Microsoft has released Service Pack 1 (SP1) for Exchange Server 2010. See the Release Notes for Exchange 2010 SP1 for more information, including a list of known issues.

The 522MB download is just like RTM – a full install package. Existing installations can be upgraded, as new installs can be completed with the Service Pack integrated.

What’s New in Exchange 2010 SP1 has a comprehensive list of the changes and enhancements, including:

New Deployment Functionality

1. During an Exchange 2010 SP1 installation, you can now select a new option to install the required Windows roles and features for each selected Exchange 2010 SP1 server role. For more information, see New Deployment Functionality in Exchange 2010 SP1.

Client Access Server Role Improvements

1. Federation Certificates
2. Exchange ActiveSync
3. SMS Sync
4. Server-Side Information Rights Management Support
5. Outlook Web App Improvements
6. Reset Virtual Directory
7. Client Throttling Policies

Improvements in Transport Functionality

1. MailTips access control over organizational relationships
2. Enhanced monitoring and troubleshooting features for MailTips
3. Enhanced monitoring and troubleshooting features for message tracking
4. Message throttling enhancements
5. Shadow redundancy promotion
6. SMTP failover and load balancing improvements
7. Support for extended protection on SMTP connections
8. Send connector changes to reduce NDRs over well-defined connections

Permissions Functionality

1. Database scope support
2. Active Directory split permissions
3. Improved user interface

Exchange Store and Mailbox Database Functionality

1. With the New-MailboxRepairRequest cmdlet, you can detect and repair mailbox and database corruption issues.
2. Store limits were increased for administrative access.
3. The Database Log Growth Troubleshooter (Troubleshoot-DatabaseSpace.ps1) is a new script that allows you to control excessive log growth of mailbox databases.
4. Public Folders client permissions support was added to the Exchange Management Console (EMC).

Mailbox and Recipients Functionality

1. Calendar Repair Assistant supports more scenarios than were available in Exchange 2010 RTM.
2. Mailbox Assistants are now all throttle-based (changed from time-based in Exchange 2010 RTM).
3. Internet calendar publishing allows users in your Exchange organization to share their Outlook calendars with a broad Internet audience.
4. Importing and exporting .pst files now uses the Mailbox Replication service and doesn’t require Outlook.
5. Hierarchical address book support allows you to create and configure your address lists and offline address books in a hierarchical view.
6. Distribution group naming policies allow you to configure string text that will be appended or prepended to a distribution group’s name when it’s created.
7. Soft-delete of mailboxes after move completion.

High Availability and Site Resilience Functionality

1. Continuous replication – block mode
2. Active mailbox database redistribution
3. Enhanced datacenter activation coordination mode support
4. New and enhanced management and monitoring scripts
5. Exchange Management Console user interface enhancements
6. Improvements in failover performance

Messaging Policy and Compliance Functionality

1. Provision personal archive on a different mailbox database
2. Import historical mailbox data to personal archive
3. Delegate access to personal archive
4. New retention policy user interface
5. Support for creating retention policy tags for Calendar and Tasks default folders
6. Opt-in personal tags
7. Multi-Mailbox Search preview
8. Annotations in Multi-Mailbox Search
9. Multi-Mailbox Search data de-duplication
10. WebReady Document Viewing of IRM-protected messages in Outlook Web App
11. IRM in Exchange ActiveSync for protocol-level IRM
12. IRM logging
13. Mailbox audit logging

Unified Messaging Server Role Improvements

1. UM reporting
2. UM management in the Exchange Control Panel
3. Cross-Forest UM-enabled mailbox migration
4. Outlook Voice Access improvements
5. Caller Name Display support
6. Test-ExchangeUMCallFlow cmdlet
7. New UM Dial Plan wizard
8. Office Communications Server “14” Support
9. Secondary UM dial plan support
10. UM language packs added
11. Call answering rules improvements
12. Unified Communications Managed API/speech platform improvements
13. UM auto attendant update

Audit Logging Improvements

1. Improvements in administrator audit logging
2. New mailbox audit logging

Support for Coexistence with Exchange Online

1. Migration of UM-enabled mailboxes
2. IRM support for coexistence
3. Remote Mailboxes
4. Transport

Support for Multi-Tenancy

Upgrade from Exchange 2010 RTM to Exchange 2010 SP1 includes details you should know before upgrading, as well as how to upgrade including upgrading DAG members.

Equally important is Exchange 2010 Prerequisites, which details which hotfixes you need to install before doing a clean install of Exchange 2010 SP1, or when upgrading an RTM installation. Be prepared, as several of the 2008 R2 hotfixes require a reboot.

Download the Service Pack here.

Microsoft has released the following update rollup for Exchange Server 2010:

• Update Rollup 4 for Exchange Server 2010 (981401)

If you’re running Exchange Server 2010, you need to apply Update Rollup 4 for Exchange 2010 to address the issues listed below.

Remember, you only need to download the latest update for the version of Exchange that you’re running.

Here is a list of the fixes included in update rollup 4:

1. 979342 An attachment is not visible when an Exchange Server 2010 user opens a signed mail message by using Outlook 2003
2. 979517 You cannot send a message to a Dynamic Distribution Group in a mixed Exchange Server 2007 and Exchange Server 2010 environment
3. 979790 An IMAP4 client crashes when accessing an Exchange Server 2010 mailbox
4. 979801 An error message is generated in Exchange Server 2010 when you use Exchange Troubleshooting Assistant
5. 979810 You cannot connect an Exchange Server 2010 mailbox by using a MAPI client
6. 979848 Event ID 1066 is logged and you cannot move a mailbox from an Exchange Server 2003 server to an Exchange Server 2010 server
7. 979862 Event ID 4999 and Event ID 7031 are logged when you move a mailbox to an Exchange Server 2010 server
8. 979921 You cannot replicate a public folder from one Microsoft Exchange Server 2010 server to another, and Event ID 3079 is logged on the target server
9. 980149 The Add-MailboxDatabaseCopy command fails when it is used to add a database copy to a Database Availability Group in an Exchange Server 2010 environment
10. 980353 A MAPI application that is used to access Exchange Server 2010 mailboxes crashes when the application accesses an address book
11. 980354 “MAPI_E_INVALID_PARAMETER” error message when you copy email messages from an Exchange Server 2010 mailbox
12. 980364 Microsoft Exchange Transport service on an Exchange Server 2010 server crashes when a certain message is processed
13. 980701 An Exchange Server 2010 mailbox user receives a NDR error message when the user sends an email message to multiple internal users
14. 980852 The RpcClientAccess process on an Exchange Server 2010 server crashes when you access a mailbox by using a MAPI application
15. 981033 Error message when you expand the Microsoft Exchange On-Premises node in the EMC of Exchange Server 2010
16. 981961 Event ID 4033 is logged and the Free/Busy replication from an Exchange Server 2003 server to an Exchange Server 2010 server fails
17. 982209 Some embedded messages are corrupted when they are contained in a message that is sent from an Exchange Server 2010 mailbox address
18. 982378 A delegate receives only one meeting request when someone sends a meeting request to several principals in an Exchange Server 2010 RU1 or later environment
19. 982944 The msExchVersion attribute value of a user is stamped incorrectly after you run the Enable-MailUser cmdlet to mail-enable the user
20. 983200 The .xls file as an attachment is empty when you access an Exchange Server 2010 mailbox by using OWA
21. 983631 “redirect it to people or distribution list” rule does not work on an Exchange Server 2010 mailbox address
22. 2084061 A user intermittently fails to access an Exchange Server 2010 mailbox after the mailbox is moved

Download the rollup here.

Installation Notes:

If you haven’t installed Exchange Server yet, you can use the info at Quicker Exchange installs complete with service packs and rollups to save you some time.

Microsoft Update can’t detect rollups for Exchange 2010 servers that are members of a Database Availability Group (DAG). See the post Installing Exchange 2010 Rollups on DAG Servers for info, and a script, for installing update rollups.

Update Rollups should be applied to Internet facing Client Access Servers before being installed on non-Internet facing Client Access Servers.

If you’re installing the update rollup on Exchange servers that don’t have Internet access, see “Installing Exchange 2007 & 2010 rollups on servers that don’t have Internet access” for some additional steps.

Also, the installer and Add/Remove Programs text is only in English – even when being installed on non-English systems.

In previous posts, I’ve shown how to automate some tasks like automatically sending a ‘welcome’ email to all new user accounts, automatically applying Messaging Records Management policies to new users, and other functions. This helps perform normally routine tasks, as well as providing for a level of interaction with the users that isn’t as readily available manually. It also helps reduce errors and maintain consistency.

The problem with these methods is that they rely on scheduled tasks. So, every four hours, send a message to the new users. That’s all fine and dandy when the account is provisioned for a user starting tomorrow or next week. But if the HR person is standing at your desk saying “the person is starting NOW”, there’s a gap. Additionally, as the environment gets bigger and bigger, the queries to find new users can take more time and more system resources. There must be a better way, and there IS!

A nearly undocumented Exchange 2010 feature called the cmdlet extension agents helps perform tasks automatically based on other commands running. Other Exchange notables have talked about some of the features, including Administrator Audit Logging. There are also cmdlet extension agents for OAB Resource Management, Provisioning Policy, Mailbox Resources Management, RUS, and even a Query Base DN agent. These can be seen by using the Get-CmdletExtensionAgent cmdlet. Today, we’ll focus on the Scripting Agent.

Picture this: a new user mailbox is created from ANY method that calls the new-mailbox cmdlet. This could be Exchange Management Console, Exchange Management Shell, or even some custom provisioning application. As soon as that cmdlet succeeds, the server immediately fires another event – say, sending the ‘welcome’ email. Or disabling POP3 and IMAP on the mailbox; or assigning an Exchange ActiveSync or retention policy. Very cool. But it gets even cooler when you realize that you can also trigger events BEFORE the cmdlet actually does much. Imagine, everytime the remove-mailbox cmdlet is run, an export-mailbox cmdlet is triggered and dumps the mailbox to .pst! It’s possible! Here’s how we can do thngs:

Open Notepad and paste the following:

<?xml version="1.0" encoding="utf-8" ?>
<Configuration version="1.0">
 <Feature Name="MailboxProvisioning" Cmdlets="new-mailbox">
  <ApiCall Name="OnComplete">
   if($succeeded)    {
    $newmailbox = $provisioningHandler.UserSpecifiedParameters["Name"]
    set-casmailbox $newmailbox -ImapEnabled $false
   }
  </ApiCall>
 </Feature>
</Configuration>

Save the file as ScriptingAgentConfig.xml in the \bin\CmdletExtensionAgents folder, which, by default is C:\Program Files\Microsoft\Exchange Server\V14\Bin\CmdletExtensionAgents

Let’s break down how this works. In our code, the highlighted sections are where we need to focus, Notice this line: <Feature Name=”MailboxProvisioning” Cmdlets=”new-mailbox”>. The “cmdlets” parameter dictates what cmdlets will fire our custom event. In this case, whenever new-mailbox is executed. We can define multiple cmdlets here, separating them with a comma.The very next line, <ApiCall Name=”OnComplete”> defines when during the new-mailbox process our custom event will fire. Here, it’s OnComplete, or after the new-mailbox command finishes. We can also use “validate”, to trigger an event after Exchange determines new-mailbox is a valid command and has all of the info it needs. “validate” is where we could export a mailbox during remove-mailbox, as it occurs after validation, but before the mailbox is actually removed.

For the sake of keeping things simple here, we’ll disable IMAP on a new mailbox as an example. In order to disable the IMAP feature, we normally run the set-casmailbox cmdlet (or use EMC, which just calls set-casmailbox), which requires a mailbox name. So, we use $newmailbox = $provisioningHandler.UserSpecifiedParameters[“Name”] to assign the mailbox name used in the new-mailbox cmdlet to a variable, $newmailbox. After that, we simply run set-casmailbox $newmailbox -ImapEnabled $false like we would from EMS or a .ps1 script. That’s it!

Before we try out our new found feature, we need to enable the Cmdlet Extension Agent. Open an Exchange Management Shell window and use the following command:

Enable-CmdletExtensionAgent "Scripting Agent"

Now – using either EMS or EMC, create a new mailbox. Once it’s created, look at the Mailbox Features tab of the mailbox, and you’ll see that IMAP is disabled:

You can certainly perform multiple actions, if you’d like, by simply specifying each command on a new line. If you’d like to take complex actions after new-mailbox (or any cmdlet), you can also call an external script by placing the path and script name in the .xml file.

$newmailbox = $provisioningHandler.UserSpecifiedParameters["Name"]
c:\myscript.ps1 -name $newmailbox

Keep in mind that you can’t do things like write-host or dump other outputs to the console screen. If you’d like to look at some other samples, look at the ScriptingAgentConfig.sample file in the \CmdletExtensionAgents folder in Notepad.

As you can see, the possibilities here are endless. We can automate many tasks, and, with the power of PowerShell, perform many actions not available in the Exchange Management Console.

Caveats: If you have more than one server running Exchange 2010, you’ll need to enable the extension agent on each, and create the .xml file.

A common practice is to redirect the default website to the OWA site in IIS. This allows for a shorter URL for users to remember, and catches those who don’t append “/owa “. It’s a simple enough task for an administrator to do, but I wanted to script it so that I could include it in other Exchange 2010 build scripts to help streamline the process.

Another common practice is to force SSL on specific virtual directories to help enhance security of client access to Exchange. This can take a few extra minutes, but can easily be scripted as well, so I combined both into a simple script. Some of the initial code came from colleague and Exchange Ranger Mark Smith, but I converted it to PowerShell, and added some checks and balances.

Run the script after installing Exchange, and pass it the destination to forward to. An example would be

.\Set-Exchange2010RedirectSSL.ps1 -url "https://mail.ucunleashed.com/owa"

This will redirect the root site to the URL listed. If you don’t specify the ForceSSL option, it will automatically secure the recommended virtual directories. To override that, set it to $false, such as

.\Set-Exchange2010RedirectSSL.ps1 -url "https://mail.ucunleashed.com/owa" -ForceSSL $false

The script starts by verifying the web-http-redirect feature is installed. If not, it will install it. Then, the script will backup the current IIS config, apply the changes, then do an IISRESET for them to take effect.

If you’re not sure of how to run it, there is built in help. Just run

Get-Help .\Set-Exchange2010RedirectSSL.ps1

UPDATE: I forgot to mention that the script also assigns permissions to the web.config file for the Offline Address Book to resolve a problem where downloading of the OAB would stop in the middle after configuring HTTP redirection. Microsoft Exchange PFE Bhargav Shukla has pointed out that this was mentioned in fellow MVP Henrik Walther’s post OAB issues after simplifying the OWA 2010 URL? As mentioned earlier, I got initial code from someone else, and didn’t realize that Henrik had already posted about it. So rather than go into details on the issue, please visit Henrik’s excellent post if you’d like more info. Thanks to both Henrik and Bhargav.

Installation

Execution Policy: Third-party PowerShell scripts may require that the PowerShell Execution Policy be set to either AllSigned, RemoteSigned, or Unrestricted. The default is Restricted, which prevents scripts – even code signed scripts – from running. For more information about setting your Execution Policy, see Using the Set-ExecutionPolicy Cmdlet.

Donations

I’ve never been one to really solicit donations for my work. My offerings are created because *I* need to solve a problem, and once I do, it makes sense to offer the results of my work to the public. I mean, let’s face it: I can’t be the only one with that particular issue, right? Quite often, to my surprise, I’m asked why I don’t have a “donate” button so people can donate a few bucks. I’ve never really put much thought into it. But those inquiries are coming more often now, so I’m yielding to them. If you’d like to donate, you can send a few bucks via PayPal at https://www.paypal.me/PatRichard. Money collected from that will go to the costs of my website (hosting and domain names), as well as to my home lab.

Download

v1.5 – 04-29-2014 – Set-Exchange2010RedirectSSL.v1.5.zip

v1.4 – 01-27-2014 – Set-Exchange2010RedirectSSLv1.4.zip

v1.3 – 01-30-2012 – Set-Exchange2010RedirectSSL.v1.3.zip

v1.2 – 10-19-2011 – Set-Exchange2010RedirectSSL.v1.2.zip

v1.0 – 04-26-2010 – Set-Exchange2010RedirectSSL.zip

Changelog

See the changelog for this script which details all versions and their features

This is the changelog page for Set-Exchange2010RedirectSSL.ps1. You will find a complete list of released versions, their dates, and the features and issues addressed in each. Please refer to the script’s main page for more information including download links, installation details, and more.

v1.5 – 04-29-2014

1. comment help cleanup per best practices
2. param block cleanup per best practices
3. removed some PowerShell v3 code so that the script will continue to work in v2

v1.4 – 01-27-2014

1. Updated Set-ModuleStatus function
2. minor code cleanup per best practices

v1.3 – 01-30-2012

1. resolved issue with read&execute rights not being assigned to Authenticated Users on web.config file.

v1.2 – 10-19-2011

1. adjusted what folders needed to be excluded from redirection
2. bug fixed that would not exclude some folders if -forcessl $false was used.

v1.0 – 04-26-2010

1. initial version

Note: I’ve updated this script to address a couple of issues. The first is that if a scheduled task was configured for a time frame other than what was configured in the script itself, this would yield sporadic results. I’ve addressed this by writing a time stamp to the registry when the script runs. This removed the requirement of configuring the time in the script itself, and provides resiliency if the script runs at different times. Run the script once manually to set the configuration. I’ve also added some code that verifies the Exchange PowerShell snapin is loaded before attempting to run. If you’d like a feature added, please let me know in the comments below.

Note #2: If you’re using a server that’s not configured for the normal U.S. style time-date format, such as in the U.K., see Neil Hobson’s post at http://neilhobson.blogspot.com/2010/11/powershell-bug.html for information.

Anything that we can do to cut down on repetitive calls to the Help Desk staff is a good thing. When a new employee starts, there are always questions about ‘what is my email address?’, and ‘how do I get to email from the web?”. For years, admins have come up with sometimes complicated methods to send a new user a canned email that tries to answer these questions. With Exchange 2007 and Exchange Management Shell (PowerShell), we can do this quite easily. In fact, the hardest part is deciding what to include in the email message. Let’s get started..

Let’s read some info from the registry to see when was the last time the script ran. If it hasn’t run before, let’s set some initial info:

$strScriptName =  $MyInvocation.MyCommand.Name
if (!(Get-ItemProperty HKLM:\Software\Innervation\$strScriptName -Name LastRun -EA SilentlyContinue)){
# this is the first time the script has run - let's create the registry key and value for future runs
New-Item -path HKLM:\Software\Innervation -EA SilentlyContinue | Out-Null
New-Item -path HKLM:\Software\Innervation\$strScriptName | Out-Null
New-ItemProperty -path HKLM:\Software\Innervation\$strScriptName -Name "LastRun" -Value (Get-Date) -propertyType String | Out-Null
write-host "Initial configuration completed." -ForegroundColor green
}
# get time stamp from registry so we know when it last ran
$LastRun = Get-Date ((Get-ItemProperty -path HKLM:\Software\Innervation\$strScriptName -Name LastRun).LastRun)
$ElapsedTime = ((Get-Date) - $lastrun).TotalSeconds

Let’s define some variables that we’ll use throughout the process.

$strMsgFrom = "Contoso HelpDesk "
$strMsgTitle = "Welcome to Contoso!"

These set the From and Title for the email that we’ll send, as well as get today’s date, and the name of the script. Next, we create a new object to allow sending SMTP email:

$SMTPClient = New-Object Net.Mail.SmtpClient("localhost")

We can replace “localhost” with the IP address of a remote hub transport server if the script is not running on a hub transport server.

Next, we get a list of mailboxes that we need to send the email to. We’ll use a scheduled task to actually run the task. I run mine every 4 hours, but the code doesn’t care how often it runs. It will use the time stamp established above to email all mailbox created since then. We also want to avoid any mailboxes that are disabled. So our query looks like this:

$MBXArray = @(Get-Mailbox -ResultSize Unlimited | ? {($_.WhenCreated -gt (Get-Date).AddSeconds(-$ElapsedTime)) -and ($_.ExchangeUserAccountControl -ne "AccountDisabled")})

We now have an array, $MBXArray, that contains all of the mailboxes that we’ll email. We now cycle through the array via ForEach, and begin to assemble a personalized email message to each user. $mailbox holds the current account in the loop, so we can pull specific info for each user. Note that the text in $strBody is completely arbitrary – you can include whatever you want. Here’s a sample of one I did for a recent client:

ForEach ($mailbox in $MBXArray ) {
$strMsgTo = $mailbox.PrimarySMTPAddress
$strMsgBody = "Hello, "+$mailbox.DisplayName+", and welcome to the Contoso family! Please keep this email for future use. It contains vital information.
--------------------------------------
Username and password
--------------------------------------
Your network username is '"+$mailbox.SamAccountName+"'. Use your username and password to login to the network. Your password should NEVER be shared with anyone except the I.T. department, and only then when requested. Please do not write it down on anything that can be seen by your coworkers. You will be prompted to change it regularly.
--------------------------------------
Email
--------------------------------------
Your email address is '"+$mailbox.PrimarySMTPAddress+"'.

To access your email, calendar, contacts, and tasks from outside of the building, such as from home, you can do so from any Internet connected computer. Simply open Internet Explorer and go to the Outlook Web Access (OWA) page at https://mail.contoso.com/ and log in using your username and password. Please note the 's' in https.

If you’d like to have access to your email and contacts from your cell phone, you will need a cell phone that has Windows Mobile 5 or later, or an Apple iPhone. Blackberry phones are not supported. Instructions for configuring your device can be found in the Frequently Asked Questions (FAQ) section of the Contoso Intranet at https://intranet.contoso.com/helpdesk/Lists/SupportFaq/AllItems.aspx
--------------------------------------
Contact information
--------------------------------------
Once you’re situated, please go to http://directory/DirectoryUpdate and update your information. Log in using your username and password. It’s important that you update your information anytime something changes, such as title, department, phone number, etc. This information is used in various systems and applications, and is your responsibility to keep up to date.
--------------------------------------
Computer, Email, and Internet policies
--------------------------------------
Contoso, Inc. provides a computer for your work tasks. The use of personally owned computers and related equipment is not permitted on our network. Additional information about use of Contoso computers, email, Internet, etc. can be found in the Employee Handbook located in the HR section of the intranet at https://intranet.contoso.com/hr/
--------------------------------------
Technical assistance
--------------------------------------
Should you need technical assistance, please check the Frequently Asked Questions (FAQ) section of the Contoso Intranet at https://intranet.contoso.com/helpdesk/Lists/SupportFaq/AllItems.aspx. If you cannot find an answer there, submit a Service Request on the Contoso intranet at https://intranet.contoso.com/helpdesk. If you are unable to access the intranet site, only then should you email HelpDesk@contoso.com. It is monitored by the whole IT department, and will ensure your issue is resolved in a timely manner.

Thank you, and, again, welcome to Contoso!
The Information Technology Department"

As you can see, we insert the user’s actual account name, email address, etc since that info is available in the ForEach loop. The message is just plain text, so spacing is preserved. URLs will be clickable links as well. Note: You’ll want to pay close attention to quotes and variables, as having an extra or missing quote can cause an error.

Now we actually send the message:

$SMTPClient.Send($strMsgFrom,$strMsgTo,$strMsgTitle,$strMsgBody)
}
# update registry here with a fresh time stamp
Set-ItemProperty HKLM:\Software\Innervation\$strScriptName -Name "LastRun" -Value (Get-Date) | Out-Null

We’ll run this script on a hub transport server. So take the script, available in the DOWNLOAD section below, and save it in your \scripts folder. You’ll also need an Exchange receive connector that will accept email sent from PowerShell scripts. For that, see Creating a receive connector to use for sending email from PowerShell. Now, schedule a task to run every 4 hours using the info in Running PowerShell scripts via Scheduled Tasks.

Point of interest: In the text I send to the users, you’ll see a link to the Directory Update (http://directory/DirectoryUpdate in the example above). This is for Directory-Update, a VERY lightweight ASP app developed by fellow MVP and author Jim McBee and another developer. It’s completely customizable, and allows users to update selected fields of their AD account to help keep the Global Address List (GAL) current. It is worth the small cost, and really helps you keep the GAL full of correct info. I have another PowerShell script that checks AD account fields, and when it finds empty fields (phone number, title, etc), it sends them an email with a link to the Directory-Update web page. Combine that with Automatically updating the Global Address List with mobile numbers from Exchange ActiveSync and it’s like a self-cleaning oven!

Installation

Execution Policy: Third-party PowerShell scripts may require that the PowerShell Execution Policy be set to either AllSigned, RemoteSigned, or Unrestricted. The default is Restricted, which prevents scripts – even code signed scripts – from running. For more information about setting your Execution Policy, see Using the Set-ExecutionPolicy Cmdlet.

Donations

I’ve never been one to really solicit donations for my work. My offerings are created because *I* need to solve a problem, and once I do, it makes sense to offer the results of my work to the public. I mean, let’s face it: I can’t be the only one with that particular issue, right? Quite often, to my surprise, I’m asked why I don’t have a “donate” button so people can donate a few bucks. I’ve never really put much thought into it. But those inquiries are coming more often now, so I’m yielding to them. If you’d like to donate, you can send a few bucks via PayPal at https://www.paypal.me/PatRichard. Money collected from that will go to the costs of my website (hosting and domain names), as well as to my home lab.

Download

v1.3 – 02-24-2013 – New-WelcomeEmail.v1.3.zip

Send-NewUserWelcome.zip

ScriptImages.zip – image files used in emails

Changelog

See the changelog for this script for information on versions and what’s included/addressed in each.

Microsoft has released the following update rollup for Exchange Server 2007:

• Update Rollup 3 for Exchange Server 2007 SP2 (979784)

If you’re running Exchange Server 2007, you need to apply Update Rollup 3 for Exchange 2007 SP2 to address the issues listed below.

Remember, you only need to download the latest update for the version of Exchange that you’re running.

Here is a list of the fixes included in update rollup 3:

1. 976108 “451 4.4.0 DNS Query Failed” status message in an Exchange Server 2007 Edge Transport server
2. 976460 Later updates do not match a calendar item that an Exchange Server 2007 user updates by using Exchange ActiveSync on a mobile device
3. 977179 You receive an “0x800423f0” error message when you perform system state backups on the passive node of Windows Server 2008-based Exchange Server 2007 CCR clusters
4. 977531 An external recipient misses the last occurrence of a recurring meeting request or a recurring appointment that is sent from an Exchange Server 2007 user
5. 977923 The Edgetransport.exe process crash when it process meeting requests in Exchange Server 2007
6. 978137 The subject of a confirmation message is garbled for certain languages when a remote device wipe operation is performed in Exchange Server 2007
7. 978200 The sender address of a forwarded meeting request does not include “on behalf of” as expected in an Exchange Server 2003 organization and an Exchange Server 2007 organization mixed environment
8. 978253 A SSL certificate validation error is generated on an Exchange Server 2007 server when you run any test commands after you run the Test-SystemHealth command
9. 978469 A mailbox that was moved from an Exchange Server 2007 server to an Exchange Server 2010 server cannot be accessed by using Outlook
10. 978517 The Microsoft Exchange Information Store service stops responding on an Exchange Server 2007 server
11. 978521 The synchronization and the reconciliation between Microsoft Office Outlook and a BlackBerry mobile device fails when a mailbox is moved around between two Exchange Server 2007
12. 978528 The Microsoft Exchange Information Store service crashes on a Microsoft Exchange Server 2007 server when a user tries to access a specific calendar item
13. 978832 Read items are marked incorrectly as unread items in an Exchange Server 2007 public folder
14. 979055 A delegate cannot save three settings of Resource Settings for an Exchange Server 2007 resource mailbox in OWA
15. 979170 You receive an error message when you use ExBPA to schedule a scan on an Exchange Server 2007 SP2 server
16. 979219 The store.exe process hangs on an Exchange Server 2007 server

Download the rollup here.

Installation Notes:

If you haven’t installed Exchange Server yet, you can use the info at Quicker Exchange installs complete with service packs and rollups to save you some time.

Microsoft Update can’t detect rollups for Exchange 2010 servers that are members of a Database Availability Group (DAG). See the post Installing Exchange 2010 Rollups on DAG Servers for info, and a script, for installing update rollups.

Update Rollups should be applied to Internet facing Client Access Servers before being installed on non-Internet facing Client Access Servers.

If you’re installing the update rollup on Exchange servers that don’t have Internet access, see “Installing Exchange 2007 & 2010 rollups on servers that don’t have Internet access” for some additional steps.

This is the changelog page for New-ADPasswordReminder.ps1. You will find a complete list of released versions, their dates, and the features and issues addressed in each. Please refer to the script’s main page for more information including download links, installation details, and more.

v2.9 – 09-13-2013

1. tweaked the filters for retrieving user accounts
2. Preview parameter removed since -PreviewUser automatically sets $Preview

v2.8 – 05-03-2013

1. Tons of updates – unfortunately, I haven’t kept a detailed list
2. OU option added that allows you to target a specific Organizational Unit (OU)
3. NoImages option tweaked. Run script with -NoImages to send a text only message. No longer need to specify $true
4. Changed name of script to New-ADPasswordReminder.ps1 to align with my new naming standard
5. More code optimization
6. Better cleanup of message text if some variables like $HelpDeskPhone and $HelpDeskURL are not defined

v2.7 – 12-26-2012

1. Added NoImages option for those that want less of a visual email. Script still sends an HTML formatted email, but it strips out any images and their related formatting.
2. Cleaned up some code

v2.6 – 09-07-2012

1. Changed email server variable to the preference variable $PSEmailServer
2. changed Send-MailMessage syntax
3. cleaned up Set-ModuleStatus function
4. Cleaned up HTML code
5. fixed issue with missing “)” error in the param list
6. cleaned up the Remove-ScriptVariables function
7. Added some Write-Verbose statements for better troubleshooting.
8. Added a simple check to not include password policy requirements if email is going to FGPP user (until I can resolve detection of the FGPP settings)
9. $PreviewUser specified will now work even if that user is set to PasswordNeverExpires
10. Setting $PreviewUser automatically sets $Preview
11. Removed transcript option
12. Added variable for formatting the date shown in emails (for my non-U.S. people)
13. Leaving some of the URL parameters blank will now remove the related text from the email sent to users

v2.4 – 01-14-2012

1. Fixed bug in detecting domain functional level as pointed out by Michael B. Smith
2. Changed email server parameter to use $PSEmailServer
3. Changed Send-MailMessage syntax
4. Cleaned up Get-ModuleStatus code

v2.2 – 09-29-2011

1. added some missing ‘alt’ tags for some images in email HTML code
2. added code to determine global minimum password length & format message accordingly
3. added code to determine global password complexity requirements & format message accordingly
4. added $HelpDeskURL variable in param block. That resolves the problem of some links that weren’t clickable (whoops!)
5. added some parameter validation
6. added ability to target a single OU, and its children
7. updated the Send-MailMessage line based on user feedback
8. updated links to point to new blog. This includes the one in the event log message.

v2.1 – 08/31/2011

1. added some additional code to the section that installs the RSAT-AD-PowerShell feature
2. corrected code that wouldn’t send mail until a the user was one day into the reminder window
3. cleaned up HTML code indentations to make it a little easier to read
4. variable for image path so that editing the HTML is straightforward
5. added preview mode to see HTML email
6. added install mode to automatically create scheduled task
7. updated and enhanced the comment based help
8. added code for event log logging

v2.0 – 08/15/2011

1. added email code
2. added transcript option
3. added demo parameter & formatted output
4. added param block with some default values
5. moved (Get-AdDomain).DomainMode code to outside of loop to help speed up processing (since it really needs to be called only once)
6. added check for ActiveDirectory module & Exchange snapins
7. added alert for same day expiration
8. auto load or install RSAT-AD-PowerShell feature

v1.0 – 02/26/2010

1. initial version

Microsoft has released the following update rollup for Exchange Server 2007:

• Update Rollup 2 for Exchange Server 2007 SP2 (972076)

If you’re running Exchange Server 2007, you need to apply Update Rollup 2 for Exchange 2007 SP2 to address the issues listed below.

Remember, you only need to download the latest update for the version of Exchange that you’re running.

Helpful notes:

1. If you are installing the update rollup on a CCR, see How to install Update Rollups in a CCR Environment.

Here is a list of the fixes included in rollup 2:

1. 961525 Exchange Server 2003 may generate duplicate journal reports in a mixed Exchange Server 2003 and Exchange Server 2007 environment
2. 969230 The “age limits” function of a public folder do not work as expected in an Exchange Server 2007 environment
3. 969948 A computer that is running Microsoft Exchange Server 2007 that has the Client Access Server (CAS) role installed becomes slow when a user tries to open a folder that contains many items
4. 970817 An appointment is displayed incorrectly as an all-day event if you use a mobile device to synchronize the calendar in Exchange Server 2007
5. 971177 The Auto Attendant ‘Business Hours’ schedule is not updated in Exchange Server 2007 when the DST setting is changed
6. 971349 Exchange Server 2007 users intermittently cannot access an Exchange Server 2003 user’s Free/Busy information in Office Outlook 2007
7. 971889 When Unified Messaging-enabled users call Outlook Voice Access on Exchange Server 2007 to play voice mails messages, there is a delay before the voice mail message is played
8. 972705 The Microsoft Exchange Server 2007 log or database experiences abnormal growth
9. 972744 When a user sends e-mail messages to a remote domain, some e-mail messages are queued on an Exchange Server 2007 Hub Transport server or Edge server
10. 973165 A return address is split into two separate and incomplete addresses when a recipient replies to a specific message in Exchange 2007
11. 973486 Some message parts are not readable when Exchange Server 2007 must convert the message part encoding from binary or from 8 bit to 7 bit
12. 973969 Incorrect exceptions are generated for a recurring iCalendar message when an Exchange Server 2007 server processes an SMTP message that contains the iCalendar message part
13. 974155 OWA does not highlight misspelled words in an Exchange Server 2007 CAS proxy environment
14. 974161 Some attendees cannot receive a meeting cancellation notification when the appointment recurrence pattern is changed by using EWS in Exchange Server 2007
15. 974312 Unread messages are marked as “read” when Exchange Server 2007 processes the EXAMINE command
16. 974344 You still receive an error message when you run the Test-OwaConnectivity command after you apply hotfix KB957485 in Exchange Server 2007
17. 974401 Store sessions are not released when you run the Add-PublicFolderClientPermission cmdlet or the Remove-PublicFolderClientPermission cmdlet in public folders on a computer that is running Exchange Server 2007
18. 974450 A new accepted domain that is added does not work in an Exchange Server 2007 organization
19. 974679 Returned folder names include a question mark when you check the folder names of an Exchange Server 2007 mailbox
20. 974775 The EdgeTransport.exe process crashes intermittently on an Exchange Server 2007 server
21. 974843 Exchange Server 2007 performance counter “Messages queued for submission” shows incorrect value
22. 974897 You receive an NDR you try to send messages through your Microsoft Exchange Server 2007 account
23. 974946 Exchange Server 2007 OWA users receive an error message when the users change the display line for the search results on the address books
24. 974999 The “Task Owner” field is not set when you create a task in Outlook Web Access
25. 975050 A call transfer fails by using key mapping in a mixed Exchange Server 2007 UM server and OCS 2007 environment
26. 975165 EWS proxying requests fail after you run Availability Service requests in a CAS to CAS proxying scenario in Exchange Server 2007
27. 975213 You cannot log on to your mailbox and you receive an error in an Exchange server 2003 and Exchange Server 2007 coexist environment
28. 975255 Event 2104 and event 2147 are continuously logged in an Exchange Server 2007 Cluster Continuous Replication (CCR) environment
29. 975404 An attachment of a meeting request cannot be opened when you use a CDO application to accept a meeting request in Exchange Server 2007
30. 975844 The misspelled word of a message loses its custom format when an Exchange Server 2007 user writes the message in OWA
31. 975903 The RemoveDelegate operation of EWS fails, and then a “500 internal server” error response and event ID 4999 are logged in an Exchange Server 2007 server
32. 975916 The custom form of a meeting request is removed in the recipients’ calendar in an Exchange Server 2007 environment
33. 975918 When an IMAP4 client sends a FETCH (bodystructure) request to a server that is running the Exchange Server 2007 IMAP4 service, a corrupted response is sent as a reply
34. 975946 An S/MIME message is not verified and is rejected when BizTalk Server 2006 uses the Exchange Server 2007 version of ExSMime.dll to parse MIME messages
35. 975990 Messages that have duplicate message IDs are deleted when they are archived to an Exchange 2007 mailbox
36. 976025 The free/busy information of an Exchange Server 2007 user is not displayed
37. 976106 Microsoft Exchange Transport services crashes with StackOverflowException when Message Journaling is enabled on Exchange Server 2007
38. 976107 You receive the warning “Failed to update recipient” when you run the Update-addresslist cmdlet in Exchange Management Shell on Exchange Server 2007
39. 976137 Exchange Server 2007 Unified Messaging incorrectly plays a nonbusiness hours greeting when someone calls during holiday
40. 976195 You cannot edit a transport rule if one or more of the recipient addresses are disabled or removed in an Exchange Server 2007 server
41. 976653 The Cluster Administrator shows that the mount operation fails and error 1003 is logged even though the database is mounted in an Exchange Server 2007 CCR or in a SCC environment
42. 976787 The Calendar Month View displays a numeric date and not an abbreviated month name when you set the Regional Settings to Japanese or to Korean in Outlook Web Access for Exchange Server 2007
43. 976794 When you edit an e-mail message in OWA, the font changes to the default Internet Explorer font
44. 976946 The message delivery time is incorrect when you send e-mail messages by using an IMAP4 client together with the APPEND command in Exchange Server 2007
45. 977085 An incorrect value for DumpsterMessagesDeleted is reported in an Exchange Server 2007 environment
46. 977091 The time for an updated meeting request is incorrectly shown in an exception instance of a recurring meeting request on an Exchange Server 2007 environment
47. 977181 The EXOLEDB component is not initialized successfully when you start Exchange Information Store Service on an Exchange Server 2007 server
48. 977223 A move operation on a folder fails when the “ptagProvisionedFid” attribute is invalid in an Exchange Server 2007 environment
49. 977261 One or more errors occur when you set the Message Access logging level to Expert in an Exchange Server 2007 SP2 server
50. 977355 Non-ASCII characters in a display name of a forwarded message are shown with “?” when the display name of a contact is in East Asia characters in an Exchange Server 2007 environment
51. 977412 Error message when you use the WebDAV protocol to connect to an Exchange Server 2007 server: “Error 1000”
52. 977425 The “Proxy server name” field is incorrectly shown in OWA in an Exchange Server 2007 CAS-to-CAS proxy environment
53. 978593 Windows Server 2008 VSS backup plug-in fails to backup Exchange 2007 Service Pack 2 databases that reside on a volume mount point

Download the rollup here. It is also available on Microsoft Update.

Installation Notes:

If you haven’t installed Exchange Server yet, you can use the info at Quicker Exchange installs complete with service packs and rollups to save you some time.

Microsoft Update can’t detect rollups for Exchange 2010 servers that are members of a Database Availability Group (DAG). See the post Installing Exchange 2010 Rollups on DAG Servers for info, and a script, for installing update rollups.

Update Rollups should be applied to Internet facing Client Access Servers before being installed on non-Internet facing Client Access Servers.

If you’re installing the update rollup on Exchange servers that don’t have Internet access, see “Installing Exchange 2007 & 2010 rollups on servers that don’t have Internet access” for some additional steps.

Having had to install rollups on a bunch of Exchange 2010 servers recently, I took the info from the original post Installing Exchange 2010 rollups on DAG servers and combined it all into a PowerShell script. I also updated the original article to include steps using Exchange Management Console (EMC). Take a look at the original post for the updated info and script.