Exchangepedia Blog is read by visitors from all 50 US States and 150 countries world-wide
Exchange Server 2007: Bulk mailbox-enabling users using Exchange Shell
Posted by Bharat Suneja at 8:49 AM
Bulk mailbox-enabling users using the Exchange console
In Exchange Server 2007 SP1, the Exchange console (EMC) allows you to create mailboxes for existing users. When selecting an existing user in the New Mailbox wizard, you can select multiple users by using the regular SHIFT-Click (to select a continuous list of users) and CTRL-click (to pick the users you want).
First we need to find the users without mailboxes. The get-user command will list all users. The RecipientType property of the user is either User or UserMailbox. As the name clearly suggests, those with UserMailbox as RecipientType are already mailbox-enabled – leaving those with RecipientType User.
You can enable all users with RecipientType User:
get-user | where-object{$_.RecipientType –eq “User”}
Yes, that may not be a great idea! So let’s filter these users. If these users reside in a particular Organizational Unit, we can restrict our search to that OU. In this case, we’ll look for users in the OU called “People”:get-user –organizationalUnit people | where-object{$_.RecipientType –eq “User”}
Now we get a list of all users (who are not mailbox-enabled) from that OU. We can further restrict this list to all users who are members of a particular department. Since Sales is our favorite department, let’s pick Sales:get-user –organizationalUnit people | where-object{$_.RecipientType –eq “User” -and $_.department –eq “Sales”}
Now we’ve got a smaller list of folks – those residing in the People OU belonging to Sales dept. and aren’t mailbox-enabled yet. Let’s go ahead and mailbox-enable these users:get-user –organizationalUnit people | where-object {$_.RecipientType –eq “User” -and $_.department –eq “Sales”} | Enable-Mailbox –Database “EXCHANGE1\Mailbox Database” | get-mailbox | select name,windowsemailaddress,database
The above command mailbox-enables these users and outputs a list of their names, default email address, and the mailbox Store on which their mailbox(es) reside.Similarly, you can also use other user attributes of user accounts like city, state, country, etc. to selectively mailbox-enable users.
The WOW! factor and what really makes it a fun process is the fact that once you get a hang of the syntax and know what you're looking for, the entire process happens really quickly.
PowerShell / Exchange shell does to VBS scripts what scripting did to repetitive GUI tasks.
Labels: Administration, Exchange Server 2007, Exchange Shell
34 Comments:
This is simply fantastic !
Are the variables and syntax the same for adding resources? I've got an OU full of conference rooms I'd like to auto-provision email accts for to use in Outlook calendaring. If the AD accts are disabled (which they are), will Power/ExchangeShell know to create a room mailbox instead of a user mailbox?
It would seem I found my own answer (gotta love that feeling!). Here's the command if you want to take an entire OU in AD and turn it into room mailboxes in Exchange 2007: (I ran it from the mailbox server but it shouldn't matter)
get-user -organizationalUnit "OUNameHere" | where-object{$_.RecipientType -eq "User"} | Enable-Mailbox -Database "MBXservernameHERE\mailbox database" -Room
Actually quite simple when I compare the new cmdlet to the old ;)
This doesn't set many switches or parameters on the mailbox but when you look at it in the Exchange Mgmt Console you'll see it listed as a "Room Mailbox". Man, PowerShell KIX (no pun intended)! Also remember - for this to work, the user acct in AD must be disabled (essentially any user accts you want to use for resource mailboxes need to be disabled prior to trying to create a mailbox for the acct). If it isn't, you'll get a nice red error meesage in PowerShell saying "Doh!". On the upside, the errors in PowerShell are much more informative than any I've seen to date where scripting is concerned!
Also, if you have other accts in the OU you're "harvesting" that already have mailboxes created for them, don't worry, it won't create additional mailboxes for rooms. The above cmdlet specifically looks for "user" object types; if you've already got a mailbox assigned to a user acct, the object type becomes "UserMailbox" and is skipped by the cmdlet. One of the nice things about the script is that when it finishes it lists all the users that had mailboxes created for them.
Hopefully this helps someone else out there...
I've been a real cynic of Powershell, but this cmdlet has converted me !!
Hi ,
I have installed excahnge 2007 on a new server ,current email server is exch . 2000 pls some one tell me how to migrate the mail boxex from 2000 to 2007 ,my new server exch organization is identical to existing server.
Ibrahim
Thanks for your insight! But one thing I'm stumped on... how can I add an alias as the users [email protected]? Not just [email protected]?
Is there a way?
THANK YOU!
Ibrahim,
If you installed the new server in the same Exchange Organization, you should be able to move mailboxes from the 2000 server to the 2007.
Bharat
Hi Tom,
If you mean email addresses - the default set of email addresses are controlled by the Email Address Policy (EAP). You will need to modify it to add a similar alias address (known as proxyAddress) to all recipients covered by that EAP.
If you want to do this for a single user/mailbox/recipient, you can go to the mailbox/recipient's properties in the Exchange console and add it from the E-Mail Addresses tab.
If you want to change the default email address (this is what is used to send and reply to messages, regardless of any number of proxyAddresses a recipient may have), you will need to uncheck "Automatically update e-mail addresses based on email address policy".
To do this using the Exchange shell, refer to previous post: "HOW TO: Add additional email addresses to a recipient".
To do this for Public Folders, refer to previous post: "HOW TO: Add Email Addresses To Public Folders"
It`s really fantastic. I`m search a week over Internet, try csv and and from console. But it`s method much more simplest and faster. Thank very much to autor.
How can I sort/filter users by group before enabling mailbox?
A bit late, but for others that follow... to answer gitenberg you need to use the -filter option, e.g.
get-user -filter {memberofgroup -eq "cn=group,ou=orgunit,dc=network,dc=lan"}
hope that helps others.
Your instructions work great. But how do you spread the mailboxes created over several storage groups
damianini,
That would require a script to get all mailbox databases in the Org or one server or have the database names fed manually.
Alternatively, you can filter users based on OU/department or some other common attribute and place those on one mailbox database.
This is really superb! it saved lot of work for me! Thanks for the good post.
Does someone know how to do this in an c#-Application from an external Windows-XP-client?
I allways get the error "No Windows PowerShell Snap-ins are available for version 1"
when I execute:
"PSSnapInInfo info = rsConfig.AddPSSnapIn("Microsoft.Exchange.Management.PowerShell.Admin", out snapInException);"
Yes, so much better tahn simple selecting a group of users in ADUC and selecting Exchange Tasks, what a huge adavancement....everyone thank Microsoft....
@Anonymous: The option to select multiple users is available in Exchange 2007 SP1. Since this post is titled "...using Exchange Shell", it did not include details on how to do this using the Exchange console.
The post has been updated to include the SP1 change.
I have to apply a mailbox management policy to all users in a particular database. There must be a command I can use in PowerShell to get this done? I am not having any luck.
Becky
I would like to know how to create in bulk, mailbox enabled users and create them in a certain mailbox databases according to their last initial
great script. i think i can use it for my needs but how do you feed the script with values from, say, a text file?
For Becky: To set the mailbox policy you can use the following switch in your powershell script: -ManagedFolderMailboxPolicy 'PolicyName'. This will set the mailbox policy for the users.
For txt file guy: Set up a csv/text file using a header row so your file would look like:
SamAccount,Display,First,Last
jdoe,"Doe, John",John,Doe
Then call the file in your powershell script import-csv C:\filename.csv | foreach {new-mailbox -Name $_.SamAccount -DisplayName $_.Display -FirstName $_.First -LastName $_.Last}
Depending on what you are trying to do the from the pipe, the text file would follow similar parameters. you would just change the powershell command Get- remove- add- ,etc.
Instead of searching for AD accounts within a specific OU or department, can you search for accounts within a security group?
@Pejy: If the Security Group is also mail-enabled (that is, it's a Distribution Group as well. Exchange 2007's definition of Distribution Groups = mail-enabled Distribution or Security Groups), you can use the Get-DistributionGroupMember cmdlet to get group members:
Get-DistributionGroupMember "Group Name" | Do-Blah
If the Security Group is not mail-enable, it's not as easy. There's no built-in Exchange shell/PowerShell task like Get-SecurityGroupMember. However, you can use the ADSI provider to get Security group members. Take a look at a previous post Script: Listing Distribution Groups a recipient is a member of for some pointers on the ADSI provider.
This solves one of my problems.
Is there a way to create a new user using a template/script from 2007 (AD 2003 environ) that gives group security permissions and other AD settings eg. remote desktop profile, settings etc.
Great post! Thanks for sharing the information.
How would one modify the OrganizationalUnit parameter to search only a specific OU container that is on a nested branch if its name matches a higher level OU?
For example, in MyDomain.com, I have the deafault Users container. To help with internal administration, a child OU was created (let's call it "MD"--short for MyDomain), and I have a Users OU under MD. I'd like to pull users only from the Users.MD.Mydomain.com OU.
@HikingStick: One of the benefits of using unique names for things like Organizational Units/Containers, Exchange Databases/Storage Groups, etc. is that in a lot of cmdlets you can simply use the name of the object.
If the object is not unique, as in this case, you try to specify the *fully-qualified name* or path— a distinguishedName for AD objects.
Another set of cmdlets is available using the free utility from Quest. It's ActiveRoles Management Shell for Active Directory. You can use these cmdlets to query any group regardless of security or distribution using Get-qadgroup or get-qadgroupmember. If you want exchange functionality also you can start powershell. Run the command Add-PSSnapin Microsoft.exchange* and then run Add-PSSnapin quest.ActiveRoles* . This will add both sets of cmdlets to powershell. This way you can query a security group and/or distribution group. Run queries against any active directory object/attribute or any exchange command.
For a particular OU all you would do is get-cmdlet -organizationalunit "mydomain.com/users/md" .
I have used scripts like this, but is there a way to list mailboxes without a mailbox policy, can I use -eq "no" or something like that? Thanks for your help.
@Anonymous from March 7: "Mailboxes without a policy"? Do you mean mailboxes set to not have email addresses generated by policy?
Get-Mailbox -Filter {EmailAddressPolicyEnabled -eq $false}
Is there a way to do the same thing but instead use enable-mailuser. I've tried several things to make it do so and all I get are errors. I have 926 accounts to mail enable with external email addresses. The email field is populated in AD. I've been using a script that spawns a gui that populates fields and you click a button which is great, but it would be even better if I could just have it do the whole OU. I can't believe MS took that functionality out of ADUC. I am running exchange 2007 SP1 with the latest rollup (at this time) and I cannot select multiple users at once btw.
@aallien: Can you paste the exact command you're using (mask the real details)? For Enable-MailUser, the only required parameters are identity (which gets piped from Get-User) and ExternalEmailAddress.
Are you populating the ExternalEmailAddress property?
depending on whether these accounts are mailcontacts or regular users what you can do is this:
Get-user -organizationalunit "domain/subfolder/subfolder" -resultsize unlimited | foreach {enable-mailuser $_ -ExternalEmailAddress "[email protected]"}
You can add any switch you like.
@damianini: For 926 user accounts, typing the -externalemailaddress isn't practical, and it already exists in the WindowsEmailAddress attribute.
@aallien: Sorry, not enough time to test the type conversion, but posting answer in a separate blog post soon... :)
Thanks for the post. Is there a way to mail-enable a user through some remote API, i.e. something that doesn't have to run on the Exchange Server?
Post a Comment
Links to this post:
Create a Link
<< Home