A Day in the Life of an Exchange Administrator


Applies to: Exchange Server 2007 SP1, Exchange Server 2007

Topic Last Modified: 2007-08-29

By Patricia DiGiacomo

Microsoft Exchange Server 2007 offers both new and improved functionality. In addition to new server roles, including the Edge and Hub Transport server roles and the Unified Messaging server role, Exchange Server 2007 offers a new way to perform your day-to-day work: the Exchange Management Shell. Today we'll follow Jack, a Messaging Generalist, as he goes about his day as an Exchange Server 2007 administrator. Jack is primarily responsible for the planning and administration of all Windows servers across the company. He spends most of his time performing routine server maintenance, configuring users, and is the first escalation point for Microsoft Office Outlook and Exchange Server issues. He has some scripting experience and is excited about the Exchange Management Shell. Jack has spent lots of time poring over the content on the Exchange Server TechCenter, in particular, the topics covering the Exchange Management Shell. For an idea of what Jack is reading, see the following topics.

After Jack stops off at the local coffee shop for his triple shot espresso, he arrives at the office to find that last month's career fair has resulted in fifteen new hires for the month. All fifteen are currently in orientation and will need their Exchange Server and Windows Server accounts configured by the end of the day. Jack has been given a list of the new hires and decides to use the Exchange Management Shell to create their accounts. He opens a remote connection to one of the Exchange 2007 servers in his organization and opens the Exchange Management Console. He then goes through the New Mailbox wizard to create a new user.

After the mailbox has been created, Jack ponders the large number of screens and how much typing he just had to do to create one mailbox. He wonders if he can create the rest of the mailboxes in bulk. After a few minutes of browsing through the Exchange Server documentation, he finds a topic called Bulk Recipient Management and his scripting skills tell him the answer. All Jack has to do is create a comma-separated values (CSV) file that contains all the pertinent information and then use a one-liner to create the other fourteen users. Jack gets to work and, within just a few minutes, has the CSV file ready to go. The CSV file has the following columns:

  • FQDN

  • Alias

  • FullName

  • FirstName

  • LastName

Using the data he obtained from Human Resources, Jack quickly fills in the spreadsheet and saves it to a temporary directory on the Exchange server. He then creates the following script.

## Create secure password string
$Password = ConvertTo-SecureString Pass@word1 -AsPlainText -Force
## Import CSV file
Import-CSV c:\Users.csv | ForEach {New-Mailbox -UserPrincipalName $_.UPN -Alias $_.Alias -Database "Mailbox Database" -Name $_.FullName -OrganizationalUnit Users -FirstName #_.FirstName -LastName #_.LastName -Displayname $_.FullName -ResetPasswordOnNextLogon $True -Password $Password }

Jack was able to use the power of pipelining in the Exchange Management Shell to easily create multiple mailboxes with substantially less effort than would have been needed to create each mailbox individually. He's given each user the same password, but configured their user accounts to force each user to change their password when they log on.

By now, Jack's triple espresso is long gone and it's time to run some routine checks on the Exchange 2007 servers. Jack stops by the coffee pot to grab a large steaming mug of coffee and returns to his office. Once a week, he spends a few minutes determining which mailboxes are over their storage quota and schedules some time to visit those users with some helpful e-mail management tasks. Before Jack upgraded his organization to Exchange 2007, determining which users were over their storage limits was a manual task. Now Jack can use the power of the Exchange Management Shell to examine a wide variety of mailbox statistics. Jack can run the following command:

Get-MailboxStatistics | Where {"IssueWarning","ProhibitSend","MailboxDisabled" -Contains $_.StorageLimitStatus} | Format-Table DisplayName,TotalItemSize,StorageLimitStatus

Jack takes a few minutes to send an e-mail message to those users who have reached the Issue Warning and Prohibit Send thresholds. He offers tips for managing their e-mail overload as well as tips on using the managed folders on Exchange 2007. Jack finds two users who have reached the Mailbox Disabled threshold and spends the rest of his morning explaining to them why it is important to keep their mailbox sizes under control and how to correctly sort and categorize messages. Before lunch, Jack runs the command above again and finds that eight out of ten users have already reduced their mailboxes to a manageable size. Jack will spend some time tomorrow on other recipient management tasks such as configuring a receive-only mailbox for Human Resources and configuring the deleted item retention time for a group of users.

Now that Jack has set up all of his new users and helped other users deal with their large mailboxes, it's time for lunch. When he finishes lunch, he must deal with one of the less pleasant aspects of his job: enabling e-mail journaling. It seems one of the company's sales representatives, Jeff Hay, is suspected of leaking classified information to competitors. Per his company's electronic mail policy, that employee's e-mail is the property of the company and can be read by the Human Resources department at any time. Jack sets up a journal rule to copy all e-mail messages sent to and from Jeff Hay's mailbox to the Human Resources Investigations mailbox. In order to create that rule, Jack runs the following script.

New-JournalRule -Name "Jeff Hay" -Recipient jeffhay@contoso.com -JournalEmailAddress "Human Resources Investigations" -Scope Global -Enabled $True

Jack confirms with the Human Resources department that the Journal rule is in place and moves on to his next task. The sales force is deploying Windows Mobile 6.0 devices and Jack needs to deploy a comprehensive Exchange ActiveSync mailbox policy for all of the sales representatives. Jack knows that while some of the policy settings can be configured using the Exchange Management Console, in order to configure all of the settings, he needs to use the Exchange Management Shell and the Set-ActiveSyncMailboxPolicy cmdlet. Jack meets with the sales manager to determine the policy settings and then uses the following script to create the policy.

New-ActiveSyncMailboxPolicy -Name 'Sales Policy' -AllowNonProvisionableDevices $False -DevicePasswordEnabled $True -AlphanumericDevicePasswordRequired $True -MaxInactivityTimeDeviceLock '00:15:00' -MinDevicePasswordLength '4' -PasswordRecoveryEnabled $False -RequireDeviceEncryption $False -AttachmentsEnabled $True -AllowSimpleDevicePassword $True -DevicePasswordExpiration '21.00:00:00' -DevicePasswordHistory '5' -UNCAccessEnabled $False -WSSAccessEnabled $False 

Now that Jack has created his policy, he needs to assign all users in the Sales group to his policy using the Set-CASMailbox cmdlet. He does this with a command that looks at all users with CustomAttribute1 set to "Sales". When Jack created the users in the Sales division, he set this attribute so he could easily generate a filter for circumstances such as this. Jack runs the following cmdlet:

Get-Mailbox | Where { $_.CustomAttribute1 -Match "Sales"
 } | Set-CASMailbox -ActiveSyncMailboxPolicy(Get-ActiveSyncMailboxPolicy "Sales Policy").Identity

Jack has had a productive day. He's written a one-liner that will serve him well in the future for creating users, has helped his users reduce their mailbox sizes, created a new journal rule, and created an Exchange ActiveSync mailbox policy for the Sales team. Jack will monitor his Exchange mailbox from home just in case there are any emergencies in the evening and be ready to tackle a new series of tasks in the morning.

In order for Jack to learn about the new features in the Exchange Management Shell and how these features can simplify his job duties, he frequents a variety of Web sites. Jack knows that the Exchange Server documentation is updated regularly and he always downloads the newest update as soon as it is available. For more information about the topics discussed in this article, see the following:

9bcb19bf-2bc8-4ff1-ad62-0e6927064003 Patricia DiGiacomo - Technical Writer, Microsoft Exchange Server