Ever had a new user appear in the “All Users” Address list that you can access via your Address Book but that DO NOT APPEAR inside the Global Address Book (GAL)?

These are most likely users that have only recently been added…because the minute that Exchange does it’s standard maintenance window, it will most likely update.   But what if, like me, you need to have it update right away due to something like a BlackBerry server?

Through trial and error, I’ve found out WHY the user is not put into the Global Address List right away and how you can force it there.  Please note that I’m using Exchange 2007 with a separate CAS, HT, and Mailbox Server.  First, let’s go over what is happening and why it is and then we’ll go over how we can force the OAB (Offline Address Book) or GAL to update with these users.

What is Happening and Why?

So, you added Joe Smith to the company and you’ve right-click updated the “All Users” address list so he can be included in distribution lists and so that he receives emails on dynamic distribution lists.  Then you right clicked the OAB and selected ‘Update’.  Excellent!  Welcome to the company Joe!  But wait, Joe is not appearing inside the GAL/OAB you just updated!  Why is this problem happening!?  If you’re using the web distribution of the offline address book, the Exchange Client Access Server waits for a ‘polling time’ to arrive before it updates…just like any standard DFS (distributed file system) in Active Directory.  The default time is 480 minutes and of course, we don’t want to wait that long.  You can read all about how OAB via DFS works by visiting this link about Exchange polling times and OAB distribution.

Now that we know it isn’t working by design, how do we fix it?  We manually force it to poll.  We do this through the Exchange Management Shell:

update-filedistributionservice -identity Servername

Make sure you substitute in your Client Access Server where the OAB is distributed with ‘servername’ above.  A warning will appear if you do not have Unified Messaging installed on your server.  If you don’t, it is safe to ignore that warning.

After you’ve forced the update, manually download the address book in any Outlook client and the user will magically appear in the Global Address List.  Hope this helps someone…I know it took me a while to figure out what was happening.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Ever wanted to stop managing a distribution group because you get 90 million requests every other day to add someone or remove someone from said group?  Ok, maybe not 90 million but it has to be close to 80 million right?  Sometimes you will run across a distribution group that changes its membership frequently.  The best solution I’ve found is to find a point of contact for that group who will be able to manage the membership.  This means less requests to you in the future.

Normally, what I do is add the person as the ‘owner’ under the properties of the distribution group.  While this does nothing to give the person rights to the group, it does allow me to remember which member of the group is the point of contact.  In the example above, I added Scooby Doo as the owner of the 4th Floor NAs (nursing assistants) distribution group.  This allows me to remember the person (or cartoon dog) I am granting write permissions to manage the group to.

Next you have to do some powershell magic to grant write permissions to that very same person:

Add-ADPermission -Identity:'Group Display Name’ -User:domain\username -AccessRights ReadProperty, WriteProperty -Properties 'Member'

Now, if you wanted to grant permissions to a group of people…you might not be able to add an owner…but you can fill out the ‘notes’ section shown in the picture above and drop yourself a line to remember which Active Directory group has permissions to write membership of the group.  The command here would be:

Add-ADPermission -Identity:'Group Display Name’ -User:'Display Name of Permissions Group’ -AccessRights ReadProperty, WriteProperty -Properties 'Member'

I know this has been covered in countless other blogs and other nooks and crannies of the interwebs…I’m sure I’m not telling anyone anything new.  Please remember though that this blog is not only a tool for people to find on the internet…but also a knowledge repository for myself.  I can find the things that are most useful to me simply because I write about them.  I know where to look after I blog about them…and I can guarantee that this blog will be up indefinitely since I host it myself.  That’s more than I can claim for most blogs/resources of information out there covering these topics…most blogs dry up after a few years.

Hopefully, this information will help a few searching souls out there looking to decrease their distribution list management burden.  Thanks for reading!

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

I previously posted about how to count total number of what I thought was mailboxes on any given server…and today I realized that when I used the command from that post I was coming up with a number just a bit too high for what I was looking for.  I did some research and found out that this command finds any entry for any recipient on the server you’re running it and reports back.  For example, I have just over 2000 objects in Recipient Configuration in the Exchange Management Console (EMC).  This is reported back if I use that command.  What I really wanted to know though was how many users mailboxes I have per database.

Of course, powershell is the easiest way to accomplish this.  Powershell is POWERFULL…but sometimes you just need to do simple things with it and instead of having a simple powershell command, you have a complex one.  It’s not the fault of powershell of course…it’s just how things happen to work.  Just the same, here is the command that you can use to get a nice readout of how many users you have in each database:

Get-MailboxDatabase | Select Server, StorageGroupName, Name, @{Name="Number Of Mailboxes";expression={(Get-Mailbox -Database $_.Identity | Measure-Object).Count}} | Format-Table -AutoSize

Please note this command is for a single mailbox server environment…if you have clustered or multiple mailbox database servers the command will probably be different.  Breaking down the command…with Get-MailboxDatabase we’re selecting all databases in our environment.  Next we’re selecting a few columns of data…server, storage group name.  Next we’re selecting a column titled Number Of Mailboxes and we’re defining an expression.  The expression grabs the identity of the single database and then does a count of each individual mailbox…it then returns that value under the name “Number Of Mailboxes”.  The last bits format the table and autoresize it to fit on your powershell screen.

You could output this to CSV relatively easy as well and you could even incorporate this into a nightly report if you really wanted to.  I know the command isn’t very simple…which is odd considering that it should be much simpler to find out the number of people on a single database.  If there are easier ways to do this…I haven’t found them.  You can use EMC to select the column and then sort and highlight the number of people for a quick and easy way…but I prefer powershell.  I hope this helps someone out!  I know it is a command I can’t live without!

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

I decided to see if BlackBerry had solved their install problem with the Desktop Software version 6 that I tried to install back in September 2010.  I’m sad to say their software is full of FAIL still.

As you can see from the errors above, you can’t even launch the application.  It makes me wonder if programmers at RIM even QA their software at all.  I’m not the only one having this problem either.

1. http://supportforums.blackberry.com/t5/BlackBerry-Desktop-Software/Blackberry-Desktop-Software-Has-Stopped-Working/m-p/640375
2. http://www.codecannon.com/?p=159
3. http://supportforums.blackberry.com/t5/BlackBerry-Desktop-Software/Blackberry-Desktop-Manager-has-stopped-working-error-upon-launch/m-p/373082/highlight/true#M13213
4. http://supportforums.blackberry.com/t5/BlackBerry-Desktop-Software/Can-t-open-Desktop-Software-6-0-1
5. http://forums.pinstack.com/f8/bb_desktop_manager_6_0_does_open-121855/
6. http://supportforums.blackberry.com/t5/BlackBerry-Desktop-Software/Blackberry-Desktop-Has-Stopped-Working/td-p/667657#M21023
7. http://supportforums.blackberry.com/t5/BlackBerry-Tour-9630/Windows-XP-gives-message-quot-BlackBerry-Desktop-Software-has/td-p/706967#M11556
8. http://supportforums.blackberry.com/t5/BlackBerry-Torch-9800-smartphone/Desktop-Manager-6-0-0-246-quot-Blackberry-Desktop-Software-has/td-p/669787#M6465

I could go on and on but I figured I’d need to stop somewhere.  It’s pretty bad.  It seems users have been reporting this even a few months before I tested it out in September 2010…so this problem has been around for more than 6 months and RIM hasn’t done anything to fix it…and they wonder why Android is chewing up their market?

The worst thing is that when googling around this particular error…you find it is a simple fix in .NET framework inside the application and the app just needs a reference fixed and a recompile.  Figures.  Something that could be done simply and quickly to solve pain and suffering of many goes unnoticed…but hey, let’s make sure we make big bucks on everything else!!

Bottom line is…I have to revert back to previous version.  This means I can’t update my BlackBerry and I can’t call customer service because they won’t help me unless I’m running the most recent version.  So at least they have THAT going for them…they don’t have to address any concerns about BlackBerry Desktop Manager 6 because they can just ignore people that call in that aren’t running that version of the software…and since the people CAN’T get to that version, they get lost in the void.

Hat’s of to RIM!  They’ve cooked up a good way to ignore people in this case.  I hope they fix their problem sometime in the next 6 months.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

I hit a snag at work today while trying to create a scheduled task to run a batch file daily on a server.  The problem was after creating a scheduled task using the wizard, a popup displayed this:

The new task could not be created.
The specific error is:
0×80070005: Access is denied.
Try using the Task page Browse button to locate the application.

Of course, the task wasn’t created.  Googling around wasn’t much help…most of the stuff references Windows XP and a bunch of the results want you to go inside the registry.  I figured there must be a better way.  Something that all the posts had in common was saying that something had changed the permissions on the Windows Tasks directory.  So, I figured running CACLS to reset the permissions on that tasks directory should fix things.  I was right.  So this fix is MUCH simpler than all those forum posts and mailing lists posts said.

To fix:  Open up a command prompt and change directory to C:\WINDOWS.  Next issue the following command:

 CACLS Tasks /E /G builtin\administrators:F

it should echo back ‘processed dir: C\WINDOWS\Tasks’ and return you to a prompt.  After this, you should be able to schedule a task quite easily.  The skinny of this problem is that the tasks directory just gets its permissions wrong and you’re using CACLS to reset things.  Hope this helps someone out there!  It took me a couple hours to figure it out!

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Dear Microsoft,

Public Folders are way to hard to manage in Exchange 2007/2010.  Adding/Removing folders is a pain the neck; even if I’ve got the right permissions, I still don’t have the right permissions.  Please fix this immediately.

Yours Truly,

Teknologist

PS:  Do something about getting Local Continuous Replication (LCR) in 2010 too?  Thanks!

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

The recent update to BlackBerry Desktop Software (version 6.0) is hazardous and will mess up your install causing you to have to manually scrape it from your computer and revert back to the version you have on disk (most likely, 4 or 5).  Be warned, you’ll get errors when launching the application that will prevent it from starting.

go go gadget error reporting!

If you have earlier versions of the software and are prompted to update…my advice is to NOT update it.  Unless you’re a fan of fail…then by all means give it a go.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

The other day I wanted to get a quick count of how many recipients I had in the enterprise.  Of course, I wanted to be able to run a powershell command instead of going into the EMC.  I fooled around with the Get-MailboxStatistics command until I got what I wanted and figured it would be a nice little one liner to share:

Get-MailboxStatistics | group MailboxDatabase | format-table count

This is a very simple command that just outputs the count (number) of recipients you have on a given exchange mailbox server.  Of course, if you have more than one server you’ll need to specify that inside the command.  Since I only have one, it’s pretty simple.

UPDATED:  Please note that this returns ALL recipients…not just mailboxes (as I thought when I initially posted this).  That means contacts, distribution groups, etc.   For a way to find how many user mailboxes you have in each database check this post.  Thanks for reading!

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

The Problem

Let’s say you’re an exchange administrator and you use EAS (Exchange Active Sync) to plug smart phones into your Exchange environment.  You’re probably one of the many out there who do this…I do it in my environment.

Then you stumble across a handy powershell script that will allow you to query your environment for mobile phones that have synched on user accounts and report back the last successful synch as well as any phone details that are reported.  I found this one somewhere (can’t remember):

$devices = @()
$mailboxes = Get-CASMailbox -ResultSize:Unlimited | Where-Object {$_.HasActiveSyncDevicePartnership -eq $true -and $_.ExchangeVersion.ExchangeBuild -ilike "8*"}

foreach ($m in $mailboxes)
{
$devices += Get-ActiveSyncDeviceStatistics -Mailbox $m.Identity
}

$devices | Export-Csv DeviceStats.csv

You get a nice little list of stuff right?  This should be every single EAS enabled account that has a phone synching with Exchange right?  Wrong. It absolutely is NOT an accurate list of phones that have synched with your Exchange server.

When I executed that powershell scriptlet above on my system it reported back quite a few phones…but my phone, a HTC Evo, was not on the list.  In fact, my account wasn’t reported on the list.  This despite my device synching just fine every 15 minutes.  The integrity of this ‘report’ has been challenged.  So what’s the deal?

Workaround Solution

A quick investigatory glancing at google brings little results…However, I did notice when using the EMC to highlight my account and going to ‘Manage mobile device” I was in for a suprise….because that link wasn’t there on my account.  That’s right, “manage mobile device” is missing on my account.  This despite having Active Synch enabled under the ‘mailbox features’ tab on my account and despite having my device pair up with Exchange in 15 minute intervals.

Searching google for this problem yeilds much better results.  It seems that a flag embedded for a value in Active Directory doesn’t toggle correctly OR isn’t added into AD at all (perhaps bad replication).  Either way, it means you’ll be whipping out trusty adsiedit.msc (per the forum thread linked to above).  The setting that needs toggled is “msExchMobileMailboxFlags” which should be set to 1.  After setting this, you’ll be able to manage the mobile device AND your synch will be picked up by the powershell report above.

The Real Crux

The real crux of the matter is that this toggle shouldn’t have to be set at all and regardless if it is set or not, powershell should be able to report if a device is synching with Exchange.  There is a reason why RIM is #1 when it comes to businesses and smartphones…it’s because you can have 100% accountability for what is on your network at any given time.  With Exchange 2007 and above, it is unfortunately, much like a ring toss at a circus…sometimes you get a ring on that bottle and win a stuffed giraffe but other times you’re going home without plush pals.

Microsoft has a problem here because you can’t trust your own powershell queries.  If it doesn’t work for this individual area (phones, EAS) then what else doesn’t work?  Do we call into question the entire integrity of all powershell commands and commandlets?  What do you think?  I know this workaround is pretty silly on a huge environment with multiple user containers in AD or even mutlipe forests.  Is the workaround something that is tolerable or should Microsoft do more to fix this broken part of their product?

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

I hit a snag that was a result of my conversion from Exchange 2003 to Exchange 2007.  The snag was with global groups.  The problem is that global groups cannot be expanded by Exchange…so if you have a distribution list that is a member of a global group it will be grayed out in the Exchange Management Console and you will not be able to edit it.  You also won’t be able to right click and convert it to universal because it will give you the error of:

A global group cannot have a universal group as its member

So what to do?  How does one convert this group to a universal one?  The problem doesn’t lie with the group  itself but with the membership of the groups.  In order to convert one, you have to convert them all.

The EXPTA blog has an excellent post regarding what is going on with solutions to boot:

As you may know, Exchange Server 2007 and Exchange Server 2010 force you to create all new distribution groups as universal distribution groups.
The reason for this is that Exchange 2007/2010 requires a local Global Catalog (GC) server in the Active Directory site where Exchange resides to query for group expansion. A GC can expand domain local, global, and universal groups. However, domain local groups (and sometimes global groups) can only be expanded within the domain local scope. If the GC is a member of the companyabc.com domain, it will be unable to expand a domain local group in the sales.companyabc.com subdomain.

I’m going to be posting how they solved their problem for posterity but you can head over to the EXPTA blog for the full post which contains much more meat than this post will.

To solve the problem, query the groups and look at how many you have that are global.  Just open up a command window on a domain administrator account and remember that this command may take a while on a large enterprise:

dsquery group -limit 0 | dsget group -samid -scope -secgrp > Groups.txt

Next run the command to convert the global groups to universal.  There are no adverse problems that will result from this…the conversion doesn’t mess with permissions.

dsquery group -limit 0 | dsmod group -c -q -scope u

You WILL have to run this 2nd command many, many times.  See, each time it cycles through the groups it finds the top level one it has not converted and converts it to universal…there may be 3 more subgroups that need converted but it won’t convert them until the parent is a universal.

For more explanation, see the EXPTA blog link above and hopefully this helps someone out!

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.