This page contains a listing and explanation of my most useful PowerShell scripts for Exchange Server 2007. The Windows PowerShell is an amazing utility for command-line scripting configuration commands on a Windows Server and various Microsoft server applications like Exchange, SQL, etc. Ill try to keep this updated any time I experience a need to use the PowerShell. The complete TechNet Exchange PowerShell reference can be found here.

Grant Full Mailbox Access TO ALL Mailboxes FOR a specific user or group:

Get-Mailbox | Add-MailboxPermission -User "USERORGROUPNAME" -AccessRights FullAccess -InheritanceType all

Remove Full Mailbox Access FROM ALL Mailboxes FOR a specific user or group:

Get-Mailbox | Remove-MailboxPermission -User "USERORGROUPNAME" -AccessRights FullAccess -InheritanceType all

Set Managed Folder Policy on ALL Mailboxes:

Get-Mailbox | Set-Mailbox -ManagedFolderMailboxPolicy "MANAGEDFOLDERPOLICYNAME"

Set ActiveSync Policy on ALL Mailboxes [NOTE: Please remove the extra space before ).Identity]:

Get-Mailbox | Set-CASMailbox -ActiveSyncMailboxPolicy(Get-ActiveSyncMailboxPolicy "ACTIVESYNCPOLICYNAME" ).Identity

Run the Managed Folder Cleanup on ALL Mailboxes…

– For the whole server: Start-ManagedFolderAssistant -Server SERVERNAME
– For a specific database: Start-ManagedFolderAssistant -Database DBNAME

Export Mailbox Statistics to a Comma-Separated-Values (CSV) File, Sorted by Mailbox Size (Descending, Largest to Smallest)[This script will list the Fullname, GUID, Number of Items in Mailbox, Mailbox Size in MB, and Database Name]:

Get-MailboxStatistics -Server SERVERNAME | Sort-Object TotalItemSize -Descending | Select DisplayName, MailboxGUID, ItemCount, @{expression={$_.totalitemsize.value.ToMB()}}, DatabaseName | Export-CSV FILENAME.csv

Set Permissions on an Exchange Resource Mailboxs Calendar so that it will automatically accept/deny scheduled events based on availability, add the Organizer name to the event subject, and disable the limit on recurring event end-dates:

Set-MailboxCalendarSettings -Identity "MAILBOXCOMMONNAME" -AutomateProcessing AutoAccept -AddOrganizerToSubject $true -EnforceSchedulingHorizon $false

Fix OWA Login for Specific Mailboxes (You will receive this error message after attempting to login – A problem occurred while trying to use your mailbox. Please contact technical support for your organization, followed by a very lengthy list of .NET Framework code):

Set-Mailbox USERNAME -ApplyMandatoryProperties

Reset Outlook Web Access to Default Settings (can also be used to restore deleted OWA folders)[NOTE: If youve changed the descriptive name of your IIS site, you will need to replace "Default Web Site" with that descriptive name]:

Remove-OwaVirtualDirectory "exchange (Default Web Site)"
Remove-OwaVirtualDirectory "public (Default Web Site)"
Remove-OwaVirtualDirectory "exchweb (Default Web Site)"
Remove-OwaVirtualDirectory "owa (Default Web Site)"
New-OwaVirtualDirectory "exchange" -OwaVersion Exchange2003or2000 -VirtualDirectoryType Mailboxes -WebSiteName "Default Web Site"
New-OwaVirtualDirectory "public" -OwaVersion Exchange2003or2000 -VirtualDirectoryType PublicFolders -WebSiteName "Default Web Site"
New-OwaVirtualDirectory "exchweb" -OwaVersion Exchange2003or2000 -VirtualDirectoryType Exchweb -WebSiteName "Default Web Site"
New-OwaVirtualDirectory -name "owa" -OwaVersion Exchange2007 -WebSiteName "Default Web Site"

Generate a Certificate Request for a 3rd-Party SSL Certificate (such as those from GoDaddy)[NOTE: This command, as provided, will allow a single server to perform ALL Exchange 2007 functions, including OWA, Autodiscover, and local intranet authentication, be very cautious about changing the parameters. If you use multiple servers, you will need to do this for each server. With GoDaddys Standard Multi-Domain UCC Certificates, this will register mail.domain.com, autodiscover.domain.com, www.domain.com, domain.com, localserver.internaldomain, localserver, so that the server can be fully used internally and externally, perfect if you only have one server for your organization but just as useful for multiple servers.]:

New-ExchangeCertificate -subjectName "C=COUNTRYNAMEHERE, ST=STATENAMEHERE, L=CITYNAMEHERE, O=COMPANYNAMEHEREBUTNOPUNCTUATION, OU=COMPANYDEPARTMENTNAME, CN=mail.FULLDOMAINNAME.EXTENSION" -FriendlyName "COMPANYNAMEHERECANUSEPUNCTUATION" -DomainName "autodiscover.FULLDOMAINNAME.EXTENSION, www.FULLDOMAINNAME.EXTENSION, FULLDOMAINNAME.EXTENSION, INTERNALSERVERNAME.INTERNALDOMAINNAME, INTERNALSERVERNAME" -GenerateRequest $true -PrivateKeyExportable $true -Keysize 4096 -path C:\CERT.txt

When working with 3rd-party SSLs, especially for the Outlook Autodiscovery function to enable Outlook Anywhere access, it is very likely youll need to reconfigure the Autodiscover service. Here is a script that automates the process [NOTE: You may need to change the (Default Web Site) to match your servers descriptive name in IIS):

Get-OutlookProvider | fl
Set-OutlookProvider -id EXPR -server "mail.FULLDOMAINNAME.EXTENSION" -CertPrincipalName "msstd:mail.FULLDOMAINNAME.EXTENSION"
Get-OutlookAnywhere | fl
Set-OutlookAnywhere -ClientAuthenticationMethod:NTLM -identity "SERVER\RPC (Default Web Site)"
Set-OutlookProvider -id EXPR -server $null

Fix Performance Issues with the Exchange PowerShell...for some Exchange servers, the PowerShell can be very sluggish on load due to a damaged configuration setting during install. The following command can boost performance dramatically [NOTE: Please remove the extra space before ) ngen.exe]:

Set-Alias ngen @(dir (join-path ${env:\windir} "Microsoft.NET\Framework64" ) ngen.exe -recurse | sort -descending lastwritetime)[0].fullName[appdomain]::currentdomain.getassemblies() | %{ngen $_.location}