en Passant

We maintain an Exchange EDGE server on our perimeter as SMTP relay. Application servers can use this server to relay email out (to internal recipients or the Internet). To keep this server from being an open relay, we maintain a list of valid IP addresses that can relay through this server. To update the the relay, we run my script below to import the IPs. On our first attempt, we found that MS Edge 2007 - Receive Connectors have a limit on allowed RemoteIPRanges values. After approximately 1100 individual IPs, it would quit accepting any additional IP addresses. Unfortunately, we have over 1300 current application servers running currently.

We are set to finish our migration of several email domains over to our Exchange 2007 environment. One of the last issues to migrate across is the Exchange 2003 Recipient Update Policies, into the Exchange 2007 Email Address Policies.

Our current e2k3 RUP is a fine-tuned LDAP query:

(mailnickname=*)
(|(extensionattribute3=EXAMPLE*)(department=EXAMPLE*))
(|(objectCategory=group)(&(objectCategory=person)(objectClass=user)))

We have been working to synchronize our GAL through non-technical means with another remote company. We don't actively have a connection to this other environment so sneaker-net is the solution.

I currently get a CSV from this company with the following columns.

• Mode (A for Add, D for Delete, C for Change)
• FirstName
• LastName
• DisplayName
• EmailAddress

Recently one of our executives received an odd email message. Initial review of the message shown that her name was in the FROM field, an external recipient was in the TO field, the subject was something like "Request Update: Original Meeting Subject" and to top it off, it shown up as unread in her Inbox.

Initial analysis suggested that the message was a spam or spoofed message, but the subject was deceiving. OK, if that were so, then someone has been infected with a virus or spam-bot. Not good. This required further investigation.

In Exchange 2007, they have finally done resources correct. Using Powershell, you can define a mailbox specifically as a conference room, laptop, projector or other resource. As a resource it will appear differently in Outlook 2007 and OWA. These resources can be defined to automagically accept meeting requests using specific permissions on these resources. No longer will you need to use the flaky AAA as in Exchange 2003.

The attached script is my very detailed, all-in-one convert a standard/migrated mailbox to a conference room resource in Exchange 2007.

We recently had a secretary who created a personal distribution list (PDL) with too many members.

This is a limitation of distribution lists that are created and stored in a Microsoft Exchange Server mailbox store or in a personal folders (.pst) file. There is no definite limit to the number of contacts that you can add to a distribution list.

Recently we've had a rash of SPAM email messages going to distribution lists. This has led to the limiting the permissions on who can send to these lists. For the largest lists, we are assigning mail-enabled security groups permissions to send to these lists.

Problem: Some of these mail-enabled groups are very large, containing nested lists inside of other lists. Trying to determine if a specific user has permissions to send to a list can be difficult.

In my environment, I am always looking up a user's email address, or trying to find out what Exchange server their mailbox is on. That's why I developed the attached script.

It will do a wild-card search against your currently logged on domain to find any account with those values. It searches the Displayname, proxyaddresses and mail fields.

The following script will search all users specified and remove email addresses in a specific domain. I have successfully tested it in my domain, to only have Exchange RUS add it back in. Good enough for now.

This uses the Quest ActiveRoles Powershell add-on to gather the DistinguishedName value for all impacted users. You could read this from a file. Otherwise, this script should work on Exchange 2003 and 2007 mailboxes.

I just created 300 new distribution lists on our mixed Exchange environment. These new DLs, all needed a manager assigned to them.

The script below requires/uses cmdlets from the Microsoft Exchange 2007 Shell. For one that doesn't need them, check out Brandon's blog.