Configurable Features for Service Plans and Mailbox Plans

 

Applies to: Exchange Server 2010 SP2

Service plans enforce certain interdependencies between features. Provisioning a new organization will fail if dependencies are broken, if an unknown feature is referenced, or the XML schema is invalid for a given service plan.

Important

Features in each section of the service plan and mailbox plans must be in alphabetical order. In addition, Boolean features (those that require a true or false value) that aren’t listed in the service plan won’t be enabled.

Service plan templates are stored in the following location: <Exchange Installation Path>\Exchange Server\V14\ClientAccess\ServicePlans. To learn more, see Understanding Service Plans and Mailbox Plans.

You can verify a service plan by running the New-Organization cmdlet with the WhatIf parameter.

Organization

This section includes features that apply to the entire tenant organization.

Global Elements

Global elements determine which features will be permitted for the entire organization.

Feature Category Description Additional configuration and dependencies

AddressListEnabled

OrgWideConfiguration

Specifies that precanned address lists such as All Rooms and All Contacts are created when the tenant organization is created.

None

AutoForwardEnabled

OrgWideConfiguration

Specifies whether to allow messages that are auto-forwarded by client e-mail programs in your organization. Setting this parameter to true enables auto-forwarded messages to be delivered to remote domains.

None

AutoReplyEnabled

OrgWideConfiguration

Specifies whether to allow messages that are automatic replies from client e-mail programs in your organization. Setting this parameter to true enables automatic replies to be delivered to remote domains.

None

CommonConfiguration

OrgWideConfiguration

Configures tenant administrator accounts.

This feature should always be enabled.

HideAdminAccessWarningEnabled

OrgWideConfiguration

Specifies not to warn users that an administrator has access rights to their mailbox.

None

MailtipsEnabled

OrgWideConfiguration

Specifies that the tenant organization has MailTips enabled.

None

OfflineAddressBookEnabled

OrgWideConfiguration

Specifies that the organization has offline address books (OABs) available.

If this feature is enabled, you must also enable the following features on at least one of the mailbox plans within the service plan:

  • AddressListEnabled

  • OutlookAnywhereEnabled

In addition, you must properly configure OABs for this organization. For more information, see Create an Offline Address Book.

SearchMessageEnabled

OrgWideConfiguration

Specifies that the tenant administrator is a member of the Discovery Management role group and has Role Based Access Control (RBAC) permissions to Discovery mailboxes.

By default, tenant administrators aren’t members of the Discovery Management role group and don’t have RBAC permissions to Discovery mailboxes. They do, however, have the ability to delegate the Discovery Management role, which allows the user to run discovery cmdlets and provides access to the default Discovery mailboxes. The tenant administrator can delegate the role to himself/herself or to others.

Add a user to the Discovery Management role group. For more information, see Add a User to the Discovery Management Role Group.

SkipToOUandParentalControlCheckEnabled

OrgWideConfiguration

Enables Outlook Web App redirection.

Be sure to also set the HideAdminAccessWarningEnabled parameter.

SMTPAddressCheckwithAcceptedDomainEnabled

OrgWideConfiguration

This feature checks the SMTP address with accepted domains for mail users and mail contacts.

None

Permission Elements

Organizational permission elements configure the RBAC rights that are available to the tenant administrator, either through the Shell or through management interfaces such as the Exchange Control Panel (ECP).

Note

If a parameter listed in the following table is set to true, and there is a user interface (UI) available in ECP for that feature, the tenant administrator will be able to access the UI. If the parameter is set to false, the ECP UI will be unavailable for the tenant administrator.

Feature Category Description Additional configuration

ActiveSyncDeviceDataAccessPermissions

AdminPermissions

Specifies that the tenant administrator has permissions to retrieve information about the Exchange ActiveSync devices used within their organization. This parameter also allows the administrator to clear a user's device (privacy restricted).

Should be used in conjunction with the ActiveSyncPermissions parameter.

ActiveSyncPermissions

AdminPermissions

Specifies that the tenant administrator can manage Exchange ActiveSync access and policies for their users.

Should be used in conjunction with the ActiveSyncDeviceDataAccessPermissions parameter.

ArchivePermissions

AdminPermissions

Specifies that the tenant administrator can manage archive permissions for their users.

None

CalendarConnectionPermissions

AdminPermissions

Specifies that tenant administrators can configure the new Calendar Connection feature, which allows users outside the organization to view and edit their calendar, view and edit other users’ calendars, and subscribe to published calendars on the Internet.

None

ChangeMailboxPlansAssignmentPermissions

AdminPermissions

Specifies that tenant administrators can change mailbox plans for users in their organization.

None

EWSPermissions

AdminPermissions

Specifies that tenant administrators can manage access policies for Exchange Web Services (EWS).

None

ImapPermissions

AdminPermissions

Specifies that tenant administrators can manage IMAP4 settings, allowing them to enable, disable, or customize the settings.

None

JournalingRulesPermissions

AdminPermissions

Specifies that the tenant administrator can manage journaling rules. Using journaling rules, tenant administrators can record all communications (including e-mail) in their organization to comply with the organization's e-mail retention or archival strategy (privacy restricted)

None

LitigationHoldPermissions

AdminPermissions

Specifies that the tenant administrator can place a mailbox on litigation hold.

None

MailtipsPermissions

AdminPermissions

Specifies that the tenant administrator can assign permissions that allow users to configure MailTips for their mailboxes.

None

ManagedFolderPermissions

AdminPermissions

Specifies that the tenant administrator can assign permissions that allow users to configure managed folders.

None

MessageTrackingPermissions

AdminPermissions

Specifies that the tenant administrator can manage message tracking reports.

None

ModeratedRecipientPermissions

AdminPermissions

Specifies that the tenant administrator can control e-mail delivery to protected distribution groups and users by restricting to and pending from an e-mail approval process.

None

NewUserPasswordManagementPermissions

AdminPermissions

Specifies that the tenant administrator can create a password when creating a new mailbox.

None

OrganizationalAffinityPermissions

AdminPermissions

Specifies that the tenant administrator can turn off the ECP features Work week and Automatically process requests and responses from external senders.

Don’t remove this permission. This is required for ECP to function correctly.

OutlookAnywherePermissions

AdminPermissions

Specifies that the tenant administrator can enable Outlook Anywhere access for users.

If you enable this feature, you must also set the OutlookAnywhereEnabled parameter to true.

OWAMailboxPolicyPermissions

AdminPermissions

Specifies that the tenant administrator can create and manage Outlook Web App mailbox policies.

None

OWAPermissions

AdminPermissions

Specifies that the tenant administrator can manage Outlook Web App features (for example, customizing Outlook Web App settings and themes).

None

PerMBXPlanRoleAssignmentPolicyEnabled

AdminPermission

Specifies whether to include Permissions sections in each mailbox plan of the service plan. If this parameter is set to true, each mailbox plan listed in the service plan must include a Permissions section, and all end users will have a different set of permissions depending on the mailbox plan to which they’ve been assigned. If this parameter is set to false, only one Permissions section will be included for all mailbox plans. This section will be included in the most permissive mailbox plan, and all end users will have a common set of permissions.

You can’t use this parameter in conjunction with the RoleAssignmentPolicyPermissions parameter.

PopPermissions

AdminPermissions

Specifies that the tenant administrators can manage POP3 settings.

None

ProfileUpdatePermissions

AdminPermissions

Specifies that the tenant administrator can update user profile information.

None

RBACManagementPermissions

AdminPermissions

Specifies that the tenant administrator can manage RBAC roles, role assignments, role entries, and role scope.

None

RecipientManagementPermissions

AdminPermissions

Specifies that the tenant administrator can create and remove mailboxes.

None

ResetUserPasswordManagementPermissions

AdminPermissions

Specifies that the tenant administrator can reset user passwords.

Set the SkipResetPasswordOnFirstLoginEnabled parameter to true on all mailbox plans within the service plan.

RetentionTagsPermissions

 

Specifies that the tenant administrator can create and manage retention tags.

This feature requires Outlook 2010.

RoleAssignmentPolicyPermissions

AdminPermissions

Specifies that the tenant administrator can crate and mange role assignment policies.

You can’t use this parameter in conjunction with the PerMBXRoleAssignmentPolicyEnabled parameter. If the RoleAssignmentPolicyPermissions parameter is set to false, there should be only one mailbox plan with the MailboxPlanPermissions category of features enabled.

SearchMessagePermissions

AdminPermissions

Specifies that the tenant administrator can search messages to resolve compliance issues.

None

SetHiddentFromAddressListPermissions

AdminPermissions

Specifies that the tenant administrator can hide a mailbox from address lists.

If you set this parameter to true, you must also do the same for the ShowInAddressListsEnabled parameter to enable that feature on all mailbox plans.

SMSPermissions

AdminPermissions

Specifies that the tenant administrator can manage and enable SMS for user mailboxes.

None

TransportRulesPermissions

AdminPermissions

Specifies that the tenant administrator can manage transport rules.

Transport Rules enables organizations to create rules based on conditions, exceptions, and actions. Conditions apply to users, distribution lists, and message contents. Exceptions let you exclude specific users, distribution lists, or SMTP connectors

None

UserMailboxAccessPermissions

AdminPermissions

Specifies that the tenant administrator can access the content of user’s mailboxes. This allows tenant administrators to configure user’s Inbox rules, mailbox permissions, and forwarding addresses.

None

Quota Elements

When the following quota element maximums are reached, the tenant organization will be unable to create additional recipient types. However, if a tenant administrator creates a large number of objects in a short time span, it may be possible to exceed quotas until the information propagates across all Mailbox and Client Access servers.

Feature Category Description Dependencies

ContactCountQuota

OrgWideConfiguration

Specifies the maximum number of contacts allowed in the tenant organization's address list.

None

DistributionListCountQuota

OrgWideConfiguration

Specifies the maximum number of distribution lists allowed in the tenant organization.

None

MailboxCountQuota

OrgWideConfiguration

Specifies the maximum number of mailboxes allowed in the tenant organization.

None

MailUserCountQuota

OrgWideConfiguration

Specifies the maximum number of mail user accounts allowed in the tenant organization.

None

RecipientMailSubmissionRateQuota

OrgWideConfiguration

Specifies how many messages a mailbox can send. By default, this is unlimited.

None

Mailbox Plans

The mailbox plan specifies a set of Exchange features that needs to be enabled on a mailbox in the tenant organization. Tenant organizations can have multiple mailbox plans. Mailbox plans are assigned to the tenant organization by the Service Plan. The mailbox plan is an Active Directory object and is used by cmdlets that provision mailboxes, such as New-Mailbox and Enable-Mailbox.

Mailbox Plan Identifiers

This table describes the section in the mailbox plan that identifies each individual mailbox plan. If you have multiple mailbox plans in the service plan, you need to ensure that this section identifies each plan. You can have only one default plan.

Feature Category Description Dependencies

MailboxPlanName

PlanIdentifier

Specifies the name of the mailbox plan.

You can create multiple plans, each plan must have a unique name.

MailboxPlanIndex

PlanIdentifier

Each mailbox plan in this service plan must have a unique index number.

Each mailbox plan must have a unique name.

ProvisionAsDefault

PlanIdentifier

Specifies that the mailbox plan is the default mailbox plan. When new mailboxes are created and you do not specify a mailbox plan at that time the default mailbox plan will be applied to the mailbox.

This feature can be overridden by tenant administrators who have permission to change the default mailbox plan.

Only one mailbox plan can be provisioned as the default.

Boolean Elements

This table describes the section in the service plan that is labeled Boolean Elements and controls features and services available to end-users. Boolean elements are either true or false. If the features aren’t listed in the mailbox plan, it will not be enabled.

Feature Category Description Additional configuration

ActiveSyncEnabled

MailboxPlanConfiguration

Specifies that Exchange ActiveSync is enabled for the user. Exchange ActiveSync lets you synchronize a mobile phone with your Exchange mailbox.

The default value is true.

You may create ActiveSync mailbox policies for the tenant org and may control de access privileges of devices.

EwsEnabled

MailboxPlanConfiguration

Specifies that EWS is enabled for users of this mailbox plan.

None

ImapEnabled

MailboxPlanConfiguration

Specifies that IMAP4 is enabled for users of this mailbox plan. If users connect to their mailbox using IMAP4, they will not have advanced collaboration features such as calendaring, contacts, and tasks. The default value is True.

Start the Microsoft Exchange IMAP4 service through the Control Panel.

OrganizationalQueryBasedDNEnabled

MailboxPlanConfiguration

If set to False, this parameter specifies that the user's QueryBaseDN will be set to point at the user's own object, meaning that the user will not be able to see other users in the organization.

None

OutlookAnywhereEnabled

MailboxPlanConfiguration

Specifies that Outlook Anywhere, formerly known as RPC over HTTP, is enabled for users of this mailbox plan.

If you enable this feature, you must also enable the ShowInAddressListEnabled feature.

PopEnabled

MailboxPlanConfiguration

Specifies that POP3 is enabled for users of this mailbox plan. If users connect to their mailbox using POP3, they will not have advanced collaboration features such as calendaring, contacts, and tasks.

Start the Microsoft Exchange POP3 service through the Control Panel.

ShowInAddressListEnabled

MailboxPlanConfiguration

Specifies that users of this mailbox plan will be displayed in the tenant organization's address list.

None

SkipResetPasswordonFirstLogonEnabled

MailboxPlanSatellite

Specifies that users of this mailbox plan will not be required to change their password upon logging in to their e-mail account for the first time.

None

Permissions Elements

The mailbox plan Permissions Elements will configure the RBAC rights that will be available to the tenant organization’s users. This table describes the permissions that will apply to the mailbox users in the tenant organization. In addition, if a feature is not listed, it will not be enabled.

Note

If you set enabled the PerMBXPlanRoleAssignementPolicy feature for the service plan, you must create a Permission Elements section in each of the mailbox plans contained in the service plan. If you disabled the PerMBXPlanRoleAssignmentPolicy feature for the service plan, you will create only one Permissions Elements section. For example, if you have three mailbox plans, you will only include the permissions elements section in the most permissive mailbox plan.

Property Category Description Dependencies

ActiveSyncDeviceDataAccessPermissions

MailboxPlanPermissions

Specifies that users have permissions to retrieve information about their Exchange ActiveSync devices and rights to clear them.

Use this feature in conjunction with the ActiveSyncPermisssions feature.

If you enable this feature, you must also enable the ActiveSyncEnabled feature.

ActiveSyncPermissions

MailboxPlanPermissions

Specifies that users can provision themselves for ActiveSync including deleting their own partnerships.

Use this feature in conjunction with the ActiveSyncDeviceDataAccessPermissions.

AutoGroupPermissions

MailboxPlanRoleAssignment

Specifies that users can create and manage distribution groups.

None

ImapPermissions

MailboxPlanPermissions

Specifies that users can manage IMAP for their own accounts.

None

MailtipsPermissions

MailboxPlanPermissions

Specifies that users can manage mail tips for their own accounts.

If this feature is enabled, you must also enable the MailtipsEnabled feature.

MessageTrackingPermissions

MailboxPlanPermissions

Specifies that users have the ability to manage message tracking reports for their own sent and received messages.

None

ModeratedRecipientsPermissions

MailboxPlanPermissions

Specifies that users can control e-mail delivery to protected distribution groups and users by restricting "To" and "Pending From" e-mail approval process.

If you enable this feature, you must also enable the AutoGroupPermissions feature.

OrganizationalAffinityPermissions

MailboxPlanPermissions

Specifies that users can turn off "Work Week" and "Automatically process requests and responses from external senders". This feature applies to open domain organizations.

None

PopPermissions

MailboxPlanPermissions

Specifies that users can enable, disable, and customize POP3 settings for their own account.

None

ProfileUpdatePermissions

MailboxPlanPermissions

Specifies that users can update their own profile information.

None

ResetUserPasswordManagementPermissions

MailboxPlanPermissions

Specifies that users can reset their own passwords.

None

RetentionTagsPermissions

 

Specifies that users can set retention tags on their folders and message items.

None

SMSPermissions

MailboxPlanPermissions

Specifies that users can enable SMS notifications on their own accounts.

None

UserMailboxAccessPermissions

MailboxPlanPermissions

None

None

Quotas Elements

This table describes the quotas placed on the user mailbox. If you set any of these properties on a user's mailbox using the Shell or using ECP, that mailbox setting overrides the value that is set for this attribute in the mailbox plan.

Feature Category Description Dependencies

MaxReceiveTransportQuota

MailboxPlanConfiguration

Specifies the maximum size messages in bytes that mailboxes with this service plan can receive.

None

MaxRecipientTransportQuota

MailboxPlanConfiguration

Specifies the maximum number of recipients per message to which that mailbox with this service plan can send. You must specify either an integer or "unlimited."

None

MaxSendTransportQuota

MailboxPlanConfiguration

Specifies the maximum size messages in bytes that mailboxes with this service plan can send.

None

ProhibitSendReceiveMailboxQuota

MailboxPlanConfiguration

Specifies the mailbox size in bytes at which mailboxes with this service plan can no longer send or receive messages.

None

 © 2010 Microsoft Corporation. All rights reserved.