Loading...

Exchange and AD Powershell Useful Commands

I’ve had a few odd issues & tasks with Exchange 2010 and AD recently and wanted to take a moment to document them as well as the command used to resolve the issue:

The following command was useful to resolve an issue of multiple copies of the same shared mailbox showing where only one would allow access and the other copies would only fail to open.

Add-MailboxPermission -Identity <shared mailbox alias> -User <your mailbox alias> -AccessRights FullAccess -InheritanceType All -Automapping $false

The following will find all active user accounts whose Password Never Expires attribute is set to true formatted in a nice table of username and the value. Value is not really necessary because it should only return true, but everyone loves a sanity check right?

get-aduser -filter * -properties Name, PasswordNeverExpires | where { $_.passwordNeverExpires -eq "true" } | where {$_.enabled -eq "true"} | Format-Table -Property Name, PasswordNeverExpires -AutoSize

Exchange ActiveSync Inheritable Permissions not checked

This issue came up the other day when attempting to get Exchange 2010 ActiveSync profile set up with an iPhone. The behavior was the phone would read the account information and act like it was ready for you to start syncing but when you went into the Mail app, it would say cannot get mail. It turns out this is a very simple permissions issue of the user account not inheriting permissions. This article does an amazing job of explaining it.

Exchange ActiveSync and Inheritable Permissions issue