I was helping someone a couple of days back on his problem with his Exchange Server 2003. This guy was running into a problem where users in his organization were able to send their emails to their personal email addresses using an automatic forwarding rule in outlook though the “Allow automatic forward” option was deselected at his Exchange Server 2003 Organization level. It was certainly not really very hard to suggest him to change the value of attribute msExchRoutingAcceptMessageType to 25 which fixed his problem. Yet, it would be really a fun to know how does Active Directory determine what to be allowed and what not to be when it is based on a numeric value? This is a small try to share my findings about it. So, when you look at the following picture you will notice there are some checkboxes selected and some are not. Based on these selected check boxes the value of the attribute msExchRoutingAcceptMessageType.
Now, what is value for each of these check boxes and how it varies? Take a look at below table:
|Check Box Selected
|Allow out of office responses
|Allow automatic replies
|Allow automatic forward
|Allow delivery reports
|Allow non-delivery reports
|Preserve sender’s display name on message
So, when 1st and 2nd check boxes are selected the value of attribute msExchRoutingAcceptMessageType becomes 3. In simpler terms it would be simple addition of numbers based on the above table. The last option is “Preserve sender’s display name on messages” is not relate to these values. Attribute msExchRoutingDisplaySenderEnabled stores the value of it and works on a Boolean values of “TRUE” or “FALSE”.
Well, text and picture above is pretty clear and explains the things if you understand a little of AD and Exchange but where do I locate these attributes and their values? Open ADSIEDIT.msc and browse to the location below and open the properties dialog box:
CN=Default,CN=Internet Message Formats,CN=Global Settings,CN=<Org Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration
Note: above location may change according to your customized settings.
Even before you go ahead follow this blindly and change the settings per your requirement, do take a look at your Active Directory health and replication as well. Exchange may not be able to contact AD for the correct information to read and hence allows the automatic forwarding to internet or does not apply the restrictions mentioned above.
Moving Exchange Server 2003 to a new box without changing the name is already described in a Microsoft White Paper published on TechNet. Because in Exchange Server 2007 many things changed the procedures to move to a new hardware have also changed.
- Backup the mailbox database.edb and pubic database.edb as well as mail.que files. It is highly recommended to have a full backup of these files to prevent any future complications.
- Power down the current Exchange server
Backing up Exchange Server 2007 depends on what server role is being backed up. Below is a list of role specific data that needs to be protected before moving ahead. Procedure documented here applies to a single server installed all the server roles.
Configure New Hardware:
- Use ADUC console to reset the Exchange Sever machine account.
- If you already have a Windows Server box to box to be brought on the network, join it into the network, change its name to your Exchange Server 2007 existing computer name and join into the domain.
- Configure IP Address for the new machine so that it uses a static IP that matches the IP in the DNS host record for the old server.
- Run Exchange setup. Using Start -> Run specify the path to Exchange Server 2007 Setup launcher, add the /recoverserver and /donotrestart switches. The complete command should look like the following:
Drive:Setup /m:recoverserver /donotrestart
Once setup completes.
- Move the mail.que database back into the queue folder (this folder should be empty): c:program filesMicrosoftExchange ServerTransportRolesdataqueue
- Move the mailbox database into the production folder (this folder should also be empty): c:Program FilesMicrosoftExchange ServerMailboxFirst Storage Group
- Move the Public database into the production folder (this folder should also be empty): c:Program FilesMicrosoftExchange ServerMailboxSecond Storage Group
- Open the Exchange Management Console – obtain properties of the two stores and select the option that “This database can be overwritten by a restore”.
- Start all Exchange services.
- Verify Send Connector configuration – you should have a * domain listed with a type = SMTP in order to send mail outbound.
- Verify Receive Connector configuration – In order to receive mail the connector needs to accept anonymous connections.
- If external SMTP domain is different than the internal domain you need to Verify the External SMTP Domain is added to the Accepted Domains list.
Enable the Anti-Spam Agents for the Hub Transport role. To do so:
- Open Exchange Management shell and navigate to the scripts directory: c:program filesMicrosoftExchange ServerScripts. Issue following command: .install-AntispamAgents.ps1
- Restart the Exchange Transport Service (MSExchangeTransport).
- In Exchange Management console verify that the SPAM Agents are enabled on the Anti-Spam tab. This will be Organization Configuration – Hub Transport – Anti-Spam.
- Verify internal and external mail flow.
If you have different server roles installed on different hardware following should be a good read;
Since the introduction of Exchange Server 2007 many things related to recipient operations have changed. One of the major changes those were made are related to the recipient management in Exchange Server 2003. It worked using ADUC (Active Directory Users and Computers) console in Exchange 2003 while in Exchange Server 2007 it has changed to a sole property of EMC (Exchange Management Console) and EMS (Exchange Management Shell). Certainly, it one of the basic things that an Exchange 2007 administrator should know. You can not perform Exchange recipients related operation using ADUC anymore. It is strongly recommended to use either EMS or EMC. A known problem that E2K7 administrators come across usually is when they delete the user account from AD yet they can not see the mailbox deleted from EMC. It does not appear in Disconnected Mailbox tool either. How to resolve it?
Mailbox on Exchange Server 2007 does not appear to be disconnected though it is the associated user account is deleted using Active Directory Users and Computers.
Exchange does not enumerate the user attribute changes continuously to see the exchange attributes on the associated user account in active directory. Queries to identify the changes in attributes value for some user account are shot to AD after looking into the caches and refresh intervals which is maintained by DSAccess (ADAccess in Exchange Server 2007). As this is a cache of ADAccess these values can not be stored in active directory hence, Windows Registry is used for it. Look at an article on Microsoft TechNet for more information: Mailbox Size Limits Are Not Enforced in a Reasonable Period of Time . It is highly recommended to adhere to the refresh interval recommendations made by Microsoft to prevent the performance implications. Under normal circumstances you don’t need to run the mailbox cleanup agent manually because the disconnected mailbox appears under Disconnected Mailbox immediately. Yet, in certain cases you have to run the mailbox cleanup agent manually. See the Resolution section to see how to run the mailbox clean up agent manually in Exchange Server 2007.
- Open Exchange Management Shell
- Type, Clean-MailboxDatabase –Identity <Database Name>
Values for –Identity can be defined in following ways,
- GUID of information store.
- Distinguished Name (DN) of information store in AD.
If you have multiple database with same name of the same server, you must specify the storage group name.
Exchange Server Caches and Their Lifetimes
Managing User Mailboxes