Daily Archives: February 23, 2013


Exchange & Lync : Find and fix broken inheritance

Many times I’ve ran into the following error :

move mailbox

(Error : unsufficient access rights to perform the operation) while moving Lync users of moving mailboxes in Exchange.

This is due to the following :

security002

Include inheritable permissions MUST BE ENABLED. (Also for other tasks)

When this is one or a couple of users this is no problem. When you have >100 users then you don’t want to do this manually.

This is how to script this :

First check witch users are having this problem using the following command :

Get-QADUser -SizeLimit 0 | where {$_.DirectoryEntry.psbase.ObjectSecurity.AreAccessRulesProtected}

Example :

security001

You see the accounts which are having this problem. Nothing is fixed yet. Therefore you need to run the following command :

Get-QADUser -SizeLimit 0 | where {$_.DirectoryEntry.psbase.ObjectSecurity.AreAccessRulesProtected} | Set-QADObjectSecurity -UnlockInheritance


Exchange 2007/2010 : Moving mailboxes

Moving mailboxes from one database/server to another is fairly easy. I prefer to use the shell interface but you can also use the GUI.

The following commands are handy :

New-MoveRequest -Identity <mailbox> –TargetDatabase <targetdatabase>

(This commands moves one specified mailbox to another database)

You can also use to move mailboxes from one database to another with the following command :

Get-Mailbox -Resultsize Unlimited -Database <SpurceDatabase> | New-MoveRequest -TargetDatabase <targetdatabase>

Often I use the following command to move all mailboxes from one server to another server :

Get-Mailbox –Server <servername> | New-MoveRequest –TargetDatabase <targetdabase>

It’s also possible to use a where statement (example which OU) :

Get-Mailbox -Resultsize Unlimited | Where {$_.OrganizationalUnit -like “*sales*”} | New-MoveRequest -TargetDatabase <TargetDatabase>