More proxyaddresses scripts

Remember the post about Remove proxy addresses Script? It was developed for Exchange 2007 and did not work for Exchange 2010.
People wrote comments with suggestions (thank you all for that) and I thought I published an updated version that work with Exchange 2010 together with another script that add SMTP addresses.

# Remove proxy addresses
# change the Get-Mailbox statement in line 7 to select only a subset of mailboxes

$DomainToRemove = "*@olddomain.com"

#get mailboxes and iterate through
Get-Mailbox -ResultSize Unlimited | foreach {
$_.Alias
# .emailaddresses returns array
# loop each email address
for ($i=$_.EmailAddresses.Count;$i -ge 0; $i--)
{
$address = $_.EmailAddresses[$i]
#Write-Host $address
# removes all addresses with $DomainToRemove
if ($address.SmtpAddress -like $DomainToRemove )
{
Write-host("Remove smtp adress: " + $address.AddressString.ToString() )
# remove address in the array
$_.EmailAddresses.RemoveAt($i)
}
}
# save changes
$_ | Set-Mailbox -EmailAddresses $_.EmailAddresses
Write-Host
}

And the Add proxy addresses script.

# Add proxy addresses
# change the Get-Mailbox statement in line 8 to select only a subset of mailboxes

$AddressSearchedFor = "*@domaintocopy.com"
$DomainToAdd = "@newdomain.com"

#get mailboxes and iterate through
Get-Mailbox -ResultSize Unlimited | foreach{
$_.Alias
# .emailaddresses returns array
# loop each email address
for ($i=$_.EmailAddresses.Count;$i -ge 0; $i--)
{
$address = $_.EmailAddresses[$i]
#Write-Host $address

# look for SMTP addresses in source
if ($address.SmtpAddress -like $AddressSearchedFor )
{
# get the left part of address
$a = [string] $address
$b = $a.indexof("@")
$a = $a.substring(5, $b-5 )
#Write-Host $

# Add SMTP address
Write-host("Adding smtp adress: " + $a + $DomainToAdd )
# add address in the array
$_.EmailAddresses.add("smtp:" + $a + $DomainToAdd)
}
# save changes
$_ | Set-Mailbox -EmailAddresses $_.EmailAddresses
}
Write-Host
}

Exchange Server 2007 Service Pack 3 Update Rollup 4

UR4 for Exchange 2007 SP3 is now out.it contains several bug fixes. One particular fix is the one with MAC sending attached PDF and outlook cannot see it.

Read KB2509911 to see the full list of bug fixes. Here is the download link

Outlook authentication popup when database move or failover

Have you noticed that when you run Exchange 2010 DAG and move the active database to another node, outlook throw an authentication prompt.

The behavior according to many sources including Microsoft is that a move or failover should go almost unnoticed by the end user. Well it does sometime, but many times outlook popups the authentication prompt.

Messed around in my lab with all kind of configurations and discovered that the prompt is to the outlook anywhere URL. This makes sense because the database goes offline and then another database goes online. This takes a short moment but the only component that should see this is CAS and outlook should still have connection to your Hardware Load Balancer or CAS if you don’t have a HLB. So if outlook is aware of a database goes offline then this is kind of valid.

To try things a little bit more I configured the system not to resolve the Outlook anywhere URL when connected to the internal network and then I did a move of active database again and I was very surprised that outlook still did popup for the outlook anywhere URL without actually being able to resolve it in DNS or even less actually connecting to it.

I figured there must be some caching going on here and to be safe I simply reboot everything. But outlook behaved the same, prompting me for credentials for an URL that could not be reached.

Finally I poked around in the configuration and decided to change the authentication scheme for outlook anywhere to Windows Integrated. I did not have a TMG or UAG in the system so I did not need to configure Kerberos Constrained Delegation (that’s another story).

Placed an outlook on the outside of the network and things went smooth; NTLM let me in directly with my cached domain credentials.

Moved outlook to the internal network and still everything worked as it should. Finally did move of the active database to another server. Outlook did not even blink, well almost, it just said it’s not connected and then a couple of seconds later it said connected again.

Well this must be one of the rare occasions when everything worked as it should according to various sources. Did about 20 more move of the active mailbox database and not a single time did outlook give me authentication prompt.

Well, I reconfigured outlook anywhere to use basic clear text authentication again and moved the database back and forth and about half the times outlook gave me the annoying authentication prompt.

Did some more testing with various setup and different version of outlook but the behavior is the same. When outlook anywhere is configured with basic clear text I get authentication prompts and when configured with Windows Integrated everything work without a hiccup.

Do we have any drawbacks by configure windows integrated authentication on outlook anywhere? Yes there is. Depending on if you have ISA/TMG/UAG doing Kerberos Constrained Delegation against your CAS, everything must belong to the same windows domain. Well, not exactly everything but all accounts used in the process, that is computer and user accounts.
This means if you have multiple forests or multiple domains and publishing Outlook Anywhere with pre-authentication on TMG/UAG, you’re almost forced to use Basic Authentication.

More information about Kerberos Constrained Delegation will be posted in a later post.

Office 2010 Service Pack 1

Together with the release of Microsoft Office 365, Microsoft also released SP1 for Office 2010.

Read KB2460049, Description of Office 2010 SP1.

Download links is found in KB2510690, List of all Office 2010 SP1 packages.

Exchange Server 2010 Service Pack 1 Update Rollup 4

UR4 for Exchange 2010 SP1 have fixed several bugs, both stuff that users see and also some things that only Exchange admin see.
Information about the update is found in KB2509910