Exchange Management Shell Quick Reference

This quick reference sheet describes the most commonly used Exchange shell cmdlets and provides examples. More about Exchange shell and all cmdlets in Exchange 2007: Exchange Management Shell.

Contents

Common Cmdlet Actions

Exchange Shell (and Windows PowerShell) cmdlets are made up of Verb-Noun combinations. Most cmdlets support the following easy-to-understand verbs.

Get The Get verb retrieves:
- a specific object, such as a specific mailbox
- all objects of a specific type, such as mailboxes, distribution groups, or contacts
- a subset of objects of a specific type, such as mailboxes in a particular OU
Set The Set verb modifies settings of an object, such as the alias of a contact or the deleted item retention of a mailbox database.
New The New verb creates a new object such as a new mailbox, a new configuration setting, a new mailbox database, or a new SMTP connector.
Remove The Remove verb removes an object, such as a mailbox or transport rule.

All Remove cmdlets support the WhatIf and Confirm switches. For more information about these switches, see Important Parameters & Switches.

Enable The Enable verb enables an object, such as a transport rule, or mail-enables a recipient.
Disable The Disable verb disables an enabled object or mail-disables a recipient.

All Disable tasks also support the WhatIf and Confirm switches. For more information about these switches, see Important Parameters.

Important Parameters & Switches

The following parameters and switches help you control how commands run, and indicate exactly what a command will do before it affects data.

Identity Identifies the unique object for the task. It is typically used with Enable, Disable, Remove, Set, and Get cmdlets. Identity is a positional parameter— you don't have to specify the parameter name (-Identity) when you specify the parameter's value in a commad. For example, both of the following commands query the mailbox of user1:
Get-Mailbox -Identity user1
Get-Mailbox user1

WhatIf The WhatIf switch instructs the cmdlet to simulate the actions that it would take on the object. It allows you to view changes that would occur without actually applying them. The default value is $True.

Confirm The Confirm switch causes the cmdlet to pause processing and requires the administrator to acknowledge what the cmdlet will do before processing continues. The default value is $True. To override confirmation for cmdlets that require a confirmation by default, set it to $False
Validate

The Validate switch causes the cmdlet to check that all prerequisites for running the operation are satisfied and it will complete successfully.

Tips and Tricks

Get-Command This cmdlet lists all cmdlets available through the shell— Exchange Server 2007 as well as Windows PowerShell cmdlets.
Get-Command *keyword* This cmdlet lists all cmdlets that have keyword in the cmdlet.
Get-task | Get-Member This cmdlet lists all properties and methods of task.
Get-task | Format-List This cmdlet displays the output of the query in a formatted list. You can pipe the output of any Get cmdlet to Format-List (or fl in short) to view all properties of the object returned by that command, or you can specify specific properties to view, separated by commas, as in the following example: Get-Mailbox *john* | Format-List alias,*quota
Help task

This cmdlet retrieves shell help for a cmdlet, as in the following example: Help Get-Mailbox

Help task<TAB> Enter a partial name for task, and then press the TAB key to cycle through all cmdlets that contain the specified text. You can also use wildcard characters, as in the following example: Help *UM*
Get-task | Format-List > filename.txt

This cmdlet exports the output of task to a text file: filename.txt

Recipients

Contacts

Enable-Mailcontact -Identity "John Smith” -alias smith -externalEmailAddress [email protected] This command mail-enables the contact John Smith by specifying the distinguishedName (DN) for the contact, and providing the alias smith and an external email address [email protected].
Disable-MailContact -Identity smith This command mail-disables the contact by specifying the alias of the contact in the Identity parameter.
Set-MailContact -Identity smith -Alias jsmith This command changes the alias of the mail-enabled contact specified in the Identity parameter from smith to jsmith by using the Alias parameter.
Set-Contact -Identity jsmith -Manager user1 This command modifies the contact jsmith’s manager attribute in Active Directory® to User1.

Note: If the contact is not mail-enabled, you can't retrieve it by using an alias. You must use the contact's full name, GUID, or DN.

Distribution Groups

Enable-DistributionGroup -Identity “contoso\Distribution Group” -Alias DG This command mail-enables the existing universal distribution group named Distribution Group in the contoso domain. It has the alias DG.
Disable-DistributionGroup -Identity DG This command mail-disables the mail-enabled universal distribution group named DG.
Set-DistributionGroup -Identity DG -Alias group1 This command modifies the settings of the universal distribution group named DG in Exchange by changing its alias to group1.
Add-DistributionGroupMember -Identity DG -Member user1 This command adds the recipient user1 as a member of the universal distribution group DG.
Get-DistributionGroupMember -Identity DG This command retrieves all the members of the distribution group named DG.
Set-Group -Identity DG -DisplayName “Universal DG” This command modifies the Active Directory settings of the group named DG by changing its display name to "Universal DG".
New-DynamicDistributionGroup -Name DDG -Alias DDGAlias -OrganizationalUnit OU -IncludedRecipients MailboxUsers This command creates a dynamic distribution group (known as "query-based distribution list" in Exchange 2003) named DDG. The IncludedRecipients parameter accepts the following values: None | MailboxUsers | Resources | MailContacts | MailGroups | | MailUsers | AppRecipients.

Set-DynamicDistributionGroup -Identity DDG -DisplayName DDG1

This command modifies the display name of the dynamic distribution group named DDG1 by changing the name to DDG1.

Mailbox Management

Enable-Mailbox -Identity contoso\user1 -Database MailboxDatabase This command mailbox-enables an existing Active Directory user with the domain and alias combination contoso\user1 by creating a mailbox in the mailbox database named MailboxDatabase.
Disable-Mailbox -Identity user1 This command mailbox-disables the user with the alias user1 by removing its associated mailbox.
Set-Mailbox -Identity user1 -alias user2 This command modifies a mailbox by changing the existing alias user1 to user2.
Get-Mailbox | Format-Table alias, *quota This command retrieves all mailbox users and formats the output as a table to include the alias of the mailbox and the mailbox quotas.
Get-Mailbox -Database "Mailbox Database" This command retrieves a summary list of all mailboxes in the mailbox database named Mailbox Database.
Get-Mailbox -Server EXCH01 This command retrieves a summary list of all mailboxes on the server named EXCH01.
Get-MailboxStatistics -Database MailboxDatabase This command retrieves the mailbox statistics for all mailboxes in the mailbox database named MailboxDatabase.
Get-MailboxStatistics -Server EXCH01 This command retrieves the mailbox statistics for all mailboxes on the server named EXCH01.
Move-Mailbox -Identity user1 -TargetDatabase Server\MailboxDatabase This command moves the mailbox associated with the alias user1 to the server named Server. The mailbox is moved to the mailbox database named MailboxDatabase.

Custom Mailbox Quota Messages

New-SystemMessage -QuotaMessageType ProhibitSendMailbox -Text "Prohibit Send Mailbox Quota Message Text" -Language En This command creates a new customized quota message for the ProhibitSendMailbox quota message type. The text "Prohibit Send Mailbox Quota Message Text" is displayed in English, as specified by the locale code En. The valid values for the QuotaMessageType parameter are WarningMailboxUnlimitedSize and WarningPublicFolder.
Set-SystemMessage En\ProhibitSendMailbox -Text "New Prohibit Send Mailbox Quota Message Text" This command modifies the existing customized quota message for the ProhibitSendMailbox quota message type that is displayed in English, as specified by the locale code En. The new text is "New Prohibit Send Mailbox Quota Message Text".
Get-SystemMessage En\ProhibitSendMailbox

This command retrieves the existing customized quota message for the ProhibitSendMailbox quota message type that is displayed in English, as specified by the locale code En.

Remove-SystemMessage En\ProhibitSendMailbox This command removes the existing customized quota message for the ProhibitSendMailbox quota message type that is displayed in English, as specified by the locale code En.

Recipient

Get-Recipient -RecipientType MailboxUser This command retrieves a summary list of all recipients that match the RecipientType MailboxUser. The RecipientType parameter accepts the following values: User | MailboxUser | MailEnabledUser | Contact | MailEnabledContact | Group | MailEnabledUniversalDistributionGroup | MailEnabledUniversalSecurityGroup | MailEnabledNonUniversalGroup | DynamicDL | PublicFolder | PublicDatabase | SystemAttendantMailbox | SystemMailbox | MicrosoftExchange.
Get-Recipient -Anr “user This command retrieves a summary list of all recipients that contain the string “user” in the mailbox name. The Anr parameter indicates that the argument will be resolved by using ambiguous name resolution (ANR).
Get-Recipient -ResultSize 100 This command retrieves a summary list of recipients and returns only the first 100 recipients.

Unified Messaging

Get-UMMailbox This command retrieves a summary list of all Unified Message (UM)-enabled recipients.
Get-UMMailbox -Identity user1 | Format-List This command retrieves the detailed configuration of the UM mailbox that is associated with the alias user1.
Set-UMMailbox -Identity user1 -UMEnabled $True This command modifies the UM mailbox associated with the alias user1 by changing the value of the UMEnabled parameter to $True.

User

Enable-MailUser -Identity contoso\user2 -ExternalEmailAddress [email protected] This command mail-enables the Active Directory user contoso\user2 with an external address [email protected]. With this cmdlet, a default primary SMTP e-mail address [email protected] is also created.
Disable-MailUser -Identity user2 This command mail-disables the Active Directory mail-enabled user user2.
Set-MailUser -Identity user2 -ExternalEmailAddress [email protected] This command modifies the Active Directory mail-enabled user user2 by changing its external e-mail address to [email protected]

Storage

Database Management

New-MailboxDatabase -Name MailboxDatabase -StorageGroup StorageGroup This command creates a new mailbox database named MailboxDatabase in the storage group StorageGroup.
Set-MailboxDatabase -Identity MailboxDatabase -IssueWarningQuota 500MB This command modifies the mailbox database MailboxDatabase by changing its mailbox warning quota limit to 500MB.
Get-MailboxDatabase -StorageGroup StorageGroup This command retrieves a summary list of all mailbox databases in the storage group named StorageGroup.
Get-MailboxDatabase -Server Server This command retrieves a summary list of all mailbox databases in the server named Server.
Mount-Database -Identity MailboxDatabase This command mounts the existing mailbox database named MailboxDatabase.
Dismount-Database -Identity MailboxDatabase This command dismounts the existing mailbox database named MailboxDatabase.
Enable-DatabaseCopy -Identity MailboxDatabase This command enables local continuous backup for the mailbox database named MailboxDatabase.

Storage Group Management

New-StorageGroup -Name StorageGroup -Server server1 This command creates a new storage group named StorageGroup on the server named server1.
Set-StorageGroup -Identity StorageGroup -Name "Research Storage Group" This command modifies the storage group named StorageGroup by changing its display name to "Research Storage Group".
Enable-StorageGroupCopy -Identity StorageGroup This command enables local continuous backup on storage group named StorageGroup.

Note: You must first enable local continuous backup by using the Enable-DatabaseCopy cmdlet for each database in the storage group on which you want to enable local continuous backup.

Disable-StorageGroupCopy -Identity StorageGroup This command disables the continuous backup of storage group named StorageGroup.

Transport

Connectors and Delivery

New-SendConnector -Name SendConnector -AddressSpaces contoso.com This command creates a new Internet Send connector named SendConnector. The associated address space for the Send connector is contoso.com.
Set-SendConnector -Identity SendConnector -AddressSpaces northwindtraders.com This command modifies the Send connector named SendConnector by changing its address spaces to northwindtraders.com.
New-ReceiveConnector -Name ReceiveConnector -RemoteIpRanges 10.149.0.1-10.151.0.1 -Bindings 0.0.0.0:25 This command creates a new Receive connector named ReceiveConnector. The associated remote IP range is 10.149.0.1 to 10.151.0.1. By setting the Bindings parameter to 0.0.0.0:25, you instruct the server to listen for connections on all locally configured IP addresses on port 25.
Set-ReceiveConnector -Identity ReceiveConnector -MaxMessageSize 20MB This command modifies the Receive connector ReceiveConnector by changing the value of the MaxMessageSize parameter to 20MB.

Queues

Suspend-Queue -Identity Server\Queue This command stops all messages in queue Server\Queue from being delivered.
Resume-Queue -Identity Server\Queue This command allows the suspended queue Server\Queue to resume delivery of messages.
Get-Message -Identity Server\Queue\Message This command retrieves the specific message Server\Queue\Message.
Suspend-Message -Identity Server\Queue\Message This command stops the message Server\Queue\Message in a queue from being delivered.
Get-Queue | Freeze-Queue This command freezes all queues on the local server.
Resume-Message -Identity Server\Queue\Message This command allows the suspended message Server\Queue\Message in a queue to be delivered.
Delete-Message -Identity Server\Queue\Message This command deletes the specified message Server\Queue\Message.
Export-Message -Identity Server\Queue\Message -Path FilePath This command exports the specified message Server\Queue\Message to FilePath.

Note: Before you can export a message, you must first suspend it by using the Suspend-Message cmdlet.

Address Rewriting

New-AddressRewriteEntry -Name RewriteEntryName -InternalAddress [email protected] -ExternalAddress [email protected] This command creates a new address rewrite entry for the internal e-mail address [email protected]. All e-mail messages sent from [email protected] are rewritten to [email protected], and all inbound messages to [email protected] are rewritten to [email protected].
Set-AddressRewriteEntry -Identity RewriteEntryName -InternalAddress [email protected] This command modifies the existing address rewrite entry RewriteEntryName by changing the value of the InternalAddress parameter to [email protected].

Anti-Spam

Set-RecipientFilterConfig -BlockedRecipients [email protected], [email protected] This command modifies the recipient filtering configuration by adding the blocked recipients [email protected] and [email protected].
Set-SenderFilterConfig -BlockedSenders [email protected] This command modifies the sender filtering configuration for spam by adding a blocked sender [email protected].
Add-ContentFilterPhrase -Phrase “spam” -Influence BadWord This command adds the phrase “spam” to the content filter by setting its Influence parameter to BadWord. The Influence parameter accepts the values BadWord and GoodWord.
Add-IPAllowListEntry -IpRange 127.1.0.0 This command adds the IP address 127.1.0.0 to the IP Allow list. The IP mask defaults to 255.255.255.255 because it is not specified.
Add-IPAllowListEntry -IpRange “127.1.0.0(255.255.0.0)” This command adds the IP address 127.1.0.0 to the IP Allow list, which has a specified IP mask of 255.255.0.0.
Add-IPAllowListEntry -IpRange 127.1.0.0-127.1.255.255 This command adds an allowed range of IP addresses. In this case, the IP range is between 127.1.0.0 and 127.1.255.255.
Add-IPBlockListEntry -IpRange 127.2.0.1 This command adds the IP address 127.2.0.1 to the IP Block list. In this case, the IP mask defaults to 255.255.255.255 because it is not specified.
Test-IPAllowListProvider -Identity AllowListProvider -IPAddress 127.1.0.0 This command tests a specified IP address 127.1.0.0 to see whether it is listed as an allowed IP address with the IP Allow List provider IPAllowListProvider.
Add-IPAllowListProvider -Name Provider1 -LookupDomain www.contoso.com -IPAddressesMatch 127.1.0.0 This command adds an IP Allow List provider called Provider1, which is used to verify which IP addresses are allowed. The associated lookup domain is www.contoso.com, and the IP address that must match the result returned by the IP Allow List provider is 127.1.0.0.
Add-IPBlockListProvider -Name Provider2 -LookupDomain www.contoso.com -IPAddressesMatch 127.2.0.1 This command adds an IP Block List provider named Provider2, which is used to verify which IP addresses should be blocked. The associated lookup domain is www.contoso.com, and the IP address that must match the result returned by the IP Block List provider is 127.2.0.1.
Get-SenderIdConfig This command retrieves the Sender ID configuration settings.

Add-AttachmentFilterEntry -Name image/jpeg -Type ContentType

This command adds an attachment filter entry that is used to block all JPEG attachments, based on the attachment's content type image/jpeg, regardless of the file name.

Add-AttachmentFilterEntry -Name *.EXE -Type FileName

This command adds an attachment file entry that is used to block all attachments that have the file name extension *.EXE.

Remove-AttachmentFilterEntry ContentType:image/jpeg

This command removes an attachment filter entry that is used to filter JPEG attachments based on the attachment's content type image/jpeg.

Remove-AttachmentFilterEntry FileName:*.EXE

This command removes an attachment filter entry that is used to filter all attachments that have the file name extension *.EXE.

Set-AttachmentFilterListConfig -RejectResponse "The attachment you included in your e-mail message was not allowed." -Action Reject

This command configures the Attachment Filter agent to reject all messages that contain filtered attachments. Both the attachment and e-mail message are blocked, and the configured text is used in the message body of the non-delivery report (NDR) that is sent to senders whose messages contain an attachment that is blocked. Available actions are Reject, Strip and SilentDelete.

Custom Delivery Status Notification (DSN) Messages

New-SystemMessage -DsnCode 5.7.0 -Text "DSN Message Text" -Internal $False -Language En

This command creates a new customized DSN message for the DSN code 5.7.0. The text of the DSN message is "DSN Message Text", the language the message is displayed in is English, specified by the locale code En, and the DSN message is sent to both internal and external senders.

Set-SystemMessage -Identity En\External\5.7.0 -Text "New DSN Message Text"

This command modifies the existing customized DSN message for the DSN code 5.7.0. The identity consists of the language, specified by the locale code En, whether the DSN message scope is internal or external, and the DSN code En\External\5.7.0. The text of the DSN message is changed to "New DSN Message Text".

Get-SystemMessage -Identity En\External\5.7.0

This command retrieves the existing customized DSN message for the DSN code 5.7.0 by using the identity En\External\5.7.0.

Get-SystemMessage -Original $True

This command retrieves a list of all built-in DSN messages.

Remove-SystemMessage -Identity En\External\5.7.0

This command removes the existing customized DSN message for the DSN code 5.7.0 by using the identity En\External\5.7.0.

Messaging Policy and Compliance

Transport Rules

$Condition = Get-TransportRulePredicate BetweenMemberOf

$Condition.Addresses = (Get-DistributionGroup "Group1")

$Condition.Addreses2 = (Get-DistributionGroup "Group2")

$Action = Get-TransportRuleAction RejectMessage

$Action.RejectReason = "RejectText"

New-TransportRule -Name "RuleName" -Condition @($Condition) -Action @($Action)

This command creates the transport rule RuleName on a Hub Transport server. The rule rejects all messages sent between the Group1 and Group2 distribution groups. A NDR is sent to the sender of the messages that have the text RejectText.

Get-TransportRule -Identity RuleName | Format-List

This command retrieves the detailed configuration of the transport rule RuleName.

(Get-TransportRule -Identity RuleName).Conditions | Format-List

This command retrieves a list of conditions and their values that are configured on the transport rule RuleName.

(Get-TransportRule -Identity RuleName).Exceptions | Format-List

This command retrieves a list of exceptions and their values that are configured on the transport rule RuleName.

(Get-TransportRule -Identity RuleName).Actions | Format-List

This command retrieves a list of actions and their values that are configured on the transport rule RuleName.

Remove-TransportRule -Identity RuleName

This command removes the transport rule RuleName.

Journal Rules

New-JournalRule -Name "JournalRuleName" -Recipient [email protected] -JournalEmailAddress "Journal Reports" -Scope Global This command creates the journal rule JournalRuleName. For all messages sent to or received by the mailbox [email protected], a journal report is sent to the mailbox Journal Reports with the original message as an attachment. The journal rule is enabled upon creation. Valid values for the Scope parameter are Internal, External, and Global.
Set-JournalRule -Identity JournalRuleName -Recipient [email protected] This command modifies the journal rule JournalRuleName by setting the value of the Recipient parameter to [email protected].
Set-TransportConfig -JournalingReportNdrTo [email protected] This command configures Exchange to redirect journal reports to [email protected] if the primary journaling mailbox is temporarily unavailable.

Servers

Get-ExchangeServer This command retrieves a summary list of all existing servers.
Get-ExchangeServer -Domain contoso.com This command retrieves a summary list of all servers in the domain contoso.com.
Get-ExchangeServer -Status This command retrieves a summary list of all existing servers and forces a call to update the server's current status. Without the Status parameter, some fields that display real-time information are not populated.