Export (0) Print
Expand All



Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2012-11-19

Use the Set-UMMailboxPIN cmdlet to reset the PIN for a Unified Messaging (UM)–enabled mailbox.

Set-UMMailboxPIN -Identity <MailboxIdParameter> [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-IgnoreDefaultScope <SwitchParameter>] [-LockedOut <$true | $false>] [-NotifyEmail <String>] [-Pin <String>] [-PinExpired <$true | $false>] [-SendEmail <$true | $false>] [-WhatIf [<SwitchParameter>]]

The Set-UMMailboxPIN cmdlet is used when a UM-enabled user has been locked out of a mailbox because either the user tried to log on by using an incorrect PIN multiple times or because the user has forgotten the PIN. You can use this cmdlet to set the user's PIN. The new PIN must comply with the PIN policy rules specified in the user's mailbox policy. The new PIN is sent to the user in an e-mail message, or sent to an alternative e-mail address. You can control whether the user must reset the PIN at logon and if the mailbox will continue to be locked.

After this task is completed, the PIN on a UM-enabled mailbox is set.

You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "UM mailbox" entry in the Unified Messaging Permissions topic.


Parameter Required Type Description




The Identity parameter specifies the UM-enabled user PIN being set. The values for this parameter include the following:

  • ADObjectID

  • GUID

  • DN

  • Domain\Account

  • UPN

  • LegacyExchangeDN

  • SmtpAddress

  • Alias




The Confirm switch causes the command to pause processing and requires you to acknowledge what the command will do before processing continues. You don't have to specify a value with the Confirm switch.




The DomainController parameter specifies the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to Active Directory.




The IgnoreDefaultScope parameter instructs the command to ignore the default recipient scope setting for the Exchange Management Shell session and use the entire forest as the scope. This allows the command to access Active Directory objects that aren't currently in the default scope. Using the IgnoreDefaultScope parameter introduces the following restrictions:

  • You can't use the DomainController parameter. The command uses an appropriate global catalog server automatically.

  • You can only use the distinguished name (DN) for the Identity parameter. Other forms of identification, such as alias or GUID, aren't accepted.




The LockedOut parameter specifies whether the mailbox will continue to be locked. If set to $true, the mailbox is marked as locked out. By default, if this parameter is omitted or set to $false, the command clears the locked-out status on the mailbox.




The NotifyEmail parameter specifies the e-mail address to which the server sends the e-mail message that contains the PIN reset information. By default, the message is sent to the SMTP address of the enabled user.




The Pin parameter specifies a new PIN for use with the mailbox. The PIN is checked against the PIN rules defined in the Unified Messaging mailbox policy. If the PIN isn't supplied, the command generates a new PIN for the mailbox and includes it in an e-mail message sent to the user.




The PINExpired parameter specifies whether the PIN is treated as expired. If this parameter is supplied and is set to $false, the user isn't required to reset the PIN the next time that the user logs on. If the PIN isn't supplied, the PIN is treated as expired and the user is prompted to reset the PIN the next time that the user logs on.




The SendEmail parameter specifies whether to send a PIN to the user in an e-mail message. The default is $true.




The WhatIf switch instructs the command to simulate the actions that it would take on the object. By using the WhatIf switch, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf switch.

To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank, the cmdlet doesn’t accept input data.

To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the Output Type field is blank, the cmdlet doesn’t return data.

This example resets the PIN on the UM-enabled mailbox for tonysmith@contoso.com.

Set-UMMailboxPIN -Identity tonysmith@contoso.com

This example resets the initial PIN to 1985848 on the UM-enabled mailbox for tonysmith@contoso.com, and then sets the PIN as expired so that the user will be asked to change the PIN the next time the user logs on.

Set-UMMailboxPIN -Identity tonysmith@contoso.com -PIN 1985848 -PinExpired $true

This example locks the UM-enabled mailbox for tonysmith@contoso.com to prevent the user from accessing the mailbox.

Set-UMMailboxPIN -Identity tonysmith@contoso.com -LockedOut $true

This example unlocks the UM-enabled mailbox for tonysmith@contoso.com and allows the user access to the mailbox.

Set-UMMailboxPIN -Identity tonysmith@contoso.com -LockedOut $false
 © 2010 Microsoft Corporation. All rights reserved.
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2015 Microsoft