2014 in review

The WordPress.com stats helper monkeys prepared a 2014 annual report for this blog.

Here’s an excerpt:

The Louvre Museum has 8.5 million visitors per year. This blog was viewed about 110,000 times in 2014. If it were an exhibit at the Louvre Museum, it would take about 5 days for that many people to see it.

Click here to see the complete report.

Searching Duplicated Mail-Contacts in Active Directory / Exchange Server | Delete Duplicated Mail-Contacts from Active Directory / Exchange Server for Address Book

It’s been some time now that I have not updated the blog with some new stuff, so let’s give a try!

In multi-organizational behavior businesses where one big enterprise has many businesses running under one ownership, and where each company shares its resources and employees information, such as names, contacts, site information, and last but not least resource availability information with other group companies. For catering this requirement often times Exchange and Active Directory administrators have to import and export mail-contacts into each their environment, which later can be represented in Microsoft Exchange Address Book (Outlook) in the form of Address List for each separate group company. 

Often times we see that when this import and export process gets executed by either the central company or each of the group entity for sharing and receiving information individually, either we messes up entirely or partially with mail contacts duplication in Active Directory, which later causes mail delivery issues and in-consistency for address book.

How to fix mail contacts duplication?

To answer this question and to remove mail contacts duplication, use the below power-shell script, which can be scheduled on your Exchange Server to run automatically after each successful export against your Active Directory by the contacts-exporting-entity.

Functionality of the script:

  1. This script first tries to find duplicated mail contacts with multiple iterations
  2. After it finds the duplicated mail contacts exports the information for the administrator for record purpose, or for later deleting the mail contacts manually if administrator wants to use manual method
  3. Lastly if you want you can keep the “remove-mailcontact” argument at the end, it can delete the duplicated contacts automatically after the information gathering process gets complete

**Change the path of the organizational unit where you are storing all the exported mail contacts.


$DuplicatesContacts = @()
$FoundDuplicates=Get-mailcontact -OrganizationalUnit “zahirshah.me/contacts” -resultsize unlimited | Select PrimarySmtpAddress,DistinguishedName,Identity | sort PrimarySmtpAddress
$contact = $FoundDuplicates.Count-1
for ($ZS=0;$ZS -lt $FoundDuplicates.Count;$ZS++) {
            if ($ZS -ne $contact){
            $FIG1 = $NULL
            $FIG2 = $NULL
            $FIGREPL = $NULL 
            $FIG1 = ($FoundDuplicates[$ZS].PrimarySmtpAddress).ToString()
            $FIG2 = ($FoundDuplicates[$ZS+1].PrimarySmtpAddress).ToString()
            $FIGREPL = ($FoundDuplicates[$ZS+1].DistinguishedName).ToString()

            if (($FIG1 -eq $FIG2)) {
                        $DuplicatesContacts += $FIGREPL


$DuplicatesContacts > ContactsDup.txt
write-host “Duplicated contacts information have been successfully exported to ContactsDup.txt in the script directory”
$DuplicatesContacts = @()
$FoundDuplicates = $NULL

Remove-MailContact -Identity $FIGREPL -Confirm:$false


Note: It is recommended to give a try in test environment before you run against all production mail contacts.


I hope this would help to make your enviornment clean, cheers!

Zahir Hussain Shah

How to setup Exchange Mailbox Users Out Of Office Reminders Automatically with SAP ERP Exported CSV File and PowerShell Script

It’s been sometime now that I have not updated my blog with some new stuff, so let’s try with something which might be delicious for your taste-buds.

There are many occasions when an Exchange admin is asked to setup on-demand mailbox out of office reminders for some especial type of employees, I believe you must have got the idea what I’m talking about. :) These set of employees sometime forget to setup out of office reminders before starting their vacations, and there could also be a requirement where you are asked to set standardized out of office for all users.

 This script which we are going to see here, it is co-authored by my friend and colleague Ameen Abdullah. 

Setting up employees out of office reminders automatically without any active tool in-between both ERP and Exchange Server can bring some challenges, but thanks to Windows PowerShell which makes it easier to read data exported by ERP system and then setup employees out of office message as per corporate standards.

Let’s divide our blog post into three step as follows:

  1. Exporting employees leave details like mail alias or SAMAccountName, leave start date, and  leave end date to a central UNC share path where your ERP system is going to export these details as CSV tab delimiter format.
  2. Beautifying your Out Of Office message with formatting the HTML/HTM used by PowerShell script  
  3. Running the script and testing
  4. Scheduling the PowerShell script to run as per your decided schedule

Now we will deep dive into these above mentioned steps for more details:

Step 1: Exporting employee leave from ERP system into a CSV  File

You need to configure your ERP system or any other sort of system which has employee leave related data to export following sort of employee leave information into a CSV format (tab delimiter). This location should be accessible by PowerShell script, from my experience I would recommend it should be C:\ drive where I have seen in past that majority of PowerShell related stuff gets handy when they are located in C:\ drive. You can turn on the sharing on this folder for your ERP system to access it when it will export the CSV file. Make a note here that CSV file format is very important, it should be CSV tab delimiter so our PowerShell script can read it.


Step 2: Beautifying your Out Of Office message with formatting the HTML/HTM used by PowerShell script

You can add, delete and change the formatting of this HTM file according to your corporate standards and needs.


Step 3: Running the PowerShell Script against the Employee_Leave_Data.CSV file we exported from ERP System

 Note: Make sure your PowerShell execution policy is set to unrestricted for allowing our PS1 script to execute on the machine your are running on.

You can follow the below steps to make sure your PowerShell execution policy is set to unrestricted.


Note: Copy the below PowerShell script to your machine and make sure to save it as “.PS1”.

Note: Also not to forget for changing the file paths in the script if you’re keeping the exported CSV file and HTM file other than the root directory where the script is located.


# This Script will be used to set the Out of Office reply for the Users
# Author(s): Ameen Abdullah, Datacenter & Cloud Solutions Architect and Zahir Hussain Shah, MVP Exchange Server
# Web: http://www.zahirshahblog.com

##### Pass the following parameters ####

#Date Format: “7/15/2012 17:00:00″

##### Import csv file with all users going on leave

$usersOnLeave = Import-Csv “C:\Sample_Leave_Data.CSV” -Delimiter `t

##### To pass the credentials – not required #####
#$UserCredential = Get-Credential

##### Define the session variable to connect to #####
$Session = New-PSSession –ConfigurationName Microsoft.Exchange –ConnectionUri http://ExchangeServer.domain.com/PowerShell/

##### Import the session #####
Import-PSSession $Session -AllowClobber

##### Load Internal Message Text file
$internalMsg = Get-Content “C:\internalMessage.htm”
foreach($user in $usersOnLeave | select UserID, StartDate, EndDate)
$emailAlias = $user.UserID

##### Get the value of AutoReplyState #####
$autoReply = Get-MailboxAutoReplyConfiguration -Identity $emailAlias | select autoreplystate

##### Convert it to String #####
$autoReply = -join $autoReply

##### Check if AutoReplyState is Disabled then schedule it #####
if ($autoReply -eq “@{AutoReplyState=Disabled}”)
$startLeaveDate = $user.StartDate+” 06:00:00″
$endLeaveDate = $user.EndDate+” 23:30:00″

$startLeaveDatemsg = $user.StartDate
$endLeaveDatemsg = $user.EndDate
$internalMsg1 = $internalMsg -replace ‘startLeaveDate’,$startLeaveDatemsg
$internalMsg2 = $internalMsg1 -replace ‘endLeaveDate’,$endLeaveDatemsg

$objMailbox = Get-Mailbox $emailAlias
$objMailbox | Set-MailboxAutoreplyConfiguration -AutoReplyState Scheduled -StartTime $startLeaveDate -EndTime $endLeaveDate -InternalMessage $internalMsg2

Add-Content .\log.txt “Out of Office Set for $emailAlias”



Step 4: Scheduling the PowerShell script to run as per your decided schedule

You can create a brand new schedule task on the server preferably on the Exchange Server from where you would like to kick off this script. While creating the task schedule job make sure you take care of the following:

Schedule (Run):You can make any combinations as you like for the script to run on the scheduled interval
Security Options:Run with highest privileges
Program/Script: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Add arguments (optional): -Command C:\PowerShellScript.ps1



After all this in place you should be able to configure automatic Exchange mailbox users out of office reminders with the help of exporting employees leave data from your ERP system. It is not mandatory that you should have ERP system to get this employee information, it can also be extracted from MS Excel file or any other program or software your company is using to keep record of employees leave. Once the CSV file is available either run the script manually or schedule it to run for setting the OOF reminders for end-users.

I hope this would help you to bring some automation to your environment along with corporate standards and awareness between employees.

Thank you for reading this blog, you have a wonderful day!

Generating Exchange Server Mailbox Statistics Reports | GUI Tool for Generating Exchange Mailboxes Statistics Reports

Let me share with you one exciting new tool for Exchange Server reporting I came across today. It’s “Exchange Server Mailbox Statistics Tool” a GUI based tool for generating reports for your Exchange Server 2010/2013 mailboxes.

This tool is developed by Srinath Sadda and you can download it from here.

Important Note:
This tool should only install on the server running Exchange Server 2010 / 2013 with active Exchange Serve role installed. Running it on any other member sever with or without Exchange Management Tools installed will not help.


Some of the following tool’s screenshots are taken from the TechNet script gallery:




Clear Submission Queue on Microsoft Exchange Server 2007 / 2010 | Remove message from queue on Hub Transport Server | Delete ambigous messages from submission queue | Emails are stuck in the Exchange Server queue | Troubleshooting Exchange Queue

Author: Zahir Hussain Shah | MVP Exchange Server, CISSP

Troubleshooting Microsoft Exchange HUB Transport Server (Transport Queues)

Often due to loss of Internet connectivity and DNS name resolution issues, we run into a situation, where we see a big count of e-mails get stuck at Exchange HUB Transport Server queue, usually these e-mails get stuck at your smart-host connector, which is the next-hop for your e-mails, but sometimes, due to some conflicts and other issues, we see e-mails get stuck in the Exchange Hub Transport Server for different queues, instead of the one, which is bound with your smart-host, for an example, lets say if you are using FOPE (Microsoft Forefront Online Protection for Exchange Online Service), then in this case, you will see emails getting stuck at mail.global.frontbridge.com (SmartHostConnectorDelivery).

Okay, we said something about the queues, now let me drive your attention towards the goal of this blog post, where I will guide you the basic troubleshooting for your Exchange Hub Transport Server and its queue.

Here are few of the common issues with Microsoft Exchange Hub Transport Server and its queues:


1) E-mails get stuck at the SmartHostConnectorDelivery for out-bound e-mail delivery

2) Last Error: A matching connector cannot be found to route the external recipient

3) Last Error: 420 4.2.0 RESOLVER.ADR.Ambiguous; ambiguous address / Large number of messages get stuck at submission queue


E-mails get stuck at the SmartHostConnectorDelivery for out-bound e-mail delivery Issue:

For this type of problem, usually the cause is the loss of connectivity with Internet or with the HUB Site, which is responsible for routing e-mails to the appropriate destination (commonly to the Internet), and sometimes, it happens due to the bad DNS cache, which does not allow you to connect with the Smart-Host for the email delivery, and also the authentication which plays a vital part for allowing your HUB Transport Server to connect with remote-smart-host for delivering e-mails.

You can use the below solutions to fix this type of issues with e-mail delivery:

–>> Fix the IP connectivity issues for Internet / remote smart-host.

–>> Clear the DNS cache on DNS Servers and Exchange Hub Transport Servers (IPconfig /flushdns).

–>> Based on your remote-smart-host authentication requirements, set the appropriate authentication providers on your Send-Connector.

Last Error: A matching connector cannot be found to route the external recipient:

As it sounds with its name that the corresponding or matching send-connector is missing from Exchange HUB Transport Configuration, and for fixing this problem, you can create a send connector for the similar SMTP Address Space, but if you want to create a single SMTP connector for all type of domains, then make sure that you create *, a wild-card based SMTP connector, so all emails for any destination will be routed through this send-connector:

Last Error: 420 4.2.0 RESOLVER.ADR.Ambiguous; ambiguous address / Large number of messages get stuck at Submission Queue

This type of situation happens, when you perform some type of activity, which in result conflict the LegacyExchangeDN attribute on Exchange Server, (for reading more about legacyExchangeDN, read the below links), in this case, Exchange Server cannot decide where to send email for the particular legacyExchagneDN value, where the same value being used for either two different Mail-Enabled Users (Mailboxes) or between Mail-Enabled User (Mailbox) and Mail-Enabled Contact, in this situation, this emails will always stay at the Exchange Submission Queue, and you will constantly will receive the below errors in the Exchange Hub Transport Server event viewer:

Messages stuck at Submission Queue on Exchange Hub Transport Server:

Question: Okay, since these are ambiguous messages, which got created when there is a conflict of LegacyExchangeDN, now I have fixed it, so how can I remove these messages, because they are logging the above shown error log in me Exchange Hub Transport Servers event viewer?, well unfortunately, there is no way to delete messages from Exchange Management Console in both Exchange 2007 / 2010, and recently, while working for one case with Microsoft Support for Exchange Team, where I asked them can I delete these messages, so they told me the ONLY way to delete these ambiguous message from Exchange HUB Submission Queue, you have to Stop the Microsoft Exchange Transport Service, on Exchange Hub Transport Server, where the messages are stuck in the submission queue, and then rename the C:Program FilesMicrosoftExchange ServerV14TransportRolesdata” data folder to Data_OLD, and then start the “Transport Service”, which will recreate the “Data” folder, with fresh database for queue and other required files and folders, so this way you can delete these messages, and which sounded quite annoyed to me, that renaming these type of folders, is not a good idea, so I started looking for a solution, where I can delete these messages from Exchange Management Shell.

And a good thing that when I looked at the possibility for deleting these messages from EMS, so I found that it is pretty straight forward and easy, so lets see how you can delete them from Exchange Management Shell in both Exchange 2007 / Exchange 2010:

[PS] C:Windowssystem32>Get-Queue -id Submission | Get-Message | Remove-Message -WithNDR $false

Where in the above CMDLet WithNDR $false is telling the Exchange Server that dont send NDR to the original senders of the email, so you can scilently remove these messages from your Exchange without letting your end-users know.

In addition to the above CMDLet, you can use the same CMDLet for other queues, which are getting generate in your Exchange Hub Transport Server, for knowing about the Exchange Hub Transport Queue, you can run the below CMDLet:

[PS] C:Windowssystem32>Get-QueueIdentity                                    DeliveryType Status MessageCount NextHopDomain——–                                    ———— —— ———— ————-Server_Name\Submission                             Undefined    Ready  0            Submission

Server_Name \Unreachable                            Unreachable  Ready  1            Unreachable Domain

To know more about LegacyExchangeDN, see the below links:

Update legacyExchagneDN attribute for Mail-Enabled Contacts

GAL Sync issues for LegacyExchangeDN
This blog post will enable you to manage and troubleshoot your Exchange Hub Transport Server and it’s queue efficiently.



Windows Server 2012 R2 Architecture Posters for Hyper-V and Building Private Cloud

Recently I came across Windows Server 2012 R2 Hyper-V and Private Cloud released Windows Server 2012 R2 related architectural posters. These architectural posters are explaining deep-dive working of new and enhanced features of this new product release.

You can download the following posters related as part of this release:

  • Windows Server 2012 R2 Private Cloud Virtualization and Storage
  • Virtual hard Disk Sharing
  • Virtual Hard Disk and Cluster Shared Volumes
  • Understanding Storage Architecture
  • Storage Spaces and Deduplication
  • Scale-Out and SMB
  • Hyper-V and Failover Clustering


I hope you definitely would enjoy it as much I do; posting it somewhere near to my desk.


Cleaning Active Directory groups for disabled user accounts | Remove Active Directory group membership for disabled user accounts | Hide disabled user accounts from Exchange Address List

For sometime I was looking for a script which can remove the group membership of all selected hundreds of disabled user accounts and make them hidden from Exchange Address List and also if needed can move them into another OU. But my search never got some fruitful results also I tried doing the same by building my own script with native PowerShell CMD-Lets for Active Directory module but didn’t work. It might be because I’m not too good with scripting.

Well recently I found one wonderful script which can help you to do the following:

  • Removing Active Directory group membership (except Doman User group as it is the primary group and you cannot delete its membership) for Disabled User Accounts provided in a  CSV file
  • Moving the user accounts into another OU (optional)
  • Hide the disable user accounts from the Exchange Address List

This script is written by Jason Medlin and you can find the script official posting over here.

All you need to download and install Quest PowerShell module for Active Directory. It’s a free tool and will allow you to make this script work.

So let’s export all the user account into CSV file and keep their “SamAccountName” name only and that’s it. You have to edit the CSV file location in this script and when you execute it will perform the above mentioned tasks against the provided user names in the CSV file.


MonitoringHost.exe CPU utilization problem causing Exchange VMs Performance Problems by OpsMgr 2012: Hyper-V Management Pack Extension for Windows Server 2012 Hyper-V

In this blog post we will talk about OpsMgr 2012: Hyper-V Management Pack Extension for Windows Server 2012 Hyper-V role. This management back came out on 22, June 2013 and was published on “Kevin Holman’s System Center Blog”.

This management pack extension were using the original Windows Server 2012 Hyper-V management pack with some extended capabilities to monitor the following properties of Windows Server 2012 Hyper-V hosts:

  • VMs Integration Services Version monitor
  • Hyper-V Replica Health Monitoring Dashboard and States
  • SMB Shares I/O latency monitor
  • Hyper-V Hypervisor Logical processor monitoring
  • Hyper-V Hypervisor Virtual processor monitoring
  • Hyper-V Dynamic Memory monitoring
  • Hyper-V Virtual Networks monitoring
  • NUMA remote pages monitoring
  • SLAT enabled processor detection
  • Hyper-V VHDs monitoring
  • Physical and Logical Disk monitoring
  • Host Available Memory monitoring
  • Stopped and Failed VMs monitoring
  • Failed Live Migrations monitoring

Although everything look fine in the start but over the time, after first deploying this I have seen that occasionally “MonitoringHost.exe” and some other core Hyper-V related processes on my Windows Server 2012 Hyper-V hosts takes 100% of CPU time sharing. This situation stays same until and unless I manually go and kill the process or as a result of this if it stays for longer period we use to see that Hyper-V hosts get unexpected reboot.

Since the similar issue was reported in the RTM release of System Center Operations Manager 2012 agent, so I didn’t think about this newly installed community driven Hyper-V 2012 management pack extensions. Microsoft also released System Center 2012 SCOM roll up 2 in which they documented and fixed this problem. And the similar also got fixed in the System Center 2012 R2 release.

Recently one of my customer reported me that they waited for System Center 2012 R2 and when the initially upgraded their SCOM 2012 server with R2 and agents on their Windows Server 2012 Hyper-V hosts. Things didn’t get change and they remain seeing “MonitoringHost.exe” alike process to stays at 100% CPU utilization on their servers.


Cause and Solution:
After some troubleshooting we found that this is Hyper-V management pack extensions which is requesting a lot of data which agent sometime fails to provide or get stuck in between which causes its process to go beyond and stay at 100% of CPU utilization. Even if you install SCOM 2012 Rollup 2 or upgrade to SCOM 2012 R2 the issue will not get fixed.

So the solution is to remove Hyper-V management pack extensions from the environment and use the default as it is not created and tested by Microsoft but by some community driven people. If you don’t like the solution then you have to dig deeper and need to find the actual performance monitor which is causing this 100% CPU utilization and might get it disable in SCOM.



Tips and Tricks: Unable to create Lync 2013 client “Automatically start Lync when I log on to Windows” registry settings in [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

By default Lync 2013 client doesn’t pop up automatically on user machines when they log off or restart their workstations. For deploying company wide policy to start Lync client automatically upon Windows start, you have to deploy a registry for enabling the Lync feature for “Automatically start Lync when I log on to Windows”.

This registry entry needs to be created in [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run], which holds all the auto-start-up program records which needs to kick off while Windows starts. Lync related automatically start-up registry entries settings are as follows:
“Lync”=”\”C:\\Program Files (x86)\\Microsoft Office\\Office15\\lync.exe\” /fromrunkey”

I recently happened to see a problem where, you are not allowed to create any registry entry in [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]. Initially I was thinking that its a permission problem, but later I could find that it is McAfee Virus Scan which is installed on the client PCs which has restricted me to create anything in this container.

You can add regedit.exe as the allowed programs in the Access Protection rules within McAfee VSE or in EPO in case your centrally managing McAfee VSE for all clients. You can alternatively also do by export McAfee VSE access protection rule registry and then import it into all users using Group Policy preferences.


Zahir Hussain Shah


Get every new post delivered to your Inbox.

Join 378 other followers