Tuesday, June 9, 2015

Exchange Management Shell and Active Directory

Working in multi-domain / multi-site environments can sometime be tricky if we don’t know how the Exchange Management Shell (EMS) queries Active Directory (AD) in these scenarios.

In Exchange 2013 and 2010, we can use the Set-AdServerSettings cmdlet to manage the Active Directory Domain Services (ADDS) environment in the current EMS session. This cmdlet cmdlet replaces the AdminSessionADSettings session variable that was used in Exchange 2007 (which we will look at in a minute).

The following example specifies that all recipients in the entire forest can be viewed and managed (by default, only those in the local domain are used):
Set-AdServerSettings -ViewEntireForest $True

The following example sets the recipient scope to the IT Users OU in the nunomota.pt domain for the current session:
Set-AdServerSettings -RecipientViewRoot “nunomota.pt/IT Users”

The following example sets the scope of the current session to the entire forest and designates dc1.nunomota.pt as the preferred global catalog server.
Set-AdServerSettings -ViewEntireForest $True -PreferredGlobalCatalog dc1.nunomota.pt


The following are the most common parameters that administrators change:
PreferredGlobalCatalog: specifies the FQDN of the global catalog server to be used for reading recipient information in this session;
PreferredServer: specifies the FQDN of the domain controller to be used for this session;
RecipientViewRoot: specifies the OU to include in the recipient scope for this session. When we specify a recipient scope with this parameter, only the recipients included in the scope are returned;
ViewEntireForest: when we specify a value of $true, the value stored in the RecipientViewRoot parameter is removed and all of the recipients in the forest can be viewed and managed.


As already mentioned, in Exchange 2007 we had a variable named $AdminSessionADSettings for this purpose. To achieve the same as the examples above, all we have to do is update this variable as follows.

The following example specifies that all recipients in the entire forest can be viewed and managed (by default, only those in the local domain are used):
$AdminSessionADSettings.ViewEntireForest = $True

The following example sets the recipient scope to the IT Users OU in the nunomota.pt domain for the current session:
$AdminSessionADSettings.DefaultScope = “nunomota.pt/IT Users”

To set the recipient scope to the nunomota.pt domain and use dc1.nunomota.pt as the recipient domain controller, run the following commands:
$AdminSessionADSettings.DefaultScope = “nunomota.pt”
$AdminSessionADSettings.PreferredDomainControllers = “dc1.nunomota.pt”


Changing the recipient scope in the EMS changes the set of recipients that are returned for the Get- cmdlets of the recipient. The fields that are stored in the $AdminSessionADSettings variable are retained until the EMS is closed and is reset to its default settings the next time that the EMS is opened.

To make the changes permanent, we have to manually edit the Bin\Exchange.ps1 file in the Exchange Server installation folder and update lines such as:
$global:AdminSessionADSettings.ViewEntireForest = $false

No comments:

Post a Comment