Unable to move Federated Mailbox in Exchange 2010

Exchange 2010 Mailbox server role installation create a default mailbox database which consist of System mailboxes and a Federated mailbox.
As we all know, in case if we decide to remove this Default mailbox database we need to move all mailbox to a different Database.

In one case while trying to move Federated mailbox I was getting error “Mailbox size 1.009 MB exceeds target quota 1 MB”

Though the destination Database had no limit defined.
Tried to move by defining limit on database, still of no use.
Tried to remove quota from Federated Mailbox, in this case I was greeted with error similar to “Cannot find the on DC01.domain.com” (I don’t remember the exact error)
Continue reading


Changing UserName and SMTP addresses in bulk

Recently I had to perform a task in which there was a need to change UserName, Alias and SMTP addresses associated with the user for approx 150 users. These were recently created users.

If I start doing it using GUI, am sure my whole day will pass in find, click.. click.. click..

I had to do little bit of manual work like generating a csv output for the users in the department OU and add new username and new email address column to it.

The final CSV looked like this.

Once ready with the csv file, lets import it in PowerShell and let it do its magic.

$userCol = Import-Csv -Path C:\Update-users.csv
Foreach($user in $userCol){
"Processing : "+$user.UserName
    Set-Mailbox -Identity $user.UserName -EmailAddressPolicyEnabled $false
    Set-Mailbox -Identity $user.UserName -Alias $user.NewUserName
    Set-Mailbox -Identity $user.UserName -EmailAddresses $user.NewEmail
    Set-Mailbox -Identity $user.UserName -EmailAddressPolicyEnabled $true
"Changing UserName from: "+$user.UserName+" TO: "+$user.NewUserName
    Set-Mailbox -Identity $user.UserName -SamAccountName $user.newUserName -UserPrincipalName $user.upn -Alias $user.NewUserName

I did use a seperate set-mailbox for each task for easy to understand.

The script is self explanatory.

Hope it helps.

Exchange 2010 PowerShell Remoting

Many a times we come across situation when we need access to powershell to run some exchange specific cmdlets.
But the workstation is either not having management tools installed or the workstation is running an x86 Operating system.

The easiest way to get the job done is by using PowerShell “Remoting” feature.

Remoting should be enabled in Exchange 2010 server so that workstation Powershell can connect to remote (exchange 2010) server.

On Exchange 2010 Server:
To enabled Remoting

On workstation:
$PSExch = New-PSSession –ConfigurationName Microsoft.Exchange –ConnectionUri

Import-PSSession –session $PSExch

Import-PSSession will import all the cmdlets necessary to manage Exchange via powershell.


That’s it. You have access to powershell on Exchange server.

Exchange 2010 Certificate error The Certificate Status could not be determined because the revocation check failed

This guide is for a Lab environment scenario where we have Exchange 2010 setup and we need a certificate to make OWA / Autodiscover work in Lab.
When we Install a RootCA (standalone) and generate a certificate for our use initially it works without issues until the certificate is imported in Exchange and get the error “The Certificate status could not be determined because the revocation check failed”
This happens coz of CRL Distribution Point URL, which are configured under the CA server properties / Extensions tab and Certificate Revocation settings.

This is the default settings for “Extensions” on Root CA server. (screenshots taken from a another Server)


This is the default settings for CRL on Root CA server. Right click “Revoked Certificates” Node and select properties.

Lets change these values to work for us.
1st Step, we will set the Configuration Naming Context which will be used in the CRL path.
Start Command Prompt (CMD) and run the following 1 line commad:

certutil –setreg CA\DSConfigDN CN=Configuration,DC=vhomelab,DC=com

Replace DC=vhomelab,DC=com to your domain name.

2nd step, we will change the settings under “Extensions” tab.

3rd Step, change settings under “Revoked Certificates” properties.
Now, restart the certificate service.

Again right click “Revoked Certificates” and select “Publish” from “Tasks”
This will publish the new CRL with the changes that we made.

Now, go to the Domain Controller and browse the Certificate server using browser (http://YourRootCA/certsrv) and download “CA Certificate” and CRL. (save it on C:\)

From CMD, execute 2 commands: Certutil –addstore –f Root RootCert.cer and Certutil –addstore –f Root RootCRL.crl

This will add Root Certificate and CRL to trusted Root Certificate on DC.
Now we will publish the Root Certificate and CRL to AD DS using commands as follows.

Certutil –dspublish –f RootCert.cer RootCA


Certutil –dspublish –f RootCRL.crl



Now, generate a certificate request from from Exchange Management Shell. (you can use GUI as well)
New-ExchangeCertificate -FriendlyName ‘Ex2010-Cert03’ -GenerateRequest -PrivateKeyExportable $true -KeySize ‘2048’ -SubjectName ‘C=BH,S=”State”,L=”City”,O=”vHomelab”,OU=”IT”,CN=mail.vhomelab.com’ -DomainName ‘cas-a.vhomelab.com’,’mail.vhomelab.com’,’vhomelab.com’,’autodiscover.vhomelab.com’ -Server ‘CAS-A’

Request from a certificate.

Complete the certificate request in Exchange Management console.
And, Done!.
If you check the certificate by double clicking it, and under details, see the CRL distribution points,
1st, the command that we ran for Configuration Naming Context, that was to get the CRL path configured properly as shown below.

Hope this has helped you in some ways.

Exchange 2010 SP1–Database status (mounted or dismounted)

If we run cmd-let Get-MailboxDatabase we cannot find the Mount status of database.

Get-MailboxDatabase –identity MBX2DB1 | FL Name, Mounted


Use –Status Parameter.

Get-MailboxDatabase –identity MBX2DB1 –Status | FL Name, Mounted


Using FT along with –AutoSize –Wrap will give a better view if we have multiple database.