exchange interview questions

Top exchange frequently asked interview questions

Email Archiving in an Exchange Environment

We're looking into a solution to do email archiving and near-line backup of our Exchange Server 2007 environment.

We currently have about 200 mailboxes and the Mailstore is approx 150 GB. We need to be able to archive email for several years for legal purposes, and would like the archiving solution to also help with expediting restores of deleted messages if possible. Our System Support consultants have recommended Mimosa.

Anybody have experience with Mimosa, or other products in this market space?

Source: (StackOverflow)

Is there any open source Exchange server? [closed]

Is there any open source Exchange server that is work fine like Microsoft Exchange for Linux or Windows?

Source: (StackOverflow)

Linux clients for Exchange (email and) calendar [closed]

At $work, the official email solution is Outlook on Windows, connected to an Exchange server. That's problematic for people with Linux on their desktop machine.

The Exchange server supports IMAP, and e-mail works fairly well using the usual suspects, e.g. Thunderbird. It also provides the web mail interface, which is fairly crap unless you use IE. (Any other favorite e-mail clients?)

The biggest problem is the Outlook Calendar. I still have found no viable Linux client that can replace it.

Any recommendations?

Source: (StackOverflow)

Exchange server replacement that runs on Linux

I've worked as a sysadmin for some years and what I keep coming back to is that users like Microsoft Outlook and want to use its Exchange features. I have tried my fair share of commercial alternatives but usually there is either a fundamental feature missing or there are stability issues.

In short I am looking for a Microsoft Exchange Alternative with the following features:

  • Authentication through SQL or LDAP
  • Has a solid, comfortable web interface for the users when they are off-site
  • Supports replication and load balancing (if one fails, the second one should be already running)
  • Outlook client support (or a really good alternative client)
  • Resource booking (meeting rooms, projectors, company jet, etc)
  • Calendar (shared/private) and Email (if that wasn't obvious)
  • (Optional) A cross-platform client for us *nix users.
  • (Optional) Corporate support contracts available
  • (Optional) An open-source software is a plus

Please keep your answers as detailed as possible to determine that you've successfully deployed the software and it fulfills the needs. If I wanted a list of claimed alternatives , I would simply Google it.

I've personally tried Binary Server, Novell Groupwise, homegrown Postfix/Cyrus stuff and in the end the 'real thing' because those users just love Exchange.

Please help me find a good alternative.

Source: (StackOverflow)

Need to add a "Wait" command to a Powershell script

Here is my current code:

Write-output “ENTER THE FOLLOWING DETAILS - When Creating Multiple New Accounts Go to           EMC hit F5(refresh) and make sure previous new account is listed before proceeding to the       next one”
$DName = Read-Host “User Diplay Name(New User)"
$RUser = Read-Host "Replicate User(Database Grab)"
$RData = ((Get-Mailbox -Identity $RUser).Database).DistinguishedName
$REmailInput = Read-Host “Requester's Name(Notification Email goes to this Person)"
$REmail = ((Get-Mailbox -Identity "$REmailInput").PrimarySmtpAddress).ToString()

Enable-Mailbox -Identity "$DName" -Database "$RData" 
Set-CASMailbox -Identity "$DName" -ActiveSyncEnabled $false -ImapEnabled $false -    PopEnabled $false

Send-MailMessage -From "John Doe <>" -To $REmail -Subject       "$DName's email account" -Body "$DName's email account has been setup.`n`n`nJohn Doe`nXYZ`nSystems Administrator`nOffice: 123.456.7890`" -SmtpServer

This code works flawlessly about half the time, but the other half I get this error in return:

ENTER THE FOLLOWING DETAILS - When Creating Multiple New Accounts Go to EMC hit
F5(refresh) and make sure previous new account is listed before proceeding to
the next one
User Diplay Name(New User): Jane Doe
Replicate User(Database Grab): Julie Doe
Requester's Name(Notification Email goes to this Person): Joanna Doe

Name                      Alias                ServerName       ProhibitSendQuo
----                      -----                ----------       ---------------
Jane Doe                  JDDAFA           unlimited
Set-CASMailbox : Jane Doe is not a mailbox user.
At C:\emailclientbasic.ps1:11 char:15
+ Set-CASMailbox <<<<  -Identity "$DName" -ActiveSyncEnabled $false -ImapEnable
d $false -PopEnabled $false
+ CategoryInfo          : NotSpecified: (0:Int32) [Set-CASMailbox], Manage
+ FullyQualifiedErrorId : 292DF1AC,Microsoft.Exchange.Management.Recipient

So if anyone could help me throw in some kind of wait command after the mailbox is created and wait until the user's mailbox is created before the script disables ActiveSync, etc it would be really helpful. I believe that simply using the -wait switch does not work.

Source: (StackOverflow)

Outlook fails to connect to a load-balanced Exchange 2013 cluster through Direct Access 2012 R2

We have a load-balanced Exchange 2013 SP1 cluster, running MAPI over HTTP.

Client connectivity inside our own network works just fine, while clients connected over Direct Access does not connect. The Outlook logs on the client show absolutely no error at all.

The Direct Access server is running 2012 R2, the clients are all Windows 8.1. Everything is patched.

I've been searching like crazy the last couple of weeks, and the only interesting hits I get are about TMG 2010 (UAG) filtering out the requests due to the source IP changing (the exchange load balancer). There is a Knowledge Base Article (982604) that describes this, and a rather hefty blog post about the issue from premier support, but sadly the script does not work on our server since it's not TMG and it's Windows Server 2012 R2..

I'm at a loss here. I'll give this question a week, then I'll raise a premier support case with Microsoft.

Source: (StackOverflow)

Does Exchange support plussed users (e.g. or a similar mechanism?

Sendmail supports a feature called 'plussed users'. Once enabled, emails sent to

  • and

are automatically delivered just like mails to There is no need to register or set up these 'plus suffixes'. The user can just use them and set up client-side filtering rules on his own.

Does Exchange support a similar mechanism? If so, how to enable it?

Note that I don't want answers about other means of filtering, e.g. spam/junk filtering, server-side or client-side rules, email aliases/addresses that are configured explicitly and so on.

Source: (StackOverflow)

Good & free Exchange spam filter [closed]

Do you know a good (and free, if possible) Microsoft Exchange 2003 spam filter?

Source: (StackOverflow)

Schedule/queue large e-mails in Exchange 2010, defer until latency drops

My challenge

We have Exchange servers at various sites, but also aboard ships. The ships are connected to our network through satellite links when at sea, but switch to WiFi bridges when in port.

Due the high latency (500+ ms) and not-uncommon drop-outs (e.g. when the ships are turning), attempting to send any e-mails above a few megabytes while at sea, is likely to fail and be retried until the limit has been reached. The result: The email doesn't get delivered and each try consumes valuable bandwidth on the sat link.

One "solution" is to limit the maximum e-mail size to say 5 MB, but that's hardly user friendly and an unnecessary restriction while in port.

Rough idea

What I'd rather do, is to queue all e-mails larger than a set limit for later delivery when at sea, while sending all small e-mails immediately. I was then thinking I'd ping the hub transport server in our datacenter regularly, when latency drops under ~400 ms, I'd start processing the large e-mails queue. When latency goes up over 400 ms, I'd plug the hole and let e-mails queue up again.

Now, I haven't gotten my hands really dirty with Exchange since version 2003. Back then, you could schedule large e-mails for later delivery, so my idea was do something similar in Exchange 2010, then script a way to switch the delivery schedule for large e-mails between 'always' and 'never'.


It shouldn't be too complicated to create a script like that, but then I read that the feature I'd rely on was removed with Exchange 2007:

This was a feature present in Exchange 2003 but has been removed for Exchange 2007. It was set on an SMTP Connector with the 'use different delivery times for oversize messages'.

TechCenter: Is it possible to schedule email delivery based on size in Exchange?


Is it true? - Is this feature no longer present in Exchange 2010, or has it merely transformed into something similar, I can use to accomplish my goal? If so, what?

Is there another way to defer delivery of large e-mails on certain Exchange servers? It could be based on a schedule or maybe even requiring specific action - I'm fairly certain there will be some way to trigger the delivery through script, I just need large e-mails in a separate queue on ships.

Your thoughts on this will be highly appreciated! :-)

Edit #1: Refined Rough Idea

I stumpled upon two PowerShell CmdLets I think can bring me pretty close to my goal:

I toyed around with Get-Message for a while, to see what kind of messages the commands above would deal with.

Most importantly, these commands accept a message size filter. This command will list queued messages,on the current server, larger than 5 MB (5,242,880 bytes):

get-message -Filter {Size -gt 5242880}

It seems Get-Message only returns messages from various remote delivery queues. But does messages flowing within the server, however briefly, show up in a queue that Get/Suspend/Resume-Message will mess with?

If not, the solution could be as simple as a scheduled script every few minutes, along the lines of (in pseudo code):

if ping_rtt > 400 Then
    Suspend-Message -Filter {Size -gt 5242880}

Concerns/follow-up questions:

Mostly irrelvant now - see edit #2.

Will Get-Message only return messages from remote delivery queues - never messages for intra-server delivery? If not, does the identity name of remote delivery queues follow a certain pattern, that I can use for filtering?

Could/should this be done via a custom Transport Agent (as suggested by @longneck) or an Event Sink (if this concept still exists in Exchange 2010)?

Say I run the script every 5 minutes, that still means large messages being sent, can potentially cause problems for up to 5 minutes, before getting suspended. We'd still be better off than we are now, but it's not optimal. I could increase the frequency to every minute, but it wouldn't be the most elegant solution.

Even if I only check round-trip time every 5 minutes (to save sat traffic), what Exchange mechanism would I need to setup, in order to check against the last recorded RTT, each time a message is submitted that goes to a remote delivery queue, and then take approriate action?

Edit #2: Proposed Solutions

Allow me to summarise the proposed solutions, and their pros and cons as I see it:

Custom Transport Agent


  • Periodically monitor latency, classify as high or low (threshold: 400 ms?)
  • Through a custom Transport Agent, suspend/resume all e-mails larger than a set threshold, when latency classification changes
  • Through the custom TA, immediately put subsequently submitted large messages in "suspend" mode, if latency is high


  • Large e-mails are never attempted delivered when latency is high


  • No development skills to make this in-house (note to self: source code should belong to my company as part of the contract with the external developer)
  • 3rd party software that ties into Exchange can cause problems when patching or updating
  • Some sort of support agreement necessary, in case something goes wrong (see above)

Moderate Large Messages


  • Periodically monitor latency, classify as high or low (threshold: 400 ms?)
  • Based on latency classification, configure Exchange Transport Rules through scripting, to either let all messages flow or forward large messages to moderator
  • Approve messages in moderator queue when ship's in port, possibly by a human


  • Large e-mails are never attempted delivered when latency is high
  • Messages are suspended using native native Exchange Transport Rules


  • By the looks of it, messages can not be approved programmatically when latency is low, hence human intervention is required each time ship's in port
  • Possibly privacy issues, if moderation is not handled programmatically


  • Can messages be approved programmatically from moderator mailbox? How?

Scheduled PowerShell commands


  • Periodically monitor latency, classify as high or low (threshold: 400 ms?)
  • As long as latency is high, frequently (every minute?) suspend any large messages (Suspend-Message -Filter {Size -gt 5242880})
  • When latency drops to low, resume all messages (Resume-Message)


  • Very simple to implement


  • Not the most elegant solution
  • Delivery of each new large message can be attempted for as long as the interval between Suspend-Message commands, possibly still wasting some bandwidth and create congestions (though very briefly compared to not doing anything)


  • Any ideas on how to prevent attempts to deliver large messages, in-between Suspend-Message commands?
  • Will Get-Message only return messages from remote delivery queues - never messages for intra-server delivery? If not, does the identity name of remote delivery queues follow a certain pattern, that I can use for filtering?

Edit #3: The Way Forward

After bringing the proposed solutions up in my team (including the SMTP proxy, which I failed to include in edit #2), and based on my own gut feeling, we decided to go for a custom Exchange Transport Agent.

I'm in contact with a couple of consultancy companies, who will get back to me with how the will attack the problem and what it would cost.

If you have any experience with outsourcing programming tasks, feel free to leave feedback to my related question on Stack Overflow, because I don't.

Source: (StackOverflow)

Exchange 2007 Client for Linux

Has anyone had success with a working Exchange 2007 client for Linux? I'm not looking for an IMAP client or anything of the sort...there's plenty of them around, but a client that actually supports the exchange 2007 protocol. I've tried Open Change MAPI to no success, I'm unsure if this is because I'm doing it wrong or because of our external hosts strange multi-client setup.

Does anyone have any working experience with any?


Source: (StackOverflow)

How bad is it to run Exchange 2016 on a Windows 2012 R2 domain controller for a small organization with assuredly fewer than 25 users?

I know that it has been officially unsupported forever and yet I have seen or heard about many small business installations of a single host running AD DS and Exchange simultaneously. For a resource-strapped small business the savings are compelling.

So assuming that we know somehow that usage requirements will never grow beyond 25 users, say 10 simultaneously,

  1. How "bad" is it really these days to run both Exchange and AD DS on the same machine (sans virtualization of any kind)?
  2. What specifically is bad about it? (Name the top 1 or 2 reasons that come to mind besides "Microsoft says so")
  3. What can be done to mitigate the "bad"ness, if anything?

You can assume that the business in question either:

  1. has a single physical on-site server with a reasonable commercial ISP or
  2. has a pool of virtual resources that is already tapped out and they do not want to spend more.

The situation I have in mind is the second, with just one VM that could possibly be a candidate for adding Exchange because it is the only Windows VM and has enough excess memory to make it happen.

In any case, the reasoning may not be all that, well, reasonable, but let's say those are the constraints you have to work with.

Source: (StackOverflow)

Outlook security alert - The name on the security certificate is invalid or does not match the name of the site

SBS 2008 running Exchange 2007 and IIS6.0

CompanyA has two other companies that operate under the same roof. To accommodate email, we have 3 Exchange accounts per user to manage this. All users use their CompanyA account to log into the domain.

  • CORP\user
  • CORP\user-companyb <-- only used for email
  • CORP\user-companyc <-- only used for email

Email works fine internally and via OWA. The problem exist when setting up Outlook for remote users who need access to companyB and companyC emails, Outlook pops up the certificate error.

The SSL cert SAN has the following DNS names:

  • CORP-SBS.local

I was told by the users who access companyC email address remotely that this never used to happen before. This started with the CEO changed DNS providers on his own and in the process the original DNS settings were lost. He mentioned something about an SRV record being created which corrected this issue but that's about it.

Looking for guidance on how to properly address this.

Source: (StackOverflow)

Moving from Exchange 2003 to Exchange 2010

Consider a small-medium business' deployment of Exchange 2003. The question is around migrating to Exchange 2010. Here's a bit about the landscape:

  • Current state is 50-100 users/mailboxes with the majority using Outlook 2007
  • OWA enabled
  • desktop users are NOT running in Cached Exchange Mode
  • laptops users ARE running in Cached Exchange Mode
  • a single Exchange server with modest or reasonable specs for the day (3 GHz, multi-core, 4 GB, Windows 2003 32-bit)


  • What are your suggestions for the administration team regarding the upgrade path/steps from Exchange 2003 to 2010?

  • Considering the requirement of a 64-bit OS, consider a new separate machine as ready to go with Windows 2008. Have I missed any details?

  • Where might virtualization help in this project?

Any lessons learned in previous upgrades (2007 or 2010) would be appreciated!

Source: (StackOverflow)

outlook requiring password after exchange reboot

We recently moved from Exchange 2003 to 2010, and have noticed a quirk that is annoying us.

If our exchange server (single server) goes down, ie it gets rebooted, or client loses connectivity (or for example a reboot is done overnight and the users computer is on at the time) they will be prompted to login, and will have to use the full domain\username notation in their username field in order to login again. Either that or reboot outlook.

Its not a big deal, but lots of inexperienced users are confused by this, and some dont realise they need to do something and thus their outlook sits there without receiving emails until they finally notice.

This used to be seamless, what do I have to do to get that back again?

Source: (StackOverflow)

What are the implications of converting all my groups to universal groups?

In Exchange 2010 distribution groups must be universal. This is supported by documentation

You can create or mail-enable only universal distribution groups.

I am trying to create a role based security group structure so that if someone leaves or changes jobs you only have to change the groups membership of a users "role" (Where the role is just another security group). In its simplest form roles would have users for members and the role would itself be a member of other resource-centric security groups e.g. a read-write group for a share. There is more to the model than that but it should be enough for the purpose of this question.

The problem comes from when I want to add these role groups as distribution members. If I try and add a "Marketing Manager" role to the "" distribution list it will not forward mail to the role members unless the role security group is universal.

Universal groups cannot be members of global groups though. So, if I wanted to convert my role groups to universal so that I can mail enable them I would then also have to change the groups the role itself is a member of as well. This means that I would be converting near all my security groups in AD to universal to support my proposed structure.

We are a single domain forest with about 1000 users and I would expect once all the groups for this are made to have 1000+. Functional level of the domain is 2008R2

I honestly don't know of the impact this might have in our active directory environment. Is making all the group universal really the only way to do this if I wanted to add my roles to distribution groups? The answer appears to be yes if I want them to be used for mail. I do want this so that way help desk users don't have to worry about what groups users need. They just need to know their "role".

The linked question answers why I cannot just have simple security groups but I want to know if my proposed structure, meaning that I will be converting near all my groups to universal, has any negative implications or is maybe considered a bad practice.

Source: (StackOverflow)