PST Lockdown

PST files are very much of their time, but just like public folders and pre-windows 2000 logon names, they are still used in anger almost everywhere I go. They are usually scattered around the network and/or on users C:\ drives, causing mayhem and corruption wherever they go.

Admittedly, there were good reasons to use them back in the days of Exchange 2003, when disks were expensive and Mailbox Stores were limited to 70GB. These days it’s a much better idea to use a 3rd party archiving solution or integrate them back into the original mailbox. The problem here is that users love to hang on to what they know, even if they loathe it themselves. So how to stop those pesky users from messing around with PST files? Enter the magical wizardry of Group Policy, back to save the day as always.

The first thing you will need is to have the correct Administrative templates loaded for either Office 2010 or Office 2013. I’m going to pretend that nobody is running Office 2007 as it is now 8 years old and a bit old hat.

Go and edit your existing Office group policy or create a new one, and configure the following settings:

Microsoft Outlook 2010/2013 > Outlook Options > Other > AutoArchive > AutoArchive Settings – Disabled

Microsoft Outlook 2010/2013 > Outlook Options > Other > AutoArchive > Disable File|Archive – Enabled

Microsoft Outlook 2010/2013 > Miscellaneous > PST Settings > Prevent users from adding PSTs to Outlook profiles and/or prevent using Sharing-Exclusive PSTs – No PSTs can be added

Microsoft Outlook 2010/2013 > Miscellaneous > PST Settings > Prevent users from adding new content to existing PST files – Enabled

If you create the above configuration in Group Policy and apply it to your users, you will find that users a) will not be able to access the ‘Open Outlook Data File’ option in Outlook, b) Currently attached PST files will remain connected but data cannot be added to them and c) Users will not be able to use the Import/Export functions or AutoArchive functions with regards to PST files.

Once you’ve made these changes, you can move onto the process of hunting down and getting rid of those dreaded PST files without worrying about more file cropping up around you!

Good luck and god speed.

Advertisements

Working with date specific PST exports using PowerShell

With all the various email archiving tools in place across the world, invariably in the world of Exchange consulting we get involved in lots of mass exports/ingestions of data to and from various services. One task which is performed often is exporting mail from Exchange mailboxes from a specific date range.

In order to do this, you first need to have the required permissions to actually export data from Exchange 2010/2013. This is not part of your permission set as a member of the Organisation Management role group (which some admins assume is an account with god level rights). So to begin with, we will run some commands to create a new custom role group, and then add ourselves into said role group. If you try and run the export commands and receive the following error, then you need to follow the below process to setup a new role group.

The term ‘New-MailboxExportRequest’ is not recognized as the name of a cmdlet, function, script file, or operable program.

Open up your Exchange Management Shell (as Administrator of course!), and run the following commands:

New-RoleGroup "Mailbox Import-Export Management" -Roles "Mailbox Import Export"
Add-RoleGroupMember "Mailbox Import-Export Management" -Member DavidD

You will now have the required permissions to allow you to run the New-MailboxExportRequest commands. By the way, this powershell command only became available as of Exchange 2010 SP1 so if you are mad enough to be running Exchange 2010 RTM, this command will not be available.

In order to have access to your lovely new cmdlets, you will need to close and reopen the Exchange Management Shell (as Administrator!). Now you can run the command as shown below, just tweak the settings marked in bold to get your desired effect 🙂 As a side note, the -lt stands for less than, and the -gt is greater than. You can also use -le, which is less or equal to, or -ge, which is greater or equal to.

New-MailboxExportRequest -ContentFilter {(Received -lt '01/04/2014') -and (Received -gt '12/02/2012')} -Mailbox "DavidD" -Name DavidDExport -FilePath \\myserver\pst\DavidDExport.pst

At this stage, I’d like to point out a little gotcha to do with this command. As I am in the UK, the servers I work on are configured with UK regional settings, including date and time. This means that dates are displayed in a DD/MM/Year format rather than the American MM/DD/Year format. If your regional settings reflect the UK configuration, then the trick is to use UK date format but never use a number above 12. So if you were to use 15/03/2015 (15th March 2015) this would queue the request but would fail after a minute or two with the error:

“The value “15/03/2015 00:00:00 AM” could not be converted to type System.DateTime.”

However if you use 12/03/2015 (12th March 2015) this would work and would export the correct date ranges. If you used 03/12/2015 in the UK, Exchange would think you meant the 3rd December 2015. Obviously if you are in the US this is not a problem, but I struggled with this in the UK. If anybody has seem differently or knows a way around this, please comment and let me know! My advice at the moment though is to use UK date formats, but never use a number above 12 for the day.

Once your request has started, you can run the below command to see the status of your request.

Get-MailboxExportRequest

If your request shows a status of failed, use the below command to retrieve some useful information about the failure.

Get-MailboxExportRequestStatistics -Identity DavidD\DavidDExport

Hopefully this can get the ball rolling for you when attempting to export mail out of Exchange 2010/2013.

Thanks for reading!