Exchange Geek's Weblog

I'm a Geek!

Archive for April, 2009

Using MFCMAPI to delete delegate rules from mailbox

Posted by Milind Naphade on 30/04/2009

Note: This post is purely intended to demonstrate the use of MFCMAPI to delete calendar delegate rules. There are several other steps you may want to go through before you actually go ahead and follow steps in this post.

Outlook, LDAP and MAPI offer a great feature of delegation of mailboxes to a particular user within the organization. It works almost the same way in all version of Exchange Server 200x family. I am not pretty sure about Exchange 2010 yet because never had a chance to look at it so closely.

Well, though the delegation feature is a great facility provided to end users it becomes a pain for administrators sometimes. One of the most annoying situations I always come across is when someone reports that he/she sent an email to some distribution list and then got an NDR that indicates that the email was not delivered to a user which has been deleted recently and does not work for the company anymore. and the NDR looks like:

From: System Administrator
Sent: Tuesday, April 28, 2009 10:06 AM
To: Geek, Exchange
Subject: Test Meeting Request

Your message did not reach some or all of the intended recipients.

Subject: Test Meeting Request
Sent: 4/28/2009 10:06 AM

The following recipient(s) could not be reached:

Geek, Exchange on 4/28/2009 10:06 AM
    The e-mail address could not be found. Perhaps the recipient moved to a different e-mail    organization, or there was a mistake in the address. Check the address and try again.
     <FQDN of my #5.1.7>

This type of NDR starts generating after you delete some user account from your organization and this user account was also a part of some DL and at the same time was delegated permissions on some other user’s mailbox in the same DL. Another case would be when you already know the delegated mailbox name however you are not able to fix the issue.

1. When you don’t know the name of the delegated mailbox yet you get the NDR:

Download the script at Glenn’s blog and run it in your Exchange Organization to find the user who had the deleted user account set as delegate or have a rule configured to forward emails. This script can be downloaded from (This script requires you having full mailbox access on all mailboxes in your organization)

Script shows all the delegate and forwarding rules in mailboxes. I will strongly recommend reading instructions at above link before you run it.

Once you get the name of desired mailbox you can certainly remove the rule either by logging on to the mailbox or by using MFCMAPI or mdbview32.exe. An alternate location to download it would be here.

2. When you know the delegated user account name but can not remove the rule using outlook:

Now, here you can use MFCMAPI to remove all those calendaring delegates and forward rules from a particular mailbox. Steps are below:

A. Open MFCMAPI.exe and logon to the store with Administrator privileges or with an user account which has full access to other mailboxes. To logon follow Session –> Logon and Display Store Table. This will show up the screen like below;

B. Right click on the mailbox you are logged on as and select Open Store from the context menu.


C. The next screen comes up which explore all visible and invisible folders in your mailbox.

D. Expand Root Container at the top of tree structure –> Expand Top of Information Store –>  right click on Inbox and select Display Rules Table


E. Another windows opens up and shows you the rules configured in the mailbox. Please note that only server side rules are displayed here.


F. This window may display several other rules as well. You have to find and select the rule which is provided by Schedule+ EMS Interface.

G. Right click on the rule and select to delete.

F. Any other rule can also be deleted using the similar method.

Posted in Exchange Server 2003, Exchange Server 2007, MBX | 3 Comments »

Sending meeting from blackberry returns a message that your message was forwarded by besadmin

Posted by Milind Naphade on 29/04/2009

Blackberry has emerged as a very strong client server interface for the concept of email on the go. Because of several security features, management ease and much more it has always ranked above the Windows Mobile based devices or EAS (Exchange Active Sync). Blackberry Enterprise Server integration with Exchange Server 2000 and Exchange Server 2003 was easier and was simply using GUI. As everyone is aware; once needed permissions for blackberry service account are setup and all other preparation for BES are done you can simply go ahead install it.

The service account used by BES is known as BESAdmin. BESAdmin required Send As permissions on all of the mailboxes within the organization. Once these permissions are setup; service account can forward emails to the devices as if the email was sent by the original sender. There is a complex algorithm in the form of MDS, Mailbox agents and so on runs in background which takes care of it fine.

Since Exchange Server 2007 started grabbing production environments people started implementing BES along with it too. I have always been observing an issue with most of the people that they complain, when they send a meeting request to someone using their BB handheld they are notified that their message was forwarded by BESAdmin or whatever is the name of their BES Service account. This notification looks like:


Your meeting was forwarded

besadmin   has forwarded your meeting request to additional recipients.



Meeting Time

Monday, March 30, 2009 3:00 PM-4:00 PM.



This is not a non delivery report or an error report either. This is just a notification like other MDNs in Exchange Server 2007.

To resolve this issue. You simply need to disable the forwarded meeting notification on the service account. In my environment I call it, BESAdmin. So here you go with the commandlet.

Get-MailboxCalendarSettings –Identity “BESAdmin” | Select RemoveForwardedMeetingNotifications

Ideally, above command should return the status of the RemoveForwardedMeetingNotifications as $False

Now,  you have to set it to true. Run the following cmdlet.

Set-MailboxCalendarSettings –Identity “BESAdmin” -RemoveForwardedMeetingNotifications $True

And that should be it. It should stop all those forwarded meeting notifications.

Posted in Exchange Server 2007, Mobility | 2 Comments »

How to renew a self signed certificate in Exchange Server 2007

Posted by Milind Naphade on 24/04/2009

When a new Exchange Server 2007 role is installed on a computer the server automatically generates a self signed certificate to be used with services like transport (SMTP), POP,  IIS (OWA and Exchange Web Services) and IMAP. This certificate expires right after the completion of one  year from the date server was installed or the certificate was reassigned manually. To check the status of the certificate using Exchange Management Shell. Executing the cmdlet Get-ExchangeCertificate |FL displays all relevant information about all the certificates assigned, enabled and being used or not used by Exchange Services.


You may see more than one certificate listed on your exchange server(s) and that may be simply because you or someone else from your team have already tried working with certificates on the server.

If you see the above picture, you will notice that the certificate I have on my server is valid till 24th March 2010. NotAfter holds the value in mm/dd/yyyy h:mm:ss format. NotAfter – means this certificate will not be valid after the time stamp listed in this field. On the other hand the value NotBefore – means that this certificate will not be valid before the time stamp mentioned.

So once you cross the date listed in field NotAfter the certificate becomes invalid and indeed may open up doors to many other troubles like connectivity to web services, SMTP transport, POP and IMAP retrieval, etc. To renew the certificate you can simply run a cmdlet and get a new self signed certificate. But, this is just not as simple as simply running a cmdlet and get a new certificate, there is a procedure to do it. Check the following steps:

1. Run Get-ExchangeCertificate |FL – This will list details of all certificates that you have assigned to Exchange Services. Please understand, this cmdlet does not retrieve any information about any other certificate from local certificate store which is not used by Exchange. Once you get the output printed on the screen; note down the Thumbprint of certificate into a notepad.

2. Run Get-ExchangeCertificate –Thumbprint “58C846DEEA2865CA9E6DD4B42329A9AC994EBF63” | New-ExchangeCertificate . This renews the certificate. You will notice the moment you press enter on keyboard you may be prompted to confirm if you want to use the same certificate for SMTP service.


3. Check if the certificate is renewed. This can be simply examined by looking at the changes in thumbprint of the certificate after running the cmdlet mentioned in step 2. You can see the changed thumbprint in below picture.


4. Looking correctly to the above picture you will also notice that the certificate is not being used to secure IIS based services anymore though the NotAfter and NotBefore dates have changed. To enable this renewed certificate for IIS as well run Enable-ExchangeCertificate – Thumbprint “E0BB201793DC74D0F94F3275E6AA53BA75907565” –Services IIS

5. Verify all the services are working correctly after renewing and enabling the certificate.

6. Remove old certificate by running Remove-ExchangeCertificate –Thumbprint “58C846DEEA2865CA9E6DD4B42329A9AC994EBF63”

Posted in Exchange Server 2007 | 12 Comments »

Exchange 2010 (E14) Beta 1 is out

Posted by Milind Naphade on 15/04/2009

The latest version of Microsoft Exchange Server 2010 is finally available for public download, though it is not available in 32 bit version yet . The current download is the Beta 1. Related documentation can be found at Microsoft TechNet website for further references.

Again, a x64 based product with a lot of modification in the functionality and architecture. Microsoft seems to be moving to .Net 3.5 platform with for Exchange 2010 development. Due to changes in architecture of the product it might look a little different than its previous release; Exchange Server 2007 but it still inherits many feature with much advanced functionality. Key changes in Active Directory Schema, Permissions Model, Mailbox Server role, Routing, High Availability, and much more are the things of interest for those who have already worked on its legacy versions.

So now you can download and enjoy testing 😉

Download Exchange Server 2010 Beta 1

Read Technical Documentation

Posted in Exchange Server 2010 Beta 1, News | Comments Off on Exchange 2010 (E14) Beta 1 is out