Exchange move disabled mailboxes - Powershell / Set a limit to prevent disabled mbx to be enabled on a specific server

command to find how the user on the database
get-mailbox -database <database> or get-mailbox -server <server>

get-mailboxdatabasecopy to check which is active and passive

to fail over for exchange 2013

https://technet.microsoft.com/en-us/library/dd298067(v=exchg.150).aspx
http://exchangeserverpro.com/exchange-2013-database-switchover/

exchange 2010 just google it.

you also need to change the activation preference on dag for any database on server 307

http://sion-it.co.uk/tech/exchange-2010/change-dag-database-activation-preference/

Hi,

I am not sure if I am understanding your answer. I want to accomplish two different things:

1. Run a command/script to find disabled mailboxes and move them to an specific server and database for example server307. We have a DAG and multiple DBs A/P. So is there a way to run a single command from a server to look for disabled mailboxes and move them to a different DB/server or should I run the command/script from every individual server using a scheduled task?

2. There is an scenario that we want to manage, if the users re-hired and come back their mailboxes will be re-enabled and linked to their AD account. If that happens we don't want to the mailboxes to run from server 307 (this is just an journaling server for archival). Is there a way to prevent mailboxes from running in a enabled mode in a specific server or database?

I hope this clarifies a little better the original question.

Let me clarify - the users are disabled from AD and their mailboxes change to whatever state they are placed to once the AD account is disabled. The ps or script will be looking for those mailboxes and moving them to the archive server/database.

1. you know disabled mailbox do not equal to disable user?

anyway, the quickest way is to run powershell
Get-Mailbox | ?{$_.ExchangeUserAccountControl -eq 'AccountDisabled'} | new-moverequest -targetdatabase "server307orwhateveryouput"

you can run this script in a schedule mode.

to reverse,
Get-Mailbox -database "server307orwhateveryouput" | ?{$_.ExchangeUserAccountControl -ne 'AccountDisabled'} | new-moverequest



2. disable user with a mailbox is possible combination. Shared mailbox usually are in this situation. Even you disabled a user, if the mailbox have provided full access/delegation access to some one else, the mailbox is still active. So i am not sure what do you really want to achieve.

I don't see a business requirement to move those mailboxes to a centralised location. it just create manual process that don't benefit much from administrator point of view. further, when the user been deleted, the mailbox will be deleted.

Anyway, if you able to have a business requirement maybe i can figure something for you

The reason is retention just an internal policy that we need to be in compliance with. We want to move all the mailboxes (disabled users) to an specific server and database. The reason for us to move those mailboxes is because this server is just an archive server that will concentrate disabled user/mailboxes, we can't not delete them because of HIPA policy.

If the users are re-hired and their accounts re-enabled we do not want their mailboxes to run from the archival server. It will be great if there was a way to prevent those mailboxes from running actively from the archival server, I am not sure if that's possible, however we can run a script and move them out of the server overnight via schedule tasks.

Another question - Is there a way to run the move command and "move" the mailbox to the server/database with the least amount of mailboxes or the smaller database?

by default

The TargetDatabase parameter specifies the identity of the database that you're moving the mailbox to. If you don't use this parameter, the automatic distribution logic will select a random database from the Active Directory site where you are running the command.

once a few week, you can run rebalance the database, script provided by microsoft
http://www.stevieg.org/2010/09/balancing-exchange-databases/

to move user out, you do the following

Get-Mailbox -database "server307orwhateveryouput" | ?{$_.ExchangeUserAccountControl -ne 'AccountDisabled'} | new-moverequest

Hi,

So a couple of things:

If AD account is disabled then mailbox becomes orphan. In that scenario - is the mailbox going to be show up as disconnected mailbox in the EMC?

In our case since we disable the AD accounts but we keep the mailboxes active we just need to move them to the archive server.

I guess that the best approach will be to run a Powershell command to find disabled AD accounts with active mailboxes and move those mailboxes to the Archive server.

Any idea how to get that done via Powershell?

if AD account is disabled - mailbox will still working.
to make mailbox become orphan, you need to delete the AD account, then it will show up as disconnected mailboxes.

and yes, to find disabled ad run this,

Get-Mailbox | ?{$_.ExchangeUserAccountControl -eq 'AccountDisabled'} | new-moverequest -targetdatabase "server307orwhateveryouput"


to move them out if they are enabled, do the followwing
Get-Mailbox -database "server307orwhateveryouput" | ?{$_.ExchangeUserAccountControl -ne 'AccountDisabled'} | new-moverequest

Should the Get-mailbox move command be run on each server that's member of the DAG since its looking for disabled AD accounts?

get-mailbox command will work on the whole environment. you don't need to run specificly for every server, unless you want to avoid it to run on the archiving server

Get-Mailbox | ?{$_.ExchangeUserAccountControl -eq 'AccountDisabled' -and $_.database -ne  "server307orwhateveryouput" } | new-moverequest -targetdatabase "server307orwhateveryouput"

Actually I believe it's a good idea to run it from the archiving server so that the production servers are not being taxed.

If I can get the scheduled tasks  configured on the archiving servers should I do something like this:

1.) PS to find disabled AD accounts and moved their mailboxes to the archiving server

Get-Mailbox | ?{$_.ExchangeUserAccountControl -eq 'AccountDisabled' -and $_.database -ne  "server307orwhateveryouput" } | new-moverequest -targetdatabase "server307orwhateveryouput"

2.) What's the PS command that I should run from the archiving server to be able to find the enabled AD accounts and move their mailboxes out of the Archiving server to a different server/database?

Thank you!

Ok - I will test it and get back to you. I was reading the following article https://technet.microsoft.com/en-us/library/ff872148.aspx

I was wondering if there is a way to prevent mailboxes to be linked to an AD account when they are part of the archiving server and a specific database in that server. For example don't link the AD account to the mailbox if the mailbox is part of server307 and database1.

the url you said do not have any information on prevent mailbox to be linked to AD account.

you only can prevent a mailbox to be created on those database, but not prevent a mailbox with AD account.
in fact if there is a mailbox, there is a AD account. if not it will be become orphaned mailbox (and subject to deletion policy)

I see...are you aware of any way to be able to send an email message with the mailboxes that are going to be moved to the archive server? Maybe a way to pipe that into the an email via Powershell? That would be great!

sure, you can use this following command
https://technet.microsoft.com/en-us/library/hh849925.aspx

i am not going to elaborate on such but you can achieve it in many ways on what you want upon your business requirement

but move a mailbox is definitely have minimal impact to end user. it is online move instead of a offline move.

I am having a hard time getting the mail notification to work. Any chance you help out? Thank you!

probably it is best to put out what you have done so i can advise you easily?



if not, it is best to open a new question as it attract better resource to work on this.