Transport rules with Mail Enabled Public Folder as destination

Exchange 2007 Management console doesn’t allow to use a mail-enabled public folder as a destination for transport rules, so the only way it’s make the rule from PowerShell.

In the following example we’ll create a Transport rule that sends a blind copy to a mail-enabled public folder for each message sent by a user.

$Mailbox = "user@example.local"
$PublicFolder = "\PF1\mailenabled-pf-01"
$condition = Get-TransportRulePredicate From
$condition.Addresses = @(( Get-Mailbox $Mailbox ))
$action = Get-TransportRuleAction BlindCopyTo
$action.Addresses = @(( Get-MailPublicFolder $PublicFolder ))
New-TransportRule -name "From $Mailbox Send A Bcc To $PublicFolder" -Conditions @($condition) -Actions @($action)


Public folders storage limits

In spite that Exchange 2007 documentation dosen’t specify any hard-coded limit for public folders, it seems that it exists.

When you try to set a Storage Limit greater than 2 GB, you get the folowing error:

Set-PublicFolder “\.pf1\test-pf” -StorageQuota 4096MB

StorageQuota(4GB) is out of range: [0KB,2097151KB].

At line:1 char:1

+ S <<<< et-PublicFolder “\.pf1\test-pf” -StorageQuota 4096MB

This is the NDR message when you send an e-mail to a mail-enabled public folder that have reached 2GB limit:

#550 5.2.2 STOREDRV.Deliver: mailbox full. The following information should help identify the cause: “MapiExceptionQuotaExceeded:16.18969:020C0000, 17.27161:000000005A020000000000008C00000000000000, 255.23226:00000000, 255.27962:7A000000, 255.27962:0A000000, 255.27962:0E000000, 255.27962:0A000000, 255.27962:94000000, 255.17082:D9040000, 0.27745:15000000, 4.21921:D9040000, 255.27962:FA000000, 255.1494:2F400000, 255.1238:00000000, 0.36537:0F010480, 4.5587:0F010480, 0.65193:0F010480, 0.31004:0F010480, 0.39497:0F010480, 4.55881:0F010480, 0.27676:0F010480, 0.23580:0F010480, 0.36537:0F010480, 4.5587:0F010480, 0.65193:0F010480, 6.21970:0F0104800B0008670F010480, 6.21970:0F0104800B00C5660F010480, 4.23921:EC030000, 6.21970:0F010480030022670F010480, 4.23921:EC030000, 6.21970:0F010480030021670F010480, 4.7477:D9040000, 4.6167:D9040000, 4.5093:D9040000, 4.5318:D9040000, 4.10104:D9040000, 0.21097:0F010480, 4.8756:BFF9FFFF, 4.4353:BFF9FFFF, 4.5257:BFF9FFFF, 4.4606:D9040000, 255.1750:840E0000, 0.26849:D9040000, 255.21817:D9040000”. ##


Exchange media, service packs, trial editions and edition upgrades…

Exchange 2007 has an unique media for all editions. Once you enter the product key, that key will determine which version you will have installed.

More important, if you need to install a new Exchange server, the only media needed is the media with Exchange 2007 SP1 files, or just the E2K7SP1X64.exe file downloadable from Microsoft site. Doesn’t matter if you will do a lab install(Trial edition), production install, standard or Enterprise, SP1 files are the only thing needed. No more trial, standard, enterprise, “I-don’t-really-know-if-this-MSDN-media-works-for-my-production-install-on-the-customer-server” media editions!

More info at

Evaluations and Product Keys
When you install Exchange 2007, it is unlicensed and referred to as a Trial Edition. Unlicensed (Trial Edition) servers appear as Standard Edition, and they are not eligible for support from Microsoft Product Support Services. The Trial Edition expires 120 days after the date of installation. When you start the Exchange Management Console, if you have any unlicensed Exchange 2007 servers in your organization, Exchange displays a list of all unlicensed Exchange 2007 servers and the number of days that are remaining until the Trial Edition expires. If you have expired unlicensed Exchange 2007 servers, you also see a separate warning for each expired server. No loss of functionality will occur when the Trial Edition expires, so you can maintain lab, demo, training, and other non-production environments beyond 120 days without having to reinstall the Trial Edition of Exchange 2007. You can even upgrade an expired Trial Edition of Exchange 2007 RTM to SP1.

Product keys can be used for the same edition key swaps and upgrades only, and they cannot be used for downgrades. You can use a valid product key to go from the evaluation version (Trial Edition) to either Standard Edition or Enterprise Edition. You can also use a valid product key to go from Standard Edition to Enterprise Edition. You can also license the server again using the same edition product key. For example, if you had two Standard Edition servers with two keys, but you accidentally used the same key on both servers, you can change the key for one of them to be the other key that you were issued. You can take these actions without having to reinstall or reconfigure anything. After you enter the product key, the edition corresponding to that product key will be reflected.

On stand-alone computers that have the Mailbox server role installed, the Microsoft Exchange Information Store service must be restarted for the product key change to take effect. In an SCC or CCR environment, the clustered mailbox server must be stopped and started for the product key change to take effect. In addition, for computers with the Edge Transport server role installed, if the license key is applied to the Edge Transport server after you perform the Edge Subscription process, the licensing information is not updated in the Exchange organization and you must re-subscribe the Edge Transport server.
You cannot use product keys to downgrade from Enterprise Edition to Standard Edition, nor can you use them to revert to the Trial Edition. These types of downgrades can only be done by uninstalling Exchange 2007, reinstalling Exchange 2007, and entering the correct product key.

You can upgrade from the Trial Edition to the retail version by purchasing the appropriate licenses and by entering the product key that you get when you make the purchase. You can find the product key on the Exchange 2007 DVD case. It is a 25-character alphanumeric string, grouped in sets of five characters separated by hyphens. Step-by-step instructions for entering your product key can be found in How to Enter the Product Key. These steps include instructions for entering the key using either the Exchange Management Console or the Exchange Management Shell. However, in the 32-bit version, there is no Exchange Management Console interface for this because you cannot purchase 32-bit licenses.

By using either the Exchange Management Console or the Exchange Management Shell, you can see what edition you are running. By using the Exchange Management Shell, you can also see how many days, hours, minutes, seconds, and milliseconds are left on the 120-day trial period. Use the Get-ExchangeServer cmdlet and look for the Edition and RemainingTrialPeriod values.

Exchange Shell one-liner: Get last night online defrag statistics

Exchange writes an event once the online defragmentation process ends. This one-liner gets events written on the last day:
Get-EventLog -LogName Application | Where-Object { $_.eventID -eq 12
21 -and (New-TimeSpan $_.TimeGenerated $(get-Date)).days -lt 1} | select message

The database "SG1\MBX1" has 0 megabytes of free space after online defragmen...

Digital Certificate with more than one hostname in the CN field, needed for E2k7 CAS Role

The usual way of publishing an OWA server to the Internet, is using a friendly name as Since Exchange 2007 and Outlook 2007 clients use the Client Access Server for serveral functions (availability, autodiscovery, etc) the cn of the certificate used on the CAS should match the realname of the server, otherwise a warning will pop-up on clients from time to time:

The name on the security certificate is invalid or does not match the name of the site

One option to fix this issue is making a certificate with more than one hostname. The certificate must support Subject Alternative Names. IIS Certificate wizard doesn’t enable do this, so the only way is using Exchange Shell commands:

New-ExchangeCertificate -generaterequest -subjectname "o=Company," -domainname, realname,, -PrivateKeyExportable $true -path c:\certrequest-cas.txt

That only creates the cert request, so next you have to sign the request on your own CA, or send it to a Commercial CA for signing
Finally, to install and activate the cert:

Import-ExchangeCertificate -path c:\cert.txt -friendlyname "Company CAS Server" | enable-exchangecertificate -services "IIS,POP,IMAP"

More information at:

Script to fix issues with sending of attachments from Exchange to Notes (KB924240)

This script fix the issue reported on;en-us;924240

It’s a powershell script that modify all mail users (not mailbox users) from the search base that you specify, setting mAPIRecipient as FALSE. It’s based on a generic script to do AD modifications, found at

# Modify Search root:
$SearchRoot = "dc=use3,dc=local"

# Filter by mail users, that is: class = user,
# Exchange alias set and HomeServer no set
$Filter = "(&(objectClass=user)(!msExchHomeServerName=*)(mailNickname=*))"

$Scope = "subtree"

# mAPIRecipent = FALSE, No winmail.dat will be sent to mail users.

$Attribute = "mAPIRecipient"
$Value = "FALSE"

$Searcher = new-object DirectoryServices.DirectorySearcher
$Root = [ADSI]("LDAP://" + $SearchRoot)

$Searcher.SearchScope = $Scope
$Searcher.Filter = $Filter
$Searcher.SearchRoot = $Root

$UserList = $Searcher.FindAll()

foreach($User in $UserList)
  write-host $User.Path
  $UserADSI = [ADSI]$User.Path
  $CurrentValue = $UserADSI.Get($Attribute)
  write-host "Current Value is" $CurrentValue -ForeGroundColor White
  $Put = $UserADSI.Put($Attribute,$Value)
  $Set = $UserADSI.SetInfo()
  write-host "New value is" $UserADSI.Get($Attribute)

Exchange 2007 using Interim mode domain (not supported)

Exchange 2007 documentation it’s not clear about using Interim mode.

Active Directory Domain Functional Level set to Windows 2000 Native or greater

Iterim mode seems to be greater than Windows 2000 Native, but not.

Setting Interim mode doesn’t enable running Exchange 2007 setup. Readiness checks shows error: Active Directory domain “dc=demo,dc=com” is in mixed mode.