While installing Service Pack 1 on an Exchange UM server the following error was received:

Solution:

Run Setup.com /PrepareAD from the SP1 source files to create the RMS Shared Identity User

Came across this problem recently during a migration from Exchange 2003 to Exchange 2010. When a user attempted to add a group to the permissions of their calendar they would find that the group had a deny icon next to them () and attempting to add the group would result in this error:

We had already ensured that this was a mail enabled security group and tried running the following command:

Set-Distributiongroup–identity <DistributionGroup> –MemberDepartRestriction Closed

This did not solve our problem. After a while we came across a message board thread for Exchange 2007 that involved an ADSIEdit which worked for us on an Exchange 2010 system:

1. Open ADSIEdit and browse to the group object

2. Open the group object and find the attribute msExchRecipientDisplayType

3. Open the attribute and clear the value

You should then notice that the deny icon has disappeared. Those who are operating in cached mode in Outlook may need to update and download the offline address book.

Cheers

Paul 

If you are using this very useful tool to change users home directory paths in AD and you need to input the path according to the user name, you may find that the regular %username% does not work with ADModify. The username value that the program does understand is:

%’sAMAccountName’%

For example a users home drive may be set using the following syntax:

\\server\homedriveshare\%’sAMAccountName’%

Hope this helps.

Paul

Came across an issue recently where a customer was unable to delete the first mailbox database they created in their exchange environment due to the following error.

Error:
This mailbox database contains one or more mailboxes, mailbox plans, archive mailboxes, or arbitration mailboxes. To get a list of all mailboxes in this database, run the command Get-Mailbox -Database <Database ID>. To get a list of all mailbox plans in this database, run the command Get-MailboxPlan. To get a list of archive mailboxes in this database, run the command Get-Mailbox -Database <Database ID> -Archive. To get a list of all arbitration mailboxes in this database, run the command Get-Mailbox -Database <Database ID> -Arbitration. To disable a non-arbitration mailbox so that you can delete the mailbox database, run the command Disable-Mailbox <Mailbox ID>. To disable an archive mailbox so you can delete the mailbox database, run the command Disable-Mailbox <Mailbox ID> -Archive. Arbitration mailboxes should be moved to another server; to do this, run the command New-MoveRequest <parameters>. If this is the last server in the organization, run the command Disable-Mailbox <Mailbox ID> -Arbitration -DisableLastArbitrationMailboxAllowed to disable the arbitration mailbox. Mailbox plans should be moved to another server; to do this, run the command Set-MailboxPlan <MailboxPlan ID> -Database <Database ID>.

The issue was that the arbitration mailboxes get place in the first mailbox database you create. Quick way to resolve the problem is to move the arbitration mailboxes by running the following in the Exchange Management Shell.

“Get-Mailbox –Arbitration | New-MoveRequest –TargetDatabase DatabaseName”

Then you should be ok to remove the database now

Just a few easy instructions that will allow you to mount a lagged database in Exchange 2010 into a recovery database. This will allow you restore items/mailboxes that may have got deleted from a maximum of 14 days ago.

In these instructions I will be restoring a mailbox database name  DB01 to the point in to of 03/08/2011. The Database and Transaction logs were located in E:\DB01.

The file/database names will differ to your environment so please append steps when needed

1. Log onto Server that holds lagged EDB and create a folder on a drive that will have enough room for me to take a copy of DB01 Database and Log Files

2. Now Suspend database copy on DB01

3. Now copy the EDB from E:\DB01 to the folder you created in step one (in my case it was E:\RecoveryMBX)

4. Next we need to copy the transaction logs over.  But depending on what transactional logs we choose will be the date the database will be reverted to.

For Example if we want to restore the database to the 03/08 we would copy all transaction logs that got created prior to and including the 03/08. i.e don’t copy anything from the 4^th ,5^th onwards.

5. Now open command prompt and navigate to the folder you create “E:\RecoveryMBX”

6. Run the following command “eseutil.exe /r E03 /a /d E:\RecoveryMBX /l E:\RecoveryMBX”  Please note E03 may need to be changed to  the first 3 letters of the transaction log files that you copied will differ for each mailbox database. Ie some may be E01,E02 etc

7. Next open the Exchange Management Shell and Run “New-MailboxDatabase -Name “RecoveryDB” –Server LagServerName -EdbFilePath “E:\RecoveryMBX\DB01.EDB” -LogFolderPath “E:\RecoveryMBX” –Recovery”

8. Now run Mount-Database “RecoveryDb”

9. If we now run “Get-MailboxStatistics –Database RecoveryDB” this will show us all mailboxes in the recovery database and the last logon time should give you a rough indication on the date the DB has been restored to.

10. Know you can recover anything you like from that recoverydb with the use of the “Restore-Mailbox” cmdlet.

11. Once you have finished with your recoveries run “dismount-database recoverydb” and then “Remove-Mailboxdatabase recoverydb”

12. You can then delete the “E:\RecoveryMBX” folder to regain space

13. Finally Resume database copy on DB01

Below is PowerShell command which can be run to force a reboot on a remote machine:

(gwmi win32_operatingsystem -ComputerName ComputerName -cred (get-credential)).Win32Shutdown(6)

After making a hardware, driver, BIOS change or experiencing a blue screen error on a machine with BitLocker enabled, you may be prompted for your recovery key with the following error:

After entering your recovery key and logging in, the next time you perform a reboot you are prompted with the same error.

Solution:

Suspend then Resume BitLocker.

Ensure that you suspend BitLocker before making any hardware, driver, BIOS changes and then resume BitLocker once complete.

Recently we got tasked with protecting all objects in a specific  OU from accidental deletion. There were about 60 users in this OU so we wanted to script this and by scripting this we would also be able to set up a scheduled task so that the change got applied to new users who got added to the OU also.

First of all open PowerShell and run “Import-Module activedirectory”

Now run the following but obviously change the DN name so that it points at the OU relevant for your domain.

Get-ADobject -Filter * -SearchBase “OU=Users,DC=Domain,DC=com” | Set-adobject -ProtectedFromAccidentalDeletion $true

All users in the OU should now be protected from accidental deletion

Just a quick useful command that you can run to find out which DCs hold which FSMO Role.

“netdom query fsmo”

After installing numerous Windows Updates, usually when bringing a newly installed server up to date on patches, you may recieve the following error in server manager:

Error: Unexpected error refreshing Server Manager: Exception from HRESULT:0x800F0818d

This issue occurs when corrupt .mum or .cat files are present after the extraction and installation process of windows updates.

To reolve this we need to complete a few steps

1. Download and run the Microsoft Update Readiness Tool from http://support.microsoft.com/kb/947821 once it has run check the log in C:\Windows\Servicing\Packages\CheckSUR.log

2. You should see errors resembling:
CBS MUM Corrupt 0×00000000 servicing\Packages\Package_for_KB978601~31bf3856ad364e35~amd64~~6.0.1.0.mum Expected file name Package_for_KB978601_server~31bf3856ad364e35~amd64~~6.0.1.0.mum does not match the actual file name

and further down

Unavailable repair files:
servicing\packages\Package_for_KB978601~31bf3856ad364e35~amd64~~6.0.1.0.mum

3. There may be more than one problematic update so make a note of all of them, you will then need to download these KB’s and unpack them using the following commands:

Expand -F:* UpdateKB978601.msu C:\Directory

This then shows a cat file which also needs to be unpacked:

Expand -F:* UpdateKB978601.CAB C:\Directory\CAB

4. You will need to grab the two files, one extension .mum and one extension .cat, then rename them making sure they are exactly as was displayed in the CheckSUR.log file. You will then need to copy them into the C:\Windows\Servicing\Packages directory overwriting the existing ones.

These steps should resolve the issues and you should be able to add/remove Roles and Features again