Accessing Other Mailboxes in OWA

Here’s a question someone recently asked me:

Is there a tool to ‘administratively’ open another users mailbox to search through their inbox and other various folders for things?

In our world of Domino/Notes, the administrator could simply open the user’s ‘NSF’ file on the server and have complete access to the whole lot. But each user’s mailbox was a complete database file in that world.

I do know how to set my user account in Outlook to open another user’s mailbox with the account setting Advanced tab, but I was wondering if there was an admin ‘sneaky’ way to do such a thing without having to reconfigure my Outlook client every time.

 

I’d suggest looking at the Outlook Web Access (OWA) Premium interface.

Here are two ways. First, using the OWA interface which requires that you’re logged on in Premium (not Light) mode. Second, we’ll take a look at a URL technique.

When you’re logged on to OWA with your regular credentials to your mailbox, you can simply navigate to the OWA toolbar between the Options and Log Off. Do you see your name there? It should have a triangle to the right. Tap on your name to open the “Open Other Mailbox” dialog. You should be able to type in the name of another mailbox you want to open.

Ah yes, there’s something you should know…

Before you’ll be able to access someone else’s mailbox, you’ll need to have access to it according to Exchange Server 2007 permissions. Such permissions can be granted via the Exchange Management Console (EMC) assuming you have Service Pack 1 (SP1) or later. With any version of E2K7 these permissions can also be granted using the Exchange Management Shell (EMS) cmdlet Add-MailboxPermission. Let me know if you need details on that.

With the proper permissions, using OWA to access the other mailboxes should be a lot easier than adding them into Microsoft Office’s “native” Outlook 2007.

Another way to get to someone else’s mailbox is to use their full email address in the URL after the “owa” folder, such as:

https://mail.myorg.net/owa/alex.wombat@myorg.net

Note to those people who are used to using only the localpart alias (e.g. alex.wombat) of the email address in Exchange 2003 – the format for specifying the mailbox in OWA 2007 is different. It’s best to use the full email address now.

Also, with this URL technique you can focus on a specific folder of that user’s mailbox. For example:

https://mail.myorg.net/owa/alex.wombat@myorg.net/?cmd=contents&module=inbox

That example would focus on Alex Wombat’s Inbox, but by simply using the folder name (with %20 instead of spaces for spacey folder names) after the “module=” part of the URL you can choose another folder.

The Dawn of a New Era — Windows Server 2008 R2

vivii-server

Windows Server 2008 Release Two (R2) has been brewing for a long time at Microsoft, along with it’s client-side twin Windows 7. We’ve seen the sonograms (beta releases), they’ve both been born (released to manufacturing (RTM)) on July 22, 2009, and now they’ll soon come out of the hospital and into public view. Well, if you’ve been hiding under a rock, Windows Server 2008 R2 and Windows 7 are available to Microsoft partners, original equipment manufacturers (OEMs), and are in the process of being distributed (i.e. available “mid-August”) through developer and professional (e.g. MSDN, TechNet) channels as well.

General Availability of Windows Server 2008 R2, like Windows 7, is scheduled for October 22, 2009. Please visit <http://www.microsoft.com/windowsserver2008/> for an introduction.

There are some great new features in Windows Server 2008 R2 such as Windows PowerShell version 2.0! We could go on about how wonderful IIS 7.5 is and what more you can do than with IIS 7.0 (from Windows Server 2008). Feature by feature, advantage by advantage, we could address what’s new and what to expect from Windows Server 2008 R2. It’s very tempting to write yet another article about what features are different.

But keep in mind that this is a “release two” in more of a major way than “release two” of Windows Server 2003 R2 was to the original Windows Server 2003.

Server operating systems are different than client operating systems and (for the most part) used in some very different ways. However…

Perhaps the most important thing to keep in mind is that:

  1. Many people don’t like Windows Vista for various reasons.
  2. Windows Server 2008 is effectively Windows Vista Server. Think about that for a moment.
  3. Many people have been eagerly waiting for Windows 7.
  4. Windows Server 2008 R2 is effectively Windows 7 Server.

What does this mean? Well, I’ve had remarkably great luck with Windows Vista, and even as a Mac and UNIX person, I’ll just tell you that many people give Vista a bad rap. And with a vast volume of organizations waiting go jump from XP past Vista to Windows 7, one has to wonder (I don’t have sales numbers to quote) if there are many organizations waiting to go from Windows Server 2003, and even Solaris, Novell, and other operating systems straight up to Windows Server 2008 R2 and bypass “regular old Windows Server 2008?”

Maybe not. It could be that “server” and infrastructure people don’t associate Windows Server 2008 with Vista or whatever badness they perceive Vista to have (or have had). Yet like Windows 7, isn’t Windows Server 2008 R2 poised to be instrumental in the dawn of a new era for Windows servers?

If you think of Windows Server 2008 R2 as the more polished, well honed, well thought out, well executed, more stable, more efficient, more compatible second release of Windows Server 2008 or as “Windows 7 Server,” do you think you’ll migrate to it in the next six months? I think it’s worth a serious look. Details will naturally follow soon.

To edge of not to edge? Not quite the question.

mail-relay

“There is an Edge Transport and a Hub Transport, correct? When there is an Edge Transport the Hub Transport is no longer in the e-mail loop or is it?”

Quick Answer: “It is.”

And now for the slightly longer answer. But first, I should mention that you might want to go read my earlier blog article on “Five Things About Exchange Server 2007 You Probably Don’t Know (part 4)” or the in the Global Knowledge whitepaper (see <http://www.globalknowledge.com/training/whitepaperlist.asp?pageid=502&country=United+States> and select the Microsoft category).

The hub transport and edge transport roles perform different roles in an Exchange organization with remarkable similarities, not quite like Dr. Jekyll and Mr. Hyde, but let’s go with the analogy anyway.

Dr. Jekyll is the refined professional, visible in the community as an upstanding participant in the public health. Similarly, servers running Exchange Server 2007 with the Hub Transport role installed (and perhaps other roles as well) performs four main functions, as follows:

  • pick up messages waiting in people’s Outboxes,
  • route messages between mailboxes within the organization,
  • exchange messages with server outside the organization, such as inbound and outbound messages from/to the public Internet,
  • deliver messages to mailboxes (e.g. Inbox folder) within the organization.

In addition, it’s true that Hub Transport servers can also do AntiSPAM and AntiVirus filtering, but those extra functions are sometimes reserved for other servers which are outside, or at the edge of the organization. We’ll talk more about those other servers in just a moment.

Servers with the Hub Transport role can also do journaling and perform extra work according to a list of transport rules. These are immensely powerful features which we shall not elaborate on at the moment.

As a part of pickup and delivery from and to mailboxes within the organization, the Hub Transport role will communicate with the Mailbox server role within the same server or within the same Active Directory site using the messaging application programming interface (MAPI). This involves not only the actual transfer of messages using MAPI over the remote procedure call (RPC), but lookup of information in Active Directory as well. As a part of routing messages within the organization, the Hub Transport role also needs to get information from Active Directory and then communicate with other Hub Transport servers within other Active Directory sites within the organization using the Simple Mail Transfer Protocol (SMTP) and external servers via SMTP as well.

We need to protect our servers which run the Hub Transport role. Not because they speak SMTP, but because they use MAPI/RPC for pickup/delivery with mailbox servers, and Active Directory protocols such as the lightweight directory access protocol (LDAP) which could provide access to security-sensitive information. Like the Mailbox (MB), Client Access (CA), and Unified Messaging (UM) roles, the servers hosting the Hub Transport (HT) role should be located on intranet network segments which are protected by firewalls from the outside world. Access to LDAP and MAPI/RPC are not allowed from outside these protected intranets.

Enter Mr. Hyde. Unlike Dr. Jekyll who probably took an oath to protect, preserve, and uphold the health of messages in the community, Mr. Hyde is more commonly known for unsavory activities such as altering and eliminating certain messages. But like Dr. Jekyll, Mr. Hyde is very intelligent, and skilled with a knife. Where is this analogy going? Oh, right.

Like Hub Transport servers, Edge Transport servers are quite adept with the SMTP and use it as often as they can. But they lurk in the shadows. Edge Transport servers wouldn’t be seen in broad daylight at a social gathering with the leaders in society. Edge Transport servers are not allowed to communicate via LDAP (directly at least) with the intranet-based Active Directory Domain Services nor use MAPI/RPC to directly access mailboxes. Mr. Hyde, like Edge Transport servers, does not live on the intranet. In the shadows of the extranet, the perimeter network, the demilitarized zone (DMZ), the edge network, the Edge Transport server(s), like Mr. Hyde, can perform other activities however.

Edge Transport servers can secretly remove messages without anyone’s knowledge (e.g. AntiSPAM protection), and alter the body of messages which they find interesting or attractive (e.g. AntiVirus functionality). Well, perhaps Edge Transport servers aren’t quite as evil as Mr. Hyde. But there’s another essential aspect of the relationship. Mr. Hyde needs Dr. Jekyll, and is in essence another aspect of Dr. Jekyll then the one we normally see in another environment. Similarly, Edge Transport servers, with their SMTP, transport rules, journalling, are cut of the same cloth as Hub Transports. Yet Edge Transport servers work in the extranet, outside the internal networks and outside the Active Directory forests and Exchange organization(s) of the intranet(s) of the organization. Hub Transport servers are needed on the inside whether or not Edge Transports exist at all.

Let’s think about that again. Hub Transport servers are needed for pickup, transfer, delivery, and gateways to/from the outside world. Having Edge Transport servers does not replace the need for Hub Transports any more than having Mr. Hyde could replace Dr. Jekyll. Simplistically speaking, Hub Transport servers are very much in the message path between Edge Transport servers and the Mailbox servers.

But can a Hub Transport server transform into an Edge Transport server by drinking a potion, or with entrainment, even without the potion?

Mailbox Statistics Revisited

Even if the Exchange Management Console doesn’t want to reveal all of its secrets to you easily, the Exchange Management Shell is perfectly willing to talk about gossip like mailbox statistics and mailbox folder statistics with you. You just have to know how to ask.

Get-MailboxStatistics is an Exchange Server 2007 cmdlet which normally shows a table of mailboxes with columns including DisplayName, ItemCount, StorageLimitStatus, and LastLogonTime.

How do we customize the output of Get-MailboxStatistics to better meet our needs? Consider a question I was recently asked – how can we see the storage group which each mailbox is in? The quick answer is we need to determine the name of the property on the mailbox statistics objects which shows us the storage group name. Rather than guess, we can look using Get-Member, Format-List, or other techniques. Consider the following approach.

Get-MailboxStatistics | format-list

This can reveal properties such as AssociatedItemCount, DeletedItemCount, DisconnectDate, DisplayName, ItemCount, LastLoggedOnUserAccount, LastLogoffTime, LastLogonTime, LegacyDN, MailboxGuid, ObjectClass, StorageLimitStatus, TotalDeletedItemSize, TotalItemSize, Database, ServerName, StorageGroupName, DatabaseName, Identity, IsValid, and OriginatingServer. Then these property names can be used to focus on what we want to see from Get-MailboxStatistics.

For example, we could use Get-MailboxStatistics and then where-object, sort-object, and format-table to choose how we see those statistics.

Get-MailboxStatistics |

where { $_.displayname -notmatch “SystemMailbox” } |

sort totalitemsize -desc |

FT displayname,storagegroupname,ItemCount,TotalItemSize -auto

This will show statistics on mailboxes which are not system mailboxes. This pipeline then sorts the remaining mailboxes by descending (highest to lowest) total item size. Then we use format-table to show the mailbox name (DisplayName), the name of the storage group (without the server and database names), because that’s what the someone had asked me for. Also selected to display with format-table are the item count in the mailbox and the total item size in the mailbox. The -auto (-AutoSize) parameter is included on Format-Table to adjust the column widths reasonably.

How often do you get some data from a command and it’s almost what you want, but not quite. Either there is missing data, or the format isn’t right. With a bit of adjustment, hopefully we can bring what we need into focus.

Sending Email From a Script

Some Exchange administrators recently asked me how to send a scheduled message. In other words, they wanted to send a certain message at 7:30 a.m. without having to be at their computer to manually interactively send the message at that time.

Have you ever wondered how you could send messages in your sleep?

There are certainly ways in which Outlook could be scripted, but because the people who asked the question were Exchange Server 2007 administrators, a PowerShell based solution which works in the Exchange Management Shell (EMS) is what came to mind first.

First, let’s look at how to send a message. At the shell prompt you could type the following, or simply put this into a script file and then run it.

$o = new-object -com CDO.Message

$o.To = “coolpeople@gk.com

$o.From = “administrator@gk.com

$o.Subject = “Hello, world”

$o.TextBody = “This is a test. This is only a test. Thanks.”

$o.Send()

Of course, a parameterized script or function could be defined to make this PowerShell snippet more flexible, but we’ll leave that as an exercise for the reader.

Naturally, this could be embedded into a batch file which invokes PowerShell and runs a shell script as a scheduled task. Again, we’ll leave that for you to work with, or ask me to discuss in another blog post.

Here’s a quick example of how to send one hundred test messages with the test number in the subject field.

1..100 | % { …; $o.Subject= “test $_”; …; $o.Send() }

Clearly, using the CDO.Message class in PowerShell has a lot of power. What kinds of useful things can you do with this power? You tell me!