Setting Exchange calendar permissions using Powershell

A trick many people seem to miss is that it’s possible to set a mailbox’s calendar permissions using Powershell. This is achieved using the Add-MailboxFolderPermission and then specifying the folder you want to set permissions on, in this case the calendar.

For example, to set it so that by default everyone has “Reviewer” access to a mailbox:
Add-MailboxFolderPermission -Identity "dave@nwtraders.msft:\Calendar" -User Default -AccessRights Reviewer

Batch export Exchange mailboxes to PST

I recently had a requirement to export a bunch of mailboxes to PST from an Exchange 2010 environment. Thankfully Exchange 2010 SP1 had been deployed so I had access to the New-MailboxExportRequest series of cmdlets. Here’s what I came up with:

$ou = "nwtraders.msft/Users/Left"
$mailboxServer = "LONEX01"
$destinationUNC = "\\LONFS01\MBOX$\"

$mailboxList = Get-Mailbox -OrganizationalUnit $ou -Server $mailboxServer
$mailboxList | foreach-object {
New-MailboxExportRequest -FilePath $($destinationUNC)$($_.Name).pst -Mailbox $_.Name -Name $_.Name
}

Continue reading Batch export Exchange mailboxes to PST

Replication errors after adding a 2008 R2 DC

I was recently working on adding some 2008 R2 DCs to a 2003-only AD environment as part of a wider plan to upgrade them all in the next 12 months or so. As soon as I added the first DC I noticed something was up, replication wasn’t working. The Event log on the new 2008 R2 DC was filled with Event ID 1645:

Active Directory Domain Services did not perform an authenticated remote procedure call (RPC) to another directory server because the desired service principal name (SPN) for the destination directory server is not registered on the Key Distribution Center (KDC) domain controller that resolves the SPN.

Destination directory server:

vvvvvvvv-wwww-xxxx-yyyy-zzzzzzzzzzzz._msdcs.domain.com

SPN:

aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee/vvvvvvvv-wwww-xxxx-yyyy-zzzzzzzzzzzz/domain.com@domain.com

User Action

Verify that the names of the destination directory server and domain are correct. Also, verify that the SPN is registered on the KDC domain controller. If the destination directory server has been recently promoted, it will be necessary for the local directory server’s account data to replicate to the KDC before this directory server can be authenticated.

Continue reading Replication errors after adding a 2008 R2 DC