Exchange Server Patching

Exchange Server Patching

As we’ve mentioned before, you must patch Exchange 2007 to the very latest Service Pack and Update Rollup before you attempt to do anything with Exchange 2013.

Download and install these patches from here:









    Preparing server for ex2013

    Server prerequisites

    Install the following

    Windows Server 2012 R2 and Windows Server 2012 prerequisites

    Mailbox client access server Roles

    Open PowerShell

    Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation


    Then restart

    After installing feature

    Install the following

    Unified Communications Managed API 4.0 Runtime



    Edge transport Role

    Install-WindowsFeature ADLDS



    Preparing the domain

    Permissions required:

    Your login id must have following group membership:

             Domain Admins

             Schema Admins

             Enterprise Admins

            Organization management if any (2010/2007) exchange org exist.


    Open power shell run the following command

    Install-windowsfeature RSAT-ADDS

    First extract the installation files

    Choose directory to extract



    Prepare the schema

    Then open command Prompt

    Go to the location of the installation file

    setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms


    setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms /OrganizationName:PGesco



    setup.exe /PrepareDomain /IAcceptExchangeServerLicenseTerms


    Check the following before installation

    The replication

    Go to cmd and run the command “repadmin /replsum” and check for error

    If replication is fine we can continue


    Installing EX2013Sp1

    Run the setup.exe and you will see the below screen



    Choose the Roles and un check the automatic roles and feature

    Malware protection

    Readiness check


    Installation starts




    Moving mailboxes from 2007 to 2013

    First create database





1    Outlook    1

1.1    Outlook Rules    1

1.    Client-only rules    1

2    Server-side rules    1

3    Mobile Seamless move    2

4    User and password Prompt screen    2



Moving mailboxes online Troubleshooting





First Problem outlook Rules aren’t applied after the moving of exchange mailbox online

This is because some rules are on server and some rules are on the client side when moving the mailbox online some rules have to be recreated and pointing to the destination folders again


  1. Outlook

    1. Outlook Rules

      Office 365 – Server-side vs Client-only Rules

      Client-only rules

          have at least one condition or action that uses an Outlook feature and they don’t run until you log into Outlook with the account that you used to create the rule. For example, this is a client-only rule:

      From <people or distribution list>, flag message to <play a sound>

      In this example, you ask the rule to play a sound when you receive a message and this condition can be performed only by Outlook, which makes it a client-only rule.


    Server-side rules

        use conditions and actions handled by the Exchange server and these rules run whether or not you log into Outlook on your computer. Here’s an example of a server-side rule:

    From <people or distribution list in the GAL or your contacts list>, move it to the <specified> folder

    This rule uses all Exchange server information, like moving a message from a sender who’s in the Global Address List (GAL) to a specific folder that’s in your Exchange mailbox

    user must be in the GAL and we must point to the folder again 



  1. Mobile Seamless move

    Mobile must be configured with default configuration not advanced


  1. User and password Prompt screen

    1. After moving online outlook will as for the credentials for the first time 0nly
    2. Single Sign on – Prompt for Credentials (Default must sign in first time )

Understanding Custom Attributes

Dynamic groups

Microsoft Exchange Server 2010 and Exchange Server 2007 include 15 extension attributes. You can use these attributes to add information about a recipient, such as an employee ID, organizational unit (OU), or some other custom value for which there isn’t an existing attribute. These custom attributes are labeled in Active Directory as ms-Exch-Extension-Attribute1through ms-Exch-Extension-Attribute15. In the Exchange Management Shell, the corresponding parameters are CustomAttribute1 through CustomAttribute15. These attributes aren’t used by any Exchange components. They can be used to store Active Directory data without having to extend the Active Directory schema.

Get-Mailbox -OrganizationalUnit Sales | Set-Mailbox CustomAttribute1 “SalesOU”

Now you can create an e-mail address policy for all recipients that have the CustomAttribute1 property that equals SalesOU, as shown in this example.


New-EmailAddressPolicy -Name “Sales” -RecipientFilter { CustomAttribute1 -eq “SalesOU”} -EnabledEmailAddressTemplates “SMTP:%s%2g@sales.contoso.c

For Dynamic Groups

When creating dynamic distribution groups, e-mail address policies, or address lists, you don’t need to use the RecipeintFilter parameter to specify custom attributes. You can use theConditionalCustomAttribute1 to ConditionalCustomAttribute15 parameters instead. You can create a dynamic distribution group based on the recipients whose CustomAttribute1 is set to SalesOU, as shown in this example.

New-DynamicDistributionGroup -Name "Sales Users and Contacts" -IncludedRecipients "MailboxUsers,MailContacts" -ConditionalCustomAttribute1 "SalesOU"


Ref: https://technet.microsoft.com/en-us/library/ee423541(v=exchg.141).aspx

How to add custom attributes to rules in Dynamic Exchange Groups Exchange

Open exchange management shell run the following


Get-DynamicDistributionGroup “DynamicGroupName” | Fl


Then run the following

set-DynamicDistributionGroup “DynamicGroupName” -CustomAttribute1 DDL

Get-DynamicDistributionGroup “groupName” | FL

To make sure it worked

In this scenario only dynamic groups will be added as members of another dynamic group


To set all custom attribute of dynamic groups to same value

Get-DynamicDistributionGroup | set-DynamicDistributionGroup -CustomAttribute1 DDL

$DDG = Get-DynamicDistributionGroup “Groupname”

Get-Recipient -RecipientPreviewFilter $DDG.RecipientFilter

  • Go to the Office 365 admin portal
  • Open the SharePoint admin center
  • On the left choose user profiles
  • Manage User Profiles

Manage User Profiles

  • Find the user you would like to have access to
  • Open the item menu of the user
  • Manage site collection owners

Administrative Access OneDrive for Business Manage User Profiles Item Menu

  • Add your administrator account

OneDrive for Business Site Collection Admin

After executing the steps above, you will see all files and folders for the current user:

Administrative access OneDrive for Business


Shared with everyone one drive

If you have only a handful of users and you want to recreate the Shared with Everyone folder, follow these steps.

  1. Instruct your users to navigate to OneDrive for Business.
  2. Create a folder called Shared with Everyone (or a similar name), following the same steps you would do to Create a document from OneDrive for Business.
  3. Share the folder with everyone in the organization as explained in Share documents or folders in OneDrive for Business.


    Use Windows PowerShell cmdlet to restore “Shared with Everyone” provisioning


    Set-SPOTenant –SharingCapability Disabled –ProvisionSharedWithEveryoneFolder $true


    Introduction to the SharePoint Online Management Shell




  • if this parameter is not set or is set to null:   

    When a user shares with an external user, they enter an e-mail like stephen@contoso.com, and an email is sent to Stephen at stephen@contoso.com. When he attempts to accept the invitation (by clicking the link in the email), he can log in with any account he wants to use. For example, he could use stephen@contoso.com, stephen@live.com, or even dwight@contoso.com. The sharing email can be forwarded and accepted by anyone. This system ensures that external users who use email aliases or who do not have a Microsoft account or organization account are able to accept the invitation.

  • If this parameter is set to true:   

    The RequireAcceptingAccountMatchInvitedAccount parameter ensures that the user who receives the invitation is also the user who accepts it. If an invitation is sent to stephen@contoso.com, only a user who can log into stephen@contoso.com is able to accept the invitation. Any other email account displays an error page that directs to user to use the appropriate account.





    get-SPOTenant | FL RequireAcceptingAccountMatchInvitedAccount



    Ensures that an external user can only accept an external sharing invitation with an account matching the invited email address.

    The parameter accepts two values: True or False.

    True-User must accept this invitation with bob@contoso.com.

    False– When a document is shared with an external user, bob@contoso.com, it can be accepted by any user with access to the invitation link in the original e-mail.

    Administrators who desire increased control over external collaborators should consider enabling this feature.

How to Get Administrative Access to the OneDrive for Business Environment of a User

If you are familiar with SharePoint Online, you might recognize some of these steps to get administrative access.

  • Go to the Office 365 admin portal.
  • Open the SharePoint admin center.
  • On the left, choose user profiles.
  • Choose Manage User Profiles (see figure 2).

Figure 2: Manage User Profiles

  • Find the user you would like to have access to. For this article, we’re using Sara Davis.
  • Open the item menu of the user.
  • Choose Manage site collection owners (see figure 3).

Figure 3: For administrative access to OneDrive for Business, click the Manage User Profiles item menu

Add your administrator account (figure 4) to the list of site collection administrators.

Figure 4: OneDrive for Business site collection admin

After executing the steps above, you will see all files and folders (figure 5) for the current user.

Figure 5: You now have administrative access to the user’s OneDrive for Business account

Ref: https://www.itunity.com/article/administrative-access-onedrive-business-environment-user-2792

%d bloggers like this: