboxes (including user accounts) from a CSV/text file. This post is in response to readers who asked for a way to mailbox-enable existing user accounts.

Bulk mailbox-enabling users using the EMC

The EMC allows you to create mailboxes for existing users. In Exchange 2007 SP1, you can mailbox-enable multiple users by choosing the option to mailbox-enable an existing user in the New Mailbox wizard and selecting multiple users. You can use SHIFT-Click (to select a continuous list of users) or CTRL-click (to pick users not in a continuous list).

Filtering users

First we need to find the users without mailboxes. The Get-User cmdlet will list all users. The RecipientType property of the user is either User or UserMailbox. As the name clearly suggests, those with UserMailbox as RecipientType are already mailbox-enabled – leaving those with RecipientType User.

This command retrieves all users with RecipientType User:

Get-User | Where-Object{$_.RecipientType –eq “User”}

UPDATE 2/9/2012: A more effcient way of doing this is by using the Filter parameter to filter users on the server side.

Get-User -Filter {RecipientType -eq “User”}

The above filtered list may include accounts such as the krbtgt account used for Kerberos authentication (see Appendix D – User and Group Accounts), guest, etc. To filter such accounts, you can add an additional condition to the filter.

Get-User -Filter {RecipientType -eq “User” -and name -ne “krbtgt” -and name -ne “guest”}

Filtering users by OU and Department

In most scenarios, you may not want to mailbox-enable all user accounts in your organization. So let’s filter users. If these users reside in a particular Organizational Unit, we can restrict our search to that OU. This command retrieves all users in the People OUthat are not mailbox-enabled:

Get-User –OrganizationalUnit People | Where-Object{$_.RecipientType –eq “User”}

Now we get a list of all users (who are not mailbox-enabled) from that OU. We can further restrict this list to all users who are members of a particular department. Since Sales is our favorite department, let’s pick Sales:

get-user –organizationalUnit people | where-object{$_.RecipientType –eq “User” -and $_.department –eq “Sales”}

Now we’ve got a smaller list of folks:

  1. those residing in the People OU
  2. belonging to Sales dept.
  3. and aren’t mailbox-enabled yet

Mailbox-enabling users

Let’s go ahead and mailbox-enable these users:

get-user –organizationalUnit people | where-object {$_.RecipientType –eq “User” -and $_.department –eq “Sales”} | Enable-Mailbox –Database “EXCHANGE1\Mailbox Database” | get-mailbox | select name,windowsemailaddress,database

Update 2/9/2012: Using the Filter parameter filters users on the server side:

get-user –organizationalUnit people -Filter {RecipientType -eq “user” -and name -ne “krbtgt” -and name -ne “guest” -and department -eq “Sales”} | Enable-Mailbox –Database “EXCHANGE1\Mailbox Database” | get-mailbox | select name,windowsemailaddress,database

The above command mailbox-enables these users and outputs a list of their names, default email address, and the mailbox Store on which their mailbox(es) reside.

In Exchange 2010, you no longer need to specify the mailbox database when creating a mailbox. Exchange 2010 can automatically select the mailbox database. You still have the ability to specify the Database parameter but it’s not a mandatory parameter.

Similarly, you can also use other user attributes of user accounts like city, state, country, etc. to selectively mailbox-enable users.

The WOW! factor and what really makes it a fun process is the fact that once you get a hang of the syntax and know what you’re looking for, the entire process happens really quickly.

PowerShell / Exchange shell does to VBS scripts what scripting did to repetitive GUI tasks.

{ 45 comments… read them below or add one }

tizedboy January 30, 2007 at 7:35 am

This is simply fantastic !

Reply

Anonymous February 23, 2007 at 11:01 am

Are the variables and syntax the same for adding resources? I’ve got an OU full of conference rooms I’d like to auto-provision email accts for to use in Outlook calendaring. If the AD accts are disabled (which they are), will Power/ExchangeShell know to create a room mailbox instead of a user mailbox?

Reply

Anonymous February 26, 2007 at 6:28 am

It would seem I found my own answer (gotta love that feeling!). Here’s the command if you want to take an entire OU in AD and turn it into room mailboxes in Exchange 2007: (I ran it from the mailbox server but it shouldn’t matter)

get-user -organizationalUnit “OUNameHere” | where-object{$_.RecipientType -eq “User”} | Enable-Mailbox -Database “MBXservernameHERE\mailbox database” -Room

Actually quite simple when I compare the new cmdlet to the old ;)

This doesn’t set many switches or parameters on the mailbox but when you look at it in the Exchange Mgmt Console you’ll see it listed as a “Room Mailbox”. Man, PowerShell KIX (no pun intended)! Also remember – for this to work, the user acct in AD must be disabled (essentially any user accts you want to use for resource mailboxes need to be disabled prior to trying to create a mailbox for the acct). If it isn’t, you’ll get a nice red error meesage in PowerShell saying “Doh!”. On the upside, the errors in PowerShell are much more informative than any I’ve seen to date where scripting is concerned!

Also, if you have other accts in the OU you’re “harvesting” that already have mailboxes created for them, don’t worry, it won’t create additional mailboxes for rooms. The above cmdlet specifically looks for “user” object types; if you’ve already got a mailbox assigned to a user acct, the object type becomes “UserMailbox” and is skipped by the cmdlet. One of the nice things about the script is that when it finishes it lists all the users that had mailboxes created for them.

Hopefully this helps someone else out there…

Reply

Boso June 1, 2007 at 7:50 am

I’ve been a real cynic of Powershell, but this cmdlet has converted me !!

Reply

Ibrahim June 9, 2007 at 12:17 am

Hi ,
I have installed excahnge 2007 on a new server ,current email server is exch . 2000 pls some one tell me how to migrate the mail boxex from 2000 to 2007 ,my new server exch organization is identical to existing server.

Ibrahim

Reply

Tom July 26, 2007 at 4:16 pm

Thanks for your insight! But one thing I’m stumped on… how can I add an alias as the users [email protected]? Not just [email protected]?
Is there a way?
THANK YOU!

Reply

Bharat Suneja July 26, 2007 at 4:35 pm

Ibrahim,

If you installed the new server in the same Exchange Organization, you should be able to move mailboxes from the 2000 server to the 2007.

Bharat

Reply

Bharat Suneja July 26, 2007 at 4:44 pm

Hi Tom,

If you mean email addresses – the default set of email addresses are controlled by the Email Address Policy (EAP). You will need to modify it to add a similar alias address (known as proxyAddress) to all recipients covered by that EAP.

If you want to do this for a single user/mailbox/recipient, you can go to the mailbox/recipient’s properties in the Exchange console and add it from the E-Mail Addresses tab.

If you want to change the default email address (this is what is used to send and reply to messages, regardless of any number of proxyAddresses a recipient may have), you will need to uncheck “Automatically update e-mail addresses based on email address policy”.

To do this using the Exchange shell, refer to previous post: “HOW TO: Add additional email addresses to a recipient“.

To do this for Public Folders, refer to previous post: “HOW TO: Add Email Addresses To Public Folders

Reply

Andrew August 6, 2007 at 12:46 am

It`s really fantastic. I`m search a week over Internet, try csv and and from console. But it`s method much more simplest and faster. Thank very much to autor.

Reply

gitenberg August 19, 2007 at 9:01 am

How can I sort/filter users by group before enabling mailbox?

Reply

Anonymous March 24, 2008 at 11:22 pm

A bit late, but for others that follow… to answer gitenberg you need to use the -filter option, e.g.

get-user -filter {memberofgroup -eq “cn=group,ou=orgunit,dc=network,dc=lan”}

hope that helps others.

Reply

damianini April 7, 2008 at 1:43 pm

Your instructions work great. But how do you spread the mailboxes created over several storage groups

Reply

Bharat Suneja May 11, 2008 at 11:59 am

damianini,

That would require a script to get all mailbox databases in the Org or one server or have the database names fed manually.

Alternatively, you can filter users based on OU/department or some other common attribute and place those on one mailbox database.

Reply

Rob June 5, 2008 at 9:32 am

This is really superb! it saved lot of work for me! Thanks for the good post.

Reply

Wolle August 6, 2008 at 7:28 am

Does someone know how to do this in an c#-Application from an external Windows-XP-client?

I allways get the error “No Windows PowerShell Snap-ins are available for version 1”

when I execute:

“PSSnapInInfo info = rsConfig.AddPSSnapIn(“Microsoft.Exchange.Management.PowerShell.Admin”, out snapInException);”

Reply

Anonymous August 11, 2008 at 9:23 am

Yes, so much better tahn simple selecting a group of users in ADUC and selecting Exchange Tasks, what a huge adavancement….everyone thank Microsoft….

Reply

Bharat Suneja August 11, 2008 at 10:02 am

@Anonymous: The option to select multiple users is available in Exchange 2007 SP1. Since this post is titled “…using Exchange Shell”, it did not include details on how to do this using the Exchange console.

The post has been updated to include the SP1 change.

Reply

Anonymous August 25, 2008 at 6:35 am

I have to apply a mailbox management policy to all users in a particular database. There must be a command I can use in PowerShell to get this done? I am not having any luck.

Becky

Reply

David August 26, 2008 at 7:56 am

I would like to know how to create in bulk, mailbox enabled users and create them in a certain mailbox databases according to their last initial

Reply

Anonymous October 13, 2008 at 4:29 am

great script. i think i can use it for my needs but how do you feed the script with values from, say, a text file?

Reply

damianini October 13, 2008 at 7:46 am

For Becky: To set the mailbox policy you can use the following switch in your powershell script: -ManagedFolderMailboxPolicy ‘PolicyName’. This will set the mailbox policy for the users.

For txt file guy: Set up a csv/text file using a header row so your file would look like:

SamAccount,Display,First,Last
jdoe,”Doe, John”,John,Doe

Then call the file in your powershell script import-csv C:\filename.csv | foreach {new-mailbox -Name $_.SamAccount -DisplayName $_.Display -FirstName $_.First -LastName $_.Last}

Depending on what you are trying to do the from the pipe, the text file would follow similar parameters. you would just change the powershell command Get- remove- add- ,etc.

Reply

pejy October 21, 2008 at 12:55 pm

Instead of searching for AD accounts within a specific OU or department, can you search for accounts within a security group?

Reply

Bharat Suneja October 21, 2008 at 1:25 pm

@Pejy: If the Security Group is also mail-enabled (that is, it’s a Distribution Group as well. Exchange 2007’s definition of Distribution Groups = mail-enabled Distribution or Security Groups), you can use the Get-DistributionGroupMember cmdlet to get group members:
Get-DistributionGroupMember “Group Name” | Do-Blah

If the Security Group is not mail-enable, it’s not as easy. There’s no built-in Exchange shell/PowerShell task like Get-SecurityGroupMember. However, you can use the ADSI provider to get Security group members. Take a look at a previous post Script: Listing Distribution Groups a recipient is a member of for some pointers on the ADSI provider.

Reply

Anonymous November 20, 2008 at 6:04 pm

This solves one of my problems.

Is there a way to create a new user using a template/script from 2007 (AD 2003 environ) that gives group security permissions and other AD settings eg. remote desktop profile, settings etc.

Reply

HikingStick February 26, 2009 at 12:05 pm

Great post! Thanks for sharing the information.

How would one modify the OrganizationalUnit parameter to search only a specific OU container that is on a nested branch if its name matches a higher level OU?

For example, in MyDomain.com, I have the deafault Users container. To help with internal administration, a child OU was created (let’s call it “MD”–short for MyDomain), and I have a Users OU under MD. I’d like to pull users only from the Users.MD.Mydomain.com OU.

Reply

Bharat Suneja February 26, 2009 at 12:39 pm

@HikingStick: One of the benefits of using unique names for things like Organizational Units/Containers, Exchange Databases/Storage Groups, etc. is that in a lot of cmdlets you can simply use the name of the object.

If the object is not unique, as in this case, you try to specify the *fully-qualified name* or path— a distinguishedName for AD objects.

Reply

damianini February 26, 2009 at 4:30 pm

Another set of cmdlets is available using the free utility from Quest. It’s ActiveRoles Management Shell for Active Directory. You can use these cmdlets to query any group regardless of security or distribution using Get-qadgroup or get-qadgroupmember. If you want exchange functionality also you can start powershell. Run the command Add-PSSnapin Microsoft.exchange* and then run Add-PSSnapin quest.ActiveRoles* . This will add both sets of cmdlets to powershell. This way you can query a security group and/or distribution group. Run queries against any active directory object/attribute or any exchange command.

For a particular OU all you would do is get-cmdlet -organizationalunit “mydomain.com/users/md” .

Reply

Anonymous March 7, 2009 at 6:41 am

I have used scripts like this, but is there a way to list mailboxes without a mailbox policy, can I use -eq “no” or something like that? Thanks for your help.

Reply

Bharat Suneja March 7, 2009 at 10:59 am

@Anonymous from March 7: “Mailboxes without a policy”? Do you mean mailboxes set to not have email addresses generated by policy?

Get-Mailbox -Filter {EmailAddressPolicyEnabled -eq $false}

Reply

aallien March 24, 2009 at 1:34 pm

Is there a way to do the same thing but instead use enable-mailuser. I’ve tried several things to make it do so and all I get are errors. I have 926 accounts to mail enable with external email addresses. The email field is populated in AD. I’ve been using a script that spawns a gui that populates fields and you click a button which is great, but it would be even better if I could just have it do the whole OU. I can’t believe MS took that functionality out of ADUC. I am running exchange 2007 SP1 with the latest rollup (at this time) and I cannot select multiple users at once btw.

Reply

Bharat Suneja March 24, 2009 at 1:52 pm

@aallien: Can you paste the exact command you’re using (mask the real details)? For Enable-MailUser, the only required parameters are identity (which gets piped from Get-User) and ExternalEmailAddress.

Are you populating the ExternalEmailAddress property?

Reply

damianini March 24, 2009 at 1:54 pm

depending on whether these accounts are mailcontacts or regular users what you can do is this:

Get-user -organizationalunit “domain/subfolder/subfolder” -resultsize unlimited | foreach {enable-mailuser $_ -ExternalEmailAddress “[email protected]”}

You can add any switch you like.

Reply

Bharat Suneja March 24, 2009 at 2:20 pm

@damianini: For 926 user accounts, typing the -externalemailaddress isn’t practical, and it already exists in the WindowsEmailAddress attribute.

@aallien: Sorry, not enough time to test the type conversion, but posting answer in a separate blog post soon… :)

Reply

Eugene Rosenfeld [2-time MOSS MVP] January 27, 2010 at 3:17 pm

Thanks for the post. Is there a way to mail-enable a user through some remote API, i.e. something that doesn't have to run on the Exchange Server?

Reply

Bharat Suneja November 11, 2010 at 12:48 pm

Exchange 2010 uses Remote PowerShell.

Reply

Gav Sowerby November 11, 2010 at 8:39 am

trying to do the exact same thing here, passing $_.WindowsEmailAddress just errors with “Cannot Convert “[email protected]” value of type MS.EX.data.smtpaddress to type ms.ex.data.proxyaddress

help

Reply

DamianC January 16, 2011 at 4:02 am

Hi guys

This has been a great help for a migration project.

Is there a way i can adapt this to create distribution groups. I have a few hundred existing security global groups that i need to mail enable

Thanks

Damian

Reply

Glenn May 27, 2011 at 9:09 am

Hello, this is all great information and thank you! I have a question, is there a way to bulk create mail boxes using the import csv command to active directory accounts that have already been created? I already have the the required info from the existing AD accounts. I have created a .csv file with the necessary columns. I just need a Mgmt shell command to create mail boxes from the .csv file. Can anyone help? thank you in advance.

Reply

TO April 4, 2012 at 1:10 pm

Can I simply just say what a relief to discover an individual who truly knows what they are talking about on the net. You certainly understand how to bring a problem to light and make it important. More people should check this out and understand this side of your story. I was surprised that you are not more popular given that you certainly possess the gift.

Reply

bourse de Paris September 20, 2012 at 12:18 pm

Heya are using Wordpress for your blog platform?
I’m new to the blog world but I’m trying to get started and set up my own.

Do you need any coding knowledge to make your own blog? Any help would be greatly appreciated!

Reply

Bharat Suneja September 21, 2012 at 1:14 am

Yes, using Wordpress. Coding knowledge not required if all you want to do is setup a blog. You can use built-in or free themes or buy a theme. Exchangepedia uses the Thesis theme for WordPress (heavily customized design to mimic previous design on Blogger).

For heavy customization, a knowledge of HTML & CSS helps. Wordpress is PHP-based, so knowing some PHP will help but isn’t essential.

Resources:
WordPress.org
New to WordPress – Where to Start
The Thesis Theme for WordPress

Reply

Kristal February 22, 2013 at 12:55 am

Hey! I know this is somewhat off topic but I was wondering if you
knew where I could find a captcha plugin for my comment form?

I’m using the same blog platform as yours and I’m having trouble finding one?
Thanks a lot!

Reply

Bharat Suneja February 22, 2013 at 8:50 am

Not sure if you should be seeing a captcha any more – there are no plugins on the current site. The old site used Blogger as the CMS but I don’t remember whether the captcha code was from recaptcha.net.

Reply

Tamara August 19, 2013 at 10:06 am

Hello there, I think your blog could possibly be
having web browser compatibility problems. Whenever I look at your
website in Safari, it looks fine however,
when opening in I.E., it’s got some overlapping issues. I simply wanted to provide you with a quick heads up! Aside from that, excellent site!

Reply

Kellee March 2, 2015 at 9:05 pm

Greetings! I’ve been reading your weblog
for a while now and finally got the bravery to go ahead and give you a shout out from Atascocita Tx!
Just wanted to say keep up the great work!

Reply

Leave a Comment

{ 2 trackbacks }

Previous post:

Next post: