We help IT Professionals succeed at work.






Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.

I have an O365 group and want to send email to it from an on premise server but do not want any other external senders. I have the IP, server name.
In the GUI there is no way to do this other than to accept messages from "All Senders", which is not want we want.

Is there ability in PS or other means to identify specific external senders and block all others (effectively creating a white list for this group)?

Thank you
can someone help me with this script,  this is what i have so far, but its not working, getting a blank CSV:

the goal is to export out the values of the "targetAddress" attribute for all users that match company: XYZ

Get-ADUser -Filter {Company -eq "XYZ"} -Properties targetaddress | Select-Object Name, targetaddress | Sort-Object Name | Export-Csv -NoTypeInformation c:\temp\taexport.csv

Open in new window

i have  a shared mailbox whose message size attachment has to be increased to 75 mb,  

we have 14  mailbox servers in DAG ( EXCHANGE 2016)

the size on all receive  connectors  are set to default of 60 mb. and  cant increase the size on that mailbox server just alone  ( message size restriction)

receive connector will reject it

is there any power shell command i can change size ( front end hub transport service) and applies to all connectors (40)
I have a need to be able to export contacts for specific users using powershell. I've tried the scripts here but the don't seem to work:



The one from spiceworks doesnt give me any errors, but the csv it creates has no data.

The one from the technet gallery gives me an autodiscovery error and I'm not sure how to fix that.

Does anyone else have a tried and true way of exporting contacts using powershell and exchange online?

Thank you.
We have an exchange dag 2016 with two members and i am running almost out of available space.
we have used all the available dbs that we can have by using the standard version and finally we upgraded to enterprise in order to split the users' mailboxes in more dbs for better handling (for the future). Both severs have two disks "C:\" and "G:\" and the databases are stored on "G:\" drive. The problem is that i cannot expand anymore the lun from the SAN and i have to create another new. My question is "Can i add a third drive in both servers i.e. the "H:\" drive and on this to start create the new dbs in which i will move the users' mailboxes?" . Should i configure anything on both exchange or simply I add the new drive in both servers and then i create the dbs on the new directory? Is it supported from exchnage dag to have the dbs on more than one drive, i.e. "G:\" and "H:\" ?
In Exchange Online, you can set forwarded on a mailbox by opening up its properties from the Exchange Admin Center (Mailbox features > Mail flow > Forwarding Address).

It seems any e-mail forwarded this way isn't being filtered for phishing or spam.

Why is that? Is there a way of getting it to filter just like regular e-mail not being forwarded?

I have Microsoft Outlook for Office 365 (16.0.12624.20348) 64-bit.

Sometimes, The Microsoft Outlook was disconnected.

When using the earlier version (I am not sure which version), I can just CLICK “One tab .. I am not what is it… maybe “Work of line”… then, it would be connected again to the Microsoft Exchange.

Someone knows how to connect (or which button should I click) to connect again this Microsoft Outlook?

I have a user who sent an email from an iPad (IOS 13.4) that had text in the message body however when the user received it (Exchange 2016 on premise server) the message text was in an attachment (ATT00001.htm) and no longer in the body of the message.  Any ideas on what's happening and how to prevent it?

Thank you.
Emails are getting to Exchange 2007 fine and we can view the emails if we log in via the network, however most access is via remote and we are not able to connect our MS Outlooks to the server and we have the error message - There is a problem with the proxy server's security Certificate. Outlook is not able to connect to the Proxy Server remote.domainname.co.uk.

I have run the Fix My Network wizard but this has not fixed the issue.

If we try to log in via a browser to use OWA Anywhere then we receive the message ...

There is a problem with this website’s security certificate.  
The security certificate presented by this website is not secure.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

Can someone help please?
We have several tenants using office 365.  One of these was locked down by an employee who is no longer with the company.   I need to connect to it using PowerShell to make some changes.  

I am using an account which is a global admin and an Exchange admin.  I have tried from my computer and from a computer on the local network and whatever I have tried I get the following error message:

New-PSSession : [outlook.office365.com] Connecting to remote server outlook.office365.com failed with the following error message : Access is denied. For more
information, see the about_Remote_Troubleshooting Help topic.
At line:4 char:12
+ $Session = New-PSSession -ConfigurationName Microsoft.Exchange -Conne ...
+            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException
    + FullyQualifiedErrorId : AccessDenied,PSSessionOpenFailed
Import-PSSession : Cannot validate argument on parameter 'Session'. The argument is null. Provide a valid value for the argument, and then try running the command again.
At line:5 char:18
+ Import-PSSession $Session -DisableNameChecking
+                  ~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Import-PSSession], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.ImportPSSessionCommand

Here are …
As always many thanks in advance for all insights.
We are running AD with two 2016 DC with the usual GC/DNS, etc. on a 2012R2 FFl/DFL, but still have WINS installed on both (replication). Not my choice and I want to get rid of it as I have assurances that none of the current applications or servers running them still need WINS. I note we also have a SharePoint 2013 and Exchange 2013 (cluster). What would be the best approach for this? I could remove WINS entries from the static IPv4 entries on each server and then see over a 24 hour window if anything breaks which sees the safer option or just turn off WINS on the two DC, see what happens over 1 week and if nothing then remove the roles altogether? Thoughts? Cheers!
I'm trying to migrate to exchange online.

My autodiscovery settings below and I tried ping test to mail.leesunam.xyz from the external environment. It works.
Please help me to complete this migration steps.


PS C:\Windows\system32> C:\Users\administrator.LEESUNAM\Downloads\Do-SCPjob.ps1
The Exchange PS Snap-in is already loaded
Source Url:  https://technet.microsoft.com/en-us/library/hh135098(v=exchg.150).aspx
You're running Exchange Server 2013 CU23 2020-04-06 09:23:11 LOAD:        Exchange Server 2013 CU23 released on June 18, 2019 (15.00.1497.002)
Getting Client Access Information

AutoDiscoverServiceInternalUri : https://ex01.leesunam.xyz/Autodiscover/Autodiscover.xml

Getting Web Services Information

InternalUrl : https://ex01.leesunam.xyz/EWS/Exchange.asmx
ExternalUrl : https://mail.leesunam.xyz/ews/exchange.asmx

Getting Oulook Web Access (OWA) Information

InternalUrl : https://ex01.leesunam.xyz/owa
ExternalUrl : https://mail.leesunam.xyz/owa

Getting Exchange Control Panel (ECP) Information

InternalUrl : https://ex01.leesunam.xyz/ecp
ExternalUrl : https://mail.leesunam.xyz/ecp

Getting Outlook Anywhere Information

ExternalHostname: mail.leesunam.xyz
InternalHostname: ex01.leesunam.xyz

Getting MAPI Information

InternalUrl : https://ex01.leesunam.xyz/mapi
ExternalUrl :

Getting Powershell Virtual Directory

we have 10  mailbox servers in DAG.

each mailbox server will have 22 volumes which contains database, database logs.

one of the drives is throwing error and it has exchange volumes that is used to serve exchange applications.

i need to run chkdsk ( check disk) and bring all 22 exchange volumes offline on E drive

also i am told mount points shortcuts are on E drive ( can you explain what this means)

E drive is the root volume for mount points and Microsoft recommended to bring all the mount points offline- not able to understand

should i run below command to : checkdsk e: /f ( will this bring mount pints offline)?
Original e-mail Internet headers:
spf=pass (google.com: domain of test@domain.com designates 123.456.789.321 as permitted sender) smtp.mailfrom=test@domain.com;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE)
header.from=domain.com Received: from mail.comp.domain.com ( by  mail.comp.domain.com ( with Microsoft SMTP Server

From the receive connectors, "Client Frontend MAIL" (Role) FrontEndTransport
under Scoping "FQDN: Specify the FQDN this connector will provide in response to HELO or EHLO"
I have the correct domain which is mail.domain.com and does Not include the internal mail.COMP.domain.com.
Both, the Receive and Send connectors match mail.domain.com yet, the domain is including the internal DC "COMP" within received E-mail Internet Headers.
What else needs to be addressed on the 2019 Exchange server in order to have Exchange 2019 no longer display the mail.comp.domain.com?
I set up EOP to filter incoming email for my on-premise Exchange 2013 server. After changing my DNS (in GoDaddy, using the EOP wizard) to point to EOP, the on-premise Exch svr does not get mail. Senders get the following NDR:

Reported error: 554 5.4.14 Hop count exceeded - possible mail loop ATTR34 [BN7NAM10FT005.eop-nam10.prod.protection.outlook.com]  
DSN generated by: MN2PR02MB6608.namprd02.prod.outlook.com
Remote server: BN7NAM10FT005.mail.protection.outlook.com

The NDR is nice enough to provide a trace, which shows several Microsoft servers (see below). The servers are all unique (no apparent loop). Some other notes:

I signed up for only MS Exchange Online Protection. I do not have any other MS subscriptions (Office 365, etc.)

I defined our domain and 3 users in admin.microsoft,com. The 3 users exist on our on-premise Exchange Server. I sign onto a remote email service (AOL) and send an email message to one of 3 users. I get the NDR message. I send an email to a user on my on-premise that is not one of the 3 users. I get the NDR message.

The send connector wizard on admin.microsoft.com has a verify function. When I specify one of the 3 defined users, the verify fails. In the log the problem is "user not found". When I specify a user that is not defined to admin.ms.com, the verify function succeeds! I just don't get this...

Here are the hops in the NDR message:

Message Hops
1 3/26/2020
4:11:58 PM …
I have mailbox servers ( exchange 2016) in DAG , there are 2 scripts i need to run:

location of 1st one is under C drive - temp- start-xxx1.ps1 script

the 2nd script is under: E-program files-microsoft-exchangeserver-v15-scripts- xxx2.ps1 script

when i open exchange server, need to open Exchange management shell or powershell script?

can you let me know how to run: once i upon either of these, should i point the prompt to current directory?
Dear experts, I'm using Veeam 9.5 to backup exchange 2016 server. It said that the log was truncated but when I checked on Mail server, they were not. Vssadmin list writers said that the Exchange writer is on Retryable state. Can you kindly suggest?

Many thanks

I have the following powershell script that can disable users by employeeID

Import-Module ActiveDirectory
Import-Csv "C:\Users.csv" | ForEach-Object {
$employeeID = $_."EmployeeID"
Get-ADUser -LDAPFilter "(employeeID=$employeeID)"  | Disable-ADAccount
Write-Host "User $employeeID disabled"

Open in new window

but I'm looking to have this script output the into .csv or .txt that the employeeID was disabled or the employeeID wasn't found

Thank you,
I am trying to add to my existing offboarding script the ability to set a mailbox to shared upon offboarding a user.

I tried using:

Set-Mailbox -EmailAddress Iperez@contoso.com -Type Shared

Open in new window

But it keeps giving me this error.

Cannot display the prompt for "Identity" because type "Microsoft.Exchange.Configuration.Tasks.MailboxIdParameter" cannot be

I have already connected to Exchange Online and can run the Set-Mailbox command. Am i missing some module? Or do you know what i am doing wrong?
Hi,  I have an Exchange cert expiring.  I've found articles on how to install and apply it to the services (IIS, SMTP, IMAP, POP).  

My question is how do I know that it's actually applied properly?   There are other certs on there so I'm not sure if I should delete the rest?   Are there any commands to check besides get-exchangecertificate?
We just completed a migration for a client from POP3 to Office365.
I cannot 100% say that some accounts were not imap, but everything I touched was POP3.

It was a manual process that required both email servers to be live with transport rules between them.
There was no easy way around this, but only Office 365 exchange is running now.

During the process we would fire up an O365 license for the user
Import their PST into the email account through Outlook
Let it migrate to the cloud
and everything worked fine save for 1 other user that had this issue.
Deleting and recreating their profile solved the problem for that user.

Current issue
One user had a sizable PST of around 11GB, but nothing we had not seen in several other users
It imported to Outlook without error

In Outlook 2016, there is an issue where SOME subfolders not showing any emails.  Even when a brand new email from today is moved to that folder.  Invisible.
All of the emails show up in OWA.

We have deleted and recreated the email profile
Set cache to ALL (changed from 1 year)
Set cache to none
View->view settings = Off.  Do not see any filters set there.
Do not see any rules set up

I have noticed that some of the subfolder properties show
Type: folder containing IMAP items
Where others show Type: folder containing Mail and Post items
However they do not correspond to the problem folders.  It appears to be random which will not sync and which have the IMAP or…
Hi All

We have a strange scenario with 1 user not being able to access their mailbox remotely on a Domain Laptop.

We assigning the correct settings in "OA Proxy Settings" after a Outlook restart we are the settings disappear.

What we have tried so far.

Different user account on Laptop - Works fine, indicating its User specific.
Checked Exchange and AD setting and Non working user and Working user have the same settings.
Moved Non working user to same OU as Working user - no change
Gave Non working user same access rights through firewall - no change
Checked GPO and cannot see any differences.

Its driving me nuts as always its a Director and in this time of troubles he is screaming.

I have searched forums but alas no fix found so far.

Thank you in advance

Hi,  we have Exchange 2010 and 2016 in coexistence.  We added 2 new Exchange 2016 servers and were in the process of configuring them.  They new servers' IPs were not behind the NLB VIP yet.

When some 2016 users opened outlook, they were getting certificate warnings for the new servers.  Why would Outlook connect to those servers even though there are no mailboxes on them and the NLB doesn't point to them?

Is it possible to setup Exchange 2010 - OWA to be accessed off the network?

If so, can you please point me to documentation on that. I've been researching, but falling short.

Currently, OWA in our environment can be accessed when on the network, but curious if this can be setup to be accessed outside of our Network.

Thank you,
Hi there,

Having an issue with the receive connector in our hybrid Exchange 2016 environment. Successfully ran through the HCW and have migrated a test mailbox. I can send/receive internally to that mailbox and email from an external address to it also. What I can't do is email from the test mailbox to external addresses. That results in the Remote Server returned '550 5.7.54 SMTP; Unable to relay recipient in non-accepted domain' message.

I have read various articles and it looks like the Default Frontend receive connector is set correctly but my on-prem environment isn't using it. There is already a custom receive connector listening on port 25 for SMTP relaying for network devices. I'm sure this is what the issue is but not sure how to move forward as they requirement for that connector is there.







Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.