Get a users mobile device details using the Exchange Management Shell

Here is a quick command to get the details of a particular users mobile device or smartphone, including the device ID and the time it last synced, etc, using the Exchange Management Shell. When you type the command replace Username, with the name of the user that you wish to examine:

Get-ActiveSyncDeviceStatistics -Mailbox Username | Format-List

Display mobile device statistics using get-activesyncdevicestatistics

Ref:

http://technet.microsoft.com/en-us/library/aa996908(EXCHG.80).aspx

Could not load the file or assembly Microsoft.Web.Administration Version=7.0.0.0 when running the Exchange Management Console

Earlier today I received the following error message while using the Exchange 2007 32bit Admin tools on a Windows 7 client computer, when trying to access information under ‘Server Configuration’ in the Exchange Management Console:

 

“Could not load file or assembly ‘Microsoft.Web.Administration, Version 7.0.0.0, Culture=neutral,PublicKeyToken=31bf3856ad364e35’ or one of its dependencies. The system cannot find the file specified.”

Error message Could not load file or assembly Microsoft.Web.Administration

 

To correct this error I opened the ‘Turn Windows features on or off’ screen and enabled the Internet Information Services (IIS) Web Management Tools, as shown below:

 

Enabling the IIS Web Management Tools in Windows 7

 

I then restarted the Exchange Management Console and the desired functionality was restored.

Restrict or filter GAL access for OWA users using MSExchQueryBaseDN in Exchange 2007

When hosting Exchange 2007 mailboxes for use purely with Outlook Web Access (OWA) you may wish to limit access to the Global Address List (GAL), so that logged in users can only see a subset of the contacts in the GAL. This would be particularly relevant in hosting environments where mailboxes may be hosted for multiple companies in the same active directory, and you might want users to only see contact information from users for their company, rather than all companies.

A while ago we had a situation where this was a requirement. In our case there were several groups of users who would only be accessing email through OWA, and only needed contact information for a subset of staff. We were able to use custom address lists and the MSExchQueryBaseDN user attribute to solve this problem.

If you run adsiedit.msc and look at the properties of a user object you can scroll down the list of attributes to find MSExchQueryBaseDN.

The MSExchQueryBaseDn attribute in adsiedit

In order to limit which contacts a particular user or group of users can access, firstly you need to set up a new Address List either using the Exchange Management Console, or Exchange Management Shell. The address list should contain the contacts that you want the user or group of users to be able to view. Please note that you could point the MSExchQueryBaseDN attribute to an Organizational Unit, so it would filter contact information for just the users in that OU, but if you need the flexibilty to include contact information for users from various OUs in active directory, it may be easier to use a custom address list.

Once this is done you need to set the MSExchQueryBaseDN attribute of each of the users who you want to restrict to the distinguished name of the address list you created.

e.g.

CN=YOUR_RESTRICTED_ADDRESS_LIST,CN=All Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=YOUR_DOMAIN,DC=local

Where YOUR_RESTRICTED_ADDRESS_LIST is the name of your address list and YOUR_DOMAIN is the name of your domain.

Obviously it would be too time consuming to set this attribute manually for hundreds of users so you could either use ADModify if you want to use a GUI:

Set MSExchQueryBaseDN using ADModify.Net

To reset to the default value using ADModify.Net use a value of ‘null’.

You could also use  to achieve this in Powershell if you would prefer to use the command line. Further details can be found here.

Please note: Using this attribute in Exchange 2010 SP1 may result in undesirable consequences. It has been reported that if this attribute is used you may find that users with the attribute set cannot view the contents of their address list, particularly in Outlook.