With exchange 2007, you may have come across a situation when you have set message size restrictions correctly at all the four places as per Microsoft:
1. Global/Organizational Limit
2. Connector Limit
2.1 Send Connector
2.2 Receive Connector
2.3 Active Directory SiteLink Limit
2.4 Routing Group Connector Limit
3. Server Limits
4. User Level Limits
There may be times still that if you have set a 10 MB limit everywhere, users are not able to send/receive emails with attachments of 7 MB even. The problem happens because content conversion happens when Exchange converts an internet (MIME) message into Exchange (MAPI) format, and vice versa.
This conversion is done by Exchange while sending/receiving emails to/from Internet. Content conversion generally increases the message size - roughly by 30%.
------------ End of Document ------------------------
Tags: Exchange Server
Published Date: 20100817
Tuesday, August 17, 2010
Thursday, August 5, 2010
Assign rights to helpdesk to give SendAs permissions
There are multiple ways to assign Recipient Administration permissions to the helpdesk users. Some of them are:
1. Add them to "Recipient Management" RoleGroup directly using Exchange Shell. This will assign them the two important Roles "Mail Recipients" and "Mail Recipient Creation"
2. Add them to "Recipient Management" Active Directory Group. This group is already added to the "Recipient Management" RoleGroup.
3. If you have a mixed environment (2007/2010) then the old "Exchange Recipient Administrators" group is already a member of "Recipient Management" group.
However the catch is that they still will not be able to give SendAs permissions to the users on shared mailboxes.
The cmdlet that is required to give SendAs permissions is Add-ADPermission. This cmdlet is available in "Active Directory Permissions" Role. Do not worry because this role has only the below cmdlets:
Remove-ADPermission
Get-User
Get-SecurityPrincipal
Get-RoleGroup
Get-Group
Get-DomainController
Get-ADPermission
Add-ADPermission
As you can see that all of them are Get cmdlets and only Remove-ADPermission and Add-ADPermissions cmdlets so it is safe to add Helpdesk to this Management Role. Further more the switches that can be used with the Add and Remove AD Permission cmdlet are also restricted.
Now you have identified the RoleGroup and the Role to be assigned to the helpdesk to enable them to give SendAs permissions also. One you have done this, you need to asign the Role to the RoleGroup. We will choose the built-in Role Group "Mail Recipients". I have chosen this RoleGroup because it already contains most of the Roles required by the heldpesk to perform Mail User management.
To assign a Role to a Role Group, we use New-ManagementRoleAssignement cmdlet. Here is the syntax in this case
New-ManagementRoleAssignment -Name "Active Directory Permissions-Recipient Management" -SecurityGroup "Recipient Managemen" -Role "Active Directory Permissions"
The standard naming convention for creating management Role Assignment is as above only.
Once you have done the above then the Recipient Managament Role Groups will have the following Roles assigned:
Distribution Groups
Mail Enabled Public Folders
Mail Recipient Creation
Mail Recipients
Message Tracking
Migration
Move Mailboxes
Recipient Policies
Active Directory Permissions
The last Role has been assigned by the New-ManagementRoleAssignment cmdlet above. This will enable the helpdesk to do the complete management of the recipients including granting SendAs permissions.
------------ End of Document ------------------------
Tags: Exchange Server, Power Shell
Published Date: 20100805
1. Add them to "Recipient Management" RoleGroup directly using Exchange Shell. This will assign them the two important Roles "Mail Recipients" and "Mail Recipient Creation"
2. Add them to "Recipient Management" Active Directory Group. This group is already added to the "Recipient Management" RoleGroup.
3. If you have a mixed environment (2007/2010) then the old "Exchange Recipient Administrators" group is already a member of "Recipient Management" group.
However the catch is that they still will not be able to give SendAs permissions to the users on shared mailboxes.
The cmdlet that is required to give SendAs permissions is Add-ADPermission. This cmdlet is available in "Active Directory Permissions" Role. Do not worry because this role has only the below cmdlets:
Remove-ADPermission
Get-User
Get-SecurityPrincipal
Get-RoleGroup
Get-Group
Get-DomainController
Get-ADPermission
Add-ADPermission
As you can see that all of them are Get cmdlets and only Remove-ADPermission and Add-ADPermissions cmdlets so it is safe to add Helpdesk to this Management Role. Further more the switches that can be used with the Add and Remove AD Permission cmdlet are also restricted.
Now you have identified the RoleGroup and the Role to be assigned to the helpdesk to enable them to give SendAs permissions also. One you have done this, you need to asign the Role to the RoleGroup. We will choose the built-in Role Group "Mail Recipients". I have chosen this RoleGroup because it already contains most of the Roles required by the heldpesk to perform Mail User management.
To assign a Role to a Role Group, we use New-ManagementRoleAssignement cmdlet. Here is the syntax in this case
New-ManagementRoleAssignment -Name "Active Directory Permissions-Recipient Management" -SecurityGroup "Recipient Managemen" -Role "Active Directory Permissions"
The standard naming convention for creating management Role Assignment is as above only.
Once you have done the above then the Recipient Managament Role Groups will have the following Roles assigned:
Distribution Groups
Mail Enabled Public Folders
Mail Recipient Creation
Mail Recipients
Message Tracking
Migration
Move Mailboxes
Recipient Policies
Active Directory Permissions
The last Role has been assigned by the New-ManagementRoleAssignment cmdlet above. This will enable the helpdesk to do the complete management of the recipients including granting SendAs permissions.
------------ End of Document ------------------------
Tags: Exchange Server, Power Shell
Published Date: 20100805
Subscribe to:
Posts (Atom)