Posts tagged: Exchange

Dynamic lists and mail migration in Exchange 2007

Just a couple of quick tips which have helped me recently. Unlike Exchange 2003, creating dynamic lists based on AD attributes has become a little more complicated. Granted there is a built in wizard which works for some basic queries but doesn’t have the fine grained control that I needed.

For example to create a dynamic mailing list which will contain all users who have been marked as being in say the Perth office. This refers to the office field which you can set through AD users and computers or via the Exchange console. To create this load your Exchange shell as admin and run the following.

New-DynamicDistributionGroup -Name ‘Perth Staff’ -OrganizationalUnit’ -Alias ‘PerthStaff’ -RecipientFilter { (Office -eq ‘Perth’) }

To break it down you are limiting your search scope with the –OrganizationalUnit which improves performance by not having to search the entire tree when you don’t need to. The -Alias is self explanitory and the –RecipientFilter is simply what you are filtering on and in this case its the Office field and the fact it equals Perth.

This is just a simple dynamic list, check out the Microsoft page here for more advanced examples and options.


Mail migration between mailboxes has always been a bit of a pain. In the past Exmerge was the tool of choice however this is no longer needed come Exchange 2007. This could be useful for archiving mail out from one mailbox to another on different storage (Exchange 2010 has archiving built in which is much better) or you can even go to PST for maybe permanent archival to tape or optical media.

Make sure you have the latest service and you can simply run the export-mailbox tool via the Exchange shell.

export-mailbox –identity source.mailbox -includefolders "\Inbox" -MaxThreads 4 –TargetMailbox destination.mailbox -TargetFolder Archive

You can filter this further if needed but it’s relatively straight forward and will pull all the mail you specify out and put directly into the target mailbox without having to go to PST in between or use Outlook.

Good luck and have fun.

Howto generate Exchange 2007 certificates

By default Exchange uses a self signed certificate. If you are allowing external access its best practice to use a CA signed certificate either by your own internal CA or an external 3rd party trusted CA.

So to generate yourself a signing request open an Exchange shell as admin and run the following.

New-ExchangeCertificate -GenerateRequest -SubjectName “” -IncludeAcceptedDomains -DomainName, -IncludeAutoDiscover -Path c:\mycert.req

To break this command down, –GenerateRequest and –SubjectName are pretty straight forward and define the primary subject for the certificate. –IncludeAcceptedDomains tells it to add any other accepted domains to the certificate, useful if you accept mail for multiple domains. –DomainName is for additional domains you wish to specify, sometimes you may have a split internal and external domain so this would be used in that instance. And –IncludeAutoDiscover is one that gets forgotten but adds the autodiscover domain name to the certificate. If you do not include your autodiscover domain or the domain of the server it is on then you may get certificate errors when launching Outlook.

So now you have your certificate request, either plug it into your internal CA to get signed or pass this on to a 3rd party to get it signed by them. You should get a certificate file back and once you do simply run the following from your admin Exchange shell.

Import-ExchangeCertificate -Path C:\certnew.cer

Next step is to tell Exchange to use the certificate. Upon importing you should get the thumbprint of the certificate. With this you can enable the certificate by running the following and substituting the thumbprint.

Enable-ExchangeCertificate -Thumbprint THUMBPRINT -Services SMTP,POP,IMAP,IIS

One gotcha that I have seen a couple of times now is that the IIS/SMTP certs don’t stick. This presents itself after a reboot when suddenly its reverted back to the original certificate. In these cases I have found it necessary to re-run the command with just IIS and SMTP like below.

Enable-ExchangeCertificate -Thumbprint THUMBPRINT -Services SMTP,IIS

And that should be it, your certificate will take affect immediately and you should be good to go.

One last note, its worth keeping in mind that your paths may vary in terms of the OWA, OAB and Autodiscover paths and you should check to ensure that these are all correct. Domain name mismatch is pretty common which can create error messages which have the potential confuse users.

0.0.5 Release of CactiWMI

It’s been a while since I released an update and there have been a number of templates since 0.0.4 so packaged them up ready for consumption :)

Below are some examples of what we now have!

So we have some standard Windows stats such as system calls, context switches and process/processor stats.





We can now also monitor processes themselves on an individual basis.



And some new Exchange graphs including the much requested SMTP graphs.




And here is the download. Any questions or suggestions let me know and feel free to stop by the thread on the Cacti forums (Link!).

  CactiWMI-0.0.5.r50.tar.gz (53.7 KiB, 1,756 hits)

New release with Exchange Monitoring!

It’s been a little while since I have released anything but after a bit of work I have a new version which now supports monitoring Exchange! Previously I had monitored Exchange myself via WMI using a custom PHP script but now this can all be done with a reasonably straight forward set of templates and the generic wmi.php :)

Aside from just supporting Exchange here are the changes below:

  • Now parses out spaces and replaces with an underscore (needed for anything that has a name with spaces in it)
  • Included new debug mode which logs detailed information to a per host text file
  • Code cleanup, should make it a bit easier to configure
  • General tweaking

The biggest issue with Exchange that I encountered was that the store names could have spaces which would throw off Cacti when it interpreted the data being passed to it. But as you can see from below the changes have fixed this issue and allow for some useful monitoring.



The templates are included in the attached tar file, please note however that the active client logons will need tweaking to suit your system. For me I created two graphs based on the template then removed the template so that the name of each store could be displayed on the graph. You can do this or alternatively do per store graphs however I found it to be overkill and used two graphs of 5 stores each.

The new debug mode logs by default to /tmp but you can adjust this to wherever you like so long as it has the correct permissions. Effectively what you will end up with is a log file per host of the filename dbug_xx.xx.xx.xx where the x’s are your IP. Inside it will contain basically all the variables being passed in and out as well as the direct output from wmic etc. With this you should be able to track whats going on and debug any issues.

So there you have it everything you need to get started. I will have some additional Exchange templates over the next few weeks so stay tuned! For now if you need help leave a message or drop by the Cacti forums. Also one last note you can browse the latest code and check out any build you like from the web based Subversion repository. Check it out at

  CactiWMI-0.0.4.r45.tar.gz (39.7 KiB, 1,117 hits)