Exchange Powershell

Contents
Reference
exchange
active-directory
Add-ADPermission
Dump-ProvisioningCache
Get-ADPermission
Get-ADServerSettings
Get-ADSite
Get-AdSiteLink
Get-DomainController
Get-OrganizationalUnit
Get-Trust
Get-UserPrincipalNamesSuffix
Remove-ADPermission
Reset-ProvisioningCache
Set-ADServerSettings
Set-ADSite
Set-AdSiteLink
advanced-threat-protection
Disable-AntiPhishRule
Disable-SafeAttachmentRule
Disable-SafeLinksRule
Enable-AntiPhishRule
Enable-SafeAttachmentRule
Enable-SafeLinksRule
Get-AdvancedThreatProtectionDocumentDetail
Get-AdvancedThreatProtectionDocumentReport
Get-AdvancedThreatProtectionTrafficReport
Get-AntiPhishPolicy
Get-AntiPhishRule
Get-AtpPolicyForO365
Get-MailDetailATPReport
Get-MailTrafficATPReport
Get-PhishFilterPolicy
Get-SafeAttachmentPolicy
Get-SafeAttachmentRule
Get-SafeLinksPolicy
Get-SafeLinksRule
Get-SpoofMailReport
Get-UrlTrace
New-AntiPhishPolicy
New-AntiPhishRule
New-SafeAttachmentPolicy
New-SafeAttachmentRule
New-SafeLinksPolicy
New-SafeLinksRule
Remove-AntiPhishPolicy
Remove-AntiPhishRule
Remove-SafeAttachmentPolicy
Remove-SafeAttachmentRule
Remove-SafeLinksPolicy
Remove-SafeLinksRule
Set-AntiPhishPolicy
Set-AntiPhishRule
Set-AtpPolicyForO365
Set-PhishFilterPolicy
Set-SafeAttachmentPolicy
Set-SafeAttachmentRule
Set-SafeLinksPolicy
Set-SafeLinksRule
antispam-antimalware
Add-AttachmentFilterEntry
Add-ContentFilterPhrase
Add-IPAllowListEntry
Add-IPAllowListProvider
Add-IPBlockListEntry
Add-IPBlockListProvider
Delete-QuarantineMessage
Disable-HostedContentFilterRule
Disable-MalwareFilterRule
Enable-AntispamUpdates
Enable-HostedContentFilterRule
Enable-MalwareFilterRule
Export-QuarantineMessage
Get-AgentLog
Get-AttachmentFilterEntry
Get-AttachmentFilterListConfig
Get-ContentFilterConfig
Get-ContentFilterPhrase
Get-DkimSigningConfig
Get-HostedConnectionFilterPolicy
Get-HostedContentFilterPolicy
Get-HostedContentFilterRule
Get-HostedOutboundSpamFilterPolicy
Get-IPAllowListConfig
Get-IPAllowListEntry
Get-IPAllowListProvider
Get-IPAllowListProvidersConfig
Get-IPBlockListConfig
Get-IPBlockListEntry
Get-IPBlockListProvider
Get-IPBlockListProvidersConfig
Get-MailboxJunkEmailConfiguration
Get-MalwareFilteringServer
Get-MalwareFilterPolicy
Get-MalwareFilterRule
Get-QuarantineMessage
Get-QuarantineMessageHeader
Get-RecipientFilterConfig
Get-SenderFilterConfig
Get-SenderIdConfig
Get-SenderReputationConfig
New-DkimSigningConfig
New-HostedContentFilterPolicy
New-HostedContentFilterRule
New-MalwareFilterPolicy
New-MalwareFilterRule
Preview-QuarantineMessage
Release-QuarantineMessage
Remove-AttachmentFilterEntry
Remove-ContentFilterPhrase
Remove-HostedContentFilterPolicy
Remove-HostedContentFilterRule
Remove-IPAllowListEntry
Remove-IPAllowListProvider
Remove-IPBlockListEntry
Remove-IPBlockListProvider
Remove-MalwareFilterPolicy
Remove-MalwareFilterRule
Rotate-DkimSigningConfig
Set-AttachmentFilterListConfig
Set-ContentFilterConfig
Set-DkimSigningConfig
Set-HostedConnectionFilterPolicy
Set-HostedContentFilterPolicy
Set-HostedContentFilterRule
Set-HostedOutboundSpamFilterPolicy
Set-IPAllowListConfig
Set-IPAllowListProvider
Set-IPAllowListProvidersConfig
Set-IPBlockListConfig
Set-IPBlockListProvider
Set-IPBlockListProvidersConfig
Set-MailboxJunkEmailConfiguration
Set-MalwareFilteringServer
Set-MalwareFilterPolicy
Set-MalwareFilterRule
Set-RecipientFilterConfig
Set-SenderFilterConfig
Set-SenderIdConfig
Set-SenderReputationConfig
Test-IPAllowListProvider
Test-IPBlockListProvider
Test-SenderId
Update-SafeList
client-access
Clear-TextMessagingAccount
Compare-TextMessagingVerificationCode
Disable-PushNotificationProxy
Enable-PushNotificationProxy
Export-AutoDiscoverConfig
Get-CASMailbox
Get-CASMailboxPlan
Get-ClientAccessRule
Get-ImapSettings
Get-MailboxCalendarConfiguration
Get-MailboxMessageConfiguration
Get-MailboxRegionalConfiguration
Get-MailboxSpellingConfiguration
Get-OutlookProvider
Get-OwaMailboxPolicy
Get-PopSettings
Get-TextMessagingAccount
New-ClientAccessRule
New-OutlookProvider
New-OwaMailboxPolicy
Remove-ClientAccessRule
Remove-OutlookProvider
Remove-OwaMailboxPolicy
Send-TextMessagingVerificationCode
Set-CASMailbox
set-CASMailboxPlan
Set-ClientAccessRule
Set-ImapSettings
Set-MailboxCalendarConfiguration
Set-MailboxMessageConfiguration
Set-MailboxRegionalConfiguration
Set-MailboxSpellingConfiguration
Set-OutlookProvider
Set-OwaMailboxPolicy
Set-PopSettings
Set-TextMessagingAccount
Test-CalendarConnectivity
Test-ClientAccessRule
Test-EcpConnectivity
Test-ImapConnectivity
Test-OutlookConnectivity
Test-OutlookWebServices
Test-OwaConnectivity
Test-PopConnectivity
Test-PowerShellConnectivity
Test-WebServicesConnectivity
client-access-servers
Disable-OutlookAnywhere
Enable-OutlookAnywhere
Get-ActiveSyncVirtualDirectory
Get-AuthRedirect
Get-AutodiscoverVirtualDirectory
Get-ClientAccessArray
Get-ClientAccessServer
Get-ClientAccessService
Get-EcpVirtualDirectory
Get-MapiVirtualDirectory
Get-OutlookAnywhere
Get-OwaVirtualDirectory
Get-PowerShellVirtualDirectory
Get-RpcClientAccess
Get-WebServicesVirtualDirectory
New-ActiveSyncVirtualDirectory
New-AuthRedirect
New-AutodiscoverVirtualDirectory
New-ClientAccessArray
New-EcpVirtualDirectory
New-MapiVirtualDirectory
New-OwaVirtualDirectory
New-PowerShellVirtualDirectory
New-RpcClientAccess
New-WebServicesVirtualDirectory
Remove-ActiveSyncVirtualDirectory
Remove-AuthRedirect
Remove-AutodiscoverVirtualDirectory
Remove-ClientAccessArray
Remove-EcpVirtualDirectory
Remove-MapiVirtualDirectory
Remove-OwaVirtualDirectory
Remove-PowerShellVirtualDirectory
Remove-RpcClientAccess
Remove-WebServicesVirtualDirectory
Set-ActiveSyncVirtualDirectory
Set-AuthRedirect
Set-AutodiscoverVirtualDirectory
Set-ClientAccessArray
Set-ClientAccessServer
Set-ClientAccessService
Set-EcpVirtualDirectory
Set-MapiVirtualDirectory
Set-OutlookAnywhere
Set-OwaVirtualDirectory
Set-PowerShellVirtualDirectory
Set-RpcClientAccess
Set-WebServicesVirtualDirectory
connected-accounts
Get-ConnectSubscription
Get-HotmailSubscription
Get-ImapSubscription
Get-PopSubscription
Get-SendAddress
Get-Subscription
New-ConnectSubscription
New-HotmailSubscription
New-ImapSubscription
New-PopSubscription
New-Subscription
Remove-ConnectSubscription
Remove-Subscription
Set-ConnectSubscription
Set-HotmailSubscription
Set-ImapSubscription
Set-PopSubscription
database-availability-groups
Add-DatabaseAvailabilityGroupServer
Add-MailboxDatabaseCopy
Get-DatabaseAvailabilityGroup
Get-DatabaseAvailabilityGroupNetwork
Get-MailboxDatabaseCopyStatus
Move-ActiveMailboxDatabase
New-DatabaseAvailabilityGroup
New-DatabaseAvailabilityGroupNetwork
Remove-DatabaseAvailabilityGroup
Remove-DatabaseAvailabilityGroupNetwork
Remove-DatabaseAvailabilityGroupServer
Remove-MailboxDatabaseCopy
Restore-DatabaseAvailabilityGroup
Resume-MailboxDatabaseCopy
Set-DatabaseAvailabilityGroup
Set-DatabaseAvailabilityGroupNetwork
Set-MailboxDatabaseCopy
Start-DatabaseAvailabilityGroup
Stop-DatabaseAvailabilityGroup
Suspend-MailboxDatabaseCopy
Test-ReplicationHealth
Update-MailboxDatabaseCopy
devices
Clear-ActiveSyncDevice
Clear-MobileDevice
Export-ActiveSyncLog
Get-ActiveSyncDevice
Get-ActiveSyncDeviceAccessRule
Get-ActiveSyncDeviceAutoblockThreshold
Get-ActiveSyncDeviceClass
Get-ActiveSyncDeviceStatistics
Get-ActiveSyncMailboxPolicy
Get-ActiveSyncOrganizationSettings
Get-DeviceConditionalAccessPolicy
Get-DeviceConditionalAccessRule
Get-DeviceConfigurationPolicy
Get-DeviceConfigurationRule
Get-DevicePolicy
Get-DeviceTenantPolicy
Get-DeviceTenantRule
Get-MobileDevice
Get-MobileDeviceMailboxPolicy
Get-MobileDeviceStatistics
New-ActiveSyncDeviceAccessRule
New-ActiveSyncMailboxPolicy
New-DeviceConditionalAccessPolicy
New-DeviceConditionalAccessRule
New-DeviceConfigurationPolicy
New-DeviceConfigurationRule
New-DeviceTenantPolicy
New-DeviceTenantRule
New-MobileDeviceMailboxPolicy
Remove-ActiveSyncDevice
Remove-ActiveSyncDeviceAccessRule
Remove-ActiveSyncDeviceClass
Remove-ActiveSyncMailboxPolicy
Remove-DeviceConditionalAccessPolicy
Remove-DeviceConditionalAccessRule
Remove-DeviceConfigurationPolicy
Remove-DeviceConfigurationRule
Remove-DeviceTenantPolicy
Remove-DeviceTenantRule
Remove-MobileDevice
Remove-MobileDeviceMailboxPolicy
Set-ActiveSyncDeviceAccessRule
Set-ActiveSyncDeviceAutoblockThreshold
Set-ActiveSyncMailboxPolicy
Set-ActiveSyncOrganizationSettings
Set-DeviceConditionalAccessPolicy
Set-DeviceConditionalAccessRule
Set-DeviceConfigurationPolicy
Set-DeviceConfigurationRule
Set-DeviceTenantPolicy
Set-DeviceTenantRule
Set-MobileDeviceMailboxPolicy
Test-ActiveSyncConnectivity
email-addresses-and-address-books
Disable-AddressListPaging
Enable-AddressListPaging
Get-AddressBookPolicy
Get-AddressList
Get-DetailsTemplate
Get-EmailAddressPolicy
Get-GlobalAddressList
Get-OabVirtualDirectory
Get-OfflineAddressBook
Move-AddressList
Move-OfflineAddressBook
New-AddressBookPolicy
New-AddressList
New-EmailAddressPolicy
New-GlobalAddressList
New-OabVirtualDirectory
New-OfflineAddressBook
Remove-AddressBookPolicy
Remove-AddressList
Remove-EmailAddressPolicy
Remove-GlobalAddressList
Remove-OabVirtualDirectory
Remove-OfflineAddressBook
Restore-DetailsTemplate
Set-AddressBookPolicy
Set-AddressList
Set-DetailsTemplate
Set-EmailAddressPolicy
Set-GlobalAddressList
Set-OabVirtualDirectory
Set-OfflineAddressBook
Update-AddressList
Update-EmailAddressPolicy
Update-GlobalAddressList
Update-OfflineAddressBook
encryption-and-certificates
Enable-ExchangeCertificate
Export-ExchangeCertificate
Get-DataEncryptionPolicy
Get-ExchangeCertificate
Get-IRMConfiguration
Get-OMEConfiguration
Get-OMEMessageStatus
Get-RMSTemplate
Get-RMSTrustedPublishingDomain
Get-SmimeConfig
Import-ExchangeCertificate
Import-RMSTrustedPublishingDomain
New-DataEncryptionPolicy
New-ExchangeCertificate
New-OMEConfiguration
Remove-ExchangeCertificate
Remove-OMEConfiguration
Remove-RMSTrustedPublishingDomain
Set-DataEncryptionPolicy
Set-IRMConfiguration
Set-OMEConfiguration
Set-OMEMessageRevocation
Set-RMSTemplate
Set-RMSTrustedPublishingDomain
Set-SmimeConfig
Test-IRMConfiguration
federation-and-hybrid
Add-FederatedDomain
Disable-RemoteMailbox
Enable-RemoteMailbox
Get-FederatedDomainProof
Get-FederatedOrganizationIdentifier
Get-FederationInformation
Get-FederationTrust
Get-HybridConfiguration
Get-HybridMailflow
Get-HybridMailflowDatacenterIPs
Get-IntraOrganizationConfiguration
Get-IntraOrganizationConnector
Get-OnPremisesOrganization
Get-PendingFederatedDomain
Get-RemoteMailbox
New-FederationTrust
New-HybridConfiguration
New-IntraOrganizationConnector
New-OnPremisesOrganization
New-RemoteMailbox
Remove-FederatedDomain
Remove-FederationTrust
Remove-HybridConfiguration
Remove-IntraOrganizationConnector
Remove-OnPremisesOrganization
Remove-RemoteMailbox
Set-FederatedOrganizationIdentifier
Set-FederationTrust
Set-HybridConfiguration
Set-HybridMailflow
Set-IntraOrganizationConnector
Set-OnPremisesOrganization
Set-PendingFederatedDomain
Set-RemoteMailbox
Test-FederationTrust
Test-FederationTrustCertificate
Update-HybridConfiguration
Update-Recipient
mailbox-databases-and-servers
Clean-MailboxDatabase
Disable-MailboxQuarantine
Disable-MetaCacheDatabase
Dismount-Database
Enable-MailboxQuarantine
Enable-MetaCacheDatabase
Get-FailedContentIndexDocuments
Get-MailboxDatabase
Get-MailboxRepairRequest
Get-MailboxServer
Get-SearchDocumentFormat
Get-StoreUsageStatistics
Mount-Database
Move-DatabasePath
New-MailboxDatabase
New-MailboxRepairRequest
New-SearchDocumentFormat
Remove-MailboxDatabase
Remove-MailboxRepairRequest
Remove-SearchDocumentFormat
Remove-StoreMailbox
Set-MailboxDatabase
Set-MailboxServer
Set-SearchDocumentFormat
Test-AssistantHealth
Test-ExchangeSearch
Test-MRSHealth
Update-DatabaseSchema
Update-FileDistributionService
Update-StoreMailboxState
mailboxes
Add-MailboxFolderPermission
Add-MailboxPermission
Add-RecipientPermission
Connect-Mailbox
Disable-App
Disable-InboxRule
Disable-Mailbox
Disable-ServiceEmailChannel
Disable-SweepRule
Enable-App
Enable-InboxRule
Enable-Mailbox
Enable-ServiceEmailChannel
Enable-SweepRule
Export-MailboxDiagnosticLogs
Export-RecipientDataProperty
Get-App
Get-CalendarDiagnosticAnalysis
Get-CalendarDiagnosticLog
Get-CalendarDiagnosticObjects
Get-CalendarNotification
Get-CalendarProcessing
Get-Clutter
Get-FocusedInbox
Get-InboxRule
Get-Mailbox
Get-MailboxAutoReplyConfiguration
Get-MailboxCalendarFolder
Get-MailboxExportRequest
Get-MailboxExportRequestStatistics
Get-MailboxFolder
Get-MailboxFolderPermission
Get-MailboxFolderStatistics
Get-MailboxImportRequest
Get-MailboxImportRequestStatistics
Get-MailboxLocation
Get-MailboxPermission
Get-MailboxPlan
Get-MailboxRestoreRequest
Get-MailboxRestoreRequestStatistics
Get-MailboxSentItemsConfiguration
Get-MailboxStatistics
Get-MailboxUserConfiguration
Get-MessageCategory
Get-RecipientPermission
Get-RecoverableItems
Get-ResourceConfig
Get-SweepRule
Get-UserPhoto
Import-ContactList
Import-RecipientDataProperty
New-App
New-InboxRule
New-Mailbox
New-MailboxExportRequest
New-MailboxFolder
New-MailboxImportRequest
New-MailboxRestoreRequest
New-MailMessage
New-SiteMailbox
New-SweepRule
Remove-App
Remove-CalendarEvents
Remove-InboxRule
Remove-Mailbox
Remove-MailboxExportRequest
Remove-MailboxFolderPermission
Remove-MailboxImportRequest
Remove-MailboxPermission
Remove-MailboxRestoreRequest
Remove-MailboxUserConfiguration
Remove-RecipientPermission
Remove-SweepRule
Remove-UserPhoto
Restore-Mailbox
Restore-RecoverableItems
Resume-MailboxExportRequest
Resume-MailboxImportRequest
Resume-MailboxRestoreRequest
Search-Mailbox
Set-App
Set-CalendarNotification
Set-CalendarProcessing
Set-Clutter
Set-FocusedInbox
Set-InboxRule
Set-Mailbox
Set-MailboxAutoReplyConfiguration
Set-MailboxCalendarFolder
Set-MailboxExportRequest
Set-MailboxFolderPermission
Set-MailboxImportRequest
Set-MailboxPlan
Set-MailboxRestoreRequest
Set-MailboxSentItemsConfiguration
Set-ResourceConfig
Set-SweepRule
Set-UserPhoto
Suspend-MailboxExportRequest
Suspend-MailboxImportRequest
Suspend-MailboxRestoreRequest
Test-MAPIConnectivity
Undo-SoftDeletedMailbox
mail-flow
Add-ResubmitRequest
Disable-TransportAgent
Enable-TransportAgent
Export-Message
Get-AcceptedDomain
Get-AddressRewriteEntry
Get-DeliveryAgentConnector
Get-EdgeSubscription
Get-EdgeSyncServiceConfig
Get-ForeignConnector
Get-FrontendTransportService
Get-InboundConnector
Get-MailboxTransportService
Get-Message
Get-MessageTrace
Get-MessageTraceDetail
Get-MessageTrackingLog
Get-MessageTrackingReport
Get-NetworkConnectionInfo
Get-OutboundConnector
Get-Queue
Get-QueueDigest
Get-ReceiveConnector
Get-RemoteDomain
Get-ResubmitRequest
Get-RoutingGroupConnector
Get-SendConnector
Get-SystemMessage
Get-TransportAgent
Get-TransportConfig
Get-TransportPipeline
Get-TransportServer
Get-TransportService
Get-X400AuthoritativeDomain
Install-TransportAgent
New-AcceptedDomain
New-AddressRewriteEntry
New-DeliveryAgentConnector
New-EdgeSubscription
New-EdgeSyncServiceConfig
New-ForeignConnector
New-InboundConnector
New-OutboundConnector
New-ReceiveConnector
New-RemoteDomain
New-RoutingGroupConnector
New-SendConnector
New-SystemMessage
New-X400AuthoritativeDomain
Redirect-Message
Remove-AcceptedDomain
Remove-AddressRewriteEntry
Remove-DeliveryAgentConnector
Remove-EdgeSubscription
Remove-ForeignConnector
Remove-InboundConnector
Remove-Message
Remove-OutboundConnector
Remove-ReceiveConnector
Remove-RemoteDomain
Remove-ResubmitRequest
Remove-RoutingGroupConnector
Remove-SendConnector
Remove-SystemMessage
Remove-X400AuthoritativeDomain
Resume-Message
Resume-Queue
Retry-Queue
Search-MessageTrackingReport
Set-AcceptedDomain
Set-AddressRewriteEntry
Set-DeliveryAgentConnector
Set-EdgeSyncServiceConfig
Set-ForeignConnector
Set-FrontendTransportService
Set-InboundConnector
Set-MailboxTransportService
Set-OutboundConnector
Set-ReceiveConnector
Set-RemoteDomain
Set-ResubmitRequest
Set-RoutingGroupConnector
Set-SendConnector
Set-SystemMessage
Set-TransportAgent
Set-TransportConfig
Set-TransportServer
Set-TransportService
Set-X400AuthoritativeDomain
Start-EdgeSynchronization
Start-HistoricalSearch
Stop-HistoricalSearch
Suspend-Message
Suspend-Queue
Test-EdgeSynchronization
Test-Mailflow
Test-SmtpConnectivity
Uninstall-TransportAgent
Validate-OutboundConnector
move-and-migration
Complete-MigrationBatch
Export-MigrationReport
Get-MigrationBatch
Get-MigrationConfig
Get-MigrationEndpoint
Get-MigrationStatistics
Get-MigrationUser
Get-MigrationUserStatistics
Get-MoveRequest
Get-MoveRequestStatistics
Get-PublicFolderMailboxMigrationRequest
Get-PublicFolderMailboxMigrationRequestStatistics
Get-PublicFolderMigrationRequest
Get-PublicFolderMigrationRequestStatistics
Get-PublicFolderMoveRequest
Get-PublicFolderMoveRequestStatistics
New-MigrationBatch
New-MigrationEndpoint
New-MoveRequest
New-PublicFolderMigrationRequest
New-PublicFolderMoveRequest
Remove-MigrationBatch
Remove-MigrationEndpoint
Remove-MigrationUser
Remove-MoveRequest
Remove-PublicFolderMailboxMigrationRequest
Remove-PublicFolderMigrationRequest
Remove-PublicFolderMoveRequest
Resume-MoveRequest
Resume-PublicFolderMigrationRequest
Resume-PublicFolderMoveRequest
Set-MigrationBatch
Set-MigrationConfig
Set-MigrationEndpoint
Set-MigrationUser
Set-MoveRequest
Set-PublicFolderMigrationRequest
Set-PublicFolderMoveRequest
Start-MigrationBatch
Start-MigrationUser
Stop-MigrationBatch
Stop-MigrationUser
Suspend-MoveRequest
Suspend-PublicFolderMailboxMigrationRequest
Suspend-PublicFolderMigrationRequest
Suspend-PublicFolderMoveRequest
Test-MigrationServerAvailability
organization
Disable-CmdletExtensionAgent
Enable-CmdletExtensionAgent
Enable-OrganizationCustomization
Get-AccessToCustomerDataRequest
Get-ApplicationAccessPolicy
Get-AuthConfig
Get-AuthenticationPolicy
Get-AuthServer
Get-CmdletExtensionAgent
Get-ExchangeAssistanceConfig
Get-ExchangeDiagnosticInfo
Get-ExchangeServer
Get-ExchangeServerAccessLicense
Get-ExchangeServerAccessLicenseUser
Get-ExchangeSettings
Get-Notification
Get-OrganizationConfig
Get-PartnerApplication
Get-PerimeterConfig
Get-SettingOverride
New-ApplicationAccessPolicy
New-AuthenticationPolicy
New-AuthServer
New-ExchangeSettings
New-PartnerApplication
New-SettingOverride
Remove-ApplicationAccessPolicy
Remove-AuthenticationPolicy
Remove-AuthServer
Remove-PartnerApplication
Remove-SettingOverride
Set-AccessToCustomerDataRequest
Set-ApplicationAccessPolicy
Set-AuthConfig
Set-AuthenticationPolicy
Set-AuthServer
Set-CmdletExtensionAgent
Set-ExchangeAssistanceConfig
Set-ExchangeServer
Set-ExchangeSettings
Set-Notification
Set-OrganizationConfig
Set-PartnerApplication
Set-PerimeterConfig
Set-SettingOverride
Test-ApplicationAccessPolicy
Test-OAuthConnectivity
Test-SystemHealth
Update-ExchangeHelp
policy-and-compliance
Disable-JournalArchiving
Disable-JournalRule
Disable-OutlookProtectionRule
Disable-TransportRule
Enable-JournalRule
Enable-OutlookProtectionRule
Enable-TransportRule
Export-JournalRuleCollection
Export-TransportRuleCollection
Get-ActivityAlert
Get-AdministrativeUnit
Get-JournalRule
Get-Label
Get-LabelPolicy
Get-MessageClassification
Get-OutlookProtectionRule
Get-ProtectionAlert
Get-SupervisoryReviewPolicyV2
Get-SupervisoryReviewRule
Get-TransportRule
Get-TransportRuleAction
Get-TransportRulePredicate
Import-JournalRuleCollection
Import-TransportRuleCollection
Install-UnifiedCompliancePrerequisite
New-ActivityAlert
New-JournalRule
New-Label
New-LabelPolicy
New-MessageClassification
New-OutlookProtectionRule
New-ProtectionAlert
New-SupervisoryReviewPolicyV2
New-SupervisoryReviewRule
New-TransportRule
Remove-ActivityAlert
Remove-JournalRule
Remove-Label
Remove-LabelPolicy
Remove-MessageClassification
Remove-OutlookProtectionRule
Remove-ProtectionAlert
Remove-SupervisoryReviewPolicyV2
Remove-TransportRule
Set-ActivityAlert
Set-JournalRule
Set-Label
Set-LabelPolicy
Set-MessageClassification
Set-OutlookProtectionRule
Set-ProtectionAlert
Set-SupervisoryReviewPolicyV2
Set-SupervisoryReviewRule
Set-TransportRule
Test-ArchiveConnectivity
policy-and-compliance-audit
Get-AdminAuditLogConfig
Get-AuditConfig
Get-AuditConfigurationPolicy
Get-AuditConfigurationRule
Get-AuditLogSearch
Get-MailboxAuditBypassAssociation
New-AdminAuditLogSearch
New-AuditConfigurationPolicy
New-AuditConfigurationRule
New-MailboxAuditLogSearch
Remove-AuditConfigurationPolicy
Remove-AuditConfigurationRule
Search-AdminAuditLog
Search-MailboxAuditLog
Search-UnifiedAuditLog
Set-AdminAuditLogConfig
Set-AuditConfig
Set-AuditConfigurationRule
Set-MailboxAuditBypassAssociation
Write-AdminAuditLog
policy-and-compliance-content-search
Get-ComplianceSearch
Get-ComplianceSearchAction
Get-ComplianceSecurityFilter
Get-MailboxSearch
Invoke-ComplianceSearchActionStep
New-ComplianceSearch
New-ComplianceSearchAction
New-ComplianceSecurityFilter
New-MailboxSearch
Remove-ComplianceSearch
Remove-ComplianceSearchAction
Remove-ComplianceSecurityFilter
Remove-MailboxSearch
Set-ComplianceSearch
Set-ComplianceSearchAction
Set-ComplianceSecurityFilter
Set-MailboxSearch
Start-ComplianceSearch
Start-MailboxSearch
Stop-ComplianceSearch
Stop-MailboxSearch
policy-and-compliance-dlp
Export-DlpPolicyCollection
Get-ClassificationRuleCollection
Get-DataClassification
Get-DataClassificationConfig
Get-DlpCompliancePolicy
Get-DlpComplianceRule
Get-DlpComplianceRuleV2
Get-DlpDetailReport
Get-DlpDetectionsReport
Get-DlpEdmSchema
Get-DlpKeywordDictionary
Get-DlpPolicy
Get-DlpPolicyTemplate
Get-DlpSensitiveInformationType
Get-DlpSensitiveInformationTypeRulePackage
Get-DlpSiDetectionsReport
Get-PolicyTipConfig
Import-DlpPolicyCollection
Import-DlpPolicyTemplate
New-ClassificationRuleCollection
New-DataClassification
New-DlpCompliancePolicy
New-DlpComplianceRule
New-DlpComplianceRuleV2
New-DlpEdmSschema
New-DlpFingerprint
New-DlpKeywordDictionary
New-DlpPolicy
New-DlpSensitiveInformationType
New-DlpSensitiveInformationTypeRulePackage
New-Fingerprint
New-PolicyTipConfig
Remove-ClassificationRuleCollection
Remove-DataClassification
Remove-DlpCompliancePolicy
Remove-DlpComplianceRule
Remove-DlpComplianceRuleV2
Remove-DlpEdmSchema
Remove-DlpKeywordDictionary
Remove-DlpPolicy
Remove-DlpPolicyTemplate
Remove-DlpSensitiveInformationType
Remove-DlpSensitiveInformationTypeRulePackage
Remove-PolicyTipConfig
Set-ClassificationRuleCollection
Set-DataClassification
Set-DlpCompliancePolicy
Set-DlpComplianceRule
Set-DlpComplianceRuleV2
Set-DlpEdmSchema
Set-DlpKeywordDictionary
Set-DlpPolicy
Set-DlpSensitiveInformationType
Set-DlpSensitiveInformationTypeRulePackage
Set-PolicyTipConfig
policy-and-compliance-ediscovery
Add-ComplianceCaseMember
Add-eDiscoveryCaseAdmin
Get-CaseHoldPolicy
Get-CaseHoldRule
Get-ComplianceCase
Get-ComplianceCaseMember
Get-eDiscoveryCaseAdmin
New-CaseHoldPolicy
New-CaseHoldRule
New-ComplianceCase
Remove-CaseHoldPolicy
Remove-CaseHoldRule
Remove-ComplianceCase
Remove-ComplianceCaseMember
Remove-eDiscoveryCaseAdmin
Set-CaseHoldPolicy
Set-CaseHoldRule
Set-ComplianceCase
Update-ComplianceCaseMember
Update-eDiscoveryCaseAdmin
policy-and-compliance-retention
Enable-ComplianceTagStorage
Get-ComplianceRetentionEvent
Get-ComplianceRetentionEventType
Get-ComplianceTag
Get-ComplianceTagStorage
Get-DataRetentionReport
Get-HoldCompliancePolicy
Get-HoldComplianceRule
Get-ManagedContentSettings
Get-ManagedFolder
Get-ManagedFolderMailboxPolicy
Get-RetentionCompliancePolicy
Get-RetentionComplianceRule
Get-RetentionEvent
Get-RetentionPolicy
Get-RetentionPolicyTag
Get-TeamsRetentionCompliancePolicy
Get-TeamsRetentionComplianceRule
New-ComplianceRetentionEvent
New-ComplianceRetentionEventType
New-ComplianceTag
New-HoldCompliancePolicy
New-HoldComplianceRule
New-ManagedContentSettings
New-ManagedFolder
New-ManagedFolderMailboxPolicy
New-RetentionCompliancePolicy
New-RetentionComplianceRule
New-RetentionPolicy
New-RetentionPolicyTag
New-TeamsRetentionCompliancePolicy
New-TeamsRetentionComplianceRule
Remove-ComplianceRetentionEventType
Remove-ComplianceTag
Remove-HoldCompliancePolicy
Remove-HoldComplianceRule
Remove-ManagedContentSettings
Remove-ManagedFolder
Remove-ManagedFolderMailboxPolicy
Remove-RetentionCompliancePolicy
Remove-RetentionComplianceRule
Remove-RetentionPolicy
Remove-RetentionPolicyTag
Remove-TeamsRetentionCompliancePolicy
Remove-TeamsRetentionComplianceRule
Set-ComplianceRetentionEventType
Set-ComplianceTag
Set-HoldCompliancePolicy
Set-HoldComplianceRule
Set-ManagedContentSettings
Set-ManagedFolder
Set-ManagedFolderMailboxPolicy
Set-RetentionCompliancePolicy
Set-RetentionComplianceRule
Set-RetentionPolicy
Set-RetentionPolicyTag
Set-TeamsRetentionCompliancePolicy
Set-TeamsRetentionComplianceRule
Start-ManagedFolderAssistant
Start-RetentionAutoTagLearning
Stop-ManagedFolderAssistant
Validate-RetentionRuleQuery
reporting
Get-ConnectionByClientTypeDetailReport
Get-ConnectionByClientTypeReport
Get-CsActiveUserReport
Get-CsAVConferenceTimeReport
Get-CsClientDeviceDetailReport
Get-CsClientDeviceReport
Get-CsConferenceReport
Get-CsP2PAVTimeReport
Get-CsP2PSessionReport
Get-CsPSTNConferenceTimeReport
Get-CsPSTNUsageDetailReport
Get-CsUserActivitiesReport
Get-CsUsersBlockedReport
Get-GroupActivityReport
Get-HistoricalSearch
Get-LicenseVsUsageSummaryReport
Get-LogonStatistics
Get-MailboxActivityReport
Get-MailboxUsageDetailReport
Get-MailboxUsageReport
Get-MailDetailDlpPolicyReport
Get-MailDetailMalwareReport
Get-MailDetailSpamReport
Get-MailDetailTransportRuleReport
Get-MailFilterListReport
Get-MailTrafficPolicyReport
Get-MailTrafficReport
Get-MailTrafficSummaryReport
Get-MailTrafficTopReport
Get-MxRecordReport
Get-O365ClientBrowserDetailReport
Get-O365ClientBrowserReport
Get-O365ClientOSDetailReport
Get-O365ClientOSReport
Get-OutboundConnectorReport
Get-RecipientStatisticsReport
Get-ReportExecutionInstance
Get-SCInsights
Get-ServiceDeliveryReport
Get-SPOActiveUserReport
Get-SPOSkyDriveProDeployedReport
Get-SPOSkyDriveProStorageReport
Get-SPOTeamSiteDeployedReport
Get-SPOTeamSiteStorageReport
Get-SPOTenantStorageMetricReport
Get-StaleMailboxDetailReport
Get-StaleMailboxReport
Get-SupervisoryReviewActivity
Get-SupervisoryReviewOverallProgressReport
Get-SupervisoryReviewPolicyReport
Get-SupervisoryReviewReport
Get-SupervisoryReviewTopCasesReport
Get-TenantAnalyticsConfig
Get-UserAnalyticsConfig
Set-TenantAnalyticsConfig
Set-UserAnalyticsConfig
role-based-access-control
Add-ManagementRoleEntry
Add-RoleGroupMember
Get-ManagementRole
Get-ManagementRoleAssignment
Get-ManagementRoleEntry
Get-ManagementScope
Get-RoleAssignmentPolicy
Get-RoleGroup
Get-RoleGroupMember
New-ManagementRole
New-ManagementRoleAssignment
New-ManagementScope
New-RoleAssignmentPolicy
New-RoleGroup
Remove-ManagementRole
Remove-ManagementRoleAssignment
Remove-ManagementRoleEntry
Remove-ManagementScope
Remove-RoleAssignmentPolicy
Remove-RoleGroup
Remove-RoleGroupMember
Set-ManagementRoleAssignment
Set-ManagementRoleEntry
Set-ManagementScope
Set-RoleAssignmentPolicy
Set-RoleGroup
Update-RoleGroupMember
server-health-and-performance
Add-GlobalMonitoringOverride
Add-ServerMonitoringOverride
Get-AvailabilityReportOutage
Get-EventLogLevel
Get-GlobalMonitoringOverride
Get-HealthReport
Get-MonitoringItemHelp
Get-MonitoringItemIdentity
Get-ServerComponentState
Get-ServerHealth
Get-ServerMonitoringOverride
Get-ThrottlingPolicy
Get-ThrottlingPolicyAssociation
Invoke-MonitoringProbe
New-AvailabilityReportOutage
New-ThrottlingPolicy
Remove-AvailabilityReportOutage
Remove-GlobalMonitoringOverride
Remove-ServerMonitoringOverride
Remove-ThrottlingPolicy
Set-AvailabilityReportOutage
Set-EventLogLevel
Set-ServerComponentState
Set-ServerMonitor
Set-ThrottlingPolicy
Set-ThrottlingPolicyAssociation
Test-ServiceHealth
sharing-and-collaboration
Add-AvailabilityAddressSpace
Add-PublicFolderAdministrativePermission
Add-PublicFolderClientPermission
Disable-MailPublicFolder
Enable-MailPublicFolder
Get-AvailabilityAddressSpace
Get-AvailabilityConfig
Get-MailPublicFolder
Get-OrganizationRelationship
Get-PublicFolder
Get-PublicFolderAdministrativePermission
Get-PublicFolderClientPermission
Get-PublicFolderDatabase
Get-PublicFolderItemStatistics
Get-PublicFolderMailboxDiagnostics
Get-PublicFolderStatistics
Get-SharingPolicy
Get-SiteMailbox
Get-SiteMailboxDiagnostics
Get-SiteMailboxProvisioningPolicy
New-AvailabilityConfig
New-OrganizationRelationship
New-PublicFolder
New-PublicFolderDatabase
New-PublicFolderDatabaseRepairRequest
New-SharingPolicy
New-SiteMailboxProvisioningPolicy
New-SyncMailPublicFolder
Remove-AvailabilityAddressSpace
Remove-AvailabilityConfig
Remove-OrganizationRelationship
Remove-PublicFolder
Remove-PublicFolderAdministrativePermission
Remove-PublicFolderClientPermission
Remove-PublicFolderDatabase
Remove-SharingPolicy
Remove-SiteMailboxProvisioningPolicy
Remove-SyncMailPublicFolder
Resume-PublicFolderReplication
Set-AvailabilityConfig
Set-MailPublicFolder
Set-OrganizationRelationship
Set-PublicFolder
Set-PublicFolderDatabase
Set-SharingPolicy
Set-SiteMailbox
Set-SiteMailboxProvisioningPolicy
Suspend-PublicFolderReplication
Test-OrganizationRelationship
Test-SiteMailbox
Update-PublicFolder
Update-PublicFolderHierarchy
Update-PublicFolderMailbox
Update-SiteMailbox
unified-messaging
Disable-UMAutoAttendant
Disable-UMCallAnsweringRule
Disable-UMIPGateway
Disable-UMMailbox
Disable-UMServer
Disable-UMService
Enable-UMAutoAttendant
Enable-UMCallAnsweringRule
Enable-UMIPGateway
Enable-UMMailbox
Enable-UMServer
Enable-UMService
Export-UMCallDataRecord
Export-UMPrompt
Get-OnlineMeetingConfiguration
Get-UMActiveCalls
Get-UMAutoAttendant
Get-UMCallAnsweringRule
Get-UMCallDataRecord
Get-UMCallRouterSettings
Get-UMCallSummaryReport
Get-UMDialPlan
Get-UMHuntGroup
Get-UMIPGateway
Get-UMMailbox
Get-UMMailboxPIN
Get-UMMailboxPolicy
Get-UmServer
Get-UMService
Import-UMPrompt
New-UMAutoAttendant
New-UMCallAnsweringRule
New-UMDialPlan
New-UMHuntGroup
New-UMIPGateway
New-UMMailboxPolicy
Remove-UMAutoAttendant
Remove-UMCallAnsweringRule
Remove-UMDialPlan
Remove-UMHuntGroup
Remove-UMIPGateway
Remove-UMMailboxPolicy
Set-UMAutoAttendant
Set-UMCallAnsweringRule
Set-UMCallRouterSettings
Set-UMDialPlan
Set-UMIPGateway
Set-UMMailbox
Set-UMMailboxPIN
Set-UMMailboxPolicy
Set-UmServer
Set-UMService
Test-ExchangeUMCallFlow
Test-UMConnectivity
users-and-groups
Add-DistributionGroupMember
Add-UnifiedGroupLinks
Disable-DistributionGroup
Disable-MailContact
Disable-MailUser
Enable-DistributionGroup
Enable-MailContact
Enable-MailUser
Get-Contact
Get-DistributionGroup
Get-DistributionGroupMember
Get-DynamicDistributionGroup
Get-EligibleDistributionGroupForMigration
Get-Group
Get-LinkedUser
Get-MailContact
Get-MailUser
Get-Recipient
Get-SecurityPrincipal
Get-UnifiedGroup
Get-UnifiedGroupLinks
Get-User
New-DistributionGroup
New-DynamicDistributionGroup
New-EOPDistributionGroup
New-EOPMailUser
New-MailContact
New-MailUser
New-UnifiedGroup
Remove-DistributionGroup
Remove-DistributionGroupMember
Remove-DynamicDistributionGroup
Remove-EOPDistributionGroup
Remove-EOPMailUser
Remove-MailContact
Remove-MailUser
Remove-UnifiedGroup
Remove-UnifiedGroupLinks
Set-Contact
Set-DistributionGroup
Set-DynamicDistributionGroup
Set-EOPDistributionGroup
Set-EOPGroup
Set-EOPMailUser
Set-EOPUser
Set-Group
Set-LinkedUser
Set-MailContact
Set-MailUser
Set-UnifiedGroup
Set-User
Undo-SoftDeletedUnifiedGroup
Update-DistributionGroupMember
Update-EOPDistributionGroupMember
Upgrade-DistributionGroup
minutes to read • Edit Online
Add-ADPermission
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Add-ADPermission cmdlet to add permissions to an
Active Directory object. For information about the parameter sets in the Syntax section below, see Exchange cmdlet
syntax (https://technet.microsoft.com/library/bb123552.aspx).
Syntax
Add-ADPermission [-Identity] <ADRawEntryIdParameter> -User <SecurityPrincipalIdParameter>
[-AccessRights <ActiveDirectoryRights[]>]
[-ChildObjectTypes <ADSchemaObjectIdParameter[]>]
[-Confirm]
[-Deny]
[-DomainController <Fqdn>]
[-ExtendedRights <ExtendedRightIdParameter[]>]
[-InheritanceType <None | All | Descendents | SelfAndChildren | Children>]
[-InheritedObjectType <ADSchemaObjectIdParameter>]
[-Properties <ADSchemaObjectIdParameter[]>]
[-WhatIf] [<CommonParameters>]
Add-ADPermission [-Identity] <ADRawEntryIdParameter> -Owner <SecurityPrincipalIdParameter>

[-Confirm]
Add-ADPermission -Instance <ADAcePresentationObject>

[-Confirm]
[-Deny]
[[-Identity] <ADRawEntryIdParameter>]
[-User <SecurityPrincipalIdParameter>]
Description
The ADPermission cmdlets can be used to directly modify Active Directory access control lists (ACLs). Although
some Microsoft Exchange features may continue to use the ADPermission cmdlets to manage permissions (for
example Send and Receive connectors) Exchange 2013 and later versions no longer use customized ACLs to
manage administrative permissions. If you want to grant or deny administrative permissions in Exchange 2013 or
later, you need to use Role Based Access Control (RBAC ). For more information about RBAC, see Permissions.
You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the
cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To
find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions
required to run any Exchange cmdlet (https://technet.microsoft.com/library/mt432940.aspx).
Examples
-------------------------- Example 1 --------------------------
Add-ADPermission -Identity "Terry Adams" -User AaronPainter -AccessRights ExtendedRight -ExtendedRights "Send
As"
This example grants Send As permissions for Aaron Painter to Terry Adams's mailbox.
-------------------------- Example 2 --------------------------
Add-AdPermission "IP Secured Inbound" -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights ms-Exch-SMTP-
Submit,ms-Exch-SMTP-Accept-Any-Recipient,ms-Exch-Bypass-Anti-Spam
This example configures the IP Secured Inbound Receive connector to accept anonymous SMTP messages.
This example assumes that another security mechanism is used to ensure the Receive connector can't be used to
send unsolicited commercial email messages. We recommend that you don't allow external clients to send
messages anonymously through a Receive connector.
Parameters
-AccessRights
The AccessRights parameter specifies the rights needed to perform the operation. Valid values include:
AccessSystemSecurity
CreateChild
DeleteChild
ListChildren
Self
ReadProperty
WriteProperty
DeleteTree
ListObject
ExtendedRight
Delete
ReadControl
GenericExecute
GenericWrite
GenericRead
WriteDacl
WriteOwner
GenericAll
Synchronize
Type: ActiveDirectoryRights[]
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-ChildObjectTypes
The ChildObjectTypes parameter specifies what type of object the permission should be applied to.
The ChildObjectTypes parameter can only be used if the AccessRights parameter is set to CreateChild or
DeleteChild.
Type: ADSchemaObjectIdParameter[]
Required: False
Position: Named
Default value: None
-Confirm
The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet
depends on if the cmdlet requires confirmation before proceeding.
Destructive cmdlets (for example, Remove-* cmdlets) have a built-in pause that forces you to acknowledge the
command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact
syntax: -Confirm:$false.
Most other cmdlets (for example, New -* and Set-* cmdlets) don't have a built-in pause. For these cmdlets,
specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command
before proceeding.
Type: SwitchParameter
Required: False
Position: Named
Default value: None
-Deny
The Deny switch specifies whether to deny permissions to the user on the Active Directory object.
Required: False
Position: Named
Default value: None
-DomainController
The DomainController parameter specifies the domain controller that's used by this cmdlet to read data from or
write data to Active Directory. You identify the domain controller by its fully qualified domain name (FQDN ). For
example, dc01.contoso.com.
The DomainController parameter isn't supported on Edge Transport servers. An Edge Transport server uses the
local instance of Active Directory Lightweight Directory Services (AD LDS ) to read and write data.
Type: Fqdn
Required: False
Position: Named
Default value: None
-ExtendedRights
The ExtendedRights parameter specifies the extended rights needed to perform the operation.
Type: ExtendedRightIdParameter[]
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the identity of the object that's getting permissions added. You can specify either
the distinguished name (DN ) of the object or the object's name if it's unique. If the DN or name contains spaces,
enclose the name in quotation marks (").
Type: ADRawEntryIdParameter
Required: True
Position: 1
Default value: None
Accept pipeline input: True
-InheritanceType
The InheritanceType parameter specifies whether permissions are inherited.
Type: None | All | Descendents | SelfAndChildren | Children

Required: False
Position: Named
Default value: None
-InheritedObjectType
The InheritedObjectType parameter specifies what kind of object inherits this access control entry (ACE ).
Type: ADSchemaObjectIdParameter
Required: False
Position: Named
Default value: None
-Instance
The Instance parameter enables you to pass an entire object to the command to be processed. It's mainly used in
scripts where an entire object must be passed to the command.
Type: ADAcePresentationObject
Required: True
Position: Named
Default value: None
-Owner
The Owner parameter specifies the owner of the Active Directory object. If the name of the owner contains spaces,
enclose the name in quotation marks (").
The Owner parameter can only be used with the Identity parameter and no other parameters.
Type: SecurityPrincipalIdParameter
Required: True
Position: Named
Default value: None
-Properties
The Properties parameter specifies what properties the object contains.
The Properties parameter can only be used if the AccessRights parameter is set to ReadProperty, WriteProperty or
Self.
Required: False
Position: Named
Default value: None
-User
The User parameter specifies the user that the permissions are being granted to on the object. If the name contains
spaces, enclose the name in quotation marks (").
Required: True
Position: Named
Default value: None
-WhatIf
The WhatIf switch simulates the actions of the command. You can use this switch to view the changes that would
occur without actually applying those changes. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
Inputs
To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types
(https://go.microsoft.com/fwlink/p/?LinkId=616387). If the Input Type field for a cmdlet is blank, the cmdlet doesn't
accept input data.
Outputs
To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and
Output Types (https://go.microsoft.com/fwlink/p/?LinkId=616387). If the Output Type field is blank, the cmdlet
doesn't return data.
Related Links
Online Version
Dump-ProvisioningCache
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Dump-ProvisioningCache cmdlet to return a list of
the cached keys and values for the specified server and Windows PowerShell application. For information about
the parameter sets in the Syntax section below, see Exchange cmdlet syntax
(https://technet.microsoft.com/library/bb123552.aspx).
Syntax
Dump-ProvisioningCache [-Server] <Fqdn> -Application <String> [-GlobalCache]
[-CacheKeys <MultiValuedProperty>]
[-Confirm]
Dump-ProvisioningCache [-Server] <Fqdn> -Application <String> [-CurrentOrganization] [-Organizations

<MultiValuedProperty>]
[-Confirm]
Description
The Dump-ProvisioningCache cmdlet is for diagnostic purposes only and is rarely used. Exchange administrators
or Microsoft support personnel may need to run this cmdlet to troubleshoot problems resulting from incorrect
links or properties stamped on newly provisioned recipients, which can be caused by stale data in the provisioning
cache.
The Dump-ProvisioningCache cmdlet displays a list of the Windows PowerShell provisioning cache keys. Use the
value of these cache keys with the Reset-ProvisioningCache cmdlet to reset provisioning cache data.
Examples
-------------------------- Example 1 --------------------------
Dump-ProvisioningCache -Server EXSRV1.contoso.com -Application Powershell-Proxy -GlobalCache
This example displays all cache keys for the specified server and Windows PowerShell application.
Parameters
-Application
The Application parameter specifies the specific administrative application to reset the provisioning cache for. You
can use the following values:
Powershell
Powershell-LiveId
Powershell-Proxy
PowershellLiveId-Proxy
Ecp
Psws
Type: String
Required: True
Position: Named
Default value: None
-CacheKeys
The CacheKeys parameter specifies the value for the cache key that you want to clear. The format for the values
should contain 32 digits separated by four dashes: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Use the Dump-ProvisioningCache cmdlet to return a list of cache keys.
Type: MultiValuedProperty
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-CurrentOrganization
The CurrentOrganization switch specifies that the provision cache is reset for this organization.
Required: False
Position: Named
Default value: None
-GlobalCache
The GlobalCache switch specifies that all cache keys are cleared.
Required: True
Position: Named
Default value: None
-Organizations
The Organizations parameter specifies the organizations that the provisioning cache will be reset. This parameter is
used in multi-tenant deployments.
Required: False
Position: Named
Default value: None
-Server
The Server parameter specifies the fully qualified domain name (FQDN ) of the server that the application you want
to reset is running on.
Type: Fqdn
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
(https://go.microsoft.com/fwlink/p/?linkId=616387). If the Input Type field for a cmdlet is blank, the cmdlet doesn't
accept input data.
Outputs
Output Types (https://go.microsoft.com/fwlink/p/?linkId=616387). If the Output Type field is blank, the cmdlet
Related Links
Online Version
Get-ADPermission
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-ADPermission cmdlet to get permissions on an
Active Directory object. For information about the parameter sets in the Syntax section below, see Exchange cmdlet
Syntax
Get-ADPermission [-Identity] <ADRawEntryIdParameter> [-Owner]
[-DomainController <Fqdn>] [<CommonParameters>]
Get-ADPermission [-Identity] <ADRawEntryIdParameter> [-User <SecurityPrincipalIdParameter>]

Description
Examples
-------------------------- Example 1 --------------------------
Get-ADPermission -Identity Ed
This example returns the permissions that have been applied to the user Ed.
-------------------------- Example 2 --------------------------
Get-ADPermission "Contoso.com" -User Chris
This example returns the permissions that have been granted to the user Chris on the Contoso.com Receive
connector.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the identity of the object for which you're retrieving permissions. You can retrieve
the permissions for any Active Directory object using its distinguished name (DN ). If the object is an Exchange
object, you might be able to use the object's name. If the DN or the object's name contains spaces, enclose the value
in quotation marks (").
Required: True
Position: 1
Default value: None
-Owner
The Owner switch specifies that the owner of the object specified in the Identity parameter should be returned. If
the Owner switch is used, the User parameter can't be used.
Required: False
Position: Named
Default value: None
-User
The User parameter specifies that only the access control entries (ACEs) granted to the specified user on the object
specified in the Identity parameter should be returned. If the User parameter is used, the Owner switch can't be
used.
If the name of the user contains spaces, enclose the name in quotation marks (").
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-AdServerSettings
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-AdServerSettings cmdlet to view the Active
Directory Domain Services (AD DS ) environment settings in the current Exchange Management Shell session. The
Get-AdServerSettings cmdlet replaces the AdminSessionADSettings session variable that was used in Exchange
Server 2007. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Get-AdServerSettings [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-AdServerSettings | Format-List
This example displays the session settings for the current session.
For more information about pipelining and the Format-List cmdlet, see Pipelining
(https://technet.microsoft.com/library/aa998260.aspx) and Working with command output
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-AdSite
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-AdSite cmdlet to display configuration
information about one or more Active Directory sites. For information about the parameter sets in the Syntax
section below, see Exchange cmdlet syntax (https://technet.microsoft.com/library/bb123552.aspx).
Syntax
Get-AdSite [[-Identity] <AdSiteIdParameter>] [-DomainController <Fqdn>] [<CommonParameters>]
Description
Exchange uses Active Directory sites and the costs assigned to the Active Directory site links to make message
routing decisions.
Examples
-------------------------- Example 1 --------------------------
Get-AdSite Default-First-Site-Name
This example displays the configuration details for the Active Directory site named Default-First-Site-Name.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the identity of the Active Directory site for which you want to view configuration
details. The identity can be expressed as a GUID or the Active Directory site name. If the Active Directory site name
includes spaces, enclose the name in quotation marks (").
Type: AdSiteIdParameter
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-AdSiteLink
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-AdSiteLink cmdlet to view configuration
information about an Active Directory IP site link. For information about the parameter sets in the Syntax section
below, see Exchange cmdlet syntax (https://technet.microsoft.com/library/bb123552.aspx).
Syntax
Get-AdSiteLink [[-Identity] <AdSiteLinkIdParameter>] [-DomainController <Fqdn>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-ADSiteLink
This example returns a list of all IP site links in your organization.

-------------------------- Example 2 --------------------------
Get-AdSiteLink | Where {$_.ExchangeCost -ne $null}
This example returns a list of all IP site links in your organization that have a specific Exchange cost assigned.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name or GUID of the IP site link for which you want to view configuration
information.
Type: AdSiteLinkIdParameter
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-DomainController
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-DomainController cmdlet to view a list of
domain controllers that exist in your organization. For information about the parameter sets in the Syntax section
Syntax
Get-DomainController [-GlobalCatalog] [-Forest <Fqdn>]
[-Credential <NetworkCredential>] [<CommonParameters>]
Get-DomainController [-DomainName <Fqdn>]

[-Credential <NetworkCredential>] [<CommonParameters>]
Description
The Get-DomainController cmdlet is used by the Exchange admin center to populate fields that display domain
controller information.
Examples
-------------------------- Example 1 --------------------------
$UserCredentials = Get-Credential; Get-DomainController -DomainName corp.contoso.com -Credential

$UserCredentials | Format-Table -AutoSize Name, ADSite
This example retrieves a list of global catalog servers in the corp.contoso.com domain. Because a different set of
credentials are required to access this domain, the Get-Credential cmdlet is used to obtain the username and
password from the user.
The first command displays a prompt to the user that accepts the username and password. The credentials are then
stored in the $UserCredentials variable. The second command uses the $UserCredentials variable for the
Credential parameter value. To make the list more readable, the output is piped to the Format-Table cmdlet and
only the Name and ADSite properties are displayed.
For more information about pipelining and the Format-Table cmdlet, see Pipelining
Parameters
-Credential
The Credential parameter specifies the username and password that's used to run this command. Typically, you use
this parameter in scripts or when you need to provide different credentials that have the required permissions.
This parameter requires the creation and passing of a credential object. This credential object is created by using
the Get-Credential cmdlet. For more information, see Get-Credential (https://go.microsoft.com/fwlink/p/?
linkId=142122).
If you use the Forest parameter, the credentials are used to access the forest.
Type: NetworkCredential
Required: False
Position: Named
Default value: None
-DomainName
The DomainName parameter specifies the fully qualified domain name (FQDN ) of the domain for which you want
to return a list of domain controllers.
Type: Fqdn
Required: False
Position: Named
Default value: None
-Forest
The Forest parameter specifies the FQDN of the root domain of the forest for which you want to return a list of
domain controllers.
Type: Fqdn
Required: False
Position: Named
Default value: None
-GlobalCatalog
The GlobalCatalog switch specifies whether the command should return a list of global catalog servers. You don't
need to specify a value with this switch.
Required: True
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-OrganizationalUnit
In ths Article
This cmdlet is available in on-premises Exchange and in the cloud-based service. Some parameters and settings
may be exclusive to one environment or the other. Use the Get-OrganizationalUnit cmdlet to view a list of
organizational units (OUs) that exist in your organization. For information about the parameter sets in the Syntax
Syntax
Get-OrganizationalUnit [[-Identity] <ExtendedOrganizationalUnitIdParameter>] [-SingleNodeOnly]
[-IncludeContainers]
[-ResultSize <Unlimited>] [<CommonParameters>]
Get-OrganizationalUnit [-SearchText <String>]

[-IncludeContainers]
Description
The Get-OrganizationalUnit cmdlet is used by the Exchange admin center to populate fields that display OU
information.
Examples
-------------------------- Example 1 --------------------------
Get-OrganizationalUnit "North America" -SingleNodeOnly | Format-Table Name, DistinguishedName
This example retrieves a list of the first level child OUs beneath the North America OU and formats the output so
that only the Name and DistinguishedName properties are displayed.
-------------------------- Example 2 --------------------------
Get-OrganizationalUnit -SearchText "Executives" | Format-Table Name, DistinguishedName
This example retrieves a list of OUs that match the text string "Executives" and formats the output so that only the
Name and DistinguishedName properties are displayed.
Parameters
-DomainController
This parameter is available only in on-premises Exchange.
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the OU or domain that you want to view. You can use any value that uniquely
identifies the OU or domain. For example:
Name
Canonical name
Distinguished name (DN )
GUID
You can use this parameter with the SearchText parameter.
Type: ExtendedOrganizationalUnitIdParameter
Required: False
Position: 1
Default value: None
-IncludeContainers
The IncludeContainers switch instructs the command to return containers in the results. You don't need to specify a
value with this switch.
Required: False
Position: Named
Default value: None
-ResultSize
The ResultSize parameter specifies the maximum number of results to return. If you want to return all requests that
match the query, use unlimited for the value of this parameter. The default value is 1000.
Type: Unlimited
Required: False
Position: Named
Default value: None
-SearchText
The SearchText parameter enables you to search the names of all OUs in your organization for the specified string.
Only the OUs that match the string you specify are returned. If the string you specify contains spaces, enclose it in
quotation marks (").
You can't use this parameter with the Identity parameter.
Type: String
Required: False
Position: Named
Default value: None
-SingleNodeOnly
The SingleNodeOnly switch instructs the command to return only the first level child OUs beneath the OU
specified in the Identity parameter. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-Trust
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-Trust cmdlet to return external and forest trusts.
For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Get-Trust [-DomainName <Fqdn>] [<CommonParameters>]
Description
The Get-Trust cmdlet is used by the Exchange admin center in to populate fields that display recipient information.
Examples
-------------------------- Example 1 --------------------------
Get-Trust -DomainName Contoso.com
This example enumerates all trusts for the domain Contoso.com.
Parameters
-DomainName
The DomainName parameter specifies that trusts returned are restricted to the domain name specified.
Type: Fqdn
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-UserPrincipalNamesSuffix cmdlet to view the
user principal name (UPN ) suffixes in the Active Directory forest. The UPN suffixes are created in Active Directory
Domains and Trusts. For information about the parameter sets in the Syntax section below, see Exchange cmdlet
Syntax
Get-UserPrincipalNamesSuffix [-OrganizationalUnit <ExtendedOrganizationalUnitIdParameter>] [<CommonParameters>]
Description
UPN suffixes assigned to an organizational unit are stored in the upnSuffixes attribute in the Organizational Unit
object.
The default UPN is contained in the Canonical Name attribute on the Partitions container object in the
configuration naming context. The default UPN suffix identifies the domain in which the user account is contained.
When you create a user account in Active Directory, the default UPN suffix is the DNS name of the first domain in
your domain tree.
If you create user accounts by using Active Directory Users and Computers, every user must have a UPN.
Examples
-------------------------- Example 1 --------------------------
This example returns all UPN suffixes for the Active Directory forest.
Parameters
-OrganizationalUnit
The OrganizationalUnit parameter filters the results based on the object's location in Active Directory. Only objects
that exist in the specified location are returned. Valid input for this parameter is an organizational unit (OU ) or
domain that's visible using the Get-OrganizationalUnit cmdlet. You can use any value that uniquely identifies the
OU or domain. For example:
Name
Canonical name
GUID
Type: ExtendedOrganizationalUnitIdParameter
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-ADPermission
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Remove-ADPermission cmdlet to remove
permissions from an Active Directory object. For information about the parameter sets in the Syntax section below,
see Exchange cmdlet syntax (https://technet.microsoft.com/library/bb123552.aspx).
Syntax
Remove-ADPermission [-Identity] <ADRawEntryIdParameter> -User <SecurityPrincipalIdParameter>
[-Confirm]
[-Deny]
Remove-ADPermission [-Identity] <ADRawEntryIdParameter>

[-Confirm]
Remove-ADPermission -Instance <ADAcePresentationObject>

[-Confirm]
[-Deny]
[[-Identity] <ADRawEntryIdParameter>]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-ADPermission -Identity Administrator -User Kim -ExtendedRights "Send As"
This example removes the Send As permissions from user Kim on the user Administrator.
-------------------------- Example 2 --------------------------
Remove-ADPermission "IP Secured Inbound" -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights ms-Exch-SMTP-
Submit,ms-Exch-SMTP-Accept-Any-Recipient,ms-Exch-Bypass-Anti-Spam
This example removes the ability for anonymous users to send messages through the Receive connector IP
Secured Inbound.
Parameters
-AccessRights
The AccessRights parameter specifies the rights needed to perform the operation. Valid values include:
CreateChild
DeleteChild
ListChildren
Self
ReadProperty
WriteProperty
DeleteTree
ListObject
ExtendedRight
Delete
ReadControl
GenericExecute
GenericWrite
GenericRead
WriteDacl
WriteOwner
GenericAll
Synchronize
AccessSystemSecurity
Type: ActiveDirectoryRights[]
Required: False
Position: Named
Default value: None
-ChildObjectTypes
The ChildObjectTypes parameter specifies what type of object the permission should be removed from.
The ChildObjectTypes parameter can only be used if the AccessRights parameter is set to CreateChild or
DeleteChild.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Deny
The Deny switch specifies whether the permission to remove is a deny permission.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-ExtendedRights
The ExtendedRights parameter specifies the extended rights to remove.
Type: ExtendedRightIdParameter[]
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the object from which the permission should be removed.
You can specify either the distinguished name (DN ) of the object or the object's name if it's unique. If the DN or
name contains spaces, enclose the name in quotation marks (").
Required: True
Position: 1
Default value: None
-InheritanceType
The InheritanceType parameter specifies whether permissions are inherited.

Required: False
Position: Named
Default value: None
-InheritedObjectType
The InheritedObjectType parameter specifies what kind of object inherits this access control entry (ACE ).
Type: ADSchemaObjectIdParameter
Required: False
Position: Named
Default value: None
-Instance
Type: ADAcePresentationObject
Required: True
Position: Named
Default value: None
-Properties
The Properties parameter specifies what properties the object contains.
The Properties parameter can only be used if the AccessRights parameter is set to ReadProperty, WriteProperty, or
Self.
Required: False
Position: Named
Default value: None
-User
The User parameter specifies the user object that will have permissions removed.
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Reset-ProvisioningCache
In ths Article
This cmdlet is available only in on-premises Exchange. The Reset-ProvisioningCache cmdlet clears the Windows
PowerShell provisioning cache of frequently used Active Directory objects. This cmdlet is only used for diagnostic
purposes. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Reset-ProvisioningCache [-Server] <Fqdn> -Application <String> [-GlobalCache]
[-Confirm]
Reset-ProvisioningCache [-Server] <Fqdn> -Application <String>] [-CurrentOrganization] [-Organizations

<MultiValuedProperty>]
[-Confirm]
Description
The Reset-ProvisioningCache cmdlet is for diagnostic purposes only and is rarely used. Exchange administrators
need to run this cmdlet only if incorrect links or properties are stamped on newly provisioned recipients, which can
be caused by stale data in the provisioning cache. This is a rare occurrence because the provisioning cache has
invalidation notification logic.
The Reset-ProvisioningCache cmdlet clears the Windows PowerShell provisioning cache of frequently used Active
Directory objects. To reduce Active Directory requests, a provisioning cache is initialized in each Windows
PowerShell runspace and is used to cache common objects that are frequently used by cmdlets and provisioning
handlers. During Exchange cmdlet execution, the provisioning cache loads configuration objects from Active
Directory to help run a cmdlet. For example, when you create a mailbox, the New -Mailbox cmdlet obtains
properties from Active Directory. When running cmdlets, configuration objects such as database containers,
administrative role groups, and LegacyDNs are retrieved from Active Directory. Because these types of objects are
stable and don't change for months or years after they're created, they're stored in the provisioning cache used by
Windows PowerShell. This increases provisioning efficiency and significantly improves cmdlet performance.
Examples
-------------------------- Example 1 --------------------------
Reset-ProvisioningCache -Server EXSRV1.contoso.com -Application Powershell -GlobalCache
This example resets the provisioning cache for Windows PowerShell running on the server EXSRV1.contoso.com
in an on-premises Exchange organization and specifies that all cache keys are cleared.
-------------------------- Example 2 --------------------------
Reset-ProvisioningCache -Application Powershell-Proxy -Server datacenter1.adatum.com -GlobalCache
This example runs in a multi-tenant deployment by a data center administrator to reset the provisioning cache for
Windows PowerShell for the adatum.com tenant and clear all cache keys.
Parameters
-Application
The Application parameter specifies the specific administrative application to reset the provisioning cache for. You
Powershell
Powershell-LiveId
Powershell-Proxy
PowershellLiveId-Proxy
Ecp
Psws
Type: String
Required: True
Position: Named
Default value: None
-CacheKeys
The CacheKeys parameter specifies the value for the cache key that you want to clear. The format for the values
should contain 32 digits separated by four dashes: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Use the Dump-ProvisioningCache cmdlet to return a list of cache keys.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-CurrentOrganization
The CurrentOrganization switch specifies that the provision cache is reset for this organization.
Required: False
Position: Named
Default value: None
-GlobalCache
The GlobalCache switch specifies that all cache keys are cleared.
Required: True
Position: Named
Default value: None
-Organizations
The Organizations parameter specifies the organizations that the provisioning cache will be reset. This parameter is
used in multi-tenant deployments.
Required: False
Position: Named
Default value: None
-Server
The Server parameter specifies the fully qualified domain name (FQDN ) of the server that the application you want
to reset is running on.
Type: Fqdn
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-AdServerSettings
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-AdServerSettings cmdlet to manage the Active
Directory Domain Services (AD DS ) environment in the current Exchange Management Shell session. The Set-
AdServerSettings cmdlet replaces the AdminSessionADSettings session variable that was used in Exchange Server
2007. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Set-AdServerSettings -RunspaceServerSettings <RunspaceServerSettingsPresentationObject>
[-Confirm]
Set-AdServerSettings [-ConfigurationDomainController <Fqdn>] [-PreferredGlobalCatalog <Fqdn>] [-

RecipientViewRoot <String>] [-SetPreferredDomainControllers <MultiValuedProperty>] [-ViewEntireForest <$true |
$false>]
[-Confirm]
Set-AdServerSettings [[-PreferredServer] <Fqdn>] [-RecipientViewRoot <String>] [-ViewEntireForest <$true |

$false>]
[-Confirm]
Description
Examples
-------------------------- Example 1 --------------------------
Set-AdServerSettings -RecipientViewRoot "contoso.com/Marketing Users"
This example sets the recipient scope to the Marketing Users OU in the contoso.com domain for the current
session.
-------------------------- Example 2 --------------------------
Set-AdServerSettings -ViewEntireForest $true -PreferredGlobalCatalog gc1.contoso.com
This example sets the scope of the current session to the entire forest and designates gc1.contoso.com as the
preferred global catalog server.
Parameters
-ConfigurationDomainController
The ConfigurationDomainController parameter specifies the fully qualified domain name (FQDN ) of the
configuration domain controller to be used for reading Exchange configuration information in this session.
Type: Fqdn
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-PreferredGlobalCatalog
The PreferredGlobalCatalog parameter specifies the FQDN of the global catalog server to be used for reading
recipient information in this session.
Type: Fqdn
Required: False
Position: Named
Default value: None
-PreferredServer
The PreferredServer parameter specifies the FQDN of the domain controller to be used for this session.
Type: Fqdn
Required: True
Position: 1
Default value: None
-RecipientViewRoot
The RecipientViewRoot parameter specifies the organizational unit (OU ) to include in the recipient scope for this
session. When you specify a recipient scope with this parameter, only the recipients included in the scope are
returned. To specify an OU, use the syntax <FQDN of domain>/<OU tree>.
Type: String
Required: False
Position: Named
Default value: None
-RunspaceServerSettings
The RunspaceServerSettings parameter specifies whether to pass an entire configuration object to the command to
be processed. This parameter is useful in scripts where an entire object must be passed to the command.
Type: RunspaceServerSettingsPresentationObject
Required: True
Position: Named
Default value: None
-SetPreferredDomainControllers
The SetPreferredDomainControllers parameter specifies the list of domain controllers used to read information
from Active Directory in this session. You must specify the FQDN of the domain controllers. Separate multiple
domain controllers using commas.
Required: False
Position: Named
Default value: None
-ViewEntireForest
The ViewEntireForest parameter specifies whether all the objects in the forest are viewed and managed in this
session. Valid values are $true and $false.
When you specify a value of $true, the value stored in the RecipientViewRoot parameter is removed and all of the
recipients in the forest can be viewed and managed.
Type: $true | $false
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-AdSite
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-AdSite cmdlet to configure the Exchange
settings of Active Directory sites. For information about the parameter sets in the Syntax section below, see
Exchange cmdlet syntax (https://technet.microsoft.com/library/bb123552.aspx).
Syntax
Set-AdSite [-Identity] <AdSiteIdParameter> [-Confirm] [-DomainController <Fqdn>]
[-HubSiteEnabled <$true | $false>] [-PartnerId <Int32>]
[-WhatIf] [-InboundMailEnabled <$true | $false>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-AdSite Default-First-Site-Name -HubSiteEnabled $true
This example configures the Active Directory site named Default-First-Site-Name as a hub site.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-HubSiteEnabled
The HubSiteEnabled parameter specifies whether this site acts as a hub site. The default value is $false.

Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the identity of the Active Directory site you want to modify. You can use any value
that uniquely identifies the site. For example, you can use the name, GUID or distinguished name (DN ) of the
Active Directory site.
Required: True
Position: 1
Default value: None
-InboundMailEnabled
The InboundMailEnabled parameter enables or disables receiving incoming messages for all the Exchange located
in the Active Directory site. Typically, this parameter is used after Active Directory site failover or maintenance.
Valid input for this parameter is $true or $false. The default value is $true. If you set the value to $false, none of the
Exchange servers in the Active Directory site will be able to receive incoming messages.
Required: False
Position: Named
Default value: None
-PartnerId
This parameter is reserved for internal Microsoft use.
Type: Int32
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-AdSiteLink
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-AdSiteLink cmdlet to assign an Exchange-
specific cost to an Active Directory IP site link. You can also use this cmdlet to configure the maximum message size
that can pass across an Active Directory IP site link. For information about the parameter sets in the Syntax section
Syntax
Set-AdSiteLink [-Identity] <AdSiteLinkIdParameter> [-Confirm] [-DomainController <Fqdn>]
[-ExchangeCost <Int32>] [-MaxMessageSize <Unlimited>] [-Name <String>] [-WhatIf] [<CommonParameters>]
Description
By default, Microsoft Exchange determines the least cost routing path by using the cost assigned to the Active
Directory IP site link. You can use the Set-AdSiteLink cmdlet to assign an Exchange-specific cost to the Active
Directory IP site link. The Exchange-specific cost is a separate attribute used instead of the Active Directory-
assigned cost to determine the least cost routing path.
Examples
-------------------------- Example 1 --------------------------
Set-AdSiteLink DEFAULT_IP_SITE_LINK -ExchangeCost 25 -MaxMessageSize 10MB
This example assigns an Exchange-specific cost of 25 to the IP site link DEFAULT_IP_SITE_LINK and configures a
maximum message size limit of 10 MB on the IP site link.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-ExchangeCost
The ExchangeCost parameter specifies an Exchange-specific cost for the IP site link. This cost is used instead of the
Active Directory-assigned cost. To clear the value of the ExchangeCost parameter and revert to using the cost of the
IP site link specified in Active Directory, set the value of the ExchangeCost parameter to $null.
Type: Int32
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name or GUID of the IP site link you want to modify.
Type: AdSiteLinkIdParameter
Required: True
Position: 1
Default value: None
-MaxMessageSize
The MaxMessageSize parameter specifies the maximum size of a message that can pass across the Active Directory
IP site link. The default value is unlimited.
When you enter a value, qualify the value with one of the following units:
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
Unqualified values are typically treated as bytes, but small values may be rounded up to the nearest kilobyte.
The valid input range for this parameter is from 64 KB through Int64. To remove the message size limit on an
Active Directory IP site link, enter a value of unlimited.
Type: Unlimited
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies a unique name for the IP site link. The name that you assign overwrites the current
identity of the IP site link.
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Disable-AntiPhishRule
In ths Article
This cmdlet is available only in the cloud-based service. Use the Disable-AntiPhishRule cmdlet to disable enabled
antiphishing rules in your cloud-based organization. For information about the parameter sets in the Syntax section
Syntax
Disable-AntiPhishRule [-Identity] <RuleIdParameter> [-Confirm] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Disable-AntiPhishRule -Identity "Engineering Department Phishing Rule"
This example disables the antiphishing rule named Engineering Department Phishing Rule.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the antiphishing rule that you want to disable. You can use any value that uniquely
identifies the rule. For example:
Name
GUID
Type: RuleIdParameter
Required: True
Position: 0
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online version
Disable-SafeAttachmentRule
In ths Article
This cmdlet is available only in the cloud-based service. Use the Disable-SafeAttachmentRule cmdlet to disable
enabled Safe Attachments rules in your cloud-based organization. For information about the parameter sets in the
Syntax section below, see Exchange cmdlet syntax (https://technet.microsoft.com/library/bb123552.aspx).
Syntax
Disable-SafeAttachmentRule [-Identity] <RuleIdParameter> [-Confirm] [-WhatIf] [<CommonParameters>]
Description
Safe Attachments is a feature in Advanced Threat Protection that opens email attachments in a special hypervisor
environment to detect malicious activity.
Examples
-------------------------- Example 1 --------------------------
Disable-SafeAttachmentRule -Identity "Engineering Department Attachment Rule"
This example disables the Safe Attachments rule named Engineering Department Attachment Rule.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the enabled Safe Attachments rule that you want to disable.
You can use any value that uniquely identifies the rule. For example:
Name
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Disable-SafeLinksRule
In ths Article
This cmdlet is available only in the cloud-based service. Use the Disable-SafeLinksRule cmdlet to disable enabled
Safe Links rules in your cloud-based organization. For information about the parameter sets in the Syntax section
Syntax
Disable-SafeLinksRule [-Identity] <RuleIdParameter> [-Confirm] [-WhatIf] [<CommonParameters>]
Description
Safe Links is a feature in Advanced Threat Protection that checks links in email messages to see if they lead to
malicious web sites. When a user clicks a link in a message, the URL is temporarily rewritten and checked against a
list of known, malicious web sites. Safe Links includes the URL trace reporting feature to help determine who has
clicked through to a malicious web site.
Examples
-------------------------- Example 1 --------------------------
Disable-SafeLinksRule -Identity "Engineering Department URL Rule"
This example disables the enabled Safe Links rule named Engineering Department URL Rule.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the enabled Safe Links rule that you want to disable.
Name
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Enable-AntiPhishRule
In ths Article
This cmdlet is available only in the cloud-based service. Use the Enable-AntiPhishRule cmdlet to enable disabled
antiphishing rules in your cloud-based organization. For information about the parameter sets in the Syntax section
Syntax
Enable-AntiPhishRule [-Identity] <RuleIdParameter> [-Confirm] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Enable-AntiPhishRule -Identity "Marketing Department Phishing Rule"
This example enables the antiphishing rule named Marketing Department Phishing Rule.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the antiphishing rule that you want to enable. You can use any value that uniquely
Name
GUID
Required: True
Position: 0
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online version
Enable-SafeAttachmentRule
In ths Article
This cmdlet is available only in the cloud-based service. Use the Enable-SafeAttachmentRule cmdlet to enable
disabled Safe Attachments rules in your cloud-based organization. For information about the parameter sets in the
Syntax
Enable-SafeAttachmentRule [-Identity] <RuleIdParameter> [-Confirm] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Enable-SafeAttachmentRule -Identity "Marketing Department Attachment Rule"
This example enables the disabled Safe Attachments rule named Marketing Department Attachment Rule.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the disabled Safe Attachments rule that you want to enable.
Name
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Enable-SafeLinksRule
In ths Article
This cmdlet is available only in the cloud-based service. Use the Enable-SafeLinksRule cmdlet to enable disabled
Safe Links rules in your cloud-based organization. For information about the parameter sets in the Syntax section
Syntax
Enable-SafeLinksRule [-Identity] <RuleIdParameter> [-Confirm] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Enable-SafeLinksRule -Identity "Marketing Department URL Rule"
This example enables the disabled Safe Links rule named Marketing Department URL Rule.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the disabled Safe Links rule that you want to enable.
Name
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Get-AdvancedThreatProtectionDocumentDetail
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-
AdvancedThreatProtectionDocumentDetailReport cmdlet to view the results of Office 365 Advanced Threat
Protection (ATP ) actions for files in SharePoint Online, OneDrive for Business and Microsoft Teams in your cloud-
based organization. For more information about this feature, see article at: https://go.microsoft.com/fwlink/?
linkid=857638 For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Get-AdvancedThreatProtectionDocumentDetail [-Action <MultiValuedProperty>] [-Domain <MultiValuedProperty>] [-
EndDate <DateTime>]
[-EventType <MultiValuedProperty>] [-Organization <OrganizationIdParameter>] [-Page <Int32>] [-PageSize
<Int32>] [-ProbeTag <String>] [-StartDate <DateTime>] [<CommonParameters>]
Description
For the reporting period and organization you specify, the cmdlet returns the following information:
Action
Document Id
Domain
Event Type
File Hash
File Name
File Path
Size
Timestamp
Workload
Examples
-------------------------- Example 1 --------------------------
Get-AdvancedThreatProtectionTrafficDetail -Organization contoso.com -StartDate "4/26/2016" -EndDate "4/28/2016"
| Format-Table
This example returns the detailed report of ATP detections during the specified date range.
Parameters
-Action
The Action parameter filters the results by the action taken on the attachment or link. Valid values are:
Allow
BlockAccess
Required: False
Position: Named
Default value: None
-Domain
The Domain parameter filters the results by an accepted domain in the cloud-based organization. You can specify
multiple domain values separated by commas, or the value All.
Required: False
Position: Named
Default value: None
-EndDate
The EndDate parameter specifies the end date of the date range.
Use the short date format that's defined in the Regional Options settings on the computer where you're running the
command. For example, if the computer is configured to use the short date format mm/dd/yyyy, enter 09/01/2018
to specify September 1, 2018. You can enter the date only, or you can enter the date and time of day. If you enter
the date and time of day, enclose the value in quotation marks ("), for example, "09/01/2018 5:00 PM".
Type: DateTime
Required: False
Position: Named
Default value: None
-EventType
The EventType parameter filters the report by the event type. The event type you specify must correspond to the
report. For example, you can only specify "Anti-malware engine" or "Advanced Threat Protection" events for
malware reports.
You can specify multiple values separated by commas.
Required: False
Position: Named
Default value: None
-Organization
The Organization parameter specifies the organization for which the report is being presented.
Type: OrganizationIdParameter
Required: True
Position: Named
Default value: None
-Page
The Page parameter specifies the page number of the results you want to view. Valid input for this parameter is an
integer between 1 and 1000. The default value is 1.
Type: Int32
Required: False
Position: Named
Default value: None
-PageSize
The PageSize parameter specifies the maximum number of entries per page. Valid input for this parameter is an
Type: Int32
Required: False
Position: Named
Default value: None
-ProbeTag
Type: String
Required: False
Position: Named
Default value: None
-StartDate
The StartDate parameter specifies the start date of the date range.
Type: DateTime
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Get-AdvancedThreatProtectionDocumentReport
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-AdvancedThreatProtectionDocumentReport
cmdlet to view the results of Office 365 Advanced Threat Protection (ATP ) actions for files in SharePoint Online,
OneDrive for Business and Microsoft Teams in your cloud-based organization. For more information about this
feature, see article at: https://go.microsoft.com/fwlink/?linkid=857638 For information about the parameter sets in
the Syntax section below, see Exchange cmdlet syntax (https://technet.microsoft.com/library/bb123552.aspx).
Syntax
Get-AdvancedThreatProtectionDocumentReport [-Action <MultiValuedProperty>] [-AggregateBy <String>]
[-Domain <MultiValuedProperty>] [-EndDate <DateTime>] [-EventType <MultiValuedProperty>] [-Organization
<OrganizationIdParameter>] [-Page <Int32>] [-PageSize <Int32>] [-ProbeTag <String>] [-StartDate <DateTime>]
[<CommonParameters>]
Description
For the reporting period and organization you specify, the cmdlet returns the following information:
Action
Count
Date
Domain
Event Type
Workload
Examples
-------------------------- Example 1 --------------------------
Get-AdvancedThreatProtectionTrafficReport -Organization contoso.com -StartDate "4/26/2018" -EndDate "4/28/2018"

| Format-Table
This example returns the aggregated report of ATP detections for the specified organization during the specified
date range.
Parameters
-Action
Allow
BlockAccess
Required: False
Position: Named
Default value: None
-AggregateBy
The AggregateBy parameter specifies the reporting period. Valid values are Hour, Day or Summary. The default
value is Day.
Type: String
Required: False
Position: Named
Default value: None
-Domain
Required: False
Position: Named
Default value: None
-EndDate
Use the short date format which is defined in the Regional Options settings on the computer where you are
running the command. For example, if the computer is configured to use the short date format mm/dd/yyyy, enter
09/01/2018 to specify September 1, 2018. You can enter the date only, or you can enter the date and time of day. If
you enter the date and time of day, enclose the value in quotation marks ("), for example, "09/01/2018 5:00 PM".
Type: DateTime
Required: False
Position: Named
Default value: None
-EventType
The EventType parameter filters the report by the event type. The event type you specify must correspond to the
report. For example, you can only specify "Anti-malware engine" or "Advanced Threat Protection" events for
malware reports.
Required: False
Position: Named
Default value: None
-Organization
The Organization parameter specifies the organization for which the report is being presented.
Required: True
Position: Named
Default value: None
-Page
Type: Int32
Required: False
Position: Named
Default value: None
-PageSize
Type: Int32
Required: False
Position: Named
Default value: None
-ProbeTag
Type: String
Required: False
Position: Named
Default value: None
-StartDate
Use the short date format which is defined in the Regional Options settings on the computer where you are
running the command. For example, if the computer is configured to use the short date format mm/dd/yyyy, enter
09/01/2018 to specify September 1, 2018. You can enter the date only, or you can enter the date and time of day. If
you enter the date and time of day, enclose the value in quotation marks ("), for example, "09/01/2018 5:00 PM".
Type: DateTime
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Get-AdvancedThreatProtectionTrafficReport
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-AdvancedThreatProtectionTrafficReport
cmdlet to view the results of Safe Attachments and Safe Links actions in your cloud-based organization. For
information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Get-AdvancedThreatProtectionTrafficReport [-Action <MultiValuedProperty>] [-AggregateBy <String>]
[-Direction <MultiValuedProperty>] [-DisplayBy <String>] [-Domain <MultiValuedProperty>] [-EndDate <DateTime>]
[-EventType <MultiValuedProperty>] [-Expression <Expression>] [-MalwareName <MultiValuedProperty>]
[-Page <Int32>] [-PageSize <Int32>] [-ProbeTag <String>] [-StartDate <DateTime>] [<CommonParameters>]
Description
For the reporting period you specify, the cmdlet returns the following information:
Domain
Date
Event Type
MalwareName
Action
Message Count
Examples
-------------------------- Example 1 --------------------------
Get-AdvancedThreatProtectionTrafficReport -StartDate "4/26/2016" -EndDate "4/28/2016" | Format-Table
This example returns the results of Safe Attachments and Safe Links actions during the specified date range.
Parameters
-Action
Allow
AllowRedirect
BlockAccess
BlockRedirect
BypassMessage
BypassMessageSystem
ContentReplaced
InfectedAllowed
ReplaceRedirect
Required: False
Position: Named
Default value: None
-AggregateBy
The AggregateBy parameter specifies the reporting period. Valid values are Hour, Day or Summary. The default
value is Day.
Type: String
Required: False
Position: Named
Default value: None
-Direction
The Direction parameter filters the results by incoming or outgoing messages. Valid values for this parameter are
Inbound and Outbound.
Required: False
Position: Named
Default value: None
-DisplayBy
The DisplayBy parameter specifies how the information in the report is organized. Valid values are:
Action (This is the default value)
MalwareName
Type: String
Required: False
Position: Named
Default value: None
-Domain
Required: False
Position: Named
Default value: None
-EndDate
Type: DateTime
Required: False
Position: Named
Default value: None
-EventType
The EventType parameter filters the report by the event type. To view the complete list of valid values for this
parameter, run the command Get-MailFilterListReport -SelectionTarget EventTypes. The event type you specify
must correspond to the report. For example, you can only specify malware filter events for malware reports.
Required: False
Position: Named
Default value: None
-Expression
Type: Expression
Required: False
Position: Named
Default value: None
-MalwareName
The MalwareName parameter filters the results by malware payload. Valid values are:
Excel
EXE
Flash
Others
PDF
PowerPoint
URL
Required: False
Position: Named
Default value: None
-Page
Type: Int32
Required: False
Position: Named
Default value: None
-PageSize
Type: Int32
Required: False
Position: Named
Default value: None
-ProbeTag
Type: String
Required: False
Position: Named
Default value: None
-StartDate
Type: DateTime
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Get-AntiPhishPolicy
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-AntiPhishPolicy cmdlet to view antiphishing
policies in your cloud-based organization. For information about the parameter sets in the Syntax section below,
Syntax
Get-AntiPhishPolicy [-Identity <AntiPhishPolicyIdParameter>] [-Advanced] [-Impersonation] [-Spoof]
Description
Examples
-------------------------- Example 1 --------------------------
Get-AntiPhishPolicy
This example shows a summary list of all antiphish policies.

-------------------------- Example 2 --------------------------
Get-AntiPhishPolicy -Identity Default | Format-List
This example shows detailed information about the antiphish policy named Default.
Parameters
-Advanced
The Advanced switch filters the results by advanced antiphishing policies. You don't need to specify a value with this
switch.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the antiphishing policy that you want to view. You can use any value that uniquely
identifies the policy. For example:
Name
GUID
Type: AntiPhishPolicyIdParameter
Required: False
Position: 0
Default value: None
-Impersonation
The Impersonation switch filters the results by impersonation antiphishing policies. You don't need to specify a
Required: False
Position: Named
Default value: None
-Spoof
The Spoof switch filters the results by spoof antiphishing policies. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online version
Get-AntiPhishRule
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-AntiPhishRule cmdlet to view antiphishing
rules in your cloud-based organization. For information about the parameter sets in the Syntax section below, see
Syntax
Get-AntiPhishRule [[-Identity] <RuleIdParameter>] [-State <Enabled | Disabled>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-AntiPhishRule
This example returns a summary list of all antiphishing rules in your organization.
-------------------------- Example 2 --------------------------
Get-AntiPhishRule -Identity "Research Department Phishing Rule" | Format-List
This example returns detailed information about the antiphishing rule named Research Department Phishing Rule.
Parameters
-Identity
The Identity parameter specifies the antiphishing rule that you want to view. You can use any value that uniquely
Name
GUID
Required: False
Position: 0
Default value: None
-State
The State parameter filters the results by the state of the rule. Valid values are Enabled and Disabled.
Type: Enabled | Disabled

Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online version
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-AtpPolicyForO365 cmdlet to view the
Advanced Threat Protection (ATP ) policy in Office 365. The ATP policy enables the following protections: For
Syntax
Get-AtpPolicyForO365 [[-Identity] <AtpPolicyForO365IdParameter>] [<CommonParameters>]
Description
malicious web sites. For more information, see ATP safe links in Office 365 (https://go.microsoft.com/fwlink/p/?
linkid=846016).
ATP can also protect files in SharePoint Online, OneDrive for Business and Microsoft Teams by preventing users
from opening and downloading files that are identified as malicious. For more information, see Office 365
Advanced Threat Protection for SharePoint, OneDrive and Teams (https://go.microsoft.com/fwlink/p/?
linkid=857638).
Examples
-------------------------- Example 1 --------------------------
This example returns detailed information about the ATP policy named Default
Parameters
-Identity
The Identity parameter specifies the ATP policy that you want to modify. There's only one policy named Default.
Type: AtpPolicyForO365IdParameter
Required: False
Position: 1
Default value: None
Inputs
Outputs
Related Links
Online Version
Get-MailDetailATPReport
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-MailDetailATPReport cmdlet to list details
about Exchange Online Protection and Advanced Threat protection (ATP ) detections in your cloud-based
organization. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Get-MailDetailATPReport [-Direction <MultiValuedProperty>]
[-Domain <MultiValuedProperty>] [-EndDate <DateTime>] [-EventType <MultiValuedProperty>]
[-Expression <Expression>] [-MalwareName <MultiValuedProperty>] [-MessageId <MultiValuedProperty>]
[-MessageTraceId <MultiValuedProperty>] [-Page <Int32>] [-PageSize <Int32>] [-ProbeTag <String>]
[-RecipientAddress <MultiValuedProperty>] [-SenderAddress <MultiValuedProperty>] [-StartDate <DateTime>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-MailDetailATPReport -StartDate 7/1/2018 -EndDate 7/31/2018
This example returns the Advanced Threat Protection actions for July, 2018.
Parameters
-Direction
Required: False
Position: Named
Default value: None
-Domain
Required: False
Position: Named
Default value: None
-EndDate
Type: DateTime
Required: False
Position: Named
Default value: None
-EventType
The EventType parameter filters the report by the event type. Valid values are:
Email phish EventTypes:
Advanced phish filter (Indicates a message caught by the Office 365 machine learning model.)
Anti-spoof: Intra-org (Indicates an internal message caught by anti-phish spoof protection.)
Anti-spoof: external domain (Indicates an external message caught by anti-phish spoof protection.)
Domain impersonation* (Indicates a message impersonating a domain protected by an anti-phish policy.)
User impersonation* (Indicates a message impersonating a user protected by an anti-phish policy.)
Brand impersonation (Indicates a message caught by Office 365 phish filters as impersonating a known brand.)
General phish filter (Indicates a message caught by basic Office 365 phish protection.)
Malicious URL reputation (Indicates a message with a known malicious URL caught by Office 365 phish filters.)
Phish ZAP (Indicates a phish or spam message detected and auto-purged after delivery.)
Email malware EventTypes:
Anti-malware engine (Indicates a message caught by the Office 365 anti-malware engine.)
ATP safe attachments* (Indicates a message with a malicious attachment blocked by ATP.)
ATP safe links* (Indicates when a malicious link is blocked by ATP.)
ZAP (Indicates a message with malware detected and auto-purged after delivery.)
Office 365 file reputation (Indicates a message with a known malicious file blocked.)
Anti-malware policy file type block (Indicates when the Common Attachment Types filter blocks a file.)
Content malware EventTypes:
AtpDocumentMalware* (Indicates malicious content detected by ATP Safe Attachments in the cloud.)
AvDocumentMalware (Indicates malware found by the Office 365 anti-malware engine. Reporting requires ATP
or E5.)
* These features require a standalone Office 365 ATP or E5 subscription.
To enter multiple values, use the following syntax: <value1>,<value2>,...<valueX>. If the values contain spaces or
otherwise require quotation marks, use the following syntax: "<value1>","<value2>",..."<valueX>".
Required: False
Position: Named
Default value: None
-Expression
Type: Expression
Required: False
Position: Named
Default value: None
-MalwareName
The MalwareName parameter filters the results by malware payload. Valid values are:
Excel
EXE
Flash
Others
PDF
PowerPoint
URL
Required: False
Position: Named
Default value: None
-MessageId
The MessageId parameter filters the results by the Message-ID header field of the message. This value is also
known as the Client ID. The format of the Message-ID depends on the messaging server that sent the message.
The value should be unique for each message. However, not all messaging servers create values for the Message-
ID in the same way. Be sure to include the full Message ID string (which may include angle brackets) and enclose
the value in quotation marks (for example, "d9683b4c-127b-413a-ae2e-fa7dfb32c69d@DM3NAM06BG401.Eop-
nam06.prod.protection.outlook.com").
Required: False
Position: Named
Default value: None
-MessageTraceId
The MessageTraceId parameter can be used with the recipient address to uniquely identify a message trace and
obtain more details. A message trace ID is generated for every message that's processed by the system.
Required: False
Position: Named
Default value: None
-Page
Type: Int32
Required: False
Position: Named
Default value: None
-PageSize
Type: Int32
Required: False
Position: Named
Default value: None
-ProbeTag
Type: String
Required: False
Position: Named
Default value: None
-RecipientAddress
The RecipientAddress parameter filters the results by the recipient's email address. You can specify multiple values
separated by commas.
Required: False
Position: Named
Default value: None
-SenderAddress
The SenderAddress parameter filters the results by the sender's email address. You can specify multiple values
Required: False
Position: Named
Default value: None
-StartDate
Type: DateTime
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Get-MailTrafficATPReport
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-MailTrafficATPReport cmdlet to view the
results of Exchange Online Protection and Advanced Threat Protection (ATP ) detections in your cloud-based
Syntax
Get-MailTrafficATPReport [-Action <MultiValuedProperty>] [-AggregateBy <String>]
[-Direction <MultiValuedProperty>] [-Domain <MultiValuedProperty>] [-EndDate <DateTime>]
[-EventType <MultiValuedProperty>] [-Expression <Expression>] [-Page <Int32>] [-PageSize <Int32>]
[-ProbeTag <String>] [-StartDate <DateTime>] [-SummarizeBy <MultiValuedProperty>] [<CommonParameters>]
Description
For the reporting period you specify, the cmdlet returns the following information:
Domain
Date
Event Type
Direction
Action
Message Count
Examples
-------------------------- Example 1 --------------------------
Get-MailTrafficATPReport -Direction Inbound -StartDate 06/13/2018 -EndDate 06/15/2018
This example retrieves details for incoming messages between June 13, 2018 and June 15, 2018.
-------------------------- Example 2 --------------------------
Get-MailTrafficATPReport -StartDate 7/20/2018 -EndDate 7/20/2018 -Direction Outbound | Format-Table

Domain,Date,EventType,Action,MessageCount
This example retrieves the statistics for outgoing messages on July 20, 2018 and displays the results in a table.
Every unique combination of EventType and Action is displayed on a separate row in the table.
-------------------------- Example 3 --------------------------
Get-MailTrafficATPReport -StartDate 7/20/2018 -EndDate 7/20/2018 -Direction Outbound -SummarizeBy

Domain,EventType | Format-Table Domain,Date,EventType,Action,MessageCount
This example is similar to the previous example, but now the results are summarized. Because EventType is one of
the summarized values, the rows in the table now contain the unique values of Action. The total number of rows in
the report is reduced and values of MessageCount are correspondingly larger on each row.
Parameters
-Action
The Action parameter filters the report by the action taken by DLP policies, transport rules, malware filtering, or
spam filtering. To view the complete list of valid values for this parameter, run the command Get-
MailFilterListReport -SelectionTarget Actions. The action you specify must correspond to the report type. For
example, you can only specify malware filter actions for malware reports.
Required: False
Position: Named
Default value: None
-AggregateBy
The AggregateBy parameter specifies the reporting period. Valid values are Hour, Day, or Summary. The default
value is Day.
Type: String
Required: False
Position: Named
Default value: None
-Direction
Required: False
Position: Named
Default value: None
-Domain
Required: False
Position: Named
Default value: None
-EndDate
Type: DateTime
Required: False
Position: Named
Default value: None
-EventType
The EventType parameter filters the report by the event type. Valid values are:
Message passed (Indicates a good message.)
Email phish EventTypes:
Advanced phish filter (Indicates a message caught by the Office 365 machine learning model.)
Anti-spoof: Intra-org (Indicates an internal message caught by anti-phish spoof protection.)
Anti-spoof: external domain (Indicates an external message caught by anti-phish spoof protection.)
Domain impersonation* (Indicates a message impersonating a domain protected by an anti-phish policy.)
User impersonation* (Indicates a message impersonating a user protected by an anti-phish policy.)
Brand impersonation (Indicates a message caught by Office 365 phish filters as impersonating a known brand.)
General phish filter (Indicates a message caught by basic Office 365 phish protection.)
Malicious URL reputation (Indicates a message with a known malicious URL caught by Office 365 phish filters.)
Phish ZAP (Indicates a phish or spam message detected and auto-purged after delivery.)
Email malware EventTypes:
Anti-malware engine (Indicates a message caught by the Office 365 anti-malware engine.)
ATP safe attachments* (Indicates a message with a malicious attachment blocked by ATP.)
ATP safe links* (Indicates when a malicious link is blocked by ATP.)
ZAP (Indicates a message with malware detected and auto-purged after delivery.)
Office 365 file reputation (Indicates a message with a known malicious file blocked.)
Anti-malware policy file type block (Indicates when the Common Attachment Types filter blocks a file.)
Content malware EventTypes:
AtpDocumentMalware* (Indicates malicious content detected by ATP Safe Attachments in the cloud.)
AvDocumentMalware (Indicates malware found by the Office 365 anti-malware engine. Reporting requires
ATP/E5.)
* These features require a standalone Office 365 ATP or E5 subscription.
Required: False
Position: Named
Default value: None
-Expression
Type: Expression
Required: False
Position: Named
Default value: None
-Page
Type: Int32
Required: False
Position: Named
Default value: None
-PageSize
Type: Int32
Required: False
Position: Named
Default value: None
-ProbeTag
Type: String
Required: False
Position: Named
Default value: None
-StartDate
Type: DateTime
Required: False
Position: Named
Default value: None
-SummarizeBy
The SummarizeBy parameter returns totals based on the values you specify. If your report filters data using any of
the values accepted by this parameter, you can use the SummarizeBy parameter to summarize the results based on
those values. To decrease the number of rows returned in the report, consider using the SummarizeBy parameter.
Summarizing reduces the amount of data that's retrieved for the report and delivers the report faster. For example,
instead of seeing each instance of a specific value of EventType on an individual row in the report, you can use the
SummarizeBy parameter to see the total number of instances of that value of EventType on one row in the report.
For the Get-MailTrafficATPReport cmdlet, valid values are Action, Direction, Domain, and EventType. You can
specify multiple values separated by commas.
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Get-PhishFilterPolicy
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-PhishFilterPolicy cmdlet to view the phish filter
policy and detected spoofed sending activities in your cloud-based organization. For information about the
parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Get-PhishFilterPolicy -Detailed -SpoofAllowBlockList [-SpoofType <String>] [<CommonParameters>]
Description
The Get-PhishFilterPolicy cmdlet returns the following information:
Sender/sender domain: The true sending domain that's found in the DNS record of the source messaging
server. If no domain is found, the source messaging server's IP address is shown.
SpoofedUser: The sending email address if the domain is one of your organization's domains, or the sending
domain if the domain is external.
MailVolume: The number of messages.
UserComplaints: The number of user complaints.
Authentication: Indicates whether the message has passed any type of authentication (explicit or implicit).
Last seen: The date when the sending email address or domain was last seen by Office 365.
Decision set by: Specifies whether Office 365 set the spoofing policy as allowed or not allowed to spoof, or if it
was set by an admin.
AllowedToSpoof: The three possible values are Yes (messages that contain any spoofed sender email addresses
in your organization are allowed from the source messaging server), No (messages that contain any spoofed
sender email addresses in your organization are not allowed from the source messaging server), and Partial
(messages that contain some spoofed sender email addresses in your organization are allowed from the source
messaging server.
Spoof Type: Indicates whether the domain is internal to your organization or external.
For more information about spoof intelligence, see Learn more about spoof intelligence
(https://go.microsoft.com/fwlink/p/?linkid=869584).
Examples
-------------------------- Example 1 --------------------------
Get-PhishFilterPolicy -Detailed -SpoofAllowBlockList -SpoofType Internal
This example returns a detailed list of senders that appear to be sending spoofed email to your organization.
-------------------------- Example 2 --------------------------
$file = "C:\My Documents\Summary Spoofed Internal Domains and Senders.csv"; Get-PhishFilterPolicy -Detailed -
SpoofAllowBlockList -SpoofType Internal | Export-CSV $file
This example exports the list of spoofed senders to a CSV file.
Parameters
-Detailed
The Detailed switch specifies whether to return detailed information in the results. You don't need to specify a value
with this switch.
Required: True
Position: Named
Default value: None
-SpoofAllowBlockList
The SpoofAllowBlockList switch specifies whether to return a summary view of detected spoof activity. You don't
Required: True
Position: Named
Default value: None
-SpoofType
The SpoofType parameter filters the results by the type of spoofing. Valid values are:
Internal
External
Type: String
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-SafeAttachmentPolicy cmdlet to view Safe
Attachments policies in your cloud-based organization. For information about the parameter sets in the Syntax
Syntax
Get-SafeAttachmentPolicy [[-Identity] <SafeAttachmentPolicyIdParameter>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
This example shows a summary list of all Safe Attachments policies.

-------------------------- Example 2 --------------------------
Get-SafeAttachmentPolicy -Identity Default | Format-List
This example shows detailed information about the Safe Attachments policy named Default.
Parameters
-Identity
The Identity parameter specifies the Safe Attachments policy that you want to view.
You can use any value that uniquely identifies the policy. For example:
Name
GUID
Type: SafeAttachmentPolicyIdParameter
Required: False
Position: 1
Default value: None
Inputs
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-SafeAttachmentRule cmdlet to view Safe
Attachments rules in your cloud-based organization. For information about the parameter sets in the Syntax section
Syntax
Get-SafeAttachmentRule [[-Identity] <RuleIdParameter>] [-State <Enabled | Disabled>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
This example returns a summary list of all Safe Attachments rules in your organization.
-------------------------- Example 2 --------------------------
Get-SafeAttachmentRule -Identity "Research Department Attachment Rule" | Format-List
This example returns detailed information about the Safe Attachments rule named Research Department
Attachment Rule.
Parameters
-Identity
The Identity parameter specifies the Safe Attachments rule that you want to view.
Name
GUID
Required: False
Position: 1
Default value: None
-State

Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Get-SafeLinksPolicy
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-SafeLinksPolicy cmdlet to view Safe Links
Syntax
Get-SafeLinksPolicy [[-Identity] <SafeLinksPolicyIdParameter>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-SafeLinksPolicy | Format-Table Name,IsEnabled,IsDefault
This example shows a summary list of all Safe Links policies.

-------------------------- Example 2 --------------------------
Get-SafeLinksPolicy -Identity Default
This example shows detailed information about the Safe Links policy named Default.
Parameters
-Identity
The Identity parameter specifies the Safe Links policy that you want to view.
Name
GUID
Type: SafeLinksPolicyIdParameter
Required: False
Position: 1
Default value: None
Inputs
Outputs
Related Links
Online Version
Get-SafeLinksRule
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-SafeLinksRule cmdlet to view Safe Links rules
in your cloud-based organization. For information about the parameter sets in the Syntax section below, see
Syntax
Get-SafeLinksRule [[-Identity] <RuleIdParameter>] [-State <Enabled | Disabled>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-SafeLinksRule | Format-Table -Auto Name,State,Priority,SafeLinksPolicy,Comments
This example returns a summary list of all Safe Links rules in your organization.
-------------------------- Example 2 --------------------------
Get-SafeLinksRule -Identity "Research Department URL Rule"
This example returns detailed information about the Safe Links rule named Research Department URL Rule.
Parameters
-Identity
The Identity parameter specifies the Safe Links rule that you want to view.
Name
GUID
Required: False
Position: 1
Default value: None
-State

Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Get-SpoofMailReport
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-SpoofMailReport cmdlet to view information
about insider spoofing in your cloud-based organization. Insider spoofing is where the sender's email address in an
inbound message appears to represent your organization, but the actual identity of the sender is different. Insider
spoofing is a common tactic that's used in phishing messages to obtain user credentials or steal money. This cmdlet
is only available in Office 365 Enterprise E5, or with Advanced Threat Protection licenses. For information about
Syntax
Get-SpoofMailReport [-Action <MultiValuedProperty>] [-Direction <MultiValuedProperty>] [-EndDate <DateTime>]
[-EventType <MultiValuedProperty>] [-Expression <Expression>] [-Page <Int32>] [-PageSize <Int32>]
[-ProbeTag <String>] [-StartDate <DateTime>] [<CommonParameters>]
Description
The spoof mail report is a feature in Advanced Threat Protection that you can use to query information about
insider spoofing detections in the last 30 days. For the reporting period you specify, the Get-SpoofMailReport
cmdlet returns the following information:
Date: Date the message was sent.
Event Type: Typically, this value is SpoofMail.
Direction: This value is Inbound.
Domain: The sender domain. This corresponds to one of your organization's accepted domains.
Action: Typically, this value is GoodMail or CaughtAsSpam.
Spoofed Sender: The spoofed email address or domain in your organization from which the messages appear
to be coming.
True Sender: The organizational domain of the PTR record, or pointer record, of the sending IP address, also
known as the reverse DNS address. If the sending IP address does not have a PTR record, this field will be
blank and the Sender IP column will be filled in. Both columns will not be filled in at the same time.
Sender IP: The IP address or address range of the source messaging server. If the sending IP address does have
a PTR record, this field will be blank and the True Sender column will be filled in. Both columns will not be filled
in at the same time.
Count: The number of spoofed messages that were sent to your organization from the source messaging server
during the specified time period.
Examples
-------------------------- Example 1 --------------------------
Get-SpoofMailReport -StartDate 03/01/2016 -EndDate 03/31/2016
This example shows the insider spoofing detections in your organization during the month of March 2016.
Parameters
-Action
Common values for this report are GoodMail and CaughtAsSpam.
Required: False
Position: Named
Default value: None
-Direction
The Direction parameter filters the results by incoming messages. The valid value for this parameter is Inbound.
Required: False
Position: Named
Default value: None
-EndDate
Type: DateTime
Required: False
Position: Named
Default value: None
-EventType
The EventType parameter filters the report by the event type. To view the complete list of valid values for this
parameter, run the command Get-MailFilterListReport -SelectionTarget EventTypes. The event type you specify
must correspond to the report. For example, you can only specify malware filter events for malware reports.
The common value for this report is SpoofMail.
Required: False
Position: Named
Default value: None
-Expression
Type: Expression
Required: False
Position: Named
Default value: None
-Page
Type: Int32
Required: False
Position: Named
Default value: None
-PageSize
Type: Int32
Required: False
Position: Named
Default value: None
-ProbeTag
Type: String
Required: False
Position: Named
Default value: None
-StartDate
Type: DateTime
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Get-UrlTrace
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-UrlTrace cmdlet to view the results of Safe
Links actions in your cloud-based organization. Currently, the date range can't be more than seven days. For
Syntax
Get-UrlTrace [-ClickId <Guid>] [-EndDate <DateTime>] [-Expression <Expression>] [-Page <Int32>]
[-PageSize <Int32>] [-RecipientAddress <MultiValuedProperty>] [-StartDate <DateTime>]
[-UrlOrDomain <MultiValuedProperty>] [-Workloads <MultiValuedProperty>] [<CommonParameters>]
Description
clicked through to a malicious web site. For more information about Advanced Threat Protection Safe Links, see
Office 365 ATP Safe Links.
Examples
-------------------------- Example 1 --------------------------
Get-UrlTrace -RecipientAddress "michelle@contoso.com" -StartDate "5/9/2016" -EndDate "5/11/2016"
This example returns the results of Safe Links actions during the specified time period for the user
michelle@contoso.com.
Parameters
-ClickId
The ClickId parameter filters the results by the ClickId GUID value.
Type: Guid
Required: False
Position: Named
Default value: None
-EndDate
Type: DateTime
Required: False
Position: Named
Default value: None
-Expression
Type: Expression
Required: False
Position: Named
Default value: None
-Page
Type: Int32
Required: False
Position: Named
Default value: None
-PageSize
Type: Int32
Required: False
Position: Named
Default value: None
-RecipientAddress
Required: False
Position: Named
Default value: None
-StartDate
Type: DateTime
Required: False
Position: Named
Default value: None
-UrlOrDomain
The UrlOrDomain parameter filters the results by the specified URL or domain value.
Required: False
Position: Named
Default value: None
-Workloads
The Workloads parameter filters the results by the specified workload. Valid values are:
Mail
OfficeClient
Other
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
New-AntiPhishPolicy
In ths Article
This cmdlet is available only in the cloud-based service. Use the New -AntiPhishPolicy cmdlet to create antiphishing
Syntax
New-AntiPhishPolicy -Name <String>
[-AdminDisplayName <String>]
[-AuthenticationFailAction <MoveToJmf | Quarantine>]
[-Confirm]
[-EnableAntiSpoofEnforcement <$true | $false>]
[-EnableAuthenticationSafetyTip <$true | $false>]
[-EnableAuthenticationSoftPassSafetyTip <$true | $false>]
[-Enabled <$true | $false>]
[-EnableMailboxIntelligence <$true | $false>]
[-EnableMailboxIntelligenceProtection <$true | $false>]
[-EnableOrganizationDomainsProtection <$true | $false>]
[-EnableSimilarDomainsSafetyTips <$true | $false>]
[-EnableSimilarUsersSafetyTips <$true | $false>]
[-EnableTargetedDomainsProtection <$true | $false>]
[-EnableTargetedUserProtection <$true | $false>]
[-EnableUnauthenticatedSender <$true | $false>]
[-EnableUnusualCharactersSafetyTips <$true | $false>]
[-ExcludedDomains <MultiValuedProperty>]
[-ExcludedSenders <MultiValuedProperty>]
[-PhishThresholdLevel <Int32>]
[-TargetedDomainActionRecipients <MultiValuedProperty>]
[-TargetedDomainProtectionAction <NoAction | MoveToJmf | Redirect | Quarantine | Delete | BccMessage>]
[-TargetedDomainsToProtect <MultiValuedProperty>]
[-TargetedUserActionRecipients <MultiValuedProperty>]
[-TargetedUserProtectionAction <NoAction | MoveToJmf | Redirect | Quarantine | Delete | BccMessage>]
[-TargetedUsersToProtect <MultiValuedProperty>]
[-TreatSoftPassAsAuthenticated <$true | $false>]
Description
Phishing messages contain fraudulent links or spoofed domains in an effort to get personal information from the
recipients.
New antiphishing policies aren't valid and aren't applied until you add an antiphishing rule to the policy by using
the New -AntiPhishRule cmdlet.
Examples
-------------------------- Example 1 --------------------------
New-AntiPhishPolicy -Name "Monitor Policy" -AdminDisplayName "Default monitoring policy" -Enabled $true -
EnableOrganizationDomainsProtection $true -EnableTargetedDomainsProtection $true -TargetedDomainsToProtect
fabrikam.com -TargetedUsersToProtect "Mai Fujito;mfujito@fabrikam.com" -EnableMailboxIntelligence $true -
EnableSimilarUsersSafetyTips $false -EnableSimilarDomainsSafetyTips $false -TargetedDomainProtectionAction
BccMessage -TargetedUserProtectionAction BccMessage -EnableTargetedUserProtection $true -
TargetedDomainActionRecipients reviewer@contoso.com -TargetedUserActionRecipients reviewer@contoso.com
This example creates and enables an antiphishing policy named Monitor Policy with the following settings:
Admin display name: Default monitoring policy
Enables organization domains protection for all accepted domains, and targeted domains protection for the
domain fabrikam.com.
Specifies Mai Fujito (mfujito@fabrikam.com) as the user to protect from impersonation.
Enables mailbox intelligence.
Disables safety tips and set the notification actions to Bcc the email address reviewer@contoso.com.
-------------------------- Example 2 --------------------------
New-AntiPhishPolicy -Name "Test Policy" -EnableTargetedDomainsProtection $true -AdminDisplayName "Default

policy for all users" -Enabled $true -EnableOrganizationDomainsProtection $true -TargetedDomainsToProtect
fabrikam.com -EnableTargetedUserProtection $true -TargetedUsersToProtect "Rick Hoferrhofer@fabrikam.com" -
EnableMailboxIntelligence $true -EnableSimilarUsersSafetyTips $true -EnableSimilarDomainsSafetyTips $true -
TargetedDomainProtectionAction Quarantine -TargetedUserProtectionAction Quarantine
This example creates and enables an antiphishing policy named Test Policy with the following settings:
Admin display name: Default policy for all users
Enables organization domains protection for all accepted domains, and targeted domains protection for the
domain fabrikam.com.
Specifies Rick Hofer (rhofer@fabrikam.com) as the user to protect from impersonation.
Enables mailbox intelligence.
Enables safety tips and set the notification actions to quarantine messages.
Parameters
-AdminDisplayName
The AdminDisplayName parameter specifies a description for the policy. If the value contains spaces, enclose the
value in quotation marks (").
Type: String
Required: False
Position: Named
Default value: None
-AuthenticationFailAction
The AuthenticationFailAction parameter specifies the action to take when the message fails composite
authentication. Valid values are:
MoveToJmf: Move the message to the user's Junk Email folder. This is the default value.
Quarantine: Move the message to the phishing quarantine.
Type: Delete | MoveToJmf | Quarantine

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-EnableAntispoofEnforcement
The EnableAntispoofEnforcement parameter specifies whether to enable or disable antispoofing protection for the
policy. Valid values are:
$true: Antispoofing is enabled for the policy. This is the default value, and is recommended.
$false: Antispoofing is disabled for the policy. We only recommend this value if you have a domain that's
protected by another email filtering service.

Required: False
Position: Named
Default value: None
-EnableAuthenticationSafetyTip
The EnableAuthenticationSafetyTip parameter specifies whether to enable safety tips that are shown to recipients
when a message fails composite authentication. Valid values are:
$true: Safety tips are enabled for messages that fail composite authentication. This is the default value, and we
strongly recommend that you don't change it.
$false: Safety tips are disabled for messages that fail composite authentication.

Required: False
Position: Named
Default value: None
-EnableAuthenticationSoftPassSafetyTip
The EnableAuthenticationSoftPassSafetyTip parameter specifies whether to enable safety tips that are shown to
recipients when a message fails composite authentication with low to medium confidence. Valid values are:
$true: Safety tips are enabled for messages that fail composite authentication with low to medium confidence. If
you use this value, you might want to restrict the policy to a smaller number of users to avoid displaying too
many of these types of safety tips to users.
$false: Safety tips are disabled for messages that fail composite authentication with low to medium confidence.
This is the default value.

Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter specifies whether the policy is enabled. Valid values are:
$true: The policy is enabled. This is the default value.
$false: The policy is disabled.

Required: False
Position: Named
Default value: None
-EnableMailboxIntelligence
The EnableMailboxIntelligence parameter specifies whether to enable or disable mailbox intelligence (the first
contact graph) in domain and user impersonation protection. Valid values are:
$true: Use mailbox intelligence in domain and user impersonation protection.
$false: Don't use mailbox intelligence in domain and user impersonation protection. This is the default value.
Required: False
Position: Named
Default value: None
-EnableMailboxIntelligenceProtection
The EnableMailboxIntelligenceProtection specifies whether to enable or disable intelligence based impersonation
protection. Valid values are:
$true: Enable intelligence based impersonation protection.
$false: Don't enable intelligence based impersonation protection. This is the default value.

Required: False
Position: Named
Default value: None
-EnableOrganizationDomainsProtection
TheEnableOrganizationDomainsProtection parameter specifies whether to enable domain impersonation
protection for all registered domains in the Office 365 organization. Valid values are:
$true: Domain impersonation protection is enabled for all registered domains in the Office 365 organization.
$false: Domain impersonation protection isn't enabled for all registered domains in the Office 365 organization.
This is the default value. You can enable domain impersonation protection for specific domains by using the
EnableTargetedDomainsProtection and TargetedDomainsToProtect parameters.

Required: False
Position: Named
Default value: None
-EnableSimilarDomainsSafetyTips
TheEnableSimilarDomainsSafetyTipsparameter specifies whether to enable safety tips that are shown to recipients
in messages for domain impersonation detections. Valid values are:
$true: Safety tips for similar domains are enabled.
$false: Safety tips for similar domains are disabled. This is the default value.

Required: False
Position: Named
Default value: None
-EnableSimilarUsersSafetyTips
TheEnableSimilarUsersSafetyTipsparameter specifies whether to enable safety tips that are shown to recipients in
messages for user impersonation detections. Valid values are:
$true: Safety tips for similar users are enabled.
$false: Safety tips for similar users are disabled. This is the default value.

Required: False
Position: Named
Default value: None
-EnableTargetedDomainsProtection
TheEnableTargetedDomainsProtection parameter specifies whether to enable domain impersonation protection for
a list of specified domains. Valid values are:
$true: Domain impersonation protection is enabled for the domains specified by the TargetedDomainsToProtect
parameter.
$false: The TargetedDomainsToProtect parameter isn't used. This is the default value.

Required: False
Position: Named
Default value: None
-EnableTargetedUserProtection
TheEnableTargetedUserProtection parameter specifies whether to enable user impersonation protection for the
users specified by the TargetedUsersToProtect parameter. Valid values are:
$true: User impersonation protection is enabled for the specified users.
$false: The TargetedUsersToProtect parameter isn't used. This is the default value.

Required: False
Position: Named
Default value: None
-EnableUnauthenticatedSender
TheEnableUnauthenticatedSenderparameter specifies whether to apply a "?" symbol in Outlook's sender card if the
sender fails authentication checks. Valid values are:
$true: Apply the "?" symbol.
$false: Do not apply the "?" symbol.
Required: False
Position: Named
Default value: True
-EnableUnusualCharactersSafetyTips
TheEnableUnusualCharactersSafetyTipsparameter specifies whether to enable safety tips that are shown to
recipients in messages for unusual characters in domain and user impersonation detections. Valid values are:
$true: Safety tips for unusual characters are enabled.
$false: Safety tips for unusual characters are disabled. This is the default value.

Required: False
Position: Named
Default value: None
-ExcludedDomains
TheExcludedDomainsparameter specifies trusted domains that are excluded from scanning by antiphishing
protection. You can specify multiple domains separated by commas.
Required: False
Position: Named
Default value: None
-ExcludedSenders
TheExcludedSendersparameter specifies a list of trusted sender email addresses that are excluded from scanning
by antiphishing protection. You can specify multiple email addresses separated by commas.
Required: False
Position: Named
Default value: None
-ImpersonationProtectionState
The ImpersonationProtectionState parameter specifies the configuration of impersonation protection. Valid values
are:
Automatic
Manual (This is the default value)
Off
Type: ImpersonationProtectionState
Required: False
Position: Named
Default value: None
-MailboxIntelligenceProtectionAction
The MailboxIntelligenceProtectionAction parameter specifies what to do with messages that fail mailbox
intelligence protection. Valid values are:
NoAction (This is the default value)
BccMessage: Add the recipients specified by the MailboxIntelligenceProtectionActionRecipients parameter to
the Bcc field of the message.
Delete: Delete the message during filtering. Use caution when selecting this value, because you can't recover the
deleted message.
MoveToJmf: Move the message to the user's Junk Email folder.
Redirect: Redirect the message to the recipients specified by theMailboxIntelligenceProtectionActionRecipients
parameter.
Type: ImpersonationAction
Required: False
Position: Named
Default value: None
-MailboxIntelligenceProtectionActionRecipients
TheMailboxIntelligenceProtectionActionRecipients parameter specifies the recipients to add to detected messages
when the MailboxIntelligenceProtectionAction parameter is set to the valueRedirect or BccMessage.
A valid value for this parameter is an email address. You can specify multiple email addresses separated by
commas.
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies a unique name for the antiphishing policy. If the value contains spaces, enclose the
Type: String
Required: True
Position: 0
Default value: None
-PhishThresholdLevel
The PhishThresholdLevel parameter specifies the tolerance level that's used by machine learning in the handling of
phishing messages. Valid values are:
1: Standard (this is the default value)
2: Aggressive
3: More aggressive
4: Most aggressive
Type: Int32
Required: False
Position: Named
Default value: None
-TargetedDomainActionRecipients
TheTargetedDomainActionRecipients parameter specifies the recipients to add to detected domain impersonation
messages when the TargetedDomainProtectionAction parameter is set to the valueRedirect or BccMessage.
commas.
Required: False
Position: Named
Default value: None
-TargetedDomainProtectionAction
The TargetedDomainProtectionActionparameter specifies the action to take on detected domain impersonation
messages for the domains specified by the TargetedDomainsToProtect parameter. Valid values are:
BccMessage: Add the recipients specified by the TargetedDomainActionRecipients parameter to the Bcc field of
the message.
deleted message.
Redirect: Redirect the message to the recipients specified by theTargetedDomainActionRecipients parameter.
Required: False
Position: Named
Default value: None
-TargetedDomainsToProtect
The TargetedDomainsToProtect parameter specifies the domains that are included in domain impersonation
protection when the EnableTargetedDomainsProtection parameter is set to $true.
You can specify multiple domains separated by commas.
Required: False
Position: Named
Default value: None
-TargetedUserActionRecipients
TheTargetedUserActionRecipients parameter specifies the replacement or additional recipients for detected user
impersonation messages when the TargetedUserProtectionAction parameter is set to the valueRedirect or
BccMessage.
commas.
Required: False
Position: Named
Default value: None
-TargetedUserProtectionAction
The TargetedUserProtectionActionparameter specifies the action to take on detected messages for the users
specified by the TargetedUsersToProtect parameter. Valid values are:
the message.
deleted message.
Required: False
Position: Named
Default value: None
-TargetedUsersToProtect
TThe TargetedUsersToProtect parameter specifies the users that are included in user impersonation protection
when the EnableTargetedUserProtection parameter is set to $true.
This parameter uses the syntax "DisplayName;EmailAddress".
DisplayName specifies the display name of the user that could be a target of impersonation. This value can
contain special characters.
EmailAddress specifies the internal or external email address that's associated with the display name.
You can specify multiple value sets by using the
syntax:"DisplayName1;EmailAddress1","DisplayName2;EmailAddress2",..."DisplayNameN;EmailAddressN".
The combination of DisplayName and EmailAddress needs to be unique for each value set.
Required: False
Position: Named
Default value: None
-TreatSoftPassAsAuthenticated
The TreatSoftPassAsAuthenticated parameter specifies whether or not to respect the composite authentication
softpass result. Valid values are:
$true: This is the default value.
$false: Only use this value when you want to enable more restrictive antispoofing filtering, because this value
might cause false positives.
Note: This parameter corresponds to the Strict filtering value in the Office 365 admin center.

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
New-AntiPhishRule
In ths Article
This cmdlet is available only in the cloud-based service. Use the New -AntiPhishRule cmdlet to view antiphishing
Syntax
New-AntiPhishRule [-Name] <String> -AntiPhishPolicy <String>
[-Comments <String>]
[-Confirm]
[-ExceptIfRecipientDomainIs <Word[]>]
[-ExceptIfSentTo <RecipientIdParameter[]>]
[-ExceptIfSentToMemberOf <RecipientIdParameter[]>]
[-Priority <Int32>] [-RecipientDomainIs <Word[]>]
[-SentTo <RecipientIdParameter[]>]
[-SentToMemberOf <RecipientIdParameter[]>]
Description
You need to add the antiphishing rule to an existing policy by using the AntiPhishPolicy parameter. You create
antiphishing policies by using the New -AntiPhishPolicy cmdlet.
Examples
-------------------------- Example 1 --------------------------
New-AntiPhishRule -Name "Research Department Phishing Rule" -AntiPhishPolicy "Research Quarantine" -

SentToMemberOf "Research Department" -ExceptIfSentToMemberOf "Research Department Managers"
This example creates an antiphishing rule named Research Department Phishing Rule with the following
conditions:
The rule is associated with the antiphishing policy named Research Quarantine.
The rule applies to members of the group named Research Department.
The rule doesn't apply to members of the group named Research Department Managers.
Parameters
-AntiPhishPolicy
The AntiPhishPolicy parameter specifies the antiphishing policy that's associated with the antiphishing rule. The
rule defines the conditions, and the policy defines the actions.
Name
GUID
Type: String
Required: True
Position: Named
Default value: None
-Comments
The Comments parameter specifies informative comments for the rule, such as what the rule is used for or how it
has changed over time. The length of the comment can't exceed 1024 characters.
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter specifies whether the rule is enabled. Valid values are:
$true: The rule is enabled. This is the default value.
$false: The rule is disabled.
In the properties of the rule, the value of this parameter is visible in the State property.

Required: False
Position: Named
Default value: None
-ExceptIfRecipientDomainIs
The ExceptIfRecipientDomainIs parameter specifies an exception that looks for recipients with email address in the
specified domains. You can specify multiple domains separated by commas.
Type: Word[]
Required: False
Position: Named
Default value: None
-ExceptIfSentTo
The ExceptIfSentTo parameter specifies an exception that looks for recipients in messages. You can use any value
that uniquely identifies the recipient. For example:
Name
Alias
Canonical DN
Email address
GUID
Type: RecipientIdParameter[]
Required: False
Position: Named
Default value: None
-ExceptIfSentToMemberOf
The ExceptIfSentToMemberOf parameter specifies an exception that looks for messages sent to members of
groups. You can use any value that uniquely identifies the group. For example:
Name
Alias
Canonical DN
Email address
GUID
Note:
If you remove the group after you create the rule, no exception is made for messages that are sent to members of
the group.
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies a unique name for the antiphishing rule. If the value contains spaces, enclose the
Type: String
Required: True
Position: 0
Default value: None
-Priority
The Priority parameter specifies a priority value for the rule that determines the order of rule processing. A lower
integer value indicates a higher priority, the value 0 is the highest priority, and rules can't have the same priority
value.
Valid values and the default value for this parameter depend on the number of existing rules. For example, if there
are 8 existing rules:
Valid priority values for the existing 8 rules are from 0 through 7.
Valid priority values for a new rule (the 9th rule) are from 0 through 8.
The default value for a new rule (the 9th rule) is 8.
If you modify the priority value of a rule, the position of the rule in the list changes to match the priority value you
specify. In other words, if you set the priority value of a rule to the same value as an existing rule, the priority value
of the existing rule and all other lower priority rules after it is increased by 1.
Type: Int32
Required: False
Position: Named
Default value: None
-RecipientDomainIs
The RecipientDomainIs parameter specifies a condition that looks for recipients with email address in the specified
domains. You can specify multiple domains separated by commas.
Type: Word[]
Required: False
Position: Named
Default value: None
-SentTo
The SentTo parameter specifies a condition that looks for recipients in messages. You can use any value that
uniquely identifies the recipient. For example:
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
-SentToMemberOf
The SentToMemberOf parameter specifies a condition that looks for messages sent to members of distribution
groups, dynamic distribution groups, or mail-enabled security groups. You can use any value that uniquely
identifies the group. For example:
Name
Alias
Canonical DN
Email address
GUID
If you remove the group after you create the rule, no action is taken on messages that are sent to members of the
group.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online version
New-SafeAttachmentPolicy
In ths Article
This cmdlet is available only in the cloud-based service. Use the New -SafeAttachmentPolicy cmdlet to create Safe
Syntax
New-SafeAttachmentPolicy [-Name] <String> [-Action <Block | Replace | Allow | DynamicDelivery>]
[-ActionOnError <$true | $false>] [-AdminDisplayName <String>] [-Confirm] [-Enable <$true | $false>]
[-Redirect <$true | $false>] [-RedirectAddress <SmtpAddress>] [-WhatIf] [<CommonParameters>]
Description
New Safe Attachments policies aren't valid and aren't applied until you add a Safe Attachments rule to the policy by
using the New -SafeAttachmentRule cmdlet.
Examples
-------------------------- Example 1 --------------------------
New-SafeAttachmentPolicy -Name "Marketing Block Attachments" -Enable $true -Redirect $true -RedirectAddress
admin@contoso.com
This example creates a new Safe Attachments policy named Marketing Block Attachments with the following
options:
The policy is enabled.
The action is Block. This is the default value of the Action parameter, so you don't need to specify it.
If Safe Attachments scanning isn't available or encounters errors, deliver the message as normal. The default
value of the ActionOnError parameter is $false, so you don't need to specify it.
Redirect detected malware messages to admin@contoso.com.
Parameters
-Action
The Action parameter specifies the action for the Safe Attachments policy. Valid values are:
Allow: Deliver the email message, including the malware attachment.
Block: Block the email message that contains the malware attachment. This is the default value.
Replace: Deliver the email message, but remove the malware attachment and replace it with warning text.
The results of all actions are available in message trace.
Type: Block | Replace | Allow | DynamicDelivery

Required: False
Position: Named
Default value: None
-ActionOnError
The ActionOnError parameter specifies the error handling option for Safe Attachments scanning (what to do if
scanning times out or an error occurs). Valid values are:
$true: The action specified by the Action parameter is applied to messages even when the attachments aren't
successfully scanned.
$false: The action specified by the Action parameter isn't applied to messages when the attachments aren't
successfully scanned. This is the default value.

Required: False
Position: Named
Default value: None
-AdminDisplayName
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Enable
The Enable parameter specifies whether policy is enabled. Valid values are:
$true: The rule or policy is enabled.
$false: The rule or policy is disabled. This is the default value.

Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies a unique name for the Safe Attachments policy. If the value contains spaces, enclose
the value in quotation marks (").
Type: String
Required: True
Position: 1
Default value: None
-Redirect
The Redirect parameter specifies whether to send detected malware attachments to another email address. Valid
values are:
$true: Malware attachments are sent to the email address specified by the RedirectAddress parameter.
$false: Malware attachments aren't sent to another email address. This is the default value.

Required: False
Position: Named
Default value: None
-RedirectAddress
The RedirectAddress parameter specifies the email address where detected malware attachments are sent when the
Redirect parameter is set to the value $true.
Type: SmtpAddress
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
New-SafeAttachmentRule
In ths Article
This cmdlet is available only in the cloud-based service. Use the New -SafeAttachmentRule cmdlet to create Safe
Syntax
New-SafeAttachmentRule [-Name] <String> -SafeAttachmentPolicy <SafeAttachmentPolicyIdParameter>
[-Confirm]
[-Priority <Int32>]
[-RecipientDomainIs <Word[]>]
Description
You need to specify at least one condition for the rule.
You need to add the Safe Attachments rule to an existing policy by using the SafeAttachmentPolicy parameter. You
create Safe Attachments policies by using the New -SafeAttachmentPolicy cmdlet.
Examples
-------------------------- Example 1 --------------------------
New-SafeAttachmentRule -Name "Research Department Attachment Rule" -SafeAttachmentPolicy "Research Block

Attachments" -SentToMemberOf "Research Department" -ExceptIfSentToMemberOf "Research Department Managers"
This example creates a new Safe Attachments rule named Research Department Attachment Rule with the
following conditions:
The rule is associated with the Safe Attachments policy named Research Block Attachments.
Parameters
-Comments
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Enabled
$true: The rule is enabled. Ths is the default value
The default value is $true.

Required: False
Position: Named
Default value: None
Type: Word[]
Required: False
Position: Named
Default value: None
-ExceptIfSentTo
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
Name
Alias
Canonical DN
Email address
GUID
the group.
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies a unique name for the Safe Attachments rule. If the value contains spaces, enclose
Type: String
Required: True
Position: 1
Default value: None
-Priority
value.
Type: Int32
Required: False
Position: Named
Default value: None
-RecipientDomainIs
Type: Word[]
Required: False
Position: Named
Default value: None
-SafeAttachmentPolicy
The SafeAttachmentPolicy parameter specifies the Safe Attachments policy that's associated with this Safe
Attachments rule. The rule defines the conditions, and the policy defines the actions.
Name
GUID
You can't specify a Safe Attachments policy that's already associated with another Safe Attachments rule.
Required: True
Position: Named
Default value: None
-SentTo
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
-SentToMemberOf
Name
Alias
Canonical DN
Email address
GUID
group.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
New-SafeLinksPolicy
In ths Article
This cmdlet is available only in the cloud-based service. Use the New -SafeLinksPolicy cmdlet to create Safe Links
Syntax
New-SafeLinksPolicy [-Name] <String> [-AdminDisplayName <String>] [-AllowClickThrough <$true | $false>]
[-Confirm] [-DoNotAllowClickThrough <$true | $false>] [-DoNotRewriteUrls <MultiValuedProperty>]
[-DoNotTrackUserClicks <$true | $false>] [-Enabled <$true | $false>]
[-EnableForInternalSenders <$true | $false>] [-ExcludedUrls <String[]>] [-IsEnabled <$true | $false>]
[-ScanUrls <$true | $false>] [-TrackClicks <$true | $false>] [-WhatIf] [-WhiteListedUrls <String>]
Description
Examples
-------------------------- Example 1 --------------------------
New-SafeLinksPolicy -Name "Marketing Block URL" -IsEnabled $true -TrackClicks $true
This example creates a new Safe Links policy named Marketing Block URL with the following options:
The policy is enabled.
Users aren't allowed to click through to the original URL. This is the default value of the AllowClickThrough
parameter, so you don't need to specify it.
User clicks on URLs are tracked in URL trace.
Parameters
-AdminDisplayName
Type: String
Required: False
Position: Named
Default value: None
-AllowClickThrough

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DoNotAllowClickThrough
The DoNotAllowClickThrough parameter specifies whether to allow users to click through to the original URL.
Valid values are:
$true: The user isn't allowed to click through to the original URL. This is the default value.
$false: The user is allowed to click through to the original URL.

Required: False
Position: Named
Default value: None
-DoNotRewriteUrls
The DoNotRewriteUrls parameter specifies a URL that's skipped by Safe Links scanning. You can specify multiple
values separated by commas.
Required: False
Position: Named
Default value: None
-DoNotTrackUserClicks
The DoNotTrackUserClicks parameter specifies whether to track user clicks related to links in email messages. Valid
values are:
$true: User clicks aren't tracked. This is the default value.
$false: User clicks are tracked.

Required: False
Position: Named
Default value: None
-Enabled
$false: The rule or policy is disabled. This is the default value

Required: False
Position: Named
Default value: None
-EnableForInternalSenders
The EnableForInternalSenders parameter specifies whether the Safe Links policy is applied to internal senders.
Valid values are:
$true: The policy is applied to internal and external senders.
$false: The policy is applied only to external senders. This is the default value.

Required: False
Position: Named
Default value: None
-ExcludedUrls
The ExcludedUrls parameter specifies a URL that's skipped by Safe Links scanning. You can specify multiple values
Type: String[]
Required: False
Position: Named
Default value: None
-IsEnabled

Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies a unique name for the Safe Links policy. If the value contains spaces, enclose the
Type: String
Required: True
Position: 1
Default value: None
-ScanUrls
The ScanUrls parameter specifies whether to enable or disable the scanning of links in email messages. Valid values
are:
$true: Scanning links in email messages is enabled.
$false: Scanning links in email messages is disabled. This is the default value.

Required: False
Position: Named
Default value: None
-TrackClicks
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-WhiteListedUrls
Type: String
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
New-SafeLinksRule
In ths Article
This cmdlet is available only in the cloud-based service. Use the New -SafeLinksRule cmdlet to create Safe Links
Syntax
New-SafeLinksRule [-Name] <String> -SafeLinksPolicy <SafeLinksPolicyIdParameter>
[-Confirm]
[-Priority <Int32>]
Description
You need to specify at least one condition for the rule.
Examples
-------------------------- Example 1 --------------------------
New-SafeLinksRule -Name "Research Department URL Rule" -SafeAttachmentPolicy "Research Block URL" -
SentToMemberOf "Research Department" -ExceptIfSentToMemberOf "Research Department Managers"
This example creates a new Safe Links rule named Research Department URL Rule with the following conditions:
The rule is associated with the Safe Links policy named Research Block URL.
Parameters
-Comments
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Enabled

Required: False
Position: Named
Default value: None
Type: Word[]
Required: False
Position: Named
Default value: None
-ExceptIfSentTo
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
Name
Alias
Canonical DN
Email address
GUID
the group.
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies a unique name for the Safe Links rule. If the value contains spaces, enclose the value
Type: String
Required: True
Position: 1
Default value: None
-Priority
value.
Type: Int32
Required: False
Position: Named
Default value: None
-RecipientDomainIs
Type: Word[]
Required: False
Position: Named
Default value: None
-SafeLinksPolicy
The SafeLinksPolicy parameter specifies the Safe Links policy that's associated with this Safe Links rule. The rule
defines the conditions and the policy defines the actions.
Name
GUID
You can't specify a Safe Links policy that's already associated with another Safe Links rule.
Required: True
Position: Named
Default value: None
-SentTo
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
-SentToMemberOf
Name
Alias
Canonical DN
Email address
GUID
group.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Remove-AntiPhishPolicy
In ths Article
This cmdlet is available only in the cloud-based service. Use the Remove-AntiPhishPolicy cmdlet to remove
antiphishing policies from your cloud-based organization. For information about the parameter sets in the Syntax
Syntax
Remove-AntiPhishPolicy [-Identity] <AntiPhishPolicyIdParameter> [-Confirm] [-Force] [-WhatIf]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-AntiPhishPolicy -Identity "Quarantine Policy"
This example removes the antiphishing policy named Quarantine Policy.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Force
The Force switch specifies whether to suppress warning or confirmation messages. You can use this switch to run
tasks programmatically where prompting for administrative input is inappropriate. You don't need to specify a
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the antiphishing policy that you want to remove. You can use any value that
uniquely identifies the policy. For example:
Name
GUID
Required: True
Position: 0
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online version
Remove-AntiPhishRule
In ths Article
This cmdlet is available only in the cloud-based service. Use the Remove-AntiPhishRule cmdlet to remove
antiphishing rules from your cloud-based organization. For information about the parameter sets in the Syntax
Syntax
Remove-AntiPhishRule [-Identity] <RuleIdParameter> [-Confirm] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-AntiPhishRule -Identity "Research Department Phishing Rule"
This examples removes the antiphishing rule named Research Department Phishing Rule.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the antiphishing rule that you want to remove. You can use any value that uniquely
Name
GUID
Required: True
Position: 0
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online version
Remove-SafeAttachmentPolicy
In ths Article
This cmdlet is available only in the cloud-based service. Use the Remove-SafeAttachmentPolicy cmdlet to remove
Safe Attachments policies from your cloud-based organization. For information about the parameter sets in the
Syntax
Remove-SafeAttachmentPolicy [-Identity] <SafeAttachmentPolicyIdParameter> [-Confirm] [-Force] [-WhatIf]
Description
You can't remove the default Safe Attachments policy (the policy where the IsDefault property is True).
Examples
-------------------------- Example 1 --------------------------
Remove-SafeAttachmentPolicy -Identity "Block Attachments Policy"
This example removes the Safe Attachments policy named Block Attachments Policy.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Safe Attachments policy that you want to remove.
Name
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Remove-SafeAttachmentRule
In ths Article
This cmdlet is available only in the cloud-based service. Use the Remove-SafeAttachmentRule cmdlet to remove
Safe Attachments rules from your cloud-based organization. For information about the parameter sets in the
Syntax
Remove-SafeAttachmentRule [-Identity] <RuleIdParameter> [-Confirm] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-SafeAttachmentRule -Identity "Research Department Attachment Rule"
This examples removes the Safe Attachments rule named Research Department Attachment Rule.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Safe Attachments rule that you want to remove.
Name
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Remove-SafeLinksPolicy
In ths Article
This cmdlet is available only in the cloud-based service. Use the Remove-SafeLinksPolicy cmdlet to remove Safe
Links policies from your cloud-based organization. For information about the parameter sets in the Syntax section
Syntax
Remove-SafeLinksPolicy [-Identity] <SafeLinksPolicyIdParameter> [-Confirm] [-Force] [-WhatIf]
Description
You can't remove the default Safe Links policy (the policy where the IsDefault property is True).
Examples
-------------------------- Example 1 --------------------------
Remove-SafeLinksPolicy -Identity "Engineering Department URL Policy"
This example remove the Safe Links policy named Engineering Department URL Policy.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Safe Links policy that you want to remove.
Name
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Remove-SafeLinksRule
In ths Article
This cmdlet is available only in the cloud-based service. Use the Remove-SafeLinksRule cmdlet to remove Safe
Links rules from your cloud-based organization. For information about the parameter sets in the Syntax section
Syntax
Remove-SafeLinksRule [-Identity] <RuleIdParameter> [-Confirm] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-SafeLinksRule -Identity "Research Department URL Rule"
This examples removes the Safe Links rule named Research Department URL Rule.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Safe Links rule that you want to remove.
Name
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Set-AntiPhishPolicy
In ths Article
This cmdlet is available only in the cloud-based service. Use the Set-AntiPhishPolicy cmdlet to modify antiphishing
Syntax
Set-AntiPhishPolicy -Identity <AntiPhishPolicyIdParameter>
[-AuthenticationFailAction <MoveToJmf | Quarantine>]
[-Confirm]
[-EnableAntispoofEnforcement <$true | $false>]
[-EnableAuthenticationSafetyTip <$true | $false>]
[-EnableAuthenticationSoftPassSafetyTip <$true | $false>]
[-EnableMailboxIntelligence <$true | $false>]
[-EnableMailboxIntelligenceProtection <$true | $false>]
[-EnableOrganizationDomainsProtection <$true | $false>]
[-EnableSimilarDomainsSafetyTips <$true | $false>]
[-EnableSimilarUsersSafetyTips <$true | $false>]
[-EnableTargetedDomainsProtection <$true | $false>]
[-EnableTargetedUserProtection <$true | $false>]
[-EnableUnauthenticatedSender <$true | $false>]
[-EnableUnusualCharactersSafetyTips <$true | $false>]
[-ExcludedDomains <MultiValuedProperty>]
[-ExcludedSenders <MultiValuedProperty>]
[-ImpersonationProtectionState <ImpersonationProtectionState>]
[-MailboxIntelligenceProtectionAction <ImpersonationAction>]
[-MailboxIntelligenceProtectionActionRecipients <MultiValuedProperty>]
[-MakeDefault]
[-PhishThresholdLevel <Int32>]
[-TargetedDomainActionRecipients <MultiValuedProperty>]
[-TargetedDomainProtectionAction <NoAction | MoveToJmf | Redirect | Quarantine | Delete | BccMessage>]
[-TargetedDomainsToProtect <MultiValuedProperty>]
[-TargetedUserActionRecipients <MultiValuedProperty>]
[-TargetedUserProtectionAction <NoAction | MoveToJmf | Redirect | Quarantine | Delete | BccMessage>]
[-TargetedUsersToProtect <MultiValuedProperty>]
[-TreatSoftPassAsAuthenticated <$true | $false>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-AntiPhishPolicy -Identity "Contoso Antiphish" -TargetedDomainProtectionAction BccMessage -
TargetedUserProtectionAction BccMessage -EnableTargetedUserProtection $true -TargetedDomainActionRecipients
reviewer@contoso.com -TargetedUserActionRecipients reviewer@contoso.com
This example modifies the existing antiphishing policy named Contoso Antiphish by changing the notification
action to Bcc, and specifies reviewer@contoso.com as the recipient of the messages.
Parameters
-AdminDisplayName
Type: String
Required: False
Position: Named
Default value: None
-AuthenticationFailAction
The AuthenticationFailAction parameter specifies the action to take when the message fails composite
authentication. Valid values are:
Delete: Delete the message during filtering. Use caution with this value, because the deleted messages are not
recoverable.
MoveToJmf: Move the message to the user's Junk Email folder. This is the default value.
Type: Delete | MoveToJmf | Quarantine

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-EnableAntispoofEnforcement
The EnableAntispoofEnforcement parameter specifies whether to enable or disable antispoofing protection for the
policy. Valid values are:
$true: Antispoofing is enabled for the policy. This is the default value, and is recommended.
$false: Antispoofing is disabled for the policy. We only recommend this value if you have a domain that's
protected by another email filtering service.

Required: False
Position: Named
Default value: None
-EnableAuthenticationSafetyTip
The EnableAuthenticationSafetyTip parameter specifies whether to enable safety tips that are shown to recipients
when a message fails composite authentication. Valid values are:
$true: Safety tips are enabled for messages that fail composite authentication. This is the default value, and we
strongly recommend that you don't change it.
$false: Safety tips are disabled for messages that fail composite authentication.

Required: False
Position: Named
Default value: None
-EnableAuthenticationSoftPassSafetyTip
The EnableAuthenticationSoftPassSafetyTip parameter specifies whether to enable safety tips that are shown to
recipients when a message fails composite authentication with low to medium confidence. Valid values are:
$true: Safety tips are enabled for messages that fail composite authentication with low to medium confidence. If
you use this value, you might want to restrict the policy to a smaller number of users to avoid displaying too
many of these types of safety tips to users.
$false: Safety tips are disabled for messages that fail composite authentication with low to medium confidence.
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter specifies whether the antiphish policy is enabled or disabled. Valid values are:
$true: The policy is enabled.

Required: False
Position: Named
Default value: None
Accept pipeline input: false
-EnableMailboxIntelligence
The EnableMailboxIntelligence parameter specifies whether to enable or disable mailbox intelligence (the first
contact graph) in domain and user impersonation protection. Valid values are:
$true: Use mailbox intelligence in domain and user impersonation protection. This is the default value.
$false: Don't use mailbox intelligence in domain and user impersonation protection.

Required: False
Position: Named
Default value: None
-EnableMailboxIntelligenceProtection
The EnableMailboxIntelligenceProtection specifies whether to enable or disable intelligence based impersonation
protection. Valid values are:
$true: Enable intelligence based impersonation protection.
$false: Don't enable intelligence based impersonation protection. This is the default value.

Required: False
Position: Named
Default value: None
-EnableOrganizationDomainsProtection
TheEnableOrganizationDomainsProtection parameter specifies whether to enable domain impersonation
protection for all registered domains in the Office 365 organization. Valid values are:
$true: Domain impersonation protection is enabled for all registered domains in the Office 365 organization.
$false: Domain impersonation protection isn't enabled for all registered domains in the Office 365 organization.
This is the default value. You can enable domain impersonation protection for specific domains by using the
EnableTargetedDomainsProtection and TargetedDomainsToProtect parameters.

Required: False
Position: Named
Default value: None
-EnableSimilarDomainsSafetyTips
TheEnableSimilarDomainsSafetyTipsparameter specifies whether to enable safety tips that are shown to recipients
in messages for domain impersonation detections. Valid values are:
$true: Safety tips for similar domains are enabled.
$false: Safety tips for similar domains are disabled. This is the default value.

Required: False
Position: Named
Default value: None
-EnableSimilarUsersSafetyTips
TheEnableSimilarUsersSafetyTipsparameter specifies whether to enable safety tips that are shown to recipients in
messages for user impersonation detections. Valid values are:
$true: Safety tips for similar users are enabled.
$false: Safety tips for similar users are disabled. This is the default value.

Required: False
Position: Named
Default value: None
-EnableTargetedDomainsProtection
TheEnableTargetedDomainsProtection parameter specifies whether to enable domain impersonation protection for
a list of specified domains. Valid values are:
$true: Domain impersonation protection is enabled for the domains specified by the TargetedDomainsToProtect
parameter.
$false: The TargetedDomainsToProtect parameter isn't used. This is the default value.
Required: False
Position: Named
Default value: None
-EnableTargetedUserProtection
TheEnableTargetedUserProtection parameter specifies whether to enable user impersonation protection for the
users specified by the TargetedUsersToProtect parameter. Valid values are:
$true: User impersonation protection is enabled for the specified users.
$false: The TargetedUsersToProtect parameter isn't used. This is the default value.

Required: False
Position: Named
Default value: None
-EnableUnauthenticatedSender
TheEnableUnauthenticatedSenderparameter specifies whether to apply a "?" symbol in Outlook's sender card if the
sender fails authentication checks. Valid values are:
$true: Apply the "?" symbol.
$false: Do not apply the "?" symbol.

Required: False
Position: Named
Default value: True
-EnableUnusualCharactersSafetyTips
TheEnableUnusualCharactersSafetyTipsparameter specifies whether to enable safety tips that are shown to
recipients in messages for unusual characters in domain and user impersonation detections. Valid values are:
$true: Safety tips for unusual characters are enabled.
$false: Safety tips for unusual characters are disabled. This is the default value.

Required: False
Position: Named
Default value: None
-ExcludedDomains
TheExcludedDomainsparameter specifies trusted domains that are excluded from scanning by antiphishing
protection. You can specify multiple domains separated by commas.
Required: False
Position: Named
Default value: None
-ExcludedSenders
TheExcludedSendersparameter specifies a list of trusted sender email addresses that are excluded from scanning
by antiphishing protection. You can specify multiple email addresses separated by commas.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the antiphishing policy that you want to modify. You can use any value that
Name
GUID
Required: True
Position: 0
Default value: None
-ImpersonationProtectionState
The ImpersonationProtectionState parameter specifies the configuration of impersonation protection. Valid values
are:
Automatic
Manual (This is the default value)
Off
Type: ImpersonationProtectionState
Required: False
Position: Named
Default value: None
-MailboxIntelligenceProtectionAction
The MailboxIntelligenceProtectionAction parameter specifies what to do with messages that fail mailbox
intelligence protection. Valid values are:
BccMessage: Add the recipients specified by the MailboxIntelligenceProtectionActionRecipients parameter to
the Bcc field of the message.
deleted message.
Redirect: Redirect the message to the recipients specified by theMailboxIntelligenceProtectionActionRecipients
parameter.
Type: ImpersonationAction
Required: False
Position: Named
Default value: None
-MailboxIntelligenceProtectionActionRecipients
TheMailboxIntelligenceProtectionActionRecipients parameter specifies the recipients to add to detected messages
when the MailboxIntelligenceProtectionAction parameter is set to the valueRedirect or BccMessage.
commas.
Required: False
Position: Named
Default value: None
-MakeDefault
{{Fill MakeDefault Description}}
Required: False
Position: Named
Default value: None
-PhishThresholdLevel
The PhishThresholdLevel parameter specifies the tolerance level that's used by machine learning in the handling of
phishing messages. Valid values are:
1: Standard (this is the default value)
2: Aggressive
3: More aggressive
4: Most aggressive
Type: Int32
Required: False
Position: Named
Default value: None
-TargetedDomainActionRecipients
TheTargetedDomainActionRecipients parameter specifies the recipients to add to detected domain impersonation
messages when the TargetedDomainProtectionAction parameter is set to the valueRedirect or BccMessage.
commas.
Required: False
Position: Named
Default value: None
-TargetedDomainProtectionAction
The TargetedDomainProtectionActionparameter specifies the action to take on detected domain impersonation
messages for the domains specified by the TargetedDomainsToProtect parameter. Valid values are:
the message.
deleted message.
Required: False
Position: Named
Default value: None
-TargetedDomainsToProtect
The TargetedDomainsToProtect parameter specifies the domains that are included in domain impersonation
protection when the EnableTargetedDomainsProtection parameter is set to $true.
You can specify multiple domains separated by commas.
Required: False
Position: Named
Default value: None
-TargetedUserActionRecipients
TheTargetedUserActionRecipients parameter specifies the replacement or additional recipients for detected
messages when the TargetedUserProtectionAction parameter is set to the valueRedirect or BccMessage.
commas.
Required: False
Position: Named
Default value: None
-TargetedUserProtectionAction
The TargetedUserProtectionActionparameter specifies the action to take on detected user impersonation messages
for the users specified by the TargetedUsersToProtect parameter. Valid values are:
the message.
deleted message.
Required: False
Position: Named
Default value: None
-TargetedUsersToProtect
The TargetedUsersToProtect parameter specifies the users that are included in user impersonation protection when
the EnableTargetedUserProtection parameter is set to $true.
This parameter uses the syntax "DisplayName;EmailAddress".
DisplayName specifies the display name of the user that could be a target of impersonation. This value can
contain special characters.
EmailAddress specifies the internal or external email address that's associated with the display name.
You can specify multiple value sets by using the
syntax:"DisplayName1;EmailAddress1","DisplayName2;EmailAddress2",..."DisplayNameN;EmailAddressN".
The combination of DisplayName and EmailAddress needs to be unique for each value set.
Required: False
Position: Named
Default value: None
-TreatSoftPassAsAuthenticated
The TreatSoftPassAsAuthenticated parameter specifies whether or not to respect the composite authentication
softpass result. Valid values are:
$true: This is the default value.
$false: Only use this value when you want to enable more restrictive antispoofing filtering, because this value
might cause false positives.
Note: This parameter corresponds to the Strict filtering value in the Office 365 admin center.

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Set-AntiPhishRule
In ths Article
This cmdlet is available only in the cloud-based service. Use the Set-AntiPhishRule cmdlet to modify antiphishing
Syntax
Set-AntiPhishRule [-Identity] <RuleIdParameter>
[-AntiPhishPolicy <AntiPhishPolicyIdParameter>]
[-Confirm]
[-Name <String>]
[-Priority <Int32>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-AntiPhishRule -Identity "Engineering Department Phishing Rule" -ExceptIfRecipientDomainIs fabrikam.com
This example modifies the existing antiphishing rule named Engineering Department Phishing Rule to exclude
messages sent to the fabrikam.com domain.
Parameters
-AntiPhishPolicy
The AntiPhishPolicy parameter specifies the antiphishing policy that's associated with the antiphishing rule. The
rule defines the conditions, and the policy defines the actions.
Name
GUID
Required: False
Position: Named
Default value: None
-Comments
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
Type: Word[]
Required: False
Position: Named
Default value: None
-ExceptIfSentTo
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the antiphishing rule that you want to modify. You can use any value that uniquely
Name
GUID
Required: True
Position: 0
Default value: None
-Name
The Name parameter specifies a unique name for the antiphishing rule. If the value contains spaces, enclose the
Type: String
Required: False
Position: Named
Default value: None
-Priority
value.
Type: Int32
Required: False
Position: Named
Default value: None
-RecipientDomainIs
Type: Word[]
Required: False
Position: Named
Default value: None
-SentTo
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
-SentToMemberOf
Name
Alias
Canonical DN
Email address
GUID
group.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online version
Set-AtpPolicyForO365
In ths Article
This cmdlet is available only in the cloud-based service. Use the Set-AtpPolicyForO365 cmdlet to modify the
Advanced Threat Protection (ATP ) policy in Office 365. The ATP policy enables the following protections: - Safe
Links for Office 365 ProPlus desktop clients and Office Mobile apps. - ATP to protect files in SharePoint Online,
OneDrive for Business and Microsoft Teams. For information about the parameter sets in the Syntax section below,
Syntax
Set-AtpPolicyForO365 [[-Identity] <AtpPolicyForO365IdParameter>]
[-AllowClickThrough <$true | $false>]
[-BlockUrls <MultiValuedProperty>]
[-Confirm]
[-EnableATPForSPOTeamsODB <$true | $false>]
[-EnableSafeLinksForClients <$true | $false>]
[-TrackClicks <$true | $false>]
Description
malicious web sites. For more information, see ATP safe links in Office 365 (https://go.microsoft.com/fwlink/p/?
linkid=857638).
ATP can also protect files in SharePoint Online, OneDrive for Business and Microsoft Teams by preventing users
from opening and downloading files that are identified as malicious. For more information, see Office 365
Advanced Threat Protection for SharePoint, OneDrive and Teams (https://go.microsoft.com/fwlink/p/?
linkid=857638).
Examples
-------------------------- Example 1 --------------------------
Set-AtpPolicyForO365 -EnableSafeLinksForClients $true -EnableATPForSPOTeamsODB $true
This example enables Safe Links for Office 365 ProPlus clients and ATP for SharePoint Online, OneDrive for
Business and Microsoft Teams.
Parameters
-AllowClickThrough
The AllowClickThrough parameter specifies whether to allow users to click through to the original blocked URL in
Office 365 ProPlus. Valid values are:
$true: Users are allowed to click through to the original URL. This is the default value.
$false: Users aren't allowed to click through to the original URL.

Required: False
Position: Named
Default value: None
-BlockUrls
The BlockUrls parameter specifies the URLs that are always blocked by Safe Links scanning. You can specify
multiple values separated by commas.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-EnableATPForSPOTeamsODB
The EnableATPForSPOTeamsODB parameter specifies whether ATP is enabled for SharePoint Online, OneDrive
for Business and Microsoft Teams. Valid values are:
$true: ATP is enabled for SharePoint Online, OneDrive for Business and Microsoft Teams.
$false: ATP is disabled for SharePoint Online, OneDrive for Business and Microsoft Teams. This is the default
value.
Required: False
Position: Named
Default value: None
-EnableSafeLinksForClients
The EnableSafeLinksForClients parameter specifies whether Safe Links is enabled for Office 365 ProPlus clients.
Valid values are:
$true: Safe Links are enabled for Office clients.
$false: Safe Links are disabled for Office clients. This is the default value.

Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the ATP policy that you want to modify. There's only one policy named Default.
Type: AtpPolicyForO365IdParameter
Required: False
Position: 1
Default value: None
-TrackClicks
The TrackClicks parameter specifies whether to track user clicks related to blocked URLs. Valid values are:
$true: User clicks are tracked. This is the default value.
$false: User clicks aren't tracked.

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Set-PhishFilterPolicy
In ths Article
This cmdlet is available only in the cloud-based service. Use the Set-PhishFilterPolicy cmdlet to configure the phish
filter policy in your cloud-based organization. For information about the parameter sets in the Syntax section below,
Syntax
Set-PhishFilterPolicy [-Identity] <HostedConnectionFilterPolicyIdParameter> -SpoofAllowBlockList <String>
[-Confirm] [-WhatIf] [<CommonParameters>]
Description
For more information about spoof intelligence, see Learn more about spoof intelligence
Examples
-------------------------- Example 1 --------------------------
Get-PhishFilterPolicy -Detailed -SpoofAllowBlockList | Export-CSV "C:\My Documents\Spoofed Senders.csv";

$UpdateSpoofedSenders = Get-Content -Raw "C:\My Documents\Spoofed Senders.csv"; Set-PhishFilterPolicy -Identity
Default -SpoofAllowBlockList $UpdateSpoofedSenders
This configures the phish filter policy to block or allow all spoofed email messages from a source messaging server.
Step 1: Write the output of the Get-PhishFilterPolicy cmdlet to a CSV file.
Step 2: Add or modify the SpoofedUser, and AllowedToSpoof values in the CSV file, save the file, and then read
the file and store it as a variable named $UpdateSpoofedSenders.
Step 3: Use the $UpdateSpoofedSenders variable to configure the phish filter policy.
-------------------------- Example 2 --------------------------
Get-PhishFilterPolicy -Detailed -SpoofAllowBlockList | Export-CSV "C:\My Documents\Spoofed Senders.csv";

$UpdateSpoofedSenders = Get-Content -Raw "C:\My Documents\Spoofed Senders.csv"; Set-PhishFilterPolicy -Identity
Default -SpoofAllowBlockList $UpdateSpoofedSenders
This example configures the phish filter policy to selectively block or allow some spoofed email messages from a
source messaging server.
Step 1: Write the output of the Get-PhishFilterPolicy cmdlet to a CSV file.
Step 2: Add or modify the Sender, SpoofedUser, and AllowedToSpoof values in the CSV file, save the file, and
then read the CSV file and store it as a variable named $UpdateSpoofedSenders.
Step 3: Use the $UpdateSpoofedSenders variable to configure the phish filter policy.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the phish filter policy that you want to modify. The only available value is Default.
Type: HostedConnectionFilterPolicyIdParameter
Required: True
Position: 1
Default value: None
-SpoofAllowBlockList
The SpoofAllowBlockList parameter specifies the CSV file that you want to use to configure the phish filter policy.
A valid value for this parameter reads the CSV file and stores it as a variable. For example, run the command
$SpoofedUsers = Get-Content -Raw <PathAndFileName>.csv, and then use the value $SpoofedUsers for this
parameter.
There are two basic options for the CSV file:
Block or allow all spoofed mail from the source: You want to block or allow any and all spoofed messages from
the specified message source, regardless of the spoofed email address. You can get the CSV file by running the
command Get-PhishFilterPolicy -SpoofAllowBlockList | Export-CSV "<PathAndFileName>.csv". The important
header fields (column headers) are Sender (the domain of the source messaging server from DNS records, or
the IP address if there aren't any DNS records) and AllowedToSpoof (indicates whether the message source is
allowed to send spoofed messages. Valid values are Yes or No).
Block or allow some spoofed mail from the source: You want to block or allow some spoofed messages from
the specified message source, but not others. You can get the CSV file by running the command Get-
PhishFilterPolicy -Detailed -SpoofAllowBlockList | Export-CSV "<PathAndFileName>.csv". The important
header fields (column headers) are:
Sender: The domain of the source messaging server from DNS records, or the IP address if there aren't any
DNS records.
SpoofedUser: The spoofed email address in your organization that the messages appear to be coming from.
AllowedToSpoof: Indicates whether messages that contain the spoofed sender from the source messaging
server are allowed. Valid values are Yes or No.
Type: String
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Set-SafeAttachmentPolicy
In ths Article
This cmdlet is available only in the cloud-based service. Use the Set-SafeAttachmentPolicy cmdlet to modify Safe
Syntax
Set-SafeAttachmentPolicy [-Identity] <SafeAttachmentPolicyIdParameter>
[-Action <Block | Replace | Allow | DynamicDelivery>] [-ActionOnError <$true | $false>]
[-AdminDisplayName <String>] [-Confirm] [-Enable <$true | $false>] [-Redirect <$true | $false>]
[-RedirectAddress <SmtpAddress>] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-SafeAttachmentsPolicy -Identity "Engineering Block Attachments" -Redirect $true -RedirectAddress

admin@contoso.com
This example modifies the existing Safe Attachments policy named Engineering Block Attachments to redirect
detected malware attachments to admin@contoso.com.
Parameters
-Action
The Action parameter specifies the action for the Safe Attachments policy. Valid values are:
Allow: Deliver the email message, including the malware attachment.
Block: Block the email message that contains the malware attachment. This is the default value.
Replace: Deliver the email message, but remove the malware attachment and replace it with warning text.
The results of all actions are available in message trace.
Type: Block | Replace | Allow | DynamicDelivery
Required: False
Position: Named
Default value: None
-ActionOnError
The ActionOnError parameter specifies the error handling option for Safe Attachments scanning (what to do if
attachment scanning times out or an error occurs). Valid values are:
$true: The action specified by the Action parameter is applied to messages even when the attachments aren't
successfully scanned.
$false: The action specified by the Action parameter isn't applied to messages when the attachments aren't
successfully scanned. This is the default value.

Required: False
Position: Named
Default value: None
-AdminDisplayName
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Enable
The Enable parameter specifies whether the policy is enabled. Valid values are:
$false: The policy is disabled. This is the default value.

Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Safe Attachments policy that you want to modify.
Name
GUID
Required: True
Position: 1
Default value: None
-Redirect
The Redirect parameter specifies whether to send detected malware attachments to another email address. Valid
values are:
$true: Malware attachments are sent to the email address specified by the RedirectAddress parameter.
$false: Malware attachments aren't sent to another email address. This is the default value.

Required: False
Position: Named
Default value: None
-RedirectAddress
The RedirectAddress parameter specifies the email address where detected malware attachments are sent when the
Redirect parameter is set to the value $true.
Type: SmtpAddress
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Set-SafeAttachmentRule
In ths Article
This cmdlet is available only in the cloud-based service. Use the Set-SafeAttachmentRule cmdlet to modify Safe
Syntax
Set-SafeAttachmentRule [-Identity] <RuleIdParameter>
[-Confirm]
[-Name <String>] [-Priority <Int32>]
[-SafeAttachmentPolicy <SafeAttachmentPolicyIdParameter>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-SafeAttachmentRule -Identity "Engineering Department Attachment Rule" -ExceptIfRecipientDomainIs

fabrikam.com
This example modifies the existing Safe Attachments Rule named Engineering Department Attachment Rule to
exclude messages sent to the fabrikam.com domain.
Parameters
-Comments
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
Type: Word[]
Required: False
Position: Named
Default value: None
-ExceptIfSentTo
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
Name
Alias
Canonical DN
Email address
GUID
the group.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Safe Attachments rule that you want to modify.
Name
GUID
Required: True
Position: 1
Default value: None
-Name
The Name parameter specifies a unique name for the Safe Attachments rule. If the value contains spaces, enclose
Type: String
Required: False
Position: Named
Default value: None
-Priority
value.
Type: Int32
Required: False
Position: Named
Default value: None
-RecipientDomainIs
Type: Word[]
Required: False
Position: Named
Default value: None
-SafeAttachmentPolicy
The SafeAttachmentPolicy parameter specifies the Safe Attachments policy that's associated with this Safe
Attachments rule. The rule defines the conditions, and the policy defines the actions.
Name
GUID
Required: False
Position: Named
Default value: None
-SentTo
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
-SentToMemberOf
Name
Alias
Canonical DN
Email address
GUID
group.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Set-SafeLinksPolicy
In ths Article
This cmdlet is available only in the cloud-based service. Use the Set-SafeLinksPolicy cmdlet to modify Safe Links
Syntax
Set-SafeLinksPolicy [-Identity] <SafeLinksPolicyIdParameter> [-AdminDisplayName <String>]
[-AllowClickThrough <$true | $false>] [-Confirm] [-DoNotAllowClickThrough <$true | $false>]
[-DoNotRewriteUrls <MultiValuedProperty>] [-DoNotTrackUserClicks <$true | $false>] [-Enabled <$true | $false>]
[-EnableForInternalSenders <$true | $false>] [-ExcludedUrls <String[]>] [-IsEnabled <$true | $false>]
[-ScanUrls <$true | $false>] [-TrackClicks <$true | $false>] [-WhatIf] [-WhiteListedUrls <String>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-SafeAttachmentsPolicy -Identity "Engineering Block URL" -TrackClicks $true
This example modifies the existing Safe Links policy named Engineering Block URL to track user clicks on URLs in
URL trace.
Parameters
-AdminDisplayName
Type: String
Required: False
Position: Named
Default value: None
-AllowClickThrough

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DoNotAllowClickThrough
The DoNotAllowClickThrough parameter specifies whether to allow users to click through to the original URL.
Valid values are:
$true: The user isn't allowed to click through to the original URL. This is the default value.
$false: The user is allowed to click through to the original URL.

Required: False
Position: Named
Default value: None
-DoNotRewriteUrls
The DoNotRewriteUrls parameter specifies a URL that's skipped by Safe Links scanning. You can specify multiple
Required: False
Position: Named
Default value: None
-DoNotTrackUserClicks
The DoNotTrackUserClicks parameter specifies whether to track user clicks related to links in email messages. Valid
values are:
$true: User clicks aren't tracked. This is the default value.
$false: User clicks are tracked.

Required: False
Position: Named
Default value: None
-Enabled

Required: False
Position: Named
Default value: None
-EnableForInternalSenders
The EnableForInternalSenders parameter specifies whether the Safe Links policy is applied to internal senders.
Valid values are:
$true: The policy is applied to internal and external senders.
$false: The policy is applied only to external senders. This is the default value.

Required: False
Position: Named
Default value: None
-ExcludedUrls
The ExcludedUrls parameter specifies a URL that's skipped by Safe Links scanning. You can specify multiple values
Type: String[]
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Safe Links policy that you want to modify.
Name
GUID
Required: True
Position: 1
Default value: None
-IsEnabled
This parameter specifies whether the rule or policy is enabled. Valid values are:
$false: The rule or policy is disabled. This is the default value.

Required: False
Position: Named
Default value: None
-ScanUrls
The ScanUrls parameter specifies whether to enable or disable the scanning of links in email messages. Valid values
are:
$true: Scanning links in email messages is enabled.
$false: Scanning links in email messages is disabled. This is the default value.

Required: False
Position: Named
Default value: None
-TrackClicks

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-WhiteListedUrls
Type: String
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Set-SafeLinksRule
In ths Article
This cmdlet is available only in the cloud-based service. Use the Set-SafeLinksRule cmdlet to create Safe Links
Syntax
Set-SafeLinksRule [-Identity] <RuleIdParameter>
[-Confirm]
[-Name <String>]
[-Priority <Int32>]
[-SafeLinksPolicy <SafeLinksPolicyIdParameter>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-SafeLinksRule -Identity "Engineering Department URL Rule" -ExceptIfRecipientDomainIs fabrikam.com
This example modifies the existing Safe Links Rule named Engineering Department URL Rule to exclude messages
sent to the fabrikam.com domain.
Parameters
-Comments
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
Type: Word[]
Required: False
Position: Named
Default value: None
-ExceptIfSentTo
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
Name
Alias
Canonical DN
Email address
GUID
the group.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Safe Links rule that you want to modify.
Name
GUID
Required: True
Position: 1
Default value: None
-Name
The Name parameter specifies a unique name for the Safe Links rule. If the value contains spaces, enclose the value
Type: String
Required: False
Position: Named
Default value: None
-Priority
integer value indicates a higher priority, the value 0 is the highest priority and rules can't have the same priority
value.
Type: Int32
Required: False
Position: Named
Default value: None
-RecipientDomainIs
Type: Word[]
Required: False
Position: Named
Default value: None
-SafeLinksPolicy
The SafeLinksPolicy parameter specifies the Safe Links policy that's associated with this Safe Links rule. The rule
defines the conditions and the policy defines the actions.
Name
GUID
Required: False
Position: Named
Default value: None
-SentTo
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
-SentToMemberOf
Name
Alias
Canonical DN
Email address
GUID
group.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Add-AttachmentFilterEntry
In ths Article
This cmdlet is available or effective only on Edge Transport servers in on-premises Exchange. Use the Add-
AttachmentFilterEntry cmdlet to add an entry to the attachment filter list that's used by the Attachment Filtering
agent on Edge Transport servers. For information about the parameter sets in the Syntax section below, see
Syntax
Add-AttachmentFilterEntry -Name <String> -Type <ContentType | FileName> [-Confirm] [-DomainController <Fqdn>]
Description
On Edge Transport servers, the Attachment Filtering agent blocks attachments in messages based on the content
type and the file name of the attachment. The configuration of the Attachment Filtering agent determines how
messages that contain the specified attachments are processed. For more information about how to configure the
Attachment Filtering agent, see Set-AttachmentFilterListConfig.
On Edge Transport servers, you need to be a member of the local Administrators group to run this cmdlet.
Examples
-------------------------- Example 1 --------------------------
Add-AttachmentFilterEntry -Name *.txt -Type FileName
This example adds an attachment filter entry based on a file name. After running this command, the Attachment
Filtering agent filters all attachments that have a .txt extension.
-------------------------- Example 2 --------------------------
Add-AttachmentFilterEntry -Name image/jpeg -Type ContentType
This example adds an attachment filter entry based on the MIME content type image/jpeg, which is a JPEG image
binary file. After running this command, the Attachment Filtering agent filters all attachments of the MIME content
type image/jpeg.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the MIME content type or file name of the attachment. If the Type parameter is set
to FileName, the Name parameter can take any exact file name, such as BadFile.exe, or file name extension, such as
*.exe. If the Type parameter is set to ContentType, the Name parameter can take any valid MIME content type.
Type: String
Required: True
Position: 1
Default value: None
-Type
The Type parameter specifies what type of attachment the attachment filter entry blocks. Valid values are
ContentType and FileName:
ContentType: This value matches the attachment filter entry against the MIME content type specified in the
Name parameter.
FileName: This value matches the attachment filter entry against the simple file name specified in the Name
parameter.
Type: ContentType | FileName
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Add-ContentFilterPhrase
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Add-ContentFilterPhrase cmdlet to define custom
words for the Content Filter agent. A custom word is a word or phrase that the administrator sets for the Content
Filter agent to evaluate the content of an message and apply appropriate filter processing. For information about
Syntax
Add-ContentFilterPhrase [-Phrase] <String> -Influence <GoodWord | BadWord> [-Confirm]
[-DomainController <Fqdn>] [-WhatIf] [<CommonParameters>]
Description
The Add-ContentFilterPhrase cmdlet adds phrases to the Allow or Block phrases list.
Examples
-------------------------- Example 1 --------------------------
Add-ContentFilterPhrase -Phrase "Free credit report" -Influence BadWord
This example adds the phrase Free credit report to the Block phrase list. Any messages that contain this phrase will
be marked as spam by the Content Filtering agent.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Influence
The Influence parameter specifies whether the phrase being added will cause the messages that contain the phrase
to be allowed or blocked. Valid values are GoodWord and BadWord.
A message that contains a custom word or phrase that has an Influence value of GoodWord is automatically
assigned a spam confidence level (SCL ) rating of 0 and therefore bypasses downstream spam processing. A
message that contains a custom word or phrase that has an Influence value of BadWord is automatically assigned
an SCL rating of 9 and therefore is treated as spam.
Type: GoodWord | BadWord

Required: True
Position: Named
Default value: None
-Phrase
The Phrase parameter specifies a custom word or phrase for the Content Filter agent. When you pass an argument,
you must enclose the Phrase parameter in quotation marks (") if the phrase contains spaces, for example: "This is a
bad phrase". Custom phrases must be less than 257 characters in length.
Type: String
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Add-IPAllowListEntry
In ths Article
IPAllowListEntry cmdlet to add IP Allow list entries to the IP Allow list that's used by the Connection Filtering agent
on Edge Transport servers. For information about the parameter sets in the Syntax section below, see Exchange
cmdlet syntax (https://technet.microsoft.com/library/bb123552.aspx).
Syntax
Add-IPAllowListEntry -IPAddress <IPAddress>
[-Comment <String>]
[-Confirm]
[-ExpirationTime <DateTime>]
[-Server <ServerIdParameter>]
Add-IPAllowListEntry -IPRange <IPRange>

[-Comment <String>]
[-Confirm]
Description
Examples
-------------------------- Example 1 --------------------------
Add-IPAllowListEntry -IPAddress 192.168.0.100
This example adds the IP address 192.168.0.100 to the list of allowed IP addresses.
-------------------------- Example 2 --------------------------
Add-IPAllowListEntry -IPRange 192.168.0.1/24 -ExpirationTime "1/3/2013 23:59"
This example adds the IP address range 192.168.0.1/24 to the list of allowed IP addresses and configures the IP
Allow list entry to expire at 23:59 on January 3, 2013.
Parameters
-Comment
The Comment parameter specifies an optional comment. If you specify a value that contains spaces, enclose the
value in quotation marks ("), for example: "This is an admin note".
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-ExpirationTime
The ExpirationTime parameter specifies a day and time when the IP Allow list entry that you're creating will expire.
If you specify a time only and you don't specify a date, the current day is assumed.
Type: DateTime
Required: False
Position: Named
Default value: None
-IPAddress
The IPAddress parameter specifies a single IP address to add to the IP Allow list, for example, 192.168.0.1.
Type: IPAddress
Required: True
Position: Named
Default value: None
-IPRange
The IPRange parameter specifies a range of IP addresses to add to the IP Allow list. You can use the following
formats:
CIDR IP:192.168.0.1/24
IP address range:192.168.0.1-192.168.0.254.
Type: IPRange
Required: True
Position: Named
Default value: None
-Server
The Server parameter specifies the Exchange server where you want to run this command. You can use any value
that uniquely identifies the server. For example:
Name
FQDN
Exchange Legacy DN
If you don't use this parameter, the command is run on the local server.
You can't use this parameter to configure other Edge Transport servers remotely.
Type: ServerIdParameter
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Add-IPAllowListProvider
In ths Article
IPAllowListProvider cmdlet to create IP Allow list providers that are used by the Connection Filtering agent on
Edge Transport servers. For information about the parameter sets in the Syntax section below, see Exchange cmdlet
Syntax
Add-IPAllowListProvider [-Name] <String> -LookupDomain <SmtpDomain> [-AnyMatch <$true | $false>]
[-BitmaskMatch <IPAddress>] [-Confirm] [-DomainController <Fqdn>] [-Enabled <$true | $false>]
[-IPAddressesMatch <MultiValuedProperty>] [-Priority <Int32>] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Add-IPAllowListProvider -Name "Contoso.com Allow List" -LookupDomain allowlist.contoso.com -AnyMatch $true
This example adds a new IP Allow list provider and configures connection filtering to treat any IP address status
code returned from the IP Allow list provider as a match and allow the connection. You get the value for the
LookupDomain parameter from the allow list provider.
-------------------------- Example 2 --------------------------
Add-IPAllowListProvider -Name "Fabrikam.com Allow List" -LookupDomain allowlist.fabrikam.com -BitmaskMatch

127.1.0.1
This example adds an IP Allow list provider and configures a bitmask return value from the provider. You get the
values for the LookupDomain and BitmaskMatch parameters from the allow list provider.
Parameters
-AnyMatch
The AnyMatch parameter specifies whether any response by the allow list provider is treated as a match. Valid
input for this parameter is $true or $false. The default value is $false. When this parameter is set to $true, and
connection filtering sends the IP address of the connecting SMTP server to the allow list provider, any response
code returned by the allow list provider causes connection filtering to allow messages from that source.
Required: False
Position: Named
Default value: None
-BitmaskMatch
The BitmaskMatch parameter specifies the bit mask status code that's returned by the allow list provider. Use this
parameter if the allow list provider returns bitmask responses. Valid input for this parameter is a single IP address
in the format 127.0.0.1.
Type: IPAddress
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter specifies whether the connection filtering uses this IP Allow List provider. Valid input for
this parameter is $true or $false. The default value is $true. By default, connection filtering uses new IP Allow List
providers that you create.

Required: False
Position: Named
Default value: None
-IPAddressesMatch
The IPAddressesMatch parameter specifies the IP address status codes that are returned by the allow list provider.
Use this parameter if the allow list provider returns IP address or A record responses. Valid input for this parameter
one or more IP addresses in the format 127.0.0.1. You can enter multiple IP addresses separated by commas.
Required: False
Position: Named
Default value: None
-LookupDomain
The LookupDomain parameter specifies the host name that's required to use the allow list provider. Connection
filtering sends the IP address of the connecting SMTP server to the host name value that you specify. An example
value is allowlist.spamservice.com. The actual value you need to use is provided by the allow list provider.
Type: SmtpDomain
Required: True
Position: Named
Default value: None
-Name
The Name parameter specifies a descriptive name for the IP Allow list provider.
Type: String
Required: True
Position: 1
Default value: None
-Priority
The Priority parameter specifies the order that the Connection Filtering agent queries the IP Allow list providers
that you have configured. A lower priority integer value indicates a higher priority. By default, every time that you
add a new IP Allow list provider, the entry is assigned a priority of N+1, where N is the number of IP Allow list
providers that you have configured.
If you set the Priority parameter to a value that's the same as another IP Allow list provider, the priority of the IP
Allow list provider that you add first is incremented by 1.
Type: Int32
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Add-IPBlockListEntry
In ths Article
IPBlockListEntry cmdlet to add IP Block list entries to the IP Block list that's used by the Connection Filtering agent
on Edge Transport servers. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Add-IPBlockListEntry -IPAddress <IPAddress>
[-Comment <String>]
[-Confirm]
Add-IPBlockListEntry -IPRange <IPRange>

[-Comment <String>]
[-Confirm]
Description
Examples
-------------------------- Example 1 --------------------------
Add-IPBlockListEntry -IPAddress 192.168.0.100
This example adds the IP address 192.168.0.100 to the list of blocked IP addresses.
-------------------------- Example 2 --------------------------
Add-IPBlockListEntry -IPRange 192.168.0.1/24 -ExpirationTime "1/3/2013 23:59"
This example adds the IP address range 192.168.0.1/24 to the list of blocked IP addresses and configures the IP
Block list entry to expire at 23:59 on January 3, 2013.
Parameters
-Comment
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-ExpirationTime
The ExpirationTime parameter specifies a day and time when the IP Block list entry that you're creating will expire.
If you specify a time only and you don't specify a date, the current day is assumed.
Type: DateTime
Required: False
Position: Named
Default value: None
-IPAddress
The IPAddress parameter specifies a single IP address to add to the IP Block list, for example, 192.168.0.1.
Type: IPAddress
Required: True
Position: Named
Default value: None
-IPRange
The IPRange parameter specifies a range of IP addresses to add to the IP Block list. You can use the following
formats:
CIDR IP:192.168.0.1/24
IP address range:192.168.0.1-192.168.0.254.
Type: IPRange
Required: True
Position: Named
Default value: None
-Server
Name
FQDN
Exchange Legacy DN
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Add-IPBlockListProvider
In ths Article
IPBlockListProvider cmdlet to create IP Block list providers that are used by the Connection Filtering agent on Edge
Transport servers. For information about the parameter sets in the Syntax section below, see Exchange cmdlet
Syntax
Add-IPBlockListProvider [-Name] <String> -LookupDomain <SmtpDomain> [-AnyMatch <$true | $false>]
[-IPAddressesMatch <MultiValuedProperty>] [-Priority <Int32>] [-RejectionResponse <AsciiString>] [-WhatIf]
Description
Examples
-------------------------- Example 1 --------------------------
Add-IPBlockListProvider -Name "Contoso.com Block List" -LookupDomain blocklist.contoso.com -RejectionResponse

"Source IP address is listed at the Contoso.com block list provider"
This example adds an IP Block list provider and sets a rejection response. You get the value for the LookupDomain
parameter from the block list provider.
-------------------------- Example 2 --------------------------
Add-IPBlockListProvider -Name "Fabrikam.com Block List" -LookupDomain blocklist.fabrikam.com -BitmaskMatch

127.1.0.1
This example adds an IP Block list provider and configures a bitmask return value from the provider. You get the
values for the LookupDomain and BitmaskMatch parameters from the block list provider.
Parameters
-AnyMatch
The AnyMatch parameter specifies whether any response by the block list provider is treated as a match. Valid
connection filtering sends the IP address of the connecting SMTP server to the block list provider, any response
code returned by the block list provider causes connection filtering to block messages from that source.
Required: False
Position: Named
Default value: None
-BitmaskMatch
The BitmaskMatch parameter specifies the bit mask status code that's returned by the block list provider. Use this
parameter if the block list provider returns bitmask responses. Valid input for this parameter is a single IP address
Type: IPAddress
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter specifies whether the connection filtering uses this IP Block list provider. Valid input for this
parameter is $true or $false. The default value is $true. By default, connection filtering uses new IP Block List

Required: False
Position: Named
Default value: None
-IPAddressesMatch
The IPAddressesMatch parameter specifies the IP address status codes that are returned by the block list provider.
Use this parameter if the block list provider returns IP address or A record responses. Valid input for this parameter
one or more IP addresses in the format 127.0.0.1. You can enter multiple IP addresses separated by commas.
Required: False
Position: Named
Default value: None
-LookupDomain
The LookupDomain parameter specifies the host name that's required to use the block list provider. Connection
value is blocklist.spamservice.com. The actual value you need to use is provided by the block list provider.
Type: SmtpDomain
Required: True
Position: Named
Default value: None
-Name
The Name parameter specifies a descriptive name for the IP Block list provider.
Type: String
Required: True
Position: 1
Default value: None
-Priority
The Priority parameter specifies the order that the Connection Filtering agent queries the IP Block list providers. A
lower priority integer value indicates a higher priority. By default, every time that you add a new IP Block list
provider, the entry is assigned a priority of N+1, where N is the number of IP Block list provider services that you
have configured.
If you set the Priority parameter to a value that's the same as another IP Block list provider service, the priority of
the IP Block list provider that you add first is incremented by 1.
Type: Int32
Required: False
Position: Named
Default value: None
-RejectionResponse
The RejectionResponse parameter specifies the text that you want to include in the SMTP rejection response when
messages are blocked by connection filtering. The argument can't exceed 240 characters. If the value contains
spaces, enclose the value in quotation marks (").
You should always specify the block list provider in the response so that legitimate senders can contact the block list
provider for removal instructions. For example, "Source IP address is listed at the Contoso.com block list provider".
Type: AsciiString
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Delete-QuarantineMessage
In ths Article
This cmdlet is available only in the cloud-based service. Use the Delete-QuarantineMessage cmdlet to delete
quarantine messages from your cloud-based organization For information about the parameter sets in the Syntax
Syntax
Delete-QuarantineMessage -Identities <QuarantineMessageIdentity[]> [-Identity <QuarantineMessageIdentity>]
Delete-QuarantineMessage -Identity <QuarantineMessageIdentity> [-Confirm] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Delete-QuarantineMessage -Identity c14401cf-aa9a-465b-cfd5-08d0f0ca37c5\4c2ca98e-94ea-db3a-7eb8-3b63657d4db7
This example deletes the quarantined message with the specified Identity value.
-------------------------- Example 2 --------------------------
$ids = Get-QuarantineMessage | select -ExpandProperty Identity; Delete-QuarantineMessage -Identity $ids[4]
This example deletes the 5th quarantined message in the list of results from Get-QuarantineMessage. The first
message has the index number 0, the second has the index number 1 and so on).
-------------------------- Example 3 --------------------------
$ids = Get-QuarantineMessage | select -ExpandProperty Identity; Delete-QuarantineMessage -Identities $ids -

Identity 000
This example deletes all quarantined messages. The Identity parameter is required, but the value 000 is ignored.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identities
The Identities parameter identifies quarantined messages for bulk operations. You identify the messages by using
the syntax: value1,value2...valueN. The value is a unique quarantined message identifier in the format
GUID1\GUID2 (for example c14401cf-aa9a-465b-cfd5-08d0f0ca37c5\4c2ca98e-94ea-db3a-7eb8-3b63657d4db7.
You can find the identity value for a quarantined message by using the Get-QuarantineMessage cmdlet.
When you use this parameter, the Identity parameter is required, but the value is ignored. For example, use the
value 000 for the Identity parameter.
Type: QuarantineMessageIdentity[]
Required: True
Position: Named
Default value: None
-Identity
The Identity parameter specifies the quarantined message that you want to delete. The value is a unique
quarantined message identifier in the format GUID1\GUID2 (for example c14401cf-aa9a-465b-cfd5-
08d0f0ca37c5\4c2ca98e-94ea-db3a-7eb8-3b63657d4db7.
You can find the Identity value for a quarantined message by using the Get-QuarantineMessage cmdlet.
Type: QuarantineMessageIdentity
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Disable-HostedContentFilterRule
In ths Article
This cmdlet is available only in the cloud-based service. Use the Disable-HostedContentFilterRule cmdlet to disable
content filter rules in your cloud-based organization. For information about the parameter sets in the Syntax section
Syntax
Disable-HostedContentFilterRule [-Identity] <RuleIdParameter> [-Confirm] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Disable-HostedContentFilterRule "Contoso Recipients"
This example disables the enabled content filter rule named Contoso Recipients.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the content filter rule that you want to disable. You can use any value that uniquely
identifies the rule. For example, you can specify the name, GUID or distinguished name (DN ) of the content filter
rule.
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Disable-MalwareFilterRule
In ths Article
may be exclusive to one environment or the other. Use the Disable-MalwareFilterRule cmdlet to disable malware
filter rules in your organization. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Disable-MalwareFilterRule [-Identity] <RuleIdParameter> [-Confirm] [-DomainController <Fqdn>] [-WhatIf]
Description
Examples
-------------------------- Example 1 --------------------------
Disable-MalwareFilterRule "Contoso Recipients"
This example disables the enabled malware filter rule named Contoso Recipients.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the malware filter rule that you want to disable. You can use any value that
uniquely identifies the rule. For example, you can use the name, GUID or distinguished name (DN ) of the malware
filter rule.
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
The Enable-AntispamUpdates cmdlet was deprecated in Microsoft Exchange Server 2010 Service Pack 1 and is no
longer used. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Enable-AntispamUpdates [[-Identity] <ServerIdParameter>] [-Confirm]
[-SpamSignatureUpdatesEnabled <$true | $false>] [-WhatIf] [<CommonParameters>]
Description
This cmdlet was deprecated in Microsoft Exchange Server 2010 Service Pack 1 and is no longer used.
Examples
-------------------------- Example 1 --------------------------
This cmdlet was deprecated in Microsoft Exchange Server 2010 Service Pack 1 and is no longer used.
Parameters
-Confirm
Required: False
Position: Named
Default value: None
-Identity
Required: False
Position: 1
Default value: None
-SpamSignatureUpdatesEnabled

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Enable-HostedContentFilterRule
In ths Article
This cmdlet is available only in the cloud-based service. Use the Enable-HostedContentFilterRule cmdlet to enable
Syntax
Enable-HostedContentFilterRule [-Identity] <RuleIdParameter> [-Confirm] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Enable-HostedContentFilterRule "Contoso Recipients"
This example enables the disabled content filter rule named Contoso Recipients.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the content filter rule that you want to enable. You can use any value that uniquely
rule.
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Enable-MalwareFilterRule
In ths Article
may be exclusive to one environment or the other. Use the Enable-MalwareFilterRule cmdlet to enable malware
filter rules in your organization. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Enable-MalwareFilterRule [-Identity] <RuleIdParameter> [-Confirm] [-DomainController <Fqdn>] [-WhatIf]
Description
Examples
-------------------------- Example 1 --------------------------
Enable-MalwareFilterRule "Contoso Recipients"
This example enables the disabled malware filter rule named Contoso Recipients.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the malware filter rule that you want to enable. You can use any value that
filter rule.
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Export-QuarantineMessage
In ths Article
This cmdlet is available only in the cloud-based service. Use the Export-QuarantineMessage cmdlet to export
quarantined messages and files from your cloud-based organization. Messages are exported to .eml message files
so you can open them in Outlook. For files that are protected by Office 365 Advanced Threat Protection in
SharePoint Online, OneDrive for Business and Microsoft Teams, the files are exported in Base64 format. For
Syntax
Export-QuarantineMessage -Identity <QuarantineMessageIdentity> [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
$e = Export-QuarantineMessage -Identity c14401cf-aa9a-465b-cfd5-08d0f0ca37c5\4c2ca98e-94ea-db3a-7eb8-

3b63657d4db7; $e.BodyEncoding; $e | select -ExpandProperty Eml | Out-File "C:\My Documents\Export1_ascii.eml" -
Encoding ascii
This example exports the quarantined message with the specified Identity value.
The first two commands determine the message encoding (the value of the BodyEncoding property in the output;
for example, ascii).
The third command exports the message to the specified file using the message encoding that you found in the
previous commands.
Notes:
The "| select -ExpandProperty Eml" part of the command specifies the whole message, including attachments.
You need to use the Out-File cmdlet to write the .eml message file with the required encoding. If you use the
default PowerShell redirection operator ">" to write the output file, the default encoding is Unicode, which
might not match the actual message encoding.
-------------------------- Example 2 --------------------------
$e = Export-QuarantineMessage -Identity 9c6bb3e8-db9e-4823-9759-08d594179bd3\7fec89fe-41b0-ae67-4887-
5bede017d111; $bytes = [Convert]::FromBase64String($e.eml); [IO.File]::WriteAllBytes("C:\My
Documents\Export1.txt", $bytes)
This example exports the quarantined file with the specified Identity value. The first command exports the file to a
Base 64 string. The next two commands convert the string to byte format and write it to the output file.
Parameters
-Identity
The Identity parameter specifies the quarantined message that you want to export. The value is a unique
08d0f0ca37c5\4c2ca98e-94ea-db3a-7eb8-3b63657d4db7).
Required: True
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Get-AgentLog
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-AgentLog cmdlet to parse log files that you
specify as parameters and collect raw statistics from the filtering that anti-spam agents apply during a time period
that you specify. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Get-AgentLog [-EndDate <DateTime>] [-Location <LocalLongFullPath>] [-StartDate <DateTime>]
[-TransportService <Hub | Edge | FrontEnd | MailboxSubmission | MailboxDelivery>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-AgentLog -StartDate "01/04/2018 9:00:00 AM" -EndDate "01/08/2018 6:00:00 PM" -TransportService FrontEnd
This example returns a report that has statistics collected between 09:00 (9 A.M.), January 4, 2018 and 18:00 (6
P.M.), January 8, 2018 in the Front End Transport service.
Parameters
-EndDate
Type: DateTime
Required: False
Position: Named
Default value: None
-Location
The Location parameter specifies the directory that contains the log files that you can use to build usage reports.
The default path is %ExchangeInstallPath%TransportRoles\Logs\AgentLog. You need to enclose the file path in
Type: LocalLongFullPath
Required: False
Position: Named
Default value: None
-StartDate
Type: DateTime
Required: False
Position: Named
Default value: None
-TransportService
The TransportService parameter specifies the transport service that you want to view or modify. Valid values for
this parameter are:
Hub for the Transport service on Mailbox servers.
MailboxSubmission for the Mailbox Transport Submission service on Mailbox servers.
MailboxDelivery for the Mailbox Transport Delivery service on Mailbox servers.
FrontEnd for the Front End Transport service on Mailbox servers.
Edge on Edge Transport servers.
Type: Hub | Edge | FrontEnd | MailboxSubmission | MailboxDelivery

Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available or effective only on Edge Transport servers in on-premises Exchange. Use the Get-
AttachmentFilterEntry cmdlet to view the list of attachment filter entries that are used by the Attachment Filtering
Syntax
Get-AttachmentFilterEntry [[-Identity] <String>] [-DomainController <Fqdn>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
This example returns all attachment filter entries.

-------------------------- Example 2 --------------------------
Get-AttachmentFilterEntry FileName:*.txt
This example returns only the attachment filter entries that filter file names with a .txt extension.
-------------------------- Example 3 --------------------------
Get-AttachmentFilterEntry ContentType:image/jpeg
This example returns only the attachment filter entries that filter attachments that have the MIME content type
image/jpeg.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies which attachment filter entry the command retrieves. The Identity parameter
accepts values in the format Type:Name, where Type is one of the following values:
ContentType: This value matches the attachment filter entry against the MIME content type.
FileName: This value matches the attachment filter entry against the simple file name.
Type: String
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-AttachmentFilterListConfig
In ths Article
AttachmentFilterListConfig cmdlet to view the configuration of the Attachment Filtering agent on Edge Transport
servers. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Get-AttachmentFilterListConfig [-DomainController <Fqdn>] [<CommonParameters>]
Description
type or the file name of the attachment. The configuration of the Attachment Filtering agent determines how
messages that contain the specified attachments are processed.
Examples
-------------------------- Example 1 --------------------------
Get-AttachmentFilterListConfig | Format-List
This example returns detailed information about the Attachment Filtering agent configuration for the Exchange
server.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-ContentFilterConfig
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-ContentFilterConfig cmdlet to view the content
filter configuration for the computer on which the cmdlet is run. For information about the parameter sets in the
Syntax
Get-ContentFilterConfig [-DomainController <Fqdn>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-ContentFilterConfig | Format-List
This example returns detailed information about the content filter configuration for the Exchange server.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-ContentFilterPhrase cmdlet to view one or all
custom words that the Content Filter agent processes. For information about the parameter sets in the Syntax
Syntax
Get-ContentFilterPhrase [[-Identity] <ContentFilterPhraseIdParameter>]
Get-ContentFilterPhrase [-Phrase <ContentFilterPhraseIdParameter>]

Description
Examples
-------------------------- Example 1 --------------------------
This example returns all custom words stored on the computer where the command is being run.
-------------------------- Example 2 --------------------------
Get-ContentFilterPhrase -Phrase "Free credit report"
This example returns a specific custom word specified by the Phrase parameter. In this example, the custom word is
the phrase Free credit report.
-------------------------- Example 3 --------------------------
Get-ContentFilterPhrase | Where {$_.Phrase -like '*free offer*'}
This example returns all custom words and phrases that contain the words free offer.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies a custom word or phrase to display. You must enclose the value of the Identity
parameter in quotation marks (").
The Identity and Phrase parameters are interchangeable.
Type: ContentFilterPhraseIdParameter
Required: False
Position: 1
Default value: None
-Phrase
The Phrase parameter specifies a custom word or phrase to display. You must enclose the value of the Phrase
The Phrase and Identity parameters are interchangeable.
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-DkimSigningConfig cmdlet to view the
DomainKeys Identified Mail (DKIM ) signing policy settings for domains in a cloud-based organization. For
Syntax
Get-DkimSigningConfig [[-Identity] <DkimSigningConfigIdParameter>] [<CommonParameters>]
Description
DKIM in Microsoft Office 365 is an email authentication method that uses a public key infrastructure (PKI),
message headers and CNAME records in DNS to authenticate the message sender, which is stamped in the DKIM -
Signature header field. DKIM helps prevent forged sender email addresses (also known as spoofing) by verifying
that the domain in the From address matches the domain in the DKIM -Signature header field.
Examples
-------------------------- Example 1 --------------------------
This example shows a summary list of all DKIM signing policies in your organization.
-------------------------- Example 2 --------------------------
Get-DkimSigningConfig -Identity contoso.com | Format-List
This example shows detailed information for the DKIM signing policy for contoso.com.
Parameters
-Identity
The Identity parameter specifies the DKIM signing policy that you want to view. You can use any value that
Name: The domain name (for example, contoso.com).
GUID
Type: DkimSigningConfigIdParameter
Required: False
Position: 1
Default value: None
Inputs
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-HostedConnectionFilterPolicy cmdlet to view
the settings of connection filter policies in your cloud-based organization. For information about the parameter sets
in the Syntax section below, see Exchange cmdlet syntax (https://technet.microsoft.com/library/bb123552.aspx).
Syntax
Get-HostedConnectionFilterPolicy [[-Identity] <HostedConnectionFilterPolicyIdParameter>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
This example shows a summary list of all the connection filter policies in your cloud-based organization.
-------------------------- Example 2 --------------------------
Get-HostedConnectionFilterPolicy Default | Format-List
This example retrieves details about the connection filter policy named Default.
Parameters
-Identity
The Identity parameter specifies the connection filter policy that you want to view. You can use any value that
uniquely identifies the policy. For example, you can specify the name, GUID or distinguished name (DN ) of the
connection filter policy.
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-HostedContentFilterPolicy cmdlet to view the
settings of content filter policies in your cloud-based organization. For information about the parameter sets in the
Syntax
Get-HostedContentFilterPolicy [[-Identity] <HostedContentFilterPolicyIdParameter>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
This example shows a summary list of all the content filter policies in your cloud-based organization.
-------------------------- Example 2 --------------------------
Get-HostedContentFilterPolicy Default | Format-List
This example retrieves details about the content filter policy named Default.
Parameters
-Identity
The Identity parameter specifies the content filter policy that you want to view. You can use any value that uniquely
identifies the policy. For example, you can use the name, GUID or distinguished name (DN ) of the content filter
policy.
Type: HostedContentFilterPolicyIdParameter
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-HostedContentFilterRule cmdlet to view
Syntax
Get-HostedContentFilterRule [[-Identity] <RuleIdParameter>] [-State <Enabled | Disabled>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
This example shows a summary list of all the content filter rules in your cloud-based organization.
-------------------------- Example 2 --------------------------
Get-HostedContentFilterRule "Contoso Recipients" | Format-List
This example retrieves details about the content filter rule named Contoso Recipients.
Parameters
-Identity
The Identity parameter specifies the content filter rule that you want to view. You can use any value that uniquely
identifies the rule. For example, you can specify the name, GUID, or distinguished name (DN ) of the content filter
rule.
Required: False
Position: 1
Default value: None
-State
The State parameter filters the results by enabled or disabled content filter rules. Valid input for this parameter is
Enabled or Disabled.

Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-HostedOutboundSpamFilterPolicy
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-HostedOutboundSpamFilterPolicy cmdlet to
view the settings of the outbound spam filter policy in your cloud-based organization. For information about the
Syntax
Get-HostedOutboundSpamFilterPolicy [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-HostedOutboundSpamFilterPolicy | Format-List
This example retrieves details about the outbound spam filter policy.
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-IPAllowListConfig
In ths Article
IPAllowListConfig cmdlet to view the configuration information for the IP Allow list that's used by the Connection
Filtering agent on Edge Transport servers. For information about the parameter sets in the Syntax section below,
Syntax
Get-IPAllowListConfig [-DomainController <Fqdn>] [<CommonParameters>]
Description
On Edge Transport servers, the Connection Filtering agent acts on the IP address of the incoming SMTP
connection to determine what action, if any, to take on an incoming message.
Examples
-------------------------- Example 1 --------------------------
Get-IPAllowListConfig | Format-List
This example returns detailed information about the IP Allow list configuration on the local Edge Transport server.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
IPAllowListEntry cmdlet to view the IP address entries in the IP Allow list that's used by the Connection Filtering
Syntax
Get-IPAllowListEntry -IPAddress <IPAddress>
[-ResultSize <Unlimited>]
[-Server <ServerIdParameter>] [<CommonParameters>]
Get-IPAllowListEntry [[-Identity] <IPListEntryIdentity>]

Description
Examples
-------------------------- Example 1 --------------------------
This example returns all entries in the IP Allow list on the local Edge Transport server.
-------------------------- Example 2 --------------------------
Get-IPAllowListEntry -IPAddress 192.168.0.1
This example returns an IP Allow list entry in which the specified IP address is included.
Parameters
-Identity
The Identity parameter specifies the identity integer value of the IP Allow list entry that you want to view. When
you add an entry to the IP Allow list, the Identity value is automatically assigned.
Type: IPListEntryIdentity
Required: False
Position: 1
Default value: None
-IPAddress
The IPAddress parameter specifies an IP address to view in the IP Allow list entry or entries. For example, if you
have an IP Allow list entry that specifies a range of IP addresses from 192.168.0.1 through 192.168.0.20, enter any
IP address in the IP Allow list IP address range to return the IP Allow list entry.
Type: IPAddress
Required: True
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
-Server
Name
FQDN
Exchange Legacy DN
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
IPAllowListProvider cmdlet to view IP Allow list providers that are used by the Connection Filtering agent on Edge
Syntax
Get-IPAllowListProvider [[-Identity] <IPAllowListProviderIdParameter>] [-DomainController <Fqdn>]
Description
Examples
-------------------------- Example 1 --------------------------
This example returns a summary list of all IP Allow list providers.

-------------------------- Example 2 --------------------------
Get-IPAllowListProvider Contoso.com | Format-List
This example returns detailed information for the IP Allow list provider named Contoso.com.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the IP Allow list provider that you want to view. You can use any value that
uniquely identifies the IP Allow list provider. For example:
Name
GUID
Type: IPAllowListProviderIdParameter
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-IPAllowListProvidersConfig
In ths Article
IPAllowListProvidersConfig cmdlet to view the settings that affect all IP Allow list providers that are configured on
an Edge Transport server. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Get-IPAllowListProvidersConfig [-DomainController <Fqdn>] [<CommonParameters>]
Description
On Edge Transport servers, IP Allow list providers are used by the Connection Filtering agent. The Connection
Filtering agent acts on the IP address of the incoming SMTP connection to determine what action, if any, to take on
an incoming message.
Examples
-------------------------- Example 1 --------------------------
Get-IPAllowListProvidersConfig | Format-List
This example returns detailed information about the IP Allow list providers configuration on the local Edge
Transport server.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-IPBlockListConfig
In ths Article
IPBlockListConfig cmdlet to view the IP Block list configuration information that's used by the Connection Filtering
Syntax
Get-IPBlockListConfig [-DomainController <Fqdn>] [<CommonParameters>]
Description
On Edge Transport servers, the Connection Filtering agent acts on the incoming SMTP connection to determine
what action, if any, to take on an incoming message.
Examples
-------------------------- Example 1 --------------------------
Get-IPBlockListConfig | Format-List
This example returns detailed information about the IP Block list configuration on the local Edge Transport server.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
IPBlockListEntry cmdlet to view the IP Block list entries that are used by the Connection Filtering agent on Edge
Syntax
Get-IPBlockListEntry [[-Identity] <IPListEntryIdentity>]
Get-IPBlockListEntry -IPAddress <IPAddress>

Description
Examples
-------------------------- Example 1 --------------------------
This example returns a list of all IP address entries in the IP Block list.
-------------------------- Example 2 --------------------------
Get-IPBlockListEntry | where {$_.IsMachineGenerated}
This example returns machine-generated entries in the IP Block list that are inserted by sender reputation.
Parameters
-Identity
The Identity parameter specifies the identity integer value of the IP Block list entry that you want to view. When you
add an entry to the IP Block list, the Identity value is automatically assigned.
Required: False
Position: 1
Default value: None
-IPAddress
The IPAddress parameter specifies an IP address to view in the IP Block list entry or entries. For example, if you
have an IP Block list entry that specifies a range of IP addresses from 192.168.0.1 through 192.168.0.20, enter any
IP address in the IP Block list IP address range to return the IP Block list entry.
Type: IPAddress
Required: True
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
-Server
Name
FQDN
Exchange Legacy DN
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
IPBlockListProvider cmdlet to view IP Block list providers that are used by the Connection Filtering agent on Edge
Syntax
Get-IPBlockListProvider [[-Identity] <IPBlockListProviderIdParameter>] [-DomainController <Fqdn>]
Description
Examples
-------------------------- Example 1 --------------------------
This example returns a summary list of all IP Block list providers configured on the local Edge Transport server.
-------------------------- Example 2 --------------------------
Get-IPBlockListProvider -Identity Contoso.com
This example returns detailed information for the existing IP Block list provider named Contoso.com.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the IP Block list provider that you want to view. You can use any value that
uniquely identifies the IP Block list provider. For example:
Name
GUID
Type: IPBlockListProviderIdParameter
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-IPBlockListProvidersConfig
In ths Article
IPBlockListProvidersConfig cmdlet to view the settings that affect all IP Block list providers that are configured on
an Edge Transport server. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Get-IPBlockListProvidersConfig [-DomainController <Fqdn>] [<CommonParameters>]
Description
On Edge Transport servers, IP Block list providers are used by the Connection Filtering agent. The Connection
Examples
-------------------------- Example 1 --------------------------
Get-IPBlockListProvidersConfig | Format-List
This example returns detailed information about the IP Block list providers on the local Edge Transport server.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-MailboxJunkEmailConfiguration
In ths Article
may be exclusive to one environment or the other. Use the Get-MailboxJunkEmailConfiguration cmdlet to view the
junk email settings on mailboxes. For information about the parameter sets in the Syntax section below, see
Syntax
Get-MailboxJunkEmailConfiguration [-Identity] <MailboxIdParameter> [-Credential <PSCredential>]
[-DomainController <Fqdn>] [-ReadFromDomainController] [-ResultSize <Unlimited>] [<CommonParameters>]
Description
The junk email settings on the mailbox are:
Enable or disable the junk email rule: The junk email rule (a hidden Inbox rule named Junk E -mail Rule) controls
the delivery of messages to the Junk Email folder or the Inbox based on the SCL Junk Email Folder threshold
(for the organization or the mailbox) and the safelist collection on the mailbox. Users can enable or disable the
junk email rule in their own mailbox by using Outlook on the web.
Configure the safelist collection: The safelist collection is the Safe Senders list, the Safe Recipients list, and the
Blocked Senders list. Users can configure the safelist collection on their own mailbox by using Microsoft
Outlook or Outlook on the web.
Administrators can enable or disable the junk email rule, and configure the safelist collection on a mailbox by using
the Set-MailboxJunkEmailConfiguration cmdlet. For more information, see Configure Exchange antispam settings
on mailboxes (https://technet.microsoft.com/library/bb123559.aspx).
Examples
-------------------------- Example 1 --------------------------
Get-MailboxJunkEmailConfiguration -Identity "David Pelton"
This example returns the junk email configuration for the user named David Pelton.
-------------------------- Example 2 --------------------------
$AllUsers = Get-Mailbox -ResultSize unlimited -RecipientTypeDetails UserMailbox; $AllUsers | foreach {Get-
MailboxJunkEmailConfiguration -Identity $_.UserPrincipalName} | Where {$_.Enabled -eq $false} | Format-Table -
Auto Identity,Enabled
This example returns a summary list of all mailboxes in your organization where the junk email rule is disabled. The
first command stores all user mailboxes in a variable. The second command parses through the mailboxes and
returns the FQDN of the mailboxes where the junk email rule is disabled.
To return all mailboxes where the junk email rule is enabled, change the value $false to $true. To return a mixed list
of mailboxes where the junk email rule is enabled and disabled, remove the "| Where {$_.Enabled -eq $false " part
of the second command.
Parameters
-Credential
A value for this parameter requires the Get-Credential cmdlet. To pause this command and receive a prompt for
credentials, use the value (Get-Credential) . Or, before you run this command, store the credentials in a variable
(for example, $cred = Get-Credential ) and then use the variable name ( $cred ) for this parameter. For more
information, see Get-Credential (https://go.microsoft.com/fwlink/p/?linkId=142122).
Type: PSCredential
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox that you want to view. You can use any value that uniquely identifies
the mailbox. For example:
Name
Alias
Canonical DN
<domain name>\<account name>
Email address
GUID
LegacyExchangeDN
SamAccountName
User ID or user principal name (UPN )
You can use the wildcard character (*) to identify multiple mailboxes.
Type: MailboxIdParameter
Required: True
Position: 1
Default value: None
Accept wildcard characters: True
-ReadFromDomainController
The ReadFromDomainController switch specifies that information should be read from a domain controller in the
user's domain. If you run the command Set-AdServerSettings -ViewEntireForest $true to include all objects in the
forest and you don't use the ReadFromDomainController switch, it's possible that information will be read from a
global catalog that has outdated information. When you use the ReadFromDomainController switch, multiple reads
might be necessary to get the information. You don't have to specify a value with this switch.
By default, the recipient scope is set to the domain that hosts your Exchange servers.
Required: False
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-MalwareFilteringServer cmdlet to view the
Malware agent settings in the Transport service on a Mailbox server. For information about the parameter sets in
Syntax
Get-MalwareFilteringServer [[-Identity] <MalwareFilteringServerIdParameter>] [-DomainController <Fqdn>]
Description
Examples
-------------------------- Example 1 --------------------------
This example displays a summary of the Exchange Malware agent settings on all Mailbox servers in your
organization.
-------------------------- Example 2 --------------------------
Get-MalwareFilteringServer Mailbox01 | Format-List
This example returns the detailed Exchange Malware agent settings on a Mailbox server named Mailbox01.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the server where you want to view the anti-malware settings. You can use any
value that uniquely identifies the server. For example:
Name
FQDN
Exchange Legacy DN
Type: MalwareFilteringServerIdParameter
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
may be exclusive to one environment or the other. Use the Get-MalwareFilterPolicy cmdlet to view the malware
filter policies in your organization. For information about the parameter sets in the Syntax section below, see
Syntax
Get-MalwareFilterPolicy [[-Identity] <MalwareFilterPolicyIdParameter>] [-DomainController <Fqdn>]
Description
Malware filter policies contain the malware settings and a list of domains to which those settings apply. A domain
can't belong to more than one malware filter policy.
Examples
-------------------------- Example 1 --------------------------
This example retrieves a summary list of all malware filter policies in your organization.
-------------------------- Example 2 --------------------------
Get-MalwareFilterPolicy Default | Format-List
This example retrieves detailed configuration information for the malware filter policy named Default.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the malware filter policy that you want to view. You can use any value that uniquely
identifies the policy. For example, you can use the name, GUID or distinguished name (DN ) of the malware filter
policy.
Type: MalwareFilterPolicyIdParameter
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
may be exclusive to one environment or the other. Use the Enable-MalwareFilterRule cmdlet to view malware filter
rules in your organization. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Get-MalwareFilterRule [[-Identity] <RuleIdParameter>] [-DomainController <Fqdn>] [-State <Enabled | Disabled>]
Description
Examples
-------------------------- Example 1 --------------------------
This example retrieves a summary list of all malware filter rules in your organization.
-------------------------- Example 2 --------------------------
Get-MalwareFilterRule "Contoso Recipients" | Format-List
This example retrieves detailed configuration information for the malware filter rule named Contoso Recipients.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the malware filter rule that you want to view. You can use any value that uniquely
identifies the rule. For example, you can use the name, GUID or distinguished name (DN ) of the malware filter rule.
Required: False
Position: 1
Default value: None
-State
The State parameter filters the results by enabled or disabled malware filter rules. Valid input for this parameter is
Enabled or Disabled.

Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-QuarantineMessage
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-QuarantineMessage cmdlet to view
quarantined messages and files in your cloud-based organization. Not : Quarantined files are files protected by
Office 365 Advanced Threat Protection in SharePoint Online, OneDrive for Business and Microsoft Teams. For
Syntax
Get-QuarantineMessage -Identity <QuarantineMessageIdentity> [-SenderAddress <String[]>] [<CommonParameters>]
Get-QuarantineMessage [-Direction <Inbound | Outbound>] [-Domain <String[]>] [-EndExpiresDate <DateTime>]

[-EndReceivedDate <DateTime>] [-MessageId <String>] [-MyItems] [-Page <Int32>] [-PageSize <Int32>]
[-QuarantineTypes <QuarantineMessageTypeEnum[]>] [-RecipientAddress <String[]>] [-Reported <$true | $false>]
[-SenderAddress <String[]>] [-StartExpiresDate <DateTime>] [-StartReceivedDate <DateTime>] [-Subject <String>]
[-Type <Spam | TransportRule | Bulk | Phish | Malware>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-QuarantineMessage -StartReceivedDate 06/13/2016 -EndReceivedDate 06/15/2016
This example returns a summary list of messages quarantined between June 13, 2016 and June 15, 2016.
-------------------------- Example 2 --------------------------
Get-QuarantineMessage -PageSize 50 -Page 3
This example presents 50 quarantined messages per page, and returns the third page of results.
-------------------------- Example 3 --------------------------
Get-QuarantineMessage -MessageID "<5c695d7e-6642-4681-a4b0-9e7a86613cb7@contoso.com>"

This example returns the quarantined message with the Message-ID value <5c695d7e-6642-4681-a4b0-
9e7a86613cb7@contoso.com\>.
-------------------------- Example 4 --------------------------
Get-QuarantineMessage -Identity c14401cf-aa9a-465b-cfd5-08d0f0ca37c5\4c2ca98e-94ea-db3a-7eb8-3b63657d4db7 |

Format-List
This example returns detailed information for the quarantined message with the specified Identity value.
-------------------------- Example 5 --------------------------
Get-QuarantineMessage -QuarantineTypes SPOMalware | Format-List
This example returns detailed information for the files protected by Office 365 Advanced Threat Protection in
SharePoint Online, OneDrive for Business and Microsoft Teams.
Parameters
-Direction
Type: Inbound | Outbound

Required: False
Position: Named
Default value: None
-Domain
The Domain parameter filters the results by sender or recipient domain. You can specify multiple domain values
Type: String[]
Required: False
Position: Named
Default value: None
-EndExpiresDate
The EndExpiresDate parameter specifies the latest messages that will automatically be deleted from the quarantine.
Use this parameter with the StartExpiresDate parameter.
For example, if you specify the StartExpiresDate value of today's date and the EndExpiresDate value of the date
three days from today, you will only see messages that will expire from the quarantine in the next three days.
Type: DateTime
Required: False
Position: Named
Default value: None
-EndReceivedDate
The EndReceivedDate parameter specifies the latest messages to return in the results. Use this parameter with the
StartReceivedDate parameter.
Type: DateTime
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the quarantined message that you want to view. The value is a unique quarantined
message identifier in the format GUID1\GUID2 (for example c14401cf-aa9a-465b-cfd5-08d0f0ca37c5\4c2ca98e-
94ea-db3a-7eb8-3b63657d4db7.
When you identify the quarantine message by using this parameter, the RecipientAddress, QuarantineUser, and
ReleasedUser properties are available. To see these values, you need to use a formatting cmdlet. For example, Get-
QuarantineMessage -Identity <Identity> | Format-List.
Required: True
Position: Named
Default value: None
-MessageId
Type: String
Required: False
Position: Named
Default value: None
-MyItems
The MyItems switch filters the results by messages where you (the user that's running the command) are the
recipient. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-Page
Type: Int32
Required: False
Position: Named
Default value: None
-PageSize
Type: Int32
Required: False
Position: Named
Default value: None
-QuarantineTypes
The QuarantineTypes parameter filters the results by what caused the message to be quarantined. Valid values are:
Bulk
Phish
Spam
SPOMalware
TransportRule
You don't need to use this parameter with the Type parameter.
For files protected by Office 365 Advanced Threat Protection in SharePoint Online, OneDrive for Business and
Microsoft Teams, the detection information can be found in CustomData field in the output.
Type: QuarantineMessageTypeEnum[]
Required: False
Position: Named
Default value: None
-RecipientAddress
Type: String[]
Required: False
Position: Named
Default value: None
-Reported
The Reported parameter filters the results by messages that have already been reported as false positives. Valid
values are:
$true: The command only returns quarantined messages that have already been reported as false positives.
$false: The command only returns quarantined messages that haven't been reported as false positives.

Required: False
Position: Named
Default value: None
-SenderAddress
Type: String[]
Required: False
Position: Named
Default value: None
-StartExpiresDate
The StartExpiresDate parameter specifies the earliest messages that will automatically be deleted from the
quarantine. Use this parameter with the EndExpiresDate parameter.
For example, if you specify the StartExpiresDate value of today's date and the EndExpiresDate value of the date
three days from today, you will only see messages that will expire from the quarantine in the next three days.
Type: DateTime
Required: False
Position: Named
Default value: None
-StartReceivedDate
The StartReceivedDate parameter specifies the earliest messages to return in the results. Use this parameter with
the EndReceivedDate parameter.
Type: DateTime
Required: False
Position: Named
Default value: None
-Subject
The Subject parameter filters the results by the subject field of the message. If the value contains spaces, enclose
Type: String
Required: False
Position: Named
Default value: None
-Type
The Type parameter filters the results by what caused the message to be quarantined. Valid values are:
Bulk
Phish
Spam
TransportRule
You don't need to use this parameter with the QuarantineTypes parameter.
Type: Spam | TransportRule | Bulk | Phish | Malware
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-QuarantineMessageHeader
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-QuarantineMessageHeader cmdlet to view the
message header of a quarantined message. The command will fail if the specified message is not in quarantine. For
Syntax
Get-QuarantineMessageHeader -Identity <QuarantineMessageIdentity> [<CommonParameters>]
Description
Standard SMTP message header syntax is described in RFC 5322. This cmdlet displays the message header exactly
as it appears in the message. Individual header fields are not unfolded.
Examples
-------------------------- Example 1 --------------------------
Get-QuarantineMessageHeader 65ab8c7d-dcd3-4067-7c60-08d116c001c3\8b677327-0ef3-166b-e108-ff6cb380d191
This example displays the message header of the quarantined message that has the specified Identity value.
-------------------------- Example 2 --------------------------
$qMessages = Get-QuarantineMessage; Get-QuarantineMessageHeader $qMessages[0].Identity
This example displays the message header of the first message that's returned by Get-QuarantineMessage cmdlet.
Parameters
-Identity
The Identity parameter specifies the quarantined message that you want to view the header for. The value is a
unique quarantined message identifier in the format GUID1\GUID2 (for example c14401cf-aa9a-465b-cfd5-
Required: True
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Get-RecipientFilterConfig
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-RecipientFilterConfig cmdlet to view the
recipient filter configuration information for the Exchange server. For information about the parameter sets in the
Syntax
Get-RecipientFilterConfig [[-Identity] <OrganizationIdParameter>] [-DomainController <Fqdn>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-RecipientFilterConfig | Format-List
This example returns detailed information about the recipient filter configuration for the Exchange server.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-SenderFilterConfig
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-SenderFilterConfig cmdlet to view the Sender
Filter configuration information for the Exchange server. For information about the parameter sets in the Syntax
Syntax
Get-SenderFilterConfig [[-Identity] <OrganizationIdParameter>] [-DomainController <Fqdn>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-SenderFilterConfig | Format-List
This example returns detailed information about the Sender Filter configuration for the Exchange server.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-SenderIdConfig
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-SenderIdConfig cmdlet to view the Sender ID
configuration information for the Exchange server. For information about the parameter sets in the Syntax section
Syntax
Get-SenderIdConfig [-DomainController <Fqdn>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-SenderIdConfig | Format-List
This example returns detailed information about the Sender ID configuration on the Exchange server.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-SenderReputationConfig
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-SenderReputationConfig cmdlet to view the
configuration information for sender reputation on the computer on which the command is run. For information
about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Get-SenderReputationConfig [-DomainController <Fqdn>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-SenderReputationConfig | Format-List
This example returns detailed information about the sender reputation configuration for the Exchange server.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-DkimSigningConfig
In ths Article
This cmdlet is available only in the cloud-based service. Use the New -DkimSigningConfig cmdlet to create the
Syntax
New-DkimSigningConfig [-DomainName] <SmtpDomainWithSubdomains> [-Enabled] <$true | $false>
[-AdminDisplayName <String>] [-BodyCanonicalization <Simple | Relaxed>] [-Confirm]
[-HeaderCanonicalization <Simple | Relaxed>] [-KeySize <UInt16>] [-WhatIf] [<CommonParameters>]
Description
DKIM in Microsoft Office 365 is an email authentication method that uses a public key infrastructure (PKI),
message headers, and CNAME records in DNS to authenticate the message sender, which is stamped in the DKIM -
Signature header field. DKIM helps prevent forged sender email addresses (also known as spoofing) by verifying
that the domain in the From address matches the domain in the DKIM -Signature header field.
Examples
-------------------------- Example 1 --------------------------
New-DkimSigningConfig -DomainName contoso.com -Enabled $true
This example enables DKIM message signing for the contoso.com domain.
Parameters
-AdminDisplayName
Type: String
Required: False
Position: Named
Default value: None
-BodyCanonicalization
The BodyCanonicalization parameter specifies the canonicalization algorithm that's used to create and verify the
message body part of the DKIM signature. This value effectively controls the sensitivity of DKIM to changes to the
message body in transit. Valid values are:
Relaxed: Changes in whitespace and changes in empty lines at the end of the message body are tolerated. This
is the default value.
Simple: Only changes in empty lines at the end of the message body are tolerated.
Type: Simple | Relaxed

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainName
The DomainName parameter specifies the domain in your organization that you want to enable DKIM message
signing for.
By default, DKIM message signing is enabled for the initial *.onmicrosoft.com domain in the organization (for
example, contoso.onmicrosoft.com).
For custom domains that don't have DKIM messaging signing enabled, the DKIM signatures for the
*.onmicrosoft.com domain are added to messages.
Type: SmtpDomainWithSubdomains
Required: True
Position: 1
Default value: None
-Enabled

Required: True
Position: 2
Default value: None
-HeaderCanonicalization
The HeaderCanonicalization parameter specifies the canonicalization algorithm that's used to create and verify the
message header part of the DKIM signature. This value effectively controls the sensitivity of DKIM to changes to
the message headers in transit. Valid values are:
Relaxed: Common modifications to the message header are tolerated (for example, Header field line
rewrapping, changes in unnecessary whitespace or empty lines, and changes in case for header fields). This is
the default value.
Simple: No changes to the header fields are tolerated.

Required: False
Position: Named
Default value: None
-KeySize
The KeySize parameter specifies the size in bits of the public key that's used in the DKIM signing policy. The only
available value is 1024.
Type: UInt16
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
New-HostedContentFilterPolicy
In ths Article
This cmdlet is available only in the cloud-based service. Use the New -HostedContentFilterPolicy cmdlet to create
content filter policies in your cloud-based organization. For information about the parameter sets in the Syntax
Syntax
New-HostedContentFilterPolicy [-Name] <String>
[-AddXHeaderValue <String>]
[-AllowedSenderDomains <MultiValuedProperty>]
[-AllowedSenders <MultiValuedProperty>]
[-BlockedSenderDomains <MultiValuedProperty>]
[-BlockedSenders <MultiValuedProperty>]
[-BulkSpamAction <MoveToJmf | AddXHeader | ModifySubject | Redirect | Delete | Quarantine | NoAction>]
[-BulkThreshold <Int32>]
[-Confirm]
[-DownloadLink <$true | $false>]
[-EnableEndUserSpamNotifications <$true | $false>]
[-EnableLanguageBlockList <$true | $false>]
[-EnableRegionBlockList <$true | $false>]
[-EndUserSpamNotificationCustomFromAddress <SmtpAddress>]
[-EndUserSpamNotificationCustomFromName <String>]
[-EndUserSpamNotificationCustomSubject <String>]
[-EndUserSpamNotificationFrequency <Int32>]
[-EndUserSpamNotificationLanguage <Default | English | French | German | Italian | Japanese | Spanish | Korean
| Portuguese | Russian | ChineseSimplified | ChineseTraditional | Amharic | Arabic | Bulgarian | BengaliIndia |
Catalan | Czech | Cyrillic | Danish | Greek | Estonian | Basque | Farsi | Finnish | Filipino | Galician |
Gujarati | Hebrew | Hindi | Croatian | Hungarian | Indonesian | Icelandic | Kazakh | Kannada | Lithuanian |
Latvian | Malayalam | Marathi | Malay | Dutch | NorwegianNynorsk | Norwegian | Oriya | Polish |
PortuguesePortugal | Romanian | Slovak | Slovenian | SerbianCyrillic | Serbian | Swedish | Swahili | Tamil |
Telugu | Thai | Turkish | Ukrainian | Urdu | Vietnamese>]
[-EndUserSpamNotificationLimit <Int32>]
[-HighConfidenceSpamAction <MoveToJmf | AddXHeader | ModifySubject | Redirect | Delete | Quarantine |
NoAction>]
[-IncreaseScoreWithBizOrInfoUrls <Off | On | Test>]
[-IncreaseScoreWithImageLinks <Off | On | Test>]
[-IncreaseScoreWithNumericIps <Off | On | Test>]
[-IncreaseScoreWithRedirectToOtherPort <Off | On | Test>]
[-InlineSafetyTipsEnabled <$true | $false>]
[-LanguageBlockList <MultiValuedProperty>]
[-MarkAsSpamBulkMail <Off | On | Test>]
[-MarkAsSpamEmbedTagsInHtml <Off | On | Test>]
[-MarkAsSpamEmptyMessages <Off | On | Test>]
[-MarkAsSpamFormTagsInHtml <Off | On | Test>]
[-MarkAsSpamFramesInHtml <Off | On | Test>]
[-MarkAsSpamFromAddressAuthFail <Off | On | Test>]
[-MarkAsSpamJavaScriptInHtml <Off | On | Test>]
[-MarkAsSpamNdrBackscatter <Off | On | Test>]
[-MarkAsSpamObjectTagsInHtml <Off | On | Test>]
[-MarkAsSpamSensitiveWordList <Off | On | Test>]
[-MarkAsSpamSpfRecordHardFail <Off | On | Test>]
[-MarkAsSpamWebBugsInHtml <Off | On | Test>]
[-ModifySubjectValue <String>]
[-PhishSpamAction <MoveToJmf | AddXHeader | ModifySubject | Redirect | Delete | Quarantine | NoAction>]
[-QuarantineRetentionPeriod <Int32>]
[-RedirectToRecipients <MultiValuedProperty>]
[-RegionBlockList <MultiValuedProperty>]
[-SpamAction <MoveToJmf | AddXHeader | ModifySubject | Redirect | Delete | Quarantine | NoAction>]
[-TestModeAction <None | AddXHeader | BccMessage>]
[-TestModeBccToRecipients <MultiValuedProperty>]
[-WhatIf]
[-ZapEnabled <$true | $false>]
Description
For more information about the limits for allowed and blocked senders, see Exchange Online Protection Limits.
Examples
-------------------------- Example 1 --------------------------
New-HostedContentFilterPolicy -Name "Contoso Content Filter Policy" -HighConfidenceSpamAction Redirect -

SpamAction Redirect -RedirectToRecipients chris@contoso.com -FalsePositiveAdditionalRecipients
michelle@contoso.com
This example creates a content filter policy named Contoso Content Filter Policy with the following settings:
Redirect messages that are definitely spam or that may be spam to chris@contoso.com.
Send copies of spam quarantine false positive submissions to michelle@contoso.com.
Parameters
-AddXHeaderValue
The AddXHeaderValue parameter specifies the X-header value to add to spam messages when an action parameter
is set to the value AddXHeader. The action parameters that use the value of this parameter are:
BulkSpamAction
HighConfidenceSpamAction
PhishSpamAction
SpamAction
The value that you specify for this parameter must contain less than 256 characters, and can't contain spaces.
Note that when the TestModeAction parameter is set to AddXHeader, the following X-header value is automatically
added to the message: X-CustomSpam: This message was filtered by the custom spam filter option.
An X-header is a user-defined, unofficial header field that exists in the message header. X-headers aren't specifically
mentioned in RFC 2822, but the use of an undefined header field starting with X- has become an accepted way to
add unofficial header fields to a message. The value you specify must contain less than 256 characters, and it can't
contain spaces.
Type: String
Required: False
Position: Named
Default value: None
-AdminDisplayName
Type: String
Required: False
Position: Named
Default value: None
-AllowedSenderDomains
The AllowedSenderDomains parameter specifies trusted domains that aren't processed by the spam filter.
Messages from senders in these domains are stamped with SFV:SKA in the X-Forefront-Antispam-Report header
and receive a spam confidence level (SCL ) of -1, so the messages are delivered to the recipient's inbox. Valid values
are one or more SMTP domains.
Required: False
Position: Named
Default value: None
-AllowedSenders
The AllowedSenders parameter specifies a list of trusted senders that aren't processed by the spam filter. Messages
from these senders are stamped with SFV:SKA in the X-Forefront-Antispam-Report header and receive an SCL of -
1, so the messages are delivered to the recipient's inbox. Valid values are one or more SMTP email addresses.
Required: False
Position: Named
Default value: None
-BlockedSenderDomains
The BlockedSenderDomains parameter specifies domains that are always marked as spam sources. Messages from
senders in these domains are stamped with SFV:SKB in the X-Forefront-Antispam-Report header and receive an
SCL of 9 (high confidence spam). Valid values are one or more SMTP domains.
Required: False
Position: Named
Default value: None
-BlockedSenders
The BlockedSenders parameter specifies senders that are always marked as spam sources. Messages from these
senders are stamped with SFV:SKB in the X-Forefront-Antispam-Report header and receive an SCL of 9 (high
confidence spam). Valid values are one or more SMTP email addresses.
Required: False
Position: Named
Default value: None
-BulkSpamAction
The BulkSpamAction parameter specifies the action to take on messages that are classified as bulk email (also
known as gray mail). Valid values are:
AddXHeader: The value specified by the AddXHeaderValue parameter is added to the message.
deleted message.
ModifySubject: The value specified by the ModifySubjectValue parameter is prepended to the subject of the
message.
MoveToJmf: Move the message to the user's Junk Email folder. This is the default value, and is required by zero-
hour auto purge (ZAP ) for spam.
Quarantine: Move the message to the quarantine.
Redirect: Redirect the message to the recipients specified by the RedirectToRecipients parameter.
Type: MoveToJmf | AddXHeader | ModifySubject | Redirect | Delete | Quarantine | NoAction

Required: False
Position: Named
Default value: None
-BulkThreshold
The BulkThreshold parameter specifies the Bulk Complaint Level (BCL ) threshold setting. Valid values are from 1 -
9, where 1 marks most bulk email as spam, and 9 allows the most bulk email to be delivered. The default value is 7.
For more information, see Configure your spam filter policies
(https://docs.microsoft.com/office365/SecurityCompliance/configure-your-spam-filter-policies).
Type: Int32
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DownloadLink
The DownloadLink parameter shows or hides a link in end-user spam notification messages to download the Junk
Email Reporting Tool plugin for Outlook. Valid input for this parameter is $true or $false. The default value is $false.
This parameter is only useful if the EnableEndUserSpamNotifications parameter is set to $true.

Required: False
Position: Named
Default value: None
-EnableEndUserSpamNotifications
The EnableEndUserSpamNotification parameter enables for disables sending end-user spam quarantine
notification messages. Valid input for this parameter is $true or $false. The default value is $false.
End-user spam notification messages periodically alert users when they have messages in the quarantine. When
you enable end-user spam notifications, you may also specify values for the
EndUserSpamNotificationCustomFromAddress, EndUserSpamNotificationCustomFromName, and
EndUserSpamNotificationCustomSubject parameters.

Required: False
Position: Named
Default value: None
-EnableLanguageBlockList
The EnableLanguageBlockList parameter enables or disables blocking email messages that are written in specific
languages, regardless of the message contents. Valid input for this parameter is $true or $false. The default value is
$false.
When you enable the language block list, you may specify one or more languages by using the LanguageBlockList
parameter.
Required: False
Position: Named
Default value: None
-EnableRegionBlockList
The EnableRegionBlockList parameter enables or disables blocking email messages that are sent from specific
countries or regions, regardless of the message contents. Valid input for this parameter is $true or $false. The
default value is $false.
When you enable the region block list, you may specify one or more regions by using the RegionBlockList
parameter.

Required: False
Position: Named
Default value: None
-EndUserSpamNotificationCustomFromAddress
The EndUserSpamNotificationCustomFromAddress parameter specifies a custom From address for end-user
spam notification messages. Valid input for this parameter is an SMTP email address.
Type: SmtpAddress
Required: False
Position: Named
Default value: None
-EndUserSpamNotificationCustomFromName
The EndUserSpamNotificationCustomFromName parameter specifies a custom display name in the From field for
end-user spam notification messages. If the value includes spaces, enclose the value in quotation marks (").
Type: String
Required: False
Position: Named
Default value: None
-EndUserSpamNotificationCustomSubject
The EndUserSpamNotificationCustomSubject parameter specifies a custom subject for end-user spam notification
messages. If the value includes spaces, enclose the value in quotation marks (").
Type: String
Required: False
Position: Named
Default value: None
-EndUserSpamNotificationFrequency
The EndUserSpamNotificationFrequency parameter specifies the repeat interval in days that end-user spam
notification messages are sent. Valid input for this parameter is an integer between 1 and 15. The default value is 3.
Type: Int32
Required: False
Position: Named
Default value: None
-EndUserSpamNotificationLanguage
The EndUserSpamNotificationLanguage parameter specifies the language of end-user spam notification messages.
The default value is Default. This means the default language of end-user spam notification messages is the default
language of the cloud-based organization.
Type: Default | English | French | German | Italian | Japanese | Spanish | Korean | Portuguese | Russian |
ChineseSimplified | ChineseTraditional | Amharic | Arabic | Bulgarian | BengaliIndia | Catalan | Czech |
Cyrillic | Danish | Greek | Estonian | Basque | Farsi | Finnish | Filipino | Galician | Gujarati | Hebrew |
Hindi | Croatian | Hungarian | Indonesian | Icelandic | Kazakh | Kannada | Lithuanian | Latvian | Malayalam |
Marathi | Malay | Dutch | NorwegianNynorsk | Norwegian | Oriya | Polish | PortuguesePortugal | Romanian |
Slovak | Slovenian | SerbianCyrillic | Serbian | Swedish | Swahili | Tamil | Telugu | Thai | Turkish |
Ukrainian | Urdu | Vietnamese
Required: False
Position: Named
Default value: None
-EndUserSpamNotificationLimit
Type: Int32
Required: False
Position: Named
Default value: None
-HighConfidenceSpamAction
The HighConfidenceSpamAction parameter specifies the action to take on messages that are classified as high
confidence spam. Valid values are:
deleted message.
message.

Required: False
Position: Named
Default value: None
-IncreaseScoreWithBizOrInfoUrls
The IncreaseScoreWithBizOrInfoUrls parameter increases the spam score of messages that contain links to .biz or
.info domains. Valid values for this parameter are Off, On or Test. The default value is Off.
Type: Off | On | Test

Required: False
Position: Named
Default value: None
-IncreaseScoreWithImageLinks
The IncreaseScoreWithImageLinks parameter increases the spam score of messages that contain image links to
remote websites. Valid values for this parameter are Off, On or Test. The default value is Off.

Required: False
Position: Named
Default value: None
-IncreaseScoreWithNumericIps
The IncreaseScoreWithNumericIps parameter increases the spam score of messages that contain links to IP
addresses. Valid values for this parameter are Off, On or Test. The default value is Off.

Required: False
Position: Named
Default value: None
-IncreaseScoreWithRedirectToOtherPort
The IncreaseScoreWithRedirectToOtherPort parameter increases the spam score of messages that contain links
that redirect to other TCP ports. Valid values for this parameter are Off, On or Test. The default value is Off.
Required: False
Position: Named
Default value: None
-InlineSafetyTipsEnabled
The InlineSafetyTipsEnabled parameter specifies whether to enable or disable safety tips that are shown to
recipients in messages. Valid values are:
$true: Safety tips are enabled. This is the default value.
$false: Safety tips are disabled.

Required: False
Position: Named
Default value: None
-LanguageBlockList
The LanguageBlockList parameter specifies the languages to block when messages are blocked based on their
language. Valid input for this parameter is a supported ISO 639-1 lowercase two-letter language code. You can
specify multiple values separated by commas. This parameter is only use when the EnableRegionBlockList
parameter is set to $true.
A reference for two-letter language codes is available at the Library of Congress website: ISO 639-2 Code
(https://www.loc.gov/standards/iso639-2/php/code\_list.ph). Note that not all possible language codes are
available as input for this parameter.
Required: False
Position: Named
Default value: None
-MarkAsSpamBulkMail
The MarkAsSpamBulkMail parameter classifies the message as spam when the message is identified as a bulk
email message. Valid values for this parameter are Off, On or Test. The default value is On.

Required: False
Position: Named
Default value: None
-MarkAsSpamEmbedTagsInHtml
The MarkAsSpamEmbedTagsInHtml parameter classifies the message as spam when the message contains HTML
<embed> tags. Valid values for this parameter are Off, On or Test. The default value is Off.
Required: False
Position: Named
Default value: None
-MarkAsSpamEmptyMessages
The MarkAsSpamEmptyMessages parameter classifies the message as spam when the message is empty. Valid
values for this parameter are Off, On or Test. The default value is Off.

Required: False
Position: Named
Default value: None
-MarkAsSpamFormTagsInHtml
The MarkAsSpamFormTagsInHtml parameter classifies the message as spam when the message contains HTML
<form> tags. Valid values for this parameter are Off, On or Test. The default value is Off.

Required: False
Position: Named
Default value: None
-MarkAsSpamFramesInHtml
The MarkAsSpamFramesInHtml parameter classifies the message as spam when the message contains HTML
<frame> or <iframe> tags. Valid values for this parameter are Off, On or Test. The default value is Off.

Required: False
Position: Named
Default value: None
-MarkAsSpamFromAddressAuthFail
The MarkAsSpamFromAddressAuthFail parameter classifies the message as spam when Sender ID filtering
encounters a hard fail. Valid values for this parameter are Off or On. The default value is Off.

Required: False
Position: Named
Default value: None
-MarkAsSpamJavaScriptInHtml
The MarkAsSpamJavaScriptInHtml parameter classifies the message as spam when the message contains
JavaScript or VBScript. Valid values for this parameter are Off, On or Test. The default value is Off.

Required: False
Position: Named
Default value: None
-MarkAsSpamNdrBackscatter
The MarkAsSpamNdrBackscatter parameter classifies the message as spam when the message is a non-delivery
report (NDR ) to a forged sender. Valid values for this parameter are Off or On. The default value is Off.

Required: False
Position: Named
Default value: None
-MarkAsSpamObjectTagsInHtml
The MarkAsSpamObjectTagsInHtml parameter classifies the message as spam when the message contains HTML
<object> tags. Valid values for this parameter are Off, On or Test. The default value is Off.

Required: False
Position: Named
Default value: None
-MarkAsSpamSensitiveWordList
The MarkAsSpamSensitiveWordList parameter classifies the message as spam when the message contains words
from the sensitive words list. Valid values for this parameter are Off, On or Test. The default value is Off.

Required: False
Position: Named
Default value: None
-MarkAsSpamSpfRecordHardFail
The MarkAsSpamSpfRecordHardFail parameter classifies the message as spam when Sender Policy Framework
(SPF ) record checking encounters a hard fail. Valid values for this parameter are Off or On. The default value is Off.

Required: False
Position: Named
Default value: None
-MarkAsSpamWebBugsInHtml
The MarkAsSpamWebBugsInHtml parameter classifies the message as spam when the message contains web
bugs. Valid values for this parameter are Off, On or Test. The default value is Off.

Required: False
Position: Named
Default value: None
-ModifySubjectValue
The ModifySubjectValue parameter specifies the text to prepend to the existing subject of spam messages when an
action parameter is set to the value ModifySubject. The action parameters that use the value of this parameter are:
BulkSpamAction
PhishSpamAction
SpamAction
The value that you specify for this parameter must contain less than 256 characters If the value contains spaces,
enclose the value in quotation marks (").
Type: String
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies a unique name for the content filter policy. If the value contains spaces, enclose the
The value itself can't contain the following characters: \, %, &, *, +, /, =, ?, {, }, |, <, >, (, ), ;, :, [, ], comma (,), or double-
quotation mark (").
Type: String
Required: True
Position: 1
Default value: None
-PhishSpamAction
The PhishSpamAction parameter specifies the action to take on messages that are classified as phishing (messages
that use fraudulent links or spoofed domains to get personal information). Valid values are:
deleted message.
message.

Required: False
Position: Named
Default value: None
-QuarantineRetentionPeriod
The QuarantineRetentionPeriod parameter specifies the length of time in days that spam messages remain in the
quarantine. Valid input for this parameter is an integer between 1 and 15. The default value is 15.
Type: Int32
Required: False
Position: Named
Default value: None
-RedirectToRecipients
The RedirectToRecipients parameter specifies the replacement recipients in spam messages when an action
parameter is set to the value Redirect. The action parameters that use the value of RedirectToRecipients are
HighConfidenceSpamAction and SpamAction.
Valid input for this parameter is an email address. Separate multiple email addresses with commas.
Required: False
Position: Named
Default value: None
-RegionBlockList
The RegionBlockList parameter specifies the region to block when messages are blocked based on their source
region. Valid input for this parameter is a supported ISO 3166-1 uppercase two-letter country code. You can
specify multiple values separated by commas. This parameter is only used when the EnableRegionBlockList
A reference for two-letter country codes is available at the International Organization for Standardization (ISO )
website: ISO 3166-1 decoding table (https://www.iso.org/iso/country\_codes/iso-3166-1\_decoding\_table.). Note
that not all possible country codes are available as input for this parameter.
Required: False
Position: Named
Default value: None
-SpamAction
The SpamAction parameter specifies the action to take on messages that are classified as spam (not high
confidence spam, bulk email, or phishing). Valid values are:
deleted message.
message.

Required: False
Position: Named
Default value: None
-TestModeAction
The TestModeAction parameter specifies the additional action to take on messages that match any of the
IncreaseScoreWith or MarkAsSpam parameters that are set to the value Test. Valid values are:
None (This is the default value)
AddXHeader: The X-header value X-CustomSpam: This message was filtered by the custom spam filter option
is added to the message.
BccMessage: Redirect the message to the recipients specified by the TestModeBccToRecipients parameter.
Type: None | AddXHeader | BccMessage

Required: False
Position: Named
Default value: None
-TestModeBccToRecipients
The TestModeBccToRecipients parameter specifies the blind carbon copy recipients to add to spam messages when
the TestModeAction action parameter is set to the value BccMessage.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-ZapEnabled
The ZapEnabled parameter specifies whether to enable zero-hour auto purge (ZAP ) for spam. ZAP detects unread
spam messages that have already been delivered to the user's Inbox. Valid values are:
$true: ZAP for spam is enabled. Unread spam messages that are detected in the user's Inbox are automatically
moved to the Junk Email folder. This is the default value.
$false: ZAP for spam is disabled.
Note: ZAP for spam requires that the following action parameters are set to the value MoveToJmf:
BulkSpamAction
PhishSpamAction
SpamAction

Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-HostedContentFilterRule
In ths Article
This cmdlet is available only in the cloud-based service. Use the New -HostedContentFilterRule cmdlet to create
Syntax
New-HostedContentFilterRule [-Name] <String> -HostedContentFilterPolicy <HostedContentFilterPolicyIdParameter>
[-Confirm]
[-Priority <Int32>]
Description
Examples
-------------------------- Example 1 --------------------------
New-HostedContentFilterRule -Name "Contoso Recipients" -HostedContentFilterPolicy "Contoso Content Filter

Policy" -RecipientDomainIs contoso.com
This example creates a new content filter rule named Contoso Recipients with the following settings: If the recipient
is in the domain contoso.com, apply the content filter policy named Contoso Content Filter Policy.
Parameters
-Comments
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter enables or disables the rule. Valid input for this parameter is $true or $false. The default
value is $true.

Required: False
Position: Named
Default value: None
Type: Word[]
Required: False
Position: Named
Default value: None
-ExceptIfSentTo
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
Name
Alias
Canonical DN
Email address
GUID
the group.
Required: False
Position: Named
Default value: None
-HostedContentFilterPolicy
The HostedContentFilterPolicy parameter specifies the content filter policy to apply to messages that match the
conditions defined by this content filter rule.
You can use any value that uniquely identifies the policy. For example, you can specify the name, GUID, or
distinguished name (DN ) of the content filter policy.
You can't specify the default content filter policy. And, you can't specify a content filter policy that's already
associated with another content filter rule.
Required: True
Position: Named
Default value: None
-Name
The Name parameter specifies a unique name for the content filter rule. If the value contains spaces, enclose the
quotation mark (").
Type: String
Required: True
Position: 1
Default value: None
-Priority
integer value indicates a higher priority, the value 0 is the highest priority and rules can't have the same priority
value.
Type: Int32
Required: False
Position: Named
Default value: None
-RecipientDomainIs
Type: Word[]
Required: False
Position: Named
Default value: None
-SentTo
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
-SentToMemberOf
Name
Alias
Canonical DN
Email address
GUID
group.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-MalwareFilterPolicy
In ths Article
may be exclusive to one environment or the other. Use the New -MalwareFilterPolicy cmdlet to create malware filter
policies in your organization. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
New-MalwareFilterPolicy [-Name] <String>
[-Action <DeleteMessage | DeleteAttachmentAndUseDefaultAlertText | DeleteAttachmentAndUseCustomAlertText>]
[-AdminDisplayName <String>] [-BypassInboundMessages <$true | $false>]
[-BypassOutboundMessages <$true | $false>] [-Confirm] [-CustomAlertText <String>]
[-CustomExternalBody <String>] [-CustomExternalSubject <String>] [-CustomFromAddress <SmtpAddress>]
[-CustomFromName <String>] [-CustomInternalBody <String>] [-CustomInternalSubject <String>]
[-CustomNotifications <$true | $false>] [-DomainController <Fqdn>]
[-EnableExternalSenderAdminNotifications <$true | $false>]
[-EnableExternalSenderNotifications <$true | $false>]
[-EnableInternalSenderAdminNotifications <$true | $false>]
[-EnableInternalSenderNotifications <$true | $false>] [-ExternalSenderAdminAddress <SmtpAddress>]
[-InternalSenderAdminAddress <SmtpAddress>] [-WhatIf] [-EnableFileFilter <$true | $false>]
[-FileTypes <String[]>] [-ZapEnabled <$true | $false>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
New-MalwareFilterPolicy -Name "Contoso Malware Filter Policy" -EnableInternalSenderAdminNotifications $true -

InternalSenderAdminAddress admin@contoso.com
This example creates a new malware filter policy named Contoso Malware Filter Policy with the following settings:
Block messages that contain malware.
Don't notify the message sender when malware is detected in the message.
Notify the administrator admin@contoso.com when malware is detected in a message from an internal sender.
Parameters
-Action
The Action parameter specifies the action to take when malware is detected in a message. Valid values are:
DeleteMessage: Deletes the message. This is the default value.
DeleteAttachmentAndUseDefaultAlert: Delivers the message, but replaces the message contents with the
default alert text.
DeleteAttachmentAndUseCustomAlert: Delivers the message, but replaces the message contents with the
custom alert text specified by the AlertText parameter.
Note: For Exchange Online Protection, any of these actions result in the message and any attachments being routed
to quarantine. For more information about quarantined messages, see https://go.microsoft.com/fwlink/p/?
linkid=874388.
Type: DeleteMessage | DeleteAttachmentAndUseDefaultAlertText | DeleteAttachmentAndUseCustomAlertText

Required: False
Position: Named
Default value: None
-AdminDisplayName
Type: String
Required: False
Position: Named
Default value: None
-BypassInboundMessages
The BypassInboundMessages parameter skips or enforces malware scanning on incoming messages. Valid input
for this parameter is $true or $false. The default value is $false. This means malware scanning occurs on incoming
messages by default.

Required: False
Position: Named
Default value: None
-BypassOutboundMessages
The BypassOutboundMessages parameter skips or enforces malware scanning on outgoing messages. Valid input
for this parameter is $true or $false. The default value is $false. This means malware scanning occurs on outgoing
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-CustomAlertText
The CustomAlertText parameter specifies the custom alert text to insert in the message when malware is detected
and the value of the Action parameter is set to ReplaceWithCustomAlert. This parameter is required when the
CustomNotifications parameter is set to $true.
Type: String
Required: False
Position: Named
Default value: None
-CustomExternalBody
The CustomExternalBody parameter specifies the body of the custom notification message that's sent to an external
sender when a message contains malware. This parameter is required when the CustomNotifications parameter is
set to $true.
Type: String
Required: False
Position: Named
Default value: None
-CustomExternalSubject
The CustomExternalSubject parameter specifies the subject of the custom notification message that's sent to an
external sender when a message contains malware. This parameter is required when the CustomNotifications
Type: String
Required: False
Position: Named
Default value: None
-CustomFromAddress
The CustomFromAddress parameter specifies the From address of the custom notification message that's sent to
an internal or external sender when a message contains malware. This parameter is required when the
Type: SmtpAddress
Required: False
Position: Named
Default value: None
-CustomFromName
The CustomExternalFromName parameter specifies the From name of the custom notification message that's sent
to internal or external senders when a message contains malware. This parameter is required when the
Type: String
Required: False
Position: Named
Default value: None
-CustomInternalBody
The CustomInternalBody parameter specifies the body of the custom notification message that's sent to an internal
sender when a message contains malware. This parameter is required when the CustomNotifications parameter is
set to $true.
Type: String
Required: False
Position: Named
Default value: None
-CustomInternalSubject
The CustomInternalSubject parameter specifies the subject of the custom notification message that's sent to an
internal sender when a message contains malware. This parameter is required when the CustomNotifications
Type: String
Required: False
Position: Named
Default value: None
-CustomNotifications
The CustomNotifications parameter enables or disables the custom notification message to the sender when the
message contains malware. Valid input for this parameter is $true or $false. The default value is $false.
If you enable custom notification messages by setting this parameter to $true, you specify the details of the custom
notification message using the CustomFromAddress,CustomFromName, CustomExternalSubject,
CustomExternalBody, CustomInternalSubject and CustomInternalBody parameters.

Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-EnableExternalSenderAdminNotifications
The EnableExternalSenderAdminNotifications parameter enables or disables sending notification messages to an
administrator when malware is detected in messages from external senders. Valid input for this parameter is $true
or $false. The default value is $false.
Specify the administrator to receive the notification messages by using the ExternalSenderAdminAddress
parameter.

Required: False
Position: Named
Default value: None
-EnableExternalSenderNotifications
The EnableExternalSenderNotifications parameter enables or disables sending notification messages to senders
when malware is detected in messages from external senders. Valid input for this parameter is $true or $false. The

Required: False
Position: Named
Default value: None
-EnableFileFilter
The EnableFileFilter parameter enables or disables common attachment blocking. Valid values are:
$true: Common attachment blocking is enabled.
$false: Common attachment blocking is disabled.
To configure the blocked file types, use the FileTypes parameter.

Required: False
Position: Named
Default value: None
-EnableInternalSenderAdminNotifications
administrator when malware is detected in messages from internal senders. Valid input for this parameter is $true
Specify the administrator to receive the notification messages by using the InternalSenderAdminAddress
parameter.

Required: False
Position: Named
Default value: None
-EnableInternalSenderNotifications
The EnableExternalSenderAdminNotifications parameter enables or disables sending notification messages to
senders when malware is detected in messages from internal senders. Valid input for this parameter is $true or
$false. The default value is $false.

Required: False
Position: Named
Default value: None
-ExternalSenderAdminAddress
The ExternalSenderAdminAddress parameter specifies the email address of the administrator who will receive
notifications messages when messages from external senders contain malware. Notification messages are sent to
the specified email address only if the EnableExternalSenderAdminNotifications parameter is set to $true.
Type: SmtpAddress
Required: False
Position: Named
Default value: None
-FileTypes
The FileTypes parameter specifies the file types that are blocked by common attachment blocking. The default
values are:
ace
ani
app
docm
exe
jar
reg
scr
vbe
vbs
You enable or disable common attachment blocking by using the EnableFileFilter parameter.
Common attachment blocking uses best effort true-typing to detect the file type regardless of the file name
extension. If true-typing fails or isn't supported for the specified file type, then extension matching is used. For
example, ps1 files are Windows PowerShell scripts, but their true type is text.
To replace the existing list of file types with the values you specify, use the syntax <FileType1>,<FileType2>,...
<FileTypeN>. To preserve existing values, be sure to include the file types that you want to keep along with the new
values that you want to add.
To add or remove file types without affecting the other file type entries, see the Examples section in the Set-
MalwareFilterPolicy cmdlet topic.
Type: String[]
Required: False
Position: Named
Default value: None
-InternalSenderAdminAddress
The InternalSenderAdminAddress parameter specifies the email address of the administrator who will receive
the specified email address only if the EnableInternalSenderAdminNotifications parameter is set to $true.
Type: SmtpAddress
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies a name for the malware filter policy. If the value contains spaces, enclose the value
Type: String
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-ZapEnabled
The ZapEnabled parameter specifies whether to enable zero-hour auto purge (ZAP ) for malware. ZAP detects
malware in unread messages that have already been delivered to the user's Inbox. Valid values are:
$true: ZAP for malware is enabled. Unread messages in the user's Inbox that contain malware are moved to the
Junk Email folder. This is the default value.
$false: ZAP for malware is disabled.

Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-MalwareFilterRule
In ths Article
may be exclusive to one environment or the other. Use the New -MalwareFilterRule cmdlet to create malware filter
Syntax
New-MalwareFilterRule [-Name] <String> -MalwareFilterPolicy <MalwareFilterPolicyIdParameter>
[-Confirm]
[-Priority <Int32>]
Description
Examples
-------------------------- Example 1 --------------------------
New-MalwareFilterRule -Name "Contoso Recipients" -MalwareFilterPolicy "Contoso Malware Filter Policy" -

RecipientDomainIs contoso.com
This example creates a new malware filter rule named Contoso Recipients with the following settings: If the
recipient is in the domain contoso.com, apply the malware filter policy named Contoso Malware Filter Policy.
Parameters
-Comments
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter enables or disables the malware filter rule. Valid input for this parameter is $true or $false.

Required: False
Position: Named
Default value: None
Type: Word[]
Required: False
Position: Named
Default value: None
-ExceptIfSentTo
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
Name
Alias
Canonical DN
Email address
GUID
the group.
Required: False
Position: Named
Default value: None
-MalwareFilterPolicy
The MalwareFilterPolicy parameter specifies the malware filter policy to apply to messages that match the
conditions defined by this malware filter rule.
You can't specify the default malware filter policy. And, you can't specify a malware filter policy that's already
associated with another malware filter rule.
Required: True
Position: Named
Default value: None
-Name
The Name parameter specifies a unique name for the malware filter rule.
Type: String
Required: True
Position: 1
Default value: None
-Priority
value.
Type: Int32
Required: False
Position: Named
Default value: None
-RecipientDomainIs
Type: Word[]
Required: False
Position: Named
Default value: None
-SentTo
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
-SentToMemberOf
Name
Alias
Canonical DN
Email address
GUID
group.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Preview-QuarantineMessage
In ths Article
This cmdlet is available only in the cloud-based service. Use the Preview -QuarantineMessage cmdlet to preview
the contents of quarantined messages in your cloud-based organization. Note : This cmdlet isn't available for files
that are protected by Office 365 Advanced Threat Protection in SharePoint Online, OneDrive for Business, and
Microsoft Teams. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Preview-QuarantineMessage -Identity <QuarantineMessageIdentity> [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-QuarantineMessage -MessageID <5c695d7e-6642-4681-a4b0-9e7a86613cb7@contoso.com> | Preview-QuarantineMessage
This example previews the quarantined message with the Message-ID value <5c695d7e-6642-4681-a4b0-
9e7a86613cb7@contoso.com\>.
-------------------------- Example 2 --------------------------
Preview-QuarantineMessage -Identity c14401cf-aa9a-465b-cfd5-08d0f0ca37c5\4c2ca98e-94ea-db3a-7eb8-3b63657d4db7
This example previews the quarantined message that has the specified Identity value.
Parameters
-Identity
The Identity parameter specifies the quarantined message that you want to preview. The value is a unique
Required: True
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Release-QuarantineMessage
In ths Article
This cmdlet is available only in the cloud-based service. Use the Release-QuarantineMessage cmdlet to release
messages from quarantine in your cloud-based organization. You can release messages to all original recipients, or
to specific recipients. For files that are protected by Office 365 Advanced Threat Protection in SharePoint Online,
OneDrive for Business and Microsoft Teams, you can unblock the files in the respective team sites and document
libraries by using the Release-QuarantineMessage cmdlet so users can access, share, and download the files. For
Syntax
Release-QuarantineMessage [-Identities <QuarantineMessageIdentity[]>] [-Identity <QuarantineMessageIdentity>] -
User <String[]>
[-AllowSender]
[-Confirm]
[-Force]
[-ReportFalsePositive]
Release-QuarantineMessage [-Identities <QuarantineMessageIdentity[]>] [-Identity <QuarantineMessageIdentity>]

[-ReleaseToAll]
[-AllowSender] [-Confirm]
[-Delete]
[-Force]
Release-QuarantineMessage -Identities <QuarantineMessageIdentity[]> [-Identity <QuarantineMessageIdentity>]

[-AllowSender]
[-Confirm]
[-Force]
Release-QuarantineMessage -Identity <QuarantineMessageIdentity>

[-AllowSender]
[-Confirm]
[-Force]
Description
Examples
-------------------------- Example 1 --------------------------
Get-QuarantineMessage -MessageID "<5c695d7e-6642-4681-a4b0-9e7a86613cb7@contoso.com>" | Release-

QuarantineMessage -User julia@contoso.com
This example uses the Get-QuarantineMessage cmdlet to release the quarantined message with the Message-ID
value <5c695d7e-6642-4681-a4b0-9e7a86613cb7@contoso.com\> to an original recipient julia@contoso.com.
-------------------------- Example 2 --------------------------
Release-QuarantineMessage -Identity c14401cf-aa9a-465b-cfd5-08d0f0ca37c5\4c2ca98e-94ea-db3a-7eb8-3b63657d4db7 -

ReleaseToAll
This example releases the quarantined message with the specified Identity value to all original recipients.
-------------------------- Example 3 --------------------------
Get-QuarantineMessage | Release-QuarantineMessage -ReleaseToAll
This example releases all messages to all original recipients.

-------------------------- Example 4 --------------------------
$q = Get-QuarantineMessage -QuarantineTypes SPOMalware; $q[-1] | Release-QuarantineMessage -Organization -

ReleaseToAll
This example releases a file that was quarantined as part of Office 365 Advanced Threat Protection. The first
command stores all SharePoint Online, OneDrive for Business and Microsoft Teams quarantined files in the
variable $q. The second command releases the last file in the list. For more information about elements in arrays
and index numbers, see Accessing and Using Array Elements
(https://docs.microsoft.com/powershell/module/microsoft.powershell.core/about/about_arrays#accessing-and-
using-array-elements).
Parameters
-AllowSender
The AllowSender switch specifies that all future messages from the sender won't be quarantined. You don't need to
specify a value with this switch.
If the message was quarantined because of a transport rule or blocked sender, messages from the sender can still
be blocked in the future.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Delete
This parameter has been deprecated and is no longer used.
To delete quarantined messages, use the Delete-QuarantineMessage cmdlet.
Required: False
Position: Named
Default value: None
-Force
The Force switch specifies whether to attempt the re-release of previously released messages from quarantine. You
don't need to specify a value with this switch.
You need to use this switch whenever you attempt to re-release previously released messages from quarantine.
Required: False
Position: Named
Default value: None
-Identities
The Identities parameter identifies quarantined messages for bulk operations. You identify the messages by using
the syntax: value1,value2,...valueN. The value is a unique quarantined message identifier in the format
GUID1\GUID2 (for example c14401cf-aa9a-465b-cfd5-08d0f0ca37c5\4c2ca98e-94ea-db3a-7eb8-
3b63657d4db7).
You can find the identity value for a quarantined message by using the Get-QuarantineMessage cmdlet.
When you use this parameter, the Identity parameter is required, but the value is ignored. For example, use the
value 000 for the Identity parameter.
Type: QuarantineMessageIdentity[]
Required: True
Position: Named
Default value: None
-Identity
The Identity parameter specifies the quarantined message that you want to release. The value is a unique
08d0f0ca37c5\4c2ca98e-94ea-db3a-7eb8-3b63657d4db7).
Required: True
Position: Named
Default value: None
-ReleaseToAll
The ReleaseToAll switch releases the quarantined message to all original recipients. You don't have to specify a
This parameter is required for the quarantine type SPOMalware.
If you previously used the User parameter or the ReleaseToAll switch to release the quarantined message to some
or all of the original recipients, those recipients are skipped when you use the ReleaseToAll parameter again. You
don't have to specify a value with the ReleaseToAll switch.
You can't use the ReleaseToAll switch and the User parameter in the same command.
Required: True
Position: Named
Default value: None
-ReportFalsePositive
The ReportFalsePositive switch sends a notification message indicating the specified message was not spam. You
This switch is only available for quarantined spam messages.
Required: False
Position: Named
Default value: None
-User
The User parameter specifies the email address of the user to whom you want to release the quarantined message.
You can specify multiple email addresses separated by commas.
You can use this parameter to release the message to recipients of the original message, or to any other email
addresses in the organization.
If you previously used the ReleaseToAll switch to release the quarantined message to all original recipients, and you
later release the message again with the User parameter, any original recipients you specify with the User
parameter are skipped.
Type: String[]
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-AttachmentFilterEntry
In ths Article
This cmdlet is available or effective only on Edge Transport servers in on-premises Exchange. Use the Remove-
AttachmentFilterEntry cmdlet to remove an entry from the attachment filter list that's used by the Attachment
Filtering agent on Edge Transport servers. For information about the parameter sets in the Syntax section below,
Syntax
Remove-AttachmentFilterEntry [-Identity] <String> [-Confirm] [-DomainController <Fqdn>] [-WhatIf]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-AttachmentFilterEntry -Identity FileName:*.txt
This example removes the attachment filter entry that filters file names with a .txt extension.
-------------------------- Example 2 --------------------------
Remove-AttachmentFilterEntry -Identity ContentType:image/jpeg
This example removes the attachment filter entry that filters attachments that have the MIME content type
image/jpeg.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the type of attachment that this filter entry removes. The Identity parameter
accepts values in the format Type:Name, where Type is one of the following two values:
ContentType: This value matches the attachment filter entry against the MIME content type.
FileName: This value matches the attachment filter entry against the simple file name.
In Type:Name, Name can be either the file name of the attachment filter entry to be removed, or the content type of
the attachment filter entry to be removed.
Type: String
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-ContentFilterPhrase
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Remove-ContentFilterPhrase cmdlet to remove one
or all custom words that the Content Filter agent processes. For information about the parameter sets in the Syntax
Syntax
Remove-ContentFilterPhrase [-Identity] <ContentFilterPhraseIdParameter>
[-Confirm] [-DomainController <Fqdn>]
Remove-ContentFilterPhrase [-Phrase <ContentFilterPhraseIdParameter>]

[-Confirm]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-ContentFilterPhrase -Identity "Free credit report"
This example removes the custom phrase Free credit report from the list of phrases that are filtered.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies a custom word or phrase to remove. You must enclose the value of the Identity
For this command, the Identity parameter performs the same actions as the Phrase parameter. The Identity and
Phrase parameters are interchangeable. You can't use the Phrase parameter if the Identity parameter is used.
Required: True
Position: 1
Default value: None
-Phrase
The Phrase parameter specifies a custom word or phrase to remove. You must enclose the value of the Phrase
For this command, the Phrase parameter performs the same actions as the Identity parameter. The Phrase and
Identity parameters are interchangeable. You can't use the Identity parameter if the Phrase parameter is used.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-HostedContentFilterPolicy
In ths Article
This cmdlet is available only in the cloud-based service. Use the Remove-HostedContentFilterPolicy cmdlet to
remove content filter policies from your cloud-based organization. When a policy is removed and there are rules
associated with it, the rules are not removed when the policy is removed. This is by design. If you want to remove
the associated rules, you need to do this separately via the Remove-HostedContentFilterRule cmdlet. For
Syntax
Remove-HostedContentFilterPolicy [-Identity] <HostedContentFilterPolicyIdParameter> [-Confirm] [-WhatIf]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-HostedContentFilterPolicy "Contoso Content Filter Policy"
This example removes the content filter policy named Contoso Content Filter Policy.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the content filter policy you want to remove. You can use any value that uniquely
identifies the policy, For example, you can use the name, GUID or distinguished name (DN ) of the content filter
policy.
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-HostedContentFilterRule
In ths Article
This cmdlet is available only in the cloud-based service. Use the Remove-HostedContentFilterRule cmdlet to
remove content filter rules in your cloud-based organization. For information about the parameter sets in the
Syntax
Remove-HostedContentFilterRule [-Identity] <RuleIdParameter> [-Confirm] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-Rule "Contoso Recipients"
This example removes the content filter rule named Contoso Recipients.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the content filter rule that you want to remove. You can use any value that uniquely
rule.
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-IPAllowListEntry
In ths Article
IPAllowListEntry cmdlet to remove IP address entries from the IP Allow list that's used by the Connection Filtering
Syntax
Remove-IPAllowListEntry [-Identity] <IPListEntryIdentity> [-Confirm] [-Server <ServerIdParameter>] [-WhatIf]
Description
Examples
-------------------------- Example 1 --------------------------
Get-IPAllowListEntry | Where {$_.IPRange -eq '192.168.0.100'} | Remove-IPAllowListEntry
This example removes the IP address 192.168.0.100 from the IP Allow list.
-------------------------- Example 2 --------------------------
Get-IPAllowListEntry | Where {$_.IPRange -eq '192.168.0.0/24'} | Remove-IPAllowListEntry
This example removes the IP address range 192.168.0.0/24 from the IP Allow list.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the integer value of the IP Allow list entry that you want to remove. When you add
an entry to the IP Allow list, the Identity value is automatically assigned. To find the Identity value of an IP Allow list
entry, use the Get-IPAllowListEntry cmdlet.
Required: True
Position: 1
Default value: None
-Server
Name
FQDN
Exchange Legacy DN
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-IPAllowListProvider
In ths Article
IPAllowListProvider cmdlet to remove IP Allow list providers that are used by the Connection Filtering agent on
Syntax
Remove-IPAllowListProvider [-Identity] <IPAllowListProviderIdParameter> [-Confirm] [-DomainController <Fqdn>]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-IPAllowListProvider Contoso.com
This example removes the IP Allow list provider named Contoso.com.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the IP Allow list provider that you want to remove. You can use any value that
Name
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-IPBlocklistEntry
In ths Article
IPBlockListEntry cmdlet to remove IP block list entries that are used by the Connection Filtering agent on Edge
Syntax
Remove-IPBlocklistEntry [-Identity] <IPListEntryIdentity> [-Confirm] [-Server <ServerIdParameter>] [-WhatIf]
Description
Examples
-------------------------- Example 1 --------------------------
Get-IPBlockListEntry | Where {$_.IPRange -eq '192.168.0.100'} | Remove-IPBlockListEntry
This example removes the IP address 192.168.0.100 from the IP Block list.
-------------------------- Example 2 --------------------------
Get-IPBlockListEntry | Where {$_.IPRange -eq '192.168.0.0/24'} | Remove-IPBlockListEntry
This example removes the IP address range 192.168.0.0/24 from the IP Block list.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the integer value of the IP Block list entry that you want to remove. When you add
an entry to the IP Block list, the Identity value is automatically assigned. To find the Identity value of an IP Block list
entry, use the Get-IPBlockListEntry cmdlet.
Required: True
Position: 1
Default value: None
-Server
Name
FQDN
Exchange Legacy DN
You can't use this command to configure other Edge Transport servers remotely.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-IPBlockListProvider
In ths Article
IPBlockListProvider cmdlet to remove IP Block list providers that are used by the Connection Filtering agent on
Edge Transport server. For information about the parameter sets in the Syntax section below, see Exchange cmdlet
Syntax
Remove-IPBlockListProvider [-Identity] <IPBlockListProviderIdParameter> [-Confirm] [-DomainController <Fqdn>]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-IPBlockListProvider Contoso.com
This example removes the IP Block list provider named Contoso.com.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the IP Block list provider that you want to remove. You can use any value that
Name
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-MalwareFilterPolicy
In ths Article
may be exclusive to one environment or the other. Use the Remove-MalwareFilterPolicy cmdlet to remove malware
filter policies from your organization. When a policy is removed and there are rules associated with it, the rules are
not removed when the policy is removed. This is by design. If you want to remove the associated rules, you need to
do this separately via the Remove-MalwareFilterRule cmdlet. For information about the parameter sets in the
Syntax
Remove-MalwareFilterPolicy [-Identity] <MalwareFilterPolicyIdParameter> [-Confirm] [-DomainController <Fqdn>]
[-Force] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-MalwareFilterPolicy "Contoso Malware Filter Policy"
This example removes the malware filter policy named Contoso Malware Filter Policy
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the malware filter policy you want to remove. You can use any value that uniquely
policy.
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-MalwareFilterRule
In ths Article
may be exclusive to one environment or the other. Use the Remove-MalwareFilterRule cmdlet to remove malware
filter rules from your organization. For information about the parameter sets in the Syntax section below, see
Syntax
Remove-MalwareFilterRule [-Identity] <RuleIdParameter> [-Confirm] [-DomainController <Fqdn>] [-WhatIf]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-MalwareFilterRule "Contoso Recipients"
This example removes the malware filter rule named Contoso Recipients.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the malware filter rule that you want to remove. You can use any value that
filter rule.
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Rotate-DkimSigningConfig
In ths Article
This cmdlet is available only in the cloud-based service. Use the Rotate-DkimSigningConfig cmdlet to rotate the
public and private DomainKeys Identified Mail (DKIM ) signing policy keys for domains in a cloud-based
organization. This cmdlet creates new DKIM keys and uses the alternate DKIM selector. Typically, you don't need to
use this cmdlet, because Microsoft Office 365 automatically rotates your DKIM keys. For information about the
Syntax
Rotate-DkimSigningConfig [-Identity] <DkimSigningConfigIdParameter> [-Confirm] [-KeySize <UInt16>] [-WhatIf]
Description
Examples
-------------------------- Example 1 --------------------------
Rotate-DkimSigningConfig -Identity contoso.com
This example rotates the DKIM signing policy for the contoso.com domain.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the DKIM signing policy that you want to rotate. You can use any value that
GUID
Required: True
Position: 1
Default value: None
-KeySize
The KeySize parameter specifies the size in bits of the public key that's used in the DKIM signing policy. The only
available value is 1024.
Type: UInt16
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Set-AttachmentFilterListConfig
In ths Article
This cmdlet is available or effective only on Edge Transport servers in on-premises Exchange. Use the Set-
AttachmentFilterListConfig cmdlet to modify the configuration of the Attachment Filtering agent on Edge Transport
Syntax
Set-AttachmentFilterListConfig [-Action <Reject | Strip | SilentDelete>] [-AdminMessage <String>] [-Confirm]
[-DomainController <Fqdn>] [-ExceptionConnectors <MultiValuedProperty>] [-RejectResponse <String>] [-WhatIf]
Description
type or the file name of the attachment. The configuration of the Attachment Filtering agent determines how
messages that contain the specified attachments are processed.
Examples
-------------------------- Example 1 --------------------------
Set-AttachmentFilterListConfig -Action Reject
This example modifies the action that the Attachment Filtering agent takes on an attachment that matches an entry
on the attachment filter list so that both the email message and attachment aren't delivered to the recipient and an
NDR is sent to the sender.
Parameters
-Action
The Action parameter specifies how the Attachment Filtering agent handles an attachment that matches an entry
on the attachment filter list. The default value is Reject. You can use one of the following values:
Reject: This value prevents both the email message and attachment from being delivered to the recipient and
issues a non-delivery report (NDR ) to the sender.
Strip: This value removes the offending attachment from the email message and allows the message and other
attachments that don't match an entry on the attachment filter list through. A notification that the attachment
was removed is added to the email message.
SilentDelete: This value prevents both the email message and the attachment from being delivered to the
recipient. No notification that the email message and attachment were blocked is sent to the sender.
Type: Reject | Strip | SilentDelete

Required: False
Position: Named
Default value: None
-AdminMessage
The AdminMessage parameter specifies the content of a text file that replaces attachments removed by the
Attachment Filtering agent. The AdminMessage parameter only appears when the Attachment Filtering agent is
configured to remove an attachment that's been identified as bad.
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-ExceptionConnectors
The ExceptionConnectors parameter specifies a list of connectors that should be excluded from attachment filtering.
Attachment filters aren't applied to email messages received through these connectors. You must use the connector
GUID to specify the ExceptionConnectors parameter value.
Required: False
Position: Named
Default value: None
-RejectResponse
The RejectResponse parameter specifies the message body that you want delivered in the NDR to senders whose
messages contain an attachment that's blocked. The RejectResponse parameter is required only if you set the
Action parameter to Reject. Don't exceed 240 characters in the parameter argument. When you pass an argument,
you must enclose the RejectResponse parameter value in quotation marks (") if the phrase contains spaces, for
example: "Message rejected". The default setting is Message rejected due to unacceptable attachments.
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-ContentFilterConfig
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-ContentFilterConfig cmdlet to modify the
content filter configuration on a Mailbox server or an Edge Transport server. For information about the parameter
sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Set-ContentFilterConfig [-BypassedRecipients <MultiValuedProperty>]
[-BypassedSenderDomains <MultiValuedProperty>] [-BypassedSenders <MultiValuedProperty>] [-Confirm]
[-DomainController <Fqdn>] [-Enabled <$true | $false>] [-ExternalMailEnabled <$true | $false>]
[-InternalMailEnabled <$true | $false>] [-OutlookEmailPostmarkValidationEnabled <$true | $false>]
[-QuarantineMailbox <SmtpAddress>] [-RejectionResponse <AsciiString>] [-SCLDeleteEnabled <$true | $false>]
[-SCLDeleteThreshold <Int32>] [-SCLQuarantineEnabled <$true | $false>] [-SCLQuarantineThreshold <Int32>]
[-SCLRejectEnabled <$true | $false>] [-SCLRejectThreshold <Int32>] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-ContentFilterConfig -BypassedSenderDomains woodgrovebank.com
This example specifies the sender domain woodgrovebank.com as a bypassed domain. Messages received from
that domain bypass the Content Filter agent.
-------------------------- Example 2 --------------------------
Set-ContentFilterConfig -SCLQuarantineEnabled $true -SCLRejectEnabled $true -SCLDeleteEnabled $true -

SCLQuarantineThreshold 5 -SCLRejectThreshold 6 -SCLDeleteThreshold 8 -QuarantineMailbox
SpamQuarantineMailbox@contoso.com -RejectionResponse "Message rejected due to content restrictions" -
BypassedRecipients user1@contoso.com,user2@contoso.com
This example makes the following modifications to the Content Filter agent configuration:
It enables and configures the SCL threshold functionalities that quarantine, reject and delete messages to 5, 6 and 8
respectively.
It specifies SpamQuarantineMailbox@contoso.com as the spam quarantine mailbox.
It defines two users for whom the Content Filter won't process messages.
Parameters
-BypassedRecipients
The BypassedRecipients parameter specifies the SMTP address values of recipients in your organization. The
Content Filter agent doesn't process any content filtering for messages bound to the addresses listed on this
parameter. To enter multiple SMTP addresses, separate the addresses by using a comma, for example:
recipient1@contoso.com,recipient2@contoso.com. The maximum number of recipients you can input is 100.
Required: False
Position: Named
Default value: None
-BypassedSenderDomains
The BypassedSenderDomains parameter specifies domain name values of sending domains. The Content Filter
agent doesn't process any content filtering for messages received from the domains listed on this parameter. To
enter multiple domains, separate the addresses by using a comma, for example: contoso.com, example.com. A
wildcard character (*) can be used to specify all subdomains, for example: *.contoso.com. The maximum number of
domains you can input is 100.
Required: False
Position: Named
Default value: None
-BypassedSenders
The BypassedSenders parameter specifies the SMTP address values of senders. The Content Filter agent doesn't
process any content filtering for messages received from the addresses listed on this parameter. To enter multiple
SMTP addresses, separate the addresses by using a comma, for example: sender1@contoso.com,
sender2@example.com. The maximum number of SMTP addresses you can input is 100.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter enables or disables the Content Filter agent on the computer on which you're running the
command. Valid input for the Enabled parameter is $true or $false. The default setting is $true.

Required: False
Position: Named
Default value: None
-ExternalMailEnabled
The ExternalMailEnabled parameter specifies whether all messages from unauthenticated connections from
sources external to your Exchange organization are passed through the Content Filter agent for processing. Valid
input for the ExternalMailEnabled parameter is $true or $false. The default setting is $true. When the
ExternalMailEnabled parameter is set to $true, all messages from unauthenticated connections are passed through
the Content Filter agent for processing.

Required: False
Position: Named
Default value: None
-InternalMailEnabled
The InternalMailEnabled parameter specifies whether all messages from authenticated connections and from
authoritative domains in your enterprise are passed through the Content Filter agent for processing. Valid input for
the InternalMailEnabled parameter is $true or $false. The default setting is $false. When the InternalMailEnabled
parameter is set to $true, all messages from authenticated connections and from authoritative domains in your
enterprise are passed through the Content Filter agent for processing.

Required: False
Position: Named
Default value: None
-OutlookEmailPostmarkValidationEnabled
The OutlookEmailPostmarkValidationEnabled parameter specifies whether the Content Filter agent sends a
computational puzzle to the sender's system for processing. Valid input for the
OutlookEmailPostmarkValidationEnabled parameter is $true or $false. When the
OutlookEmailPostmarkValidationEnabled parameter is set to $true, the Content Filter agent sends a computational
puzzle to the sender's system for processing. The results of the puzzle validation are factored into the overall spam
confidence level (SCL ). This functionality is exposed to the Microsoft Outlook user as Outlook E -mail Postmark
validation. The default setting is $false.

Required: False
Position: Named
Default value: None
-QuarantineMailbox
The QuarantineMailbox parameter specifies an SMTP address to be used as a spam quarantine mailbox. A spam
quarantine mailbox is required when you set the SCLQuarantineEnabled parameter to $true. All messages that
exceed the value set in the SCLQuarantineThreshold parameter are sent to the SMTP address that you set in this
parameter.
Type: SmtpAddress
Required: False
Position: Named
Default value: None
-RejectionResponse
The RejectionResponse parameter specifies the message body that you want delivered in the non-delivery report
(NDR ) to senders whose messages meet or exceed the SCLRejectThreshold value. The RejectionResponse
parameter is required if you set the SCLRejectEnabled parameter to $true. The RejectionResponse parameter takes
a string. Don't exceed 240 characters in the argument. When you pass an argument, you must enclose the
RejectionResponse parameter in quotation marks (") if the phrase contains spaces, for example: "Message rejected".
The default setting is Message rejected due to content restrictions.
Type: AsciiString
Required: False
Position: Named
Default value: None
-SCLDeleteEnabled
The SCLDeleteEnabled parameter specifies whether all messages that exceed the value set in the
SCLDeleteThreshold parameter are deleted. Valid input for the SCLDeleteEnabled parameter is $true or $false. The
default setting is $false. When the SCLDeleteEnabled parameter is set to $true, all messages that exceed the value
set in the SCLDeleteThreshold parameter are deleted.

Required: False
Position: Named
Default value: None
-SCLDeleteThreshold
The SCLDeleteThreshold parameter specifies an integer value from 1 through 9. This value represents the SCL
rating that a particular message must exceed for the Content Filter agent to delete the message and not send an
NDR. To enable this functionality, you must set the SCLDeleteEnabled parameter to $true. The default setting is 9.
Type: Int32
Required: False
Position: Named
Default value: None
-SCLQuarantineEnabled
The SCLQuarantineEnabled parameter specifies whether all messages that exceed the value set in the
SCLQuarantineThreshold parameter are sent to the spam quarantine mailbox specified in the QuarantineMailbox
parameter. Valid input for the SCLQuarantineEnabled parameter is $true or $false. The default setting is $false.
When the SCLQuarantineEnabled parameter is set to $true, all messages that exceed the value set in the
SCLQuarantineThreshold parameter are sent to the spam quarantine mailbox specified in the QuarantineMailbox
parameter.

Required: False
Position: Named
Default value: None
-SCLQuarantineThreshold
The SCLQuarantineThreshold parameter specifies an integer value from 1 through 9. This value represents the
SCL rating that a particular message must exceed for the Content Filter agent to quarantine the message. To enable
quarantine functionality, you must set the SCLQuarantineEnabled parameter to $true, and provide a valid SMTP
address in the QuarantineMailbox parameter. The default setting is 9.
Type: Int32
Required: False
Position: Named
Default value: None
-SCLRejectEnabled
The SCLRejectEnabled parameter specifies whether all messages that exceed the value set in the
SCLRejectThreshold parameter are rejected, and an NDR is sent to the sender. Valid input for the
SCLRejectEnabled parameter is $true or $false. The default setting is $false. When SCLRejectEnabled parameter is
set to $true, all messages that exceed the value set in the SCLRejectThreshold parameter are rejected, and an NDR
is sent to the sender.

Required: False
Position: Named
Default value: None
-SCLRejectThreshold
The SCLRejectThreshold parameter specifies an integer value from 1 through 9. This value represents the SCL
rating that a particular message must exceed for the Content Filter agent to reject the message and send an NDR
to the sender. To enable the delete functionality, you must set the SCLDeleteEnabled parameter to $true. Also, you
can revise the default NDR message by editing the RejectionResponse parameter. The default setting is 9.
Type: Int32
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-DkimSigningConfig
In ths Article
This cmdlet is available only in the cloud-based service. Use the Set-DkimSigningConfig cmdlet to modify the
Syntax
Set-DkimSigningConfig [-Identity] <DkimSigningConfigIdParameter> [-AdminDisplayName <String>]
[-BodyCanonicalization <Simple | Relaxed>] [-Confirm] [-Enabled <$true | $false>]
[-HeaderCanonicalization <Simple | Relaxed>] [-PublishTxtRecords] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-DkimSigningConfig -Identity contoso.com -Enabled $false
This example disables the DKIM signing policy for the contoso.com domain.
Parameters
-AdminDisplayName
Type: String
Required: False
Position: Named
Default value: None
-BodyCanonicalization
The BodyCanonicalization parameter specifies the canonicalization algorithm that's used to create and verify the
message body part of the DKIM signature. This value effectively controls the sensitivity of DKIM to changes to the
message body in transit. Valid values are:
Relaxed: Changes in whitespace and changes in empty lines at the end of the message body are tolerated. This
Simple: Only changes in empty lines at the end of the message body are tolerated.

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Enabled

Required: False
Position: Named
Default value: None
-HeaderCanonicalization
The HeaderCanonicalization parameter specifies the canonicalization algorithm that's used to create and verify the
message header part of the DKIM signature. This value effectively controls the sensitivity of DKIM to changes to
the message headers in transit. Valid values are:
Relaxed: Common modifications to the message header are tolerated (for example, header field line rewrapping,
changes in unnecessary whitespace or empty lines, and changes in case for header fields). This is the default
value.
Simple: No changes to the header fields are tolerated.

Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the DKIM signing policy that you want to modify. You can use any value that
GUID
Required: True
Position: 1
Default value: None
-PublishTxtRecords
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Set-HostedConnectionFilterPolicy
In ths Article
This cmdlet is available only in the cloud-based service. Use the Set-HostedConnectionFilterPolicy cmdlet to
modify the settings of connection filter policies in your cloud-based organization. For information about the
Syntax
Set-HostedConnectionFilterPolicy [-Identity] <HostedConnectionFilterPolicyIdParameter>
[-AdminDisplayName <String>] [-ConfigurationXmlRaw <String>] [-Confirm] [-EnableSafeList <$true | $false>]
[-IPAllowList <MultiValuedProperty>] [-IPBlockList <MultiValuedProperty>] [-MakeDefault] [-WhatIf]
Description
Examples
-------------------------- Example 1 --------------------------
Set-HostedConnectionFilterPolicy "Contoso Connection Filter Policy" -IPAllowList 192.168.1.10,192.168.1.23 -

IPBlockList 10.10.10.0/25,172.17.17.0/24
This example modifies the connection filter policy named Contoso Connection Filter Policy with the following
settings:
Messages from 192.168.1.10 and 192.168.1.23 are never identified as spam.
Messages from 10.10.10.0/25 and 172.17.17.0/24 are always identified as spam.
-------------------------- Example 2 --------------------------
Set-HostedConnectionFilterPolicy "Contoso Connection Filter Policy" -IPAllowList

@{Add="192.168.2.10","192.169.3.0/24","192.168.4.1-192.168.4.5";Remove="192.168.1.10"}
This example modifies the connection filter policy named Contoso Connection Filter Policy with the following
settings:
The following IP addresses are added to the existing values in the IP allow list: 192.168.2.10, 192.169.3.0/24
and 192.168.4.1-192.168.4.5.
The IP address 192.168.1.10 is removed from the existing values in the IP allow list.
Parameters
-AdminDisplayName
Type: String
Required: False
Position: Named
Default value: None
-ConfigurationXmlRaw
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-EnableSafeList
The EnableSafeList parameter enables or disables use of the safe list. The safe list is a dynamic allow list in the
Microsoft datacenter that requires no customer configuration. Valid input for this parameter is $true or $false. The
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the connection filter policy you want to modify. You can use any value that
uniquely identifies the policy. For example, you can use the name, GUID or distinguished name (DN ) of the hosted
connection filter policy.
Required: True
Position: 1
Default value: None
-IPAllowList
The IPAllowList parameter specifies IP addresses from which messages are always allowed. Messages from the IP
addresses you specify won't be identified as spam, despite any other spam characteristics of the messages.
You enter the IP addresses using the following syntax:
Single IP: For example, 192.168.1.1.
IP range: You can use an IP address range, for example, 192.168.0.1-192.168.0.254.
CIDR IP: You can use Classless InterDomain Routing (CIDR ), for example, 192.168.0.1/25. Valid network mask
values are /24 through /32.
You can specify multiple IP addresses of the same type separated by commas. For example, <single IP1>, <single
IP2> or <CIDR IP1>, <CIDR IP2>. To specify multiple IP addresses of different types at the same time, you need
to use the following multivalued property syntax: @{Add="<single IP1>","<IP range1>",<CIDR IP1>...}.
Required: False
Position: Named
Default value: None
-IPBlockList
The IPBlockList parameter specifies IP addresses from which messages are never allowed. Messages from the IP
addresses you specify are blocked without any further spam scanning.
IP range: You can use an IP address range, for example, 192.168.0.1-192.168.0.254.
CIDR IP: You can use Classless InterDomain Routing (CIDR ), for example, 192.168.0.1/25. Valid network mask
values are /24 through /32.
You can specify multiple IP addresses of the same type separated by commas. For example, <single IP1>, <single
IP2> or <CIDR IP1>, <CIDR IP2>. To specify multiple IP addresses of different types at the same time, you need
to use the following multivalued property syntax: @{Add="<single IP1>","<IP range1>",<CIDR IP1>...}.
Required: False
Position: Named
Default value: None
-MakeDefault
The MakeDefault switch makes the specified policy the default connection filter policy. You don't have to specify a
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-HostedContentFilterPolicy
In ths Article
This cmdlet is available only in the cloud-based service. Use the Set-HostedContentFilterPolicy cmdlet to modify
the settings of content filter policies in your cloud-based organization. For information about the parameter sets in
Syntax
Set-HostedContentFilterPolicy [-Identity] <HostedContentFilterPolicyIdParameter>
[-AddXHeaderValue <String>]
[-AllowedSenderDomains <MultiValuedProperty>]
[-AllowedSenders <MultiValuedProperty>]
[-BlockedSenderDomains <MultiValuedProperty>]
[-BlockedSenders <MultiValuedProperty>]
[-BulkSpamAction <MoveToJmf | AddXHeader | ModifySubject | Redirect | Delete | Quarantine | NoAction>]
[-BulkThreshold <Int32>]
[-Confirm]
[-DownloadLink <$true | $false>]
[-EnableEndUserSpamNotifications <$true | $false>]
[-EnableLanguageBlockList <$true | $false>]
[-EnableRegionBlockList <$true | $false>]
[-EndUserSpamNotificationCustomFromAddress <SmtpAddress>]
[-EndUserSpamNotificationCustomFromName <String>]
[-EndUserSpamNotificationCustomSubject <String>]
[-EndUserSpamNotificationFrequency <Int32>]
[-EndUserSpamNotificationLanguage <Default | English | French | German | Italian | Japanese | Spanish | Korean
| Portuguese | Russian | ChineseSimplified | ChineseTraditional | Amharic | Arabic | Bulgarian | BengaliIndia |
Catalan | Czech | Cyrillic | Danish | Greek | Estonian | Basque | Farsi | Finnish | Filipino | Galician |
Gujarati | Hebrew | Hindi | Croatian | Hungarian | Indonesian | Icelandic | Kazakh | Kannada | Lithuanian |
Latvian | Malayalam | Marathi | Malay | Dutch | NorwegianNynorsk | Norwegian | Oriya | Polish |
PortuguesePortugal | Romanian | Slovak | Slovenian | SerbianCyrillic | Serbian | Swedish | Swahili | Tamil |
Telugu | Thai | Turkish | Ukrainian | Urdu | Vietnamese>]
[-EndUserSpamNotificationLimit <Int32>]
[-HighConfidenceSpamAction <MoveToJmf | AddXHeader | ModifySubject | Redirect | Delete | Quarantine |
NoAction>]
[-IncreaseScoreWithBizOrInfoUrls <Off | On | Test>]
[-IncreaseScoreWithImageLinks <Off | On | Test>]
[-IncreaseScoreWithNumericIps <Off | On | Test>]
[-IncreaseScoreWithRedirectToOtherPort <Off | On | Test>]
[-InlineSafetyTipsEnabled <$true | $false>]
[-LanguageBlockList <MultiValuedProperty>]
[-MakeDefault]
[-MarkAsSpamBulkMail <Off | On | Test>]
[-MarkAsSpamEmbedTagsInHtml <Off | On | Test>]
[-MarkAsSpamEmptyMessages <Off | On | Test>]
[-MarkAsSpamFormTagsInHtml <Off | On | Test>]
[-MarkAsSpamFramesInHtml <Off | On | Test>]
[-MarkAsSpamFromAddressAuthFail <Off | On | Test>]
[-MarkAsSpamJavaScriptInHtml <Off | On | Test>]
[-MarkAsSpamNdrBackscatter <Off | On | Test>]
[-MarkAsSpamObjectTagsInHtml <Off | On | Test>]
[-MarkAsSpamSensitiveWordList <Off | On | Test>]
[-MarkAsSpamSpfRecordHardFail <Off | On | Test>]
[-MarkAsSpamWebBugsInHtml <Off | On | Test>]
[-ModifySubjectValue <String>]
[-PhishSpamAction <MoveToJmf | AddXHeader | ModifySubject | Redirect | Delete | Quarantine | NoAction>]
[-QuarantineRetentionPeriod <Int32>]
[-RedirectToRecipients <MultiValuedProperty>]
[-RegionBlockList <MultiValuedProperty>]
[-SpamAction <MoveToJmf | AddXHeader | ModifySubject | Redirect | Delete | Quarantine | NoAction>]
[-TestModeAction <None | AddXHeader | BccMessage>]
[-TestModeBccToRecipients <MultiValuedProperty>]
[-WhatIf]
[-ZapEnabled <$true | $false>]
Description
For more information about the limits for allowed and blocked senders, see Exchange Online Protection Limits.
Examples
-------------------------- Example 1 --------------------------
Set-HostedContentFilterPolicy -Identity "Contoso Content Filter Policy" -HighConfidenceSpamAction Redirect -

SpamAction Redirect -RedirectToRecipients chris@contoso.com
This example modifies the content filter policy named Contoso Content Filter Policy with the following settings:
Redirect messages that are definitely spam or that may be spam to chris@contoso.com.
Send copies of spam quarantine false positive submissions to michelle@contoso.com.
Parameters
-AddXHeaderValue
The AddXHeaderValue parameter specifies the X-header value to add to spam messages when an action parameter
is set to the value AddXHeader. The action parameters that use the value of this parameter are:
BulkSpamAction
PhishSpamAction
SpamAction
The value that you specify for this parameter must contain less than 256 characters, and can't contain spaces.
Note that when the TestModeAction parameter is set to AddXHeader, the following X-header value is automatically
added to the message: X-CustomSpam: This message was filtered by the custom spam filter option.
An X-header is a user-defined, unofficial header field that exists in the message header. X-headers aren't specifically
mentioned in RFC 2822, but the use of an undefined header field starting with X- has become an accepted way to
add unofficial header fields to a message.
Type: String
Required: False
Position: Named
Default value: None
-AdminDisplayName
Type: String
Required: False
Position: Named
Default value: None
-AllowedSenderDomains
The AllowedSenderDomains parameter specifies trusted domains that aren't processed by the spam filter.
Messages from senders in these domains are stamped with SFV:SKA in the X-Forefront-Antispam-Report header
and receive a spam confidence level (SCL ) of -1, so the messages are delivered to the recipient's inbox. Valid values
are one or more SMTP domains.
To enter multiple values and overwrite any existing entries, use the following syntax: <value1>,<value2>,...
<valueN>. If the values contain spaces or otherwise require quotation marks, you need to use the following syntax:
"<value1>","<value2>",..."<valueN>".
To add or remove one or more values without affecting any existing entries, use the following syntax: @{Add="
<value1>","<value2>"...; Remove="<value1>","<value2>"...}.
Required: False
Position: Named
Default value: None
-AllowedSenders
The AllowedSenders parameter specifies a list of trusted senders that aren't processed by the spam filter. Messages
from these senders are stamped with SFV:SKA in the X-Forefront-Antispam-Report header and receive an SCL of -
1, so the messages are delivered to the recipient's inbox. Valid values are one or more SMTP email addresses.
Required: False
Position: Named
Default value: None
-BlockedSenderDomains
The BlockedSenderDomains parameter specifies domains that are always marked as spam sources. Messages from
senders in these domains are stamped with SFV:SKB in the X-Forefront-Antispam-Report header and receive an
SCL of 9 (high confidence spam). Valid values are one or more SMTP domains.
Required: False
Position: Named
Default value: None
-BlockedSenders
The BlockedSenders parameter specifies senders that are always marked as spam sources. Messages from these
senders are stamped with SFV:SKB in the X-Forefront-Antispam-Report header and receive an SCL of 9 (high
confidence spam). Valid values are one or more SMTP email addresses.
Required: False
Position: Named
Default value: None
-BulkSpamAction
The BulkSpamAction parameter specifies the action to take on messages that are classified as bulk email (also
known as gray mail). Valid values are:
deleted message.
message.

Required: False
Position: Named
Default value: None
-BulkThreshold
The BulkThreshold parameter specifies the Bulk Complaint Level (BCL ) threshold setting. Valid values are from 1 -
9, where 1 marks most bulk email as spam, and 9 allows the most bulk email to be delivered. The default value is 7.
For more information, see Configure your spam filter policies
(https://docs.microsoft.com/office365/SecurityCompliance/configure-your-spam-filter-policies).
Type: Int32
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DownloadLink
The DownloadLink parameter shows or hides a link in end-user spam notification messages to download the Junk
Email Reporting Tool plugin for Outlook. Valid input for this parameter is $true or $false. The default value is $false.
This parameter is only useful if the EnableEndUserSpamNotifications parameter is set to $true.

Required: False
Position: Named
Default value: None
-EnableEndUserSpamNotifications
The EnableEndUserSpamNotification parameter enables for disables sending end-user spam quarantine
notification messages. Valid input for this parameter is $true or $false. The default value is $false.
End-user spam notification messages periodically alert users when they have messages in the quarantine. When
you enable end-user spam notifications, you may also specify values for the
EndUserSpamNotificationCustomFromAddress, EndUserSpamNotificationCustomFromName, and
EndUserSpamNotificationCustomSubject parameters.
Required: False
Position: Named
Default value: None
-EnableLanguageBlockList
The EnableLanguageBlockList parameter enables or disables blocking email messages that are written in specific
languages, regardless of the message contents. Valid input for this parameter is $true or $false. The default value is
$false.
When you enable the language block list, you may specify one or more languages by using the LanguageBlockList
parameter.

Required: False
Position: Named
Default value: None
-EnableRegionBlockList
The EnableRegionBlockList parameter enables or disables blocking email messages that are sent from specific
countries or regions, regardless of the message contents. Valid input for this parameter is $true or $false. The
When you enable the region block list, you may specify one or more regions by using the RegionBlockList
parameter.

Required: False
Position: Named
Default value: None
-EndUserSpamNotificationCustomFromAddress
Type: SmtpAddress
Required: False
Position: Named
Default value: None
-EndUserSpamNotificationCustomFromName
Type: String
Required: False
Position: Named
Default value: None
-EndUserSpamNotificationCustomSubject
The EndUserSpamNotificationCustomSubject parameter specifies a custom subject for end-user spam notification
messages. If the value includes spaces, enclose the value in quotation marks (").
Type: String
Required: False
Position: Named
Default value: None
-EndUserSpamNotificationFrequency
The EndUserSpamNotificationFrequency parameter specifies the repeat interval in days that end-user spam
notification messages are sent. Valid input for this parameter is an integer between 1 and 15. The default value is 3.
Type: Int32
Required: False
Position: Named
Default value: None
-EndUserSpamNotificationLanguage
The EndUserSpamNotificationLanguage parameter specifies the language of end-user spam notification messages.
The default value is Default. This means the default language of end-user spam notification messages is the default
language of the cloud-based organization.
Type: Default | English | French | German | Italian | Japanese | Spanish | Korean | Portuguese | Russian |
ChineseSimplified | ChineseTraditional | Amharic | Arabic | Bulgarian | BengaliIndia | Catalan | Czech |
Cyrillic | Danish | Greek | Estonian | Basque | Farsi | Finnish | Filipino | Galician | Gujarati | Hebrew |
Hindi | Croatian | Hungarian | Indonesian | Icelandic | Kazakh | Kannada | Lithuanian | Latvian | Malayalam |
Marathi | Malay | Dutch | NorwegianNynorsk | Norwegian | Oriya | Polish | PortuguesePortugal | Romanian |
Slovak | Slovenian | SerbianCyrillic | Serbian | Swedish | Swahili | Tamil | Telugu | Thai | Turkish |
Ukrainian | Urdu | Vietnamese
Required: False
Position: Named
Default value: None
-EndUserSpamNotificationLimit
Type: Int32
Required: False
Position: Named
Default value: None
-HighConfidenceSpamAction
The HighConfidenceSpamAction parameter specifies the action to take on messages that are classified as high
confidence spam (not spam, bulk email, or phishing). Valid values are:
deleted message.
message.

Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the content filter policy you want to modify. You can use any value that uniquely
identifies the policy. For example, you can specify the name, GUID or distinguished name (DN ) of the content filter
policy.
Required: True
Position: 1
Default value: None
-IncreaseScoreWithBizOrInfoUrls
The IncreaseScoreWithBizOrInfoUrls parameter increases the spam score of messages that contain links to .biz or
.info domains. Valid values for this parameter are Off, On or Test. The default value is Off.
Required: False
Position: Named
Default value: None
-IncreaseScoreWithImageLinks
The IncreaseScoreWithImageLinks parameter increases the spam score of messages that contain image links to
remote websites. Valid values for this parameter are Off, On or Test. The default value is Off.

Required: False
Position: Named
Default value: None
-IncreaseScoreWithNumericIps
The IncreaseScoreWithNumericIps parameter increases the spam score of messages that contain links to IP
addresses. Valid values for this parameter are Off, On or Test. The default value is Off.

Required: False
Position: Named
Default value: None
-IncreaseScoreWithRedirectToOtherPort
The IncreaseScoreWithRedirectToOtherPort parameter increases the spam score of messages that contain links
that redirect to other TCP ports. Valid values for this parameter are Off, On or Test. The default value is Off.

Required: False
Position: Named
Default value: None
-InlineSafetyTipsEnabled
The InlineSafetyTipsEnabled parameter specifies whether to enable or disable safety tips that are shown to
recipients in messages. Valid values are:
$true: Safety tips are enabled. This is the default value.
$false: Safety tips are disabled.
Required: False
Position: Named
Default value: None
-LanguageBlockList
The LanguageBlockList parameter specifies the languages to block when messages are blocked based on their
language. Valid input for this parameter is a supported ISO 639-1 lowercase two-letter language code. You can
specify multiple values separated by commas. This parameter is only used when the EnableLanguageBlockList
A reference for two-letter language codes is available at the Library of Congress website: ISO 639-2 Code
(https://www.loc.gov/standards/iso639-2/php/code\_list.ph). Note that not all possible language codes are
available as input for this parameter.
Required: False
Position: Named
Default value: None
-MakeDefault
The MakeDefault switch makes the specified content filter policy the default content filter policy. You don't have to
Required: False
Position: Named
Default value: None
-MarkAsSpamBulkMail
The MarkAsSpamBulkMail parameter classifies the message as spam when the message is identified as a bulk
email message (also known as gray mail). Valid values for this parameter are Off, On or Test. The default value is
On.

Required: False
Position: Named
Default value: None
-MarkAsSpamEmbedTagsInHtml
The MarkAsSpamEmbedTagsInHtml parameter classifies the message as spam when the message contains HTML
<embed> tags. Valid values for this parameter are Off, On or Test. The default value is Off.
Required: False
Position: Named
Default value: None
-MarkAsSpamEmptyMessages
The MarkAsSpamEmptyMessages parameter classifies the message as spam when the message is empty. Valid
values for this parameter are Off, On or Test. The default value is Off.

Required: False
Position: Named
Default value: None
-MarkAsSpamFormTagsInHtml
The MarkAsSpamFormTagsInHtml parameter classifies the message as spam when the message contains HTML
<form> tags. Valid values for this parameter are Off, On or Test. The default value is Off.

Required: False
Position: Named
Default value: None
-MarkAsSpamFramesInHtml
The MarkAsSpamFramesInHtml parameter classifies the message as spam when the message contains HTML
<frame> or <iframe> tags. Valid values for this parameter are Off, On or Test. The default value is Off.

Required: False
Position: Named
Default value: None
-MarkAsSpamFromAddressAuthFail
The MarkAsSpamFromAddressAuthFail parameter classifies the message as spam when Sender ID filtering
encounters a hard fail. Valid values for this parameter are Off or On. The default value is Off.

Required: False
Position: Named
Default value: None
-MarkAsSpamJavaScriptInHtml
The MarkAsSpamJavaScriptInHtml parameter classifies the message as spam when the message contains
JavaScript or VBScript. Valid values for this parameter are Off, On or Test. The default value is Off.

Required: False
Position: Named
Default value: None
-MarkAsSpamNdrBackscatter
The MarkAsSpamNdrBackscatter parameter classifies the message as spam when the message is a non-delivery
report (NDR ) to a forged sender. Valid values for this parameter are Off or On. The default value is Off.

Required: False
Position: Named
Default value: None
-MarkAsSpamObjectTagsInHtml
The MarkAsSpamObjectTagsInHtml parameter classifies the message as spam when the message contains HTML
<object> tags. Valid values for this parameter are Off, On or Test. The default value is Off.

Required: False
Position: Named
Default value: None
-MarkAsSpamSensitiveWordList
The MarkAsSpamSensitiveWordList parameter classifies the message as spam when the message contains words
from the sensitive words list. Valid values for this parameter are Off, On or Test. The default value is Off.

Required: False
Position: Named
Default value: None
-MarkAsSpamSpfRecordHardFail
The MarkAsSpamSpfRecordHardFail parameter classifies the message as spam when Sender Policy Framework
(SPF ) record checking encounters a hard fail. Valid values for this parameter are Off or On. The default value is Off.

Required: False
Position: Named
Default value: None
-MarkAsSpamWebBugsInHtml
The MarkAsSpamWebBugsInHtml parameter classifies the message as spam when the message contains web
bugs. Valid values for this parameter are Off, On or Test. The default value is Off.

Required: False
Position: Named
Default value: None
-ModifySubjectValue
The ModifySubjectValue parameter specifies the text to prepend to the existing subject of messages when an action
parameter is set to the value ModifySubject. The action parameters that use the value of this parameter are:
BulkSpamAction
PhishSpamAction
SpamAction
The value you specify must contain less than 256 characters. If the value contains spaces, enclose the value in
Type: String
Required: False
Position: Named
Default value: None
-PhishSpamAction
The PhishSpamAction parameter specifies the action to take on messages that are classified as phishing (messages
that use fraudulent links or spoofed domains to get personal information). Valid values are:
deleted message.
message.
Required: False
Position: Named
Default value: None
-QuarantineRetentionPeriod
The QuarantineRetentionPeriod parameter specifies the length of time in days that spam messages remain in the
quarantine. Valid input for this parameter is an integer between 1 and 15. The default value is 15.
Type: Int32
Required: False
Position: Named
Default value: None
-RedirectToRecipients
The RedirectToRecipients parameter specifies the email addresses of replacement recipients when an action
parameter is set to the value Redirect. The action parameters that use the email addresses in this parameter are:
BulkSpamAction
PhishSpamAction
SpamAction
You can specify multiple email addresses separated by commas.
Required: False
Position: Named
Default value: None
-RegionBlockList
The RegionBlockList parameter specifies the region to block when messages are blocked based on their source
region. Valid input for this parameter is a supported ISO 3166-1 uppercase two-letter country code. You can
specify multiple values separated by commas. This parameter is only used when the EnableRegionBlockList
A reference for two-letter country codes is available at the International Organization for Standardization (ISO )
website: ISO 3166-1 decoding table (https://www.iso.org/iso/country\_codes/iso-3166-1\_decoding\_table.). Note
that not all possible country codes are available as input for this parameter.
Required: False
Position: Named
Default value: None
-SpamAction
The SpamAction parameter specifies the action to take on messages that are classified as spam (not high
confidence spam, bulk email, or phishing)). Valid values are:
Delete : Delete the message during filtering. Use caution when selecting this value, because you can't recover
the deleted message.
message.

Required: False
Position: Named
Default value: None
-TestModeAction
The TestModeAction parameter specifies the additional action to take on messages when the IncreaseScoreWith or
MarkAsSpam parameters that are set to the value Test. Valid values are:
None (This is the default value)
AddXHeader: The X-header value X-CustomSpam: This message was filtered by the custom spam filter option
is added to the message.
BccMessage: Redirect the message to the recipients specified by the TestModeBccToRecipients parameter.
Type: None | AddXHeader | BccMessage

Required: False
Position: Named
Default value: None
-TestModeBccToRecipients
The TestModeBccToRecipients parameter specifies the blind carbon copy recipients to add to spam messages when
the TestModeAction action parameter is set to the value BccMessage.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-ZapEnabled
The ZapEnabled parameter specifies whether to enable zero-hour auto purge (ZAP ). ZAP detects unread messages
that have already been delivered to the user's Inbox. Valid values are:
$true: ZAP is enabled. Unread messages that are detected in the user's Inbox are automatically moved to the
$false: ZAP is disabled.

Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Safe sender and blocked sender lists in Exchange Online
Set-HostedContentFilterRule
In ths Article
This cmdlet is available only in the cloud-based service. Use the Set-HostedContentFilterRule cmdlet to modify the
settings of content filter rules in your cloud-based organization. For information about the parameter sets in the
Syntax
Set-HostedContentFilterRule [-Identity] <RuleIdParameter>
[-Confirm]
[-HostedContentFilterPolicy <HostedContentFilterPolicyIdParameter>]
[-Name <String>]
[-Priority <Int32>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-HostedContentFilterRule "Contoso Recipients" -ExceptIfSentToMemberOf "Contoso Human Resources"
This example adds an exception to the content filter rule named Contoso Recipients for members of the distribution
group named Contoso Human Resources.
Parameters
-Comments
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
Type: Word[]
Required: False
Position: Named
Default value: None
-ExceptIfSentTo
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
Name
Alias
Canonical DN
Email address
GUID
the group.
Required: False
Position: Named
Default value: None
-HostedContentFilterPolicy
The HostedContentFilterPolicy parameter specifies the content filter policy to apply to messages that match the
conditions defined by this content filter rule.
You can't specify the default content filter policy. And, you can't specify a content filter policy that's already
associated with another content filter rule.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the content filter rule that you want to modify. You can use any value that uniquely
identifies the rule. For example, you can specify the name, GUID, or distinguished name (DN ) of the content filter
rule.
Required: True
Position: 1
Default value: None
-Name
The Name parameter specifies a unique name for the content filter rule. If the value contains spaces, enclose the
quotation mark (").
Type: String
Required: False
Position: Named
Default value: None
-Priority
value.
Type: Int32
Required: False
Position: Named
Default value: None
-RecipientDomainIs
Type: Word[]
Required: False
Position: Named
Default value: None
-SentTo
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
-SentToMemberOf
Name
Alias
Canonical DN
Email address
GUID
group.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-HostedOutboundSpamFilterPolicy
In ths Article
This cmdlet is available only in the cloud-based service. Use the Set-HostedOutboundSpamFilterPolicy cmdlet to
modify the settings of the outbound spam filter policy in your cloud-based organization. For information about the
Syntax
Set-HostedOutboundSpamFilterPolicy [-Identity] <HostedOutboundSpamFilterPolicyIdParameter>
[-AdminDisplayName <String>] [-BccSuspiciousOutboundAdditionalRecipients <MultiValuedProperty>]
[-BccSuspiciousOutboundMail <$true | $false>] [-Confirm] [-NotifyOutboundSpam <$true | $false>]
[-NotifyOutboundSpamRecipients <MultiValuedProperty>] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-HostedOutboundSpamFilterPolicy Default -NotifyOutboundSpam $true -NotifyOutboundSpamRecipients

chris@contoso.com
This example configures the following settings in the outbound spam filter policy named Default:
Notification messages are sent when an outgoing message is determined to be spam.
Notification messages are sent to chris@contoso.com.
Parameters
-AdminDisplayName
Type: String
Required: False
Position: Named
Default value: None
-BccSuspiciousOutboundAdditionalRecipients
The BccSuspiciousOutboundAdditionalRecipients parameter specifies the recipients to add to the Bcc field of
outgoing spam messages. Valid input for this parameter is an email address. Separate multiple email addresses
with commas.
The specified recipients are added to the Bcc field of outgoing spam messages when the value of the
BccSuspiciousOutboundMail parameter is $true.
Required: False
Position: Named
Default value: None
-BccSuspiciousOutboundMail
The BccSuspiciousOutboundMail parameter enables or disables adding recipients to the Bcc field of outgoing
spam messages. Valid input for this parameter is $true or $false. The default value is $false. You specify the
additional recipients using the BccSuspiciousOutboundAdditionalRecipients parameter.

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the outbound spam filter policy you want to modify. You can use any value that
uniquely identifies the policy. For example, you can specify the name, GUID or distinguished name (DN ) of the
outbound spam filter policy.
Type: HostedOutboundSpamFilterPolicyIdParameter
Required: True
Position: 1
Default value: None
-NotifyOutboundSpam
The NotifyOutboundSpam parameter enables or disables sending notification messages to administrators when an
outgoing message is determined to be spam. Valid input for this parameter is $true or $false. The default value is
$false. You specify the administrators to notify by using the NotifyOutboundSpamRecipients parameter.

Required: False
Position: Named
Default value: None
-NotifyOutboundSpamRecipients
The NotifyOutboundSpamRecipients parameter specifies the administrators to notify when an outgoing message
is determined to be spam. Valid input for this parameter is an email address. Separate multiple email addresses
with commas.
The specified recipients receive notifications when the value of the NotifyOutboundSpam parameter is $true.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-IPAllowListConfig
In ths Article
IPAllowListConfig cmdlet to modify the IP Allow list configuration that's used by the Connection Filtering agent on
Syntax
Set-IPAllowListConfig [-Confirm] [-DomainController <Fqdn>] [-Enabled <$true | $false>]
[-ExternalMailEnabled <$true | $false>] [-InternalMailEnabled <$true | $false>] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-IPAllowListConfig -InternalMailEnabled $true
This example configures connection filtering to use the IP Allow list on messages that come from internal
connections.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter specifies whether the IP Allow list is used for content filtering. Valid input for this parameter
is $true or $false. The default value is $true. By default, the IP Allow list is used for content filtering.

Required: False
Position: Named
Default value: None
The ExternalMailEnabled parameter specifies whether messages from connections outside of the Exchange
organization are evaluated by the IP Allow list. Valid input for this parameter is $true or $false. The default value is
$true. By default, messages from external connections are evaluated by the IP Allow list.

Required: False
Position: Named
Default value: None
The InternalMailEnabled parameter specifies whether messages from connections inside the Exchange
organization are evaluated by the IP Allow list. Valid input for this parameter is $true or $false. The default value is
$false. By default, messages from internal connections are not evaluated by the IP Allow list. Authenticated partner
messages aren't considered internal mail.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-IPAllowListProvider
In ths Article
IPAllowListProvider cmdlet to modify IP Allow list providers that are used by the Connection Filtering agent on
Syntax
Set-IPAllowListProvider [-Identity] <IPAllowListProviderIdParameter> [-AnyMatch <$true | $false>]
[-IPAddressesMatch <MultiValuedProperty>] [-LookupDomain <SmtpDomain>] [-Name <String>] [-Priority <Int32>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-IPAllowListProvider Contoso.com -AnyMatch $true
This example configures the IP Allow list provider named Contoso.com to allow connections from an IP address if
any IP address status codes are returned.
-------------------------- Example 2 --------------------------
Set-IPAllowListProvider Contoso.com -Priority 1
This example sets the priority to 1 for the existing IP Allow list provider named Contoso.com.
Parameters
-AnyMatch
The AnyMatch parameter specifies whether any response by the allow list provider is treated as a match. Valid
connection filtering sends the IP address of the connecting SMTP server to the allow list provider, any response
code returned by the allow list provider causes connection filtering to allow messages from that source.
Required: False
Position: Named
Default value: None
-BitmaskMatch
The BitmaskMatch parameter specifies the bit mask status code that's returned by the allow list provider. Use this
parameter if the allow list provider returns bitmask responses. Valid input for this parameter is a single IP address
Type: IPAddress
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter specifies whether the Connection Filtering agent queries the IP Allow list provider
according to the priority set for this IP Allow list provider configuration. Valid input for this parameter is $true or
$false. The default value is $true. By default, the Connection Filtering agent queries the IP Allow list provider
according to the priority set for this IP Allow list provider configuration.

Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the IP Allow list provider that you want to modify. You can use any value that
Name
GUID
Required: True
Position: 1
Default value: None
-IPAddressesMatch
The IPAddressesMatch parameter specifies the IP address status codes that are returned by the allow list provider.
Use this parameter if the allow list provider returns IP address or A record responses. Valid input for this parameter
one or more IP addresses in the format 127.0.0.1.
Required: False
Position: Named
Default value: None
-LookupDomain
The LookupDomain parameter specifies the host name that's required to use the allow list provider. Connection
value is allowlist.spamservice.com. The actual value you need to use is provided by the allow list provider.
Type: SmtpDomain
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies a descriptive name for the IP Allow list provider.
Type: String
Required: False
Position: Named
Default value: None
-Priority
The Priority parameter specifies the order that the Connection Filtering agent queries the IP Allow list providers
that you've configured. By default, every time that you add a new IP Allow list provider, the entry is assigned a
priority of N+1, where N is the number of IP Allow list providers you've configured.
If you set the Priority parameter to a value that's the same as another IP Allow list provider, the priority of the IP
Allow list provider that you added first is incremented by 1.
Type: Int32
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-IPAllowListProvidersConfig
In ths Article
IPAllowListProvidersConfig cmdlet to modify the settings that affect all IP Allow list providers that are configured
on an Edge Transport server. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Set-IPAllowListProvidersConfig [-Confirm] [-DomainController <Fqdn>] [-Enabled <$true | $false>]
[-ExternalMailEnabled <$true | $false>] [-InternalMailEnabled <$true | $false>] [-WhatIf] [<CommonParameters>]
Description
On Edge Transport servers, IP Allow list providers are used by the Connection Filtering agent. The Connection
Examples
-------------------------- Example 1 --------------------------
Set-IPAllowListProvidersConfig -InternalMailEnabled $true
This example configures connection filtering to use IP Allow list providers on messages that come from internal
connections.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter specifies whether IP Allow list providers are used for content filtering. Valid input for this
parameter is $true or $false. The default value is $true. The default value is $true. By default, IP Allow list providers
are used for content filtering.

Required: False
Position: Named
Default value: None
organization are evaluated by IP Allow list providers. Valid input for this parameter is $true or $false. The default
value is $true. By default, messages from external connections are evaluated by IP Allow list providers.

Required: False
Position: Named
Default value: None
organization are evaluated by IP Allow list providers. Valid input for this parameter is $true or $false. The default
value is $false. By default, messages from internal connections are not evaluated by IP Allow list providers.
Authenticated partner messages aren't considered internal mail.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-IPBlockListConfig
In ths Article
IPBlockListConfig cmdlet to modify the IP Block list configuration that's used by the Connection Filtering agent on
Syntax
Set-IPBlockListConfig [-Confirm] [-DomainController <Fqdn>] [-Enabled <$true | $false>]
[-ExternalMailEnabled <$true | $false>] [-InternalMailEnabled <$true | $false>]
[-MachineEntryRejectionResponse <AsciiString>] [-StaticEntryRejectionResponse <AsciiString>] [-WhatIf]
Description
Examples
-------------------------- Example 1 --------------------------
Set-IPBlockListConfig -InternalMailEnabled $true
This example configures connection filtering to use the IP Block list on messages that come from internal
connections.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter specifies whether the IP Block list is used for content filtering. Valid input for this parameter
is $true or $false. The default value is $true. By default, the IP Block list is used for content filtering.

Required: False
Position: Named
Default value: None
organization are evaluated by the IP Block list. Valid input for this parameter is $true or $false. The default value is
$true. By default, messages from external connections are evaluated by the IP Block list.

Required: False
Position: Named
Default value: None
organization are evaluated by the IP Block list. Valid input for this parameter is $true or $false. The default value is
$false. By default, messages from internal connections are not evaluated by the IP Block list. Authenticated partner
messages aren't considered internal mail.
Required: False
Position: Named
Default value: None
-MachineEntryRejectionResponse
The MachineEntryRejectionResponse parameter specifies customized text in the non-delivery report (NDR ) for
messages that are blocked by connection filtering due to IP addresses in the IP Block list that were added by sender
reputation. The value can't exceed 240 characters. If the value contains spaces, enclose the value in double
Type: AsciiString
Required: False
Position: Named
Default value: None
-StaticEntryRejectionResponse
The StaticEntryRejectionResponse parameter specifies a customized text in the NDR for messages that are blocked
by connection filtering due to IP addresses in the IP Block list. The value can't exceed 240 characters. If the value
contains spaces, enclose the value in double quotation marks (").
Type: AsciiString
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-IPBlockListProvider
In ths Article
IPBlockListProvider cmdlet to modify IP Block list providers that are used by the Connection Filtering agent on
Syntax
Set-IPBlockListProvider [-Identity] <IPBlockListProviderIdParameter> [-AnyMatch <$true | $false>]
[-IPAddressesMatch <MultiValuedProperty>] [-LookupDomain <SmtpDomain>] [-Name <String>] [-Priority <Int32>]
[-RejectionResponse <AsciiString>] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-IPBlockListProvider Contoso.com -AnyMatch $true
This example configures connection filtering to block an IP address if any IP address status codes are returned by
the IP Block list provider named Contoso.com.
-------------------------- Example 2 --------------------------
Set-IPBlockListProvider Contoso.com -Priority 1
This example sets the priority value to 1 for the IP Block list provider named Contoso.com.
Parameters
-AnyMatch
The AnyMatch parameter specifies whether any response by the block list provider is treated as a match. Valid
input for this parameter is $true or $false. The default value is $false. When this parameter is set to $true and
connection filtering sends the IP address of the connecting SMTP server to the block list provider, any response
code returned by the block list provider causes connection filtering to block messages from that source.
Required: False
Position: Named
Default value: None
-BitmaskMatch
The BitmaskMatch parameter specifies the bit mask status code that's returned by the block list provider. Use this
parameter if the block list provider returns bitmask responses. Valid input for this parameter is a single IP address
Type: IPAddress
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter specifies whether the connection filtering uses this IP Block list provider. Valid input for this
parameter is $true or $false. The default value is $true. By default, connection filtering uses new IP Block list

Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the IP Block list provider that you want to modify. You can use any value that
Name
GUID
Required: True
Position: 1
Default value: None
-IPAddressesMatch
The IPAddressesMatch parameter specifies the IP address status codes that are returned by the block list provider.
Use this parameter if the block list provider returns IP address or A record responses. Valid input for this parameter
one or more IP addresses in the format 127.0.0.1.
Required: False
Position: Named
Default value: None
-LookupDomain
The LookupDomain parameter specifies the host name that's required to use the block list provider. Connection
value is blocklist.spamservice.com. The actual value you need to use is provided by the block list provider.
Type: SmtpDomain
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies a descriptive name for the IP Block list provider.
Type: String
Required: False
Position: Named
Default value: None
-Priority
The Priority parameter specifies the order that the Connection Filtering agent queries the IP Block list providers. A
lower priority integer value indicates a higher priority. By default, every time that you add a new IP Block list
provider, the entry is assigned a priority of N+1, where N is the number of IP Block list provider services that you
have configured.
If you set the Priority parameter to a value that's the same as another IP Block list provider service, the priority of
the IP Block list provider that you add first is incremented by 1.
Type: Int32
Required: False
Position: Named
Default value: None
-RejectionResponse
The RejectionResponse parameter specifies the text that you want to include in the SMTP rejection response when
messages are blocked by connection filtering. The argument can't exceed 240 characters. If the value contains
You should always specify the block list provider in the response so that legitimate senders can contact the block list
provider for removal instructions. For example, "Source IP address is listed at the Contoso.com block list provider".
Type: AsciiString
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-IPBlockListProvidersConfig
In ths Article
IPBlockListProvidersConfig cmdlet to modify the settings that affect all IP Block list providers that are configured
on an Edge Transport server. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Set-IPBlockListProvidersConfig [-BypassedRecipients <MultiValuedProperty>] [-Confirm]
[-DomainController <Fqdn>] [-Enabled <$true | $false>] [-ExternalMailEnabled <$true | $false>]
[-InternalMailEnabled <$true | $false>] [-WhatIf] [<CommonParameters>]
Description
On Edge Transport servers, IP Block list providers are used by the Connection Filtering agent. The Connection
Examples
-------------------------- Example 1 --------------------------
Set-IPBlockListProvidersConfig -InternalMailEnabled $true -BypassedRecipients kweku@contoso.com
This example configures connection filtering to use IP Block list providers on messages that come from internal
connections, but bypasses filtering for email messages sent to kweku@contoso.com.
-------------------------- Example 2 --------------------------
Set-IPBlockListProvidersConfig -BypassedRecipients @{Add="chris@contoso.com","michelle@contoso.com";

Remove="laura@contoso.com","julia@contoso.com"}
This example makes the following changes to the list of bypassed recipients:
Adds the values chris@contoso.com and michelle@contoso.com
Removes the values laura@contoso.com and julia@contoso.com
Parameters
-BypassedRecipients
The BypassedRecipients parameter specifies the email addresses of internal recipients that are exempted from
filtering by IP Block list providers.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter specifies whether IP Block list providers are used for content filtering. Valid input for this
parameter is $true or $false. The default value is $true. The default value is $true. By default, IP Block list providers
are used for content filtering.

Required: False
Position: Named
Default value: None
organization are evaluated by IP Block list providers. Valid input for this parameter is $true or $false. The default
value is $true. By default, messages from external connections are evaluated by IP Bock list providers.

Required: False
Position: Named
Default value: None
organization are evaluated by IP Block list providers. Valid input for this parameter is $true or $false. The default
value is $false. By default, messages from internal connections are not evaluated by IP Block list providers.
Authenticated partner messages aren't considered internal mail.

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-MailboxJunkEmailConfiguration
In ths Article
may be exclusive to one environment or the other. Use the Set-MailboxJunkEmailConfiguration cmdlet to configure
the junk email settings on mailboxes. You can only use this cmdlet on a mailbox that's been opened in Outlook (in
Cached Exchange mode) or Outlook on the web. If the mailbox hasn't been opened, you'll receive the error: The
Junk Email configuration couldn't be set. The user needs to sign in to Outlook Web App before they can modify
their Safe Senders and Recipients or Blocked Senders lists. If you want to suppress this error for bulk operations,
you can add -ErrorAction SilentlyContinue to the end of the command. For information about the parameter sets in
Syntax
Set-MailboxJunkEmailConfiguration [-Identity] <MailboxIdParameter>
[-BlockedSendersAndDomains <MultiValuedProperty>] [-Confirm] [-ContactsTrusted <$true | $false>]
[-DomainController <Fqdn>] [-Enabled <$true | $false>] [-IgnoreDefaultScope]
[-TrustedListsOnly <$true | $false>] [-TrustedSendersAndDomains <MultiValuedProperty>] [-WhatIf]
[-TrustedRecipientsAndDomains <MultiValuedProperty>] [<CommonParameters>]
Description
This cmdlet controls the following junk email settings on the mailbox:
Enable or disable the junk email rule: The junk email rule (a hidden Inbox rule named Junk E -mail Rule) controls
the delivery of messages to the Junk Email folder or the Inbox based on the SCL Junk Email Folder threshold
(for the organization or the mailbox) and the safelist collection on the mailbox. Users can enable or disable the
junk email rule in their own mailbox by using Outlook on the web.
Configure the safelist collection: The safelist collection is the Safe Senders list, the Safe Recipients list, and the
Blocked Senders list. Users can configure the safelist collection on their own mailbox by using Microsoft
Outlook or Outlook on the web.
For more information, see Configure Exchange antispam settings on mailboxes
Examples
-------------------------- Example 1 --------------------------
Set-MailboxJunkEmailConfiguration "David Pelton" -Enabled $false

This example disables the junk email rule configuration for the user named David Pelton.
-------------------------- Example 2 --------------------------
Set-MailboxJunkEmailConfiguration "Michele Martin" -TrustedSendersAndDomains

@{Add="contoso.com","fabrikam.com"} -BlockedSendersAndDomains @{Add="jane@fourthcoffee.com"}
This example makes the following configuration changes to the safelist collection for the user named Michele
Martin:
Adds contoso.com and fabrikam.com to the Safe Senders list without affecting other existing entries.
Adds jane@fourthcoffee.com to the Blocked senders list without affecting other existing entries.
-------------------------- Example 3 --------------------------
Get-MailboxJunkEmailConfiguration * | Where {$_.ContactsTrusted -eq $true} | Set-MailboxJunkEmailConfiguration

-ContactsTrusted $false
This example identifies mailboxes where contacts are treated as trusted senders and then changes the junk email
configuration to not treat contacts as trusted senders.
Parameters
-BlockedSendersAndDomains
The BlockedSendersAndDomains parameter specifies the Blocked Senders list, which is a list of sender email
addresses and domains whose messages are automatically sent to the Junk Email folder. This parameter
corresponds to the Outlook on the web setting: Move email from these senders or domains to my Junk Email
folder.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-ContactsTrusted
The ContactsTrusted parameter specifies whether the contacts in the Contacts folder are treated as trusted senders.
This parameter corresponds to the Outlook on the web setting: Trust email from my contacts. Valid values are:
$true: Messages from contacts in the Contacts folder that reach the mailbox are never delivered to the Junk
Email folder, regardless of the content.
$false: Messages from contacts in the Contacts folder aren't treated as trusted senders. The email address is a
trusted sender only if it's defined in the Safe Senders list. This is the default value.

Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter enables or disables the junk email rule on the mailbox (a hidden Inbox rule named Junk E -
mail Rule). Valid values are:
$true: The junk email rule is enabled in the mailbox. This value corresponds to the Outlook on the web setting:
Automatically filter junk email. This is the default value. Exchange use the safelist collection of the mailbox (the
Safe Senders list, Safe Recipients list, and Blocked Senders list), and the SCL Junk Email folder threshold (for
the organization or the mailbox) to deliver messages to the Inbox or the Junk Email folder.
$false: The junk email rule is disabled in the mailbox. This value corresponds to the Outlook on the web setting:
Don't move email to my Junk Email folder. Exchange doesn't use the safelist collection of the mailbox or the
SCL Junk Email folder threshold to deliver messages to the Inbox or the Junk Email folder.
You can view the status of the junk email rule by running either of the following commands to find the Enabled
property value:
Get-MailboxJunkEmailConfiguration <MailboxIdentity>
Get-InboxRule "Junk E -mail Rule" -Mailbox <MailboxIdentity> -IncludeHidden
You use the JunkEmailEnabled parameter on the Set-OwaMailboxPolicy or Set-OwaVirtualDirectory cmdlets to
control the availability of the junk email settings in Outlook on the web.
The state of the junk email rule on the mailbox doesn't affect the client-side junk email settings that are available in
the Outlook Junk Email Filter. Even when the junk email rule is disabled in the mailbox, Outlook can still move
messages to the Junk Email folder. For example, if Outlook determines the message is spam, or the sender is
defined in the Blocked Senders list, Outlook can move the message to the Junk Email folder. For more information,
see Configure junk email settings in Outlook 2013 (https://go.microsoft.com/fwlink/p/?LinkID=797542).

Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox that you want to modify. You can use any value that uniquely identifies
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-IgnoreDefaultScope
The IgnoreDefaultScope switch tells the command to ignore the default recipient scope setting for the Exchange
Management Shell session, and to use the entire forest as the scope. This allows the command to access Active
Directory objects that aren't currently available in the default scope.
Using the IgnoreDefaultScope switch introduces the following restrictions:
You can't use the DomainController parameter. The command uses an appropriate global catalog server
automatically.
You can only use the DN for the Identity parameter. Other forms of identification, such as alias or GUID, aren't
accepted.
Required: False
Position: Named
Default value: None
-TrustedListsOnly
The TrustedListsOnly parameter specifies that only messages from senders in the Safe Senders list are delivered to
the Inbox. All other messages are treated as junk email. This parameter corresponds to the Outlook on the web
setting: Don't trust email unless it comes from someone in my Safe Senders and Recipients list. Valid values are:
$true: Only messages from email address or domain entries in the Safe Senders list and the Safe Recipients list
are delivered to the Inbox. All other messages are automatically delivered to the Junk Email folder.
$false: Messages from other senders, recipients, and domains aren't automatically treated as junk email, and are
evaluated individually. This is the default value.

Required: False
Position: Named
Default value: None
-TrustedRecipientsAndDomains
Required: False
Position: Named
Default value: None
-TrustedSendersAndDomains
The TrustedSendersAndDomains parameter specifies the Safe Senders list and Safe Recipients list, which are lists
of email addresses and domains. Messages from these senders that reach the mailbox are never delivered to the
Junk Email folder, regardless of the content. This parameter corresponds to the Outlook on the web setting: Don't
move email from these senders or domains to my Junk Email folder.
To empty the list of email addresses and domains, use the value $null.
Notes:
All email addresses in the global address list (GAL ) are automatically considered as trusted senders, so you
don't need to add them to the list.
You can't directly modify the Safe Recipients list by using this cmdlet. You use this parameter to modify the Safe
Senders list, and the email addresses and domains are synchronized to the Safe Recipients list.
Safe domains aren't recognized in Exchange Online and Exchange Online Protection. For more information, see
Domains on the Outlook Safe Senders list aren't recognized by Exchange Online or Exchange Online Protection
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-MalwareFilteringServer
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-MalwareFilteringServer cmdlet to configure the
Malware agent settings in the Transport service on a Mailbox server. For information about the parameter sets in
Syntax
Set-MalwareFilteringServer [-Identity] <MalwareFilteringServerIdParameter> [-BypassFiltering <$true | $false>]
[-Confirm] [-DeferAttempts <Int32>] [-DeferWaitTime <Int32>] [-DomainController <Fqdn>]
[-ForceRescan <$true | $false>] [-MinimumSuccessfulEngineScans <Int32>] [-PrimaryUpdatePath <String>]
[-ScanErrorAction <Block | Allow>] [-ScanTimeout <Int32>] [-SecondaryUpdatePath <String>]
[-UpdateFrequency <Int32>] [-UpdateTimeout <Int32>] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-MalwareFilteringServer Mailbox01 -UpdateFrequency 120 -DeferWaitTime 10
This example sets the following Malware agent settings on the Mailbox server named Mailbox01:
Sets the update frequency interval to 2 hours
Sets the time to wait between resubmit attempts to 10 minutes
Parameters
-BypassFiltering
The BypassFiltering parameter temporarily bypasses malware filtering without disabling the Malware agent on the
server. The Malware agent is still active, and the agent is still called for every message, but no malware filtering is
actually performed. This allows you to temporarily disable and then enable malware filtering on the server without
disrupting mail flow by restarting the Microsoft Exchange Transport service. Valid input for this parameter is $true
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DeferAttempts
The DeferAttempts parameter specifies the maximum number of times to defer a message that can't be scanned by
the Malware agent. Valid input for this parameter is an integer between 1 and 5. The default value is 3.
After the maximum number of deferrals is reached, the action taken by the Malware agent depends on the error.
For scan timeouts and engine errors, the action is to fail the message and return a non-delivery report (NDR ) to the
sender immediately after the last defer attempt. For all other errors, the message is retried for up to 48 hours, with
each retry attempt taking place one hour longer than the last one. For example, starting after the last defer attempt,
the first retry attempt will occur in 1 hour, the next retry attempt will occur 2 hours after that, the next retry attempt
will occur 3 hours after the second retry attempt, and so on for up to 48 hours. After 48 hours have elapsed, the
action is to fail the message and return a non-delivery report (NDR ) to the sender.
Type: Int32
Required: False
Position: Named
Default value: None
-DeferWaitTime
The DeferWaitTime parameter specifies the time period in minutes to increase the interval to resubmit messages
for malware filtering in an effort to reduce the workload on the server.
For example, the first retry after the original failed scan occurs after the interval specified by the DeferWaitTime
parameter. The second retry after the first retry occurs after two times the value of the DeferWaitTime parameter.
The third retry after the second retry occurs after three times the value of the DeferWaitTime parameter and so on.
The maximum number of retries is controlled by the DeferAttempts parameter.
Valid input for this parameter is an integer between 0 and 15. The default value is 5. This means the first resubmit
occurs 5 minutes after the original failed scan, the second retry occurs 10 minutes after the first retry, the third retry
occurs 15 minutes after the second retry and so on. The value 0 means messages are resubmitted for malware
filtering after any failed scanning attempts without any delay.
Type: Int32
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-ForceRescan
The ForceRescan parameter specifies that messages should be scanned by the malware agent, even if the message
was already scanned by Exchange Online Protection. Valid input for this parameter is $true or $false. The default
value is $false.

Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the server where you want to configure the anti-malware settings. You can use any
Name
FQDN
Exchange Legacy DN
Type: MalwareFilteringServerIdParameter
Required: True
Position: 1
Default value: None
-MinimumSuccessfulEngineScans
Type: Int32
Required: False
Position: Named
Default value: None
-PrimaryUpdatePath
The PrimaryUpdatePath parameter specifies where to download malware scanning engine updates. The default
value is http://forefrontdl.microsoft.com/server/scanengineupdate. The location specified by the
PrimaryUpdatePath parameter is always tried first.
Type: String
Required: False
Position: Named
Default value: None
-ScanErrorAction
The ScanErrorAction parameter specifies the action to take when a message can't be scanned by the malware filter.
Valid values for this parameter are Block or Allow. The default value is Block.
Type: Block | Allow

Required: False
Position: Named
Default value: None
-ScanTimeout
The ScanTimeout parameter specifies the timeout interval in seconds for messages that can't be scanned by the
malware filter. Valid input for this parameter is an integer between 10 and 900. The default value is 300 (5 minutes).
Type: Int32
Required: False
Position: Named
Default value: None
-SecondaryUpdatePath
The SecondaryUpdatePath parameter specifies an alternate download location for malware scanning engine
updates. The default values is blank ($null). This means no alternate download location is specified.
The alternate download location is used when the location specified by the PrimaryUpdatePath parameter is
unavailable for the time period specified by the UpdateTimeout parameter. On the next malware scanning engine
update, the location specified by the PrimaryUpdate path parameter is tried first.
Type: String
Required: False
Position: Named
Default value: None
-UpdateFrequency
The UpdateFrequency parameter specifies the frequency interval in minutes to check for malware scanning engine
updates. Valid input for this parameter is an integer between 1 and 38880 (27 days). The default value is 60 (one
hour). The locations to check for updates are specified by the PrimaryUpdatePath and SecondaryUpdatePath
parameters.
Type: Int32
Required: False
Position: Named
Default value: None
-UpdateTimeout
The UpdateTimeout parameter specifies the timeout interval in seconds to use when checking for malware
scanning engine updates. Valid input for this parameter is an integer between 60 and 300. The default value is 150
seconds (2.5 minutes).
If the location specified by the PrimaryUpdatePath parameter is unavailable for the time period specified by the
UpdateTimeout parameter value, the location specified by the SecondaryUpdatePath parameter is used.
Type: Int32
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-MalwareFilterPolicy
In ths Article
may be exclusive to one environment or the other. Use the Set-MalwareFilterPolicy cmdlet to modify malware filter
policies in your organization. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Set-MalwareFilterPolicy [-Identity] <MalwareFilterPolicyIdParameter>
[-Action <DeleteMessage | DeleteAttachmentAndUseDefaultAlertText | DeleteAttachmentAndUseCustomAlertText>]
[-AdminDisplayName <String>] [-BypassInboundMessages <$true | $false>]
[-BypassOutboundMessages <$true | $false>] [-Confirm] [-CustomAlertText <String>]
[-CustomExternalBody <String>] [-CustomExternalSubject <String>] [-CustomFromAddress <SmtpAddress>]
[-CustomFromName <String>] [-CustomInternalBody <String>] [-CustomInternalSubject <String>]
[-CustomNotifications <$true | $false>] [-DomainController <Fqdn>]
[-EnableExternalSenderAdminNotifications <$true | $false>]
[-EnableExternalSenderNotifications <$true | $false>]
[-EnableInternalSenderAdminNotifications <$true | $false>]
[-EnableInternalSenderNotifications <$true | $false>] [-ExternalSenderAdminAddress <SmtpAddress>]
[-InternalSenderAdminAddress <SmtpAddress>] [-MakeDefault] [-WhatIf] [-EnableFileFilter <$true | $false>]
[-FileTypes <String[]>] [-ZapEnabled <$true | $false>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-MalwareFilterPolicy -Identity "Contoso Malware Filter Policy" -Action DeleteMessage -

EnableInternalSenderAdminNotifications $true -InternalSenderAdminAddress admin@contoso.com
This example modifies the malware filter policy named Contoso Malware Filter Policy with the following settings:
Delete messages that contain malware.
Don't notify the message sender when malware is detected in the message.
Notify the administrator admin@contoso.com when malware is detected in a message from an internal sender.
-------------------------- Example 2 --------------------------
$FileTypesAdd = Get-MalwareFilterPolicy -Identity Default | select -Expand FileTypes; $FileTypesAdd +=
"com","bat"; Set-MalwareFilterPolicy -Identity Default -EnableFileFilter $true -FileTypes $FileTypesAdd
This example enables common attachment blocking in the malware filter policy named Default and adds the file
types "com" and "bat" without affecting the other file type entries.
-------------------------- Example 3 --------------------------
$ft = Get-MalwareFilterPolicy -Identity Default; $a = [System.Collections.ArrayList]($ft.FileTypes); $a;

$a.RemoveAt(6); Set-MalwareFilterPolicy -Identity Default -FileTypes $a
This example modifies the malware filter policy named Default by removing an existing file type from common
attachment blocking without affecting other file types that are already defined.
The first three commands return the existing list of file types. The first file type in the list has the index number 0,
the second has the index number 1, and so on. You use the index number to specify the file type that you want to
remove.
The last two commands remove the seventh file type that's displayed in the list.
Parameters
-Action
The Action parameter specifies the action to take when malware is detected in a message. Valid values are:
DeleteMessage: Deletes the message. This is the default value.
DeleteAttachmentAndUseDefaultAlert: Delivers the message, but replaces the message contents with the
default alert text.
DeleteAttachmentAndUseCustomAlert: Delivers the message, but replaces the message contents with the
custom alert text specified by the AlertText parameter.
Note: For Exchange Online Protection, any of these actions results in the message and any attachments being
routed to quarantine. For more information about quarantined messages, see https://go.microsoft.com/fwlink/p/?
linkid=874388.
Type: DeleteMessage | DeleteAttachmentAndUseDefaultAlertText | DeleteAttachmentAndUseCustomAlertText

Required: False
Position: Named
Default value: None
-AdminDisplayName
Type: String
Required: False
Position: Named
Default value: None
-BypassInboundMessages
The BypassInboundMessages parameter skips or enforces malware scanning on incoming messages. Valid input
for this parameter is $true or $false. The default value is $false. This means malware scanning occurs on incoming

Required: False
Position: Named
Default value: None
-BypassOutboundMessages
The BypassOutboundMessages parameter skips or enforces malware scanning on outgoing messages. Valid input
for this parameter is $true or $false. The default value is $false. This means malware scanning occurs on outgoing

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-CustomAlertText
The CustomAlertText parameter specifies the custom alert text to insert in the message when malware is detected
and the value of the Action parameter is set to ReplaceWithCustomAlert. This parameter is required when the
Type: String
Required: False
Position: Named
Default value: None
-CustomExternalBody
The CustomExternalBody parameter specifies the body of the custom notification message that's sent to an external
sender when a message contains malware. This parameter is required when any of the following parameters are set
to $true:
CustomNotifications
EnableExternalSenderAdminNotifications
EnableExternalSenderNotifications
Type: String
Required: False
Position: Named
Default value: None
-CustomExternalSubject
The CustomExternalSubject parameter specifies the subject of the custom notification message that's sent to an
external sender when a message contains malware. This parameter is required when any of the following
parameters are set to $true:
CustomNotifications
Type: String
Required: False
Position: Named
Default value: None
-CustomFromAddress
The CustomFromAddress parameter specifies the From address of the custom notification message that's sent to
an internal or external sender when a message contains malware. This parameter is required when the
Type: SmtpAddress
Required: False
Position: Named
Default value: None
-CustomFromName
The CustomFromName parameter specifies the From name of the custom notification message that's sent to
internal or external senders when a message contains malware. This parameter is required when the
Type: String
Required: False
Position: Named
Default value: None
-CustomInternalBody
The CustomInternalBody parameter specifies the body of the custom notification message that's sent to an internal
sender when a message contains malware. This parameter is required when any of the following parameters are set
to $true:
CustomNotifications
Type: String
Required: False
Position: Named
Default value: None
-CustomInternalSubject
The CustomInternalSubject parameter specifies the subject of the custom notification message that's sent to an
internal sender when a message contains malware. This parameter is required when any of the following
parameters are set to $true:
CustomNotifications
Type: String
Required: False
Position: Named
Default value: None
-CustomNotifications
The CustomNotifications parameter enables or disables the custom notification message to the sender when the
message contains malware. Valid input for this parameter is $true or $false. The default value is $false.
If you enable custom notification messages by setting this parameter to $true, you specify the details of the custom
notification message using the CustomFromAddress, CustomFromName, CustomExternalSubject,
CustomExternalBody, CustomInternalSubject and CustomInternalBody parameters.

Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-EnableExternalSenderAdminNotifications
administrator when malware is detected in messages from external senders. Valid input for this parameter is $true
Specify the administrator to receive the notification messages by using the ExternalSenderAdminAddress
parameter.

Required: False
Position: Named
Default value: None
-EnableExternalSenderNotifications
The EnableExternalSenderNotifications parameter enables or disables sending notification messages to senders
when malware is detected in messages from external senders. Valid input for this parameter is $true or $false. The
Required: False
Position: Named
Default value: None
-EnableFileFilter
The EnableFileFilter parameter enables or disables common attachment blocking. Valid values are:
$true: Common attachment blocking is enabled.
$false: Common attachment blocking is disabled.
To configure the blocked file types, use the FileTypes parameter.

Required: False
Position: Named
Default value: None
-EnableInternalSenderAdminNotifications
administrator when malware is detected in messages from internal senders. Valid input for this parameter is $true
Specify the administrator to receive the notification messages by using the InternalSenderAdminAddress
parameter.

Required: False
Position: Named
Default value: None
-EnableInternalSenderNotifications
The EnableExternalSenderAdminNotifications parameter enables or disables sending notification messages to
senders when malware is detected in messages from internal senders. Valid input for this parameter is $true or

Required: False
Position: Named
Default value: None
-ExternalSenderAdminAddress
The ExternalSenderAdminAddress parameter specifies the email address of the administrator who will receive
the specified email address only if the EnableExternalSenderAdminNotifications parameter is set to $true.
Type: SmtpAddress
Required: False
Position: Named
Default value: None
-FileTypes
The FileTypes parameter specifies the file types that are blocked by common attachment blocking. The default
values are:
ace
ani
app
docm
exe
jar
reg
scr
vbe
vbs
You enable or disable common attachment blocking by using the EnableFileFilter parameter.
Common attachment blocking uses best effort true-typing to detect the file type regardless of the file name
extension. If true-typing fails or isn't supported for the specified file type, then extension matching is used. For
example, ps1 files are Windows PowerShell scripts, but their true type is text.
To replace the existing list of file types with the values you specify, use the syntax <FileType1>,<FileType2>,...
<FileTypeN>. To preserve existing values, be sure to include the file types that you want to keep along with the new
values that you want to add.
To add or remove file types without affecting the other file type entries, see the Examples section.
Type: String[]
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the malware filter policy you want to modify. You can use any value that uniquely
policy.
Required: True
Position: 1
Default value: None
-InternalSenderAdminAddress
The InternalSenderAdminAddress parameter specifies the email address of the administrator who will receive
the specified email address only if the EnableInternalSenderAdminNotifications parameter is set to $true.
Type: SmtpAddress
Required: False
Position: Named
Default value: None
-MakeDefault
The MakeDefault switch makes this the default malware filter policy. You don't need to specify a value with this
switch.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-ZapEnabled
The ZapEnabled parameter specifies whether to enable zero-hour auto purge (ZAP ) for malware. ZAP detects
malware in unread messages that have already been delivered to the user's Inbox. Valid values are:
$true: ZAP for malware is enabled. Unread messages in the user's Inbox that contain malware are moved to the
$false: ZAP for malware is disabled.
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-MalwareFilterRule
In ths Article
may be exclusive to one environment or the other. Use the Set-MalwareFilterRule cmdlet to modify malware filter
Syntax
Set-MalwareFilterRule [-Identity] <RuleIdParameter>
[-Confirm]
[-MalwareFilterPolicy <MalwareFilterPolicyIdParameter>]
[-Name <String>]
[-Priority <Int32>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-MalwareFilterRule "Contoso Recipients" -ExceptIfSentToMemberOf "Contoso Human Resources"
This example adds an exception to the malware filter rule named Contoso Recipients for members of the
distribution group named Contoso Human Resources.
Parameters
-Comments
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
Type: Word[]
Required: False
Position: Named
Default value: None
-ExceptIfSentTo
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
Name
Alias
Canonical DN
Email address
GUID
the group.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the malware filter rule that you want to view. You can use any value that uniquely
identifies the rule. For example, you can use the name, GUID, or distinguished name (DN ) of the malware filter rule.
Required: True
Position: 1
Default value: None
-MalwareFilterPolicy
The MalwareFilterPolicy parameter specifies the malware filter policy to apply to messages that match the
conditions defined by this malware filter rule.
You can't specify the default malware filter policy. And, you can't specify a malware filter policy that's already
associated with another malware filter rule.
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies a unique name for the malware filter rule.
Type: String
Required: False
Position: Named
Default value: None
-Priority
value.
Type: Int32
Required: False
Position: Named
Default value: None
-RecipientDomainIs
Type: Word[]
Required: False
Position: Named
Default value: None
-SentTo
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
-SentToMemberOf
Name
Alias
Canonical DN
Email address
GUID
group.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-RecipientFilterConfig
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-RecipientFilterConfig cmdlet to enable and
configure the Recipient Filter agent. For information about the parameter sets in the Syntax section below, see
Syntax
Set-RecipientFilterConfig [-BlockedRecipients <MultiValuedProperty>] [-BlockListEnabled <$true | $false>]
[-Confirm] [-DomainController <Fqdn>] [-Enabled <$true | $false>] [-ExternalMailEnabled <$true | $false>]
[-InternalMailEnabled <$true | $false>] [-RecipientValidationEnabled <$true | $false>] [-WhatIf]
Description
Examples
-------------------------- Example 1 --------------------------
Set-RecipientFilterConfig -RecipientValidationEnabled $true
This example modifies the Recipient Filter agent configuration so that recipient validation is enabled.
-------------------------- Example 2 --------------------------
Set-RecipientFilterConfig -BlockListEnabled $true -BlockedRecipients user1@contoso.com,user2@contoso.com
This example makes the following changes to the Recipient Filter agent configuration:
Enables the Blocked Recipients list.
Adds two users to the Blocked Recipients list.
Parameters
-BlockedRecipients
The BlockedRecipients parameter specifies one or more SMTP addresses. To enter multiple SMTP addresses,
separate the addresses by using a comma. The maximum number of individual SMTP addresses that you can input
is 800.
Required: False
Position: Named
Default value: None
-BlockListEnabled
The BlockListEnabled parameter specifies whether the Recipient Filter agent blocks messages sent to recipients
listed in the BlockedRecipients parameter. Valid input for the BlockListEnabled parameter is $true or $false. The
default setting is $false. When the BlockListEnabled parameter is set to $true, the Recipient Filter agent blocks
messages sent to recipients listed in the BlockedRecipients parameter.

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter specifies whether the Recipient Filter agent is enabled on the computer on which you're
running the command. Valid input for the Enabled parameter is $true or $false. The default setting is $true. When
the Enabled parameter is set to $true, the Recipient Filter agent is enabled on the computer on which you're
running the command.

Required: False
Position: Named
Default value: None
The ExternalMailEnabled parameter specifies whether all messages received from unauthenticated connections by
servers external to your organization are passed through the Recipient Filter agent for processing. Valid input for
the ExternalMailEnabled parameter is $true or $false. The default setting is $true. When the ExternalMailEnabled
parameter is set to $true, all messages received from unauthenticated connections by servers external to your
organization are passed through the Recipient Filter agent for processing.

Required: False
Position: Named
Default value: None
The InternalMailEnabled parameter specifies whether all messages from authenticated sender domains that belong
to authoritative domains in the enterprise are passed through the Recipient Filter agent for processing. Valid input
for the InternalMailEnabled parameter is $true or $false. The default setting is $false. When the
InternalMailEnabled parameter is set to $true, all messages from authenticated sender domains that belong to
authoritative domains in the enterprise are passed through the Recipient Filter agent for processing.

Required: False
Position: Named
Default value: None
-RecipientValidationEnabled
The RecipientValidationEnabled parameter specifies whether the Recipient Filter agent blocks messages addressed
to recipients that don't exist in the organization. Valid input for the RecipientValidationEnabled parameter is $true or
$false. The default setting is $false. When the RecipientValidationEnabled parameter is set to $true, the Recipient
Filter agent blocks messages addressed to recipients that don't exist in the organization.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-SenderFilterConfig
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-SenderFilterConfig cmdlet to modify the
Sender Filter agent configuration. For information about the parameter sets in the Syntax section below, see
Syntax
Set-SenderFilterConfig [-Action <StampStatus | Reject>] [-BlankSenderBlockingEnabled <$true | $false>]
[-BlockedDomains <MultiValuedProperty>] [-BlockedDomainsAndSubdomains <MultiValuedProperty>]
[-BlockedSenders <MultiValuedProperty>] [-Confirm] [-DomainController <Fqdn>] [-Enabled <$true | $false>]
[-RecipientBlockedSenderAction <Reject | Delete>] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-SenderFilterConfig -BlankSenderBlockingEnabled $true -BlockedDomainsAndSubdomains lucernepublishing.com -

BlockedSenders @{Add="user1@contoso.com","user2@contoso.com"}
This example makes the following modifications to the Sender Filter agent configuration:
It enables blocking of blank senders.
It blocks messages from lucernepublishing.com and all subdomains.
It adds user1@contoso.com and user2@contoso.com to the blocked senders list without affecting any existing
entries.
Parameters
-Action
The Action parameter specifies the action that the Sender Filter agent takes on messages from blocked senders or
domains. Valid input for this parameter is StampStatus or Reject. The default value is Reject.
Type: StampStatus | Reject
Required: False
Position: Named
Default value: None
-BlankSenderBlockingEnabled
The BlankSenderBlockingEnabled parameter blocks or allows messages that don't contain a sender value in the
SMTP command MAIL FROM. Valid input for this parameter is $true or $false. The default value is $false.

Required: False
Position: Named
Default value: None
-BlockedDomains
The BlockedDomains parameter specifies the domain names to block. When the Sender Filter agent encounters a
message from a domain on this list, the Sender Filter agent takes the action specified by the Action parameter.
Valid input for this parameter is one or more domains or subdomains. Wildcard characters aren't permitted. For
example, if you specify the values contoso.com and marketing.contoso.com, only messages from those domains are
blocked by the Sender Filter agent. Messages from sales.contoso.com aren't blocked by the Sender Filter agent.
The maximum number of entries for this parameter is 800.
Required: False
Position: Named
Default value: None
-BlockedDomainsAndSubdomains
The BlockedDomainsAndSubdomains parameter specifies the domain names to block. When the Sender Filter
agent encounters a message from a domain on this list, or from any of the domain's subdomains, the Sender Filter
agent takes the action specified by the Action parameter.
Valid input for this parameter is one or more domains. Wildcard characters aren't permitted. For example, if you
specify the value contoso.com, messages from contoso.com, sales.contoso.com, and all other subdomains of
contoso.com are blocked by the Sender Filter agent.
Required: False
Position: Named
Default value: None
-BlockedSenders
The BlockedSenders parameter specifies one or more SMTP email addresses to block. When the Sender Filter
agent encounters a message from a sender on this list, the Sender Filter agent takes the action specified by the
Action parameter.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter enables or disables sender filtering on your Exchange server. Valid input for this parameter
is $true or $false. The default value is $true.

Required: False
Position: Named
Default value: None
The ExternalMailEnabled parameter enables or disables sender filtering on unauthenticated connections from
external messaging servers. Valid input for this parameter is $true or $false. The default value is $true.

Required: False
Position: Named
Default value: None
The InternalMailEnabled parameter enables or disables sender filtering on authenticated connections from
authoritative domains in your organization. Valid input for this parameter is $true or $false. The default value is
$false.

Required: False
Position: Named
Default value: None
-RecipientBlockedSenderAction
The RecipientBlockedSenderAction parameter specifies the action that the Sender Filter agent takes on messages
received from blocked senders that are defined by SafeList aggregation. SafeList aggregation adds blocked senders
that are defined by your users in Microsoft Outlook or Outlook on the web to the Blocked Senders list that's used
by the Sender Filter agent.
Valid input for this parameter is Delete or Reject. The default value is Reject.
Type: Reject | Delete

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-SenderIdConfig
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-SenderIdConfig cmdlet to modify the
configuration of the Sender ID agent. For information about the parameter sets in the Syntax section below, see
Syntax
Set-SenderIdConfig [-BypassedRecipients <MultiValuedProperty>] [-BypassedSenderDomains <MultiValuedProperty>]
[-Confirm] [-DomainController <Fqdn>] [-Enabled <$true | $false>] [-ExternalMailEnabled <$true | $false>]
[-InternalMailEnabled <$true | $false>] [-SpoofedDomainAction <StampStatus | Reject | Delete>]
[-TempErrorAction <StampStatus | Reject | Delete>] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-SenderIdConfig -SpoofedDomainAction Delete -BypassedRecipients user1@contoso.com,user2@contoso.com
This example makes the following modifications to the Sender ID configuration:

It sets the Sender ID agent to delete all messages sent from spoofed domains.
It specifies two recipients for the Sender ID agent to exclude when it processes messages.
Parameters
-BypassedRecipients
The BypassedRecipients parameter specifies one or more SMTP email addresses. Messages bound for the email
addresses listed in this parameter are excluded from processing by the Sender ID agent. You can specify multiple
values separated by commas. You can enter a maximum of 100 email addresses.
Required: False
Position: Named
Default value: None
-BypassedSenderDomains
The BypassedSenderDomains parameter specifies one or more domain names. Messages that originate from the
domains listed in this parameter are excluded from processing by the Sender ID agent. You can specify multiple
values separated by commas. You can enter a maximum of 100 domain names.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter specifies whether the Sender ID agent is enabled on the computer on which you're running
the command. Valid input for the Enabled parameter is $true or $false. The default setting is $true. When the
Enabled parameter is set to $true, the Sender ID agent is enabled on the computer on which you're running the
command.

Required: False
Position: Named
Default value: None
The ExternalMailEnabled parameter specifies whether all messages from unauthenticated connections external to
your organization are passed through the Sender ID agent for processing. Valid input for the ExternalMailEnabled
parameter is $true or $false. The default setting is $true. When the ExternalMailEnabled parameter is set to $true,
all messages from unauthenticated connections external to your organization are passed through the Sender ID
agent for processing.

Required: False
Position: Named
Default value: None
The InternalMailEnabled parameter specifies whether all messages from authenticated sender domains that belong
to authoritative domains in your enterprise are passed through the Sender ID agent for processing. Valid input for
the InternalMailEnabled parameter is $true or $false. The default setting is $false. When the InternalMailEnabled
parameter is set to $true, all messages from authenticated sender domains that belong to authoritative domains in
your enterprise are passed through the Sender ID agent for processing.

Required: False
Position: Named
Default value: None
-SpoofedDomainAction
The SpoofedDomainAction parameter specifies the action that the Sender ID agent takes on the message when the
sender domain shows evidence of being spoofed. The SpoofedDomainAction parameter takes the following values:
StampStatus, Reject or Delete. The default value is StampStatus.
Type: StampStatus | Reject | Delete

Required: False
Position: Named
Default value: None
-TempErrorAction
The TempErrorAction parameter specifies the action that the Sender ID agent takes on the message when a Sender
ID status of TempError is returned. The TempErrorAction parameter takes the following values: StampStatus, Reject
or Delete. The default value is StampStatus.
Type: StampStatus | Reject | Delete

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-SenderReputationConfig
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-SenderReputationConfig cmdlet to modify the
sender reputation configuration on Mailbox servers or Edge Transport servers. For information about the
Syntax
Set-SenderReputationConfig [-Confirm] [-DomainController <Fqdn>] [-Enabled <$true | $false>]
[-OpenProxyDetectionEnabled <$true | $false>] [-ProxyServerName <String>] [-ProxyServerPort <Int32>]
[-ProxyServerType <None | Socks4 | Socks5 | HttpConnect | HttpPost | Telnet | Cisco | Wingate>]
[-SenderBlockingEnabled <$true | $false>] [-SenderBlockingPeriod <Int32>] [-SrlBlockThreshold <Int32>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-SenderReputationConfig -SrlBlockThreshold 6 -SenderBlockingPeriod 36
This example makes the following modifications to the sender reputation configuration:
It sets the SRL blocking threshold to 6.
It sets the number of hours that senders are put on the blocked senders list to 36 hours.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter enables or disables sender reputation on the Exchange server. Valid values are:
$true: Sender reputation is enabled. This is the default value.
$false: Sender reputation is disabled.

Required: False
Position: Named
Default value: None
The ExternalMailEnabled parameter allows or prevents sender reputation from processing messages from
unauthenticated connections that are external to your Exchange organization. Valid values are:
$true: Sender reputation is enabled on mail from external sources. This is the default value.
$false: Sender reputation is disabled on mail from external sources.

Required: False
Position: Named
Default value: None
The InternalMailEnabled parameter allows or prevents sender reputation from processing messages from
authenticated sender domains that are authoritative domains in your Exchange organization. Valid values are:
$true: Sender reputation is enabled on mail from internal sources.
$false: Sender reputation is disabled on mail from internal sources. This is the default value.

Required: False
Position: Named
Default value: None
-OpenProxyDetectionEnabled
The OpenProxyDetectionEnabled parameter allows or prevents sender reputation from attempting to connect to
the message's source IP address to send a test message back to the Exchange server. This test determines if the
sender is an open proxy server. Valid values are:
$true: Open proxy server detection is enabled. This is the default value.
$false: Open proxy server detection is disabled.
Open proxy server detection requires the following open outbound TCP ports in your firewall: 23, 80, 1080, 1081,
3128, and 6588.
If your organization uses a proxy server for outbound Internet access, you also need to define the properties of the
proxy server by using the ProxyServerName, ProxyServerPort, and ProxyServerType parameters.
The values of the OpenProxyDetectionEnabled and SenderBlockingEnabled parameters can both be set to $true,
but they both can't be set to $false. If one value is $true and the other is $false, and you change the $true value to
$false, the parameter that was previously $false will automatically change to $true.

Required: False
Position: Named
Default value: None
-ProxyServerName
The ProxyServerName parameter specifies the name or IP address of your organization's proxy server. Sender
reputation uses this value to connect to the Internet for open proxy server detection.
The default value is blank ($null). To clear this value, use the value $null.
Type: String
Required: False
Position: Named
Default value: None
-ProxyServerPort
The ProxyServerPort parameter specifies the port number that's used by your organization's proxy server. Sender
reputation uses this value to connect to the Internet for open proxy server detection.
The default value is 0.
Type: Int32
Required: False
Position: Named
Default value: None
-ProxyServerType
The ProxyServerType parameter specifies the type of your organization's proxy server. Sender reputation uses this
value to connect to the Internet for open proxy server detection. Valid values are:
None: This is the default value.
Cisco
HttpConnect
HttpPost
Socks4
Socks5
Telnet
Wingate
Type: None | Socks4 | Socks5 | HttpConnect | HttpPost | Telnet | Cisco | Wingate

Required: False
Position: Named
Default value: None
-SenderBlockingEnabled
The SenderBlockingEnabled parameter allows or prevents sender reputation from blocking senders when their
sender reputation level (SRL ) meets or exceeds the value of the SrlBlockThreshold parameter. Valid values are:
$true: Sender blocking is enabled. This is the default value.
$false: Sender blocking is disabled.
You can temporarily block senders for up to 48 hours when you use the SenderBlockingPeriod parameter.
The values of the OpenProxyDetectionEnabled and SenderBlockingEnabled parameters can both be set to $true,
but they both can't be set to $false. If one value is $true and the other is $false, and you change the $true value to
$false, the parameter that was previously $false will automatically change to $true.
Required: False
Position: Named
Default value: None
-SenderBlockingPeriod
The SenderBlockingPeriod parameter specifies the number of hours that a sender remains on the blocked senders
list when their SRL meets or exceeds the value of the SrlBlockThreshold parameter. Valid input for this parameter is
an integer from 0 through 48. The default value is 24.
Type: Int32
Required: False
Position: Named
Default value: None
-SrlBlockThreshold
The SrlBlockThreshold specifies the SRL rating that must be met or exceeded for sender reputation to block a
sender. Valid input for this parameter is an integer from 0 through 9. The default value is 7.
Messages are blocked only when the SenderBlockingEnabled parameter is set to $true.
Type: Int32
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Test-IPAllowListProvider
In ths Article
This cmdlet is available or effective only on Edge Transport servers in on-premises Exchange. Use the Test-
IPAllowListProvider cmdlet to test IP Allow list providers on Edge Transport servers. For information about the
Syntax
Test-IPAllowListProvider [-Identity] <IPAllowListProviderIdParameter> -IPAddress <IPAddress> [-Confirm]
[-DomainController <Fqdn>] [-Server <ServerIdParameter>] [-WhatIf] [<CommonParameters>]
Description
On Edge Transport servers, the Test-IPAllowListProvider cmdlet checks connectivity to the specified allow list
provider and then issues a lookup request to the allow list provider.
Examples
-------------------------- Example 1 --------------------------
Test-IPAllowListProvider Contoso.com -IPAddress 192.168.0.1
This example tests the existing IP Allow list provider named Contoso,com by sending a lookup request to that
provider for the IP address 192.168.0.1.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the IP Allow list provider that you want to test. You can use any value that uniquely
identifies the IP Allow list provider. For example:
Name
GUID
Required: True
Position: 1
Default value: None
-IPAddress
The IPAddress parameter specifies an IP address to be used in testing the IP Allow list provider. You need to use a
known allowed IP address.
Type: IPAddress
Required: True
Position: Named
Default value: None
-Server
Name
FQDN
Exchange Legacy DN
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Test-IPBlockListProvider
In ths Article
This cmdlet is available or effective only on Edge Transport servers in on-premises Exchange. Use the Test-
IPBlockListProvider cmdlet to test IP Block list providers on Edge Transport servers. For information about the
Syntax
Test-IPBlockListProvider [-Identity] <IPBlockListProviderIdParameter> -IPAddress <IPAddress> [-Confirm]
[-DomainController <Fqdn>] [-Server <ServerIdParameter>] [-WhatIf] [<CommonParameters>]
Description
On Edge Transport servers, the Test-IPBlockListProvider cmdlet checks connectivity to the specified block list
provider and then issues a lookup request to the block list provider.
Examples
-------------------------- Example 1 --------------------------
Test-IPBlockListProvider Contoso.com -IPAddress 192.168.0.1
This example tests the existing IP Block list provider named Contoso.com by sending a lookup request to that
provider for the IP address 192.168.0.1.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the IP Block list provider that you want to test. You can use any value that uniquely
identifies the IP Block list provider. For example:
Name
GUID
Required: True
Position: 1
Default value: None
-IPAddress
The IPAddress parameter specifies an IP address to be used in testing the IP Block list provider. You need to use a
known blocked IP address.
Type: IPAddress
Required: True
Position: Named
Default value: None
-Server
Name
FQDN
Exchange Legacy DN
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Test-SenderId
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Test-SenderId cmdlet to test whether a specified IP
address is the legitimate sending address for a specified SMTP address. For information about the parameter sets
Syntax
Test-SenderId -IPAddress <IPAddress> -PurportedResponsibleDomain <SmtpDomain> [-Confirm]
[-DomainController <Fqdn>] [-HelloDomain <String>] [-Server <ServerIdParameter>] [-WhatIf]
Description
The Test-SenderId cmdlet provides the results of a Sender ID check for the IP address and the corresponding
domain name that you specify.
Examples
-------------------------- Example 1 --------------------------
Test-SenderId -IPAddress 192.168.0.1 -PurportedResponsibleDomain contoso.com
This example checks whether the IP address 192.168.0.1 is the legitimate sender address for the domain
contoso.com.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-HelloDomain
The HelloDomain parameter specifies the domain address displayed in the HELO or EHLO SMTP commands from
this sender.
Type: String
Required: False
Position: Named
Default value: None
-IPAddress
The IPAddress parameter specifies the originating IP address of the sending server.
Type: IPAddress
Required: True
Position: Named
Default value: None
-PurportedResponsibleDomain
The PurportedResponsibleDomain parameter specifies the domain name that you want to verify with Sender ID.
Type: SmtpDomain
Required: True
Position: Named
Default value: None
-Server
Name
FQDN
Exchange Legacy DN
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Update-SafeList
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Update-SafeList cmdlet to update the safelist
aggregation data in Active Directory. Safelist aggregation data is used in the built-in anti-spam filtering in
Microsoft Exchange. EdgeSync replicates safelist aggregation data to Edge Transport servers in the perimeter
network. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Update-SafeList [-Identity] <MailboxIdParameter> [-Confirm] [-DomainController <Fqdn>] [-EnsureJunkEmailRule]
[-IncludeDomains] [-Type <SafeSenders | SafeRecipients | Both | BlockedSenders | All>] [-WhatIf]
Description
The Update-SafeList cmdlet reads the safelist aggregation data stored on a Microsoft Outlook user mailbox and
then hashes and writes the data to the corresponding user object in Active Directory. The command compares the
binary attribute created to any value stored on the attribute. If the two values are identical, the command doesn't
update the user attribute value with the safelist aggregation data. Safelist aggregation data contains the Outlook
user's Safe Senders List and Safe Recipients List.
Be mindful of the network and replication traffic that may be generated when you run the Update-SafeList cmdlet.
Running the command on multiple mailboxes where safelists are heavily used may generate a significant amount
of traffic. We recommend that if you run the command on multiple mailboxes, you should run the command during
off-peak, non-business hours.
Examples
-------------------------- Example 1 --------------------------
Update-Safelist kim@contoso.com
This example updates Safe Senders List data for the single user kim@contoso.com.
-------------------------- Example 2 --------------------------
Set-AdServerSettings -ViewEntireForest $true; Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails

UserMailbox | Update-Safelist
This example updates safelist data for all user mailboxes in your Exchange organization. By default, the Exchange
Management Shell is configured to retrieve or modify objects that reside in the domain in which the Exchange
server resides. Therefore, to retrieve all the mailboxes in your Exchange organization, you must first set the scope of
the Exchange Management Shell to the entire forest using the Set-AdServerSettings cmdlet.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-EnsureJunkEmailRule
The EnsureJunkEmailRule parameter specifies whether to force the junk email rule to be turned on for the mailbox
if the rule isn't turned on already.
The junk email rule can only be created after the user logs on to the mailbox. If the user has never logged on to the
mailbox, this parameter can't turn on the junk email rule.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox from which you want to collect safelist aggregation data. You can use
any value that uniquely identifies the mailbox. For example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-IncludeDomains
The IncludeDomains switch specifies whether to include the sender domains specified by users in Outlook in the
safelist aggregation data. By default, domains specified by the senders aren't included.
In most cases, we don't recommend that you include domains because users may include the domains of large
Internet service providers (ISPs), which could unintentionally provide addresses that may be used or spoofed by
spammers.
Required: False
Position: Named
Default value: None
-Type
The Type parameter specifies which user-generated list is updated to the user object. Valid values for this parameter
are SafeSenders, SafeRecipients, and Both. The default value is SafeSenders.
The safelist aggregation feature doesn't act on Safe Recipients List data. We don't recommend running the Type
parameter with the SafeRecipients or Both values.
Type: SafeSenders | SafeRecipients | Both | BlockedSenders | All
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Clear-TextMessagingAccount
In ths Article
may be exclusive to one environment or the other. The Clear-TextMessagingAccount cmdlet allows a user to
remove the text messaging settings from their own mailbox. An administrator can't use this cmdlet to remove the
text messaging settings from another user's mailbox. For information about the parameter sets in the Syntax
Syntax
Clear-TextMessagingAccount [-Identity] <MailboxIdParameter>
[-Confirm]
[-IgnoreDefaultScope]
Description
The Clear-TextMessagingAccount cmdlet clears all of a user's text messaging settings, including communication
and notification settings.
Examples
-------------------------- Example 1 --------------------------
Clear-TextMessagingAccount -Identity tony@contoso.com
This example clears the text messaging account settings and notification settings from Tony's mailbox.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the target mailbox. You can any value that uniquely identifies the mailbox. For
example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-IgnoreDefaultScope
Management Shell session and to use the entire forest as the scope. This allows the command to access Active
automatically.
accepted.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Compare-TextMessagingVerificationCode
In ths Article
may be exclusive to one environment or the other. Use the Compare-TextMessagingVerificationCode cmdlet to
verify the text messaging verification code that the user specified as part of configuring text message notifications
on the mailbox. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Compare-TextMessagingVerificationCode [[-Identity] <MailboxIdParameter>] -VerificationCode <String> [-Confirm]
Description
The Compare-TextMessagingVerificationCode cmdlet returns the value true if the code matches the stored code
that was generated by the Send-TextMessagingVerificationCode cmdlet.
When text messaging notifications are enabled on a mailbox, you can configure calendar notifications, voice mail
notifications, and email notifications using an inbox rule.
Examples
-------------------------- Example 1 --------------------------
Compare-TextMessagingVerificationCode -Identity TonySmith -VerificationCode 111555
This example compares the verification code 111555 to the code sent to Tony Smith's mobile phone.
-------------------------- Example 2 --------------------------
Compare-TextMessagingVerificationCode -Identity tony@contoso.com -VerificationCode 123456
This example compares the verification code 123456 to the code sent to Tony Smith's mobile phone.
-------------------------- Example 3 --------------------------
Compare-TextMessagingVerificationCode -Identity TonySmith -VerificationCode 111555 -Confirm $true

This example compares the verification code 111555 to the code sent to Tony Smith's mobile phone after
confirmation is given.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox where you are trying to enable text messaging notifications. You can
use any value that uniquely identifies the mailbox. For example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: 1
Default value: None
-VerificationCode
The VerificationCode parameter contains the verification code that the user specified.
Type: String
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Disable-PushNotificationProxy cmdlet to disable the
push notification proxy that's configured between an on-premises Microsoft Exchange organization and a Microsoft
Office 365 organization. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Disable-PushNotificationProxy [-Confirm] [-WhatIf] [<CommonParameters>]
Description
The push notification proxy relays event notifications (for example, new email or calendar updates) for on-premises
mailboxes through Office 365 to Outlook on the web for devices on the user's device.
Examples
-------------------------- Example 1 --------------------------
This example disables the push notification proxy in the on-premises Exchange organization.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Enable-PushNotificationProxy
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Enable-PushNotificationProxy cmdlet to enable a
push notification proxy between an on-premises Microsoft Exchange organization and a Microsoft Office 365
organization. In order for event notifications to be successfully delivered, you also need to configure OAuth
authentication between your on-premises Exchange organization and your Office 365 organization. For
Syntax
Enable-PushNotificationProxy [-Confirm] [-Organization <String>] [-Uri <String>] [-WhatIf] [<CommonParameters>]
Description
The push notification proxy relays event notifications (for example, new email or calendar updates) for on-premises
mailboxes through Office 365 to Outlook on the web for devices on the user's device.
Examples
-------------------------- Example 1 --------------------------
Enable-PushNotificationProxy -WhatIf
This example displays the status of the push notification proxy in the on-premises Exchange organization.
-------------------------- Example 2 --------------------------
Enable-PushNotificationProxy -Organization contoso.com
This example enables the push notification proxy in the on-premises Exchange organization by using the Office 365
organization contoso.com.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Organization
The Organization parameter specifies the domain name of the Office 365 organization. For example, contoso.com.
Type: String
Required: False
Position: Named
Default value: None
-Uri
The Uri parameter specifies the push notification service endpoint in Office 365. The default value is
https://outlook.office365.com/PushNotifications.
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Export-AutoDiscoverConfig
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Export-AutoDiscoverConfig cmdlet to create or
update a service connection point for an Autodiscover service pointer in a target Exchange forest. For information
(https://docs.microsoft.com/powershell/exchange/exchange-server/exchange-cmdlet-syntax).
Syntax
Export-AutoDiscoverConfig -TargetForestDomainController <String>
[-Confirm]
[-DeleteConfig <$true | $false>]
[-MultipleExchangeDeployments <$true | $false>]
[-PreferredSourceFqdn <Fqdn>]
[-SourceForestCredential <PSCredential>]
[-TargetForestCredential <PSCredential>]
Description
The Autodiscover Service Connection Point pointer resides Active Directory in the user account forest and includes
the LDAP URL of the resource forest that the client will use to locate the Autodiscover service in the resource
forest.
required to run any Exchange cmdlet (https://docs.microsoft.com/powershell/exchange/exchange-server/find-
exchange-cmdlet-permissions).
Examples
-------------------------- Example 1 --------------------------
Export-AutoDiscoverConfig -TargetForestDomainController contoso.com
This example creates a service connection point object to connect to contoso.com Active Directory forest so that
Outlook clients can automatically connect to their mailbox without having to set up a profile.
-------------------------- Example 2 --------------------------
Export-AutoDiscoverConfig -TargetForestDomainController dc.contoso.com -MultipleExchangeDeployments $true
This example specifies that Exchange is deployed in more than one Active Directory forest while establishing an
Autodiscover service connection point to the dc.contoso.com domain controller in contoso.com Active Directory
forest.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DeleteConfig
The DeleteConfig parameter causes the command to delete your configuration settings on the service connection
point object.

Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-MultipleExchangeDeployments
The MultipleExchangeDeployments parameter specifies whether multiple Exchange deployments exist. This setting
should be set to $true only if Exchange 2016 is deployed in more than one Active Directory forest, and the forests
are connected. If set to $true, the list of authoritative accepted domains for the source forest is written to the
Autodiscover service connection point object. Outlook 2010 clients use this object to select the most appropriate
forest to search for the Autodiscover service.
Required: False
Position: Named
Default value: None
-PreferredSourceFqdn
The PreferredSourceFqdn parameter specifies the FQDN of the Active Directory domain for the Autodiscover
pointer service connection point object.
Type: Fqdn
Required: False
Position: Named
Default value: None
-SourceForestCredential
The SourceForestCredential parameter specifies the credentials to use when connecting to the source forest.
Type: PSCredential
Required: False
Position: Named
Default value: None
-TargetForestCredential
The TargetForestCredential parameter specifies the credentials to use to connect to the target forest.
Type: PSCredential
Required: False
Position: Named
Default value: None
-TargetForestDomainController
The TargetForestDomainController parameter specifies the forest or domain controller that you want to export the
Autodiscover configuration to.
If the target domain controller requires signing, you'll get the error: "A more secure authentication method is
required for this server". Domain controllers that require signing aren't supported.
Type: String
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-CASMailbox
In ths Article
may be exclusive to one environment or the other. Use the Get-CASMailbox cmdlet to view the Client Access
settings that are configured on mailboxes. For information about the parameter sets in the Syntax section below,
Syntax
Get-CASMailbox [-Anr <String>]
[-ActiveSyncDebugLogging]
[-ActiveSyncSuppressReadReceipt]
[-Credential <PSCredential>]
[-Filter <String>]
[-Monitoring]
[-OrganizationalUnit <OrganizationalUnitIdParameter>]
[-ProtocolSettings]
[-ReadFromDomainController]
[-SortBy <String>]
[-ReadIsOptimizedForAccessibility]
[-RecalculateHasActiveSyncDevicePartnership] [<CommonParameters>]
Get-CASMailbox [[-Identity] <MailboxIdParameter>]

[-ActiveSyncDebugLogging]
[-ActiveSyncSuppressReadReceipt]
[-Filter <String>]
[-Monitoring]
[-ProtocolSettings]
[-SortBy <String>]
[-ReadIsOptimizedForAccessibility]
[-RecalculateHasActiveSyncDevicePartnership] [<CommonParameters>]
Description
This cmdlet returns a variety of client access settings for one or more mailboxes. These settings include options for
Outlook on the web, Exchange ActiveSync, POP3, and IMAP4.
Examples
-------------------------- Example 1 --------------------------
Get-CASMailbox "Jeff Hay"
This example returns the values of the following client access settings for the user named Jeff Hay.
ActiveSyncEnabled
OWAEnabled
PopEnabled
ImapEnabled
MapiEnabled
-------------------------- Example 2 --------------------------
Get-CASMailbox tony@contoso.com | Format-List Imap*
This example returns all IMAP4 settings for the user tony@contoso.com.
-------------------------- Example 3 --------------------------
Get-CASMailbox chris@contoso.com | Format-List Ews*
This example returns all Exchange Web Services settings for the user chris@contoso.com.
Parameters
-ActiveSyncDebugLogging
The ActiveSyncDebugLogging switch shows the actual value of the ActiveSyncDebugLogging property for the
mailbox. If you don't use this switch, the value always appears as $false.
To see this value, you need to use a formatting cmdlet. For example, Get-CasMailbox laura@contoso.com -
ActiveSyncDebugLogging | Format-List.
Required: False
Position: Named
Default value: None
-ActiveSyncSuppressReadReceipt
Required: False
Position: Named
Default value: None
-Anr
The Anr parameter specifies a string on which to perform an ambiguous name resolution (ANR ) search. You can
specify a partial string and search for objects with an attribute that matches that string. The default attributes
searched are:
CommonName (CN )
DisplayName
FirstName
LastName
Alias
Type: String
Required: False
Position: Named
Default value: None
-Credential
This parameter requires the creation and passing of a credential object. This credential object is created by using
the Get-Credential cmdlet. For more information, see Get-Credential (https://go.microsoft.com/fwlink/p/?
linkId=142122).
Type: PSCredential
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Filter
The Filter parameter uses OPATH filter syntax to filter the results by the specified properties and values. The search
criteria uses the syntax {<Property> -<Comparison operator> '<Value>'}.
<Property> is a filterable property.
-<Comparison Operator> is an OPATH comparison operator. For example -eq for equals and -like for string
comparison. For more information about comparison operators, see about_Comparison_Operators
(https://go.microsoft.com/fwlink/p/?LinkId=620712).
<Value> is the property value. Text values with or without spaces need to be enclosed in quotation marks
('<Value>'). Don't use quotation marks with integers or the system values $true, $false, or $null.
You can chain multiple search criteria together using the logical operators -and and -or. For example, {<Criteria1>)
-and <Criteria2>} or {(<Criteria1> -and <Criteria2>) -or <Criteria3>}.
You can filter by the following properties:
ActiveSyncAllowedDeviceIDs
ActiveSyncBlockedDeviceIDs
ActiveSyncDebugLogging
ActiveSyncEnabled
ActiveSyncMailboxPolicy
ActiveSyncSuppressReadReceipt
DisplayName
DistinguishedName
ECPEnabled
EmailAddresses
EwsApplicationAccessPolicy
EwsEnabled
ExchangeVersion
Guid
HasActiveSyncDevicePartnership
Id
ImapEnabled
LegacyExchangeDN
MAPIEnabled
Name
ObjectCategory
ObjectClass
OWAEnabled
OWAforDevicesEnabled
OwaMailboxPolicy
PopEnabled
PrimarySmtpAddress
SamAccountName
ServerLegacyDN
ServerName
WhenChanged
WhenChangedUTC
WhenCreated
WhenCreatedUTC
For more information, see Filterable properties for the -Filter parameter
Type: String
Required: False
Position: Named
Default value: None
-Identity
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: 1
Default value: None
-IgnoreDefaultScope
automatically.
accepted.
Required: False
Position: Named
Default value: None
-Monitoring
The Monitoring switch is required to return monitoring mailboxes in the results. You don't need to specify a value
with this switch.
Monitoring mailboxes are associated with managed availability and the Exchange Health Manager service, and
have a RecipientTypeDetails property value of MonitoringMailbox.
Required: False
Position: Named
Default value: None
-OrganizationalUnit
Name
Canonical name
GUID
Type: OrganizationalUnitIdParameter
Required: False
Position: Named
Default value: None
-ProtocolSettings
The ProtocolSettings switch returns the server names, TCP ports and encryption methods for the following
settings:
ExternalImapSettings
InternalImapSettings
ExternalPopSettings
InternalPopSettings
ExternalSmtpSettings
InternalSmtpSettings
To see these values, you need to use a formatting cmdlet. For example, Get-CasMailbox laura@contoso.com -
ProtocolSettings | Format-List.
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
-ReadIsOptimizedForAccessibility
The ReadIsOptimizedForAccessibility switch specifies whether to read the value of the IsOptimizedForAccessibility
property on the mailbox (whether the mailbox is configured to use the light version of Outlook on the web). You
Required: False
Position: Named
Default value: None
-RecalculateHasActiveSyncDevicePartnership
The RecalculateHasActiveSyncDevicePartnership switch recalculates the value of the
HasActiveSyncDevicePartnership property on the mailbox. The value is automatically updated if it's found to be
incorrect. You don't have to specify a value with this switch.
Required: False
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
-SortBy
The SortBy parameter specifies the property to sort the results by. You can sort by only one property at a time. The
results are sorted in ascending order.
If the default view doesn't include the property you're sorting by, you can append the command with | Format-Table
-Auto <Property1>,<Property2>... to create a new view that contains all of the properties that you want to see.
Wildcards (*) in the property names are supported.
You can sort by the following properties:
Name
DisplayName
ServerLegacyDN
Type: String
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-CASMailboxPlan
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-CASMailboxPlan cmdlet to view Client Access
services (CAS ) mailbox plans in cloud-based organizations. For information about the parameter sets in the Syntax
Syntax
Get-CASMailboxPlan [[-Identity] <MailboxPlanIdParameter>]
[-Filter <String>]
[-SortBy <String>] [<CommonParameters>]
Description
A CAS mailbox plan is tied to the corresponding mailbox plan that has the same name (and display name). Like
mailbox plans, CAS mailbox plans correspond to license types, and are applied to a mailbox when you license the
user. The availability of a CAS mailbox plan is determined by your selections when you enroll in the service and the
age of your organization.
Examples
-------------------------- Example 1 --------------------------
Get-CASMailboxPlan | Format-Table -Auto DisplayName,ActiveSyncEnabled,ImapEnabled,PopEnabled,OwaMailboxPolicy
This example returns a summary list of all CAS mailbox plans in the organization.
-------------------------- Example 2 --------------------------
Get-CASMailboxPlan -Identity ExchangeOnlineEnterprise
This example returns detailed information about the specified CAS mailbox plan.
Parameters
-Credential
Type: PSCredential
Required: False
Position: Named
Default value: None
-Filter
The Filter parameter indicates the OPath filter used to filter recipients.
For more information about the filterable properties, see Filterable properties for the -Filter parameter
Type: String
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the CAS mailbox plan that you want to view. You can use any value that uniquely
identifies the CAS mailbox plan. For example:
Name
GUID
The display name and name of the CAS mailbox plan is the same as the corresponding mailbox plan (for example,
ExchangeOnlineEnterprise and ExchangeOnlineEnterprise-<GUID>).
Type: MailboxPlanIdParameter
Required: False
Position: 1
Default value: None
-IgnoreDefaultScope
Required: False
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
-SortBy
You can sort by the following attributes:
DisplayName
Name
The results are sorted in ascending order.
Type: String
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
may be exclusive to one environment or the other. Use the Get-ClientAccessRule cmdlet to view client access rules.
Client access rules help you control access to your cloud-based organization based on the properties of the
connection. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Get-ClientAccessRule [[-Identity] <ClientAccessRuleIdParameter>] [-Confirm] [-DomainController <Fqdn>]
Description
Client access rules are like mail flow rules (also known as transport rules) for client connections to your
organization. You use conditions and exceptions to identify the connections based on their properties, and actions
that allow or block the connections.
Examples
-------------------------- Example 1 --------------------------
This example shows a summary list of all client access rules.

-------------------------- Example 2 --------------------------
Get-ClientAccessRule "Block Client Connections from 192.168.1.0/24" | Format-List
This example retrieves details about the client access rule named "Block Client Connections from 192.168.1.0/24".
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the client access rule that you want to view. You can use any value that uniquely
identifies the client access rule. For example:
Name
GUID
Type: ClientAccessRuleIdParameter
Required: False
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-ImapSettings
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-ImapSettings cmdlet to view the settings of the
Microsoft Exchange IMAP4 service on Exchange servers. This is the client access (frontend) IMAP4 service that
clients connect to. For information about the parameter sets in the Syntax section below, see Exchange cmdlet
Syntax
Get-ImapSettings [-DomainController <Fqdn>] [-Server <ServerIdParameter>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-IMAPSettings -Server MBX01
This example displays the settings and values of the Microsoft Exchange IMAP4 service that's running on the
server named MBX01.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Server
Name
FQDN
Exchange Legacy DN
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-MailboxCalendarConfiguration
In ths Article
may be exclusive to one environment or the other. Use the Get-MailboxCalendarConfiguration cmdlet to show the
calendar settings for a specified mailbox. For information about the parameter sets in the Syntax section below, see
Syntax
Get-MailboxCalendarConfiguration [-Identity] <MailboxIdParameter> [-DomainController <Fqdn>]
Description
The Get-MailboxCalendarConfiguration cmdlet returns settings for the calendar of the specified mailbox, including
the following:
Workdays: Days that appear in the calendar as work days in Outlook on the web
WorkingHoursStartTime: Time that the calendar work day starts
WorkingHoursEndTime: Time that the calendar work day ends
WorkingHoursTimeZone: Time zone set on the mailbox for the working hours start and end times
WeekStartDay: First day of the calendar work week
ShowWeekNumbers: Number for each week ranging from 1 through 52 for the calendar while in month view
in Outlook on the web
TimeIncrement: Increments in minutes in which the calendar displays time in Outlook on the web
RemindersEnabled: Whether Outlook on the web provides a visual cue when a calendar reminder is due
ReminderSoundEnabled: Whether a sound is played when a calendar reminder is due
DefaultReminderTime: Length of time before each meeting or appointment that the calendar in Outlook on the
web shows the reminder
To see all of the settings returned, pipeline the command to the Format-List command. To view a code sample, see
"Example 1."
Examples
-------------------------- Example 1 --------------------------
Get-MailboxCalendarConfiguration -Identity kai | Format-List
This example retrieves all the calendar settings for Kai's mailbox where the Identity parameter is specified in the
alias format.
-------------------------- Example 2 --------------------------
Get-MailboxCalendarConfiguration -Identity contoso\tony
This example uses the Identity parameter specified in the domain\account format and returns the calendar settings
for Tony's mailbox.
-------------------------- Example 3 --------------------------
Get-MailboxCalendarConfiguration -Identity kai -DomainController DC1
This example requests that the domain controller DC1 retrieves calendar settings for Kai's mailbox from Active
Directory.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-MailboxMessageConfiguration
In ths Article
may be exclusive to one environment or the other. Use the Get-MailboxMessageConfiguration cmdlet to view the
Outlook on the web settings that are applied to specific mailboxes. For information about the parameter sets in the
Syntax
Get-MailboxMessageConfiguration [-Identity] <MailboxIdParameter> [-Credential <PSCredential>]
Description
The Get-MailboxMessageConfiguration cmdlet shows Outlook on the web settings for the specified mailbox. These
settings are not used in Microsoft Outlook, Microsoft Exchange ActiveSync, or other email clients. These settings
are applied in Outlook on the web only. Settings that contain the word Mobile are applied in Microsoft Outlook on
the web for devices only.
Examples
-------------------------- Example 1 --------------------------
Get-MailboxMessageConfiguration tony@contoso.com
This example returns the Outlook on the web settings for Tony's mailbox.
-------------------------- Example 2 --------------------------
Get-MailboxMessageConfiguration tony@contoso.com -DomainController DC1
This example returns the Outlook on the web settings for Tony's mailbox and specifies the domain controller that's
used to get those settings.
Parameters
-Credential
The Credential parameter specifies the username and password to use to access the mailbox.
Type: PSCredential
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox. You can use any value that uniquely identifies the mailbox. For
example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
Required: False
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-MailboxRegionalConfiguration
In ths Article
may be exclusive to one environment or the other. Use the Get-MailboxRegionalConfiguration cmdlet to view the
regional settings of a mailbox. You can view the date format, time format, time zone, and language of the mailbox.
Syntax
Get-MailboxRegionalConfiguration [-Identity] <MailboxIdParameter> [-DomainController <Fqdn>]
[-VerifyDefaultFolderNameLanguage] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-MailboxRegionalConfiguration -Identity "Marcelo Teixeira"
This example returns the regional settings for Marcelo Teixeira's mailbox.
-------------------------- Example 2 --------------------------
Get-MailboxRegionalConfiguration -Identity "Ella Lack" -DomainController dc01.contoso.com
In on-premises Exchange, this example returns the regional settings for Ella Lack's mailbox by using the specified
domain controller.
-------------------------- Example 3 --------------------------
Get-MailboxRegionalConfiguration -Identity "Alice Jakobsen" -VerifyDefaultFolderNameLanguage | Format-List
This example returns the regional settings for Alice Jakobsen's mailbox and also indicates whether the default
folder names of the mailbox are localized in the locale that's specified for the mailbox. The important properties are
Language and DefaultFolderNameMatchingUserLanguage.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-VerifyDefaultFolderNameLanguage
The VerifyDefaultFolderNameLanguage switch verifies that the default folder names are localized in the language
that's specified for the mailbox (the Language property value). You don't need to specify a value with this switch.
The results are displayed in the DefaultFolderNameMatchingUserLanguage property. To see this property, you
need to pipeline the results of the command to the Format-List or Format-Table cmdlets. For example:
Get-MailboxRegionalConfiguration -Identity <MailboxIdentity> -VerifyDefaultFolderNameLanguage | Format-List
Or
Get-MailboxRegionalConfiguration -Identity <MailboxIdentity> -VerifyDefaultFolderNameLanguage | Format-
Table Language,DefaultFolderNameMatchingUserLanguage
If you view the DefaultFolderNameMatchingUserLanguage property without using the
VerifyDefaultFolderNameLanguage switch, the value is always $false, even if the default folder names are localized
in the language that's specified for the mailbox.
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-MailboxSpellingConfiguration
In ths Article
may be exclusive to one environment or the other. Use the Get-MailboxSpellingConfiguration cmdlet to retrieve the
Outlook on the web spelling checker settings of a specified user. For example, users can set their dictionary
language and configure the spelling checker to ignore mixed digits and words in all uppercase. For information
Syntax
Get-MailboxSpellingConfiguration [-Identity] <MailboxIdParameter> [-DomainController <Fqdn>]
Description
The Get-MailboxSpellingConfiguration cmdlet is primarily used to populate the spelling checker settings for end
users in Outlook on the web. Administrators can also view users' settings by running this cmdlet. The following
spelling checker settings are retrieved by the cmdlet for the specified mailbox:
Identity: This setting specifies the mailbox identity.
CheckBeforeSend: This setting specifies whether Outlook on the web checks the spelling of every message
when the user clicks Send in the new message form.
DictionaryLanguage: This setting specifies the dictionary language used when the spelling checker checks the
spelling in messages.
IgnoreMixedDigits: This setting specifies whether the spelling checker ignores words that contain numbers.
Examples
-------------------------- Example 1 --------------------------
Get-MailboxSpellingConfiguration -Identity Tony
This example retrieves the Outlook on the web options of user Tony.
-------------------------- Example 2 --------------------------
Get-MailboxSpellingConfiguration -Identity Tony -DomainController DC1
This example returns the Outlook on the web spelling checker options for Tony's mailbox by specifying domain
controller DC1 to get the information from Active Directory.
-------------------------- Example 3 --------------------------
Get-MailboxSpellingConfiguration -Identity contoso\tony
This example returns the Outlook on the web spelling checker options for Tony's mailbox by specifying the identity
of the mailbox in the format domain\account.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-OutlookProvider
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-OutlookProvider cmdlet to obtain the global
settings from the AutoDiscoverConfig object under the Global Settings object in Active Directory. For information
Syntax
Get-OutlookProvider [[-Identity] <OutlookProviderIdParameter>]
Description
The Get-OutlookProvider cmdlet gets the global settings from the AutoDiscoverConfig object in Active Directory
and returns an OutlookProvider object to be managed in the Exchange admin center.
Examples
-------------------------- Example 1 --------------------------
Get-OutlookProvider
This example returns a summary list of all available Outlook providers.

-------------------------- Example 2 --------------------------
Get-OutlookProvider -Identity WEB | Format-List
This example returns detailed information for the Outlook provider named WEB.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the ADIDParameter value of the MAPI protocol that you want to view. Typical
values are:
EXCH
EXPR
WEB
Type: OutlookProviderIdParameter
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
may be exclusive to one environment or the other. Use the Get-OwaMailboxPolicy cmdlet to view Outlook on the
web mailbox policies in the organization. For information about the parameter sets in the Syntax section below, see
Syntax
Get-OwaMailboxPolicy [[-Identity] <MailboxPolicyIdParameter>]
Description
Examples
-------------------------- Example 1 --------------------------
This example retrieves a summary list of all mailbox policies in the organization.
-------------------------- Example 2 --------------------------
Get-OwaMailboxPolicy -Identity Executives | Format-List
This example retrieves detailed information for the mailbox policy named Executives.
-------------------------- Example 3 --------------------------
Get-OwaMailboxPolicy -Identity Proseware\Contoso\Corporate
This example retrieves the information for the mailbox policy named Corporate for the tenant Contoso in the
organization Proseware.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox policy that you want to view. You can use any value that uniquely
Name
GUID
Type: MailboxPolicyIdParameter
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-PopSettings
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-POPSettings cmdlet to view the configuration
of the Microsoft Exchange POP3 service. This service exists on Exchange servers that have the Client Access server
role installed and is used by POP3 clients to connect to Exchange. For information about the parameter sets in the
Syntax
Get-PopSettings [-DomainController <Fqdn>] [-Server <ServerIdParameter>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-POPSettings
This example returns a summary list of the configuration of the Microsoft Exchange POP3 service on the local
server.
-------------------------- Example 2 --------------------------
Get-POPSettings -Server MBX01 | Format-List
This example returns detailed information for the Microsoft Exchange POP3 service on the server named MBX01.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Server
Name
FQDN
Exchange Legacy DN
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-TextMessagingAccount
In ths Article
may be exclusive to one environment or the other. Use the Get-TextMessagingAccount cmdlet to view the text
notification settings on mailboxes. For information about the parameter sets in the Syntax section below, see
Syntax
Get-TextMessagingAccount [-Identity] <MailboxIdParameter>
Description
Examples
-------------------------- Example 1 --------------------------
Get-TextMessagingAccount -Identity tony@contoso.com
This example returns the text messaging settings for Tony's mailbox.
-------------------------- Example 2 --------------------------
$mbx = Get-Mailbox -RecipientTypeDetails UserMailbox -ResultSize Unlimited

$mbx | foreach {Get-TextMessagingAccount -Identity $_.Alias | where {($_.NotificationPhoneNumberVerified -eq
$true)} | Format-Table Identity,NotificationPhoneNumber}
This example finds all user mailboxes where text messaging notifications are enabled.
Parameters
-Credential
Type: PSCredential
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
Required: False
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-ClientAccessRule
In ths Article
may be exclusive to one environment or the other. Use the New -ClientAccessRule cmdlet to create client access
rules. Client access rules help you control access to your organization based on the properties of the connection.
Syntax
New-ClientAccessRule [-Name] <String> -Action <AllowAccess | DenyAccess>
[-AnyOfAuthenticationTypes <MultiValuedProperty>]
[-AnyOfClientIPAddressesOrRanges <MultiValuedProperty>]
[-AnyOfProtocols <MultiValuedProperty>]
[-Confirm]
[-ExceptAnyOfAuthenticationTypes <MultiValuedProperty>]
[-ExceptAnyOfClientIPAddressesOrRanges <MultiValuedProperty>]
[-ExceptAnyOfProtocols <MultiValuedProperty>]
[-ExceptUsernameMatchesAnyOfPatterns <MultiValuedProperty>]
[-Priority <Int32>] [-Scope <All | Users>]
[-UsernameMatchesAnyOfPatterns <MultiValuedProperty>]
[-UserRecipientFilter <String>]
Description
Note: Currently, not all authentication types are supported for all protocols. The supported authentication types per
protocol are described in this list:
OutlookWebApp: BasicAuthentication and AdfsAuthentication.
ExchangeAdminCenter: BasicAuthentication and AdfsAuthentication.
RemotePowerShell: BasicAuthentication and NonBasicAuthentication.
ExchangeActiveSync: BasicAuthentication, OAuthAuthentication, and CertificateBasedAuthentication.
Examples
-------------------------- Example 1 --------------------------
New-ClientAccessRule -Name AllowRemotePS -Action Allow -AnyOfProtocols RemotePowerShell -Priority 1
This example creates a highest priority rule that allows access to remote PowerShell. This rule is an important
safeguard to preserve access to your organization. Without this rule, if you create rules that block your access to
remote PowerShell, or that block all protocols for everyone, you'll lose the ability to fix the rules yourself (you'll
need to call Microsoft Customer Service and Support).
-------------------------- Example 2 --------------------------
New-ClientAccessRule -Name "Block ActiveSync" -Action DenyAccess -AnyOfProtocols ExchangeActiveSync -

ExceptAnyOfClientIPAddressesOrRanges 192.168.10.1/24
This example creates a new client access rule named Block ActiveSync that blocks access for Exchange ActiveSync
clients, except for clients in the IP address range 192.168.10.1/24.
Parameters
-Action
The Action parameter specifies the action for the client access rule. Valid values for this parameter are AllowAccess
and DenyAccess.
Type: AllowAccess | DenyAccess

Required: True
Position: Named
Default value: None
-AnyOfAuthenticationTypes
This parameter is available only in the cloud-based service.
The AnyOfAuthenticationTypes parameter specifies a condition for the client access rule that's based on the client's
authentication type.
Valid values for this parameter are:
AdfsAuthentication
BasicAuthentication
CertificateBasedAuthentication
NonBasicAuthentication
OAuthAuthentication
You can enter multiple values separated by commas. Don't use quotation marks.
Required: False
Position: Named
Default value: None
-AnyOfClientIPAddressesOrRanges
The AnyOfClientIPAddressesOrRanges parameter specifies a condition for the client access rule that's based on the
client's IP address. Valid values for this parameter are:
A single IP address: For example, 192.168.1.1.
An IP address range: For example, 192.168.0.1-192.168.0.254.
Classless Inter-Domain Routing (CIDR ) IP: For example, 192.168.3.1/24.
You can enter multiple values separated by commas.
Required: False
Position: Named
Default value: None
-AnyOfProtocols
The AnyOfProtocols parameter specifies a condition for the client access rule that's based on the client's protocol.
ExchangeActiveSync
ExchangeAdminCenter
ExchangeWebServices
IMAP4
OfflineAddressBook
OutlookAnywhere
OutlookWebApp
POP3
PowerShellWebServices
RemotePowerShell
REST
UniversalOutlook (Mail and Calendar app)
Note: In Exchange 2019, the only supported values are ExchangeAdminCenter and RemotePowerShell.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter specifies whether the client access rule is enabled or disabled. Valid values for this
parameter are $true or $false. The default value is $true.

Required: False
Position: Named
Default value: None
-ExceptAnyOfAuthenticationTypes
The ExceptAnyOfAuthenticationTypes parameter specifies an exception for the client access rule that's based on the
client's authentication type.
AdfsAuthentication
BasicAuthentication
OAuthAuthentication
Required: False
Position: Named
Default value: None
-ExceptAnyOfClientIPAddressesOrRanges
The ExceptAnyOfClientIPAddressesOrRanges parameter specifies an exception for the client access rule that's
based on the client's IP address. Valid values for this parameter are:
Required: False
Position: Named
Default value: None
-ExceptAnyOfProtocols
The ExceptAnyOfProtocols parameter specifies an exception for the client access rule that's based on the client's
protocol.
ExchangeActiveSync
ExchangeAdminCenter
ExchangeWebServices
IMAP4
OfflineAddressBook
OutlookAnywhere
OutlookWebApp
POP3
RemotePowerShell
REST
Required: False
Position: Named
Default value: None
-ExceptUsernameMatchesAnyOfPatterns
The ExceptUsernameMatchesAnyOfPatterns parameter specifies an exception for the client access rule that's based
on the user's account name in the format <Domain>\<UserName> (for example, contoso.com\jeff). This
parameter accepts text and the wildcard character (*) (for example, *jeff*, but not jeff*). Non-alphanumeric
characters don't require an escape character.
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies a unique name for the client access rule.
Type: String
Required: True
Position: 1
Default value: None
-Priority
value.
Type: Int32
Required: False
Position: Named
Default value: None
-Scope
The Scope parameter specifies the scope of the client access rule. Valid values are:
Users: The rule only applies to end-user connections.
All: The rule applies to all connections (end-users and middle-tier apps).
Type: All | Users

Required: False
Position: Named
Default value: None
-UsernameMatchesAnyOfPatterns
The UsernameMatchesAnyOfPatterns parameter specifies a condition for the client access rule that's based on the
user's account name in the format <Domain>\<UserName> (for example, contoso.com\jeff). This parameter
accepts text and the wildcard character (*) (for example, *jeff*, but not jeff*). Non-alphanumeric characters don't
require an escape character. This parameter does not work with the -AnyOfProtocols UniversalOutlook parameter.
Required: False
Position: Named
Default value: None
Accept wildcard characters: True
-UserRecipientFilter
The UserRecipientFilter parameter specifies a condition for the client access rule that uses OPath filter syntax to
identify the user. For example, {City -eq "Redmond"}. The filterable attributes that you can use with this parameter
are:
City
Company
CountryOrRegion
CustomAttribute1 to CustomAttribute15
Department
Office
PostalCode
StateOrProvince
StreetAddress
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-OutlookProvider
In ths Article
This cmdlet is available only in on-premises Exchange. Use the New -OutlookProvider cmdlet to create the
AutoDiscoverConfig object and then populate the object with relevant settings. For information about the
Syntax
New-OutlookProvider [-Name] <String> [-Confirm] [-DomainController <Fqdn>] [-WhatIf] [<CommonParameters>]
Description
The New -OutlookProvider cmdlet creates the AutoDiscoverConfig object under the Global Settings object in
Active Directory and sets the attributes specified.
Examples
-------------------------- Example 1 --------------------------
New-OutlookProvider -Name MyOABUrl
This example creates the AutoDiscoverConfig object MyOABUrl.

-------------------------- Example 2 --------------------------
New-OutlookProvider -DomainController DC1 -Name Autodiscover1
This example creates the AutoDiscoverConfig object Autodiscover1 and the specified domain controller writes the
change to Active Directory.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Name
The Name parameter provides the common name of the AutoDiscoverConfig object. This can be a user-friendly
name for identification.
Type: String
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-OwaMailboxPolicy
In ths Article
may be exclusive to one environment or the other. Use the New -OwaMailboxPolicy cmdlet to create Outlook on the
web mailbox policies. For information about the parameter sets in the Syntax section below, see Exchange cmdlet
Syntax
New-OwaMailboxPolicy [-Name] <String> [-Confirm] [-DomainController <Fqdn>]
[-WhatIf] [-IsDefault] [<CommonParameters>]
Description
Use the Set-OwaMailboxPolicy cmdlet to configure the new policy.
Changes to Outlook on the web mailbox polices may take up to 60 minutes to take effect. In on-premises Exchange,
you can force an update by restarting IIS (Stop-Service WAS -Force and Start-Service W3SVC ).
Examples
-------------------------- Example 1 --------------------------
New-OwaMailboxPolicy -Name Corporate
This example creates the Outlook on the web mailbox policy named Corporate.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-IsDefault
The IsDefault switch specifies whether the policy is the default policy. You don't need to specify a value with this
switch.
If another policy is currently set as the default, using this switch replaces the old default policy with this policy.
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies a name for the new policy.
Type: String
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-ClientAccessRule
In ths Article
may be exclusive to one environment or the other. Use the Remove-ClientAccessRule cmdlet to remove client
access rules. Client access rules help you control access to your cloud-based organization based on the properties
of the connection. For information about the parameter sets in the Syntax section below, see Exchange cmdlet
Syntax
Remove-ClientAccessRule [-Identity] <ClientAccessRuleIdParameter>
[-Confirm]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-ClientAccessRule "Block Client Connections from 192.168.1.0/24"
This example removes the existing client access rule named "Block Connections from 192.168.1.0/24".
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the client access rule that you want to remove. You can use any value that uniquely
Name
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-OutlookProvider
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Remove-OutlookProvider cmdlet to delete the
AutoDiscoverConfig object from Active Directory. For information about the parameter sets in the Syntax section
Syntax
Remove-OutlookProvider [-Identity] <OutlookProviderIdParameter> [-Confirm] [-DomainController <Fqdn>] [-WhatIf]
Description
The Remove-OutlookProvider cmdlet deletes the AutoDiscoverConfig object under the Global Settings object in
Active Directory.
Examples
-------------------------- Example 1 --------------------------
Remove-OutlookProvider -Identity "Test Object"
This example deletes the AutoDiscoverConfig object named Test Object from Active Directory.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the AutoDiscoverConfig object to remove from Active Directory.
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-OwaMailboxPolicy
In ths Article
may be exclusive to one environment or the other. Use the Remove-OwaMailboxPolicy cmdlet to remove Outlook
on the web mailbox policies from the organization. For information about the parameter sets in the Syntax section
Syntax
Remove-OwaMailboxPolicy [-Identity] <MailboxPolicyIdParameter> [-Confirm] [-DomainController <Fqdn>] [-Force]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-OwaMailboxPolicy -Identity Executives
This example removes the mailbox policy named Executives.

-------------------------- Example 2 --------------------------
Remove-OwaMailboxPolicy -Identity Fabrikam\Employees
This example removes the mailbox policy named Employees for the organization Fabrikam.
-------------------------- Example 3 --------------------------
Remove-OwaMailboxPolicy -Identity Litware\Contoso\Corporate
This example removes the mailbox policy named Corporate for the tenant Contoso in the organization Litware.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox policy that you want to remove. You can use any value that uniquely
Name
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Send-TextMessagingVerificationCode
In ths Article
may be exclusive to one environment or the other. Use the Send-TextMessagingVerificationCode cmdlet to send a
text messaging verification as part of configuring text message notifications on the mailbox. For information about
Syntax
Send-TextMessagingVerificationCode [[-Identity] <MailboxIdParameter>] [-Confirm] [-DomainController <Fqdn>]
Description
The Send-TextMessagingVerificationCode cmdlet generates a verification code and sends it to a user's mobile
phone.
This cmdlet returns an error if the user requests a verification code more than three times within a 24-hour period.
Examples
-------------------------- Example 1 --------------------------
Send-TextMessagingVerificationCode -Identity "TonySmith"
This example sends the text messaging verification code to Tony Smith's mobile phone.
-------------------------- Example 2 --------------------------
Send-TextMessagingVerificationCode -Identity "TonySmith" -Confirm $true
This example sends the text messaging verification code to Tony Smith's mobile phone after confirmation is given.
-------------------------- Example 3 --------------------------
Send-TextMessagingVerificationCode -Identity "tony@contoso.com"
This example sends the text messaging verification code to Tony Smith's mobile phone.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox where you are trying to enable text messaging notifications. You can
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-CASMailbox
In ths Article
may be exclusive to one environment or the other. Use the Set-CASMailbox cmdlet to configure client access
settings on a mailbox. For example, you can configure settings for Exchange ActiveSync, Outlook, Outlook on the
web, POP3, and IMAP4. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Set-CASMailbox [-Identity] <MailboxIdParameter>
[-ActiveSyncAllowedDeviceIDs <MultiValuedProperty>]
[-ActiveSyncBlockedDeviceIDs <MultiValuedProperty>]
[-ActiveSyncDebugLogging <$true | $false>]
[-ActiveSyncEnabled <$true | $false>]
[-ActiveSyncMailboxPolicy <MailboxPolicyIdParameter>]
[-ActiveSyncSuppressReadReceipt <$true | $false>]
[-Confirm]
[-DisplayName <String>]
[-ECPEnabled <$true | $false>]
[-EmailAddresses <ProxyAddressCollection>]
[-EmwsEnabled <$true | $false>]
[-EwsAllowEntourage <$true | $false>]
[-EwsAllowList <MultiValuedProperty>]
[-EwsAllowMacOutlook <$true | $false>]
[-EwsAllowOutlook <$true | $false>]
[-EwsApplicationAccessPolicy <EnforceAllowList | EnforceBlockList>]
[-EwsBlockList <MultiValuedProperty>]
[-EwsEnabled <$true | $false>]
[-HasActiveSyncDevicePartnership <$true | $false>]
[-ImapEnabled <$true | $false>]
[-ImapEnableExactRFC822Size <$true | $false>]
[-ImapMessagesRetrievalMimeFormat <TextOnly | HtmlOnly | HtmlAndTextAlternative | TextEnrichedOnly |
TextEnrichedAndTextAlternative | BestBodyFormat | Tnef>]
[-ImapForceICalForCalendarRetrievalOption <$true | $false>]
[-ImapSuppressReadReceipt <$true | $false>]
[-ImapUseProtocolDefaults <$true | $false>]
[-IsOptimizedForAccessibility <$true | $false>]
[-MAPIBlockOutlookExternalConnectivity <$true | $false>]
[-MAPIBlockOutlookNonCachedMode <$true | $false>]
[-MAPIBlockOutlookRpcHttp <$true | $false>]
[-MAPIBlockOutlookVersions <String>]
[-MAPIEnabled <$true | $false>]
[-MapiHttpEnabled <$true | $false>]
[-Name <String>]
[-OutlookMobileEnabled <$true | $false>]
[-OWAEnabled <$true | $false>]
[-OWAforDevicesEnabled <$true | $false>]
[-OwaMailboxPolicy <MailboxPolicyIdParameter>]
[-PopEnabled <$true | $false>]
[-PopEnableExactRFC822Size <$true | $false>]
[-PopForceICalForCalendarRetrievalOption <$true | $false>]
[-PopMessagesRetrievalMimeFormat <TextOnly | HtmlOnly | HtmlAndTextAlternative | TextEnrichedOnly |
[-PopSuppressReadReceipt <$true | $false>]
[-PopUseProtocolDefaults <$true | $false>]
[-PrimarySmtpAddress <SmtpAddress>]
[-PublicFolderClientAccess <$true | $false>]
[-ResetAutoBlockedDevices]
[-SamAccountName <String>]
[-ShowGalAsDefaultView <$true | $false>]
[-SmtpClientAuthenticationDisabled <$true | $false>]
[-UniversalOutlookEnabled <$true | $false>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-CASMailbox adam@contoso.com -OWAEnabled $false -PopEnabled $false
This example disables Outlook on the web and POP3 access for the user adam@contoso.com.
-------------------------- Example 2 --------------------------
Set-CASMailbox adam@contoso.com -ActiveSyncDebugLogging $true -ActiveSyncMailboxPolicy Management
This example enables Exchange ActiveSync debug logging and specifies the Exchange ActiveSync mailbox policy
named Management for the user adam@contoso.com.
-------------------------- Example 3 --------------------------
Set-CASMailbox tony@contoso.com -DisplayName "Tony Smith" -MAPIBlockOutlookRpcHttp $true
This example sets the display name and disables Outlook Anywhere access for the user tony@contoso.com.
Parameters
-ActiveSyncAllowedDeviceIDs
TheActiveSyncAllowedDeviceIDs parameter specifies one or more Exchange ActiveSync device IDs that are
allowed to synchronize with the mailbox. A device ID is a text string that uniquely identifies the device. Use the Get-
MobileDevice cmdlet to see the devices that have Exchange ActiveSync partnerships with the mailbox.
To clear the list of device IDs, use the value $null for this parameter.
Required: False
Position: Named
Default value: None
-ActiveSyncBlockedDeviceIDs
The ActiveSyncBlockedDeviceIDs parameter specifies one or more Exchange ActiveSync device IDs that aren't
allowed to synchronize with the mailbox. A device ID is a text string that uniquely identifies the device. Use the Get-
MobileDevice cmdlet to see the devices that have Exchange ActiveSync partnerships with the mailbox.
To clear the list of device IDs, use the value $null for this parameter.
Required: False
Position: Named
Default value: None
-ActiveSyncDebugLogging
The ActiveSyncDebugLogging parameter enables or disables Exchange ActiveSync debug logging for the mailbox.
Valid input for this parameter is $true or $false. The default value is $false.
This parameter is primarily for troubleshooting and will revert to $false in 48 hours for Exchange Online, and in 72
hours for Exchange Server.

Required: False
Position: Named
Default value: None
-ActiveSyncEnabled
The ActiveSyncEnabled parameter enables or disables Exchange ActiveSync for the mailbox. Valid input for this
parameter is $true or $false. The default value is $true. When you set this parameter to $false, the other Exchange
ActiveSync settings in this cmdlet are ignored.

Required: False
Position: Named
Default value: None
-ActiveSyncMailboxPolicy
The ActiveSyncMailboxPolicy parameter specifies the Exchange ActiveSync mailbox policy for the mailbox. You can
use any value that uniquely identifies the Exchange ActiveSync mailbox policy. For example:
Name
GUID
The name of the default Exchange ActiveSync mailbox policy is Default.
Required: False
Position: Named
Default value: None
-ActiveSyncSuppressReadReceipt
The ActiveSyncSuppressReadReceipt parameter controls the behavior of read receipts for Exchange ActiveSync
clients that access the mailbox. Valid values are:
$true: The user receives a read receipt when the recipient opens the message.
$false: The user receives two read receipts: one when the message is downloaded and another when the
message is opened. This is the default value.

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DisplayName
The DisplayName parameter specifies the display name of the mailbox. The display name is visible in the Exchange
admin center and in address lists. The maximum length is 256 characters. If the value contains spaces, enclose the
Type: String
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-ECPEnabled
The ECPEnabled parameter enables or disables access to the Exchange admin center (EAC ) for the specified user.
Valid input for this parameter is $true or $false. The default value is $true.

Required: False
Position: Named
Default value: None
-EmailAddresses
The EmailAddresses parameter specifies all the email addresses (proxy addresses) for the recipient, including the
primary SMTP address. In on-premises Exchange organizations, the primary SMTP address and other proxy
addresses are typically set by email address policies. However, you can use this parameter to configure other proxy
addresses for the recipient. For more information, see Email address policies in Exchange 2016
Valid syntax for this parameter is <Type>:<emailaddress1>,<Type>:<emailaddress2>,...<Type>:<emailaddressN>.

The optional <Type> value specifies the type of email address. Some examples of valid values include:
SMTP: The primary SMTP address. You can use this value only once in a command.
smtp: Other SMTP email addresses.
X400: X.400 addresses in on-premises Exchange.
If you don't include a <Type> value for an email address, the value smtp is assumed. Note that Exchange doesn't
validate the syntax of custom address types (including X.400 addresses). Therefore, you need to verify that any
custom addresses are formatted correctly.
To specify the primary SMTP email address, you can use any of the following methods:
Use the <Type> value SMTP on the address.
The first email address when you don't use any <Type> values, or when you use multiple <Type> values of
smtp.
Use the PrimarySmtpAddress parameter instead. You can't use the EmailAddresses parameter and the
PrimarySmtpAddress parameter in the same command.
To replace all existing proxy email addresses with the values you specify, use the following syntax: "<Type>:
<emailaddress1>","<Type>:<emailaddress2>",..."<Type>:<emailaddressN>".
To add or remove specify proxy addresses without affecting other existing values, use the following syntax:
@{Add="<Type>:<emailaddress1>","<Type>:<emailaddress2>",...; Remove="<Type>:<emailaddress2>","<Type>:
<emailaddress2>",...}.
Type: ProxyAddressCollection
Required: False
Position: Named
Default value: None
-EmwsEnabled
This parameter is available or functional only in Exchange Server 2010.
The EmwsEnabled parameter specifies whether the Exchange Management Web Service is enabled on this Client
Access server.

Required: False
Position: Named
Default value: None
-EwsAllowEntourage
The EwsAllowEntourage parameter enables or disables access to the mailbox by Microsoft Entourage clients that
use Exchange Web Services (for example, Entourage 2008 for Mac, Web Services Edition).

Required: False
Position: Named
Default value: None
-EwsAllowList
The EwsAllowList parameter specifies the Exchange Web Services applications (user agent strings) that are allowed
to access the mailbox.
This parameter is meaningful only when the EwsEnabled parameter is set to $true, and the
EwsApplicationAccessPolicy parameter is set to EnforceAllowList.
Required: False
Position: Named
Default value: None
-EwsAllowMacOutlook
The EwsAllowMacOutlook parameter enables or disables access to the mailbox by Outlook for Mac clients that use
Exchange Web Services (for example, Outlook for Mac 2011 or later).

Required: False
Position: Named
Default value: None
-EwsAllowOutlook
The EwsAllowOutlook parameter enables or disables access to the mailbox by Outlook clients that use Exchange
Web Services. Outlook uses Exchange Web Services for free/busy, out-of-office settings, and calendar sharing.

Required: False
Position: Named
Default value: None
-EwsApplicationAccessPolicy
The EwsApplicationAccessPolicy parameter controls access to the mailbox by using Exchange Web Services
applications.
EnforceAllowList: Only applications specified in the EwsAllowList parameter are allowed to access the mailbox.
EnforceBlockList: Applications specified in the EwsBlockList parameter aren't allowed to access the mailbox, but
any other applications can access the mailbox.
This parameter doesn't affect access to the mailbox by using Entourage, Outlook for Mac, and Outlook. Access to
the mailbox by using these clients is controlled by the EwsAllowEntourage, EwsAllowMacOutlook and
EwsAllowOutlook parameters.
Type: EnforceAllowList | EnforceBlockList

Required: False
Position: Named
Default value: None
-EwsBlockList
The EwsBlockList parameter specifies the Exchange Web Services applications (user agent strings) that aren't
allowed to access the mailbox by using Exchange Web Services.
This parameter is meaningful only when the EwsEnabled parameter is set to $true, and the
EwsApplicationAccessPolicy parameter is set to EnforceBlockList.
Required: False
Position: Named
Default value: None
-EwsEnabled
The EwsEnabled parameter enables or disables access to the mailbox by using Exchange Web Services clients.
Valid input for this parameter is $true or $false. The default value is $true. Note that when you set this parameter to
$false, the other Exchange Web Services settings in this cmdlet are ignored.

Required: False
Position: Named
Default value: None
-HasActiveSyncDevicePartnership
The HasActiveSyncDevicePartnership parameter specifies whether the mailbox has an ActiveSync device
partnership established.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox that you want to configure. You can use any value that uniquely
identifies the mailbox. For example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-IgnoreDefaultScope
automatically.
accepted.
Required: False
Position: Named
Default value: None
-ImapEnabled
The ImapEnabled parameter enables or disables access to the mailbox by using IMAP4 clients.
$false, the other IMAP4 settings in this cmdlet are ignored.

Required: False
Position: Named
Default value: None
-ImapEnableExactRFC822Size
The ImapEnableExactRFC822Size parameter specifies how message sizes are presented to IMAP4 clients that
access the mailbox.
$true: Calculate the exact message size.
$false: Use an estimated message size.
The default value is $false.
We don't recommend changing this value unless you determine that the default setting causes problems for IMAP4
clients. To change the value of this parameter, you also need to set the value of the ImapUseProtocolDefaults
parameter to $false.

Required: False
Position: Named
Default value: None
-ImapForceICalForCalendarRetrievalOption
The ImapForceICalForCalendarRetrievalOption parameter specifies how meeting requests are presented to IMAP4
clients that access the mailbox.
$true: All meeting requests are in the iCal format.
$false: All meeting requests appear as Outlook on the web links.
To change the value of this parameter, you also need to set the value of the ImapUseProtocolDefaults parameter to
$false.

Required: False
Position: Named
Default value: None
-ImapMessagesRetrievalMimeFormat
The ImapMessagesRetrievalMimeFormat parameter specifies the message format for IMAP4 clients that access
the mailbox. You can use an integer or a text value. Valid values are:
0: TextOnly
1: HtmlOnly
2: HtmlAndTextAlternative
3: TextEnrichedOnly
4: TextEnrichedAndTextAlternative
5: BestBodyFormat
6: Tnef
The default value is BestBodyFormat.
$false.
Type: TextOnly | HtmlOnly | HtmlAndTextAlternative | TextEnrichedOnly | TextEnrichedAndTextAlternative |

BestBodyFormat | Tnef
Required: False
Position: Named
Default value: None
-ImapSuppressReadReceipt
The ImapSuppressReadReceipt parameter controls the behavior of read receipts for IMAP4 clients that access the
mailbox.
message is opened.
$false.
Required: False
Position: Named
Default value: None
-ImapUseProtocolDefaults
The ImapUseProtocolDefaults parameter specifies whether to use the IMAP4 protocol defaults for the mailbox.
You need to set the ImapUseProtocolDefaults parameter to $false when you use any of the following IMAP4
parameters:
ImapEnableExactRFC822Size
ImapForceICalForCalendarRetrievalOption
ImapMessagesRetrievalMimeFormat
ImapSuppressReadReceipt

Required: False
Position: Named
Default value: None
-IsOptimizedForAccessibility
The IsOptimizedForAccessibility parameter specifies whether the mailbox is configured to use the light version of
Outlook on the web. Valid values are:
$true: The mailbox is configured to use the light version of Outlook on the web.
$false: The mailbox isn't configured to use the light version of Outlook on the web.

Required: False
Position: Named
Default value: None
-MAPIBlockOutlookExternalConnectivity
The MAPIBlockOutlookExternalConnectivity parameter enables or disables external access to the mailbox in
Outlook by removing the external URLs from the Autodiscover response. This setting affects Outlook Anywhere,
MAPI over HTTP, and Exchange Web Services (EWS ). Valid values are:
$true: External Outlook clients can't use Outlook Anywhere, MAPI over HTTP, or EWS to access the mailbox.
$false: External Outlook clients can use Outlook Anywhere, MAPI over HTTP, or EWS to access the mailbox.
Note: If your organization uses the same Autodiscover URL values for internal and external clients, setting this
parameter to $true won't block access for external clients.

Required: False
Position: Named
Default value: None
-MAPIBlockOutlookNonCachedMode
The MAPIBlockOutlookNonCachedMode parameter controls access to the mailbox by using Outlook in online or
offline mode.
$true: Only Outlook clients that are configured to use Cached Exchange Mode (offline mode) are allowed to
access the mailbox.
$false: The state of the Cached Exchange Mode setting isn't checked before Outlook clients are allowed to
access the mailbox (online mode and offline mode are allowed).

Required: False
Position: Named
Default value: None
-MAPIBlockOutlookRpcHttp
The MAPIBlockOutlookRpcHttp parameter enables or disables access to the mailbox in Outlook by using Outlook
Anywhere. Valid values are:
$true: Access to the mailbox by using Outlook Anywhere is disabled.
$false: Access to the mailbox by using Outlook Anywhere is enabled. This is the default value.

Required: False
Position: Named
Default value: None
-MAPIBlockOutlookVersions
The MAPIBlockOutlookVersions parameter blocks access to the mailbox for specific versions of Outlook.
For example, if you specify the value 15.0.4569.1503, only Outlook 2013 Service Pack 1 (SP1) or later clients are
allowed to access the mailbox. Earlier versions of Outlook are blocked.
The default value is blank. To reset this parameter, use the value $null.
Type: String
Required: False
Position: Named
Default value: None
-MAPIEnabled
The MAPIEnabled parameter enables or disables access to the mailbox by using MAPI clients (for example,
Outlook).
$false, the other MAPI settings in this cmdlet are ignored.

Required: False
Position: Named
Default value: None
-MapiHttpEnabled
The MapiHttpEnabled parameter enables or disables access to the mailbox in Outlook by using MAPI over HTTP.
Valid values are:
$true: Access to the mailbox by using MAPI over HTTP is enabled.
$false: Access to the mailbox by using MAPI over HTTP is disabled.
$null (blank): The setting isn't configured. The mailbox uses the organization setting for MAPI over HTTP (the
MapiHttpEnabled parameter on the Set-OrganizationConfig cmdlet). This is the default value.

Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the unique name of the mailbox. The maximum length is 64 characters. If the value
contains spaces, enclose the value in quotation marks (").
Type: String
Required: False
Position: Named
Default value: None
-OutlookMobileEnabled
The OutlookMobileEnabled parameter enables or disables access to the mailbox by using Outlook for iOS and
Android. Valid values are:
$true: Access to the mailbox using Outlook for iOS and Android is enabled. This is the default value.
$false: Access to the mailbox using Outlook for iOS and Android is disabled.

Required: False
Position: Named
Default value: None
-OWAEnabled
The OWAEnabled parameter enables or disables access to the mailbox by using Outlook on the web.
$false, the other Outlook on the web settings in this cmdlet are ignored.

Required: False
Position: Named
Default value: None
-OWAforDevicesEnabled
The OWAforDevicesEnabled parameter enables or disables access to the mailbox by using Outlook on the web for
devices.

Required: False
Position: Named
Default value: None
-OwaMailboxPolicy
The OwaMailboxPolicy parameter specifies the Outlook on the web mailbox policy for the mailbox. You can use any
value that uniquely identifies the Outlook on the web mailbox policy. For example:
Name
GUID
The name of the default Outlook on the web mailbox policy is Default.
Required: False
Position: Named
Default value: None
-PopEnabled
The PopEnabled parameter enables or disables access to the mailbox by using POP3 clients.
$false, the other POP3 settings in this cmdlet are ignored.

Required: False
Position: Named
Default value: None
-PopEnableExactRFC822Size
The PopEnableExactRFC822Size parameter specifies how message sizes are presented to POP3 clients that access
the mailbox.
$true: Calculate the exact message size.
$false: Use an estimated message size.
We don't recommend changing this value unless you determine that the default setting causes problems for POP3
clients. To change the value of this parameter, you also need to set the value of the PopUseProtocolDefaults
parameter to $false.

Required: False
Position: Named
Default value: None
-PopForceICalForCalendarRetrievalOption
The PopForceICalForCalendarRetrievalOption parameter specifies how meeting requests are presented to POP3
clients that access the mailbox.
$true: All meeting requests are in the iCal format.
$false: All meeting requests appear as Outlook on the web links.
To change the value of this parameter, you also need to set the value of the PopUseProtocolDefaults parameter to
$false.

Required: False
Position: Named
Default value: None
-PopMessagesRetrievalMimeFormat
The PopMessagesRetrievalMimeFormat parameter specifies the message format for POP3 clients that access the
mailbox. You can use an integer or a text value. Valid values are:
0: TextOnly
1: HtmlOnly
2: HtmlAndTextAlternative
3: TextEnrichedOnly
4: TextEnrichedAndTextAlternative
5: BestBodyFormat
6: Tnef
The default value is BestBodyFormat.
$false.

Required: False
Position: Named
Default value: None
-PopSuppressReadReceipt
The PopSuppressReadReceipt parameter controls the behavior of read receipts for POP3 clients that access the
mailbox.
message is opened.
$false.
Required: False
Position: Named
Default value: None
-PopUseProtocolDefaults
The PopUseProtocolDefaults parameter specifies whether to use the POP3 protocol defaults for the mailbox.
Valid input for this parameter is $true or $false. The default value is $true. You need to set the
PopUseProtocolDefaults parameter to $false when you use any of following parameters:
PopEnableExactRFC822Size
PopForceICalForCalendarRetrievalOption
PopMessagesRetrievalMimeFormat
PopSuppressReadReceipt

Required: False
Position: Named
Default value: None
-PrimarySmtpAddress
The PrimarySmtpAddress parameter specifies the primary return email address that's used for the recipient. You
can't use the EmailAddresses and PrimarySmtpAddress parameters in the same command.
Type: SmtpAddress
Required: False
Position: Named
Default value: None
-PublicFolderClientAccess
The PublicFolderClientAccess parameter enables or disables access to public folders in Microsoft Outlook. Valid
values are:
$true: The user can access public folders in Outlook if the PublicFolderShowClientControl parameter on the
Set-OrganizationConfig cmdlet is set to the value $true (the default value is $false).
$false: The user can't access public folders in Outlook. This is the default value.
Required: False
Position: Named
Default value: $false
-ResetAutoBlockedDevices
The ResetAutoBlockedDevices switch resets the status of blocked mobile devices that have exceeded the limits
defined by the Set-ActiveSyncDeviceAutoblockThreshold cmdlet. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-SamAccountName
The SamAccountName parameter (also known as the pre-Windows 2000 user account or group name) specifies an
object identifier that's compatible with older versions of Microsoft Windows client and server operating systems.
The value can contain letters, numbers, spaces, periods (.), and the characters !, #, $, %, ^, &, -, _, {, }, and ~. The last
character can't be a period. Unicode characters are allowed, but accented characters may generate collisions (for
example, o and ö match). The maximum length is 20 characters.
Type: String
Required: False
Position: Named
Default value: None
-ShowGalAsDefaultView
The ShowGalAsDefaultView parameter shows the global address list (GAL ) as the default recipient picker for
messages. Valid input for this parameter is $true or $false. The default value is $true.

Required: False
Position: Named
Default value: None
-SmtpClientAuthenticationDisabled
The SmtpClientAuthenticationDisabled parameter specifies whether to disable authenticated SMTP (SMTP AUTH)
for the mailbox. Examples of clients and services that require authenticated SMTP to send email messages include:
POP3 and IMAP4 clients.
Devices with scan to email capability.
Workflow applications that send email notifications.
Online services that send messages using internal email addresses in the organization.
$true: Authenticated SMTP is disabled for the mailbox.
$false: Authenticated SMTP is enaled for the mailbox.
blank ($null): This is the default value. The authenticated SMTP setting for the mailbox is controlled by the
corresponding SmtpClientAuthenticationDisabled parameter on the Set-TransportConfig cmdlet for the whole
organization. By default, authenticated SMTP is enabled for the organization ($false), which means
authenticated SMTP is also enabled for the mailbox.
To selectively enable authenticated SMTP for specific mailboxes only: disable authenticated SMTP at the
organizational level ($true), enable it for the specific mailboxes ($false), and leave the rest of the mailboxes with
their default value ($null).

Required: False
Position: Named
Default value: None
-UniversalOutlookEnabled
The UniversalOutlookEnabled parameter enables or disables access to the mailbox by using Windows 10 Mail and
Calendar. Valid values are:
$true: Access to the mailbox using Windows 10 Mail and Calendar is enabled. This is the default value.
$false: Access to the mailbox using Windows 10 Mail and Calendar is disabled.

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-CASMailboxPlan
In ths Article
This cmdlet is available only in the cloud-based service. Use the Set-CASMailboxPlan cmdlet to modify Client
Access services (CAS ) mailbox plans in cloud-based organizations. For information about the parameter sets in the
Syntax
Set-CASMailboxPlan [-Identity] <MailboxPlanIdParameter>
[-ActiveSyncEnabled <$true | $false>]
[-Confirm]
[-ImapEnabled <$true | $false>]
[-OwaMailboxPolicy <MailboxPolicyIdParameter>]
[-PopEnabled <$true | $false>]
Description
A CAS mailbox plan is tied to the corresponding mailbox plan that has the same name (and display name). Like
mailbox plans, CAS mailbox plans correspond to license types, and are applied to a mailbox when you license the
user. The availability of a CAS mailbox plan is determined by your selections when you enroll in the service and the
age of your organization.
Examples
-------------------------- Example 1 --------------------------
Set-CASMailboxPlan -Identity ExchangeOnlineEnterprise -ActiveSyncEnabled $false -PopEnabled $false
This example disables Exchange ActiveSync and POP3 access to mailboxes in the CAS mailbox plan named
ExchangeOnlineEnterprise.
Parameters
-ActiveSyncEnabled
The ActiveSyncEnabled parameter enables or disables access to the mailbox by using Exchange Active Sync (EAS ).
Valid values are:
$true: ActiveSync access to the mailbox is enabled. This is the default value.
$false: ActiveSync access to the mailbox is disabled.

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the CAS mailbox plan that you want to modify. You can use any value that
uniquely identifies the CAS mailbox plan. For example:
Name
GUID
The display name and name of the CAS mailbox plan is the same as the corresponding mailbox plan (for example,
ExchangeOnlineEnterprise and ExchangeOnlineEnterprise-<GUID>, respectively).
Required: True
Position: 1
Default value: None
-ImapEnabled
The ImapEnabled parameter enables or disables access to the mailbox by using IMAP4 clients. Valid values are:
$true: IMAP4 access to the mailbox is enabled. This is default value for all CAS mailbox plans except
ExchangeOnlineDeskless.
$false: IMAP4 access to the mailbox is disabled. This is default value for ExchangeOnlineDeskless.
Required: False
Position: Named
Default value: None
-OwaMailboxPolicy
The OwaMailboxPolicy parameter specifies the Outlook on the web (formerly known as Outlook Web App)
mailbox policy for the mailbox. You can use any value that uniquely identifies the policy. For example:
Name
GUID
The default value is OwaMailboxPolicy-Default.
You can use the Get-OwaMailboxPolicy cmdlet to view the available Outlook on the web mailbox policies.
Required: False
Position: Named
Default value: None
-PopEnabled
The PopEnabled parameter enables or disables access to the mailbox by using POP3 clients. Valid values are:
$true: POP3 access to the mailbox is enabled. This is the default value.
$false: POP3 access to the mailbox is disabled.

Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Set-ClientAccessRule
In ths Article
may be exclusive to one environment or the other. Use the Set-ClientAccessRule cmdlet to modify existing client
access rules. Client access rules help you control access to your organization based on the properties of the
connection. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Set-ClientAccessRule [-Identity] <ClientAccessRuleIdParameter>
[-Action <AllowAccess | DenyAccess>]
[-AnyOfAuthenticationTypes <MultiValuedProperty>]
[-AnyOfClientIPAddressesOrRanges <MultiValuedProperty>]
[-AnyOfProtocols <MultiValuedProperty>]
[-Confirm]
[-ExceptAnyOfAuthenticationTypes <MultiValuedProperty>]
[-ExceptAnyOfClientIPAddressesOrRanges <MultiValuedProperty>]
[-ExceptAnyOfProtocols <MultiValuedProperty>]
[-ExceptUsernameMatchesAnyOfPatterns <MultiValuedProperty>]
[-Name <String>]
[-Priority <Int32>]
[-Scope <All | Users>]
[-UsernameMatchesAnyOfPatterns <MultiValuedProperty>]
[-UserRecipientFilter <String>]
Description
Note: Not all authentication types are supported for all protocols. The supported authentication types per protocol
are described in this list:
OutlookWebApp: BasicAuthentication and AdfsAuthentication.
ExchangeAdminCenter: BasicAuthentication and AdfsAuthentication.
RemotePowerShell: BasicAuthentication and NonBasicAuthentication.
ExchangeActiveSync: BasicAuthentication, OAuthAuthentication, and CertificateBasedAuthentication.
Examples
-------------------------- Example 1 --------------------------
Set-ClientAccessRule "Allow IMAP4" -AnyOfClientIPAddressesOrRanges @{Add="172.17.17.27/16"}
This example adds the IP address range 172.17.17.27/16 to the existing client access rule named Allow IMAP4
without affecting the existing IP address values.
Parameters
-Action
The Action parameter specifies the action for the client access rule. Valid values for this parameter are AllowAccess
and DenyAccess.
Type: AllowAccess | DenyAccess

Required: False
Position: Named
Default value: None
-AnyOfAuthenticationTypes
The AnyOfAuthenticationTypes parameter specifies a condition for the client access rule that's based on the client's
authentication type.
AdfsAuthentication
BasicAuthentication
OAuthAuthentication
Required: False
Position: Named
Default value: None
-AnyOfClientIPAddressesOrRanges
The AnyOfClientIPAddressesOrRanges parameter specifies a condition for the client access rule that's based on the
client's IP address. Valid values for this parameter are:
Required: False
Position: Named
Default value: None
-AnyOfProtocols
The AnyOfProtocols parameter specifies a condition for the client access rule that's based on the client's protocol.
ExchangeActiveSync
ExchangeAdminCenter
ExchangeWebServices
IMAP4
OfflineAddressBook
OutlookAnywhere
OutlookWebApp
POP3
RemotePowerShell
REST
Note: In Exchange 2019, the only supported values are ExchangeAdminCenter and RemotePowerShell.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter specifies whether the client access rule is enabled or disabled. Valid values for this
parameter are $true or $false.

Required: False
Position: Named
Default value: None
-ExceptAnyOfAuthenticationTypes
The ExceptAnyOfAuthenticationTypes parameter specifies an exception for the client access rule that's based on the
client's authentication type.
AdfsAuthentication
BasicAuthentication
OAuthAuthentication
Required: False
Position: Named
Default value: None
-ExceptAnyOfClientIPAddressesOrRanges
The ExceptAnyOfClientIPAddressesOrRanges parameter specifies an exception for the client access rule that's
based on the client's IP address. Valid values for this parameter are:
Required: False
Position: Named
Default value: None
-ExceptAnyOfProtocols
The ExceptAnyOfProtocols parameter specifies an exception for the client access rule that's based on the client's
protocol.
ExchangeActiveSync
ExchangeAdminCenter
ExchangeWebServices
IMAP4
OfflineAddressBook
OutlookAnywhere
OutlookWebApp
POP3
RemotePowerShell
REST
Required: False
Position: Named
Default value: None
-ExceptUsernameMatchesAnyOfPatterns
The ExceptUsernameMatchesAnyOfPatterns parameter specifies an exception for the client access rule that's based
on the user's account name in the format <Domain>\<UserName> (for example, contoso.com\jeff). This
parameter accepts text and the wildcard character (*) (for example, *jeff*, but not jeff*). Non-alphanumeric
characters don't require an escape character.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the client access rule that you want to modify. You can use any value that uniquely
Name
GUID
Required: True
Position: 1
Default value: None
-Name
The Name parameter specifies a unique name for the client access rule.
Type: String
Required: False
Position: Named
Default value: None
-Priority
The Priority parameter specifies a priority value for the client access rule. A lower integer value indicates a higher
priority, and a higher priority rule is evaluated before a lower priority rule. The default value is 1.
Type: Int32
Required: False
Position: Named
Default value: None
-Scope
The Scope parameter specifies the scope of the client access rule. Valid values are:
Users: The rule only applies to end-user connections.
All: The rule applies to all connections (end-users and middle-tier apps).
Type: All | Users
Required: False
Position: Named
Default value: None
-UsernameMatchesAnyOfPatterns
The UsernameMatchesAnyOfPatterns parameter specifies a condition for the client access rule that's based on the
user's account name in the format <Domain>\<UserName> (for example, contoso.com\jeff). This parameter
accepts text and the wildcard character (*) (for example, *jeff*, but not jeff*). Non-alphanumeric characters don't
require an escape character.
Required: False
Position: Named
Default value: None
-UserRecipientFilter
The UserRecipientFilter parameter specifies a condition for the client access rule that uses OPath filter syntax to
identify the user. For example, {City -eq "Redmond"}. The filterable attributes that you can use with this parameter
are:
City
Company
CountryOrRegion
CustomAttribute1 to CustomAttribute15
Department
Office
PostalCode
StateOrProvince
StreetAddress
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-ImapSettings
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-ImapSettings cmdlet to modify the settings of
the Microsoft Exchange IMAP4 service on Exchange servers. This service exists on Exchange servers that have the
Client Access server role installed, and is used by IMAP4 clients to connect to Exchange. For information about the
Syntax
Set-ImapSettings [-AuthenticatedConnectionTimeout <EnhancedTimeSpan>] [-Banner <String>]
[-CalendarItemRetrievalOption <iCalendar | intranetUrl | InternetUrl | Custom>] [-Confirm]
[-DomainController <Fqdn>] [-EnableExactRFC822Size <$true | $false>]
[-EnableGSSAPIAndNTLMAuth <$true | $false>] [-EnforceCertificateErrors <$true | $false>]
[-ExtendedProtectionPolicy <None | Allow | Require>] [-ExternalConnectionSettings <MultiValuedProperty>]
[-InternalConnectionSettings <MultiValuedProperty>] [-LogFileLocation <String>]
[-LogFileRollOverSettings <Hourly | Daily | Weekly | Monthly>]
[-LoginType <PlainTextLogin | PlainTextAuthentication | SecureLogin>] [-LogPerFileSizeQuota <Unlimited>]
[-MaxCommandSize <Int32>] [-MaxConnectionFromSingleIP <Int32>] [-MaxConnections <Int32>]
[-MaxConnectionsPerUser <Int32>]
[-MessageRetrievalMimeFormat <TextOnly | HtmlOnly | HtmlAndTextAlternative | TextEnrichedOnly |
[-OwaServerUrl <Uri>] [-PreAuthenticatedConnectionTimeout <EnhancedTimeSpan>]
[-ProtocolLogEnabled <$true | $false>] [-ProxyTargetPort <Int32>] [-Server <ServerIdParameter>]
[-ShowHiddenFoldersEnabled <$true | $false>] [-SSLBindings <MultiValuedProperty>]
[-SuppressReadReceipt <$true | $false>] [-UnencryptedOrTLSBindings <MultiValuedProperty>] [-WhatIf]
[-X509CertificateName <String>] [<CommonParameters>]
Description
You can run the Set-ImapSettings cmdlet for a single Exchange server that's running the Microsoft Exchange
IMAP4 service, or for all Exchange servers that are running the Microsoft Exchange IMAP4 service.
Examples
-------------------------- Example 1 --------------------------
Set-ImapSettings -Server "MBX01" -UnencryptedOrTLSBindings 10.0.0.0:143
This example configures the unencrypted or STARTTLS encrypted IMAP4 connection to the server named MBX01
by using the local IP address 10.0.0.0 on TCP port 143.
-------------------------- Example 2 --------------------------
Set-ImapSettings -ProtocolLogEnabled $true -LogFileLocation "C:\Imap4Logging"
This example turns on IMAP4 protocol logging. It also changes the IMAP4 protocol logging directory to
C:\Imap4Logging.
-------------------------- Example 3 --------------------------
Set-ImapSettings -LogPerFileSizeQuota 2MB
This example changes the IMAP4 protocol logging to create a new log file when a log file reaches 2 megabytes
(MB ).
-------------------------- Example 4 --------------------------
Set-ImapSettings -LogPerFileSizeQuota 0 -LogFileRollOverSettings Hourly
This example changes the IMAP4 protocol logging to create a new log file every hour.
-------------------------- Example 5 --------------------------
Set-ImapSettings -X509CertificateName mail.contoso.com
This example specifies the certificate that contains mail.contoso.com is used to encrypt IMAP4 client connections.
Note: For single subject certificates or a SAN certificates, you also need to assign the certificate to the Exchange
IMAP service by using the Enable-ExchangeCertificate cmdlet. For wildcard certificates, you don't need to assign
the certificate to the Exchange IMAP service (you'll receive an error if you try).
Parameters
-AuthenticatedConnectionTimeout
The AuthenticatedConnectionTimeout parameter specifies the period of time to wait before closing an idle
authenticated connection.
To specify a value, enter it as a time span: dd.hh:mm:ss where dd = days, hh = hours, mm = minutes, and ss =
seconds.
Valid values are 00:00:30 to 1:00:00. The default setting is 00:30:00 (30 minutes).
Type: EnhancedTimeSpan
Required: False
Position: Named
Default value: None
-Banner
The Banner parameter specifies the text string that's displayed to connecting IMAP4 clients. The default value is:
The Microsoft Exchange IMAP4 service is ready.
Type: String
Required: False
Position: Named
Default value: None
-CalendarItemRetrievalOption
The CalendarItemRetrievalOption parameter specifies how calendar items are presented to IMAP4 clients. Valid
values are:
0 or iCalendar. This is the default value.
1 or IntranetUrl
2 or InternetUrl
3 or Custom
If you specify 3 or Custom, you need to specify a value for the OwaServerUrl parameter setting.
Type: iCalendar | intranetUrl | InternetUrl | Custom

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-EnableExactRFC822Size
The EnableExactRFC822Size parameter specifies how message sizes are presented to IMAP4 clients. Valid values
are:
$true: Calculate the exact message size. Because this setting can negatively affect performance, you should
configure it only if it's required by your IMAP4 clients.
$false: Use an estimated message size. This is the default value.

Required: False
Position: Named
Default value: None
-EnableGSSAPIAndNTLMAuth
The EnableGSSAPIAndNTLMAuth parameter specifies whether connections can use Integrated Windows
authentication (NTLM ) using the Generic Security Services application programming interface (GSSAPI). This
setting applies to connections where Transport Layer Security (TLS ) is disabled. Valid values are:
$true: NTLM for IMAP4 connections is enabled. This is the default value.
$false: NTLM for IMAP4 connections is disabled.

Required: False
Position: Named
Default value: None
-EnforceCertificateErrors
The EnforceCertificateErrors parameter specifies whether to enforce valid Secure Sockets Layer (SSL ) certificate
validation failures. Valid values are:
The default setting is $false.
$true: If the certificate isn't valid or doesn't match the target IMAP4 server's FQDN, the connection attempt
fails.
$false: The server doesn't deny IMAP4 connections based on certificate errors. This is the default value.
Required: False
Position: Named
Default value: None
-ExtendedProtectionPolicy
The ExtendedProtectionPolicy parameter specifies how Extended Protection for Authentication is used. Valid values
are:
None: Extended Protection for Authentication isn't used. This is the default value.
Allow: Extended Protection for Authentication is used only if it's supported by the incoming IMAP4 connection.
If it's not, Extended Protection for Authentication isn't used.
Require: Extended Protection for Authentication is required for all IMAP4 connections. If the incoming IMAP4
connection doesn't support it, the connection is rejected.
Extended Protection for Authentication enhances the protection and handling of credentials by Integrated Windows
authentication (also known as NTLM ), so we strongly recommend that you use it if it's supported by your clients
(default installations of Windows 7 or later and Windows Server 2008 R2 or later support it).
Type: None | Allow | Require

Required: False
Position: Named
Default value: None
-ExternalConnectionSettings
The ExternalConnectionSettings parameter specifies the host name, port, and encryption method that's used by
external IMAP4 clients (IMAP4 connections from outside your corporate network).
This parameter uses the syntax <HostName>:<Port>:[<TLS | SSL>]. The encryption method value is optional
(blank indicates unencrypted connections).
The default value is blank ($null), which means no external IMAP4 connection settings are configured.
The combination of encryption methods and ports that are specified for this parameter need to match the
corresponding encryption methods and ports that are specified by the SSLBindings and
UnencryptedOrTLSBindings parameters.
Required: False
Position: Named
Default value: None
-InternalConnectionSettings
The InternalConnectionSettings parameter specifies the host name, port, and encryption method that's used by
internal IMAP4 clients (IMAP4 connections from inside your corporate network). This setting is also used when a
IMAP4 connection is forwarded to another Exchange server that's running the Microsoft Exchange IMAP4 service.
The default value is <ServerFQDN>:993:SSL,<ServerFQDN>:143:TLS.

Required: False
Position: Named
Default value: None
-LogFileLocation
The LogFileLocation parameter specifies the location for the IMAP4 protocol log files. The default location is
%ExchangeInstallPath%Logging\Imap4.
This parameter is only meaningful when the ProtocolLogEnabled parameter value is $true.
Type: String
Required: False
Position: Named
Default value: None
-LogFileRollOverSettings
The LogFileRollOverSettings parameter specifies how frequently IMAP4 protocol logging creates a new log file.
Valid values are:
1 or Hourly.
2 or Daily. This is the default value
3 or Weekly.
4 or Monthly.
This parameter is only meaningful when the LogPerFileSizeQuota parameter value is 0, and the
ProtocolLogEnabled parameter value is $true.
Type: Hourly | Daily | Weekly | Monthly

Required: False
Position: Named
Default value: None
-LoginType
The LoginType parameter specifies the authentication method for IMAP4 connections. Valid values are:
1 or PlainTextLogin.
2 or PlainTextAuthentication.
3 or SecureLogin. This is the default value.
Type: PlainTextLogin | PlainTextAuthentication | SecureLogin

Required: False
Position: Named
Default value: None
-LogPerFileSizeQuota
The LogPerFileSizeQuota parameter specifies the maximum size of a IMAP4 protocol log file.
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
The default value is 0, which means a new IMAP4 protocol log file is created at the frequency that's specified by the
LogFileRollOverSettings parameter.
Type: Unlimited
Required: False
Position: Named
Default value: None
-MaxCommandSize
The MaxCommandSize parameter specifies the maximum size in bytes of a single IMAP4 command. Valid values
are from 1024 through 16384. The default value is 10240.
Type: Int32
Required: False
Position: Named
Default value: None
-MaxConnectionFromSingleIP
The MaxConnectionFromSingleIP parameter specifies the maximum number of IMAP4 connections that are
accepted by the Exchange server from a single IP address. Valid values are from 1 through 2147483647. The
default value is 2147483647.
Type: Int32
Required: False
Position: Named
Default value: None
-MaxConnections
The MaxConnections parameter specifies the maximum number of IMAP4 connections that are accepted by the
Exchange server. Valid values are from 1 through 2147483647. The default value is 2147483647.
Type: Int32
Required: False
Position: Named
Default value: None
-MaxConnectionsPerUser
The MaxConnectionsPerUser parameter specifies the maximum number of IMAP4 connections that are allowed for
each user. Valid values are from 1 through 2147483647. The default value is 16.
Type: Int32
Required: False
Position: Named
Default value: None
-MessageRetrievalMimeFormat
The MessageRetrievalMimeFormat parameter specifies the MIME encoding of messages. Valid values are:
0 or TextOnly.
1 or HtmlOnly.
2 or HtmlAndTextAlternative.
3 or TextEnrichedOnly.
4 or TextEnrichedAndTextAlternative.
5 or BestBodyFormat. This is the default value.
6 or Tnef.

Required: False
Position: Named
Default value: None
-OwaServerUrl
The OwaServerUrl parameter specifies the URL that's used to retrieve calendar information for instances of custom
Outlook on the web calendar items.
Type: Uri
Required: False
Position: Named
Default value: None
-PreAuthenticatedConnectionTimeout
The PreAuthenticatedConnectionTimeout parameter specifies the period of time to wait before closing an idle
IMAP4 connection that isn't authenticated.
seconds.
Valid values are00:00:30 to 1:00:00. The default value is 00:01:00 (one minute).
Required: False
Position: Named
Default value: None
-ProtocolLogEnabled
The ProtocolLogEnabled parameter specifies whether to enable protocol logging for IMAP4. Valid values are:
$true: IMAP4 protocol logging is enabled.
$false: IMAP4 protocol logging is disabled. This is the default value.

Required: False
Position: Named
Default value: None
-ProxyTargetPort
The ProxyTargetPort parameter specifies the port on the Microsoft Exchange IMAP4 Backend service that listens
for client connections that are proxied from the Microsoft Exchange IMAP4 service. The default value is 1993.
Type: Int32
Required: False
Position: Named
Default value: None
-Server
Name
FQDN
Exchange Legacy DN
Required: False
Position: Named
Default value: None
-ShowHiddenFoldersEnabled
The ShowHiddenFoldersEnabled parameter specifies whether hidden mailbox folders are visible. Valid values are:
$true: Hidden folders are visible.
$false: Hidden folders aren't visible. This is the default value.

Required: False
Position: Named
Default value: None
-SSLBindings
The SSLBindings parameter specifies the IP address and TCP port that's used for IMAP4 connection that's always
encrypted by SSL/TLS. This parameter uses the syntax <IPv4OrIPv6Address>:<Port>.
The default value is [::]:993,0.0.0.0:993.
Required: False
Position: Named
Default value: None
-SuppressReadReceipt
The SuppressReadReceipt parameter specifies whether to stop duplicate read receipts from being sent to IMAP4
clients that have the Send read receipts for messages I send setting configured in their IMAP4 email program. Valid
values are:
$true: The sender receives a read receipt only when the recipient opens the message.
$false: The sender receives a read receipt when the recipient downloads the message, and when the recipient
opens the message. This is the default value.

Required: False
Position: Named
Default value: None
-UnencryptedOrTLSBindings
The UnencryptedOrTLSBindings parameter specifies the IP address and TCP port that's used for unencrypted
IMAP4 connections, or IMAP4 connections that are encrypted by using opportunistic TLS (STARTTLS ) after the
initial unencrypted protocol handshake. This parameter uses the syntax <IPv4OrIPv6Address>:<Port>.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-X509CertificateName
The X509CertificateName parameter specifies the certificate that's used for encrypting IMAP4 client connections.
A valid value for this parameter is the FQDN from the ExternalConnectionSettings or InternalConnectionSettings
parameters (for example, mail.contoso.com or mailbox01.contoso.com).
If you use a single subject certificate or a subject alternative name (SAN ) certificate, you also need to assign the
certificate to the Exchange IMAP service by using the Enable-ExchangeCertificate cmdlet.
If you use a wildcard certificate, you don't need to assign the certificate to the Exchange IMAP service.
Type: String
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-MailboxCalendarConfiguration
In ths Article
may be exclusive to one environment or the other. Use the Set-MailboxCalendarConfiguration cmdlet to modify
mailbox calendar settings for Outlook on the web. This affects how the user's calendar looks and how reminders
work in Outlook on the web. This also affects settings that define how meeting invitations, responses, and
notifications are sent to the user. For information about the parameter sets in the Syntax section below, see
Syntax
Set-MailboxCalendarConfiguration [-Identity] <MailboxIdParameter>
[-AgendaMailEnabled <$true | $false>]
[-AgendaPaneEnabled <$true | $false>]
[-CalendarFeedsPreferredLanguage <String>]
[-CalendarFeedsPreferredRegion <String>]
[-CalendarFeedsRootPageId <String>]
[-Confirm]
[-ConversationalSchedulingEnabled <$true | $false>]
[-CreateEventsFromEmailAsPrivate <$true | $false>]
[-DailyAgendaMailSchedule <Default | AM | PM>]
[-DefaultMeetingDuration <Int32>]
[-DefaultReminderTime <TimeSpan>]
[-DiningEventsFromEmailEnabled <$true | $false>]
[-EntertainmentEventsFromEmailEnabled <$true | $false>]
[-EventsFromEmailEnabled <$true | $false>]
[-FirstWeekOfYear <LegacyNotSet | FirstDay | FirstFourDayWeek | FirstFullWeek>]
[-FlightEventsFromEmailEnabled <$true | $false>]
[-HotelEventsFromEmailEnabled <$true | $false>]
[-InvoiceEventsFromEmailEnabled <$true | $false>]
[-LocalEventsEnabled <FirstRun | Disabled | Enabled>]
[-LocalEventsLocation <LocalEventsLocation>]
[-PackageDeliveryEventsFromEmailEnabled <$true | $false>]
[-ReminderSoundEnabled <$true | $false>]
[-RemindersEnabled <$true | $false>]
[-RentalCarEventsFromEmailEnabled <$true | $false>]
[-ShowWeekNumbers <$true | $false>]
[-SkipAgendaMailOnFreeDays <$true | $false>]
[-TimeIncrement <FifteenMinutes | ThirtyMinutes>]
[-UseBrightCalendarColorThemeInOwa <$true | $false>]
[-WeatherEnabled <$true | $false>]
[-WeatherLocationBookmark <Int32>]
[-WeatherLocations <MultiValuedProperty>]
[-WeatherUnit <Default | Celsius | Fahrenheit>]
[-WeekStartDay <Sunday | Monday | Tuesday | Wednesday | Thursday | Friday | Saturday>]
[-WhatIf]
[-WorkDays <None | Sunday | Monday | Tuesday | Wednesday | Thursday | Friday | Saturday | Weekdays |
WeekendDays | AllDays>]
[-WorkingHoursEndTime <TimeSpan>]
[-WorkingHoursStartTime <TimeSpan>]
[-WorkingHoursTimeZone <ExTimeZoneValue>]
Description
The Set-MailboxCalendarConfiguration cmdlet primarily allows users to manage their own calendar settings in
Outlook on the web Options. However, administrators who have the Organization Management or Recipient
Management management roles may configure the calendar settings for users by using this cmdlet.
Examples
-------------------------- Example 1 --------------------------
Set-MailboxCalendarConfiguration -Identity peter@contoso.com -RemindersEnabled $false
This example disables the calendar reminders for the calendar of the user peter@contoso.com.
-------------------------- Example 2 --------------------------
Set-MailboxCalendarConfiguration -Identity peter@contoso.com -WorkingHoursTimeZone "Pacific Standard Time"
This example sets the time zone of the work hours' start and end times to Pacific Standard Time for the calendar of
the user peter@contoso.com.
-------------------------- Example 3 --------------------------
Set-MailboxCalendarConfiguration -Identity Tony -WorkingHoursStartTime 07:00:00
This example sets the working day's starting hour to 7 A.M. for the calendar of the user Tony.
Parameters
-AgendaMailEnabled

Required: False
Position: Named
Default value: None
-AgendaPaneEnabled
Required: False
Position: Named
Default value: None
-CalendarFeedsPreferredLanguage
The CalendarFeedsPreferredLanguage parameter specifies the preferred language for calendar feeds. A valid value
is an ISO 639-1 lowercase two-letter language code (for example, en for English).
Type: String
Required: False
Position: Named
Default value: None
-CalendarFeedsPreferredRegion
The CalendarFeedsPreferredRegion specifies the preferred region for calendar feeds. A valid value is an ISO 3166-
1 uppercase two-letter country code (for example, US for the United States).
Type: String
Required: False
Position: Named
Default value: None
-CalendarFeedsRootPageId
The CalendarFeedsRootPageId parameter specifies the root page ID for calendar feeds.
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-ConversationalSchedulingEnabled
The ConversationalSchedulingEnabled parameter specifies whether to enable or disable conversational scheduling.
Valid values are:
$true: Conversational scheduling is enabled. This is the default value.
$false: Conversational scheduling is disabled.

Required: False
Position: Named
Default value: None
-CreateEventsFromEmailAsPrivate
The CreateEventsFromEmailAsPrivate parameter specifies whether to create events from email messages as
Normal or Private. Valid values are:
$true: Events from email are created as Private. This is the default value.
$false: Events from email are created as Normal (public).

Required: False
Position: Named
Default value: None
-DailyAgendaMailSchedule
Type: Default | AM | PM
Required: False
Position: Named
Default value: None
-DefaultMeetingDuration
Type: Int32
Required: False
Position: Named
Default value: None
-DefaultReminderTime
The DefaultReminderTime parameter specifies the length of time before a meeting or appointment whenthe
reminder is first displayed.
seconds.
Note that the value can't contain seconds. Valid values are:
00:00:00
00:05:00 (5 minutes)
00:10:00 (10 minutes)
00:15:00 (15 minutes) This is the default value.
00:30:00 (30 minutes)
01:00:00 (1 hour)
02:00:00 (2 hours)
03:00:00 (3 hours)
04:00:00 (4 hours)
08:00:00 (8 hours)
12:00:00 (12 hours)
1.00:00:00 (1 day)
2.00:00:00 (2 days)
3.00:00:00 (3 days)
7.00:00:00 (7 days)
14.00:00:00 (14 days)
This parameter is ignored when the RemindersEnabled parameter is set to $false.
Type: TimeSpan
Required: False
Position: Named
Default value: None
-DiningEventsFromEmailEnabled
The DiningEventsFromEmailEnabled parameter specifies whether to create dining reservation events from email
messages. Valid values are:
$true: Create dining reservation events from email messages. This is the default value.
$false: Don't create dining reservation events from email messages.
This parameter is meaningful only when the EventsFromEmailEnabled parameter is set to $true (which is the
default value).

Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-EntertainmentEventsFromEmailEnabled
The EntertainmentEventsFromEmailEnabled parameter specifies whether to create entertainment reservation
events from email messages. Valid values are:
$true: Create entertainment reservation events from email messages. This is the default value.
$false: Don't create entertainment reservation events from email messages.
default value).

Required: False
Position: Named
Default value: None
-EventsFromEmailEnabled
The EventsFromEmailEnabled parameter specifies whether to enable events to be created from email messages.
Valid values are:
$true: Creating events from email messages is enabled. This is the default value.
$false: Creating events from email messages is disabled.
When this setting is enabled, you can enable or disable creating specific types of events from email messages by
using the following parameters:
DiningEventsFromEmailEnabled
EntertainmentEventsFromEmailEnabled
FlightEventsFromEmailEnabled
HotelEventsFromEmailEnabled
PackageDeliveryEventsFromEmailEnabled
RentalCarEventsFromEmailEnabled

Required: False
Position: Named
Default value: True
-FirstWeekOfYear
The FirstWeekOfYear parameter specifies the first week of the year. Valid values are:
FirstDay: Week numbers start on the first day of the year. This is the default value.
FirstFourDayWeek: Week numbers start on the first week that has at least four days.
FirstFullWeek: Week numbers start on the first week that has seven days.
LegacyNotSet: You can't set this value. This is a null value that appears only when the mailbox has been moved
from an earlier version of Exchange.
You configure the first day of the week by using the WeekStartDay parameter.
Required: False
Position: Named
Default value: None
-FlightEventsFromEmailEnabled
The FlightEventsFromEmailEnabled parameter specifies whether to create flight reservation events from email
$true: Create flight reservation events from email messages. This is the default value.
$false: Don't create flight reservation events from email messages.
default value).

Required: False
Position: Named
Default value: None
-HotelEventsFromEmailEnabled
The HotelEventsFromEmailEnabled parameter specifies whether to create hotel reservation events from email
$true: Create hotel reservation events from email messages. This is the default value.
$false: Don't create hotel reservation events from email messages.
default value).

Required: False
Position: Named
Default value: None
-Identity
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-InvoiceEventsFromEmailEnabled
The InvoiceEventsFromEmailEnabled parameter specifies whether to allow creating invoices from email messages.
Valid values are:
$true: Creating invoices from messages is enabled. This is the default value.
$false: Creating invoices from messages is disabled.

Required: False
Position: Named
Default value: None
-LocalEventsEnabled
PARAMVALUE: FirstRun | Disabled | Enabled
Type: FirstRun | Disabled | Enabled

Required: False
Position: Named
Default value: None
-LocalEventsLocation
PARAMVALUE: LocalEventsLocation
Type: LocalEventsLocation
Required: False
Position: Named
Default value: None
-PackageDeliveryEventsFromEmailEnabled
The PackageDeliveryEventsFromEmailEnabled parameter specifies whether to create package delivery events from
email messages. Valid values are:
$true: Create package delivery events from email messages.
$false: Don't create package delivery events from email messages. This is the default value.
default value).

Required: False
Position: Named
Default value: None
-RemindersEnabled
The RemindersEnabled parameter enables or disables reminders for calendar items. Valid values are:
$true: Reminders are enabled. This is the default value.
$false: Reminders are disabled.
When the reminder is first displayed is controlled by the DefaultReminderTime parameter.

Required: False
Position: Named
Default value: None
-ReminderSoundEnabled
The ReminderSoundEnabled parameter specifies whether a sound is played along with the reminder. Valid values
are:
$true: A sound is played with the reminder. This is the default value.
$false: No sound is played with the reminder.
This parameter is ignored when the RemindersEnabled parameter is set to $false.

Required: False
Position: Named
Default value: None
-RentalCarEventsFromEmailEnabled
The RentalCarEventsFromEmailEnabled parameter specifies whether to create rental car reservation events from
email messages. Valid values are:
$true: Create rental car reservation events from email messages. This is the default value.
$false: Don't create rental car reservation events from email messages.
default value).
Required: False
Position: Named
Default value: None
-ShowWeekNumbers
The ShowWeekNumbers parameter specifies whether the week number is displayed in the Outlook on the web
calendar. Valid values are:
$true: The week number is displayed.
$false: The week number isn't displayed. This is the default value.

Required: False
Position: Named
Default value: None
-SkipAgendaMailOnFreeDays

Required: False
Position: Named
Default value: None
-TimeIncrement
The TimeIncrement parameter specifies the scale that the Outlook on the web calendar uses to show time. Valid
values are:
FifteenMinutes
ThirtyMinutes (This is the default value)
Type: FifteenMinutes | ThirtyMinutes

Required: False
Position: Named
Default value: None
-UseBrightCalendarColorThemeInOwa
The UseBrightCalendarColorThemeInOwa parameter specifies whether to use light colors or bright colors for the
calendar in Outlook on the web. Valid values are:
$true: Use bright colors in the calendar.
$false: Use light colors in the calendar. This is the default value.
Required: False
Position: Named
Default value: None
-WeatherEnabled
The WeatherEnabled specifies whether weather is displayed in the calendar in Outlook on the web. Valid values are:
FirstRun (This is the default value)
Disabled: Hide weather on the calendar.
Enabled: Show weather on the calendar.

Required: False
Position: Named
Default value: None
-WeatherLocationBookmark
The WeatherLocationBookmark parameter specifies the default weather information that's displayed in the
calendar in Outlook on the web. This parameter is based on an index value of the configured weather locations. The
first weather location has the index value 0, the second weather location has the index value 1, and so on.
A valid value for this parameter depends on the number of weather locations that are configured for the mailbox.
For example, if there are 3 weather locations configured, you can specify the value 0, 1, or 2 for this parameter.
Type: Int32
Required: False
Position: Named
Default value: None
-WeatherLocations
The WeatherLocations parameter specifies one or more locations to display the weather for in the calendar in
Outlook on the web.
This parameter uses the syntax: LocationId:<LocationID>;Name:<Name>;Latitude:<Latitude>;Longitude:
<Longitude>. For example, LocationId:105808079;Name:Redmond, WA;Latitude:47.679;Longitude:-122.132.
For this parameter, "<value1>" is "LocationId:<LocationID1>;Name:<Name1>;Latitude:<Latitude1>;Longitude:
<Longitude1>", and "<value2>" is "LocationId:<LocationID2>;Name:<Name2>;Latitude:<Latitude2>;Longitude:
<Longitude2>"
You can configure a maximum of 5 weather locations.
Required: False
Position: Named
Default value: None
-WeatherUnit
The WeatherUnit parameter specifies the temperature scale that's used to display the weather in the calendar in
Default (This is the default value)
Celsius
Fahrenheit
Type: Default | Celsius | Fahrenheit

Required: False
Position: Named
Default value: None
-WeekStartDay
The WeekStartDay parameter specifies the first day of the week. Valid values are:
Sunday (This is the default value)
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Type: Sunday | Monday | Tuesday | Wednesday | Thursday | Friday | Saturday

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-WorkDays
The WorkDays parameter specifies the work days in the calendar. Valid values are:
None
AllDays
Weekdays (This is the default value)
WeekEndDays
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
You can specify multiple values separated by commas, but redundant values are ignored. For example, entering
Weekdays,Monday results in the value Weekdays.
Type: None | Sunday | Monday | Tuesday | Wednesday | Thursday | Friday | Saturday | Weekdays | WeekendDays |
AllDays
Required: False
Position: Named
Default value: None
-WorkingHoursEndTime
The WorkingHoursEndTime parameter specifies the time that the work day ends.
seconds.
The default value is 17:00:00 (5:00 P.M.).
Type: TimeSpan
Required: False
Position: Named
Default value: None
-WorkingHoursStartTime
The WorkingHoursStartTime parameter specifies the time that the work day starts.
seconds.
The default value is 08:00:00(8:00 A.M.).
Type: TimeSpan
Required: False
Position: Named
Default value: None
-WorkingHoursTimeZone
The WorkingHoursTimeZone parameter specifies the time zone that's used by the WorkingHoursStartTime and
WorkingHoursEndTime parameters.
A valid value for this parameter is a supported time zone key name (for example, "Pacific Standard Time").
To see the available values, run the following command: $TimeZone = Get-ChildItem
"HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Time zones" | foreach {Get-ItemProperty $_.PSPath};
$TimeZone | sort Display | Format-Table -Auto PSChildname,Display
If the value contains spaces, enclose the value in quotation marks ("). The default value is the time zone setting of
the Exchange server.
Type: ExTimeZoneValue
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-MailboxMessageConfiguration
In ths Article
may be exclusive to one environment or the other. Use the Set-MailboxMessageConfiguration cmdlet to configure
the Outlook on the web settings that are applied to specific mailboxes. For information about the parameter sets in
Syntax
Set-MailboxMessageConfiguration [-Identity] <MailboxIdParameter>
[-AfterMoveOrDeleteBehavior <OpenPreviousItem | OpenNextItem | ReturnToView>]
[-AlwaysShowBcc <$true | $false>] [-AlwaysShowFrom <$true | $false>] [-AutoAddSignature <$true | $false>]
[-Confirm]
[-ConversationSortOrder <Chronological | Tree | NewestOnTop | NewestOnBottom | ChronologicalNewestOnTop |
ChronologicalNewestOnBottom | TreeNewestOnBottom>]
[-DefaultFontColor <String>] [-DefaultFontFlags <Normal | Bold | Italic | Underline | All>]
[-DefaultFontName <String>] [-DefaultFontSize <Int32>] [-DefaultFormat <Html | PlainText>]
[-DomainController <Fqdn>] [-EmptyDeletedItemsOnLogoff <$true | $false>] [-HideDeletedItems <$true | $false>]
[-IgnoreDefaultScope] [-NewItemNotification <None | Sound | EMailToast | VoiceMailToast | FaxToast | All>]
[-PreviewMarkAsReadBehavior <Delayed | OnSelectionChange | Never>] [-PreviewMarkAsReadDelaytime <Int32>]
[-ReadReceiptResponse <DoNotAutomaticallySend | AlwaysSend | NeverSend>] [-SendAddressDefault <String>]
[-ShowConversationAsTree <$true | $false>] [-SignatureHtml <String>] [-SignatureText <String>] [-WhatIf]
[-AutoAddSignatureOnMobile <$true | $false>] [-CheckForForgottenAttachments <$true | $false>]
[-EmailComposeMode <Inline | SeparateForm>] [-SignatureTextOnMobile <String>]
[-UseDefaultSignatureOnMobile <$true | $false>] [-AutoAddSignatureOnReply <$true | $false>]
[-GlobalReadingPanePosition <Off | Right | Bottom>] [-IsFavoritesFolderTreeCollapsed <$true | $false>]
[-IsMailRootFolderTreeCollapsed <$true | $false>] [-IsReplyAllTheDefaultResponse <$true | $false>]
[-LinkPreviewEnabled <$true | $false>] [-MailFolderPaneExpanded <$true | $false>]
[-NavigationPaneViewOption <Default | MailFolders | PeopleFolders | Groups | PinnedMailFolders>]
[-PreferAccessibleContent <$true | $false>] [-ShowPreviewTextInListView <$true | $false>]
[-ShowReadingPaneOnFirstLoad <$true | $false>] [-ShowSenderOnTopInListView <$true | $false>]
[-ShowUpNext <$true | $false>] [<CommonParameters>]
Description
The Set-MailboxMessageConfiguration cmdlet configures Outlook on the web settings for the specified mailbox.
These settings include email signature, message format, message options, read receipts, reading pane, and
conversations. These settings are not used in Outlook, Exchange ActiveSync, or other email clients. These settings
are applied in Outlook on the web only. Settings that contain the word Mobile are applied in Outlook on the web
for devices only.
Examples
-------------------------- Example 1 --------------------------
Set-MailboxMessageConfiguration kai@contoso.com -HideDeletedItems $true
This example sets items deleted from a conversation thread to not show in the list view of the conversation in
Outlook on the web for Kai's mailbox.
-------------------------- Example 2 --------------------------
Set-MailboxMessageConfiguration kai@contoso.com -AlwaysShowBcc $true
This example sets the compose email message form to always show the Bcc field in Outlook on the web for Kai's
mailbox.
Parameters
-AfterMoveOrDeleteBehavior
The AfterMoveOrDeleteBehavior parameter specifies the behavior after moving or deleting an email item in
Outlook on the web. You can use the following values:
OpenPreviousItem
OpenNextItem
ReturnToView
The default value is OpenNextItem.
Type: OpenPreviousItem | OpenNextItem | ReturnToView

Required: False
Position: Named
Default value: None
-AlwaysShowBcc
The AlwaysShowBcc parameter shows or hides the blind carbon copy (Bcc) field when the user creates messages in
Outlook on the web.

Required: False
Position: Named
Default value: None
-AlwaysShowFrom
The AlwaysShowFrom parameter shows or hides the From field when the user creates messages in Outlook on the
web.
Required: False
Position: Named
Default value: None
-AutoAddSignature
The AutoAddSignature parameter specifies whether to automatically add signatures to new email messages
created in Outlook on the web. Valid values are:
$true: Email signatures are automatically added to new messages.
$false: Email signatures aren't automatically added to new messages.
The email signature specified by the SignatureText parameter is added to plain text messages. The email signature
specified by the SignatureHTML parameter is added to HTML -formatted messages.

Required: False
Position: Named
Default value: None
-AutoAddSignatureOnMobile
The AutoAddSignatureOnMobile parameter automatically adds the signature specified by the
SignatureTextOnMobile parameter to messages when the user creates messages in Outlook on the web for
devices.

Required: False
Position: Named
Default value: None
-AutoAddSignatureOnReply
The AutoAddSignature parameter specifies whether to automatically add signatures to reply email messages
created in Outlook on the web. Valid values are:
$true: Email signatures are automatically added to reply messages.
$false: Email signatures aren't automatically added to reply messages.
The email signature specified by the SignatureText parameter is added to plain text messages. The email signature
specified by the SignatureHTML parameter is added to HTML -formatted messages.
Required: False
Position: Named
Default value: None
-CheckForForgottenAttachments
The CheckForForgottenAttachments parameter shows or hides the attachment warning prompt when the user
creates messages in Outlook on the web.
For example, the user creates a message that includes the text "Please see the attached Word document", but the
user doesn't attach a file, and clicks Send. If this value is set to $true, the user gets a warning prompt so they can go
back to the message and attach a file. If this value is set to $false, the user doesn't get the warning prompt.

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-ConversationSortOrder
The ConversationSortOrder parameter specifies the sorting of messages in the reading pane in Conversation view
for the user in Outlook on the web. You can use the following values:
Chronological
Tree
NewestOnTop
NewestOnBottom
ChronologicalNewestOnTop
ChronologicalNewestOnBottom
TreeNewestOnBottom
The default value is ChronologicalNewestOnTop.
Type: Chronological | Tree | NewestOnTop | NewestOnBottom | ChronologicalNewestOnTop |

ChronologicalNewestOnBottom | TreeNewestOnBottom
Required: False
Position: Named
Default value: None
-DefaultFontColor
The DefaultFontColor parameter specifies the default text color when the user creates messages in Outlook on the
web. This parameter accepts a hexadecimal color code value in the format #xxxxxx. The default value is #000000.
If the string value is unrecognized, the browser application uses a default font color to display the text.
Type: String
Required: False
Position: Named
Default value: None
-DefaultFontFlags
The DefaultFontFlags parameter specifies the default text effect when the user creates messages in Outlook on the
web. You can use the following values:
Normal
Bold
Italic
Underline
All
The default value is Normal.
Type: Normal | Bold | Italic | Underline | All

Required: False
Position: Named
Default value: None
-DefaultFontName
The DefaultFontName parameter specifies the default font when the user creates messages in Outlook on the web.
The default value is Calibri. If the font name value is unrecognized, the browser application uses a default font to
display the text.
Type: String
Required: False
Position: Named
Default value: None
-DefaultFontSize
The DefaultFontSize parameter specifies the default text size when the user creates messages in Outlook on the
web.
Valid input for this parameter is an integer between 1 and 7. The default value is 3, which corresponds to a 12 point
font size.
Type: Int32
Required: False
Position: Named
Default value: None
-DefaultFormat
The DefaultFormat parameter specifies the default message format when the user creates messages in Outlook on
the web. Accepted values are Html and PlainText. The default value is Html.
Type: Html | PlainText

Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-EmailComposeMode
The EmailComposeMode parameter specifies how the user creates messages in Outlook on the web. You can use
the following values:
Inline: New messages and replies are created in the preview pane. This is the default value.
SeparateForm: New messages and replies are created in a new browser window.
Type: Inline | SeparateForm

Required: False
Position: Named
Default value: None
-EmptyDeletedItemsOnLogoff
The EmptyDeletedItemsOnLogoff parameter specifies whether to delete items from the Deleted Items folder when
the user logs out of Outlook on the web.

Required: False
Position: Named
Default value: None
-GlobalReadingPanePosition
The GlobalReadingPanePosition specifies the default location of the reading pane in Outlook on the web. Valid
values are:
Off
Bottom
Right (This is the default value)
Type: Off | Right | Bottom

Required: False
Position: Named
Default value: None
-HideDeletedItems
The HideDeletedItems parameter shows or hides deleted messages in Conversation view for the user in Outlook
on the web.

Required: False
Position: Named
Default value: None
-Identity
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-IgnoreDefaultScope
automatically.
accepted.
Required: False
Position: Named
Default value: None
-IsFavoritesFolderTreeCollapsed
The IsFavoritesFolderTreeCollapsed parameter specifies whether to collapse the Favorites folder tree by default in
$true: The Favorites folder tree is collapsed by default.
$false: The Favorites folder tree isn't collapsed by default. This is the default value
Required: False
Position: Named
Default value: None
-IsMailRootFolderTreeCollapsed
The IsMailRootFolderTreeCollapsed parameter specifies whether to collapse the Mail root folder tree by default in
$true: The Mail root folder tree is collapsed by default.
$false: The Mail root folder tree isn't collapsed by default. This is the default value

Required: False
Position: Named
Default value: None
-IsReplyAllTheDefaultResponse
The IsReplyAllTheDefaultResponse parameter specifies whether Reply All is the default response for messages in
$true: Reply All is the default response option for messages in the reading pane. This is the default value.
$false: Reply All isn't the default response option for messages in the reading pane.

Required: False
Position: Named
Default value: None
-LinkPreviewEnabled
The LinkPreviewEnabled parameter specifies whether link preview of URLs in email messages is enabled for the
user in Outlook on the web. Valid values are:
$true: Link preview of URLs in email messages is enabled for the user. This is the default value.
$false: Link preview of URLs in email messages is disabled for the user.
This parameter depends on the value of the LinkPreviewEnabled parameter on the Set-OrganizationConfig cmdlet,
which controls the link preview behavior in Outlook on the web for the entire organization. If link preview is
disabled for the organization, users can't enable it for themselves.

Required: False
Position: Named
Default value: None
-MailFolderPaneExpanded
The MailFolderPaneExpanded parameter specifies whether the Mail folder pane is expanded by default in Outlook
on the web. Valid values are:
$true: The Mail folder pane is expanded by default. This is the default value.
$false: The Mail folder pane isn't expanded by default.

Required: False
Position: Named
Default value: None
-NavigationPaneViewOption
The NavigationPaneViewOption parameter specifies the default navigation pane view in Outlook on the web. Valid
values are:
Default: This is the default value
MailFolders
PeopleFolders
Groups
PinnedMailFolders
Type: Default | MailFolders | PeopleFolders | Groups | PinnedMailFolders

Required: False
Position: Named
Default value: None
-NewItemNotification
The NewItemNotification parameter specifies how to provide notification for the arrival of new items for the user in
Outlook on the web. You can use the following values:
Sound
EMailToast
VoiceMailToast
FaxToast
None
All
The default value is All.
Type: None | Sound | EMailToast | VoiceMailToast | FaxToast | All
Required: False
Position: Named
Default value: None
-PreferAccessibleContent
The PreferAccessibleContent parameter specifies whether to prefer accessible content in Outlook on the web. Valid
values are:
$true: Prefer accessible content.
$false: Don't prefer accessible content. This is the default value.

Required: False
Position: Named
Default value: None
-PreviewMarkAsReadBehavior
The PreviewMarkAsReadBehavior parameter specifies the options for marking an item as Read in the reading pane
for the user in Outlook on the web. You can use the following values:
Delayed: This value uses the delay interval specified by the PreviewMarkAsReadDelaytime parameter.
OnSelectionChange
Never
The default value is OnSelectionChange.
Type: Delayed | OnSelectionChange | Never

Required: False
Position: Named
Default value: None
-PreviewMarkAsReadDelaytime
The PreviewMarkAsReadDelaytime parameter specifies the time in seconds to wait before marking an item as
Read for the user in Outlook on the web.
Valid input for this parameter is an integer between 0 and 30. The default value is 5 seconds.
This parameter is meaningful only if you set the PreviewMarkAsReadBehavior parameter to the value Delayed.
Type: Int32
Required: False
Position: Named
Default value: None
-ReadReceiptResponse
The ReadReceiptResponse parameter specifies how to respond to requests for read receipts for the user in Outlook
on the web. You can use the following values:
DoNotAutomaticallySend
AlwaysSend
NeverSend
The default value is DoNotAutomaticallySend.
Type: DoNotAutomaticallySend | AlwaysSend | NeverSend

Required: False
Position: Named
Default value: None
-SendAddressDefault
The SendAddressDefault parameter specifies the default From email address when the user has POP, IMAP, or
Hotmail subscriptions configured on their mailbox. Users can override the default From address when they create
an email message in Outlook on the web.
You can use one of the following values:
Blank, which is represented by the value $null. This indicates no default From address is specified.
The user's primary email address. For example, bob@contoso.com.
The GUID of a POP, IMAP, or Hotmail subscription that's configured on the user's mailbox.
By default, no default From address is specified on the mailbox. When no default From address is specified, the
default behavior is:
The primary email address on the mailbox is used for all new messages.
The To address of the incoming message is used as the From address for all replies or forwarded messages.
You can find the available values for SendAddressDefault on a mailbox by running the command Get-SendAddress
-Mailbox <mailbox>.
Type: String
Required: False
Position: Named
Default value: None
-ShowConversationAsTree
The ShowConversationAsTree parameter specifies how to sort messages in the list view in an expanded
conversation for the user in Outlook on the web.
Required: False
Position: Named
Default value: None
-ShowPreviewTextInListView
The ShowPreviewTextInListView parameter specifies whether to show preview text for messages in list view in
$true: Show preview text for messages in list view. This is the default value.
$false: Don't show preview text for messages in list view.

Required: False
Position: Named
Default value: None
-ShowReadingPaneOnFirstLoad
The ShowReadingPaneOnFirstLoad parameter specifies whether to show the reading pane when the user opens in
Outlook on the web for the first time. Valid values are:
$true: Show the reading pane when the user opens Outlook on the web for the first time.
$false: Don't show the reading pane when the user opens Outlook on the web for the first time. This is the
default value.

Required: False
Position: Named
Default value: None
-ShowSenderOnTopInListView
The ShowSenderOnTopInListView parameter specifies whether to show the message sender on top in list view in
$true: Show the message sender on top in list view. This is the default value.
$false: Don't show the message sender on top in list view.

Required: False
Position: Named
Default value: None
-ShowUpNext
The ShowUpNext parameter specifies whether the next upcoming event should be shown above the mail list view
in Outlook on the web. Valid values are:
$true: Show the next upcoming event above the mail list view. This is the default value.
$false: Don't show the next upcoming event above the mail list view.

Required: False
Position: Named
Default value: None
-SignatureHtml
The SignatureHtml parameter specifies the email signature that's available to the user in HTML -formatted
messages in Outlook on the web. You can use plain text or text with HTML tags. However, any JavaScript code is
removed.
To automatically add this email signature to HTML -formatted messages created by the user in Outlook on the web,
the AutoAddSignature parameter must be set to $true.
Type: String
Required: False
Position: Named
Default value: None
-SignatureText
The SignatureText parameter specifies the email signature that's available to the user in plain text messages in
Outlook on the web. This parameter supports all Unicode characters.
To automatically add the email signature to plain text messages created by the user in Outlook on the web, the
AutoAddSignature parameter must be set to the value $true.
Type: String
Required: False
Position: Named
Default value: None
-SignatureTextOnMobile
The SignatureTextOnMobile parameter specifies the email signature that's available in messages created by the
user in Outlook on the web for devices. This parameter supports all Unicode characters.
To automatically add the email signature to messages created by the user in Outlook on the web for devices, the
AutoAddSignatureOnMobile parameter must be set to the value $true.
Type: String
Required: False
Position: Named
Default value: None
-UseDefaultSignatureOnMobile
The UseDefaultSignatureOnMobile parameter specifies whether to add the default email signature to messages
created by the user in Outlook on the web for devices. The user configures the default signature in Outlook.

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-MailboxRegionalConfiguration
In ths Article
may be exclusive to one environment or the other. Use the Set-MailboxRegionalConfiguration cmdlet to modify the
regional settings of a mailbox. You can modify the date format, time format, time zone and language of the mailbox.
Syntax
Set-MailboxRegionalConfiguration [-Identity] <MailboxIdParameter> [-Confirm] [-DateFormat <String>]
[-DomainController <Fqdn>] [-Language <CultureInfo>] [-LocalizeDefaultFolderName] [-TimeFormat <String>]
[-TimeZone <ExTimeZoneValue>] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-MailboxRegionalConfiguration -Identity "Marcelo Teixeira" -Language pt-br -LocalizeDefaultFolderName
This example sets Marcelo Teixeira's mailbox language to Brazilian Portuguese, and localizes the default folder
names in Portuguese.
-------------------------- Example 2 --------------------------
Set-MailboxRegionalConfiguration -Identity "Ella Lack's" -DateFormat "d/m/yyyy"
This example sets the date format for Ella Lack's mailbox.
-------------------------- Example 3 --------------------------
Set-MailboxRegionalConfiguration -Identity "Alice Jakobsen" -Language da-dk -DateFormat "dd-mm-yyyy" -

LocalizeDefaultFolderName
This example sets Alice Jakobsen's mailbox language to Danish Denmark, sets the date in the day/month/year
format and localizes the default folder names in Danish.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DateFormat
The DateFormat parameter specifies the date format based on the current or specified language for the mailbox.
For example, if the language is set to en-US, valid DateFormat parameter values include:
M/d/yyyy: This is the default value for en-US.
M/d/yy
MM/dd/yy
MM/dd/yyyy
yy/MM/dd
yyyy-MM -dd
dd-MMM -yy
For more information about the date format strings, see Standard Date and Time Format Strings
Type: String
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-Language
The Language parameter specifies the language for the mailbox.
Valid input for this parameter is a supported culture code value from the Microsoft .NET Framework CultureInfo
class. For example, da-DK for Danish or ja-JP for Japanese. For more information, see CultureInfo Class
(https://go.microsoft.com/fwlink/p/?linkId=184859).
Type: CultureInfo
Required: False
Position: Named
Default value: None
-LocalizeDefaultFolderName
The LocalizeDefaultFolderName switch localizes the default folder names of the mailbox in the current or specified
language. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-TimeFormat
The TimeFormat parameter specifies the time format based on the current or specified language value for the
mailbox. For example, if the language is set to en-us, valid TimeFormat parameter values include:
h:mm tt: This is the default value for en-US.
hh:mm tt
H:mm
HH:mm
For more information about the time format strings, see Standard Date and Time Format Strings
Type: String
Required: False
Position: Named
Default value: None
-TimeZone
The TimeZone parameter specifies the time zone for the mailbox.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-MailboxSpellingConfiguration
In ths Article
may be exclusive to one environment or the other. Use the Set-MailboxSpellingConfiguration cmdlet to modify
Outlook on the web spelling checker options for a specified user. For example, you can set the dictionary language
and configure the spelling checker to ignore mixed digits or words in all uppercase. For information about the
Syntax
Set-MailboxSpellingConfiguration [-Identity] <MailboxIdParameter> [-CheckBeforeSend <$true | $false>]
[-Confirm]
[-DictionaryLanguage <Spanish | Arabic | Danish | Dutch | EnglishAustralia | EnglishCanada |
EnglishUnitedKingdom | EnglishUnitedStates | Finnish | French | GermanPostReform | GermanPreReform | Hebrew |
Italian | Korean | NorwegianBokmal | NorwegianNynorsk | PortuguesePortugal | PortugueseBrasil | Swedish |
Catalan>]
[-DomainController <Fqdn>] [-IgnoreMixedDigits <$true | $false>] [-IgnoreUppercase <$true | $false>] [-WhatIf]
Description
Examples
-------------------------- Example 1 --------------------------
Set-MailboxSpellingConfiguration -Identity Peter -IgnoreUppercase $true
This example sets the spelling checker of user Peter to ignore words in all uppercase letters.
-------------------------- Example 2 --------------------------
Set-MailboxSpellingConfiguration -Identity kai -IgnoreUppercase $true
This example sets the spelling checker to ignore words that contain only uppercase letters for messages sent from
Kai's mailbox.
-------------------------- Example 3 --------------------------
Set-MailboxSpellingConfiguration -IgnoreMixedDigits $true -Identity kai
This example sets the spelling checker to ignore words containing numbers for messages sent from Kai's mailbox.
Parameters
-CheckBeforeSend
The CheckBeforeSend parameter specifies whether Outlook on the web checks the spelling for every message
when the user clicks Send in the new message form. Valid values are$true or $false. The default value is $false.

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DictionaryLanguage
The DictionaryLanguage parameter specifies the dictionary language to use when the spelling checker checks the
spelling in messages. Valid values are:
Arabic
Catalan
Danish
Dutch
EnglishAustralia
EnglishCanada
EnglishUnitedKingdom
EnglishUnitedStates
Finnish
French
GermanPreReform
GermanPostReform
Hebrew
Italian
Korean
NorwegianBokMal
NorwegianNyorsk
PortuguesePortugal
PortugueseBrasil
Spanish
Swedish
Type: Spanish | Arabic | Danish | Dutch | EnglishAustralia | EnglishCanada | EnglishUnitedKingdom |

EnglishUnitedStates | Finnish | French | GermanPostReform | GermanPreReform | Hebrew | Italian | Korean |
NorwegianBokmal | NorwegianNynorsk | PortuguesePortugal | PortugueseBrasil | Swedish | Catalan
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-IgnoreMixedDigits
The IgnoreMixedDigits parameter specifies whether the spelling checker ignores words that contain numbers. Valid
values are $true or $false. The default value is $false.

Required: False
Position: Named
Default value: None
-IgnoreUppercase
The IgnoreUppercase parameter specifies whether the spelling checker ignores words that contain only uppercase
letters, for example, acronyms.
Valid values are $true or $false. The default value is $false.

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-OutlookProvider
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-OutlookProvider cmdlet to set specific global
settings using the msExchOutlookProvider attribute on the msExchAutoDiscoverConfig object in Active Directory.
Syntax
Set-OutlookProvider [-Identity] <OutlookProviderIdParameter> [-CertPrincipalName <String>] [-Confirm]
[-DomainController <Fqdn>] [-Name <String>] [-OutlookProviderFlags <None | ServerExclusiveConnect>]
[-Server <String>] [-TTL <Int32>] [-WhatIf] [-RequiredClientVersions <String[]>] [<CommonParameters>]
Description
The Set-OutlookProvider cmdlet creates the global settings for the Autodiscover service. It sets the
AutoDiscoverConfig object under the Global Settings object in Active Directory and sets the attributes specified in
the parameters listed in the Parameters section.
Examples
-------------------------- Example 1 --------------------------
Set-OutlookProvider -Identity msExchAutoDiscoverConfig -TTL 2
This example changes the duration that the Autodiscover service settings are valid for the Microsoft Outlook
provider msExchAutoDiscoverConfig.
Parameters
-CertPrincipalName
The CertPrincipalName parameter specifies the Secure Sockets Layer (SSL ) certificate principal name required for
connecting to Exchange from an external location.
This parameter is only used for Outlook Anywhere clients.
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the ADIDParameter value of the MAPI protocol for which you want to set global
settings.
Required: True
Position: 1
Default value: None
-Name
The Name parameter specifies a common name for the Outlook Provider Configuration object. This can be a user-
friendly name for identification.
Type: String
Required: False
Position: Named
Default value: None
-OutlookProviderFlags
The OutlookProviderFlags parameter specifies how Outlook clients should connect to the Exchange server. The
value can be set to ServerExclusiveConnect, ExternalClientsRequireSSL, InternalClientsRequireSSL or to None to
clear the flags. The recommended value is None, which is also the default setting.
Type: None | ServerExclusiveConnect

Required: False
Position: Named
Default value: None
-RequiredClientVersions
The RequiredClientVersions parameter specifies the minimum version of Microsoft Outlook that's allowed to
connect to the Exchange server. This information is in the Autodiscover response to the client connection request.
Valid input for this parameter is "<MinimumVersion>, <ExpirationDate>".
<MinimumVersion> is the version of Outlook in the format xx.x.xxxx.xxxx. For example, to specify Outlook 2010
Service Pack 2 (SP2), use the value 14.0.7012.1000.
<ExpirationDate> is the UTC date-time when connections by older versions of Outlook will be blocked. The UTC
date-time is represented in the ISO 8601 date-time format: yyyy-mm-ddThh:mm:ss.fffZ, where yyyy = year, mm =
month, dd = day, T indicates the beginning of the time component, hh = hour, mm = minute, ss = second, fff =
fractions of a second and Z signifies Zulu, which is another way to denote UTC.
An example of a valid value for this parameter is "14.0.7012.1000, 2014-01-01T12:00:00Z".
Type: String[]
Required: False
Position: Named
Default value: None
-Server
The Server parameter specifies the Mailbox server to use for Outlook Anywhere clients.
Type: String
Required: False
Position: Named
Default value: None
-TTL
The TTL parameter specifies the duration (in hours) that the specified settings are valid.
If a value is specified, the settings are rediscovered via the Autodiscover service after the duration specified with
this parameter. A value of 0 indicates that no rediscovery is required. The default value is 1 hour.
Type: Int32
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-OwaMailboxPolicy
In ths Article
may be exclusive to one environment or the other. Use the Set-OwaMailboxPolicy cmdlet to configure existing
Outlook on the web mailbox policies. For information about the parameter sets in the Syntax section below, see
Syntax
Set-OwaMailboxPolicy [-Identity] <MailboxPolicyIdParameter>
[-ActionForUnknownFileAndMIMETypes <Allow | ForceSave | Block>]
[-ActiveSyncIntegrationEnabled <$true | $false>]
[-AllAddressListsEnabled <$true | $false>]
[-AllowCopyContactsToDeviceAddressBook <$true | $false>]
[-AllowedFileTypes <MultiValuedProperty>]
[-AllowedMimeTypes <MultiValuedProperty>]
[-AllowOfflineOn <PrivateComputersOnly | NoComputers | AllComputers>]
[-BlockedFileTypes <MultiValuedProperty>]
[-BlockedMimeTypes <MultiValuedProperty>]
[-CalendarEnabled <$true | $false>]
[-ChangePasswordEnabled <$true | $false>]
[-ClassicAttachmentsEnabled <$true | $false>]
[-ConditionalAccessPolicy <Off | ReadOnly | ReadOnlyPlusAttachmentsBlocked>]
[-Confirm]
[-ContactsEnabled <$true | $false>]
[-DefaultClientLanguage <Int32>]
[-DefaultTheme <String>]
[-DelegateAccessEnabled <$true | $false>]
[-DirectFileAccessOnPrivateComputersEnabled <$true | $false>]
[-DirectFileAccessOnPublicComputersEnabled <$true | $false>]
[-DisableFacebook]
[-DisplayPhotosEnabled <$true | $false>]
[-ExplicitLogonEnabled <$true | $false>]
[-ExternalImageProxyEnabled <$true | $false>]
[-ExternalSPMySiteHostURL <String>]
[-ForceSaveAttachmentFilteringEnabled <$true | $false>]
[-ForceSaveFileTypes <MultiValuedProperty>]
[-ForceSaveMimeTypes <MultiValuedProperty>]
[-ForceWacViewingFirstOnPrivateComputers <$true | $false>]
[-ForceWacViewingFirstOnPublicComputers <$true | $false>]
[-ForceWebReadyDocumentViewingFirstOnPrivateComputers <$true | $false>]
[-ForceWebReadyDocumentViewingFirstOnPublicComputers <$true | $false>]
[-FreCardsEnabled <$true | $false>]
[-GlobalAddressListEnabled <$true | $false>]
[-GroupCreationEnabled <$true | $false>]
[-InstantMessagingEnabled <$true | $false>]
[-InstantMessagingType <None | Ocs | Msn>]
[-InterestingCalendarsEnabled <$true | $false>]
[-InternalSPMySiteHostURL <String>]
[-IRMEnabled <$true | $false>]
[-IsDefault]
[-JournalEnabled <$true | $false>]
[-JunkEmailEnabled <$true | $false>]
[-LinkedInEnabled <$true | $false>]
[-LocalEventsEnabled <$true | $false>]
[-LogonAndErrorLanguage <Int32>]
[-Name <String>]
[-NotesEnabled <$true | $false>]
[-OrganizationEnabled <$true | $false>]
[-OneDriveAttachmentsEnabled <$true | $false>]
[-OnSendAddinsEnabled <$true | $false>]
[-OutboundCharset <AlwaysUTF8 | AutoDetect | UserLanguageChoice>]
[-OutlookBetaToggleEnabled <$true | $false>] [<CommonParameters>]
[-OWALightEnabled <$true | $false>]
[-OWAMiniEnabled <$true | $false>]
[-PhoneticSupportEnabled <$true | $false>]
[-PlacesEnabled <$true | $false>]
[-PremiumClientEnabled <$true | $false>]
[-PrintWithoutDownloadEnabled <$true | $false>]
[-PublicFoldersEnabled <$true | $false>]
[-RecoverDeletedItemsEnabled <$true | $false>]
[-ReferenceAttachmentsEnabled <$true | $false>]
[-RemindersAndNotificationsEnabled <$true | $false>]
[-ReportJunkEmailEnabled <$true | $false>]
[-RulesEnabled <$true | $false>]
[-SatisfactionEnabled <$true | $false>]
[-SaveAttachmentsToCloudEnabled <$true | $false>]
[-SearchFoldersEnabled <$true | $false>]
[-SetPhotoEnabled <$true | $false>]
[-SetPhotoURL <String>]
[-SignaturesEnabled <$true | $false>]
[-SilverlightEnabled <$true | $false>]
[-SkipCreateUnifiedGroupCustomSharepointClassification <$true | $false>]
[-SMimeEnabled <$true | $false>] [-SpellCheckerEnabled <$true | $false>]
[-TasksEnabled <$true | $false>]
[-TextMessagingEnabled <$true | $false>]
[-ThemeSelectionEnabled <$true | $false>]
[-ThirdPartyAttachmentsEnabled <$true | $false>]
[-ThirdPartyFileProvidersEnabled <$true | $false>]
[-UMIntegrationEnabled <$true | $false>]
[-UNCAccessOnPrivateComputersEnabled <$true | $false>]
[-UNCAccessOnPublicComputersEnabled <$true | $false>]
[-UseGB18030 <$true | $false>]
[-UseISO885915 <$true | $false>]
[-UserVoiceEnabled <$true | $false>]
[-WacEditingEnabled <$true | $false>]
[-WacExternalServicesEnabled <$true | $false>]
[-WacOMEXEnabled <$true | $false>]
[-WacViewingOnPrivateComputersEnabled <$true | $false>]
[-WacViewingOnPublicComputersEnabled <$true | $false>]
[-WeatherEnabled <$true | $false>]
[-WebPartsFrameOptionsType <Deny | AllowFrom | None | SameOrigin>]
[-WebReadyDocumentViewingForAllSupportedTypes <$true | $false>]
[-WebReadyDocumentViewingOnPrivateComputersEnabled <$true | $false>]
[-WebReadyDocumentViewingOnPublicComputersEnabled <$true | $false>]
[-WebReadyDocumentViewingSupportedFileTypes <MultiValuedProperty>]
[-WebReadyDocumentViewingSupportedMimeTypes <MultiValuedProperty>]
[-WebReadyFileTypes <MultiValuedProperty>]
[-WebReadyMimeTypes <MultiValuedProperty>]
[-WhatIf]
[-WSSAccessOnPrivateComputersEnabled <$true | $false>]
[-WSSAccessOnPublicComputersEnabled <$true | $false>]
Description
In on-premises Exchange, the default Outlook on the web mailbox policy is named Default. In Office 365, the
default Outlook on the web mailbox policy is named OwaMailboxPolicy-Default.
Examples
-------------------------- Example 1 --------------------------
Set-OwaMailboxPolicy -Identity EMEA\Contoso\Corporate -CalendarEnabled $false
This example disables access to the calendar for the mailbox policy named Corporate for the tenant Contoso in the
organization EMEA.
-------------------------- Example 2 --------------------------
Set-OwaMailboxPolicy -Identity Default -TasksEnabled $false
This example disables access to the Tasks folder for the default mailbox policy in an on-premises Exchange
organization.
-------------------------- Example 3 --------------------------
Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -AllowedFileTypes '.doc', '.pdf'
This example sets the allowed file type extensions to .doc and .pdf for the default mailbox policy in an Office 365
organization, allowing users to save files with those extensions locally or view them from a web browser.
-------------------------- Example 4 --------------------------
Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -UserVoiceEnabled $false
This example disables Outlook UserVoice for the default mailbox policy in Office 365.
Parameters
-ActionForUnknownFileAndMIMETypes
The ActionForUnknownFileAndMIMETypes parameter specifies how to handle file types that aren't specified in the
Allow, Block, and Force Save lists for file types and MIME types. Valid values are:
Allow (This is the default value.)
ForceSave
Block
Type: Allow | ForceSave | Block
Required: False
Position: Named
Default value: None
-ActiveSyncIntegrationEnabled
The ActiveSyncIntegrationEnabled parameter specifies whether to enable or disable Exchange ActiveSync settings
$true: ActiveSync is available in Outlook on the web. This is the default value.
$false: ActiveSync isn't available in Outlook on the web.

Required: False
Position: Named
Default value: None
-AllAddressListsEnabled
The AllAddressListsEnabled parameter specifies which address lists are available in Outlook on the web. Valid
values are:
$true: All address lists are visible in Outlook on the web. This is the default value.
$false: Only the global address list is visible in Outlook on the web.

Required: False
Position: Named
Default value: None
-AllowCopyContactsToDeviceAddressBook
The AllowCopyContactsToDeviceAddressBook parameter specifies whether users can copy the contents of their
Contacts folder to a mobile device's native address book when using Outlook on the web for devices. Valid values
are:
$true: Contacts can be copied to the device's address book in Outlook on the web for devices. This is the default
value.
$false: Contacts can't be copied to the device's address book in Outlook on the web for devices.

Required: False
Position: Named
Default value: None
-AllowedFileTypes
The AllowedFileTypes parameter specifies the attachment file types (file extensions) that can be saved locally or
viewed from Outlook on the web. The default values are:
.avi, .bmp, .doc, .docm, .docx, .gif, .jpg, .mp3, .one, .pdf, .png, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pub, .rpmsg, .rtf, .tif, .tiff,
.txt, .vsd, .wav, .wma, .wmv, .xls, .xlsb, .xlsm, .xlsx, .zip
If the same file types are specified in multiple lists:
The Block list overrides the Allow list and the Force Save list.
The Force Save list overrides the Allow list.
Required: False
Position: Named
Default value: None
-AllowedMimeTypes
The AllowedMimeTypes parameter specifies the MIME extensions of attachments that allow the attachments to be
saved locally or viewed from Outlook on the web. The default values are:
image/bmp
image/gif
image/jpeg
image/png
If the same MIME types are specified in multiple lists:
The Allow list overrides the Block list and the Force Save list.
The Block list overrides the Force Save list.
Required: False
Position: Named
Default value: None
-AllowOfflineOn
The AllowOfflineOn parameter specifies when Outlook on the web in offline mode is available for supported web
browsers. Valid values are:
PrivateComputersOnly: Offline mode is available in private computer sessions. By default in Exchange 2013 or
later and Exchange Online, all Outlook on the web sessions are considered to be on private computers. In
Exchange 2013 or later, users can only specify public computer sessions if you've enabled the private/public
selection on the sign in page (the LogonPagePublicPrivateSelectionEnabled parameter value is $true on the
Set-OwaVirtualDirectory cmdlet).
NoComputers: Offline mode is disabled.
AllComputers: Offline mode is available for public and private computer sessions. This is the default value.
When offline mode is available, users can turn offline mode on or off themselves in Outlook on the web. For more
information, see Using Outlook Web App offline.
Type: PrivateComputersOnly | NoComputers | AllComputers

Required: False
Position: Named
Default value: None
-BlockedFileTypes
The BlockedFileTypes parameter specifies a list of attachment file types (file extensions) that can't be saved locally
or viewed from Outlook on the web. The default values are:
.ade, .adp, .app, .asp, .aspx, .asx, .bas, .bat, .chm, .cmd, .com, .cpl, .csh, .exe, .fxp, .gadget, .hlp, .hta, .htc, .inf, .ins, .isp, .its,
.js, .jse, .ksh, .lnk, .mad, .maf, .mag, .mam, .maq, .mar, .mas, .mat, .mau, .mav, .maw, .mda, .mdb, .mde, .mdt, .mdw, .mdz,
.mht, .mhtml, .msc, .msh, .msh1, .msh1xml, .msh2, .msh2xml, .mshxml, .msi, .msp, .mst, .ops, .pcd, .pif, .plg, .prf, .prg,
.ps1, .ps1xml, .ps2, .ps2xml, .psc1, .psc2, .pst, .reg, .scf, .scr, .sct, .shb, .shs, .tmp, .url, .vb, .vbe, .vbs, .vsmacros, .vss, .vst,
.vsw, .ws, .wsc, .wsf, .wsh
Required: False
Position: Named
Default value: None
-BlockedMimeTypes
The BlockedMimeTypes parameter specifies MIME extensions in attachments that prevent the attachments from
being saved locally or viewed from Outlook on the web. The default values are:
application/hta
application/javascript
application/msaccess
application/prg
application/x-javascript
text/javascript
text/scriplet
x-internet-signup
Required: False
Position: Named
Default value: None
-CalendarEnabled
The CalendarEnabled parameter specifies whether to enable or disable the calendar in Outlook on the web. Valid
values are:
$true: The Calendar is available in Outlook on the web. This is the default value.
$false: The Calendar isn't available in Outlook on the web.

Required: False
Position: Named
Default value: None
-ChangePasswordEnabled
This parameter is functional only in on-premises Exchange.
The ChangePasswordEnabled parameter specifies whether users can change their passwords from inside Outlook
$true: The Change password option is available in Outlook on the web. This is the default value in on-premises
Exchange.
$false: The Change password option isn't available in Outlook on the web.

Required: False
Position: Named
Default value: None
-ClassicAttachmentsEnabled
The ClassicAttachmentsEnabled parameter specifies whether users can attach local files as regular email
attachments in Outlook on the web. Valid values are:
$true: Users can attach local files to email messages in Outlook on the web. This is the default value.
$false: Users can't attach local files to email messages in Outlook on the web.

Required: False
Position: Named
Default value: None
-ConditionalAccessPolicy
The ConditionalAccessPolicy parameter specifies the Outlook on the Web Policy for limited access. For this feature
to properly work, you will need to additionally configure a Conditional Access policy in the Azure Active Directory
Portal.
Valid values are:
Off: No conditional access policy is applied to Outlook on the web. This is the default value.
ReadOnly: Users can't download attachments to their local computer, and can't enable Offline Mode on non-
compliant computers. They can still view attachments in the browser.
ReadOnlyPlusAttachmentsBlocked: All restrictions from ReadOnly apply, but users can't view attachments in
the browser.
Type: Off | ReadOnly | ReadOnlyPlusAttachmentsBlocked

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-ContactsEnabled
The ContactsEnabled parameter specifies whether to enable or disable Contacts in Outlook on the web. Valid
values are:
$true: Contacts are available in Outlook on the web. This is the default value.
$false: Contacts aren't available in Outlook on the web.

Required: False
Position: Named
Default value: None
-DefaultClientLanguage
Type: Int32
Required: False
Position: Named
Default value: None
-DefaultTheme
The DefaultTheme parameter specifies the default theme that's used in Outlook on the web when the user hasn't
selected a theme. The default value is blank ($null). For more information about the built-in themes that are
available in Outlook on the web, see Default Outlook on the web themes in Exchange.
Note that this parameter is a text string, and the value you specify isn't validated against the list of available themes.
Type: String
Required: False
Position: Named
Default value: None
-DelegateAccessEnabled
The DelegateAccessEnabled parameter specifies whether delegates can use Outlook Web App to open folders that
they have delegate access to. Valid values are:
$true: Delegates can open the mailbox in Outlook Web App. This is the default value.
$false: Delegates can't open the mailbox in Outlook Web App.

Required: False
Position: Named
Default value: None
-DirectFileAccessOnPrivateComputersEnabled
The DirectFileAccessOnPrivateComputersEnabled parameter specifies the left-click options for attachments in
Outlook on the web for private computer sessions. Valid values are:
$true: Open is available for attachments in Outlook on the web for private computer sessions. This is the default
value.
$false: Open isn't available for attachments in Outlook on the web for private computer sessions. Note that
Office and .pdf documents can still be previewed in Outlook on the web.
By default in Exchange 2013 or later and Exchange Online, all Outlook on the web sessions are considered to be on
private computers.

Required: False
Position: Named
Default value: None
-DirectFileAccessOnPublicComputersEnabled
Outlook on the web for public computer sessions. Valid values are:
$true: Open is available for attachments in Outlook on the web for public computer sessions. This is the default
value.
$false: Open isn't available for attachments in Outlook on the web for public computer sessions. Note that
In Exchange 2013 or later, users can only specify public computer sessions if you've enabled the private/public
selection on the sign in page (the LogonPagePublicPrivateSelectionEnabled parameter value is $true on the Set-
OwaVirtualDirectory cmdlet).
Required: False
Position: Named
Default value: None
-DisableFacebook
The DisableFacebook switch specifies whether users can synchronize their Facebook contacts to their Contacts
folder in Outlook on the web. By default, Facebook integration is enabled.
To disable Facebook integration, use this switch without a value.
To enable Facebook integration after it's been disabled, use this exact syntax: -DisableFacebook:$false.
Note that the value of this parameter is stored in the FacebookEnabled property in the output of the Get-
OwaMailboxPolicy cmdlet.
Required: False
Position: Named
Default value: None
-DisplayPhotosEnabled
The DisplayPhotosEnabled parameter specifies whether users see sender photos in Outlook on the web. Valid
values are:
$true: Users see sender photos in Outlook on the web. This is the default value.
$false: Users don't see sender photos in Outlook on the web.

Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-ExplicitLogonEnabled
The ExplicitLogonEnabled parameter specifies whether to allow a user to open someone else's mailbox in Outlook
on the web (provided that user has permissions to the mailbox). Valid values are:
$true: A user with the required permissions is able to open someone else's mailbox in Outlook on the web. This
$false: A user with the required permissions isn't able to open someone else's mailbox in Outlook on the web.

Required: False
Position: Named
Default value: None
-ExternalImageProxyEnabled
The ExternalImageProxyEnabled parameter specifies whether to load all external images through the Outlook
external image proxy. Valid values are:
$true: All external images are loaded through the Outlook external image proxy. This is the default value.
$false: All external images are loaded through the web browser. This is potentially unsafe, as the images could
have mixed content or malformed images that ask for user credentials.

Required: False
Position: Named
Default value: None
-ExternalSPMySiteHostURL
The ExternalSPMySiteHostURL specifies the My Site Host URL for external users (for example,
https://sp01.contoso.com).
This parameter is part of rich document collaboration that allows links to documents in OneDrive for Business to
appear as regular file attachments in messages.
Type: String
Required: False
Position: Named
Default value: None
-ForceSaveAttachmentFilteringEnabled
The ForceSaveAttachmentFilteringEnabled parameter specifies whether files are filtered before they can be saved
from Outlook on the web. Valid values are:
$true: The attachments specified by the ForceSaveFileTypes parameter are filtered before they can be saved
from Outlook on the web.
$false: The attachments aren't filtered before they're saved. This is the default value.

Required: False
Position: Named
Default value: None
-ForceSaveFileTypes
The ForceSaveFileTypes parameter specifies the attachment file types (file extensions) that can only be saved from
Outlook on the web (not opened). The default values are:
.ade, .adp, .app, .asp, .aspx, .asx, .bas, .bat, .cer, .chm, .cmd, .com, .cpl, .crt, .csh, .dcr, .dir, .exe, .fxp, .gadget, .hlp, .hta, .htm,
.html, .inf, .ins, .isp, .its, .js, .jse, .ksh, .lnk, .mad, .maf, .mag, .mam, .maq, .mar, .mas, .mat, .mau, .mav, .maw, .mda, .mdb,
.mde, .mdt, .mdw, .mdz, .msc, .msh, .mshxml, .msi, .msp, .mst, .ops, .pcd, .pif, .plg, .prf, .prg, .ps1, .ps1xml, .ps2, .ps2xml,
.psc1, .psc2, .pst, .reg, .scf, .scr, .sct, .shb, .shs, .spl, .swf, .tmp, .url, .vb, .vbe, .vbs, .vsmacro, .vss, .vst, .vsw, .ws, .wsc, .wsf,
.wsh
Required: False
Position: Named
Default value: None
-ForceSaveMimeTypes
The ForceSaveMimeTypes parameter specifies the MIME extensions in attachments that only allow the
attachments to be saved locally (not opened). The default values are:
Application/futuresplash
Application/octet-stream
Application/x-director
Application/x-shockwave-flash
text/html
Required: False
Position: Named
Default value: None
-ForceWacViewingFirstOnPrivateComputers
The ForceWacViewingFirstOnPrivateComputers parameter specifies whether private computers must first preview
an Office file as a web page in Office Online Server (formerly known as Office Web Apps Server and Web Access
Companion Server) before opening the file in the local application. Valid values are:
$true: Private computers must first preview an Office file as a web page in Office Online Server before opening
the file.
$false: Private computers aren't required to preview an Office file as a web page in Office Online Server before
opening the file. This is the default value.
private computers.

Required: False
Position: Named
Default value: None
-ForceWacViewingFirstOnPublicComputers
The ForceWacViewingFirstOnPublicComputers parameter specifies whether public computers must first preview
an Office file as a web page in Office Online Server before opening the file in the local application. Valid values are:
$true: Public computers must first preview an Office file as a web page in Office Online Server before opening
the file.
$false: Public computers aren't required to preview an Office file as a web page in Office Online Server before
Required: False
Position: Named
Default value: None
-ForceWebReadyDocumentViewingFirstOnPrivateComputers
This parameter is available only in Exchange Server 2010 or Exchange Server 2013.
The ForceWebReadyDocumentViewingFirstOnPrivateComputers parameter specifies whether private computers
must first preview an Office file as a web page in WebReady Document Viewing before opening the file from
Outlook Web App. Valid values are:
$true: Private computers must first preview an Office file as a web page in WebReady Document Viewing
before opening the file.
$false: Private computers aren't required to preview an Office file as a web page in WebReady Document
Viewing before opening the file. This is the default value.
private computers.

Required: False
Position: Named
Default value: None
-ForceWebReadyDocumentViewingFirstOnPublicComputers
The ForceWebReadyDocumentViewingFirstOnPublicComputers parameter specifies whether Public computers
$true: Public computers must first preview an Office file as a web page in WebReady Document Viewing before
opening the file.
$false: Public computers aren't required to preview an Office file as a web page in WebReady Document

Required: False
Position: Named
Default value: None
-FreCardsEnabled
The FreCardsEnabled parameter specifies whether the theme, signature, and phone cards are available in Outlook
$true: The theme, signature, and phone cards are visible in Outlook on the web. This is the default value.
$false: The theme, signature, and phone cards aren't visible in Outlook on the web. Only the introduction, time
zone, and final cards are visible.

Required: False
Position: Named
Default value: None
-GlobalAddressListEnabled
The GlobalAddressListEnabled parameter specifies whether the global address list is available in Outlook on the
web. Valid values are:
$true: The global address list is visible in Outlook on the web. This is the default value.
$false: The global address list isn't visible in Outlook on the web.

Required: False
Position: Named
Default value: None
-GroupCreationEnabled
This parameter is available or functional only in the cloud-based service.
The GroupCreationEnabled parameter specifies whether Office 365 group creation is available in Outlook on the
$true: Users can create Office 365 groups in Outlook on the web. This is the default value.
$false: Users can't create Office 365 groups in Outlook on the web.

Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Outlook on the web mailbox policy that you want to modify. You can use any
value that uniquely identifies the policy. For example:
Name
GUID
Required: True
Position: 1
Default value: None
-InstantMessagingEnabled
The InstantMessagingEnabled parameter specifies whether instant messaging is available in Outlook on the web.
Valid values are:
$true: Instant messaging is available in Outlook on the web. This is the default value.
$false: Instant messaging isn't available in Outlook on the web.

Required: False
Position: Named
Default value: None
-InstantMessagingType
The InstantMessagingType parameter specifies the type of instant messaging provider in Outlook on the web. Valid
values are:
None: This is the default value in on-premises Exchange.
Ocs: Lync or Skype (formerly known as Office Communication Server). This is the default value in Exchange
Online.
Type: None | Ocs | Msn

Required: False
Position: Named
Default value: None
-InterestingCalendarsEnabled
The InterestingCalendarsEnabled parameter specifies whether interesting calendars are available in Outlook on the
$true: Interesting calendars are available in Outlook on thew web. This is the default value.
$false: Interesting calendars aren't available in Outlook on the web.
Required: False
Position: Named
Default value: None
-InternalSPMySiteHostURL
The InternalSPMySiteHostURL specifies the My Site Host URL for internal users (for example,
Type: String
Required: False
Position: Named
Default value: None
-IRMEnabled
The IRMEnabled parameter specifies whether Information Rights Management (IRM ) features are available in
$true: IRM is available in Outlook on the web. This is the default value.
$false: IRM isn't available in Outlook on the web.

Required: False
Position: Named
Default value: None
-IsDefault
The IsDefault switch specifies whether the Outlook on the web policy is the default policy that's used to configure
the Outlook on the web settings for new mailboxes. You don't need to specify a value with this switch.
If another policy is currently set as the default, this switch replaces the old default policy with this policy.
Required: False
Position: Named
Default value: None
-JournalEnabled
The JournalEnabled parameter specifies whether the Journal folder is available in Outlook on the web. Valid values
are:
$true: The Journal folder is visible in Outlook on the web. This is the default value.
$false: The Journal folder isn't visible in Outlook on the web.

Required: False
Position: Named
Default value: None
-JunkEmailEnabled
The JunkEmailEnabled parameter specifies whether the Junk Email folder and junk email management are
available in Outlook on the web. Valid values are:
$true: The Junk Email folder and junk email management are available in Outlook on the web. This is the
default value.
$false: The Junk Email folder and junk email management aren't available in Outlook on the web.

Required: False
Position: Named
Default value: None
-LinkedInEnabled
The LinkedInEnabled parameter specifies whether users can synchronize their LinkedIn contacts to their Contacts
folder. Valid values are:
$true: LinkedIn integration is enabled. This is the default value.
$false: LinkedIn integration is disabled.

Required: False
Position: Named
Default value: None
-LocalEventsEnabled
The LocalEventsEnabled parameter specifies whether local events calendars are available in Outlook on the web.
Valid values are:
$true: Local events are available in Outlook on the web.
$false: Local events aren't available in Outlook on the web. This is the default value.
Required: False
Position: Named
Default value: None
-LogonAndErrorLanguage
The LogonAndErrorLanguage parameter specifies the language that used in Outlook on the web for forms-based
authentication and for error messages when a user's current language setting can't be read.
A valid value is a supported Microsoft Windows Language Code Identifier (LCID ). For example, 1033 is US English.
The default value is 0, which means the logon and error language selection is undefined.
Type: Int32
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the unique name for the policy. The maximum length is 64 characters. If the value
contains spaces, enclose the value in quotation marks.
Type: String
Required: False
Position: Named
Default value: None
-NotesEnabled
The NotesEnabled parameter specifies whether the Notes folder is available in Outlook on the web. Valid values
are:
$true: The Notes folder is visible in Outlook on the web. This is the default value.
$false: The Notes folder isn't visible in Outlook on the web.

Required: False
Position: Named
Default value: None
-OneDriveAttachmentsEnabled
The OneDriveAttachmentsEnabled parameter specifies whether to allow OneDrive attachments in Outlook on the
$true: OneDrive attachments are enabled. This is the default value.
$false: OneDrive attachments are disabled.

Required: False
Position: Named
Default value: None
-OnSendAddinsEnabled
The OnSendAddinsEnabled parameter specifies whether to enable or disable on send add-ins in Outlook on the
web (add-ins that support events when a user clicks Send). Valid values are:
$true: On send add-ins are enabled.
$false: On send add-ins are disabled. This is the default value.

Required: False
Position: Named
Default value: None
-OrganizationEnabled
When the OrganizationEnabled parameter is set to $false, the Automatic Reply option doesn't include external and
internal options, the address book doesn't show the organization hierarchy, and the Resources tab in Calendar
forms is disabled. The default value is $true.

Required: False
Position: Named
Default value: None
-OutboundCharset
The OutboundCharset parameter specifies the character set that's used for outgoing messages in Outlook on the
AutoDetect: Examine the first 2 kilobytes (KB ) of text in the message to determine the character set that's used
in outgoing messages. This is the default value.
AlwaysUTF8: Always use UTF -8 encoded UNICODE characters in outgoing messages, regardless of the
detected text in the message, or the user's language choice in Outlook on the web. Use this value if replies to
UTF -8 encoded messages aren't being encoded in UTF -8.
UserLanguageChoice: Use the user's language choice in Outlook on the web to encode outgoing messages.
Type: AlwaysUTF8 | AutoDetect | UserLanguageChoice
Required: False
Position: Named
Default value: None
-OutlookBetaToggleEnabled
The OutlookBetaToggleEnabled parameter specifies whether to enable or disable the Outlook on the web Preview
toggle. The Preview toggle allows users to try the new Outlook on the web experience. Valid values are:
$true: The Outlook on the web Preview toggle is enabled. Users can easily switch back and forth between both
experiences. This is the default value.
$false: Outlook on the web Preview is disabled.

Required: False
Position: Named
Default value: None
-OWALightEnabled
The OWALightEnabled parameter controls the availability of the light version of Outlook on the web. Valid values
are:
$true: The light version of Outlook on the web is available. This is the default value.
$false: The light version of Outlook on the web is isn't available. This setting prevents access to Outlook on the
web for unsupported browsers that can only use the light version of Outlook on the web.

Required: False
Position: Named
Default value: None
-OWAMiniEnabled
The OWAMiniEnabled parameter controls the availability of the mini version of Outlook Web App. Valid values are:
$true: The mini version of Outlook Web App is available. This is the default value.
$false: The mini version of Outlook Web App isn't available.
Required: False
Position: Named
Default value: None
-PhoneticSupportEnabled
The PhoneticSupportEnabled parameter specifies phonetically spelled entries in the address book. This parameter
is available for use in Japan.

Required: False
Position: Named
Default value: None
-PlacesEnabled
The PlacesEnabled parameter specifies whether to enable or disable Places in Outlook on the web. Places lets users
search, share, and map location details by using Bing. Valid values are:
$true: Places is enabled. This is the default value.
$false: Places is disabled.

Required: False
Position: Named
Default value: None
-PremiumClientEnabled
The PremiumClientEnabled parameter controls the availability of the full version of Outlook Web App. Valid values
are:
$true: The full version of Outlook Web App is available for supported browsers. This is the default value.
$false: The full version of Outlook Web App isn't available.

Required: False
Position: Named
Default value: None
-PrintWithoutDownloadEnabled
The PrintWithoutDownloadEnabled specifies whether to allow printing of supported files without downloading the
attachment in Outlook on the web. Valid values are:
$true: Supported files can be printed without being downloaded in Outlook web app. This is the default value.
$false: Supported files must be downloaded before they can be printed in Outlook web app.

Required: False
Position: Named
Default value: None
-PublicFoldersEnabled
The PublicFoldersEnabled parameter specifies whether a user can browse or read items in public folders in Outlook
Web App. Valid values are:
$true: Public folders are available in Outlook Web App. This is the default value.
$false: Public folders aren't available in Outlook Web App.

Required: False
Position: Named
Default value: None
-RecoverDeletedItemsEnabled
The RecoverDeletedItemsEnabled parameter specifies whether a user can use Outlook Web App to view, recover, or
delete permanently items that have been deleted from the Deleted Items folder. Valid values are:
$true: Users can view, recover, or permanently delete items in Outlook Web App. This is the default value.
$false: Users can't view, recover, or permanently delete items in Outlook Web App. Items deleted from the
Deleted Items folder in Outlook Web App are still retained.

Required: False
Position: Named
Default value: None
-ReferenceAttachmentsEnabled
The ReferenceAttachmentsEnabled parameter specifies whether users can attach files from the cloud as linked
$true: Users can attach files that are stored in the cloud as linked attachments. If the file hasn't been uploaded to
the cloud yet, the users can attach and upload the file in the same step. This is the default value.
$false: Users can't share files in the cloud as linked attachments. They need to download a local copy of the file
before attaching the file to the email message.

Required: False
Position: Named
Default value: None
-RemindersAndNotificationsEnabled
The RemindersAndNotificationsEnabled parameter specifies whether notifications and reminders are enabled in
$true: Notifications and reminders are enabled in Outlook on the web. This is the default value.
$false: Notifications and reminders are disabled in Outlook on the web.
This parameter doesn't apply to the light version of Outlook Web App.

Required: False
Position: Named
Default value: None
-ReportJunkEmailEnabled
The ReportJunkEmailEnabled parameter specifies whether users can report messages to Microsoft or unsubscribe
from messages in Outlook on the web. Valid values are:
$true: The Report junk, Report phishing or Report not junk options are available after the user selects Mark as
junk, Mark as phishing, or Mark as not junk. The Unsubscribe option is also available. This is the default value.
$false: The Report junk, Report phishing, Report not junk and Unsubscribe options aren't available. Users can
stil mark messages as junk, phishing, or not junk, but they won't be able to report messages to Microsoft.
This parameter is meaningful only when the JunkEmailEnabled parameter is set to $true.

Required: False
Position: Named
Default value: None
-RulesEnabled
The RulesEnabled parameter specifies whether a user can view, create, or modify server-side rules in Outlook on
the web. Valid values are:
$true: Users can view, create, or modify server-side rules in Outlook on the web. This is the default value.
$false: Users can't view, create, or modify server-side rules in Outlook on the web.
Required: False
Position: Named
Default value: None
-SatisfactionEnabled
The SatisfactionEnabled parameter specifies whether to enable or disable the satisfaction survey. Valid values are:
$true: The satisfaction survey is enabled. This is the default value.
$false: The satisfaction survey is disabled.

Required: False
Position: Named
Default value: None
-SaveAttachmentsToCloudEnabled
The SaveAttachmentsToCloudEnabled parameter specifies whether users can save regular email attachments to the
cloud. Valid values are:
$true: Users can save regular email attachments to the cloud. This is the default value.
$false: Users can only save regular email attachments locally.

Required: False
Position: Named
Default value: None
-SearchFoldersEnabled
The SearchFoldersEnabled parameter specifies whether Search Folders are available in Outlook on the web. Valid
values are:
$true: Search Folders are visible in Outlook on the Web. This is the default value.
$false: Search Folders aren't visible in Outlook on the Web.

Required: False
Position: Named
Default value: None
-SetPhotoEnabled
The SetPhotoEnabled parameter specifies whether users can add, change, and remove their sender photo in
$true: Users can manage their photos in Outlook on the web. This is the default value.
$false: Users can't manage their user photo in Outlook on the web.

Required: False
Position: Named
Default value: None
-SetPhotoURL
The SetPhotoURL parameter controls where users go to select their photo. Note that you can't specify a URL that
contains one or more picture files, as there is no mechanism to copy a URL photo to the properties of the users'
Exchange Online mailboxes.
Type: String
Required: False
Position: Named
Default value: None
-SignaturesEnabled
The SignaturesEnabled parameter specifies whether to enable or disable the use of signatures in Outlook on the
$true: Signatures are available in Outlook on the web. This is the default value.
$false: Signatures aren't available in Outlook on the web.

Required: False
Position: Named
Default value: None
-SilverlightEnabled
The SilverlightEnabled parameter specifies whether a user can use Microsoft Silverlight features in Outlook Web
App. Valid values are:
$true: Silverlight features are available in Outlook Web App. This is the default value.
$false: Silverlight features aren't available in Outlook Web App.

Required: False
Position: Named
Default value: None
-SkipCreateUnifiedGroupCustomSharepointClassification
The SkipCreateUnifiedGroupCustomSharepointClassification parameter specifies whether to skip a custom
SharePoint page during the creation of Office 365 Groups in Outlook web app. Valid values are:
$true: The custom SharePoint page is skipped when a user creates an Office 365 group in Outlook on the web.
$false: The custom SharePoint page is shown when a user creates an Office 365 group in Outlook on the web.

Required: False
Position: Named
Default value: None
-SMimeEnabled
The SMimeEnabled parameter specifies whether users can download the S/MIME control for Outlook Web App
and use it to read and compose signed and encrypted messages. Valid values are:
$true: Users can read and compose S/MIME signed and encrypted messages in Outlook Web App. This is the
default value.
$false: Users can't read or compose messages in Outlook Web App that are opaque-signed or encrypted by
using S/MIME. Messages that are clear-signed can be read but not composed, and their signatures aren't
validated.
Note: In Exchange 2013 or later, use the Get-SmimeConfig and Set-SmimeConfig cmdlets to configure the
S/MIME settings in Outlook on the web. For more information, see {S/MIME for message signing and encryption]
(https://technet.microsoft.com/library/dn626158.aspx).

Required: False
Position: Named
Default value: None
-SpellCheckerEnabled
The SpellCheckerEnabled parameter specifies whether to enable or disable the built-in Outlook Web App spell
checker in the full version of Outlook Web App. Valid values are:
$true: Spell checking is available in Outlook Web App. This is the default value.
$false: Spell checking isn't available in Outlook Web App.
Required: False
Position: Named
Default value: None
-TasksEnabled
The TasksEnabled parameter specifies whether Tasks folder is available in Outlook on the web. Valid values are:
$true: The Tasks folder is available in Outlook on the web. This is the default value.
$false: The Tasks folder isn't available in Outlook on the web.
This parameter doesn't apply to the light version of Outlook on the web.

Required: False
Position: Named
Default value: None
-TextMessagingEnabled
The TextMessagingEnabled parameter specifies whether users can send and receive text messages in Outlook on
$true: Text messaging is available in Outlook on the web. This is the default value.
$false: Text messaging isn't available in Outlook on the web.

Required: False
Position: Named
Default value: None
-ThemeSelectionEnabled
The ThemeSelectionEnabled parameter specifies whether users can change the theme in Outlook on the web. Valid
values are:
$true: Users can specify the theme in Outlook on the web. This is the default value.
$false: Users can't specify or change the theme in Outlook on the web.

Required: False
Position: Named
Default value: None
-ThirdPartyAttachmentsEnabled
To enable or disable third party attachments in Outlook on the web, use the ThirdPartyFileProvidersEnabled
parameter.

Required: False
Position: Named
Default value: False
-ThirdPartyFileProvidersEnabled
The ThirdPartyFileProvidersEnabled parameter specifies whether to allow third-party (for example, Box, Dropbox,
and Egnyte) attachments in Outlook on the web. Valid values are:
$true: Third-party attachments are enabled in Outlook on the web. Users can connect their third-party file
sharing accounts and share files over email.
$false: Third-party attachments are disabled in Outlook on the web. Users can't connect their third-party file
sharing accounts or share files over email. This is the default value.

Required: False
Position: Named
Default value: False
-UMIntegrationEnabled
The UMIntegrationEnabled parameter specifies whether Unified Messaging (UM ) integration is enabled in Outlook
$true: UM integration is enabled in Outlook on the web. This is the default value.
$false: UM integration is disabled in Outlook on the web.
This setting applies only if Unified Messaging has been enabled for a user (for example, bu using the Enable-
UMMailbox cmdlet).

Required: False
Position: Named
Default value: None
-UNCAccessOnPrivateComputersEnabled

Required: False
Position: Named
Default value: None
-UNCAccessOnPublicComputersEnabled

Required: False
Position: Named
Default value: None
-UseGB18030
The UseGB18030 parameter specifies whether to use the GB18030 character set instead of GB2312 in Outlook on
$true: GB18030 is used wherever GB2312 would have been used in Outlook on the web.
$false: GB2312 isn't replaced by GB18030 in Outlook on the web. This is the default value.

Required: False
Position: Named
Default value: None
-UseISO885915
The UseISO885915 parameter specifies whether to use the character set ISO8859-15 instead of ISO8859-1 in
$true: ISO8859-15 is used wherever ISO8859-1 would have been used in Outlook on the web.
$false: ISO8859-1 isn't replaced by GB18030 in Outlook on the web. This is the default value.

Required: False
Position: Named
Default value: None
-UserVoiceEnabled
The UserVoiceEnabled parameter specifies whether to enable or disable Outlook UserVoice in Outlook on the web.
Outlook UserVoice is a customer feedback area that's available in Office 365. Valid values are:
$true: Outlook UserVoice is enabled. This is the default value.
$false: Outlook UserVoice is disabled.

Required: False
Position: Named
Default value: None
-WacEditingEnabled
The WacEditingEnabled parameter specifies whether to enable or disable editing documents in Outlook on the web
by using Office Online Server (formerly known as Office Web Apps Server and Web Access Companion Server).
Valid values are:
$true: Users can edit supported documents in Outlook on the web. This is the default value.
$false: Users can't edit supported documents in Outlook on the web.

Required: False
Position: Named
Default value: None
-WacExternalServicesEnabled
The WacExternalServicesEnabled parameter specifies whether to enable or disable external services when viewing
documents in Outlook on the web (for example, machine translation) by using Office Online Server. Valid values
are:
$true: External services are enabled when viewing supported documents in Outlook on the web. This is the
default value.
$false: External services are disabled when viewing supported documents in Outlook on the web.

Required: False
Position: Named
Default value: None
-WacOMEXEnabled
The WacOMEXEnabled parameter specifies whether to enable or disable apps for Outlook in Outlook on the web
in Office Online Server. Valid values are:
$true: apps for Outlook are enabled in Outlook on the web.
$false: apps for Outlook are disabled in Outlook on the web. This is the default value.
Required: False
Position: Named
Default value: None
-WacViewingOnPrivateComputersEnabled
The WacViewingOnPrivateComputersEnabled parameter specifies whether to enable or disable web viewing of
supported Office documents private computer sessions in Office Online Server (formerly known as Office Web
Apps Server and Web Access Companion Server). By default, all Outlook on the web sessions are considered to be
on private computers. Valid values are:
$true: In private computer sessions, users can view supported Office documents in the web browser. This is the
default value.
$false: In private computer sessions, users can't view supported Office documents in the web browser. Users
can still open the file in a supported application or save the file locally.
private computers.

Required: False
Position: Named
Default value: None
-WacViewingOnPublicComputersEnabled
The WacViewingOnPublicComputersEnabled parameter specifies whether to enable or disable web viewing of
supported Office documents in public computer sessions in Office Online Server. Valid values are:
$true: In public computer sessions, users can view supported Office documents in the web browser. This is the
default value.
$false: In public computer sessions, users can't view supported Office documents in the web browser. Users can
still open the file in a supported application or save the file locally.

Required: False
Position: Named
Default value: None
-WeatherEnabled
The WeatherEnabled parameter specifies whether to enable or disable weather information in the calendar in
$true: Weather is enabled. This is the default value.
$false: Weather is disabled. This is the default value.

Required: False
Position: Named
Default value: None
-WebPartsFrameOptionsType
The WebPartsFrameOptionsType parameter specifies what sources can access web parts in IFRAME or FRAME
elements in Outlook on the web. Valid values are:
None: There are no restrictions on displaying Outlook on the web content in a frame.
SameOrigin: This is the default value and the recommended value. Display Outlook on the web content only in
a frame that has the same origin as the content.
Deny: Blocks display of Outlook on the web content in a frame, regardless of the origin of the site attempting to
access it.
Type: Deny | AllowFrom | None | SameOrigin

Required: False
Position: Named
Default value: None
-WebReadyDocumentViewingForAllSupportedTypes
This parameter is available only in Exchange Server 2010 and Exchange Server 2013.
The WebReadyDocumentViewingForAllSupportedTypes parameter specifies whether to enable WebReady
Document Viewing for all supported file and MIME types. Valid values are:
$true: All supported attachment types are available for WebReady Document Viewing. This is the default value.
$false: Only the attachment types that are specified by the WebReadyFileTypes and WebReadyMimeTypes
parameters are available for WebReady Document Viewing (you can remove values from the lists).

Required: False
Position: Named
Default value: None
-WebReadyDocumentViewingOnPrivateComputersEnabled
The WebReadyDocumentViewingOnPrivateComputersEnabled parameter specifies whether WebReady Document
Viewing is available in private computer sessions. Valid values are:
$true: WebReady Document Viewing is available in private computer sessions. This is the default value.
$false: WebReady Document Viewing isn't available in private computer sessions.
By default in Exchange 2013, all Outlook on the web sessions are considered to be on private computers.

Required: False
Position: Named
Default value: None
-WebReadyDocumentViewingOnPublicComputersEnabled
The WebReadyDocumentViewingOnPublicComputersEnabled parameter specifies whether WebReady Document
Viewing is in public computer sessions. Valid values are:
$true: WebReady Document Viewing is available for public computer sessions. This is the default value.
$false: WebReady Document Viewing isn't available for public computer sessions.

Required: False
Position: Named
Default value: None
-WebReadyDocumentViewingSupportedFileTypes
This is a read-only parameter that can't be modified; use the WebReadyFileTypes parameter instead.
Required: False
Position: Named
Default value: None
-WebReadyDocumentViewingSupportedMimeTypes
This is a read-only parameter that can't be modified; use the WebReadyMimeTypes parameter instead.
Required: False
Position: Named
Default value: None
-WebReadyFileTypes
The WebReadyFileTypes parameter specifies the attachment file types (file extensions) that can be viewed by
WebReady Document Viewing in Outlook on the web. The default value is all supported file types:
.doc
.docx
.dot
.pdf
.pps
.ppt
.pptx
.rtf
.xls
.xlsx
You can only remove or add values from within the list of supported file types (you can't add additional values).
This list is used only if the WebReadyDocumentViewingForAllSupportedTypes parameter is set to $false.
Otherwise, all supported file types are available in WebReady Document Viewing.
Required: False
Position: Named
Default value: None
-WebReadyMimeTypes
The WebReadyMimeTypes parameter specifies the MIME extensions of attachments that allow the attachments to
be viewed by WebReady Document Viewing in Outlook on the web. The default value is all supported MIME types:
application/msword
application/pdf
application/vnd.ms-excel
application/vnd.ms-powerpoint
application/vnd.openxmlformats-officedocument.presentationml.presentation
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
application/vnd.openxmlformats-officedocument.wordprocessingml.document
application/x-msexcel
application/x-mspowerpoint
Otherwise, all supported MIME types are available in WebReady Document Viewing.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-WSSAccessOnPrivateComputersEnabled

Required: False
Position: Named
Default value: None
-WSSAccessOnPublicComputersEnabled

Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-PopSettings
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-PopSettings cmdlet to modify the configuration
of the Microsoft Exchange POP3 service. This service exists on Exchange servers that have the Client Access server
role installed, and is used by POP3 clients to connect to Exchange. For information about the parameter sets in the
Syntax
Set-PopSettings [-AuthenticatedConnectionTimeout <EnhancedTimeSpan>] [-Banner <String>]
[-CalendarItemRetrievalOption <iCalendar | intranetUrl | InternetUrl | Custom>] [-Confirm]
[-DomainController <Fqdn>] [-EnableExactRFC822Size <$true | $false>]
[-EnableGSSAPIAndNTLMAuth <$true | $false>] [-EnforceCertificateErrors <$true | $false>]
[-ExtendedProtectionPolicy <None | Allow | Require>] [-ExternalConnectionSettings <MultiValuedProperty>]
[-InternalConnectionSettings <MultiValuedProperty>] [-LogFileLocation <String>]
[-LogFileRollOverSettings <Hourly | Daily | Weekly | Monthly>]
[-LoginType <PlainTextLogin | PlainTextAuthentication | SecureLogin>] [-LogPerFileSizeQuota <Unlimited>]
[-MaxCommandSize <Int32>] [-MaxConnectionFromSingleIP <Int32>] [-MaxConnections <Int32>]
[-MaxConnectionsPerUser <Int32>]
[-MessageRetrievalMimeFormat <TextOnly | HtmlOnly | HtmlAndTextAlternative | TextEnrichedOnly |
[-MessageRetrievalSortOrder <Ascending | Descending>] [-OwaServerUrl <Uri>]
[-PreAuthenticatedConnectionTimeout <EnhancedTimeSpan>] [-ProtocolLogEnabled <$true | $false>]
[-ProxyTargetPort <Int32>] [-Server <ServerIdParameter>] [-SSLBindings <MultiValuedProperty>]
[-SuppressReadReceipt <$true | $false>] [-UnencryptedOrTLSBindings <MultiValuedProperty>] [-WhatIf]
[-X509CertificateName <String>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-PopSettings -Server "MBX01" -UnencryptedOrTLSBindings 10.0.0.0:110
This example configures the unencrypted or STARTTLS encrypted POP3 connection to the server named MBX01
by using the local IP address 10.0.0.0 on TCP port 110.
-------------------------- Example 2 --------------------------
Set-PopSettings -ProtocolLogEnabled $true -LogFileLocation "C:\Pop3Logging"

This example turns on POP3 protocol logging. It also changes the POP3 protocol logging directory to
C:\Pop3Logging.
-------------------------- Example 3 --------------------------
Set-PopSettings -LogPerFileSizeQuota 2MB
This example changes the POP3 protocol logging to create a new log file when a log file reaches 2 megabytes
(MB ).
-------------------------- Example 4 --------------------------
Set-PopSettings -LogPerFileSizeQuota 0 -LogFileRollOverSettings Hourly
This example changes the POP3 protocol logging to create a new log file every hour.
-------------------------- Example 5 --------------------------
Set-PopSettings -X509CertificateName mail.contoso.com
This example specifies the certificate that contains mail.contoso.com is used to encrypt POP3 client connections.
Note: For single subject certificates or a SAN certificates, you also need to assign the certificate to the Exchange
POP service by using the Enable-ExchangeCertificate cmdlet. For wildcard certificates, you don't need to assign the
certificate to the Exchange POP service (you'll receive an error if you try).
Parameters
-AuthenticatedConnectionTimeout
The AuthenticatedConnectionTimeout parameter specifies the time to wait before closing an idle authenticated
connection.
seconds.
Valid values are 00:00:30 to 1:00:00. The default value is 00:30:00 (30 minutes).
Required: False
Position: Named
Default value: None
-Banner
The Banner parameter specifies the text string that's displayed to connecting POP3 clients. The default value is: The
Microsoft Exchange POP3 service is ready.
Type: String
Required: False
Position: Named
Default value: None
-CalendarItemRetrievalOption
The CalendarItemRetrievalOption parameter specifies how calendar items are presented to POP3 clients.. Valid
values are:
0 or iCalendar. This is the default value.
1 or IntranetUrl.
2 or InternetUrl.
3 or Custom.
If you specify 3 or Custom, you need to specify a value for the OwaServerUrl parameter.
Type: iCalendar | intranetUrl | InternetUrl | Custom

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-EnableExactRFC822Size
The EnableExactRFC822Size parameter specifies how message sizes are presented to POP3 clients. Valid values
are:
$true: Calculate the exact message size. Because this setting can negatively affect performance, you should
configure it only if it's required by your POP3 clients.
$false: Use an estimated message size. This is the default value.

Required: False
Position: Named
Default value: None
-EnableGSSAPIAndNTLMAuth
The EnableGSSAPIAndNTLMAuth parameter specifies whether connections can use Integrated Windows
authentication (NTLM ) by using the Generic Security Services application programming interface (GSSAPI). This
setting applies to connections where Transport Layer Security (TLS ) is disabled. Valid values are:
$true: NTLM for POP3 connections is enabled. This is the default value.
$false: NTLM for POP3 connections is disabled.

Required: False
Position: Named
Default value: None
-EnforceCertificateErrors
The EnforceCertificateErrors parameter specifies whether to enforce Secure Sockets Layer (SSL ) certificate
validation failures. Valid values are:
$true: If the certificate isn't valid or doesn't match the target POP3 server's FQDN, the connection attempt fails.
$false: The server doesn't deny POP3 connections based on certificate errors. This is the default value.

Required: False
Position: Named
Default value: None
-ExtendedProtectionPolicy
The ExtendedProtectionPolicy parameter specifies how Extended Protection for Authentication is used for POP3
connections. Valid values are:
None: Extended Protection for Authentication isn't used. This is the default value.
Allow: Extended Protection for Authentication is used only if it's supported by the incoming POP3 connection. If
it's not, Extended Protection for Authentication isn't used.
Require: Extended Protection for Authentication is required for all POP3 connections. If the incoming POP3
connection doesn't support it, the connection is rejected.
Extended Protection for Authentication enhances the protection and handling of credentials by Integrated Windows
authentication (also known as NTLM ), so we strongly recommend that you use it if it's supported by your clients
(default installations of Windows 7 or later and Windows Server 2008 R2 or later support it).

Required: False
Position: Named
Default value: None
-ExternalConnectionSettings
The ExternalConnectionSettings parameter specifies the host name, port, and encryption method that's used by
external POP3 clients (POP3 connections from outside your corporate network).
The default value is blank ($null), which means no external POP3 connection settings are configured.
Required: False
Position: Named
Default value: None
-InternalConnectionSettings
The InternalConnectionSettings parameter specifies the host name, port, and encryption method that's used by
internal POP3 clients (POP3 connections from inside your corporate network). This setting is also used when a
POP3 connection is forwarded to another Exchange server that's running the Microsoft Exchange POP3 service.
The default value is <ServerFQDN>:995:SSL,<ServerFQDN>:110:TLS.
Required: False
Position: Named
Default value: None
-LogFileLocation
The LogFileLocation parameter specifies the location for the POP3 protocol log files. The default location
is%ExchangeInstallPath%Logging\Pop3.
Type: String
Required: False
Position: Named
Default value: None
-LogFileRollOverSettings
The LogFileRollOverSettings parameter defines how frequently POP3 protocol logging creates a new log file. Valid
values are:
1 or Hourly.
2 or Daily. This is the default value.
3 or Weekly.
4 or Monthly.
This parameter is only meaningful when the LogPerFileSizeQuota parameter value is 0, and the
ProtocolLogEnabled parameter value is $true.
Type: Hourly | Daily | Weekly | Monthly

Required: False
Position: Named
Default value: None
-LoginType
The LoginType parameter specifies the authentication method for POP3 connections. Valid values are:
1 or PlainTextLogin.
2 or PlainTextAuthentication.
3 or SecureLogin. This is the default value.
Type: PlainTextLogin | PlainTextAuthentication | SecureLogin

Required: False
Position: Named
Default value: None
-LogPerFileSizeQuota
The LogPerFileSizeQuota parameter specifies the maximum size of a POP3 protocol log file.
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
The default value is 0, which means a new POP3 protocol log file is created at the frequency that's specified by the
LogFileRollOverSettings parameter.
Type: Unlimited
Required: False
Position: Named
Default value: None
-MaxCommandSize
The MaxCommandSize parameter specifies the maximum size in bytes of a single POP3 command. Valid values
are from 40 through 1024. The default value is 512.
Type: Int32
Required: False
Position: Named
Default value: None
-MaxConnectionFromSingleIP
The MaxConnectionFromSingleIP parameter specifies the maximum number of POP3 connections that are
accepted by the Exchange server from a single IP address. Valid values are from 1 through 2147483647. The
Type: Int32
Required: False
Position: Named
Default value: None
-MaxConnections
The MaxConnections parameter specifies the maximum number of POP3 connections that are accepted by the
Exchange server. Valid values are from 1 through 2147483647. The default value is 2147483647.
Type: Int32
Required: False
Position: Named
Default value: None
-MaxConnectionsPerUser
The MaxConnectionsPerUser parameter specifies the maximum number of POP3 connections that are allowed for
each user. Valid values are from 1 through 2147483647. The default value is 16.
Type: Int32
Required: False
Position: Named
Default value: None
-MessageRetrievalMimeFormat
The MessageRetrievalMimeFormat parameter specifies the MIME encoding of messages. Valid values are:
0 or TextOnly.
1 or HtmlOnly.
2 or HtmlAndTextAlternative.
3 or TextEnrichedOnly.
4 or TextEnrichedAndTextAlternative.
5 or BestBodyFormat. This is the default value.
6 or Tnef.
Required: False
Position: Named
Default value: None
-MessageRetrievalSortOrder
The MessageRetrievalSortOrder parameter specifies how retrieved messages are sorted. Valid values are:
0 or Ascending. This is the default value.
1 or Descending.
Type: Ascending | Descending

Required: False
Position: Named
Default value: None
-OwaServerUrl
The OwaServerUrl parameter specifies the URL that's used to retrieve calendar information for instances of custom
Outlook on the web calendar items.
Type: Uri
Required: False
Position: Named
Default value: None
-PreAuthenticatedConnectionTimeout
The PreAuthenticatedConnectionTimeout parameter specifies the time to wait before closing an idle POP3
connection that isn't authenticated.
seconds.
Valid values are from00:00:30 to 1:00:00. The default value is 00:01:00 (one minute).
Required: False
Position: Named
Default value: None
-ProtocolLogEnabled
The ProtocolLogEnabled parameter specifies whether to enable protocol logging for POP3. Valid values are:
$true: POP3 protocol logging is enabled.
$false: POP3 protocol logging is disabled. This is the default value.

Required: False
Position: Named
Default value: None
-ProxyTargetPort
The ProxyTargetPort parameter specifies the port on the Microsoft Exchange POP3 Backend service that listens for
client connections that are proxied from the Microsoft Exchange POP3 service. The default value is 1995.
Type: Int32
Required: False
Position: Named
Default value: None
-Server
Name
FQDN
Exchange Legacy DN
Required: False
Position: Named
Default value: None
-SSLBindings
The SSLBindings parameter specifies the IP address and TCP port that's used for an POP3 connection that's
always encrypted by SSL/TLS. This parameter uses the syntax <IPv4OrIPv6Address>:<Port>.
Required: False
Position: Named
Default value: None
-SuppressReadReceipt
The SuppressReadReceipt parameter specifies whether to stop duplicate read receipts from being sent to POP3
clients that have the Send read receipts for messages I send setting configured in their POP3 email program. Valid
values are:
$true: The sender receives a read receipt only when the recipient opens the message.
$false: The sender receives a read receipt when the recipient downloads the message, and when the recipient
opens the message. This is the default value.

Required: False
Position: Named
Default value: None
-UnencryptedOrTLSBindings
The UnencryptedOrTLSBindings parameter specifies the IP address and TCP port that's used for unencrypted
POP3 connections, or POP3 connections that are encrypted by using opportunistic TLS (STARTTLS ) after the
initial unencrypted protocol handshake. This parameter uses the syntax <IPv4OrIPv6Address>:<Port>.
The default value is [::]:110, 0.0.0.0:110.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-X509CertificateName
The X509CertificateName parameter specifies the certificate that's used for encrypting POP3 client connections.
A valid value for this parameter is the FQDN from the ExternalConnectionSettings or InternalConnectionSettings
parameters (for example, mail.contoso.com or mailbox01.contoso.com).
If you use a single subject certificate or a subject alternative name (SAN ) certificate, you also need to assign the
certificate to the Exchange POP service by using the Enable-ExchangeCertificate cmdlet.
If you use a wildcard certificate, you don't need to assign the certificate to the Exchange POP service.
Type: String
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-TextMessagingAccount
In ths Article
may be exclusive to one environment or the other. The Set-TextMessagingAccount cmdlet allows a user to
configure the text messaging settings on their own mailbox. An administrator can't use this cmdlet to configure the
text messaging settings on another user's mailbox. For information about the parameter sets in the Syntax section
Syntax
Set-TextMessagingAccount [-Identity] <MailboxIdParameter>
[-Confirm]
[-CountryRegionId <RegionInfo>]
[-MobileOperatorId <Int32>]
[-NotificationPhoneNumber <E164Number>]
Description
To clear the text messaging settings from your own mailbox, use the Clear-TextMessagingAccount parameter.
Examples
-------------------------- Example 1 --------------------------
Set-TextMessagingAccount -Identity 'JeffHay' -NotificationPhoneNumber 4255550100
This example sets the notification phone number for the text messaging account for Jeff Hay.
-------------------------- Example 2 --------------------------
Set-TextMessagingAccount -Identity 'JeffHay' -CountryRegionId US -MobileOperatorId 15001 -

NotificationPhoneNumber +14255550199
This example sets the region, mobile operator and notification phone number for the text messaging account for
Jeff Hay.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-CountryRegionId
The CountryRegionId parameter specifies the country that your mobile phone is registered in. Although this
parameter accepts any valid ISO 3166-1 alpha-2 country code value, the following values correspond to the
country selections that are available in the text messaging settings in Outlook on the web (formerly known as
Outlook Web App):
US
CA
RO
Type: RegionInfo
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the target mailbox. You can use any value that uniquely identifies the mailbox. For
example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-IgnoreDefaultScope
automatically.
accepted.
Required: False
Position: Named
Default value: None
-MobileOperatorId
The MobileOperatorId parameter specifies the mobile operator (carrier) for your phone. Although this parameter
accepts any random number, the following values correspond to the country and mobile operator selections that
are available in the text messaging settings in Outlook on the web (formerly known as Outlook Web App):
United States:
AT&T: 15001
Sprint PCS: 15004
T-Mobile: 15005
Verizon Wireless: 15006
Canada:
Bell: 17001
Telus Mobility: 17002
Romania:
Orange Romania: 18001
Type: Int32
Required: False
Position: Named
Default value: None
-NotificationPhoneNumber
The NotificationPhoneNumber parameter specifies the telephone number to use for your text messaging
notifications. This parameter uses the E.164 format: +<CountryCode><CompleteTelephoneNumber> (for
example, +15551234567).
Type: E164Number
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Test-CalendarConnectivity
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Test-CalendarConnectivity cmdlet to verify that
anonymous calendar sharing is enabled and working properly. The Calendar virtual directory is a subdirectory of
the Microsoft Outlook on the web virtual directories. When you run this command without any parameters, the
command tests calendar connectivity against all Outlook on the web virtual directories. Note : This cmdlet works
best in Exchange 2010. In Exchange 2013 or later, the functionality of this cmdlet has been replaced by Managed
Availability. For the best results, use the Invoke-MonitoringProbe cmdlet and specify the relevant active monitor
probe instead of using this cmdlet. For information about the parameter sets in the Syntax section below, see
Syntax
Test-CalendarConnectivity [[-ClientAccessServer] <ServerIdParameter>] [-Confirm] [-DomainController <Fqdn>]
[-LightMode] [-MailboxServer <ServerIdParameter>] [-MonitoringContext] [-ResetTestAccountCredentials]
[-TestType <Internal | External>] [-Timeout <UInt32>] [-TrustAnySSLCertificate]
[-VirtualDirectoryName <String>] [-WhatIf] [<CommonParameters>]
Description
The Test-CalendarConnectivity cmdlet tests anonymous calendar sharing by connecting to a specified Outlook on
the web virtual directory, to any Outlook on the web virtual directories on a specified Exchange server, or to any
Outlook on the web virtual directories that are available in the local Active Directory site.
The first time you use this cmdlet, you might be required to create a test user. To create a test user, run the following
command:
& $env:ExchangeInstallPath\Scripts\New -TestCasConnectivityUser.ps1
If the server hosting the test mailbox isn't available, the command returns an error that might not clearly identify
the problem. To avoid this, use the Test-MapiConnectivity cmdlet to verify that the server that hosts the test mailbox
is running and that the mailbox is available before you run this command.
The test results are displayed on-screen. The cmdlet returns the following information.
CasServer: The Exchange server that the client connected to.
LocalSite: The name of the local Active Directory site.
Scenario: The operations that are tested. Values are: Logon, CalendarICS and CalendarHTML.
Result: The values returned are typically Success, Skipped or Failure.
Latency(MS ): The time required to complete the test in milliseconds.
Error: Any error messages that were encountered.
You can write the results to a file by piping the output to ConvertTo-Html or ConvertTo-Csv and adding >
<filename> to the command. For example:
Test-CalendarConnectivity -ClientAccessServer MBX01 | ConvertTo-Html | Set-Content -Path "C:\My
Documents\Calendar Test.html"
Examples
-------------------------- Example 1 --------------------------
Test-CalendarConnectivity -ClientAccessServer MBX01
This example tests the anonymous calendar sharing for the server named MBX01.
Parameters
-ClientAccessServer
The ClientAccessServer parameter specifies the Exchange server to test. This server has the Client Access server
role installed, and is responsible for accepting client connections.
You can use any value that uniquely identifies the server. For example:
Name
ExchangeLegacyDN
GUID
Required: False
Position: 1
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-LightMode
This parameter isn't implemented for this diagnostic command. Using this parameter doesn't change the behavior
of this command.
Required: False
Position: Named
Default value: None
-MailboxServer
The MailboxServer parameter specifies the Exchange 2016 or Exchange 2013 Mailbox server that you want to test.
This parameter identifies the backend server that accepts proxied connections from the frontend server where
clients connect.
Name
ExchangeLegacyDN
GUID
If you don't use this parameter, connections to all Mailbox servers in the local Active Directory site are tested.
Required: False
Position: Named
Default value: None
-MonitoringContext
The MonitoringContext switch includes the associated monitoring events and performance counters in the results.
Typically, you include the monitoring events and performance counters in the results when the output is passed to
Microsoft System Center Operations Manager (SCOM ). You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-ResetTestAccountCredentials
The ResetTestAccountCredentials switch resets the password for the test account that's used to run this command.
The password for the test account is typically reset every seven days. Use this switch to force a password reset any
time it's required for security reasons.
Required: False
Position: Named
Default value: None
-TestType
The TestType parameter specifies whether the command tests internal or external URLs. Values are Internal and
External. The default value is Internal.
Type: Internal | External

Required: False
Position: Named
Default value: None
-Timeout
of this command.
Type: UInt32
Required: False
Position: Named
Default value: None
-TrustAnySSLCertificate
of this command.
Required: False
Position: Named
Default value: None
-VirtualDirectoryName
The VirtualDirectoryName parameter specifies the name of the Outlook on the web virtual directory that you want
to test. Enclose values that contain spaces in quotation marks (").
If you don't use this parameter, all available Outlook on the web virtual directories are tested.
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
may be exclusive to one environment or the other. Use the Test-ClientAccessRule cmdlet to test how client access
rules affect access to your organization. If any of the client properties you specify for this cmdlet match any client
access rules, the rules are returned in the results. For information about the parameter sets in the Syntax section
Syntax
-AuthenticationType <BasicAuthentication | NonBasicAuthentication | AdfsAuthentication |
CertificateBasedAuthentication | OAuthAuthentication>
-Protocol <ExchangeWebServices | RemotePowerShell | OutlookAnywhere | POP3 | IMAP4 | OutlookWebApp |
ExchangeAdminCenter | ExchangeActiveSync | OfflineAddressBook | PowerShellWebServices | REST> -RemoteAddress
<IPAddress> -RemotePort <Int32> -User <MailboxIdParameter> [-Confirm]
[-OAuthClaims <Hashtable>] [-WhatIf] [<CommonParameters>]
Description
Note: Currently, not all authentication types are supported for all protocols. The supported authentication types per
protocol are described in this list:
OutlookWebApp:BasicAuthentication and AdfsAuthentication.
ExchangeAdminCenter:BasicAuthentication and AdfsAuthentication.
RemotePowerShell:BasicAuthentication and NonBasicAuthentication.
ExchangeActiveSync:BasicAuthentication, OAuthAuthentication, and CertificateBasedAuthentication.
Examples
-------------------------- Example 1 --------------------------
Test-ClientAccessRule -AuthenticationType BasicAuthentication -Protocol OutlookWebApp -RemoteAddress

172.17.17.26 -RemotePort 443 -User julia@contoso.com
This example tests client access by using the following client properties:
Authentication type: Basic
Protocol:OutlookWebApp
Remote address: 172.17.17.26
Remote port: 443
User: julia@contoso.com
Parameters
-AuthenticationType
The AuthenticationType parameter specifies the client authentication type to test.
AdfsAuthentication
BasicAuthentication
OAuthAuthentication
In client access rules, authentication types are defined by the AnyOfAuthenticationTypes and
ExceptAnyOfAuthenticationTypes parameters.
Type: BasicAuthentication | NonBasicAuthentication | AdfsAuthentication | CertificateBasedAuthentication |

OAuthAuthentication
Required: True
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-OAuthClaims
The OAuthClaims parameter specifies the OAuth claims token of a middle-tier app.
Type: Hashtable
Required: False
Position: Named
Default value: None
-Protocol
The Protocol parameter specifies the client protocol to test.
ExchangeActiveSync
ExchangeAdminCenter
ExchangeWebServices
IMAP4
OfflineAddressBook
OutlookAnywhere
OutlookWebApp
POP3
RemotePowerShell
REST
In client access rules, protocol types are defined by the AnyOfProtocols and ExceptAnyOfProtocols parameters.
Type: ExchangeWebServices | RemotePowerShell | OutlookAnywhere | POP3 | IMAP4 | OutlookWebApp |

ExchangeAdminCenter | ExchangeActiveSync | OfflineAddressBook | PowerShellWebServices | REST
Required: True
Position: Named
Default value: None
-RemoteAddress
The RemoteAddress parameter specifies the client IP address to test. Valid input for this parameter is an IP address.
For example, 192.168.1.50.
In client access rules, IP addresses are defined by the AnyOfClientIPAddressesOrRanges and
ExceptAnyOfClientIPAddressesOrRanges parameters.
Type: IPAddress
Required: True
Position: Named
Default value: None
-RemotePort
The RemotePort parameter specifies the client TCP port to test. Valid input for this parameter is an integer from 1
to 65535.
Type: Int32
Required: True
Position: Named
Default value: None
-User
The User parameter specifies the user account to test. You can use any value that uniquely identifies the user. For
example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
In client access rules, users are defined by the UsernameMatchesAnyOfPatterns, UserRecipientFilter, and
ExceptUsernameMatchesAnyOfPatterns parameters.
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Test-EcpConnectivity
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Test-EcpConnectivity cmdlet to test connectivity to
Exchange Control Panel (ECP ) virtual directories. Note : This cmdlet works best in Exchange 2010. In Exchange
2013 or later, the functionality of this cmdlet has been replaced by Managed Availability. For the best results, use
the Invoke-MonitoringProbe cmdlet and specify the relevant active monitor probe instead of using this cmdlet. For
Syntax
Test-EcpConnectivity [[-ClientAccessServer] <ServerIdParameter>] [-Confirm] [-DomainController <Fqdn>]
[-LightMode] [-MailboxServer <ServerIdParameter>] [-MonitoringContext] [-ResetTestAccountCredentials]
[-RSTEndpoint <String>] [-TestType <Internal | External>] [-Timeout <UInt32>] [-TrustAnySSLCertificate]
[-VirtualDirectoryName <String>] [-WhatIf] [<CommonParameters>]
Description
The Test-EcpConnectivity cmdlet tests EAC connectivity by connecting to a specified EAC virtual directory, to any
EAC virtual directories on a specified Exchange server, or to any EAC virtual directories that are available in the
local Active Directory site.
command:
Scenario: The operations that are tested. Values are: Logon and Sign in.
Test-EcpConnectivity -ClientAccessServer MBX01 | ConvertTo-Html | Set-Content -Path "C:\My Documents\EAC
Test.html"
Examples
-------------------------- Example 1 --------------------------
Test-EcpConnectivity -ClientAccessServer Server01
This example tests user connectivity to the Exchange admin center on Server01.
Parameters
-ClientAccessServer
role installed and is responsible for accepting client connections.
Name
ExchangeLegacyDN
GUID
Required: False
Position: 1
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-LightMode
of this command.
Required: False
Position: Named
Default value: None
-MailboxServer
clients connect.
Name
ExchangeLegacyDN
GUID
Required: False
Position: Named
Default value: None
-MonitoringContext
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
-RSTEndpoint
Type: String
Required: False
Position: Named
Default value: None
-TestType

Required: False
Position: Named
Default value: None
-Timeout
The Timeout parameter specifies the amount of time, in seconds, to wait for the test operation to finish. The default
value for the Timeout parameter is 30 seconds. You must specify a time-out value greater than 0 seconds and less
than 1 hour (3,600 seconds). We recommend that you always configure this parameter with a value of 5 seconds or
more.
Type: UInt32
Required: False
Position: Named
Default value: None
The TrustAnySSLCertificate switch specifies whether to ignore Secure Sockets Layer (SSL ) certificate validation
failures. You don't need to specify a value with this switch.
This switch is useful for testing internal URLs, because a URL that has an associated certificate is typically an
external URL. This switch lets the task check an internal URL without generating an error when the certificate
doesn't match the URL.
Required: False
Position: Named
Default value: None
The VirtualDirectoryName parameter specifies the name of the EAC virtual directory that you want to test. Enclose
values that contain spaces in quotation marks (").
If you don't use this parameter, all available EAC virtual directories are tested.
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Test-ImapConnectivity
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Test-ImapConnectivity cmdlet to verify that
connectivity to the Microsoft Exchange IMAP4 service is working as expected. Note : This cmdlet works best in
Exchange 2010. In Exchange 2013 or later, the functionality of this cmdlet has been replaced by Managed
Availability. For the best results, use the Invoke-MonitoringProbe cmdlet and specify the relevant active monitor
probe instead of using this cmdlet. For information about the parameter sets in the Syntax section below, see
Syntax
Test-ImapConnectivity [[-ClientAccessServer] <ServerIdParameter>] [-Confirm]
[-ConnectionType <Plaintext | Tls | Ssl>] [-DomainController <Fqdn>] [-LightMode]
[-MailboxCredential <PSCredential>] [-MailboxServer <ServerIdParameter>] [-MonitoringContext]
[-PerConnectionTimeout <Int32>] [-PortClientAccessServer <Int32>] [-ResetTestAccountCredentials]
[-Timeout <UInt32>] [-TrustAnySSLCertificate] [-WhatIf] [<CommonParameters>]
Description
The Test-ImapConnectivity cmdlet tests IMAP4 connectivity by connecting to the specified mailbox, the specified
Exchange server, or all Exchange servers that are available in the local Active Directory site.
command:
Scenario: The operations that are tested. Test IMAP4 Connectivity connects to the server using the IMAP4
protocol, searches for the test message and deletes it along with any messages that are older than 24 hours.
Test-IMAPConnectivity -ClientAccessServer MBX01 | ConvertTo-Html | Set-Content -Path "C:\My
Documents\IMAP Test.html"
Important Note: In Exchange 2013 or later, when you run this command to test a single mailbox on an Exchange
server that isn't hosting the active mailbox database copy for the mailbox, you might see the following error
message:
Unable to create MailboxSession object to access the mailbox [user@consoto.com\]. Detailed error information:
[Microsoft.Exchange.Data.Storage.WrongServerException]: The user and the mailbox are in different Active
Directory sites. Inner error [Microsoft.Mapi.MapiExceptionMailboxInTransit]: MapiExceptionMailboxInTransit:
Detected site violation (hr=0x0, ec=1292)
When you receive this error, run the command again on the server that's hosting the active mailbox database copy
to verify that IMAP works for the mailbox.
Examples
-------------------------- Example 1 --------------------------
Test-ImapConnectivity -ClientAccessServer Contoso12 -MailboxCredential (Get-Credential contoso\kweku)
This example tests the client IMAP4 connectivity for the server named Contoso12 by using the credentials for the
user contoso\kweku.
-------------------------- Example 2 --------------------------
Test-ImapConnectivity -ClientAccessServer Contoso12
This example tests the client IMAP4 connectivity of the server named Contoso12 and tests all Exchange mailboxes.
Parameters
-ClientAccessServer
Name
ExchangeLegacyDN
GUID
Required: False
Position: 1
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-ConnectionType
The ConnectionType parameter specifies the type of connection that's used to connect to the IMAP4 service. Valid
values are:
Plaintext
Ssl
Tls
Type: Plaintext | Tls | Ssl

Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-LightMode
The LightMode switch tells the command to perform only a test logon to the server by using the IMAP4 protocol.
You don't need to specify a value with this switch.
If you don't use this switch, the command also tests sending and receiving a message using the IMAP4 protocol.
Required: False
Position: Named
Default value: None
-MailboxCredential
The MailboxCredential parameter specifies the mailbox credential to use for a single mailbox test.
Type: PSCredential
Required: False
Position: Named
Default value: None
-MailboxServer
clients connect.
Name
ExchangeLegacyDN
GUID
Required: False
Position: Named
Default value: None
-MonitoringContext
Required: False
Position: Named
Default value: None
-PerConnectionTimeout
The PerConnectionTimeout parameter specifies the amount of time, in seconds, to wait per connection for the test
operation to finish. Valid values are between 0 and 120 seconds. The default value is 120 seconds.
We recommend that you configure this parameter with a value of 5 seconds or more.
Type: Int32
Required: False
Position: Named
Default value: None
-PortClientAccessServer
The PortClientAccessServer parameter specifies the port to use to connect to the Client Access server. The default
port is 143 for IMAP4. The valid range is from 0 through 65,535.
Type: Int32
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
-Timeout
The Timeout parameter specifies the amount of time, in seconds, to wait for the test operation to finish. Valid values
are between 0 and 3600 seconds (1 hour). The default value is 180 seconds (3 minutes).
Type: UInt32
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Test-OutlookConnectivity
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Test-OutlookConnectivity cmdlet to test end-to-end
Microsoft Outlook client connectivity in the Microsoft Exchange organization. This includes testing for both
Outlook Anywhere (RPC over HTTP ) and MAPI over HTTP connections. For information about the parameter sets
Syntax
Test-OutlookConnectivity [-ProbeIdentity] <String> [-Credential <PSCredential>] [-Hostname <String>]
[-MailboxId <MailboxIdParameter>] [-RunFromServerId <ServerIdParameter>] [-TimeOutSeconds <String>]
Test-OutlookConnectivity [[-Identity] <MailboxIdParameter>] -Protocol <HTTP | TCP | WS>

[-Archive <$true | $false>]
[-Confirm]
[-MailboxCredential <PSCredential>]
[-MonitoringContext]
[-TotalTimeoutInMinutes <Int32>]
[-TrustAnySslCert]
Test-OutlookConnectivity [[-Identity] <MailboxIdParameter>] -GetDefaultsFromAutodiscover <$true | $false>

[-Confirm]
[-RpcAuthenticationType <Negotiate | NTLM | Kerberos>]
[-RpcClientAccessServer <ClientAccessServerIdParameter>]
[-RpcProxyAuthenticationType <Basic | NTLM | Negotiate>]
[-RpcProxyServer <ServerIdParameter>]
[-TrustAnySslCert]
Test-OutlookConnectivity [[-Identity] <MailboxIdParameter>] -RpcTestType <Array | Server>

[-Confirm]
[-RpcAuthenticationType <Negotiate | NTLM | Kerberos>]
[-RpcClientAccessServer <ClientAccessServerIdParameter>]
[-RpcProxyAuthenticationType <Basic | NTLM | Negotiate>]
[-RpcProxyTestType <External | Internal>]
[-TrustAnySslCert]
Test-OutlookConnectivity [[-Identity] <MailboxIdParameter>] -WSTestType <Unknown | Internal | External>
[-Confirm]
[-TrustAnySslCert]
Description
Running the Test-OutlookConnectivity cmdlet validates an Outlook connection defined by the provided
parameters. The command is able to validate a single mailbox.
The Test-OutlookConnectivity cmdlet runs the same process as the monitoring probes. The Microsoft Exchange
Health Manager (MSExchangeHM ) service must be running and have created the Outlook probes on the machine
that will be tested. You need to select one of the Outlook probe identities to run the test. Use the Get-
MonitoringItemIdentity (https://go.microsoft.com/fwlink/p/?LinkId=510841) cmdlet to see what probes are active.
This example lists the probes running in the backend services on a Mailbox server:
Get-MonitoringItemIdentity -Server MailboxServer1 -Identity outlook.protocol | ?{$_.Name -like '*probe'} .
This example lists the probes running in the client access services on a Mailbox server:
Get-MonitoringItemIdentity -Server MailboxServer1 -Identity outlook | ?{$_.Name -like '*probe'} .
For more information on probes and the monitoring framework, see Managed Availability
(https://go.microsoft.com/fwlink/p/?LinkId=510838), Managed Availability and Server Health
(https://go.microsoft.com/fwlink/p/?LinkId=510839), and Customizing Managed Availability
(https://go.microsoft.com/fwlink/p/?LinkId=510840)
By default, the cmdlet uses the test monitoring account attached to the specified probe. You may enter a different
mailbox instead via the MailboxId parameter. The options and results follow.
MailboxId and Credential are not specified: Generic connectivity test against a test mailbox using the system's
test credentials.
MailboxId is specified, Credential is not: Connectivity test to the specific mailbox using the system's test
credentials.
MailboxId and Credential are both specified: You get a connectivity test to the specific mailbox, and also a test
that the credentials provided are valid for that mailbox
Examples
-------------------------- Example 1 --------------------------
Test-OutlookConnectivity -ProbeIdentity OutlookMapiHttp.Protocol\OutlookMapiHttpSelfTestProbe
In Exchange 2013 or later, this example runs an MAPI over HTTP OutlookRpcSelfTestProbe on the Mailbox server
that you're currently connected to.
-------------------------- Example 2 --------------------------
Test-OutlookConnectivity "Outlook.Protocol\OutlookRpcDeepTestProbe\Mailbox Database 1234512345" -

RunFromServerId PrimaryMailbox -MailboxId johnd@contoso.com
In Exchange 2013 or later, this example runs the OutlookRpcDeepTestProbe from the "PrimaryMailbox" server for
the mailbox "johnd@contoso.com" mounted on "Mailbox Database 1234512345". Because the Credential
parameter is not specified, the probe will use the default testing credentials.
-------------------------- Example 3 --------------------------
Test-OutlookConnectivity -Protocol HTTP -GetDefaultsFromAutoDiscover $true
In Exchange 2010, this example tests the most common end-to-end Outlook connectivity scenario for Outlook
Anywhere. This includes testing for connectivity through the Autodiscover service, creating a user profile, and
logging on to the user mailbox. All of the required values are retrieved from the Autodiscover service. Because the
Identity parameter isn't specified, the command uses the temporary test user that you've created using the New -
TestCasConnectivityUser.ps1 script. This example command can be run to test TCP/IP connectivity by setting the
Protocol parameter to RPC.
-------------------------- Example 4 --------------------------
Test-OutlookConnectivity -RpcProxyTestType:Internal -RpcTestType:Server
In Exchange 2010, this example tests for Outlook Anywhere connectivity using the local server as the RpcProxy
endpoint as well as the RPC endpoint. Because the Identity parameter isn't specified, the command uses the
temporary test user that you've created using the New -TestCasConnectivityUser.ps1 script. Modify this example to
use the public external URL by setting the RpcProxyTestType parameter to External. Additionally, the example
command can use the Client Access server array as the RPC endpoint by setting the RpcTestType parameter to
Array. To only validate TCP/IP connectivity, omit the RpcProxyTestType parameter.
-------------------------- Example 5 --------------------------
Test-OutlookConnectivity -RpcProxyServer RpcProxySrv01 -RpcProxyAuthenticationType Basic -RpcClientAccessServer

CAS01 -RpcAuthenticationType NTLM
In Exchange 2010, this example validates Outlook connectivity through RpcProxy on one server to a different
server running the Client Access server role with Basic for the outer authentication layer and NTLM for the inner
authentication layer. Using these parameters should allow you to validate most types of Outlook connectivity
configurations. This command can also be used with the GetDefaultsFromAutoDiscover parameter set to $true if
you only need to override one or two parameters. This following command is similar to running a connectivity test
using the RPC Ping utility but provides stronger validation.
Parameters
-Archive
The Archive parameter specifies whether tests should be performed to connect to the user's on-premises archive
mailbox. Valid values are:
$true: Connect to the user's on-premises archive mailbox.
$false: Don't connect to the user's on-premises mailbox. This is the default value.

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Credential
The Credential parameter specifies the credential used by the probe. The system's test credentials are used by
default
Type: PSCredential
Required: False
Position: Named
Default value: None
-GetDefaultsFromAutodiscover
The GetDefaultsFromAutodiscover parameter specifies whether to get default values for all of the other parameters
for the command from the Autodiscover service settings. If you run the command specifying values for other
parameters, those values override the default values from the Autodiscover service. The default value for this
parameter is $true.
Required: True
Position: Named
Default value: None
-Hostname
TheHostname parameter specifies the protocol endpoint target of the probe. You can use a specific Mailbox server
or route through Distributed Name Service server.
Type: String
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies a target user mailbox. You can use any value that uniquely identifies the mailbox.
For example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
If you don't use this parameter, the command looks for a test user in Active Directory that you previously created by
using the New -TestCasConnectivityUser.ps1 script.
Required: False
Position: 1
Default value: None
-MailboxCredential
The MailboxCredential parameter specifies certain credentials to allow logon access to a user's mailbox. Use the
parameter along with the Identity parameter to access a user's mailbox when you don't have access permissions.
Type: PSCredential
Required: False
Position: Named
Default value: None
-MailboxId
The MailboxID parameter specifies the target mailbox.
In Exchange 2013 or later, the Identity parameter specifies a target user mailbox. You can use any value that
uniquely identifies the mailbox. For example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
If you don't use this parameter, the command uses the test account.
Required: False
Position: Named
Default value: None
-MonitoringContext
The MonitoringContext switch specifies whether the command returns additional information that can be used with
Microsoft System Center Operations Manager. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-ProbeIdentity
The ProbeIdentity parameter specifies the probe to use. Valid values are:
Outlook Anywhere (RPC over HTTP ) probes:
Outlook.Protocol\OutlookRpcSelfTestProbe: Validates that the RPC/HTTP endpoint is able to receive traffic on
the Mailbox server. It does not attempt to log in to a mailbox. It is a high level check of connectivity.
Outlook.Protocol\OutlookRpcDeepTestProbe: Validates that the RPC/HTTP endpoint is working on the Mailbox
server. It will attempt to connect to and log in to the mailbox. Since no database is specified, it will attempt to
connect to the first database returned by the Get-MailboxDatabase cmdlet.
Outlook.Protocol\OutlookRpcDeepTestProbe<Case-sensitive Mailbox Database Name>: Validates that the
RPC/HTTP endpoint is working on the Mailbox Server. It will attempt to connect to and log in to the mailbox in
the specified mailbox database. If the mailbox database name contains spaces, enclose the entire value in
quotation marks (for example, "Outlook.Protocol\OutlookRpcDeepTestProbe\Mailbox Database 0352791530").
MAPI over HTTP probes:
OutlookMapiHttp.Protocol\OutlookMapiHttpSelfTestProbe: Validates that the MAPI/HTTP endpoint is able to
receive traffic on the Mailbox server. It does not attempt to log in to a mailbox. It is a high level check of
connectivity.
OutlookMapiHttp.Protocol\OutlookMapiHttpDeepTestProbe: Validates that the MAPI/HTTP endpoint is
working on the Mailbox server. It will attempt to connect and log in to the mailbox. Since no database is
specified, it will attempt to connect to the first database returned by the Get-MailboxDatabase cmdlet.
OutlookMapiHttp.Protocol\OutlookRpcDeepTestProbe<Case-sensitive Mailbox Database Name>: Validates
that the MAPI/HTTP endpoint is working on the Mailbox Server. It will attempt to connect and log in to the
mailbox in the specified database. If the mailbox database name contains spaces, enclose the entire value in
quotation marks (for example, "Outlook.Protocol\OutlookRpcDeepTestProbe\Mailbox Database 0352791530").
Type: String
Required: True
Position: 1
Default value: None
-Protocol
The Protocol parameter specifies whether to test for Outlook Anywhere connectivity or directly test for RPC or
TCP/IP connectivity. The value is either HTTP or TCP.
Type: HTTP | TCP | WS
Required: True
Position: Named
Default value: None
-RpcAuthenticationType
The RpcAuthenticationType parameter specifies the authentication setting to test for the RPC layer. Using this
parameter is helpful if a different authentication type is set at the RPC proxy virtual directory. You can use the
following values:
NTLM
Kerberos
Negotiate
The default value is Negotiate.
Type: Negotiate | NTLM | Kerberos

Required: False
Position: Named
Default value: None
-RpcClientAccessServer
The RpcClientAccessServer parameter specifies the target server with the Client Access server role installed that
you want to test. This can be a server fully qualified domain name (FQDN ) or a GUID.
Type: ClientAccessServerIdParameter
Required: False
Position: Named
Default value: None
-RpcProxyAuthenticationType
The RpcProxyAuthenticationType parameter specifies the authentication setting for the RPC Proxy endpoint. The
value can be specified as Basic, NTLM, or Negotiate. There is no default value unless used with the
GetDefaultsFromAutodiscover parameter.
Type: Basic | NTLM | Negotiate

Required: False
Position: Named
Default value: None
-RpcProxyServer
The RpcProxyServer parameter specifies whether to set the target RpcProxy server for testing. This parameter can
be used when the RpcProxy server is different from the Client Access server.
Required: False
Position: Named
Default value: None
-RpcProxyTestType
The RpcProxyTestType parameter specifies which HTTP endpoint the command should connect to. Valid values are:
Internal: Refers to the local computer name (https://<localcomputername>, for example, httpS://CAS01).
External: Refers to a public namespace (the external HTTP URL on the /rpc virtual directory, for example,
https://mail.contoso.com).
Type: External | Internal

Required: False
Position: Named
Default value: None
-RpcTestType
The RpcTestType parameter specifies which type of RPC endpoint the command should test. Valid values are:
Server: The command uses the local server as the RPC endpoint.
Array: The command looks for a ClientAccessArray object in the local Active Directory site.
Type: Array | Server

Required: True
Position: Named
Default value: None
-RunFromServerId
The RunFromServerID parameter specifies the server on which the probe should be run.
Required: False
Position: Named
Default value: None
-TimeOutSeconds
The TimeOutSeconds parameter specifies the timeout period in seconds before the probe is ended. The default
value is 30 seconds. The digits can be entered with or with the use of quotation marks. Either 10 or "10" will work.
Any input error will default back to 30 seconds.
Type: String
Required: False
Position: Named
Default value: None
-TotalTimeoutInMinutes
The TotalTimeoutInMinutes parameter specifies the time limit, in minutes, for the command to wait for test results
before ending the request. The default value is two minutes.
Type: Int32
Required: False
Position: Named
Default value: None
-TrustAnySslCert
The TrustAnySslCert switch specifies whether to ignore any Secure Sockets Layer (SSL ) certificate warnings. You
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-WSTestType
The WSTestType parameter specifies type of servers that you want to include in your Outlook connectivity test. You
Unknown (This is the default value.)
Internal
External
Type: Unknown | Internal | External

Required: True
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Test-OutlookWebServices
In ths Article
This cmdlet is available only in Exchange Server 2010. Use the Test-OutlookWebServices cmdlet to verify the
Autodiscover service settings for Microsoft Outlook on a computer running Microsoft Exchange Server 2010 that
has the Client Access server role installed. For information about the parameter sets in the Syntax section below,
Syntax
Test-OutlookWebServices [[-Identity] <RecipientIdParameter>]
[-ClientAccessServer <ClientAccessServerIdParameter>] [-Confirm] [-DomainController <Fqdn>]
[-MonitoringContext <$true | $false>] [-TargetAddress <RecipientIdParameter[]>] [-WhatIf] [<CommonParameters>]
Description
The Test-OutlookWebServices cmdlet uses a specified address to verify that the Outlook provider is configured
correctly.
Examples
-------------------------- Example 1 --------------------------
Test-OutlookWebServices -Identity:holly@contoso.com
This example verifies the service information that's returned to the Outlook client from the Autodiscover service for
the user holly@contoso.com. The code example verifies information for the following services:
Availability service
Outlook Anywhere
Offline address book
Unified Messaging
The example tests for a connection to each service. The example also submits a request to the Availability service
for the user holly@contoso.com to determine whether the user's free/busy information is being returned correctly
from the Client Access server to the Outlook client.
Parameters
-ClientAccessServer
The ClientAccessServer parameter specifies the Client Access server that the client accesses.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies any valid address in the forest. If you specify this parameter, incorrectly formed
addresses and addresses that are outside the forest are rejected. This address is used to test the Outlook provider.
This property accepts the domain and username in the domain\username format or an Active Directory GUID and
resolves them to the SMTP address that's needed to authenticate.
Type: RecipientIdParameter
Required: False
Position: 1
Default value: None
-MonitoringContext
The MonitoringContext parameter specifies whether the results of the command include monitoring events and
performance counters. The two possible values for this parameter are $true or $false. If you specify $true, the
results include monitoring events and performance counters, in addition to information about the MAPI
transaction.

Required: False
Position: Named
Default value: None
-TargetAddress
The TargetAddress parameter specifies the recipient that's used to test whether Availability service data can be
retrieved.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Test-OwaConnectivity
In ths Article
This cmdlet is available only in Exchange Server 2010. Use the Test-OwaConnectivity cmdlet to verify that
Microsoft Office Outlook Web App is running as expected. The Test-OwaConnectivity cmdlet can be used to test
Outlook Web App connectivity for all Microsoft Exchange Server 2010 virtual directories on a specified Client
Access server for all mailboxes on servers running Exchange that are in the same Active Directory site. The Test-
OwaConnectivity cmdlet can also be used to test the connectivity for an individual Exchange Outlook Web App
URL. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Test-OwaConnectivity [-URL] <String> -MailboxCredential <PSCredential>
[-AllowUnsecureAccess]
[-Confirm]
[-LightMode]
[-ResetTestAccountCredentials]
[-Timeout <UInt32>]
[-TrustAnySSLCertificate]
Test-OwaConnectivity [[-ClientAccessServer] <ServerIdParameter>] [-MailboxServer <ServerIdParameter>] [-

MonitoringContext] [-RSTEndpoint <String>] [-TestType <Internal | External>] [-VirtualDirectoryName <String>]
[-AllowUnsecureAccess]
[-Confirm]
[-LightMode]
[-Timeout <UInt32>]
Description
The Test-OwaConnectivity cmdlet tests the connectivity of all Exchange Outlook Web App virtual directories on a
Client Access server or tests connectivity of a single Exchange Outlook Web App URL.
To test all Exchange Outlook Web App virtual directories on a Client Access server, there must be a test Active
Directory account. There must also be a test mailbox in each Active Directory site that hosts mailboxes that can be
accessed through the virtual directories being tested. If the test environment wasn't created during the Mailbox
server setup, you are prompted to run the script that creates the test mailboxes and test users when you run the
Test-OwaConnectivity cmdlet.
If the server hosting the test mailbox isn't available, the Test-OwaConnectivity cmdlet returns an error that might
not clearly identify the problem. To avoid this, check that the server that hosts the test mailbox is running and that
the mailbox is available before you run the Test-OwaConnectivity cmdlet. You can use the Test-MapiConnectivity
cmdlet to do this.
If you run the Test-OwaConnectivity cmdlet on a Client Access server without using either the ClientAccessServer
parameter or the URL parameter, the cmdlet tests the server on which you run the cmdlet. To test a specific Client
Access server, use the ClientAccessServer parameter.
To test a single URL, run the Test-OwaConnectivity cmdlet with the URL parameter and credentials for an existing
Exchange mailbox. If the URL is behind a load balancer, you can't predict which Client Access server the command
will test. Because credentials are required as part of the parameters when you use the URL parameter, you can use
any account to run the Test-OwaConnectivity cmdlet when you use the URL parameter.
If the command encounters a virtual directory that doesn't require Secure Sockets Layer (SSL ), the command skips
that directory unless the AllowUnsecureAccess parameter is used. If the AllowUnsecureAccess parameter is used,
communications between servers are sent in clear text for purposes of the test.
The Test-OwaConnectivity cmdlet can be run as a one-time interactive task or as a scheduled task under Microsoft
System Center Operations Manager 2007 control. To run the Test-OwaConnectivity cmdlet as a System Center
Operations Manager 2007 task, the Client Access test mailbox must be available on the Mailbox servers that the
cmdlet tests against.
Examples
-------------------------- Example 1 --------------------------
Test-OwaConnectivity -URL:https://mail.contoso.com/owa -MailboxCredential:(get-credential contoso\kweku)
This example tests the connectivity for the URL https://mail.contoso.com/owa using the credentials for the user
contoso\kweku.
-------------------------- Example 2 --------------------------
Test-OwaConnectivity -ClientAccessServer:Contoso12 -AllowUnsecureAccess
This example tests the connectivity of a specific Client Access server Contoso12 and tests all Exchange Outlook
Web App virtual directories that support Exchange mailboxes. These include the virtual directories that don't
require SSL.
Parameters
-AllowUnsecureAccess
The AllowUnsecureAccess parameter specifies whether virtual directories that don't require SSL are tested. If the
AllowUnsecureAccess parameter is included, it enables virtual directories that don't require SSL to be tested. If this
parameter isn't included, the command skips virtual directories that don't require SSL, and an error is generated.
Required: False
Position: Named
Default value: None
-ClientAccessServer
The ClientAccessServer parameter specifies the name of the Client Access server to test. If this parameter is
included, all Exchange Outlook Web App virtual directories on the Client Access server are tested against all
Exchange Mailbox servers in the local Active Directory site.
Don't use this parameter with the URL parameter.
Required: False
Position: 1
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-LightMode
The LightMode parameter isn't implemented for this diagnostic command. Using this parameter doesn't change
the behavior of the command.
This parameter is implemented for other Exchange diagnostic commands where it's used to run a less intensive
version of a command.
Required: False
Position: Named
Default value: None
-MailboxCredential
The MailboxCredential parameter specifies the mailbox credential for a single URL test.
The MailboxCredential parameter is required only when using the URL parameter.
Type: PSCredential
Required: True
Position: Named
Default value: None
-MailboxServer
The MailboxServer parameter specifies the name of the Mailbox server to test. If not specified, all Mailbox servers
in the local Active Directory site are tested.
Required: False
Position: Named
Default value: None
-MonitoringContext
The MonitoringContext parameter shows you what information is returned to System Center Operations Manager
2007. When Operations Manager 2007 executes the Test-OwaConnectivity cmdlet, it requires additional
information to be returned. By setting this parameter to $true, you can see exactly what would be returned to
Operations Manager 2007. This parameter is informational only and has no effect on Operations Manager 2007.
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
-RSTEndpoint
Type: String
Required: False
Position: Named
Default value: None
-TestType
External. You can't use this parameter with the URL parameter. When neither the TestType parameter nor the URL
parameter is specified, the default is TestType:Internal.

Required: False
Position: Named
Default value: None
-Timeout
value for the Timeout parameter is 30 seconds. You must specify a time-out value greater than 0 seconds and less
than 1 hour (3,600 seconds). We recommend that you always configure this parameter with a value of 5 seconds or
more.
Type: UInt32
Required: False
Position: Named
Default value: None
The TrustAnySSLCertificate parameter specifies whether to check an internal URL without generating an SSL
certificate validation error. The TrustAnySSLCertificate parameter allows SSL certificate validation failures to not be
reported. This is useful for testing internal URLs because Internet Information Services (IIS ) doesn't support
assigning multiple certificates for a single virtual directory. If a directory has different URLs for internal and
external access and has a certificate, that certificate is usually for the external URL. This parameter lets the task
check an internal URL without generating an error when the certificate doesn't match the URL.
Required: False
Position: Named
Default value: None
-URL
The URL parameter specifies the URL to test. This parameter is required only when you want to test a single
Outlook Web App URL.
If this parameter is used, the MailboxCredential parameter is also required.
You can't use the URL parameter with the TestType or ClientAccessServer parameters.
Type: String
Required: True
Position: 1
Default value: None
The VirtualDirectoryName parameter specifies the name of the virtual directory to test on a particular Client
Access server. If this parameter isn't included, all Exchange Outlook Web App virtual directories that support
Exchange mailboxes are tested.
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
(https://go.microsoft.com/fwlink/p/?LinkId=2081749). If the Input Type field for a cmdlet is blank, the cmdlet
doesn't accept input data.
Outputs
Related Links
Online Version
Test-PopConnectivity
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Test-PopConnectivity cmdlet to verify that the
Microsoft Exchange POP3 service is working as expected. Note : This cmdlet works best in Exchange 2010. In
Exchange 2013 or later, the functionality of this cmdlet has been replaced by Managed Availability. For the best
results, use the Invoke-MonitoringProbe cmdlet and specify the relevant active monitor probe instead of using this
cmdlet. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Test-PopConnectivity [[-ClientAccessServer] <ServerIdParameter>] [-Confirm]
[-ConnectionType <Plaintext | Tls | Ssl>] [-DomainController <Fqdn>] [-LightMode]
[-MailboxCredential <PSCredential>] [-MailboxServer <ServerIdParameter>] [-MonitoringContext]
[-PerConnectionTimeout <Int32>] [-PortClientAccessServer <Int32>] [-ResetTestAccountCredentials]
[-Timeout <UInt32>] [-TrustAnySSLCertificate] [-WhatIf] [<CommonParameters>]
Description
The Test-PopConnectivity cmdlet tests POP3 connectivity by connecting to a specified mailbox, a specified
Exchange server, or all Exchange servers that are available in the local Active Directory site.
command:
Scenario: The operations that are tested. Test POP3 Connectivity connects to the server using the POP3
protocol, searches for the test message, and deletes the test message.
Test-PopConnectivity -ClientAccessServer MBX01 | ConvertTo-Html | Set-Content -Path "C:\My Documents\POP
Test.html"
Examples
-------------------------- Example 1 --------------------------
Test-PopConnectivity -ClientAccessServer Contoso12 -MailboxCredential (Get-Credential contoso\kweku)
This example tests the client POP3 connectivity for the server named Contoso12 by using the credentials for the
user contoso\kweku.
-------------------------- Example 2 --------------------------
Test-PopConnectivity -ClientAccessServer Contoso12
This example tests the client POP3 connectivity of the specific server named Contoso12 and tests all Exchange
mailboxes.
Parameters
-ClientAccessServer
Name
ExchangeLegacyDN
GUID
Required: False
Position: 1
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-ConnectionType
The ConnectionType parameter specifies the type of connection that's used to connect to the POP3 service. Valid
values are:
Plaintext
Ssl
Tls
Type: Plaintext | Tls | Ssl

Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-LightMode
The LightMode switch tells the command to perform only a test logon to the server by using the POP3 protocol.
If you don't use this switch, the command also tests receiving a message using the POP3 protocol.
Required: False
Position: Named
Default value: None
-MailboxCredential
Type: PSCredential
Required: False
Position: Named
Default value: None
-MailboxServer
clients connect.
Name
ExchangeLegacyDN
GUID
Required: False
Position: Named
Default value: None
-MonitoringContext
Required: False
Position: Named
Default value: None
The PerConnectionTimeout parameter specifies the amount of time, in seconds, to wait per connection for the test
operation to finish. Valid values are between 0 and 120 seconds. The default value is 120 seconds.
Type: Int32
Required: False
Position: Named
Default value: None
-PortClientAccessServer
The PortClientAccessServer parameter specifies the port to use to connect to the Client Access server. The default
port is 110 for POP3. The valid range is from 0 through 65,535.
Type: Int32
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
-Timeout
The Timeout parameter specifies the amount of time, in seconds, to wait for the test operation to finish. Valid values
are between 0 and 3600 seconds (1 hour). The default value is 180 seconds (3 minutes).
Type: UInt32
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Test-PowerShellConnectivity
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Test-PowerShellConnectivity cmdlet to test client
connectivity to Exchange remote PowerShell virtual directories. Note : This cmdlet works best in Exchange 2010. In
Syntax
Test-PowerShellConnectivity -ConnectionUri <Uri> -TestCredential <PSCredential>
[-Authentication <Default | Basic | Negotiate | NegotiateWithImplicitCredential | Credssp | Digest |
Kerberos>]
[-Confirm]
[-MailboxServer <ServerIdParameter>]
Test-PowerShellConnectivity [[-ClientAccessServer] <ServerIdParameter>] [-TestType <Internal | External>] [-

VirtualDirectoryName <String>]
[-Authentication <Default | Basic | Negotiate | NegotiateWithImplicitCredential | Credssp | Digest |
Kerberos>]
[-Confirm]
Description
The Test-PowerShellConnectivity cmdlet tests Exchange remote PowerShell connectivity by connecting to a
specified remote PowerShell virtual directory, to any remote PowerShell virtual directories on a specified Exchange
server, or to any remote PowerShell virtual directories that are available in the local Active Directory site.
command:
Scenario: The operations that are tested. Values are: Logon User.
Test-PowerShellConnectivity -ClientAccessServer MBX01 | ConvertTo-Html | Set-Content -Path "C:\My
Documents\PowerShell Test.html"
Examples
-------------------------- Example 1 --------------------------
Test-PowerShellConnectivity -ClientAccessServer MBX2 -VirtualDirectoryName "PowerShell (Default Web Site)" -

TrustAnySSLCertificate
This example tests the PowerShell (Default Web Site) virtual directory on the MBX2 server. The
TrustAnySSLCertificate switch is used to skip the certificate check during connection.
-------------------------- Example 2 --------------------------
$UserCredentials = Get-Credential; Test-PowerShellConnectivity -ConnectionUri https://contoso.com/powershell -

TestCredential $UserCredentials -Authentication Basic
This example tests the remote PowerShell virtual directory that's available at https://contoso.com/powershell. A
mismatch between the SSL certificate and the URL isn't expected, so the TrustAnySSLCertificate switch isn't used.
The virtual directory is configured to use Basic authentication.
The credentials that are used to connect to the virtual directory are stored in the $UserCredentials variable. The test
is then run as previously described.
Parameters
-Authentication
The Authentication parameter specifies the type of authentication that's used to connect. Valid values are:
Default
Basic
Credssp
Digest
Kerberos
Negotiate
Type: Default | Basic | Negotiate | NegotiateWithImplicitCredential | Credssp | Digest | Kerberos

Required: False
Position: Named
Default value: None
-ClientAccessServer
Name
ExchangeLegacyDN
GUID
You can't use this parameter with the ConnectionUri parameter.
Required: False
Position: 1
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-ConnectionUri
The ConnectionUri parameter specifies the URL of the remote PowerShell virtual directory to test, for example,
https://contoso.com/powershell.
You can't use this parameter with the ClientAccessServer parameter.
Type: Uri
Required: True
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-MailboxServer
clients connect.
Name
ExchangeLegacyDN
GUID
Required: False
Position: Named
Default value: None
-MonitoringContext
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
-TestCredential
The TestCredential parameter specifies the credentials to use for the test.
You can only use this parameter with the ConnectionUri parameter.
Type: PSCredential
Required: True
Position: Named
Default value: None
-TestType
You can only use this parameter with the ClientAccessServer parameter.

Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
The VirtualDirectoryName parameter specifies the name of the remote PowerShell virtual directory that you want
to test. Enclose values that contain spaces in quotation marks (").
You can only use this parameter with the ClientAccessServer parameter. If you don't use this parameter, all available
remote PowerShell virtual directories on the server are tested.
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Test-WebServicesConnectivity
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Test-WebServicesConnectivity cmdlet to test client
connectivity to Exchange Web Services virtual directories. Note : This cmdlet works best in Exchange 2010. In
Syntax
Test-WebServicesConnectivity [[-ClientAccessServer] <ServerIdParameter>] [-AllowUnsecureAccess]
[-Confirm]
[-LightMode]
[-Timeout <UInt32>]
[-UseAutodiscoverForClientAccessServer]
Test-WebServicesConnectivity -AutoDiscoverServer <ClientAccessServerIdParameter>

[-Confirm]
[[-Identity] <MailboxIdParameter>]
[-LightMode]
Test-WebServicesConnectivity [[-Identity] <MailboxIdParameter>] [-MonitoringContext]

[-Confirm]
[-LightMode]
Test-WebServicesConnectivity [[-Identity] <MailboxIdParameter>] [-ClientAccessServer

<ClientAccessServerIdParameter>]
[-Confirm]
[-LightMode]
Description
The Test-WebServicesConnectivity cmdlet tests Exchange Web Services connectivity by connecting to a specified
Exchange Web Services virtual directory, to any Exchange Web Services virtual directories on a specified Exchange
server, or to any Exchange Web Services virtual directories that are available in the local Active Directory site.
command:
Source: Source server.
ServiceEndpoint: Destination server.
Scenario: The operations that are tested. Values are Autodiscover: SOAP Provider and EWS: GetFolder (full
mode) or EWS: ConvertID (light mode).
Result: The values returned are typically Success or *FAILURE*.
Latency(MS ): The time required to complete the test in milliseconds
Test-WebServicesConnectivity -ClientAccessServer MBX01 | ConvertTo-Html | Set-Content -Path "C:\My
Documents\EWS Test.html"
Examples
-------------------------- Example 1 --------------------------
Test-WebServicesConnectivity -AllowUnsecureAccess
In Exchange 2010, this example tests Exchange Web Services on the local Client Access server and allows the test
to use an unsecured connection that doesn't require SSL. A default test account is used.
-------------------------- Example 2 --------------------------
Test-WebServicesConnectivity -ClientAccessServer MBX01
This example tests the client connection to Exchange Web Services on the server named MBX01.
Parameters
The AllowUnsecureAccess switch specifies whether to enable the command to continue to run over an unsecured
channel that doesn't require Secure Sockets Layer (SSL ).
Required: False
Position: Named
Default value: None
-AutoDiscoverServer
The AutoDiscoverServer parameter specifies the server with the Client Access server role installed that's used for
Autodiscover.
Name (for example, Exchange01)
Distinguished name (DN ) (for example, CN=Exchange01,CN=Servers,CN=Exchange Administrative Group
(FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=contoso,DC=com)
Exchange Legacy DN (for example, /o=First Organization/ou=Exchange Administrative Group
(FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=Exchange01)
GUID (for example, bc014a0d-1509-4ecc-b569-f077eec54942)

Required: True
Position: Named
Default value: None
-ClientAccessServer
Name
ExchangeLegacyDN
GUID
You can't use this parameter with the AutoDiscoverServer parameter.
Required: False
Position: 1
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox to use for the test. You can use any value that uniquely identifies the
mailbox. For example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
When you use this parameter, you also need to use the MailboxCredential parameter.
Required: False
Position: 1
Default value: None
-LightMode
The LightMode switch tells the command to perform only a subset of the tests. You don't need to specify a value
with this switch.
When you use this switch, the EWS: ConvertId test is run instead of the EWS: GetFolder test.
Required: False
Position: Named
Default value: None
-MailboxCredential
This parameter is required when you use the Identity parameter.
Type: PSCredential
Required: False
Position: Named
Default value: None
-MailboxServer
The MailboxServer parameter specifies the identity of the Exchange Mailbox server on which the test is run.
Required: False
Position: Named
Default value: None
-MonitoringContext
Required: True
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
-Timeout
value for the Timeout parameter is 300 seconds. You must specify a time-out value greater than 0 seconds. We
recommend that you always configure this parameter with a value of 5 seconds or more.
Type: UInt32
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
-UseAutodiscoverForClientAccessServer
The UseAutodiscoverForClientAccessServer parameter specifies whether the test should use the Autodiscover
service to locate the Client Access server.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Disable-OutlookAnywhere
In ths Article
This cmdlet is available only in Exchange Server 2010. Use the Disable-OutlookAnywhere cmdlet to disable
Outlook Anywhere on Exchange Server 2010 Client Access servers. For information about the parameter sets in
Syntax
Disable-OutlookAnywhere [-Identity] <VirtualDirectoryIdParameter>
[-Confirm]
Disable-OutlookAnywhere [-Server <ServerIdParameter>]

[-Confirm]
Description
Enabling Outlook Anywhere on the Client Access server prevents the server from accepting external connections
by Outlook 2003 or later clients by using Outlook Anywhere.
When you run this cmdlet, it can take as long as an hour for the settings to become effective, depending on how
long it takes for Active Directory to replicate.
After the Client Access server is disabled for Outlook Anywhere, you may want to remove the RPC over HTTP
proxy Windows networking component.
Examples
-------------------------- Example 1 --------------------------
Disable-OutlookAnywhere -Server CAS01
This example disables Outlook Anywhere on the Client Access server named CAS01.
-------------------------- Example 2 --------------------------
Disable-OutlookAnywhere -Identity: "exch01\rpc (Default Web Site)"
This example disables Outlook Anywhere on the specified virtual directory on the Client Access server named
exch01.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Outlook Anywhere virtual directory that you want to disable. You can use any
value that uniquely identifies the virtual directory. For example:
Name or <Server>\Name
GUID
The Name value uses the syntax "<VirtualDirectoryName> (<WebsiteName>)" from the properties of the virtual
directory. You can specify the wildcard character (*) instead of the default website by using the syntax
<VirtualDirectoryName>*.
You can't use the Identity and Server parameters in the same command.
Type: VirtualDirectoryIdParameter
Required: True
Position: 1
Default value: None
-Server
The Server parameter specifies the Client Access server where you want to run this command. You can use any
Name
FQDN
Exchange Legacy DN
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Enable-OutlookAnywhere
In ths Article
This cmdlet is available only in Exchange Server 2010. Use the Enable-OutlookAnywhere cmdlet to enable Outlook
Anywhere on a computer running Microsoft Exchange Server 2010 that has the Client Access server role installed.
Running the Enable-OutlookAnywhere cmdlet enables the server to accept requests from Microsoft Office Outlook
2007 and Outlook 2003 client computers from the Internet by using Outlook Anywhere, also known as RPC over
HTTP. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Enable-OutlookAnywhere -ClientAuthenticationMethod <Basic | Digest | Ntlm | Fba | WindowsIntegrated | LiveIdFba
| LiveIdBasic | WSSecurity | Certificate | NegoEx | MaxValidValue | Misconfigured>
-ExternalHostname <Hostname> -SSLOffloading <$true | $false> [-IISAuthenticationMethods <MultiValuedProperty>]
[-Confirm]
[-ExtendedProtectionFlags <MultiValuedProperty>]
[-ExtendedProtectionSPNList <MultiValuedProperty>]
[-ExtendedProtectionTokenChecking <None | Allow | Require>]
Enable-OutlookAnywhere -DefaultAuthenticationMethod <Basic | Digest | Ntlm | Fba | WindowsIntegrated |

LiveIdFba | LiveIdBasic | WSSecurity | Certificate | NegoEx | MaxValidValue | Misconfigured>
-ExternalHostname <Hostname> -SSLOffloading <$true | $false>
[-Confirm]
Description
Enabling Outlook Anywhere on the Client Access server allows the server to accept external connections by
Outlook 2003 or later clients by using Outlook Anywhere.
This cmdlet can be successfully run only if the RPC over HTTP proxy Windows networking component is already
installed.
When you run this cmdlet, it can take as long as an hour for the settings to become effective, depending on how
long it takes for Active Directory to replicate.
Examples
-------------------------- Example 1 --------------------------
Enable-OutlookAnywhere -Server:Server01 -ExternalHostname:mail.contoso.com -ClientAuthenticationMethod:Ntlm -

SSLOffloading:$true
This example enables the server Server01 for Outlook Anywhere. The external host name is set to
mail.contoso.com, both Basic and NTLM authentication are used, and SSL offloading is set to $true.
-------------------------- Example 2 --------------------------
Enable-OutlookAnywhere -DefaultAuthenticationMethod:Ntlm -ExternalHostname:mail.contoso.com -

SSLOffloading:$false
This example enables Outlook Anywhere on the server that has the Client Access role installed. The SSLOffloading
parameter is set to $false, the ExternalHostname parameter is specified as mail.contoso.com, and the
DefaultAuthenticationMethod parameter is set to NTLM.
-------------------------- Example 3 --------------------------
Enable-OutlookAnywhere -IISAuthenticationMethods NTLM -SSlOffloading:$false -ClientAuthenticationMethod:Basic -

ExternalHostname:mail.contoso.com
This example enables the Exchange Client Access server for Outlook Anywhere. The SSLOffloading parameter is
set to $false, the ExternalHostname parameter is set to mail.contoso.com, the IISAuthenticationMethods parameter
is set to NTLM, and the ClientAuthenticationMethod parameter is set to Basic.
Parameters
-ClientAuthenticationMethod
The ClientAuthenticationMethod parameter specifies the authentication method that the Autodiscover service
provides to the Outlook Anywhere clients to authenticate to the Client Access server. Valid values are:
Basic
Ntlm
This parameter must be specified if you don't use the DefaultAuthenticationMethod parameter. When you use this
parameter without specifying the IISAuthenticationMethods parameter, IISAuthenticationMethods parameter is set
to both NTLM and Basic.
Although this parameter only allows setting one authentication method, the command won't return an error if you
include multiple values.
Type: Basic | Digest | Ntlm | Fba | WindowsIntegrated | LiveIdFba | LiveIdBasic | WSSecurity | Certificate |
NegoEx | MaxValidValue | Misconfigured
Required: True
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DefaultAuthenticationMethod
The DefaultAuthenticationMethod parameter specifies whether to set both the ClientAuthenticationMethod and
IISAuthenticationMethods parameters to the same authentication value.
When you set an authentication value by using the DefaultAuthenticationMethod parameter, you force the specified
authentication method to be used on the /rpc virtual directory in Internet Information Services (IIS ). Valid values
are:
Basic
Ntlm
If the DefaultAuthenticationMethod parameter is specified, neither the ClientAuthenticationMethod nor the
IISAuthenticationMethods parameter can be used.
Required: True
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-ExtendedProtectionFlags
The ExtendedProtectionFlags parameter is used to customize the options you use if you're using Extended
Protection for Authentication. The possible values are:
None Default setting.
Proxy Specifies that a proxy is terminating the SSL channel. A Service Principal Name (SPN ) must be
registered in the ExtendedProtectionSPNList parameter if proxy mode is configured.
ProxyCoHosting Specifies that both HTTP and HTTPS traffic may be accessing the Client Access server and
that a proxy is located between at least some of the clients and the Client Access server.
AllowDotlessSPN Specifies whether you want to support valid SPNs that aren't in the fully qualified domain
name (FQDN ) format, for example ContosoMail. You specify valid SPNs with the ExtendedProtectionSPNList
parameter. This option makes extended protection less secure because dotless certificates aren't unique, so it
isn't possible to ensure that the client-to-proxy connection was established over a secure channel.
NoServiceNameCheck Specifies that the SPN list won't be checked to validate a channel binding token. This
option makes Extended Protection for Authentication less secure. We generally don't recommend this setting.
Required: False
Position: Named
Default value: None
-ExtendedProtectionSPNList
The ExtendedProtectionSPNList parameter specifies a list of valid Service Principal Names (SPNs) if you're using
Extended Protection for Authentication on the specified virtual directory.
The possible values are:
Null This is the default value.
Single SPN or comma delimited list of valid SPNs By default, you must specify the fully qualified domain name
(FQDN ) (for example mail.contoso.com) for each SPN. If you want to add an SPN that's not an FQDN (for
example, ContosoMail), you must also use the ExtendedProtectionTokenChecking parameter with the
AllowDotlessSPN value. You specify the domain in SPN format. The SPN format is <protocol>/<FQDN>. For
example, a valid entry could be HTTP/mail.contoso.com.
Required: False
Position: Named
Default value: None
-ExtendedProtectionTokenChecking
The ExtendedProtectionTokenChecking parameter defines how you want to use Extended Protection for
Authentication on the specified Exchange virtual directory. Extended Protection for Authentication isn't enabled by
default. The available settings are:
None Extended Protection for Authentication won't be used. Connections between the client and Exchange
won't use Extended Protection for Authentication on this virtual directory. This is the default setting.
Allow Extended Protection for Authentication will be used for connections between the client and Exchange on
this virtual directory if both the client and server support Extended Protection for Authentication. Connections
that don't support Extended Protection for Authentication on the client and server will work, but may not be as
secure as a connection using Extended Protection for Authentication.
If you have a proxy server between the client and the Client Access server that's configured to terminate the client-
to-proxy SSL channel, you must also configure one or more Service Principal Names (SPNs) by using the
ExtendedProtectionSPNList parameter.
Require Extended Protection for Authentication will be used for all connections between clients and Exchange
servers for this virtual directory. If either the client or server doesn't support Extended Protection for
Authentication, the connection between the client and server will fail. If you set this option, you must also set a
value for the ExtendedProtectionSPNList parameter.
If you have a proxy server between the client and the Client Access server that's configured to terminate the client-
to-proxy SSL channel, you must also configure one or more SPNs using the parameter
ExtendedProtectionSPNList.
To learn more about Extended Protection for Authentication, see Understanding Extended Protection for
Authentication.

Required: False
Position: Named
Default value: None
-ExternalHostname
The ExternalHostname parameter specifies the external host name to use in the Outlook profiles for users enabled
for Outlook Anywhere.
Type: Hostname
Required: True
Position: Named
Default value: None
-IISAuthenticationMethods
The IISAuthenticationMethods parameter specifies the authentication method that's enabled on the /rpc virtual
directory in IIS. You can set the virtual directory to allow Basic authentication or NTLM authentication.
Alternatively, you can also set the virtual directory to allow both Basic and NTLM authentication. All other
authentication methods are disabled.
You may want to enable both Basic and NTLM authentication if you're using the IIS virtual directory with multiple
applications that require different authentication methods.
When you configure this setting using the IIS interface, you can enable as many authentication methods as you
want.
For more information about configuring this parameter with multiple values, see the example later in this topic.
Required: False
Position: Named
Default value: None
-Server
Name
FQDN
Exchange Legacy DN
Required: False
Position: Named
Default value: None
-SSLOffloading
The SSLOffloading parameter specifies whether the Client Access server requires Secure Sockets Layer (SSL ). This
value should be set only to $true when an SSL hardware solution is running in front of the Client Access server.

Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-ActiveSyncVirtualDirectory cmdlet to view
Exchange ActiveSync virtual directories that are used in Internet Information Services (IIS ) on Microsoft Exchange
Syntax
Get-ActiveSyncVirtualDirectory -Server <ServerIdParameter>
[-ADPropertiesOnly]
[-ShowMailboxVirtualDirectories] [<CommonParameters>]
Get-ActiveSyncVirtualDirectory [[-Identity] <VirtualDirectoryIdParameter>]

[-ADPropertiesOnly]
Description
Microsoft Exchange servers have a default virtual directory that Exchange ActiveSync mobile devices use to
synchronize with the server. You can create multiple virtual directories and assign different devices to different
directories.
Examples
-------------------------- Example 1 --------------------------
Get-ActiveSyncVirtualDirectory -Server "MBX01"
This example returns a summary list of all Exchange ActiveSync virtual directories on the server named MBX01.
-------------------------- Example 2 --------------------------
Get-ActiveSyncVirtualDirectory -Identity "MBX01\Microsoft-Server-ActiveSync*" | Format-List
This example returns detailed information for the Exchange ActiveSync virtual directory named "Microsoft-Server-
ActiveSync (Default Web Site)" on the server named MBX01.
-------------------------- Example 3 --------------------------
This example returns a summary list of all Exchange ActiveSync virtual directories in the client access services on
all Mailbox servers in the organization.
Parameters
-ADPropertiesOnly
The ADPropertiesOnly switch specifies whether to return only the properties about the virtual directory stored in
Active Directory. The properties stored in the Internet Information Services (IIS ) metabase aren't returned.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the ActiveSync virtual directory that you want to view. You can use any value that
uniquely identifies the virtual directory. For example:
GUID
Required: False
Position: 1
Default value: None
-Server
The Server parameter specifies the Exchange server that hosts the virtual directory. You can use any value that
uniquely identifies the server. For example:
Name
FQDN
ExchangeLegacyDN
You can't use the Server and Identity parameters in the same command.
Required: True
Position: Named
Default value: None
-ShowMailboxVirtualDirectories
The ShowMailboxVirtualDirectories switch shows information about backend virtual directories on Mailbox
servers. You don't need to specify a value with this switch.
By default, this cmdlet shows information about virtual directories in the Client Access services on Mailbox servers.
Client connections are proxied from the Client Access services on Mailbox servers to the backend services on
Mailbox servers. Clients don't connect directly to the backend services.
We recommend that you use this parameter only under the direction of Microsoft Customer Service and Support.
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-AuthRedirect
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-AuthRedirect cmdlet to view OAuth redirection
objects that are used for legacy Microsoft Exchange 2010 Client Access servers in your organization. For
Syntax
Get-AuthRedirect [[-Identity] <AuthRedirectIdParameter>] [-DomainController <Fqdn>] [<CommonParameters>]
Description
Exchange 2010 Client Access servers don't support OAuth authentication requests. OAuth redirection objects
redirect OAuth authentication requests to Exchange servers that are running later versions of Exchange. This
cmdlet is only useful if your organization has Exchange 2010 Client Access servers.
Examples
-------------------------- Example 1 --------------------------
Get-AuthRedirect
This example shows a summary list of all the OAuth redirection objects.
-------------------------- Example 2 --------------------------
Get-AuthRedirect AuthRedirect-Bearer-C0B7AC3F-FE64-4B4B-A907-9226F8027CCE | Format-List
This example shows detailed information about the OAuth redirection object named AuthRedirect-Bearer-
C0B7AC3F -FE64-4B4B -A907-9226F8027CCE
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the existing OAuth redirection object that you want to view. The object name uses
the syntax AuthRedirect-Bearer-<GUID>.
Type: AuthRedirectIdParameter
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-AutodiscoverVirtualDirectory cmdlet to view
Autodiscover virtual directories that are used in Internet Information Services (IIS ) on Microsoft Exchange servers.
Syntax
Get-AutodiscoverVirtualDirectory -Server <ServerIdParameter>
[-ADPropertiesOnly]
Get-AutodiscoverVirtualDirectory [[-Identity] <VirtualDirectoryIdParameter>]

[-ADPropertiesOnly]
Description
Examples
-------------------------- Example 1 --------------------------
Get-AutodiscoverVirtualDirectory -Server MBX01
This example returns a summary list of all Autodiscover virtual directories on the server named MBX01.
-------------------------- Example 2 --------------------------
Get-AutodiscoverVirtualDirectory -Identity "MBX01\Autodiscover*" | Format-List
This example returns detailed information for the Autodiscover virtual directory named "Autodiscover (Default
Web Site)" on the server named MBX01.
-------------------------- Example 3 --------------------------
This example returns a summary list of all Autodiscover virtual directories in the client access services on all
Mailbox servers in the organization.
Parameters
-ADPropertiesOnly
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Autodiscover virtual directory that you want to view. You can use any value
that uniquely identifies the virtual directory. For example:
GUID
Required: False
Position: 1
Default value: None
-Server
Name
FQDN
ExchangeLegacyDN
Required: True
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-ClientAccessArray cmdlet to view legacy RPC
Client Access arrays (load-balanced arrays of Client Access servers within a single Active Directory site) that exist in
your Exchange organization. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Get-ClientAccessArray [[-Identity] <ClientAccessArrayIdParameter>] [-DomainController <Fqdn>]
[-Site <AdSiteIdParameter>] [<CommonParameters>]
Description
Client Access arrays were introduced in Exchange Server 2010 so Outlook clients in an Active Directory site could
access the Client Access servers in the array by using RPC over TCP to a single, unified, fully qualified domain
name (FQDN ). The RpcClientAccessServer property of new mailbox databases was automatically populated with
the FQDN of the Client Access array and this value was used during the creation of Outlook profiles for mailboxes
in those databases.
Changes in the Exchange server architecture that were introduced in Exchange Server 2013 removed the need for
RPC Client Access arrays:
Outlook clients can't use RPC over TCP to access mailboxes on Exchange Server 2013 or later versions and
RPC Client Access arrays only work with RPC over TCP.
Because the Client Access server role is now a stateless proxy, you use different and less complex methods to
configure load balancing and high availability for internal and external client connections. For more information,
see Load balancing in Exchange 2016 (https://technet.microsoft.com/library/jj898588.aspx).
Examples
-------------------------- Example 1 --------------------------
This example returns a summary list of all Client Access arrays that exist in the local Active Directory site.
-------------------------- Example 2 --------------------------
Get-ClientAccessArray -Identity CASArray01 | Format-List
This example returns detailed information for the Client Access array named CASArray01.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Client Access array that you want to view. You can use these values:
Name (if the value doesn't contain spaces)
ExchangeLegacyDN
Fully qualified domain name (FQDN )
GUID
Type: ClientAccessArrayIdParameter
Required: False
Position: 1
Default value: None
-Site
The Site parameter filters the results by Active Directory site. You can use any value that uniquely identifies the site.
For example:
Name
GUID
To see a list of available sites, use the Get-ADSite cmdlet.
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-ClientAccessServer cmdlet to view settings that
are associated with the Client Access server role. Note: In Exchange 2013 or later, use the Get-ClientAccessService
cmdlet instead. If you have scripts that use Get-ClientAccessServer, update them to use Get-ClientAccessService.
Syntax
Get-ClientAccessServer [[-Identity] <ClientAccessServerIdParameter>] [-DomainController <Fqdn>]
[-IncludeAlternateServiceAccountCredentialPassword] [-IncludeAlternateServiceAccountCredentialStatus]
Description
Examples
-------------------------- Example 1 --------------------------
This example returns a summary list of all Exchange servers in your organization that have the Client Access server
role installed.
-------------------------- Example 2 --------------------------
Get-ClientAccessServer -Identity mail.contoso.com | Format-List
This example returns detailed information for the server mail.contoso.com.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the server with the Client Access server role installed that you want to view.
Required: False
Position: 1
Default value: None
-IncludeAlternateServiceAccountCredentialPassword
The IncludeAlternateServiceAccountCredentialPassword switch specifies whether to include the password of the
alternate service account in the results. You don't need to specify a value with this switch.
The password is visible in the AlternateServiceAccountConfiguration property. To see this property, use the
Format-List cmdlet. For example, Get-ClientAccessServer <ServerIdentity> | Format-List
AlternateServiceAccountConfiguration.
Required: False
Position: Named
Default value: None
-IncludeAlternateServiceAccountCredentialStatus
The IncludeAlternateServiceAccountCredentialStatus parameter specifies whether to include the status of the
The status is visible in the AlternateServiceAccountConfiguration property. To see this property, use the Format-
List cmdlet. For example, Get-ClientAccessServer <ServerIdentity> | Format-List
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-ClientAccessService
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-ClientAccessService cmdlet to view settings
that are associated with the Client Access server role. For information about the parameter sets in the Syntax
Syntax
Get-ClientAccessService [[-Identity] <ClientAccessServerIdParameter>] [-DomainController <Fqdn>]
[-IncludeAlternateServiceAccountCredentialPassword] [-IncludeAlternateServiceAccountCredentialStatus]
Description
Examples
-------------------------- Example 1 --------------------------
Get-ClientAccessService | Format-Table Name
This example returns a summary list of all Exchange servers in your organization that have theClient Access server
role installed.
-------------------------- Example 2 --------------------------
Get-ClientAccessService -Identity mail.contoso.com | Format-List
This example returns detailed information for the server mail.contoso.com.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the server with the Client Access server role installed that you want to view.
Required: False
Position: 1
Default value: None
-IncludeAlternateServiceAccountCredentialPassword
The IncludeAlternateServiceAccountCredentialPassword switch specifies whether to include the password of the
The password is visible in the AlternateServiceAccountConfiguration property. To see this property, use the
Format-List cmdlet. For example, Get-ClientAccessService <ServerIdentity> | Format-List
Required: False
Position: Named
Default value: None
-IncludeAlternateServiceAccountCredentialStatus
The IncludeAlternateServiceAccountCredentialStatus parameter specifies whether to include the status of the
The status is visible in the AlternateServiceAccountConfiguration property. To see this property, use the Format-
List cmdlet. For example, Get-ClientAccessService <ServerIdentity> | Format-List
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-EcpVirtualDirectory cmdlet to view Exchange
Control Panel (ECP ) virtual directories that are used in Internet Information Services (IIS ) on Microsoft Exchange
servers. The Exchange admin center (EAC ) uses the ECP virtual directories. The ECP web management interface
was introduced in Exchange Server 2010. In Exchange Server 2013 and Exchange Server 2016, the EAC virtual
directories and the corresponding management cmdlets still use ECP in the name. You can use these cmdlets to
manage ECP virtual directories on Exchange 2010, Exchange 2013 and Exchange 2016 servers. For information
Syntax
Get-EcpVirtualDirectory -Server <ServerIdParameter>
[-ADPropertiesOnly]
Get-EcpVirtualDirectory [[-Identity] <VirtualDirectoryIdParameter>]

[-ADPropertiesOnly]
Description
Examples
-------------------------- Example 1 --------------------------
Get-EcpVirtualDirectory -Server Server01
This example returns a summary list of all Exchange Control Panel virtual directories on the server named
Server01.
-------------------------- Example 2 --------------------------
Get-EcpVirtualDirectory -Identity "Server01\ecp*" | Format-List
This example returns detailed information for the Exchange Control Panel virtual directory named "ecp (Default
Web Site)" on the server named Server01.
-------------------------- Example 3 --------------------------
This example returns a summary list of all Exchange Control Panel virtual directories in the client access services on
all Mailbox servers in the organization.
Parameters
-ADPropertiesOnly
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the ECP virtual directory that you want to view. You can use any value that
GUID
Required: False
Position: 1
Default value: None
-Server
Name
FQDN
ExchangeLegacyDN
Required: True
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-MapiVirtualDirectory cmdlet to view Message
Application Programming Interface (MAPI) virtual directories that are used in Internet Information Services (IIS )
on Microsoft Exchange servers. A MAPI virtual directory is used by supported versions of Microsoft Outlook to
connect to mailboxes by using the MAPIHTTP protocol. For information about the parameter sets in the Syntax
Syntax
Get-MapiVirtualDirectory -Server <ServerIdParameter>
[-ADPropertiesOnly]
Get-MapiVirtualDirectory [[-Identity] <VirtualDirectoryIdParameter>]

[-ADPropertiesOnly]
Description
Examples
-------------------------- Example 1 --------------------------
Get-MapiVirtualDirectory -Server ContosoMail
This example returns a summary list of the MAPI virtual directories on the server named ContosoMail.
-------------------------- Example 2 --------------------------
Get-MapiVirtualDirectory -Identity "ContosoMail\mapi (Default Web Site)" | Format-List; Get-

MapiVirtualDirectory "ContosoMail\mapi (Default Web Site)" | Format-List; Get-MapiVirtualDirectory
ContosoMai\mapi* | Format-List
These examples return detailed information for the MAPI virtual directory named "mapi (Default Web Site)" on the
server named ContosoMail. All three commands do the same thing.
-------------------------- Example 3 --------------------------
This example returns a summary list of all MAPI virtual directories in the client access services on all Mailbox
servers in the organization.
Parameters
-ADPropertiesOnly
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the MAPI virtual directory that you want to view. You can use any value that
GUID
Required: False
Position: 1
Default value: None
-Server
Name
FQDN
ExchangeLegacyDN
Required: True
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-OutlookAnywhere
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-OutlookAnywhere cmdlet to view Outlook
Anywhere virtual directories that are used in Internet Information Services (IIS ) on Microsoft Exchange servers. For
Syntax
Get-OutlookAnywhere -Server <ServerIdParameter>
[-ADPropertiesOnly]
Get-OutlookAnywhere [[-Identity] <VirtualDirectoryIdParameter>]

[-ADPropertiesOnly]
Description
Examples
-------------------------- Example 1 --------------------------
Get-OutlookAnywhere -Server MBX01
This example returns all Outlook Anywhere virtual directories on the server named MBX01.
-------------------------- Example 2 --------------------------
Get-OutlookAnywhere -Identity "EXCH01\Rpc (Default Web Site)"
This example returns information about the Outlook Anywhere virtual directory named Rpc on the default web site
of the server named EXCH01.
Parameters
-ADPropertiesOnly
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Outlook Anywhere virtual directory that you want to view. You can use any
GUID
Required: False
Position: 1
Default value: None
-Server
Name
FQDN
ExchangeLegacyDN
Required: True
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-OwaVirtualDirectory cmdlet to view Outlook
on the web virtual directories that are used in Internet Information Services (IIS ) on Microsoft Exchange servers.
Syntax
Get-OwaVirtualDirectory -Server <ServerIdParameter>
[-ADPropertiesOnly]
Get-OwaVirtualDirectory [[-Identity] <VirtualDirectoryIdParameter>]

[-ADPropertiesOnly]
Description
The Get-OwaVirtualDirectory cmdlet can be run on a local server or run remotely if the server name is specified in
the Identity or Server parameters.
The Get-OwaVirtualDirectory cmdlet can be run on any server that has the Exchange Server administration tools
installed.
Examples
-------------------------- Example 1 --------------------------
Get-OwaVirtualDirectory -Server Contoso
This example returns a summary list of all Outlook on the web virtual directories on the server named Contoso.
-------------------------- Example 2 --------------------------
Get-OwaVirtualDirectory -Identity "Contoso\owa*" | Format-List

This example returns detailed information for the Outlook on the web virtual directory named "owa (Default Web
site)" on the server named Contoso.
-------------------------- Example 3 --------------------------
This example returns a summary list of all Outlook on the web virtual directories in the client access services on all
Mailbox servers in the organization.
Parameters
-ADPropertiesOnly
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the OWA virtual directory that you want to view. You can use any value that
GUID
Required: False
Position: 1
Default value: None
-Server
Name
FQDN
ExchangeLegacyDN
Required: True
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-PowerShellVirtualDirectory cmdlet to view
Windows PowerShell virtual directories that are used in Internet Information Services (IIS ) on Microsoft Exchange
Syntax
Get-PowerShellVirtualDirectory -Server <ServerIdParameter>
[-ADPropertiesOnly]
Get-PowerShellVirtualDirectory [[-Identity] <VirtualDirectoryIdParameter>]

[-ADPropertiesOnly]
Description
Examples
-------------------------- Example 1 --------------------------
Get-PowerShellVirtualDirectory -Server Server01
This example retrieves a summary list of all PowerShell virtual directories on the server named Server01.
-------------------------- Example 2 --------------------------
Get-PowerShellVirtualDirectory -Identity "Server01\PowerShell*" | Format-List
This example returns detailed information for the PowerShell virtual directory named "PowerShell (Default Web
site)" on the server named Server01.
-------------------------- Example 3 --------------------------
This example returns a summary list of all PowerShell virtual directories in the client access services on all Mailbox
servers in the organization.
Parameters
-ADPropertiesOnly
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the PowerShell virtual directory that you want to view. You can use any value that
GUID
Required: False
Position: 1
Default value: None
-Server
Name
FQDN
ExchangeLegacyDN
Required: True
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-RpcClientAccess
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-RpcClientAccess cmdlet to view the settings of
the Microsoft Exchange RPC Client Access service on Exchange servers that have the Client Access server role
installed. These settings affect Outlook clients that connect by using Outlook Anywhere (RPC over HTTP ). For
Syntax
Get-RpcClientAccess [-DomainController <Fqdn>] [-Server <ServerIdParameter>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-RpcClientAccess
This example displays a summary list of the RPC Client Access service settings on all the servers in the
organization.
-------------------------- Example 2 --------------------------
Get-RpcClientAccess -Server ENT01 | Format-List
This example returns detailed information for the RPC Client Access service on the server named ENT01.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Server
The Server parameter specifies the Exchange server that you want to view.
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-WebServicesVirtualDirectory cmdlet to view
Exchange Web Services (EWS ) virtual directories that are used in Internet Information Services (IIS ) on Microsoft
Exchange servers. For information about the parameter sets in the Syntax section below, see Exchange cmdlet
Syntax
Get-WebServicesVirtualDirectory -Server <ServerIdParameter>
[-ADPropertiesOnly]
Get-WebServicesVirtualDirectory [[-Identity] <VirtualDirectoryIdParameter>]

[-ADPropertiesOnly]
Description
The Get-WebServicesVirtualDirectory cmdlet can be run on a local server or run remotely if the server name is
specified in the Identity or Server parameters.
The Get-WebServicesVirtualDirectory cmdlet can be run on any server that has the Exchange administration tools
installed.
Examples
-------------------------- Example 1 --------------------------
Get-WebServicesVirtualDirectory -ServerMBX01
This example returns a summary list of all EWS virtual directories on the server named MBX01.
-------------------------- Example 2 --------------------------
Get-WebServicesVirtualDirectory -Identity "MBX01\EWS*" | Format-List

This example returns detailed information for the EWS virtual directory named "EWS (Default Web Site)" on the
server named MBX01.
-------------------------- Example 3 --------------------------
This example returns a summary list of all virtual directories in the client access services on all Mailbox servers in
the organization.
Parameters
-ADPropertiesOnly
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the EWS virtual directory that you want to view. You can use any value that
GUID
Required: False
Position: 1
Default value: None
-Server
Name
FQDN
ExchangeLegacyDN
Required: True
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-ActiveSyncVirtualDirectory
In ths Article
This cmdlet is available only in on-premises Exchange. Use the New -ActiveSyncVirtualDirectory cmdlet to create
Exchange ActiveSync virtual directories that are used in Internet Information Services (IIS ) on Microsoft Exchange
Syntax
New-ActiveSyncVirtualDirectory [-ApplicationRoot <String>] [-AppPoolId <String>] [-Confirm]
[-DomainController <Fqdn>] [-ExtendedProtectionFlags <MultiValuedProperty>]
[-ExtendedProtectionSPNList <MultiValuedProperty>] [-ExtendedProtectionTokenChecking <None | Allow | Require>]
[-ExternalAuthenticationMethods <MultiValuedProperty>] [-ExternalUrl <Uri>]
[-InstallProxySubDirectory <$true | $false>] [-InternalAuthenticationMethods <MultiValuedProperty>]
[-InternalUrl <Uri>] [-Path <String>] [-WebSiteName <String>] [-WhatIf] [-Role <ClientAccess | Mailbox>]
Description
The New -ActiveSyncVirtualDirectory cmdlet creates an Exchange ActiveSync virtual directory on the specified
server under the specified website. The Exchange ActiveSync virtual directory created is named Microsoft-Server-
ActiveSync. Only one Exchange ActiveSync virtual directory can exist in each Exchange ActiveSync website.
Examples
-------------------------- Example 1 --------------------------
New-ActiveSyncVirtualDirectory -WebSiteName "Default Web Site" -ExternalUrl https://www.contoso.com/Microsoft-

Server-ActiveSync
This example creates an Exchange ActiveSync virtual directory and specifies the external URL used to connect to
the virtual directory.
-------------------------- Example 2 --------------------------
New-ActiveSyncVirtualDirectory -WebSiteName "Default Web Site" -ExternalUrl https://www.contoso.com/mail -

InternalUrl https://contoso/mail
This example creates an Exchange ActiveSync virtual directory and specifies the external and internal URLs used to
connect to the virtual directory.
-------------------------- Example 3 --------------------------
New-ActiveSyncVirtualDirectory -WebSiteName "Default Web Site" -ExternalUrl

"https://www.fourthcoffee.com/Microsoft-Server-ActiveSync"
This example creates an Exchange ActiveSync virtual directory for the company Fourth Coffee.
Parameters
-ApplicationRoot
The ApplicationRoot parameter specifies the metabase path of the virtual directory. By default, this path is the same
as the website in which the virtual directory is created.
Type: String
Required: False
Position: Named
Default value: None
-AppPoolId
The AppPoolId parameter specifies the IIS application pool in which the virtual directory runs. We recommend that
you leave this parameter at its default setting.
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
The ExtendedProtectionFlags parameter specifies custom settings for Extended Protection for Authentication on
the virtual directory. Valid values are:
None: This is the default setting.
AllowDotlessSPN: Required if you want to use Service Principal Name (SPN ) values that don't contain FQDNs
(for example, HTTP/ContosoMail instead of HTTP/mail.contoso.com). You specify SPNs with the
ExtendedProtectionSPNList parameter. This setting makes Extended Protection for Authentication less secure
because dotless certificates aren't unique, so it isn't possible to ensure that the client-to-proxy connection was
established over a secure channel.
NoServiceNameCheck: The SPN list isn't checked to validate a channel binding token. This setting makes
Extended Protection for Authentication less secure. We generally don't recommend this setting.
Proxy: A proxy server is responsible for terminating the SSL channel. To use this setting, you need to register an
SPN by using the ExtendedProtectionSPNList parameter.
ProxyCoHosting: HTTP and HTTPS traffic may be accessing the virtual directory, and a proxy server is located
between at least some of the clients and the Client Access services on the Exchange server.
Required: False
Position: Named
Default value: None
Extended Protection for Authentication on the virtual directory. Valid values are:
$null: This is the default value.
Single SPN or comma delimited list of valid SPNs: The SPN value format is <protocol>/<FQDN>. For
example, HTTP/mail.contoso.com. To add an SPN that's not an FQDN (for example, HTTP/ContosoMail), you
also need to use the AllowDotlessSPN value for the ExtendedProtectionFlags parameter.
Required: False
Position: Named
Default value: None
Authentication on the virtual directory. Extended Protection for Authentication isn't enabled by default. Valid values
are:
None: Extended Protection for Authentication isn't be used on the virtual directory. This is the default value.
Allow: Extended Protection for Authentication is used for connections between clients and the virtual directory
if both the client and server support it. Connections that don't support Extended Protection for Authentication
will work, but may not be as secure as connections that use Extended Protection for Authentication.
Require: Extended Protection for Authentication is used for all connections between clients and the virtual
directory. If either the client or server doesn't support it, the connection will fail. If you use this value, you also
need to set an SPN value for the ExtendedProtectionSPNList parameter.
Note:
If you use the value Allow or Require, and you have a proxy server between the client and the Client Access
services on the Mailbox server that's configured to terminate the client-to-proxy SSL channel, you also need to
configure one or more Service Principal Names (SPNs) by using the ExtendedProtectionSPNList parameter.

Required: False
Position: Named
Default value: None
-ExternalAuthenticationMethods
The ExternalAuthenticationMethods parameter restricts the authentication methods that can be used to connect to
the virtual directory from outside the firewall. Valid values are:
Adfs
Basic
Certificate
Digest
Fba
Kerberos
LiveIdBasic
LiveIdFba
LiveIdNegotiate
NegoEx
Negotiate
Ntlm
OAuth
WindowsIntegrated
WSSecurity
Although you can specify any of these values, whether or not the authentication method actually works for external
connections depends on other factors. For example:
Is the authentication method available on the virtual directory?
Is the authentication method available, but disabled on the virtual directory?
The default value is blank ($null), which means all available authentication methods are accepted.
Required: False
Position: Named
Default value: None
-ExternalUrl
The ExternalURL parameter specifies the URL that's used to connect to the virtual directory from outside the
firewall.
Type: Uri
Required: False
Position: Named
Default value: None
-InstallProxySubDirectory
The InstallProxySubDirectory parameter was used to create an subdirectory that was required for proxying
ActiveSync connections with Exchange 2007.

Required: False
Position: Named
Default value: None
-InternalAuthenticationMethods
The InternalAuthenticationMethods parameter restricts the authentication methods that can be used to connect to
the virtual directory from inside the firewall. Valid values are:
Adfs
Basic
Certificate
Digest
Fba
Kerberos
LiveIdBasic
LiveIdFba
LiveIdNegotiate
NegoEx
Negotiate
Ntlm
OAuth
WindowsIntegrated
WSSecurity
Although you can specify any of these values, whether or not the authentication method actually works for internal
The default value is blank ($null), which means all available authentication methods are accepted.
Required: False
Position: Named
Default value: None
-InternalUrl
The InternalURL parameter specifies the URL that's used to connect to the virtual directory from inside the firewall.
Type: Uri
Required: False
Position: Named
Default value: None
-Path
The Path parameter specifies the file system path of the virtual directory. We recommend using this parameter only
when you need to use a custom location for the virtual directory files. The default value is blank ($null), which
indicates the default location is used.
Type: String
Required: False
Position: Named
Default value: None
-Role
The Role parameter species the configuration for the virtual directory. Valid values are:
ClientAccess: Configure the virtual directory for the Client Access (frontend) services on the Mailbox server.
Mailbox: Configure the virtual directory for the backend services on the Mailbox server.
Client connections are proxied from the Client Access services to the backend services on local or remote Mailbox
servers. Clients don't connect directly to the backend services.
Type: ClientAccess | Mailbox

Required: False
Position: Named
Default value: None
-Server
Name
FQDN
ExchangeLegacyDN
Required: False
Position: Named
Default value: None
-WebSiteName
The WebSiteName parameter specifies the name of the IIS website under which the virtual directory is created.
You don't need to use this parameter to create the virtual directory under the default website.
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-AuthRedirect
In ths Article
This cmdlet is available only in on-premises Exchange. Use the New -AuthRedirect cmdlet to create OAuth
redirection objects that are used for legacy Microsoft Exchange 2010 Client Access servers in your organization.
Syntax
New-AuthRedirect -AuthScheme <Unknown | Bearer> -TargetUrl <String> [-Confirm] [-DomainController <Fqdn>]
Description
Exchange 2010 Client Access servers don't support OAuth authentication requests. Use this cmdlet to redirect
OAuth authentication requests to Exchange servers that are running later versions of Exchange. This cmdlet is only
useful if your organization has Exchange 2010 Client Access servers.
Examples
-------------------------- Example 1 --------------------------
New-AuthRedirect -AuthScheme Bearer -TargetURL https://mbx01.contoso.com
This example creates an OAuth redirection object with the following settings:
AuthScheme: Bearer
TargetURL: https://mbx01.contoso.com
Parameters
-AuthScheme
The AuthScheme parameter specifies the authentication scheme that's used by the authentication redirection
object. Typically, this value is Bearer.
Type: Unknown | Bearer
Required: True
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-TargetUrl
The TargetUrl parameter specifies the FQDN of the Exchange 2013 or later server that has the Client Access server
role installed that's responsible for processing the redirected OAuth authentication requests.
Type: String
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-AutodiscoverVirtualDirectory
In ths Article
This cmdlet is available only in on-premises Exchange. Use the New -AutodiscoverVirtualDirectory cmdlet to create
Autodiscover virtual directories that are used in Internet Information Services (IIS ) on Microsoft Exchange servers.
Syntax
New-AutodiscoverVirtualDirectory [-ApplicationRoot <String>] [-AppPoolId <String>]
[-BasicAuthentication <$true | $false>] [-Confirm] [-DigestAuthentication <$true | $false>]
[-DomainController <Fqdn>] [-ExtendedProtectionFlags <MultiValuedProperty>]
[-ExternalUrl <Uri>] [-InternalUrl <Uri>] [-Path <String>] [-WebSiteName <String>] [-WhatIf]
[-WindowsAuthentication <$true | $false>] [-WSSecurityAuthentication <$true | $false>]
[-OAuthAuthentication <$true | $false>] [-Role <ClientAccess | Mailbox>] [-Server <ServerIdParameter>]
Description
If your organization has multiple email domains and each requires its own Autodiscover site and corresponding
virtual directory, use the New -AutodiscoverVirtualDirectory cmdlet to create an Autodiscover virtual directory
under a new website.
When you're creating an Autodiscover virtual directory, we recommend that you enable Secure Sockets Layer
(SSL ) for the Autodiscover service.
Examples
-------------------------- Example 1 --------------------------
New-AutodiscoverVirtualDirectory -WebSiteName "autodiscover.contoso.com" -WindowsAuthentication $true -

DigestAuthentication $true
This example creates the virtual directory autodiscover under the website autodiscover.contoso.com and requires
that the user connect using Integrated Windows authentication or Digest authentication.
Parameters
-ApplicationRoot
Type: String
Required: False
Position: Named
Default value: None
-AppPoolId
Type: String
Required: False
Position: Named
Default value: None
-BasicAuthentication
The BasicAuthentication parameter specifies whether Basic authentication is enabled on the virtual directory. Valid
values are:
$true: Basic authentication is enabled. This is the default value.
$false: Basic authentication is disabled.

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DigestAuthentication
The DigestAuthentication parameter specifies whether Digest authentication is enabled on the virtual directory.
Valid values are:
$true: Digest authentication is enabled.
$false: Digest authentication is disabled. This is the default value.

Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
are:
Note:

Required: False
Position: Named
Default value: None
-ExternalUrl
The ExternalUrl parameter specifies the URL used to connect to the virtual directory from outside the network
firewall.
Type: Uri
Required: False
Position: Named
Default value: None
-InternalUrl
The InternalUrl parameter specifies the URL used to connect to the virtual directory from inside the network
firewall.
Type: Uri
Required: False
Position: Named
Default value: None
-OAuthAuthentication
The OAuthAuthentication parameter specifies whether OAuth authentication is enabled on the virtual directory.
Valid values are:
$true: OAuth authentication is enabled. This is the default value.
$false: OAuth authentication is disabled.

Required: False
Position: Named
Default value: None
-Path
Type: String
Required: False
Position: Named
Default value: None
-Role

Required: False
Position: Named
Default value: None
-Server
Name
FQDN
ExchangeLegacyDN
Required: False
Position: Named
Default value: None
-WebSiteName
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-WindowsAuthentication
The WindowsAuthentication parameter specifies whether Integrated Windows authentication is enabled on the
virtual directory. Valid values are:
$true: Integrated Windows authentication is enabled. This is the default value.
$false: Integrated Windows authentication is disabled.

Required: False
Position: Named
Default value: None
-WSSecurityAuthentication
The WSSecurityAuthentication parameter specifies whether WS -Security (Web Services Security) authentication is
enabled on the virtual directory. Valid values are:
$true: WS -Security authentication is enabled. This is the default value.
$false: WS -Security authentication is disabled.

Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-ClientAccessArray
In ths Article
This cmdlet is available only in Exchange Server 2010. Use the New -ClientAccessArray cmdlet to create an object
that represents a load balanced array of Client Access servers within a single Active Directory site. For information
Syntax
New-ClientAccessArray [[-Name] <String>] -Fqdn <Fqdn> -Site <AdSiteIdParameter> [-Confirm]
Description
The New -ClientAccessArray cmdlet creates an object that represents a load balanced array of Client Access servers.
You can then manage the load balanced array as a single object.
Client Access arrays allow Outlook clients in an Active Directory site to access the Client Access servers in the array
by using RPC over TCP to a single, unified, fully qualified domain name (FQDN ). The RpcClientAccessServer
property of new mailbox databases is automatically populated with the FQDN of the Client Access array and this
value is used during the creation of Outlook profiles for mailboxes in those databases.
Examples
-------------------------- Example 1 --------------------------
New-ClientAccessArray -Fqdn casarray01.contoso.com -Site "Redmond"
This example creates the Client Access array with the FQDN casarray01.contoso.com in the Active Directory site
named Redmond. Because the Name parameter isn't used, the name of the Client Access array is casarray01.
-------------------------- Example 2 --------------------------
New-ClientAccessArray -Fqdn casarrayap.contoso.com -Site "China" -Name "China CAS Array"
This example creates a Client Access array named China CAS Array with the FQDN value casarrayap.contoso.com
in the Active Directory site named China.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Fqdn
The Fqdn parameter specifies the fully qualified domain name of the Client Access array (for example,
casarray01.contoso.com). This is the value that RPC over TCP clients use to connect to the Client Access servers in
the array.
Type: Fqdn
Required: True
Position: Named
Default value: None
-Name
The Name parameter specifies the descriptive name of the Client Access array. The maximum length is 64
characters. If the value contains spaces, enclose the value in quotation marks ("). If the value contains spaces, you
can't use the Name value to identify the Client Access array for the Get-ClientAccessArray, Remove-
ClientAccessArray, or Set-ClientAccessArray cmdlets.
If you don't use this parameter, the default value is the host part of the Fqdn parameter value. For example, if the
Fqdn value is casarray01.contoso.com, the default name value is casarray01.
Type: String
Required: False
Position: 1
Default value: None
-Site
The Site parameter specifies the Active Directory site that contains the Client Access array. You can use any value
that uniquely identifies the site. For example:
Name
GUID
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-EcpVirtualDirectory
In ths Article
This cmdlet is available only in on-premises Exchange. Use the New -EcpVirtualDirectory cmdlet to create Exchange
servers. This is a command that Microsoft Exchange Server Setup runs when you install Exchange in your
organization. The ECP virtual directory manages the Exchange admin center. The ECP web management interface
was introduced in Exchange Server 2010. In Exchange Server 2013 and Exchange Server 2016, the EAC virtual
manage ECP virtual directories on Exchange 2010, Exchange 2013, and Exchange 2016 servers. For information
Syntax
New-EcpVirtualDirectory [-AppPoolId <String>] [-Confirm] [-DomainController <Fqdn>]
[-ExtendedProtectionFlags <MultiValuedProperty>] [-ExtendedProtectionSPNList <MultiValuedProperty>]
[-ExtendedProtectionTokenChecking <None | Allow | Require>] [-ExternalUrl <Uri>] [-InternalUrl <Uri>]
[-Path <String>] [-Server <ServerIdParameter>] [-WebSiteName <String>] [-WhatIf]
[-Role <ClientAccess | Mailbox>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
New-EcpVirtualDirectory -Server SERVER01 -ExternalURL https://mail.contoso.com/ecp -InternalURL

https://mail.contoso.com/ecp
This example creates the ECP virtual directory on the Exchange server named Server01.
Parameters
-AppPoolId
The AppPoolId parameter sets the IIS application pool where the ECP virtual directory runs. We recommend that
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
ProxyCoHosting: HTTP and HTTPS traffic may be accessing the virtual directory and a proxy server is located
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
are:
Note:
Required: False
Position: Named
Default value: None
-ExternalUrl
firewall.
This setting is important when Secure Sockets Layer (SSL ) is used. You need to set this parameter to allow the
Autodiscover service to return the URL for the ECP virtual directory.
Type: Uri
Required: False
Position: Named
Default value: None
-InternalUrl
This setting is important when SSL is used. You need to set this parameter to allow the Autodiscover service to
return the URL for the ECP virtual directory.
Type: Uri
Required: False
Position: Named
Default value: None
-Path
The Path parameter sets the file system path of the ECP virtual directory. This parameter should be used with care
and only when you must use a different file system path than the default.
Type: String
Required: False
Position: Named
Default value: None
-Role
Required: False
Position: Named
Default value: None
-Server
Name
FQDN
ExchangeLegacyDN
You can't create an ECP virtual directory remotely. You can only create an ECP virtual directory on the local
computer.
Required: False
Position: Named
Default value: None
-WebSiteName
The WebSiteName parameter specifies the name of the IIS website where the ECP virtual directory is created.
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in on-premises Exchange. Use the New -MapiVirtualDirectory cmdlet to create
Messaging Application Programming Interface (MAPI) virtual directories that are used in Internet Information
Services (IIS ) on Microsoft Exchange servers. A MAPI virtual directory is used by supported versions of Microsoft
Outlook to connect to mailboxes by using the MAPIHTTP protocol. For information about the parameter sets in the
Syntax
[-Confirm]
[-ExternalUrl <Uri>]
[-IISAuthenticationMethods <MultiValuedProperty>]
[-InternalUrl <Uri>]
[-Role <ClientAccess | Mailbox>]
[-WebSiteName <String>]
Description
Examples
-------------------------- Example 1 --------------------------
New-MapiVirtualDirectory -InternalUrl https://contoso.com/mapi -IISAuthenticationMethods NTLM,Negotiate,OAuth
This example creates a new MAPI virtual directory that has the following configuration:
Internal URL: https://contoso.com/mapi
IIS authentication methods: NTLM, Negotiate and OAuth.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
This parameter is available only in Exchange 2013.
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
are:
Note:

Required: False
Position: Named
Default value: None
-ExternalUrl
firewall.
This setting enforces the Secure Sockets Layer (SSL ) protocol and uses the default SSL port. Valid input for this
parameter uses the syntax https://<Domain Name>/mapi.
When you use the InternalUrl or ExternalUrl parameters, you need to specify one or more authentication values by
using the IISAuthenticationMethods parameter.
Type: Uri
Required: False
Position: Named
Default value: None
The IISAuthenticationMethods parameter specifies the authentication methods that are enabled on the virtual
directory in Internet Information Services (IIS ). Valid values for this parameter are:
Basic
Negotiate
NTLM
OAuth
The default values are NTLM, OAuth, and Negotiate. We recommend that you always have the virtual directory
configured for OAuth.
Required: False
Position: Named
Default value: None
-InternalUrl
Type: Uri
Required: False
Position: Named
Default value: None
-Role

Required: False
Position: Named
Default value: None
-Server
Name
FQDN
ExchangeLegacyDN
Required: False
Position: Named
Default value: None
-WebSiteName
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in on-premises Exchange. Use the New -OwaVirtualDirectory cmdlet to create Outlook
on the web virtual directories that are used in Internet Information Services on Exchange servers. Typically, you
create virtual directories on Exchange servers that have the Client Access server role installed. For information
Syntax
[[-ApplicationRoot <String>]
[-AppPoolId <String>]
[-Confirm]
[-ExternalAuthenticationMethods <MultiValuedProperty>]
[-ExternalUrl <Uri>] [-InternalUrl <Uri>]
[-Name <String>]
[-Path <String>]
[-Role <ClientAccess | Mailbox>]
[-WebSiteName <String>]
Description
By default, when Exchange is installed, the Outlook on the web virtual directory owa is created in the default IIS
website on the server.
Examples
-------------------------- Example 1 --------------------------
New-OwaVirtualDirectory -WebSiteName "Contoso.com"
This example creates the Outlook on the web virtual directory in an IIS website on the local Exchange server, which
isn't a default website.
Parameters
-ApplicationRoot
Type: String
Required: False
Position: Named
Default value: None
-AppPoolId
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
are:
Note:

Required: False
Position: Named
Default value: None
Adfs
Basic
Certificate
Digest
Fba
Kerberos
LiveIdBasic
LiveIdFba
LiveIdNegotiate
NegoEx
Negotiate
Ntlm
OAuth
WindowsIntegrated
WSSecurity
Required: False
Position: Named
Default value: None
-ExternalUrl
firewall. This setting is important when Secure Sockets Layer (SSL ) is used.
Type: Uri
Required: False
Position: Named
Default value: None
-InternalUrl
This setting is important when SSL is used.
Type: Uri
Required: False
Position: Named
Default value: None
-Name
Type: String
Required: False
Position: 1
Default value: None
-Path
Type: String
Required: False
Position: Named
Default value: None
-Role

Required: False
Position: Named
Default value: None
-Server
Name
FQDN
ExchangeLegacyDN
Required: False
Position: Named
Default value: None
-WebSiteName
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-PowerShellVirtualDirectory
In ths Article
This cmdlet is available only in on-premises Exchange. Use the New -PowerShellVirtualDirectory cmdlet to create
Windows PowerShell virtual directories that are used in Internet Information Services (IIS ) on Microsoft Exchange
Syntax
New-PowerShellVirtualDirectory [-Name] <String> [-BasicAuthentication <$true | $false>] [-Confirm]
[-DomainController <Fqdn>] [-ExternalUrl <Uri>] [-InternalUrl <Uri>] [-RequireSSL <$true | $false>]
[-Role <ClientAccess | Mailbox>] [-Server <ServerIdParameter>] [-WhatIf]
[-WindowsAuthentication <$true | $false>] [<CommonParameters>]
Description
Although it's possible to create a Windows PowerShell virtual directory, we recommend that you only do so at the
request of Microsoft Customer Service and Support.
Examples
-------------------------- Example 1 --------------------------
New-PowerShellVirtualDirectory -Name "Contoso Certificates Required" -BasicAuthentication $false -

WindowsAuthentication $false -CertificateAuthentication $true
This example creates a Windows PowerShell virtual directory and configures it to accept only certificate
authentication.
Parameters
The BasicAuthentication parameter specifies whether Basic authentication is enabled on the PowerShell virtual
directory. The valid values are $true and $false. The default value is $true.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-ExternalUrl
The ExternalUrl parameter specifies the external URL that the PowerShell virtual directory points to.
Type: Uri
Required: False
Position: Named
Default value: None
-InternalUrl
The InternalUrl parameter specifies the internal URL that the PowerShell virtual directory points to.
Type: Uri
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the name of the new PowerShell virtual directory. The name you provide will have
the name of the website it's created under appended to it. If the name you provide contains spaces, enclose the
name in quotation marks (").
Type: String
Required: True
Position: 1
Default value: None
-RequireSSL
The RequireSSL parameter specifies whether the PowerShell virtual directory should require that the client
connection be made using Secure Sockets Layer (SSL ). The valid values are $true and $false. The default value is
$true.

Required: False
Position: Named
Default value: None
-Role

Required: False
Position: Named
Default value: None
-Server
Name
FQDN
ExchangeLegacyDN
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
PowerShell virtual directory. The valid values are $true and $false. The default value is $true.

Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-RpcClientAccess
In ths Article
This cmdlet is available only in Exchange Server 2010. Use the New -RpcClientAccess cmdlet to create
configuration information for the Exchange RPC Client Access service on a Client Access server. This setup task is
performed by default on new installations of the Client Access server role on Microsoft Exchange Server 2010. For
Syntax
New-RpcClientAccess -Server <ServerIdParameter>
[-BlockedClientVersions <String>]
[-Confirm]
[-EncryptionRequired <$true | $false>]
[-MaximumConnections <Int32>]
Description
After you run this command, you must start the Exchange RPC Client Access service on the Exchange Client Access
server to enable RPC client access.
Examples
-------------------------- Example 1 --------------------------
New-RpcClientAccess -Server CAS01
This example creates configuration information for the Exchange RPC Client Access service on the Client Access
server CAS01. After you run this command, you must start the Exchange RPC Client Access service on the
Exchange Client Access server to enable RPC client access.
Parameters
-BlockedClientVersions
The BlockedClientVersions parameter specifies which versions of Microsoft Outlook are restricted from connecting.
The Exchange RPC Client Access service rejects Outlook connections if versions are in the range specified. This
setting affects MAPI and Outlook Anywhere client connections. The value must be less than 256 characters in
length.
Versions should be single numbers in the format X.Y.Z where X is a major version number, Y is the minor revision
number, and Z specifies the build, and ranges should be delimited by semicolons (for example, 0.0.0-5.9.9; 7.0.0-
65535.65535.65535).
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-EncryptionRequired
The EncryptionRequired parameter specifies whether to require Outlook connections to be encrypted. The
Exchange RPC Client Access service rejects unencrypted Outlook connections if this parameter is set to $true.

Required: False
Position: Named
Default value: None
-MaximumConnections
The MaximumConnections parameter specifies the maximum number of concurrent connections allowed. The
Exchange RPC Client Access service reads and limits connections based on this property.
This parameter has a range from 1 through 65535.
Although you can configure a non-default value for this parameter, changes to this setting aren't enforced in this
version of Exchange.
Type: Int32
Required: False
Position: Named
Default value: None
-Server
Name
FQDN
ExchangeLegacyDN
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
New-WebServicesVirtualDirectory
In ths Article
This cmdlet is available only in on-premises Exchange. Use the New -WebServicesVirtualDirectory cmdlet to create
Exchange Web Services virtual directories that are used in Internet Information Services (IIS ) on Microsoft
Exchange servers. You can create multiple virtual directories by using this cmdlet. However, you can create only one
Exchange Web Services virtual directory for each website. For information about the parameter sets in the Syntax
Syntax
New-WebServicesVirtualDirectory [-ApplicationRoot <String>] [-AppPoolId <String>]
[-AppPoolIdForManagement <String>] [-BasicAuthentication <$true | $false>] [-Confirm]
[-DigestAuthentication <$true | $false>] [-DomainController <Fqdn>]
[-ExtendedProtectionFlags <MultiValuedProperty>] [-ExtendedProtectionSPNList <MultiValuedProperty>]
[-ExtendedProtectionTokenChecking <None | Allow | Require>] [-ExternalUrl <Uri>] [-Force]
[-GzipLevel <Off | Low | High | Error>] [-InternalNLBBypassUrl <Uri>] [-InternalUrl <Uri>]
[-MRSProxyEnabled <$true | $false>] [-MRSProxyMaxConnections <Unlimited>] [-Path <String>]
[-WebSiteName <String>] [-WhatIf] [-WindowsAuthentication <$true | $false>]
[-WSSecurityAuthentication <$true | $false>] [-OAuthAuthentication <$true | $false>]
[-Role <ClientAccess | Mailbox>] [-Server <ServerIdParameter>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
New-WebServicesVirtualDirectory -WebSiteName "www.contoso.com" -ExternalUrl

"https://www.contoso.com/webservices.aspx"
This example creates a virtual directory under the non-default website www.contoso.com. It also sets the external
URL to https://www.contoso.com/webservices.aspx.
Parameters
-ApplicationRoot
Type: String
Required: False
Position: Named
Default value: None
-AppPoolId
Type: String
Required: False
Position: Named
Default value: None
-AppPoolIdForManagement
The AppPoolIdForManagement parameter specifies the pool of programs that manages the virtual directory.
Type: String
Required: False
Position: Named
Default value: None
values are:

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
Valid values are:

Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
are:
Note:

Required: False
Position: Named
Default value: None
-ExternalUrl
firewall.
This setting is important when Secure Sockets Layer (SSL ) is used.
Type: Uri
Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-GzipLevel
The GzipLevel parameter sets the Gzip configuration for the Exchange Web Services virtual directory. Valid values
are:
Off: No compression.
Low: Static compression only. This is the default value. This value has the same result as the Off value, because
Exchange Web Services content is dynamic.
High: Static and dynamic compression. Content from Exchange Web Services is compressed if clients indicate
support for Gzip compression in their requests.
Error: Identifies errors in the Gzip compression configuration.
Type: Off | Low | High | Error

Required: False
Position: Named
Default value: None
-InternalNLBBypassUrl
The InternalNLBBypassUrl parameter specifies the URL of the Exchange server that has the Client Access server
role installed, regardless of whether it's behind a Network Load Balancing (NLB ) array or not.
When you set the InternalUrl parameter to the URL of the NLB array, you should set the InternalNLBBypassUrl
parameter to the URL of the Client Access server itself.
Type: Uri
Required: False
Position: Named
Default value: None
-InternalUrl
Type: Uri
Required: False
Position: Named
Default value: None
-MRSProxyEnabled
The MRSProxyEnabled parameter specifies whether to enable MRSProxy for the Mailbox server. MRSProxy is a
service that runs on Mailbox servers in a remote forest and helps to proxy a mailbox move. For more information,
see Mailbox moves (https://technet.microsoft.com/library/jj150543.aspx).

Required: False
Position: Named
Default value: None
-MRSProxyMaxConnections
The MRSProxyMaxConnections parameter specifies the maximum number of simultaneous move sessions that an
instance of MRSProxy will accept. This setting accepts values from 0 to unlimited. The default value is 100. For
more information about MRSProxy, see Understanding Move Requests.
Type: Unlimited
Required: False
Position: Named
Default value: None
Valid values are:
Required: False
Position: Named
Default value: None
-Path
The Path parameter sets the path of the virtual directory in the metabase.
Type: String
Required: False
Position: Named
Default value: None
-Role

Required: False
Position: Named
Default value: None
-Server
Name
FQDN
ExchangeLegacyDN
Required: False
Position: Named
Default value: None
-WebSiteName
The WebSiteName parameter specifies the name of the website under which to create the virtual directory. This
parameter shouldn't be used when you're creating a virtual directory under the default website.
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None

Required: False
Position: Named
Default value: None

Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-ActiveSyncVirtualDirectory
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Remove-ActiveSyncVirtualDirectory cmdlet to
remove existing Exchange ActiveSync virtual directories from Internet Information Services (IIS ) virtual directories
on Exchange servers. For information about the parameter sets in the Syntax section below, see Exchange cmdlet
Syntax
Remove-ActiveSyncVirtualDirectory [-Identity] <VirtualDirectoryIdParameter>
[-Confirm]
Description
When the Exchange ActiveSync virtual directory is removed from a specified server and website, the virtual
directory is also removed from Active Directory.
Examples
-------------------------- Example 1 --------------------------
Remove-ActiveSyncVirtualDirectory contoso\Microsoft-Server-ActiveSync
This example removes the default Exchange ActiveSync virtual directory from the server Contoso.
-------------------------- Example 2 --------------------------
Remove-ActiveSyncVirtualDirectory contoso\Microsoft-Server-ActiveSync -Confirm $true
This example removes the default Exchange ActiveSync virtual directory from the server Contoso after
confirmation is given.
-------------------------- Example 3 --------------------------
Remove-ActiveSyncVirtualDirectory contoso\EAS
This example removes a custom Exchange ActiveSync virtual directory from the server Contoso.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Exchange ActiveSync virtual directory that you want to remove. You can use
any value that uniquely identifies the virtual directory. For example:
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-AuthRedirect
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Remove-AuthRedirect cmdlet to remove OAuth
redirection objects that are used for legacy Microsoft Exchange 2010 Client Access servers in your organization.
Syntax
Remove-AuthRedirect [-Identity] <AuthRedirectIdParameter> [-Confirm] [-DomainController <Fqdn>] [-WhatIf]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-AuthRedirect AuthRedirect-Bearer-C0B7AC3F-FE64-4B4B-A907-9226F8027CCE
This example removes the existing OAuth redirection object named AuthRedirect-Bearer-C0B7AC3F -FE64-4B4B -
A907-9226F8027CCE.
-------------------------- Example 2 --------------------------
Get-AuthRedirect | Remove-AuthRedirect
This example removes all existing OAuth redirection objects from your organization. However, if you have only one
object in your organization, this example has the same result as the first example.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the existing OAuth redirection object that you want to remove. The object name
uses the syntax AuthRedirect-Bearer-<GUID>. The easiest way to find the name of the OAuth redirection object is
to run Get-AuthRedirect.
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-AutodiscoverVirtualDirectory
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Remove-AutodiscoverVirtualDirectory cmdlet to
remove the an existing Autodiscover virtual directory from Internet Information Services (IIS ). For information
Syntax
Remove-AutodiscoverVirtualDirectory [-Identity] <VirtualDirectoryIdParameter>
[-Confirm]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-AutodiscoverVirtualDirectory -Identity "MBX01\autodiscover(autodiscover.contoso.com)"
This example removes the Autodiscover virtual directory from the site autodiscover.contoso.com on the server
named MBX01.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Autodiscover virtual directory that you want to remove. You can use any value
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-ClientAccessArray
In ths Article
This cmdlet is available only in Exchange Server 2010. Use the Remove-ClientAccessArray cmdlet to remove RPC
Client Access arrays (load-balanced arrays of Client Access servers within a single Active Directory site). For
Syntax
Remove-ClientAccessArray [-Identity] <ClientAccessArrayIdParameter> [-Confirm] [-DomainController <Fqdn>]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-ClientAccessArray -Identity casarray01.contoso.com
This example removes the existing Client Access array with the FQDN value casarray01.contoso.com.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Client Access array that you want to remove. You can use these values:
ExchangeLegacyDN
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-EcpVirtualDirectory
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Remove-EcpVirtualDirectory cmdlet to remove
Exchange Control Panel (ECP ) virtual directories from Internet Information Services (IIS ) on Microsoft Exchange
servers. The ECP virtual directory manages the Exchange admin center. The ECP web management interface was
introduced in Exchange Server 2010. In Exchange Server 2013 and Exchange Server 2016, the EAC virtual
manage ECP virtual directories on Exchange 2010, Exchange 2013 and Exchange 2016 servers. For information
Syntax
Remove-EcpVirtualDirectory [-Identity] <VirtualDirectoryIdParameter>
[-Confirm]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-EcpVirtualDirectory -Identity "Server01\ecp (Default Web site)"
This example removes the ECP virtual directory named ecp located on the default IIS website on the Exchange
server named Server01.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the ECP virtual directory that you want to remove. You can use any value that
GUID
Remote removal of an ECP virtual directory isn't supported. You need run this command from the local computer.
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-MapiVirtualDirectory
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Remove-MapiVirtualDirectory cmdlet to remove
Message Application Programming Interface (MAPI) virtual directories from Exchange servers. A MAPI virtual
directory is used by supported versions of Microsoft Outlook to connect to mailboxes by using the MAPIHTTP
protocol. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Remove-MapiVirtualDirectory [-Identity] <VirtualDirectoryIdParameter>
[-Confirm]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-MapiVirtualDirectory -Identity "ContosoMail\mapi (Default Web Site)"
This example removes the MAPI virtual directory from the local server named ContosoMail.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the MAPI virtual directory that you want to remove. You can use any value that
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-OwaVirtualDirectory
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Remove-OwaVirtualDirectory cmdlet to remove
Outlook on the web virtual directories from Internet Information Services (IIS ) on Exchange servers. For
Syntax
Remove-OwaVirtualDirectory [-Identity] <VirtualDirectoryIdParameter>
[-Confirm]
Description
You might be required to use the Remove-OwaVirtualDirectory cmdlet in the following situations:
The Get-OwaVirtualDirectory cmdlet detects an Outlook on the web virtual directory deleted in IIS but not
deleted in Active Directory. These abandoned Outlook on the web virtual directory objects are known as Active
Directory orphans. We recommend that you remove these orphans by using the Remove-OwaVirtualDirectory
cmdlet.
You are troubleshooting an Outlook on the web configuration issue that requires you to delete the existing
Outlook on the web virtual directory and then re-create the Outlook on the web virtual directory.
Remove-OwaVirtualDirectory permanently removes an Outlook on the web virtual directory or directories. When
you use this cmdlet, make sure that you don't accidentally delete the default Outlook on the web virtual directory.
Examples
-------------------------- Example 1 --------------------------
Remove-OwaVirtualDirectory -Identity "EXCH01\owa (Default Web site)"
This example removes the specified Outlook on the web virtual directory from the default IIS website on the
Exchange server named EXCH01.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the OWA virtual directory that you want to remove. You can use any value that
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-PowerShellVirtualDirectory
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Remove-PowerShellVirtualDirectory cmdlet to
remove existing Windows PowerShell virtual directories from Internet Information Services (IIS ) on Exchange
Syntax
Remove-PowerShellVirtualDirectory [-Identity] <VirtualDirectoryIdParameter>
[-Confirm]
Description
Although it's possible to remove a Windows PowerShell virtual directory, we recommend that you only do so at the
Examples
-------------------------- Example 1 --------------------------
Remove-PowerShellVirtualDirectory "Internal (Default Web Site)" -Confirm:$False
This example removes a Windows PowerShell virtual directory without confirmation.

Be careful when using the Remove-PowerShellVirtualDirectory cmdlet without confirmation. You won't be
prompted before the virtual directory is deleted.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the PowerShell virtual directory that you want to remove. You can use any value
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-RPCClientAccess
In ths Article
This cmdlet is available only in Exchange Server 2010. Use the Remove-RpcClientAccess cmdlet to remove the
configuration information that allows RPC access through the Client Access server role on Microsoft Exchange
Server 2010. After you remove the configuration information, the Exchange RPC Client Access service stops and
no longer starts. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Remove-RPCClientAccess -Server <ServerIdParameter>
[-Confirm]
Description
Disabling RPC client access on a server blocks all RPC access through the specified Client Access server. Therefore,
RPC clients (for example, clients running Microsoft Office Outlook 2007) with mailboxes on any mailbox databases
configured to use the specified Client Access server won't be able to connect.
Examples
-------------------------- Example 1 --------------------------
Remove-RpcClientAccess -Server CAS01
This example removes the configuration information for the Exchange RPC Client Access service for the Client
Access server CAS01. Performing this action also shuts down the Exchange RPC Client Access service on the
Client Access server CAS01.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Server
Name
FQDN
ExchangeLegacyDN
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Remove-WebServicesVirtualDirectory
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Remove-WebServicesVirtualDirectory cmdlet to
remove existing Exchange Web Services virtual directories from Internet Information Services (IIS ) on Microsoft
Syntax
Remove-WebServicesVirtualDirectory [-Identity] <VirtualDirectoryIdParameter>
[-Confirm]
[-Force]
Description
You can remove the default Exchange Web Services virtual directory or another Exchange Web Services virtual
directory.
Examples
-------------------------- Example 1 --------------------------
Remove-WebServicesVirtualDirectory -Identity MBX01\Sales
This example removes the Exchange Web Services virtual directory named Sales from the server named MBX01.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the EWS virtual directory that you want to remove. You can use any value that
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-ActiveSyncVirtualDirectory
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-ActiveSyncVirtualDirectory cmdlet to modify
existing Microsoft Exchange ActiveSync virtual directories that are used in Internet Information Services (IIS ) on
Syntax
Set-ActiveSyncVirtualDirectory [-Identity] <VirtualDirectoryIdParameter>
[-ActiveSyncServer <String>]
[-BadItemReportingEnabled <$true | $false>]
[-BasicAuthEnabled <$true | $false>]
[-ClientCertAuth <Ignore | Accepted | Required>]
[-CompressionEnabled <$true | $false>]
[-Confirm]
[-InstallIsapiFilter <$true | $false>]
[-InternalAuthenticationMethods <MultiValuedProperty>]
[-MobileClientCertificateAuthorityURL <String>]
[-MobileClientCertificateProvisioningEnabled <$true | $false>]
[-MobileClientCertTemplateName <String>]
[-Name <String>]
[-RemoteDocumentsActionForUnknownServers <Allow | Block>]
[-RemoteDocumentsAllowedServers <MultiValuedProperty>]
[-RemoteDocumentsBlockedServers <MultiValuedProperty>]
[-RemoteDocumentsInternalDomainSuffixList <MultiValuedProperty>]
[-SendWatsonReport <$true | $false>]
[-WhatIf]
[-WindowsAuthEnabled <$true | $false>]
Description
The Set-ActiveSyncVirtualDirectory cmdlet configures a variety of settings on the virtual directory used for
Exchange ActiveSync including security, authentication, and internal and external URL settings.
Examples
-------------------------- Example 1 --------------------------
Set-ActiveSyncVirtualDirectory -Identity "contoso\Microsoft-Server-ActiveSync" -BasicAuthEnabled $false
This example disables Basic authentication on the default Exchange ActiveSync virtual directory on the server
Contoso.
-------------------------- Example 2 --------------------------
Set-ActiveSyncVirtualDirectory -Identity "contoso\Microsoft-Server-ActiveSync" -BadItemReportingEnabled $true -

SendWatsonReport:$true
This example enables bad item reporting and turns on the option to send Watson reports for errors on the server
Contoso.
-------------------------- Example 3 --------------------------
Set-ActiveSyncVirtualDirectory -Identity "contoso\Microsoft-Server-ActiveSync" -ExternalUrl

"https://contoso.com/mail"
This example configures the external URL on the default Exchange ActiveSync virtual directory on the server
Contoso.
Parameters
-ActiveSyncServer
The ActiveSyncServer parameter specifies the URL of the Mailbox server. This value is in the following format:
https://servername/Microsoft-Server-ActiveSync.
Type: String
Required: False
Position: Named
Default value: None
-BadItemReportingEnabled
The BadItemReportingEnabled parameter specifies whether items that can't be synchronized should be reported to
the user. If set to $true, the user receives a notification when an item can't be synchronized to the mobile phone.

Required: False
Position: Named
Default value: None
-BasicAuthEnabled
values are:

Required: False
Position: Named
Default value: None
-ClientCertAuth
The ClientCertAuth parameter specifies the status of client certificate authentication. By default, client certificate
authentication is disabled. The default setting is Ignore.
Type: Ignore | Accepted | Required

Required: False
Position: Named
Default value: None
-CompressionEnabled
The CompressionEnabled parameter is a Boolean value that identifies the compression applied to the specified
Exchange ActiveSync virtual directory. The default setting is $true.

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
are:
Note:

Required: False
Position: Named
Default value: None
Adfs
Basic
Certificate
Digest
Fba
Kerberos
LiveIdBasic
LiveIdFba
LiveIdNegotiate
NegoEx
Negotiate
Ntlm
OAuth
WindowsIntegrated
WSSecurity
Required: False
Position: Named
Default value: None
-ExternalUrl
firewall.
Type: Uri
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the ActiveSync virtual directory that you want to modify. You can use any value
GUID
Required: True
Position: 1
Default value: None
-InstallIsapiFilter
The InstallIsapiFilter parameter specifies whether the Internet Server API (ISAPI) filter is installed.
Required: False
Position: Named
Default value: None
-InternalAuthenticationMethods
The InternalAuthenticationMethods parameter specifies the authentication methods supported by the server that
contains the virtual directory when access is requested from inside the network firewall. If this parameter isn't set,
all authentication methods can be used.
Required: False
Position: Named
Default value: None
-InternalUrl
Type: Uri
Required: False
Position: Named
Default value: None
-MobileClientCertificateAuthorityURL
The MobileClientCertificateAuthorityURL parameter specifies the URL for the certification authority (CA) used by
the mobile phone.
Type: String
Required: False
Position: Named
Default value: None
-MobileClientCertificateProvisioningEnabled
The MobileClientCertificateProvisioningEnabled parameter specifies whether the Autodiscover service returns the
Certificate Services server URL in the XML file.

Required: False
Position: Named
Default value: None
-MobileClientCertTemplateName
The MobileClientCertTemplateName parameter specifies the template name for the client certificate.
Type: String
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the name of the Exchange ActiveSync virtual directory.
Type: String
Required: False
Position: Named
Default value: None
-RemoteDocumentsActionForUnknownServers
The RemoteDocumentsActionForUnknownServers parameter specifies the action that occurs when a Microsoft
Windows SharePoint Services or Microsoft Windows file share request comes in via Exchange ActiveSync. When a
request arrives, Exchange ActiveSync looks for the requested host name in the Allow and Block lists. If the host
name isn't found in either list, the action specified in this parameter, either Block or Allow, is performed.
Type: Allow | Block

Required: False
Position: Named
Default value: None
-RemoteDocumentsAllowedServers
The RemoteDocumentsAllowedServers parameter is a multivalued property that lists all the allowed servers for
remote document access.
Required: False
Position: Named
Default value: None
-RemoteDocumentsBlockedServers
The RemoteDocumentsBlockedServers parameter is a multivalued property that lists all the blocked servers for
remote document access.
Required: False
Position: Named
Default value: None
-RemoteDocumentsInternalDomainSuffixList
The RemoteDocumentsInternalDomainSuffixList parameter is used in organizations that don't run Windows
Internet Name Service (WINS ) in their network. In these environments, you can specify one or more FQDNs that
Exchange ActiveSync treats as internal when a request for remote file access is received.
Required: False
Position: Named
Default value: None
-SendWatsonReport
The SendWatsonReport parameter specifies whether a Watson report is sent for errors and events.

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-WindowsAuthEnabled
The WindowsAuthEnabled parameter specifies whether Integrated Windows authentication is enabled. The default
value is $false.

Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-AuthRedirect
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-AuthRedirect cmdlet to modify the existing
OAuth redirection settings for Microsoft Exchange 2010 Client Access servers in your Microsoft Exchange 2013
Syntax
Set-AuthRedirect [-Identity] <AuthRedirectIdParameter> [-Confirm] [-DomainController <Fqdn>]
[-TargetUrl <String>] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-AuthRedirect AuthRedirect-Bearer-C0B7AC3F-FE64-4B4B-A907-9226F8027CCE -TargetUrl https://mbx01.contoso.com
This example sets the TargetURL value to https://mbx01.contoso.com for the existing OAuth redirection object
named AuthRedirect-Bearer-C0B7AC3F -FE64-4B4B -A907-9226F8027CCE.
-------------------------- Example 2 --------------------------
Get-AuthRedirect | Set-AuthRedirect -TargetUrl https://mbx01.contoso.com
This example sets the TargetURL value for all existing OAuth redirection objects in your organization. However, if
you have only one object in your organization, this example has the same result as the first example.
Parameters
-Confirm
before proceeding.
Required: True
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the existing OAuth redirection object that you want to modify. The object name
uses the syntax AuthRedirect-Bearer-<GUID>. The easiest way to find the name of the OAuth redirection object is
to run Get-AuthRedirect.
Required: True
Position: 1
Default value: None
-TargetUrl
The TargetUrl parameter specifies the FQDN of the Exchange 2013 Client Access server that will process the Oauth
request.
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-AutodiscoverVirtualDirectory
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-AutodiscoverVirtualDirectory cmdlet to
configure Autodiscover virtual directories that are used in Internet Information Services (IIS ) on Exchange servers.
Syntax
Set-AutodiscoverVirtualDirectory [-Identity] <VirtualDirectoryIdParameter>
[-BasicAuthentication <$true | $false>]
[-Confirm]
[-DigestAuthentication <$true | $false>]
[-OAuthAuthentication <$true | $false>]
[-WhatIf]
[-WindowsAuthentication <$true | $false>]
[-WSSecurityAuthentication <$true | $false>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-AutodiscoverVirtualDirectory -Identity 'Autodiscover(Default Web Site)' -WindowsAuthentication $false -

BasicAuthentication $false -DigestAuthentication $true
This example sets the authentication method to Digest authentication for the Autodiscover virtual directory.
-------------------------- Example 2 --------------------------
Set-AutodiscoverVirtualDirectory -Identity 'autodiscover (default Web site)' -ExternalUrl

'https://www.contoso.com'
In Exchange Server 2010, this example sets the external URL for the Autodiscover virtual directory.
-------------------------- Example 3 --------------------------
Set-AutodiscoverVirtualDirectory -Identity 'Autodiscover (Default Web Site)' -WindowsAuthentication $true
This example sets Integrated Windows authentication for the Autodiscover virtual directory.
Parameters
values are:

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
Valid values are:
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
are:
Note:

Required: False
Position: Named
Default value: None
-ExternalUrl
The ExternalUrl parameter specifies the URL used to connect to the virtual directory from outside the network
firewall.
Type: Uri
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Autodiscover virtual directory that you want to modify. You can use any value
GUID
Required: True
Position: 1
Default value: None
-InternalUrl
The InternalUrl parameter specifies the URL used to connect to the virtual directory from inside the network
firewall.
Type: Uri
Required: False
Position: Named
Default value: None
Valid values are:

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None

Required: False
Position: Named
Default value: None

Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-ClientAccessArray
In ths Article
This cmdlet is available only in Exchange Server 2010. Use the Set-ClientAccessArray cmdlet to modify RPC Client
Access arrays (load-balanced arrays of Client Access servers within a single Active Directory site). For information
Syntax
Set-ClientAccessArray [-Identity] <ClientAccessArrayIdParameter> [-Confirm] [-DomainController <Fqdn>]
[-Fqdn <Fqdn>] [-Name <String>] [-Site <AdSiteIdParameter>] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-ClientAccessArray -Identity "ContosoArray" -Name "CASArray"
This example changes the names the name of the existing Client Access array named ContosoArray to CASArray.
-------------------------- Example 2 --------------------------
Set-ClientAccessArray -Identity "ContosoArray" -FQDN "casarrayeu.contoso.com"
This example changes the fully qualified domain name of the existing Client Access array named ContosoArray to
casarrayeu.contoso.com.
-------------------------- Example 3 --------------------------
Set-ClientAccessArray -Identity "ContosoArray" -Site "SiteEU"
This example associates the existing Client Access array named ContosoArray with the Active Directory site named
SiteEU.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Fqdn
The Fqdn parameter specifies the fully qualified domain name of the Client Access array (for example,
casarray01.contoso.com). This is the value that RPC over TCP clients use to connect to the Client Access servers in
the array.
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Client Access array that you want to modify. You can use these values:
ExchangeLegacyDN
GUID
Required: True
Position: 1
Default value: None
-Name
The Name parameter specifies the descriptive name of the Client Access array. The maximum length is 64
characters. If the value contains spaces, enclose the value in quotation marks ("). If the value contains spaces, you
can't use the Name value to identify the Client Access array for the Get-ClientAccessArray, Remove-
ClientAccessArray, or Set-ClientAccessArray cmdlets.
Type: String
Required: False
Position: Named
Default value: None
-Site
The Site parameter specifies the Active Directory site that contains the Client Access array. You can use any value
that uniquely identifies the site. For example:
Name
GUID
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-ClientAccessServer
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-ClientAccessServer cmdlet to modify settings
that are associated with the Client Access server role. Note: In Exchange 2013 or later, use the Set-
ClientAccessService cmdlet instead. If you have scripts that use Set-ClientAccessServer, update them to use Set-
ClientAccessService. For information about the parameter sets in the Syntax section below, see Exchange cmdlet
Syntax
Set-ClientAccessServer [-Identity] <ClientAccessServerIdParameter>
[-AlternateServiceAccountCredential <PSCredential[]>]
[-CleanUpInvalidAlternateServiceAccountCredentials]
[-Confirm]
[-IrmLogEnabled <$true | $false>]
[-IrmLogMaxAge <EnhancedTimeSpan>]
[-IrmLogMaxDirectorySize <Unlimited>]
[-IrmLogMaxFileSize <ByteQuantifiedSize>]
[-IrmLogPath <LocalLongFullPath>]
[-IsOutOfService <$true | $false>]
[-RemoveAlternateServiceAccountCredentials]
Set-ClientAccessServer [-Identity] <ClientAccessServerIdParameter>

[-Array <ClientAccessArrayIdParameter>]
[-AutoDiscoverServiceInternalUri <Uri>]
[-AutoDiscoverSiteScope <MultiValuedProperty>]
[-Confirm]
[-IsOutOfService <$true | $false>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-ClientAccessServer -Identity "MBX-01" -AutoDiscoverServiceInternalUri
"https://mbx01.contoso.com/autodiscover/autodiscover.xml" -AutoDiscoverSiteScope "Mail"
This example configures the internal Autodiscover URL for the Active Directory site named Mail in the client access
services on the server named MBX-01.
Parameters
-AlternateServiceAccountCredential
The AlternateServiceAccountCredential parameter specifies an alternative service account username and password
that's typically used for Kerberos authentication in Exchange Server 2010 coexistence environments. You can
specify multiple values separated by commas.
Type: PSCredential[]
Required: False
Position: Named
Default value: None
-Array
Required: False
Position: Named
Default value: None
-AutoDiscoverServiceInternalUri
The AutoDiscoverServiceInternalUri parameter specifies the internal URL of the Autodiscover service.
Type: Uri
Required: False
Position: Named
Default value: None
-AutoDiscoverSiteScope
The AutoDiscoverSiteScope parameter specifies the Active Directory site that the Autodiscover service is
authoritative for. Clients that connect to the Autodiscover service by using the internal URL need to exist in the
specified site.
To see the available Active Directory sites, use the Get-ADSite cmdlet.
Required: False
Position: Named
Default value: None
-CleanUpInvalidAlternateServiceAccountCredentials
The CleanUpInvalidAlternateServiceAccountCredentials switch specifies whether to remove a previously
configured alternate service account that's no longer valid. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the server that you want to modify. You can use any value that uniquely identifies
the server. For example:
Name
FQDN
GUID
Required: True
Position: 1
Default value: None
-IrmLogEnabled
The IrmLogEnabled parameter specifies whether logging is enabled for Information Rights Management (IRM ).
Valid values are $true or $false. The default value is $true.

Required: False
Position: Named
Default value: None
-IrmLogMaxAge
The IrmLogMaxAge parameter specifies the max age for IRM logs. Logs older than the specified value are deleted.
To specify a value, enter it as a time span: dd.hh:mm:ss where d = days, h = hours, m = minutes, and s = seconds.
For example, to specify a 15-hour interval, enter 15:00:00. The default value is 30 days (30.00:00:00).
Required: False
Position: Named
Default value: None
-IrmLogMaxDirectorySize
The IrmLogMaxDirectorySize parameter specifies the maximum directory size for IRM logs. When the maximum
directory size is reached, the server deletes the old log files first.
A valid value is a number up to 909.5 terabytes (999999999999999 bytes) or the value unlimited. The default value
is 250 megabytes (262144000 bytes).
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
Type: Unlimited
Required: False
Position: Named
Default value: None
-IrmLogMaxFileSize
The IrmLogMaxFileSize parameter specifies the maximum size of the IRM log. This value can't be larger than the
IrmLogMaxDirectorySize parameter value.
A valid value is a number up to 4 gigabytes (4294967296 bytes). The default value is 10 megabytes (10485760
bytes).
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
The value of this parameter must be less than or equal to the value of the ReceiveProtocolLogMaxDirectorySize
parameter.
Type: ByteQuantifiedSize
Required: False
Position: Named
Default value: None
-IrmLogPath
The IrmLogPath parameter specifies the location of the IRM log files. The default location is
%ExchangeInstallPath%Logging\IRMLogs.
Required: False
Position: Named
Default value: None
-IsOutOfService
Type: Boolean
Required: False
Position: Named
Default value: None
-RemoveAlternateServiceAccountCredentials
The RemoveAlternateServiceAccountCredentials switch specifies whether to remove a previously distributed
alternate service account. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-ClientAccessService
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-ClientAccessService cmdlet to modify settings
that are associated with the Client Access server role. For information about the parameter sets in the Syntax
Syntax
Set-ClientAccessService [-Identity] <ClientAccessServerIdParameter> [-AlternateServiceAccountCredential
<PSCredential[]>] [-CleanUpInvalidAlternateServiceAccountCredentials] [-
RemoveAlternateServiceAccountCredentials]
[-Confirm]
Set-ClientAccessService [-Identity] <ClientAccessServerIdParameter> [-Array <ClientAccessArrayIdParameter>] [-

AutoDiscoverServiceInternalUri <Uri>] [-AutoDiscoverSiteScope <MultiValuedProperty>]
[-Confirm]
Description
Examples
-------------------------- Example 1 --------------------------
Set-ClientAccessService -Identity "MBX-01" -AutoDiscoverServiceInternalUri

"https://mbx01.contoso.com/autodiscover/autodiscover.xml" -AutoDiscoverSiteScope "Mail"
This example configures the internal Autodiscover URL for the Active Directory site named Mail in the Client
Access service on the server named MBX-01.
Parameters
-AlternateServiceAccountCredential
The AlternateServiceAccountCredential parameter specifies an alternative service account that's typically used for
Kerberos authentication in Exchange Server 2010 coexistence environments.
Type: PSCredential[]
Required: False
Position: Named
Default value: None
-Array
Required: False
Position: Named
Default value: None
-AutoDiscoverServiceInternalUri
The AutoDiscoverServiceInternalUri parameter specifies the internal URL of the Autodiscover service.
Type: Uri
Required: False
Position: Named
Default value: None
-AutoDiscoverSiteScope
The AutoDiscoverSiteScope parameter specifies the Active Directory site that the Autodiscover service is
authoritative for. Clients that connect to the Autodiscover service by using the internal URL need to exist in the
specified site.
To see the available Active Directory sites, use the Get-ADSite cmdlet.
Required: False
Position: Named
Default value: None
-CleanUpInvalidAlternateServiceAccountCredentials
The CleanUpInvalidAlternateServiceAccountCredentials switch specifies whether to remove a previously
configured alternate service account that's no longer valid. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the server that you want to modify. You can use any value that uniquely identifies
Name
FQDN
GUID
Required: True
Position: 1
Default value: None
-RemoveAlternateServiceAccountCredentials
The RemoveAlternateServiceAccountCredentials switch specifies whether to remove a previously distributed
alternate service account. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Set-EcpVirtualDirectory
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-EcpVirtualDirectory cmdlet to modify Exchange
servers. The ECP virtual directory manages the Exchange admin center. The ECP web management interface was
introduced in Exchange Server 2010. In Exchange Server 2013 and Exchange Server 2016, the EAC virtual
manage ECP virtual directories on Exchange 2010, Exchange 2013, and Exchange 2016 servers. For information
Syntax
Set-EcpVirtualDirectory [-Identity] <VirtualDirectoryIdParameter>
[-AdfsAuthentication <$true | $false>]
[-AdminEnabled <$true | $false>]
[-Confirm]
[-FormsAuthentication <$true | $false>]
[-GzipLevel <Off | Low | High | Error>]
[-LiveIdAuthentication <$true | $false>]
[-OwaOptionsEnabled <$true | $false>]
[-WhatIf]
Description
Examples
-------------------------- Example 1 --------------------------
Set-EcpVirtualDirectory -Identity "Server01\ecp (Default Web site)" -BasicAuthentication:$false

This example disables Basic authentication on the default ECP virtual directory on the server named Server01.
-------------------------- Example 2 --------------------------
Set-EcpVirtualDirectory -Identity "Server01\ecp (Default Web site)" -AdminEnabled $false
This example turns off the Internet access to the EAC on server named Server01.
Parameters
-AdfsAuthentication
The AdfsAuthentication parameter specifies that the ECP virtual directory allows users to authenticate through
Active Directory Federation Services (AD FS ) authentication. This parameter accepts $true or $false. The default
value is $false.
The ADFS authentication settings for Set-OwaVirtualDirectory and Set-EcpVirtualDirectory are related. You need
to set the AdfsAuthentication parameter on Set-EcpVirtualDirectory to $true before you can set the
AdfsAuthentication parameter on Set-OwaVirtualDirectory to $true. Likewise, you need to set the
AdfsAuthentication parameter on Set-OwaVirtualDirectory to $false before you can set the AdfsAuthentication
parameter on Set-EcpVirtualDirectory to $false.

Required: False
Position: Named
Default value: None
-AdminEnabled
The AdminEnabled parameter specifies that the EAC isn't able to be accessed through the Internet. For more
information, see Turn off access to the Exchange admin center
(https://technet.microsoft.com/library/jj218639.aspx). This parameter accepts $true or $false.

Required: False
Position: Named
Default value: None
values are:
This parameter can be used with the FormsAuthentication parameter or with the DigestAuthentication and
WindowsAuthentication parameters.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
Valid values are:

Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
are:
Note:

Required: False
Position: Named
Default value: None
The ExternalAuthenticationMethods parameter specifies the authentication methods supported on the Exchange
server from outside the firewall.
Required: False
Position: Named
Default value: None
-ExternalUrl
firewall.
This setting is also important when Secure Sockets Layer (SSL ) is used. You need to set this parameter to allow the
Autodiscover service to return the URL for the ECP virtual directory.
Type: Uri
Required: False
Position: Named
Default value: None
-FormsAuthentication
The FormsAuthentication parameter specifies whether forms-based authentication is enabled on the ECP virtual
directory. Valid values are:
$true: Forms authentication is enabled. The BasicAuthentication parameter is set to $true, and the
DigestAuthentication and WindowsAuthentication parameters are set to $false.
$false: Forms authentication is disabled.
Required: False
Position: Named
Default value: None
-GzipLevel
The GzipLevel parameter sets Gzip configuration information for the ECP virtual directory.

Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the ECP virtual directory that you want to modify. You can use any value that
GUID
To manage the first ECP virtual directory created in an Exchange organization, you need to use this cmdlet on the
computer that includes the first ECP virtual directory. If you create additional ECP virtual directories, you can
manage those remotely.
Required: True
Position: 1
Default value: None
-InternalUrl
This setting is also important when SSL is used. You need to set this parameter to allow the Autodiscover service to
return the URL for the ECP virtual directory.
Type: Uri
Required: False
Position: Named
Default value: None
-LiveIdAuthentication
The LiveIdAuthentication parameter specifies whether Windows Live ID authentication is enabled for the Exchange
Control Panel virtual directory.

Required: False
Position: Named
Default value: None
-OwaOptionsEnabled
The OwaOptionsEnabled parameter specifies that Outlook on the web Options is enabled for end users. If this
parameter is set to $false, users aren't able to access Outlook on the web Options. You may want to disable access if
your organization uses third-party provider tools. This parameter accepts $true or $false.

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None

Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-MapiVirtualDirectory
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-MapiVirtualDirectory cmdlet to modify
Messaging Application Programming Interface (MAPI) virtual directories that are used in Internet Information
Services (IIS ) on Microsoft Exchange servers. A MAPI virtual directory is used by supported versions of Microsoft
Outlook to connect to mailboxes by using the MAPIHTTP protocol. For information about the parameter sets in the
Syntax
Set-MapiVirtualDirectory [-Identity] <VirtualDirectoryIdParameter>
[-ApplyDefaults <$true | $false>]
[-Confirm]
Description
Examples
-------------------------- Example 1 --------------------------
Set-MapiVirtualDirectory -Identity "ContosoMail\mapi (Default Web Site)" -InternalUrl https://contoso.com/mapi

-IISAuthenticationMethods NTLM,Negotiate,OAuth
This example makes the following configuration changes to the MAPI virtual directory on the default web site of
the server named ContosoMail:
Internal URL: https://contoso/mapi.
IIS authentication methods: NTLM, Negotiate, and OAuth.
Parameters
-ApplyDefaults
The ApplyDefaults switch specifies whether to apply the correct defaults to the related internal IIS application
settings. Typically, this switch is used only by Exchange setup during the installation of Exchange Cumulative
Updates or Service Packs and you shouldn't need to use it.
This switch doesn't affect the values you configure by using the IISAuthenticationMethods, InternalUrl or
ExternalUrl parameters.

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
are:
Note:

Required: False
Position: Named
Default value: None
-ExternalUrl
firewall.
Type: Uri
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the MAPI virtual directory that you want to modify. You can use any value that
GUID
Required: True
Position: 1
Default value: None
The IISAuthenticationMethods parameter specifies the authentication methods that are enabled on the virtual
directory in Internet Information Services (IIS ). Valid values are:
Basic
Negotiate
NTLM
OAuth
The default values are NTLM, OAuth, and Negotiate. We recommend that you always have the virtual directory
configured for OAuth.
Required: False
Position: Named
Default value: None
-InternalUrl
Type: Uri
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-OutlookAnywhere
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-OutlookAnywhere cmdlet to modify Outlook
Anywhere virtual directories that are used in Internet Information Services (IIS ) on Microsoft Exchange servers.
Outlook Anywhere uses virtual directories that contain "rpc" in the name. For information about the parameter sets
Syntax
Set-OutlookAnywhere [-Identity] <VirtualDirectoryIdParameter>
[-ClientAuthenticationMethod <Basic | Digest | Ntlm | Fba | WindowsIntegrated | LiveIdFba | LiveIdBasic |
WSSecurity | Certificate | NegoEx | MaxValidValue | Misconfigured>]
[-Confirm]
[-DefaultAuthenticationMethod <Basic | Digest | Ntlm | Fba | WindowsIntegrated | LiveIdFba | LiveIdBasic |
WSSecurity | Certificate | NegoEx | MaxValidValue | Misconfigured>]
[-ExternalClientAuthenticationMethod <Basic | Digest | Ntlm | Fba | WindowsIntegrated | LiveIdFba |
LiveIdBasic | WSSecurity | Certificate | NegoEx | OAuth | Adfs | Kerberos | Negotiate | LiveIdNegotiate |
Misconfigured>]
[-ExternalClientsRequireSsl <$true | $false>]
[-ExternalHostname <Hostname>]
[-InternalClientAuthenticationMethod <Basic | Digest | Ntlm | Fba | WindowsIntegrated | LiveIdFba |
LiveIdBasic | WSSecurity | Certificate | NegoEx | OAuth | Adfs | Kerberos | Negotiate | LiveIdNegotiate |
Misconfigured>]
[-InternalClientsRequireSsl <$true | $false>]
[-InternalHostname <String>]
[-Name <String>]
[-SSLOffloading <$true | $false>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-OutlookAnywhere -Identity:CAS01\Rpc (Default Web Site) -ClientAuthenticationMethod:Ntlm
In Exchange 2010, this example sets the client authentication method to NTLM for the /rpc virtual directory on the
Client Access server CAS01.
-------------------------- Example 2 --------------------------
Set-OutlookAnywhere -Identity: "EXCH1\rpc (Default Web Site)" -ExternalClientAuthenticationMethod NTLM
This example sets the client authentication method to NTLM for the Outlook Anywhere virtual directory on the
server named EXCH1.
-------------------------- Example 3 --------------------------
Set-OutlookAnywhere -Identity "EXCH1\rpc (Default Web Site)" -SSLOffloading $false -InternalClientsRequireSsl

$true -ExternalClientsRequireSsl $true
This example sets the SSLOffloading parameter to $false for the Outlook Anywhere virtual directory on the server
named EXCH1. This setting informs Outlook Anywhere to expect no SSL decryption between clients and the server,
and enables the Require SSL value on the virtual directory. Because SSL is now required for Outlook Anywhere
connections, we need to configure internal and external clients to use SSL.
-------------------------- Example 4 --------------------------
Set-OutlookAnywhere -Identity "EXCH1\rpc (Default Web Site)" -IISAuthenticationMethods NTLM
This example sets the authentication method for the Outlook Anywhere virtual directory setting in IIS to NTLM.
-------------------------- Example 5 --------------------------
Set-OutlookAnywhere -Identity "EXCH1\rpc (Default Web Site)" -IISAuthenticationMethods Basic,NTLM
In Exchange 2010 and Exchange 2013, this example sets the available authentication methods for the /rpc virtual
directory setting in IIS to use both Basic and NTLM authentication. After you set this value, you can use the IIS
virtual directory to handle authentication for multiple applications that require different authentication methods.
Parameters
-ClientAuthenticationMethod
The ClientAuthenticationMethod parameter specifies the authentication method that the Autodiscover service
provides to the Outlook Anywhere clients to authenticate to the Client Access server. Valid values are:
Basic
Ntlm
Although you can use this parameter to set only one authentication method, the command won't return an error if
you include multiple values.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DefaultAuthenticationMethod
The DefaultAuthenticationMethod parameter specifies the default authentication method for Outlook Anywhere.
This parameter replaces the existing ExternalClientAuthenticationMethod, InternalClientAuthenticationMethod and
IISAuthenticationMethods property values with the value you specify. Valid values are:
Basic
Ntlm
Negotiate
You can't use this parameter with the ExternalClientAuthenticationMethod, InternalClientAuthenticationMethod
and IISAuthenticationMethods parameters.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
are:
Note:
If you use the value Allow or Require and you have a proxy server between the client and the Client Access services
on the Mailbox server that's configured to terminate the client-to-proxy SSL channel, you also need to configure
one or more Service Principal Names (SPNs) by using the ExtendedProtectionSPNList parameter.

Required: False
Position: Named
Default value: None
-ExternalClientAuthenticationMethod
The ExternalClientAuthenticationMethod parameter specifies the authentication method that's used to authenticate
external Outlook Anywhere clients. Valid values are:
Basic
Ntlm
Negotiate (This is the default value)
You can't use this parameter with the DefaultAuthenticationMethods parameter.
NegoEx | OAuth | Adfs | Kerberos | Negotiate | LiveIdNegotiate | Misconfigured
Required: False
Position: Named
Default value: None
-ExternalClientsRequireSsl
The ExternalClientsRequireSsl parameter specifies whether external Outlook Anywhere clients are required to use
Secure Sockets Layer (SSL ). Valid values are:
$true: Clients connecting via Outlook Anywhere from outside the organization are required to use SSL.
$false: Clients connecting via Outlook Anywhere from outside the organization aren't required to use SSL. This
The value of this parameter is related to the value of the SSLOffloading parameter.
Required: False
Position: Named
Default value: None
-ExternalHostname
The ExternalHostname parameter specifies the external hostname for the Outlook Anywhere virtual directory. For
example, mail.contoso.com.
Type: Hostname
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Outlook Anywhere virtual directory that you want to modify. You can use any
GUID
Required: True
Position: 1
Default value: None
The IISAuthenticationMethods parameter specifies the authentication method that's used on the Outlook
Anywhere virtual directory in IIS. Valid values are:
Basic
Ntlm
Negotiate
You can specify multiple value separated by commas. By default, all values are used.
Required: False
Position: Named
Default value: None
-InternalClientAuthenticationMethod
The InternalClientAuthenticationMethod parameter specifies the authentication method that's used to authenticate
internal Outlook Anywhere clients. Valid values are:
Basic
Ntlm (This is the default value)
Negotiate
NegoEx | OAuth | Adfs | Kerberos | Negotiate | LiveIdNegotiate | Misconfigured
Required: False
Position: Named
Default value: None
-InternalClientsRequireSsl
The InternalClientsRequireSsl parameter specifies whether internal Outlook Anywhere clients are required to use
SSL. Valid values are:
$true: Clients connecting via Outlook Anywhere from inside the organization are required to use SSL.
$false: Clients connecting via Outlook Anywhere from inside the organization aren't required to use SSL. This is
the default value.
The value of this parameter is related to the value of the SSLOffloading parameter.

Required: False
Position: Named
Default value: None
-InternalHostname
The InternalHostname parameter specifies the internal hostname for the Outlook Anywhere virtual directory. For
example, mail.contoso.com.
Type: String
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the name of the Outlook Anywhere virtual directory. The default value is Rpc
(Default Web Site). If the value you specify contains spaces, enclose the value in quotation marks (").
Type: String
Required: False
Position: Named
Default value: None
-SSLOffloading
The SSLOffloading parameter specifies whether a network device accepts SSL connections and decrypts them
before proxying the connections to the Outlook Anywhere virtual directory on the Exchange server. Valid values
are:
$true: Outlook Anywhere clients using SSL don't maintain an SSL connection along the entire network path to
the Exchange server. A network device in front of the server decrypts the SSL connections and proxies the
unencrypted (HTTP ) client connections to the Outlook Anywhere virtual directory. The network segment where
HTTP is used should be a secured network. This is the default value.
$false: Outlook Anywhere clients using SSL maintain an SSL connection along the entire network path to the
Exchange server. Only SSL connections are allowed to the Outlook Anywhere virtual directory.
This parameter configures the Require SSL value on the Outlook Anywhere virtual directory. When you set this
parameter to $true, Require SSL is disabled. When you set this parameter to $fase, Require SSL is enabled.
However, it may take several minutes before the change is visible in IIS Manager.
You need to use the value $true for this parameter if you don't require SSL connections for internal or external
Outlook Anywhere clients.
The value of this parameter is related to the values of the ExternalClientsRequireSsl and InternalClientsRequireSsl
parameters.

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-OwaVirtualDirectory
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-OwaVirtualDirectory cmdlet to modify existing
Outlook on the web virtual directories that are used in Internet Information Services (IIS ) on Exchange servers. For
Syntax
Set-OwaVirtualDirectory [-Identity] <VirtualDirectoryIdParameter>
[-ActionForUnknownFileAndMIMETypes <Allow | ForceSave | Block>]
[-ActiveSyncIntegrationEnabled <$true | $false>]
[-AdfsAuthentication <$true | $false>]
[-AllAddressListsEnabled <$true | $false>]
[-AllowCopyContactsToDeviceAddressBook <$true | $false>]
[-AllowOfflineOn <PrivateComputersOnly | NoComputers | AllComputers>]
[-AllowedFileTypes <MultiValuedProperty>]
[-AllowedMimeTypes <MultiValuedProperty>]
[-AnonymousFeaturesEnabled <$true | $false>]
[-BlockedFileTypes <MultiValuedProperty>]
[-BlockedMimeTypes <MultiValuedProperty>]
[-BoxAttachmentsEnabled <$true | $false>]
[-ClassicAttachmentsEnabled <$true | $false>]
[-DropboxAttachmentsEnabled <$true | $false>]
[-CalendarEnabled <$true | $false>]
[-CalendarPublishingEnabled <$true | $false>]
[-ChangePasswordEnabled <$true | $false>]
[-ClientAuthCleanupLevel <High | Low>]
[-Confirm]
[-ContactsEnabled <$true | $false>]
[-CrossSiteRedirectType <Silent | Manual>]
[-DefaultClientLanguage <Int32>]
[-DefaultDomain <String>]
[-DefaultTheme <String>]
[-DelegateAccessEnabled <$true | $false>]
[-DirectFileAccessOnPrivateComputersEnabled <$true | $false>]
[-DirectFileAccessOnPublicComputersEnabled <$true | $false>]
[-DisplayPhotosEnabled <$true | $false>]
[-Exchange2003Url <Uri>]
[-ExchwebProxyDestination <NotSpecified | MailboxServer | PublicFolderServer>]
[-ExplicitLogonEnabled <$true | $false>]
[-ExternalDownloadHostName <String>]
[-ExternalSPMySiteHostURL <String>]
[-FailbackUrl <Uri>]
[-FilterWebBeaconsAndHtmlForms <UserFilterChoice | ForceFilter | DisableFilter>]
[-ForceSaveAttachmentFilteringEnabled <$true | $false>]
[-ForceSaveFileTypes <MultiValuedProperty>]
[-ForceSaveMimeTypes <MultiValuedProperty>]
[-ForceWacViewingFirstOnPrivateComputers <$true | $false>]
[-ForceWacViewingFirstOnPublicComputers <$true | $false>]
[-ForceWebReadyDocumentViewingFirstOnPrivateComputers <$true | $false>]
[-ForceWebReadyDocumentViewingFirstOnPublicComputers <$true | $false>]
[-FormsAuthentication <$true | $false>]
[-FreCardsEnabled <$true | $false>]
[-GlobalAddressListEnabled <$true | $false>]
[-GoogleDriveAttachmentsEnabled <$true | $false>]
[-InstantMessagingCertificateThumbprint <String>]
[-InstantMessagingEnabled <$true | $false>]
[-InstantMessagingServerName <String>]
[-InstantMessagingType <None | Ocs | Msn>]
[-IntegratedFeaturesEnabled <$true | $false>]
[-InternalDownloadHostName <String>]
[-InternalSPMySiteHostURL <String>]
[-IRMEnabled <$true | $false>]
[-IsPublic <$true | $false>]
[-JournalEnabled <$true | $false>]
[-JunkEmailEnabled <$true | $false>]
[-LegacyRedirectType <Silent | Manual>]
[-LogonAndErrorLanguage <Int32>]
[-LogonFormat <FullDomain | PrincipalName | UserName>]
[-LogonPageLightSelectionEnabled <$true | $false>]
[-LogonPagePublicPrivateSelectionEnabled <$true | $false>]
[-NotesEnabled <$true | $false>]
[-NotificationInterval <Int32>]
[-OneDriveAttachmentsEnabled <$true | $false>]
[-OrganizationEnabled <$true | $false>]
[-OutboundCharset <AlwaysUTF8 | AutoDetect | UserLanguageChoice>]
[-OWALightEnabled <$true | $false>]
[-OWAMiniEnabled <$true | $false>]
[-PremiumClientEnabled <$true | $false>]
[-PublicFoldersEnabled <$true | $false>]
[-RecoverDeletedItemsEnabled <$true | $false>]
[-RedirectToOptimalOWAServer <$true | $false>]
[-ReferenceAttachmentsEnabled <$true | $false>]
[-RemindersAndNotificationsEnabled <$true | $false>]
[-RemoteDocumentsActionForUnknownServers <Allow | Block>]
[-RemoteDocumentsAllowedServers <MultiValuedProperty>]
[-RemoteDocumentsBlockedServers <MultiValuedProperty>]
[-RemoteDocumentsInternalDomainSuffixList <MultiValuedProperty>]
[-ReportJunkEmailEnabled <$true | $false>]
[-RulesEnabled <$true | $false>]
[-SaveAttachmentsToCloudEnabled <$true | $false>]
[-SearchFoldersEnabled <$true | $false>]
[-SetPhotoEnabled <$true | $false>]
[-SetPhotoURL <String>]
[-SignaturesEnabled <$true | $false>]
[-SilverlightEnabled <$true | $false>]
[-SMimeEnabled <$true | $false>]
[-SpellCheckerEnabled <$true | $false>]
[-TasksEnabled <$true | $false>]
[-TextMessagingEnabled <$true | $false>]
[-ThemeSelectionEnabled <$true | $false>]
[-UMIntegrationEnabled <$true | $false>]
[-UNCAccessOnPrivateComputersEnabled <$true | $false>]
[-UNCAccessOnPublicComputersEnabled <$true | $false>]
[-UseGB18030 <$true | $false>]
[-UseISO885915 <$true | $false>]
[-UserContextTimeout <Int32>]
[-VirtualDirectoryType <NotSpecified | Mailboxes | PublicFolders | Exchweb | Exadmin>]
[-WacEditingEnabled <$true | $false>]
[-WacViewingOnPrivateComputersEnabled <$true | $false>]
[-WacViewingOnPublicComputersEnabled <$true | $false>]
[-WebPartsFrameOptionsType <Deny | AllowFrom | None | SameOrigin>]
[-WebReadyDocumentViewingForAllSupportedTypes <$true | $false>]
[-WebReadyDocumentViewingOnPrivateComputersEnabled <$true | $false>]
[-WebReadyDocumentViewingOnPublicComputersEnabled <$true | $false>]
[-WebReadyDocumentViewingSupportedFileTypes <MultiValuedProperty>]
[-WebReadyDocumentViewingSupportedMimeTypes <MultiValuedProperty>]
[-WebReadyFileTypes <MultiValuedProperty>]
[-WebReadyMimeTypes <MultiValuedProperty>]
[-WhatIf]
[-WSSAccessOnPrivateComputersEnabled <$true | $false>]
[-WSSAccessOnPublicComputersEnabled <$true | $false>]
Description
Before you run the Set-OwaVirtualDirectory cmdlet, consider the following items:
You must have Write access to virtual directory objects in Active Directory. If you don't have the necessary
permissions and you try to run the Set-OwaVirtualDirectory cmdlet on the Active Directory virtual directory
object, the cmdlet fails.
You must have Write access to virtual directory objects in the metabase for some properties, such as
Authentication and GZip. If you don't have the necessary permissions to run the Set-OwaVirtualDirectory
cmdlet on a metabase virtual directory object or on a parameter that writes to the metabase, the cmdlet fails.
Verify that the data source can be read. Depending on the properties that you want to set on an Outlook on the
web virtual directory, you may want to run the cmdlet in a test environment on the Outlook on the web virtual
directory object in Active Directory, the metabase, or both.
You can run the Set-OwaVirtualDirectory cmdlet on any server that has the Exchange Server administration
tools installed.
Several parameters for the Set-OwaVirtualDirectory cmdlet can contain more than one value. These are known
as multivalued properties. Make sure that you modify multivalued properties correctly. For information, see
Modifying multivalued properties (https://technet.microsoft.com/library/bb684908.aspx).
Many of the Outlook on the web virtual directory settings require you to restart IIS (Stop-Service WAS -Force
and Start-Service W3SVC ) before the change takes effect. For example, when you enable or disable forms-
based authentication, or when you enable or disable the Private computer option on the sign-in page.
To switch from forms-based authentication to Basic authentication, you must first disable forms-based
authentication, and then as a separate task, enable Basic authentication. You can't disable forms-based
authentication and enable Basic authentication in a single task.
Examples
-------------------------- Example 1 --------------------------
Set-OwaVirtualDirectory -Identity "Contoso\owa (default Web site)" -DirectFileAccessOnPublicComputersEnabled

$false
This example sets the DirectFileAccessOnPublicComputersEnabled parameter to $false on the Outlook on the web
virtual directory owa on the default Internet Information Services (IIS ) website on the Exchange server Contoso.
-------------------------- Example 2 --------------------------
Set-OwaVirtualDirectory -Identity "Contoso\owa (default Web site)" -ActionForUnknownFileAndMIMETypes Block
This example sets the ActionForUnknownFileAndMIMETypes parameter to Block on the default Outlook on the
web virtual directory owa on the server Contoso.
Parameters
-ActionForUnknownFileAndMIMETypes
The ActionForUnknownFileAndMIMETypes parameter specifies how to handle file types that aren't specified in the
Allow, Block, and Force Save lists for file types and MIME types. Valid values are:
Allow (This is the default value.)
ForceSave
Block
Type: Allow | ForceSave | Block

Required: False
Position: Named
Default value: None
-ActiveSyncIntegrationEnabled
The ActiveSyncIntegrationEnabled parameter specifies whether to enable or disable Exchange ActiveSync settings
$true: ActiveSync is available in Outlook on the web. This is the default value.
$false: ActiveSync isn't available in Outlook on the web

Required: False
Position: Named
Default value: None
-AdfsAuthentication
The AdfsAuthentication parameter enables or disables Active Directory Federation Services (ADFS ) authentication
on the Outlook on the web virtual directory. Valid values are:
$true: ADFS authentication is enabled. You need to set the AdfsAuthentication parameter on Set-
EcpVirtualDirectory to $true before you can use this value.
$false: ADFS authentication is disabled. This is the default value. You need to set the AdfsAuthentication
parameter on Set-EcpVirtualDirectory to $false before you can use this value.
Required: False
Position: Named
Default value: None
-AllAddressListsEnabled
The AllAddressListsEnabled parameter specifies which address lists are available in Outlook on the web. Valid
values are:
$true: All address lists are visible in Outlook on the web. This is the default value.
$false: Only the global address list is visible in Outlook on the web.

Required: False
Position: Named
Default value: None
-AllowCopyContactsToDeviceAddressBook
The AllowCopyContactsToDeviceAddressBook parameter specifies whether users can copy the contents of their
Contacts folder to a mobile device's native address book when using Outlook on the web for devices. Valid values
are:
$true: Contacts can be copied to the device's address book in Outlook on the web for devices. This is the default
value.
$false: Contacts can't be copied to the device's address book in Outlook on the web for devices.

Required: False
Position: Named
Default value: None
-AllowedFileTypes
The AllowedFileTypes parameter specifies the attachment file types (file extensions) that can be saved locally or
viewed from Outlook on the web. The default values are:
.avi, .bmp, .doc, .docm, .docx, .gif, .jpg, .mp3, .one, .pdf, .png, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pub, .rpmsg, .rtf, .tif, .tiff,
.txt, .vsd, .wav, .wma, .wmv, .xls, .xlsb, .xlsm, .xlsx, .zip
Required: False
Position: Named
Default value: None
-AllowedMimeTypes
The AllowedMimeTypes parameter specifies the MIME extensions of attachments that allow the attachments to be
saved locally or viewed from Outlook on the web. The default values are:
image/bmp
image/gif
image/jpeg
image/png
Required: False
Position: Named
Default value: None
-AllowOfflineOn
The AllowOfflineOn parameter specifies when Outlook on the web in offline mode is available for supported web
browsers. Valid values are:
PrivateComputersOnly: Offline mode is available in private computer sessions. By default in Exchange 2013 or
later, all Outlook on the web sessions are considered to be on private computers. In Exchange 2013 or later,
users can only specify public computer sessions if you've enabled the private/public selection on the sign in
page (the LogonPagePublicPrivateSelectionEnabled parameter value is $true).
NoComputers: Offline mode is disabled.
AllComputers: Offline mode is available for public and private computer sessions. This is the default value.
When offline mode is available, users can turn offline mode on or off themselves in Outlook on the web. For more
information, see Using Outlook Web App offline.
Type: PrivateComputersOnly | NoComputers | AllComputers

Required: False
Position: Named
Default value: None
-AnonymousFeaturesEnabled
The AnonymousFeaturesEnabled parameter specifies whether you want to allow Outlook on the web users that are
logged on anonymously to access specific features. Valid values are:
$true: Features are enabled for anonymous users. For example, anonymous users can view and change meeting
content. This is the default value.
$false: Features are disabled for anonymous users.

Required: False
Position: Named
Default value: None
values are:
This parameter can be used with the FormsAuthentication parameter or with the DigestAuthentication and
WindowsAuthentication parameters.

Required: False
Position: Named
Default value: None
-BlockedFileTypes
The BlockedFileTypes parameter specifies a list of attachment file types (file extensions) that can't be saved locally
or viewed from Outlook on the web. The default values are:
.ade, .adp, .app, .asp, .aspx, .asx, .bas, .bat, .chm, .cmd, .com, .cpl, .csh, .exe, .fxp, .gadget, .hlp, .hta, .htc, .inf, .ins, .isp, .its,
.js, .jse, .ksh, .lnk, .mad, .maf, .mag, .mam, .maq, .mar, .mas, .mat, .mau, .mav, .maw, .mda, .mdb, .mde, .mdt, .mdw, .mdz,
.mht, .mhtml, .msc, .msh, .msh1, .msh1xml, .msh2, .msh2xml, .mshxml, .msi, .msp, .mst, .ops, .pcd, .pif, .plg, .prf, .prg,
.ps1, .ps1xml, .ps2, .ps2xml, .psc1, .psc2, .pst, .reg, .scf, .scr, .sct, .shb, .shs, .tmp, .url, .vb, .vbe, .vbs, .vsmacros, .vss, .vst,
.vsw, .ws, .wsc, .wsf, .wsh
Required: False
Position: Named
Default value: None
-BlockedMimeTypes
The BlockedMimeTypes parameter specifies MIME extensions in attachments that prevent the attachments from
being saved locally or viewed from Outlook on the web. The default values are:
application/hta
application/javascript
application/msaccess
application/prg
application/x-javascript
text/javascript
text/scriplet
x-internet-signup
Required: False
Position: Named
Default value: None
-BoxAttachmentsEnabled

Required: False
Position: Named
Default value: None
-CalendarEnabled
The CalendarEnabled parameter specifies whether to enable or disable the calendar in Outlook on the web. Valid
values are:
$true: The Calendar is available in Outlook on the web. This is the default value.
$false: The Calendar isn't available in Outlook on the web.

Required: False
Position: Named
Default value: None
-CalendarPublishingEnabled
The CalendarPublishingEnabled parameter specifies whether users can publish their calendar from Outlook Web
$true: Calendar publishing is enabled. This is the default value.
$false: Calendar publishing is disabled.

Required: False
Position: Named
Default value: None
-ChangePasswordEnabled
The ChangePasswordEnabled parameter specifies whether users can change their passwords from inside Outlook
$true: The Change password option is available in Outlook on the web. This is the default value in on-premises
Exchange.
$false: The Change password option isn't available in Outlook on the web.
Required: False
Position: Named
Default value: None
-ClassicAttachmentsEnabled
The ClassicAttachmentsEnabled parameter specifies whether users can attach local files as regular email
$true: Users can attach local files to email messages in Outlook on the web. This is the default value.
$false: Users can't attach local files to email messages in Outlook on the web.

Required: False
Position: Named
Default value: None
-ClientAuthCleanupLevel
The ClientAuthCleanupLevel parameter specifies how much of the cache is cleared when the user logs off from
Low
High (This is the default value)
Type: High | Low

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-ContactsEnabled
The ContactsEnabled parameter specifies whether to enable or disable Contacts in Outlook on the web. Valid
values are:
$true: Contacts are available in Outlook on the web. This is the default value.
$false: Contacts aren't available in Outlook on the web.

Required: False
Position: Named
Default value: None
-CrossSiteRedirectType
The CrossSiteRedirectType parameter controls how a Client Access server redirects Outlook Web App to the Client
Access server infrastructure in another Active Directory site. Valid values are:
Silent: Users are automatically redirected when the Client Access server redirects an Outlook Web App request
to Client Access server infrastructure in another Active Directory site. If using forms-based authentication, SSL
is required. For redirection to occur, the target OWA virtual directory must have an ExternalURL value.
Manual: Users receive a notification that they are accessing the wrong URL and that they must click a link to
access the preferred Outlook Web App URL for their mailbox. This notification occurs only when the Client
Access server determines that it must redirect an Outlook Web App request to the Client Access server
infrastructure in another Active Directory site. For redirection to occur, the target OWA virtual directory must
have an ExternalURL value.
The default value is Manual.
Type: Silent | Manual

Required: False
Position: Named
Default value: None
-DefaultClientLanguage
Type: Int32
Required: False
Position: Named
Default value: None
-DefaultDomain
The DefaultDomain parameter specifies which domain to use when the LogonFormat parameter is set to
UserName (for example, contoso.com).
Type: String
Required: False
Position: Named
Default value: None
-DefaultTheme
The DefaultTheme parameter specifies the default theme that's used in Outlook on the web when the user hasn't
selected a theme. The default value is blank ($null). For more information about the built-in themes that are
available in Outlook on the web, see Default Outlook on the web themes in Exchange.
Note that this parameter is a text string, and the value you specify isn't validated against the list of available themes.
Type: String
Required: False
Position: Named
Default value: None
-DelegateAccessEnabled
The DelegateAccessEnabled parameter specifies whether delegates can use Outlook Web App to open folders that
they have delegate access to. Valid values are:
$true: Delegates can open the mailbox in Outlook Web App. This is the default value.
$false: Delegates can't open the mailbox in Outlook Web App.

Required: False
Position: Named
Default value: None
Valid values are:
You can use this parameter with the FormsAuthentication parameter.

Required: False
Position: Named
Default value: None
-DirectFileAccessOnPrivateComputersEnabled
Outlook on the web for private computer sessions. Valid values are:
$true: Open is available for attachments in Outlook on the web for private computer sessions. This is the default
value.
$false: Open isn't available for attachments in Outlook on the web for private computer sessions. Note that
By default in Exchange 2013 or later, all Outlook on the web sessions are considered to be on private computers.

Required: False
Position: Named
Default value: None
-DirectFileAccessOnPublicComputersEnabled
Outlook on the web for public computer sessions. Valid values are:
$true: Open is available for attachments in Outlook on the web for public computer sessions. This is the default
value.
$false: Open isn't available for attachments in Outlook on the web for public computer sessions. Note that
selection on the sign in page (the LogonPagePublicPrivateSelectionEnabled parameter value is $true).

Required: False
Position: Named
Default value: None
-DisplayPhotosEnabled
The DisplayPhotosEnabled parameter specifies whether users see sender photos in Outlook on the web. Valid
values are:
$true: Users see sender photos in Outlook on the web. This is the default value.
$false: Users don't see sender photos in Outlook on the web.

Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-DropboxAttachmentsEnabled

Required: False
Position: Named
Default value: None
-Exchange2003Url
The Exchange2003Url parameter specifies the Outlook Web App URL for Exchange Server 2003 mailboxes. The
URL must include the Outlook Web App virtual directory name, even if you're using a redirect to simplify the URL
specified by the Exchange2003Url parameter.
Type: Uri
Required: False
Position: Named
Default value: None
-ExchwebProxyDestination
Type: NotSpecified | MailboxServer | PublicFolderServer
Required: False
Position: Named
Default value: None
-ExplicitLogonEnabled
The ExplicitLogonEnabled parameter specifies whether to allow a user to open someone else's mailbox in Outlook
on the web (provided that user has permissions to the mailbox). Valid values are:
$true: A user with the required permissions is able to open someone else's mailbox in Outlook on the web. This
$false: A user with the required permissions isn't able to open someone else's mailbox in Outlook on the web.

Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
$null (blank): This is the default value.
Required: False
Position: Named
Default value: None
are:
Note: If you use the value Allow or Require, and you have a proxy server between the client and the Client Access
Required: False
Position: Named
Default value: None
Adfs
Basic
Certificate
Digest
Fba
Kerberos
LiveIdBasic
LiveIdFba
LiveIdNegotiate
NegoEx
Negotiate
Ntlm
OAuth
WindowsIntegrated
WSSecurity
Required: False
Position: Named
Default value: None
-ExternalDownloadHostName
The ExternalDownloadHostName parameter specifies the download location for files in Outlook on the web for
external users (for example, in-line image files).
Type: String
Required: False
Position: Named
Default value: None
-ExternalSPMySiteHostURL
The ExternalSPMySiteHostURL specifies the My Site Host URL for external users (for example,
Type: String
Required: False
Position: Named
Default value: None
-ExternalUrl
firewall.
Type: Uri
Required: False
Position: Named
Default value: None
-FailbackUrl
The FailbackUrl parameter specifies the URL that Outlook on the web uses to connect to the server after failback in
a site resilience process and requires a separate DNS entry pointing to the original server's IP address.
This parameter value must be different from the ExternalUrl parameter.
Type: Uri
Required: False
Position: Named
Default value: None
-FilterWebBeaconsAndHtmlForms
The FilterWebBeaconsAndHtmlForms parameter specifies how web beacons are handled in Outlook on the web.
Valid values are:
UserFilterChoice (This is the default value)
ForceFilter
DisableFilter
Type: UserFilterChoice | ForceFilter | DisableFilter

Required: False
Position: Named
Default value: None
-ForceSaveAttachmentFilteringEnabled
The ForceSaveAttachmentFilteringEnabled parameter specifies whether files are filtered before they can be saved
from Outlook on the web. Valid values are:
$true: The attachments specified by the ForceSaveFileTypes parameter are filtered before they can be saved
from Outlook on the web.
$false: The attachments aren't filtered before they're saved. This is the default value.

Required: False
Position: Named
Default value: None
-ForceSaveFileTypes
The ForceSaveFileTypes parameter specifies the attachment file types (file extensions) that can only be saved from
Outlook on the web (not opened). The default values are:
.ade, .adp, .app, .asp, .aspx, .asx, .bas, .bat, .cer, .chm, .cmd, .com, .cpl, .crt, .csh, .dcr, .dir, .exe, .fxp, .gadget, .hlp, .hta, .htm,
.html, .inf, .ins, .isp, .its, .js, .jse, .ksh, .lnk, .mad, .maf, .mag, .mam, .maq, .mar, .mas, .mat, .mau, .mav, .maw, .mda, .mdb,
.mde, .mdt, .mdw, .mdz, .msc, .msh, .mshxml, .msi, .msp, .mst, .ops, .pcd, .pif, .plg, .prf, .prg, .ps1, .ps1xml, .ps2, .ps2xml,
.psc1, .psc2, .pst, .reg, .scf, .scr, .sct, .shb, .shs, .spl, .swf, .tmp, .url, .vb, .vbe, .vbs, .vsmacro, .vss, .vst, .vsw, .ws, .wsc, .wsf,
.wsh
Required: False
Position: Named
Default value: None
-ForceSaveMimeTypes
The ForceSaveMimeTypes parameter specifies the MIME extensions in attachments that only allow the
attachments to be saved locally (not opened). The default values are:
Application/futuresplash
Application/octet-stream
Application/x-director
Application/x-shockwave-flash
text/html
Required: False
Position: Named
Default value: None
-ForceWacViewingFirstOnPrivateComputers
The ForceWacViewingFirstOnPrivateComputers parameter specifies whether private computers must first preview
an Office file as a web page in Office Online Server (formerly known as Office Web Apps Server and Web Access
Companion Server) before opening the file in the local application. Valid values are:
$true: Private computers must first preview an Office file as a web page in Office Online Server before opening
the file.
$false: Private computers aren't required to preview an Office file as a web page in Office Online Server before

Required: False
Position: Named
Default value: None
-ForceWacViewingFirstOnPublicComputers
The ForceWacViewingFirstOnPublicComputers parameter specifies whether public computers must first preview
an Office file as a web page in Office Online Server before opening the file in the local application. Valid values are:
$true: Public computers must first preview an Office file as a web page in Office Online Server before opening
the file.
$false: Public computers aren't required to preview an Office file as a web page in Office Online Server before

Required: False
Position: Named
Default value: None
-ForceWebReadyDocumentViewingFirstOnPrivateComputers
The ForceWebReadyDocumentViewingFirstOnPrivateComputers parameter specifies whether private computers
$true: Private computers must first preview an Office file as a web page in WebReady Document Viewing
before opening the file.
$false: Private computers aren't required to preview an Office file as a web page in WebReady Document

Required: False
Position: Named
Default value: None
-ForceWebReadyDocumentViewingFirstOnPublicComputers
The ForceWebReadyDocumentViewingFirstOnPublicComputers parameter specifies whether Public computers
$true: Public computers must first preview an Office file as a web page in WebReady Document Viewing before
opening the file.
$false: Public computers aren't required to preview an Office file as a web page in WebReady Document
Required: False
Position: Named
Default value: None
-FormsAuthentication
The FormsAuthentication parameter enables or disables forms-based authentication on the Outlook on the web
$true: Forms-based authentication is enabled in Outlook on the web. This is the default value. The
BasicAuthentication parameter is also set to $true, and the DigestAuthentication and WindowsAuthentication
parameters are set to $false.
$false: Forms-based authentication is disabled in Outlook on the web.

Required: False
Position: Named
Default value: None
-FreCardsEnabled

Required: False
Position: Named
Default value: None
-GlobalAddressListEnabled
The GlobalAddressListEnabled parameter specifies whether the global address list is available in Outlook on the
$true: The global address list is visible in Outlook on the web. This is the default value.
$false: The global address list isn't visible in Outlook on the web.

Required: False
Position: Named
Default value: None
-GoogleDriveAttachmentsEnabled
Required: False
Position: Named
Default value: None
-GzipLevel
The GzipLevel parameter sets Gzip configuration information for the Outlook on the web virtual directory. Valid
values are:
Off
Low (This is the default value)
High
Error

Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the OWA virtual directory that you want to modify. You can use any value that
GUID
Required: True
Position: 1
Default value: None
-InstantMessagingCertificateThumbprint
The InstantMessagingCertificateThumbprint parameter specifies the trusted certificate used to communicate
between the instant messaging server and the Mailbox server. Use the Get-ExchangeCertificate cmdlet to find the
thumbprint of the certificate.
Type: String
Required: False
Position: Named
Default value: None
-InstantMessagingEnabled
The InstantMessagingEnabled parameter specifies whether instant messaging is available in Outlook on the web.
Valid values are:
$true: Instant messaging is available in Outlook on the web. This is the default value.
$false: Instant messaging isn't available in Outlook on the web.

Required: False
Position: Named
Default value: None
-InstantMessagingServerName
The InstantMessagingServerName parameter specifies the fully qualified domain name (FQDN ) of the instant
messaging server or set of servers behind a load balancing device.
Type: String
Required: False
Position: Named
Default value: None
-InstantMessagingType
The InstantMessagingType parameter specifies the type of instant messaging provider in Outlook on the web. Valid
values are:
None: This is the default value.
Ocs: Lync or Skype (formerly known as Office Communication Server).
Type: None | Ocs | Msn

Required: False
Position: Named
Default value: None
-IntegratedFeaturesEnabled
The IntegratedFeaturesEnabled parameter specifies whether to allow Outlook on the web users who are logged on
using Integrated Windows authentication to access specific features. Valid values are:
$true: Integrated features are enabled. For example, users logged on using Integrated Windows authentication
can view and change meeting content. This is the default value.
$false: Integrated features are disabled.

Required: False
Position: Named
Default value: None
-InternalDownloadHostName
The InternalDownloadHostName parameter specifies the download location for files in Outlook on the web for
internal users (for example, in-line image files). The default value is blank ($null).
Type: String
Required: False
Position: Named
Default value: None
-InternalSPMySiteHostURL
The InternalSPMySiteHostURL specifies the My Site Host URL for internal users (for example,
Type: String
Required: False
Position: Named
Default value: None
-InternalUrl
Type: Uri
Required: False
Position: Named
Default value: None
-IRMEnabled
The IRMEnabled parameter specifies whether Information Rights Management (IRM ) features are available in
$true: IRM is available in Outlook on the web. This is the default value.
$false: IRM isn't available in Outlook on the web.
Required: False
Position: Named
Default value: None
-IsPublic
The IsPublic parameter specifies whether external users use the virtual directory for Outlook on the web in multiple
virtual directory environments (you've configured separate virtual directories on the same server for internal vs.
external Outlook on the web connections). Valid values are:
$true: External users use the virtual directory for Outlook on the web.
$false: External users don't use the virtual directory for Outlook on the web. This is the default value.

Required: False
Position: Named
Default value: None
-JournalEnabled
The JournalEnabled parameter specifies whether the Journal folder is available in Outlook on the web. Valid values
are:
$true: The Journal folder is visible in Outlook on the web. This is the default value.
$false: The Journal folder isn't visible in Outlook on the web.

Required: False
Position: Named
Default value: None
-JunkEmailEnabled
The JunkEmailEnabled parameter specifies whether the Junk Email folder and junk email management are
available in Outlook on the web. Valid values are:
$true: The Junk Email folder and junk email management are available in Outlook on the web. This is the
default value.
$false: The Junk Email folder and junk email management aren't available in Outlook on the web.

Required: False
Position: Named
Default value: None
-LegacyRedirectType
The LegacyRedirectType parameter specifies the type of redirect that Outlook Web App uses to a legacy Client
Access server or Front End server when forms-based authentication isn't used on the Exchange 2010 Outlook Web
App virtual directory. Valid values are:
Silent: A standard redirect is used. This is the default value.
Manual: An intermediate page is displayed to show the legacy URL so that users can change their bookmarks.
Type: Silent | Manual

Required: False
Position: Named
Default value: None
-LogonAndErrorLanguage
The LogonAndErrorLanguage parameter specifies the language that used in Outlook on the web for forms-based
authentication and for error messages when a user's current language setting can't be read.
A valid value is a supported Microsoft Windows Language Code Identifier (LCID ). For example, 1033 is US English.
The default value is 0, which means the logon and error language selection is undefined.
Type: Int32
Required: False
Position: Named
Default value: None
-LogonFormat
The LogonFormat parameter specifies the type of logon format that's required for forms-based authentication on
the Outlook on the web sign-in page. Valid values are:
FullDomain: Requires the format domain\username. This is the default value.
UserName: Requires only the username, but you also need to specify a value for the DefaultDomain parameter.
PrincipalName: Requires the user principal name (UPN ) (for example, user@contoso.com). This sign-in method
works only for users whose UPN name is the same as their email address.
Type: FullDomain | PrincipalName | UserName

Required: False
Position: Named
Default value: None
-LogonPageLightSelectionEnabled
The LogonPageLightSelectionEnabled parameter specifies whether the Outlook on the web sign-in page includes
the option to sign in to the light version of Outlook on the web. Valid values are:
$true: The option to use the light version of Outlook on the web is available on the sign-in page. This is the
default value.
$false: The option to use the light version of Outlook on the web is available on the sign-in page.
This parameter is meaningful only for browsers that support the full version of Outlook on the web; unsupported
browsers are always required to use the light version of Outlook on the web.

Required: False
Position: Named
Default value: None
-LogonPagePublicPrivateSelectionEnabled
The LogonPagePublicPrivateSelectionEnabled parameter specifies whether the Outlook on the web sign-in page
includes the public/private computer session option at sign-in. Valid values are:
$true: The public/private computer session selection is available on the Outlook on the web sign-in page.
$false: The public/private computer session selection isn't available on the Outlook on the web sign-in page. All
sessions are considered to be on private computers. This is the default value.
Users can only specify public computer sessions if you've set this parameter value to $false.
When you change the value of this parameter, restart IIS (Stop-Service WAS -Force and Start-Service W3SVC ).

Required: False
Position: Named
Default value: None
-NotesEnabled
The NotesEnabled parameter specifies whether the Notes folder is available in Outlook on the web. Valid values
are:
$true: The Notes folder is visible in Outlook on the web. This is the default value.
$false: The Notes folder isn't visible in Outlook on the web.

Required: False
Position: Named
Default value: None
-NotificationInterval
The NotificationInterval parameter specifies the polling frequency in seconds that the client polls the server for new
item notifications, reminder updates, and session time-out information in Outlook Web App.
The default value is 120 seconds.
Type: Int32
Required: False
Position: Named
Default value: None

Required: False
Position: Named
Default value: None
-OneDriveAttachmentsEnabled

Required: False
Position: Named
Default value: None
-OrganizationEnabled
When the OrganizationEnabled parameter is set to $false, the Automatic Reply option doesn't include external and
internal options, the address book doesn't show the organization hierarchy, and the Resources tab in Calendar
forms is disabled. The default value is $true.

Required: False
Position: Named
Default value: None
-OutboundCharset
The OutboundCharset parameter specifies the character set that's used for outgoing messages in Outlook on the
AutoDetect: Examine the first 2 kilobytes (KB ) of text in the message to determine the character set that's used
in outgoing messages. This is the default value.
AlwaysUTF8: Always use UTF -8 encoded UNICODE characters in outgoing messages, regardless of the
detected text in the message, or the user's language choice in Outlook on the web. Use this value if replies to
UTF -8 encoded messages aren't being encoded in UTF -8.
UserLanguageChoice: Use the user's language choice in Outlook on the web to encode outgoing messages.
Type: AlwaysUTF8 | AutoDetect | UserLanguageChoice
Required: False
Position: Named
Default value: None
-OWALightEnabled
The OWALightEnabled parameter controls the availability of the light version of Outlook on the web. Valid values
are:
$true: The light version of Outlook on the web is available. This is the default value.
$false: The light version of Outlook on the web is isn't available. This setting prevents access to Outlook on the
web for unsupported browsers that can only use the light version of Outlook on the web.

Required: False
Position: Named
Default value: None
-OWAMiniEnabled
The OWAMiniEnabled parameter controls the availability of the mini version of Outlook Web App. Valid values are:
$true: The mini version of Outlook Web App is available. This is the default value.
$false: The mini version of Outlook Web App isn't available.

Required: False
Position: Named
Default value: None
-PremiumClientEnabled
The PremiumClientEnabled parameter controls the availability of the full version of Outlook Web App. Valid values
are:
$true: The full version of Outlook Web App is available for supported browsers. This is the default value.
$false: The full version of Outlook Web App isn't available.

Required: False
Position: Named
Default value: None
-PublicFoldersEnabled
The PublicFoldersEnabled parameter specifies whether a user can browse or read items in public folders in Outlook
Web App. Valid values are:
$true: Public folders are available in Outlook Web App. This is the default value.
$false: Public folders aren't available in Outlook Web App.

Required: False
Position: Named
Default value: None
-RecoverDeletedItemsEnabled
The RecoverDeletedItemsEnabled parameter specifies whether a user can use Outlook Web App to view, recover, or
delete permanently items that have been deleted from the Deleted Items folder. Valid values are:
$true: Users can view, recover, or permanently delete items in Outlook Web App. This is the default value.
$false: Users can't view, recover, or permanently delete items in Outlook Web App. Items deleted from the
Deleted Items folder in Outlook Web App are still retained.

Required: False
Position: Named
Default value: None
-RedirectToOptimalOWAServer
The RedirectToOptimalOWAServer parameter specifies whether to find the optimal server for Outlook on the web.
Valid values are:
$true: Outlook on the web uses service discovery to find the best Mailbox server to use after a user
authenticates. This is the default value.
$false: Outlook on the web doesn't redirect clients to the optimal Mailbox server.

Required: False
Position: Named
Default value: None
-ReferenceAttachmentsEnabled
The ReferenceAttachmentsEnabled parameter specifies whether users can attach files from the cloud as linked
$true: Users can attach files that are stored in the cloud as linked attachments. If the file hasn't been uploaded to
the cloud yet, the users can attach and upload the file in the same step. This is the default value.
$false: Users can't share files in the cloud as linked attachments. They need to download a local copy of the file
before attaching the file to the email message.

Required: False
Position: Named
Default value: None
-RemindersAndNotificationsEnabled
The RemindersAndNotificationsEnabled parameter specifies whether notifications and reminders are enabled in
$true: Notifications and reminders are enabled in Outlook on the web. This is the default value.
$false: Notifications and reminders are disabled in Outlook on the web.

Required: False
Position: Named
Default value: None
-RemoteDocumentsActionForUnknownServers
Type: Allow | Block

Required: False
Position: Named
Default value: None
-RemoteDocumentsAllowedServers
Required: False
Position: Named
Default value: None
-RemoteDocumentsBlockedServers
Required: False
Position: Named
Default value: None
-RemoteDocumentsInternalDomainSuffixList
Required: False
Position: Named
Default value: None
-ReportJunkEmailEnabled
The ReportJunkEmailEnabled parameter specifies whether users can report messages to Microsoft or unsubscribe
from messages in Outlook on the web. Valid values are:
$true: The Report junk, Report phishing or Report not junk options are available after the user selects Mark as
junk, Mark as phishing, or Mark as not junk. The Unsubscribe option is also available. This is the default value.
$false: The Report junk, Report phishing, Report not junk and Unsubscribe options aren't available.
This parameter is meaningful only when the JunkEmailEnabled parameter is set to $true.

Required: False
Position: Named
Default value: None
-RulesEnabled
The RulesEnabled parameter specifies whether a user can view, create, or modify server-side rules in Outlook on
$true: Users can view, create, or modify server-side rules in Outlook on the web. This is the default value.
$false: Users can't view, create, or modify server-side rules in Outlook on the web.

Required: False
Position: Named
Default value: None
-SaveAttachmentsToCloudEnabled
The SaveAttachmentsToCloudEnabled parameter specifies whether users can save regular email attachments to the
cloud. Valid values are:
$true: Users can save regular email attachments to the cloud. This is the default value.
$false: Users can only save regular email attachments locally.

Required: False
Position: Named
Default value: None
-SearchFoldersEnabled
The SearchFoldersEnabled parameter specifies whether Search Folders are available in Outlook on the web. Valid
values are:
$true: Search Folders are visible in Outlook on the Web. This is the default value.
$false: Search Folders aren't visible in Outlook on the Web.

Required: False
Position: Named
Default value: None
-SetPhotoEnabled
The SetPhotoEnabled parameter specifies whether users can add, change, and remove their sender photo in
$true: Users can manage their photos in Outlook on the web. This is the default value.
$false: Users can't manage their user photo in Outlook on the web.

Required: False
Position: Named
Default value: None
-SetPhotoURL
The SetPhotoURL parameter specifies the location (URL ) of user photos. The default value of this parameter is
blank ($null).
Type: String
Required: False
Position: Named
Default value: None
-SignaturesEnabled
The SignaturesEnabled parameter specifies whether to enable or disable the use of signatures in Outlook on the
$true: Signatures are available in Outlook on the web. This is the default value.
$false: Signatures aren't available in Outlook on the web.

Required: False
Position: Named
Default value: None
-SilverlightEnabled
The SilverlightEnabled parameter specifies whether a user can use Microsoft Silverlight features in Outlook Web
$true: Silverlight features are available in Outlook Web App. This is the default value.
$false: Silverlight features aren't available in Outlook Web App.

Required: False
Position: Named
Default value: None
-SMimeEnabled
The SMimeEnabled parameter specifies whether users can download the S/MIME control for Outlook Web App
and use it to read and compose signed and encrypted messages. Valid values are:
$true: Users can read and compose S/MIME signed and encrypted messages in Outlook Web App. This is the
default value.
$false: Users can't read or compose messages in Outlook Web App that are opaque-signed or encrypted by
using S/MIME. Messages that are clear-signed can be read but not composed, and their signatures aren't
validated.
Note: In Exchange 2013 or later, use the Get-SmimeConfig and Set-SmimeConfig cmdlets to configure the
S/MIME settings in Outlook on the web. For more information, see {S/MIME for message signing and encryption]
(https://technet.microsoft.com/library/dn626158.aspx).
Required: False
Position: Named
Default value: None
-SpellCheckerEnabled
The SpellCheckerEnabled parameter specifies whether to enable or disable the built-in Outlook Web App spell
checker in the full version of Outlook Web App. Valid values are:
$true: Spell checking is available in Outlook Web App. This is the default value.
$false: Spell checking isn't available in Outlook Web App.

Required: False
Position: Named
Default value: None
-TasksEnabled
The TasksEnabled parameter specifies whether Tasks folder is available in Outlook on the web. Valid values are:
$true: The Tasks folder is available in Outlook on the web. This is the default value.
$false: The Tasks folder isn't available in Outlook on the web.

Required: False
Position: Named
Default value: None
-TextMessagingEnabled
The TextMessagingEnabled parameter specifies whether users can send and receive text messages in Outlook on
$true: Text messaging is available in Outlook on the web. This is the default value.
$false: Text messaging isn't available in Outlook on the web.
Required: False
Position: Named
Default value: None
-ThemeSelectionEnabled
The ThemeSelectionEnabled parameter specifies whether users can change the theme in Outlook on the web. Valid
values are:
$true: Users can specify the theme in Outlook on the web. This is the default value.
$false: Users can't specify or change the theme in Outlook on the web.

Required: False
Position: Named
Default value: None
-UMIntegrationEnabled
The UMIntegrationEnabled parameter specifies whether Unified Messaging (UM ) integration is enabled in Outlook
$true: UM integration is enabled in Outlook on the web. This is the default value.
$false: UM integration is disabled in Outlook on the web.
This setting applies only if Unified Messaging has been enabled for a user (for example, bu using the Enable-
UMMailbox cmdlet).

Required: False
Position: Named
Default value: None
-UNCAccessOnPrivateComputersEnabled

Required: False
Position: Named
Default value: None
-UNCAccessOnPublicComputersEnabled
Required: False
Position: Named
Default value: None
-UseGB18030
The UseGB18030 parameter specifies whether to use the GB18030 character set instead of GB2312 in Outlook on
$true: GB18030 is used wherever GB2312 would have been used in Outlook on the web.
$false: GB2312 isn't replaced by GB18030 in Outlook on the web. This is the default value.

Required: False
Position: Named
Default value: None
-UseISO885915
The UseISO885915 parameter specifies whether to use the character set ISO8859-15 instead of ISO8859-1 in
$true: ISO8859-15 is used wherever ISO8859-1 would have been used in Outlook on the web.
$false: ISO8859-1 isn't replaced by GB18030 in Outlook on the web. This is the default value.

Required: False
Position: Named
Default value: None
-UserContextTimeout
The UserContextTimeout parameter specifies the time-out setting in minutes for a user context object. This
parameter doesn't limit public and private forms-based authentication time-out settings.
The default value is 60.
Type: Int32
Required: False
Position: Named
Default value: None
-VirtualDirectoryType
Type: NotSpecified | Mailboxes | PublicFolders | Exchweb | Exadmin
Required: False
Position: Named
Default value: None
-WacEditingEnabled
The WacEditingEnabled parameter specifies whether to enable or disable editing documents in Outlook on the web
by using Office Online Server (formerly known as Office Web Apps Server and Web Access Companion Server).
Valid values are:
$true: Users can edit supported documents in Outlook on the web. This is the default value.
$false: Users can't edit supported documents in Outlook on the web.

Required: False
Position: Named
Default value: None
-WacViewingOnPrivateComputersEnabled
The WacViewingOnPrivateComputersEnabled parameter specifies whether to enable or disable web viewing of
supported Office documents private computer sessions in Office Online Server (formerly known as Office Web
Apps Server and Web Access Companion Server). By default, all Outlook on the web sessions are considered to be
on private computers. Valid values are:
$true: In private computer sessions, users can view supported Office documents in the web browser. This is the
default value.
$false: In private computer sessions, users can't view supported Office documents in the web browser. Users
can still open the file in a supported application or save the file locally.

Required: False
Position: Named
Default value: None
-WacViewingOnPublicComputersEnabled
The WacViewingOnPublicComputersEnabled parameter specifies whether to enable or disable web viewing of
supported Office documents in public computer sessions in Office Online Server. Valid values are:
$true: In public computer sessions, users can view supported Office documents in the web browser. This is the
default value.
$false: In public computer sessions, users can't view supported Office documents in the web browser. Users can
still open the file in a supported application or save the file locally.

Required: False
Position: Named
Default value: None
-WebPartsFrameOptionsType
The WebPartsFrameOptionsType parameter specifies what sources can access web parts in IFRAME or FRAME
elements in Outlook on the web. Valid values are:
None: There are no restrictions on displaying Outlook on the web content in a frame.
SameOrigin: This is the default value and the recommended value. Display Outlook on the web content only in
a frame that has the same origin as the content.
Deny: Blocks display of Outlook on the web content in a frame, regardless of the origin of the site attempting to
access it.
Type: Deny | AllowFrom | None | SameOrigin

Required: False
Position: Named
Default value: None
-WebReadyDocumentViewingForAllSupportedTypes
The WebReadyDocumentViewingForAllSupportedTypes parameter specifies whether to enable WebReady
Document Viewing for all supported file and MIME types. Valid values are:
$true: All supported attachment types are available for WebReady Document Viewing. This is the default value.
$false: Only the attachment types that are specified by the WebReadyFileTypes and WebReadyMimeTypes
parameters are available for WebReady Document Viewing (you can remove values from the lists).

Required: False
Position: Named
Default value: None
-WebReadyDocumentViewingOnPrivateComputersEnabled
The WebReadyDocumentViewingOnPrivateComputersEnabled parameter specifies whether WebReady Document
Viewing is available in private computer sessions. Valid values are:
$true: WebReady Document Viewing is available in private computer sessions. This is the default value.
$false: WebReady Document Viewing isn't available in private computer sessions.
By default in Exchange 2013, all Outlook on the web sessions are considered to be on private computers.

Required: False
Position: Named
Default value: None
-WebReadyDocumentViewingOnPublicComputersEnabled
The WebReadyDocumentViewingOnPublicComputersEnabled parameter specifies whether WebReady Document
Viewing is in public computer sessions. Valid values are:
$true: WebReady Document Viewing is available for public computer sessions. This is the default value.
$false: WebReady Document Viewing isn't available for public computer sessions.
In Exchange 2013, users can only specify public computer sessions if you've enabled the private/public selection on
the sign in page (the LogonPagePublicPrivateSelectionEnabled parameter value is $true).

Required: False
Position: Named
Default value: None
-WebReadyDocumentViewingSupportedFileTypes
This is a read-only parameter that can't be modified; use the WebReadyFileTypes parameter instead.
Required: False
Position: Named
Default value: None
-WebReadyDocumentViewingSupportedMimeTypes
This is a read-only parameter that can't be modified; use the WebReadyMimeTypes parameter instead..
Required: False
Position: Named
Default value: None
-WebReadyFileTypes
The WebReadyFileTypes parameter specifies the attachment file types (file extensions) that can be viewed by
WebReady Document Viewing in Outlook on the web. The default value is all supported file types:
.doc
.docx
.dot
.pdf
.pps
.ppt
.pptx
.rtf
.xls
.xlsx
Otherwise, all supported file types are available in WebReady Document Viewing.
Required: False
Position: Named
Default value: None
-WebReadyMimeTypes
The WebReadyMimeTypes parameter specifies the MIME extensions of attachments that allow the attachments to
be viewed by WebReady Document Viewing in Outlook on the web. The default value is all supported MIME types:
application/msword
application/pdf
application/vnd.ms-excel
application/vnd.ms-powerpoint
application/vnd.openxmlformats-officedocument.presentationml.presentation
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
application/vnd.openxmlformats-officedocument.wordprocessingml.document
application/x-msexcel
application/x-mspowerpoint
Otherwise, all supported MIME types are available in WebReady Document Viewing.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
The WindowsAuthentication parameter enables or disables Integrated Windows authentication on the virtual
directory. Valid values are:
$true: Integrated Windows authentication is enabled on the Outlook on the web virtual directory.
$true: Integrated Windows authentication is disabled on the Outlook on the web virtual directory. This is the
default value.

Required: False
Position: Named
Default value: None
-WSSAccessOnPrivateComputersEnabled
Required: False
Position: Named
Default value: None
-WSSAccessOnPublicComputersEnabled

Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-PowerShellVirtualDirectory
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-PowerShellVirtualDirectory cmdlet to modify
existing Windows PowerShell virtual directories that are used in Internet Information Services (IIS ) on Exchange
Syntax
Set-PowerShellVirtualDirectory [-Identity] <VirtualDirectoryIdParameter>
[-CertificateAuthentication <$true | $false>]
[-Confirm]
[-RequireSSL <$true | $false>]
[-WhatIf]
Description
Although it's possible to modify a Windows PowerShell virtual directory, we recommend that you only do so at the
Examples
-------------------------- Example 1 --------------------------
Set-PowerShellVirtualDirectory "Contoso (default Web site)" -ExternalUrl "https://www.contoso.com/powershell"
This example modifies the external URL of the Contoso Windows PowerShell virtual directory.
Parameters
values are:

Required: False
Position: Named
Default value: None
-CertificateAuthentication
The CertificateAuthentication parameter specifies whether certificate authentication is enabled on the Windows
PowerShell virtual directory. The valid values are $true and $false. The default value is $false.

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-ExternalUrl
firewall.
Type: Uri
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the PowerShell virtual directory that you want to modify. You can use any value
GUID
Required: True
Position: 1
Default value: None
-InternalUrl
Type: Uri
Required: False
Position: Named
Default value: None
-RequireSSL
The RequireSSL parameter specifies whether the Windows PowerShell virtual directory should require that the
client connection be made using Secure Sockets Layer (SSL ). The valid values are $true and $false. The default
value is $true.

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None

Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-RpcClientAccess
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-RpcClientAccess cmdlet to modify the settings
of the Microsoft Exchange RPC Client Access service on Exchange servers that have the Client Access server role
installed. These settings affect Outlook clients that connect by using Outlook Anywhere (RPC over HTTP ). For
Syntax
Set-RpcClientAccess -Server <ServerIdParameter>
[-BlockedClientVersions <String>]
[-Confirm]
[-EncryptionRequired <$true | $false>]
[-MaximumConnections <Int32>]
[-Name <String>]
Description
Outlook 2007 isn't supported in Exchange 2016, so you shouldn't see Outlook connections at or below version
12.Y.Z. However, you should monitor the RPC Client Access log to see the client versions that are connecting to
your Exchange servers before you block any client versions.
To block Outlook versions for specific mailboxes, use the Set-CASMailbox cmdlet.
Examples
-------------------------- Example 1 --------------------------
Set-RpcClientAccess -Server MBX01 -BlockedClientVersions 14.0.0-14.32767.65535
This example prevents Outlook Anywhere connections by Outlook 2010 clients on the server named MBX01.
-------------------------- Example 2 --------------------------
Set-RpcClientAccess -Server MBX01 -BlockedClientVersions 15.0.0-15.4737.999
This example prevents Outlook Anywhere connections by Outlook 2013 clients that don't have KB3054940
installed (version 15.0.4737.1000) on the server named MBX01.
Note: You can determine specific client software versions by parsing the RPC Client Access log files located at
%ExchangeInstallPath%Logging\RPC Client Access.
Parameters
-BlockedClientVersions
The BlockedClientVersions parameter specifies the RPC client versions that aren't allowed to connect to the
specified Exchange server. For example, the Microsoft Exchange RPC Client Access service rejects an Outlook
Anywhere connection if the version of Outlook is the specified value, or is in the specified range.
Valid version values are in the format X.Y.Z. RPC client versions are typically reported in format X.0.Y.Z format, but
for this parameter, you need to specify the value as X.Y.Z.
X is the major version number. For example, Outlook 2016 is 16, Outlook 2013 is 15, and Outlook 2010 is 14.
Y is the minor revision number, and must be less than or equal to 32767.
Z is the build number, and must be less than or equal to 65535.
You can specify ranges. For example, -13.32767.65535, 14.0.0-14.32767.65535, or 15.0.0-.
You can specify multiple individual values or range values separated by semicolons (;).
Be careful when you restrict client access, because Exchange server components might also use RPC to log on.
Some components may report their client version as a text string, while others may report the Exchange build
number. Monitor the RPC Client Access log to see the client versions that are connecting to your Exchange server
before you block any client versions.
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-EncryptionRequired
The EncryptionRequired parameter specifies whether encryption is required for RPC client connections. Valid
values are:
$true: Unencrypted RPC client connections are rejected. This is the default value.
$false: Unencrypted RPC client connections are allowed.

Required: False
Position: Named
Default value: None
-MaximumConnections
The MaximumConnections parameter specifies the maximum number of concurrent client connections that are
allowed by the Microsoft Exchange RPC Client Access service. The default value is 65536.
Note: Although you can configure a non-default value for this parameter, changes to this setting aren't enforced.
Type: Int32
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the name of the configuration object in Active Directory. By default, this parameter
is set to RpcClientAccess.
Type: String
Required: False
Position: Named
Default value: None
-Server
Name
FQDN
ExchangeLegacyDN
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-WebServicesVirtualDirectory
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-WebServicesVirtualDirectory cmdlet to modify
existing Exchange Web Services virtual directories that are used in Internet Information Services (IIS ) on Microsoft
Syntax
Set-WebServicesVirtualDirectory [-Identity] <VirtualDirectoryIdParameter>
[-CertificateAuthentication <$true | $false>]
[-Confirm]
[-Force]
[-InternalNLBBypassUrl <Uri>]
[-MRSProxyEnabled <$true | $false>]
[-MRSProxyMaxConnections <Unlimited>]
[-OAuthAuthentication <$true | $false>] [-OAuthAuthentication <$true | $false>]
[-UpdateManagementVirtualDirectory]
[-WhatIf]
[-WSSecurityAuthentication <$true | $false>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-WebServicesVirtualDirectory -Identity Contoso\EWS(Default Web Site) -ExternalUrl

https://www.contoso.com/EWS/exchange.asmx -BasicAuthentication $true -InternalUrl
https://contoso.internal.com/EWS/exchange.asmx
This example sets the authentication method to Basic authentication for the virtual directory EWS on the server
Contoso. This example also sets the external and internal URLs for this virtual directory.
-------------------------- Example 2 --------------------------
Set-WebServicesVirtualDirectory -Identity Contoso\EWS* -ExternalUrl https://www.contoso.com/EWS/exchange.asmx
This example uses a wildcard character instead of "Default Web site" as was used in Example 1.
-------------------------- Example 3 --------------------------
Set-WebServicesVirtualDirectory -Identity "EWS (Default Web Site)" -MRSProxyEnabled $true
This example enables MRSProxy on the EWS default website. MRSProxy is the service responsible for assisting in
remote mailbox moves.
Parameters
values are:

Required: False
Position: Named
Default value: None
-CertificateAuthentication
The CertificateAuthentication parameter specifies whether certificate authentication is enabled. This parameter
affects the <Servername>/ews/management/ virtual directory. It doesn't affect the <Servername>/ews/ virtual
directory.

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
Valid values are:

Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
are:
Note:

Required: False
Position: Named
Default value: None
-ExternalUrl
firewall.
Type: Uri
Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-GzipLevel
The GzipLevel parameter sets the Gzip configuration for the Exchange Web Services virtual directory. Valid values
are:
Off: No compression.
Low: Static compression only. This is the default value. This value has the same result as the Off value, because
Exchange Web Services content is dynamic.
High: Static and dynamic compression. Content from Exchange Web Services is compressed if clients indicate
support for Gzip compression in their requests.
Error: Identifies errors in the Gzip compression configuration.

Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the EWS virtual directory that you want to modify. You can use any value that
GUID
Required: True
Position: 1
Default value: None
-InternalNLBBypassUrl
The InternalNLBBypassUrl parameter specifies the URL of the Exchange server that has the Client Access server
role installed, regardless of whether it's behind a Network Load Balancing (NLB ) array or not.
When you set the InternalUrl parameter to the URL of the NLB array, you should set the InternalNLBBypassUrl
parameter to the URL of the Client Access server itself.
Type: Uri
Required: False
Position: Named
Default value: None
-InternalUrl
Type: Uri
Required: False
Position: Named
Default value: None
-MRSProxyEnabled
The MRSProxyEnabled parameter specifies whether to enable MRSProxy for the Exchange Web Services virtual
directory on Exchange servers that have the Client Access server role installed. MRSProxy helps to proxy mailbox
moves between Active Directory forests. The default value is $false.

Required: False
Position: Named
Default value: None
-MRSProxyMaxConnections
The MRSProxyMaxConnections parameter specifies the maximum number of simultaneous move sessions that an
instance of MRSProxy will accept. This setting accepts values from 0 to unlimited. The default value is 100. For
more information about MRSProxy, see Understanding Move Requests.
Type: Unlimited
Required: False
Position: Named
Default value: None
Valid values are:

Required: False
Position: Named
Default value: None
-UpdateManagementVirtualDirectory
The UpdateManagementVirtualDirectory parameter makes sure that the Exchange Web Services objects in Active
Directory and the respective objects in Internet Information Services (IIS ) are up to date and consistent.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None

Required: False
Position: Named
Default value: None

Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-ConnectSubscription
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-ConnectSubscription cmdlet to view
information about the people subscriptions that have been set up between the users in your organization and a
supported networking service (for example, Facebook and LinkedIn). For information about the parameter sets in
Syntax
Get-ConnectSubscription [[-Identity] <AggregationSubscriptionIdParameter>]
[-AggregationType <Aggregation | Mirrored | Migration | PeopleConnection | All>] [-Confirm] [-IncludeReport]
[-Mailbox <MailboxIdParameter>] [-ResultSize <Unlimited>] [-WhatIf] [<CommonParameters>]
Description
Users can set up people subscriptions between supported networking services and their cloud-based mailbox.
Currently, only LinkedIn people connections are supported. The Get-ConnectSubscription cmdlet returns the list of
connections that have been set up in your organization. It can also return additional information such as the current
connection status of each connection and the time of the most recent successful synchronization.
Examples
-------------------------- Example 1 --------------------------
Get-ConnectSubscription -Mailbox "Kim Akers" | Format-List
This example shows detailed information for all the contact subscriptions that are configured in the mailbox of the
user Kim Akers.
-------------------------- Example 2 --------------------------
Get-ConnectSubscription -Mailbox "Kim Akers" -IncludeReport | Export-CSV C:\KimAkersConnectReport
This example returns additional information about the contact subscriptions that are configured in the mailbox of
the user Kim Akers.
Parameters
-AggregationType
The AggregationType parameter filters the results by type. The acceptable values for this parameter are:
All
Aggregation
Migration
Mirrored
PeopleConnection
Type: Aggregation | Mirrored | Migration | PeopleConnection | All

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies a unique value that identifies a connection between a cloud-based mailbox and a
contact subscription. This value is generated by the provider after a successful connection is made.
Type: AggregationSubscriptionIdParameter
Required: False
Position: 1
Default value: None
-IncludeReport
The IncludeReport switch specifies whether to return additional details, which can be used for troubleshooting.
Required: False
Position: Named
Default value: None
-Mailbox
The Mailbox parameter specifies the mailbox that contains the subscription. You can use any value that uniquely
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-HotmailSubscription
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-HotmailSubscription cmdlet to view
information about Hotmail subscriptions configured in cloud-based mailboxes. For information about the
Syntax
Get-HotmailSubscription [[-Identity] <AggregationSubscriptionIdParameter>]
Description
You can view the properties of the Hotmail subscription, such as the connection status and the last time a successful
synchronization occurred.
Examples
-------------------------- Example 1 --------------------------
Get-HotmailSubscription -Mailbox "Brian Johnson"
This example lists all the Hotmail subscriptions configured in the mailbox of the user Brian Johnson.
-------------------------- Example 2 --------------------------
Get-HotmailSubscription -Mailbox "Kim Akers" -IncludeReport | Export-CSV C:\KimAkersHotmailReport
This example returns additional information about the Hotmail subscriptions configured in the mailbox of the user
Kim Akers.
Parameters
-AggregationType
All
Aggregation
Migration
Mirrored
PeopleConnection

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Hotmail subscription. You can identify the subscription by using one of the
following methods:
Specify the globally unique identifier of the subscription, which is its canonical name (CN ).
Use the Mailbox parameter to specify the mailbox that contains the subscription, and then specify the name of
the subscription.
You can find the identifying values for a Hotmail subscription, such as Identity and Name, by running this
command: Get-HotmailSubscription -Mailbox <mailbox>.
Required: False
Position: 1
Default value: None
-IncludeReport
Required: False
Position: Named
Default value: None
-Mailbox
The Mailbox parameter specifies the cloud-based mailbox that contains the Hotmail subscription. You can use any
value that uniquely identifies the mailbox. For example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-ResultSize
The ResultSize parameter specifies the total number of subscriptions to return. If no value is specified, the
parameter returns all results that match the filter.
Type: Unlimited
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-ImapSubscription
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-ImapSubscription cmdlet to view information
about IMAP subscriptions configured in cloud-based mailboxes. For information about the parameter sets in the
Syntax
Get-ImapSubscription [[-Identity] <AggregationSubscriptionIdParameter>]
Description
You can view the properties of the IMAP subscription, such as the IMAP server, authentication method, connection
status, and the last time a successful synchronization occurred.
Examples
-------------------------- Example 1 --------------------------
Get-ImapSubscription -Mailbox "Kim Akers" | Format-List
This example shows detailed information for all the IMAP subscriptions configured in the mailbox of the user Kim
Akers.
-------------------------- Example 2 --------------------------
Get-ImapSubscription -Mailbox "Kim Akers" -IncludeReport | Export-CSV C:\KimAkersImapReport
This example returns additional information about the IMAP subscriptions configured in the mailbox of the user
Kim Akers.
Parameters
-AggregationType
All
Aggregation
Migration
Mirrored
PeopleConnection

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the IMAP subscription. You can identify the subscription by using one of the
following methods:
the subscription.
You can find the identifying values for an IMAP subscription, such as Identity and Name, by running this command:
Get-ImapSubscription -Mailbox <mailbox>.
Required: False
Position: 1
Default value: None
-IncludeReport
Required: False
Position: Named
Default value: None
-Mailbox
The Mailbox parameter specifies the cloud-based mailbox that contains the IMAP subscription. You can use any
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-PopSubscription
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-PopSubscription cmdlet to view information
about POP subscriptions configured in cloud-based mailboxes. For information about the parameter sets in the
Syntax
Get-PopSubscription [[-Identity] <AggregationSubscriptionIdParameter>]
Description
You can view the properties of the POP subscription, such as the POP server, authentication method, connection
Examples
-------------------------- Example 1 --------------------------
Get-PopSubscription -Mailbox "Kim Akers" | Format-List
This example shows detailed information for all the POP subscriptions configured in the mailbox of the user Kim
Akers.
-------------------------- Example 2 --------------------------
Get-PopSubscription -Mailbox "Kim Akers" -IncludeReport | Export-CSV C:\KimAkersPopReport
This example returns additional information about the POP subscriptions configured in the mailbox of the user Kim
Akers and exports the results to a .csv file.
Parameters
-AggregationType
All
Aggregation
Migration
Mirrored
PeopleConnection

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the POP subscription. You can identify the subscription by using one of the
following methods:
the subscription.
You can find the identifying values for a POP subscription, such as Identity and Name, by running this command:
Get-PopSubscription -Mailbox <mailbox>.
Required: False
Position: 1
Default value: None
-IncludeReport
Required: False
Position: Named
Default value: None
-Mailbox
The Mailbox parameter specifies the cloud-based mailbox that contains the POP subscription. You can use any
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-ResultSize
The ResultSize parameter specifies the total number of subscriptions to return. If no value is specified, the
parameter returns all results that match the filter.
Type: Unlimited
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-SendAddress
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-SendAddress cmdlet to view the email
addresses on a user's mailbox that can be configured as the default From address. This cmdlet is primarily used by
the Outlook on the web > Options > Connected Accounts user interface. Typically, you don't need to run this
Syntax
Get-SendAddress [-AddressId <String>] [-Mailbox <MailboxIdParameter>] [<CommonParameters>]
Get-SendAddress [[-Identity] <SendAddressIdParameter>] [-Mailbox <MailboxIdParameter>] [<CommonParameters>]
Description
Configuring a default From address only makes sense if the user has POP, IMAP, or Hotmail subscriptions
configured on the mailbox. If you don't specify a value for the default From address, the default behavior is:
The primary email address on the user's mailbox is used for all new messages.
The To address of the incoming message is used as the From address for all replies or forwarded messages.
The only email addresses that can be configured as the default From address are:
The user's primary email address.
The email addresses of a user's POP, IMAP, or Hotmail subscription.
You set the user's default From address in the SendAddressDefault parameter on the Set-
MailboxMessageConfiguration cmdlet. Users can override the default From address when they create an email
message in Outlook on the web.
The Get-SendAddress and Set-MailboxMessageConfiguration cmdlets represent the email addresses of POP,
IMAP, or Hotmail subscriptions as a GUID. It's easier to configure a user's default From address in Outlook on the
web > Options > Account > Connected Accounts.
Examples
-------------------------- Example 1 --------------------------
Get-SendAddress -Mailbox "Diane Prescott"
This example lists all the email addresses of the user Diane Prescott that can be used as the default From address.
Parameters
-AddressId
The AddressId parameter specifies the email address. The value of AddressId is in the following formats:
The user's primary email address is displayed as an email address, for example, bob@contoso.com.
The email address of a POP, IMAP, or Hotmail subscription is displayed as a GUID.
No default From address is set. This is represented by the value $null.
You can find the values of the AddressId parameter on a user's mailbox by running the command Get-SendAddress
-Mailbox <mailbox>.
If you use the AddressId parameter, you must also use the Mailbox parameter. If you use the AddressId parameter,
you can't use the Identity parameter.
Type: String
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox and the email address. The value of the Identity parameter is in the
format <mailbox>\<address>. The <mailbox> part is any value that uniquely identifies the mailbox. The
<address> part is in one following formats:
The user's primary email address is displayed as an email address, for example, bob@contoso.com.
The email address of a POP, IMAP, or Hotmail subscription is displayed as a GUID.
No default From address is set. This is represented by a blank value.
You can find the values of the Identity parameter on a user's mailbox by running the command Get-SendAddress -
Mailbox <mailbox>.
If you use the Identity parameter, you can't use the AddressId parameter.
Type: SendAddressIdParameter
Required: False
Position: 1
Default value: None
-Mailbox
The Mailbox parameter specifies the mailbox. You can use any value that uniquely identifies the mailbox. For
example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-Subscription
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-Subscription cmdlet to view the properties of
an existing subscription configured in a user's cloud-based mailbox. This cmdlet is used by Microsoft Outlook on
the web Options to display the list of email subscriptions that the end user has, such as POP, IMAP, Facebook, and
LinkedIn. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Get-Subscription [[-Identity] <AggregationSubscriptionIdParameter>]
[-Mailbox <MailboxIdParameter>] [-ResultSize <Unlimited>]
[-SubscriptionType <Unknown | Pop | DeltaSyncMail | IMAP | AllEMail | Facebook | LinkedIn | SinaWeibo | Google
| Yahoo | Twitter | Skype | AbchType | AllThatSupportSendAs | AllThatSupportPolicyInducedDeletion |
AllThatSupportSendAsAndPeopleConnect | All>]
Description
You can view the properties of the subscription, such as the remote server, authentication method, connection
Examples
-------------------------- Example 1 --------------------------
Get-Subscription -Mailbox "Ayla Kol"
This example lists all the subscriptions configured in the mailbox of the user Ayla Kol.
Parameters
-AggregationType
All
Aggregation
Migration
Mirrored
PeopleConnection

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the subscription. You can identify the subscription by using one of the following
methods:
the subscription.
You can find the identifying values for a subscription, such as Identity and Name, by running this command: Get-
Subscription -Mailbox <mailbox>.
Required: False
Position: 1
Default value: None
-IncludeReport
Required: False
Position: Named
Default value: None
-Mailbox
The Mailbox parameter specifies the cloud-based mailbox that contains the subscription. You can use any value that
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
-SubscriptionType
The SubscriptionType parameter filters the results based on the type of subscription. Valid values for this parameter
are:
All
AllEmail
AllThatSupportPolicyInducedDeletion
AllThatSupportSendAs
AllThatSupportSendAsAndPeopleConnect
DeltaSyncMail
Facebook
IMAP
LinkedIn
Pop
Unknown
Type: Unknown | Pop | DeltaSyncMail | IMAP | AllEMail | Facebook | LinkedIn | SinaWeibo | Google | Yahoo |
Twitter | Skype | AbchType | AllThatSupportSendAs | AllThatSupportPolicyInducedDeletion |
AllThatSupportSendAsAndPeopleConnect | All
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-ConnectSubscription
In ths Article
This cmdlet is available only in the cloud-based service. The New -ConnectSubscription cmdlet allows a user to
create contact integration subscriptions between supported services (for example, Facebook or LinkedIn) and their
own cloud-based mailbox. An administrator can't use this cmdlet to create subscriptions in another user's mailbox.
Syntax
New-ConnectSubscription -Mailbox <MailboxIdParameter> -RedirectUri <String>
New-ConnectSubscription [-LinkedIn] -Mailbox <MailboxIdParameter> -OAuthVerifier <String> -RequestSecret

<String> -RequestToken <String>
[-Confirm]
Description
When you set up a contact subscription, contacts from the external networking service are integrated into your
cloud-based mailbox.
Examples
-------------------------- Example 1 --------------------------
New-ConnectSubscription -LinkedIn $true -OAuthVerifier -RequestSecret -RequestToken
This example modifies a people connection to LinkedIn.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-LinkedIn
The LinkedIn parameter specifies whether you want to edit a LinkedIn subscription.
Required: True
Position: Named
Default value: None
-Mailbox
The Mailbox parameter specifies the cloud-based mailbox that will contain the subscription. You can use any value
that uniquely identifies the mailbox. For example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: Named
Default value: None
-OAuthVerifier
The OAuthVerifier parameter specifies the verification code associated with the request token. You must provide a
value for the OAuthVerifier parameter and the RequestToken parameter values in exchange for an access token.
Type: String
Required: True
Position: Named
Default value: None
-RedirectUri
The RedirectUri parameter specifies the host name used to connect to the Exchange server from outside the
firewall.
Type: String
Required: True
Position: Named
Default value: None
-RequestSecret
The RequestSecret parameter specifies the secret associated with the access token.
Type: String
Required: True
Position: Named
Default value: None
-RequestToken
The RequestToken parameter specifies the access token that provides access to protected resources accessible
through LinkedIn. You must provide a value for the OAuthVerifier parameter and the RequestToken parameter
values in exchange for an access token.
Type: String
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-HotmailSubscription
In ths Article
This cmdlet is available only in the cloud-based service. The New -HotmailSubscription cmdlet allows a user to
create Hotmail account subscriptions in their own cloud-based mailbox. An administrator can't use this cmdlet to
create subscriptions in another user's mailbox. For information about the parameter sets in the Syntax section
Syntax
New-HotmailSubscription [-Name] <String> -EmailAddress <SmtpAddress> -Password <SecureString> [-Confirm]
[-DisplayName <String>] [-Mailbox <MailboxIdParameter>] [-WhatIf] [<CommonParameters>]
Description
The New -HotmailSubscription cmdlet creates a connection between a user's mailbox in the cloud-based service
and a remote Hotmail mailbox. The cloud-based mailbox periodically polls the Hotmail mailbox for new messages.
Examples
-------------------------- Example 1 --------------------------
New-HotmailSubscription -Name "Ayla's Hotmail" -EmailAddress ayla@fabrikam.com -Password (ConvertTo-

SecureString -String 'Pa$$word1' -AsPlainText -Force)
This example creates the Hotmail subscription Ayla's Hotmail in the mailbox of the user Ayla Kol. The Hotmail
account has the following details:
Email address: ayla@fabrikam.com
Password: Pa$$word1
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DisplayName
The DisplayName parameter specifies the friendly name of the Hotmail subscription. If you don't specify a value for
the DisplayName parameter, the value of the EmailAddress parameter is used.
Type: String
Required: False
Position: Named
Default value: None
-EmailAddress
The EmailAddress parameter specifies the email address of the Hotmail mailbox.
Type: SmtpAddress
Required: True
Position: Named
Default value: None
-Mailbox
The Mailbox parameter specifies the cloud-based mailbox that will contain the Hotmail subscription. You can use
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the name of the Hotmail subscription. The name of the subscription doesn't have to
be globally unique. The name must be unique compared to other subscriptions that exist in the same mailbox.
Type: String
Required: True
Position: 1
Default value: None
-Password
The Password parameter specifies the password used to sign in to the Hotmail mailbox.
This parameter uses the syntax (ConvertTo-SecureString -String '<password>' -AsPlainText -Force) . Or, before you
run this command, store the password as a variable (for example,
$password = Read-Host "Enter password" -AsSecureString ), and then use the variable name ( $password ) for this
parameter.
Type: SecureString
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-ImapSubscription
In ths Article
This cmdlet is available only in the cloud-based service. The New -ImapSubscription cmdlet allows a user to create
IMAP subscriptions in their own cloud-based mailbox. An administrator can't use this cmdlet to create
subscriptions in another user's mailbox. For information about the parameter sets in the Syntax section below, see
Syntax
New-ImapSubscription [-Name] <String> -EmailAddress <SmtpAddress> -IncomingPassword <SecureString>
-IncomingServer <Fqdn> -IncomingUserName <String> [-Confirm] [-DisplayName <String>] [-Force]
[-IncomingAuth <Basic | Ntlm>] [-IncomingPort <Int32>] [-IncomingSecurity <None | Ssl | Tls>]
[-Mailbox <MailboxIdParameter>] [-WhatIf] [<CommonParameters>]
Description
The New -ImapSubscription cmdlet creates a connection between a user's cloud-based mailbox and a remote IMAP
mailbox. The cloud-based mailbox periodically polls the IMAP mailbox for new messages.
Examples
-------------------------- Example 1 --------------------------
New-ImapSubscription -Name "Contoso IMAP" -EmailAddress kakers@contoso.com -IncomingUserName kakers -

IncomingPassword (ConvertTo-SecureString -String 'Pa$$word1' -AsPlainText -Force) -IncomingServer
imap.contoso.com -IncomingSecurity Ssl -IncomingPort 993
This example creates the IMAP subscription Contoso IMAP in the mailbox of the user Kim Akers. The remote
IMAP mailbox has the following details:
Email address: kakers@contoso.com
User name: kakers
Password: Pa$$word1
IMAP server: imap.contoso.com
Authentication method: SSL
TCP port: 993
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DisplayName
The DisplayName parameter specifies the friendly name of the IMAP subscription. If you don't specify a value for
Type: String
Required: False
Position: Named
Default value: None
-EmailAddress
The EmailAddress parameter specifies the email address of the IMAP mailbox.
Type: SmtpAddress
Required: True
Position: Named
Default value: None
-Force
The Force parameter instructs the command to create the subscription even if those settings can't be verified by the
remote IMAP server.
Required: False
Position: Named
Default value: None
-IncomingAuth
The IncomingAuth parameter sets the authentication method used by IMAP clients to access the IMAP server. Valid
values are Basic or Ntlm. If you don't specify a value for the IncomingAuth parameter, the value Basic is used.
Type: Basic | Ntlm

Required: False
Position: Named
Default value: None
-IncomingPassword
The IncomingPassword parameter specifies the password used to sign in to the IMAP mailbox.
parameter.
Type: SecureString
Required: True
Position: Named
Default value: None
-IncomingPort
The IncomingPort parameter specifies the TCP port number used by IMAP clients to connect to the IMAP server.
Typical values are 143 for unencrypted connections and 993 for encrypted connections. By default, the value of the
IncomingPort parameter is set to 143 if you don't set the IncomingSecurity parameter to Ssl or Tls. If you set the
IncomingSecurity parameter to Ssl or Tls, the value of the IncomingPort parameter is set to 993. You can override
the default values by specifying an integer for the IncomingPort parameter.
Type: Int32
Required: False
Position: Named
Default value: None
-IncomingSecurity
The IncomingSecurity parameter specifies the encryption method used by IMAP clients to connect to the IMAP
server. Valid values are None, Ssl, or Tls. If you don't specify a value for the IncomingSecurity parameter, the value
None is used.
Type: None | Ssl | Tls

Required: False
Position: Named
Default value: None
-IncomingServer
The IncomingServer parameter specifies the fully qualified domain name (FQDN ) of the IMAP server, for example,
incoming.contoso.com.
Type: Fqdn
Required: True
Position: Named
Default value: None
-IncomingUserName
The IncomingUserName parameter specifies the username used to sign in to the IMAP mailbox.
Type: String
Required: True
Position: Named
Default value: None
-Mailbox
The Mailbox parameter specifies the cloud-based mailbox that will contain the IMAP subscription. You can use any
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the name of the IMAP subscription. The name of the subscription doesn't have to be
globally unique. The name must be unique compared to other subscriptions that exist in the same mailbox.
Type: String
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-PopSubscription
In ths Article
This cmdlet is available only in the cloud-based service. The New -PopSubscription cmdlet allows a user to create
POP subscriptions in their own cloud-based mailbox. An administrator can't use this cmdlet to create subscriptions
in another user's mailbox. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
New-PopSubscription [-Name] <String> -EmailAddress <SmtpAddress> -IncomingPassword <SecureString>
-IncomingServer <Fqdn> -IncomingUserName <String> [-Confirm] [-DisplayName <String>] [-Force]
[-IncomingAuth <Basic | Spa>] [-IncomingPort <Int32>] [-IncomingSecurity <None | Ssl | Tls>]
[-LeaveOnServer <$true | $false>] [-Mailbox <MailboxIdParameter>] [-WhatIf] [<CommonParameters>]
Description
The New -PopSubscription cmdlet creates a connection between a user's cloud-based mailbox and a remote POP
mailbox. The cloud-based mailbox periodically polls the POP mailbox for new messages.
Examples
-------------------------- Example 1 --------------------------
New-PopSubscription -Name "Contoso POP" -EmailAddress bjohnson@contoso.com -IncomingUserName bjohnson -

IncomingPassword (ConvertTo-SecureString -String 'Pa$$word1' -AsPlainText -Force) -IncomingServer
pop.contoso.com -IncomingSecurity Ssl -IncomingPort 995
This example creates the POP subscription Contoso POP in the mailbox of the user Brian Johnson. The remote
POP mailbox has the following details:
Email address: bjohnson@contoso.com
User name: bjohnson
Password: Pa$$word1
POP server: pop.contoso.com
Authentication method: SSL
TCP port: 995
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DisplayName
The DisplayName parameter specifies the friendly name of the POP subscription. If you don't specify a value for
Type: String
Required: False
Position: Named
Default value: None
-EmailAddress
The EmailAddress parameter specifies the email address of the POP mailbox.
Type: SmtpAddress
Required: True
Position: Named
Default value: None
-Force
The Force parameter instructs the command to create the subscription even if those settings can't be verified by the
remote POP server.
Required: False
Position: Named
Default value: None
-IncomingAuth
The IncomingAuth parameter sets the authentication method used by POP clients to access the POP server. Valid
values are Basic or Spa, which is secure password authentication. If you don't specify a value for the IncomingAuth
parameter, the value Basic is used.
Type: Basic | Spa

Required: False
Position: Named
Default value: None
-IncomingPassword
The IncomingPassword parameter specifies the password used to sign in to the POP mailbox.
parameter.
Type: SecureString
Required: True
Position: Named
Default value: None
-IncomingPort
The IncomingPort parameter specifies the TCP port number used by POP clients to connect to the POP server.
Type: Int32
Required: False
Position: Named
Default value: None
-IncomingSecurity
The IncomingSecurity parameter specifies the encryption method used by POP clients to connect to the POP
None is used.

Required: False
Position: Named
Default value: None
-IncomingServer
The IncomingServer parameter specifies the fully qualified domain name (FQDN ) of the POP server, for example,
Type: Fqdn
Required: True
Position: Named
Default value: None
-IncomingUserName
The IncomingUserName parameter specifies the username used to sign in to the POP mailbox.
Type: String
Required: True
Position: Named
Default value: None
-LeaveOnServer
The LeaveOnServer parameter configures the behavior of retrieved messages in the POP mailbox. When the
LeaveOnServer parameter is set to the value $true, the retrieved messages are left in the POP mailbox. When it's
set to the value $false, retrieved messages are removed from the POP mailbox. The default value is $true.

Required: False
Position: Named
Default value: None
-Mailbox
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the name of the POP subscription. The name of the subscription doesn't have to be
Type: String
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-Subscription
In ths Article
This cmdlet is available only in the cloud-based service. The New -Subscription cmdlet allows a user to create
Hotmail, POP, or IMAP subscriptions in their own cloud-based mailbox. An administrator can't use this cmdlet to
create subscriptions in another user's mailbox. For information about the parameter sets in the Syntax section
Syntax
New-Subscription [-Name] <String> -EmailAddress <SmtpAddress> -Password <SecureString> [-Confirm]
[-DisplayName <String>] [-Force] [-Hotmail] [-Imap] [-Mailbox <MailboxIdParameter>] [-Pop] [-WhatIf]
Description
The New -Subscription cmdlet creates a connection between a user's cloud-based mailbox and a remote Hotmail,
POP, or IMAP mailbox. The cloud-based mailbox periodically polls the remote mailbox for new messages. If you
don't specify the type of remote mailbox, the cmdlet automatically tries to configure the subscription by using all of
the available subscription types.
Examples
-------------------------- Example 1 --------------------------
New-Subscription -Name Contoso -EmailAddress brian@contoso.com -Password (ConvertTo-SecureString -String

'Pa$$word1' -AsPlainText -Force)
This example creates the subscription Contoso in the mailbox of the user Brian Johnson. The remote mailbox has
the following details:
Email address: brian@contoso.com
Password: Pa$$word1
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DisplayName
The DisplayName parameter specifies the friendly name of the subscription. If you don't specify a value for the
DisplayName parameter, the value of the EmailAddress parameter is used.
Type: String
Required: False
Position: Named
Default value: None
-EmailAddress
The EmailAddress parameter specifies the email address of the subscription.
Type: SmtpAddress
Required: True
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-Hotmail
The Hotmail switch specifies the subscription is a Hotmail subscription. You don't need to specify a value with this
switch.
Required: False
Position: Named
Default value: None
-Imap
The Imap switch specifies the subscription is an IMAP subscription. You don't need to specify a value with this
switch.
Required: False
Position: Named
Default value: None
-Mailbox
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the name of the subscription. The name of the subscription doesn't have to be
Type: String
Required: True
Position: 1
Default value: None
-Password
The Password parameter specifies the password used to sign in to the mailbox.
parameter.
Type: SecureString
Required: True
Position: Named
Default value: None
-Pop
The Pop switch specifies the subscription is a POP subscription. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-ConnectSubscription
In ths Article
This cmdlet is available only in the cloud-based service. Use the Remove-ConnectSubscription cmdlet to remove a
previously configured contact aggregation subscription between a supported service (for example, Facebook or
LinkedIn) and a cloud-based mailbox. An administrator can't use this cmdlet to remove subscriptions from another
user's mailbox. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Remove-ConnectSubscription [-Identity] <AggregationSubscriptionIdParameter> [-Confirm] [-WhatIf]
Description
When you remove a contact aggregation subscription, all contacts from the supported services are removed from
Outlook on the web. You can't delete a mailbox that has a subscription with a contact aggregation provider until the
subscription is removed. If you try to delete a mailbox that has a subscription with a contact aggregation provider,
an error message is displayed that the contact subscription must be removed before the mailbox can be deleted.
Examples
-------------------------- Example 1 --------------------------
Remove-ConnectSubscription -Identity
This example removes the all previously configured contact aggregation subscriptions and removes all contacts
that were aggregated from the previously configured contact aggregation subscription from Outlook on the web.
You can find the subscription identity by using the Get-ConnectSubscription cmdlet.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the GUID of the contact aggregation subscription you want to remove. You can
find the subscription identity by using the Get-ConnectSubscription cmdlet.
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-Subscription
In ths Article
This cmdlet is available only in the cloud-based service. Use the Remove-Subscription cmdlet to remove a Hotmail,
POP, or IMAP subscription from a user's cloud-based mailbox. For information about the parameter sets in the
Syntax
Remove-Subscription [-Identity] <AggregationSubscriptionIdParameter> [-Confirm] [-Mailbox <MailboxIdParameter>]
Description
The Remove-Subscription cmdlet removes a Hotmail, POP, or IMAP subscription from a user's cloud-based
mailbox. It doesn't remove the email messages or contacts previously downloaded to the cloud-based mailbox by
the subscription.
Examples
-------------------------- Example 1 --------------------------
Remove-Subscription Contoso -Mailbox "Kim Akers"
This example removes the subscription Contoso from the mailbox of the user Kim Akers.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the subscription. You can identify the subscription by using one of the following
methods:
the subscription.
You can find the identifying values for a subscription, such as Identity and Name, by running this command: Get-
Subscription -Mailbox <mailbox>.
Required: True
Position: 1
Default value: None
-Mailbox
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-ConnectSubscription
In ths Article
This cmdlet is available only in the cloud-based service. Use the Set-ConnectSubscription cmdlet to reauthorize or
change the settings for any contact integration subscription that you've set up between an external networking
service (for example Facebook and LinkedIn), and your cloud-based mailbox. For information about the parameter
Syntax
Set-ConnectSubscription -Identity <AggregationSubscriptionIdParameter> -RedirectUri <String>
[-Confirm]
Set-ConnectSubscription -Identity <AggregationSubscriptionIdParameter> [-LinkedIn] -OAuthVerifier <String>

-RequestSecret <String> -RequestToken <String>
[-Confirm]
Description
When you set up a contact subscription, contacts from the external networking service are integrated into your
cloud-based mailbox.
Examples
-------------------------- Example 1 --------------------------
Set-ConnectSubscription -LinkedIn $true -OAuthVerifier -RequestSecret -RequestToken
This example modifies a people connection to LinkedIn.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the provider identification number that uniquely identifies the provider network.
Required: True
Position: Named
Default value: None
-LinkedIn
The LinkedIn parameter specifies whether you want to edit a LinkedIn subscription.
Required: True
Position: Named
Default value: None
-OAuthVerifier
The OAuthVerifier parameter specifies the verification code associated with the request token. You must provide a
value for the OAuthVerifier parameter and the RequestToken parameter values in exchange for an access token.
Type: String
Required: True
Position: Named
Default value: None
-RedirectUri
The RedirectUri parameter specifies the host name used to connect to the server running Exchange from outside
the firewall.
Type: String
Required: True
Position: Named
Default value: None
-RequestSecret
The RequestSecret parameter specifies the secret associated with the access token.
Type: String
Required: True
Position: Named
Default value: None
-RequestToken
The RequestToken parameter specifies the access token that provides access to protected resources accessible
through LinkedIn. You must provide a value for the OAuthVerifier parameter and the RequestToken parameter
values in exchange for an access token.
Type: String
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-HotmailSubscription
In ths Article
This cmdlet is available only in the cloud-based service. Use the Set-HotmailSubscription cmdlet to modify the
properties of an existing Hotmail subscription configured in a user's cloud-based mailbox. For information about
Syntax
Set-HotmailSubscription [-Identity] <AggregationSubscriptionIdParameter> [-Confirm] [-DisplayName <String>]
[-Enabled <$true | $false>] [-Mailbox <MailboxIdParameter>] [-Password <SecureString>] [-WhatIf]
Description
You can set properties for the Hotmail subscription, such as the display name and password.
Examples
-------------------------- Example 1 --------------------------
Set-HotmailSubscription "Contoso Hotmail" -Mailbox "Ayla Kol" -DisplayName "Ayla's Contoso Subscription"
This example modifies the display name of the Hotmail subscription Contoso Hotmail that's configured in the
cloud-based mailbox of the user Ayla Kol.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DisplayName
The DisplayName parameter specifies the friendly name of the subscription.
Type: String
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter specifies whether the Hotmail subscription is enabled. This parameter accepts $true or
$false values. The default value is $true.

Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Hotmail subscription. You can identify the subscription by using one of the
following methods:
the subscription.
You can find the identifying values for a Hotmail subscription, such as Identity and Name, by running this
command: Get-HotmailSubscription -Mailbox <mailbox>.
Required: True
Position: 1
Default value: None
-Mailbox
The Mailbox parameter specifies the cloud-based mailbox that contains the Hotmail subscription. You can use any
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-Password
The Password parameter specifies the password used to sign in to the Hotmail mailbox.
parameter.
Type: SecureString
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-ImapSubscription
In ths Article
This cmdlet is available only in the cloud-based service. Use the Set-ImapSubscription cmdlet to modify the
properties of an existing IMAP subscription configured in a user's cloud-based mailbox. For information about the
Syntax
Set-ImapSubscription [-Identity] <AggregationSubscriptionIdParameter> [-DisplayName <String>] [-EmailAddress
<SmtpAddress>] [-Enabled <$true | $false>] [-Force] [-IncomingAuth <Basic | Ntlm>] [-IncomingPassword
<SecureString>] [-IncomingPort <Int32>] [-IncomingSecurity <None | Ssl | Tls>] [-IncomingServer <Fqdn>] [-
IncomingUserName <String>]
[-Confirm]
[-Mailbox <MailboxIdParameter>]
Set-ImapSubscription [-Identity] <AggregationSubscriptionIdParameter> [-ResendVerification]

[-Confirm]
Set-ImapSubscription [-Identity] <AggregationSubscriptionIdParameter> [-ValidateSecret <String>]

[-Confirm]
Description
You can set properties for the IMAP subscription, such as the IMAP server, TCP port number, encryption method,
and authentication method.
Examples
-------------------------- Example 1 --------------------------
Set-ImapSubscription "Fabrikam IMAP" -Mailbox "Kim Akers" -DisplayName "Kim's Fabrikam Mail"
This example modifies the display name of the IMAP subscription Fabrikam IMAP that's configured in the cloud-
based mailbox of the user Kim Akers.
-------------------------- Example 2 --------------------------
Set-ImapSubscription "Brian Contoso Mail" -Mailbox "Brian Johnson" -IncomingServer imap.contoso.com -Force
This example changes the IMAP server value to imap.contoso.com for the IMAP subscription Brian Contoso Mail
that's configured in the cloud-based mailbox of the user Brian Johnson".
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DisplayName
Type: String
Required: False
Position: Named
Default value: None
-EmailAddress
The EmailAddress parameter specifies the email address of the IMAP mailbox.
Type: SmtpAddress
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter specifies whether the IMAP subscription is enabled. This parameter accepts $true or $false
values. The default is $true.
Required: False
Position: Named
Default value: None
-Force
The Force parameter instructs the command to modify the specified subscription settings even if those settings
can't be verified by the remote IMAP server.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the IMAP subscription. You can identify the subscription by using one of the
following methods:
the subscription.
You can find the identifying values for an IMAP subscription, such as Identity and Name, by running this command:
Get-ImapSubscription -Mailbox <mailbox>.
Required: True
Position: 1
Default value: None
-IncomingAuth
The IncomingAuth parameter sets the authentication method used by IMAP clients to access the IMAP server. The
values are Basic or Ntlm. The default value is Basic.
Type: Basic | Ntlm

Required: False
Position: Named
Default value: None
-IncomingPassword
The IncomingPassword parameter specifies the password used to sign in to the IMAP mailbox.
parameter.
Type: SecureString
Required: False
Position: Named
Default value: None
-IncomingPort
The IncomingPort parameter specifies the TCP port number used by IMAP clients to connect to the IMAP server.
Type: Int32
Required: False
Position: Named
Default value: None
-IncomingSecurity
The IncomingSecurity parameter specifies the encryption method used by IMAP clients to connect to the IMAP
server. The values are None, Ssl, or Tls. The default value is None.

Required: False
Position: Named
Default value: None
-IncomingServer
The IncomingServer parameter specifies the fully qualified domain name (FQDN ) of the IMAP server, for example,
Type: Fqdn
Required: False
Position: Named
Default value: None
-IncomingUserName
The IncomingUserName parameter specifies the username used to sign in to the IMAP mailbox.
Type: String
Required: False
Position: Named
Default value: None
-Mailbox
The Mailbox parameter specifies the cloud-based mailbox that contains the IMAP subscription. You can use any
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-ResendVerification
The ResendVerification parameter generates verification data for the IMAP subscription. This test is part of the
verification process that allows the user to send messages from their cloud-based mailbox using the From address
of the subscribed IMAP mailbox.
The ResendVerification parameter can't be specified with any other parameters that modify the settings of the
subscription. Also, the ResendVerification and ValidateSecret parameters are mutually exclusive.
Required: False
Position: Named
Default value: None
-ValidateSecret
The ValidateSecret parameter validates verification data for the IMAP subscription. This test is part of the
of the subscribed IMAP mailbox.
The ValidateSecret parameter can't be specified with any other parameters that modify the settings of the
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-PopSubscription
In ths Article
This cmdlet is available only in the cloud-based service. Use the Set-PopSubscription cmdlet to modify the
properties of an existing POP subscription that's configured in a user's cloud-based mailbox. For information about
Syntax
Set-PopSubscription [-Identity] <AggregationSubscriptionIdParameter> [-DisplayName <String>] [-EmailAddress
<SmtpAddress>] [-Enabled <$true | $false>] [-Force] [-IncomingAuth <Basic | Spa>] [-IncomingPassword
<SecureString>] [-IncomingPort <Int32>] [-IncomingSecurity <None | Ssl | Tls>] [-IncomingServer <Fqdn>] [-
IncomingUserName <String>] [-LeaveOnServer <$true | $false>]
[-Confirm]
Set-PopSubscription [-Identity] <AggregationSubscriptionIdParameter> [-ResendVerification]

[-Confirm]
Set-PopSubscription [-Identity] <AggregationSubscriptionIdParameter> [-ValidateSecret <String>]

[-Confirm]
Description
You can set properties for the POP subscription, such as the POP server, TCP port number, encryption method, and
authentication method.
Examples
-------------------------- Example 1 --------------------------
Set-PopSubscription "Ayla Contoso" -Mailbox "Ayla Kol" -LeaveOnServer $false
This example modifies the value of the LeaveOnServer parameter for the POP subscription Ayla Contoso that's
configured in the cloud-based mailbox of the user Ayla Kol.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DisplayName
Type: String
Required: False
Position: Named
Default value: None
-EmailAddress
The EmailAddress parameter specifies the email address of the POP mailbox.
Type: SmtpAddress
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter specifies whether the POP subscription is enabled. This parameter accepts $true or $false
values. The default value is $true.

Required: False
Position: Named
Default value: None
-Force
The Force parameter instructs the command to modify the specified subscription settings even if those settings
can't be verified by the remote POP server.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the POP subscription. You can identify the subscription by using one of the
following methods:
the subscription.
You can find the identifying values for a POP subscription, such as Identity and Name, by running this command:
Get-PopSubscription -Mailbox <mailbox>.
Required: True
Position: 1
Default value: None
-IncomingAuth
The IncomingAuth parameter sets the authentication method used by POP clients to access the POP server. Valid
values are Basic or Spa, which is secure password authentication. If you don't specify a value for the IncomingAuth
parameter, the value Basic is used.
Type: Basic | Spa

Required: False
Position: Named
Default value: None
-IncomingPassword
The IncomingPassword parameter specifies the password used to sign in to the POP mailbox.
parameter.
Type: SecureString
Required: False
Position: Named
Default value: None
-IncomingPort
The Incoming Port parameter specifies the TCP port number used by POP clients to connect to the POP server.
Type: Int32
Required: False
Position: Named
Default value: None
-IncomingSecurity
The IncomingSecurity parameter specifies the encryption method used by POP clients to connect to the POP
None is used.

Required: False
Position: Named
Default value: None
-IncomingServer
The IncomingServer parameter specifies the fully qualified domain name (FQDN ) of the POP server, for example,
Type: Fqdn
Required: False
Position: Named
Default value: None
-IncomingUserName
The IncomingUserName parameter specifies the username used to sign in to the POP mailbox.
Type: String
Required: False
Position: Named
Default value: None
-LeaveOnServer
The LeaveOnServer parameter configures the behavior of retrieved messages in the POP mailbox. When the
LeaveOnServer parameter is set to the value $true, the retrieved messages are left in the POP mailbox. When it's
set to the value $false, retrieved messages are removed from the POP mailbox. The default value is $true.

Required: False
Position: Named
Default value: None
-Mailbox
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-ResendVerification
The ResendVerification parameter generates verification data for the POP subscription. This is part of the
of the subscribed POP mailbox.
The ResendVerification parameter can't be specified with any other parameters that modify the settings of the
Required: False
Position: Named
Default value: None
-ValidateSecret
The ValidateSecret parameter validates verification data for the POP subscription. This is part of the verification
process that allows the user to send messages from their cloud-based mailbox using the From address of the
subscribed POP mailbox.
The ValidateSecret parameter can't be specified with any other parameters that modify the settings of the
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Add-DatabaseAvailabilityGroupServer
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Add-DatabaseAvailabilityGroupServer cmdlet to
add a Mailbox server to a database availability group (DAG ). A DAG is a set of Mailbox servers that use continuous
replication and managed availability to provide automatic database-level recovery from database, server, or
network failures. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Add-DatabaseAvailabilityGroupServer [-Identity] <DatabaseAvailabilityGroupIdParameter> [-MailboxServer]
<ServerIdParameter>
[-Confirm]
[-SkipDagValidation]
Description
A computer object for a DAG is created in Active Directory when the first server is added to the DAG. This object is
used to authenticate servers to each other within a DAG.
To add a Mailbox server to a DAG, the Mailbox server must be running the Windows Server 2008 R2 Enterprise or
Datacenter operating system, the Windows Server 2012 Standard or Datacenter operating system, or the Windows
Server 2012 R2 operating system, and it must not belong to any other DAG. The Mailbox server must be running
the same versions of the Windows operating system and Microsoft Exchange, and be in the same Active Directory
domain as all other Mailbox servers in the DAG. In addition, the Mailbox server must not be configured as an
Active Directory domain controller or global catalog server.
To add the first server to a DAG and create a computer object for the DAG, the Exchange Windows Permissions
security group must have the appropriate rights to add computer accounts to the domain. Alternatively, a computer
account can be created and disabled prior to adding the server. Adding the first server to the DAG enables the
computer account for the DAG. Thus, the account used for the task doesn't need permissions to add a computer
account to the domain. If you're pre-creating the computer account, the name of the account must match the name
for the DAG. For example, if the DAG is named DAG1, the computer account must be named DAG1.
Examples
-------------------------- Example 1 --------------------------
Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer MBX1
This example adds the Mailbox server MBX1 to the DAG DAG1.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name of the DAG to which the server is being added.
Type: DatabaseAvailabilityGroupIdParameter
Required: True
Position: 1
Default value: None
-MailboxServer
The MailboxServer parameter specifies the Mailbox server to add to the DAG. You can use any value that uniquely
identifies the server. For example:
Name
FQDN
ExchangeLegacyDN
Required: True
Position: 2
Default value: None
-SkipDagValidation
The SkipDagValidation switch specifies whether to bypass the validation of the DAG's quorum model and the
health check on the DAG's witness when adding members to the DAG.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Add-MailboxDatabaseCopy
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Add-MailboxDatabaseCopy cmdlet to create a
passive copy of an existing active mailbox database. For information about the parameter sets in the Syntax section
Syntax
Add-MailboxDatabaseCopy [-Identity] <DatabaseIdParameter> [-MailboxServer] <MailboxServerIdParameter>
[-ActivationPreference <UInt32>] [-Confirm] [-DomainController <Fqdn>] [-ReplayLagTime <EnhancedTimeSpan>]
[-SeedingPostponed] [-TruncationLagTime <EnhancedTimeSpan>] [-WhatIf] [-ConfigurationOnly]
[-ReplayLagMaxDelay <EnhancedTimeSpan>] [<CommonParameters>]
Description
To use the Add-MailboxDatabaseCopy cmdlet to add a mailbox database copy, the following criteria must be met:
The specified Mailbox server must be in the same database availability group (DAG ), and the DAG must have
quorum and be healthy.
The specified Mailbox server must not already host a copy of the specified mailbox database.
The database path used by the specified database must also be available on the specified Mailbox server,
because all copies of a database must use the same path.
If you're adding the second copy of a database (for example, adding the first passive copy of the database),
circular logging must not be enabled for the specified mailbox database. If circular logging is enabled, you must
first disable it. After the mailbox database copy has been added, circular logging can be enabled. After enabling
circular logging for a replicated mailbox database, continuous replication circular logging (CRCL ) is used
instead of JET circular logging. If you're adding the third or subsequent copy of a database, CRCL can remain
enabled.
After running the Add-MailboxDatabaseCopy cmdlet, the new copy remains in a Suspended state if the
SeedingPostponed parameter is specified. When the database copy status is set to Suspended, the
SuspendMessage is set to "Replication is suspended for database copy '{0}' because database needs to be seeded."
Examples
-------------------------- Example 1 --------------------------
Add-MailboxDatabaseCopy -Identity DB1 -MailboxServer MBX3 -ReplayLagTime 00:10:00 -TruncationLagTime 00:15:00 -
ActivationPreference 2
This example adds a copy of mailbox database DB1 to the Mailbox server MBX3. Replay lag time and truncation lag
time are configured with values of 10 minutes and 15 minutes, respectively. The activation preference is configured
with a value of 2.
-------------------------- Example 2 --------------------------
Add-MailboxDatabaseCopy -Identity DB2 -MailboxServer MBX1 -ActivationPreference 3
time are left at the default values of zero, and the activation preference is configured with a value of 3.
-------------------------- Example 3 --------------------------
Add-MailboxDatabaseCopy -Identity DB3 -MailboxServer MBX4 -ActivationPreference 5 -SeedingPostponed
time are left at the default values of zero and the activation preference is configured with a value of 5. In addition,
seeding is being postponed for this copy so that it can be seeded using a local source server instead of the current
active database copy, which is geographically distant from MBX4.
Parameters
-ActivationPreference
The ActivationPreference parameter value is used as part of Active Manager's best copy selection process and to
redistribute active mailbox databases throughout the DAG when using the RedistributeActiveDatabases.ps1 script.
The value for the activation preference is a number equal to or greater than 1, where 1 is at the top of the
preference order. The preference number can't be larger than the number of copies of the mailbox database.
Type: UInt32
Required: False
Position: Named
Default value: None
-ConfigurationOnly
The ConfigurationOnly switch allows database copies to be added without invoking automatic seeding. You don't
The source database does not need to be online or present when using this parameter. It will create a new database
in Active Directory without contacting the target server. This parameter may be useful in situations where the target
server is down for maintenance and the new database copy does not yet exist on the target server.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox database that's being copied. You can use any value that uniquely
identifies the database. For example:
Name
GUID
Type: DatabaseIdParameter
Required: True
Position: 1
Default value: None
-MailboxServer
The MailboxServer parameter specifies the name of the server that will host the database copy. This server must be
a member of the same DAG and must not already host a copy of the database.
Type: MailboxServerIdParameter
Required: True
Position: 2
Default value: None
-ReplayLagMaxDelay
The ReplayLagMaxDelay parameter specifies the maximum delay for lagged database copy play down (also known
as deferred lagged copy play down). If the disk read IO latency is greater than 25 ms, lagged copy play down is
delayed up to the value of this parameter.
To specify a value, enter it as a time span: dd.hh:mm:ss where dd = days, hh = hours, mm = minutes and ss =
seconds.
The default value is 24:00:00 (24 hours). To disable deferred lagged copy play down, specify the value 00:00:00.
Note that when the disk is running out of space, the value of this parameter is ignored and lagged copy play down
occurs without delay.
Required: False
Position: Named
Default value: None
-ReplayLagTime
The ReplayLagTime parameter specifies the amount of time that the Microsoft Exchange Replication service waits
before replaying log files that have been copied to the database copy.
seconds.
The default value is 00.00:00:00, which specifies that there's no truncation lag. The maximum value is 14.00:00:00
(14 days).
Required: False
Position: Named
Default value: None
-SeedingPostponed
The SeedingPostponed switch specifies that the task doesn't seed the database copy, so you need to explicitly seed
the database copy. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-TruncationLagTime
The TruncationLagTime parameter specifies the amount of time that the Microsoft Exchange Replication service
waits before truncating log files that have replayed into a copy of the database. The time period begins after the log
has been successfully replayed into the copy of the database.
seconds.
(14 days).
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-DatabaseAvailabilityGroup
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-DatabaseAvailabilityGroup cmdlet to obtain a
variety of configuration settings, status and other information about a database availability group (DAG ). For
Syntax
Get-DatabaseAvailabilityGroup [[-Identity] <DatabaseAvailabilityGroupIdParameter>] [-DomainController <Fqdn>]
[-Status] [<CommonParameters>]
Description
In addition to obtaining a list of DAG members, the Get-DatabaseAvailabilityGroup cmdlet can also be used to view
real-time status information about a DAG, such as:
OperationalServers
PrimaryActiveManager
ReplicationPort
NetworkNames
WitnessShareInUse
Use the Status parameter with the command to include the values for these listed properties. Without the Status
parameter, the values returned for these properties are blank.
Examples
-------------------------- Example 1 --------------------------
Get-DatabaseAvailabilityGroup DAG1 | Format-List
This example displays the basic properties of the DAG DAG1. The output for the command is formatted as a list.
-------------------------- Example 2 --------------------------
Get-DatabaseAvailabilityGroup DAG2 -Status | Format-List
This example displays the properties of the DAG DAG2. Because it includes the Status parameter, the task also
displays real-time status information for DAG2, such as the current list of operational servers and the server
currently holding the Primary Active Manager role. In addition, several properties of the DAG, such as the witness
server and directory configuration information are also displayed. The output for the command is formatted as a
list.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name of the DAG to query.
Required: False
Position: 1
Default value: None
-Status
The Status parameter instructs the command to query Active Directory for additional information and to include
real-time status information in the output.
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-DatabaseAvailabilityGroupNetwork
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-DatabaseAvailabilityGroupNetwork cmdlet to
display configuration and state information for a database availability group (DAG ) network. For information about
Syntax
Get-DatabaseAvailabilityGroupNetwork [[-Identity] <DatabaseAvailabilityGroupNetworkIdParameter>]
[-DomainController <Fqdn>] [-Server <ServerIdParameter>] [<CommonParameters>]
Description
State information is returned for subnets and for network interfaces, as described in the following lists.
Valid states for Internet Protocol version 4 (IPv4) subnets
Up: All defined network interfaces in the DAG are functional and available for communication. This is the
expected and normal operational state.
Down: All defined network interfaces in the DAG are nonfunctional and have lost communication with each
other and all external hosts. All connected network interfaces are in a Failed or Unreachable state.
Partitioned: One or more network interfaces in the DAG are in an Unreachable state, but at least two interfaces
can communicate with each other or an external host.
Misconfigured: All subnets for a specified DAG network must have the same values for ReplicationEnabled and
IgnoreNetwork. If any one of the subnets isn't configured with the same values for these parameters as all other
subnets on the network, all subnets are in a Misconfigured state.
Unavailable: The network isn't enabled for replication or use by the DAG, or all DAG members attached to the
network are inactive or unavailable.
Unknown: The system was unable to determine the state of the subnet.
Valid states for network interfaces
Up: The network interface is functional and can communicate with all other network interfaces. This is the
expected and normal operational state.
Failed: The network interface is unable to communicate with other network interfaces or external hosts,
although other network interfaces on the local area network (LAN ) are able to communicate with each other
and external hosts.
Unreachable: The system was unable to communicate with at least one network interface whose state is Up.
Unavailable: The network interface isn't enabled for replication or use by the DAG, or the DAG member
associated with this network interface is inactive or unavailable.The network interface isn't enabled for
replication or use by the DAG, or the DAG member associated with this network interface is inactive or
unavailable.
Unknown: The system was unable to determine the state of the network interface.
Examples
-------------------------- Example 1 --------------------------
Get-DatabaseAvailabilityGroupNetwork -Identity DAG1
This example gets basic configuration and status information for all networks in the DAG DAG1.
-------------------------- Example 2 --------------------------
Get-DatabaseAvailabilityGroupNetwork -Identity DAG1 | Format-List
This example gets complete configuration and status information for all networks in the DAG DAG1.
-------------------------- Example 3 --------------------------
Get-DatabaseAvailabilityGroupNetwork -Identity DAG2\DAGNetwork02 -Server MBX1 | Format-List
This example gets complete configuration and status information for the network DAGNetwork02 in the DAG
DAG2 from the Mailbox server MBX1.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name of a DAG or a DAG network.
Type: DatabaseAvailabilityGroupNetworkIdParameter
Required: False
Position: 1
Default value: None
-Server
The Server parameter specifies the Mailbox server in the DAG to retrieve health information for the DAG network
from. You can use any value that uniquely identifies the server. For example:
Name
FQDN
ExchangeLegacyDN
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-MailboxDatabaseCopyStatus
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-MailboxDatabaseCopyStatus cmdlet to view
health and status information about one or more mailbox database copies. For information about the parameter
Syntax
Get-MailboxDatabaseCopyStatus -Server <MailboxServerIdParameter>
[-Active]
[-ConnectionStatus]
[-ExtendedErrorInfo]
[-UseServerCache] [<CommonParameters>]
Get-MailboxDatabaseCopyStatus [[-Identity] <DatabaseCopyIdParameter>] [-Local]

[-Active]
[-ConnectionStatus]
[-ExtendedErrorInfo]
[-UseServerCache] [<CommonParameters>]
Description
If a database is specified by using the Identity parameter with the command, the status of all copies of the database
is returned. If a server is specified by using the Server parameter with the command, information about all
database copies on the server is returned. If neither parameter is specified with the command, information about all
database copies in the organization is returned.
Examples
-------------------------- Example 1 --------------------------
Get-MailboxDatabaseCopyStatus -Identity DB1 | Format-List
This example returns status information for all copies of the database DB1. The status results are displayed in a list
format.
-------------------------- Example 2 --------------------------
Get-MailboxDatabaseCopyStatus -Server MBX1 | Format-List
This example returns the status for all database copies on the Mailbox server MBX1. The status results are also
displayed in a list format.
-------------------------- Example 3 --------------------------
Get-MailboxDatabaseCopyStatus -Identity DB1\MBX2 | Format-List
This example returns the status for the copy of database DB1 on the Mailbox server MBX2. The status results are
also displayed in a list format.
Parameters
-Active
The Active switch specifies whether to return mailbox database copy status for the active mailbox database copy
only.
Required: False
Position: Named
Default value: None
-ConnectionStatus
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-ExtendedErrorInfo
The ExtendedErrorInfo switch specifies whether to return an output object containing any exception details.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name of the database copy for which the command should gather information.
The Identity parameter can be specified in the form of <database>\<server>. Specifying just <database> returns
information for all copies of the database. This parameter can't be combined with the Server parameter.
Type: DatabaseCopyIdParameter
Required: False
Position: 1
Default value: None
-Local
The Local switch specifies whether to return mailbox database copy status information from only the local Mailbox
server.
Required: False
Position: Named
Default value: None
-Server
The Server parameter specifies that a Mailbox server returns status information for all of its mailbox database
copies. This parameter can't be combined with the Identity parameter.
Required: True
Position: Named
Default value: None
-UseServerCache
The UseServerCache switch specifies whether to enable a server-side remote procedure call (RPC ) caching of
status information for 5 seconds.
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Move-ActiveMailboxDatabase
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Move-ActiveMailboxDatabase cmdlet to perform a
database or server switchover. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Move-ActiveMailboxDatabase [-ActivatePreferredOnServer] <MailboxServerIdParameter>
[-Confirm]
[-MountDialOverride <None | Lossless | GoodAvailability | BestAvailability | BestEffort>]
[-MoveComment <String>]
[-SkipActiveCopyChecks]
[-SkipClientExperienceChecks]
[-SkipCpuChecks]
[-SkipHealthChecks]
[-SkipLagChecks]
[-SkipMaximumActiveDatabasesChecks]
[-SkipMoveSuppressionChecks]
[-TerminateOnWarning]
Move-ActiveMailboxDatabase [-Identity] <DatabaseIdParameter> [[-ActivateOnServer] <MailboxServerIdParameter>]

[-Confirm]
[-SkipCpuChecks]
[-SkipHealthChecks]
[-SkipLagChecks]
Move-ActiveMailboxDatabase [-Server] <MailboxServerIdParameter> [[-ActivateOnServer]
<MailboxServerIdParameter>] [-MoveAllDatabasesOrNone]
[-Confirm]
[-SkipCpuChecks]
[-SkipHealthChecks]
[-SkipLagChecks]
Move-ActiveMailboxDatabase [-Identity] <DatabaseIdParameter> [-ActivateOnServer] <MailboxServerIdParameter> [-

SkipAllChecks]
[-Confirm]
[-SkipCpuChecks]
[-SkipHealthChecks]
[-SkipLagChecks]
Description
Examples
-------------------------- Example 1 --------------------------
Move-ActiveMailboxDatabase DB2 -ActivateOnServer MBX1 -MountDialOverride:None
This example performs a switchover of the database DB2 to the Mailbox server MBX1. When the command
completes, MBX1 hosts the active copy of DB2. Because the MountDialOverride parameter is set to None, MBX1
mounts the database using its own defined database auto mount dial settings.
-------------------------- Example 2 --------------------------
Move-ActiveMailboxDatabase DB1 -ActivateOnServer MBX3 -MountDialOverride:GoodAvailability
completes, MBX3 hosts the active copy of DB1. Because the MountDialOverride parameter is specified with a value
of Good Availability, MBX3 mounts the database using a database auto mount dial setting of GoodAvailability.
-------------------------- Example 3 --------------------------
Move-ActiveMailboxDatabase DB3 -ActivateOnServer MBX4
completes, MBX4 hosts the active copy of DB3. Because the MountDialOverride parameter isn't specified, MBX4
mounts the database using a database auto mount dial setting of Lossless.
-------------------------- Example 4 --------------------------
Move-ActiveMailboxDatabase -Server MBX1
This example performs a server switchover for the Mailbox server MBX1. All active mailbox database copies on
MBX1 will be activated on one or more other Mailbox servers with healthy copies of the active databases on MBX1.
Parameters
-ActivateOnServer
The ActivateOnServer parameter specifies the name of the Mailbox server on which the mailbox database copy
should be activated.
Required: False
Position: 2
Default value: None
-ActivatePreferredOnServer
The ActivatePreferredOnServer parameter specifies the Mailbox server where you want to activate all mailbox
databases that have copies with an ActivationPreference value of 1. You can use any value that uniquely identifies
Name
ExchangeLegacyDN
GUID
You can use this parameter as part of ending maintenance mode on a Mailbox server.
Required: True
Position: 1
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox database that you want to activate. You can use any value that
uniquely identifies the database. For example:
Name
GUID
You can't use this parameter with the Server parameter
Required: True
Position: 1
Default value: None
-MountDialOverride
The MountDialOverride parameter is used to override the auto database mount dial (AutoDatabaseMountDial)
setting for the target server and specify an alternate setting. The following are possible values:
None: When using this value, the currently configured auto database mount dial setting on the target server will
be used.
Lossless: This is the default value. When using this value, the database doesn't automatically mount until all log
files that were generated on the original active copy have been copied to the passive copy.
GoodAvailability: If you specify this value, the database automatically mounts immediately after a failover if the
copy queue length is less than or equal to 6. If the copy queue length is greater than 6, the database doesn't
automatically mount. When the copy queue length is less than or equal to 6, Microsoft Exchange attempts to
replicate the remaining logs to the passive copy and then mounts the database.
BestEffort: If you specify this value, the database automatically mounts regardless of the size of the copy queue
length. Because the database will mount with any amount of log loss, using this value could result in a large
amount of data loss.
BestAvailability: If you specify this value, the database automatically mounts immediately after a failover if the
copy queue length is less than or equal to 12. The copy queue length is the number of logs recognized by the
passive copy that needs to be replicated. If the copy queue length is more than 12, the database doesn't
automatically mount. When the copy queue length is less than or equal to 12, Exchange attempts to replicate
the remaining logs to the passive copy and then mounts the database.
Type: None | Lossless | GoodAvailability | BestAvailability | BestEffort

Required: False
Position: Named
Default value: None
-MoveAllDatabasesOrNone
The MoveAllDatabasesOrNone switch specifies whether to prevent any databases from moving if a single active
database on the server can't be moved. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-MoveComment
The MoveComment parameter specifies an optional administrative reason for the move operation. The comment is
recorded in the Event log.
Type: String
Required: False
Position: Named
Default value: None
-Server
The Server parameter specifies the server that you want to move all active mailbox databases from. You can use
any value that uniquely identifies the server. For example:
Name
ExchangeLegacyDN
GUID
You can't use this parameter with the Identity parameter
Required: True
Position: 1
Default value: None
-SkipActiveCopyChecks
The SkipActiveCopyChecks switch specifies whether to skip checking the current active copy to see if it's currently a
seeding source for any passive databases. You don't need to specify a value with this switch.
Note: When you use this switch, you can move a database that's currently a seeding source, which cancels the seed
operation.
Required: False
Position: Named
Default value: None
-SkipAllChecks
The SkipAllChecks switch specifies whether to skip all checks. You don't need to specify a value with this switch.
This switch is equivalent to specifying all of the individual skip parameters that are available on this cmdlet.
You can only use this switch with the ActivateOnServer parameter.
Required: True
Position: Named
Default value: None
-SkipClientExperienceChecks
The SkipClientExperienceChecks switch specifies whether to skip the search catalog (content index) state check to
see if the search catalog is healthy and up to date. You don't need to specify a value with this switch.
If the search catalog for the database copy you're activating is in an unhealthy or unusable state and you use this
parameter to skip the search catalog health check and activate the database copy, you will need to either re-crawl or
reseed the search catalog.
Required: False
Position: Named
Default value: None
-SkipCpuChecks
The SkipCpuChecks switch specifies whether to skip the high CPU utilization checks. You don't need to specify a
Required: False
Position: Named
Default value: None
-SkipHealthChecks
The SkipHealthChecks switch specifies whether to bypass passive copy health checks. You don't need to specify a
When you use this switch, you can move the active copy to a database copy that's in the Failed state. You should
only use this switch if the initial attempt to move the active database has failed. This is because the
SkipHealthChecks switch performs additional validation to ensure that the log files are consistent, which can take a
considerable amount of time.
Required: False
Position: Named
Default value: None
-SkipLagChecks
The SkipLagChecks switch specifies whether to allow a copy to be activated that has replay and copy queues
outside of the configured criteria. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-SkipMaximumActiveDatabasesChecks
The SkipMaximumActiveDatabasesChecks switch specifies whether to skip checking the value of
MaximumPreferredActiveDatabases during the best copy and server selection (BCSS ) process. You don't need to
Any configured value for MaximumActiveDatabases will still be honored during the BCSS process and by the
Information Store.
Required: False
Position: Named
Default value: None
-SkipMoveSuppressionChecks
The SkipMoveSuppressionChecks switch specifies whether to skip the move suppression checks. You don't need to
Required: False
Position: Named
Default value: None
-TerminateOnWarning
The TerminateOnWarning switch specifies whether to terminate the task and output an error message if a warning
is encountered during the switchover operation. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-DatabaseAvailabilityGroup
In ths Article
This cmdlet is available only in on-premises Exchange. Use the New -DatabaseAvailabilityGroup cmdlet to create a
database availability group (DAG ). For information about the parameter sets in the Syntax section below, see
Syntax
New-DatabaseAvailabilityGroup [-Name] <String> [-Confirm] [-DatabaseAvailabilityGroupIpAddresses <IPAddress[]>]
[-DomainController <Fqdn>] [-ThirdPartyReplication <Disabled | Enabled>] [-WhatIf]
[-WitnessDirectory <NonRootLocalLongFullPath>] [-WitnessServer <FileShareWitnessServerName>]
[-DagConfiguration <DatabaseAvailabilityGroupConfigurationIdParameter>]
[-ActivityState <NewDeployment | DotBuildUpgrade | Decom | PendingDotBuildUpgrade | DecomRemoveMailboxes |
DecomNoUpgrades | Discovered | Allocated | ReadyForAllocation | Spare>]
[-FileSystem <NTFS | ReFS>] [<CommonParameters>]
Description
When creating a DAG, you need to specify a valid computer name for the DAG no longer than 15 characters that's
unique within the Active Directory forest. In addition, each DAG is configured with a witness server and witness
directory. The witness server and its directory are used only for quorum purposes where there's an even number of
members in the DAG. You don't need to create the witness directory in advance. Exchange automatically creates
and secures the directory for you on the witness server. The directory shouldn't be used for any purpose other than
for the DAG witness server.
The requirements for the witness server are as follows:
The witness server can't be a member of the DAG.
The witness server must be running the Windows Server 2008 operating system or later.
A single server can serve as a witness for multiple DAGs; however, each DAG requires its own witness directory.
The following combinations of options and behaviors are available:
You can specify a name for the DAG, the witness server that you want to use, and the directory you want
created and shared on the witness server.
You can specify a name for the DAG and the witness server that you want to use. In this scenario, the task
creates the default directory on the specified witness server.
If the witness server that you specify isn't an Exchange server, you need to add the Exchange Trusted Subsystem
universal security group (USG ) to the local Administrators group on the witness server. If the witness server is a
directory server, you need to add the Exchange Trusted Subsystem USG to the Builtin\Administrators group. These
security permissions are necessary to ensure that Exchange can create a directory and share on the witness server
as needed.
In Windows Server 2012 R2 or later, a DAG is created without a cluster administrative access point by default. In
this scenario, you don't need to provide any IP addresses to the DAG. However, in all supported versions of
Windows, you have the option of assigning static IP addresses to the DAG by using the
DatabaseAvailabilityGroupIpAddresses parameter. If you specify Any or 0.0.0.0, the task attempts to use Dynamic
Host Configuration Protocol (DHCP ) to obtain IP addresses. If you omit this parameter or configure the parameter
with a value of None or 255.255.255.255, the DAG will not have a cluster administrative access point.
Examples
-------------------------- Example 1 --------------------------
New-DatabaseAvailabilityGroup -Name DAG1 -WitnessServer SERVER1 -WitnessDirectory C:\DAG1
This example creates a DAG named DAG1 that's configured to use a witness server of SERVER1, and a local
directory of C:\DAG1. This example requires Windows Server 2012 R2 or later.
-------------------------- Example 2 --------------------------
New-DatabaseAvailabilityGroup -Name DAG2 -WitnessServer SERVER2 -DatabaseAvailabilityGroupIpAddresses ([])::Any
This example creates the DAG named DAG2 with a witness server named SERVER2. The system automatically
selects an Exchange server in the same site as the DAG to use as the witness server. DAG2 is configured to use
DHCP for the DAG's IP address.
-------------------------- Example 3 --------------------------
New-DatabaseAvailabilityGroup -Name DAG3 -WitnessServer SERVER1 -WitnessDirectory C:\DAG3 -

DatabaseAvailabilityGroupIpAddresses 10.0.0.8,192.168.0.8
This example creates a DAG named DAG3. DAG3 is configured to use SERVER1 for the witness server, and a
witness directory on SERVER1 of C:\DAG3. DAG3 is assigned multiple static IP addresses because the MAPI
network for the DAG contains or will contain multiple subnets (10.0.0.x and 192.168.0.x).
Parameters
-ActivityState
Type: NewDeployment | DotBuildUpgrade | Decom | PendingDotBuildUpgrade | DecomRemoveMailboxes | DecomNoUpgrades

| Discovered | Allocated | ReadyForAllocation | Spare
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DagConfiguration
Type: DatabaseAvailabilityGroupConfigurationIdParameter
Required: False
Position: Named
Default value: None
-DatabaseAvailabilityGroupIpAddresses
The DatabaseAvailabilityGroupIpAddresses parameter specifies one or more static IPv4 addresses to the DAG
when a Mailbox server is added to a DAG. If you specify the value Any or 0.0.0.0, the system attempts to lease one
or more IPv4 addresses from a DHCP server to assign to the DAG. If you don't use this parameter, or if you specify
the value 255.255.255.255 or None, the DAG is created without a cluster administrative access point.
Type: IPAddress[]
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-FileSystem
The FileSystem parameter specifies the file system that's used for the DAG. Valid values are:
NTFS
ReFS
Type: NTFS | ReFS

Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies a unique name for the new DAG of up to 15 characters. The name you use must not
conflict with any computer name in the organization.
Type: String
Required: True
Position: 1
Default value: None
-ThirdPartyReplication
The ThirdPartyReplication parameter specifies to configure and enable a DAG to use third-party replication that
leverages the Exchange Third Party Replication API instead of the built-in continuous replication. Valid values are
Enabled and Disabled. After this mode is enabled, it can't be changed.
Type: Disabled | Enabled

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-WitnessDirectory
The WitnessDirectory parameter specifies the name of the directory on the witness server used to store file share
witness data. The directory and share should be hosted on an Exchange server other than any of the Mailbox
servers in the DAG. This allows an Exchange administrator to maintain operational control over the directory. The
specified directory can't be used by any other DAGs, or used for any purpose other than for the witness server. If
you don't use this parameter, the default witness directory is used.
Type: NonRootLocalLongFullPath
Required: False
Position: Named
Default value: None
-WitnessServer
The WitnessServer parameter specifies the name of a server used as a quorum witness when the DAG contains an
even number of members. The specified server can't be a member of the DAG that's configured to use it. A stand-
alone Mailbox server, or a Mailbox server in another DAG is recommended.
Type: FileShareWitnessServerName
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-DatabaseAvailabilityGroupNetwork
In ths Article
This cmdlet is available only in on-premises Exchange. Use the New -DatabaseAvailabilityGroupNetwork cmdlet to
create a database availability group (DAG ) network. For information about the parameter sets in the Syntax section
Syntax
New-DatabaseAvailabilityGroupNetwork [-Name] <String>
[-DatabaseAvailabilityGroup] <DatabaseAvailabilityGroupIdParameter> [-Confirm] [-Description <String>]
[-DomainController <Fqdn>] [-IgnoreNetwork <$true | $false>] [-ReplicationEnabled <$true | $false>]
[-Subnets <DatabaseAvailabilityGroupSubnetId[]>] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
New-DatabaseAvailabilityGroupNetwork -DatabaseAvailabilityGroup DAG1 -Name DAG1Repl -Subnets 10.0.0.0/8 -

ReplicationEnabled:$true
This example creates the DAG network DAG1Repl in the DAG DAG1. A subnet of 10.0.0.0 with a bitmask of 8 is
assigned to DAG1Repl, and DAG1Repl is also enabled for continuous replication.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DatabaseAvailabilityGroup
The DatabaseAvailabilityGroup parameter specifies the name of the DAG that'll use the network being created.
Required: True
Position: 2
Default value: None
-Description
The Description parameter specifies an optional description of up to 256 characters for the DAG network being
created.
Type: String
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-IgnoreNetwork
The IgnoreNetwork parameter excludes the DAG network from use by the DAG.

Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the name of the DAG network being created.
Type: String
Required: True
Position: 1
Default value: None
-ReplicationEnabled
The ReplicationEnabled parameter specifies whether the DAG network being created is enabled for continuous
replication.

Required: False
Position: Named
Default value: None
-Subnets
The Subnets parameter specifies the subnets for the DAG network being created.
Type: DatabaseAvailabilityGroupSubnetId[]
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-DatabaseAvailabilityGroup
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Remove-DatabaseAvailabilityGroup cmdlet to
delete an empty database availability group (DAG ). Before you can delete a DAG, you must first remove all Mailbox
servers from the DAG. For information about the parameter sets in the Syntax section below, see Exchange cmdlet
Syntax
Remove-DatabaseAvailabilityGroup [-Identity] <DatabaseAvailabilityGroupIdParameter> [-Confirm]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-DatabaseAvailabilityGroup -Identity DAG1
This example, deletes the DAG DAG1.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name of the DAG to be removed.
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-DatabaseAvailabilityGroupNetwork
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Remove-DatabaseAvailabilityGroupNetwork cmdlet
to remove a database availability group (DAG ) network. For information about the parameter sets in the Syntax
Syntax
Remove-DatabaseAvailabilityGroupNetwork [-Identity] <DatabaseAvailabilityGroupNetworkIdParameter> [-Confirm]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-DatabaseAvailabilityGroupNetwork -Identity DAG1\DAGNetwork04
This example removes the DAG network DAGNetwork04 from the DAG DAG1.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name of the network being removed.
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-DatabaseAvailabilityGroupServer
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Remove-DatabaseAvailabilityGroupServer cmdlet
to remove a Mailbox server from a database availability group (DAG ). To remove a Mailbox server from a DAG, the
Mailbox server must not host any replicated databases. For information about the parameter sets in the Syntax
Syntax
Remove-DatabaseAvailabilityGroupServer [-Identity] <DatabaseAvailabilityGroupIdParameter>
[-MailboxServer] <ServerIdParameter>
[-ConfigurationOnly]
[-Confirm]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-DatabaseAvailabilityGroupServer -Identity DAG3 -MailboxServer MBX1
This example removes the Mailbox server MBX1 from the DAG DAG3.
-------------------------- Example 2 --------------------------
Remove-DatabaseAvailabilityGroupServer -Identity DAG2 -MailboxServer MBX4 -ConfigurationOnly
This example removes the configuration settings for the Mailbox server MBX4 from the DAG DAG2. MBX4 is
currently offline and expected to be offline for an extended period, so its configuration is being removed from the
DAG to establish quorum for the DAG or to reduce the number of members needed for quorum by the DAG.
Parameters
-ConfigurationOnly
The ConfigurationOnly switch should only be used if the Mailbox server has been lost and can no longer be
contacted, or in situations when the Mailbox server can't be restored to operational service before the messaging
service is needed. When used, it removes the Mailbox server from the DAG object in Active Directory. If the
Mailbox server is offline but the DAG has quorum, the Mailbox server is evicted from the DAG's cluster and
removed from the DAG object in Active Directory.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name of the DAG from which you're removing the server.
Required: True
Position: 1
Default value: None
-MailboxServer
The MailboxServer parameter specifies the Mailbox server to remove from the DAG. You can use any value that
Name
FQDN
ExchangeLegacyDN
Required: True
Position: 2
Default value: None
-SkipDagValidation
health check on the DAG's witness when removing members from the DAG. You don't need to specify a value with
this switch.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-MailboxDatabaseCopy
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Remove-MailboxDatabaseCopy cmdlet to remove a
passive copy of a mailbox database. For information about the parameter sets in the Syntax section below, see
Syntax
Remove-MailboxDatabaseCopy [-Identity] <DatabaseCopyIdParameter> [-Confirm] [-DomainController <Fqdn>]
Description
To use the Remove-MailboxDatabaseCopy cmdlet to remove a mailbox database copy, the following criteria must
be met:
The database availability group (DAG ) hosting the mailbox database must have quorum and all cluster and
network functions must be healthy.
If you're removing the last passive copy of the database, continuous replication circular logging (CRCL ) must
not be enabled for the specified mailbox database. If CRCL is enabled, you must first disable it. After the
mailbox database copy has been removed, circular logging can be enabled. After enabling circular logging for a
non-replicated mailbox database, JET circular logging is used instead of CRCL. If you aren't removing the last
passive copy of a database, CRCL can remain enabled.
You can't use this cmdlet to remove the active copy of a mailbox database. To remove the active copy of a mailbox
database, you must first remove all passive copies of the database and then use the Remove-MailboxDatabase
cmdlet to remove the active copy.
Running this cmdlet removes the mailbox database copy configuration, but doesn't delete the database copy's files.
If necessary, you can manually delete those files.
Examples
-------------------------- Example 1 --------------------------
Remove-MailboxDatabaseCopy -Identity DB1\MBX3
This example removes a copy of mailbox database DB1 from the Mailbox server MBX3.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name of the mailbox database whose copy is being removed. When using this
parameter, specify a format of DatabaseName\ServerName.
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Restore-DatabaseAvailabilityGroup
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Restore-DatabaseAvailabilityGroup cmdlet as part
of a datacenter switchover of a database availability group (DAG ). For information about the parameter sets in the
Syntax
Restore-DatabaseAvailabilityGroup [-Identity] <DatabaseAvailabilityGroupIdParameter>
[-ActiveDirectorySite <AdSiteIdParameter>] [-AlternateWitnessDirectory <NonRootLocalLongFullPath>]
[-AlternateWitnessServer <FileShareWitnessServerName>] [-Confirm] [-DomainController <Fqdn>] [-WhatIf]
[-UsePrimaryWitnessServer] [<CommonParameters>]
Description
You can also use this cmdlet for disaster recovery purposes to restore functionality to a DAG that has lost quorum
due to one or more DAG members being offline for an extended period. Before running this cmdlet, you must first
run the Stop-DatabaseAvailabilityGroup cmdlet.
The Restore-DatabaseAvailabilityGroup cmdlet can be run against a DAG only when the DAG is configured with a
DatacenterActivationMode parameter value of DagOnly. For more information about the
DatacenterActivationMode parameter, see Datacenter Activation Coordination mode
(https://technet.microsoft.com/library/dd979790.aspx).
You can use the Set-DatabaseAvailabilityGroup cmdlet to configure the value for the DatacenterActivationMode
parameter.
The Restore-DatabaseAvailabilityGroup cmdlet performs several operations that affect the structure and
membership of the DAG's cluster. This task does the following:
Forcibly evicts the servers listed on the StoppedMailboxServers list from the DAG's cluster, thereby
reestablishing quorum for the cluster enabling the surviving DAG members to start and provide service.
Configures the DAG to use the alternate witness server if there is an even number of surviving DAG members,
or a single surviving DAG member.
Examples
-------------------------- Example 1 --------------------------
Restore-DatabaseAvailabilityGroup -Identity DAG1 -ActiveDirectorySite Portland
This example activates member servers in the DAG DAG1 for the Active Directory site Portland. In this example, the
values for the AlternateWitnessServer parameter and the AlternateWitnessDirectory parameter had been
previously set by using the Set-DatabaseAvailabilityGroup cmdlet. Thus, there is no need to specify them here.
-------------------------- Example 2 --------------------------
Restore-DatabaseAvailabilityGroup -Identity DAG1 -ActiveDirectorySite Redmond -AlternateWitnessServer CAS4 -

AlternateWitnessDirectory D:\DAG1
This example activates member servers in the DAG DAG1 for the Active Directory site Redmond. In this example,
the values for the AlternateWitnessServer parameter and the AlternateWitnessDirectory parameter are being set as
part of the activation process.
Parameters
-ActiveDirectorySite
The ActiveDirectorySite parameter specifies the site containing the DAG members to be restored.
Required: False
Position: Named
Default value: None
-AlternateWitnessDirectory
The AlternateWitnessDirectory parameter specifies the name of an alternate directory used to store witness data.
The specified directory must not be in use by any other DAGs or used for any other purpose. This value can be
populated ahead by using the Set-DatabaseAvailabilityGroup cmdlet.
Required: False
Position: Named
Default value: None
-AlternateWitnessServer
The AlternateWitnessServer parameter specifies the name of a new witness server for the DAG as part of a site
activation process. This value can be populated ahead by using the Set-DatabaseAvailabilityGroup cmdlet.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name of the DAG being manipulated.
Required: True
Position: 1
Default value: None
-UsePrimaryWitnessServer
The UsePrimaryWitnessServer parameter specifies that the DAG's currently configured witness server should be
used if a witness is needed by the DAG members being activated.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Resume-MailboxDatabaseCopy
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Resume-MailboxDatabaseCopy cmdlet to unblock
activation or resume log copying and replay for a passive mailbox database copy. For information about the
Syntax
Resume-MailboxDatabaseCopy [-Identity] <DatabaseCopyIdParameter> [-ReplicationOnly]
[-Confirm]
Resume-MailboxDatabaseCopy [-Identity] <DatabaseCopyIdParameter> [-DisableReplayLag] [-DisableReplayLagReason

<String>]
[-Confirm]
Description
The Resume-MailboxDatabaseCopy cmdlet resumes replication and replay from a suspended state. If a database
copy was suspended without administrator intervention, it's because the database copy is in a bad state. You can
use the Get-MailboxDatabaseCopyStatus cmdlet to see if there are any messages indicating a failure. If the copy of
the database is in a bad state, resuming the copy causes replication to fail and the mailbox database copy to return
to a suspended state.
Examples
-------------------------- Example 1 --------------------------
Resume-MailboxDatabaseCopy -Identity DB1\MBX3
This example resumes replication and replay activity for the copy of the database DB1 hosted on the Mailbox
server MBX3.
-------------------------- Example 2 --------------------------
Resume-MailboxDatabaseCopy -Identity DB2\MBX4 -ReplicationOnly
This example resumes replication and replay activity for the copy of the database DB2 hosted on the Mailbox
server MBX4. After the copy is resumed, it remains administratively blocked for activation.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DisableReplayLag
The DisableReplayLag parameter specifies that any configured replay lag time for the database copy should be
disabled when the passive copy is resumed.
Required: True
Position: Named
Default value: None
-DisableReplayLagReason
The DisableReplayLagReason parameter is used with the DisableReplayLag parameter to specify an administrative
reason for disabling replay lag time for a passive copy.
Type: String
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name of the database whose copying is being resumed.
Required: True
Position: 1
Default value: None
-ReplicationOnly
The ReplicationOnly switch specifies whether to resume replication without affecting the activation setting (for
example, the ActivationSuspended property for the database copy remains set to True).
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-DatabaseAvailabilityGroup
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-DatabaseAvailabilityGroup cmdlet to configure
properties of a database availability group (DAG ). For information about the parameter sets in the Syntax section
Syntax
Set-DatabaseAvailabilityGroup [-Identity] <DatabaseAvailabilityGroupIdParameter>
[-ActivityState <NewDeployment | DotBuildUpgrade | Decom | PendingDotBuildUpgrade | DecomRemoveMailboxes |
DecomNoUpgrades | Discovered | Allocated | ReadyForAllocation | Spare>]
[-AllowCrossSiteRpcClientAccess]
[-AlternateWitnessDirectory <NonRootLocalLongFullPath>]
[-AlternateWitnessServer <FileShareWitnessServerName>]
[-AutoDagAllServersInstalled <$true | $false>]
[-AutoDagAutoRedistributeEnabled <$true | $false>]
[-AutoDagAutoReseedEnabled <$true | $false>]
[-AutoDagBitlockerEnabled <$true | $false>]
[-AutoDagDatabaseCopiesPerDatabase <Int32>]
[-AutoDagDatabaseCopiesPerVolume <Int32>]
[-AutoDagDatabasesRootFolderPath <NonRootLocalLongFullPath>]
[-AutoDagDiskReclaimerEnabled <$true | $false>]
[-AutoDagTotalNumberOfDatabases <Int32>]
[-AutoDagTotalNumberOfServers <Int32>]
[-AutoDagVolumesRootFolderPath <NonRootLocalLongFullPath>]
[-Confirm]
[-DagConfiguration <DatabaseAvailabilityGroupConfigurationIdParameter>]
[-DatabaseAvailabilityGroupIpAddresses <IPAddress[]>]
[-DatacenterActivationMode <Off | DagOnly>]
[-DiscoverNetworks]
[-FileSystem <NTFS | ReFS>]
[-ManualDagNetworkConfiguration <$true | $false>]
[-MetaCacheDatabaseVolumesPerServer <Int32>]
[-NetworkCompression <Disabled | Enabled | InterSubnetOnly | SeedOnly>]
[-NetworkEncryption <Disabled | Enabled | InterSubnetOnly | SeedOnly>]
[-PreferenceMoveFrequency <TimeSpan>]
[-ReplayLagManagerEnabled <$true | $false>]
[-ReplicationPort <UInt16>]
[-WhatIf]
[-WitnessDirectory <NonRootLocalLongFullPath>]
[-WitnessServer <FileShareWitnessServerName>]
Description
The Set-DatabaseAvailabilityGroup cmdlet enables you to manage DAG properties that can't be managed from the
Exchange admin center (EAC ), such as configuring network discovery, selecting the TCP port used for replication
and enabling datacenter activation coordination (DAC ) mode.
DAG property values are stored in both Active Directory and the cluster database. Because some properties are
stored in the cluster database, the underlying cluster for the DAG must have quorum to set the properties for:
ReplicationPort
NetworkCompression
NetworkEncryption
DiscoverNetworks
Examples
-------------------------- Example 1 --------------------------
Set-DatabaseAvailabilityGroup -Identity DAG1 -WitnessDirectory C:\DAG1DIR
This example sets the witness directory to C:\DAG1DIR for the DAG DAG1.
-------------------------- Example 2 --------------------------
Set-DatabaseAvailabilityGroup -Identity DAG1 -AlternateWitnessDirectory

C:\DAGFileShareWitnesses\DAG1.contoso.com -AlternateWitnessServer CAS3
This example preconfigures an alternate witness server of CAS3 and an alternate witness directory of
C:\DAGFileShareWitnesses\DAG1.contoso.com for the DAG DAG1.
-------------------------- Example 3 --------------------------
Set-DatabaseAvailabilityGroup -Identity DAG1 -DatabaseAvailabilityGroupIpAddresses 0.0.0.0
This example configures the DAG DAG1 to use DHCP to obtain an IP address.
-------------------------- Example 4 --------------------------
Set-DatabaseAvailabilityGroup -Identity DAG1 -DatabaseAvailabilityGroupIpAddresses 10.0.0.8
This example configures the DAG DAG1 to use a static IP address of 10.0.0.8.
-------------------------- Example 5 --------------------------
Set-DatabaseAvailabilityGroup -Identity DAG1 -DatabaseAvailabilityGroupIpAddresses 10.0.0.8,10.0.1.8
This example configures the multi-subnet DAG DAG1 with multiple static IP addresses.
-------------------------- Example 6 --------------------------
Set-DatabaseAvailabilityGroup -Identity DAG1 -ReplicationPort 63132
This example configures TCP port 63132 as the port used by replication for the DAG DAG1.
After changing the default replication port for a DAG, you must manually modify the Windows Firewall exceptions
on each member of the DAG to allow communication to occur over the specified port.
-------------------------- Example 7 --------------------------
Set-DatabaseAvailabilityGroup -Identity DAG1 -DatacenterActivationMode DagOnly
This example configures the DAG DAG1 for DAC mode.

-------------------------- Example 8 --------------------------
Set-DatabaseAvailabilityGroup -Identity DAG1 -AutoDagVolumesRootFolderPath C:\ExchVols -

AutoDagDatabasesRootFolderPath C:\ExchDBs -AutoDagDatabaseCopiesPerVolume 4
This example configures the DAG DAG1 for AutoReseed using custom mount point paths and 4 databases per
volume.
Parameters
-ActivityState
Type: NewDeployment | DotBuildUpgrade | Decom | PendingDotBuildUpgrade | DecomRemoveMailboxes | DecomNoUpgrades

| Discovered | Allocated | ReadyForAllocation | Spare
Required: False
Position: Named
Default value: None
-AllowCrossSiteRpcClientAccess
Required: False
Position: Named
Default value: None
-AlternateWitnessDirectory
The AlternateWitnessDirectory parameter specifies the name of an alternate directory that's used to store file share
witness data. The specified directory must not be in use by any other DAGs or used for any other purpose. This
parameter is used only as part of a datacenter switchover process. If the DAG is extended across multiple
datacenters in a site resilience configuration, we recommend preconfiguring the alternate witness server and
directory.
Required: False
Position: Named
Default value: None
-AlternateWitnessServer
The AlternateWitnessServer parameter specifies the name of an alternate server that's used to store file share
witness data. The specified server must not be a member of the DAG that's configured to use it. This parameter is
used only as part of a datacenter switchover process. If the DAG is extended across multiple datacenters in a site
resilience configuration, we recommend preconfiguring the alternate witness server and directory.
Required: False
Position: Named
Default value: None
-AutoDagAllServersInstalled

Required: False
Position: Named
Default value: None
-AutoDagAutoRedistributeEnabled
The AutoDagAutoRedistributeEnabled parameter specifies whether automatic DAG redistribution is enabled or
disabled during AutoReseed. The default value is $true (enabled).

Required: False
Position: Named
Default value: None
-AutoDagAutoReseedEnabled
The AutoDagAutoReseedEnabled is used to enable or disable Autoreseed. The default value is $true (enabled).

Required: False
Position: Named
Default value: None
-AutoDagBitlockerEnabled
Required: False
Position: Named
Default value: None
-AutoDagDatabaseCopiesPerDatabase
Type: Int32
Required: False
Position: Named
Default value: None
-AutoDagDatabaseCopiesPerVolume
The AutoDagDatabaseCopiesPerVolume parameter is used to specify the configured number of database copies
per volume. This parameter is used only with AutoReseed.
Type: Int32
Required: False
Position: Named
Default value: None
-AutoDagDatabasesRootFolderPath
The AutoDagDatabasesRootFolderPath parameter specifies the directory containing the database mount points
when using AutoReseed. This parameter is required when using AutoReseed. AutoReseed uses a default path of
C:\ExchangeDatabases.
Required: False
Position: Named
Default value: None
-AutoDagDiskReclaimerEnabled
The AutoDagDiskReclaimerEnabled is used to enable or disable the volume formatting functions used by
Autoreseed. The default value is $true (enabled). If you set this to $false, you will need to manually format the
volume before the database(s) can be reseeded.

Required: False
Position: Named
Default value: None
-AutoDagTotalNumberOfDatabases
Type: Int32
Required: False
Position: Named
Default value: None
-AutoDagTotalNumberOfServers
Type: Int32
Required: False
Position: Named
Default value: None
-AutoDagVolumesRootFolderPath
The AutoDagVolumesRootFolderPath parameter specifies the volume containing the mount points for all disks,
including spare disks, when using the AutoReseed feature of the DAG. This parameter is required when using
AutoReseed. AutoReseed uses a default path of C:\ExchangeVolumes.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DagConfiguration
Type: DatabaseAvailabilityGroupConfigurationIdParameter
Required: False
Position: Named
Default value: None
-DatabaseAvailabilityGroupIpAddresses
The DatabaseAvailabilityGroupIpAddresses parameter specifies one or more static IP addresses to the DAG when a
Mailbox server is added to a DAG. If you omit the DatabaseAvailabilityGroupIpAddresses parameter when creating
a DAG, the system attempts to lease one or more IP addresses from a Dynamic Host Configuration Protocol
(DHCP ) server in your organization to assign to the DAG. You must specify this parameter each time an additional
IP address is added to the DAG, such as in the case of multi-subnet DAGs. You must also specify all IP addresses
previously assigned to the DAG each time the DatabaseAvailabilityGroupIpAddresses parameter is used. Setting
the DatabaseAvailabilityGroupIpAddresses parameter to a value of 0.0.0.0 automatically configures the DAG to use
DHCP.
Type: IPAddress[]
Required: False
Position: Named
Default value: None
-DatacenterActivationMode
The DatacenterActivationMode parameter specifies the datacenter activation mode for the DAG. Valid values are:
Off: Datacenter activation mode is disabled.
DagOnly: Datacenter activation mode is enabled.
Type: Off | DagOnly

Required: False
Position: Named
Default value: None
-DiscoverNetworks
The DiscoverNetworks switch specifies whether to force a rediscovery of the network and network interfaces. You
By default, internal network heartbeats are sent between DAG members on the same subnet. If there's no response
to the heartbeats, network discovery is performed automatically by the system. If you add or remove networks or
change DAG network subnets, you can force rediscovery of all DAG networks by using the DiscoverNetworks
switch.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-FileSystem
The FileSystem parameter specifies the file system that's used for the DAG. Valid values are:
NTFS
ReFS
Type: NTFS | ReFS

Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name of the DAG that you want to modify.
Required: True
Position: 1
Default value: None
-ManualDagNetworkConfiguration
The ManualDagNetworkConfiguration parameter specifies whether DAG networks should be automatically
configured. If this parameter is set to $false, DAG networks are automatically configured. If this parameter is set to
$true, you must manually configure DAG networks.

Required: False
Position: Named
Default value: None
-MetaCacheDatabaseVolumesPerServer
Type: Int32
Required: False
Position: Named
Default value: None
-NetworkCompression
The NetworkCompression parameter specifies the network compression option for the DAG. Valid values are:
Disabled: Network compression is disabled on all networks.
Enabled: Network compression is enabled on all networks.
InterSubnetOnly: Network compression is enabled only for inter-subnet communication.
SeedOnly: Network compression is enabled only for seeding.
Type: Disabled | Enabled | InterSubnetOnly | SeedOnly

Required: False
Position: Named
Default value: None
-NetworkEncryption
The NetworkEncryption parameter specifies the network encryption option for the DAG. Valid values are:
Disabled: Network encryption is disabled on all networks.
Enabled: Network encryption is enabled on all networks.
InterSubnetOnly: Network encryption is enabled only for inter-subnet communication.
SeedOnly: Network encryption is enabled only for seeding.
Type: Disabled | Enabled | InterSubnetOnly | SeedOnly

Required: False
Position: Named
Default value: None
-PreferenceMoveFrequency
The PreferenceMoveFrequency parameter specifies how frequently the Microsoft Exchange Replication service
inspects and automatically rebalances the database copies. If the most preferred database copy
(ActivationPreference value of 1) isn't the active copy, the most preferred database copy is activated by performing
a lossless switchover.
seconds.
The default value is 01:00:00 (1 hour). To disable this feature, specify the value
([System.Threading.Timeout]::InfiniteTimeSpan).
Type: TimeSpan
Required: False
Position: Named
Default value: None
-ReplayLagManagerEnabled
The ReplayLagManagerEnabled parameter specifies whether to disable the automatic playdown of log files for a
lagged database copy.

Required: False
Position: Named
Default value: None
-ReplicationPort
The ReplicationPort parameter specifies a Transmission Control Protocol (TCP ) port for replication (log shipping
and seeding) activity. If this parameter isn't specified, the default port for replication is TCP 64327.
Type: UInt16
Required: False
Position: Named
Default value: None
-SkipDagValidation
health check on the DAG's witness when configuring the DAG. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-WitnessDirectory
The WitnessDirectory parameter specifies the name of the directory on the server that's used to store file share
witness data. The specified directory must not be in use by any other DAGs.
Required: False
Position: Named
Default value: None
-WitnessServer
The WitnessServer parameter specifies the name of a server that will act as a witness for the DAG. The server
specified can't be a member of the DAG.
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-DatabaseAvailabilityGroupNetwork
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-DatabaseAvailabilityGroupNetwork cmdlet to
configure a network for a database availability group (DAG ). For information about the parameter sets in the Syntax
Syntax
Set-DatabaseAvailabilityGroupNetwork [-Identity] <DatabaseAvailabilityGroupNetworkIdParameter> [-Confirm]
[-Description <String>] [-DomainController <Fqdn>] [-IgnoreNetwork <$true | $false>] [-Name <String>]
[-ReplicationEnabled <$true | $false>] [-Subnets <DatabaseAvailabilityGroupSubnetId[]>] [-WhatIf]
Description
You can configure a variety of network properties, such as the name for the network, a description of the network, a
list of one or more subnets that comprise the network and whether the network is enabled for replication (log
shipping and seeding).
Examples
-------------------------- Example 1 --------------------------
Set-DatabaseAvailabilityGroupNetwork -Identity DAG1\DAGNetwork01 -ReplicationEnabled:$true
This example enables the DAG network DAGNetwork01 in the DAG DAG1 for replication.
-------------------------- Example 2 --------------------------
Set-DatabaseAvailabilityGroupNetwork -Identity DAG2\DAGNetwork02 -ReplicationEnabled:$false -

IgnoreNetwork:$true
This example disables the DAG network DAGNetwork02 in the DAG DAG2 for replication and configures the DAG
to ignore the network.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Description
The Description parameter specifies an optional description for the DAG network.
Type: String
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the DAG network being configured.
Required: True
Position: 1
Default value: None
-IgnoreNetwork
The IgnoreNetwork parameter indicates that the specified network should be ignored and not used by the DAG.
Required: False
Position: Named
Default value: None
-Name
The Name parameter provides a name for the DAG network.
Type: String
Required: False
Position: Named
Default value: None
-ReplicationEnabled
The ReplicationEnabled parameter specifies whether the network can be used for replication activity. If this
parameter isn't specified, the default behavior is to enable the network for replication.

Required: False
Position: Named
Default value: None
-Subnets
The Subnets parameter specifies one or more subnets that are associated with the DAG network.
Type: DatabaseAvailabilityGroupSubnetId[]
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-MailboxDatabaseCopy
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-MailboxDatabaseCopy cmdlet to configure the
properties of a database copy. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Set-MailboxDatabaseCopy [-Identity] <DatabaseCopyIdParameter> [-ActivationPreference <UInt32>] [-Confirm] [-
DatabaseCopyAutoActivationPolicy <DatabaseCopyAutoActivationPolicyType>] [-DomainController <Fqdn>] [-
ReplayLagMaxDelay <EnhancedTimeSpan>] [-ReplayLagTime <EnhancedTimeSpan>] [-TruncationLagTime
<EnhancedTimeSpan>] [-WhatIf] [<CommonParameters>]
Description
With this cmdlet, you can configure the replay lag time, truncation lag time, and activation preference value for a
mailbox database copy.
Examples
-------------------------- Example 1 --------------------------
Set-MailboxDatabaseCopy -Identity DB2\MBX1 -ReplayLagTime 3.0:0:0
This example configures the replay lag time with a value of 3 days for a copy of the database DB2 hosted on the
Mailbox server MBX1.
-------------------------- Example 2 --------------------------
Set-MailboxDatabaseCopy -Identity DB1\MBX2 -ActivationPreference 3
This example configures an activation preference of 3 for the copy of the database DB1 hosted on the Mailbox
server MBX2.
Parameters
-ActivationPreference
The ActivationPreference parameter value is used as part of Active Manager's best copy selection process and to
redistribute active mailbox databases throughout the database availability group (DAG ) when using the
RedistributeActiveDatabases.ps1 script. The value for the ActivationPreference parameter is a number equal to or
greater than 1, where 1 is at the top of the preference order. The position number can't be larger than the number
of database copies of the mailbox database.
Type: UInt32
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DatabaseCopyAutoActivationPolicy
Type: Unrestricted | IntrasiteOnly | Blocked

Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name of the database whose copy is being modified.
Required: True
Position: 1
Default value: None
-ReplayLagMaxDelay
The ReplayLagMaxDelay parameter specifies the maximum delay for lagged database copy play down (also known
as deferred lagged copy play down). If the disk read IO latency is greater than 25 ms, lagged copy play down is
delayed up to the value of this parameter.
seconds.
The default value is 24:00:00 (24 hours). To disable deferred lagged copy play down, specify the value
([TimeSpan]::Zero).
Note that when the disk is running out of space, the value of this parameter is ignored, and lagged copy play down
occurs without delay.
Required: False
Position: Named
Default value: None
-ReplayLagTime
The ReplayLagTime parameter specifies the amount of time that the Microsoft Exchange Replication service should
wait before replaying log files that have been copied to the passive database copy. Setting this parameter to a value
greater than 0 creates a lagged database copy.
seconds.
The maximum allowable setting for this value is 14 days. The minimum allowable setting is 0 seconds, and setting
this value to 0 seconds eliminates any delay in log replay activity.
For example, to specify a 14-day replay lag period, enter 14.00:00:00. The default value is 00.00:00:00, which
specifies that there's no replay lag.
Required: False
Position: Named
Default value: None
-TruncationLagTime
The TruncationLagTime parameter specifies the amount of time that the Microsoft Exchange Replication service
should wait before truncating log files that have replayed into the passive copy of the database. The time period
begins after the log has been successfully replayed into the copy of the database.
seconds.
(14 days).
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Start-DatabaseAvailabilityGroup
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Start-DatabaseAvailabilityGroup cmdlet to
reincorporate one or more previously failed members of a database availability group (DAG ). For information
Syntax
Start-DatabaseAvailabilityGroup [-Identity] <DatabaseAvailabilityGroupIdParameter> -ActiveDirectorySite
<AdSiteIdParameter>
[-Confirm]
Start-DatabaseAvailabilityGroup [-Identity] <DatabaseAvailabilityGroupIdParameter> -MailboxServer

<MailboxServerIdParameter>
[-Confirm]
Description
The Start-DatabaseAvailabilityGroup cmdlet is used to activate DAG members in a recovered datacenter after a
datacenter switchover, as part of the switchback process to the recovered datacenter. The Start-
DatabaseAvailabilityGroup cmdlet manipulates configuration and state so that the servers are incorporated into the
operating DAG, and joined to the DAG's underlying cluster. The Move-ActiveMailboxDatabase cmdlet is then used
to activate databases in the primary datacenter.
Examples
-------------------------- Example 1 --------------------------
Start-DatabaseAvailabilityGroup -Identity DAG1 -MailboxServer MBX2
This example starts the Mailbox server MBX2 in the DAG DAG1.
-------------------------- Example 2 --------------------------
Start-DatabaseAvailabilityGroup -Identity DAG1 -ActiveDirectorySite Redmond
This example starts the members of the DAG DAG1 in the Active Directory site Redmond.
Parameters
The ActiveDirectorySite parameter specifies whether to start all DAG members in the specified site.
Required: True
Position: Named
Default value: None
-ConfigurationOnly
The ConfigurationOnly switch specifies whether to update the Active Directory properties with the start action, but
doesn't perform a start of the DAG or any members.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name of the DAG being started.
Required: True
Position: 1
Default value: None
-MailboxServer
The MailboxServer parameter specifies whether to start a single DAG member.
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Stop-DatabaseAvailabilityGroup
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Stop-DatabaseAvailabilityGroup cmdlet to mark a
member of a database availability group (DAG ) as failed, or to mark all DAG members in a specific Active Directory
site as failed. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Stop-DatabaseAvailabilityGroup [-Identity] <DatabaseAvailabilityGroupIdParameter> -ActiveDirectorySite
<AdSiteIdParameter>
[-Confirm]
Stop-DatabaseAvailabilityGroup [-Identity] <DatabaseAvailabilityGroupIdParameter> -MailboxServer

<MailboxServerIdParameter>
[-Confirm]
Description
The Stop-DatabaseAvailabilityGroup cmdlet is used during a datacenter switchover. This cmdlet is used to mark
one or members of the DAG as failed (also known as stopped).The Stop-DatabaseAvailabilityGroup cmdlet can be
run against a DAG only when the DAG is configured with a DatacenterActivationMode value of DagOnly.
Examples
-------------------------- Example 1 --------------------------
Stop-DatabaseAvailabilityGroup -Identity DAG1 -MailboxServer MBX2
This example stops the Mailbox server MBX2 in the DAG DAG1.
-------------------------- Example 2 --------------------------
Stop-DatabaseAvailabilityGroup -Identity DAG1 -ActiveDirectorySite Redmond
This example stops all members in the DAG DAG1 in the Active Directory site Redmond.
-------------------------- Example 3 --------------------------
Stop-DatabaseAvailabilityGroup -Identity DAG2 -MailboxServer MBX3 -ConfigurationOnly
This example stops the Mailbox server MBX3, which is currently offline, in the DAG DAG2.
Parameters
The ActiveDirectorySite parameter specifies the Active Directory site containing the DAG members to stop (for
example, stop all DAG members in a particular Active Directory site).
Required: True
Position: Named
Default value: None
-ConfigurationOnly
The ConfigurationOnly parameter updates the Active Directory properties with the stop action, but doesn't perform
a stop of the DAG or any members. This parameter must be used when the DAG member servers are offline, but
Active Directory is up and accessible in the primary datacenter.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name of the DAG being stopped.
Required: True
Position: 1
Default value: None
-MailboxServer
The MailboxServer parameter specifies a single DAG member to stop. If Datacenter Activation Coordination mode
is enabled for the DAG and all DAG members are in the same Active Directory site, use the MailboxServer
parameter to stop individual DAG members instead of the ActiveDirectorySite parameter when stopping failed
DAG members.
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Suspend-MailboxDatabaseCopy
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Suspend-MailboxDatabaseCopy cmdlet to block
replication and replay activities (log copying and replay) or activation for a database configured with two or more
database copies. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Suspend-MailboxDatabaseCopy [-Identity] <DatabaseCopyIdParameter> [-EnableReplayLag]
[-Confirm]
Suspend-MailboxDatabaseCopy [-Identity] <DatabaseCopyIdParameter> [-ActivationOnly] [-SuspendComment <String>]

[-Confirm]
Description
Examples
-------------------------- Example 1 --------------------------
Suspend-MailboxDatabaseCopy -Identity DB1\MBX3 -SuspendComment "Maintenance on MBX3"
This example suspends replication and replay activity for the copy of the database DB1 hosted on the Mailbox
server MBX3. An optional administrative reason for the suspension is specified.
-------------------------- Example 2 --------------------------
Suspend-MailboxDatabaseCopy -Identity DB3\MBX2 -ActivationOnly
This example only suspends activation for the copy of the database DB3 hosted on the Mailbox server MBX2.
Parameters
-ActivationOnly
The ActivationOnly switch specifies whether to suspend only activation for the mailbox database copy.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-EnableReplayLag
Required: True
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name of the database copy being suspended.
Required: True
Position: 1
Default value: None
-SuspendComment
The SuspendComment parameter specifies the reason that the database copy is being suspended. This parameter
is limited to 512 characters.
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Test-ReplicationHealth
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Test-ReplicationHealth cmdlet to check all aspects of
replication and replay, or to provide status for a specific Mailbox server in a database availability group (DAG ). For
Syntax
Test-ReplicationHealth [[-Identity] <ServerIdParameter>] [-ActiveDirectoryTimeout <Int32>] [-Confirm]
[-DomainController <Fqdn>] [-MonitoringContext <$true | $false>] [-OutputObjects]
[-TransientEventSuppressionWindow <UInt32>] [-WhatIf]
[-DatabaseAvailabilityGroup <DatabaseAvailabilityGroupIdParameter>] [<CommonParameters>]
Description
The Test-ReplicationHealth cmdlet is designed for the proactive monitoring of continuous replication and the
continuous replication pipeline, the availability of Active Manager and the health and status of the underlying
cluster service, quorum and network components. The Test-ReplicationHealth cmdlet can be run locally or remotely
against any Mailbox server in a DAG.
Examples
-------------------------- Example 1 --------------------------
Test-ReplicationHealth -Identity MBX1
This example tests the health of replication for the Mailbox server MBX1.
Parameters
-ActiveDirectoryTimeout
The ActiveDirectoryTimeout parameter specifies the time interval in seconds that's allowed for each directory
service operation before the operation times out. The default value is 15 seconds.
Type: Int32
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DatabaseAvailabilityGroup
The DatabaseAvailabilityGroup parameter specifies whether to test all servers in the specified DAG. You can use
any value that uniquely identifies the DAG. For example:
Name
GUID
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Mailbox server that you want to test. You can use any value that uniquely
Name
FQDN
ExchangeLegacyDN
You can't use this parameter with the DatabaseAvailabilityGroup parameter.
Required: False
Position: 1
Default value: None
-MonitoringContext
The MonitoringContext parameter specifies whether to include the associated monitoring events and performance
counters in the results. Valid values for this parameter are $true or $false. The default value is $false. If you specify
the value $true, the monitoring events and performance counters are included in the command results. Typically,
you include the monitoring events and performance counters in the results when the output is passed to Microsoft
System Center Operations Manager (SCOM ).

Required: False
Position: Named
Default value: None
-OutputObjects
The OutputObjects switch specifies whether to output an array of information regarding failures. You don't need to
Required: False
Position: Named
Default value: None
-TransientEventSuppressionWindow
The TransientEventSuppressionWindow parameter specifies the number of minutes that the queue lengths can be
exceeded before the queue length tests are considered to have failed. This parameter is used to reduce the number
of failures due to transient load generation.
Type: UInt32
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Update-MailboxDatabaseCopy
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Update-MailboxDatabaseCopy cmdlet to seed or
reseed a mailbox database copy. For information about the parameter sets in the Syntax section below, see
Syntax
Update-MailboxDatabaseCopy [-Identity] <DatabaseCopyIdParameter> [-CancelSeed]
[-Confirm]
Update-MailboxDatabaseCopy [-Identity] <DatabaseCopyIdParameter> [-BeginSeed] [-Force] [-Network

<DatabaseAvailabilityGroupNetworkIdParameter>] [-SecondaryDatabasePartitionOnly] [-SourceServer
<ServerIdParameter>]
[-CatalogOnly]
[-Confirm]
[-DatabaseOnly]
[-DeleteExistingFiles]
[-ManualResume]
[-NetworkCompressionOverride <UseDagDefault | Off | On>]
[-NetworkEncryptionOverride <UseDagDefault | Off | On>]
[-NoThrottle]
[-PrimaryDatabasePartitionOnly]
[-SafeDeleteExistingFiles]
Update-MailboxDatabaseCopy -Server <MailboxServerIdParameter> [-MaximumSeedsInParallel <Int32>]

[-CatalogOnly]
[-Confirm]
[-DatabaseOnly]
[-DeleteExistingFiles]
[-ManualResume]
[-NetworkCompressionOverride <UseDagDefault | Off | On>]
[-NetworkEncryptionOverride <UseDagDefault | Off | On>]
[-NoThrottle]
[-PrimaryDatabasePartitionOnly]
[-SafeDeleteExistingFiles]
Description
Seeding is the process in which a copy of a mailbox database is added to another Mailbox server. This becomes the
database copy into which copied log files and data are replayed.
The Update-MailboxDatabaseCopy cmdlet can also be used to seed a content index catalog for a mailbox database
copy. When you do this, the MAPI network is used, regardless of the value you specify with the Network parameter.
You must suspend a database copy before you can update it using the Update-MailboxDatabaseCopy cmdlet. For
detailed steps about how to suspend a database copy, see Suspend or resume a mailbox database copy
Examples
-------------------------- Example 1 --------------------------
Update-MailboxDatabaseCopy -Identity DB1\MBX1
This example seeds a copy of the database DB1 on the Mailbox server MBX1.
-------------------------- Example 2 --------------------------
Update-MailboxDatabaseCopy -Identity DB1\MBX1 -SourceServer MBX2
This example seeds a copy of the database DB1 on the Mailbox server MBX1 using MBX2 as the source Mailbox
server for the seed.
-------------------------- Example 3 --------------------------
Update-MailboxDatabaseCopy -Identity DB1\MBX1 -DatabaseOnly
This example seeds a copy of the database DB1 on the Mailbox server MBX1 without seeding the content index
catalog.
-------------------------- Example 4 --------------------------
Update-MailboxDatabaseCopy -Identity DB1\MBX1 -CatalogOnly
This example seeds the content index catalog for the copy of the database DB1 on the Mailbox server MBX1
without seeding the database file. The content index catalog seeding occurs over the MAPI network.
-------------------------- Example 5 --------------------------
Update-MailboxDatabaseCopy -Server MBX1
This example performs a full server reseed of all of the databases on the Mailbox server MBX1.
Parameters
-BeginSeed
The BeginSeed switch asynchronously starts the seeding operation and then exits the cmdlet. You don't need to
This switch is useful for scripting reseeds.
Required: False
Position: Named
Default value: None
-CancelSeed
The CancelSeed switch specifies whether to cancel an in-progress seeding operation. You don't need to specify a
Required: True
Position: Named
Default value: None
-CatalogOnly
The CatalogOnly switch specifies that only the content index catalog for the database copy should be seeded. You
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DatabaseOnly
The DatabaseOnly switch specifies that only the database copy should be seeded. The content index catalog isn't
seeded. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-DeleteExistingFiles
The DeleteExistingFiles switch specifies whether to remove the existing log files at the target location. You don't
This switch removes only the files that it checks for and fails if other files are present. No action is taken on other
files at the target location. Therefore, if database-related files are present, you must manually remove them.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name or GUID of the mailbox database whose copy is being seeded.
Required: True
Position: 1
Default value: None
-ManualResume
The ManualResume switch specifies whether to automatically resume replication on the database copy. You don't
With this switch, you can manually resume replication to the database copy.
Required: False
Position: Named
Default value: None
-MaximumSeedsInParallel
The MaximumSeedsInParallel parameter is used with the Server parameter to specify the maximum number of
parallel seeding operations that should occur across the specified server during a full server reseed operation. The
Type: Int32
Required: False
Position: Named
Default value: None
-Network
The Network parameter specifies which DAG network should be used for seeding. Note that content index catalog
seeding always occurs over the MAPI network, even if you use this parameter to specify the DAG network.
Required: False
Position: Named
Default value: None
-NetworkCompressionOverride
The NetworkCompressionOverride parameter specifies whether to override the current DAG network compression
settings.
Type: UseDagDefault | Off | On

Required: False
Position: Named
Default value: None
-NetworkEncryptionOverride
The NetworkEncryptionOverride parameter specifies whether to override the current DAG encryption settings.
Type: UseDagDefault | Off | On

Required: False
Position: Named
Default value: None
-NoThrottle
The NoThrottle switch prevents the seeding operation from being throttled. You don't need to specify a value with
this switch.
Required: False
Position: Named
Default value: None
-PrimaryDatabasePartitionOnly
Required: False
Position: Named
Default value: None
-SafeDeleteExistingFiles
The SafeDeleteExistingFiles switch specifies a seeding operation with a single copy redundancy pre-check prior to
the seed. You don't need to specify a value with this switch.
Because this switch includes the redundancy safety check, it requires a lower level of permissions than the
DeleteExistingFiles parameter. Limited permission administrators can perform the seeding operation by using this
switch.
Required: False
Position: Named
Default value: None
-SecondaryDatabasePartitionOnly
Required: False
Position: Named
Default value: None
-Server
The Server parameter is used as part of a full server reseed operation. It can be used with the
MaximumSeedsInParallel parameter to start reseeds of database copies in parallel across the specified server in
batches of up to the value of the MaximumSeedsInParallel parameter copies at a time.
Required: True
Position: Named
Default value: None
-SourceServer
The SourceServer parameter specifies the Mailbox server with a passive copy of the mailbox database to be used
as the source for the seed operation.
Name
FQDN
ExchangeLegacyDN
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Clear-ActiveSyncDevice
In ths Article
may be exclusive to one environment or the other. Use the Clear-ActiveSyncDevice cmdlet to delete all data from a
mobile device. Note: In Exchange 2013 or later, use the Clear-MobileDevice cmdlet instead. If you have scripts that
use Clear-ActiveSyncDevice, update them to use Clear-MobileDevice. For information about the parameter sets in
Syntax
Clear-ActiveSyncDevice [-Identity] <ActiveSyncDeviceIdParameter> [-Cancel] [-Confirm]
[-DomainController <Fqdn>] [-NotificationEmailAddresses <MultiValuedProperty>] [-WhatIf] [<CommonParameters>]
Description
The Clear-ActiveSyncDevice cmdlet deletes all user data from a mobile device the next time the device receives
data from the Microsoft Exchange server. This cmdlet sets the DeviceWipeStatus parameter to $true. The mobile
device acknowledges the cmdlet and records the time stamp in the DeviceWipeAckTime parameter.
After you run this cmdlet, you receive a warning that states: "This command will force all the data on the device to
be permanently deleted. Do you want to continue?" You must respond to the warning for the cmdlet to run on the
mobile phone.
Examples
-------------------------- Example 1 --------------------------
Clear-ActiveSyncDevice -Identity WM_JeffHay
This example clears all data from the mobile device with the identity WM_JeffHay.
-------------------------- Example 2 --------------------------
Clear-ActiveSyncDevice -Identity WM_TonySmith -NotificationEmailAddresses "tony@contoso.com"
This example clears all data from the mobile device for Tony Smith and sends a confirmation email message to
tony@contoso.com.
-------------------------- Example 3 --------------------------
Clear-ActiveSyncDevice -Identity WM_TonySmith -Cancel $true
This example cancels a previously sent Clear-ActiveSyncDevice command request for Tony Smith's mobile device.
Parameters
-Cancel
The Cancel switch specifies whether the command should be canceled. If you use the Cancel switch, a cancellation
request is issued for the remote device wipe.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the identity of the device that you want to reset.
Type: ActiveSyncDeviceIdParameter
Required: True
Position: 1
Default value: None
-NotificationEmailAddresses
The NotificationEmailAddresses parameter specifies the notification email address for the remote device wipe
confirmation.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Clear-MobileDevice
In ths Article
may be exclusive to one environment or the other. Use the Clear-MobileDevice cmdlet to delete all data from a
mobile phone. This action is often called a remote device wipe. For information about the parameter sets in the
Syntax
Clear-MobileDevice [-Identity] <MobileDeviceIdParameter> [-Cancel] [-Confirm] [-DomainController <Fqdn>]
[-NotificationEmailAddresses <MultiValuedProperty>] [-WhatIf] [-AccountOnly] [<CommonParameters>]
Description
The Clear-MobileDevice cmdlet deletes all user data from a mobile device the next time that the device receives
data from the Microsoft Exchange server. This cmdlet sets the DeviceWipeStatus parameter to $true. The mobile
device acknowledges the cmdlet and records the time stamp in the DeviceWipeAckTime parameter.
After you run this cmdlet, you receive a warning that states: "This command will force all the data on the device to
be permanently deleted. Do you want to continue?" You must respond to the warning for the cmdlet to run on the
mobile phone.
Examples
-------------------------- Example 1 --------------------------
Clear-MobileDevice -Identity WM_JeffHay
This example clears all data from the mobile device with the Identity WM_JeffHay.
-------------------------- Example 2 --------------------------
Clear-MobileDevice -Identity WM_TonySmith -NotificationEmailAddresses "tony@contoso.com"
This example clears all data from the mobile device for Tony Smith and sends a confirmation email message to
tony@contoso.com.
-------------------------- Example 3 --------------------------
Clear-MobileDevice -Identity WM_TonySmith -Cancel
This example cancels a previously sent Clear-MobileDevice command request for Tony Smith's mobile device.
Parameters
-AccountOnly
The AccountOnly switch specifies whether to perform an account-only remote device wipe where only Exchange
mailbox data is removed from the device. You don't need to specify a value with this switch.
You don't need to use this switch for the DeviceType value Outlook, because an account-only remote devices wipe
is the only type of wipe that's used on Outlook devices.
Required: False
Position: Named
Default value: None
-Cancel
The Cancel switch cancels a pending remote device wipe request. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the identity of the device that you want to reset.
Type: MobileDeviceIdParameter
Required: True
Position: 1
Default value: None
The NotificationEmailAddresses parameter specifies the notification email address for the remote device wipe
confirmation. You can specify multiple values separated by commas.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Export-ActiveSyncLog
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Export-ActiveSyncLog cmdlet to parse the Internet
Information Services (IIS ) logs and return information about Microsoft Exchange ActiveSync usage, either on the
screen or in an output file. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Export-ActiveSyncLog -Filename <String> [-Confirm] [-EndDate <DateTime>] [-Force] [-OutputPath <String>]
[-OutputPrefix <String>] [-StartDate <DateTime>] [-UseGMT] [-WhatIf] [<CommonParameters>]
Description
The Export-ActiveSyncLog cmdlet parses the IIS log files and returns information about Exchange ActiveSync
usage. This cmdlet can export the output to a file or display it in the Exchange Management Shell.
Examples
-------------------------- Example 1 --------------------------
Export-ActiveSyncLog -Filename:"c:\Windows\System32\LogFiles\W2SVC1\ex060818.log" -StartDate:"06/08/18" -

EndDate:"06/09/18" -UseGMT:$true -OutputPath:"c:\exreports\easreports"
This example exports the Exchange ActiveSync log for the date range 06/08/18 to 06/09/18. The times on the
report are in Coordinated Universal Time (UTC ) and the report is saved in c:\exreports\easreports.
-------------------------- Example 2 --------------------------
Dir D:\Logs\*.log | Export-ActiveSyncLog -Filename:"c:\Windows\System32\LogFiles\W2SVC1\ex072018.log" -

StartDate:"06/20/18" -EndDate:"07/20/18" -UseGMT:$true -Force $true -Confirm -
OutputPath:"c:\exreports\easreports"
This example exports the Exchange ActiveSync log for the date range 06/20/18 to 07/20/18 by reading all log files
in the D:\logs directory. All prompts are suppressed while running the report and a confirmation message is
displayed. The times on the report are in UTC and the report is saved in c:\exreports\easreports.
-------------------------- Example 3 --------------------------
Export-ActiveSyncLog -Filename: "c:\Windows\System32\LogFiles\W2SVC1\ex020918.log" -StartDate:"02/01/18" -
EndDate:"02/09/18" -UseGMT:$true -OutputPath:"c:\exreports\easreports"
This example exports the Exchange ActiveSync log for the date range 02/01/18 to 02/09/18. The times on the
report are in UTC, and the report is saved in c:\exreports\easreports.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-EndDate
The EndDate parameter specifies the end date of the date range of the report.
Type: DateTime
Required: False
Position: Named
Default value: None
-Filename
The Filename parameter specifies the name of the input file.
Type: String
Required: True
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-OutputPath
The OutputPath parameter specifies the name and location for the output file.
Type: String
Required: False
Position: Named
Default value: None
-OutputPrefix
The OutputPrefix parameter specifies a prefix to append to the name of the output file.
Type: String
Required: False
Position: Named
Default value: None
-StartDate
The StartDate parameter specifies the start date of the date range for the report.
Type: DateTime
Required: False
Position: Named
Default value: None
-UseGMT
The UseGMT switch specifies that Coordinated Universal Time (Greenwich Mean Time) is used for the time in the
report output. By default, if this parameter isn't specified, local time is used.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-ActiveSyncDevice
In ths Article
may be exclusive to one environment or the other. Use the Get-ActiveSyncDevice cmdlet to retrieve the list of
devices in your organization that have active Exchange ActiveSync partnerships. Note: In Exchange 2013 or later,
use the Get-MobileDevice cmdlet instead. If you have scripts that use Get-ActiveSyncDevice, update them to use
Get-MobileDevice. For information about the parameter sets in the Syntax section below, see Exchange cmdlet
Syntax
Get-ActiveSyncDevice -Mailbox <MailboxIdParameter>
[-Filter <String>]
[-SortBy <String>] [-Monitoring] [<CommonParameters>]
Get-ActiveSyncDevice [[-Identity] <ActiveSyncDeviceIdParameter>]

[-Filter <String>]
[-SortBy <String>] [-Monitoring] [<CommonParameters>]
Description
The Get-ActiveSyncDevice cmdlet returns identification, configuration and status information for each device.
Examples
-------------------------- Example 1 --------------------------
Get-ActiveSyncDevice -Identity "TonySmith"
This example returns all the Exchange ActiveSync mobile devices that Tony Smith has used that are associated with
his mailbox.
-------------------------- Example 2 --------------------------
Get-ActiveSyncDevice -Mailbox "Redmond\TonySmith"
his mailbox.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Filter
ClientType
DeviceAccessControlRule
DeviceAccessState
DeviceAccessStateReason
DeviceActiveSyncVersion
DeviceId
DeviceImei
DeviceMobileOperator
DeviceModel
DeviceOS
DeviceOSLanguage
DeviceTelephoneNumber
DeviceType
DeviceUserAgent
FirstSyncTime
FriendlyName
ProvisioningFlags
UserDisplayName
Type: String
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the ActiveSync device that you want to view. You can use any value that uniquely
identifies the device. For example:
GUID
DeviceIdentity
Multi-TenantID
Required: False
Position: 1
Default value: None
-Mailbox
The Mailbox parameter specifies the mailbox that has the associated ActiveSync device that you want to view. You
can use any value that uniquely identifies the mailbox. For example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: Named
Default value: None
-Monitoring
with this switch.
Required: False
Position: Named
Default value: None
-OrganizationalUnit
Name
Canonical name
GUID
Required: False
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
-SortBy
DeviceAccessState
DeviceId
DeviceImei
DeviceModel
DeviceOS
DeviceOSLanguage
DeviceType
DeviceUserAgent
FirstSyncTime
FriendlyName
UserDisplayName
Type: String
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-ActiveSyncDeviceAccessRule
In ths Article
may be exclusive to one environment or the other. Use the Get-ActiveSyncDeviceAccessRule cmdlet to retrieve an
access group of Exchange mobile devices along with their access level. For information about the parameter sets in
Syntax
Get-ActiveSyncDeviceAccessRule [[-Identity] <ActiveSyncDeviceAccessRuleIdParameter>]
Description
You can create multiple groups of devices: allowed devices, blocked devices, and quarantined devices with the New -
ActiveSyncDeviceAccessRule cmdlet. The Get-ActiveSyncDeviceAccessRule cmdlet retrieves the settings for any
existing group.
Examples
-------------------------- Example 1 --------------------------
Get-ActiveSyncDeviceAccessRule | where {$_.AccessLevel -eq 'Block'}
This example lists all the rules currently blocking mobile phones.
-------------------------- Example 2 --------------------------
Get-ActiveSyncDeviceAccessRule | Format-List Characteristic, QueryString, AccessLevel
This example lists all device access rules set up on the server.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the unique identifier for the device access rule.
Type: ActiveSyncDeviceAccessRuleIdParameter
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-ActiveSyncDeviceAutoblockThreshold
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-ActiveSyncDeviceAutoblockThreshold cmdlet
to obtain the Autoblock settings for Microsoft Exchange ActiveSync mobile devices.. For information about the
Syntax
Get-ActiveSyncDeviceAutoblockThreshold [[-Identity] <ActiveSyncDeviceAutoblockThresholdIdParameter>]
Description
Microsoft Exchange and Exchange ActiveSync have the capability to block Exchange ActiveSync mobile devices if
these devices display any of a defined list of behaviors that have the capability to cause issues with the server. The
Get-ActiveSyncDeviceAutoblockThreshold cmdlet returns the settings for the requested threshold rule.
Examples
-------------------------- Example 1 --------------------------
Get-ActiveSyncDeviceAutoblockThreshold -Identity "UserAgentChanges"
This example retrieves the threshold settings for the Autoblock threshold rule for UserAgentChanges.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name of the Autoblock threshold rule.
Type: ActiveSyncDeviceAutoblockThresholdIdParameter
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-ActiveSyncDeviceClass
In ths Article
may be exclusive to one environment or the other. Use the Get-ActiveSyncDeviceClass cmdlet to retrieve a list of
ActiveSync devices that have connected to your organization. The cmdlet returns the mobile device type and model
information. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Get-ActiveSyncDeviceClass [[-Identity] <ActiveSyncDeviceClassIdParameter>] [-DomainController <Fqdn>]
[-Filter <String>] [-SortBy <String>] [<CommonParameters>]
Description
You can use this cmdlet to view a list of mobile phones or devices by type. For example, you can return a list of all
Android mobile digital devices in the organization or all Windows Phone devices in the organization.
Examples
-------------------------- Example 1 --------------------------
Get-ActiveSyncDeviceClass -Filter {DeviceType -eq "WP"}
This example returns a list of all Windows Phones.

-------------------------- Example 2 --------------------------
Get-ActiveSyncDeviceClass | group-object -property DeviceType
This example lists all device types within the organization along with a count of the number of devices of each type
present.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Filter
DeviceModel
DeviceType
LastUpdateTime
Type: String
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the ActiveSync device class that you want to view. You can use any value that
uniquely identifies the ActiveSync device class. For example:
Name
GUID
Type: ActiveSyncDeviceClassIdParameter
Required: False
Position: 1
Default value: None
-SortBy
DeviceModel
DeviceType
LastUpdateTime
Type: String
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-ActiveSyncDeviceStatistics
In ths Article
may be exclusive to one environment or the other. Use the Get-ActiveSyncDeviceStatistics cmdlet to retrieve the list
of mobile devices configured to synchronize with a specified user's mailbox and return a list of statistics about the
mobile devices. Note: In Exchange 2013 or later, use the Get-MobileDeviceStatistics cmdlet instead. If you have
scripts that use Get-ActiveSyncDeviceStatistics, update them to use Get-MobileDeviceStatistics. For information
Syntax
Get-ActiveSyncDeviceStatistics [-Identity] <ActiveSyncDeviceIdParameter>
[-GetMailboxLog]
[-NotificationEmailAddresses <MultiValuedProperty>]
[-ShowRecoveryPassword] [<CommonParameters>]
Get-ActiveSyncDeviceStatistics -Mailbox <MailboxIdParameter>

[-GetMailboxLog]
[-ShowRecoveryPassword] [<CommonParameters>]
Description
The Get-ActiveSyncDeviceStatistics cmdlet returns a list of statistics about each mobile device. Additionally, it
allows you to retrieve logs and send those logs to a recipient for troubleshooting purposes.
Examples
-------------------------- Example 1 --------------------------
Get-ActiveSyncDeviceStatistics -Mailbox TonySmith
This example retrieves the statistics for the mobile phone configured to synchronize with the mailbox that belongs
to the user Tony Smith.
-------------------------- Example 2 --------------------------
$UserList = Get-CASMailbox -Filter {HasActiveSyncDevicePartnership -eq $true -and -not DisplayName -like
"CAS_{*"}; Get-Mailbox $UserList | foreach {Get-ActiveSyncDeviceStatistics -Mailbox $_}
This example uses the Get-CASMailbox cmdlet to determine who in the organization has an Exchange ActiveSync
mobile device. For each mobile device, the Exchange ActiveSync device statistics are retrieved.
-------------------------- Example 3 --------------------------
Get-ActiveSyncDeviceStatistics -Mailbox TonySmith -GetMailboxLog $true -NotificationEmailAddresses

"admin@contoso.com"
to the user Tony Smith. It also outputs the Exchange ActiveSync log file and sends it to the System Administrator at
admin@contoso.com.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-GetMailboxLog
The GetMailboxLog parameter specifies whether to send the mailbox logs via email to the administrator running
the task. If the parameter is set to $true, the command sends the mailbox logs via email to the administrator
running the task. The default value of this parameter is $false.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the user's device ID. If the Mailbox parameter is specified, the Identity parameter is
disabled.
Required: True
Position: 1
Default value: None
-Mailbox
The Mailbox parameter specifies the user mailbox for which you want to retrieve the mobile phone statistics. You
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: Named
Default value: None
The NotificationEmailAddresses parameter specifies an optional list of comma-separated aliases or email
addresses where the mailbox logs are sent. If the GetMailboxLog parameter is set to $false, this parameter is
ignored.
Required: False
Position: Named
Default value: None
-ShowRecoveryPassword
The ShowRecoveryPassword parameter specifies whether to return the recovery password for the mobile phone as
one of the displayed statistics. If this parameter is set to $true, the command returns the recovery password for the
mobile phone as one of the displayed statistics.
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-ActiveSyncMailboxPolicy
In ths Article
may be exclusive to one environment or the other. Use the Get-ActiveSyncMailboxPolicy cmdlet to retrieve the
Mobile Device mailbox policy settings for a specific Mobile Device mailbox policy. Note: In Exchange 2013 or later,
use the Get-MobileDeviceMailboxPolicy cmdlet instead. If you have scripts that use Get-ActiveSyncMailboxPolicy,
update them to use Get-MobileDeviceMailboxPolicy. For information about the parameter sets in the Syntax
Syntax
Get-ActiveSyncMailboxPolicy [[-Identity] <MailboxPolicyIdParameter>]
Description
A Mobile Device mailbox policy is a group of settings that specifies how mobile devices enabled for Microsoft
Exchange ActiveSync connect to the computer running Exchange. Exchange supports multiple Mobile Device
mailbox policies. The Get-ActiveSyncMailboxPolicy cmdlet displays all the policy settings for the specified policy.
These settings include password settings, file access settings and attachment settings.
Examples
-------------------------- Example 1 --------------------------
Get-ActiveSyncMailboxPolicy -Identity "SalesPolicy"
This example returns the policy settings for the Mobile Device mailbox policy named SalesPolicy.
-------------------------- Example 2 --------------------------
Get-ActiveSyncMailboxPolicy -Identity "Default"
This example returns the policy settings for the Mobile Device mailbox policy named Default.
-------------------------- Example 3 --------------------------
Get-ActiveSyncMailboxPolicy -Identity "Management"

This example returns the policy settings for the Mobile Device mailbox policy named Management.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the policy name.
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
may be exclusive to one environment or the other. Use the Get-ActiveSyncOrganizationSettings cmdlet to view the
Microsoft Exchange ActiveSync settings for your organization. For information about the parameter sets in the
Syntax
Get-ActiveSyncOrganizationSettings [[-Identity] <ActiveSyncOrganizationSettingsIdParameter>]
Description
Examples
-------------------------- Example 1 --------------------------
This example retrieves the ActiveSync organization settings.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the ActiveSync organization settings object that you want to view. The default
name of this object is Mobile Mailbox Settings.
Type: ActiveSyncOrganizationSettingsIdParameter
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-DeviceConditionalAccessPolicy
In ths Article
This cmdlet is available only in the Office 365 Security & Compliance Center. For more information, see Office 365
Security & Compliance Center PowerShell (https://technet.microsoft.com/library/mt587091.aspx). Use the Get-
DeviceConditionalAccessPolicy cmdlet to view mobile device conditional access policies in the Security &
Compliance Center. For information about the parameter sets in the Syntax section below, see Exchange cmdlet
Syntax
Get-DeviceConditionalAccessPolicy [[-Identity] <PolicyIdParameter>] [<CommonParameters>]
Description
These are the cmdlets that are used for mobile device management in the Security & Compliance Center:
DeviceTenantPolicy and DeviceTenantRule cmdlets: A policy that defines whether to block or allow mobile
device access to Office 365 email by unsupported devices that use Exchange ActiveSync only. This setting
applies to all users in your organization. Both allow and block scenarios allow reporting for unsupported
devices, and you can specify exceptions to the policy based on security groups.
DeviceConditionalAccessPolicy and DeviceConditionalAccessRule cmdlets: Policies that control mobile device
access to Office 365 for supported devices. These policies are applied to security groups. Unsupported devices
are not allowed to enroll in mobile device management.
DeviceConfigurationPolicy and DeviceConfigurationRule cmdlets: Policies that control mobile device settings
for supported devices. These policies are applied to security groups.
Get-DevicePolicy: Returns all mobile device management policies regardless of type (DeviceTenantPolicy,
DeviceConditionalAccessPolicy or DeviceConfigurationPolicy).
You need to be assigned permissions in the Office 365 Security & Compliance Center before you can use this
cmdlet. For more information, see Permissions in Office 365 Security & Compliance Center
Examples
-------------------------- Example 1 --------------------------
Get-DeviceConditionalAccessPolicy | Format-Table Name,Enabled,Priority
This example shows summary information for all mobile device conditional access policies.
-------------------------- Example 2 --------------------------
Get-DeviceConditionalAccessPolicy -Identity "Human Resources"
This example shows details about the mobile device conditional access policy named Human Resources.
Parameters
-Identity
The Identity parameter specifies the mobile device conditional access policy that you want to view. You can use any
Name
GUID
Type: PolicyIdParameter
Required: False
Position: 1
Default value: None
Inputs
Outputs
Related Links
Online Version
Get-DeviceConditionalAccessRule
In ths Article
DeviceConditionalAccessRule cmdlet to view mobile device conditional access rules in the Security & Compliance
Center. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Get-DeviceConditionalAccessRule [[-Identity] <ComplianceRuleIdParameter>] [-CompareToWorkload]
Description
Examples
-------------------------- Example 1 --------------------------
Get-DeviceConditionalAccessRule | Format-List Name,Disabled,Priority
This example shows a summary list of all mobile device conditional access rules.
-------------------------- Example 2 --------------------------
Get-DeviceConditionalAccessRule -Identity "Secure Email{914f151c-394b-4da9-9422-f5a2f65dec30}"
This example shows details for the mobile device conditional access rule named Secure Email{914f151c-394b-
4da9-9422-f5a2f65dec30}.
Parameters
-CompareToWorkload
The CompareToWorkload switch specifies whether to compare the mobile device conditional access rule to Intune
rules. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mobile device conditional access rule that you want to view. The name of the
rule uses the syntax <Mobile device conditional access policy name>{<GUID value>}. For example, Secure
Email{914f151c-394b-4da9-9422-f5a2f65dec30}.
Type: ComplianceRuleIdParameter
Required: False
Position: 1
Default value: None
Inputs
Outputs
Related Links
Online Version
Get-DeviceConfigurationPolicy
In ths Article
DeviceConfigurationPolicy cmdlet to view mobile device configuration policies in the Security & Compliance
Syntax
Get-DeviceConfigurationPolicy [[-Identity] <PolicyIdParameter>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-DeviceConfigurationPolicy | Format-Table Name,Enabled,Priority
This example shows summary information for all mobile device configuration policies.
-------------------------- Example 2 --------------------------
Get-DeviceConfigurationPolicy -Identity "Engineering Group"
This example shows details about the mobile device configuration policy named Engineering Group.
Parameters
-Identity
The Identity parameter specifies the mobile device configuration policy that you want to view. You can use any
Name
GUID
Required: False
Position: 1
Default value: None
Inputs
Outputs
Related Links
Online Version
Get-DeviceConfigurationRule
In ths Article
DeviceConfigurationRule cmdlet to view mobile device configuration rules in the Security & Compliance Center.
Syntax
Get-DeviceConfigurationRule [[-Identity] <ComplianceRuleIdParameter>] [-CompareToWorkload]
Description
Examples
-------------------------- Example 1 --------------------------
Get-DeviceConfigurationRule | Format-List Name,Disabled,Priority
This example shows summary information for all mobile device configuration rules.
-------------------------- Example 2 --------------------------
Get-DeviceConfigurationRule -Identity "Legal Team{58b50d1c-2b18-461c-8893-3e20c648b136}"
This example shows details about the mobile device configuration rule named Legal Team{58b50d1c-2b18-461c-
8893-3e20c648b136}
Parameters
-CompareToWorkload
The CompareToWorkload switch specifies whether to compare the mobile device configuration rule to Intune rules.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mobile device configuration rule that you want to view. The name of the rule
uses the syntax <Mobile device configuration policy name>{<GUID value>}. For example, Legal Team{58b50d1c-
2b18-461c-8893-3e20c648b136}.
Required: False
Position: 1
Default value: None
Inputs
Outputs
Related Links
Online Version
Get-DevicePolicy
In ths Article
DevicePolicy cmdlet to view mobile device polices (regardless of type) in the Security & Compliance Center. For
Syntax
Get-DevicePolicy [[-Identity] <PolicyIdParameter>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-DevicePolicy | Format-Table Name,Type,Enabled,Priority
This example shows summary information for all mobile device policies.
-------------------------- Example 2 --------------------------
Get-DevicePolicy -Identity "Engineering Group"
This example shows details about the mobile device policy named Engineering Group.
Parameters
-Identity
The Identity parameter specifies the mobile device policy that you want to view. You can use any value that uniquely
Name
GUID
Required: False
Position: 1
Default value: None
Inputs
Outputs
Related Links
Online Version
In ths Article
DeviceTenantPolicy cmdlet to view your organization's mobile device tenant policy in the Security & Compliance
Syntax
Get-DeviceTenantPolicy [[-Identity] <PolicyIdParameter>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
This example shows information for your organization's mobile device tenant policy.
Parameters
-Identity
The Identity parameter specifies the name of the mobile device tenant policy that you want to view, but there's only
one in your organization. The name of the policy is a GUID value. For example, a6958701-c82c-4064-ac11-
64e40e7f4032.
Required: False
Position: 1
Default value: None
Inputs
Outputs
Related Links
Online Version
In ths Article
DeviceTenantRule cmdlet to view your organization's mobile device tenant rule in the Security & Compliance
Syntax
Get-DeviceTenantRule [[-Identity] <ComplianceRuleIdParameter>] [-DomainController <Fqdn>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
This example shows information for your organization's mobile device tenant rule.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name of the mobile device tenant rule that you want to view, but there's only
one in your organization. The name of the rule is a GUID value. For example, 7577c5f3-05a4-4f55-a0a3-
82aab5e98c84.
Required: False
Position: 1
Default value: None
Inputs
Outputs
Related Links
Online Version
Get-MobileDevice
In ths Article
may be exclusive to one environment or the other. Use the Get-MobileDevice cmdlet to get the list of devices in
your organization that have active Exchange ActiveSync partnerships. For information about the parameter sets in
Syntax
Get-MobileDevice -Mailbox <MailboxIdParameter>
[-ActiveSync]
[-Filter <String>]
[-Monitoring]
[-OWAforDevices]
[-SortBy <String>]
[-RestApi]
[-UniversalOutlook] [<CommonParameters>]
Get-MobileDevice [[-Identity] <MobileDeviceIdParameter>]

[-ActiveSync]
[-Filter <String>]
[-Monitoring]
[-OWAforDevices]
[-SortBy <String>]
[-RestApi]
Description
The Get-MobileDevice cmdlet returns identification, configuration, and status information for each mobile device.
Examples
-------------------------- Example 1 --------------------------
Get-MobileDevice -Identity "TonySmith"

his mailbox.
-------------------------- Example 2 --------------------------
Get-MobileDevice -ResultSize unlimited | Format-Table -Auto DeviceModel,Identity
This example returns a summary list of all mobile devices in the organization.
-------------------------- Example 3 --------------------------
Get-MobileDevice -Identity lila\ExchangeActiveSyncDevices\Android§android94732903 | Format-List
This example returns detailed information about the specified device on Lila's mailbox.
Parameters
-ActiveSync
The ActiveSync switch specifies whether to include mobile devices that synchronize with Exchange ActiveSync. You
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Filter
ClientType
DeviceAccessState
DeviceActiveSyncVersion
DeviceId
DeviceImei
DeviceModel
DeviceOS
DeviceOSLanguage
DeviceType
DeviceUserAgent
FirstSyncTime
FriendlyName
ProvisioningFlags
UserDisplayName
Type: String
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mobile device that you want to view. You can use any value that uniquely
identifies the mobile device. For example:
GUID
DeviceIdentity
Multi-TenantID
Required: False
Position: 1
Default value: None
-Mailbox
The Mailbox parameter filters the results by mailbox. You can use any value that uniquely identifies the mailbox. For
example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: Named
Default value: None
-Monitoring
with this switch.
Required: False
Position: Named
Default value: None
-OrganizationalUnit
Name
Canonical name
GUID
Required: False
Position: Named
Default value: None
-OWAforDevices
The OWAforDevices switch filters the results by whether Outlook on the web for devices is enabled for the device.
Required: False
Position: Named
Default value: None
-RestApi
The RestApi switch filters the results by REST API devices. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
-SortBy
DeviceAccessState
DeviceId
DeviceImei
DeviceModel
DeviceOS
DeviceOSLanguage
DeviceType
DeviceUserAgent
FirstSyncTime
FriendlyName
UserDisplayName
Type: String
Required: False
Position: Named
Default value: None
-UniversalOutlook
The UniversalOutlook switch filters the results by Mail and Calendar devices. You don't need to specify a value with
this switch.
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-MobileDeviceMailboxPolicy
In ths Article
may be exclusive to one environment or the other. Use the Get-MobileDeviceMailboxPolicy cmdlet to retrieve the
Mobile Device mailbox policy settings for a specific Mobile Device mailbox policy. For information about the
Syntax
Get-MobileDeviceMailboxPolicy [[-Identity] <MailboxPolicyIdParameter>] [-DomainController <Fqdn>]
Description
A Mobile Device mailbox policy is a group of settings that specifies how mobile devices enabled for Exchange
ActiveSync connect to the computer running Exchange. Exchange supports multiple Mobile Device mailbox
policies. The Get-MobileDeviceMailboxPolicy cmdlet displays all the policy settings for the specified policy. These
settings include password settings, file access settings and attachment settings.
Examples
-------------------------- Example 1 --------------------------
Get-MobileDeviceMailboxPolicy -Identity "SalesPolicy"
This example returns the policy settings for the Mobile Device mailbox policy SalesPolicy.
-------------------------- Example 2 --------------------------
Get-MobileDeviceMailboxPolicy -Identity "Default"
This example returns the policy settings for the Mobile Device mailbox policy Default.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the policy name.
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-MobileDeviceStatistics
In ths Article
may be exclusive to one environment or the other. Use the Get-MobileDeviceStatistics cmdlet to retrieve the list of
mobile devices configured to synchronize with a specified user's mailbox and return a list of statistics about the
mobile devices. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Get-MobileDeviceStatistics [-Identity] <MobileDeviceIdParameter>
[-ActiveSync]
[-GetMailboxLog]
[-OWAforDevices]
[-ShowRecoveryPassword]
[-RestApi]
Get-MobileDeviceStatistics -Mailbox <MailboxIdParameter>

[-ActiveSync]
[-GetMailboxLog]
[-OWAforDevices]
[-ShowRecoveryPassword]
[-RestApi]
Description
The Get-MobileDeviceStatistics cmdlet returns a list of statistics about each mobile device. Additionally, it allows
you to retrieve logs and send those logs to a recipient for troubleshooting purposes.
Examples
-------------------------- Example 1 --------------------------
Get-MobileDeviceStatistics -Identity TonySmith

to the user Tony Smith.
-------------------------- Example 2 --------------------------
$UserList = Get-CASMailbox -Filter {HasActiveSyncDevicePartnership -eq $true -and -not DisplayName -like
"CAS_{*"} | Get-Mailbox; $UserList | foreach {Get-MobileDeviceStatistics -Mailbox $_.Identity}
This example uses the Get-CASMailbox cmdlet to determine who in the organization has an Exchange ActiveSync
mobile device. For each mobile device, the Exchange ActiveSync device statistics are retrieved.
-------------------------- Example 3 --------------------------
Get-MobileDeviceStatistics -Mailbox TonySmith -GetMailboxLog $true -NotificationEmailAddresses

"admin@contoso.com"
to the user Tony Smith. It also outputs the Exchange ActiveSync log file and sends it to the System Administrator at
admin@contoso.com.
Parameters
-ActiveSync
The ActiveSync switch specifies whether to return statistics for Microsoft Exchange ActiveSync or other mobile
device synchronization.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-GetMailboxLog
The GetMailboxLog parameter specifies whether to send the mailbox logs via email to the administrator running
the task. If the parameter is set to $true, the command sends the mailbox logs via email to the administrator
running the task. The default value of this parameter is $false.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the user's device ID. If the Mailbox parameter is specified, the Identity parameter is
disabled.
Required: True
Position: 1
Default value: None
-Mailbox
The Mailbox parameter specifies the user mailbox for which you want to retrieve the mobile phone statistics. You
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: Named
Default value: None
The NotificationEmailAddresses parameter specifies an optional list of comma-separated aliases or email
addresses where the mailbox logs are sent. If the GetMailboxLog parameter is set to $false, this parameter is
ignored.
Required: False
Position: Named
Default value: None
-OWAforDevices
The OWAforDevices parameter specifies whether Outlook on the web for devices is enabled for the mobile device.
Required: False
Position: Named
Default value: None
-RestApi
The RestApi switch filters the results by REST API devices. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-ShowRecoveryPassword
The ShowRecoveryPassword parameter specifies whether to return the recovery password for the mobile phone as
one of the displayed statistics. If this parameter is set to $true, the command returns the recovery password for the
mobile phone as one of the displayed statistics.
Required: False
Position: Named
Default value: None
-UniversalOutlook
The UniversalOutlook switch filters the results by Mail and Calendar devices. You don't need to specify a value with
this switch.
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-ActiveSyncDeviceAccessRule
In ths Article
may be exclusive to one environment or the other. Use the New -ActiveSyncDeviceAccessRule cmdlet to define the
access levels for Exchange ActiveSync devices based on the identity of the device. For information about the
Syntax
New-ActiveSyncDeviceAccessRule -AccessLevel <Allow | Block | Quarantine>
-Characteristic <DeviceType | DeviceModel | DeviceOS | UserAgent> -QueryString <String> [-Confirm]
Description
You can create multiple rules that define groups of devices: Allowed devices, blocked devices and quarantined
devices.
Examples
-------------------------- Example 1 --------------------------
New-ActiveSyncDeviceAccessRule -Characteristic DeviceOS -QueryString "iOS 6.1 10B145" -AccessLevel Block
This example creates device access rules that blocks access for iPhones that are running iOS version 6.1.1.
-------------------------- Example 2 --------------------------
New-ActiveSyncDeviceAccessRule -Characteristic UserAgent -QueryString NokiaE521/2.00()MailforExchange -

AccessLevel Allow
This example creates a device access rule that uses the UserAgent characteristic to allow access for Nokia E52-1
phones.
Parameters
-AccessLevel
The AccessLevel parameter specifies the access level of devices that are defined by the rule. Valid values for this
parameter are Allow, Block and Quarantine.
Type: Allow | Block | Quarantine

Required: True
Position: Named
Default value: None
-Characteristic
The Characteristic parameter specifies the device characteristic or category that's used by the rule. Valid values for
this parameter are:
DeviceModel
DeviceType
DeviceOS
UserAgent
XMSWLHeader
Type: DeviceType | DeviceModel | DeviceOS | UserAgent

Required: True
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-QueryString
The QueryString parameter specifies the device identifier that's used by the rule. This parameter uses a text value
that's used with Characteristic parameter value to define the device. Wildcards or partial matches aren't allowed.
You can use the Get-MobileDevice cmdlet to find the text values that you can use with the QueryString parameter.
For example: Get-MobileDevice | Format-List DeviceOS,DeviceModel,DeviceType.
Type: String
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-ActiveSyncMailboxPolicy
In ths Article
may be exclusive to one environment or the other. Use the New -ActiveSyncMailboxPolicy cmdlet to create a
Microsoft Mobile Device mailbox policy object. Note: In Exchange 2013 or later, use the New -MobileMailboxPolicy
cmdlet instead. If you have scripts that use New -ActiveSyncMailboxPolicy, update them to use New -
MobileMailboxPolicy. For information about the parameter sets in the Syntax section below, see Exchange cmdlet
Syntax
New-ActiveSyncMailboxPolicy [-Name] <String>
[-AllowApplePushNotifications <$true | $false>]
[-AllowBluetooth <Disable | HandsfreeOnly | Allow>]
[-AllowBrowser <$true | $false>]
[-AllowCamera <$true | $false>]
[-AllowConsumerEmail <$true | $false>]
[-AllowDesktopSync <$true | $false>]
[-AllowExternalDeviceManagement <$true | $false>]
[-AllowHTMLEmail <$true | $false>]
[-AllowInternetSharing <$true | $false>]
[-AllowIrDA <$true | $false>]
[-AllowMobileOTAUpdate <$true | $false>]
[-AllowNonProvisionableDevices <$true | $false>]
[-AllowPOPIMAPEmail <$true | $false>]
[-AllowRemoteDesktop <$true | $false>]
[-AllowSMIMEEncryptionAlgorithmNegotiation <BlockNegotiation | OnlyStrongAlgorithmNegotiation |
AllowAnyAlgorithmNegotiation>]
[-AllowSMIMESoftCerts <$true | $false>]
[-AllowSimpleDevicePassword <$true | $false>]
[-AllowStorageCard <$true | $false>]
[-AllowTextMessaging <$true | $false>]
[-AllowUnsignedApplications <$true | $false>]
[-AllowUnsignedInstallationPackages <$true | $false>]
[-AllowWiFi <$true | $false>]
[-AlphanumericDevicePasswordRequired <$true | $false>]
[-ApprovedApplicationList <ApprovedApplicationCollection>]
[-AttachmentsEnabled <$true | $false>]
[-Confirm]
[-DeviceEncryptionEnabled <$true | $false>]
[-DevicePasswordEnabled <$true | $false>]
[-DevicePasswordExpiration <Unlimited>]
[-DevicePasswordHistory <Int32>]
[-DevicePolicyRefreshInterval <Unlimited>]
[-IrmEnabled <$true | $false>]
[-IsDefault <$true | $false>]
[-IsDefaultPolicy <$true | $false>]
[-MaxAttachmentSize <Unlimited>]
[-MaxCalendarAgeFilter <All | TwoWeeks | OneMonth | ThreeMonths | SixMonths>]
[-MaxDevicePasswordFailedAttempts <Unlimited>]
[-MaxEmailAgeFilter <All | OneDay | ThreeDays | OneWeek | TwoWeeks | OneMonth>]
[-MaxEmailBodyTruncationSize <Unlimited>]
[-MaxEmailHTMLBodyTruncationSize <Unlimited>]
[-MaxInactivityTimeDeviceLock <Unlimited>]
[-MinDevicePasswordComplexCharacters <Int32>]
[-MinDevicePasswordLength <Int32>]
[-MobileOTAUpdateMode <MajorVersionUpdates | MinorVersionUpdates | BetaVersionUpdates>]
[-PasswordRecoveryEnabled <$true | $false>]
[-RequireDeviceEncryption <$true | $false>]
[-RequireEncryptedSMIMEMessages <$true | $false>]
[-RequireEncryptionSMIMEAlgorithm <TripleDES | DES | RC2128bit | RC264bit | RC240bit>]
[-RequireManualSyncWhenRoaming <$true | $false>]
[-RequireSignedSMIMEAlgorithm <SHA1 | MD5>]
[-RequireSignedSMIMEMessages <$true | $false>]
[-RequireStorageCardEncryption <$true | $false>]
[-UNCAccessEnabled <$true | $false>]
[-UnapprovedInROMApplicationList <MultiValuedProperty>]
[-WSSAccessEnabled <$true | $false>]
Description
The New -ActiveSyncMailboxPolicy cmdlet creates a Mobile Device mailbox policy for mailboxes accessed by
mobile devices.
Some Mobile Device mailbox policy settings require the mobile device to have certain built-in features that enforce
these security and device management settings. If your organization allows all devices, you must set the
AllowNonProvisionableDevices parameter to $true. This allows devices that can't enforce all policy settings to
synchronize with your server.
Examples
-------------------------- Example 1 --------------------------
New-ActiveSyncMailboxPolicy -Name:"SalesPolicy" -DevicePasswordEnabled:$true -

AlphanumericDevicePasswordRequired:$true -PasswordRecoveryEnabled:$true -IsDefault:$false -
AttachmentsEnabled:$false -AllowStorageCard:$true
This example creates the Mobile Device mailbox policy SalesPolicy that has several preconfigured values.
-------------------------- Example 2 --------------------------
New-ActiveSyncMailboxPolicy -Name:"Management" -AllowBluetooth:Allow -AllowBrowser:$true -AllowCamera:$true -

AllowPOPIMAPEmail:$false -DevicePasswordEnabled:$true -AlphanumericDevicePasswordRequired:$true -
PasswordRecoveryEnabled:$true -MaxEmailAgeFilter:OneWeek -AllowWiFi:$true -AllowStorageCard:$true
This example creates the Mobile Device mailbox policy Management that has several preconfigured values. Users
assigned to this policy should have an Enterprise client access license (CAL ) to use many of these features.
-------------------------- Example 3 --------------------------
New-ActiveSyncMailboxPolicy -Name:"Contoso" -DevicePasswordEnabled:$true -

AlphanumericDevicePasswordRequired:$true -PasswordRecoveryEnabled:$true -MinDevicePasswordComplexCharacters:3 -
IsDefault:$true -DevicePasswordHistory:10
This example creates the Mobile Device mailbox policy Contoso that has several preconfigured values. This policy is
configured to be the default policy for the organization. The default policy will be assigned to all new users.
Parameters
-AllowApplePushNotifications
The AllowApplePushNotifications parameter specifies whether push notifications are allowed for Apple mobile
devices. The default value is $true.

Required: False
Position: Named
Default value: None
-AllowBluetooth
The AllowBluetooth parameter specifies whether the Bluetooth capabilities of the mobile phone are allowed. The
available options are Disable, HandsfreeOnly, and Allow. The default value is Allow.
Type: Disable | HandsfreeOnly | Allow

Required: False
Position: Named
Default value: None
-AllowBrowser
The AllowBrowser parameter specifies whether Microsoft Pocket Internet Explorer is allowed on the mobile phone.
The default value is $true. This parameter doesn't affect third-party browsers.

Required: False
Position: Named
Default value: None
-AllowCamera
The AllowCamera parameter specifies whether the mobile phone's camera is allowed. The default value is $true.

Required: False
Position: Named
Default value: None
-AllowConsumerEmail
The AllowConsumerEmail parameter specifies whether the mobile phone user can configure a personal email
account on the device. The default value is $true.

Required: False
Position: Named
Default value: None
-AllowDesktopSync
The AllowDesktopSync parameter specifies whether the mobile phone can synchronize with a desktop computer
through a cable. The default value is $true.

Required: False
Position: Named
Default value: None
-AllowExternalDeviceManagement
The AllowExternalDeviceManagement parameter specifies whether an external device management program is
allowed to manage the device.

Required: False
Position: Named
Default value: None
-AllowHTMLEmail
The AllowHTMLEmail parameter specifies whether HTML email is enabled on the device. The default value is
$true.

Required: False
Position: Named
Default value: None
-AllowInternetSharing
The AllowInternetSharing parameter specifies whether the mobile phone can be used as a modem to connect a
computer to the Internet. The default value is $true.

Required: False
Position: Named
Default value: None
-AllowIrDA
The AllowIrDA parameter specifies whether infrared connections are allowed to the mobile phone. The default
value is $true.

Required: False
Position: Named
Default value: None
-AllowMobileOTAUpdate
The AllowMobileOTAUpdate parameter specifies whether certain updates are seen by devices that implemented
support for this restricting functionality. Further control can be specified via the MobileOTAUpdateMode parameter.
Required: False
Position: Named
Default value: None
-AllowNonProvisionableDevices
When set to $true, the AllowNonProvisionableDevices parameter enables all devices to synchronize with the
computer running Exchange, regardless of whether the device can enforce all the specific settings established in the
Mobile Device mailbox policy. This also includes devices managed by a separate device management system. When
set to $false, this parameter blocks these devices that aren't provisioned from synchronizing with the server
running Exchange. The default value is $false.

Required: False
Position: Named
Default value: None
-AllowPOPIMAPEmail
The AllowPOPIMAPEmail parameter specifies whether the user can configure a POP3 or IMAP4 email account on
the device. The default value is $true.

Required: False
Position: Named
Default value: None
-AllowRemoteDesktop
The AllowRemoteDesktop parameter specifies whether the mobile phone can initiate a remote desktop connection.

Required: False
Position: Named
Default value: None
-AllowSimpleDevicePassword
The AllowSimpleDevicePassword parameter specifies whether a simple device password is allowed. A simple
device password is a password that has a specific pattern, such as 1111 or 1234. The default value is $true.
Required: False
Position: Named
Default value: None
-AllowSMIMEEncryptionAlgorithmNegotiation
The AllowSMIMEEncryptionAlgorithmNegotiation parameter specifies whether the messaging application on the
device can negotiate the encryption algorithm in case a recipient's certificate doesn't support the specified
encryption algorithm.
Type: BlockNegotiation | OnlyStrongAlgorithmNegotiation | AllowAnyAlgorithmNegotiation

Required: False
Position: Named
Default value: None
-AllowSMIMESoftCerts
The AllowSMIMESoftCerts parameter specifies whether S/MIME software certificates are allowed. The default
value is $true.

Required: False
Position: Named
Default value: None
-AllowStorageCard
The AllowStorageCard parameter specifies whether the device can access information stored on a storage card. The
default value is $true.

Required: False
Position: Named
Default value: None
-AllowTextMessaging
The AllowTextMessaging parameter specifies whether text messaging is allowed from the device. The default value
is $true.

Required: False
Position: Named
Default value: None
-AllowUnsignedApplications
The AllowUnsignedApplications parameter specifies whether unsigned applications can be installed on the device.

Required: False
Position: Named
Default value: None
-AllowUnsignedInstallationPackages
The AllowUnsignedInstallationPackages parameter specifies whether unsigned installation packages can be run on
the device. The default value is $true.

Required: False
Position: Named
Default value: None
-AllowWiFi
The AllowWiFi parameter specifies whether wireless Internet access is allowed on the device. The default value is
$true.

Required: False
Position: Named
Default value: None
-AlphanumericDevicePasswordRequired
The AlphanumericDevicePasswordRequired parameter specifies whether the device password must be
alphanumeric. The default value is $false.

Required: False
Position: Named
Default value: None
-ApprovedApplicationList
The ApprovedApplicationList parameter specifies a list of approved applications for the device.
Type: ApprovedApplicationCollection
Required: False
Position: Named
Default value: None
-AttachmentsEnabled
The AttachmentsEnabled parameter specifies whether the user can download attachments. When set to $false, the
user is blocked from downloading attachments. The default value is $true.

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DeviceEncryptionEnabled
The DeviceEncryptionEnabled parameter, when set to $true, enables device encryption on the mobile phone. The
default value is $false. Currently, only the storage card can be encrypted on devices running Windows Mobile 6.0
or later. We recommend that you don't use this setting and use the RequireStorageCardEncryption parameter
instead.

Required: False
Position: Named
Default value: None
-DevicePasswordEnabled
When set to $true, the DevicePasswordEnabled parameter specifies that the user set a password for the device. The

Required: False
Position: Named
Default value: None
-DevicePasswordExpiration
The DevicePasswordExpiration parameter specifies the length of time, in days, that a password can be used. After
this length of time, a new password must be created. The format of the parameter is dd.hh.mm:ss, for example,
24.00:00 = 24 hours.
Type: Unlimited
Required: False
Position: Named
Default value: None
-DevicePasswordHistory
The DevicePasswordHistory parameter specifies the number of previously used passwords to store. When a user
creates a password, the user can't reuse a stored password that was previously used.
Type: Int32
Required: False
Position: Named
Default value: None
-DevicePolicyRefreshInterval
The DevicePolicyRefreshInterval parameter specifies how often the policy is sent from the server to the mobile
phone
Type: Unlimited
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-IrmEnabled
The IrmEnabled parameter specifies whether Information Rights Management (IRM ) is enabled for the mailbox
policy.
Required: False
Position: Named
Default value: None
-IsDefault
The IsDefault parameter specifies whether this policy is the default Mobile Device mailbox policy. The default value
is $false. If another policy is currently set as the default, setting this parameter replaces the old default policy with
this policy.

Required: False
Position: Named
Default value: None
-IsDefaultPolicy
this policy.

Required: False
Position: Named
Default value: None
-MaxAttachmentSize
The MaxAttachmentSize parameter specifies the maximum size of attachments that can be downloaded to the
mobile phone. The default value is Unlimited.
Type: Unlimited
Required: False
Position: Named
Default value: None
-MaxCalendarAgeFilter
The MaxCalendarAgeFilter parameter specifies the maximum range of calendar days that can be synchronized to
the device. Possible values are:
All
TwoWeeks
OneMonth
ThreeMonths
SixMonths
Type: All | TwoWeeks | OneMonth | ThreeMonths | SixMonths

Required: False
Position: Named
Default value: None
-MaxDevicePasswordFailedAttempts
The MaxDevicePasswordFailedAttempts parameter specifies the number of attempts a user can make to enter the
correct password for the device. You can enter any number from 4 through 16. The default value is 8.
Type: Unlimited
Required: False
Position: Named
Default value: None
-MaxEmailAgeFilter
The MaxEmailAgeFilter parameter specifies the maximum number of days of email items to synchronize to the
device.
Possible values are:
All
OneDay
ThreeDays
OneWeek
TwoWeeks
OneMonth
ThreeMonths
SixMonths
Type: All | OneDay | ThreeDays | OneWeek | TwoWeeks | OneMonth

Required: False
Position: Named
Default value: None
-MaxEmailBodyTruncationSize
The MaxEmailBodyTruncationSize parameter specifies the maximum size at which email messages are truncated
when synchronized to the device. The value is specified in kilobytes (KB ).
Type: Unlimited
Required: False
Position: Named
Default value: None
-MaxEmailHTMLBodyTruncationSize
The MaxEmailHTMLBodyTruncationSize parameter specifies the maximum size at which HTML -formatted email
messages are synchronized to the device. The value is specified in KB.
Type: Unlimited
Required: False
Position: Named
Default value: None
-MaxInactivityTimeDeviceLock
The MaxInactivityTimeDeviceLock parameter specifies the length of time that the device can be inactive before the
password is required to reactivate the device. You can enter any interval between 30 seconds and 1 hour. The
default value is 15 minutes. The format of the parameter is hh.mm:ss, for example, 15:00 = 15 minutes.
Type: Unlimited
Required: False
Position: Named
Default value: None
-MinDevicePasswordComplexCharacters
The MinDevicePasswordComplexCharacters parameter specifies the minimum number of complex characters
required in a device password. A complex character isn't a letter.
Type: Int32
Required: False
Position: Named
Default value: None
-MinDevicePasswordLength
The MinDevicePasswordLength parameter specifies the minimum number of characters in the device password.
You can enter any number from 1 through 16. The maximum length a password can be is 16 characters. The default
value is 4.
Type: Int32
Required: False
Position: Named
Default value: None
-MobileOTAUpdateMode
The MobileOTAUpdateMode parameter specifies which updates can be seen by the devices that implemented
support for this restricting functionality. Valid values are:
MajorVersionUpdates
MinorVersionUpdates
BetaVersionUpdates
You need to use this parameter with the AllowMobileOTAUpdate parametery.
Type: MajorVersionUpdates | MinorVersionUpdates | BetaVersionUpdates

Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the name of the policy.
Type: String
Required: True
Position: 1
Default value: None
-PasswordRecoveryEnabled
The PasswordRecoveryEnabled parameter specifies whether you can store the recovery password for the device on
an Exchange server. When set to $true, you can store the recovery password for the device on an Exchange server.
The default value is $false. The recovery password can be viewed from either Outlook on the web or the Exchange
admin center.

Required: False
Position: Named
Default value: None
-RequireDeviceEncryption
The RequireDeviceEncryption parameter specifies whether encryption is required on the device. The default value
is $false.

Required: False
Position: Named
Default value: None
-RequireEncryptedSMIMEMessages
The RequireEncryptedSMIMEMessages parameter specifies whether you must encrypt S/MIME messages. The

Required: False
Position: Named
Default value: None
-RequireEncryptionSMIMEAlgorithm
The RequireEncryptionSMIMEAlgorithm parameter specifies what required algorithm must be used when
encrypting a message.
Type: TripleDES | DES | RC2128bit | RC264bit | RC240bit

Required: False
Position: Named
Default value: None
-RequireManualSyncWhenRoaming
The RequireManualSyncWhenRoaming parameter specifies whether the device must synchronize manually while
roaming. The default value is $false.

Required: False
Position: Named
Default value: None
-RequireSignedSMIMEAlgorithm
The RequireSignedSMIMEAlgorithm parameter specifies what required algorithm must be used when signing a
message.
Type: SHA1 | MD5

Required: False
Position: Named
Default value: None
-RequireSignedSMIMEMessages
The RequireSignedSMIMEMessages parameter specifies whether the device must send signed S/MIME messages.
Required: False
Position: Named
Default value: None
-RequireStorageCardEncryption
The RequireStorageCardEncryption parameter specifies whether encryption of a storage card is required. The

Required: False
Position: Named
Default value: None
-UnapprovedInROMApplicationList
The UnapprovedInROMApplicationList parameter specifies a list of applications that can't be run in ROM.
Required: False
Position: Named
Default value: None
-UNCAccessEnabled
The UNCAccessEnabled parameter specifies whether access to Microsoft Windows file shares is enabled. Access to
specific shares is configured on the Microsoft Exchange ActiveSync virtual directory.

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-WSSAccessEnabled
The WSSAccessEnabled parameter specifies whether access to Microsoft Windows SharePoint Services is enabled.
Access to specific shares is configured on the Exchange ActiveSync virtual directory.

Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-DeviceConditionalAccessPolicy
In ths Article
Security & Compliance Center PowerShell (https://technet.microsoft.com/library/mt587091.aspx). Use the New -
DeviceConditionalAccessPolicy cmdlet to create mobile device conditional access policies in the Security &
Syntax
New-DeviceConditionalAccessPolicy [-Name] <String> [-Comment <String>] [-Confirm] [-Enabled <$true | $false>]
Description
Examples
-------------------------- Example 1 --------------------------
New-DeviceConditionalAccessPolicy -Identity "Human Resources"
This example creates a new mobile device conditional access policy named Human Resources
Parameters
-Comment
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Enabled

Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies a unique name for the policy. If the value contains spaces, enclose the value in
double-quotation marks.
Type: String
Required: True
Position: 1
Default value: None
-WhatIf
The WhatIf switch doesn't work in the Office 365 Security & Compliance Center.
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
New-DeviceConditionalAccessRule
In ths Article
DeviceConditionalAccessRule cmdlet to create mobile device conditional access rules in the Security & Compliance
Syntax
New-DeviceConditionalAccessRule -Policy <PolicyIdParameter> -TargetGroups <MultiValuedProperty>
[-AccountName <String>] [-AccountUserName <String>] [-AllowAppStore <$true | $false>]
[-AllowAssistantWhileLocked <$true | $false>] [-AllowConvenienceLogon <$true | $false>]
[-AllowDiagnosticSubmission <$true | $false>] [-AllowiCloudBackup <$true | $false>]
[-AllowiCloudDocSync <$true | $false>] [-AllowiCloudPhotoSync <$true | $false>]
[-AllowJailbroken <$true | $false>] [-AllowPassbookWhileLocked <$true | $false>]
[-AllowScreenshot <$true | $false>] [-AllowSimplePassword <$true | $false>]
[-AllowVideoConferencing <$true | $false>] [-AllowVoiceAssistant <$true | $false>]
[-AllowVoiceDialing <$true | $false>] [-AntiVirusSignatureStatus <Int64>] [-AntiVirusStatus <Int64>]
[-AppsRating <DontAllow | Rating4plus | Rating9plus | Rating12plus | Rating17plus | AllowAll>]
[-AutoUpdateStatus <AutomaticUpdatesRequired | AutomaticCheckForUpdates | AutomaticDownloadUpdates |
NeverCheckUpdates | DeviceDefault>]
[-BluetoothEnabled <$true | $false>] [-CameraEnabled <$true | $false>] [-Confirm] [-DomainController <Fqdn>]
[-EmailAddress <String>] [-EnableRemovableStorage <$true | $false>] [-ExchangeActiveSyncHost <String>]
[-FirewallStatus <Required>] [-ForceAppStorePassword <$true | $false>]
[-ForceEncryptedBackup <$true | $false>] [-MaxPasswordAttemptsBeforeWipe <Int32>]
[-MaxPasswordGracePeriod <TimeSpan>]
[-MoviesRating <DontAllow | AllowAll | USRatingG | USRatingPG | USRatingPG13 | USRatingR | USRatingNC17 |
AURatingG | AURatingPG | AURatingM | AURatingMA15plus | AURatingR18plus | CARatingG | CARatingPG | CARating14A
| CARating18A | CARatingR | DERatingab0Jahren | DERatingab6Jahren | DERatingab12Jahren | DERatingab16Jahren |
DERatingab18Jahren | FRRating10minus | FRRating12minus | FRRating16minus | FRRating18minus | IERatingG |
IERatingPG | IERating12 | IERating15 | IERating16 | IERating18 | JPRatingG | JPRatingPG12 | JPRatingRdash15 |
JPRatingRdash18 | NZRatingG | NZRatingPG | NZRatingM | NZRatingR13 | NZRatingR15 | NZRatingR16 | NZRatingR18 |
NZRatingR | NZRatingRP16 | GBRatingU | GBRatingUc | GBRatingPG | GBRating12 | GBRating12A | GBRating15 |
GBRating18>]
[-PasswordComplexity <Int64>] [-PasswordExpirationDays <Int32>] [-PasswordHistoryCount <Int32>]
[-PasswordMinComplexChars <Int32>] [-PasswordMinimumLength <Int32>] [-PasswordQuality <Int32>]
[-PasswordRequired <$true | $false>] [-PasswordTimeout <TimeSpan>] [-PhoneMemoryEncrypted <$true | $false>]
[-RegionRatings <us | au | ca | de | fr | ie | jp | nz | gb>] [-RequireEmailProfile <$true | $false>]
[-SmartScreenEnabled <$true | $false>] [-SystemSecurityTLS <$true | $false>]
[-TVShowsRating <DontAllow | AllowAll | USRatingTVY | USRatingTVY7 | USRatingTVG | USRatingTVPG | USRatingTV14
| USRatingTVMA | AURatingP | AURatingC | AURatingG | AURatingPG | AURatingM | AURatingMA15plus |
AURatingAv15plus | CARatingC | CARatingC8 | CARatingG | CARatingPG | CARating14plus | CARating18plus |
DERatingab0Jahren | DERatingab6Jahren | DERatingab12Jahren | DERatingab16Jahren | DERatingab18Jahren |
FRRating10minus | FRRating12minus | FRRating16minus | FRRating18minus | IERatingGA | IERatingCh | IERatingYA |
IERatingPS | IERatingMA | JPRatingExplicitAllowed | NZRatingG | NZRatingPGR | NZRatingAO | GBRatingCaution>]
[-UserAccountControlStatus <AlwaysNotify | NotifyAppChanges | NotifyAppChangesDoNotDimdesktop | NeverNotify>]
[-WhatIf] [-WLANEnabled <$true | $false>] [-WorkFoldersSyncUrl <String>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
New-DeviceConditionalAccessRule -Policy "Secure Email" -TargetGroups 5bff73eb-0ba7-461b-b7c9-9b4c173cc266
This example creates a new mobile device conditional access rule with the following settings:
Policy: Secure Email
TargetGroups:5bff73eb-0ba7-461b-b7c9-9b4c173cc266
Parameters
-AccountName
The AccountName parameter specifies the account name. Valid values for this parameter are:
A text value.
$null (blank): The setting isn't configured. This is the default value.
Type: String
Required: False
Position: Named
Default value: None
-AccountUserName
The AccountUserName parameter specifies the account user name. Valid values for this parameter are:
A text value.
Type: String
Required: False
Position: Named
Default value: None
-AllowAppStore
The AllowAppStore parameter specifies whether to allow access to the app store on devices. Valid values for this
parameter are:
$true: Access to the app store is allowed.
$false: Access to the app store isn't allowed.
This setting is available on the following types of devices:
Windows Phone 8.1
Apple iOS 6+

Required: False
Position: Named
Default value: None
-AllowAssistantWhileLocked
The AllowAssistantWhileLocked parameter specifies whether to allow the use of the voice assistant while devices
are locked. Valid values for this parameter are:
$true: The voice assistant can be used while devices are locked.
$false: The voice assistant can't be used while devices are locked.
This setting is available only on Apple iOS 6+ devices.

Required: False
Position: Named
Default value: None
-AllowConvenienceLogon
The AllowConvenienceLogon parameter specifies whether to allow convenience logons on devices. Valid values for
this parameter are:
$true: Convenience logons are allowed.
$false: Convenience logons aren't allowed.
This setting is available only on Windows 8.1 RT devices.

Required: False
Position: Named
Default value: None
-AllowDiagnosticSubmission
The AllowDiagnosticSubmission parameter specifies whether to allow diagnostic submissions from devices. Valid
values for this parameter are:
$true: Diagnostic submissions are allowed.
$false: Diagnostic submissions aren't allowed.
Windows Phone 8.1
Windows 8.1 RT
Apple iOS 6+

Required: False
Position: Named
Default value: None
-AllowiCloudBackup
The AllowiCloudBackup parameter specifies whether to allow Apple iCloud Backup from devices. Valid values for
this parameter are:
$true: iCloud Backup is allowed.
$false: iCloud Backup isn't allowed.
Apple iOS 6+
Android 4+
Required: False
Position: Named
Default value: None
-AllowiCloudDocSync
The AllowiCloudDocSync parameter specifies whether to allow Apple iCloud Documents & Data sync on devices.
$true: iCloud Documents & Data sync is allowed.
$false: iCloud Documents & Data sync isn't allowed.
Apple iOS 6+
Android 4+

Required: False
Position: Named
Default value: None
-AllowiCloudPhotoSync
The AllowiCloudPhotoSync parameter specifies whether to allow Apple iCloud Photos sync on devices. Valid values
for this parameter are:
$true: iCloud Photos sync is allowed.
$false: iCloud Photo sync isn't allowed.
Apple iOS 6+
Android 4+

Required: False
Position: Named
Default value: None
-AllowJailbroken
The AllowJailbroken parameter specifies whether to allow access to your organization by jailbroken or rooted
devices.
$true: Jailbroken devices are allowed.
$false: Jailbroken devices aren't allowed.
Apple iOS 6+
Android 4+

Required: False
Position: Named
Default value: None
-AllowPassbookWhileLocked
The AllowPassbookWhileLocked parameter specifies whether to allow the use of Apple Passbook while devices are
locked. Valid values for this parameter are:
$true: Passbook is available while devices are locked.
$false: Passbook isn't available while devices are locked.

Required: False
Position: Named
Default value: None
-AllowScreenshot
The AllowScreenshot parameter specifies whether to allow screenshots on devices. Valid values for this parameter
are:
$true: Screenshots are allowed.
$false: Screenshots aren't allowed.
Windows Phone 8.1
Apple iOS 6+
Required: False
Position: Named
Default value: None
-AllowSimplePassword
The AllowSimplePassword parameter specifies whether to allow simple or non-complex passwords on devices.
$true: Simple passwords are allowed.
$false: Simple passwords aren't allowed.
Windows Phone 8.1
Windows 8.1 RT
Apple iOS 6+

Required: False
Position: Named
Default value: None
-AllowVideoConferencing
The AllowVideoConferencing parameter specifies whether to allow video conferencing on devices. Valid values for
this parameter are:
$true: Video conferencing is allowed.
$false: Video conferencing isn't allowed.

Required: False
Position: Named
Default value: None
-AllowVoiceAssistant
The AllowVoiceAssistant parameter specifies whether to allow using the voice assistant on devices. Valid values for
this parameter are:
$true: The voice assistant is allowed.
$false: The voice assistant isn't allowed.

Required: False
Position: Named
Default value: None
-AllowVoiceDialing
The AllowVoiceDialing parameter specifies whether to allow voice-activated telephone dialing. Valid values for this
parameter are:
$true: Voice dialing is allowed.
$false: Voice dialing isn't allowed.

Required: False
Position: Named
Default value: None
-AntiVirusSignatureStatus
The AntiVirusSignatureStatus parameter specifies the antivirus signature status. Valid values for this parameter are:
An integer.
Type: Int64
Required: False
Position: Named
Default value: None
-AntiVirusStatus
The AntiVirusStatus parameter specifies the antivirus status. Valid values for this parameter are:
An integer.
Type: Int64
Required: False
Position: Named
Default value: None
-AppsRating
The AppsRating parameter species the maximum or most restrictive rating of apps that are allowed on devices.
AllowAll
DontAllow
Rating9plus
Rating12plus
Rating17plus
Type: DontAllow | Rating4plus | Rating9plus | Rating12plus | Rating17plus | AllowAll

Required: False
Position: Named
Default value: None
-AutoUpdateStatus
The AutoUpdateStatus parameter specifies the update settings for devices. Valid values for this parameter are:
AutomaticCheckForUpdates
AutomaticDownloadUpdates
AutomaticUpdatesRequired
DeviceDefault
NeverCheckUpdates
Type: AutomaticUpdatesRequired | AutomaticCheckForUpdates | AutomaticDownloadUpdates | NeverCheckUpdates |

DeviceDefault
Required: False
Position: Named
Default value: None
-BluetoothEnabled
The BluetoothEnabled parameter specifies whether to enable or disable Bluetooth on devices. Valid values for this
parameter are:
$true: Bluetooth is enabled.
$false: Bluetooth is disabled.
This setting is available only on Windows Phone 8.1 devices.

Required: False
Position: Named
Default value: None
-CameraEnabled
The CameraEnabled parameter specifies whether to enable or disable cameras on devices. Valid values for this
parameter are:
$true: Cameras are enabled.
$false: Cameras are disabled.
Windows Phone 8.1
Apple iOS 6+
Android 4+

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-EmailAddress
The EmailAddress parameter specifies the email address. Valid values are:
An email address: For example, julia@contoso.com.
Type: String
Required: False
Position: Named
Default value: None
-EnableRemovableStorage
The EnableRemovableStorage parameter specifies whether removable storage can be used by devices. Valid values
$true: Removable storage can be used.
$false: Removable storage can't be used.

Required: False
Position: Named
Default value: None
-ExchangeActiveSyncHost
The ExchangeActiveSyncHost parameter specifies the Exchange ActiveSync host. Valid values for this parameter
are:
A text value.
Type: String
Required: False
Position: Named
Default value: None
-FirewallStatus
The FirewallStatus parameter specifies the acceptable firewall status values on devices. Valid values for this
parameter are:
Required
Type: Required
Required: False
Position: Named
Default value: None
-ForceAppStorePassword
The ForceAppStorePassword parameter specifies whether to require a password to use the app store on devices.
$true: App store passwords are required.
$false: App store passwords aren't required.
$null (blank): The feature isn't allowed or blocked by the rule. This is the default value.

Required: False
Position: Named
Default value: None
-ForceEncryptedBackup
The ForceEncryptedBackup parameter specifies whether to force encrypted backups for devices. Valid values for
this parameter are:
$true: Encrypted backups are required.
$false: Encrypted backups aren't required.
Apple iOS 6+
Android 4+

Required: False
Position: Named
Default value: None
-MaxPasswordAttemptsBeforeWipe
The MaxPasswordAttemptsBeforeWipe parameter specifies the number of incorrect password attempts that cause
devices to be automatically wiped. Valid values for this parameter are:
An integer.
Windows Phone 8.1
Windows 8.1 RT
Apple iOS 6+
Android 4+
Type: Int32
Required: False
Position: Named
Default value: None
-MaxPasswordGracePeriod
The MaxPasswordGracePeriod parameter specifies the length of time users are allowed to reset expired passwords
on devices.
seconds.
Type: TimeSpan
Required: False
Position: Named
Default value: None
-MoviesRating
The MoviesRating parameter species the maximum or most restrictive rating of movies that are allowed on devices.
You specify the country rating system to use with the RegionRatings parameter.
Valid values for the MoviesRating parameter are:
AllowAll: All movies are allowed, regardless of their rating.
DontAllow: No movies are allowed, regardless of their rating.
Australia
AURatingG
AURatingPG
AURatingM
AURatingMA15plus
AURatingR18plus
Canada
CARatingG
CARatingPG
CARating14A
CARating18A
CARatingR
Germany
DERatingab0Jahren
DERatingab6Jahren
DERatingab12Jahren
DERatingab16Jahren
DERatingab18Jahren
France
FRRating10minus
FRRating12minus
FRRating16minus
FRRating18minus
United Kingdom
GBRatingU
GBRatingUc
GBRatingPG
GBRating12
GBRating12A
GBRating15
GBRating18
Ireland
IERatingG
IERatingPG
IERating12
IERating15
IERating16
IERating18
Japan
JPRatingG
JPRatingPG12
JPRatingRdash15
JPRatingRdash18
New Zealand
NZRatingG
NZRatingPG
NZRatingM
NZRatingR13
NZRatingR15
NZRatingR16
NZRatingR18
NZRatingR
United States
USRatingG
USRatingPG
USRatingPG13
USRatingR
USRatingNC17
Type: DontAllow | AllowAll | USRatingG | USRatingPG | USRatingPG13 | USRatingR | USRatingNC17 | AURatingG |
AURatingPG | AURatingM | AURatingMA15plus | AURatingR18plus | CARatingG | CARatingPG | CARating14A |
CARating18A | CARatingR | DERatingab0Jahren | DERatingab6Jahren | DERatingab12Jahren | DERatingab16Jahren |
GBRating18
Required: False
Position: Named
Default value: None
-PasswordComplexity
The PasswordComplexity parameter specifies the password complexity. Valid values for this parameter are:
An integer.
Type: Int64
Required: False
Position: Named
Default value: None
-PasswordExpirationDays
The PasswordExpirationDays parameter specifies the number of days that the same password can be used on
devices before users are required to change their passwords . Valid values for this parameter are:
An integer.
Windows Phone 8.1
Windows 8.1 RT
Apple iOS 6+
Android 4+
Type: Int32
Required: False
Position: Named
Default value: None
-PasswordHistoryCount
The PasswordHistoryCount parameter specifies the minimum number of unique new passwords that are required
on devices before an old password can be reused. Valid values for this parameter are:
An integer.
Windows Phone 8.1
Windows 8.1 RT
Apple iOS 6+
Android 4+
Type: Int32
Required: False
Position: Named
Default value: None
-PasswordMinComplexChars
The PasswordMinComplexChars parameter specifies the minimum number of complex characters that are required
for device passwords. A complex character isn't a letter. Valid values for this parameter are:
An integer.
Type: Int32
Required: False
Position: Named
Default value: None
-PasswordMinimumLength
The PasswordMinimumLength parameter specifies the minimum number of characters that are required for device
passwords. Valid values for this parameter are:
An integer.
Windows Phone 8.1
Windows 8.1 RT
Apple iOS 6+
Android 4+
Type: Int32
Required: False
Position: Named
Default value: None
-PasswordQuality
The PasswordQuality parameter specifies the minimum password quality rating that's required for device
passwords. Password quality is a numeric scale that indicates the security and complexity of the password. A higher
quality value indicates a more secure password.
An integer.
This setting is available only on Android 4+ devices.
Type: Int32
Required: False
Position: Named
Default value: None
-PasswordRequired
The PasswordRequired parameter specifies whether a password is required to access devices. Valid values for this
parameter are:
$true: Device passwords are required.
$false: Device passwords aren't required.
Windows Phone 8.1
Apple iOS 6+
Android 4+

Required: False
Position: Named
Default value: None
-PasswordTimeout
The PasswordTimeout parameter specifies the length of time that devices can be inactive before a password is
required to reactivate them.
Windows Phone 8.1
Windows 8.1 RT
Apple iOS 6+
Android 4+
seconds.
Type: TimeSpan
Required: False
Position: Named
Default value: None
-PhoneMemoryEncrypted
The PhoneMemoryEncrypted parameter specifies whether to encrypt the memory on devices. Valid values for this
parameter are:
$true: Memory is encrypted.
$false: Memory isn't encrypted.
Windows Phone 8.1 (already encrypted and can't be unencrypted)
Android 4+

Required: False
Position: Named
Default value: None
-Policy
The Policy parameter specifies the mobile device conditional access policy that this rule is associated with. You can
use any value that uniquely identifies the policy. For example:
Name
GUID
Required: True
Position: Named
Default value: None
-RegionRatings
The RegionRatings parameter specifies the rating system (country) to use for movie and television ratings with the
MoviesRating and TVShowsRating parameters.
Valid values for the RegionRating parameter are:
au: Australia
ca: Canada
de: Germany
fr: France
gb: United Kingdom
ie: Ireland
jp: Japan
nz: New Zealand
us: United States
Type: us | au | ca | de | fr | ie | jp | nz | gb
Required: False
Position: Named
Default value: None
-RequireEmailProfile
The RequireEmailProfile parameter specifies whether an email profile is required on devices. Valid values for this
parameter are:
$true: An email profile is required. This value is required for selective wipe on iOS devices.
$false: An email profile isn't required.
Required: False
Position: Named
Default value: None
-SmartScreenEnabled
The SmartScreenEnabled parameter specifies whether to requireWindows SmartScreen on devices. Valid values
$true: SmartScreen is enabled.
$false: SmartScreen is disabled.

Required: False
Position: Named
Default value: None
-SystemSecurityTLS
The SystemSecurityTLS parameter specifies whether TLS encryption is used on devices. Valid values for this
parameter are:
$true: TLS encryption is used.
$false: TLS encryption isn't used.

Required: False
Position: Named
Default value: None
-TargetGroups
The TargetGroups parameter specifies the security groups that this rule applies to. This parameter uses the GUID
value of the group. To find this GUID value, run the command Get-Group | Format-Table Name,GUID.
You can specify multiple groups separated by commas.
Required: True
Position: Named
Default value: None
-TVShowsRating
The TVShowsRating parameter species the maximum or most restrictive rating of television shows that are allowed
on devices. You specify the country rating system to use with the RegionRatings parameter.
Valid values for the TVShowsRating parameter are:
AllowAll: All television shows are allowed, regardless of their rating.
DontAllow: No televisions shows are allowed, regardless of their rating.
Australia
AURatingP
AURatingC
AURatingG
AURatingPG
AURatingM
AURatingMA15plus
AURatingAv15plus
Canada
CARatingC
CARatingC8
CARatingG
CARatingPG
CARating14plus
CARating18plus
Germany
DERatingab0Jahren
DERatingab6Jahren
DERatingab12Jahren
DERatingab16Jahren
DERatingab18Jahren
France
FRRating10minus
FRRating12minus
FRRating16minus
FRRating18minus
United Kingdom
GBRatingCaution
Ireland
IERatingGA
IERatingCh
IERatingYA
IERatingPS
IERatingMA
Japan
JPRatingExplicitAllowed
New Zealand
NZRatingG
NZRatingPGR
NZRatingAO
United States
USRatingTVY
USRatingTVY7
USRatingTVG
USRatingTVPG
USRatingTV14
USRatingTVMA
Type: DontAllow | AllowAll | USRatingTVY | USRatingTVY7 | USRatingTVG | USRatingTVPG | USRatingTV14 |
USRatingTVMA | AURatingP | AURatingC | AURatingG | AURatingPG | AURatingM | AURatingMA15plus | AURatingAv15plus
| CARatingC | CARatingC8 | CARatingG | CARatingPG | CARating14plus | CARating18plus | DERatingab0Jahren |
DERatingab6Jahren | DERatingab12Jahren | DERatingab16Jahren | DERatingab18Jahren | FRRating10minus |
FRRating12minus | FRRating16minus | FRRating18minus | IERatingGA | IERatingCh | IERatingYA | IERatingPS |
IERatingMA | JPRatingExplicitAllowed | NZRatingG | NZRatingPGR | NZRatingAO | GBRatingCaution
Required: False
Position: Named
Default value: None
-UserAccountControlStatus
The UserAccountControlStatus parameter specifies how User Account Control messages are presented on devices.
AlwaysNotify
NeverNotify
NotifyAppChanges
NotifyAppChangesDoNotDimdesktop
Type: AlwaysNotify | NotifyAppChanges | NotifyAppChangesDoNotDimdesktop | NeverNotify

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-WLANEnabled
The WLANEnabled parameter specifies whether Wi-Fi is enabled devices. Valid values for this parameter are:
$true: Wi-Fi is enabled.
$false: Wi-Fi is disabled.
This setting is available only on Microsoft Windows Phone 8.1 devices.
Required: False
Position: Named
Default value: None
-WorkFoldersSyncUrl
The WorkFoldersSyncUrl parameter specifies the URL that's used to synchronize company data on devices.
Valid input for this parameter a URL. For example, https://workfolders.contoso.com.
Type: String
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
New-DeviceConfigurationPolicy
In ths Article
DeviceConfigurationPolicy cmdlet to create mobile device configuration policies in the Security & Compliance
Syntax
New-DeviceConfigurationPolicy [-Name] <String> [-Comment <String>] [-Confirm] [-Enabled <$true | $false>]
Description
Examples
-------------------------- Example 1 --------------------------
New-DeviceConfigurationPolicy -Name "Engineering Group"
This example creates a new mobile device configuration policy named Engineering Group.
Parameters
-Comment
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Enabled

Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies a unique name for the policy. If the value contains spaces, enclose the value in
double-quotation marks.
Type: String
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
New-DeviceConfigurationRule
In ths Article
DeviceConfigurationRule cmdlet to create mobile device configuration rules in the Security & Compliance Center.
Syntax
New-DeviceConfigurationRule -Policy <PolicyIdParameter> -TargetGroups <MultiValuedProperty>
[-AllowPassbookWhileLocked <$true | $false>] [-AllowScreenshot <$true | $false>]
[-AllowSimplePassword <$true | $false>] [-AllowVideoConferencing <$true | $false>]
[-AllowVoiceAssistant <$true | $false>] [-AllowVoiceDialing <$true | $false>]
[-AntiVirusSignatureStatus <Int64>] [-AntiVirusStatus <Int64>]
GBRating18>]
Description
Examples
-------------------------- Example 1 --------------------------
New-DeviceConfigurationRule -Policy "Engineering Group" -TargetGroups 5bff73eb-0ba7-461b-b7c9-9b4c173cc266
This example creates a new mobile device configuration rule with the following settings:
Policy: Engineering Group
TargetGroups:5bff73eb-0ba7-461b-b7c9-9b4c173cc266
Parameters
-AccountName
A text value.
Type: String
Required: False
Position: Named
Default value: None
-AccountUserName
A text value.
Type: String
Required: False
Position: Named
Default value: None
-AllowAppStore
parameter are:
Windows Phone 8.1
Apple iOS 6+

Required: False
Position: Named
Default value: None

Required: False
Position: Named
Default value: None
this parameter are:

Required: False
Position: Named
Default value: None
Windows Phone 8.1
Windows 8.1 RT
Apple iOS 6+

Required: False
Position: Named
Default value: None
-AllowiCloudBackup
this parameter are:
Apple iOS 6+
Android 4+
Required: False
Position: Named
Default value: None
-AllowiCloudDocSync
Apple iOS 6+
Android 4+

Required: False
Position: Named
Default value: None
Apple iOS 6+
Android 4+

Required: False
Position: Named
Default value: None

Required: False
Position: Named
Default value: None
-AllowScreenshot
are:
Windows Phone 8.1
Apple iOS 6+

Required: False
Position: Named
Default value: None
Windows Phone 8.1
Windows 8.1 RT
Apple iOS 6+
Required: False
Position: Named
Default value: None
this parameter are:

Required: False
Position: Named
Default value: None
this parameter are:

Required: False
Position: Named
Default value: None
-AllowVoiceDialing
parameter are:
Required: False
Position: Named
Default value: None
An integer.
Type: Int64
Required: False
Position: Named
Default value: None
-AntiVirusStatus
An integer.
Type: Int64
Required: False
Position: Named
Default value: None
-AppsRating
AllowAll
DontAllow
Rating9plus
Rating12plus
Rating17plus
Required: False
Position: Named
Default value: None
-AutoUpdateStatus
DeviceDefault
NeverCheckUpdates

DeviceDefault
Required: False
Position: Named
Default value: None
-BluetoothEnabled
parameter are:

Required: False
Position: Named
Default value: None
-CameraEnabled
parameter are:
Windows Phone 8.1
Apple iOS 6+
Android 4+

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-EmailAddress
Type: String
Required: False
Position: Named
Default value: None

Required: False
Position: Named
Default value: None
are:
A text value.
Type: String
Required: False
Position: Named
Default value: None
-FirewallStatus
parameter are:
Required
Type: Required
Required: False
Position: Named
Default value: None

Required: False
Position: Named
Default value: None
this parameter are:
Apple iOS 6+
Android 4+

Required: False
Position: Named
Default value: None
An integer.
Windows Phone 8.1
Windows 8.1 RT
Apple iOS 6+
Android 4+
Type: Int32
Required: False
Position: Named
Default value: None
on devices.
seconds.
Type: TimeSpan
Required: False
Position: Named
Default value: None
-MoviesRating
Australia
AURatingG
AURatingPG
AURatingM
AURatingMA15plus
AURatingR18plus
Canada
CARatingG
CARatingPG
CARating14A
CARating18A
CARatingR
Germany
DERatingab0Jahren
DERatingab6Jahren
DERatingab12Jahren
DERatingab16Jahren
DERatingab18Jahren
France
FRRating10minus
FRRating12minus
FRRating16minus
FRRating18minus
United Kingdom
GBRatingU
GBRatingUc
GBRatingPG
GBRating12
GBRating12A
GBRating15
GBRating18
Ireland
IERatingG
IERatingPG
IERating12
IERating15
IERating16
IERating18
Japan
JPRatingG
JPRatingPG12
JPRatingRdash15
JPRatingRdash18
New Zealand
NZRatingG
NZRatingPG
NZRatingM
NZRatingR13
NZRatingR15
NZRatingR16
NZRatingR18
NZRatingR
United States
USRatingG
USRatingPG
USRatingPG13
USRatingR
USRatingNC17

GBRating18
Required: False
Position: Named
Default value: None
-PasswordComplexity
An integer.
Type: Int64
Required: False
Position: Named
Default value: None
An integer.
Windows Phone 8.1
Windows 8.1 RT
Apple iOS 6+
Android 4+
Type: Int32
Required: False
Position: Named
Default value: None
An integer.
Windows Phone 8.1
Windows 8.1 RT
Apple iOS 6+
Android 4+
Type: Int32
Required: False
Position: Named
Default value: None
An integer.
Type: Int32
Required: False
Position: Named
Default value: None
An integer.
Windows Phone 8.1
Windows 8.1 RT
Apple iOS 6+
Android 4+
Type: Int32
Required: False
Position: Named
Default value: None
-PasswordQuality
An integer.
Type: Int32
Required: False
Position: Named
Default value: None
-PasswordRequired
parameter are:
Windows Phone 8.1
Apple iOS 6+
Android 4+

Required: False
Position: Named
Default value: None
-PasswordTimeout
Windows Phone 8.1
Windows 8.1 RT
Apple iOS 6+
Android 4+
seconds.
Type: TimeSpan
Required: False
Position: Named
Default value: None
parameter are:
Android 4+

Required: False
Position: Named
Default value: None
-Policy
The Policy parameter specifies the mobile device configuration policy that this rule is associated with. You can use
any value that uniquely identifies the policy. For example:
Name
GUID
Required: True
Position: Named
Default value: None
-RegionRatings
au: Australia
ca: Canada
de: Germany
fr: France
gb: United Kingdom
ie: Ireland
jp: Japan
nz: New Zealand
us: United States
Required: False
Position: Named
Default value: None
parameter are:

Required: False
Position: Named
Default value: None
-SmartScreenEnabled

Required: False
Position: Named
Default value: None
-SystemSecurityTLS
parameter are:

Required: False
Position: Named
Default value: None
-TargetGroups
Required: True
Position: Named
Default value: None
-TVShowsRating
Australia
AURatingP
AURatingC
AURatingG
AURatingPG
AURatingM
AURatingMA15plus
AURatingAv15plus
Canada
CARatingC
CARatingC8
CARatingG
CARatingPG
CARating14plus
CARating18plus
Germany
DERatingab0Jahren
DERatingab6Jahren
DERatingab12Jahren
DERatingab16Jahren
DERatingab18Jahren
France
FRRating10minus
FRRating12minus
FRRating16minus
FRRating18minus
United Kingdom
GBRatingCaution
Ireland
IERatingGA
IERatingCh
IERatingYA
IERatingPS
IERatingMA
Japan
New Zealand
NZRatingG
NZRatingPGR
NZRatingAO
United States
USRatingTVY
USRatingTVY7
USRatingTVG
USRatingTVPG
USRatingTV14
USRatingTVMA

Required: False
Position: Named
Default value: None
AlwaysNotify
NeverNotify
NotifyAppChanges

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-WLANEnabled

Required: False
Position: Named
Default value: None
-WorkFoldersSyncUrl
Type: String
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
In ths Article
DeviceTenantPolicy cmdlet to create your organization's mobile device tenant policy in the Security & Compliance
Syntax
New-DeviceTenantPolicy [-Comment <String>] [-Confirm] [-Enabled <$true | $false>] [-Force] [-WhatIf]
Description
Examples
-------------------------- Example 1 --------------------------
This example creates your organization's mobile device tenant policy. You can have only one mobile device tenant
policy in your organization.
Parameters
-Comment
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Enabled

Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
New-DeviceTenantRule
In ths Article
DeviceTenantRule cmdlet to create your organization's mobile device tenant rule in the Security & Compliance
Syntax
New-DeviceTenantRule [-ApplyPolicyTo <None | ExchangeOnline | SharepointOnline | ExchangeAndSharepoint>]
[-BlockUnsupportedDevices <$true | $false>] [-Confirm] [-DomainController <Fqdn>]
[-ExclusionList <MultiValuedProperty>] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
New-DeviceTenantRule -ExclusionList "e10214c1-49b6-47d2-b5e6-466e918648b1","6e3931bd-a716-4bb9-9a2f-

093aa2c967b4"
This example creates a new mobile device tenant rule with GUIDs of the security groups named Engineering and
Research and Development on the exclusion list. Members of these groups are allowed access even if they use non-
compliant devices
You can have only one mobile device tenant rule in your organization.
Parameters
-ApplyPolicyTo
The ApplyPolicyTo parameter specifies where to apply the policy in your organization. Valid values for this
parameter are:
ExchangeOnline
SharePointOnline
ExchangeAndSharePoint
Type: None | ExchangeOnline | SharepointOnline | ExchangeAndSharepoint

Required: False
Position: Named
Default value: None
-BlockUnsupportedDevices
The BlockUnsupportedDevices parameter specifies whether to block access to your organization by unsupported
devices. Valid values for this parameter are:
$true: Unsupported devices are blocked.
$false: Unsupported devices are allowed.

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-ExclusionList
The ExclusionList parameter specifies the security groups to exclude from this policy. Members of the specified
security groups who have non-compliant devices are not affected by block access actions.
This parameter uses the GUID value of the group. To find this GUID value, run the command Get-Group | Format-
Table Name,GUID.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
New-MobileDeviceMailboxPolicy
In ths Article
may be exclusive to one environment or the other. Use the New -MobileDeviceMailboxPolicy cmdlet to create
mobile device mailbox policies. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
New-MobileDeviceMailboxPolicy [-Name] <String> [-AllowApplePushNotifications <$true | $false>]
[-AllowBluetooth <Disable | HandsfreeOnly | Allow>] [-AllowBrowser <$true | $false>]
[-AllowCamera <$true | $false>] [-AllowConsumerEmail <$true | $false>] [-AllowDesktopSync <$true | $false>]
[-AllowExternalDeviceManagement <$true | $false>] [-AllowGooglePushNotifications <$true | $false>]
[-AllowHTMLEmail <$true | $false>] [-AllowInternetSharing <$true | $false>] [-AllowIrDA <$true | $false>]
[-AllowMicrosoftPushNotifications <$true | $false>] [-AllowMobileOTAUpdate <$true | $false>]
[-AllowNonProvisionableDevices <$true | $false>] [-AllowPOPIMAPEmail <$true | $false>]
[-AllowRemoteDesktop <$true | $false>] [-AllowSimplePassword <$true | $false>]
[-AllowSMIMESoftCerts <$true | $false>] [-AllowStorageCard <$true | $false>]
[-AllowTextMessaging <$true | $false>] [-AllowUnsignedApplications <$true | $false>]
[-AllowUnsignedInstallationPackages <$true | $false>] [-AllowWiFi <$true | $false>]
[-AlphanumericPasswordRequired <$true | $false>] [-ApprovedApplicationList <ApprovedApplicationCollection>]
[-AttachmentsEnabled <$true | $false>] [-Confirm] [-DeviceEncryptionEnabled <$true | $false>]
[-DevicePolicyRefreshInterval <Unlimited>] [-DomainController <Fqdn>] [-IrmEnabled <$true | $false>]
[-IsDefault <$true | $false>] [-MaxAttachmentSize <Unlimited>]
[-MaxEmailBodyTruncationSize <Unlimited>] [-MaxEmailHTMLBodyTruncationSize <Unlimited>]
[-MaxInactivityTimeLock <Unlimited>] [-MaxPasswordFailedAttempts <Unlimited>]
[-MinPasswordComplexCharacters <Int32>] [-MinPasswordLength <Int32>] [-PasswordEnabled <$true | $false>]
[-PasswordExpiration <Unlimited>] [-PasswordHistory <Int32>] [-PasswordRecoveryEnabled <$true | $false>]
[-RequireDeviceEncryption <$true | $false>] [-RequireEncryptedSMIMEMessages <$true | $false>]
[-RequireManualSyncWhenRoaming <$true | $false>] [-RequireSignedSMIMEAlgorithm <SHA1 | MD5>]
[-RequireSignedSMIMEMessages <$true | $false>] [-RequireStorageCardEncryption <$true | $false>]
[-UnapprovedInROMApplicationList <MultiValuedProperty>] [-UNCAccessEnabled <$true | $false>] [-WhatIf]
[-WSSAccessEnabled <$true | $false>] [<CommonParameters>]
Description
Mobile device mailbox policies define settings for mobile devices that are used to access mailboxes in your
organization. The default mobile device mailbox policy is applied to all new mailboxes that you create. You can
assign a mobile device mailbox policy to existing mailboxes by using the Set-CASMailbox cmdlet, or by editing the
mailbox properties in the Exchange admin center (EAC ).
Some mobile device mailbox policy settings require the mobile device to have certain built-in features that enforce
these security and device management settings. If your organization allows all devices, you need to set the
AllowNonProvisionableDevices parameter to $true. This allows devices that can't enforce all policy settings to
synchronize with your server.
Examples
-------------------------- Example 1 --------------------------
New-MobileDeviceMailboxPolicy -Name "Sales Policy" -PasswordEnabled $true -AlphanumericPasswordRequired $true -

PasswordRecoveryEnabled $true -IsDefault $false -AttachmentsEnabled $false -AllowStorageCard $true
This example creates the mobile device mailbox policy Sales Policy that has several preconfigured values.
-------------------------- Example 2 --------------------------
New-MobileDeviceMailboxPolicy -Name Management -AllowBluetooth $true -AllowBrowser $true -AllowCamera $true -

AllowPOPIMAPEmail $false -PasswordEnabled $true -AlphanumericPasswordRequired $true -PasswordRecoveryEnabled
$true -MaxEmailAgeFilter TwoWeeks -AllowWiFi $true -AllowStorageCard $true
This example creates the mobile device mailbox policy Management that has several preconfigured values. Users
assigned to this policy should have an Enterprise client access license (CAL ) to use many of these features.
-------------------------- Example 3 --------------------------
New-MobileDeviceMailboxPolicy -Name "Contoso Policy" -PasswordEnabled $true -AlphanumericPasswordRequired $true

-PasswordRecoveryEnabled $true -MinPasswordComplexCharacters 3 -IsDefault $true -PasswordHistory 10
This example creates the mobile device mailbox policy Contoso Policy that has several preconfigured values. This
policy is configured to be the default policy for the organization. The default policy is assigned to all new users.
Parameters
devices. Valid input for this parameter is $true or $false. The default value is $true.

Required: False
Position: Named
Default value: None
-AllowBluetooth
The AllowBluetooth parameter specifies whether the Bluetooth capabilities of the mobile device are allowed. The
Required: False
Position: Named
Default value: None
-AllowBrowser
The AllowBrowser parameter specifies whether Microsoft Pocket Internet Explorer is allowed on the mobile device.
Valid input for this parameter is $true or $false. The default value is $true. This parameter doesn't affect third-party
browsers.

Required: False
Position: Named
Default value: None
-AllowCamera
The AllowCamera parameter specifies whether the mobile device's camera is allowed. Valid input for this parameter

Required: False
Position: Named
Default value: None
-AllowConsumerEmail
The AllowConsumerEmail parameter specifies whether the user can configure a personal email account on the
mobile device. Valid input for this parameter is $true or $false. The default value is $true. This parameter doesn't
control access to email accounts using third-party mobile device email programs.

Required: False
Position: Named
Default value: None
-AllowDesktopSync
The AllowDesktopSync parameter specifies whether the mobile device can synchronize with a desktop computer
through a cable. Valid input for this parameter is $true or $false. The default value is $true.

Required: False
Position: Named
Default value: None
allowed to manage the mobile device. Valid input for this parameter is $true or $false. The default value is $false.

Required: False
Position: Named
Default value: None
-AllowGooglePushNotifications
The AllowGooglePushNotifications parameter controls whether the user can receive push notifications from
Google for Outlook on the web for devices. Valid input for this parameter is $true or $false. The default value is
$true.

Required: False
Position: Named
Default value: None
-AllowHTMLEmail
The AllowHTMLEmail parameter specifies whether HTML -formatted email is enabled on the mobile device. Valid
input for this parameter is $true or $false. The default value is $true. If set to $false, all email is converted to plain
text before synchronization occurs.

Required: False
Position: Named
Default value: None
The AllowInternetSharing parameter specifies whether the mobile device can be used as a modem to connect a
computer to the Internet. This process is also known as tethering. Valid input for this parameter is $true or $false.

Required: False
Position: Named
Default value: None
-AllowIrDA
The AllowIrDA parameter specifies whether infrared connections are allowed to the mobile device. Valid input for
this parameter is $true or $false. The default value is $true.
Required: False
Position: Named
Default value: None
-AllowMicrosoftPushNotifications
The AllowMicrosoftPushNotifications parameter specifies whether push notifications are enabled on the mobile
device. Valid input for this parameter is $true or $false. The default value is $true.

Required: False
Position: Named
Default value: None
The AllowMobileOTAUpdate parameter specifies whether the policy can be sent to the mobile device over a cellular
data connection. Valid input for this parameter is $true or $false. The default value is $true.

Required: False
Position: Named
Default value: None
The AllowNonProvisionableDevices parameter specifies whether all mobile devices can synchronize with Exchange.
When set to $true, this parameter enables all mobile devices to synchronize with Exchange, regardless of whether
the device can enforce all settings that are defined by the policy. This also includes mobile devices managed by a
separate device management system. When set to $false, this parameter blocks mobile devices that aren't
provisioned from synchronizing with Exchange.

Required: False
Position: Named
Default value: None
-AllowPOPIMAPEmail
the mobile device. Valid input for this parameter is $true or $false. The default value is $true. This parameter
doesn't control access by third-party email programs.
Required: False
Position: Named
Default value: None
-AllowRemoteDesktop
The AllowRemoteDesktop parameter specifies whether the mobile device can initiate a remote desktop connection.

Required: False
Position: Named
Default value: None
The AllowSimplePassword parameter specifies whether a simple password is allowed on the mobile device. A
simple password is a password that has a specific pattern, such as 1111 or 1234. Valid input for this parameter is
$true or $false. The default value is $true.

Required: False
Position: Named
Default value: None
mobile device can negotiate the encryption algorithm if a recipient's certificate doesn't support the specified
encryption algorithm. Valid values for this parameter are:
AllowAnyAlgorithmNegotiation
BlockNegotiation
OnlyStrongAlgorithmNegotiation
The default value is AllowAnyAlgorithmNegotiation.

Required: False
Position: Named
Default value: None
The AllowSMIMESoftCerts parameter specifies whether S/MIME software certificates are allowed on the mobile
Required: False
Position: Named
Default value: None
-AllowStorageCard
The AllowStorageCard parameter specifies whether the mobile device can access information stored on a storage
card. Valid input for this parameter is $true or $false. The default value is $true.

Required: False
Position: Named
Default value: None
-AllowTextMessaging
The AllowTextMessaging parameter specifies whether text messaging is allowed from the mobile device. Valid input
for this parameter is $true or $false. The default value is $true.

Required: False
Position: Named
Default value: None
The AllowUnsignedApplications parameter specifies whether unsigned applications can be installed on the mobile

Required: False
Position: Named
Default value: None
The AllowUnsignedInstallationPackages parameter specifies whether unsigned installation packages are allowed to
run on the mobile device. Valid input for this parameter is $true or $false. The default value is $true.

Required: False
Position: Named
Default value: None
-AllowWiFi
The AllowWiFi parameter specifies whether wireless Internet access is allowed on the mobile device. Valid input for

Required: False
Position: Named
Default value: None
-AlphanumericPasswordRequired
The AlphanumericPasswordRequired parameter specifies whether the password for the mobile device must be
alphanumeric. Valid input for this parameter is $true or $false. The default value is $false.

Required: False
Position: Named
Default value: None
The ApprovedApplicationList parameter specifies a configured list of approved applications for the device.
Required: False
Position: Named
Default value: None
-AttachmentsEnabled
The AttachmentsEnabled parameter specifies whether attachments can be downloaded on the mobile device. Valid
input for this parameter is $true or $false. The default value is $true.
When set to $false, this parameter blocks the user from downloading attachments on the mobile device.

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
The DeviceEncryptionEnabled parameter specifies whether encryption is enabled on the mobile device. Valid input
for this parameter is $true or $false. The default value is $false.
When this parameter is set to $true, device encryption is enabled on the mobile device.

Required: False
Position: Named
Default value: None
The DevicePolicyRefreshInterval parameter specifies how often the policy is sent to the mobile device.
seconds.
The default value is Unlimited.
Type: Unlimited
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-IrmEnabled
The IrmEnabled parameter specifies whether Information Rights Management (IRM ) is enabled for the mobile

Required: False
Position: Named
Default value: None
-IsDefault
The IsDefault parameter specifies whether this policy is the default mobile device mailbox policy. Valid input for this
parameter is $true or $false. The default value for the built-in mobile device mailbox policy named Default is $true.
The default value for new mobile device mailbox policies that you create is $false.
There can be only one default policy. If another policy is currently set as the default, and you set this parameter to
$true, this policy becomes the default policy. The value of this parameter on the other policy is automatically
changed to $false, and that policy is no longer the default policy.

Required: False
Position: Named
Default value: None
-MaxAttachmentSize
mobile device. Valid input for this parameter is a size value between 0 and 2147482624 bytes (approximately 2
GB ), or the value Unlimited. The default value is Unlimited.
Unqualified values are treated as bytes. You can qualify the value with KB (kilobytes), MB (megabytes) or GB
(gigabytes). For example, to set the limit to 4 kilobytes, enter the value 4096 or 4KB.
The maximum value is 1024 bytes (one kilobyte) less than two gigabytes (2*1024^3), so these are the maximum
qualified values you can use with this parameter.
2097151KB
2047.999024MB
1.999999047GB
Type: Unlimited
Required: False
Position: Named
Default value: None
the mobile device. Valid values for this parameter are:
All
TwoWeeks
OneMonth
ThreeMonths
SixMonths

Required: False
Position: Named
Default value: None
-MaxEmailAgeFilter
mobile device. Valid values for this parameter are:
All
OneDay
ThreeDays
OneWeek
TwoWeeks
OneMonth

Required: False
Position: Named
Default value: None
when synchronized to the mobile device. Valid input for this parameter is an integer between 0 and 2147483647
(Int32) or the value Unlimited. The default value is Unlimited.
(gigabytes). For example, to set the limit to 4 kilobytes, enter the value 4KB or 4096.
Type: Unlimited
Required: False
Position: Named
Default value: None
messages are truncated when synchronized to the mobile device. Valid input for this parameter is an integer
between 0 and 2147483647 (Int32) or the value Unlimited. The default value is Unlimited.
Type: Unlimited
Required: False
Position: Named
Default value: None
-MaxInactivityTimeLock
The MaxInactivityTimeLock parameter specifies the length of time that the mobile device can be inactive before the
password is required to reactivate it. Valid values are:
A timespan: hh:mm:ss, where hh = hours, mm = minutes and ss= seconds. The valid input range is 00:01:00 to
01:00:00 (one minute to one hour).
The value Unlimited. This is the default value.
Type: Unlimited
Required: False
Position: Named
Default value: None
-MaxPasswordFailedAttempts
The MaxPasswordFailedAttempts parameter specifies the number of attempts a user can make to enter the correct
password for the mobile device.
You can enter any number from 4 through 16 or the value Unlimited. The default value is Unlimited.
Type: Unlimited
Required: False
Position: Named
Default value: None
-MinPasswordComplexCharacters
The MinPasswordComplexCharacters parameter specifies the character sets that are required in the password of
the mobile device. The character sets are:
Lower case letters.
Upper case letters.
Digits 0 through 9.
Special characters (for example, exclamation marks).
A valid value for this parameter is an integer from 1 through 4. The default value is 1.
For Windows Phone 8 devices, the value specifies the number of character sets that are required in the password.
For example, the value 3 requires at least one character from any three of the character sets.
For Windows Phone 10 devices, the value specifies the following password complexity requirements:
Digits only.
Digits and lower case letters.
Digits, lower case letters, and upper case letters.
Digits, lower case letters, upper case letters, and special characters.
Type: Int32
Required: False
Position: Named
Default value: None
-MinPasswordLength
The MinPasswordLength parameter specifies the minimum number of characters in the mobile device password.
You can enter any number from 1 through 16 or the value $null. The default value is blank. The maximum
password length is 16 characters.
Type: Int32
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the name of the mobile device mailbox policy. You can use any value that uniquely
Name
GUID
The name of the built-in mobile device mailbox policy is Default.
Type: String
Required: True
Position: 1
Default value: None
-PasswordEnabled
The PasswordEnabled parameter specifies whether a password is required on the mobile device. Valid input for this
parameter is $true or $false. The default value is $false.
When set to $true, this parameter requires the user to set a password on the mobile device.

Required: False
Position: Named
Default value: None
-PasswordExpiration
The PasswordExpiration parameter specifies how long a password can be used on a mobile device before the user
is forced to change the password. Valid values are:
A timespan: ddd.hh:mm:ss, where ddd = days, hh = hours, mm = minutes and ss= seconds. The valid input
range is 1.00:00:00 to 730.00:00:00 (one day to two years).
The value Unlimited. This is the default value
Type: Unlimited
Required: False
Position: Named
Default value: None
-PasswordHistory
The PasswordHistory parameter specifies the number of unique new passwords that need to be created on the
mobile device before an old password can be reused.
You can enter any number from 0 through 50. The default value is 0.
Type: Int32
Required: False
Position: Named
Default value: None
The PasswordRecoveryEnabled parameter specifies whether the recovery password for the mobile device is stored
in Exchange. Valid input for this parameter is $true or $false. The default value is $false.
When set to $true, this parameter enables you to store the recovery password for the mobile device in Exchange.
The recovery password can be viewed from Outlook on the web or the Exchange admin center.

Required: False
Position: Named
Default value: None
The RequireDeviceEncryption parameter specifies whether encryption is required on the mobile device. Valid input

Required: False
Position: Named
Default value: None
The RequireEncryptedSMIMEMessages parameter specifies whether the mobile device must send encrypted
S/MIME messages. Valid input for this parameter is $true or $false. The default value is $false.

Required: False
Position: Named
Default value: None
The RequireEncryptionSMIMEAlgorithm parameter specifies the algorithm that's required to encrypt S/MIME
messages on a mobile device. The valid values for this parameter are:
DES
TripleDES
RC240bit
RC264bit
RC2128bit
The default value is TripleDES.

Required: False
Position: Named
Default value: None
The RequireManualSyncWhenRoaming parameter specifies whether the mobile device must synchronize manually
while roaming. Valid input for this parameter is $true or $false. The default value is $false.

Required: False
Position: Named
Default value: None
The RequireSignedSMIMEAlgorithm parameter specifies the algorithm that's used to sign S/MIME messages on
the mobile device.
Valid values for this parameter are SHA1 or MD5. The default value is SHA1.
Type: SHA1 | MD5

Required: False
Position: Named
Default value: None
The RequireSignedSMIMEMessages parameter specifies whether the mobile device must send signed S/MIME
messages. Valid input for this parameter is $true or $false. The default value is $false.

Required: False
Position: Named
Default value: None
The RequireStorageCardEncryption parameter specifies whether storage card encryption is required on the mobile
device. Valid input for this parameter is $true or $false. The default value is $false.
Setting this parameter to $true also sets the DeviceEncryptionEnabled parameter to $true.

Required: False
Position: Named
Default value: None
The UnapprovedInROMApplicationList parameter specifies a list of applications that can't be run in ROM on the
mobile device.
Required: False
Position: Named
Default value: None
-UNCAccessEnabled
The UNCAccessEnabled parameter specifies whether access to Microsoft Windows file shares is enabled from the
mobile device. In on-premises Exchange organizations, access to specific shares is configured on the Exchange
ActiveSync virtual directory.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-WSSAccessEnabled
The WSSAccessEnabled parameter specifies whether access to Microsoft Windows SharePoint Services is enabled
from the mobile device. In on-premises Exchange organizations, access to specific shares is configured on the
Exchange ActiveSync virtual directory.

Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-ActiveSyncDevice
In ths Article
may be exclusive to one environment or the other. Use the Remove-ActiveSyncDevice cmdlet to remove mobile
device partnerships that identify the devices that are configured to synchronize with user mailboxes. Note: In
Exchange 2013 or later, use the Remove-MobileDevice cmdlet instead. If you have scripts that use Remove-
ActiveSyncDevice, update them to use Remove-MobileDevice. For information about the parameter sets in the
Syntax
Remove-ActiveSyncDevice [-Identity] <ActiveSyncDeviceIdParameter> [-Confirm] [-DomainController <Fqdn>]
Description
The Remove-ActiveSyncDevice cmdlet is useful for removing mobile devices that no longer synchronize
successfully with the server.
Examples
-------------------------- Example 1 --------------------------
Remove-ActiveSyncDevice -Identity WM_JeffHay
This example removes the mobile device partnership for the device named WM_JeffHay.
-------------------------- Example 2 --------------------------
Remove-ActiveSyncDevice -Identity iPhone_TonySmith -Confirm $true
This example removes the mobile device partnership for the device named iPhone_TonySmith after displaying the
confirm prompt.
-------------------------- Example 3 --------------------------
Remove-ActiveSyncDevice -Identity Tablet_JeffHay -Confirm $true
This example removes the mobile device partnership for the device named Tablet_JeffHay after displaying the
confirm prompt.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter uniquely identifies the specific device partnership to be removed.
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-ActiveSyncDeviceAccessRule
In ths Article
may be exclusive to one environment or the other. Use the Remove-ActiveSyncDeviceAccessRule cmdlet to remove
any existing device access rule. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Remove-ActiveSyncDeviceAccessRule [-Identity] <ActiveSyncDeviceAccessRuleIdParameter> [-Confirm]
Description
If you've created device access rules for groups of devices, you can use the Remove-ActiveSyncDeviceAccessRule
cmdlet to remove any access rule.
Examples
-------------------------- Example 1 --------------------------
Get-ActiveSyncDeviceAccessRule | Remove-ActiveSyncDeviceAccessRule
This example removes all device access rules.

-------------------------- Example 2 --------------------------
Get-ActiveSyncDeviceAccessRule | where {$_.Name -like 'Contoso*'} | Remove-ActiveSyncDeviceAccessRule
This example removes all device access rules that have a name that starts with Contoso.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the identity of the device access rule.
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-ActiveSyncDeviceClass
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Remove-ActiveSyncDeviceClass cmdlet to clean up
the list of mobile devices synchronizing with Microsoft Exchange. For information about the parameter sets in the
Syntax
Remove-ActiveSyncDeviceClass [-Identity] <ActiveSyncDeviceClassIdParameter> [-Confirm]
Description
The Remove-ActiveSyncDeviceClass cmdlet cleans up the list of devices that are associated with your organization.
Mobile phones and devices that are inactive or have been remote wiped are removed from the list and the
Microsoft Exchange ActiveSync process regenerates the list with the current mobile phones and devices.
Examples
-------------------------- Example 1 --------------------------
Get-ActiveSyncDeviceClass | RemoveActiveSyncDeviceClass
This example retrieves the list of devices connecting to Microsoft Exchange and then removes all mobile devices
from the list.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the group of devices on which to scope the task.
Type: ActiveSyncDeviceClassIdParameter
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-ActiveSyncMailboxPolicy
In ths Article
may be exclusive to one environment or the other. Use the Remove-ActiveSyncMailboxPolicy cmdlet to remove
mobile device mailbox policies. Note: In Exchange 2013 or later, use the Remove-MobileDeviceMailboxPolicy
cmdlet instead. If you have scripts that use Remove-ActiveSyncMailboxPolicy, update them to use Remove-
MobileDeviceMailboxPolicy. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Remove-ActiveSyncMailboxPolicy [-Identity] <MailboxPolicyIdParameter> [-Confirm] [-DomainController <Fqdn>]
Description
A mobile device mailbox policy is a group of settings that specifies how mobile phones connect to Exchange.
Exchange supports multiple mobile device mailbox policies. If any users are assigned to the policy when you
attempt to remove it, the command fails.
Examples
-------------------------- Example 1 --------------------------
Remove-ActiveSyncMailboxPolicy -Identity "SalesPolicy"
This example removes the mobile device mailbox policy SalesPolicy.

-------------------------- Example 2 --------------------------
Remove-ActiveSyncMailboxPolicy -Identity "Management" -Confirm:$false -Force $true
This example removes the mobile device mailbox policy named Management and bypasses any confirmation
prompts.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mobile device mailbox policy that you want to remove. You can use any value
that uniquely identifies the policy. For example:
Name
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-DeviceConditionalAccessPolicy
In ths Article
Security & Compliance Center PowerShell (https://technet.microsoft.com/library/mt587091.aspx). Use the
Remove-DeviceConditionalAccessPolicy cmdlet to remove mobile device conditional access policies from the
Security & Compliance Center. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Remove-DeviceConditionalAccessPolicy [-Identity] <PolicyIdParameter> [-Confirm] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-DeviceConditionalAccessPolicy -Identity "Human Resources"
This example removes the mobile device conditional access policy named Human Resources.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mobile device conditional access policy that you want to remove. You can use
Name
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Remove-DeviceConditionalAccessRule
In ths Article
Remove-DeviceConditionalAccessRule cmdlet to remove mobile device conditional access rules from the Security
& Compliance Center. For information about the parameter sets in the Syntax section below, see Exchange cmdlet
Syntax
Remove-DeviceConditionalAccessRule [-Identity] <PolicyIdParameter> [-Confirm] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-DeviceConditionalAccessRule "Secure Email{914f151c-394b-4da9-9422-f5a2f65dec30}"
This example removes the mobile device conditional access rule named Secure Email{914f151c-394b-4da9-9422-
f5a2f65dec30}.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mobile device conditional access rule that you want to view. The name of the
Email{914f151c-394b-4da9-9422-f5a2f65dec30}. You can find the name value by running the command: Get-
DeviceConditionalAccessRule | Format-List Name.
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Remove-DeviceConfigurationPolicy
In ths Article
Remove-DeviceConfigurationPolicy cmdlet to remove mobile device configuration policies from the Security &
Syntax
Remove-DeviceConfigurationPolicy [-Identity] <PolicyIdParameter> [-Confirm] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-DeviceConfigurationPolicy -Identity "Engineering Group"
This example removes the mobile device configuration policy named Engineering Group.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mobile device configuration policy that you want to remove. You can use any
Name
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Remove-DeviceConfigurationRule
In ths Article
This cmdlet is available only in the cloud-based service. Use the Remove-DeviceConfigurationRule cmdlet to
remove mobile device configuration rules from the Security & Compliance Center. For information about the
Syntax
Remove-DeviceConfigurationRule [-Identity] <PolicyIdParameter> [-Confirm] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-DeviceConfigurationRule "Legal Team{58b50d1c-2b18-461c-8893-3e20c648b136}"
This example removes the mobile device configuration rule named Legal Team{58b50d1c-2b18-461c-8893-
3e20c648b136}.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mobile device configuration rule that you want to view. The name of the rule
uses the syntax <Mobile device configuration policy name>{<GUID value>}. For example, Legal Team{58b50d1c-
2b18-461c-8893-3e20c648b136}. You can find the name values by running the command: Get-
DeviceConfigurationRule | Format-List Name.
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
In ths Article
Remove-DeviceTenantPolicy cmdlet to remove your organization's mobile device tenant policy from the Security &
Syntax
Remove-DeviceTenantPolicy [-Confirm] [-Identity <PolicyIdParameter>] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
This example removes your organization's mobile device tenant policy.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name of the mobile device tenant policy that you want to remove, but there's
only one in your organization. The name of the policy is a GUID value. For example, a6958701-c82c-4064-ac11-
64e40e7f4032. You can find this value by running the command: Get-DeviceTenantPolicy | Format-List Name.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
In ths Article
Remove-DeviceTenantRule cmdlet to remove your organization's mobile device tenant rule from the Security &
Syntax
Remove-DeviceTenantRule [-Confirm] [-Identity <PolicyIdParameter>] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
This example removes the mobile device tenant rule from your organization.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name of the mobile device tenant rule that you want to remove, but there's
only one in your organization. The name of the rule is a GUID. For example, 7577c5f3-05a4-4f55-a0a3-
82aab5e98c84. You can find the name value by running the command Get-DeviceTenantRule | Format-List Name.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Remove-MobileDevice
In ths Article
may be exclusive to one environment or the other. Use the Remove-MobileDevice cmdlet to remove mobile device
partnerships that identify the devices that are configured to synchronize with user mailboxes. For information
Syntax
Remove-MobileDevice [-Identity] <MobileDeviceIdParameter> [-Confirm] [-DomainController <Fqdn>] [-WhatIf]
Description
The Remove-MobileDevice cmdlet is useful for removing mobile devices that no longer synchronize successfully
with the server.
Examples
-------------------------- Example 1 --------------------------
Remove-MobileDevice -Identity WM_JeffHay
This example removes the mobile device partnership for the device named WM_JeffHay.
-------------------------- Example 2 --------------------------
Remove-MobileDevice -Identity iPhone_TonySmith -Confirm:$false
This example removes the mobile device partnership for the device named iPhone_TonySmith and doesn't display
the confirm prompt.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter uniquely identifies the specific device partnership to be removed.
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-MobileDeviceMailboxPolicy
In ths Article
may be exclusive to one environment or the other. Use the Remove-MobileDeviceMailboxPolicy cmdlet to remove
mobile device mailbox policies from Exchange servers. For information about the parameter sets in the Syntax
Syntax
Remove-MobileDeviceMailboxPolicy [-Identity] <MailboxPolicyIdParameter> [-Confirm] [-DomainController <Fqdn>]
Description
A Mobile Device mailbox policy is a group of settings that specifies how mobile phones connect to Exchange.
Exchange supports multiple mobile device mailbox policies. The Remove-MobileDeviceMailboxPolicy cmdlet
removes a specific mobile device mailbox policy. If any users are assigned to the policy when you remove it, the
Remove-MobileDeviceMailboxPolicy cmdlet fails.
Examples
-------------------------- Example 1 --------------------------
Remove-MobileDeviceMailboxPolicy -Identity SalesPolicy
This example removes the mobile device mailbox policy SalesPolicy.

-------------------------- Example 2 --------------------------
Remove-MobileDeviceMailboxPolicy -Identity Engineering -Confirm:$false
This example removes the mobile device mailbox policy named Engineering and hides the confirmation prompt.
-------------------------- Example 3 --------------------------
Remove-MobileDeviceMailboxPolicy -Identity Management -Force
This example removes the mobile device mailbox policy named Management and bypasses any warning or error
messages.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mobile device mailbox policy that you want to remove. You can use any value
Name
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-ActiveSyncDeviceAccessRule
In ths Article
may be exclusive to one environment or the other. Use the Set-ActiveSyncDeviceAccessRule cmdlet to set the level
of access for the rule. For information about the parameter sets in the Syntax section below, see Exchange cmdlet
Syntax
Set-ActiveSyncDeviceAccessRule [-Identity] <ActiveSyncDeviceAccessRuleIdParameter>
[-AccessLevel <Allow | Block | Quarantine>] [-Confirm] [-DomainController <Fqdn>] [-WhatIf]
Description
Your rule can define multiple groups of devices: allowed devices, blocked devices and quarantined devices.
Examples
-------------------------- Example 1 --------------------------
Set-ActiveSyncDeviceAccessRule 'ContosoPhone(DeviceModel)' -AccessLevel Quarantine
This example changes the access level granted to phones covered by the rule ContosoPhone (DeviceModel) to
Quarantine.
-------------------------- Example 2 --------------------------
Get-ActiveSyncDeviceAccessRule | Where {$_.AccessLevel -eq 'Allow'} | Set-ActiveSyncDeviceAccessRule -

AccessLevel Quarantine
This example changes the organization's device access rule so that all devices explicitly allowed to access Microsoft
Exchange ActiveSync are quarantined.
Parameters
-AccessLevel
The AccessLevel parameter specifies whether the devices are allowed, blocked or quarantined.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the identity of the device access rule.
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-ActiveSyncDeviceAutoblockThreshold
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-ActiveSyncDeviceAutoblockThreshold cmdlet to
change settings for autoblocking mobile devices. For information about the parameter sets in the Syntax section
Syntax
Set-ActiveSyncDeviceAutoblockThreshold [-Identity] <ActiveSyncDeviceAutoblockThresholdIdParameter>
[-AdminEmailInsert <String>] [-BehaviorTypeIncidenceDuration <EnhancedTimeSpan>]
[-BehaviorTypeIncidenceLimit <Int32>] [-Confirm] [-DeviceBlockDuration <EnhancedTimeSpan>]
Description
Microsoft Exchange and Microsoft Exchange ActiveSync can block Exchange ActiveSync mobile devices if these
devices display any of a defined list of behaviors that can potentially cause issues with the server. The Set-
ActiveSyncDeviceAutoblockThreshold cmdlet can modify an existing autoblock threshold rule and change a variety
of settings including the duration of blocking.
Examples
-------------------------- Example 1 --------------------------
Set-ActiveSyncDeviceAutoblockThreshold -Identity "UserAgentChanges" BehaviorTypeIncidenceLimit 2 -

BehaviorTypeIncidenceDuration 1440 -DeviceBlockDuration 1440 -AdminEmailInsert "Your device has been blocked.
"]
This example sets the autoblock threshold rule UserAgentChanges with several settings. It limits the number of
accepted UserAgent changes to 2, specifies that the incidence duration is 1440 minutes and blocks the mobile
device for 1440 minutes. Lastly, it inserts a message into the administrative email message sent to the user.
-------------------------- Example 2 --------------------------
Set-ActiveSyncDeviceAutoblockThreshold -Identity "RecentCommands" BehaviorTypeIncidenceLimit 5 -

BehaviorTypeIncidenceDuration 720 -DeviceBlockDuration 720 -AdminEmailInsert "Your device has been blocked. "]
This example sets the autoblock threshold rule RecentCommands with several settings. It limits the number of
accepted RecentCommands changes to 5, specifies that the incidence duration is 720 minutes and blocks the
mobile device for 720 minutes. Lastly, it inserts a message into the administrative email message sent to the user.
Parameters
-AdminEmailInsert
The AdminEmailInsert parameter specifies the text to include in the email sent to the user when a mobile device
triggers an autoblock threshold rule.
Type: String
Required: False
Position: Named
Default value: None
-BehaviorTypeIncidenceDuration
The BehaviorTypeIncidenceDuration parameter specifies the interval (in minutes) within which the BehaviorType
must occur to trigger the autoblock rule.
Required: False
Position: Named
Default value: None
-BehaviorTypeIncidenceLimit
The BehaviorTypeIncidenceLimit parameter specifies the number of occurrences of the behavior type needed to
trigger blocking.
Type: Int32
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DeviceBlockDuration
The DeviceBlockDuration parameter specifies the length of time (in minutes) that the mobile device is blocked.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name of the autoblock threshold rule.
Type: ActiveSyncDeviceAutoblockThresholdIdParameter
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-ActiveSyncMailboxPolicy
In ths Article
may be exclusive to one environment or the other. Use the Set-ActiveSyncMailboxPolicy cmdlet to apply a variety
of Mobile Device mailbox policy settings to a server. You can set any of the parameters by using one command.
Note: In Exchange 2013 or later, use the Set-MobileMailboxPolicy cmdlet instead. If you have scripts that use Set-
ActiveSyncMailboxPolicy, update them to use Set-MobileMailboxPolicy. For information about the parameter sets
Syntax
Set-ActiveSyncMailboxPolicy [-Identity] <MailboxPolicyIdParameter>
[-AllowBluetooth <Disable | HandsfreeOnly | Allow>] [-AllowBrowser <$true | $false>]
[-AllowCamera <$true | $false>] [-AllowConsumerEmail <$true | $false>] [-AllowDesktopSync <$true | $false>]
[-AllowExternalDeviceManagement <$true | $false>] [-AllowHTMLEmail <$true | $false>]
[-AllowInternetSharing <$true | $false>] [-AllowIrDA <$true | $false>]
[-AllowMobileOTAUpdate <$true | $false>] [-AllowNonProvisionableDevices <$true | $false>]
[-AllowPOPIMAPEmail <$true | $false>] [-AllowRemoteDesktop <$true | $false>]
[-AllowSimpleDevicePassword <$true | $false>]
[-AlphanumericDevicePasswordRequired <$true | $false>]
[-ApprovedApplicationList <ApprovedApplicationCollection>] [-AttachmentsEnabled <$true | $false>] [-Confirm]
[-DeviceEncryptionEnabled <$true | $false>] [-DevicePasswordEnabled <$true | $false>]
[-DevicePasswordExpiration <Unlimited>] [-DevicePasswordHistory <Int32>]
[-IsDefaultPolicy <$true | $false>] [-MaxAttachmentSize <Unlimited>]
[-MaxDevicePasswordFailedAttempts <Unlimited>]
[-MaxInactivityTimeDeviceLock <Unlimited>] [-MinDevicePasswordComplexCharacters <Int32>]
[-MinDevicePasswordLength <Int32>]
[-Name <String>] [-PasswordRecoveryEnabled <$true | $false>] [-RequireDeviceEncryption <$true | $false>]
[-WSSAccessEnabled <$true | $false>] [-AllowApplePushNotifications <$true | $false>]
[-IsDefault <$true | $false>] [<CommonParameters>]
Description
With the Set-ActiveSyncMailboxPolicy cmdlet, you can set each parameter in a mailbox policy.
Some Microsoft Mobile Device mailbox policy settings require the mobile device to have specific built-in features
that enforce these security and device management settings. If your organization allows all devices, you must set
the AllowNonProvisionableDevices parameter to $true. This applies to devices that can't enforce all policy settings.
Examples
-------------------------- Example 1 --------------------------
Set-ActiveSyncMailboxPolicy -Identity:SalesPolicy -DevicePasswordEnabled:$true -

AlphanumericDevicePasswordRequired:$true -PasswordRecoveryEnabled:$true -AttachmentsEnabled:$true -
MaxInactivityTimeDeviceLock:15:00 -IsDefault:$false
This example sets several policy settings for the Mobile Device mailbox policy SalesPolicy.
-------------------------- Example 2 --------------------------
Set-ActiveSyncMailboxPolicy -Identity:Management -DevicePasswordEnabled:$true -

AlphanumericDevicePasswordRequired:$true -PasswordRecoveryEnabled:$true -AllowCamera:$true -AllowWiFi:$false -
AllowStorageCard:$true -AllowPOPIMAPEmail:$false
This example sets several policy settings for the Mobile Device mailbox policy Management.
-------------------------- Example 3 --------------------------
Set-ActiveSyncMailboxPolicy -Identity:Default -DevicePasswordEnabled:$true -

AlphanumericDevicePasswordRequired:$true -PasswordRecoveryEnabled:$true -MaxEmailAgeFilter:ThreeDays -
AllowWiFi:$false -AllowStorageCard:$true -AllowPOPIMAPEmail:$false -IsDefault:$true -AllowTextMessaging:$true -
Confirm:$true
This example sets several policy settings for the Mobile Device mailbox policy Default and requires confirmation
before applying the settings.
Parameters
The AllowApplePushNotifications parameter specifies whether push notifications are allowed to Apple mobile
devices.

Required: False
Position: Named
Default value: None
-AllowBluetooth
The AllowBluetooth parameter specifies whether the Bluetooth capabilities are allowed on the mobile phone. The
Required: False
Position: Named
Default value: None
-AllowBrowser
The AllowBrowser parameter indicates whether Microsoft Pocket Internet Explorer is allowed on the mobile phone.
The default value is $true. This parameter doesn't affect third-party browsers.

Required: False
Position: Named
Default value: None
-AllowCamera
The AllowCamera parameter specifies whether the mobile phone's camera is allowed. The default value is $true.

Required: False
Position: Named
Default value: None
-AllowConsumerEmail
The AllowConsumerEmail parameter specifies whether the mobile phone user can configure a personal email
account on the mobile phone. The default value is $true. This parameter doesn't control access to emails using
third-party mobile phone email programs.

Required: False
Position: Named
Default value: None
-AllowDesktopSync
The AllowDesktopSync parameter specifies whether the mobile phone can synchronize with a desktop computer
through a cable. The default value is $true.

Required: False
Position: Named
Default value: None
allowed to manage the mobile phone.

Required: False
Position: Named
Default value: None
-AllowHTMLEmail
The AllowHTMLEmail parameter specifies whether HTML email is enabled on the mobile phone. The default value
is $true. If set to $false, all email is converted to plain text before synchronization occurs.

Required: False
Position: Named
Default value: None
The AllowInternetSharing parameter specifies whether the mobile phone can be used as a modem to connect a
computer to the Internet. The default value is $true.

Required: False
Position: Named
Default value: None
-AllowIrDA
The AllowIrDA parameter specifies whether infrared connections are allowed to the mobile phone. The default
value is $true.

Required: False
Position: Named
Default value: None
The AllowMobileOTAUpdate parameter specifies whether the Exchange ActiveSync mailbox policy can be sent to
the mobile phone over a cellular data connection.

Required: False
Position: Named
Default value: None
The AllowNonProvisionableDevices parameter specifies whether all mobile phones can synchronize with the
server running Exchange. When set to $true, the AllowNonProvisionableDevices parameter enables all mobile
phones to synchronize with the Exchange server, regardless of whether the phone can enforce all the specific
settings established in the Mobile Device mailbox policy. This also includes mobile phones managed by a separate
device management system. When set to $false, this parameter blocks mobile phones that aren't provisioned from
synchronizing with the Exchange server. The default value is $false.

Required: False
Position: Named
Default value: None
-AllowPOPIMAPEmail
the mobile phone. The default value is $true. This parameter doesn't control access by third-party email programs.

Required: False
Position: Named
Default value: None
-AllowRemoteDesktop
The AllowRemoteDesktop parameter specifies whether the mobile phone can initiate a remote desktop connection.

Required: False
Position: Named
Default value: None
-AllowSimpleDevicePassword
The AllowSimpleDevicePassword parameter specifies whether a simple device password is allowed. A simple
device password is a password that has a specific pattern, such as 1111 or 1234. The default value is $true.

Required: False
Position: Named
Default value: None
mobile phone can negotiate the encryption algorithm if a recipient's certificate doesn't support the specified
encryption algorithm.
Required: False
Position: Named
Default value: None
The AllowSMIMESoftCerts parameter specifies whether S/MIME software certificates are allowed. The default
value is $true.

Required: False
Position: Named
Default value: None
-AllowStorageCard
The AllowStorageCard parameter specifies whether the mobile phone can access information stored on a storage
card. The default value is $true.

Required: False
Position: Named
Default value: None
-AllowTextMessaging
The AllowTextMessaging parameter specifies whether text messaging is allowed from the mobile phone. The

Required: False
Position: Named
Default value: None
phone. The default value is $true.

Required: False
Position: Named
Default value: None
The AllowUnsignedInstallationPackages parameter specifies whether unsigned installation packages can be
executed on the mobile phone. The default value is $true.

Required: False
Position: Named
Default value: None
-AllowWiFi
The AllowWiFi parameter specifies whether wireless Internet access is allowed on the mobile phone. The default
value is $true.

Required: False
Position: Named
Default value: None
-AlphanumericDevicePasswordRequired
The AlphanumericDevicePasswordRequired parameter specifies whether the password for the mobile phone must
be alphanumeric. The default value is $false.

Required: False
Position: Named
Default value: None
The ApprovedApplicationList parameter specifies a list of approved applications for the mobile phone.
Required: False
Position: Named
Default value: None
-AttachmentsEnabled
The AttachmentsEnabled parameter specifies whether attachments can be downloaded. When set to $false, the
AttachmentsEnabled parameter blocks the user from downloading attachments. The default value is $true.

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
The DeviceEncryptionEnabled parameter specifies whether encryption is enabled. The DeviceEncryptionEnabled
parameter, when set to $true, enables device encryption on the mobile phone. The default value is $false.

Required: False
Position: Named
Default value: None
-DevicePasswordEnabled
The DevicePasswordEnabled parameter specifies whether a password is required. When set to $true, the
DevicePasswordEnabled parameter requires that the user set a password for the mobile phone. The default value is
$false.

Required: False
Position: Named
Default value: None
-DevicePasswordExpiration
The DevicePasswordExpiration parameter specifies the length of time, in days, that a password can be used. After
this length of time, a new password must be created. The format of the parameter is dd.hh.mm:ss, for example,
24.00:00 = 24 hours.
Type: Unlimited
Required: False
Position: Named
Default value: None
-DevicePasswordHistory
The DevicePasswordHistory parameter specifies the number of previously used passwords to store. When a user
creates a password, the user can't reuse a stored password that was previously used.
Type: Int32
Required: False
Position: Named
Default value: None
The DevicePolicyRefreshInterval parameter specifies how often the policy is sent from the server to the mobile
phone.
Type: Unlimited
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Mobile Device mailbox policy.
Required: True
Position: 1
Default value: None
-IrmEnabled
The IrmEnabled parameter specifies whether Information Rights Management (IRM ) is enabled for the mailbox
policy.
Required: False
Position: Named
Default value: None
-IsDefault
this policy.

Required: False
Position: Named
Default value: None
-IsDefaultPolicy
this policy.

Required: False
Position: Named
Default value: None
-MaxAttachmentSize
mobile phone. The default value is Unlimited.
Type: Unlimited
Required: False
Position: Named
Default value: None
the device. The value is specified by entering one of the following values:
All
OneDay
ThreeDays
OneWeek
TwoWeeks
OneMonth

Required: False
Position: Named
Default value: None
-MaxDevicePasswordFailedAttempts
The MaxDevicePasswordFailedAttempts parameter specifies the number of attempts a user can make to enter the
correct password for the mobile phone. You can enter any number from 4 through 16. The default value is 8.
Type: Unlimited
Required: False
Position: Named
Default value: None
-MaxEmailAgeFilter
mobile phone. The value is specified by entering one of the following values.
All
OneDay
ThreeDays
OneWeek
TwoWeeks
OneMonth

Required: False
Position: Named
Default value: None
when synchronized to the mobile phone. The value is specified in kilobytes (KB ).
Type: Unlimited
Required: False
Position: Named
Default value: None
messages are synchronized to the mobile phone. The value is specified in KB.
Type: Unlimited
Required: False
Position: Named
Default value: None
-MaxInactivityTimeDeviceLock
The MaxInactivityTimeDeviceLock parameter specifies the length of time that the mobile phone can be inactive
before the password is required to reactivate it. You can enter any interval between 30 seconds and 1 hour. The
default value is 15 minutes. The format of the parameter is hh.mm:ss, for example, 15:00 = 15 minutes.
Type: Unlimited
Required: False
Position: Named
Default value: None
-MinDevicePasswordComplexCharacters
The MinDevicePasswordComplexCharacters parameter specifies the minimum number of complex characters
required in a mobile phone password. A complex character isn't a letter.
Type: Int32
Required: False
Position: Named
Default value: None
-MinDevicePasswordLength
The MinDevicePasswordLength parameter specifies the minimum number of characters in the device password.
You can enter any number from 1 through 16. The maximum length a password can be is 16 characters. The default
value is 4.
Type: Int32
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the friendly name of the Mobile Device mailbox policy.
Type: String
Required: False
Position: Named
Default value: None
The PasswordRecoveryEnabled parameter specifies whether the recovery password for the mobile phone is stored
on an Exchange server. When set to $true, the PasswordRecoveryEnabled parameter enables you to store the
recovery password for the mobile phone on an Exchange server. The default value is $false. The recovery password
can be viewed from either Outlook on the web or the Exchange admin center.

Required: False
Position: Named
Default value: None
The RequireDeviceEncryption parameter specifies whether encryption is required on the device. The default value
is $false.

Required: False
Position: Named
Default value: None
The RequireEncryptedSMIMEMessages parameter specifies whether you must encrypt S/MIME messages. The

Required: False
Position: Named
Default value: None
The RequireEncryptionSMIMEAlgorithm parameter specifies what required algorithm must be used when
encrypting a message.

Required: False
Position: Named
Default value: None
The RequireManualSyncWhenRoaming parameter specifies whether the mobile phone must synchronize manually
while roaming. The default value is $false.

Required: False
Position: Named
Default value: None
The RequireSignedSMIMEAlgorithm parameter specifies what required algorithm must be used when signing a
message.
Type: SHA1 | MD5

Required: False
Position: Named
Default value: None
The RequireSignedSMIMEMessages parameter specifies whether the mobile phone must send signed S/MIME
messages.

Required: False
Position: Named
Default value: None
The RequireStorageCardEncryption parameter specifies whether storage card encryption is enabled for the mailbox
policy. Setting this parameter to $true also sets the DeviceEncryptionEnabled parameter to $true.

Required: False
Position: Named
Default value: None
The UnapprovedInROMApplicationList parameter contains a list of applications that can't be run in ROM.
Required: False
Position: Named
Default value: None
-UNCAccessEnabled
The UNCAccessEnabled parameter specifies whether access to Microsoft Windows file shares is enabled. Access to
specific shares is configured on the Exchange ActiveSync virtual directory.

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-WSSAccessEnabled
The WSSAccessEnabled parameter specifies whether access to Microsoft Windows SharePoint Services is enabled.
Access to specific shares is configured on the Exchange ActiveSync virtual directory.

Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-ActiveSyncOrganizationSettings
In ths Article
may be exclusive to one environment or the other. Use the Set-ActiveSyncOrganizationSettings cmdlet to set the
Exchange ActiveSync settings for the organization. For information about the parameter sets in the Syntax section
Syntax
Set-ActiveSyncOrganizationSettings [[-Identity] <ActiveSyncOrganizationSettingsIdParameter>] [-
AdminMailRecipients <MultiValuedProperty>] [-AllowAccessForUnSupportedPlatform <$true | $false>] [-
AllowRMSSupportForUnenlightenedApps <$true | $false>] [-Confirm] [-DefaultAccessLevel <Allow | Block |
Quarantine>] [-DomainController <Fqdn>] [-OtaNotificationMailInsert <String>] [-UserMailInsert <String>] [-
WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-ActiveSyncOrganizationSettings -DefaultAccessLevel Quarantine -AdminMailRecipients

will@contoso.com,roger@contoso.com
This example sets the default access level to quarantine and sets two administrative email addresses.
Parameters
-AdminMailRecipients
The AdminMailRecipients parameter specifies the email addresses of the administrators for reporting purposes.
Required: False
Position: Named
Default value: None
-AllowAccessForUnSupportedPlatform

Required: False
Position: Named
Default value: None
-AllowRMSSupportForUnenlightenedApps
The AllowRMSSupportForUnenlightenedApps parameter specifies whether to allow Rights Management Services
(RMS ) protected messages for ActiveSync clients that don't support RMS. Valid values are:
$true
$false (This is the default value)

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DefaultAccessLevel
The DefaultAccessLevel parameter specifies the access level for new and existing device partnerships. Valid values
are:
Allow (This is the default value)
Block
Quarantine
If you change this value from Allow to Block or Quarantine, all existing connected devices are immediately affected,
unless the devices are subject to device access rules or individual allow or block list entries.

Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the ActiveSync organization settings object that you want to modify. The default
name of this object is Mobile Mailbox Settings.
Type: ActiveSyncOrganizationSettingsIdParameter
Required: False
Position: 1
Default value: None
-OtaNotificationMailInsert
The OtaNotificationMailInsert parameter specifies the text to include in an email message that's sent to users who
need to update their older devices to use the new Exchange ActiveSync features in Microsoft Exchange.
The maximum length is 256 characters. If the value contains spaces, enclose the value in quotation marks (").
Type: String
Required: False
Position: Named
Default value: None
-UserMailInsert
The UserMailInsert parameter specifies an informational footer that's added to the email message sent to users
when their mobile device isn't synchronized because the device is quarantined.
The maximum length is 256 characters. If the value contains spaces, enclose the value in quotation marks (").
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-DeviceConditionalAccessPolicy
In ths Article
Security & Compliance Center PowerShell (https://technet.microsoft.com/library/mt587091.aspx). Use the Set-
DeviceConditionalAccessPolicy cmdlet to modify mobile device conditional access policies in the Security &
Syntax
Set-DeviceConditionalAccessPolicy [-Identity] <PolicyIdParameter> [-RetryDistribution]
[-Confirm]
Set-DeviceConditionalAccessPolicy [-Identity] <PolicyIdParameter> [-Comment <String>] [-Enabled <$true |

$false>] [-Force]
[-Confirm]
Description
Examples
-------------------------- Example 1 --------------------------
Set-DeviceConditionalAccessPolicy -Identity Executives -Enabled $false
This example disables the existing mobile device conditional access policy named Executives.
Parameters
-Comment
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Enabled

Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mobile device conditional access policy that you want to modify. You can use
Name
GUID
Required: True
Position: 1
Default value: None
-RetryDistribution
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Set-DeviceConditionalAccessRule
In ths Article
DeviceConditionalAccessRule cmdlet to modify mobile device conditional access rules in the Security &
Syntax
Set-DeviceConditionalAccessRule [-Identity] <ComplianceRuleIdParameter> -TargetGroups <MultiValuedProperty>
[-AllowJailbroken <$true | $false>] [-AllowPassbookWhileLocked <$true | $false>]
[-AllowScreenshot <$true | $false>] [-AllowSimplePassword <$true | $false>]
[-AllowVideoConferencing <$true | $false>] [-AllowVoiceAssistant <$true | $false>]
[-AllowVoiceDialing <$true | $false>] [-AntiVirusSignatureStatus <Int64>] [-AntiVirusStatus <Int64>]
GBRating18>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-DeviceConditionalAccessRule -Identity "Secure Email{914f151c-394b-4da9-9422-f5a2f65dec30}" -AllowJailbroken

$false -TargetGroups 95386852-1c11-4302-8733-b9e1058333e3
This example modifies the specified mobile device conditional access rule to block jailbroken devices.
Parameters
-AccountName
A text value.
Type: String
Required: False
Position: Named
Default value: None
-AccountUserName
A text value.
Type: String
Required: False
Position: Named
Default value: None
-AllowAppStore
parameter are:
Windows Phone 8.1
Apple iOS 6+

Required: False
Position: Named
Default value: None

Required: False
Position: Named
Default value: None
this parameter are:

Required: False
Position: Named
Default value: None
Windows Phone 8.1
Windows 8.1 RT
Apple iOS 6+

Required: False
Position: Named
Default value: None
-AllowiCloudBackup
this parameter are:
Apple iOS 6+
Android 4+
Required: False
Position: Named
Default value: None
-AllowiCloudDocSync
Apple iOS 6+
Android 4+

Required: False
Position: Named
Default value: None
Apple iOS 6+
Android 4+

Required: False
Position: Named
Default value: None
-AllowJailbroken
The AllowJailbroken parameter specifies whether to allow access to your organization by jailbroken or rooted
devices.
$true: Jailbroken devices are allowed.
$false: Jailbroken devices aren't allowed.
Apple iOS 6+
Android 4+

Required: False
Position: Named
Default value: None

Required: False
Position: Named
Default value: None
-AllowScreenshot
are:
Windows Phone 8.1
Apple iOS 6+
Required: False
Position: Named
Default value: None
Windows Phone 8.1
Windows 8.1 RT
Apple iOS 6+

Required: False
Position: Named
Default value: None
this parameter are:

Required: False
Position: Named
Default value: None
this parameter are:

Required: False
Position: Named
Default value: None
-AllowVoiceDialing
parameter are:

Required: False
Position: Named
Default value: None
An integer.
Type: Int64
Required: False
Position: Named
Default value: None
-AntiVirusStatus
The AntiVirusStatus parameter specifies antivirus status. Valid values for this parameter are:
An integer.
Type: Int64
Required: False
Position: Named
Default value: None
-AppsRating
AllowAll
DontAllow
Rating9plus
Rating12plus
Rating17plus

Required: False
Position: Named
Default value: None
-AutoUpdateStatus
DeviceDefault
NeverCheckUpdates

DeviceDefault
Required: False
Position: Named
Default value: None
-BluetoothEnabled
parameter are:

Required: False
Position: Named
Default value: None
-CameraEnabled
parameter are:
Windows Phone 8.1
Apple iOS 6+
Android 4+

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-EmailAddress
Type: String
Required: False
Position: Named
Default value: None

Required: False
Position: Named
Default value: None
are:
A text value.
Type: String
Required: False
Position: Named
Default value: None
-FirewallStatus
parameter are:
Required
Type: Required
Required: False
Position: Named
Default value: None

Required: False
Position: Named
Default value: None
this parameter are:
Apple iOS 6+
Android 4+

Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mobile device conditional access rule that you want to modify. The name of the
Email{914f151c-394b-4da9-9422-f5a2f65dec30}. You can find the name value by running the command: Get-
DeviceConfigurationRule | Format-List Name.
Required: True
Position: 1
Default value: None
An integer.
Windows Phone 8.1
Windows 8.1 RT
Apple iOS 6+
Android 4+
Type: Int32
Required: False
Position: Named
Default value: None
on devices.
seconds.
Type: TimeSpan
Required: False
Position: Named
Default value: None
-MoviesRating
Australia
AURatingG
AURatingPG
AURatingM
AURatingMA15plus
AURatingR18plus
Canada
CARatingG
CARatingPG
CARating14A
CARating18A
CARatingR
Germany
DERatingab0Jahren
DERatingab6Jahren
DERatingab12Jahren
DERatingab16Jahren
DERatingab18Jahren
France
FRRating10minus
FRRating12minus
FRRating16minus
FRRating18minus
United Kingdom
GBRatingU
GBRatingUc
GBRatingPG
GBRating12
GBRating12A
GBRating15
GBRating18
Ireland
IERatingG
IERatingPG
IERating12
IERating15
IERating16
IERating18
Japan
JPRatingG
JPRatingPG12
JPRatingRdash15
JPRatingRdash18
New Zealand
NZRatingG
NZRatingPG
NZRatingM
NZRatingR13
NZRatingR15
NZRatingR16
NZRatingR18
NZRatingR
United States
USRatingG
USRatingPG
USRatingPG13
USRatingR
USRatingNC17

GBRating18
Required: False
Position: Named
Default value: None
-PasswordComplexity
An integer.
Type: Int64
Required: False
Position: Named
Default value: None
An integer.
Windows Phone 8.1
Windows 8.1 RT
Apple iOS 6+
Android 4+
Type: Int32
Required: False
Position: Named
Default value: None
An integer.
Windows Phone 8.1
Windows 8.1 RT
Apple iOS 6+
Android 4+
Type: Int32
Required: False
Position: Named
Default value: None
An integer.
Type: Int32
Required: False
Position: Named
Default value: None
An integer.
Windows Phone 8.1
Windows 8.1 RT
Apple iOS 6+
Android 4+
Type: Int32
Required: False
Position: Named
Default value: None
-PasswordQuality
An integer.
Type: Int32
Required: False
Position: Named
Default value: None
-PasswordRequired
parameter are:
Windows Phone 8.1
Apple iOS 6+
Android 4+
Required: False
Position: Named
Default value: None
-PasswordTimeout
Windows Phone 8.1
Windows 8.1 RT
Apple iOS 6+
Android 4+
seconds.
Type: TimeSpan
Required: False
Position: Named
Default value: None
parameter are:
Android 4+

Required: False
Position: Named
Default value: None
-RegionRatings
au: Australia
ca: Canada
de: Germany
fr: France
gb: United Kingdom
ie: Ireland
jp: Japan
nz: New Zealand
us: United States
Required: False
Position: Named
Default value: None
parameter are:

Required: False
Position: Named
Default value: None
-SmartScreenEnabled

Required: False
Position: Named
Default value: None
-SystemSecurityTLS
parameter are:

Required: False
Position: Named
Default value: None
-TargetGroups
Required: True
Position: Named
Default value: None
-TVShowsRating
Australia
AURatingP
AURatingC
AURatingG
AURatingPG
AURatingM
AURatingMA15plus
AURatingAv15plus
Canada
CARatingC
CARatingC8
CARatingG
CARatingPG
CARating14plus
CARating18plus
Germany
DERatingab0Jahren
DERatingab6Jahren
DERatingab12Jahren
DERatingab16Jahren
DERatingab18Jahren
France
FRRating10minus
FRRating12minus
FRRating16minus
FRRating18minus
United Kingdom
GBRatingCaution
Ireland
IERatingGA
IERatingCh
IERatingYA
IERatingPS
IERatingMA
Japan
New Zealand
NZRatingG
NZRatingPGR
NZRatingAO
United States
USRatingTVY
USRatingTVY7
USRatingTVG
USRatingTVPG
USRatingTV14
USRatingTVMA

Required: False
Position: Named
Default value: None
AlwaysNotify
NeverNotify
NotifyAppChanges
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-WLANEnabled

Required: False
Position: Named
Default value: None
-WorkFoldersSyncUrl
Type: String
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Set-DeviceConfigurationPolicy
In ths Article
DeviceConfigurationPolicy cmdlet to modify mobile device configuration policies in the Security & Compliance
Syntax
Set-DeviceConfigurationPolicy [-Identity] <PolicyIdParameter> [-RetryDistribution]
[-Confirm]
Set-DeviceConfigurationPolicy [-Identity] <PolicyIdParameter> [-Comment <String>] [-Enabled <$true | $false>]

[-Force]
[-Confirm]
Description
Examples
-------------------------- Example 1 --------------------------
Set-DeviceConfigurationPolicy -Identity "Engineering Group" -Enabled $false
This example disables the mobile device configuration policy named Engineering Group.
Parameters
-Comment
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Enabled

Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mobile device configuration policy that you want to modify. You can use any
Name
GUID
Required: True
Position: 1
Default value: None
-RetryDistribution
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Set-DeviceConfigurationRule
In ths Article
DeviceConfigurationRule cmdlet to modify mobile device configuration rules in the Security & Compliance Center.
Syntax
Set-DeviceConfigurationRule [-Identity] <ComplianceRuleIdParameter> -TargetGroups <MultiValuedProperty>
[-AllowPassbookWhileLocked <$true | $false>] [-AllowScreenshot <$true | $false>]
[-AllowSimplePassword <$true | $false>] [-AllowVideoConferencing <$true | $false>]
[-AllowVoiceAssistant <$true | $false>] [-AllowVoiceDialing <$true | $false>]
[-AntiVirusSignatureStatus <Int64>] [-AntiVirusStatus <Int64>]
GBRating18>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-DeviceConfigurationRule -Identity "Engineering Group{914f151c-394b-4da9-9422-f5a2f65dec30}" -

AllowScreenshot $false
This example modifies the specified mobile device configuration rule to block screenshots.
Parameters
-AccountName
A text value.
Type: String
Required: False
Position: Named
Default value: None
-AccountUserName
A text value.
Type: String
Required: False
Position: Named
Default value: None
-AllowAppStore
parameter are:
Windows Phone 8.1
Apple iOS 6+

Required: False
Position: Named
Default value: None

Required: False
Position: Named
Default value: None
this parameter are:

Required: False
Position: Named
Default value: None
Windows Phone 8.1
Windows 8.1 RT
Apple iOS 6+

Required: False
Position: Named
Default value: None
-AllowiCloudBackup
this parameter are:
Apple iOS 6+
Android 4+
Required: False
Position: Named
Default value: None
-AllowiCloudDocSync
Apple iOS 6+
Android 4+

Required: False
Position: Named
Default value: None
Apple iOS 6+
Android 4+

Required: False
Position: Named
Default value: None

Required: False
Position: Named
Default value: None
-AllowScreenshot
are:
Windows Phone 8.1
Apple iOS 6+

Required: False
Position: Named
Default value: None
Windows Phone 8.1
Windows 8.1 RT
Apple iOS 6+
Required: False
Position: Named
Default value: None
this parameter are:

Required: False
Position: Named
Default value: None
this parameter are:

Required: False
Position: Named
Default value: None
-AllowVoiceDialing
parameter are:
Required: False
Position: Named
Default value: None
An integer.
Type: Int64
Required: False
Position: Named
Default value: None
-AntiVirusStatus
An integer.
Type: Int64
Required: False
Position: Named
Default value: None
-AppsRating
AllowAll
DontAllow
Rating9plus
Rating12plus
Rating17plus
Required: False
Position: Named
Default value: None
-AutoUpdateStatus
DeviceDefault
NeverCheckUpdates

DeviceDefault
Required: False
Position: Named
Default value: None
-BluetoothEnabled
parameter are:

Required: False
Position: Named
Default value: None
-CameraEnabled
parameter are:
Windows Phone 8.1
Apple iOS 6+
Android 4+

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-EmailAddress
Type: String
Required: False
Position: Named
Default value: None

Required: False
Position: Named
Default value: None
are:
A text value.
Type: String
Required: False
Position: Named
Default value: None
-FirewallStatus
parameter are:
Required
Type: Required
Required: False
Position: Named
Default value: None

Required: False
Position: Named
Default value: None
this parameter are:
Apple iOS 6+
Android 4+

Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mobile device configuration rule that you want to modify. The name of the rule
uses the syntax <Mobile device configuration policy name>{<GUID value>}. For example, Engineering
Group{914f151c-394b-4da9-9422-f5a2f65dec30}..
Required: True
Position: 1
Default value: None
An integer.
Windows Phone 8.1
Windows 8.1 RT
Apple iOS 6+
Android 4+
Type: Int32
Required: False
Position: Named
Default value: None
on devices.
seconds.
Type: TimeSpan
Required: False
Position: Named
Default value: None
-MoviesRating
Australia
AURatingG
AURatingPG
AURatingM
AURatingMA15plus
AURatingR18plus
Canada
CARatingG
CARatingPG
CARating14A
CARating18A
CARatingR
Germany
DERatingab0Jahren
DERatingab6Jahren
DERatingab12Jahren
DERatingab16Jahren
DERatingab18Jahren
France
FRRating10minus
FRRating12minus
FRRating16minus
FRRating18minus
United Kingdom
GBRatingU
GBRatingUc
GBRatingPG
GBRating12
GBRating12A
GBRating15
GBRating18
Ireland
IERatingG
IERatingPG
IERating12
IERating15
IERating16
IERating18
Japan
JPRatingG
JPRatingPG12
JPRatingRdash15
JPRatingRdash18
New Zealand
NZRatingG
NZRatingPG
NZRatingM
NZRatingR13
NZRatingR15
NZRatingR16
NZRatingR18
NZRatingR
United States
USRatingG
USRatingPG
USRatingPG13
USRatingR
USRatingNC17
GBRating18
Required: False
Position: Named
Default value: None
-PasswordComplexity
An integer.
Type: Int64
Required: False
Position: Named
Default value: None
An integer.
Windows Phone 8.1
Windows 8.1 RT
Apple iOS 6+
Android 4+
Type: Int32
Required: False
Position: Named
Default value: None
An integer.
Windows Phone 8.1
Windows 8.1 RT
Apple iOS 6+
Android 4+
Type: Int32
Required: False
Position: Named
Default value: None
An integer.
Type: Int32
Required: False
Position: Named
Default value: None
An integer.
Windows Phone 8.1
Windows 8.1 RT
Apple iOS 6+
Android 4+
Type: Int32
Required: False
Position: Named
Default value: None
-PasswordQuality
An integer.
Type: Int32
Required: False
Position: Named
Default value: None
-PasswordRequired
parameter are:
Windows Phone 8.1
Apple iOS 6+
Android 4+

Required: False
Position: Named
Default value: None
-PasswordTimeout
Windows Phone 8.1
Windows 8.1 RT
Apple iOS 6+
Android 4+
seconds.
Type: TimeSpan
Required: False
Position: Named
Default value: None
parameter are:
Android 4+

Required: False
Position: Named
Default value: None
-RegionRatings
au: Australia
ca: Canada
de: Germany
fr: France
gb: United Kingdom
ie: Ireland
jp: Japan
nz: New Zealand
us: United States
Required: False
Position: Named
Default value: None
parameter are:

Required: False
Position: Named
Default value: None
-SmartScreenEnabled

Required: False
Position: Named
Default value: None
-SystemSecurityTLS
parameter are:

Required: False
Position: Named
Default value: None
-TargetGroups
Required: True
Position: Named
Default value: None
-TVShowsRating
Australia
AURatingP
AURatingC
AURatingG
AURatingPG
AURatingM
AURatingMA15plus
AURatingAv15plus
Canada
CARatingC
CARatingC8
CARatingG
CARatingPG
CARating14plus
CARating18plus
Germany
DERatingab0Jahren
DERatingab6Jahren
DERatingab12Jahren
DERatingab16Jahren
DERatingab18Jahren
France
FRRating10minus
FRRating12minus
FRRating16minus
FRRating18minus
United Kingdom
GBRatingCaution
Ireland
IERatingGA
IERatingCh
IERatingYA
IERatingPS
IERatingMA
Japan
New Zealand
NZRatingG
NZRatingPGR
NZRatingAO
United States
USRatingTVY
USRatingTVY7
USRatingTVG
USRatingTVPG
USRatingTV14
USRatingTVMA

Required: False
Position: Named
Default value: None
AlwaysNotify
NeverNotify
NotifyAppChanges

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-WLANEnabled

Required: False
Position: Named
Default value: None
-WorkFoldersSyncUrl
Type: String
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Set-DeviceTenantPolicy
In ths Article
DeviceTenantPolicy cmdlet to modify your organization's mobile device tenant policy in the Security & Compliance
Syntax
Set-DeviceTenantPolicy [-Identity <PolicyIdParameter>] [-RetryDistribution]
[-Confirm]
Set-DeviceTenantPolicy [-Identity <PolicyIdParameter>] [-Comment <String>] [-Enabled <$true | $false>] [-Force]

[-Confirm]
Description
Examples
-------------------------- Example 1 --------------------------
Set-DeviceTenantPolicy -Enabled $false
This example disables your organization's mobile device tenant policy.
Parameters
-Comment
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Enabled

Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name of the mobile device tenant policy that you want to modify, but there's
only one in your organization. The name of the policy is a GUID value. For example, a6958701-c82c-4064-ac11-
64e40e7f4032. You can find this value by running the command: Get-DeviceTenantPolicy | Format-List Name.
Required: False
Position: Named
Default value: None
-RetryDistribution
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Set-DeviceTenantRule
In ths Article
DeviceTenantRule cmdlet to modify your organization's mobile device tenant rule in the Security & Compliance
Syntax
Set-DeviceTenantRule [-Identity] <ComplianceRuleIdParameter>
[-ApplyPolicyTo <None | ExchangeOnline | SharepointOnline | ExchangeAndSharepoint>]
[-BlockUnsupportedDevices <$true | $false>] [-Confirm] [-DomainController <Fqdn>]
[-ExclusionList <MultiValuedProperty>] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-DeviceTenantRule -ExclusionList "Research and Development"
This example modifies your organization's mobile device tenant rule by replacing the current exclusion list with the
security group named Research and Development. Members of this group are allowed access even if they use non-
compliant devices.
Parameters
-ApplyPolicyTo
The ApplyPolicyTo parameter specifies where to apply the policy in your organization. Valid values for this
parameter are:
ExchangeOnline
SharePointOnline
ExchangeAndSharePoint
Type: None | ExchangeOnline | SharepointOnline | ExchangeAndSharepoint

Required: False
Position: Named
Default value: None
-BlockUnsupportedDevices
The BlockUnsupportedDevices parameter specifies whether to block access to your organization by unsupported
devices. Valid values for this parameter are:
$true: Unsupported devices are blocked.
$false: Unsupported devices are allowed.

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-ExclusionList
The ExclusionList parameter specifies the security groups to exclude from this policy. Members of the specified
security groups who have non-compliant devices are not affected by block access actions.
This parameter uses the GUID value of the group. To find this GUID value, run the command Get-Group | Format-
Table Name,GUID.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name of the mobile device tenant rule that you want to modify, but there's only
one in your organization. The name of the rule is a GUID. For example, 7577c5f3-05a4-4f55-a0a3-82aab5e98c84.
You can find the name value by running the command Get-DeviceTenantRule | Format-List Name.
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Set-MobileDeviceMailboxPolicy
In ths Article
may be exclusive to one environment or the other. Use the Set-MobileDeviceMailboxPolicy cmdlet to modify
mobile device mailbox policies. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Set-MobileDeviceMailboxPolicy [-Identity] <MailboxPolicyIdParameter>
[-AllowApplePushNotifications <$true | $false>] [-AllowBluetooth <Disable | HandsfreeOnly | Allow>]
[-AllowBrowser <$true | $false>] [-AllowCamera <$true | $false>] [-AllowConsumerEmail <$true | $false>]
[-AllowDesktopSync <$true | $false>] [-AllowExternalDeviceManagement <$true | $false>]
[-AllowGooglePushNotifications <$true | $false>] [-AllowHTMLEmail <$true | $false>]
[-AllowInternetSharing <$true | $false>] [-AllowIrDA <$true | $false>]
[-AllowMicrosoftPushNotifications <$true | $false>] [-AllowMobileOTAUpdate <$true | $false>]
[-AllowNonProvisionableDevices <$true | $false>] [-AllowPOPIMAPEmail <$true | $false>]
[-AllowRemoteDesktop <$true | $false>] [-AllowSimplePassword <$true | $false>]
[-AlphanumericPasswordRequired <$true | $false>] [-ApprovedApplicationList <ApprovedApplicationCollection>]
[-AttachmentsEnabled <$true | $false>] [-Confirm] [-DeviceEncryptionEnabled <$true | $false>]
[-IsDefault <$true | $false>] [-MaxAttachmentSize <Unlimited>]
[-MaxInactivityTimeLock <Unlimited>] [-MaxPasswordFailedAttempts <Unlimited>]
[-MinPasswordComplexCharacters <Int32>] [-MinPasswordLength <Int32>] [-Name <String>]
[-PasswordEnabled <$true | $false>] [-PasswordExpiration <Unlimited>] [-PasswordHistory <Int32>]
[-PasswordRecoveryEnabled <$true | $false>] [-RequireDeviceEncryption <$true | $false>]
[-WSSAccessEnabled <$true | $false>] [<CommonParameters>]
Description
Mobile device mailbox policies define settings for mobile devices that are used to access mailboxes in your
organization. The default mobile device mailbox policy is applied to all new mailboxes that you create. You can
assign a mobile device mailbox policy to existing mailboxes by using the Set-CASMailbox cmdlet, or by editing the
mailbox properties in the Exchange admin center (EAC ).
Some mobile device mailbox policy settings require the mobile device to have specific built-in features that enforce
these security and device management settings. If your organization allows all devices, you must set the
AllowNonProvisionableDevices parameter to $true. This applies to devices that can't enforce all policy settings.
Examples
-------------------------- Example 1 --------------------------
Set-MobileDeviceMailboxPolicy -Identity "Sales Policy" -PasswordEnabled $true -AlphanumericPasswordRequired

$true -PasswordRecoveryEnabled $true -AttachmentsEnabled $true -MaxInactivityTimeLock 15:00 -IsDefault $false
This example sets several policy settings for the mobile device mailbox policy Sales Policy.
-------------------------- Example 2 --------------------------
Set-MobileDeviceMailboxPolicy -Identity Management -PasswordEnabled $true -AlphanumericPasswordRequired $true -

PasswordRecoveryEnabled $true -AllowCamera $true -AllowWiFi $false -AllowStorageCard $true -AllowPOPIMAPEmail
$false
This example sets several policy settings for the mobile device mailbox policy Management.
-------------------------- Example 3 --------------------------
Set-MobileDeviceMailboxPolicy -Identity Default -PasswordEnabled $true -AlphanumericPasswordRequired $true -

PasswordRecoveryEnabled $true -AllowWiFi $false -AllowStorageCard $true -AllowPOPIMAPEmail $false -IsDefault
$true -AllowTextMessaging $true -Confirm $true
This example sets several policy settings for the mobile device mailbox policy Default and requires confirmation
before applying the settings.
Parameters
devices. Valid input for this parameter is $true or $false. The default value is $true.

Required: False
Position: Named
Default value: None
-AllowBluetooth
The AllowBluetooth parameter specifies whether the Bluetooth capabilities are allowed on the mobile device. The
Required: False
Position: Named
Default value: None
-AllowBrowser
The AllowBrowser parameter specifies whether Microsoft Pocket Internet Explorer is allowed on the mobile device.
Valid input for this parameter is $true or $false. The default value is $true. This parameter doesn't affect third-party
browsers.

Required: False
Position: Named
Default value: None
-AllowCamera
The AllowCamera parameter specifies whether the mobile device's camera is allowed. Valid input for this parameter

Required: False
Position: Named
Default value: None
-AllowConsumerEmail
The AllowConsumerEmail parameter specifies whether the user can configure a personal email account on the
mobile device. Valid input for this parameter is $true or $false. The default value is $true. This parameter doesn't
control access to email accounts using third-party mobile device email programs.

Required: False
Position: Named
Default value: None
-AllowDesktopSync
The AllowDesktopSync parameter specifies whether the mobile device can synchronize with a desktop computer
through a cable. Valid input for this parameter is $true or $false. The default value is $true.

Required: False
Position: Named
Default value: None
allowed to manage the mobile device. Valid input for this parameter is $true or $false. The default value is $false.

Required: False
Position: Named
Default value: None
-AllowGooglePushNotifications
The AllowGooglePushNotifications parameter controls whether the user can receive push notifications from
Google for Outlook on the web for devices. Valid input for this parameter is $true or $false. The default value is
$true.

Required: False
Position: Named
Default value: None
-AllowHTMLEmail
The AllowHTMLEmail parameter specifies whether HTML -formatted email is enabled on the mobile device. Valid
input for this parameter is $true or $false. The default value is $true. If set to $false, all email is converted to plain
text before synchronization occurs.

Required: False
Position: Named
Default value: None
The AllowInternetSharing parameter specifies whether the mobile device can be used as a modem to connect a
computer to the Internet. This process is also known as tethering. Valid input for this parameter is $true or $false.

Required: False
Position: Named
Default value: None
-AllowIrDA
The AllowIrDA parameter specifies whether infrared connections are allowed to the mobile device. Valid input for
Required: False
Position: Named
Default value: None
-AllowMicrosoftPushNotifications
The AllowMicrosoftPushNotifications parameter specifies whether push notifications are enabled on the mobile

Required: False
Position: Named
Default value: None
The AllowMobileOTAUpdate parameter specifies whether the policy can be sent to the mobile device over a cellular
data connection. Valid input for this parameter is $true or $false. The default value is $true.

Required: False
Position: Named
Default value: None
The AllowNonProvisionableDevices parameter specifies whether all mobile devices can synchronize with Exchange.
When set to $true, this parameter enables all mobile devices to synchronize with Exchange, regardless of whether
the device can enforce all settings that are defined by the policy. This also includes mobile devices managed by a
separate device management system. When set to $false, this parameter blocks mobile devices that aren't
provisioned from synchronizing with Exchange.

Required: False
Position: Named
Default value: None
-AllowPOPIMAPEmail
the mobile device. Valid input for this parameter is $true or $false. The default value is $true. This parameter
doesn't control access by third-party email programs.
Required: False
Position: Named
Default value: None
-AllowRemoteDesktop
The AllowRemoteDesktop parameter specifies whether the mobile device can initiate a remote desktop connection.

Required: False
Position: Named
Default value: None
The AllowSimplePassword parameter specifies whether a simple password is allowed on the mobile device. A
simple password is a password that has a specific pattern, such as 1111 or 1234. Valid input for this parameter is
$true or $false. The default value is $true.

Required: False
Position: Named
Default value: None
mobile device can negotiate the encryption algorithm if a recipient's certificate doesn't support the specified
encryption algorithm. Valid values for this parameter are:
AllowAnyAlgorithmNegotiation
BlockNegotiation
OnlyStrongAlgorithmNegotiation
The default value is AllowAnyAlgorithmNegotiation.

Required: False
Position: Named
Default value: None
The AllowSMIMESoftCerts parameter specifies whether S/MIME software certificates are allowed on the mobile
Required: False
Position: Named
Default value: None
-AllowStorageCard
The AllowStorageCard parameter specifies whether the mobile device can access information stored on a storage
card. Valid input for this parameter is $true or $false. The default value is $true.

Required: False
Position: Named
Default value: None
-AllowTextMessaging
The AllowTextMessaging parameter specifies whether text messaging is allowed from the mobile device. Valid input
for this parameter is $true or $false. The default value is $true.

Required: False
Position: Named
Default value: None

Required: False
Position: Named
Default value: None
The AllowUnsignedInstallationPackages parameter specifies whether unsigned installation packages can be
executed on the mobile device. Valid input for this parameter is $true or $false. The default value is $true.

Required: False
Position: Named
Default value: None
-AllowWiFi
The AllowWiFi parameter specifies whether wireless Internet access is allowed on the mobile device. Valid input for

Required: False
Position: Named
Default value: None
-AlphanumericPasswordRequired
The AlphanumericPasswordRequired parameter specifies whether the password for the mobile device must be
alphanumeric. Valid input for this parameter is $true or $false. The default value is $false.

Required: False
Position: Named
Default value: None
The ApprovedApplicationList parameter specifies a configured list of approved applications for the device.
Required: False
Position: Named
Default value: None
-AttachmentsEnabled
The AttachmentsEnabled parameter specifies whether attachments can be downloaded on the mobile device. Valid
input for this parameter is $true or $false. The default value is $true.
When set to $false, this parameter blocks the user from downloading attachments on the mobile device.

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
The DeviceEncryptionEnabled parameter specifies whether encryption is enabled on the mobile device. Valid input
When this parameter is set to $true, device encryption is enabled on the mobile device.

Required: False
Position: Named
Default value: None
The DevicePolicyRefreshInterval parameter specifies how often the policy is sent to the mobile device.
seconds.
The default value is Unlimited.
Type: Unlimited
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mobile device mailbox policy. You can use any value that uniquely identifies the
policy. For example:
Name
GUID
The name of the built-in mobile device mailbox policy is Default.
Required: True
Position: 1
Default value: None
-IrmEnabled
The IrmEnabled parameter specifies whether Information Rights Management (IRM ) is enabled for the mobile

Required: False
Position: Named
Default value: None
-IsDefault
The IsDefault parameter specifies whether this policy is the default mobile device mailbox policy. Valid input for this
parameter is $true or $false. The default value for the built-in mobile device mailbox policy named Default is $true.
The default value for new mobile device mailbox policies that you create is $false.
There can be only one default policy. If another policy is currently set as the default, and you set this parameter to
$true, this policy becomes the default policy. The value of this parameter on the other policy is automatically
changed to $false, and that policy is no longer the default policy.

Required: False
Position: Named
Default value: None
-MaxAttachmentSize
mobile device. Valid input for this parameter is a size value between 0 and 2147482624 bytes (approximately 2
GB ), or the value Unlimited. The default value is Unlimited.
(gigabytes). For example, to set the limit to 4 kilobytes, enter the value 4096 or 4KB.
The maximum value is 1024 bytes (one kilobyte) less than two gigabytes (2*1024^3), so these are the maximum
qualified values you can use with this parameter.
2097151KB
2047.999024MB
1.999999047GB
Type: Unlimited
Required: False
Position: Named
Default value: None
the mobile device. Valid values for this parameter are:
All
TwoWeeks
OneMonth
ThreeMonths
SixMonths

Required: False
Position: Named
Default value: None
-MaxEmailAgeFilter
mobile device. Valid values for this parameter are:
All
OneDay
ThreeDays
OneWeek
TwoWeeks
OneMonth
Required: False
Position: Named
Default value: None
when synchronized to the mobile device. Valid input for this parameter is an integer between 0 and 2147483647
(Int32) or the value Unlimited. The default value is Unlimited.
Type: Unlimited
Required: False
Position: Named
Default value: None
messages are truncated when synchronized to the mobile device. Valid input for this parameter is an integer
between 0 and 2147483647 (Int32) or the value Unlimited. The default value is Unlimited.
Type: Unlimited
Required: False
Position: Named
Default value: None
-MaxInactivityTimeLock
The MaxInactivityTimeLock parameter specifies the length of time that the mobile device can be inactive before the
password is required to reactivate it. Valid values are:
A timespan: hh:mm:ss, where hh = hours, mm = minutes and ss= seconds. The valid input range is 00:01:00 to
01:00:00 (one minute to one hour).
The value Unlimited. This is the default value.
Type: Unlimited
Required: False
Position: Named
Default value: None
-MaxPasswordFailedAttempts
The MaxPasswordFailedAttempts parameter specifies the number of attempts a user can make to enter the correct
password for the mobile device.
You can enter any number from 4 through 16 or the value Unlimited. The default value is Unlimited.
Type: Unlimited
Required: False
Position: Named
Default value: None
-MinPasswordComplexCharacters
The MinPasswordComplexCharacters parameter specifies the character sets that are required in the password of
the mobile device. The character sets are:
Lower case letters.
Upper case letters.
Digits 0 through 9.
Special characters (for example, exclamation marks).
A valid value for this parameter is an integer from 1 through 4. The default value is 1.
For Windows Phone 8 devices, the value specifies the number of character sets that are required in the password.
For example, the value 3 requires at least one character from any three of the character sets.
For Windows Phone 10 devices, the value specifies the following password complexity requirements:
Digits only.
Digits and lower case letters.
Digits, lower case letters, and upper case letters.
Digits, lower case letters, upper case letters and special characters.
Type: Int32
Required: False
Position: Named
Default value: None
-MinPasswordLength
The MinPasswordLength parameter specifies the minimum number of characters in the mobile device password.
You can enter any number from 1 through 16 or the value $null. The default value is blank. The maximum
password length is 16 characters.
Type: Int32
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the friendly name of the mobile device mailbox policy.
Type: String
Required: False
Position: Named
Default value: None
-PasswordEnabled
The PasswordEnabled parameter specifies whether a password is required on the mobile device. Valid input for this
When set to $true, this parameter requires the user to set a password on the mobile device.

Required: False
Position: Named
Default value: None
-PasswordExpiration
The PasswordExpiration parameter specifies how long a password can be used on a mobile device before the user
is forced to change the password. Valid values are:
A timespan: ddd.hh:mm:ss, where ddd = days, hh = hours, mm = minutes and ss= seconds. The valid input
range is 1.00:00:00 to 730.00:00:00 (one day to two years).
The value Unlimited. This is the default value
Type: Unlimited
Required: False
Position: Named
Default value: None
-PasswordHistory
The PasswordHistory parameter specifies the number of unique new passwords that need to be created on the
mobile device before an old password can be reused.
You can enter any number from 0 through 50. The default value is 0.
Type: Int32
Required: False
Position: Named
Default value: None
The PasswordRecoveryEnabled parameter specifies whether the recovery password for the mobile device is stored
in Exchange. Valid input for this parameter is $true or $false. The default value is $false.
When set to $true, this parameter enables you to store the recovery password for the mobile device in Exchange.
The recovery password can be viewed in Outlook on the web or the Exchange admin center.

Required: False
Position: Named
Default value: None
The RequireDeviceEncryption parameter specifies whether encryption is required on the mobile device. Valid input

Required: False
Position: Named
Default value: None
The RequireEncryptedSMIMEMessages parameter specifies whether the mobile device must send encrypted
S/MIME messages. Valid input for this parameter is $true or $false. The default value is $false.

Required: False
Position: Named
Default value: None
The RequireEncryptionSMIMEAlgorithm parameter specifies the algorithm that's required to encrypt S/MIME
messages on a mobile device. The valid values for this parameter are:
DES
TripleDES
RC240bit
RC264bit
RC2128bit
The default value is TripleDES.

Required: False
Position: Named
Default value: None
The RequireManualSyncWhenRoaming parameter specifies whether the mobile device must synchronize manually
while roaming. Valid input for this parameter is $true or $false. The default value is $false.

Required: False
Position: Named
Default value: None
The RequireSignedSMIMEAlgorithm parameter specifies the algorithm that's used to sign S/MIME messages on
the mobile device.
Valid values for this parameter are SHA1 or MD5. The default value is SHA1.
Type: SHA1 | MD5

Required: False
Position: Named
Default value: None
The RequireSignedSMIMEMessages parameter specifies whether the mobile device must send signed S/MIME
messages. Valid input for this parameter is $true or $false. The default value is $false.

Required: False
Position: Named
Default value: None
The RequireStorageCardEncryption parameter specifies whether storage card encryption is required on the mobile
device. Valid input for this parameter is $true or $false. The default value is $false.
Setting this parameter to $true also sets the DeviceEncryptionEnabled parameter to $true.
Required: False
Position: Named
Default value: None
The UnapprovedInROMApplicationList parameter specifies a list of applications that can't be run in ROM on the
mobile device.
Required: False
Position: Named
Default value: None
-UNCAccessEnabled
The UNCAccessEnabled parameter specifies whether access to Microsoft Windows file shares is enabled from the
mobile device. In on-premises Exchange organizations, access to specific shares is configured on the Exchange
ActiveSync virtual directory.

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-WSSAccessEnabled
The WSSAccessEnabled parameter specifies whether access to Microsoft Windows SharePoint Services is enabled
from the mobile device. In on-premises Exchange organizations, access to specific shares is configured on the
Exchange ActiveSync virtual directory.

Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Test-ActiveSyncConnectivity
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Test-ActiveSyncConnectivity cmdlet to test
connectivity to Microsoft Exchange ActiveSync virtual directories. Note : This cmdlet works best in Exchange 2010.
In Exchange 2013 or later, the functionality of this cmdlet has been replaced by Managed Availability. For the best
Syntax
Test-ActiveSyncConnectivity [[-ClientAccessServer] <ServerIdParameter>] [[-URL] <String>]
[-AllowUnsecureAccess] [-Confirm] [-DomainController <Fqdn>] [-LightMode] [-MailboxCredential <PSCredential>]
[-MailboxServer <ServerIdParameter>] [-MonitoringContext] [-MonitoringInstance <String>]
[-ResetTestAccountCredentials] [-Timeout <UInt32>] [-TrustAnySSLCertificate]
[-UseAutodiscoverForClientAccessServer] [-WhatIf] [<CommonParameters>]
Description
The Test-ActiveSyncConnectivity cmdlet tests Exchange ActiveSync connectivity by connecting to a specified
Exchange ActiveSync virtual directory, to any Exchange ActiveSync virtual directories on a specified Exchange
server, or to any Exchange ActiveSync virtual directories that are available in the local Active Directory site.
command:
Scenario: The operations that are tested. Values are: Options, FolderSync, First Sync, GetItemEstimate, Sync
Data, Ping, and Sync Test Item.
Result: The values returned are typically Success, Skipped, or Failure.
Test-ActiveSyncConnectivity -ClientAccessServer MBX01 | ConvertTo-Html | Set-Content -Path "C:\My
Documents\EAS Test.html"
Examples
-------------------------- Example 1 --------------------------
Test-ActiveSyncConnectivity -ClientAccessServer MBX01
This example tests Exchange ActiveSync client connectivity for the server named MBX01.
-------------------------- Example 2 --------------------------
Test-ActiveSyncConnectivity -UseAutodiscoverForClientAccessServer $true -URL "https://contoso.com/mail" -

MailboxCredential (Get-Credential pauls@contoso.com)
This example tests the Exchange ActiveSync connectivity for the mailbox PaulS using the Autodiscover URL.
Parameters
The AllowUnsecureAccess switch allows the test to continue over an unsecured channel that doesn't require Secure
Sockets Layer (SSL ). You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-ClientAccessServer
Name
ExchangeLegacyDN
GUID
You can't use this parameter with the Url parameter.
Required: False
Position: 1
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-LightMode
The LightMode switch tells the command to perform only a subset of the tests. You don't need to specify a value
with this switch.
When you use this switch, only the Options test is run.
If you don't use this switch, the First Sync, GetItemEstimate, Sync Data, Ping and Sync Test Item tests are also run.
Required: False
Position: Named
Default value: None
-MailboxCredential
Type: PSCredential
Required: False
Position: Named
Default value: None
-MailboxServer
clients connect.
Name
ExchangeLegacyDN
GUID
Required: False
Position: Named
Default value: None
-MonitoringContext
Required: False
Position: Named
Default value: None
-MonitoringInstance
The MonitoringInstance parameter specifies an identifier for this task when the test is run from Microsoft System
Center Operations Manager (SCOM ). This parameter is important because SCOM may run multiple instances of
the test from the same server at the same time.
Type: String
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
-Timeout
The Timeout parameter specifies the amount of time (in seconds) to wait for a response from the command.
Type: UInt32
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
-URL
The URL parameter specifies the URL that's used to connect to the Exchange ActiveSync virtual directory.
Type: String
Required: False
Position: 1
Default value: None
-UseAutodiscoverForClientAccessServer
The UseAutodiscoverForClientAccessServer switch specifies whether the test should use the Autodiscover service
to locate the Exchange ActiveSync virtual directory. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Disable-AddressListPaging cmdlet to disable Active
Directory virtual list view for address lists. Virtual list view displays address lists in your organization as pages
instead of loading and viewing the entire directory. For information about the parameter sets in the Syntax section
Syntax
Disable-AddressListPaging [-Confirm] [-DomainController <Fqdn>]
Description
Examples
-------------------------- Example 1 --------------------------
This example disables virtual list view for address lists in your organization.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Enable-AddressListPaging cmdlet to enable Active
Directory virtual list view for address lists. Virtual list view allows you to display the address lists in your
organization as pages instead of loading and viewing the entire directory. For information about the parameter sets
Syntax
Enable-AddressListPaging [-Confirm] [-DomainController <Fqdn>] [-WhatIf] [<CommonParameters>]
Description
The Enable-AddressListPaging cmdlet creates the Address List container in Active Directory. Recipient cmdlets,
such as Get-Recipient, use the information written to the container to quickly retrieve recipient data.
Examples
-------------------------- Example 1 --------------------------
This example enables virtual list view for your organization.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-AddressBookPolicy
In ths Article
may be exclusive to one environment or the other. Use the Get-AddressBookPolicy cmdlet to return address book
policies that match the specified conditions. In Exchange Online, this cmdlet is available only in the Address Lists
role, and by default, the role isn't assigned to any role groups. To use this cmdlet, you need to add the Address Lists
role to a role group (for example, to the Organization Management role group). For more information, see the "Add
a role to a role group" section in Manage role groups (https://technet.microsoft.com/library/jj657480.aspx). For
Syntax
Get-AddressBookPolicy [[-Identity] <MailboxPolicyIdParameter>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-AddressBookPolicy | Format-List
This example returns detailed information about all address book policies in your organization by pipelining the
Format-List cmdlet.
-------------------------- Example 2 --------------------------
Get-AddressBookPolicy -Identity "All Fabrikam"
This example returns default information about the address book policy All Fabrikam
-------------------------- Example 3 --------------------------
Get-AddressBookPolicy | where {$_.OfflineAddressBook eq "\Fabrikam All OAB"}
This example returns information about all address book policies for which the offline address book (OAB ) that the
address book policy uses is named Fabrikam All OAB.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the identity of the address book policy.
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-AddressList
In ths Article
may be exclusive to one environment or the other. Use the Get-AddressList cmdlet to view address lists. In
Exchange Online, this cmdlet is available only in the Address Lists role, and by default, the role isn't assigned to any
role groups. To use this cmdlet, you need to add the Address Lists role to a role group (for example, to the
Organization Management role group). For more information, see the "Add a role to a role group" section in
Manage role groups (https://technet.microsoft.com/library/jj657480.aspx). For information about the parameter
Syntax
Get-AddressList -Container <AddressListIdParameter>
Get-AddressList [[-Identity] <AddressListIdParameter>]

Get-AddressList [-SearchText <String>]

Description
You can pipe the output from the Get-AddressList cmdlet to the Remove-AddressList, Set-AddressList, Update-
AddressList and Move-AddressList cmdlets instead of using the Identity parameter with each of those cmdlets.
Examples
-------------------------- Example 1 --------------------------
Get-AddressList
This example returns a summary list of all the address lists.

-------------------------- Example 2 --------------------------
Get-AddressList -Identity "All Users\Sales\building4" | Format-List
This example returns detailed information for the address list named building4that's located under the All
Users\Sales\ address list.
Parameters
-Container
The Container parameter filters the results based on the location of the address list. Only address lists under the
specified path are returned. Valid input for this parameter is the root "\" (also known as All Address Lists) or an
existing address list. You can use any value that uniquely identifies the address list. For example:
Name
GUID
Path: (\<Name>) or [<Container>\<Name>)
You can't use this parameter with the Identity or SearchText parameters.
Type: AddressListIdParameter
Required: True
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the address list that you want to view. You can use any value that uniquely
identifies the address list. For example:
Name
GUID
You can't use this parameter with the Container or SearchText parameters.
Required: False
Position: 1
Default value: None
-SearchText
The SearchText parameter filters the results based on the name and display name of the address list. Only address
lists whose names or display names that contain the specified text string are returned. If the value contains spaces,
You can't use this parameter with the Container or Identity parameters.
Type: String
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-DetailsTemplate
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-DetailsTemplate cmdlet to retrieve the
attributes for details templates. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Get-DetailsTemplate [[-Identity] <DetailsTemplateIdParameter>] [-Confirm] [-DomainController <Fqdn>] [-WhatIf]
Description
The Get-DetailsTemplate cmdlet retrieves the attributes for one or more details templates. Wildcard characters can
be used when specifying the type and language of the details templates.
Examples
-------------------------- Example 1 --------------------------
Get-DetailsTemplate -Identity en-us\User
This example retrieves all attributes for the User details template for the English language.
-------------------------- Example 2 --------------------------
Get-DetailsTemplate -Identity *\*
This example retrieves all attributes for all details template types in all languages.
-------------------------- Example 3 --------------------------
Get-DetailsTemplate -Identity *\User
This example retrieves all attributes for all User details template types in all languages.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the GUID of the details template or specifies the details template type and
language separated by a backslash, for example, en-us\User. Details template types are:
User
Group
PublicFolder
SearchDialog
MailboxAgent
Contact
Type: DetailsTemplateIdParameter
Required: False
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
may be exclusive to one environment or the other. Use the Get-EmailAddressPolicy cmdlet to view email address
policies. In Exchange Online, email address policies are only available for Office 365 groups. For information about
Syntax
Get-EmailAddressPolicy [[-Identity] <EmailAddressPolicyIdParameter>]
[-IncludeMailboxSettingOnlyPolicy]
Description
Examples
-------------------------- Example 1 --------------------------
This example returns a summary list of all email address policies in the organization.
-------------------------- Example 2 --------------------------
Get-EmailAddressPolicy -Identity "Contoso Employees"
This example returns detailed information for the email address policy named Contoso Employees.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the email address policy that you want to view. You can use any value that uniquely
Name
GUID
Type: EmailAddressPolicyIdParameter
Required: False
Position: 1
Default value: None
-IncludeMailboxSettingOnlyPolicy
The IncludeMailboxSettingOnlyPolicy parameter retrieves Microsoft Exchange Server 2003 address policies that
contain only mailbox management configuration. Microsoft Exchange Server 2010 supports both policies that
contain only address policy settings and policies that contain address policy settings and mailbox management
configuration. Exchange 2010 doesn't support policies that contain only mailbox management configuration, but
Exchange 2003 policies that contain only mailbox management configuration are, by default, preserved and not
upgraded. The IncludeMailboxSettingOnlyPolicy parameter is required to retrieve these policies.
The attributes of address policies that contain only mailbox management configuration can't be modified in
Exchange 2010. These policies can only be removed.
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
may be exclusive to one environment or the other. Use the Get-GlobalAddressList cmdlet to view a global address
list (GAL ) or a set of GALs. In Exchange Online, this cmdlet is available only in the Address Lists role, and by
default, the role isn't assigned to any role groups. To use this cmdlet, you need to add the Address Lists role to a
role group (for example, to the Organization Management role group). For more information, see the "Add a role to
a role group" section in Manage role groups (https://technet.microsoft.com/library/jj657480.aspx). For information
Syntax
Get-GlobalAddressList [-DefaultOnly]
Get-GlobalAddressList [[-Identity] <GlobalAddressListIdParameter>]

Description
The Get-GlobalAddressList cmdlet is mainly used to populate the GAL property pages in the Exchange admin
center. This command doesn't provide a filtering capability. If filtering is required, you should use a WHERE clause
with the command.
Examples
-------------------------- Example 1 --------------------------
This example returns a summary list of all GALs.

-------------------------- Example 2 --------------------------
Get-GlobalAddressList -Identity GAL_AgencyB | Format-List
This example returns detailed information about the GAL named GAL_AgencyB.
Parameters
-DefaultOnly
The DefaultOnly switch filters the results so only the default GAL is returned. You don't need to use a value with
this switch.
Required: True
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the global address list that you want to view. You can use any value that uniquely
identifies the GAL. For example:
Name
GUID
Type: GlobalAddressListIdParameter
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-OabVirtualDirectory cmdlet to view offline
address book (OAB ) virtual directories(OAB distribution points) that are used in Internet Information Services (IIS )
on Microsoft Exchange servers. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Get-OabVirtualDirectory -Server <ServerIdParameter>
[-ADPropertiesOnly]
[-ShowMailboxVirtualDirectories]
Get-OabVirtualDirectory [[-Identity] <VirtualDirectoryIdParameter>]

[-ADPropertiesOnly]
[-ShowMailboxVirtualDirectories]
Description
Examples
-------------------------- Example 1 --------------------------
This example returns all OAB virtual directory web distribution points.
-------------------------- Example 2 --------------------------
Get-OabVirtualDirectory -Server MBX-01-007
This example returns all OAB virtual directory web distribution points on the server named MBX-01-007.
-------------------------- Example 3 --------------------------
Get-OabVirtualDirectory -Identity "MBX-01-007\OAB*" | Format-List
This example returns detailed information for the OAB virtual directory named "OAB (Default Web Site)" on the
server named MBX-01-007.
Parameters
-ADPropertiesOnly
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the OAB virtual directory that you want to view. You can use any value that
GUID
Required: False
Position: 1
Default value: None
-Server
Name
FQDN
ExchangeLegacyDN
Required: True
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
may be exclusive to one environment or the other. Use the Get-OfflineAddressBook cmdlet to view offline address
books (OABs). In Exchange Online, this cmdlet is available only in the Address Lists role, and by default, the role
isn't assigned to any role groups. To use this cmdlet, you need to add the Address Lists role to a role group (for
example, to the Organization Management role group). For more information, see the "Add a role to a role group"
section in Manage role groups (https://technet.microsoft.com/library/jj657480.aspx). For information about the
Syntax
Get-OfflineAddressBook -Server <ServerIdParameter>
Get-OfflineAddressBook [[-Identity] <OfflineAddressBookIdParameter>]

Description
Examples
-------------------------- Example 1 --------------------------
This example returns a summary list of all existing OABs.

-------------------------- Example 2 --------------------------
Get-OfflineAddressBook -Identity "\Default Offline Address Book" | Format-List
This example returns detailed information about the OAB named Default Offline Address Book.
-------------------------- Example 3 --------------------------
Get-OfflineAddressBook | Format-List Name,AddressLists,GeneratingMailbox,GUID
This example returns specific properties for all existing OABs, including the GeneratingMailbox property that
specifies the arbitration mailbox that's responsible for generating the OAB.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the OAB that you want to view. You can use any value that uniquely identifies the
OAB. For example:
Name or \Name
GUID
You can't use this parameter with the Server parameter.
Type: OfflineAddressBookIdParameter
Required: False
Position: 1
Default value: None
-Server
Note: This parameter isn't relevant in Exchange 2013 or later. The Server property for an OAB is blank, because the
OAB is generated by an arbitration mailbox.
The Server parameter returns all of the OABs that are generated by the specified Exchange 2010 or earlier server.
Name
FQDN
ExchangeLegacyDN
GUID
Required: True
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Move-AddressList
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Move-AddressList cmdlet to move an existing
address list to a new container under the root address list. For information about the parameter sets in the Syntax
Syntax
Move-AddressList [-Identity] <AddressListIdParameter> -Target <AddressListIdParameter> [-Confirm]
Description
Examples
-------------------------- Example 1 --------------------------
Move-AddressList -Identity c3fffd8e-026b-41b9-88c4-8c21697ac8ac -Target "\All Users\Sales\building4"
This example moves the address list with GUID c3fffd8e-026b-41b9-88c4-8c21697ac8ac to a new location under
the parent address list \All Users\Sales\building4.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the address list that you want to move. You can use any value that uniquely
Name
GUID
Required: True
Position: 1
Default value: None
-Target
The Container parameter specifies where to move the address list. Valid input for this parameter is under the root
"\" (also known as All Address Lists) or under an existing address list. You can use any value that uniquely identifies
the address list. For example:
Name
GUID
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Move-OfflineAddressBook
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Move-OfflineAddressBook cmdlet to designate a
new server responsible for generating the offline address book (OAB ) in Exchange Server 2010. This cmdlet isn't
used on OABs in Exchange Server 2016 or Exchange Server 2013. To perform this task in Exchange 2016 or
Exchange 2013, use the Set-OfflineAddressBook cmdlet with the GeneratingMailbox parameter. For information
Syntax
Move-OfflineAddressBook [-Identity] <OfflineAddressBookIdParameter> [-Confirm] [-DomainController <Fqdn>]
[-Server <ServerIdParameter>] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Move-OfflineAddressBook -Identity "My OAB" -Server "Server1"
This example moves OAB generation in Exchange 2010 to the server named Server1.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the GUID, distinguished name (DN ), or OAB name that represents a specific OAB.
You can also include the path by using the format Server\OfflineAddressBookName.
You can omit the parameter label so that only the OAB name or GUID is supplied.
Required: True
Position: 1
Default value: None
-Server
Name
FQDN
Exchange Legacy DN
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-AddressBookPolicy
In ths Article
may be exclusive to one environment or the other. Use the New -AddressBookPolicy cmdlet to create an address
book policy. Address book policies define the global address list (GAL ), offline address book (OAB ), room list, and
address lists that will be displayed to mailbox users who are assigned the policy. In Exchange Online, this cmdlet is
available only in the Address Lists role, and by default, the role isn't assigned to any role groups. To use this cmdlet,
you need to add the Address Lists role to a role group (for example, to the Organization Management role group).
For more information, see the "Add a role to a role group" section in Manage role groups
(https://technet.microsoft.com/library/jj657480.aspx). For information about the parameter sets in the Syntax
Syntax
New-AddressBookPolicy [-Name] <String> -AddressLists <AddressListIdParameter[]>
-GlobalAddressList <GlobalAddressListIdParameter> -OfflineAddressBook <OfflineAddressBookIdParameter>
-RoomList <AddressListIdParameter> [-Confirm] [-DomainController <Fqdn>]
Description
Examples
-------------------------- Example 1 --------------------------
New-AddressBookPolicy -Name "All Fabrikam ABP" -AddressLists "\All Fabrikam","\All Fabrikam Mailboxes","\All
Fabrikam DLs","\All Fabrikam Contacts" -RoomList "\All Fabrikam-Rooms" -OfflineAddressBook "\Fabrikam-All-OAB"
-GlobalAddressList "\All Fabrikam"
This example creates an address book policy with the following settings:
Name: All Fabrikam ABP
Included address lists: All Fabrikam, All Fabrikam Mailboxes, All Fabrikam DLs, All Fabrikam Contacts
Included room list: All Fabrikam-Rooms
Included OAB: Fabrikam-All-OAB
Included GAL: All Fabrikam
Parameters
-AddressLists
The AddressLists parameter specifies the address lists that will be used by mailbox users who are assigned this
address book policy. This parameter accepts multiple values, which should be separated by a comma. For example,
"\Mr. Munson's Class","Mrs. McKay's Class","Mrs. Count's Class".
Type: AddressListIdParameter[]
Required: True
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-GlobalAddressList
The GlobalAddressList parameter specifies the identity of the GAL that will be used by mailbox users who are
assigned this address book policy. You can specify only one GAL for each address book policy.
Required: True
Position: Named
Default value: None
-Name
The Name parameter specifies the name of the address book policy.
Type: String
Required: True
Position: 1
Default value: None
-OfflineAddressBook
The OfflineAddressBook parameter specifies the identity of the OAB that will be used by mailbox users who are
assigned this address book policy. You can specify only one OAB for each address book policy.
Required: True
Position: Named
Default value: None
-RoomList
The RoomList parameter specifies the room address list that will be used by mailbox users who are assigned this
address book policy. You can specify only one room list for each address book policy.
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-AddressList
In ths Article
may be exclusive to one environment or the other. Use the New -AddressList cmdlet to create address lists and
apply them to recipients. In Exchange Online, this cmdlet is available only in the Address Lists role, and by default,
the role isn't assigned to any role groups. To use this cmdlet, you need to add the Address Lists role to a role group
(for example, to the Organization Management role group). For more information, see the "Add a role to a role
group" section in Manage role groups (https://technet.microsoft.com/library/jj657480.aspx). For information about
Syntax
New-AddressList [-Name] <String> -IncludedRecipients <None | MailboxUsers | Resources | MailContacts |
MailGroups | MailUsers | AllRecipients>
[-ConditionalCompany <MultiValuedProperty>]
[-ConditionalCustomAttribute1 <MultiValuedProperty>]
[-ConditionalDepartment <MultiValuedProperty>]
[-ConditionalStateOrProvince <MultiValuedProperty>]
[-Confirm]
[-Container <AddressListIdParameter>]
[-RecipientContainer <OrganizationalUnitIdParameter>]
New-AddressList [-Name] <String> -RecipientFilter <String>

[-Confirm]
[-Container <AddressListIdParameter>]
Description
The Conditional parameters that are used with the IncludedRecipients parameter are subject to the following
limitations:
The EQV operator is used for every property value, as in "Department equals Sales". Wildcards and partial
matches aren't supported.
The OR operator is always used for multiple values of the same property, as in "Department equals Sales OR
Marketing".
The AND operator is always used for multiple properties, as in "Department equals Sales AND Company
equals Contoso".
To create flexible filters that use any available recipient property and that aren't subject to these limitations, you can
use the RecipientFilter parameter to create an OPath filter.
Examples
-------------------------- Example 1 --------------------------
New-AddressList -Name MyAddressList -RecipientFilter {((RecipientType -eq 'UserMailbox') -and ((StateOrProvince

-eq 'Washington') -or (StateOrProvince -eq 'Oregon')))}
This example creates the address list MyAddressList. The address list includes recipients that are mailbox users and
have the StateOrProvince property set to Washington or Oregon.
-------------------------- Example 2 --------------------------
New-AddressList -Name MyAddressList2 -ConditionalStateOrProvince Washington -IncludedRecipients MailboxUsers
This example creates the address list MyAddressList2 that includes mailboxes that have the
ConditionalStateOrProvince parameter set to Washington.
-------------------------- Example 3 --------------------------
New-AddressList -Name "AL_AgencyB" -RecipientFilter {((RecipientType -eq 'UserMailbox') -and (CustomAttribute15

-like *AgencyB*))}
This example creates the address list AL_AgencyB that includes mailboxes that have the value of the
CustomAttribute15 parameter contains AgencyB.
Parameters
-ConditionalCompany
The ConditionalCompany parameter specifies a precanned filter that's based on the value of the recipient's
Company property. You can specify multiple values separated by commas.
When you use multiple values for this parameter, the OR Boolean operator is applied. For more information about
how Conditional parameters work, see the Detailed Description section of this topic.
You use this parameter in combination with the IncludedRecipients parameter as part of a precanned filter. You
can't use any Conditional parameters in combination with the RecipientFilter parameter (which is used to create
custom OPath filters).
Required: False
Position: Named
Default value: None
-ConditionalCustomAttribute1
The ConditionalCustomAttribute1 parameter specifies a precanned filter that's based on the value of the recipient's
CustomAttribute1 property. You can specify multiple values separated by commas.
Required: False
Position: Named
Default value: None
The ConditionalCustomAttribute10 parameter specifies a precanned filter that's based on the value of the
recipient's CustomAttribute10 property. You can specify multiple values separated by commas.
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
-ConditionalDepartment
The ConditionalDepartment parameter specifies a precanned filter that's based on the value of the recipient's
Department property. You can specify multiple values separated by commas.
Required: False
Position: Named
Default value: None
-ConditionalStateOrProvince
The ConditionalStateOrProvince parameter specifies a precanned filter that's based on the value of the recipient's
StateOrProvince property. You can specify multiple values separated by commas.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Container
The Container parameter specifies where to create the address list. Valid input for this parameter is under the root
"\" (also known as All Address Lists) or under an existing address list. You can use any value that uniquely identifies
the address list. For example:
Name
GUID
If you don't use this parameter,the address list is created under the root (\).
Required: False
Position: Named
Default value: None
-DisplayName
The DisplayName parameter specifies the display name of the address list. The display name is visible in the
Exchange admin center and Outlook. The maximum length is 256 characters. If the value contains spaces, enclose
If you don't use the DisplayName parameter, the value of the Name parameter is used for the display name.
Type: String
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-IncludedRecipients
The IncludedRecipients parameter specifies a precanned filter that's based on the recipient type. Valid values are:
AllRecipients: This value can be used only by itself.
MailboxUsers
MailContacts
MailGroups
MailUsers
Resources: This value indicates room or equipment mailboxes.
You can specify multiple values separated by commas. When you use multiple values, the OR Boolean operator is
applied.
You need to use this parameter when you use any Conditional parameters as part of a precanned filter. You can't
use this parameter in combination with the RecipientFilter parameter (which is used to create custom OPath filters).
Type: None | MailboxUsers | Resources | MailContacts | MailGroups | MailUsers | AllRecipients

Required: True
Position: Named
Default value: None
-Name
The Name parameter specifies the unique name for the new address list. The maximum length is 64 characters, and
it can't include a carriage return or a backslash (\). If the value contains spaces, enclose the value in quotation marks
(").
Type: String
Required: True
Position: 1
Default value: None
-RecipientContainer
The RecipientContainer parameter specifies a filter that's based on the recipient's location in Active Directory. Valid
input for this parameter is an organizational unit (OU ) or domain that's visible using the Get-OrganizationalUnit
cmdlet. You can use any value that uniquely identifies the OU or domain. For example:
Name
Canonical name
GUID
If you don't use this parameter, the default value is the OU where the object was created.
Required: False
Position: Named
Default value: None
-RecipientFilter
The RecipientFilter parameter specifies a custom OPath filter that's based on the value of any available recipient
property. You can use any available Windows PowerShell operator, and wildcards and partial matches are
supported. When you use this parameter, remember the following OPath filter rules:
Use braces { } around the whole OPath syntax string.
Include a hyphen before all operators.
In cloud-based environments, you can't use a wildcard as the first character. For example, Sales* is allowed, but
*Sales isn't allowed.
In on-premises Exchange, wildcards are valid only as the first or last character. For example, Sales* or *Sales are
allowed, but Sa*les isn't allowed.
For more information, see Filterable properties for the -RecipientFilter parameter
You can't use this parameter in combination with the IncludedRecipients parameter or any Conditional parameters
(which are used to create precanned filters).
Type: String
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-EmailAddressPolicy
In ths Article
may be exclusive to one environment or the other. Use the New -EmailAddressPolicy cmdlet to create email address
Syntax
New-EmailAddressPolicy [-Name] <String> -EnabledEmailAddressTemplates <ProxyAddressTemplateCollection> -
IncludedRecipients <None | MailboxUsers | Resources | MailContacts | MailGroups | MailUsers | AllRecipients>
[-Confirm]
[-DisabledEmailAddressTemplates <ProxyAddressTemplateCollection>]
[-Priority <EmailAddressPolicyPriority>]
New-EmailAddressPolicy [-Name] <String> -EnabledEmailAddressTemplates <ProxyAddressTemplateCollection> -

RecipientFilter <String>
[-Confirm]
New-EmailAddressPolicy [-Name] <String> -EnabledPrimarySMTPAddressTemplate <String> -IncludedRecipients <None |
MailboxUsers | Resources | MailContacts | MailGroups | MailUsers | AllRecipients>
[-Confirm]
New-EmailAddressPolicy [-Name] <String> -EnabledPrimarySMTPAddressTemplate <String> -RecipientFilter <String>

[-Confirm]
New-EmailAddressPolicy [-Name] <String> -EnabledEmailAddressTemplates <ProxyAddressTemplateCollection> [-

IncludeUnifiedGroupRecipients] [-ManagedByFilter <String>]
[-Confirm]
[-WhatIf]
New-EmailAddressPolicy [-Name] <String> -EnabledPrimarySMTPAddressTemplate <String> [-

IncludeUnifiedGroupRecipients] [-ManagedByFilter <String>]
[-Confirm]
Description
After you use the New -EmailAddressPolicy cmdlet to create an email address policy in an on-premises Exchange
organization, you need to use the Update-EmailAddressPolicy cmdlet to apply the new policy to recipients.
limitations:
Marketing".
equals Contoso".
Examples
-------------------------- Example 1 --------------------------
New-EmailAddressPolicy -Name "Southeast Offices" -IncludedRecipients MailboxUsers -ConditionalStateorProvince

"GA","AL","LA" -EnabledEmailAddressTemplates
"SMTP:%s%2g@southeast.contoso.com","smtp:%s%2g@southeast.contoso.net"
This example creates an email address policy in an on-premises Exchange organization that uses a precanned
recipient filter:
Name: Southeast Offices
Precanned recipient filter: All users with mailboxes where the State or province value is GA, AL, or LA (Georgia,
Alabama, or Louisiana).
Primary SMTP email address: <last name>.<first two letters of the first name>@contoso.com
Additional proxy email addresses: <last name>.<first two letters of the first name>@contoso.net
Priority:N+1, where N is the number of manually created email address policies that already exist (we didn't use
the Priority parameter, and the default value is N+1).
-------------------------- Example 2 --------------------------
New-EmailAddressPolicy -Name "Northwest Executives" -RecipientFilter {(RecipientType -eq 'UserMailbox') -and

(Title -like '*Director*' -or Title -like '*Manager*') -and (StateOrProvince -eq 'WA' -or StateOrProvince -eq
'OR' -or StateOrProvince -eq 'ID')} -EnabledEmailAddressTemplates "SMTP:%2g%s@contoso.com" -Priority 2
This example creates an email address policy in an on-premises Exchange organization that uses a custom recipient
filter:
Name: Northwest Executives
Custom recipient filter: All users with mailboxes where the Title value contains Director or Manager, and the
State or province value is WA, OR, or ID (Washington, Oregon, or Idaho).
Primary SMTP email address: <first two letters of the first name><last name>@contoso.com
Additional proxy email addresses: None
Priority: 2
Parameters
-ConditionalCompany
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DisabledEmailAddressTemplates
The DisabledEmailAddressTemplates parameter specifies the proxy email addresses templates that are included in
an email address policy, but aren't used to configure the email addresses of recipients.
Valid syntax for this parameter is <Type>:<AddressFormat>:
<Type>: A valid email address type as described in the "Address types" section in Email address policies in
Exchange 2016 (https://technet.microsoft.com/library/bb232171.aspx). For example, smtp or X400. Note that
you can't use SMTP to specify a disabled primary SMTP email address.
<AddressFormat>: For SMTP email addresses, a domain or subdomain that's configured as accepted domain
(authoritative or internal relay), and valid variables and ASCII text characters as described in the "Address
formats" section in Email address policies in Exchange 2016
(https://technet.microsoft.com/library/bb232171.aspx). For example: <alias>@contoso.com requires the value
%m@contoso.com, and <firstname>.<lastname>@contoso.com requires the value %g.%s@contoso.com.
You can specify multiple disabled email address templates separated by commas: "[<Type1>]:<EmailAddress1>","
[<Type2>]:<EmailAddress2>",..."[<TypeN>]:<EmailAddressN>".
Type: ProxyAddressTemplateCollection
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-EnabledEmailAddressTemplates
The EnabledEmailAddressTemplates parameter specifies the rules in the email address policy that are used to
generate email addresses for recipients.
<Type>: A valid email address type as described in "Address types" section in Email address policies in
Exchange 2016 (https://technet.microsoft.com/library/bb232171.aspx). For example, SMTP for the primary
email address, and smtp for proxy addresses.
This parameter requires at least one template with the <Type> value SMTP (to define the primary SMTP email
address). After that, if you don't include a <Type> prefix for a template, the value smtp (an SMTP proxy address) is
assumed.
You can specify multiple email address templates separated by commas: "SMTP:<PrimarySMTPEmailAddress>","
[<Type1>]:<EmailAddress1>","[<Type2>]:<EmailAddress2>",..."[<TypeN>]:<EmailAddressN>".
You can't use this parameter with the EnabledPrimarySMTPAddressTemplate parameter.

In Office 365, if you use this parameter with the IncludeUnifiedGroupRecipients, you can't use variables in the
email address template.
Required: True
Position: Named
Default value: None
-EnabledPrimarySMTPAddressTemplate
The EnabledPrimarySMTPAddressTemplate parameter specifies the specifies the rule in the email address policy
that's used to generate the primary SMTP email addresses for recipients. You can use this parameter instead of the
EnabledEmailAddressTemplates if the policy only applies the primary email address and no additional proxy
addresses.
Valid syntax for this parameter is a domain or subdomain that's configured as an authoritative accepted domain,
and valid variables and ASCII text characters as described in the "Address format" section in Email address policies
in Exchange 2016 (https://technet.microsoft.com/library/bb232171.aspx). For example: <alias>@contoso.com
requires the value %m@contoso.com, and <firstname>.<lastname>@contoso.com requires the value
%g.%s@contoso.com.
You can't use this parameter with the EnabledEmailAddressTemplates parameter.
Type: String
Required: True
Position: Named
Default value: None
-IncludedRecipients
MailboxUsers
MailContacts
MailGroups
MailUsers
applied.

Required: True
Position: Named
Default value: None
-IncludeUnifiedGroupRecipients
The IncludeUnifiedGroupRecipients switch specifies that the email address policy applies to Office 365 groups. You
Required: True
Position: Named
Default value: None
-ManagedByFilter
The ManagedByFilter parameter specifies the email address policies to apply to Office 365 groups based on the
properties of the users who create the Office 365 groups.
This parameter is an OPath filter that's based on the value of any available recipient property (for example,
{Department -eq 'Sales'}). You can use any available Windows PowerShell operator, and wildcards and partial
matches are supported. When you use this parameter, remember the following OPath filter rules:
You can't use a wildcard as the first character. For example, Sales* is allowed, but *Sales isn't allowed.
For more information, see Multi-domain support for Office 365 groups - Admin help
For a list of the filterable properties, see Filterable properties for the -RecipientFilter parameter
You need to use this parameter with the IncludeUnifiedGroupRecipients switch.

Type: String
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the unique name of the email address policy. The maximum length is 64 characters.
If the value contains spaces, enclose the value in quotation marks (").
Type: String
Required: True
Position: 1
Default value: None
-Priority
The Priority parameter specifies the order that the email address policies are evaluated. By default, every time that
you add a new email address policy, the policy is assigned a priority of N+1, where N is the number of email
address policies that you've created.
If you set this parameter to a value that's the same as another email address policy, the priority of the policy that
you added first is incremented by 1.
Note: The first email address policy that identifies a recipient configures the recipient's email addresses. All other
policies are ignored, even if the first policy is unapplied and can't configure the recipient's email addresses.
Type: EmailAddressPolicyPriority
Required: False
Position: Named
Default value: None
-RecipientContainer
Name
Canonical name
GUID
Required: False
Position: Named
Default value: None
-RecipientFilter
Type: String
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-GlobalAddressList
In ths Article
may be exclusive to one environment or the other. Use the New -GlobalAddressList cmdlet to create a global
address list (GAL ). In Exchange Online, this cmdlet is available only in the Address Lists role, and by default, the
role isn't assigned to any role groups. To use this cmdlet, you need to add the Address Lists role to a role group (for
Syntax
New-GlobalAddressList [-Name] <String> -IncludedRecipients <None | MailboxUsers | Resources | MailContacts |
MailGroups | MailUsers | AllRecipients>
[-Confirm]
New-GlobalAddressList [-Name] <String> -RecipientFilter <String>

[-Confirm]
Description
limitations:
Marketing".
equals Contoso".
Examples
-------------------------- Example 1 --------------------------
New-GlobalAddressList -Name "NewGAL"
This example creates the GAL named NewGAL.

-------------------------- Example 2 --------------------------
New-GlobalAddressList -Name GAL_AgencyB -RecipientFilter {((RecipientType -eq "UserMailbox") -and

(CustomAttribute15 -eq "AgencyB"))}
This example creates the GAL named GAL_AgencyB by using the RecipientFilter parameter to include all mailbox
users whose custom attribute 15 equals AgencyB.
Parameters
-ConditionalCompany
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-IncludedRecipients
MailboxUsers
MailContacts
MailGroups
MailUsers
applied.

Required: True
Position: Named
Default value: None
-Name
The Name parameter specifies a unique name for the global address list. The maximum length is 64 characters. If
the value contains spaces, enclose the value in quotation marks (").
Type: String
Required: True
Position: 1
Default value: None
-RecipientContainer
Name
Canonical name
GUID
Required: False
Position: Named
Default value: None
-RecipientFilter
Type: String
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-OabVirtualDirectory
In ths Article
This cmdlet is available only in on-premises Exchange. Use the New -OABVirtualDirectory cmdlet to create offline
address book (OAB ) virtual directories that are used in Internet Information Services (IIS ) on Microsoft Exchange
servers. The OAB virtual directory configures the server as a web distribution point for an offline address book
(OAB ). Typically, you create virtual directories on Exchange servers that have the Client Access server role installed.
Syntax
New-OabVirtualDirectory [-Confirm] [-DomainController <Fqdn>] [-ExtendedProtectionFlags <MultiValuedProperty>]
[-ExternalUrl <Uri>] [-InternalUrl <Uri>] [-Path <String>] [-PollInterval <Int32>] [-Recovery]
[-RequireSSL <$true | $false>] [-Server <ServerIdParameter>] [-WebSiteName <String>] [-WhatIf]
[-Role <ClientAccess | Mailbox>] [<CommonParameters>]
Description
The New -OABVirtualDirectory cmdlet configures a web distribution point for an OAB and creates the OAB virtual
directory.
You have to manually create the file system folder on the server that hosts the OAB files.
Examples
-------------------------- Example 1 --------------------------
New-OABVirtualDirectory -Server CASServer01 -PollInterval 120
This example creates an OAB virtual directory on CASServer01 and configures the distribution service to poll the
generation server every two hours.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
are:
Note:

Required: False
Position: Named
Default value: None
-ExternalUrl
firewall.
Type: Uri
Required: False
Position: Named
Default value: None
-InternalUrl
Type: Uri
Required: False
Position: Named
Default value: None
-Path
Type: String
Required: False
Position: Named
Default value: None
-PollInterval
The PollInterval parameter specifies the time interval in minutes that the distribution service polls the offline
address book generation server for updates. The default value is 480 minutes (8 hours).
Type: Int32
Required: False
Position: Named
Default value: None
-Recovery
Required: False
Position: Named
Default value: None
-RequireSSL
The RequireSSL parameter specifies whether the client connection to the virtual directory requires Secure Sockets
Layer (SSL ) encryption. Valid values are:
$true: SSL encryption is required to connect to the virtual directory. This is the default value.
$false: SSL encryption isn't required to connect to the virtual directory.

Required: False
Position: Named
Default value: None
-Role

Required: False
Position: Named
Default value: None
-Server
Name
FQDN
ExchangeLegacyDN
Required: False
Position: Named
Default value: None
-WebSiteName
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-OfflineAddressBook
In ths Article
may be exclusive to one environment or the other. Use the New -OfflineAddressBook cmdlet to create offline
address books (OABs). In Exchange Online, this cmdlet is available only in the Address Lists role, and by default, the
role isn't assigned to any role groups. To use this cmdlet, you need to add the Address Lists role to a role group (for
Syntax
New-OfflineAddressBook [-Name] <String> -AddressLists <AddressBookBaseIdParameter[]>
[-Confirm]
[-DiffRetentionPeriod <Unlimited>]
[-GeneratingMailbox <MailboxIdParameter>]
[-GlobalWebDistributionEnabled <$true | $false>]
[-PublicFolderDatabase <DatabaseIdParameter>]
[-PublicFolderDistributionEnabled <$true | $false>]
[-Schedule <Schedule>]
[-ShadowMailboxDistributionEnabled <$true | $false>]
[-SkipPublicFolderInitialization]
[-Versions <MultiValuedProperty>]
[-VirtualDirectories <VirtualDirectoryIdParameter[]>]
Description
Examples
-------------------------- Example 1 --------------------------
$a = Get-AddressList | Where {$_.Name -Like "*AgencyB*"}; New-OfflineAddressBook -Name "OAB_AgencyB" -Server

myserver.contoso.com -AddressLists $a -Schedule "Mon.01:00-Mon.02:00, Wed.01:00-Wed.02:00"
In Exchange Server 2010 and 2013, this example uses two commands to create the OAB named OAB_AgencyB
that includes all address lists in which AgencyB is part of the name. By using the settings shown, an OAB is
generated by myserver.contoso.com on Mondays and Wednesdays from 01:00 (1 A.M.) to 02:00 (2 A.M.). This
example command also creates the default OAB for the organization.
-------------------------- Example 2 --------------------------
New-OfflineAddressBook -Name "Contoso Executives OAB" -AddressLists "Default Global Address List","Contoso
Executives Address List" -GlobalWebDistributionEnabled $true
This example creates a new OAB named Contoso Executives OAB with the following properties:
Address lists included in the OAB: Default Global Address List and Contoso Executives Address List
All OAB virtual directories in the organization can accept requests to download the OAB.
The organization mailbox that's responsible for generating the OAB is SystemMailbox{bb558c35-97f1-4cb9-8ff7-
d53741dc928c} (we didn't use the GeneratingMailbox parameter to specify a different organization mailbox).
The OAB isn't used by mailboxes and mailbox databases that don't have an OAB specified (we didn't use the
IsDefault parameter with the value $true).
-------------------------- Example 3 --------------------------
New-OfflineAddressBook -Name "New OAB" -AddressLists "\Default Global Address List" -Server SERVER01 -
VirtualDirectories "SERVER01\OAB (Default Web Site)"
In Exchange Server 2010, this example creates the OAB New OAB that uses Web-based distribution for Microsoft
Office Outlook 2007 or later clients on SERVER01 by using the default virtual directory.
-------------------------- Example 4 --------------------------
New-OfflineAddressBook -Name "Legacy OAB" -AddressLists "\Default Global Address List" -Server SERVER01 -
PublicFolderDatabase "PFDatabase" -PublicFolderDistributionEnabled $true -Versions Version1,Version2
In Exchange Server 2010, this example creates the OAB Legacy OAB that uses public folder distribution for
Outlook 2003 Service Pack 1 (SP1) and Outlook 98 Service Pack 2 (SP2) clients on SERVER01.
If you configure OABs to use public folder distribution, but your organization doesn't have any public folder
infrastructure, an error will be returned. For more information, see Managing Public Folders.
Parameters
-AddressLists
The AddressLists parameter specifies the address lists or global address lists that are included in the OAB. You can
use any value that uniquely identifies the address list. For example:
Name
GUID
You can find the identify values of address lists and global address lists by using the Get-AddressList and Get-
GlobalAddressList cmdlets.
Type: AddressBookBaseIdParameter[]
Required: True
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DiffRetentionPeriod
The DiffRetentionPeriod parameter specifies the number of days that the OAB difference files are stored on the
server. Valid values are integers from 7 to 1825, or the value unlimited. The default value is 30.
Type: Unlimited
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-GeneratingMailbox
The GeneratingMailbox parameter specifies the arbitration mailbox where the OAB is generated. Specifically, the
arbitration mailbox must contain the OrganizationCapabilityOABGen value for the PersistedCapability property. An
arbitration mailbox with this capability is also known as an organization mailbox. You can use any value that
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
The default value for this parameter is the organization mailbox named SystemMailbox{bb558c35-97f1-4cb9-8ff7-
d53741dc928c}.
A single organization mailbox can generate multiple OABs (you can use the same value for this parameter in the
settings of multiple OABs), but in Exchange 2013 CU5 or later, an OAB can only be generated by a single
organization mailbox (this parameter doesn't accept multiple values). To have a read only copy of the OAB (also
known as a shadow copy) available in other organization mailboxes, use the ShadowMailboxDistributionEnabled
parameter.
Required: False
Position: Named
Default value: None
-GlobalWebDistributionEnabled
The GlobalWebDistributionEnabled parameter specifies whether all OAB virtual directories in the organization can
accept requests to download the OAB. These locations are advertised by the Autodiscover service. Valid values are:
$true: Any OAB virtual directory in the organization can accept requests to download the OAB. You can't use
this setting with the VirtualDirectories parameter.
$false: Only the OAB virtual directories that are specified by the VirtualDirectories parameter accept requests to
download the OAB. This is the default value.
In Exchange 2013 CU7 or later, we recommend that you use the value $true for this parameter. The Client Access
services on any Mailbox server can proxy incoming OAB download requests to the correct location.
Required: False
Position: Named
Default value: None
-IsDefault
The IsDefault parameter specifies whether the OAB is used by all mailboxes and mailbox databases that don't have
an OAB specified. Valid values are:
$true: The OAB is the default OAB.
$false: The OAB is isn't the default OAB. This is the default value.

Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the unique name of the OAB. The maximum length is 64 characters. If the value
Type: String
Required: True
Position: 1
Default value: None
-PublicFolderDatabase
The PublicFolderDatabase parameter specifies the public folder database that's used to distribute the OAB. You can
use any value that uniquely identifies the database. For example:
Name
GUID
To use this parameter, the PublicFolderDistributionEnabled parameter must be set to $true.
Required: False
Position: Named
Default value: None
-PublicFolderDistributionEnabled
The PublicFolderDistributionEnabled parameter specifies whether the OAB is distributed via public folders. If the
value of the PublicFolderDistributionEnabled parameter is $true, the OAB is distributed via public folders.

Required: False
Position: Named
Default value: None
-Schedule
The Schedule parameter specifies the interval for generating the OAB in Exchange 2010 or earlier.
The syntax for this parameter is: StartDay.Hour:Minute [AM/PM ]-EndDay.Hour:Minute [AM/PM ].
You can use the following values for days:
Full name of the day.
Abbreviated name of the day.
Integer from 0 through 6, where 0 = Sunday.
You can enter the time in 24 hour format and omit the AM/PM value. If you enter the time in 12 time hour format,
include a space between the time and the AM/PM value.
You can mix and match date/time formats.
The start time and end time must be at least 15 minutes apart. Minutes are rounded down to 0, 15, 30, or 45.
Here are some examples:
"Sun.11:30 PM -Mon.1:30 AM"
"6.22:00-6.22:15" (Run from Saturday at 10:00 PM until Saturday at 10:15 PM.)
"Sun.1:15 AM -Monday.23:00"
Type: Schedule
Required: False
Position: Named
Default value: None
-Server
Name
FQDN
ExchangeLegacyDN
Required: False
Position: Named
Default value: None
-ShadowMailboxDistributionEnabled
The ShadowMailboxDistributionEnabled parameter specifies whether a read only copy of the OAB (also known as
a shadow copy) is distributed to all other OAB generation mailboxes (also known as organization mailboxes). This
allows additional Mailbox servers to be endpoints for requests to download the OAB, which can help prevent users
from downloading the OAB across slow WAN links. Valid values are:
$true: The OAB is distributed to all other organization mailboxes.
$false: The OAB is isn't distributed to other organization mailboxes. This is the default value.
The value of this parameter is only meaningful if you have multiple organization mailboxes, and is only beneficial in
Exchange organizations that have multiple Active Directory sites.

Required: False
Position: Named
Default value: None
-SkipPublicFolderInitialization
The SkipPublicFolderInitialization parameter specifies whether to skip the immediate creation of the OAB public
folders if you're creating an OAB that uses public folder distribution. The OAB isn't available for download until the
next site folder maintenance cycle has completed. You don't have to specify a value with the
SkipPublicFolderInitialization parameter. Omitting this parameter may cause the task to pause while it contacts the
responsible public folder server to create the necessary public folders. If the server is presently unreachable, or is
otherwise costly to contact, the pause could be significant.
Required: False
Position: Named
Default value: None
-Versions
The Versions parameter specifies what version of OAB to generate. The allowed values are:
Version1
Version2
Version3
Version4
Required: False
Position: Named
Default value: None
-VirtualDirectories
The VirtualDirectories parameter specifies the OAB virtual directories that accept requests to download the OAB.
These locations are advertised in the Autodiscover service.
You can use any value that uniquely identifies the virtual directory. For example:
GUID
The default value of this parameter is the Client Access services (frontend) and backend OAB virtual directories on
the Mailbox server that holds the OAB generation mailbox (the GeneratingMailbox parameter or
SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}). For example, Mailbox01\OAB (Default Web
Site),Mailbox01\OAB (Exchange Back End.
To use this parameter, the value of the GlobalWebDistributionEnabled parameter must be $false.
In Exchange 2013 CU7 or later, we recommend that you set the GlobalWebDistributionEnabled parameter to $true,
because the Client Access services on any Mailbox server can proxy incoming OAB download requests to the
correct location.
Type: VirtualDirectoryIdParameter[]
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-AddressBookPolicy
In ths Article
may be exclusive to one environment or the other. Use the Remove-AddressBookPolicy cmdlet to delete an address
book policy. You can't remove the address book policy if it's still assigned to a user's mailbox. In Exchange Online,
this cmdlet is available only in the Address Lists role, and by default, the role isn't assigned to any role groups. To
use this cmdlet, you need to add the Address Lists role to a role group (for example, to the Organization
Management role group). For more information, see the "Add a role to a role group" section in Manage role groups
Syntax
Remove-AddressBookPolicy [-Identity] <MailboxPolicyIdParameter> [-Confirm] [-DomainController <Fqdn>] [-WhatIf]
Description
You can't delete an address book policy if it's assigned to a user. To determine if an address book policy is assigned
to a user, run the following command:
Get-Mailbox | where $._AddressBookPolicy -eq "Murchison's Class"}
Examples
-------------------------- Example 1 --------------------------
Remove-AddressBookPolicy -Identity "Murchison's Class"
This example deletes the address book policy Murchison's Class.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the identity of the address book policy that you want to remove.
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-AddressList
In ths Article
may be exclusive to one environment or the other. Use the Remove-AddressList cmdlet to remove existing address
lists. In Exchange Online, this cmdlet is available only in the Address Lists role, and by default, the role isn't
assigned to any role groups. To use this cmdlet, you need to add the Address Lists role to a role group (for example,
to the Organization Management role group). For more information, see the "Add a role to a role group" section in
Syntax
Remove-AddressList [-Identity] <AddressListIdParameter> [-Confirm] [-DomainController <Fqdn>] [-Recursive]
Description
You can use the Remove-AddressList cmdlet with the Get-AddressList cmdlet in the following scenarios:
Use the Get-AddressList cmdlet to get address list information, and then pipe the output to the Format-List
cmdlet to get the GUID, distinguished name (DN ), or path and name of an existing address list.
Use the Get-AddressList cmdlet to get a specific existing address list, and then pipe the output directly to the
Remove-AddressList cmdlet.
Examples
-------------------------- Example 1 --------------------------
Remove-AddressList -Identity "AddressList1" -Recursive
This example removes the address list named AddressList1 and all of its child address lists.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the address list that you want to remove. You can use any value that uniquely
Name
GUID
If the address list has child address lists that you also want to remove, you need to use the Recursive switch.
Required: True
Position: 1
Default value: None
-Recursive
The Recursive switch specifies whether to remove all child address lists. You don't need to specify a value for this
switch.
If you don't use this switch, and the address list has child address lists, the command will fail.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-EmailAddressPolicy
In ths Article
may be exclusive to one environment or the other. Use the Remove-EmailAddressPolicy cmdlet to remove existing
email address policies and update the affected recipients. In Exchange Online, email address policies are only
available for Office 365 groups. For information about the parameter sets in the Syntax section below, see
Syntax
Remove-EmailAddressPolicy [-Identity] <EmailAddressPolicyIdParameter> [-Confirm] [-DomainController <Fqdn>]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-EmailAddressPolicy -Identity "Southwest Executives"
This example removes the email address policy named Southwest Executives.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the email address policy that you want to remove. You can use any value that
Name
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-GlobalAddressList
In ths Article
may be exclusive to one environment or the other. Use the Remove-GlobalAddressList cmdlet to remove an
existing global address list (GAL ). In Exchange Online, this cmdlet is available only in the Address Lists role, and by
Syntax
Remove-GlobalAddressList [-Identity] <GlobalAddressListIdParameter> [-Confirm] [-DomainController <Fqdn>]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-GlobalAddressList -Identity OldGAL
This example removes the GAL named OldGAL.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the global address list that you want to remove. You can use any value that
uniquely identifies the GAL. For example:
Name
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-OabVirtualDirectory
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Remove-OabVirtualDirectory cmdlet to remove
offline address book (OAB ) virtual directories from Internet Information Services (IIS ) on Exchange servers. For
Syntax
Remove-OabVirtualDirectory [-Identity] <VirtualDirectoryIdParameter>
[-Confirm]
[-Force]
Description
Some situations require the removal of an OAB virtual directory. For example, to uninstall an Exchange server that
contains an OAB distribution points list, you need to remove the OAB virtual directory and then re-create it on
another server.
Examples
-------------------------- Example 1 --------------------------
Remove-OabVirtualDirectory -Identity "OAB (Default Web Site)"
This example removes the default OAB virtual directory from the local server.
-------------------------- Example 2 --------------------------
Remove-OabVirtualDirectory -Identity "Server1\OAB (Default Web Site)"
This example removes the default OAB virtual directory from Server1.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the OAB virtual directory that you want to remove. You can use any value that
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-OfflineAddressBook
In ths Article
may be exclusive to one environment or the other. Use the Remove-OfflineAddressBook cmdlet to remove (delete)
offline address books (OABs). In Exchange Online, this cmdlet is available only in the Address Lists role, and by
Syntax
Remove-OfflineAddressBook [-Identity] <OfflineAddressBookIdParameter> [-Confirm] [-DomainController <Fqdn>]
Description
If you remove the default OAB, you need to configure another OAB as the default by using the IsDefault parameter
on the New -OfflineAddressBook or Set-OfflineAddressBook cmdlets.
Examples
-------------------------- Example 1 --------------------------
Remove-OfflineAddressBook -Identity "\Contoso Executives"
This example removes the OAB named Contoso Executives.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the OAB that you want to remove. You can use any value that uniquely identifies
the OAB. For example:
Name or \Name
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Restore-DetailsTemplate
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Restore-DetailsTemplate cmdlet to restore the
specified template to its default state. For information about the parameter sets in the Syntax section below, see
Syntax
Restore-DetailsTemplate [-Identity] <DetailsTemplateIdParameter> [-Confirm] [-DomainController <Fqdn>]
Description
Details templates can't be created or deleted, but this task restores the specified template to its default state. All
user changes are lost.
Examples
-------------------------- Example 1 --------------------------
Restore-DetailsTemplate -Identity en-us\User
This example restores the default attributes to the User details template for the English language.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the GUID or specifies the details template type and language separated by a
backslash, for example, en-us\User. Details template types include:
User
Group
PublicFolder
SearchDialog
MailboxAgent
Contact
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-AddressBookPolicy
In ths Article
may be exclusive to one environment or the other. Use the Set-AddressBookPolicy cmdlet to change the settings of
an address book policy. In Exchange Online, this cmdlet is available only in the Address Lists role, and by default,
Syntax
Set-AddressBookPolicy [-Identity] <MailboxPolicyIdParameter> [-AddressLists <AddressListIdParameter[]>]
[-Confirm] [-DomainController <Fqdn>] [-GlobalAddressList <GlobalAddressListIdParameter>] [-Name <String>]
[-OfflineAddressBook <OfflineAddressBookIdParameter>] [-RoomList <AddressListIdParameter>] [-WhatIf]
Description
Examples
-------------------------- Example 1 --------------------------
Set-AddressBookPolicy -Identity "All Fabrikam ABP" -OfflineAddressBook \Fabrikam-OAB-2 -GlobalAddressList "\All

Fabrikam GAL"
This example changes the OAB that the address book policy All Fabrikam ABP uses to Fabrikam-OAB -2.
Parameters
-AddressLists
The AddressLists parameter specifies the address lists that will be used by mailbox users who are assigned this
address book policy. This parameter accepts multiple values, which should be separated by a comma.
Type: AddressListIdParameter[]
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-GlobalAddressList
The GlobalAddressList parameter specifies the identity of the global address list (GAL ) that will be used by mailbox
users who are assigned this address book policy. You can specify only one GAL for each address book policy.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the identity of the address book policy that you want to modify.
Required: True
Position: 1
Default value: None
-Name
The Name parameter specifies the name that you want this address book policy to be called. Use this parameter to
change the name of the address book policy.
Type: String
Required: False
Position: Named
Default value: None
-OfflineAddressBook
The OfflineAddressBook parameter specifies the identity of the offline address book (OAB ) that will be used by
mailbox users who are assigned this address book policy. You can specify only one OAB for each address book
policy.
Required: False
Position: Named
Default value: None
-RoomList
The RoomList parameter specifies the name of the room address list.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-AddressList
In ths Article
may be exclusive to one environment or the other. Use the Set-AddressList cmdlet to modify existing address lists.
In Exchange Online, this cmdlet is available only in the Address Lists role, and by default, the role isn't assigned to
any role groups. To use this cmdlet, you need to add the Address Lists role to a role group (for example, to the
Syntax
Set-AddressList [-Identity] <AddressListIdParameter>
[-Confirm]
[-ForceUpgrade]
[-IncludedRecipients <None | MailboxUsers | Resources | MailContacts | MailGroups | MailUsers |
AllRecipients>]
[-Name <String>]
[-RecipientFilter <String>]
Description
Use the Get-AddressList cmdlet, piped to Format-List, to get the GUID, distinguished name (DN ), or path and
name of an existing address list. Or, use Get-AddressList to get a specific existing address list, and then pipe the
output directly to the Set-AddressList cmdlet.
limitations:
Marketing".
equals Contoso".
use the RecipientFilter parameter to create a custom OPath filter.
You can't use this cmdlet to replace a precanned filter with a custom OPath filter, or vice-versa. You can only modify
the existing filter.
Examples
-------------------------- Example 1 --------------------------
Set-AddressList -Identity "All Users\Sales\building4" -Name building9
This example modifies the name of an existing address list.

-------------------------- Example 2 --------------------------
Set-AddressList -Identity c3fffd8e-026b-41b9-88c4-8c21697ac8ac -IncludedRecipients MailboxUsers -

ConditionalDepartment Sales
This example modifies the type of recipients and the department of the recipients included in the existing address
list identified by its GUID.
Parameters
-ConditionalCompany
Company property.
To enter multiple values that overwrite any existing entries, use the following syntax: <value1>,<value2>,...
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DisplayName
The DisplayName parameter specifies the display name of the group. The display name is visible in the Exchange
admin center and in Outlook. The maximum length is 256 characters. If the value contains spaces, enclose the value
Type: String
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-ForceUpgrade
The ForceUpgrade switch specifies whether to suppress the confirmation message that appears if the object was
created in a previous version of Exchange. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the address list that you want to modify. You can use any value that uniquely
Name
GUID
Required: True
Position: 1
Default value: None
-IncludedRecipients
MailboxUsers
MailContacts
MailGroups
MailUsers
applied.

Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies a unique name for the address list. The maximum length is 64 characters, and it
can't include a carriage return or a backslash (\). If the value contains spaces, enclose the value in quotation marks
(").
Type: String
Required: False
Position: Named
Default value: None
-RecipientContainer
Name
Canonical name
GUID
Required: False
Position: Named
Default value: None
-RecipientFilter
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-DetailsTemplate
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-DetailsTemplate cmdlet to modify the attributes
of a details template. To make changes to the details template format and layout, you need to use the Details
Templates Editor in the Exchange Toolbox. For information about the parameter sets in the Syntax section below,
Syntax
Set-DetailsTemplate [-Identity] <DetailsTemplateIdParameter> [-Confirm] [-DomainController <Fqdn>]
[-Pages <MultiValuedProperty>] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-DetailsTemplate -Identity en-us\User
This example sets attributes for the User details template for the U.S. English language.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the details template using a GUID or specifies a template type and language
separated by a slash. The following is an example of the user template type and U.S. English language: en-us\User.
Details template types include:
User
Group
PublicFolder
SearchDialog
MailboxAgent
Contact
Required: True
Position: 1
Default value: None
-Pages
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-EmailAddressPolicy
In ths Article
may be exclusive to one environment or the other. Use the Set-EmailAddressPolicy cmdlet to modify email address
Syntax
Set-EmailAddressPolicy [-Identity] <EmailAddressPolicyIdParameter>
[-Confirm]
[-EnabledEmailAddressTemplates <ProxyAddressTemplateCollection>]
[-EnabledPrimarySMTPAddressTemplate <String>]
[-ForceUpgrade]
AllRecipients>]
[-Name <String>]
Description
After you use the Set-EmailAddressPolicy cmdlet to modify an email address policy in an on-premises Exchange
organization, you need to use the Update-EmailAddressPolicy cmdlet to apply the updated policy to recipients.
limitations:
Marketing".
equals Contoso".
Examples
-------------------------- Example 1 --------------------------
Set-EmailAddressPolicy -Identity "Southeast Executives" -ConditionalStateOrProvince @{Add="TX"}
In on-premises Exchange, this example modifies the existing email address policy named Southeast Executives by
adding the State or province value TX (Texas) to the precanned recipient filter.
-------------------------- Example 2 --------------------------
Set-EmailAddressPolicy -Identity "Contoso Corp" -DisabledEmailAddressTemplates $null
In on-premises Exchange, this example clears the disabled email address templates from the email address policy
named Contoso Corp.
Parameters
-ConditionalCompany
Company property.
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DisabledEmailAddressTemplates
The DisabledEmailAddressTemplates parameter specifies the proxy email addresses templates that are included in
an email address policy, but aren't used to configure the email addresses of recipients.
<Type>: A valid email address type as described in the "Address types" section in Email address policies in
Exchange 2016 (https://technet.microsoft.com/library/bb232171.aspx). For example, smtp or X400. Note that
you can't use SMTP to specify a disabled primary SMTP email address.
You can specify multiple disabled email address templates separated by commas: "[<Type1>]:<EmailAddress1>","
[<Type2>]:<EmailAddress2>",..."[<TypeN>]:<EmailAddressN>".
Typically, this property is only populated by values after a migration from a previous version of Exchange. To clear
these values, use the value $null for this parameter.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-EnabledEmailAddressTemplates
The EnabledEmailAddressTemplates parameter specifies the rules in the email address policy that are used to
generate email addresses for recipients.
<Type>: A valid email address type as described in "Address types" section in Email address policies in
Exchange 2016 (https://technet.microsoft.com/library/bb232171.aspx). For example, SMTP for the primary
email address, and smtp for proxy addresses.
This parameter requires at least one template with the <Type> value SMTP (to define the primary SMTP email
address). After that, if you don't include a <Type> prefix for a template, the value smtp (an SMTP proxy address) is
assumed.
You can specify multiple email address templates separated by commas: "SMTP:<PrimarySMTPEmailAddress>","
[<Type1>]:<EmailAddress1>","[<Type2>]:<EmailAddress2>",..."[<TypeN>]:<EmailAddressN>".
You can't use this parameter with the EnabledPrimarySMTPAddressTemplate parameter.

Required: False
Position: Named
Default value: None
-EnabledPrimarySMTPAddressTemplate
The EnabledPrimarySMTPAddressTemplate parameter specifies the specifies the rule in the email address policy
that's used to generate the primary SMTP email addresses for recipients. You can use this parameter instead of the
EnabledEmailAddressTemplates if the policy only applies the primary email address and no additional proxy
addresses.
Valid syntax for this parameter is a domain or subdomain that's configured as an authoritative accepted domain,
and valid variables and ASCII text characters as described in the "Address format" section in Email address policies
in Exchange 2016 (https://technet.microsoft.com/library/bb232171.aspx). For example: <alias>@contoso.com
requires the value %m@contoso.com, and <firstname>.<lastname>@contoso.com requires the value
%g.%s@contoso.com.
You can't use this parameter with the EnabledEmailAddressTemplates parameter.
Type: String
Required: False
Position: Named
Default value: None
-ForceUpgrade
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the email address policy that you want to modify. You can use any value that
Name
GUID
Required: True
Position: 1
Default value: None
-IncludedRecipients
MailboxUsers
MailContacts
MailGroups
MailUsers
applied.

Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the unique name for the email address policy. The maximum length is 64 characters.
Type: String
Required: False
Position: Named
Default value: None
-Priority
The Priority parameter specifies the order that the email address policies are evaluated. By default, every time that
you add a new email address policy, the policy is assigned a priority of N+1, where N is the number of email
address policies that you've created.
If you set this parameter to a value that's the same as another email address policy, the priority of the policy that
you added first is incremented by 1.
Note: The first email address policy that identifies a recipient configures the recipient's email addresses. All other
policies are ignored, even if the first policy is unapplied and can't configure the recipient's email addresses.
Type: EmailAddressPolicyPriority
Required: False
Position: Named
Default value: None
-RecipientContainer
Name
Canonical name
GUID
Required: False
Position: Named
Default value: None
-RecipientFilter
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-GlobalAddressList
In ths Article
may be exclusive to one environment or the other. Use the Set-GlobalAddressList cmdlet to modify an existing
global address list (GAL ). In Exchange Online, this cmdlet is available only in the Address Lists role, and by default,
Syntax
Set-GlobalAddressList [-Identity] <GlobalAddressListIdParameter>
[-Confirm]
[-ForceUpgrade]
AllRecipients>]
[-Name <String>]
Description
limitations:
Marketing".
equals Contoso".
Examples
-------------------------- Example 1 --------------------------
Set-GlobalAddressList 96d0c505-eba8-4103-ad4f-577a1bf4ad7b -Name GALwithNewName
This example assigns a new name, GALwithNewName, to the GAL with the GUID 96d0c505-eba8-4103-ad4f-
577a1bf4ad7b.
Parameters
-ConditionalCompany
Company property.
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-ForceUpgrade
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the global address list that you want to modify. You can use any value that
Name
GUID
Required: True
Position: 1
Default value: None
-IncludedRecipients
MailboxUsers
MailContacts
MailGroups
MailUsers
applied.

Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the unique name of the GAL. The maximum length is 64 characters. If the value
Type: String
Required: False
Position: Named
Default value: None
-RecipientContainer
Name
Canonical name
GUID
Required: False
Position: Named
Default value: None
-RecipientFilter
The RecipientFilter parameter specifies an OPath filter that's based on the value of any available recipient property.
You can use any available Windows PowerShell operator, and wildcards and partial matches are supported. When
you use this parameter, remember the following OPath filter rules:
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-OabVirtualDirectory
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-OABVirtualDirectory cmdlet to modify offline
address book (OAB ) virtual directories that are used in Internet Information Services (IIS ) on Exchange servers. For
Syntax
Set-OabVirtualDirectory [-Identity] <VirtualDirectoryIdParameter>
[-Confirm]
[-PollInterval <Int32>]
[-RequireSSL <$true | $false>]
[-WhatIf]
Description
Examples
-------------------------- Example 1 --------------------------
Set-OABVirtualDirectory -Identity "Server1\OAB (Default Web Site)" -ExternalUrl "https://www.contoso.com/OAB"
This example changes the external URL of the OAB virtual directory OAB (Default Web Site) to
https://www.contoso.com/OAB.
Parameters
values are:
You can use this parameter with the WindowsAuthentication parameter.

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
are:
Note:
Required: False
Position: Named
Default value: None
-ExternalUrl
firewall.
Type: Uri
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the OAB virtual directory that you want to modify. You can use any value that
GUID
Required: True
Position: 1
Default value: None
-InternalUrl
Type: Uri
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
-PollInterval
The PollInterval parameter specifies the time interval in minutes that the distribution service should poll the offline
address book generation server for updates.
Type: Int32
Required: False
Position: Named
Default value: None
-RequireSSL
The RequireSSL parameter specifies whether the client connection to the virtual directory requires Secure Sockets
Layer (SSL ) encryption. Valid values are:
$true: SSL encryption is required to connect to the virtual directory. This is the default value.
$false: SSL encryption isn't required to connect to the virtual directory.

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
You can use this parameter with the BasicAuthentication parameter.
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-OfflineAddressBook
In ths Article
may be exclusive to one environment or the other. Use the Set-OfflineAddressBook cmdlet to modify offline
address book (OAB ) settings. In Exchange Online, this cmdlet is available only in the Address Lists role, and by
Syntax
Set-OfflineAddressBook [-Identity] <OfflineAddressBookIdParameter>
[-AddressLists <AddressBookBaseIdParameter[]>]
[-ApplyMandatoryProperties]
[-ConfiguredAttributes <MultiValuedProperty>]
[-Confirm]
[-DiffRetentionPeriod <Unlimited>]
[-FullOabDownloadPreventionThreshold <Int32>]
[-GeneratingMailbox <MailboxIdParameter>]
[-GlobalWebDistributionEnabled <$true | $false>]
[-MaxBinaryPropertySize <Int32>]
[-MaxMultivaluedBinaryPropertySize <Int32>]
[-MaxMultivaluedStringPropertySize <Int32>]
[-MaxStringPropertySize <Int32>]
[-Name <String>]
[-PublicFolderDistributionEnabled <$true | $false>]
[-Schedule <Schedule>]
[-ShadowMailboxDistributionEnabled <$true | $false>]
[-UpgradeFromE14]
[-UseDefaultAttributes]
[-Versions <MultiValuedProperty>]
[-VirtualDirectories <VirtualDirectoryIdParameter[]>]
[-WhatIf]
[-ZipOabFilesBeforeUploading <$true | $false>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-OfflineAddressBook -Identity "Default Offline Address Book" -VirtualDirectories $null -

GlobalWebDistributionEnabled $true
This example configures the OAB named Default Offline Address Book to be available for download requests from
all OAB virtual directories in the organization.
-------------------------- Example 2 --------------------------
Set-OfflineAddressBook -Identity "\Default Offline Address Book" -GeneratingMailbox OABGen2
This example changes the organization mailbox that's responsible for generating the OAB.
Parameters
-AddressLists
The AddressLists parameter specifies the address lists or global address lists that are included in the OAB. You can
use any value that uniquely identifies the address list. For example:
Name
GUID
You can find the identify values of address lists and global address lists by using the Get-AddressList and Get-
GlobalAddressList cmdlets.
Type: AddressBookBaseIdParameter[]
Required: False
Position: Named
Default value: None
-ApplyMandatoryProperties
The ApplyMandatoryProperties switch specifies whether to update the mandatory properties of a legacy OAB. You
This switch was used in coexistence environments when an OAB was migrated from Exchange 2003.
Required: False
Position: Named
Default value: None
-ConfiguredAttributes
The ConfiguredAttributes parameter specifies the recipient MAPI properties that are available in the OAB. This
parameter uses the syntax: "<Name1>,<Type1>","<Name2>,<Type2>"... where <Name> is the name of the MAPI
property (for example, MobileTelephoneNumber), and <Type> is the value ANR (ambiguous name resolution),
Value, or Indicator.
To reset this parameter back to the default values, use the UseDefaultAttributes switch.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DiffRetentionPeriod
The DiffRetentionPeriod parameter specifies the number of days that the OAB difference files are stored on the
server. Valid values are integers from 7 to 1825, or the value unlimited. The default value is 30.
Type: Unlimited
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-FullOabDownloadPreventionThreshold
Type: Int32
Required: False
Position: Named
Default value: None
-GeneratingMailbox
The GeneratingMailbox parameter specifies the arbitration mailbox where the OAB is generated. Specifically, the
arbitration mailbox must contain the OrganizationCapabilityOABGen value for the PersistedCapability property. An
arbitration mailbox with this capability is also known as an organization mailbox. You can use any value that
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
The default value for this parameter is the organization mailbox named SystemMailbox{bb558c35-97f1-4cb9-8ff7-
d53741dc928c}.
A single organization mailbox can generate multiple OABs (you can use the same value for this parameter in the
settings of multiple OABs), but in Exchange 2013 CU5 or later, an OAB can only be generated by a single
organization mailbox (this parameter doesn't accept multiple values). To have a read only copy of the OAB (also
known as a shadow copy) available in other organization mailboxes, use the ShadowMailboxDistributionEnabled
parameter.
Required: False
Position: Named
Default value: None
-GlobalWebDistributionEnabled
The GlobalWebDistributionEnabled parameter specifies whether all OAB virtual directories in the organization can
accept requests to download the OAB. These locations are advertised by the Autodiscover service. Valid values are:
$true: Any OAB virtual directory in the organization can accept requests to download the OAB. You can't use
this setting with the VirtualDirectories parameter.
$false: Only the OAB virtual directories that are specified by the VirtualDirectories parameter accept requests to
download the OAB. This is the default value.
In Exchange 2013 CU7 or later, we recommend that you use the value $true for this parameter. The Client Access
services on any Mailbox server can proxy incoming OAB download requests to the correct location.

Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the OAB that you want to modify. You can use any value that uniquely identifies
the OAB. For example:
Name or \Name
GUID
Required: True
Position: 1
Default value: None
-IsDefault
The IsDefault parameter specifies whether the OAB is used by all mailboxes and mailbox databases that don't have
an OAB specified. Valid values are:
$true: The OAB is the default OAB.
$false: The OAB is isn't the default OAB.
Required: False
Position: Named
Default value: None
-MaxBinaryPropertySize
The MaxBinaryPropertySize parameter specifies the maximum size in bytes for binary attributes in the OAB before
they're truncated. Valid values are integers from 0 to 999999999. The default value is 65536.
Type: Int32
Required: False
Position: Named
Default value: None
-MaxMultivaluedBinaryPropertySize
The MaxMultivaluedBinaryPropertySize parameter specifies the maximum size in bytes for multivalued binary
attributes in the OAB before they're truncated. Valid values are integers from 0 to 999999999. The default value is
65536 (64 kilobytes).
Type: Int32
Required: False
Position: Named
Default value: None
-MaxMultivaluedStringPropertySize
The MaxMultivaluedStringPropertySize parameter specifies the maximum size for multivalued string attributes in
the OAB before they're truncated. Valid values are integers from 0 to 999999999. The default value is 65536 (64
kilobytes).
Type: Int32
Required: False
Position: Named
Default value: None
-MaxStringPropertySize
The MaxStringPropertySize parameter specifies the maximum size in bytes for string attributes before they're
truncated. Valid values are integers from 0 to 999999999. The default value is 3400.
Type: Int32
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the unique name of the OAB. The maximum length is 64 characters. If the value
Type: String
Required: False
Position: Named
Default value: None
-PublicFolderDistributionEnabled
The PublicFolderDistributionEnabled parameter specifies whether the OAB is to be distributed via public folders.
Setting the PublicFolderDistributionEnabled parameter to a value of $true sets the OAB to be distributed via public
folders. The default value is $true.

Required: False
Position: Named
Default value: None
-Schedule
Note: In Exchange 2013 or later, this parameter is no longer responsible for the OAB generation schedule. For more
information, see Change the offline address book generation schedule
The Schedule parameter specifies the interval for generating the OAB in Exchange 2010 or earlier.
"Sun.11:30 PM -Mon.1:30 AM"
Note: In Office 365, the read only value of this property is displayed in Coordinated Universal Time (UTC ).
Type: Schedule
Required: False
Position: Named
Default value: None
-ShadowMailboxDistributionEnabled
The ShadowMailboxDistributionEnabled parameter specifies whether a read only copy of the OAB (also known as
a shadow copy) is distributed to all other OAB generation mailboxes (also known as organization mailboxes). This
allows additional Mailbox servers to be endpoints for requests to download the OAB, which can help prevent users
from downloading the OAB across slow WAN links. Valid values are:
$true: The OAB is distributed to all other organization mailboxes.
$false: The OAB is isn't distributed to other organization mailboxes. This is the default value.
The value of this parameter is only meaningful if you have multiple organization mailboxes, and is only beneficial in
Exchange organizations that have multiple Active Directory sites.

Required: False
Position: Named
Default value: None
-UpgradeFromE14
Required: False
Position: Named
Default value: None
-UseDefaultAttributes
The UseDefaultAttributes switch specifies whether to revert the recipient MAPI properties that are available in the
OAB to the default list. You don't need to specify a value with this switch.
You can use this switch to undo changes that you've made to the default list by using the ConfiguredAttributes
parameter.
Required: False
Position: Named
Default value: None
-Versions
The Versions parameter specifies the OAB versions that are generated for client download. In Exchange 2013 or
later, the default and only supported value is Version4 (Version3 and Version2 require public folder distribution).
Required: False
Position: Named
Default value: None
-VirtualDirectories
The VirtualDirectories parameter specifies the OAB virtual directories that accept requests to download the OAB.
These locations are advertised in the Autodiscover service.
You can use any value that uniquely identifies the virtual directory. For example:
GUID
The default value of this parameter is the Client Access services (frontend) and backend OAB virtual directories on
the Mailbox server that holds the OAB generation mailbox (the GeneratingMailbox parameter or
SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}) when you created the OAB (for example,
Mailbox01\OAB (Default Web Site),Mailbox01\OAB (Exchange Back End).
To use this parameter, the value of the GlobalWebDistributionEnabled parameter must be $false.
In Exchange 2013 CU7 or later, we recommend that you set this parameter to $null, and then set the
GlobalWebDistributionEnabled parameter to $true, because the Client Access services on any Mailbox server can
proxy incoming OAB download requests to the correct location.
Type: VirtualDirectoryIdParameter[]
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-ZipOabFilesBeforeUploading
The ZipOabFilesBeforeUploading specifies whether to use ZIP file compression on the OAB files before uploading
them to the server. Valid values are:
$true: ZIP the OAB files.
$false: Don't ZIP the OAB files. This is the default value.

Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Update-AddressList
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Update-AddressList cmdlet to update the recipients
included in address lists. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Update-AddressList [-Identity] <AddressListIdParameter> [-Confirm] [-DomainController <Fqdn>] [-WhatIf]
Description
Examples
-------------------------- Example 1 --------------------------
Update-AddressList -Identity "All Users\Sales\building4"
This example updates the recipients of the address list named building4 that's under the container All Users\Sales.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the address list that you want to update. You can use any value that uniquely
Name
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Update-EmailAddressPolicy
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Update-EmailAddressPolicy cmdlet to apply new or
updated email address policies to the affected recipients in an on-premises Exchange organization. For information
Syntax
Update-EmailAddressPolicy [-Identity] <EmailAddressPolicyIdParameter> [-Confirm] [-DomainController <Fqdn>]
[-FixMissingAlias] [-WhatIf] [-UpdateSecondaryAddressesOnly] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Update-EmailAddressPolicy -Identity "Northwest Executives"
This example applies the email address policy named Northwest Executives to all affected recipients.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-FixMissingAlias
The FixMissingAlias switch repairs recipients that don't have an alias. The alias is generated based on the Name
property of the recipient. You don't need to specify a value with this switch.
You need to use this switch if you receive an error message when you attempt to update the email address policy,
global address list, or address list.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the email address policy that you want to apply to recipients. You can use any
Name
GUID
Required: True
Position: 1
Default value: None
-UpdateSecondaryAddressesOnly
The UpdateSecondaryAddressesOnly switch parameter specifies that only the proxy email addresses are updated
for the recipients. The recipient's primary email address isn't updated. You don't need to specify a value with this
switch.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Update-GlobalAddressList
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Update-GlobalAddressList cmdlet to update the
recipients included in a global address list (GAL ). For information about the parameter sets in the Syntax section
Syntax
Update-GlobalAddressList [-Identity] <GlobalAddressListIdParameter> [-Confirm] [-DomainController <Fqdn>]
Description
Examples
-------------------------- Example 1 --------------------------
Update-GlobalAddressList -Identity "Default Global Address List"
This example updates the recipients in the default GAL.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the global address list that you want to update. You can use any value that
Name
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Update-OfflineAddressBook
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Update-OfflineAddressBook cmdlet to update the
offline address books (OABs) used by Microsoft Outlook clients. For information about the parameter sets in the
Syntax
Update-OfflineAddressBook [-Identity] <OfflineAddressBookIdParameter> [-Confirm] [-DomainController <Fqdn>]
[-WhatIf] [-Force] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Update-OfflineAddressBook -Identity MyOAB
This example updates the OAB MyOAB.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the GUID, distinguished name (DN ), or OAB name that represents a specific OAB.
You can also include the path by using the format Server\OfflineAddressBookName.
You can omit the parameter label Identity so that only the OAB name or GUID is supplied.
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Enable-ExchangeCertificate
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Enable-ExchangeCertificate cmdlet to enable an
existing certificate on the Exchange server for Exchange services such as Internet Information Services (IIS ), SMTP,
POP, IMAP and Unified Messaging (UM ). Once you enable a certificate for a service, you can't disable it. To see the
existing certificates that are used for Exchange services, use Get-ExchangeCertificate
(https://docs.microsoft.com/powershell/module/exchange/encryption-and-certificates/get-exchangecertificate). For
Syntax
Enable-ExchangeCertificate [-Thumbprint] <String> -Services <None | IMAP | POP | UM | IIS | SMTP | Federation |
UMCallRouter>
[-Confirm]
[-DoNotRequireSsl]
[-Force]
[-NetworkServiceAllowed]
Enable-ExchangeCertificate [[-Identity] <ExchangeCertificateIdParameter>] -Services <None | IMAP | POP | UM |

IIS | SMTP | Federation | UMCallRouter>
[-Confirm]
[-DoNotRequireSsl]
[-Force]
[-NetworkServiceAllowed]
Description
The Enable-ExchangeCertificate cmdlet enables certificates by updating the metadata that's stored with the
certificate. To enable an existing certificate to work with additional Exchange services, use this cmdlet to specify the
services.
After you run the Enable-ExchangeCertificate cmdlet, you might need to restart Internet Information Services (IIS ).
In some scenarios, Exchange might continue to use the previous certificate for encrypting and decrypting the
cookie that's used for Outlook on the web (formerly known as Outlook Web App) authentication. We recommend
restarting IIS in environments that use Layer 4 load balancing.
There are many factors to consider when you configure certificates for Transport Layer Security (TLS ) and Secure
Sockets Layer (SSL ) services. You need to understand how these factors might affect your overall configuration.
For more information, see Digital certificates and encryption in Exchange 2016
Secure Sockets Layer (SSL ) is being replaced by Transport Layer Security (TLS ) as the protocol that's used to
encrypt data sent between computer systems. They're so closely related that the terms "SSL" and "TLS" (without
versions) are often used interchangeably. Because of this similarity, references to "SSL" in Exchange topics, the
Exchange admin center, and the Exchange Management Shell have often been used to encompass both the SSL
and TLS protocols. Typically, "SSL" refers to the actual SSL protocol only when a version is also provided (for
example, SSL 3.0). To find out why you should disable the SSL protocol and switch to TLS, check out Protecting
you against the SSL 3.0 vulnerability (https://blogs.office.com/2014/10/29/protecting-ssl-3-0-vulnerability/).
Examples
-------------------------- Example 1 --------------------------
Enable-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e -Services POP,IMAP,SMTP,IIS
This example enables a certificate for POP, IMAP, SMTP and IIS services.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-DoNotRequireSsl
The DoNotRequireSsl switch prevents the command from enabling the "require SSL" setting on the default web
site when you enable the certificate for IIS. You don't need to specify a value with this switch.
If you don't use this switch, and you use the Services parameter to enable the certificate for IIS, the command
enables the "require SSL" setting for the default web site in IIS.
Required: False
Position: Named
Default value: None
-Force
By default, when you enable a certificate for SMTP, the command prompts you to replace the existing certificate
that's enabled for SMTP, which is likely the default Exchange self-signed certificate.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the certificate that you want to configure. Valid values are:
<ServerNameOrFQDN>\<Thumbprint>
<Thumbprint>
You can find the thumbprint value by using the Get-ExchangeCertificate cmdlet.
The Thumbprint parameter, not the Identity parameter, is the positional parameter for this cmdlet. Therefore, when
you specify a thumbprint value by itself, the command uses that value for the Thumbprint parameter.
Type: ExchangeCertificateIdParameter
Required: False
Position: 1
Default value: None
-NetworkServiceAllowed
The NetworkServiceAllowed switch gives the built-in Network Service account permission to read the certificate's
private key without enabling the certificate for SMTP. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-Server
Name
FQDN
Exchange Legacy DN
You can't use this parameter with the Identity parameter, but you can use it with the Thumbprint parameter.
Required: False
Position: Named
Default value: None
-Services
The Services parameter specifies the Exchange services that the certificate is enabled for. Valid values are:
Federation: Don't use this command to enable a certificate for federation. Creating or modifying a federation
trust enables or modifies how certificates are used for federation. You manage the certificates that used for
federation trusts with the New -FederationTrust and Set-FederationTrust cmdlets.
IIS: By default, when you enable a certificate for IIS, the "require SSL" setting is configured on the default web
site in IIS. To prevent this change, use the DoNotRequireSsl switch.
IMAP: Don't enable a wildcard certificate for the IMAP4 service. Instead, use the Set-ImapSettings cmdlet to
configure the FQDN that clients use to connect to the IMAP4 service.
POP: Don't enable a wildcard certificate for the POP3 service. Instead, use the Set-PopSettings cmdlet to
configure the FQDN that clients use to connect to the POP3 service.
SMTP: When you enable a certificate for SMTP, you're prompted to replace the default Exchange self-signed
certificate that's used to encrypt SMTP traffic between internal Exchange. Typically, you don't need to replace
the default certificate with a certificate from a commercial CA for the purpose of encrypting internal SMTP
traffic. If you want to replace the default certificate without the confirmation prompt, use the Force switch.
UM: You can only enable a certificate for the UM service when the UMStartupMode parameter on the Set-
UMService cmdlet is set to TLS or Dual. If the UMStartupMode parameter is set to the default value TCP, you
can't enable the certificate for the UM service.
UMCallRouter: You can only enable a certificate for the UM Call Router service when the UMStartupMode
parameter on the Set-UMCallRouterService cmdlet is set to TLS or Dual. If the UMStartupMode parameter is
set to the default value TCP, you can't enable the certificate for the UM Call Router service.
The values that you specify with this parameter are additive. When you enable a certificate for one or more
services, any existing services remain in the Services property and you can't remove the existing services. Instead,
configure another certificate for the services and then remove the certificate that you don't want to use.
Different services have different certificate requirements. For example, some services may require a server name in
the certificate's Subject Name or Subject Alternative Name fields, but other services may require an FQDN. Verify
that the certificate supports the services that you want to configure.
Type: None | IMAP | POP | UM | IIS | SMTP | Federation | UMCallRouter

Required: True
Position: Named
Default value: None
-Thumbprint
The Thumbprint parameter specifies the certificate that you want to configure. You can find the thumbprint value
by using the Get-ExchangeCertificate cmdlet.
Type: String
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Export-ExchangeCertificate
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Export-ExchangeCertificate cmdlet to export existing
certificates and pending certificate requests (also known as certificate signing requests or CSRs) from Exchange
Syntax
Export-ExchangeCertificate [-Thumbprint] <String> [-Server <ServerIdParameter>]
[-BinaryEncoded]
[-Confirm]
[-FileName <String>]
[-Password <SecureString>]
Export-ExchangeCertificate [[-Identity] <ExchangeCertificateIdParameter>]

[-BinaryEncoded]
[-Confirm]
[-FileName <String>]
Description
The Export-ExchangeCertificate cmdlet creates the following types of files:
Certificate files: When you export a certificate, the command creates a PKCS #12 file. PKCS #12 is the Personal
Information Exchange Syntax standard specified by RSA Laboratories. For more information, see PKCS #12:
Personal Information Exchange Syntax Standard (https://www.emc.com/emc-plus/rsa-labs/standards-
initiatives/pkcs12-personal-information-exchange-syntax-standard.htm).
To export a certificate from an Exchange server, the certificate's PrivateKeyExportable property needs to have
the value True. To import an exported certificate on another Exchange server, you need to export the certificate
by using the Password parameter to include the private key or chain of trust in the certificate file. The default
Microsoft Exchange self-signed certificate or new self-signed certificates that you create in the Exchange admin
center or by using the default settings of the New -ExchangeCertificate cmdlet aren't exportable, because the
private key isn't exportable (the default value of the PrivateKeyExportable parameter is $false).
Certificate request files: When you export a certificate request, the command creates a PKCS #10 file. PKCS #10
is the Certification Request Syntax standard specified by RFC 2314. For more information, see PKCS #10:
Certification Request Syntax (https://www.ietf.org/rfc/rfc2314.txt).
Typically, you export a certificate request file if you need to resubmit the certificate request to the certification
authority. You can't import an exported certificate request on another server.
Examples
-------------------------- Example 1 --------------------------
Export-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e -FileName "C:\Data\HT cert.pfx"

-BinaryEncoded -Password (ConvertTo-SecureString -String 'P@ssw0rd1' -AsPlainText -Force)
This example exports a certificate from the local Exchange server to a file with the following settings:
The certificate that has the thumbprint value 5113ae0233a72fccb75b1d0198628675333d010e is exported to the
file C:\Data\HT cert.pfx.
The exported certificate file is encoded by DER (not Base64).
The password for the certificate file is P@ssw0rd1.
-------------------------- Example 2 --------------------------
Export-ExchangeCertificate -Thumbprint 72570529B260E556349F3403F5CF5819D19B3B58 -Server Mailbox01 -FileName

"\\FileServer01\Data\Fabrikam.req"
This example exports a pending certificate request to a file with the following settings:
The pending certificate request that has the thumbprint value 72570529B260E556349F3403F5CF5819D19B3B58
on the Exchange server named Mailbox01 is exported to the file \\FileServer01\Data\Fabrikam.req.
The exported certificate request file is Base64 encoded, so the information that's written to the file is also displayed
onscreen.
Parameters
-BinaryEncoded
The BinaryEncoded switch encodes the exported certificate or certificate request file by using Distinguished
Encoding Rules (DER ). You don't need to specify a value with this switch.
Typically, you use this switch when you export a certificate, because you can store the certificate and its private key
or chain of trust in a single binary file when you also use the Password parameter. If you don't use this switch, the
exported certificate file is Base64 encoded, and you'll need to export any intermediate or root certificates in the
chain of trust separately.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-FileName
The FileName parameter specifies the name and path of the exported certificate or certificate request file. You can
use a local path if the certificate or certificate request is located on the same Exchange server where you're running
the command. Otherwise, use a UNC path (\\<Server>\<Share>). If the value contains spaces, enclose the value in
Type: String
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the certificate or certificate request that you want to export. Valid values are:
<Thumbprint>
Required: False
Position: 1
Default value: None
-Password
The Password parameter specifies the password for the private key or chain of trust in the exported certificate file.
To import the exported certificate file on another server, you need to know the password.
parameter.
Type: SecureString
Required: False
Position: Named
Default value: None
-Server
Name
FQDN
Exchange Legacy DN
Required: False
Position: Named
Default value: None
-Thumbprint
The Thumbprint parameter specifies the certificate or certificate request that you want to export. You can find the
thumbprint value by using the Get-ExchangeCertificate cmdlet.
Type: String
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-DataEncryptionPolicy cmdlet to view data
encryption policies in Exchange Online. For information about the parameter sets in the Syntax section below, see
Syntax
Get-DataEncryptionPolicy [[-Identity] <DataEncryptionPolicyIdParameter>] [-Confirm] [-DomainController <Fqdn>]
Description
Data encryption policy cmdlets are the Exchange Online part of service encryption with Customer Key in Office
365. For more information, see Controlling your data in Office 365 using Customer Key
(https://aka.ms/customerkey).
You can assign a data encryption policy to a mailbox by using the DataEncryptionPolicy parameter on the Set-
Mailbox cmdlet in Exchange Online PowerShell.
Examples
-------------------------- Example 1 --------------------------
This example returns a summary list of all data encryption policies in the organization.
-------------------------- Example 2 --------------------------
Get-DataEncryptionPolicy -Identity "Europe Mailboxes"
The example returns detailed information for the data encryption policy named Europe Mailboxes.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the data encryption policy that you want to view. You can use any value that
Name
GUID
Type: DataEncryptionPolicyIdParameter
Required: False
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Get-ExchangeCertificate
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-ExchangeCertificate cmdlet to view Exchange
certificates that are installed on Exchange servers. This cmdlet returns Exchange self-signed certificates, certificates
that were issued by a certification authority and pending certificate requests (also known as certificate signing
requests or CSRs). For information about the parameter sets in the Syntax section below, see Exchange cmdlet
Syntax
Get-ExchangeCertificate [[-Identity] <ExchangeCertificateIdParameter>]
[-DomainName <MultiValuedProperty>]
Get-ExchangeCertificate [-Instance <X509Certificate2>]

Get-ExchangeCertificate [[-Thumbprint] <String>]

Description
By default, this cmdlet returns the following certificate properties in the summary list view:
Thumbprint: The unique digest of the certificate data. An example thumbprint value is
78E1BE82F683EE6D8CB9B9266FC1185AE0890C41.
Services: The Exchange services that the certificate is assigned to by using the Enable-ExchangeCertificate
cmdlet. Values are None, Federation, IIS, IMAP, POP, SMTP, UM, and UMCallRouter. You'll see the value None
in certificates that aren't used with Exchange (for example, the WMSvc-<ServerName> certificate that's used
for the IIS Web Management Service).
Subject: Contains the X.500 value in the certificate's Subject Name field. The important part is the CN= value.
If you append | Format-List to the command, the cmdlet returns these additional certificate properties:
AccessRules: The host names or FQDNs in the certificate's Subject Alternative Name field.
CertificateDomains: The host names or FQDNs in the certificate's Subject Alternative Name field.
HasPrivateKey: Whether or not the certificate contains a private key.
IsSelfSigned: Whether or not the certificate is self-signed (not issued by a certification authority).
Issuer: Who issued the certificate.
NotAfter: The certificate expiration date.
NotBefore: The certificate issue date.
PublicKeySize: The size of the public key in bytes.
RootCAType: The type of CA that signed the certificate. Values are None (this value is found on the Microsoft
Exchange Server Auth Certificate, and also new self-signed certificates that you create), ThirdParty, Enterprise,
Registry (this value is found on Exchange self-signed certificates), GroupPolicy, or Unknown (this value is found
on pending certificate requests).
SerialNumber: The unique serial number of the certificate.
Status: The status of the certificate. Values are DateInvalid, Invalid, PendingRequest, RevocationCheckFailure,
Revoked, Unknown, Untrusted or Valid
If you append | Format-List * to the command, the cmdlet returns these additional certificate properties:
Archived
CertificateRequest: This property contains the hash value of the certificate request.
DnsNameList
EnhancedKeyUsageList: Typically, this value is Server Authentication (1.3.6.1.5.5.7.3.1).
Extensions
FriendlyName
Handle
Identity: This value is <ServerFQDN>\<Thumbprint>
IISServices
IssuerName: Typically, this value is System.Security.Cryptography.X509Certificates.X500DistinguishedName.
KeyIdentifier
PrivateKey: Typically, this value is System.Security.Cryptography.RSACryptoServiceProvider.
PrivateKeyExportable: If this value is True, you can export the certificate from the server.
PublicKey: Typically, this value is System.Security.Cryptography.RSACryptoServiceProvider.
RawData
SendAsTrustedIssuer
ServicesStringForm
SignatureAlgorithm: Typically, this value is System.Security.Cryptography.Oid.
SubjectKeyIdentifier
SubjectName: Typically, this value is System.Security.Cryptography.X509Certificates.X500DistinguishedName .
Version: Typically, this value is 3.
Examples
-------------------------- Example 1 --------------------------
Get-ExchangeCertificate -Server Mailbox01
This example returns a summary list of all Exchange certificates and pending certificate requests on the server
named Mailbox01.
-------------------------- Example 2 --------------------------
Get-ExchangeCertificate -Thumbprint 0271A7F1CA9AD8A27152CCAE044F968F068B14B8 | Format-List
This example returns detailed information for the specified certificate.

-------------------------- Example 3 --------------------------
Get-ExchangeCertificate -Thumbprint 0271A7F1CA9AD8A27152CCAE044F968F068B14B8 | Format-List *
This example returns all available information for the specified certificate.
-------------------------- Example 4 --------------------------
Get-ExchangeCertificate -DomainName mail.contoso.com
This example shows which certificate Exchange will select for the domain name mail.contoso.com. A Send
connector or Receive connector selects the certificate to use based on the fully qualified domain name (FQDN ) of
the connector. If you have multiple certificates with the same FQDN, you can see which certificate Exchange will
select by using the DomainName parameter to specify the FQDN. The first certificate returned is the certificate that
Exchange will select.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-DomainName
The DomainName parameter filters the results by the fully qualified domain name (FQDN ) or server name values
in the Subject Name or the Subject Alternative Name fields. You can specify multiple values separated by commas.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the certificate that you want to view. Valid values are:
<Thumbprint>
Required: False
Position: 1
Default value: None
-Instance
Type: X509Certificate2
Required: False
Position: Named
Default value: None
-Server
Name
FQDN
Exchange Legacy DN
You can't use this parameter with the Identity parameter, but you can use it with the Thumbprint parameter, or by
itself.
Required: False
Position: Named
Default value: None
-Thumbprint
The Thumbprint parameter specifies the thumbprint value of the certificate that you want to view.
Type: String
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
may be exclusive to one environment or the other. Use the Get-IRMConfiguration cmdlet to view the Information
Rights Management (IRM ) configuration in your organization. For information about the parameter sets in the
Syntax
Get-IRMConfiguration [-DomainController <Fqdn>] [<CommonParameters>]
Description
The Get-IRMConfiguration cmdlet provides details about the current IRM configuration, including whether
individual IRM features are enabled or disabled and provides the URLs used for ServiceLocation,
PublishingLocation and LicensingLocation.
Examples
-------------------------- Example 1 --------------------------
This example retrieves the IRM configuration in your organization.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-OMEConfiguration cmdlet to view Microsoft
Office 365 Message Encryption (OME ) configurations. For information about the parameter sets in the Syntax
Syntax
Get-OMEConfiguration [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
This example returns a summary list of all OME configurations in the organization.
-------------------------- Example 2 --------------------------
Get-OMEConfiguration | Format-List
This example returns detailed information for all OME configurations in the organization.
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-OMEMessageStatus
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-OMEMessageStatus cmdlet to view the
Microsoft Office 365 Message Encryption (OME ) revocation status for a specific message. For information about
Syntax
Get-OMEMessageStatus -MessageId <String> [<CommonParameters>]
Description
If encryption for the message was successfully revoked, the command will return the message: The encrypted email
with the subject "<subject>" and Message ID "<messageId>" was successfully revoked.
Examples
Example 1
Get-OMEMessageStatus -MessageId ""
This example returns the encryption revocation status for the specified message.
Parameters
-MessageId
The MessageId parameter specifies the message based on the value the Message-ID header field. This value is also
You can find the Message ID for a message in Message Trace or the Message Encryption Report in the Office 365
Security & Compliance Center.
Type: String
Required: True
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Get-RMSTemplate
In ths Article
may be exclusive to one environment or the other. Use the Get-RMSTemplate cmdlet to retrieve the current list of
active rights policy templates from the Active Directory Rights Management Services (AD RMS ) deployment for
the organization. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Get-RMSTemplate [[-Identity] <RmsTemplateIdParameter>] [-DomainController <Fqdn>]
[-ResultSize <Unlimited>] [-TrustedPublishingDomain <RmsTrustedPublishingDomainIdParameter>]
[-Type <Archived | Distributed | All>]
Description
The Get-RMSTemplate cmdlet doesn't return any active rights policy templates if internal licensing isn't enabled.
Use the Get-IRMConfiguration cmdlet to check the InternalLicensingEnabled parameter.
Examples
-------------------------- Example 1 --------------------------
Get-RMSTemplate -ResultSize unlimited
This example retrieves all RMS templates available from the RMS deployment.
-------------------------- Example 2 --------------------------
Get-RMSTemplate -Identity "Company Confidential"
This example retrieves the Company Confidential RMS template.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name of the RMS template.
Type: RmsTemplateIdParameter
Required: False
Position: 1
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
-TrustedPublishingDomain
The TrustedPublishingDomain parameter specifies the trusted publishing domain you want to search for RMS
templates. You can use any value that uniquely identifies the trusted publishing domain, for example:
Name
GUID
Type: RmsTrustedPublishingDomainIdParameter
Required: False
Position: Named
Default value: None
-Type
The Type parameter specifies the type of RMS template. Use one of the following values:
All
Archived
Distributed
Type: Archived | Distributed | All

Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-RMSTrustedPublishingDomain
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-RMSTrustedPublishingDomain cmdlet to view
the settings of an existing trusted publishing domain (TPD ) in your organization. For information about the
Syntax
Get-RMSTrustedPublishingDomain [[-Identity] <RmsTrustedPublishingDomainIdParameter>] [-Default]
Description
A trusted publishing domain contains the settings needed to use RMS features in your organization. For example,
users can apply RMS templates to email messages.
Examples
-------------------------- Example 1 --------------------------
Get-RMSTrustedPublishingDomain | Format-List
This example lists all the trusted publishing domains that are configured in your organization and shows detailed
information for each trusted publishing domain.
Parameters
-Default
The Default switch filters the results by the default trusted publishing domain. The default trusted publishing
domain displays RMS templates and provides rights protection to all new content. There can be only one default
trusted publishing domain in an organization.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the trusted publishing domain. You can use any value that uniquely identifies the
trusted publishing domain, for example:
Name
GUID
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-SmimeConfig
In ths Article
may be exclusive to one environment or the other. Use the Get-SmimeConfig cmdlet to view the S/MIME
configuration for Outlook on the web (formerly known as Outlook Web App). For information about the parameter
Syntax
Get-SmimeConfig [[-Identity] <OrganizationIdParameter>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-SmimeConfig
This example shows the S/MIME configuration that's used with Outlook on the web.
Parameters
-Identity
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Import-ExchangeCertificate
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Import-ExchangeCertificate cmdlet to import
certificates on Exchange servers. You use this cmdlet to install certificates that were exported from other servers,
and to complete pending certification requests (also known as certificate signing requests or CSRs) from
certification authorities (CAs). For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Import-ExchangeCertificate -FileData <Byte[]>
[-Confirm]
[-FriendlyName <String>]
[-PrivateKeyExportable <$true | $false>]
Import-ExchangeCertificate -Instance <String[]>

[-Confirm]
Import-ExchangeCertificate -FileName <String>

[-Confirm]
Description
You can use the Import-ExchangeCertificate cmdlet to import the following types of certificate files on an Exchange
server:
APKCS #7 certificate or chain of certificates file (.p7b or .p7c) that was issued by a certification authority (CA).
PKCS #7 is the Cryptographic Message Syntax Standard, a syntax used for digitally signing or encrypting data
using public key cryptography, including certificates. For more information, see PKCS #7: Cryptographic
Message Syntax Standard (https://go.microsoft.com/fwlink/p/?LinkID=510681).
A PKCS #12 certificate file (.cer, .crt, .der, .p12, or .pfx) that contains the private key. PKCS #12 is the Personal
Information Exchange Syntax Standard, a file format used to store certificates with corresponding private keys
that are protected by a password. The standard is specified by RSA Laboratories. For more information, see the
PKCS #12: Personal Information Exchange Syntax Standard (https://go.microsoft.com/fwlink/p/?
LinkID=90249) website.
After you import a certificate on an Exchange server, you need to assign the certificate to one or more Exchange
services by using the Enable-ExchangeCertificate cmdlet.
For more information, see Digital certificates and encryption in Exchange 2016.
Exchange admin center and the Exchange Management Shell have often been used to encompass both the SSL
Examples
-------------------------- Example 1 --------------------------
Import-ExchangeCertificate -Server Mailbox01 -FileName" \\FileServer01\Data\Exported Fabrikam Cert.pfx" -

Password (ConvertTo-SecureString -String 'P@ssw0rd1' -AsPlainText -Force)
This example imports the certificate from the PKCS #12 file from \\FileServer01\Data\Exported Fabrikam Cert.pfx
to the Exchange server named Mailbox01. This file requires the password P@ssw0rd1. This certificate could have
been exported from another server, or issued by a certification authority.
-------------------------- Example 2 --------------------------
Import-ExchangeCertificate -FileData ([Byte[]](Get-Content -Path "C:\Certificates\Fabrikam IssuedCert.p7b" -

Encoding byte -ReadCount 0))
This example imports a chain of certificates from the PKCS #7 file C:\Certificates\Fabrikam IssuedCert.p7b on the
local Exchange server.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-FileData
The FileData parameter specifies the contents of the certificate file that you want to import. Typically, you use this
parameter for PKCS #7 text certificate files that have .p7b or .p7c filename extensions. These text files contain the
text: -----BEGIN CERTIFICATE ----- and -----END CERTIFICATE ----- or -----BEGIN PKCS7----- and -----END
PKCS7-----.
A valid value for this parameter requires you to read the file to a byte-encoded object using the Get-Content
cmdlet. For example, ([Byte[]](Get-Content -Encoding Byte -Path "C:\My Documents\<filename>" -ReadCount 0)).
You can use a local path if the certificate file is located on the Exchange server where you're running the command,
and this is the same server where you want to install the certificate. Otherwise, use a UNC path (\\<Server>\
<Share>).
Type: Byte[]
Required: True
Position: Named
Default value: None
-FileName
The FileName parameter specifies the certificate file that you want to import. Typically, you use this parameter for
PKCS #12 binary certificate files that have .cer, .crt, .der, .p12, or .pfx filename extensions. This type of binary
certificate file is protected by a password when the file contains the private key or chain of trust.
You can use a local path if the certificate file is located on the Exchange server where you're running the command,
and this is the same server where you want to install the certificate. Otherwise, use a UNC path (\\<Server>\
<Share>).
Type: String
Required: True
Position: Named
Default value: None
-FriendlyName
The FriendlyName parameter specifies a friendly name for the certificate. The value must be less than 64
characters.
The friendly name value is descriptive text and doesn't affect the functionality of the certificate.
Type: String
Required: False
Position: Named
Default value: None
-Instance
Type: String[]
Required: True
Position: Named
Default value: None
-Password
The Password parameter specifies the password that's required to import the certificate.
parameter.
Type: SecureString
Required: False
Position: Named
Default value: None
-PrivateKeyExportable
The PrivateKeyExportable parameter specifies whether the certificate has an exportable private key and controls
whether you can export the certificate from this server. Valid values are:
$true: The private key is exportable, so you can export the certificate from this server.
$false: The private key isn't exportable, so you can't export the certificate from this server. This is the default
value.

Required: False
Position: Named
Default value: None
-Server
Name
FQDN
Exchange Legacy DN
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Import-RMSTrustedPublishingDomain
In ths Article
This cmdlet is available only in the cloud-based service. Use the Import-RMSTrustedPublishingDomain cmdlet to
import a trusted publishing domain (TPD ) from an on-premises server running Active Directory Rights
Management Services (AD RMS ) or from RMS Online into your cloud-based organization. For information about
Syntax
Import-RMSTrustedPublishingDomain [-Name] <String> -ExtranetLicensingUrl <Uri> -FileData <Byte[]> -
IntranetLicensingUrl <Uri> -Password <SecureString>
[-Confirm]
[-Default]
Import-RMSTrustedPublishingDomain [-Name] <String> -ExtranetLicensingUrl <Uri> -FileData <Byte[]> -

IntranetLicensingUrl <Uri> -Password <SecureString> [-ExtranetCertificationUrl <Uri>] [-
IntranetCertificationUrl <Uri>]
[-Confirm]
[-Default]
Import-RMSTrustedPublishingDomain [-Name] <String> -FileData <Byte[]> -Password <SecureString> [-

RefreshTemplates]
[-Confirm]
[-Default]
Import-RMSTrustedPublishingDomain [-Name] <String> [-RMSOnline] [-RefreshTemplates]

[-Confirm]
[-Default]
Description
A TPD contains the settings needed to use RMS features in your organization. For example, users can apply RMS
templates to email messages. After you export the TPD from an on-premises AD RMS server to an XML file, you
can import the XML file into your cloud-based organization.
If the InternalLicensingEnabled parameter value is $true on the Set-IRMConfiguration cmdlet, all TPDs require a
private key. If the InternalLicensingEnabled parameter value is $false, TPDs don't require a private key. However,
the only RMS feature available to the organization is Outlook protection rules. Typically, TPDs without private keys
are created when the AD RMS server uses a hardware-based cryptographic service provider (CSP ) or a custom
CSP.
Examples
-------------------------- Example 1 --------------------------
Import-RMSTrustedPublishingDomain -Name "Contoso TPD" -FileData $([byte[]](Get-Content -Encoding byte -Path

"C:\My Documents\Contoso.xml" -ReadCount 0)) -Password (ConvertTo-SecureString -String 'Pa$$word1' -
AstPlainText -Force)-ExtranetLicensingUrl https://rms.contoso.com/_wmcs/licensing -IntranetLicensingUrl
https://RMS01/_wmcs/licensing
This example imports a TPD from an AD RMS server into a cloud-based organization. The TPD uses the following
values:
Path to exported XML file: C:\My Documents\Contoso.xml
Password of exported XML file: Pa$$word1
External licensing URL: https://rms.contoso.com/\_wmcs/licensin
Internal licensing URL: https://RMS01/_wmcs/licensing
TPD name: Contoso TPD
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Default
The Default switch specifies that this is the default TPD. You don't need to specify a value with this switch.
The default TPD displays RMS templates and provides rights protection to all new content. There can be only one
default TPD in an organization.
The first TPD you import into your organization is automatically set as the default.
Required: False
Position: Named
Default value: None
-ExtranetCertificationUrl
The ExtranetCertificationUrl parameter specifies the external certification URL of the on-premises AD RMS server
that's stamped into the Rights Account Certificate (RAC ). The RAC establishes a user's identity in the AD RMS
system, and is used to decrypt content.
By default, the value of the ExtranetCertificationUrl parameter is
https://<FQDN>/_wmcs/certification/servercertification.asmx.
Type: Uri
Required: False
Position: Named
Default value: None
-ExtranetLicensingUrl
The ExtranetLicensingUrl parameter specifies the external licensing URL of the on-premises AD RMS server that's
stamped into the publishing license. The publishing license specifies the users that can open the rights-protected
content, under which conditions the content may be opened by the user, and the rights that each user will have to
the rights-protected content.
By default, the value of the ExtranetLicensingUrl parameter is https://<FQDN>/_wmcs/licensing.
Type: Uri
Required: True
Position: Named
Default value: None
-FileData
The FileData parameter specifies the XML file you want to import. The XML file contains the TPD you exported
from the on-premises AD RMS server.
Type: Byte[]
Required: True
Position: Named
Default value: None
-IntranetCertificationUrl
The IntranetCertificationUrl parameter specifies the internal certification URL of the on-premises AD RMS server
that's stamped into the RAC. The RAC establishes a user's identity in the AD RMS system, and is used to decrypt
content.
By default, the value of the IntranetCertificationUrl parameter is https://<server
name>/_wmcs/certification/servercertification.asmx.
Type: Uri
Required: False
Position: Named
Default value: None
-IntranetLicensingUrl
The IntranetLicensingUrl parameter specifies the internal licensing URL of the on-premises AD RMS server that's
By default, the value of the IntranetLicensingUrl parameter is https://<server name>/_wmcs/licensing.
Type: Uri
Required: True
Position: Named
Default value: None
-Name
The Name parameter specifies the name of the TPD. If you use the RefreshTemplates switch, the value must match
the name of the previously imported TPD.
Type: String
Required: True
Position: 1
Default value: None
-Password
The Password parameter specifies the password of the TPD that you want to import. The password value must
match the password in the XML file when you exported the TPD from the on-premises AD RMS server.
parameter.
Type: SecureString
Required: True
Position: Named
Default value: None
-RefreshTemplates
The RefreshTemplates switch specifies whether to update the RMS templates in a previously imported TPD. You
When you add, modify, or remove RMS templates in a TPD on the AD RMS server, you export the updated TPD to
a new XML file, and import the new XML file in your cloud-based organization. The RefreshTemplates switch uses
the following rules:
Only the FileData, Password, and Name parameters are required. The value of the Name parameter must
match the name of the previously imported TPD.
If the new XML file doesn't contain an RMS template that was defined in the previously imported TPD, the
RMS template is removed from the cloud-based organization.
If the new XML file contains an updated RMS template that was defined in the previously imported TPD, the
RMS template settings are updated in the cloud-based organization. However, the RMS template isn't changed
from Archived to Distributed or vice versa.
If the new XML file contains an RMS template that wasn't imported in the original TPD, the RMS template is
added to the cloud-based organization in the Archived state. To make the new RMS template usable, you must
change its state from Archived to Distributed using the Set-RMSTemplate cmdlet.
Required: False
Position: Named
Default value: None
-RMSOnline
The RMSOnline switch specifies that the TPD is imported from RMS Online. You don't need to specify a value with
this switch.
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-DataEncryptionPolicy
In ths Article
This cmdlet is available only in the cloud-based service. Use the New-DataEncryptionPolicy cmdlet to create data
Syntax
New-DataEncryptionPolicy [-Name] <String> -AzureKeyIDs <MultiValuedProperty> [-Confirm] [-Description <String>]
[-DomainController <Fqdn>] [-Enabled <$true | $false>] [-WhatIf] [<CommonParameters>]
Description
Data encryption policy cmdlets are the Exchange Online part of service encryption with Customer Key in Office 365. For
more information, see Controlling your data in Office 365 using Customer Key (https://aka.ms/customerkey).
You can assign a data encryption policy to a mailbox by using the DataEncryptionPolicy parameter on the Set-Mailbox
cmdlet in Exchange Online PowerShell.
You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet,
you may not have access to some parameters if they're not included in the permissions assigned to you. To find the
permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any
Exchange cmdlet (https://technet.microsoft.com/library/mt432940.aspx).
Examples
-------------------------- Example 1 --------------------------
New-DataEncryptionPolicy -Name "US Mailboxes" -AzureKeyIDs

"https://contosoWestUSvault01.vault.azure.net/keys/USA_Key_01","https://contosoEastUSvault01.vault.azure.net/keys/USA_K
ey_02" -Description "Root key for mailboxes located in US territories"
This example creates a data encryption policy named US Mailboxes with the specified Azure Key Vault keys and
description.
Parameters
-AzureKeyIDs
The AzureKeyIDs parameter specifies the URI values of the Azure Key Vault keys to associate with the data encryption
policy. You need to specify at least two Azure Key Vault keys separated by commas. For example,
"https://contosoWestUSvault01.vault.azure.net/keys/USA_Key_01","https://contosoEastUSvault01.vault.azure.net/keys/USA_Key_02"
To find the URI value for an Azure Key Vault, replace <VaultName> with the name of the vault, and run this command in
Azure Rights Management PowerShell: Get-AzureKeyVaultKey -VaultName <VaultName>).id. For more information, see
Get started with Azure Key Vault (https://go.microsoft.com/fwlink/p/?linkid=521402).
Required: True
Position: Named
Default value: None
-Confirm
command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: -
Confirm:$false.
Most other cmdlets (for example, New-* and Set-* cmdlets) don't have a built-in pause. For these cmdlets, specifying
the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.
Required: False
Position: Named
Default value: None
-Description
The Description parameter specifies an optional description for the data encryption policy. If the value contains spaces,
enclose the value in quotation marks.
Type: String
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter enables or disable the data encryption policy. Valid values are:
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the unique name for the data encryption policy. If the value contains spaces, enclose the
value in quotation marks.
Type: String
Required: True
Position: 1
Default value: None
-WhatIf
The WhatIf switch simulates the actions of the command. You can use this switch to view the changes that would occur
without actually applying those changes. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in on-premises Exchange. Use the New -ExchangeCertificate cmdlet to create and
renew self-signed certificates, and to create certificate requests (also known as certificate signing requests or CSRs)
for new certificates and certificate renewals from a certification authority (CA). For information about the
Syntax
New-ExchangeCertificate [-BinaryEncoded] [-GenerateRequest] [-RequestFile <String>]
[-Confirm]
[-Force]
[-IncludeAcceptedDomains]
[-IncludeAutoDiscover]
[-IncludeServerFQDN]
[-IncludeServerNetBIOSName]
[-Instance <X509Certificate2>]
[-KeySize <Int32>]
[-SubjectKeyIdentifier <String>]
[-SubjectName <X500DistinguishedName>]
New-ExchangeCertificate [-Services <None | IMAP | POP | UM | IIS | SMTP | Federation>]

[-Confirm]
[-Force]
[-IncludeAcceptedDomains]
[-IncludeAutoDiscover]
[-IncludeServerFQDN]
[-IncludeServerNetBIOSName]
[-Instance <X509Certificate2>]
[-KeySize <Int32>]
[-SubjectKeyIdentifier <String>]
[-SubjectName <X500DistinguishedName>]
Description
Exchange uses certificates for SSL and TLS encryption.
Exchange admin center, and the Exchange Management Shell have often been used to encompass both the SSL
Examples
-------------------------- Example 1 --------------------------
This example creates a self-signed certificate with the following settings:

The Subject value is CN=<ServerName> (for example, CN=Mailbox01).
The Domains (subject alternative names) value is <ServerName>, <ServerFQDN> (for example,
Mailbox01,Mailbox01.contoso.com).
The Services value is IMAP,POP,SMTP
The Services value SMTP grants the Network Services local security group read access to the certificate's private
key.
The Services value SMTP and the Subject value that contains the server name publishes the certificate to Active
Directory so that Exchange direct trust can validate the authenticity of the server for mutual TLS.
If you don't want this certificate to replace the existing self-signed certificate that was created during Exchange
setup, be sure to select "No" in the prompt that asks you overwrite the existing default SMTP certificate.
-------------------------- Example 2 --------------------------
New-ExchangeCertificate -GenerateRequest -RequestFile "C:\Cert Requests\woodgrovebank.req" -SubjectName

"c=US,o=Woodgrove Bank,cn=mail.woodgrovebank.com" -DomainName
autodiscover.woodgrovebank.com,mail.fabrikam.com,autodiscover.fabrikam.com
This example creates a new certificate request for a certification authority that has the following settings:
The request is Base64 encoded.
The output is displayed onscreen and is also written to the text file C:\Cert Requests\woodgrovebank.req.
The Subject value is c=US,o=Woodgrove Bank,cn=mail.woodgrovebank.com
The Domains (subject alternative names) value contains the additional
valuesautodiscover.woodgrovebank.com,mail.fabrikam.com, and autodiscover.fabrikam.com.
After you create the certificate request, you send the output to the CA. After you receive the certificate from the CA,
you install the certificate by using the Import-ExchangeCertificate cmdlet, and you assign the certificate to
Exchange services by using the Enable-ExchangeCertificate cmdlet.
If the CA requires the certificate request in a file that's encoded by DER, use the BinaryEncoding switch.
-------------------------- Example 3 --------------------------
Get-ExchangeCertificate -Thumbprint c4248cd7065c87cb942d60f7293feb7d533a4afc | New-ExchangeCertificate -

PrivateKeyExportable $true
This example renewsthe existing self-signed certificate that has the thumbprint value
c4248cd7065c87cb942d60f7293feb7d533a4afc. You can find the thumbprint value by using the Get-
ExchangeCertificate cmdlet. Setting the PrivateKeyExportable parameter to the value $true allows the renewed self-
signed certificate to be exported from the server (and imported on other servers).
-------------------------- Example 4 --------------------------
Get-ExchangeCertificate -Thumbprint 8A141F7F2BBA8041973399723BD2598D2ED2D831 | New-ExchangeCertificate -

GenerateRequest -RequestFile "C:\Cert Requests\fabrikam_renewal.req"
This example creates a request to renew an existing certificate that was issued by a certification authority. The
certificate request has the following settings:
The thumbprint value of the existing certificate is 8A141F7F2BBA8041973399723BD2598D2ED2D831. You can
find the thumbprint value by using the Get-ExchangeCertificate cmdlet.
The request is Base64 encoded.
The output is displayed onscreen and is also written to the text file C:\Cert Requests\fabrikam_renewal.req.
After you create the certificate renewal request, you send the output to the CA. After you receive the renewed
certificate from the CA, you install the certificate by using the Import-ExchangeCertificate cmdlet.
-------------------------- Example 5 --------------------------
Get-ExchangeCertificate -Thumbprint c4248cd7065c87cb942d60f7293feb7d533a4afc | New-ExchangeCertificate
This example shows how to renew a self-signed certificate with a specific thumbprint value. You can obtain the
thumbprint value in one of two ways.
Select the certificate in the Exchange Administration Center and then select Edit to view properties of the
certificate. The thumbprint value is shown in the Exchange Certificate window.
Run the Get-ExchangeCertificate cmdlet to return a list of all certificates installed on the server with their
thumbprint values.
Parameters
-BinaryEncoded
The BinaryEncoded switch specifies whether to encode the new certificate request by using Distinguished Encoding
Rules (DER ). You don't need to specify a value with this switch.
If you don't use this switch, the request is Base64 encoded.
This switch is available only when you use the GenerateRequest switch.
For Base64 encoded requests, you send the contents of the file to the certificate authority. For requests that are
encoded by DER, you send the certificate file itself.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-DomainName
The DomainName parameter specifies one or more FQDNs or server names for theSubject Alternative Namefield
(also known as the Subject Alt Name or SAN field) of the certificate request or self-signed certificate.
If the value in the certificate's Subject field doesn't match the destination server name or FQDN, the requestor
looks for a match in the Subject Alternative Name field.
Typically, values include server names (for example, Mailbox01) and FQDNs (for example, mail.contoso.com). You
can specify multiple values separated by commas. Valuescan contain the characters a through z, 0 through 9, and
the hyphen (-). The length of the domain name can't exceed 255 characters.
The default value includes the name and FQDN of the Exchange server when both of the following conditions are
true:
You don't use this parameter.
You don't use any of these parameters: IncludeAcceptedDomains, IncludeAutoDiscover, IncludeServerFQDN,
or IncludeServerNetBIOSName.
Required: False
Position: Named
Default value: None
-Force
By default, when you create a self-signed certificate that's enabled for SMTP (no Services parameter, or the
Services parameter contains the value SMTP ), you're prompted to replace the existing default SMTP certificate with
the new one that you're creating. If you use the Force switch, the new SMTP certificate automatically replaces the
existing SMTP certificate without asking.
Required: False
Position: Named
Default value: None
-FriendlyName
The FriendlyName parameter specifies a friendly name for the certificate request or self-signed certificate. The
value must be less than 64 characters.
The default value is Microsoft Exchange. The friendly name value is descriptive text, and doesn't affect the
functionality of the certificate.
Type: String
Required: False
Position: Named
Default value: None
-GenerateRequest
The GenerateRequest switch specifies that you're creating a certificate request for a certification authority (CA). You
This switch, together with the RequestFile parameter, generates a PKCS #10 certificate request that you send to the
CA. How you send the information depends on the CA, but typically, for Base64 encoded requests, you paste the
contents in an email message or in the request form on the CA's web site.
After you install the certificate from the certification authority by using the Import-ExchangeCertificate cmdlet, you
use the Enable-ExchangeCertficate cmdlet to enable the certificate for Exchange services.
If you don't use this switch,thecommand creates a new self-signed certificate on the Exchange server.
Required: False
Position: Named
Default value: None
-IncludeAcceptedDomains
The IncludeAcceptedDomains switch specifies that all accepted domains in the Exchange organization are included
in the Subject Alternative Name field of the certificate request or self-signed certificate. You don't need to specify a
When you use this switch:
If you've already included an accepted domain in the DomainName parameter, the value isn't duplicated in the
Subject Alternative Name field.
For new self-signed certificates, if you don't use the Services parameter, the certificate is only assigned to
SMTP.
Required: False
Position: Named
Default value: None
-IncludeAutoDiscover
The IncludeAutoDiscover switch specifies whether to add a Subject Alternative Namevalue with the prefix
autodiscover for each accepted domain in the Exchange organization. You don't need to specify a value with this
switch.
For example, if the organization has the accepted domains woodgrovebank.com and woodgrovebank.co.uk, using
this switch results in the addition of the following values in the Subject Alternative Name field:
autodiscover.woodgrovebank.com
autodiscover.woodgrovebank.co.uk
When you use this switch:
If you've already included the value autodiscover.<AcceptedDomain> in the DomainName parameter, the value
isn't duplicated in the Subject Alternative Name field.
For new self-signed certificates, if you don't use the Services parameter, the certificate is only assigned to
SMTP.
Required: False
Position: Named
Default value: None
-IncludeServerFQDN
The IncludeServerFQDN switch specifies that the FQDN of the Exchange server is included in the Subject
Alternative Name field of the new certificate request or self-signed certificate. You don't need to specify a value
with this switch.
When you use this switch, and you've already included the server's FQDN in the DomainName parameter, the
value isn't duplicated in the Subject Alternative Name field.
Required: False
Position: Named
Default value: None
-IncludeServerNetBIOSName
The IncludeServerNetBIOSName switch specifies that the NetBIOS name of the Exchange server is included in the
Subject Alternative Name field of the new certificate request or self-signed certificate. You don't need to specify a
value with this switch
When you use this switch, and you've already included the server's NetBIOS name in the DomainName parameter,
the value isn't duplicated in the Subject Alternative Name field.
Required: False
Position: Named
Default value: None
-Instance
Type: X509Certificate2
Required: False
Position: Named
Default value: None
-KeySize
The KeySize parameter specifies the size (in bits) of the RSA public key that's associated with the new certificate
request or self-signed certificate. Valid values are:
1024
2048 (This is the default value)
4096
Type: Int32
Required: False
Position: Named
Default value: None
-PrivateKeyExportable
The PrivateKeyExportable parameter specifies whether the new self-signed certificate has an exportable private key,
and controls whether you can export the certificate from the server (and import the certificate on other servers).
Valid values are:
$true: The private key is exportable, so you can export the certificate from the server.
$false: The private key isn't exportable, so you can't export the certificate. This is the default value.
This parameter is only meaningful for new self-signed certificates.

Required: False
Position: Named
Default value: None
-RequestFile
The RequestFile parameter specifies the name and path of the certificate request file. The file contains the same
information that's displayed on-screen when you generate a Base64 encoded certificate request (you don't use the
BinaryEncoded switch).
You can use a local path if the certificate or certificate request is located on the same Exchange server where you're
running the command. Otherwise, use a UNC path (\\<Server>\<Share>). If the value contains spaces, enclose the
You can use this parameter only when you use the GenerateRequest switch.
Type: String
Required: False
Position: Named
Default value: None
-Server
Name
FQDN
Exchange Legacy DN
Required: False
Position: Named
Default value: None
-Services
The Services parameter specifies the Exchange services that the new self-signed certificate is enabled for. Valid
values are:
None: You can enable the certificate for Exchange services later by using the Enable-ExchangeCertificate cmdlet.
Federation
IIS
IMAP: Don't enable a wildcard certificate for the IMAP4 service. Instead, use the Set-ImapSettings cmdlet to
configure the FQDN that clients use to connect to the IMAP4 service.
POP: Don't enable a wildcard certificate for the POP3 service. Instead, use the Set-PopSettings cmdlet to
configure the FQDN that clients use to connect to the POP3 service.
SMTP: When you enable a certificate for SMTP, you're prompted to replace the default Exchange self-signed
certificate that's used to encrypt SMTP traffic between internal Exchange. If you want to replace the default
certificate without the confirmation prompt, use the Force switch.
UM: This value requires that the UMStartupMode parameter on the Set-UMService cmdlet is set to TLS or
Dual. If the UMStartupMode parameter is set to the default value of TCP, you can't enable the certificate for the
UM service.
UMCallRouter: This value requires that the UMStartupMode parameter on the Set-UMCallRouterService
cmdlet is set to TLS or Dual. If the UMStartupMode parameter is set to the default value TCP, you can't enable
the certificate for the UM Call Router service.
You can specify multiple values separated by commas. The default values are IMAP,POP, and SMTP.
You can't use this parameter with the GenerateRequest switch.
Once you enable a certificate for a service, you can't remove the service from the certificate.
Type: None | IMAP | POP | UM | IIS | SMTP | Federation

Required: False
Position: Named
Default value: None
-SubjectKeyIdentifier
The SubjectKeyIdentifier parameter specifies the unique subject key identifier for a newself-signed certificate. For
example, run the command: $ski = [System.Guid]::NewGuid().ToString("N"), and use the value $ski for this
parameter.
Type: String
Required: False
Position: Named
Default value: None
-SubjectName
The SubjectName parameter specifies the Subject field of the certificate request or self-signed certificate.
Every certificate requires a value for the Subject field, and only one value is allowed. The requestor attempts to
match the destination server name or FQDN with the common name (CN ) value of subject.
This parameter uses the syntax: [C=<CountryOrRegion>,S=<StateOrProvince>,L=LocalityOrCity,O=
<Organization>,OU=<Department>],CN=<HostNameOrFQDN>. Although the only required value is CN=
<HostNameOrFQDN>, you should always include C=<CountryOrRegion> for certificate requests, but other
values might also be required by the certification authority.
For example, if you want the certificate's subject to be mail.contoso.com in the United States, you can use any of the
following values:
C=US,S=WA,L=Redmond,O=Contoso,OU=IT,CN=mail.contoso.com
C=US,O=Contoso,CN=mail.contoso.com
C=US,CN=mail.contoso.com
If you don't use this parameter, the default value is the name of the Exchange server where you run the command
(for example, CN=Mailbox01).
For a subject alternative name (SAN ) certificate, you should choose one of the values from the DomainName
parameter to use in the SubjectName value. In fact, the CN value that you specify for SubjectName is automatically
included in the DomainName values.
For a wildcard certificate, use a SubjectName value that contains the wildcard character (*). For example,
C=US,CN=*.contoso.com.
Type: X500DistinguishedName
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-OMEConfiguration
In ths Article
This cmdlet is available only in the cloud-based service. Use the New -OMEConfiguration cmdlet to create a
Microsoft Office 365 Message Encryption (OME ) configuration. For information about the parameter sets in the
Syntax
New-OMEConfiguration [-Identity] <OrganizationIdParameter>
[-BackgroundColor <String>]
[-DisclaimerText <String>]
[-EmailText <String>]
[-ExternalMailExpiryInDays <Int32>]
[-Image <Byte[]>]
[-IntroductionText <String>]
[-OTPEnabled <$true | $false>]
[-PortalText <String>]
[-ReadButtonText <String>]
[-SocialIdSignIn <$true | $false>]
Description
Examples
Example 1
New-OMEConfiguration -Identity "Contoso Marketing" -EmailText "Encrypted message enclosed." -PortalText "This
portal is encrypted." -DisclaimerText "Encryption security disclaimer." -Image (Get-Content "C:\Temp\OME
Logo.gif" -Encoding byte)
This example creates a new OME configuration named "Contoso Marketing" with the specified values specified.
Unused parameters get the default values.
Parameters
-BackgroundColor
The BackgroundColor parameter specifies the background color. Valid values are:
An available HTML hexadecimal (hex triplet) color code value (for example, 0x000000 is white).
An available text value (for example, yellow is 0x00FFFF00).
$null (blank). This is the default value.
For the list of available hex and text values, see Background colors for Office 365 Message Encryption
(https://support.office.com/article/1508cb35-c5ff-4523-b579-947b21d5515f).
Type: String
Required: False
Position: Named
Default value: None
-DisclaimerText
The DisclaimerText parameter specifies the disclaimer text in the email that contains the encrypted message. The
maximum length is 1024 characters. If the value contains spaces, enclose the value in quotation marks (").
Type: String
Required: False
Position: Named
Default value: None
-EmailText
The EmailText parameter specifies the default text that accompanies encrypted email messages. The default text
appears above the instructions for viewing encrypted messages. The maximum length is 1024 characters. If the
value contains spaces, enclose the value in quotation marks (").
Type: String
Required: False
Position: Named
Default value: None
-ExternalMailExpiryInDays
This parameter is only available with a Microsoft 365 Advanced Message Encryption subscription.
The ExternalMailExpiryInDays parameter specifies the number of days that the encrypted message is available to
external recipients in the Microsoft 365 portal. A valid value is an integer from 0 to 730. The value 0 means the
messages will never expire. The default value is 0.
Type: String
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies a unique name for the OME configuration object. The maximum length is 64
characters. If the value contains spaces, enclose the value in quotation marks (").
Required: True
Position: 0
Default value: None
Accept pipeline input: True (ByValue)
-Image
The Image parameter identifies and uploads an image that will be displayed in the email message and in the Office
365 portal.
You need to read the file to a byte-encoded object using the Get-Content cmdlet, for example, -Image (Get-Content
"C:\Temp\OME Logo.gif" -Encoding byte)
Supported file formats: .png, .jpg, .bmp, or .tiff
Optimal size of logo file: less than 40 KB
Optimal dimensions of logo image: 170x70 pixels
Type: Byte[]
Required: False
Position: Named
Default value: None
-IntroductionText
The IntroductionText parameter specifies the default text that accompanies encrypted email messages. The default
text appears below the recipient email address for viewing the encrypted message. If the value contains spaces,
Type: String
Required: False
Position: Named
Default value: None
-OTPEnabled
The OTPEnabled parameter specifies whether to allow recipients to use a one-time passcode to view encrypted
$true: Recipients can use a one-time passcode to view encrypted messages. This is the default value.
$false: Recipients can't use a one-time passcode to view encrypted messages. The recipient is required to sign in
using an Office 365 work or school account.
Required: False
Position: Named
Default value: None
-PortalText
The PortalText parameter specifies the text that appears at the top of the encrypted email viewing portal. The
Type: String
Required: False
Position: Named
Default value: None
-ReadButtonText
The ReadButtonText parameter specifies the text that appears on the "Read Message" button. If the value contains
Type: String
Required: False
Position: Named
Default value: None
-SocialIdSignIn
The SocialIdSignIn parameter specifies whether a user is allowed to view an encrypted message in the Office 365
portal using their own social network id (Google, Yahoo, etc). Valid values are:
$true: Social network ID sign in is allowed. This is the default value.
$false: Social network ID sign in is not allowed. Whether the recipient can use a one-time passcode or their
Office 365 work or school account is controlled by the OTPEnabled parameter.

Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Remove-ExchangeCertificate
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Remove-ExchangeCertificate cmdlet to remove
existing Exchange certificates or pending certificate requests (also known as certificate signing requests or CSRs)
from Exchange servers. For information about the parameter sets in the Syntax section below, see Exchange cmdlet
Syntax
Remove-ExchangeCertificate [-Thumbprint] <String> [-Server <ServerIdParameter>]
[-Confirm]
Remove-ExchangeCertificate [[-Identity] <ExchangeCertificateIdParameter>]

[-Confirm]
Description
You can't remove the certificate that's being used. If you want to replace the default certificate for the server with
another certificate that has the same fully qualified domain name (FQDN ), you must create the new certificate first,
and then remove the old certificate.
Exchange admin center and the Exchange Management Shell have often been used to encompass both the SSL
Examples
-------------------------- Example 1 --------------------------
Remove-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e
This example removes the certificate with the specified thumbprint from the local Exchange server.
-------------------------- Example 2 --------------------------
Remove-ExchangeCertificate -Server Mailbox01 -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e
This example uses the same settings, but removes the certificate from the server named Mailbox01.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the certificate that you want to remove. Valid values are:
<Thumbprint>
Required: False
Position: 1
Default value: None
-Server
Name
FQDN
Exchange Legacy DN
Required: False
Position: Named
Default value: None
-Thumbprint
The Thumbprint parameter specifies the certificate that you want to remove. You can find the thumbprint value by
using the Get-ExchangeCertificate cmdlet.
Type: String
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-OMEConfiguration
In ths Article
This cmdlet is available only in the cloud-based service. Use the Remove-OMEConfiguration cmdlet to remove
custom Microsoft Office 365 Message Encryption (OME ) configurations. You can't use this cmdlet to remove the
default OME configuration. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Remove-OMEConfiguration [-Identity] <OMEConfigurationIdParameter>
[-Confirm]
Description
Examples
Example 1
Remove-OMEConfiguration -Identity "Contoso Marketing"
This example removes the custom OME configuration named Contoso Marketing.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the custom OME configuration that you want to remove. You can use the Get-
OMEConfiguration cmdlet to see the available values. If the value contains spaces, enclose the value in quotation
marks
Type: OMEConfigurationIdParameter
Required: True
Position: 0
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Remove-RMSTrustedPublishingDomain
In ths Article
This cmdlet is available only in the cloud-based service. Use the Remove-RMSTrustedPublishingDomain cmdlet to
remove an existing trusted publishing domain (TPD ) from your organization. For information about the parameter
Syntax
Remove-RMSTrustedPublishingDomain [-Identity] <RmsTrustedPublishingDomainIdParameter>
[-Confirm]
[-Force]
Description
A trusted publishing domain contains the settings needed to use Rights Management Services (RMS ) features in
your organization. When you delete a trusted publishing domain, all existing content that's protected by the RMS
templates in the trusted publishing domain becomes unreadable. Instead of deleting the trusted publishing domain,
you can archive the RMS templates using the Set-RMSTemplate cmdlet. Archiving the RMS template prevents
future use for encryption, but allows access to existing rights-protected content.
If you delete the only trusted publishing domain, all RMS features are disabled in the organization. If multiple
trusted publishing domains exist in your organization, you can't delete the default trusted publishing domain. You
must first designate another trusted publishing domain as the default. You can change the default trusted
publishing domain using the Set-RMSTrustedPublishingDomain cmdlet.
Examples
-------------------------- Example 1 --------------------------
Remove-RMSTrustedPublishingDomain "Contoso TPD"
This example removes the trusted publishing domain Contoso TPD from your organization.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Force
The Force parameter forces the command to execute without asking for user confirmation.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the trusted publishing domain. You can use any value that uniquely identifies the
trusted publishing domain, for example:
Name
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-DataEncryptionPolicy
In ths Article
This cmdlet is available only in the cloud-based service. Use the Set-DataEncryptionPolicy cmdlet to modify data
Syntax
Set-DataEncryptionPolicy [-Identity] <DataEncryptionPolicyIdParameter> [-PermanentDataPurgeContact <String>] -
PermanentDataPurgeReason <String>
[-Confirm]
[-Description <String>]
[-Force]
[-Name <String>]
Set-DataEncryptionPolicy [-Identity] <DataEncryptionPolicyIdParameter> -PermanentDataPurgeContact <String> -

PermanentDataPurgeReason <String> [-PermanentDataPurgeRequested]
[-Confirm]
[-Force]
[-Name <String>]
Set-DataEncryptionPolicy [-Identity] <DataEncryptionPolicyIdParameter> [-Refresh]

[-Confirm]
[-Name <String>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-DataEncryptionPolicy -Identity "US Mailboxes" -Enabled $false
This example disabled the data encryption policy named US Mailboxes.

-------------------------- Example 2 --------------------------
Set-DataEncryptionPolicy -Identity "Europe Mailboxes" -Refresh
This example updates the data encryption policy named Europe Mailboxes after one of the associated keys has
been rotated in the Azure Key Vault.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Description
The Description parameter specifies an optional description for the data encryption policy. If the value contains
spaces, enclose the value in quotation marks.
Type: String
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter enables or disable the data encryption policy. Valid values are:

Required: False
Position: Named
Default value: None
-Force
Use the Force switch when you're trying to initiate the deletion of all data that's encrypted by the data encryption
policy (the PermanentDataPurgeRequested switch), but the associated Azure Key Vault has also been deleted. You
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the data encryption policy that you want to modify. You can use any value that
Name
GUID
Required: True
Position: 1
Default value: None
-Name
The Name parameter specifies the unique name for the data encryption policy. If the value contains spaces, enclose
the value in quotation marks.
Type: String
Required: False
Position: Named
Default value: None
-PermanentDataPurgeContact
The PermanentDataPurgeContact parameter specifies a contact for the purge of all data that's encrypted by the
data encryption policy. If the value contains spaces, enclose the value in quotation marks.
You need to use this parameter with the PermanentDataPurgeRequested and PermanentDataPurgeReason
parameters.
Type: String
Required: True
Position: Named
Default value: None
-PermanentDataPurgeReason
The PermanentDataPurgeReason parameter specifies a descriptive reason for the purge of all data that's encrypted
by the data encryption policy. If the value contains spaces, enclose the value in quotation marks.
You need to use this parameter with the PermanentDataPurgeRequested and PermanentDataPurgeContact
parameters.
Type: String
Required: True
Position: Named
Default value: None
-PermanentDataPurgeRequested
The PermanentDataPurgeRequested switch specifies whether to initiate the deletion of all data that's encrypted by
the data encryption policy. You don't need to specify a value with this switch.
You need to use this switch with the PermanentDataPurgeReason and PermanentDataPurgeContact parameters.
After you use this switch, you can't assign the data encryption policy to other mailboxes.
Required: True
Position: Named
Default value: None
-Refresh
Use the Refresh switch to update the data encryption policy in Exchange Online after you rotate any of the
associated keys in the Azure Key Vault. You don't need to specify a value with this switch.
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Set-IRMConfiguration
In ths Article
may be exclusive to one environment or the other. Use the Set-IRMConfiguration cmdlet to configure Information
Rights Management (IRM ) features on your organization. Configuring and using IRM features in an on-premises
Exchange organization requires Active Directory Rights Management Services (AD RMS ). For information about
Syntax
Set-IRMConfiguration [-Identity <OrganizationIdParameter>]
[-AutomaticServiceUpdateEnabled <$true | $false>]
[-AzureRMSLicensingEnabled <$true | $false>]
[-ClientAccessServerEnabled <$true | $false>]
[-Confirm]
[-DecryptAttachmentForEncryptOnly <$true | $false>]
[-EDiscoverySuperUserEnabled <$true | $false>]
[-ExternalLicensingEnabled <$true | $false>]
[-Force]
[-InternalLicensingEnabled <$true | $false>]
[-JournalReportDecryptionEnabled <$true | $false>]
[-LicensingLocation <MultiValuedProperty>]
[-RefreshServerCertificates]
[-RMSOnlineKeySharingLocation <Uri>]
[-SearchEnabled <$true | $false>]
[-SimplifiedClientAccessEnabled <$true | $false>]
[-TransportDecryptionSetting <Disabled | Optional | Mandatory>]
Description
IRM requires the use of an on-premises AD RMS server or the ILS service. IRM features can be selectively enabled
or disabled.
Examples
-------------------------- Example 1 --------------------------
Set-IRMConfiguration -JournalReportDecryptionEnabled $true
This example enables journal report decryption.

-------------------------- Example 2 --------------------------
Set-IRMConfiguration -TransportDecryptionSetting Mandatory
This example enables transport decryption and enforces decryption. When decryption is enforced, messages that
can't be decrypted are rejected, and an NDR is returned.
-------------------------- Example 3 --------------------------
Set-IRMConfiguration -ExternalLicensingEnabled $true
This example enables licensing for external messages.
Parameters
-AutomaticServiceUpdateEnabled
The AutomaticServiceUpdateEnabled parameter specifies whether to allow the automatic addition of new features
within Azure Information Protection for your cloud-based organization. Valid values are:
$true: New Azure Information Protection features announced through Office 365 message center will be
enabled automatically in your cloud-based organization. This is the default value.
$false: Prevents new Azure Information Protection features from automatically being introduced into your
tenant organization.

Required: False
Position: Named
Default value: None
-AzureRMSLicensingEnabled
The AzureRMSLicensingEnabled parameter specifies whether the Exchange Online organization can to connect
directly to Azure Rights Management. Valid values are:
$true: The Exchange Online organization can connect directly to Azure Rights Management. This enables Office
365 Message Encryption.
$false: The Exchange Online organization can't connect directly to Azure Rights Management. Do not configure
this value unless you're directed to do so by Microsoft Customer Service and Support.

Required: False
Position: Named
Default value: None
-ClientAccessServerEnabled
The ClientAccessServerEnabled parameter specifies whether to enable IRM for Outlook on the web (formerly
known as Outlook Web App) and Exchange ActiveSync. Valid values are:
$true: IRM is enabled for Outlook on the web and Exchange ActiveSync. This is the default value. Note that
enabling IRM in Outlook on the web requires additional configuration on AD RMS servers. For more
information, see Information Rights Management in Outlook Web App
$false: IRM is disabled for Outlook on the web and Exchange ActiveSync.

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DecryptAttachmentForEncryptOnly
The DecryptAttachmentForEncryptOnly parameter specifies whether mail recipients have unrestricted rights on the
attachment or not for Encrypt-only mails sent using new Office 365 Message Encryption capabilities. Valid values
are:
$true: The recipients will have unrestricted rights on attachments sent using Encrypt-Only policy.
$false: The recipients will not have unrestricted rights on attachments sent using Encrypt-Only policy.
This parameter replaces the deprecated DecryptAttachmentFromPortal parameter.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-EDiscoverySuperUserEnabled
The EDiscoverySuperUserEnabled parameter specifies whether members of the Discovery Management role
group can access IRM -protected messages in a discovery mailbox that were returned by a discovery search. Valid
values are:
$true: Members of the Discovery Management role group can access IRM -protected messages in discovery
mailboxes.
$false: Members of the Discovery Management role group can't access IRM -protected messages in discovery
mailboxes.
For more information about In-Place eDiscovery and IRM -protected messages, see In-Place eDiscovery

Required: False
Position: Named
Default value: None
-ExternalLicensingEnabled
The ExternalLicensingEnabled parameter specifies whether to enable IRM features for messages that are sent to
external recipients. Valid values are:
$true: IRM features are enabled for external messages.
$false: IRM features are disabled for external messages. This is the default value.
Required: False
Position: Named
Default value: None
-Force
The Force switch specifies whether to suppress the confirmation prompt that appears when you modify the
InternalLicensingEnabled parameter. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the organization's IRM configuration object to modify. The valid value for this
parameter is "ControlPoint Configuration".
Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
-InternalLicensingEnabled
The InternalLicensingEnabled parameter specifies whether to enable IRM features for messages that are sent to
internal recipients. Valid values are:
$true: IRM features are enabled for internal messages. This is the default value in Exchange Online.
$false: IRM features are disabled for internal messages. This is the default value in on-premises Exchange. Note
that this value causes the Get-RMSTemplate to return no AD RMS templates.

Required: False
Position: Named
Default value: None
-JournalReportDecryptionEnabled
The JournalReportDecryptionEnabled parameter specifies whether to enable journal report decryption. Valid values
are:
$true: Journal report encryption is enabled. A decrypted copy of the IRM -protected message is attached to the
journal report. This is the default value. Note that journal report decryption requires additional configuration on
AD RMS servers. For more information, see Journal report decryption
$false: Journal report decryption is disabled.

Required: False
Position: Named
Default value: None
-LicensingLocation
The LicensingLocation parameter specifies the RMS licensing URLs. You can specify multiple URL values separated
by commas.
Typically, in on-premises Exchange, you only need to use this parameter in cross-forest deployments of AD RMS
licensing servers.
Required: False
Position: Named
Default value: None
-RefreshServerCertificates
The RefreshServerCertificates switch clears all Rights Account Certificates (RACs), Computer Licensor Certificates
(CLCs), and cached AD RMS templates from all Exchange servers in the organization. You don't need to specify a
Clearing RACs, CLCs, and cached templates might be required during troubleshooting or after changing keys on
the AD RMS cluster in your organization. For more information about RACs and CLCs, see Understanding AD
RMS Certificates (https://go.microsoft.com/fwlink/p/?linkId=197118).
Required: False
Position: Named
Default value: None
-RMSOnlineKeySharingLocation
The RMSOnlineKeySharingLocation parameter specifies the Azure Rights Management URL that's used to get the
trusted publishing domain (TPD ) for the Exchange Online organization.
Type: Uri
Required: False
Position: Named
Default value: None
-SearchEnabled
The SearchEnabled parameter specifies whether to enable searching of IRM -encrypted messages in Outlook on
the web (formerly known as Outlook Web App). Valid values are:
$true: Searching IRM -encrypted messages in Outlook on the web is enabled. This is the default value.
$false: Searching IRM -encrypted messages in Outlook on the web is disabled.

Required: False
Position: Named
Default value: None
-SimplifiedClientAccessEnabled
The SimplifiedClientAccessEnabled parameter specifies whether to enable the Protect button in Outlook on the
$true: The Protect button is enabled in Outlook on the web.
$false: The Protect button is disabled in Outlook on the web. This is the default value.

Required: False
Position: Named
Default value: None
-TransportDecryptionSetting
The TransportDecryptionSetting parameter specifies the transport decryption configuration. Valid values are:
Disabled: Transport decryption is disabled for internal and external messages.
Mandatory: Messages that can't be decrypted are rejected with a non-delivery report (also known as an NDR or
bounce message).
Optional: Messages are decrypted if possible, but are delivered even if decryption fails. This is the default value.
Type: Disabled | Optional | Mandatory

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-OMEConfiguration
In ths Article
This cmdlet is available only in the cloud-based service. Use the Set-OMEConfiguration cmdlet to configure
Microsoft Office 365 Message Encryption (OME ). For information about the parameter sets in the Syntax section
Syntax
Set-OMEConfiguration [-Identity] <OMEConfigurationIdParameter>
[-BackgroundColor <String>]
[-DisclaimerText <String>]
[-EmailText <String>]
[-ExternalMailExpiryInDays <Int32>]
[-Image <Byte[]>]
[-IntroductionText <String>]
[-OTPEnabled <$true | $false>]
[-PortalText <String>]
[-ReadButtonText <String>]
[-SocialIdSignIn <$true | $false>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-OMEConfiguration -Identity "OME Configuration" -EmailText "Encrypted message enclosed." -PortalText "This
portal is encrypted." -DisclaimerText "Encryption security disclaimer." -Image (Get-Content "C:\Temp\OME
Logo.gif" -Encoding byte)
This example configures the specified values for the default OME configuration named "OME Configuration". Note
the use of the Get-Content command to provide the input for the Image parameter.
Parameters
-BackgroundColor
The BackgroundColor parameter specifies the background color. Valid values are:
An available HTML hexadecimal (hex triplet) color code value (for example, 0xFFFFFF is white).
An available text value (for example, yellow is 0x00FFFF00).
$null (blank). This is the default value.
Type: String
Required: False
Position: Named
Default value: None
-DisclaimerText
The DisclaimerText parameter specifies the disclaimer text in the email that contains the encrypted message. The
To remove existing text and use the default value, use the value $null for this parameter.
Type: String
Required: False
Position: Named
Default value: None
-EmailText
The EmailText parameter specifies the default text that accompanies encrypted email messages. The default text
appears above the instructions for viewing encrypted messages. The maximum length is 1024 characters. If the
Type: String
Required: False
Position: Named
Default value: None
-ExternalMailExpiryInDays
This parameter is only available with a Microsoft 365 Advanced Message Encryption subscription.
The ExternalMailExpiryInDays parameter specifies the number of days that the encrypted message is available to
external recipients in the Microsoft 365 portal. A valid value is an integer from 0 to 730. The value 0 means the
messages will never expire. The default value is 0.
Type: String
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the OME configuration that you want to modify. The default OME configuration
has the Identity value "OME Configuration". You can also use "default".
Type: OMEConfigurationIdParameter
Required: True
Position: 1
Default value: None
-Image
The Image parameter identifies and uploads an image that will be displayed in the email message and in the Office
365 portal.
You need to read the file to a byte-encoded object using the Get-Content cmdlet, for example, -Image (Get-Content
"C:\Temp\OME Logo.gif" -Encoding byte)
Supported file formats: .png, .jpg, .bmp, or .tiff
Optimal size of logo file: less than 40 KB
Optimal dimensions of logo image: 170x70 pixels
To remove an existing image and use the default image, use the value $null for this parameter.
Type: Byte[]
Required: False
Position: Named
Default value: None
-IntroductionText
The IntroductionText parameter specifies the text that appears next to the sender's name and email address. If the
Type: String
Required: False
Position: Named
Default value: None
-OTPEnabled
The OTPEnabled parameter specifies whether to allow recipients to use a one-time passcode to view encrypted
$true: Recipients can use a one-time passcode to view encrypted messages. This is the default value.
$false: Recipients can't use a one-time passcode to view encrypted messages. The recipient is required to sign in
using an Office 365 work or school account.
Required: False
Position: Named
Default value: None
-PortalText
The PortalText parameter specifies the text that appears at the top of the encrypted mail viewing portal. The
Type: String
Required: False
Position: Named
Default value: None
-ReadButtonText
The ReadButtonText parameter specifies the text that appears on the "Read Message" button. If the value contains
Type: String
Required: False
Position: Named
Default value: None
-SocialIdSignIn
The SocialIdSignIn parameter specifies whether a user is allowed to view an encrypted message in the Office 365
portal using their own social network id (Google, Yahoo, etc). Valid values are:
$true: Social network ID sign in is allowed. This is the default value.
$false: Social network ID sign in is not allowed. Whether the recipient can use a one-time passcode or their
Office 365 work or school account is controlled by the OTPEnabled parameter.

Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-OMEMessageRevocation
In ths Article
This cmdlet is available only in the cloud-based service. Use the Set-OMEMessageRevocation cmdlet to revoke
Microsoft Office 365 Message Encryption (OME ) for a message. Revoking encryption prevents the recipient from
viewing the message in the Office 365 Message Encryption portal. For information about the parameter sets in the
Syntax
Set-OMEMessageRevocation -MessageId <String> -Revoke <Boolean> [<CommonParameters>]
Description
When an email has been revoked, the recipient will get the following error when they try to view the encrypted
message in the Office 365 Message Encryption portal: "The message has been revoked by the sender".
You can revoke encrypted messages if the recipient received a link-based, branded encrypted email message. If the
recipient received a native inline experience in a supported Outlook client, then you can't revoke encryption for the
message.
Examples
Example 1
Set-OMEMessageRevocation -MessageId "" -Revoke $true
This example revokes encryption for the specified message.
Parameters
-MessageId
The MessageId parameter specifies the message based on the value the Message-ID header field. This value is also
You can find the Message ID for a message in Message Trace or the Message Encryption Report in the Office 365
Security & Compliance Center.
Type: String
Required: True
Position: Named
Default value: None
-Revoke
The Revoke parameter specifies whether to revoke encryption for the message. Valid values are:
$true: Encryption for the specified message is revoked. The recipient will get an error when they try to view the
encrypted message in the Office 365 Message Encryption portal
$false: Encryption for the specified message isn't revoked. This is the default value.
Type: Boolean
Required: True
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Set-RMSTemplate
In ths Article
This cmdlet is available only in the cloud-based service. Use the Set-RMSTemplate cmdlet to modify the properties
of an existing Rights Management Services (RMS ) template in your organization. For information about the
Syntax
Set-RMSTemplate [-Identity] <RmsTemplateIdParameter> -Type <Archived | Distributed | All>
[-Confirm]
Description
RMS templates exist in one or more trusted publishing domains (TPDs) that have been imported from an on-
premises server running Active Directory Rights Management Services (AD RMS ).
Examples
-------------------------- Example 1 --------------------------
Set-RMSTemplate "Contoso Confidential" -Type Archived
This example changes the RMS template Contoso Confidential from Distributed to Archived. This prevents future
use of Contoso Confidential for encryption, but allows access to existing content that's rights-protected by Contoso
Confidential.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the RMS template. You can use any value that uniquely identifies the RMS
template, for example:
Name
GUID
You can use the Get-RMSTemplate cmdlet to view the RMS templates in your organization.
Type: RmsTemplateIdParameter
Required: True
Position: 1
Default value: None
-Type
The Type parameter specifies the type of RMS template. You can specify one of the following values:
Archived
Distributed
All
The default type for imported RMS templates is Archived.
Type: Archived | Distributed | All

Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-RMSTrustedPublishingDomain
In ths Article
This cmdlet is available only in the cloud-based service. Use the Set-RMSTrustedPublishingDomain cmdlet to
configure a trusted publishing domain (TPD ) in your organization. For information about the parameter sets in the
Syntax
Set-RMSTrustedPublishingDomain [-Identity] <RmsTrustedPublishingDomainIdParameter>
[-Confirm]
[-Default]
[-ExtranetCertificationUrl <Uri>]
[-ExtranetLicensingUrl <Uri>]
[-IntranetCertificationUrl <Uri>]
[-IntranetLicensingUrl <Uri>]
[-Name <String>]
Description
A TPD contains the settings needed to use RMS features in your organization. For example, users can apply RMS
templates to email messages.
Examples
-------------------------- Example 1 --------------------------
Set-RMSTrustedPublishingDomain "Contoso TPD" -Default -ExtranetLicensingUrl

https://rms.contoso.com/_wmcs/licensing -ExtranetCertificationUrl
https://rms.contoso.com/_wmcs/certification/servercertification.asmx
This example makes the following changes to the existing TPD Contoso TPD:
Sets Contoso TPD as the default TPD for the organization.
Sets the external licensing URL to https://rms.contoso.com/\_wmcs/licensin.
Sets the external certification URL to https://rms.contoso.com/\_wmcs/certification/servercertification.asm
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Default
The Default parameter specifies this is the default TPD. The default TPD displays RMS templates and provides
rights protection to all new content. There can be only one default TPD in an organization.
Required: False
Position: Named
Default value: None
-ExtranetCertificationUrl
The ExtranetCertificationUrl parameter specifies the external certification URL of the on-premises AD RMS server
that's stamped into the Rights Account Certificate (RAC ). The RAC establishes a user's identity in the AD RMS
system and is used to decrypt content.
Type: Uri
Required: False
Position: Named
Default value: None
-ExtranetLicensingUrl
The ExtranetLicensingUrl parameter specifies the external licensing URL of the on-premises AD RMS server that's
Type: Uri
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the TPD. You can use any value that uniquely identifies the TPD, for example:
Name
GUID
Required: True
Position: 1
Default value: None
-IntranetCertificationUrl
The IntranetCertificationUrl parameter specifies the internal certification URL of the on-premises AD RMS server
that's stamped into the RAC. The RAC establishes a user's identity in the AD RMS system and is used to decrypt
content.
Type: Uri
Required: False
Position: Named
Default value: None
-IntranetLicensingUrl
The IntranetLicensingUrl parameter specifies the internal licensing URL of the on-premises AD RMS server that's
Type: Uri
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the name of the TPD.
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-SmimeConfig
In ths Article
may be exclusive to one environment or the other. Use the Set-SmimeConfig cmdlet to modify the S/MIME
configuration for Outlook on the web (formerly known as Outlook Web App). For information about the parameter
Syntax
Set-SmimeConfig [[-Identity] <OrganizationIdParameter>]
[-Confirm]
[-OWAAllowUserChoiceOfSigningCertificate <$true | $false>]
[-OWAAlwaysEncrypt <$true | $false>]
[-OWAAlwaysSign <$true | $false>]
[-OWABCCEncryptedEmailForking <UInt32>]
[-OWACheckCRLOnSend <$true | $false>]
[-OWAClearSign <$true | $false>]
[-OWACopyRecipientHeaders <$true | $false>]
[-OWACRLConnectionTimeout <UInt32>]
[-OWACRLRetrievalTimeout <UInt32>]
[-OWADisableCRLCheck <$true | $false>]
[-OWADLExpansionTimeout <UInt32>]
[-OWAEncryptionAlgorithms <String>]
[-OWAEncryptTemporaryBuffers <$true | $false>]
[-OWAForceSMIMEClientUpgrade <$true | $false>]
[-OWAIncludeCertificateChainAndRootCertificate <$true | $false>]
[-OWAIncludeCertificateChainWithoutRootCertificate <$true | $false>]
[-OWAIncludeSMIMECapabilitiesInMessage <$true | $false>]
[-OWAOnlyUseSmartCard <$true | $false>]
[-OWASenderCertificateAttributesToDisplay <String>]
[-OWASignedEmailCertificateInclusion <$true | $false>]
[-OWASigningAlgorithms <String>]
[-OWATripleWrapSignedEncryptedMail <$true | $false>]
[-OWAUseKeyIdentifier <$true | $false>]
[-OWAUseSecondaryProxiesWhenFindingCertificates <$true | $false>]
[-SMIMECertificateIssuingCA <Byte[]>]
Description
The Set-SmimeConfig cmdlet can change several important parameters than can reduce the overall level of
message security. Review your organization's security policy before you make any changes.
Examples
-------------------------- Example 1 --------------------------
Set-SmimeConfig -OWAAllowUserChoiceOfSigningCertificate $true -OWACRLRetrievalTimeout 10000 -

OWAEncryptionAlgorithms 6602:128
This example sets the S/MIME configuration to allow users the choice of signing the message, limits the Certificate
Revocation List (CRL ) retrieval time-out to 10 seconds, and specifies the 128 bit RC2 encryption algorithm.
Parameters
-Confirm
Required: False
Position: Named
Default value: None
-Identity
Required: False
Position: 1
Default value: None
-OWAAllowUserChoiceOfSigningCertificate
The OWAAllowUserChoiceOfSigningCertificate parameter specifies whether to allow users to select the certificate
to use when they digitally sign email messages in Outlook on the web.

Required: False
Position: Named
Default value: None
-OWAAlwaysEncrypt
The OWAAlwaysEncrypt parameter specifies whether all outgoing messages are automatically encrypted in
Outlook on the web.
Required: False
Position: Named
Default value: None
-OWAAlwaysSign
The OWAAlwaysSign parameter specifies whether all outgoing messages are automatically signed in Outlook on
the web.

Required: False
Position: Named
Default value: None
-OWABCCEncryptedEmailForking
The OWABCCEncryptedEmailForking parameter specifies how Bcc messages are encrypted in Outlook on the web.
Valid values are:
0: One encrypted message per Bcc recipient. This is the default value.
1: One single encrypted message for all Bcc recipients.
2: One encrypted message without Bcc forking.
This setting affects the security and privacy of Outlook on the web. Consult your organization's security policy
before you change this setting.
Type: UInt32
Required: False
Position: Named
Default value: None
-OWACheckCRLOnSend
The OWACheckCRLOnSend parameter specifies how the certificate revocation list (CRL ) check is enforced when
an email message is sent in Outlook on the web. Valid values are:
$true: When the CRL distribution point is inaccessible, Outlook on the web displays a warning dialog box and
prevents signed or encrypted messages from being sent.
$false: When the CRL distribution point is inaccessible, Outlook on the web allows signed or encrypted
messages to be sent. This is the default value.
Required: False
Position: Named
Default value: None
-OWAClearSign
The OWAClearSign parameter specifies how email messages are signed in Outlook on the web. Valid values are:
$true: Digitally signed messages are clear-signed. This is the default value.
$false: digitally signed messages are opaque-signed.
Clear-signed messages are larger than opaque-signed messages, but clear-signed messages can be read in most
email clients, including clients that don't support S/MIME.

Required: False
Position: Named
Default value: None
-OWACopyRecipientHeaders

Required: False
Position: Named
Default value: None
-OWACRLConnectionTimeout
The OWACRLConnectionTimeout parameter specifies the time in milliseconds that Outlook on the web waits while
connecting to retrieve a single CRL as part of a certificate validation operation.
A valid value is an integer between 0 and 4294967295 (UInt32). The default value is 60000 (60 seconds).
When multiple CRLs in a certificate chain must be retrieved, the time limit that's specified by this parameter applies
to each connection. For example, if a certificate requires the retrieval of three CRLs, and this parameter is set to
60000 (60 seconds), each individual CRL retrieval operation has a time limit of 60 seconds. If any one of the CRLs
isn't retrieved before the time limit expires, the entire operation fails. The total time limit for all the retrievals is
controlled by the OWACRLRetrievalTimeout parameter.
Type: UInt32
Required: False
Position: Named
Default value: None
-OWACRLRetrievalTimeout
The OWACRLRetrievalTimeout parameter specifies the time in milliseconds that Outlook on the web waits to
retrieve all CRLs when validating a certificate.
VA valid value is an integer between 0 and 4294967295 (UInt32). The default value is 10000 (10 seconds).
If all the required CRLs are not retrieved before the time limit expires, the operation fails. Suppose the retrieval of
three CRLs is required, the OWACRLConnectionTimeout value is set to 60000 (60 seconds), and the
OWACRLRetrievalTimeout is set to 120000 (2 minutes). In this example, if any individual CRL retrieval takes more
than 60 seconds, the operation fails. Also, if all the CRL retrievals together take more than 120 seconds, the
operation fails.
Type: UInt32
Required: False
Position: Named
Default value: None
-OWADisableCRLCheck
The OWADisableCRLCheck parameter enables or disables CRL checking in Outlook on the web. Valid values are:
$true: CRL checks are disabled when validating certificates.
$false: CRL checks are enabled when validating certificates.This is the default value.
Disabling CRL checking can decrease the time that's required to validate the signatures of signed email messages,
but it also validates email messages that are signed with revoked certificates.

Required: False
Position: Named
Default value: None
-OWADLExpansionTimeout
The OWADLExpansionTimeout parameter specifies the time in milliseconds that Outlook on the web waits when
sending encrypted messages to members of a distribution group that requires expansion.
A valid value is an integer between 0 and 4294967295 (UInt32). The default value is 60000 (60 seconds). If the
operation doesn't complete in the time specified by this parameter, the operation fails and the message is not sent.
When sending an encrypted message to a distribution group, Exchange expands the distribution group to retrieve
the encryption certificate of each recipient. While the distribution group is being expanded, the sender receives no
response from Outlook on the web.
The timeout value that's specified by this parameter is applied to the expansion of each distribution group. For
example, if an encrypted message is sent to three distribution group, and the value of this parameter is 60000 (60
seconds), the entire operation can take no more than 180 seconds.
Type: UInt32
Required: False
Position: Named
Default value: None
-OWAEncryptionAlgorithms
The OWAEncryptionAlgorithms parameter specifies a list of symmetric encryption algorithms that are used by
Outlook on the web to encrypt messages. Valid values are::
6601: DES (56-bit)
6602: RC2. Supported key lengths are 40, 56, 64, and 128. RC2 is the only supported algorithm that offers
multiple key lengths.
6603: 3DES (168-bit)
660E: AES128
660F: AES192
6610: AES256 (This is the default value)
If you use a third-party cryptographic service provider (CSP ), you need to specify the object identifier (OID )
together with an algorithm ID (Outlook on the web needs an algorithm ID to infer how the algorithm should be
used). For example, to provide a custom replacement for the 3DES algorithm, use the value 6603,<CustomOID>.
This parameter uses the syntax <AlgorithmID> or RC2:<KeyLength> or <AlgorithmID>,<CustomOID>. You can
specify multiple values separated by semicolons (;). For example, to set the encryption algorithms to 3DES, RC2-
128, RC2-64, DES, and RC2-56, use the following value: 6603;6602:128;6602:64;6601;6602:56.
If the parameter is not specified or is not formatted correctly, Outlook on the web uses 6610 (AES256). If the
encryption algorithm or minimum key length is not available on a client, Outlook on the web does not allow
encryption.
Type: String
Required: False
Position: Named
Default value: None
-OWAEncryptTemporaryBuffers
The OWAEncryptTemporaryBuffers parameter specifies whether the Outlook on the web client-side temporary
message storage buffers are encrypted. Valid values are:
$true: All client-side temporary buffers that store message data are encrypted using an ephemeral key and the
3DES algorithm. This is the default value.
$false: Temporary buffer encryption is disabled.
Disabling encryption of the buffers can increase performance of the Outlook on the web client but also leaves
information unencrypted in the client's buffer. Consult your organization's security policy before you disable this
feature.
Required: False
Position: Named
Default value: None
-OWAForceSMIMEClientUpgrade
The OWAForceSMIMEClientUpgrade parameter specifies whether or not users are forced to upgrade an S/MIME
control that's older than their current version in Outlook on the web.
$true: Users need to download and install the new control before they can use S/MIME. This is the default
value.
$false: Users receive a warning if the S/MIME control on their computer is not current, but they can still use
S/MIME without updating the control.

Required: False
Position: Named
Default value: None
-OWAIncludeCertificateChainAndRootCertificate
The OWAIncludeCertificateChainAndRootCertificate parameter specifies whether the certificate chains and root
certificates of the signing or encryption certificates are included in the message in Outlook on the web.

Required: False
Position: Named
Default value: None
-OWAIncludeCertificateChainWithoutRootCertificate
The OWAIncludeCertificateChainWithoutRootCertificate parameter specifies whether the certificate chains of the
signing or encryption certificates are included in messages in Outlook on the web. Valid values are:
$true: Signed or encrypted messages include the full certificate chain, but not the root certificate.
$false: Signed or encrypted messages include only the signing and encrypting certificates, not their
corresponding certificate chains. This is the default value.

Required: False
Position: Named
Default value: None
-OWAIncludeSMIMECapabilitiesInMessage
The OWAIncludeSMIMECapabilitiesInMessage parameter specifies whether signed and encrypted messages in
Outlook on the web include attributes that describe the supported encryption and signing algorithms.
Valid input for this parameter is $true or $false. The default is $false.
Enabling this option increases the size of messages, but may make it easier for some email clients to interact with
encrypted messages in Outlook on the web.

Required: False
Position: Named
Default value: None
-OWAOnlyUseSmartCard
The OWAOnlyUseSmartCard parameter specifies whether smartcard-based certificates are required for Outlook
on the web message signing and decryption. Valid values are:
$true: Smartcard-based certificates for signing and decryption are required when you use Outlook on the web and
the S/MIME control.
$false: Smartcard-based certificates for signing and decryption aren't required when you use Outlook on the web
and the S/MIME control. This is the default value.

Required: False
Position: Named
Default value: None
-OWASenderCertificateAttributesToDisplay
The OWASenderCertificateAttributesToDisplay parameter controls which certificate attributes are displayed when
signature verification proceeds despite a mismatch between the sender's email address and the email address in
sender's certificate.
The parameter accepts a comma-separated list of object identifiers (OIDs). This setting is blank ($null) by default.
Type: String
Required: False
Position: Named
Default value: None
-OWASignedEmailCertificateInclusion
The OWASignedEmailCertificateInclusion parameter specifies whether the sender's encryption certificate is
excluded from a signed email message in Outlook on the web. Valid values are:
$true: Outlook on the web and the S/MIME control include both signing and encrypting certificates with signed
email messages. This is the default value.
$false: Outlook on the web and the S/MIME control do not include signing and encrypting certificates with
signed email messages.
When you don't include the certificates with signed email messages, the size of encrypted messages is reduced.
However, recipients don't have access to the sender's encryption certificate in the message. Recipients need to
retrieve the certificate from a directory, or from the sender.

Required: False
Position: Named
Default value: None
-OWASigningAlgorithms
The OWASigningAlgorithms parameter specifies the list of symmetric encryption signing algorithms that are used
by Outlook on the web to sign messages with the S/MIME control. Valid values are:
8003: CALG_MD5 or 128-bit MD5
800E: CALG_SHA_512 or 512-bit Secure Hash Algorithm (SHA)
800D: CALG_SHA_384 or 384-bit SHA
800C: CALG_SHA_256 or 256-bit SHA
8004: SHA1 or 160-bit SHA-1 (This is the default value)
If you use a third-party cryptographic service provider (CSP ), you need to specify the object identifier (OID )
together with an algorithm ID (Outlook on the web needs an algorithm ID to infer how the algorithm should be
used). For example, to provide a custom replacement for the SHA1 algorithm, use the value 8804,<CustomOID>.
This parameter uses the syntax <AlgorithmID> or <AlgorithmID>:<KeyLength> or <AlgorithmID>,
<CustomOID>. You can specify multiple values separated by semicolons (;).
For example, to set the signing algorithms to CALG_SHA_512, SHA1, and CALG_MD5, use the value
800E;8004;8003.
If this parameter is not specified or is not formatted correctly, Outlook on the web defaults to 8004 (SHA1).
Type: String
Required: False
Position: Named
Default value: None
-OWATripleWrapSignedEncryptedMail
The OWATripleWrapSignedEncryptedMail parameter specifies whether signed and encrypted email messages in
Outlook on the web are triple-wrapped. Valid values are:
$true: A signed message is encrypted, and then the encrypted message is signed (signed-encrypted-signed).
$false: A signed message is encrypted only (there is no additional signing of the encrypted message). This is the
default value.
Triple-wrapped messages offer the highest level of security for messages under the S/MIME standard, but are
larger in size.
Required: False
Position: Named
Default value: None
-OWAUseKeyIdentifier
The OWAUseKeyIdentifier parameter specifies whether a certificate's key identifier is used to encode the
asymmetrically encrypted token in Outlook on the web.
Valid input for this parameter is $true or $false. The default is $false.
By default, Outlook on the web encodes the asymmetrically encrypted token (sometimes called a lockbox) that's
required to decrypt the rest of the message by indicating the issuer and serial number of each recipient's certificate.
The issuer and serial number can then be used to locate the certificate and private key for decrypting the message.
This parameter causes the use of a certificate's key identifier when encoding the asymmetrically encrypted token.
Because a key pair can be reused in new certificates, using the key identifier for encrypted email messages means
that users need to keep only the most recent certificate and associated private key, rather than all old certificates.
Because some email clients do not support finding certificates with a key identifier, Outlook on the web uses the
issuer and serial number of each recipient's certificate by default.

Required: False
Position: Named
Default value: None
-OWAUseSecondaryProxiesWhenFindingCertificates
The OWAUseSecondaryProxiesWhenFindingCertificates parameter specifies whether alternative proxies are used
during the certificate search in Outlook on the web.
Valid input for this parameter is $true or $false. The default is $true.
Outlook on the web attempts to find the correct certificate for a recipient when sending encrypted messages. The
certificate subject or subject alternative name values can each contain an email address. Because a recipient can
have multiple proxy addresses, the certificate's subject or subject alternative name values may not match the
recipient's primary SMTP address. When this parameter is set to $true, and the certificate subject or subject
alternative name values do not match the recipient's primary SMTP address, Outlook on the web tries to match the
certificate's subject to one of the recipient's proxy addresses.

Required: False
Position: Named
Default value: None
-SMIMECertificateIssuingCA
The SMIMECertificateIssuingCA parameter specifies the serialized certificate store (SST) that contains the
Certificate Authority (CA) signing and intermediate certificate information.
You need to read the file to a byte-encoded object using the Get-Content cmdlet. For example: -
SMIMECertificateIssuingCA $([byte[]](Get-Content -Encoding byte -Path
"C:\Temp\CACertificateSerializedStore.sst" -ReadCount 0)
Each certificate is checked, and if any certificates are expired, the operation will fail.
Type: Byte[]
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Test-IRMConfiguration
In ths Article
may be exclusive to one environment or the other. Use the Test-IRMConfiguration cmdlet to test Information
Rights Management (IRM ) configuration and functionality. For information about the parameter sets in the Syntax
Syntax
Test-IRMConfiguration [[-Identity] <OrganizationIdParameter>] -Sender <SmtpAddress>
[-Confirm]
[-Recipient <SmtpAddress[]>]
[-RMSOnline]
Description
The Test-IRMConfiguration cmdlet performs a series of steps to test IRM configuration and functionality, including
availability of an Active Directory Rights Management Services (AD RMS ) server, prelicensing and journal report
decryption. In Exchange Online organizations, it checks connectivity to RMS Online and obtains and validates the
organization's Trusted Publishing Domain (TPD ).
Examples
-------------------------- Example 1 --------------------------
Test-IRMConfiguration -Sender adams@contoso.com
This example tests the IRM configuration for messages sent from the sender adams@contoso.com.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
Required: False
Position: 1
Default value: None
-Recipient
The Recipient parameter specifies the SMTP address of one or more recipients. The cmdlet tests prelicensing for
the specified recipients. You can specify multiple recipient addresses separated by commas.
If no recipient is specified, the sender address is used as the recipient.
Type: SmtpAddress[]
Required: False
Position: Named
Default value: None
-RMSOnline
The RMSOnline switch specifies whether to test connectivity from Exchange Online to RMS Online, obtain your
Exchange Online organization's TPD, and test its validity. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-Sender
The Sender parameter specifies the SMTP address of the sender to be tested. The cmdlet tests prelicensing and
journal report decryption for the sender.
Type: SmtpAddress
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Add-FederatedDomain
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Add-FederatedDomain cmdlet to configure a
secondary domain with the federated organization identifier in the federation trust for the Exchange organization.
The domains being added to the federation trust must exist as accepted domains in the Exchange organization. For
Syntax
Add-FederatedDomain [[-Identity] <OrganizationIdParameter>] -DomainName <SmtpDomain> [-Confirm]
Description
You can add any registered Internet domain to the federated organization identifier. You must prove domain
ownership by creating a TXT record in the Domain Name System (DNS ) zone of each domain you add.
For more details, see Federation (https://technet.microsoft.com/library/dd335047.aspx).
Examples
-------------------------- Example 1 --------------------------
Add-FederatedDomain -DomainName Contoso.co.uk
This example adds the domain Contoso.co.uk to the existing federation trust.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-DomainName
The DomainName parameter specifies the secondary domain to be configured.
Type: SmtpDomain
Required: True
Position: Named
Default value: None
-Identity
The Identity parameter is reserved for internal Microsoft use.
Required: False
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Disable-RemoteMailbox
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Disable-RemoteMailbox cmdlet to remove
mailboxes from the cloud-based service but keep the associated user objects in the on-premises Active Directory.
Syntax
Disable-RemoteMailbox [-Identity] <RemoteMailboxIdParameter> [-Archive] [-Confirm] [-DomainController <Fqdn>]
[-IgnoreDefaultScope] [-IgnoreLegalHold] [-WhatIf] [<CommonParameters>]
Description
Use the Disable-RemoteMailbox cmdlet to perform the following actions:
Remove a cloud-based mailbox but keep the associated on-premises user account. To do this, you first need to
remove the Exchange Online license for the mailbox. Otherwise, the mailbox won't be removed. The on-
premises mail user is automatically converted to a regular user object. You can mail-enable the on-premises
user object using the Enable-MailUser cmdlet.
Disconnect a cloud-based archive mailbox from a cloud-based mailbox. The cloud-based mailbox and the
associated on-premises mail user are preserved.
If you want to remove both the cloud-based mailbox and the associated on-premises mail user, use the Remove-
RemoteMailbox cmdlet.
Directory synchronization must be configured correctly for a mailbox to be removed from the cloud. Removal of
the cloud-based mailbox isn't immediate and depends on the directory synchronization schedule.
Note: If you are deprovisioning a cloud mailbox and its associated online archive, you must first disable the online
archive with Disable-RemoteMailbox <user> -Archive and then perform a directory synchronization prior to
disabling the remote mailbox. Attempting to disable both the online archive and cloud mailbox without a sync
between them may result in an ArchiveGuid mismatch and validation error.
Examples
-------------------------- Example 1 --------------------------
Disable-RemoteMailbox "Kim Akers"

This example removes the cloud-based mailbox that's associated with the on-premises mail user named Kim Akers.
The mail user is automatically converted to a regular user. This example assumes that you've already removed the
Exchange Online license for the mailbox, and that directory synchronization has been configured.
-------------------------- Example 2 --------------------------
Disable-RemoteMailbox "David Strome" -Archive
This example removes the cloud-based archive mailbox but keeps the cloud-based mailbox that's associated with
the on-premises mail user named David Strome. This example assumes directory synchronization has been
configured.
Parameters
-Archive
The Archive switch specifies whether to disconnect the cloud-based archive mailbox from the associated cloud-
based mailbox. You don't need to specify a value with this switch.
The on-premises mail user and its associated cloud-based mailbox aren't removed if you use this switch.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the cloud-based mailbox. Valid values are:
ADObjectID
GUID
Domain\SamAccountName
User principal name (UPN )
LegacyExchangeDN
Email address
User alias
Type: RemoteMailboxIdParameter
Required: True
Position: 1
Default value: None
-IgnoreDefaultScope
automatically.
accepted.
Required: False
Position: Named
Default value: None
-IgnoreLegalHold
The IgnoreLegalHold switch ignores the legal hold status of the mailbox user and allows you to disable a cloud-
based mailbox that's on legal hold.
When you disable a mailbox, the mailbox is disconnected from the user account. After you disable a mailbox, you
can't include it in a discovery search. Disconnected mailboxes are permanently deleted from the mailbox database
after the deleted mailbox retention period expires. Check with your organization's legal or Human Resources
department before disabling a mailbox that's on legal hold.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Enable-RemoteMailbox
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Enable-RemoteMailbox cmdlet to create a mailbox
in the cloud-based service for an existing user in the on-premises Active Directory. For information about the
Syntax
Enable-RemoteMailbox [-Identity] <UserIdParameter> [-RemoteRoutingAddress <ProxyAddress>] [-
ACLableSyncedObjectEnabled]
[-Alias <String>] [-DisplayName <String>] [-DomainController <Fqdn>] [-PrimarySmtpAddress <SmtpAddress>] [-
Confirm]
Enable-RemoteMailbox [-Identity] <UserIdParameter> [-Room] [-ACLableSyncedObjectEnabled] [-Alias <String>]

[-DisplayName <String>] [-DomainController <Fqdn>] [-PrimarySmtpAddress <SmtpAddress>]
[-RemoteRoutingAddress <ProxyAddress>] [-Confirm] [-WhatIf] [<CommonParameters>]
Enable-RemoteMailbox [-Identity] <UserIdParameter> [-Equipment] [-ACLableSyncedObjectEnabled] [-Alias <String>]

[-RemoteRoutingAddress <ProxyAddress>] [-Confirm] [-WhatIf] [<CommonParameters>]
Enable-RemoteMailbox [-Identity] <UserIdParameter> [-Archive] [-ArchiveName <MultiValuedProperty>]

[-ACLableSyncedObjectEnabled] [-Alias <String>] [-DisplayName <String>] [-DomainController <Fqdn>]
[-PrimarySmtpAddress <SmtpAddress>] [-Confirm] [-WhatIf] [<CommonParameters>]
Enable-RemoteMailbox [-Identity] <UserIdParameter> [-Shared] [-ACLableSyncedObjectEnabled [-Alias <String>]

[-RemoteRoutingAddress <ProxyAddress>] [-Confirm] [-WhatIf]] [<CommonParameters>]
Description
The Enable-RemoteMailbox cmdlet mail-enables an existing on-premises user. The mail-enabled user contains a
specific attribute that indicates that an associated mailbox in the service should be created when the user is
synchronized to the service using directory synchronization.
Directory synchronization must be configured correctly for a mailbox to be created in the service. Creation of the
mailbox in the service isn't immediate and depends on the directory synchronization schedule.
The policies that you apply to recipients in the on-premises Exchange organization, such as Unified Messaging or
compliance policies, aren't applied to mailboxes in the service. You must configure policies in the service if you want
policies to be applied to recipients in the service.
Examples
-------------------------- Example 1 --------------------------
Enable-RemoteMailbox "Kim Akers" -RemoteRoutingAddress "kima@contoso.mail.onmicrosoft.com"
This example mail-enables an existing on-premises user and creates an associated mailbox in the service.
To mail-enable an existing user and create an associated mailbox in the service, run the New -RemoteMailbox
cmdlet and specify the identity of the existing user.
After the user is mail-enabled, directory synchronization synchronizes the mail-enabled user to the service and the
associated mailbox is created.
-------------------------- Example 2 --------------------------
Enable-RemoteMailbox "Kim Akers" -RemoteRoutingAddress "kima@contoso.mail.onmicrosoft.com" -Archive
This example does the following:

Mail-enables an existing on-premises user.
Creates the associated mailbox in the service.
Creates an archive mailbox in the service for the mailbox.
To mail-enable an on-premises user, create the associated mailbox in the service, enable the archive mailbox in the
service and include the Archive switch with the Enable-RemoteMailbox cmdlet.
Parameters
-ACLableSyncedObjectEnabled
The ACLableSyncedObjectEnabled switch specifies whether the remote mailbox is an ACLableSyncedMailboxUser.
Required: True
Position: Named
Default value: None
-Alias
The Alias parameter specifies the Exchange alias (also known as the mail nickname) for the recipient. This value
identifies the recipient as a mail-enabled object, and shouldn't be confused with multiple email addresses for the
same recipient (also known as proxy addresses). A recipient can have only one Alias value.
The value of Alias can contain letters, numbers and the characters !, #, $, %, &, ', *, +, -, /, =, ?, ^, _, `, {, |, } and ~.
Periods (.) are allowed, but each period must be surrounded by other valid characters (for example, help.desk).
Unicode characters from U+00A1 to U+00FF are also allowed. The maximum length of the Alias value is 64
characters.
When you create a recipient without specifying an email address, the Alias value you specify is used to generate the
primary email address (<alias>@<domain>). Supported Unicode characters are mapped to best-fit US -ASCII text
characters. For example, U+00F6 (ö) is changed to oe in the primary email address.
If you don't use the Alias parameter when you create a recipient, the value of a different required parameter is used
for the Alias property value:
Recipients with user accounts (for example, user mailboxes, and mail users): The left side of the
MicrosoftOnlineServicesID or UserPrincipalName parameter is used. For example, helpdesk@contoso.com
results in the Alias property value helpdesk.
Recipients without user accounts (for example, room mailboxes, mail contacts, and distribution groups): The
value of the Name parameter is used. Spaces are removed and unsupported characters are converted to
question marks (?).
If you modify the Alias value of an existing recipient, the primary email address is automatically updated only in
environments where the recipient is subject to email address policies (the EmailAddressPolicyEnabled property is
True for the recipient).
The Alias parameter never generates or updates the primary email address of a mail contact or a mail user.
Type: String
Required: False
Position: Named
Default value: None
-Archive
The Archive switch specifies whether to create an archive mailbox in the service in addition to the mailbox created
in the service. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-ArchiveName
The ArchiveName parameter specifies the name of the archive mailbox. Use this parameter to change the name of
the archive.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DisplayName
The DisplayName parameter specifies the display name for the mailbox that's created in the service. The display
name is visible in the Exchange admin center, address lists and Outlook. The maximum length is 256 characters. If
Type: String
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Equipment
The Equipment switch specifies that the mailbox in the service should be created as an equipment resource
mailbox. You don't need to specify a value with this switch.
Equipment mailboxes are resource mailboxes that aren't associated with a specific location (for example, vehicles or
computers).
You can't use this switch with the Room or Shared switches.
Required: True
Position: Named
Default value: None
-Identity
The Identity parameter specifies the identity of the existing on-premises user. You can use any value that uniquely
identifies the user. For example:
ADObjectID
GUID
LegacyExchangeDN
User alias
Type: UserIdParameter
Required: True
Position: 1
Default value: None
-PrimarySmtpAddress
The PrimarySmtpAddress parameter specifies the primary return email address that's used for the recipient.
Type: SmtpAddress
Required: False
Position: Named
Default value: None
-RemoteRoutingAddress
The RemoteRoutingAddress parameter specifies the SMTP address of the mailbox in the service that this user is
associated with.
Type: ProxyAddress
Required: False
Position: Named
Default value: None
-Room
The Room switch specifies that the mailbox in the service should be created as a room resource mailbox. You don't
You can't use this switch with the Equipment or Shared switches.
Required: True
Position: Named
Default value: None
-Shared
Note: This switch is available only in Exchange 2013 CU21 or later and Exchange 2016 CU10 or later. To use this
switch, you also need to run setup.exe /PrepareAD. For more information, see KB4133605.
The Shared switch specifies that the mailbox in the service should be created as a shared mailbox. You don't need to
You can't use this switch with the Room or Equipment switches.
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-FederatedDomainProof
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-FederatedDomainProof cmdlet to generate a
cryptographically secure string for the domain used for federated sharing in your Exchange organization. For
Syntax
Get-FederatedDomainProof -DomainName <SmtpDomain> [-DomainController <Fqdn>] [-Thumbprint <String>]
Description
The Get-FederatedDomainProof cmdlet generates a cryptographically secure string for the domain used for
federated sharing. The resulting string is used to manually configure a text (TXT) record in the Domain Name
System (DNS ) zone for the domain used by the administrator when running the cmdlet. A TXT record needs to be
added to DNS for all accepted domains used for federated sharing. If the thumbprint of a certificate isn't provided,
the task generates strings for all the certificates currently configured for the federation trust. Upon initial
configuration of federated sharing, the proof string generated for the current certificate needs to be put into the
TXT record for the federated domain in DNS. We recommend you update the TXT records whenever a new
certificate is configured for the federation trust.
Examples
-------------------------- Example 1 --------------------------
Get-FederatedDomainProof -DomainName "contoso.com"
This example generates a cryptographically secure string for the domain contoso.com.
-------------------------- Example 2 --------------------------
Get-FederatedDomainProof -DomainName "contoso.com" -Thumbprint AC00F35CBA8359953F4126E0984B5CCAFA2F4F17
This example uses a specific certificate for the domain contoso.com.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-DomainName
The DomainName parameter specifies the domain name for which the cryptographically secure string is generated.
Type: SmtpDomain
Required: True
Position: Named
Default value: None
-Thumbprint
The Thumbprint parameter specifies the thumbprint of an existing certificate.
Type: String
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
may be exclusive to one environment or the other. Use the Get-FederatedOrganizationIdentifier cmdlet to retrieve
the Exchange organization's federated organization identifier and related details, such as federated domains,
organization contact and status. For more information, see Federation
(https://technet.microsoft.com/library/dd335047.aspx). For information about the parameter sets in the Syntax
Syntax
Get-FederatedOrganizationIdentifier [[-Identity] <OrganizationIdParameter>] [-DomainController <Fqdn>]
[-IncludeExtendedDomainInfo] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
This example retrieves the Exchange organization's federated organization identifier.

-------------------------- Example 2 --------------------------
Get-FederatedOrganizationIdentifier -IncludeExtendedDomainInfo
This example retrieves the Exchange organization's federated organization identifier. The
IncludeExtendedDomainInfo switch is used to return the status of federated domains from the Microsoft
Federation Gateway.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the organization ID.
Required: False
Position: 1
Default value: None
-IncludeExtendedDomainInfo
The IncludeExtendedDomainInfo switch specifies that the command query Microsoft Federation Gateway for the
status of each accepted domain that's federated. The status is returned with each domain in the Domains property.
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-FederationInformation
In ths Article
may be exclusive to one environment or the other. Use the Get-FederationInformation cmdlet to get federation
information, including federated domain names and target URLs, from an external Exchange organization. For
Syntax
Get-FederationInformation -DomainName <SmtpDomain> [-BypassAdditionalDomainValidation] [-Force]
[-TrustedHostnames <MultiValuedProperty>] [<CommonParameters>]
Description
The Get-FederationInformation cmdlet retrieves federation information from the domain specified. Results from
the cmdlet can be piped to the New -OrganizationRelationship cmdlet to establish an organization relationship with
the Exchange organization being queried.
The domain specified should have federation enabled.
Examples
-------------------------- Example 1 --------------------------
Get-FederationInformation -DomainName contoso.com
This example gets federation information from the domain contoso.com.
Parameters
-BypassAdditionalDomainValidation
The BypassAdditionalDomainValidation switch specifies that the command skip validation of domains from the
external Exchange organization. You don't need to specify a value with this switch.
We recommend that you only use this switch to retrieve federation information in a hybrid deployment between
on-premises and Exchange Online organizations. Don't use this switch to retrieve federation information for on-
premises Exchange organizations in a cross-organization arrangement.
Required: False
Position: Named
Default value: None
-DomainName
The DomainName parameter specifies the domain name for which federation information is to be retrieved.
Type: SmtpDomain
Required: True
Position: Named
Default value: None
-Force
A confirmation prompt warns you if the host name in the Autodiscover endpoint of the domain doesn't match the
Secure Sockets Layer (SSL ) certificate presented by the endpoint and the host name isn't specified in the
TrustedHostnames parameter.
Required: False
Position: Named
Default value: None
-TrustedHostnames
The TrustedHostnames parameter specifies the fully qualified domain name (FQDN ) of federation endpoints.
Federation endpoints are the client access (frontend) services on Mailbox servers in an organization with federation
enabled. Explicitly specifying the TrustedHostnames parameter allows the cmdlet to bypass prompting if the
certificate presented by the endpoint doesn't match the domain name specified in the DomainName parameter.
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-FederationTrust
In ths Article
may be exclusive to one environment or the other. Use the Get-FederationTrust cmdlet to view the federation trust
configured for the Exchange organization. For information about the parameter sets in the Syntax section below,
Syntax
Get-FederationTrust [[-Identity] <FederationTrustIdParameter>] [-DomainController <Fqdn>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-FederationTrust | Format-List
This example retrieves properties of the federation trust configured for the Exchange organization.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies a federation trust ID. If not specified, the cmdlet returns all federation trusts
configured for the Exchange organization.
Type: FederationTrustIdParameter
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-HybridConfiguration cmdlet to view the hybrid
configuration for the Microsoft Exchange organization. For information about the parameter sets in the Syntax
Syntax
Get-HybridConfiguration [-DomainController <Fqdn>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
This example returns detailed information about the hybrid deployment configuration.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-HybridMailflow
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-HybridMailflow cmdlet to view the message
transport settings for a hybrid deployment. For information about the parameter sets in the Syntax section below,
Syntax
Get-HybridMailflow [<CommonParameters>]
Description
The Get-HybridMailflow cmdlet is used to view the configuration of message transport settings for hybrid
deployments that were created with the Hybrid Configuration wizard.
Examples
-------------------------- Example 1 --------------------------
Get-HybridMailflow
This example returns the message transport settings for the hybrid deployment.
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-HybridMailflowDatacenterIPs cmdlet to
retrieve the IP addresses of the Microsoft Exchange Online Protection (EOP ) service data centers. For information
Syntax
Get-HybridMailflowDatacenterIPs [<CommonParameters>]
Description
The Get-HybridMailflowDatacenterIPs cmdlet supports hybrid deployments and lists the IP addresses of EOP
service data centers that support hybrid deployments. The list isn't specific to any on-premises Exchange
organization.
Examples
-------------------------- Example 1 --------------------------
This example returns IP address information for EOP service data centers that support hybrid deployments.
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
may be exclusive to one environment or the other. Use the Get-IntraOrganizationConfiguration cmdlet to view the
component settings of a hybrid Exchange deployment. For information about the parameter sets in the Syntax
Syntax
Get-IntraOrganizationConfiguration [[-OrganizationGuid] <OnPremisesOrganizationIdParameter>]
Description
A hybrid Exchange deployment results in one logical organization made up of a number of physical Exchange
instances. Hybrid Exchange environments contain more than one Exchange instance and support topologies like
two on-premises Microsoft Exchange forests in an organization, an Exchange on-premises organization and an
Exchange Online organization or two Exchange Online organizations.
Hybrid environments are enabled by Intra-Organization connectors. The connectors can be created and managed
by cmdlets like New -IntraOrganizationConnector, but we strongly recommend that you use the Hybrid
Configuration wizard when configuring a hybrid deployment with an Exchange Online organization.
Examples
-------------------------- Example 1 --------------------------
This example returns the settings of the intra-organization configuration.
Parameters
-OrganizationGuid
The OrganizationGuid parameter specifies the on-premises organization in a hybrid deployment that has multiple
on-premises organizations defined. If you don't use the OrganizationGuid parameter for these types of hybrid
deployments, the Get-IntraOrganizationConfiguration cmdlet will generate errors. To view the on-premises
organization GUID values that are required for this parameter, use the Get-OnPremisesOrganization cmdlet.
Type: OnPremisesOrganizationIdParameter
Required: False
Position: 2
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
may be exclusive to one environment or the other. Use the Get-IntraOrganizationConnector cmdlet to view the
settings of Intra-Organization connectors. For information about the parameter sets in the Syntax section below,
Syntax
Get-IntraOrganizationConnector [[-Identity] <IntraOrganizationConnectorIdParameter>] [-DomainController <Fqdn>]
Description
Intra-Organizational connectors enable features and services between divisions in your Exchange organization. It
allows for the expansion of organizational boundaries for features and services across different hosts and network
boundaries, such as between Active Directory forests, between on-premises and cloud-based organizations, or
between tenants hosted in the same or different datacenters.
Examples
-------------------------- Example 1 --------------------------
This example returns a summary list of all Intra-Organization connectors.

-------------------------- Example 2 --------------------------
Get-IntraOrganizationConnector "MainCloudConnector" | Format-List
This example returns details about the Intra-Organization connector named "MainCloudConnector".
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Intra-Organization connector that you want to view. You can use any value that
uniquely identifies the connector. For example:
Name
GUID
Type: IntraOrganizationConnectorIdParameter
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-OnPremisesOrganization
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-OnPremisesOrganization cmdlet to retrieve
settings for the OnPremisesOrganization object that has been created for a hybrid deployment. For information
Syntax
Get-OnPremisesOrganization [[-Identity] <OnPremisesOrganizationIdParameter>] [<CommonParameters>]
Description
The OnPremisesOrganization object represents an on-premises Exchange organization configured for hybrid
deployment with a Microsoft Office 365 tenant organization. It's used with the Hybrid Configuration wizard and is
typically created automatically when the hybrid deployment is initially configured by the wizard. You can use the
Get-OnPremisesOrganization cmdlet to view the properties of the OnPremisesOrganization object in the Office
365 tenant.
Manual modification of this object may result in hybrid deployment misconfiguration. We strongly recommend that
you use the Hybrid Configuration wizard to modify this object in the Office 365 tenant.
Examples
-------------------------- Example 1 --------------------------
Get-OnPremisesOrganization -Identity ExchangeMail | Format-List
This example retrieves the on-premises organization settings for ExchangeMail using the Identity parameter.
-------------------------- Example 2 --------------------------
Get-OnPremisesOrganization -DomainController 'mail.contoso.com' | Format-List
This example retrieves the on-premises organization settings by using the FQDN of the domain controller.
Parameters
-Identity
The Identity parameter specifies the identity of the on-premises organization object. You can use the following
values:
Canonical name
GUID
Name
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in on-premises Exchange. The Get-PendingFederatedDomain cmdlet is used by the
Exchange admin center to display a list of pending federated domains for the federation trust for your Exchange
organization. You shouldn't use this cmdlet to attempt to manually configure a federation trust. For information
Syntax
Get-PendingFederatedDomain [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
This example retrieves the pending federated domain information for the federation trust for your Exchange
organization.
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-RemoteMailbox
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-RemoteMailbox cmdlet to retrieve the mail-
related attributes of users in the on-premises organization that have associated mailboxes in the cloud-based
service. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Get-RemoteMailbox [-Anr <String>]
[-Archive]
[-Filter <String>]
[-OnPremisesOrganizationalUnit <OrganizationalUnitIdParameter>]
Get-RemoteMailbox [[-Identity] <RemoteMailboxIdParameter>]

[-Archive]
[-Filter <String>]
[-OnPremisesOrganizationalUnit <OrganizationalUnitIdParameter>]
Description
The Get-RemoteMailbox cmdlet retrieves the mail-related attributes of a mail user in the on-premises Active
Directory. It doesn't retrieve the attributes of the associated cloud-based mailbox. Most of the mail-related
attributes of the on-premises mail user and the associated cloud-based mailbox should be the same. However, the
cloud-based mailbox has additional attributes that you can't view by using this cmdlet. To view the attributes of the
cloud-based mailbox, you need to use the Exchange admin center in the cloud-based service, or use remote
PowerShell to connect to your cloud-based organization and run the Get-Mailbox cmdlet.
Examples
-------------------------- Example 1 --------------------------
Get-RemoteMailbox
This example returns a summary list of all remote mailboxes in your organization.
-------------------------- Example 2 --------------------------
Get-RemoteMailbox -Identity laura@contoso.com | Format-List
This example returns a detailed information for the remote mailbox for the user laura@contoso.com.
-------------------------- Example 3 --------------------------
$Credentials = Get-Credential; Get-RemoteMailbox -Credential $Credentials
This example uses alternate credentials to retrieve a list of one or more mail-enabled users with mailboxes in the
service. This is useful if the account you typically use doesn't have administrative permissions. The credentials are
used to access the on-premises Active Directory domain controllers.
First, run the following command to prompt you for your credentials and then store them in a variable. Then
retrieve a list of remote mailboxes using the credentials you provided by using the second command.
Parameters
-Anr
searched are:
CommonName (CN )
DisplayName
FirstName
LastName
Alias
Type: String
Required: False
Position: Named
Default value: None
-Archive
The Archive switch is required to return the user's archive mailbox in the results. You don't need to specify a value
with this switch.
Required: False
Position: Named
Default value: None
-Credential
Type: PSCredential
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Filter
Type: String
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the remote mailbox that you want to view. You can use any value that uniquely
identifies the remote mailbox. For example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: 1
Default value: None
-IgnoreDefaultScope
automatically.
accepted.
Required: False
Position: Named
Default value: None
-OnPremisesOrganizationalUnit
The OnPremisesOrganizationalUnit parameter filters the results by the object's location in Active Directory.
Valid input for this parameter is an organizational unit (OU ) or domain that's visible using the Get-
OrganizationalUnit cmdlet. You can use any value that uniquely identifies the OU or domain. For example:
Name
Canonical name
GUID
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
-SortBy
Name
DisplayName
Alias
Type: String
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-FederationTrust
In ths Article
This cmdlet is available only in on-premises Exchange. Use the New -FederationTrust cmdlet to set up a federation
trust between your Exchange organization and the Microsoft Federation Gateway. For information about the
Syntax
New-FederationTrust [-Name] <String> -Thumbprint <String> -ApplicationUri <String> [-
SkipNamespaceProviderProvisioning] [-AdministratorProvisioningId <String>] [-ApplicationIdentifier <String>]
[-Confirm]
[-MetadataUrl <Uri>]
New-FederationTrust [-Name] <String> -Thumbprint <String> [-SuppressDnsWarning] [-UseLegacyProvisioningService]

[-Confirm]
Description
Federation trusts are trusts created between an Exchange organization and the Microsoft Federation Gateway. A
federation trust is required to configure a federated organization identifier for federated sharing.
For more information, see Federation (https://technet.microsoft.com/library/dd335047.aspx).
Examples
-------------------------- Example 1 --------------------------
New-FederationTrust -Name "Microsoft Federation Gateway" -Thumbprint AC00F35CBA8359953F4126E0984B5CCAFA2F4F17
This example creates the federation trust Microsoft Federation Gateway with a certificate with the thumbprint
AC00F35CBA8359953F4126E0984B5CCAFA2F4F17.
Parameters
-AdministratorProvisioningId
The AdministratorProvisioningId parameter specifies the provisioning key returned by the Microsoft Federation
Gateway when an organization has already registered a SiteID or ApplicationID.
If you specify the AdministratorProvisioningId parameter, you must use the SkipNamespaceProviderProvisioning
switch and also specify the ApplicationIdentifier and ApplicationUri parameters.
Type: String
Required: False
Position: Named
Default value: None
-ApplicationIdentifier
The ApplicationIdentifier parameter specifies the SiteID or ApplicationID when an organization has already
registered a SiteID or ApplicationID.
If you specify the ApplicationIdentifier parameter, you must use the SkipNamespaceProviderProvisioning switch
and also specify the AdministratorProvisioningId and ApplicationUri parameters.
Type: String
Required: False
Position: Named
Default value: None
-ApplicationUri
The ApplicationUri parameter specifies the primary domain used for the federated organization identifier.
If you specify the ApplicationUri parameter, you must use the SkipNamespaceProviderProvisioning switch and also
specify the AdministratorProvisioningId and ApplicationIdentifier parameters.
Type: String
Required: True
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-MetadataUrl
The MetadataUrl parameter specifies the URL where WS -FederationMetadata is published by the Microsoft
Federation Gateway.
Type: Uri
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies a friendly name for the federation trust.
Type: String
Required: True
Position: 1
Default value: None
-SkipNamespaceProviderProvisioning
The SkipNamespaceProviderProvisioning switch specifies that the trust and federated organization identifier are
provisioned externally without using federation functionality in Microsoft Exchange.
If you use this switch, you must specify the ApplicationIdentifier, ApplicationUri and AdministratorProvisioningId
parameters.
Required: True
Position: Named
Default value: None
-SuppressDnsWarning
The SuppressDNSWarning parameter specifies whether to display the DNS warning message for creating TXT
records in your public DNS when running the New -FederationTrust cmdlet. Valid values are $true or $false. The
default value is $false. However, this parameter is automatically set to $true when used by the Hybrid
Configuration wizard. It's not recommended that you use this parameter when using the New -FederationTrust
cmdlet.
Required: False
Position: Named
Default value: None
-Thumbprint
The Thumbprint parameter specifies the thumbprint of a certificate issued by a public certification authority (CA)
trusted by the Microsoft Federation Gateway. For more details, see Federation
Type: String
Required: True
Position: Named
Default value: None
-UseLegacyProvisioningService
The UseLegacyProvisioningService parameter specifies if the legacy interface on the Microsoft Federation Gateway
will be used for managing the federation trust, including federated domains, certificates, and federation metadata.
Valid input for this parameter is $true or $false. The default value is $false. When using a self-signed certificate for
configuring a federation trust with the Microsoft Federation Gateway, the trust needs to be created with the
parameter set to $true. After the federation trust is created, this behavior can't be changed and requires the deletion
and re-creation of the federation trust. We recommend you always use the default value of $false.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in on-premises Exchange. Use the New -HybridConfiguration cmdlet to create the
HybridConfiguration object and set up a hybrid deployment between your on-premises Exchange organization and
a Microsoft Office 365 for enterprises organization. For information about the parameter sets in the Syntax section
Syntax
New-HybridConfiguration [-ClientAccessServers <MultiValuedProperty>] [-Confirm] [-DomainController <Fqdn>]
[-Domains <MultiValuedProperty>] [-ExternalIPAddresses <MultiValuedProperty>]
[-Features <MultiValuedProperty>] [-OnPremisesSmartHost <SmtpDomain>]
[-SecureMailCertificateThumbprint <String>] [-TransportServers <MultiValuedProperty>] [-WhatIf]
[-EdgeTransportServers <MultiValuedProperty>] [-ReceivingTransportServers <MultiValuedProperty>]
[-SendingTransportServers <MultiValuedProperty>] [-ServiceInstance <Int32>]
[-TlsCertificateName <SmtpX509Identifier>] [<CommonParameters>]
Description
A hybrid deployment offers organizations the ability to extend the feature-rich experience and administrative
control they have with their existing on-premises Microsoft Exchange organization to the cloud. The New -
HybridConfiguration cmdlet is used with the Hybrid Configuration wizard and is typically configured when the
hybrid deployment is initially created by the wizard. We strongly recommend that you use the Hybrid
Configuration wizard to create the HybridConfiguration object and configure your hybrid deployment with the
Exchange Online organization.
For more information, see Exchange Server Hybrid Deployments
(https://technet.microsoft.com/library/jj200581.aspx).
Examples
-------------------------- Example 1 --------------------------
This example creates the hybrid configuration Hybrid Configuration with the default hybrid configuration settings.
Parameters
-ClientAccessServers
The ClientAccessServers parameter specifies the Exchange Server 2010 SP2 servers with the Client Access server
role installed that will be configured to support the hybrid deployment features. At least one Client Access server
must be defined and be externally accessible from the Internet on ports 80 and 443. The servers will be configured
to enable the following:
Mailbox Replication Service (MRS ) Proxy The MRS Proxy service configuration on the Client Access servers
will be enabled.
Virtual Directories The Client Access servers will host the default Web sites for the Exchange Web Services
(EWS ), offline address books, and ActiveSync services.
Outlook Anywhere The Client Access servers will have Outlook Anywhere enabled.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Domains
The Domains parameter specifies the domain namespaces that are used in the hybrid deployment. These domains
must be configured as accepted domains in either the on-premises Exchange organization or the Exchange Online
service. The domains are used in configuring the organization relationships and Send and Receive connectors used
by the hybrid configuration.
Required: False
Position: Named
Default value: None
-EdgeTransportServers
The EdgeTransportServers parameter specifies the Edge Transport servers that are configured to support the
hybrid deployment features. The Edge Transport server must be externally accessible from the Internet on port 25.
The accepted values for the EdgeTransportServers parameter are either the full or short computer name of an Edge
Transport server, for example, either edge.corp.contoso.com or EDGE. Separate server names with a comma if
defining more than one Edge Transport server.
When configuring the EdgeTransportServers parameter, you must configure the ReceivingTransportServers and
SendingTransportServers parameter values to $null.
Required: False
Position: Named
Default value: None
-ExternalIPAddresses
The ExternalIPAddresses parameter is a legacy parameter that specifies the publicly accessible inbound IP address
of Microsoft Exchange Server 2010 Hub Transport servers. The only configuration change that should be made
with this parameter is to change or clear the legacy Exchange 2010 Hub Transport server IP address value. The IP
address must be Internet Protocol version 4 (IPv4) based only.
Required: False
Position: Named
Default value: None
-Features
The Features parameter specifies the features that are enabled for the hybrid configuration. One or more of the
following values separated by commas can be entered. When using the Hybrid Configuration wizard, all features
are enabled by default.
OnlineArchive: Enables the Exchange Online archive for on-premises Exchange and Exchange Online
organization users.
FreeBusy: Enables free/busy calendar information to be shared between on-premises Exchange and Exchange
Online organization users.
MailTips: Enables MailTips information to be shared between on-premises Exchange and Exchange Online
organization users.
MessageTracking: Enables message tracking information to be shared between on-premises Exchange and
Exchange Online organization users.
OWARedirection: Enables automatic Microsoft Outlook on the web redirection to either the on-premises
Exchange or Exchange Online organizations depending on where the user mailbox is located.
SecureMail: Enables secure message transport via Transport Layer Security (TLS ) between the on-premises
Exchange and Exchange Online organizations.
Centralized: Enables the on-premises servers to handle all message transport between the on-premises
Exchange and Exchange Online organizations, including message delivering to the Internet for both
organizations. If this value is $false, the on-premises server and Exchange Online organization are each
responsible for their own Internet message delivery.
Photos: Enables the sharing of user photo data between the on-premises Exchange and Exchange Online
organizations. This feature works in tandem with the PhotosEnabled parameter in the OrganizationRelationship
cmdlets in a hybrid deployment. If the Photos parameter is $true, the PhotosEnabled parameter is automatically
set to $true. If the Photos parameter is $false, the PhotosEnabled parameter is automatically set to $false. When
running the Hybrid Configuration wizard for the first time, the default value is $true.
Required: False
Position: Named
Default value: None
-OnPremisesSmartHost
The OnPremisesSmartHost parameter specifies the FQDN of the on-premises Mailbox server used for secure mail
transport for messages sent between the on-premises Exchange and Exchange Online organizations.
Type: SmtpDomain
Required: False
Position: Named
Default value: None
-ReceivingTransportServers
The ReceivingTransportServers parameter specifies the Mailbox servers that are defined in the outbound connector
configuration of the Microsoft Exchange Online Protection (EOP ) service included as part of the Office 365 for
enterprises tenant. The servers defined in the ReceivingTransportServers parameter are designated as the receiving
servers for secure mail messages sent from the Exchange Online organization to the on-premises Exchange
organization in a hybrid deployment. At least one Mailbox server must be defined and be externally accessible from
the Internet for secure mail to be enabled between the on-premises Exchange and Exchange Online organizations.
The accepted values for the ReceivingTransportServers parameter are either the full or short computer name of a
Mailbox server, for example, either mbx.corp.contoso.com or MBX. Separate server names with a comma if defining
more than one Mailbox server.
If configuring the EdgeTransportServers parameter in the hybrid deployment, the ReceivingTransportServers
parameter value must be $null.
Required: False
Position: Named
Default value: None
-SecureMailCertificateThumbprint
The SecureMailCertificateThumbprint parameter specifies the thumbprint of the X.509 certificate to be used as the
certificate for hybrid deployment secure message transport. This certificate cannot be self-signed, must be obtained
from a trusted certificate authority (CA) and must be installed on all Hub Transport servers defined in the
TransportServers parameter.
Type: String
Required: False
Position: Named
Default value: None
-SendingTransportServers
The SendingTransportServers parameter specifies the Exchange Mailbox servers that are defined in the inbound
connector configuration of the EOP service included as part of the Office 365 for enterprises tenant. The servers
defined in the SendingTransportServers parameter are designated as the receiving servers for secure mail
messages sent from the on-premises Exchange organization to the Exchange Online organization in a hybrid
deployment. At least one Mailbox server must be defined and be externally accessible from the Internet for secure
mail to be enabled between the on-premises Exchange and Exchange Online organizations. The accepted values for
the SendingTransportServers parameter are either the full or short computer name of a Mailbox server, for
example, either mbx.corp.contoso.com or MBX. Separate server names with a comma if defining more than one
Mailbox server.
If configuring the EdgeTransportServers parameter in the hybrid deployment, the SendingTransportServers
Required: False
Position: Named
Default value: None
-ServiceInstance
The ServiceInstance parameter should only be used by organizations manually configuring hybrid deployments
with Office 365 operated by 21Vianet in China. All other organizations should use the Hybrid Configuration wizard
to configure a hybrid deployment with Office 365. The valid values for this parameter are 0 (null) or 1. The default
value is 0 (null).For organizations connecting with Office 365 operated by 21Vianet in China, set this value to 1
when manually configuring your hybrid deployment.
Type: Int32
Required: False
Position: Named
Default value: None
-TlsCertificateName
The TlsCertificateName parameter specifies the X.509 certificate to use for TLS encryption. A valid value for this
parameter is "<I>X.500Issuer<S>X.500Subject". The X.500Issuer value is found in the certificate's Issuer field, and
the X.500Subject value is found in the certificate's Subject field. You can find these values by running the Get-
ExchangeCertificate cmdlet. Or, after you run Get-ExchangeCertificate to find the thumbprint value of the
certificate, run the command $TLSCert = Get-ExchangeCertificate -Thumbprint <Thumbprint>, run the command
$TLSCertName = "<I>$($TLSCert.Issuer)<S>$($TLSCert.Subject)", and then use the value $TLSCertName for
this parameter.
Type: SmtpX509Identifier
Required: False
Position: Named
Default value: None
-TransportServers
The TransportServers parameter specifies the Exchange Server 2010 SP2 servers with the Hub Transport server
role installed that are configured to support the hybrid deployment features. At least one Hub Transport server
must be defined and be externally accessible from the Internet for secure mail to be enabled between the on-
premises and cloud-based organizations.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-IntraOrganizationConnector
In ths Article
may be exclusive to one environment or the other. Use the New -IntraOrganizationConnector cmdlet to create an
Intra-Organization connector between two on-premises Exchange forests in an organization, between an Exchange
on-premises organization and an Exchange Online organization, or between two Exchange Online organizations.
This connector enables feature availability and service connectivity across the organizations using a common
connector and connection endpoints. For information about the parameter sets in the Syntax section below, see
Syntax
New-IntraOrganizationConnector [-Name] <String> -DiscoveryEndpoint <Uri>
-TargetAddressDomains <MultiValuedProperty> [-Confirm] [-DomainController <Fqdn>] [-Enabled <$true | $false>]
Description
The New -IntraOrganizationConnector cmdlet is used to create a connection for features and services between
divisions in your Exchange organization. It allows for the expansion of organizational boundaries for features and
services across different hosts and network boundaries, such as between Active Directory forests, between on-
premises and cloud-based organizations, or between tenants hosted in the same or different datacenters.
For hybrid deployments between on-premises Exchange and Exchange Online organizations, the New -
IntraOrganizationConnector cmdlet is used by the Hybrid Configuration wizard. Typically, the Intra-Organization
connector is configured when the hybrid deployment is initially created by the wizard. We strongly recommend that
you use the Hybrid Configuration wizard to create the Intra-Organization connector when configuring a hybrid
deployment with an Exchange Online organization.
Examples
-------------------------- Example 1 --------------------------
New-IntraOrganizationConnector -DiscoveryEndpoint https://ExternalDiscovery.Contoso.com -Name

MainCloudConnector -TargetAddressDomains Cloud1.contoso.com,Cloud2.contoso.com
This example creates an Intra-Organization connector named "MainCloudConnector" between an on-premises

Exchange organization and an Exchange Online organization containing two domains, Cloud1.contoso.com and
Cloud2.contoso.com.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DiscoveryEndpoint
The DiscoveryEndpoint parameter specifies the externally-accessible URL that's used for the Autodiscover service
for the domain that's configured in the Intra-Organization connector.
Type: Uri
Required: True
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter enables or disabled the Intra-organization connector. The valid values for this parameter
are $true or $false. The default value is $true.
When you set the value to $false, you completely stop connectivity for the specific connection.
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies a friendly name for the Intra-Organization connector. If the value contains spaces,
enclose the value in double quotation marks.
Type: String
Required: True
Position: 1
Default value: None
-TargetAddressDomains
The TargetAddressDomains parameter specifies the domain namespaces that will be used in the Intra-organization
connector. These domains must have valid Autodiscover endpoints defined in their organizations. The domains and
their associated Autodiscover endpoints are used by the Intra-Organization connector for feature and service
connectivity.
You specify multiple domain values separated by commas.
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-OnPremisesOrganization
In ths Article
This cmdlet is available only in the cloud-based service. Use the New -OnPremisesOrganization cmdlet to create an
OnPremisesOrganization object in a Microsoft Office 365 tenant. For information about the parameter sets in the
Syntax
New-OnPremisesOrganization [-Name] <String> -HybridDomains <MultiValuedProperty>
-InboundConnector <InboundConnectorIdParameter> -OrganizationGuid <Guid>
-OutboundConnector <OutboundConnectorIdParameter> [-Comment <String>] [-Confirm] [-OrganizationName <String>]
[-OrganizationRelationship <OrganizationRelationshipIdParameter>] [-WhatIf] [<CommonParameters>]
Description
The OnPremisesOrganization object represents an on-premises Microsoft Exchange organization configured for
hybrid deployment with an Office 365 tenant organization. It's used with the Hybrid Configuration wizard and is
typically created automatically when the hybrid deployment is initially configured by the wizard. Manual
modification of this object may result in hybrid deployment misconfiguration; therefore, we strongly recommend
that you use the Hybrid Configuration wizard to update this object in the Office 365 tenant.
Examples
-------------------------- Example 1 --------------------------
New-OnPremisesOrganization -Name "ExchangeMail" -OrganizationGuid "a1bc23cb-3456-bcde-abcd-feb363cacc88" -

HybridDomains contoso.com, sales.contoso.com -InboundConnector "Inbound to ExchangeMail" -OutboundConnector
"Outbound to ExchangeMail"
This example creates the OnPremisesOrganization object ExchangeMail in an Office 365 tenant for the hybrid
domains contoso.com and sales.contoso.com.
Parameters
-Comment
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-HybridDomains
The HybridDomains parameter specifies the domains that are configured in the hybrid deployment between an
Office 365 tenant and an on-premises Exchange organization. The domains specified in this parameter must match
the domains listed in the HybridConfiguration object for the on-premises Exchange organization configured by the
Hybrid Configuration wizard. Multiple domains may be listed and must be separated by a comma, for example,
"contoso.com, sales.contoso.com".
Required: True
Position: Named
Default value: None
-InboundConnector
The InboundConnector parameter specifies the name of the inbound connector configured on the Microsoft
Exchange Online Protection (EOP ) service for a hybrid deployment configured with an on-premises Exchange
organization.
Type: InboundConnectorIdParameter
Required: True
Position: Named
Default value: None
-Name
The Name parameter specifies a friendly name for the on-premises Exchange organization object in the Office 365
tenant.
Type: String
Required: True
Position: 1
Default value: None
-OrganizationGuid
The OrganizationGuid parameter specifies the globally unique identifier (GUID ) of the on-premises Exchange
organization object in the Office 365 tenant.
Type: Guid
Required: True
Position: Named
Default value: None
-OrganizationName
The OrganizationName parameter specifies the Active Directory object name of the on-premises Exchange
organization.
Type: String
Required: False
Position: Named
Default value: None
-OrganizationRelationship
The OrganizationRelationship parameter specifies the organization relationship configured by the Hybrid
Configuration wizard on the Office 365 tenant as part of a hybrid deployment with an on-premises Exchange
organization. This organization relationship defines the federated sharing features enabled on the Office 365
tenant.
Type: OrganizationRelationshipIdParameter
Required: False
Position: Named
Default value: None
-OutboundConnector
The OutboundConnector parameter specifies the name of the outbound connector configured on the EOP service
for a hybrid deployment configured with an on-premises Exchange organization.
Type: OutboundConnectorIdParameter
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-RemoteMailbox
In ths Article
This cmdlet is available only in on-premises Exchange. Use the New -RemoteMailbox cmdlet to create a mail user in
the on-premises Active Directory and also create an associated mailbox in the cloud-based service. For information
Syntax
New-RemoteMailbox [-Name] <String> -Password <SecureString> -UserPrincipalName <String> [-Alias <String>]
[-ArbitrationMailbox <MailboxIdParameter>] [-Archive] [-Confirm] [-DisplayName <String>]
[-DomainController <Fqdn>] [-FirstName <String>] [-ImmutableId <String>] [-Initials <String>]
[-LastName <String>] [-ModeratedBy <MultiValuedProperty>] [-ModerationEnabled <$true | $false>]
[-OnPremisesOrganizationalUnit <OrganizationalUnitIdParameter>] [-PrimarySmtpAddress <SmtpAddress>]
[-RemotePowerShellEnabled <$true | $false>] [-RemoteRoutingAddress <ProxyAddress>]
[-ResetPasswordOnNextLogon <$true | $false>] [-SamAccountName <String>]
[-SendModerationNotifications <Never | Internal | Always>] [-WhatIf] [-ACLableSyncedObjectEnabled]
New-RemoteMailbox [-Name] <String> [-Password <SecureString>] [-Room] [-UserPrincipalName <String>]

[-Alias <String>] [-ArbitrationMailbox <MailboxIdParameter>] [-Archive] [-Confirm] [-DisplayName <String>]
New-RemoteMailbox [-Name] <String> [-Equipment] [-Password <SecureString>] [-UserPrincipalName <String>]

New-RemoteMailbox [-Name] <String> [-Shared] [-Password <SecureString>] [-UserPrincipalName <String>]

New-RemoteMailbox [-Name] <String> [-AccountDisabled] [-Password <SecureString>] [-UserPrincipalName <String>]
Description
The New -RemoteMailbox cmdlet creates an on-premises mail user. The mail user contains a specific attribute,
which indicates that an associated mailbox in the service should be created when the user is synchronized to the
service using directory synchronization.
Directory synchronization must be configured correctly for a mailbox to be created in the service. Creation of the
mailbox in the service isn't immediate and depends on the directory synchronization schedule.
The policies that you apply to recipients in the on-premises Exchange organization, such as Unified Messaging or
compliance policies, aren't applied to mailboxes in the service. You must configure policies in the service if you want
policies to be applied to recipients in the service.
Examples
-------------------------- Example 1 --------------------------
$Credentials = Get-Credential; New-RemoteMailbox -Name "Kim Akers" -Password $Credentials.Password -

UserPrincipalName kim@corp.contoso.com
This example creates an on-premises mail user and its associated mailbox in the service. The remote routing
address doesn't need to be specified because mail flow between the on-premises organization and the service has
been configured. Using this configuration, the New -RemoteMailbox cmdlet automatically calculates the SMTP
address of the mailbox to be used with the RemoteRoutingAddress parameter. This example also assumes directory
synchronization has been configured.
The first command stores the password to use with the new remote mailbox in a variable by using the Get-
Credential cmdlet. The last command creates the mail user.
After the new mail user is created, directory synchronization synchronizes the new mail user to the service and the
associated mailbox is created.
-------------------------- Example 2 --------------------------
$Credentials = Get-Credential; New-RemoteMailbox -Name "Kim Akers" -Password $Credentials.Password -

UserPrincipalName kim@corp.contoso.com -OnPremisesOrganizationalUnit "corp.contoso.com/Archive Users" -Archive
This example does the following steps:

Creates an on-premises mail user. The mail user is placed in the contoso.com/Archive Users OU. The OU has no
effect on the mailbox in the service.
Creates the associated mailbox in the service.
Creates an archive mailbox in the service for the mailbox.
As in Example 1, this example assumes that mail flow and directory synchronization have been properly configured.
Parameters
-AccountDisabled
The AccountDisabled switch specifies whether to create the mail user in a disabled state. You don't have to specify a
Required: True
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
-Alias
characters.
question marks (?).
Type: String
Required: False
Position: Named
Default value: None
-ArbitrationMailbox
The ArbitrationMailbox parameter specifies the mailbox used to manage the moderation process. You can use any
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-Archive
The Archive switch specifies whether to also create an archive mailbox in the service. You don't need to specify a
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DisplayName
The DisplayName parameter specifies the display name of the mail user and the associated mailbox in the service.
The display name is visible in the Exchange admin center, in address lists, and in Outlook. The maximum length is
256 characters. If the value contains spaces, enclose the value in quotation marks (").
Type: String
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Equipment
The Equipment switch specifies that the mailbox in the service should be created as an equipment resource
mailbox.
computers).
You can't use this switch with the Room switch.
Required: True
Position: Named
Default value: None
-FirstName
The FirstName parameter specifies the user's first name.
Type: String
Required: False
Position: Named
Default value: None
-ImmutableId
The ImmutableId parameter is used by GAL synchronization (GALSync) and specifies a unique and immutable
identifier in the form of an SMTP address for an Exchange mailbox used for federated delegation when requesting
Security Assertion Markup Language (SAML ) tokens. If federation is configured for this mailbox and you don't set
this parameter when you create the mailbox, Exchange creates the value for the immutable ID based upon the
mailbox's ExchangeGUID and the federated account namespace, for example, 7a78e7c8-620e-4d85-99d3-
c90d90f29699@mail.contoso.com.
You need to set the ImmutableId parameter if Active Directory Federation Services (AD FS ) is deployed to allow
single sign-on into an off-premises mailbox and AD FS is configured to use a different attribute than
ExchangeGUID for sign-on token requests. Both, Exchange and AD FS must request the same token for the same
user to ensure proper functionality for a cross-premises Exchange deployment scenario.
The ImmutableId parameter is used by GAL Synchronization (GALSync) and specifies a unique and immutable
identifier in the form of an SMTP address for an Exchange mailbox that's used for federated delegation when
requesting Security Assertion Markup Language (SAML ) tokens. If federation is configured for this mailbox and
you don't set this parameter when you create the mailbox, Exchange creates the value for the immutable identifier
based upon the mailbox's ExchangeGUID and the federated account namespace, for example, 7a78e7c8-620e-
4d85-99d3-c90d90f29699@mail.contoso.com. You must set the ImmutableId parameter if Active Directory
Federation Services (AD FS ) is deployed to allow single sign-on into an off-premises mailbox and AD FS is
configured to use a different attribute than ExchangeGUID for sign-on token requests. Both, Exchange and AD FS
must request the same token for the same user to ensure proper functionality for a cross-premise Exchange
deployment scenario.
Type: String
Required: False
Position: Named
Default value: None
-Initials
The Initials parameter specifies the user's middle initials.
Type: String
Required: False
Position: Named
Default value: None
-LastName
The LastName parameter specifies the user's last name.
Type: String
Required: False
Position: Named
Default value: None
-ModeratedBy
The ModeratedBy parameter specifies one or more moderators for this recipient. A moderator approves messages
sent to the recipient before the messages are delivered. A moderator must be a mailbox, mail user, or mail contact
in your organization. You can use any value that uniquely identifies the moderator. For example:
Name
Alias
Canonical DN
Email address
GUID
You need to use this parameter to specify at least one moderator when you set the ModerationEnabled parameter
to the value $true.
Required: False
Position: Named
Default value: None
-ModerationEnabled
The ModerationEnabled parameter specifies whether moderation is enabled for this recipient. Valid value are:
$true: Moderation is enabled for this recipient. Messages sent to this recipient must be approved by a
moderator before the messages are delivered.
$false: Moderation is disabled for this recipient. Messages sent to this recipient are delivered without the
approval of a moderator. This is the default value.
You use the ModeratedBy parameter to specify the moderators.

Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the unique name of the on-premises mail user and the associated mailbox in the
service. The maximum length is 64 characters. If the value contains spaces, enclose the value in quotation marks (").
Type: String
Required: True
Position: 1
Default value: None
-OnPremisesOrganizationalUnit
The OnPremisesOrganizationalUnit parameter specifies the organizational unit (OU ) in the on-premises
organization in which the new mailbox is added (for example, redmond.contoso.com/Users).
Name
Canonical name
GUID
This parameter has no effect on the mailbox in the service.
Required: False
Position: Named
Default value: None
-Password
The Password parameter specifies the password used by the mail user to secure his or her account and associated
mailbox in the service.
parameter.
Type: SecureString
Required: True
Position: Named
Default value: None
-PrimarySmtpAddress
Type: SmtpAddress
Required: False
Position: Named
Default value: None
-RemotePowerShellEnabled
The RemotePowerShellEnabled parameter specifies whether the user can connect to Exchange using remote
PowerShell. Remote PowerShell is required to open the Exchange Management Shell on Exchange servers, or to
use Windows PowerShell open and import a remote PowerShell session to Exchange. Access to remote PowerShell
is required even if you're trying to open the Exchange Management Shell on the local Exchange server. Valid values
are:
$true: The user can use remote PowerShell. This is the default value.
$false: The user can't use remote PowerShell.

Required: False
Position: Named
Default value: None
The RemoteRoutingAddress parameter specifies the SMTP address of the mailbox in the service that this user is
associated with. This address is created automatically when the service is initially configured in the format of <your
domain>.mail.onmicrosoft.com.
If you've configured mail flow between the on-premises organization and the service, such as in a hybrid
deployment, you don't need to specify this parameter. The remote routing address is calculated automatically and
assigned to the email address policy for the on-premises organization by the Hybrid Configuration wizard.
Type: ProxyAddress
Required: False
Position: Named
Default value: None
-ResetPasswordOnNextLogon
The ResetPasswordOnNextLogon parameter specifies whether the user must change their password the next time
they log on. Valid values are:
$true: The user is required to change their password the next time they log on.
$false: The user isn't required to change their password the next time they log on. This is the default value.

Required: False
Position: Named
Default value: None
-Room
The Room switch specifies that the mailbox in the service should be created as a room resource mailbox.
You can't use the Room switch if you specified the Equipment switch.
Required: True
Position: Named
Default value: None
-SamAccountName
The value can contain letters, numbers, spaces, periods (.), and the characters !, #, $, %, ^, &, -, _, {, } and ~. The last
Type: String
Required: False
Position: Named
Default value: None
-SendModerationNotifications
The SendModerationNotifications parameter specifies when moderation notification messages are sent. Valid
values are:
Always: Notify all senders when their messages aren't approved. This is the default value.
Internal: Notify senders in the organization when their messages aren't approved.
Never: Don't notify anyone when a message isn't approved.
This parameter is only meaningful when moderation is enabled (the ModerationEnabled parameter has the value
$true).
Type: Never | Internal | Always

Required: False
Position: Named
Default value: None
-Shared
Note: This switch is available only in Exchange 2013 CU21 or later and Exchange 2016 CU10 or later. To use this
switch, you also need to run setup.exe /PrepareAD. For more information, see KB4133605.
The Shared switch specifies that the mailbox in the service should be created as a shared mailbox. You don't need to
You can't use this switch with the Room or Equipment switches.
Required: True
Position: Named
Default value: None
-UserPrincipalName
The UserPrincipalName parameter specifies the logon name for the user account. The UPN uses an email address
format <username>@<domain>. Typically, the <domain> value is the domain where the user account resides.
Type: String
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-FederatedDomain
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Remove-FederatedDomain cmdlet to remove a
federated domain from the federated organization identifier in the federation trust for the Exchange organization. If
you remove a domain configured for federated sharing, federated sharing for that domain is disabled. For more
information, see Federation (https://technet.microsoft.com/library/dd335047.aspx). For information about the
Syntax
Remove-FederatedDomain [[-Identity] <OrganizationIdParameter>] -DomainName <SmtpDomain> [-Confirm]
[-DomainController <Fqdn>] [-Force] [-WhatIf] [<CommonParameters>]
Description
An Exchange organization's federated organization identifier is generally created using the organization's primary
domain name. Additional domain names can be added and removed. The Remove-FederatedDomain cmdlet
removes a federated domain from the federated organization identifier.
Examples
-------------------------- Example 1 --------------------------
Remove-FederatedDomain -DomainName contoso.co.uk
This example removes the federated domain contoso.co.uk from the federated organization identifier.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-DomainName
The DomainName parameter specifies the federated domain name to be removed from the federated organization
identifier.
Type: SmtpDomain
Required: True
Position: Named
Default value: None
-Force
The Force switch specifies whether to suppress warning or confirmation messages when removing a federated
domain. This parameter can be used when the removal of the federated domain from Windows Live fails, but the
configuration of this domain as a federated domain in Exchange should be removed regardless. The result of
running this task with the Force switch is that the Exchange configuration is removed but the domain may not be
released in Windows Live. We recommend that you not use the Force switch unless the release of the domain from
Windows Live continues to fail.
Required: False
Position: Named
Default value: None
-Identity
Required: False
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-FederationTrust
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Remove-FederationTrust cmdlet to remove an
existing federation trust from an Exchange organization. For information about the parameter sets in the Syntax
Syntax
Remove-FederationTrust [-Identity] <FederationTrustIdParameter> [-Confirm] [-DomainController <Fqdn>] [-WhatIf]
Description
Federation trusts are set up with Microsoft Federation Gateway to enable calendar sharing and free/busy sharing
with external Exchange organizations or individuals. The Remove-FederationTrust cmdlet removes a federation
trust.
Examples
-------------------------- Example 1 --------------------------
Remove-FederationTrust "Microsoft Federation Gateway"
This example removes the federation trust Microsoft Federation Gateway.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the identity of the federation trust being removed.
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
may be exclusive to one environment or the other. Use the Remove-HybridConfiguration cmdlet to delete the
HybridConfigurationActive Directory object for your on-premises Exchange organization. For information about
Syntax
Remove-HybridConfiguration [-Confirm] [-DomainController <Fqdn>] [-WhatIf] [<CommonParameters>]
Description
Removing a HybridConfiguration object should typically only be performed in circumstances where the hybrid
deployment state is corrupt and under the direction of Microsoft Customer Service and Support. After removing
the HybridConfiguration object, your existing hybrid deployment configuration settings aren't disabled or removed.
However, when the Hybrid Configuration wizard is run again after removing the HybridConfiguration object, the
wizard won't have a hybrid configuration reference point for your existing feature settings. As a result, it will
automatically create a HybridConfiguration object and record the new hybrid deployment configuration feature
values defined in the wizard. The feature settings associated with the hybrid deployment, such as organization
relationship or Send and Receive connector parameters, which were configured with the HybridConfiguration
object that's removed, aren't removed or modified until the Hybrid Configuration wizard is run again.
Examples
-------------------------- Example 1 --------------------------
This example removes the HybridConfiguration object for the hybrid deployment.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-IntraOrganizationConnector
In ths Article
may be exclusive to one environment or the other. Use the Remove-IntraOrganizationConnector cmdlet to remove
existing Intra-Organization connectors. For information about the parameter sets in the Syntax section below, see
Syntax
Remove-IntraOrganizationConnector [-Identity] <IntraOrganizationConnectorIdParameter> [-Confirm]
Description
boundaries, such as between Active Directory forests, between on-premises and cloud-based organizations or
The Remove-IntraOrganizationConnector cmdlet removes the connector objects. To stop feature or service
connectivity without removing the connector object, run the command Set-IntraOrganizationConnector
<ConnectorIdentity> -Enabled $false.
Examples
-------------------------- Example 1 --------------------------
Remove-IntraOrganizationConnector "Contoso On-premises-Exchange Online"
This example removes the existing Intra-Organization connector named "Contoso On-premises-Exchange Online".
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Intra-Organization connector that you want to remove. You can use any value
that uniquely identifies the connector. For example:
Name
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-OnPremisesOrganization
In ths Article
This cmdlet is available only in the cloud-based service. Use the Remove-OnPremisesOrganization cmdlet to
remove an OnPremisesOrganization object in a Microsoft Office 365 tenant. For information about the parameter
Syntax
Remove-OnPremisesOrganization [-Identity] <OnPremisesOrganizationIdParameter> [-Confirm] [-WhatIf]
Description
Removing an OnPremisesOrganization object should only be used in circumstances where the hybrid deployment
state is corrupt and under the direction and supervision of Microsoft Customer Service and Support. After
removing the OnPremisesOrganization object, any related hybrid deployment configured with this object won't be
functional and will need to be re-created and reconfigured.
Examples
-------------------------- Example 1 --------------------------
Remove-OnPremisesOrganization -Identity ExchangeMail
This example removes the ExchangeMail OnPremisesOrganization object in an Office 365 tenant.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
values:
Canonical name
GUID
Name
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-RemoteMailbox
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Remove-RemoteMailbox cmdlet to remove a mail-
enabled user in the on-premises Active Directory and the associated mailbox in the cloud-based service. For
Syntax
Remove-RemoteMailbox [-Identity] <RemoteMailboxIdParameter> [-Confirm] [-DomainController <Fqdn>]
[-IgnoreDefaultScope] [-IgnoreLegalHold] [-WhatIf] [<CommonParameters>]
Description
With the Remove-RemoteMailbox cmdlet, you can remove an on-premises mail-enabled user and the mailbox
from the service. If you only want to remove the mailbox from the service and keep the associated on-premises
user, use the Disable-RemoteMailbox cmdlet.
Directory synchronization must be configured correctly for a mailbox to be removed from the service. Removal of
the mailbox from the service isn't immediate and depends on the directory synchronization schedule.
Examples
-------------------------- Example 1 --------------------------
Remove-RemoteMailbox "Kim Akers"
This example removes the on-premises mail-enabled user Kim Akers and the associated mailbox from the service.
This example assumes directory synchronization has been configured.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter identifies the mail-enabled user and the associated mailbox in the service that you want to
remove. You can use one of the following values:
ADObjectID
Legacy DN
GUID
Domain\Account name
Email address
Alias
Required: True
Position: 1
Default value: None
-IgnoreDefaultScope
automatically.
accepted.
Required: False
Position: Named
Default value: None
-IgnoreLegalHold
The IgnoreLegalHold switch ignores the legal hold status of the mailbox user and allows you to remove the cloud-
based mailbox on legal hold.
After you remove a mailbox, you can't include it in a discovery search. Depending on the command parameters you
use, removed mailboxes are either purged immediately or when the deleted mailbox retention period expires.
Check with your organization's legal or Human Resources department before disabling a mailbox that's on legal
hold.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-FederatedOrganizationIdentifier
In ths Article
may be exclusive to one environment or the other. Use the Set-FederatedOrganizationIdentifier cmdlet to configure
the federated organization identifier for the Exchange organization. For more details, see Federation
(https://technet.microsoft.com/library/dd335047.aspx). For information about the parameter sets in the Syntax
Syntax
Set-FederatedOrganizationIdentifier [[-Identity] <OrganizationIdParameter>] [-AccountNamespace <SmtpDomain>]
[-Confirm] [-DelegationFederationTrust <FederationTrustIdParameter>] [-DomainController <Fqdn>]
[-Enabled <$true | $false>] [-OrganizationContact <SmtpAddress>] [-WhatIf] [-DefaultDomain <SmtpDomain>]
Description
You must configure a federated organization identifier to create an account namespace for your Exchange
organization with the Microsoft Federation Gateway and enable federation for the purpose of sharing calendars or
contacts, accessing free/busy information across Exchange organizations and securing cross-premises email
delivery using federated delivery. When you create a federation trust, a value for the AccountNamespace
parameter is automatically created with the Microsoft Federation Gateway. The AccountNamespace parameter is a
combination of a pre-defined string and the domain specified. For example, if you specify the federated domain
contoso.com as the domain, "FYDIBOHF25SPDLT.contoso.com" is automatically created as the value for the
AccountNamespace parameter. You can add and remove Additional domain names later by using the Add-
FederatedDomain and Remove-FederatedDomain cmdlets.
You can temporarily disable federation by disabling the organization identifier.
Examples
-------------------------- Example 1 --------------------------
Set-FederatedOrganizationIdentifier -DelegationFederationTrust "Microsoft Federation Gateway" -AccountNamespace

"Contoso.com" -Enabled $true
This example configures a federated organization identifier for the Exchange organization.
-------------------------- Example 2 --------------------------
Set-FederatedOrganizationIdentifier -Enabled $false
This example temporarily disables federation for the Exchange organization.

-------------------------- Example 3 --------------------------
Set-FederatedOrganizationIdentifier -Enabled $true
This example enables the organization identifier. This enables federation for the Exchange organization.
Parameters
-AccountNamespace
The AccountNamespace parameter specifies the federated domain to be used to establish the organization
identifier with the Microsoft Federation Gateway.
Type: SmtpDomain
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DefaultDomain
The DefaultDomain parameter specifies the federated domain used for delegation tokens issued by the Microsoft
Federation Gateway for user accounts in the Exchange organization. If the DefaultDomain parameter isn't set, the
primary SMTP domain for each user account is used in delegation tokens issued by the Microsoft Federation
Gateway. Only a single domain or subdomain for the Exchange organization should be configured, and it applies to
all delegation tokens issued for the Exchange organization, for example, contoso.com.
Type: SmtpDomain
Required: False
Position: Named
Default value: None
-DelegationFederationTrust
The DelegationFederationTrust parameter specifies the identity of the federation trust to be used by the
organization identifier.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter specifies whether the organization identifier is enabled. Valid values include $true or $false.
Setting the parameter to $false disables federation.

Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the federated organization identifier.
Required: False
Position: 1
Default value: None
-OrganizationContact
The OrganizationContact parameter specifies the SMTP address of the federation contact.
Type: SmtpAddress
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-FederationTrust
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-FederationTrust cmdlet to modify an existing
federation trust. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Set-FederationTrust [-Identity] <FederationTrustIdParameter> -ApplicationUri <String>
[-Confirm]
[-Name <String>]
[-WhatIf]
[-PublishFederationCertificate]
Set-FederationTrust [-Identity] <FederationTrustIdParameter> [-PublishFederationCertificate]

[-Confirm]
[-Name <String>]
[-WhatIf]
Set-FederationTrust [-Identity] <FederationTrustIdParameter>

[-Confirm]
[-Name <String>]
[-RefreshMetadata]
[-Thumbprint <String>]
Description
You can use the Set-FederationTrust cmdlet to manage the certificates used for the federation trust. You can also
use the Set-FederationTrust cmdlet to refresh the metadata document from the Microsoft Federation Gateway and
download its certificate.
Examples
-------------------------- Example 1 --------------------------
Set-FederationTrust -Identity "Microsoft Federation Gateway" -Thumbprint
AC00F35CBA8359953F4126E0984B5CCAFA2F4F17
This example configures the federation trust Microsoft Federation Gateway to use the certificate with the
thumbprint AC00F35CBA8359953F4126E0984B5CCAFA2F4F17 as the next certificate.
-------------------------- Example 2 --------------------------
Set-FederationTrust -Identity "Microsoft Federation Gateway" -PublishFederationCertificate
This example configures the federation trust Microsoft Federation Gateway to use the next certificate as the current
certificate.
Before you configure a federation trust to use the next certificate as the current certificate, you need to use the Test-
FederationTrust cmdlet to verify that the certificate is available on all Exchange servers.
Parameters
-ApplicationUri
The ApplicationUri parameter specifies the primary domain used for the federation organization identifier.
Type: String
Required: True
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name of the federation trust being modified.
Required: True
Position: 1
Default value: None
-MetadataUrl
The MetadataUrl parameter specifies the URL where WS -FederationMetadata is published by the Microsoft
Federation Gateway.
Type: Uri
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies a name for the federation trust.
Type: String
Required: False
Position: Named
Default value: None
-PublishFederationCertificate
The PublishFederationCertificate switch specifies the next certificate as the current certificate for the federation
trust and publishes it to the Microsoft Federation Gateway. You don't need to specify a value with this switch.
The certificate is used to encrypt tokens with the Microsoft Federation Gateway.
Before setting the next certificate to be used as the current certificate, ensure that the certificate is deployed on all
Exchange servers. Use the Test-FederationCertificate cmdlet to check the deployment status of the certificate.
Required: True
Position: Named
Default value: None
-RefreshMetadata
The RefreshMetadata switch specifies that the metadata document and certificate is retrieved again from the
Microsoft Federation Gateway.
Required: False
Position: Named
Default value: None
-Thumbprint
The Thumbprint parameter specifies the thumbprint of the X.509 certificate to be configured as the next certificate
for the federation trust. After the certificate is deployed on all Exchange servers in the organization, you can use the
PublishFederationCertificate switch to configure the trust to use this certificate.
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-HybridConfiguration
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-HybridConfiguration cmdlet to modify the
hybrid deployment between your on-premises Exchange organization and Exchange Online in a Microsoft Office
365 for enterprises organization. For information about the parameter sets in the Syntax section below, see
Syntax
Set-HybridConfiguration [-ClientAccessServers <MultiValuedProperty>] [-Confirm] [-DomainController <Fqdn>]
[-Domains <MultiValuedProperty>] [-ExternalIPAddresses <MultiValuedProperty>]
[-Features <MultiValuedProperty>] [-Name <String>] [-OnPremisesSmartHost <SmtpDomain>]
[-SecureMailCertificateThumbprint <String>] [-TransportServers <MultiValuedProperty>] [-WhatIf]
[-EdgeTransportServers <MultiValuedProperty>] [-ReceivingTransportServers <MultiValuedProperty>]
[-SendingTransportServers <MultiValuedProperty>] [-ServiceInstance <Int32>]
[-TlsCertificateName <SmtpX509Identifier>] [<CommonParameters>]
Description
The Set-HybridConfiguration cmdlet modifies the hybrid configuration features, such as enabling secure mail,
designating a specific Mailbox server for hybrid functionality, or enabling or disabling free/busy information
sharing and message tracking between the on-premises Exchange and Exchange Online organizations.
Examples
-------------------------- Example 1 --------------------------
Set-HybridConfiguration -SecureMailCertificateThumbprint AC00F35CBA8359953F4126E0984B5CCAFA2F4F17
In Exchange Server 2010, this example specifies that the hybrid configuration will use the certificate with the
thumbprint AC00F35CBA8359953F4126E0984B5CCAFA2F4F17 as the certificate for Secure Mail messaging.
-------------------------- Example 2 --------------------------
Set-HybridConfiguration -Features OnlineArchive,MailTips,OWARedirection,FreeBusy,MessageTracking
This example disables the secure mail and centralized transport hybrid deployment features, but keeps the
Exchange Online Archive, MailTips, Outlook on the web redirection, free/busy and message tracking features
enabled between the on-premises Exchange and Exchange Online organizations.
-------------------------- Example 3 --------------------------
Set-HybridConfiguration -TlsCertificateName "

CN=A. Datum Corporation CA-3, OU=www.adatum.com, O=A.Datum Corp, C=USCN=mail.contoso.com, O=Barbara Zighetti,
L=Seattle, S=WA, C=US"
This example specifies that the hybrid deployment uses a defined TLS certificate, referenced by the combination of
the Issuer and Subject attributes of the CA issued X.509 certificate.
Parameters
-ClientAccessServers
The ClientAccessServers parameter specifies the Exchange Server 2010 SP2 servers with the Client Access server
role installed that will be configured to support the hybrid deployment features. At least one Client Access server
must be defined and be externally accessible from the Internet on ports 80 and 443. The servers will be configured
to enable the following:
Mailbox Replication Service (MRS ) Proxy The MRS Proxy service configuration on the Client Access servers
will be enabled.
Virtual Directories The Client Access servers will host the default Web sites for the Exchange Web Services
(EWS ), offline address books, and ActiveSync services.
Outlook Anywhere The Client Access servers will have Outlook Anywhere enabled.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Domains
The Domains parameter specifies the domain namespaces that will be used in the hybrid deployment. These
domains must be configured as accepted domains in either the on-premises Exchange organization or the
Exchange Online organization. The domains will be used in configuring the organization relationships and Send
and Receive connectors used by the hybrid configuration.
Required: False
Position: Named
Default value: None
-EdgeTransportServers
The EdgeTransportServers parameter specifies the Edge Transport servers that are configured to support the
hybrid deployment features. The Edge Transport server must be externally accessible from the Internet on port 25.
The accepted values for the EdgeTransportServers parameter are either the full or short computer name of an Edge
Transport server, for example, either edge.corp.contoso.com or EDGE. Separate server names with a comma if
defining more than one Edge Transport server.
When configuring the EdgeTransportServers parameter, you must configure the ReceivingTransportServers and
SendingTransportServers parameter values to $null.
Required: False
Position: Named
Default value: None
-ExternalIPAddresses
The ExternalIPAddresses parameter is a legacy parameter that specifies the publicly accessible inbound IP address
of Microsoft Exchange Server 2010 Hub Transport servers. The only configuration change that should be made
with this parameter is to change or clear the legacy Exchange 2010 Hub Transport server IP address value. The IP
address must be Internet Protocol version 4 (IPv4) based only.
Required: False
Position: Named
Default value: None
-Features
The Features parameter specifies the features enabled for the hybrid configuration. One or more of the following
values separated by commas can be entered. When using the Hybrid Configuration wizard, all features are enabled
by default.
Centralized: Enables transport servers to handle all message transport between the on-premises Exchange and
Exchange Online organizations, including external message delivery to the Internet for both organizations. If
this value is $false, the on-premises transport servers and Exchange Online organization are each responsible
for their own Internet message delivery.
FreeBusy: Enables free/busy calendar information to be shared between on-premises Exchange and Exchange
Online organization users.
MailTips: Enables MailTips information to be shared between on-premises Exchange and Exchange Online
organization users.
MessageTracking: Enables message tracking information to be shared between on-premises Exchange and
Exchange Online organization users.
OnlineArchive: Enables the Exchange Online archive feature so that Exchange Online supports hosting archive
mailboxes for on-premises users.
OWARedirection: Enables automatic Microsoft Outlook on the web redirection to either the on-premises
Exchange or Exchange Online organizations depending on where the user mailbox is located.
SecureMail: Enables secure message transport via Transport Layer Security (TLS ) between the on-premises
Exchange and Exchange Online organizations.
Photos: Enables the sharing of user photo data between the on-premises Exchange and Exchange Online
organizations. This feature works in tandem with the PhotosEnabled parameter in the OrganizationRelationship
cmdlets in a hybrid deployment. If the Photos parameter is $true, the PhotosEnabled parameter is automatically
set to $true. If the Photos parameter is $false, the PhotosEnabled parameter is automatically set to $false. When
running the Hybrid Configuration wizard for the first time, the default value is $true.
Required: False
Position: Named
Default value: None
-Name
There can be only one HybridConfiguration object in an Exchange organization.
Type: String
Required: False
Position: Named
Default value: None
-OnPremisesSmartHost
The OnPremisesSmartHost parameter specifies the FQDN of the on-premises Mailbox servers used for secure
mail transport for messages sent between the on-premises Exchange and Exchange Online organizations.
Type: SmtpDomain
Required: False
Position: Named
Default value: None
-ReceivingTransportServers
The ReceivingTransportServers parameter specifies the Mailbox servers that are defined in the outbound connector
configuration of the Microsoft Exchange Online Protection (EOP ) service included as part of the Office 365 for
enterprises tenant. The servers defined in the ReceivingTransportServers parameter are designated as the receiving
servers for secure mail messages sent from the Exchange Online organization to the on-premises Exchange
organization in a hybrid deployment. At least one Mailbox server must be defined and be externally accessible from
the Internet for secure mail to be enabled between the on-premises Exchange and Exchange Online organizations.
The accepted values for the ReceivingTransportServers parameter are either the full or short computer name of a
Mailbox server, for example, either mbx.corp.contoso.com or MBX. Separate server names with a comma if defining
more than one Mailbox server.
If configuring the EdgeTransportServers parameter in the hybrid deployment, the ReceivingTransportServers
Required: False
Position: Named
Default value: None
-SecureMailCertificateThumbprint
The SecureMailCertificateThumbprint parameter specifies the thumbprint of the X.509 certificate to be used as the
certificate for hybrid deployment secure message transport. This certificate cannot be self-signed, must be obtained
from a trusted certificate authority (CA), and must be installed on all Hub Transport servers defined in the
TransportServers parameter.
Type: String
Required: False
Position: Named
Default value: None
-SendingTransportServers
The SendingTransportServers parameter specifies the Mailbox servers that are defined in the inbound connector
configuration of the EOP service included as part of the Office 365 for enterprises tenant. The servers defined in
the SendingTransportServers parameter are designated as the receiving servers for secure mail messages sent
from the on-premise organization to the Exchange Online organization in a hybrid deployment. At least one
Mailbox server must be defined and be externally accessible from the Internet for secure mail to be enabled
between the on-premises Exchange and Exchange Online organizations. The accepted values for the
SendingTransportServers parameter are either the full or short computer name of a Mailbox server, for example,
either mbx.corp.contoso.com or MBX. Separate server names with a comma if defining more than one Mailbox
server.
If configuring the EdgeTransportServers parameter in the hybrid deployment, the SendingTransportServers
Required: False
Position: Named
Default value: None
-ServiceInstance
The ServiceInstance parameter should only be used by organizations manually configuring hybrid deployments
with Office 365 operated by 21Vianet in China. All other organizations should use the Hybrid Configuration wizard
to configure a hybrid deployment with Office 365. The valid values for this parameter are 0 (null) or 1. The default
value is 0 (null). For organizations connecting with Office 365 operated by 21Vianet in China, set this value to 1
when manually configuring your hybrid deployment.
Type: Int32
Required: False
Position: Named
Default value: None
-TlsCertificateName
The TlsCertificateName parameter specifies the X.509 certificate to use for TLS encryption. A valid value for this
parameter is "<I>X.500Issuer<S>X.500Subject". The X.500Issuer value is found in the certificate's Issuer field, and
the X.500Subject value is found in the certificate's Subject field. You can find these values by running the Get-
ExchangeCertificate cmdlet. Or, after you run Get-ExchangeCertificate to find the thumbprint value of the
certificate, run the command $TLSCert = Get-ExchangeCertificate -Thumbprint <Thumbprint>, run the command
$TLSCertName = "<I>$($TLSCert.Issuer)<S>$($TLSCert.Subject)", and then use the value $TLSCertName for
this parameter.
Type: SmtpX509Identifier
Required: False
Position: Named
Default value: None
-TransportServers
The TransportServers parameter specifies the Exchange Server 2010 SP2 servers with the Hub Transport server
role installed that will be configured to support the hybrid deployment features. At least one Hub Transport server
must be defined and be externally accessible from the Internet for secure mail to be enabled between the on-
premises and cloud-based organizations.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-HybridMailflow
In ths Article
This cmdlet is available only in the cloud-based service. Use the Set-HybridMailflow cmdlet to configure the
message transport settings for the Microsoft Exchange Online Protection (EOP ) service in a hybrid deployment.
The Set-HybridMailflow cmdlet is only used to support hybrid deployments configured with the Hybrid
Configuration wizard offered in Microsoft Exchange Server 2010 Service Pack 2 (SP2). For information about the
Syntax
Set-HybridMailflow [-CentralizedTransportEnabled <$true | $false>] [-CertificateSubject <String>] [-Confirm]
[-InboundIPs <IPRange[]>] [-OnPremisesFQDN <Fqdn>] [-OutboundDomains <SmtpDomainWithSubdomains[]>]
[-SecureMailEnabled <$true | $false>] [-WhatIf] [<CommonParameters>]
Description
The Set-HybridMailflow cmdlet supports the configuration of message transport settings for hybrid deployments
created with the Hybrid Configuration wizard offered in Exchange 2010 SP2. This cmdlet isn't typically used by
administrators; therefore, we strongly recommend that it only be used as part of the hybrid configuration process
using the Hybrid Configuration wizard.
Examples
-------------------------- Example 1 --------------------------
Set-HybridMailflow
This example configures the message transport settings in the EOP service for a hybrid deployment.
Parameters
-CentralizedTransportEnabled
The CentralizedTransportEnabled parameter specifies that the Exchange Online organization routes all outbound
mail messages to external recipients to the on-premises Exchange organization. The on-premises Exchange
organization then routes the messages to the external recipients. The valid input for the
CentralizedTransportEnabled parameter is $true or $false. The default value is $true.
Required: False
Position: Named
Default value: None
-CertificateSubject
The CertificateSubject parameter specifies the principal name of the certificate used for secure mail flow between
the on-premises Exchange and Exchange Online organizations.
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-InboundIPs
The InboundIPs parameter specifies the IP addresses of the on-premises mail transport servers configured as part
of the hybrid deployment. These must point to either Exchange 2010 SP2 Hub Transport or Edge Transport servers.
Type: IPRange[]
Required: False
Position: Named
Default value: None
-OnPremisesFQDN
The OnPremisesFQDN parameter specifies the fully qualified domain name (FQDN ) of the outbound smart host in
the on-premises Exchange organization to use for centralized transport. This is either an on-premises Exchange
2010 SP2 Hub Transport or Edge Transport server.
Type: Fqdn
Required: False
Position: Named
Default value: None
-OutboundDomains
The OutboundDomains parameter specifies SMTP domains configured for the hybrid deployment.
Type: SmtpDomainWithSubdomains[]
Required: False
Position: Named
Default value: None
-SecureMailEnabled
The SecureMailEnabled parameter specifies that all messages sent between the on-premises Exchange and the
Exchange Online organizations must use the Transport Layer Security (TLS ) protocol and the assigned digital
certificate. The valid input for the SecureMailEnabled parameter is $true or $false. The default value is $true.

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-IntraOrganizationConnector
In ths Article
may be exclusive to one environment or the other. Use the Set-IntraOrganizationConnector cmdlet to modify an
existing Intra-Organization connector between two on-premises Exchange forests in an organization, between an
on-premises Exchange organization and an Exchange Online organization or between two Exchange Online
organizations. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Set-IntraOrganizationConnector [-Identity] <IntraOrganizationConnectorIdParameter> [-Confirm]
[-DiscoveryEndpoint <Uri>] [-DomainController <Fqdn>] [-Enabled <$true | $false>]
[-TargetAddressDomains <MultiValuedProperty>] [-WhatIf] [<CommonParameters>]
Description
boundaries, such as between Active Directory forests, between on-premises and cloud-based organizations or
Examples
-------------------------- Example 1 --------------------------
Set-IntraOrganizationConnector "MainCloudConnector" -Enabled $false
This example disables the Intra-Organization connector named "MainCloudConnector".
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DiscoveryEndpoint
The DiscoveryEndpoint parameter specifies the externally accessible URL used for the Autodiscover service for the
domain configured in the IntraOrganization Connector. This parameter is automatically populated with the
TargetAutodiscoverEpr value from the Get-FederationInformation cmdlet for the defined domain.
Type: Uri
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter enables or disabled the Intra-organization connector. The valid values for this parameter
are $true or $false. The default value is $true.
When you set the value to $false, you completely stop connectivity for the specific connection.

Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Intra-Organization connector that you want to modify. You can use any value
that uniquely identifies the connector. For example:
Name
GUID
Required: True
Position: 1
Default value: None
-TargetAddressDomains
The TargetAddressDomains parameter specifies the domain namespaces that will be used in the Intra-Organization
connector. The domains must have valid Autodiscover endpoints defined in their organizations. The domains and
their associated Autodiscover endpoints are used by the Intra-Organization connector for feature and service
connectivity.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-OnPremisesOrganization
In ths Article
This cmdlet is available only in the cloud-based service. Use the Set-OnPremisesOrganization cmdlet to modify the
parameters of the OnPremisesOrganization object on the Microsoft Office 365 tenant. For information about the
Syntax
Set-OnPremisesOrganization [-Identity] <OnPremisesOrganizationIdParameter> [-Comment <String>] [-Confirm]
[-HybridDomains <MultiValuedProperty>] [-InboundConnector <InboundConnectorIdParameter>]
[-OrganizationName <String>] [-OrganizationRelationship <OrganizationRelationshipIdParameter>]
[-OutboundConnector <OutboundConnectorIdParameter>] [-WhatIf] [<CommonParameters>]
Description
The OnPremisesOrganization object represents an on-premises Exchange organization configured for hybrid
deployment with an Office 365 tenant organization. Typically, this object is only modified and updated by the
Hybrid Configuration wizard. Manual modification of this object may result in hybrid deployment misconfiguration;
therefore, we strongly recommend that you use the Hybrid Configuration wizard to update this object in the Office
365 tenant.
Examples
-------------------------- Example 1 --------------------------
Set-OnPremisesOrganization -Identity "ExchangeMail" -HybridDomains contoso.com, sales.contoso.com,

legal.contoso.com
This example adds a third domain legal.contoso.com to the ExchangeMail OnPremisesOrganization object on the
Office 365 tenant, which already has the contoso.com and sales.contoso.com domains.
Parameters
-Comment
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-HybridDomains
The HybridDomains parameter specifies the domains that are configured in the hybrid deployment between an
Office 365 tenant and an on-premises Exchange organization. The domains specified in this parameter must match
the domains listed in the HybridConfiguration Active Directory object for the on-premises Exchange organization
configured by the Hybrid Configuration wizard. Multiple domains may be listed and must be separated by a
comma, for example, "contoso.com, sales.contoso.com".
Required: False
Position: Named
Default value: None
-Identity
values:
Canonical name
GUID
Name
Required: True
Position: 1
Default value: None
-InboundConnector
The InboundConnector parameter specifies the name of the inbound connector configured on the Microsoft
Exchange Online Protection (EOP ) service for a hybrid deployment configured with an on-premises Exchange
organization.
Required: False
Position: Named
Default value: None
-OrganizationName
The OrganizationName parameter specifies the Active Directory object name of the on-premises Exchange
organization.
Type: String
Required: False
Position: Named
Default value: None
-OrganizationRelationship
The OrganizationRelationship parameter specifies the organization relationship configured by the Hybrid
Configuration wizard on the Office 365 tenant as part of a hybrid deployment with an on-premises Exchange
organization. This organization relationship defines the federated sharing features enabled on the Office 365
tenant.
Type: OrganizationRelationshipIdParameter
Required: False
Position: Named
Default value: None
-OutboundConnector
The OutboundConnector parameter specifies the name of the outbound connector configured on the EOP service
for a hybrid deployment configured with an on-premises Exchange organization.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-PendingFederatedDomain
In ths Article
This cmdlet is available only in on-premises Exchange. The Set-PendingFederatedDomain cmdlet is used by the
Exchange admin center to configure pending domains with the federated organization identifier in the federation
trust for the Exchange organization. You shouldn't use this cmdlet to attempt to manually configure a federation
trust. The domains being added to the federation trust must exist as accepted domains in the Exchange
Syntax
Set-PendingFederatedDomain [[-Identity] <OrganizationIdParameter>] [-Confirm] [-DomainController <Fqdn>]
[-PendingAccountNamespace <SmtpDomain>] [-PendingDomains <SmtpDomain[]>] [-WhatIf] [<CommonParameters>]
Description
This cmdlet allows the Exchange admin center to save domains selected as the FederatedOrganizationIdentifier or
federated domains when proof of domain ownership hasn't been completed.
Examples
-------------------------- Example 1 --------------------------
Set-PendingFederatedDomain -PendingDomains contoso.com,sales.contoso.com
This example adds the pending domains contoso.com and sales.contoso.com to the existing federation trust.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
Required: False
Position: 1
Default value: None
-PendingAccountNamespace
The PendingAccountNamespace parameter specifies the pending domain that's used as the account namespace for
the federation trust.
Type: SmtpDomain
Required: False
Position: Named
Default value: None
-PendingDomains
The PendingDomains parameter specifies the pending federated domains that are configured for the federation
trust.
Type: SmtpDomain[]
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-RemoteMailbox
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-RemoteMailbox cmdlet to modify remote
mailboxes. A remote mailbox is a mail user in Active Directory that's associated with a mailbox in the cloud-based
service. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Set-RemoteMailbox [-Identity] <RemoteMailboxIdParameter>
[-AcceptMessagesOnlyFrom <MultiValuedProperty>]
[-AcceptMessagesOnlyFromDLMembers <MultiValuedProperty>]
[-AcceptMessagesOnlyFromSendersOrMembers <MultiValuedProperty>]
[-ACLableSyncedObjectEnabled]
[-Alias <String>]
[-ArchiveGuid <Guid>]
[-ArchiveName <MultiValuedProperty>]
[-BypassModerationFromSendersOrMembers <MultiValuedProperty>]
[-Confirm]
[-CustomAttribute1 <String>]
[-EmailAddressPolicyEnabled <$true | $false>]
[-ExchangeGuid <Guid>]
[-ExtensionCustomAttribute1 <MultiValuedProperty>]
[-GrantSendOnBehalfTo <MultiValuedProperty>]
[-HiddenFromAddressListsEnabled <$true | $false>]
[-ImmutableId <String>]
[-MailTip <String>]
[-MailTipTranslations <MultiValuedProperty>]
[-ModeratedBy <MultiValuedProperty>]
[-ModerationEnabled <$true | $false>]
[-Name <String>]
[-RecoverableItemsQuota <Unlimited>]
[-RecoverableItemsWarningQuota <Unlimited>]
[-RejectMessagesFrom <MultiValuedProperty>]
[-RejectMessagesFromDLMembers <MultiValuedProperty>]
[-RejectMessagesFromSendersOrMembers <MultiValuedProperty>]
[-RemoteRoutingAddress <ProxyAddress>]
[-RemovePicture]
[-RemoveSpokenName]
[-RequireSenderAuthenticationEnabled <$true | $false>]
[-ResetPasswordOnNextLogon <$true | $false>]
[-SendModerationNotifications <Never | Internal | Always>]
[-Type <Regular | Room | Equipment | Shared>]
[-UserPrincipalName <String>]
[-WhatIf]
[-WindowsEmailAddress <SmtpAddress>]
Description
The Set-RemoteMailbox cmdlet configures Exchange attributes for an on-premises mail user. The configuration set
on the on-premises mail user is synchronized to its associated mailbox in the service.
Some attributes on mailboxes in the service can only be configured by connecting to the service and using the Set-
Mailbox cmdlet.
Directory synchronization must be configured correctly for changes made to an on-premises mail user to be
applied to a mailbox in the service. Changing the configuration of the mailbox in the service isn't immediate and
depends on the directory synchronization schedule.
Examples
-------------------------- Example 1 --------------------------
Set-RemoteMailbox -Identity davids -Type Room
This example configures the mailbox in the service that's associated with the specified mail user as a room resource
mailbox. This example assumes that directory synchronization has been configured.
-------------------------- Example 2 --------------------------
Set-RemoteMailbox -Identity kima -AcceptMessagesOnlyFrom davids,"Executive Team",bill@contoso.com
This example configures delivery restrictions for the mailbox in the service that's associated with the specified mail
user. This example assumes that directory synchronization has been configured.
Parameters
-AcceptMessagesOnlyFrom
The AcceptMessagesOnlyFrom parameter specifies who is allowed to send messages to this recipient. Messages
from other senders are rejected.
Valid values for this parameter are individual senders in your organization (mailboxes, mail users, and mail
contacts). You can use any value that uniquely identifies the sender. For example:
Name
Alias
Canonical DN
Email address
GUID
You can enter multiple senders separated by commas. To overwrite any existing entries, use the following syntax:
<sender1>,<sender2>,...<senderN>. If the values contain spaces or otherwise require quotation marks, use the
following syntax: "<sender1>","<sender2>",..."<senderN>".
To add or remove senders without affecting other existing entries, use the following syntax: @{Add="<sender1>","
<sender2>"...; Remove="<sender1>","<sender2>"...}.
The senders you specify for this parameter are automatically copied to the
AcceptMessagesOnlyFromSendersOrMembers property. Therefore, you can't use the AcceptMessagesOnlyFrom
and AcceptMessagesOnlyFromSendersOrMembers parameters in the same command.
By default, this parameter is blank ($null), which allows this recipient to accept messages from all senders.
Required: False
Position: Named
Default value: None
-AcceptMessagesOnlyFromDLMembers
The AcceptMessagesOnlyFromDLMembers parameter specifies who is allowed to send messages to this recipient.
Messages from other senders are rejected.
Valid values for this parameter are groups in your organization (distribution groups, mail-enabled security groups,
and dynamic distribution groups). Specifying a group means all members of the group are allowed to send
messages to this recipient. You can use any value that uniquely identifies the group. For example:
Name
Alias
Canonical DN
Email address
GUID
You can enter multiple groups separated by commas. To overwrite any existing entries, use the following syntax:
<group1>,<group2>,...<groupN>. If the values contain spaces or otherwise require quotation marks, use the
following syntax: "<group1>","<group2>",..."<groupN>".
To add or remove groups without affecting other existing entries, use the following syntax: @{Add="<group1>","
<group2>"...; Remove="<group1>","<group2>"...}.
The groups you specify for this parameter are automatically copied to the
AcceptMessagesOnlyFromSendersOrMembers property. Therefore, you can't use the
AcceptMessagesOnlyFromDLMembers and AcceptMessagesOnlyFromSendersOrMembers parameters in the
same command.
By default, this parameter is blank ($null), which allows this recipient to accept messages from all groups.
Required: False
Position: Named
Default value: None
-AcceptMessagesOnlyFromSendersOrMembers
The AcceptMessagesOnlyFromSendersOrMembers parameter specifies who is allowed to send messages to this
recipient. Messages from other senders are rejected.
Valid values for this parameter are individual senders and groups in your organization. Individual senders are
mailboxes, mail users, and mail contacts. Groups are distribution groups, mail-enabled security groups, and
dynamic distribution groups. Specifying a group means all members of the group are allowed to send messages to
this recipient.
To specify senders for this parameter, you can use any value that uniquely identifies the sender. For example:
Name
Alias
Canonical DN
Email address
GUID
To add or remove individual senders or groups without affecting other existing entries, use the
AcceptMessagesOnlyFrom and AcceptMessageOnlyFromDLMembers parameters.
The individual senders and groups you specify for this parameter are automatically copied to the
AcceptMessagesOnlyFrom and AcceptMessagesOnlyFromDLMembers properties, respectively. Therefore, you
can't use the AcceptMessagesOnlyFromSendersOrMembers parameter and the AcceptMessagesOnlyFrom or
AcceptMessagesOnlyFromDLMembers parameters in the same command.
Required: False
Position: Named
Default value: None
To enable this, use this switch without a value. To disable this, use this exact syntax: -
ACLableSyncedObjectEnabled:$false.
Required: False
Position: Named
Default value: None
-Alias
characters.
question marks (?).
Type: String
Required: False
Position: Named
Default value: None
-ArchiveGuid
Type: Guid
Required: False
Position: Named
Default value: None
-ArchiveName
The ArchiveName parameter specifies the name of the archive mailbox. Use this parameter to change the name of
the archive.
Required: False
Position: Named
Default value: None
-BypassModerationFromSendersOrMembers
The BypassModerationFromSendersOrMembers parameter specifies who is allowed to send messages to this
moderated recipient without approval from a moderator. Valid values for this parameter are individual senders and
groups in your organization. Specifying a group means all members of the group are allowed to send messages to
this recipient without approval from a moderator.
Name
Alias
Canonical DN
Email address
GUID
To enter multiple senders and overwrite any existing entries, use the following syntax: <sender1>,<sender2>,...
<senderN>. If the values contain spaces or otherwise require quotation marks, use the following syntax: "
<sender1>","<sender2>",..."<senderN>".
To add or remove one or more senders without affecting any existing entries, use the following syntax: @{Add="
<sender1>","<sender2>"...; Remove="<sender3>","<sender4>"...}.
This parameter is meaningful only when moderation is enabled for the recipient. By default, this parameter is blank
($null), which means messages from all senders other than the designated moderators are moderated. When a
moderator sends a message to this recipient, the message is isn't moderated. In other words, you don't need to use
this parameter to include the moderators.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-CustomAttribute1
This parameter specifies a value for the CustomAttribute1 property on the recipient. You can use this property to
store custom information about the recipient, and to identify the recipient in filters. The maximum length is 1024
Type: String
Required: False
Position: Named
Default value: None
-CustomAttribute10
Type: String
Required: False
Position: Named
Default value: None
-CustomAttribute11
Type: String
Required: False
Position: Named
Default value: None
-CustomAttribute12
Type: String
Required: False
Position: Named
Default value: None
-CustomAttribute13
Type: String
Required: False
Position: Named
Default value: None
-CustomAttribute14
Type: String
Required: False
Position: Named
Default value: None
-CustomAttribute15
Type: String
Required: False
Position: Named
Default value: None
-CustomAttribute2
Type: String
Required: False
Position: Named
Default value: None
-CustomAttribute3
Type: String
Required: False
Position: Named
Default value: None
-CustomAttribute4
Type: String
Required: False
Position: Named
Default value: None
-CustomAttribute5
Type: String
Required: False
Position: Named
Default value: None
-CustomAttribute6
Type: String
Required: False
Position: Named
Default value: None
-CustomAttribute7
Type: String
Required: False
Position: Named
Default value: None
-CustomAttribute8
Type: String
Required: False
Position: Named
Default value: None
-CustomAttribute9
Type: String
Required: False
Position: Named
Default value: None
-DisplayName
The DisplayName parameter specifies the display name for the mail user. The display name is visible in the
Exchange admin center, address lists, and Outlook. The maximum length is 256 characters. If the value contains
Type: String
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-EmailAddresses

smtp.
Required: False
Position: Named
Default value: None
-EmailAddressPolicyEnabled
The EmailAddressPolicyEnabled parameter specifies whether to apply email address policies to this recipient. Valid
values are:
$true: Email address policies are applied to this recipient. This is the default value.
$false: Email address policies aren't applied to this recipient.

Required: False
Position: Named
Default value: None
-ExchangeGuid
The ExchangeGuid parameter specifies the ExchangeGuid property value of the mail user, which should match the
ExchangeGuid value of the corresponding cloud mailbox.
The ExchangeGuid property is a unique Exchange mailbox identifier, and corresponds to the msExchMailboxGuid
attribute in Active Directory. An example value is d5a0bd9b-4e95-49b5-9736-14fde1eec1e3. Although the syntax
is the same, this value is different than the GUID property value, which corresponds to the objectGUID attribute in
Active Directory.
Type: Guid
Required: False
Position: Named
Default value: None
-ExtensionCustomAttribute1
This parameter specifies a value for the ExtensionCustomAttribute1 property on the recipient. You can use this
property to store custom information about the recipient, and to identify the recipient in filters. You can specify up
to 1300 values separated by commas.
Although this is a multivalued property, the filter {ExtensionCustomAttribute1 -eq '<value>'} will return a match if
the property contains the specified value.
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
-GrantSendOnBehalfTo
The GrantSendOnBehalfTo parameter specifies the DN of recipients that can send messages on behalf of this mail-
enabled user.
Required: False
Position: Named
Default value: None
-HiddenFromAddressListsEnabled
The HiddenFromAddressListsEnabled parameter specifies whether this recipient is visible in address lists. Valid
values are:
$true: The recipient isn't visible in address lists.
$false: The recipient is visible in address lists. This is the default value.

Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the remote mailbox (mail user) that you want to modify. You can use any value that
uniquely identifies the mail user. For example:
ADObjectID
GUID
Legacy DN
Email address
User alias
Required: True
Position: 1
Default value: None
-IgnoreDefaultScope
automatically.
accepted.
Required: False
Position: Named
Default value: None
-ImmutableId
Type: String
Required: False
Position: Named
Default value: None
-MailTip
The MailTip parameter specifies the custom MailTip text for this recipient. The MailTip is shown to senders when
they start drafting an email message to this recipient. If the value contains spaces, enclose the value in quotation
marks (").
When you add a MailTip to a recipient, two things happen:
HTML tags are automatically added to the text. For example, if you enter the text: "This mailbox is not
monitored", the MailTip automatically becomes: <html><body>This mailbox is not monitored</body>
</html>. Additional HTML tags aren't supported, and the length of the MailTip can't exceed 175 displayed
characters.
The text is automatically added to the MailTipTranslations property of the recipient as the default value: default:
<MailTip text>. If you modify the MailTip text, the default value is automatically updated in the
MailTipTranslations property, and vice-versa.
Type: String
Required: False
Position: Named
Default value: None
-MailTipTranslations
The MailTipTranslations parameter specifies additional languages for the custom MailTip text that's defined by the
MailTip parameter. HTML tags are automatically added to the MailTip translation, additional HTML tags aren't
supported, and the length of the MailTip translation can't exceed 175 displayed characters.
To add or remove MailTip translations without affecting the default MailTip or other MailTip translations, use the
following syntax:
@{Add="<culture 1>:<localized text 1>","<culture 2>:<localized text 2>"...; Remove="<culture 3>:<localized text
3>","<culture 4>:<localized text 4>"...}
<culture> is a valid ISO 639 two-letter culture code that's associated with the language.
For example, suppose this recipient currently has the MailTip text: "This mailbox is not monitored." To add the
Spanish translation, use the following value for this parameter: @{Add="ES:Esta caja no se supervisa."}.
Required: False
Position: Named
Default value: None
-ModeratedBy
Name
Alias
Canonical DN
Email address
GUID
to the value $true.
Required: False
Position: Named
Default value: None
-ModerationEnabled

Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the unique name of the mail user. The maximum length is 64 characters. If the value
Type: String
Required: False
Position: Named
Default value: None
-PrimarySmtpAddress
Type: SmtpAddress
Required: False
Position: Named
Default value: None
-RecoverableItemsQuota
The RecoverableItemsQuota parameter specifies the maximum size for the Recoverable Items folder of the
mailbox. If the Recoverable Items folder reaches or exceeds this size, it no longer accepts messages.
A valid value is a number up to 1.999999999 terabytes (2199023254528 bytes) or the value unlimited. The default
value is 30 gigabytes (32212254720 bytes).
When you enter a number, you can qualify it with one of the following units:
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
The RecoverableItemsQuota value must be greater than or equal to the RecoverableItemsWarningQuota value.
Type: Unlimited
Required: False
Position: Named
Default value: None
-RecoverableItemsWarningQuota
The RecoverableItemsWarningQuota parameter specifies the warning threshold for the size of the Recoverable
Items folder for the mailbox. If the Recoverable Items folder reaches or exceeds this size, Exchange logs an event to
the application event log.
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
The RecoverableItemsWarningQuota value must be less than or equal to the RecoverableItemsQuota value.
Type: Unlimited
Required: False
Position: Named
Default value: None
-RejectMessagesFrom
The RejectMessagesFrom parameter specifies who isn't allowed to send messages to this recipient. Messages from
these senders are rejected.
Name
Alias
Canonical DN
Email address
GUID
RejectMessagesFromSendersOrMembers property. Therefore, you can't use the RejectMessagesFrom and
RejectMessagesFromSendersOrMembers parameters in the same command.
Required: False
Position: Named
Default value: None
-RejectMessagesFromDLMembers
The RejectMessagesFromDLMembers parameter specifies who isn't allowed to send messages to this recipient.
Messages from these senders are rejected.
and dynamic distribution groups). Specifying a group means all members of the group aren't allowed to send
Name
Alias
Canonical DN
Email address
GUID
RejectMessagesFromSendersOrMembers property. Therefore, you can't use the RejectMessagesFromDLMembers
and RejectMessagesFromSendersOrMembers parameters in the same command.
Required: False
Position: Named
Default value: None
-RejectMessagesFromSendersOrMembers
The RejectMessagesFromSendersOrMembers parameter specifies who isn't allowed to send messages to this
recipient. Messages from these senders are rejected.
dynamic distribution groups. Specifying a group means all members of the group aren't allowed to send messages
to this recipient.
Name
Alias
Canonical DN
Email address
GUID
RejectMessagesFrom and RejectMessagesFromDLMembers parameters.
RejectMessagesFrom and RejectMessagesFromDLMembers properties, respectively. Therefore, you can't use the
RejectMessagesFromSendersOrMembers parameter and the RejectMessagesFrom or
RejectMessagesFromDLMembers parameters in the same command.
Required: False
Position: Named
Default value: None
The RemoteRoutingAddress parameter specifies the SMTP address of the mailbox in the service that's associated
with this mail user.
You shouldn't have to change the remote routing address if the address was automatically configured by Exchange
when the mail user and its associated mailbox in the service were created.
Type: ProxyAddress
Required: False
Position: Named
Default value: None
-RemovePicture
The RemovePicture switch specifies whether to remove the picture from the mail user. You don't need to specify a
You can add a picture to a mail user by using the Import-RecipientDataProperty cmdlet.
Required: False
Position: Named
Default value: None
-RemoveSpokenName
The RemoveSpokenName switch specifies whether to remove the spoken name from the mail user. You don't need
to specify a value with this switch.
You can add a picture to a mail user by using the Import-RecipientDataProperty cmdlet.
Required: False
Position: Named
Default value: None
-RequireSenderAuthenticationEnabled
The RequireSenderAuthenticationEnabled parameter specifies whether to accept messages only from
authenticated (internal) senders. Valid values are:
$true: Messages are accepted only from authenticated (internal) senders. Messages from unauthenticated
(external) senders are rejected.
$false: Messages are accepted from authenticated (internal) and unauthenticated (external) senders.

Required: False
Position: Named
Default value: None
The ResetPasswordOnNextLogon parameter specifies whether the user must change their password the next time
they log on. Valid values are:
$true: The user is required to change their password the next time they log on.
$false: The user isn't required to change their password the next time they log on. This is the default value.

Required: False
Position: Named
Default value: None
-SamAccountName
Type: String
Required: False
Position: Named
Default value: None
values are:
$true).
The default value is Never.

Required: False
Position: Named
Default value: None
-Type
The Type parameter specifies the type for the mailbox in the service. Valid values are:
Regular
Room
Equipment
Shared
Notes on the value Shared:
Shared is available only in Exchange 2013 CU21 or later and Exchange 2016 CU10 or later. To use this value,
you also need to run setup.exe /PrepareAD. For more information, see KB4133605.
You can only use Shared on a mailbox that was originally created in Exchange Online. If the mailbox was
originally created in on-premises Exchange and then migrated to Exchange Online, you need to migrate the
mailbox back to on-premises Exchange, convert the mailbox to a shared mailbox in on-premises Exchange, and
then migrate the shared mailbox to Exchange Online. Or, you can change the RemoteRecipientType property
value of the on-premises mailbox to "ProvisionMailbox, Migrated, DeprovisionArchive" by running the
following command on an Exchange server: Set-ADUser -Identity "<UserName>" -Replace
@{msExchRemoteRecipientTYpe="21"}.
Type: Regular | Room | Equipment

Required: False
Position: Named
Default value: None
-UserPrincipalName
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-WindowsEmailAddress
The WindowsEmailAddress parameter specifies the Windows email address for this recipient. This is a common
Active Directory attribute that's present in all environments, including environments without Exchange. Using the
WindowsEmailAddress parameter on a recipient has one of the following results:
In environments where the recipient is subject to email address policies (the EmailAddressPolicyEnabled
property is set to the value True for the recipient), the WindowsEmailAddress parameter has no effect on the
WindowsEmailAddress property or the primary email address value.
In environments where the recipient isn't subject to email address policies (the EmailAddressPolicyEnabled
property is set to the value False for the recipient), the WindowsEmailAddress parameter updates the
WindowsEmailAddress property and the primary email address to the same value.
The WindowsEmailAddress property is visible for the recipient in Active Directory Users and Computers in the E -
mail attribute. The attribute common name is E -mail-Addresses, and the Ldap-Display-Name is mail. If you modify
this attribute in Active Directory, the recipient's primary email address is not updated to the same value.
Type: SmtpAddress
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Test-FederationTrust cmdlet to verify that the
federation trust is properly configured and functioning as expected. For information about the parameter sets in the
Syntax
Test-FederationTrust [-Confirm] [-DomainController <Fqdn>] [-MonitoringContext <$true | $false>]
[-UserIdentity <RecipientIdParameter>] [-WhatIf] [<CommonParameters>]
Description
command:
You can run the Test-FederationTrust cmdlet from the Exchange Management Shell, or a monitoring system can
run the test periodically.
The Test-FederationTrust cmdlet runs the following series of tests to ensure that federation is working as expected:
A connection to the Microsoft Federation Gateway is established. This test ensures that communication
between the local Exchange server and the Microsoft Federation Gateway is working correctly.
Certificates are checked to ensure they're valid and can be used with the Microsoft Federation Gateway.
A security token is requested from the Microsoft Federation Gateway. This test ensures that a token can be
properly retrieved and used.
Examples
-------------------------- Example 1 --------------------------
This example validates the federation trust deployed in the Exchange organization and checks whether a security
token can be retrieved from the Microsoft Federation Gateway.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-MonitoringContext

Required: False
Position: Named
Default value: None
-UserIdentity
The UserIdentity parameter specifies a mailbox user to request a token for. You can use any value that uniquely
Name
Alias
Canonical DN
Email address
GUID
If you don't specify a mailbox, the command uses the default test mailbox.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Test-FederationTrustCertificate cmdlet to check the
status of certificates that are used for federation on all Exchange servers. For information about the parameter sets
Syntax
Test-FederationTrustCertificate [-Confirm] [-DomainController <Fqdn>] [-WhatIf] [<CommonParameters>]
Description
The certificate used to establish a federation trust is propagated to all Exchange servers in the organization.
Examples
-------------------------- Example 1 --------------------------
This example reports the status of federation certificates.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Update-HybridConfiguration
In ths Article
may be exclusive to one environment or the other. Use the Update-HybridConfiguration cmdlet to define the
credentials that are used to update the hybrid configuration object. For information about the parameter sets in the
Syntax
Update-HybridConfiguration -OnPremisesCredentials <PSCredential> -TenantCredentials <PSCredential> [-Confirm]
[-DomainController <Fqdn>] [-WhatIf] [-ForceUpgrade] [-SuppressOAuthWarning] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
$OnPremisesCreds = Get-Credential; $TenantCreds = Get-Credential; Update-HybridConfiguration -

OnPremisesCredentials $OnPremisesCreds -TenantCredentials $TenantCreds
This example defines the credentials that are used to update the hybrid configuration object and connect to the
Microsoft Office 365 for enterprises organization.
Use the first command to specify your on-premises organization credentials. For example, run this command and
enter <domain>\admin@contoso.com and the associated password in the resulting Windows PowerShell
Credential Request dialog box.
Use the second command to specify your Office 365 for enterprises organization credentials. For example, run this
command and then enter admin@contoso.onmicrosoft.com and the associated account password in the resulting
Windows PowerShell Credential Request dialog box.
Use the last command to define the credentials that are used to update the hybrid configuration object and connect
to the Office 365 for enterprises organization.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-ForceUpgrade
This confirmation prompt is only displayed when the existing HybridConfiguration Active Directory object version
is Exchange 2010.
Required: False
Position: Named
Default value: None
-OnPremisesCredentials
The OnPremisesCredentials parameter specifies the on-premises Active Directory account and password that's
used to configure the hybrid configuration object. This account must be a member of the Organization
Management role group.
Type: PSCredential
Required: True
Position: Named
Default value: None
-SuppressOAuthWarning
Required: False
Position: Named
Default value: None
-TenantCredentials
The TenantCredentials parameter specifies the Office 365 for enterprises organization account and password that's
used to configure the hybrid configuration object. This is often the administrator account that's assigned when the
Office 365 organization was created. This account must be a member of the Office 365 Global admin role.
Type: PSCredential
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Update-Recipient
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Update-Recipient cmdlet to add Microsoft Exchange
attributes to recipient objects created by the global address list (GAL ) synchronization management agent in
Microsoft Forefront Identity Manager (FIM ) 2010. The recipient objects you modify using this cmdlet must reside
on a server running Microsoft Exchange Server 2010 or later. For information about the parameter sets in the
Syntax
Update-Recipient [-Identity] <RecipientIdParameter> [-Confirm] [-Credential <PSCredential>]
Description
Because of mergers, acquisitions, or legal requirements, customers may need to deploy Exchange in a multiple
Exchange forest topology. These deployments require the synchronization of recipient objects across disparate
Active Directory forests.
Microsoft provides the GAL synchronization management agent for synchronizing recipient objects. The version of
the GAL synchronization management agent included in Microsoft Identity Integration Server (MIIS ) 2003 was
designed to work with Exchange Server 2003 and relied on the Recipient Update Service. Because the Recipient
Update Service is a deprecated feature and is no longer required, the new GAL synchronization management agent
included in FIM 2010 is designed to function without the Recipient Update Service.
As part of the synchronization process, the FIM 2010 GAL synchronization management agent creates recipient
objects in both Active Directory forests. After the recipients are created, the management agent uses the Update-
Recipient cmdlet to add the attributes required by Microsoft Exchange to complete the provisioning of these
recipients.
In Exchange, before you can run the Update-Recipient cmdlet to convert an Active Directory user object into an
Exchange mailbox, you must stamp the user object with the following three mandatory Exchange attributes:
homeMDB
mailNickname
msExchHomeServerName
If you're using MIIS 2003, you must run various cmdlets to complete the provisioning process of the mail contacts
created by the GAL synchronization management agent. The Update-Recipient cmdlet provides an alternate and
more efficient method to do this. You can run the Update-Recipient cmdlet against the recipient objects created by
the MIIS 2003 GAL synchronization management agent to complete the provisioning process.
Examples
-------------------------- Example 1 --------------------------
Update-Recipient -Identity "John Smith"
This example adds Exchange attributes to the mail contact that represents John Smith's mailbox.
-------------------------- Example 2 --------------------------
Get-MailContact -OrganizationalUnit "contoso.com/fabrikam.com Users" | Update-Recipient
This example updates all contacts in a specific organizational unit (OU ). This example assumes that recipients are
synchronized between two forests, contoso.com and fabrikam.com, and all the synchronized recipients from the
fabrikam.com domain are stored in a specific OU called fabrikam.com Users in the contoso.com domain.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Credential
The Credential parameter specifies the username and password to use to access Active Directory.
Type: PSCredential
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the recipient that you want to update. You can use any value that uniquely
identifies the recipient. For example:
Name
Alias
Canonical DN
Email address
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Clean-MailboxDatabase
In ths Article
This cmdlet is available only in Exchange Server 2010. Use the Clean-MailboxDatabase cmdlet to scan Active
Directory for disconnected mailboxes that aren't yet marked as disconnected in the Microsoft Exchange store and
update the status of those mailboxes in the Exchange store. This cmdlet isn't able to update the Exchange store
unless the Microsoft Exchange Information Store service is running and the database is mounted. For information
Syntax
Clean-MailboxDatabase [-Identity] <DatabaseIdParameter> [-Confirm] [-DomainController <Fqdn>] [-WhatIf]
Description
A connected mailbox has two parts: the mailbox object in the Exchange store and the user object with Exchange
properties in Active Directory. A disconnected mailbox is the mailbox object in the Exchange store, but it isn't
connected to a user object in Active Directory. To disconnect a mailbox, use the Disable-Mailbox cmdlet. To
disconnect a mailbox and remove the user object from Active Directory, use the Remove-Mailbox cmdlet. If you
want to permanently remove a mailbox object from the Exchange store, use the Remove-Mailbox cmdlet.
If you want to reconnect a disconnected mailbox to an Active Directory user account, use the Connect-Mailbox
cmdlet.
Under normal circumstances, it isn't necessary to run the Clean-MailboxDatabase cmdlet because a mailbox is
marked as disconnected immediately after the Disable-Mailbox or Remove-Mailbox command completes. If you
used the Disable-Mailbox cmdlet or the Remove-Mailbox cmdlet while the Microsoft Exchange Information Store
service was stopped, or if a mailbox was disabled by an external means other than the Disable-Mailbox cmdlet or
Remove-Mailbox cmdlet, you may want to use the Clean-MailboxDatabase cmdlet to scan for disconnected
mailboxes.
Examples
-------------------------- Example 1 --------------------------
Clean-MailboxDatabase MBD01
This example cleans the mailbox database MBD01.

Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox database that you want to update. You can use any value that uniquely
Name
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Disable-MailboxQuarantine
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Disable-MailboxQuarantine cmdlet to release
quarantined mailboxes. For information about the parameter sets in the Syntax section below, see Exchange cmdlet
Syntax
Disable-MailboxQuarantine [-Identity] <GeneralMailboxIdParameter>
[-Confirm]
Disable-MailboxQuarantine [-Identity] <GeneralMailboxOrMailUserIdParameter> [-IncludePassive]

[-Confirm]
Disable-MailboxQuarantine -Database <DatabaseIdParameter> -StoreMailboxIdentity <StoreMailboxIdParameter> [-

IncludePassive]
[-Confirm]
Disable-MailboxQuarantine -Database <DatabaseIdParameter> [-IncludeAllMailboxes] [-IncludePassive]

[-Confirm]
Disable-MailboxQuarantine -Server <ServerIdParameter> [-IncludeAllDatabases] [-IncludePassive]

[-Confirm]
Description
Mailboxes are quarantined when they affect the availability of the mailbox database. Typically a software fix from
Microsoft is required before releasing a mailbox from quarantine. If a fix isn't deployed before releasing the
mailbox, the quarantine on the mailbox will be re-enabled if the condition recurs. The default quarantine duration is
24 hours.
Examples
-------------------------- Example 1 --------------------------
Disable-MailboxQuarantine "Brian Johnson"
This example releases the mailbox for the user Brian Johnson from quarantine.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Database
The Database parameter specifies the database that contains the mailboxes you want to release from quarantine.
You can use any value that uniquely identifies the database. For example:
Name
GUID
You identify the mailboxes by using the IncludeAllMailboxes switch or the StoreMailboxIdentity parameter.
You can't use this parameter with the Identity or Server parameters.
Required: True
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox that you want to release from quarantine. You can use any value that
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
You can't use this parameter with the Database or Server parameters.
Type: GeneralMailboxIdParameter
Required: True
Position: 1
Default value: None
-IncludeAllDatabases
The IncludeAllDatabases switch specifies that you want to release all quarantined mailboxes in all databases on the
server you specify with the Server parameter. You don't need to specify a value with this switch.
You can only use this switch with the Identity or Database parameters.
Required: True
Position: Named
Default value: None
-IncludeAllMailboxes
The IncludeAllMailboxes switch specifies that you want to release all mailboxes from quarantine in the database
you specify with the Database parameter. You don't need to specify a value with this switch.
You can't use this switch with the StoreMailboxIdentity parameter.
Required: True
Position: Named
Default value: None
-IncludePassive
The IncludePassive switch specifies that you also want to release inactive copies of the mailbox from quarantine.
Required: False
Position: Named
Default value: None
-Server
The Server parameter specifies the server that contains the mailboxes that you want to release from quarantine by
using the IncludeAllDatabases switch. You can use any value that uniquely identifies the server. For example:
Name
FQDN
Distinguished Name (DN )
Exchange Legacy DN
You can't use this parameter with the Identity or Database parameters.
Required: True
Position: Named
Default value: None
-StoreMailboxIdentity
The StoreMailboxIdentity parameter specifies the mailbox that you want to release from quarantine when you use
the Database parameter.
You identify the mailbox by its GUID value. You can find the GUID value by using the Get-Mailbox or Get-
MailboxStatistics cmdlets.
You can't use this switch with the IncludeAllMailboxes switch.
Type: StoreMailboxIdParameter
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Disable-MetaCacheDatabase
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Disable-MetaCacheDatabase cmdlet to disable the
metacache database on Exchange 2019 Mailbox servers. The metacache database stores mailbox database indexes
and secondary copies of metadata on solid state drives (SSDs) to improve search latency and user logons. For
Syntax
Disable-MetaCacheDatabase -Server <String[]> [-Confirm] [-WhatIf] [<CommonParameters>]
Description
Examples
Example 1
Disable-MetaCacheDatabase -Server Mailbox01
This example disables the metacache database on the Exchange server named Mailbox01.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Server
The Server parameter specifies the Mailbox server where you want to disable the metacache database. You can use
Name
FQDN
Exchange Legacy DN
You can specify multiple values separated by commas. If the value contains spaces, enclose the value in quotation
marks ("). For example, "Server1","Server2"..."ServerN".
Type: String[]
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version][Online Version
Dismount-Database
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Dismount-Database cmdlet to dismount databases.
You can run this command only if the Microsoft Exchange Information Store service is running. For information
Syntax
Dismount-Database [-Identity] <DatabaseIdParameter> [-Confirm] [-DomainController <Fqdn>] [-WhatIf]
Description
Examples
-------------------------- Example 1 --------------------------
Dismount-Database -Identity MyDatabase
This example dismounts the database MyDatabase.

Regardless of where you run this cmdlet, it operates against the server hosting the active copy of the database.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the database that you want to dismount. You can use any value that uniquely
Name
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Enable-MailboxQuarantine
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Enable-MailboxQuarantine cmdlet to quarantine
mailboxes that affect the availability of the mailbox database. For information about the parameter sets in the
Syntax
Enable-MailboxQuarantine [-Identity] <GeneralMailboxIdParameter>
[-AllowMigration]
[-Confirm]
[-Duration <EnhancedTimeSpan>]
Enable-MailboxQuarantine [-Identity] <GeneralMailboxOrMailUserIdParameter> [-QuarantineReason <String>]

[-AllowMigration]
[-Confirm]
Enable-MailboxQuarantine -Database <DatabaseIdParameter> -StoreMailboxIdentity <StoreMailboxIdParameter> [-

QuarantineReason <String>]
[-AllowMigration]
[-Confirm]
Description
Examples
-------------------------- Example 1 --------------------------
Enable-MailboxQuarantine "Brian Johnson"
This example quarantines the mailbox for the user Brian Johnson.
Parameters
-AllowMigration
The AllowMigration switch allows a quarantined mailbox to be moved to another mailbox database or to the cloud.
You don't have to specify a value with this switch.
Moving a mailbox is one method of correcting data corruption that's required before releasing the mailbox from
quarantine.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Database
The Database parameter specifies the database that contains the mailboxes you want to quarantine. You can use
any value that uniquely identifies the database. For example:
Name
GUID
You identify the mailbox by using the StoreMailboxIdentity parameter.
Required: True
Position: Named
Default value: None
-Duration
The Duration parameter specifies how long the mailbox should remain quarantined. The default value is 24 hours.
seconds.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox that you want to quarantine. You can use any value that uniquely
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
You can't use this parameter with the Database parameter.
Required: True
Position: 1
Default value: None
-QuarantineReason
The QuarantineReason parameter specifies why you quarantined the mailbox. The maximum length is 255
characters. If the value contains spaces, enclose the value in quotation marks.
Type: String
Required: False
Position: Named
Default value: None
The StoreMailboxIdentity parameter specifies the mailbox that you want to quarantine when you use the Database
parameter.
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Enable-MetaCacheDatabase
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Enable-MetaCacheDatabase cmdlet to enable the
metacache database on Exchange 2019 Mailbox servers. The metacache database stores mailbox database indexes
and secondary copies of metadata on solid state drives (SSDs) to improve search latency and user logons. For
Syntax
Enable-MetaCacheDatabase -Server <String[]> [-Confirm] [-WhatIf] [<CommonParameters>]
Description
Examples
Example 1
Disable-MetaCacheDatabase -Server Mailbox01
This example enables the metacache database on the Exchange server named Mailbox01.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Server
The Server parameter specifies the Mailbox server where you want to enable the metacache database. You can use
Name
FQDN
Exchange Legacy DN
You can specify multiple values separated by commas. If the value contains spaces, enclose the value in quotation
marks ("). For example, "Server1","Server2"..."ServerN".
Type: String[]
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version][Online Version
Get-FailedContentIndexDocuments
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-FailedContentIndexDocuments cmdlet to
retrieve a list of documents for a mailbox, mailbox database, or Mailbox server that couldn't be indexed by
Exchange Search. For information about the parameter sets in the Syntax section below, see Exchange cmdlet
Syntax
Get-FailedContentIndexDocuments [-Identity] <MailboxIdParameter>
[-Archive]
[-Confirm]
[-EndDate <DateTime>]
[-ErrorCode <Int32>]
[-FailureMode <Transient | Permanent | All>]
[-StartDate <DateTime>]
Get-FailedContentIndexDocuments -MailboxDatabase <DatabaseIdParameter>

[-Confirm]
Get-FailedContentIndexDocuments -Server <ServerIdParameter>

[-Confirm]
Description
The Get-FailedContentIndexDocuments cmdlet returns a list of documents that couldn't be indexed. The most
common reason is that there was no filter available for that document type or there was an attachment within the
document. For example, the PDF filter isn't available by default. If an email message contains a PDF document,
because there is no PDF filter, the document is marked as failed content indexing.
After a new filter is installed, only new messages with attachments of the type for which the filter is installed are
indexed. If you want to index older messages for the document type, the mailbox has to be moved.
The cmdlet output provides details about items in a mailbox that couldn't be indexed, including an error code and
the reason for failure.
Examples
-------------------------- Example 1 --------------------------
Get-FailedContentIndexDocuments -Identity "Terry Adams"
This example retrieves a list of items that couldn't be indexed by Exchange Search from the mailbox of user Terry
Adams.
-------------------------- Example 2 --------------------------
Get-FailedContentIndexDocuments -MailboxDatabase "Mailbox Database MDB2"
This example retrieves a list of items that couldn't be indexed by Exchange Search from the mailbox database
Mailbox Database MDB2.
Parameters
-Archive
The Archive switch restricts the scope of the cmdlet to the user's archive. When using the Archive switch, you must
also specify the Identity parameter.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-EndDate
Type: DateTime
Required: False
Position: Named
Default value: None
-ErrorCode
The ErrorCode parameter allows you to retrieve documents that failed indexing with a specific error code. You can
use the cmdlet without this parameter to list all failed documents for a mailbox, a mailbox database or a Mailbox
server. The output includes the error codes and reason for failure. If required, you can then restrict the output to a
specific error code from the results.
Type: Int32
Required: False
Position: Named
Default value: None
-FailureMode
The FailureMode parameter specifies the type of error. Use the following values.
Transient: Returns items that couldn't be indexed due to transient errors. Exchange Search attempts to index
these items again.
Permanent: Returns items that couldn't be indexed due to a permanent error. Exchange Search does not attempt
to index these items again.
All: Returns items that couldn't be indexed regardless of nature of failure.
Type: Transient | Permanent | All

Required: False
Position: Named
Default value: None
-Identity
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-MailboxDatabase
The MailboxDatabase parameter specifies the database from which to get the mailbox. You can use any value that
Name
GUID
Required: True
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
-Server
The Server parameter specifies a Mailbox server. You can use the following values:
Name
GUID
DN
Required: True
Position: Named
Default value: None
-StartDate
Type: DateTime
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-MailboxDatabase
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-MailboxDatabase cmdlet to retrieve one or
more mailbox database objects from a server or organization. For information about the parameter sets in the
Syntax
Get-MailboxDatabase -Server <ServerIdParameter>
[-DumpsterStatistics]
[-IncludeCorrupted]
[-IncludePreExchange2010]
Get-MailboxDatabase [[-Identity] <DatabaseIdParameter>]

[-DumpsterStatistics]
[-IncludeCorrupted]
Description
If you use the Get-MailboxDatabase cmdlet with no parameters, it retrieves information about all mailbox
databases in the Exchange organization. If you use the Get-MailboxDatabase cmdlet with the Server parameter, it
retrieves information about all mailbox databases on the server that you specify.
The following list describes the properties that are returned in the results.
Name: Name of the database.
Server: Server hosting the database.
Recovery: Specifies whether the new database is designated as a recovery database.
ReplicationType: Replication type of the database.
Examples
-------------------------- Example 1 --------------------------
Get-MailboxDatabase
-------------------------- Example 2 --------------------------
Get-MailboxDatabase -Identity MailboxDatabase01 -Status | Format-List
This example returns detailed information about the mailbox database named MailboxDatabase01.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-DumpsterStatistics
The DumpsterStatistics switch specifies that transport dumpster statistics be returned with the database status. You
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox database that you want to view. You can use any value that uniquely
Name
GUID
If you have multiple databases with the same name, the command retrieves all databases with the same name in
the specified scope.
Required: False
Position: 1
Default value: None
-IncludeCorrupted
Required: False
Position: Named
Default value: None
-IncludePreExchange2010
The IncludePreExchange2010 switch specifies whether to return information about Exchange 2007 ore earlier
mailbox databases. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-IncludePreExchange2013
The IncludePreExchange2013 switch specifies whether to return information about Exchange 2010 or earlier
mailbox databases. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-Server
The Server parameter filters the results by the specified Mailbox server. You can use any value that uniquely
Name
FQDN
Exchange Legacy DN
Required: True
Position: Named
Default value: None
-Status
The Status switch specifies whether to retrieve the available free space in the database root and information about
the following attributes:
BackupInProgress
Mounted
OnlineMaintenanceInProgress
If you specify this switch, you should format the output in such a way that you can view the additional attributes, for
example, pipe the output to the Format-List cmdlet.
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-MailboxRepairRequest
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-MailboxRepairRequest cmdlet to display
information about current mailbox repair requests. Mailbox repair requests are created using the New -
MailboxRepairRequest cmdlet to detect and fix mailbox corruptions. For information about the parameter sets in
Syntax
Get-MailboxRepairRequest [-Database] <DatabaseIdParameter> [[-StoreMailbox] <StoreMailboxIdParameter>]
Get-MailboxRepairRequest [-Identity] <StoreIntegrityCheckJobIdParameter> [-Detailed]

Get-MailboxRepairRequest [-Mailbox] <MailboxIdParameter> [-Archive]

Description
The Get-MailboxRepairRequest cmdlet displays information about mailbox repair requests. This information
includes:
The mailbox GUID.
The type of corruption that was specified when the mailbox repair request was created.
The progress of the repair request in percentage of completion.
The number of corruptions detected and fixed.
The status of the repair request; values are Queued, Running, Succeeded and Failed.
The date and time when the mailbox repair request was created and when it finished.
Examples
-------------------------- Example 1 --------------------------
Get-MailboxDatabase | Get-MailboxRepairRequest | Format-Table Identity; Get-MailboxRepairRequest -Identity
5b8ca3fa-8227-427f-af04-9b4f206d611f\335c2b06-321d-4e73-b2f7-3dc2b02d0df5\374289de-b899-42dc-8391-4f8579935f1f
| Format-List
This example displays the value of the Identity property for all mailbox repair requests for all mailbox servers in
your organization; the second command displays information about a specific mailbox repair request that was
returned by the first command.
-------------------------- Example 2 --------------------------
Get-MailboxRepairRequest -Mailbox "Ann Beebe" | Format-List
This example displays repair request information for the mailbox of Ann Beebe using the Mailbox parameter.
-------------------------- Example 3 --------------------------
$MailboxGuid = Get-MailboxStatistics annb; Get-MailboxRepairRequest -Database $MailboxGuid.Database -

StoreMailbox $MailboxGuid.MailboxGuid | Format-List Identity
This example uses the Database and StoreMailbox parameters to display the Identity property of the repair request
for the mailbox of Ann Beebe.
Parameters
-Archive
If the associated archive mailbox was included when the mailbox repair request was created, use the Archive
parameter to display information about the archive mailbox. If you don't specify this parameter, only information
about the primary mailbox is returned.
Required: False
Position: Named
Default value: None
-Database
The Database parameter returns mailbox repair requests for all mailboxes on the specified database. You can use
Name
GUID
You can't use this parameter with the Mailbox parameter.
Required: True
Position: 1
Default value: None
-Detailed
Use the Detailed parameter to display mailbox-level repair tasks associated with the repair request.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox repair request to display information about. Mailbox repair requests
are identified by a complex GUID that is created when a new mailbox repair request is created. This GUID consists
of a database ID, a Request ID and a job ID. The format is <DatabaseGuid>\<RequestGuid>\<JobGuid>.
Type: StoreIntegrityCheckJobIdParameter
Required: True
Position: 1
Default value: None
-Mailbox
The Mailbox parameter specifies the mailbox that you want to get mailbox repair request information about. You
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-StoreMailbox
The StoreMailbox parameter specifies the mailbox GUID of the mailbox that you want to get mailbox repair request
information about. Use this parameter with the Database parameter.
Use the Get-MailboxStatistics cmdlet to find the mailbox GUID for a mailbox.
Required: False
Position: 2
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-MailboxServer
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-MailboxServer cmdlet to view information
about Mailbox servers in your organization. For information about the parameter sets in the Syntax section below,
Syntax
Get-MailboxServer [[-Identity] <MailboxServerIdParameter>] [-DomainController <Fqdn>] [-Status]
Description
The ExchangeVersion attribute returned is the minimum version of Microsoft Exchange that you can use to manage
the returned object. This attribute isn't the same as the version of Microsoft Exchange that's displayed in the
Exchange admin center when you select Server Configuration.
Examples
-------------------------- Example 1 --------------------------
Get-MailboxServer
This example returns a summary list of all the Mailbox servers in the organization.
-------------------------- Example 2 --------------------------
Get-MailboxServer -Identity Server1 | Format-List
This example returns detailed information about the Mailbox server named Server1.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Mailbox server that you want to view. You can use any value that uniquely
identifies the Mailbox server. For example:
Name
GUID
Required: False
Position: 1
Default value: None
-Status
The Status switch specifies whether to include additional property values in the results, for example, the Locale
value. You don't need to specify a value with this switch.
To see the additional values, you need to pipe the output to a formatting cmdlet, for example, the Format-List
cmdlet.
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
may be exclusive to one environment or the other. Use the Get-SearchDocumentFormat cmdlet to retrieve details
of file formats supported by Exchange Search. For information about the parameter sets in the Syntax section
Syntax
Get-SearchDocumentFormat [[-Identity] <SearchDocumentFormatId>] [-Server <ServerIdParameter>]
Description
Exchange Search includes built-in support for indexing many file formats. Output from the Get-
SearchDocumentFormat cmdlet includes details about each supported file format, including whether content
indexing is enabled for the file format, the format handler and the file extension (such as .docx).
Examples
-------------------------- Example 1 --------------------------
This example retrieves a list of all file formats supported by Exchange Search.
-------------------------- Example 2 --------------------------
Get-SearchDocumentFormat docx | Format-List *
This example retrieves all properties of the docx file format.
Parameters
-Identity
The Identity parameter specifies the identity of a file format.
Type: SearchDocumentFormatId
Required: False
Position: 1
Default value: None
-Server
Name
FQDN
Exchange Legacy DN
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-StoreUsageStatistics
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-StoreUsageStatistics cmdlet to aid in
diagnosing performance issues with your servers or databases. For information about the parameter sets in the
Syntax
Get-StoreUsageStatistics -Database <DatabaseIdParameter> [-CopyOnServer <ServerIdParameter>]
[-Filter <String>] [<CommonParameters>]
Get-StoreUsageStatistics [-Identity] <GeneralMailboxIdParameter> [-CopyOnServer <ServerIdParameter>]

Get-StoreUsageStatistics -Server <ServerIdParameter> [-IncludePassive]

Description
The Microsoft Exchange Information Store collects per-user information on latency, input/output (I/O ), page
counts, processor usage, and TimeInServer. The TimeInServer metric represents the total time that synchronous
and asynchronous requests spend in the Microsoft Exchange Information Store for a user's mailbox. You can
retrieve this resource information in the Microsoft Exchange Information Store for the 25 highest usage accounts
on a specified database. Usage of a mailbox is defined as the amount of server time spent in performing operations
for that mailbox. The cmdlet reports the top 25 users for every one-minute period for the last 10 minutes (250
objects per ten-minute interval). The resource usage is an indicator of the load that different users are placing on
the server.
Examples
-------------------------- Example 1 --------------------------
Get-StoreUsageStatistics -Server EX1 | ft -auto
This example retrieves store usage statistics for all active databases on server EX1.
-------------------------- Example 2 --------------------------
Get-StoreUsageStatistics -Server EX1 -IncludePassive | ft -auto
This example retrieves store usage statistics for all active and passive databases on server EX1.
-------------------------- Example 3 --------------------------
Get-StoreUsageStatistics -Database DB1 | Sort-Object LogRecordBytes -desc | Select-Object -First 10 | ft

DigestCategory, *guid, LogRecordBytes, *time* -auto
This example retrieves store usage statistics for database DB1 and sorts the output by the 10 highest log file
generators.
Parameters
-CopyOnServer
The CopyOnServer parameter specifies the mailbox database copy to get usage statistics from. You can use any
value that uniquely identifies the mailbox database. For example:
Name
GUID
You use this parameter with the Server or Identity parameters.
Required: False
Position: Named
Default value: None
-Database
The Database parameter specifies the name of the mailbox database to get usage statistics from (the top 25 largest
mailboxes on the specified mailbox database). You can use any value that uniquely identifies the mailbox database.
For example:
Name
GUID
Required: True
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Filter
Type: String
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox to get usage statistics from. You can use one of the following values to
identify the mailbox:
GUID
Domain\Account
Legacy Exchange DN
SMTP address
Alias
The command returns results for the mailbox only if it's one of the top 25 users of store resources.
You can't use this parameter with the Database or Server parameters.
Required: True
Position: 1
Default value: None
-IncludePassive
The IncludePassive switch specifies whether to include usage statistics from active and passive copies of mailbox
databases on the Mailbox server you specified with the Server parameter. You don't need to specify a value with
this switch.
To only include statistics from active copies of mailbox databases on the specified Mailbox server, don't use this
switch.
Required: False
Position: Named
Default value: None
-Server
The Server parameter specifies the Mailbox server to get usage statistics from (the top 25 mailboxes on all active
databases on the specified server). You can use one of the following values to identify the server:
NetBIOS name
You can't use this parameter with the Database or Identity parameters.
Required: True
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Mount-Database
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Mount-Database cmdlet to mount mailbox
databases on Exchange servers. The cmdlet mounts the database only if the Microsoft Exchange Information Store
service and the Microsoft Exchange Replication service are running. For information about the parameter sets in
Syntax
Mount-Database [-Identity] <DatabaseIdParameter> [-AcceptDataLoss] [-Confirm] [-DomainController <Fqdn>]
[-Force] [-WhatIf] [-NewCapacity] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Mount-Database -Identity ExchangeServer1.Contoso.com\MyDatabase
This example mounts the database MyDatabase.
Parameters
-AcceptDataLoss
The AcceptDataLoss switch specifies that you accept the data loss caused by missing committed transaction log
files without asking for confirmation. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Force
Use this parameter to mount an empty database, or to override any errors or warnings that are encountered during
the database mount.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies mailbox database that you want to mount. You can use any value that uniquely
Name
GUID
Required: True
Position: 1
Default value: None
-NewCapacity
The NewCapacity switch specifies that you want to trigger the forced creation of a database only if all copies of the
database don't have an .edb file. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Move-DatabasePath
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Move-DatabasePath cmdlet to set a new path to the
location of a database on the specified Mailbox server and to move the related files to that location. For information
Syntax
Move-DatabasePath [-Identity] <DatabaseIdParameter> [-ConfigurationOnly] [-Confirm] [-DomainController <Fqdn>]
[-EDBFilePath <EdbFilePath>] [-Force] [-LogFolderPath <NonRootLocalLongFullPath>] [-WhatIf]
Description
When you use the Move-DatabasePath cmdlet, consider the following:
This cmdlet fails if it's run while the database is being backed up.
If the specified database is mounted when this cmdlet is run, the database is automatically dismounted and then
remounted, and is unavailable to users while it's dismounted.
This cmdlet normally can be run on the affected Mailbox server only. An exception is that this cmdlet can be run
on an administrator's workstation when using the ConfigurationOnly parameter with a value of $true.
This cmdlet can't be run against replicated mailbox databases. To move the path of a replicated database, you
must first remove all replicated copies, and then you can perform the move operation. After the move operation
is complete, you can add copies of the mailbox database.
Examples
-------------------------- Example 1 --------------------------
Move-DatabasePath -Identity MyDatabase01 -EdbFilePath C:\NewFolder\MyDatabase01.edb
This example sets a new path for the mailbox database specified by the mailbox database name. To perform the
move operation, the database must be temporarily dismounted, making it inaccessible to all users. If the database is
currently dismounted, it isn't remounted upon completion.
Parameters
-ConfigurationOnly
The ConfigurationOnly switch specifies whether the configuration of the database changes without moving any
files. A value of $true changes the configuration. A value of $false changes the configuration and moves the files.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-EDBFilePath
The EdbFilePath parameter specifies a new file path for the database. All current database files are moved to this
location. The default location is <ExchangeInstallDirectory>\Mailbox\LocalCopies\MBDatabase.edb. This file path
can't be the same as the path for the backup copy of the database.
Type: EdbFilePath
Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the database that you want to move. You can use any value that uniquely identifies
the database. For example:
Name
GUID
Required: True
Position: 1
Default value: None
-LogFolderPath
The LogFolderPath parameter specifies the folder where log files are stored.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-MailboxDatabase
In ths Article
This cmdlet is available only in on-premises Exchange. Use the New -MailboxDatabase cmdlet to create a mailbox
database, or a recovery database. Each database you create must have a unique name in the organization. For
Syntax
New-MailboxDatabase [-Name] <String> -Server <ServerIdParameter>
[-AutoDagExcludeFromMonitoring <$true | $false>]
[-IsExcludedFromProvisioning <$true | $false>]
[-IsExcludedFromInitialProvisioning]
[-IsSuspendedFromProvisioning <$true | $false>]
[-OfflineAddressBook <OfflineAddressBookIdParameter>]
[-Confirm]
[-EdbFilePath <EdbFilePath>]
[-LogFolderPath <NonRootLocalLongFullPath>]
[-SkipDatabaseLogFolderCreation]
New-MailboxDatabase [[-Name] <String>] -Server <ServerIdParameter> [-Recovery]

[-Confirm]
[-EdbFilePath <EdbFilePath>]
[-LogFolderPath <NonRootLocalLongFullPath>]
[-SkipDatabaseLogFolderCreation]
Description
Examples
-------------------------- Example 1 --------------------------
New-MailboxDatabase -Name "DB1" -EdbFilePath D:\ExchangeDatabases\DB1\DB1.edb
This example creates the mailbox database DB1. This example also uses a non-default location for the database file.
Parameters
-AutoDagExcludeFromMonitoring
The AutoDagExcludeFromMonitoring parameter specifies that the database being created should not be monitored
by managed availability.

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-EdbFilePath
The EdbFilePath parameter specifies the path to the database files. The default value is
%programfiles%\Microsoft\Exchange Server\V15\Mailbox\<Database name>.edb.
Type: EdbFilePath
Required: False
Position: Named
Default value: None
-IsExcludedFromInitialProvisioning
The IsExcludedFromInitialProvisioning parameter specifies that this database is temporarily not considered by the
mailbox provisioning load balancer. If the IsExcludedFromInitialProvisioning parameter is enabled, new mailboxes
aren't added automatically to this database.
Required: False
Position: Named
Default value: None
-IsExcludedFromProvisioning
The IsExcludedFromProvisioning parameter specifies whether this database is considered by the mailbox
provisioning load balancer. If the IsExcludedFromProvisioning parameter is set to $true, no new mailboxes are
automatically added to this database.

Required: False
Position: Named
Default value: None
-IsSuspendedFromProvisioning
The IsSuspendedFromProvisioning parameter specifies whether this database is temporarily considered by the
mailbox provisioning load balancer.

Required: False
Position: Named
Default value: None
-LogFolderPath
The LogFolderPath parameter specifies the folder location for log files.
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the name of the new mailbox database. The maximum length is 64 characters. If the
Type: String
Required: True
Position: 1
Default value: None
-OfflineAddressBook
The OfflineAddressBook parameter specifies the associated offline address book (OAB ) for the new mailbox
database.
Required: False
Position: Named
Default value: None
The PublicFolderDatabase parameter specifies the associated public folder database for the new mailbox database.
You can use any value that uniquely identifies the public folder database. For example:
Name
GUID
Required: False
Position: Named
Default value: None
-Recovery
The Recovery switch specifies that the new database is designated as a recovery database. You don't need to specify
a value with this switch.
Required: True
Position: Named
Default value: None
-Server
Name
FQDN
Exchange Legacy DN
Required: True
Position: Named
Default value: None
-SkipDatabaseLogFolderCreation
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-MailboxRepairRequest
In ths Article
This cmdlet is available only in on-premises Exchange. Use the New -MailboxRepairRequest cmdlet to detect and fix
mailbox corruptions. You can run this command against a specific mailbox or against a database. While this task is
running, mailbox access is disrupted only for the mailbox being repaired. If you're running this command against a
database, only the mailbox being repaired is disrupted. All other mailboxes on the database remain operational.
After you begin the repair request, it can't be stopped unless you dismount the database. For information about the
Syntax
New-MailboxRepairRequest [-Database] <DatabaseIdParameter> -CorruptionType <MailboxStoreCorruptionType[]>
[-Confirm]
[-DetectOnly]
[-Force] [<CommonParameters>]
[-WhatIf] [[-StoreMailbox] <StoreMailboxIdParameter>]
New-MailboxRepairRequest [-Mailbox] <MailboxIdParameter> -CorruptionType <MailboxStoreCorruptionType[]> [-

Archive]
[-Confirm]
[-DetectOnly]
[-Force]
Description
To avoid any performance problems, there are limits placed on the number of simultaneous repair requests that can
be submitted per server. Only one request can be active for a database-level repair, or up to 100 requests can be
active for a mailbox-level repair per server.
The New -MailboxRepairRequest cmdlet detects and fixes the following types of mailbox corruptions:
Search folder corruptions (SearchFolder)
Aggregate counts on folders that aren't reflecting correct values (AggregateCounts)
Views on folders that aren't returning correct contents (FolderView )
Provisioned folders that are incorrectly pointing into parent folders that aren't provisioned (ProvisionedFolder)
Examples
-------------------------- Example 1 --------------------------
New-MailboxRepairRequest -Mailbox tony@contoso.com -CorruptionType FolderView
This example detects and repairs all folder views for the mailbox tony@contoso.com.
-------------------------- Example 2 --------------------------
New-MailboxRepairRequest -Mailbox ayla -CorruptionType ProvisionedFolder,SearchFolder -DetectOnly
This example only detects and reports on ProvisionedFolder and SearchFolder corruption issues to Ayla Kol's
mailbox. This command doesn't repair the mailbox.
-------------------------- Example 3 --------------------------
New-MailboxRepairRequest -Database MBX-DB01 -CorruptionType AggregateCounts
This example detects and repairs AggregateCounts for all mailboxes on mailbox database MBX-DB01.
-------------------------- Example 4 --------------------------
New-MailboxRepairRequest -Mailbox ayla -CorruptionType

ProvisionedFolder,SearchFolder,AggregateCounts,Folderview -Archive
This example detects and repairs all corruption types for Ayla Kol's mailbox and archive.
-------------------------- Example 5 --------------------------
$Mailbox = Get-MailboxStatistics annb; New-MailboxRepairRequest -Database $Mailbox.Database -StoreMailbox

$Mailbox.MailboxGuid -CorruptionType ProvisionedFolder,SearchFolder,AggregateCounts,Folderview
This example creates a variable that identifies Ann Beebe's mailbox and then uses the variable to specify the values
for the Database and StoreMailbox parameters to create a request to detect and repair all corruption types.
Parameters
-Archive
The Archive parameter specifies whether to detect corruptions or repair the archive mailbox associated with the
specified mailbox. If you don't specify this parameter, only the primary mailbox is repaired.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-CorruptionType
The CorruptionType parameter specifies the type of corruption that you want to detect and repair. You can use the
following values:
SearchFolder
AggregateCounts
ProvisionedFolder
FolderView
You can search for multiple corruption types at a time. Separate multiple types with a comma, for example,
SearchFolder,AggregateCounts.
Type: MailboxStoreCorruptionType[]
Required: True
Position: Named
Default value: None
-Database
The Database parameter starts new mailbox repair requests for all mailboxes on the specified database. You can
Name
GUID
You can't use this parameter with the Mailbox parameter.
To avoid performance issues, you're limited to one active database repair request at a time.
Required: True
Position: 1
Default value: None
-DetectOnly
The DetectOnly parameter specifies that you want this command to report errors, but not fix them. You don't have
to specify a value with this parameter.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Force
The Force switch specifies that the cmdlet should run immediately and not wait to be dispatched by workload
management.
Required: False
Position: Named
Default value: None
-Mailbox
The Mailbox parameter starts a new mailbox repair request on the specified mailbox. You can use any value that
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-StoreMailbox
The StoreMailbox parameter specifies the mailbox GUID of the mailbox you want to repair. Use this parameter with
the Database parameter.
Run the Get-MailboxStatistics cmdlet to find the mailbox GUID for a mailbox.
Required: False
Position: 2
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-SearchDocumentFormat
In ths Article
This cmdlet is available only in on-premises Exchange. Use the New -SearchDocumentFormat cmdlet to add a
format-specific filter to those used by Exchange search. For information about the parameter sets in the Syntax
Syntax
New-SearchDocumentFormat [-Identity] <SearchDocumentFormatId> -Extension <String> -MimeType <String>
-Name <String> [-Confirm] [-Enabled <$true | $false>] [-Server <ServerIdParameter>] [-WhatIf]
Description
After running the New -SearchDocumentFormat cmdlet, your must run the following cmdlet to restart the search
service. There will be a brief search outage.
Examples
-------------------------- Example 1 --------------------------
New-SearchDocumentFormat -Name "Proprietary SCT Formats" -MimeType text/scriptlet -Extension .sct -Identity
ProprietarySCT1
This example creates a new search document format with an extension of .sct and a MIME type of text/scriptlet.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter specifies whether the new format is enabled at creation.
Valid input for this parameter is $true or $false. The default is $true.

Required: False
Position: Named
Default value: None
-Extension
The Extension parameter specifies the file type to be processed by the filter and is designated by the common file
extension associated with the file type. Examples include .MP3, .JPG and .PNG. Note the leading period.
Type: String
Required: True
Position: Named
Default value: None
-Identity
The Identity parameter uniquely identifies the new search document format. For example, an identity of "PropSCT"
might specify a proprietary document format which is supported by a custom IFilter. The Identity parameter must
be unique within the search document formats.
Required: True
Position: 1
Default value: None
-MimeType
The MimeType parameter specifies the MIME type of the format.
Type: String
Required: True
Position: Named
Default value: None
-Name
The Name specifies a friendly name for the format, but does not need to be unique. For example, you might have
several different formats (supported by custom IFilters) that are used to index output from a proprietary system
called "My Business Output". You could use the Name parameter to create a category of formats called "My
Business Output Formats" and uniquely identify each format within that group using the Identity parameter.
Type: String
Required: True
Position: Named
Default value: None
-Server
Name
FQDN
Exchange Legacy DN
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-MailboxDatabase
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Remove-MailboxDatabase cmdlet to delete a
mailbox database object. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Remove-MailboxDatabase [-Identity] <DatabaseIdParameter> [-Confirm] [-DomainController <Fqdn>] [-WhatIf]
Description
If the mailbox database has a database copy, the Remove-MailboxDatabase cmdlet also removes the copy.
The Remove-MailboxDatabase cmdlet removes only the database object from Active Directory. It doesn't remove
the physical database files. You must remove the database files manually after you run the Remove-
MailboxDatabase cmdlet.
Examples
-------------------------- Example 1 --------------------------
Remove-MailboxDatabase -Identity MailboxDatabase01
This example removes the mailbox database MailboxDatabase01.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox database that you want to remove. You can use any value that
Name
GUID
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-MailboxRepairRequest
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Remove-MailboxRepairRequest cmdlet to remove
mailbox repair requests from a mailbox database that were created using the New -MailboxRepairRequest cmdlet.
Syntax
Remove-MailboxRepairRequest [-Identity] <StoreIntegrityCheckJobIdParameter> [-Confirm]
Description
You can run the Remove-MailboxRepairRequest cmdlet to remove all mailbox repair requests for a specific
database, for a group of related mailbox repair requests, or for a specific mailbox repair request. Mailbox repair
requests are identified by a complex GUID with the following format: <DatabaseGuid>\<RequestGuid>\
<JobGuid>. The DatabaseGuid identifies the mailbox database where the mailbox being repaired is located. The
RequestGuid identifies related requests that may contain more than one job if the request runs more than one task
or targets more than one mailbox. The JobGuid identifies a unique job. See the examples to remove all requests on
a mailbox database, remove a group of related requests that share the same RequestGuid, or remove a specific
request by specifying the complete <DatabaseGuid>\<RequestGuid>\<JobGuid> value.
Examples
-------------------------- Example 1 --------------------------
Get-MailboxDatabase -Identity "EXCH-MBX-01" | Get-MailboxRepairRequest | Remove-MailboxRepairRequest
This example removes all mailbox repair requests for the mailbox database EXCH-MBX-01.
-------------------------- Example 2 --------------------------
Get-MailboxDatabase -Identity "EXCH-MBX-02" | Get-MailboxRepairRequest | Format-List Identity; Remove-

MailboxRepairRequest -Identity 5b8ca3fa-8227-427f-af04-9b4f206d611f\335c2b06-321d-4e73-b2f7-3dc2b02d0df5
This example removes all related mailbox repair requests that have the same <DatabaseGuid>\<RequestGuid>.
The example uses the Get-MailboxRepairRequest cmdlet to display the value of the Identity parameter for all
mailbox repair request for EXCH-MBX-02 mailbox database.
-------------------------- Example 3 --------------------------
Get-MailboxDatabase -Identity "EXCH-MBX-02" | Get-MailboxRepairRequest | Format-List Identity; Remove-

MailboxRepairRequest -Identity 5b8ca3fa-8227-427f-af04-9b4f206d611f\189c7852-49bd-4737-a53e-
6e6caa5a183c\1d8ca58a-186f-4dc6-b481-f835b548a929
This example deletes a specific mailbox repair request by specifying the unique <DatabaseGuid>\<RequestGuid>\
<JobGuid> identity value. The example also uses the Get-MailboxRepairRequest cmdlet to display the identities of
all mailbox repair request for the EXCH-MBX-02 mailbox database.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox repair request to remove. Mailbox repair requests are identified by a
complex GUID that is created when a new mailbox repair request is created. This GUID consists of a database ID, a
Request ID and a job ID. The format is <DatabaseGuid>\<RequestGuid>\<JobGuid>. Use the Get-
MailboxRepairRequest cmdlet to find the identity of a mailbox repair request.
Type: StoreIntegrityCheckJobIdParameter
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-SearchDocumentFormat
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Remove-SearchDocumentFormat cmdlet to remove
a format-specific filter from those used by Exchange search. Only filters added with New -SearchDocumentFormat
can be removed. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Remove-SearchDocumentFormat [-Identity] <SearchDocumentFormatId> [-Confirm] [-Server <ServerIdParameter>]
Description
After running the Remove-SearchDocumentFormat cmdlet, your must run the following cmdlet to restart the
search service. There will be a brief search outage.
Examples
-------------------------- Example 1 --------------------------
Remove-SearchDocumentFormat -Identity sct
This example removes the search document format with an identity equal to "sct".
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter uniquely identifies the format to be removed. You can use the Get-SearchDocumentFormat
cmdlet to view the identities of the installed formats.
Required: True
Position: 1
Default value: None
-Server
Name
FQDN
Exchange Legacy DN
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-StoreMailbox
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Remove-StoreMailbox cmdlet to purge the mailbox
and all of its message content from the mailbox database. This results in permanent data loss for the mailbox being
purged. You can only run this cmdlet against disconnected or soft-deleted mailboxes. Running this command
against an active mailbox fails, and you receive an error. For information about the parameter sets in the Syntax
Syntax
Remove-StoreMailbox -Database <DatabaseIdParameter> -Identity <StoreMailboxIdParameter> -MailboxState <Disabled
| SoftDeleted>
[-Confirm]
Description
When mailboxes are moved between databases, Exchange doesn't fully delete the mailbox from the source
database immediately upon completion of the move. Instead, the mailbox in the source mailbox database is
switched to a soft-deleted state, which allows mailbox data to be accessed during a mailbox restore operation by
using the new MailboxRestoreRequest cmdlet set. The soft-deleted mailboxes are retained in the source database
until the deleted mailbox retention period expires.
To view soft-deleted mailboxes, run the Get-MailboxStatistics cmdlet against a database using the property
DisconnectReason with a value of SoftDeleted.
A mailbox is marked as Disabled immediately after the Disable-Mailbox or Remove-Mailbox command completes.
Exchange retains disabled mailboxes in the mailbox database based on the deleted mailbox retention settings
configured for that mailbox database. After the specified period of time, the mailbox is permanently deleted.
To view disabled mailboxes, run the Get-MailboxStatistics cmdlet against a database using the property
DisconnectReason with a value of Disabled.
Examples
-------------------------- Example 1 --------------------------
Remove-StoreMailbox -Database MBD01 -Identity Ayla -MailboxState SoftDeleted
This example purges the soft-deleted mailbox for Ayla Kol from mailbox database MBD01.
-------------------------- Example 2 --------------------------
Remove-StoreMailbox -Database MBD01 -Identity "2ab32ce3-fae1-4402-9489-c67e3ae173d3" -MailboxState Disabled
This example permanently purges the disconnected mailbox with the GUID 2ab32ce3-fae1-4402-9489-
c67e3ae173d3 from mailbox database MBD01.
-------------------------- Example 3 --------------------------
Get-MailboxStatistics -Database MBD01 | where {$_.DisconnectReason -match "SoftDeleted"} | foreach {Remove-

StoreMailbox -Database $_.Database -Identity $_.MailboxGuid -MailboxState SoftDeleted}
This example permanently purges all soft-deleted mailboxes from mailbox database MBD01.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Database
The Database parameter specifies the mailbox database that contains the mailbox to remove. You can use any value
that uniquely identifies the database. For example:
Name
GUID
Required: True
Position: Named
Default value: None
-Identity
The Identity parameter specifies the identity of the mailbox that you want to remove. Use the mailbox GUID as the
value for this parameter.
Run the following command to obtain the mailbox GUID and other information for all mailboxes in your
organization: Get-MailboxDatabase | Get-MailboxStatistics | Format-List
DisplayName,MailboxGuid,Database,DisconnectReason,DisconnectDate.
Required: True
Position: Named
Default value: None
-MailboxState
The MailboxState parameter specifies the mailbox state on the source mailbox database. This parameter accepts the
following values:
Disabled
SoftDeleted
Type: Disabled | SoftDeleted

Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-MailboxDatabase
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-MailboxDatabase cmdlet to configure a variety
of properties for a mailbox database. For information about the parameter sets in the Syntax section below, see
Syntax
Set-MailboxDatabase [-Identity] <DatabaseIdParameter>
[-AllowFileRestore <$true | $false>]
[-AutoDagExcludeFromMonitoring <$true | $false>]
[-AutoDatabaseMountDial <Lossless | GoodAvailability | BestAvailability>]
[-BackgroundDatabaseMaintenance <$true | $false>]
[-CalendarLoggingQuota <Unlimited>]
[-CircularLoggingEnabled <$true | $false>]
[-Confirm]
[-DatabaseGroup <String>]
[-DataMoveReplicationConstraint <DataMoveReplicationConstraintParameter>]
[-DeletedItemRetention <EnhancedTimeSpan>]
[-EventHistoryRetentionPeriod <EnhancedTimeSpan>]
[-IndexEnabled <$true | $false>]
[-IsExcludedFromInitialProvisioning <$true | $false>]
[-IsExcludedFromProvisioningByOperator <$true | $false>]
[-IsExcludedFromProvisioningDueToLogicalCorruption <$true | $false>]
[-IsExcludedFromProvisioningReason <String>]
[-IssueWarningQuota <Unlimited>]
[-IsSuspendedFromProvisioning <$true | $false>]
[-JournalRecipient <RecipientIdParameter>]
[-MailboxRetention <EnhancedTimeSpan>]
[-MaintenanceSchedule <Schedule>]
[-MetaCacheDatabaseMaxCapacityInBytes <Int64>]
[-MountAtStartup <$true | $false>]
[-Name <String>]
[-ProhibitSendQuota <Unlimited>]
[-ProhibitSendReceiveQuota <Unlimited>]
[-QuotaNotificationSchedule <Schedule>]
[-RetainDeletedItemsUntilBackup <$true | $false>]
[-RpcClientAccessServer <ClientAccessServerOrArrayIdParameter>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-MailboxDatabase "Mailbox Database01" -DeletedItemRetention 7.00:00:00
This example sets the length of time that deleted items are retained. If a specific mailbox has its own item retention
set, that value is used instead of this value, which is set on the mailbox database.
-------------------------- Example 2 --------------------------
Set-MailboxDatabase -RpcClientAccessServer
In Exchange Server 2010, this example updates a mailbox database so that all client connections for mailboxes on
the database come through the Client Access server or Client Access server array. You can also use this command
to change the Client Access server or Client Access server array through which the client is connecting to the
Mailbox server.
For more information about RPC access through Client Access servers, see Set-RpcClientAccess and Set-
ClientAccessArray.
Parameters
-AllowFileRestore
The AllowFileRestore parameter specifies whether to allow a database to be restored from a backup. Valid values
are:
$true: You can replace an existing database with a newly-created database. You can mount a database that
doesn't match the database entry in Active Directory.
$false: You can't replace an existing database with a newly-created database. You can't mount a database that
doesn't match the database entry in Active Directory. This is the default value.

Required: False
Position: Named
Default value: None
-AutoDagExcludeFromMonitoring
The AutoDagExcludedFromMonitoring parameter specifies whether to exclude the mailbox database from the
ServerOneCopyMonitor, which alerts an administrator when a replicated database has only one healthy copy
available. Valid values are:
$true: No alert is issued when there's only one healthy copy of the replicated database.
$false: An alert is issued when there's only one healthy copy of the replicated database. This is the default value.
Required: False
Position: Named
Default value: None
-AutoDatabaseMountDial
Type: Lossless | GoodAvailability | BestAvailability

Required: False
Position: Named
Default value: None
-BackgroundDatabaseMaintenance
The BackgroundDatabaseMaintenance parameter specifies whether the Extensible Storage Engine (ESE ) performs
database maintenance. Valid values are:
$true: The mailbox database reads the object during database mount and initializes the database to perform
background maintenance. This is the default value.
$false: The mailbox database reads the object during database mount and initializes the database without the
option to perform background maintenance.

Required: False
Position: Named
Default value: None
-CalendarLoggingQuota
The CalendarLoggingQuota parameter specifies the maximum size of the log in the Recoverable Items folder of the
mailbox that stores changes to calendar items. When the log exceeds this size, calendar logging is disabled until
messaging records management (MRM ) removes older calendar logs to free up more space.
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
The value of this parameter must be less than or equal to the value of the RecoverableItemsQuota parameter.
This setting applies to all mailboxes in the database that don't have their own calendar logging quota configured.
Type: Unlimited
Required: False
Position: Named
Default value: None
-CircularLoggingEnabled
The CircularLoggingEnabled parameter specifies whether circular logging is enabled for the database. Valid values
are:
$true: Circular logging is enabled.
$false: Circular logging is disabled. This is the default value.
For more information about circular logging, see Exchange Native Data Protection
(https://technet.microsoft.com/library/dd876874.aspx#ENDP ).

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DatabaseGroup
Type: String
Required: False
Position: Named
Default value: None
-DataMoveReplicationConstraint
The DataMoveReplicationConstraint parameter specifies the throttling behavior for high availability mailbox
moves. Valid values are:
None: Moves shouldn't be throttled to ensure high availability. Use this setting if the database isn't part of a
database availability group (DAG ).
AllCopies (Exchange 2013 or earlier): If the database is replicated, all passive mailbox database copies must
have the most recent changes synchronized.
AllDatacenters (Exchange 2013 or earlier): If the database is replicated to multiple Active Directory sites, at least
one passive mailbox database copy in each site must have the most recent changes replicated.
CINoReplication (Exchange 2013 or later): Moves shouldn't be throttled to ensure high availability, but the
content indexing service must be up to date.
CISecondCopy (Exchange 2013 or later): At least one passive mailbox database copy must have the most recent
changes synchronized, and the content indexing service must be up to date. Use this setting to indicate that the
database is replicated to one or more mailbox database copies.
CISecondDatacenter (Exchange 2013 or later): At least one passive mailbox database copy in another Active
Directory site must have the most recent changes replicated, and the content indexing service must be up to
date. Use this setting to indicate that the database is replicated to database copies in multiple Active Directory
sites.
SecondCopy: At least one passive mailbox database copy must have the most recent changes synchronized.
This is the default value. Use this setting to indicate that the database is replicated to one or more mailbox
database copies.
SecondDatacenter: At least one passive mailbox database copy in another Active Directory site must have the
most recent changes replicated. Use this setting to indicate that the database is replicated to database copies in
multiple Active Directory sites.
Any value other than None enables the Microsoft Exchange Mailbox Replication service to coordinate with Active
Manager. For more information, see Active Manager (https://technet.microsoft.com/library/dd776123.aspx).
Type: DataMoveReplicationConstraintParameter
Required: False
Position: Named
Default value: None
-DeletedItemRetention
The DeletedItemRetention parameter specifies the length of time to keep deleted items in the Recoverable
Items\Deletions folder in mailboxes. Items are moved to this folder when the user deletes items from the Deleted
Items folder, empties the Deleted Items folder, or deletes items by using Shift+Delete.
seconds.
Valid values are 00:00:00 to 24855.03:14:07. The default value is 14.00:00:00 (14 days).
This setting applies to all mailboxes in the database that don't have their own deleted item retention value
configured.
For more information, see Recoverable Items folder in Exchange 2016
(https://technet.microsoft.com/library/ee364755.aspx).
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-EventHistoryRetentionPeriod
The EventHistoryRetentionPeriod parameter specifies the length of time to keep event data. This event data is
stored in the event history table in the Exchange store. It includes information about changes to various objects in
the mailbox database. You can use this parameter to prevent the event history table from becoming too large and
using too much disk space.
seconds.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox database that you want to modify. You can use any value that uniquely
Name
GUID
Required: True
Position: 1
Default value: None
-IndexEnabled
This parameter isn't available in Exchange Server 2019.
The IndexEnabled parameter specifies whether Exchange Search indexes the mailbox database. Valid values are:
$true: Exchange Search indexes the mailbox database. This is the default value.
$false: Exchange Search doesn't index the mailbox database.

Required: False
Position: Named
Default value: None
-IsExcludedFromInitialProvisioning

Required: False
Position: Named
Default value: None
The IsExcludedFromProvisioning parameter specifies whether to exclude the database from the mailbox
provisioning load balancer that distributes new mailboxes randomly and evenly across the available databases.
Valid values are:
$true: The database is excluded from new or move mailbox operations when you don't specify the target
mailbox database.
$false: The database can be used in new or move mailbox operations when you don't specify the target mailbox
database. This is the default value.
The value is automatically set to $true when you set the IsExcludedFromProvisioningDueToLogicalCorruption
parameter to $true, and isn't changed back to $false when you set the
IsExcludedFromProvisioningDueToLogicalCorruption parameter back to $false. In the case of database corruption,
you should set the IsExcludedFromProvisioning parameter back to $false only after you fix the corruption issue or
recreate the database.
Required: False
Position: Named
Default value: None
-IsExcludedFromProvisioningByOperator
The IIsExcludedFromProvisioningByOperator parameter specifies whether to exclude the database from the
mailbox provisioning load balancer that distributes new mailboxes randomly and evenly across the available
databases.
Valid values are:
$true: Indicates that you manually excluded the database. The database is excluded from new or move mailbox
operations when you don't specify the target mailbox database.
Note that setting this parameter to the value $true has these additional effects on the database:
The IsExcludedFromProvisioningReason parameter requires a value if it doesn't already have one.
The unmodifiable IsExcludedFromProvisioningBy property is populated with your user account.

Required: False
Position: Named
Default value: None
-IsExcludedFromProvisioningDueToLogicalCorruption
The IsExcludedFromProvisioningDueToLogicalCorruption parameter specifies whether to exclude the database
from the mailbox provisioning load balancer that distributes new mailboxes randomly and evenly across the
available databases.
Valid values are:
$true: Indicates that you excluded the database due to database corruption. The database is excluded from new
or move mailbox operations when you don't specify the target mailbox database.
$false: This is the default value. The database can be used in new or move mailbox operations when you don't
specify the target mailbox database. You should manually configure this value only after the database
corruption is fixed, or after the database is recreated.
The IsExcludedFromProvisioning property is automatically set to $true.
Required: False
Position: Named
Default value: None
-IsExcludedFromProvisioningReason
The IsExcludedFromProvisioningReason parameter specifies the reason why you excluded the mailbox database
from the mailbox provisioning load balancer. If the value contains spaces, enclose the value in quotation marks (").
The value must contain at least 10 characters.
This parameter requires a value when you set any of the following parameters to $true:
IsExcludedFromProvisioning
IsExcludedFromProvisioningByOperator
IsSuspendedFromProvisioning
Type: String
Required: False
Position: Named
Default value: None
-IssueWarningQuota
The IssueWarningQuota parameter specifies the warning threshold for the size of the mailbox. If the mailbox
reaches or exceeds this size, the user receives a descriptive warning message.
A valid value is a number up to 1.999999999 terabytes (2199023254528 bytes) or the value unlimited. When you
enter a number, you can qualify it with one of the following units:
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
The IssueWarningQuota value must be less than or equal to the ProhibitSendReceiveQuota value.
This setting applies to all mailboxes in the database that don't have their own warning quota configured. The
default value is 1.899 gigabytes (2,039,480,320 bytes).
Type: Unlimited
Required: False
Position: Named
Default value: None
-IsSuspendedFromProvisioning
The IsSuspendedFromProvisioning parameter specifies whether to exclude the database from the mailbox
provisioning load balancer that distributes new mailboxes randomly and evenly across the available databases.
Valid values are:
$true: Indicates that you don't want the exclusion to be permanent. The database is excluded from new or move
mailbox operations when you don't specify the target mailbox database.

Required: False
Position: Named
Default value: None
-JournalRecipient
The JournalRecipient parameter specifies the journal recipient to use for per-database journaling for all mailboxes
on the database. You can use any value that uniquely identifies the recipient. For example:
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
-MailboxRetention
The MailboxRetention parameter specifies the length of time to keep deleted mailboxes before they are
permanently deleted or purged.
seconds.
Required: False
Position: Named
Default value: None
-MaintenanceSchedule
The MaintenanceSchedule parameter specifies when maintenance will be performed on the mailbox database.
Maintenance includes online defragmentation, removing items that have passed their retention period, removing
unused indexes and other cleanup tasks.
"Sun.11:30 PM -Mon.1:30 AM"
Type: Schedule
Required: False
Position: Named
Default value: None
-MetaCacheDatabaseMaxCapacityInBytes
The MetaCacheDatabaseMaxCapacityInBytes parameter specifies the size of the metacache database in bytes. To
convert gigabytes to bytes, multiply the value by 1024^3. For terabytes to bytes, multiply by 1024^4.
The default value is blank ($null).
Type: Int64
Required: False
Position: Named
Default value: None
-MountAtStartup
The MountAtStartup parameter specifies whether to mount the mailbox database when the Microsoft Exchange
Information Store service starts. Valid values are:
$true: The database is mounted when the service starts. This is the default value.
$false: The database isn't mounted when the service starts.

Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the unique name of the mailbox database. The maximum length is 64 characters. If
Type: String
Required: False
Position: Named
Default value: None
-OfflineAddressBook
The OfflineAddressBook parameter specifies the offline address book that's associated with the mailbox database.
You can use any value that uniquely identifies the offline address book. For example:
Name
GUID
By default, this setting is blank ($null).
Required: False
Position: Named
Default value: None
-ProhibitSendQuota
The ProhibitSendQuota parameter specifies a size limit for the mailbox. If the mailbox reaches or exceeds this size,
the mailbox can't send new messages, and the user receives a descriptive warning message.
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
The ProhibitSendQuota value must be less than or equal to the ProhibitSendReceiveQuota value.
This settings applies to all mailboxes in the database that don't have their own prohibit send quota configured. The
default value is 2 gigabytes (2147483648 bytes).
Type: Unlimited
Required: False
Position: Named
Default value: None
-ProhibitSendReceiveQuota
The ProhibitSendReceiveQuota parameter specifies a size limit for the mailbox. If the mailbox reaches or exceeds
this size, the mailbox can't send or receive new messages. Messages sent to the mailbox are returned to the sender
with a descriptive error message. This value effectively determines the maximum size of the mailbox.
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
The value must be greater than or equal to the ProhibitSendQuota or IssueWarningQuota values.
This setting applies to all mailboxes in the database that don't have their own prohibit send receive quota
configured. The default value is 2.99804 gigabytes (2469396480 bytes)
Type: Unlimited
Required: False
Position: Named
Default value: None
The PublicFolderDatabase parameter specifies the associated public folder database for this mailbox database. You
can use any value that uniquely identifies the public folder database. For example:
Name
GUID
Required: False
Position: Named
Default value: None
-QuotaNotificationSchedule
The QuotaNotificationSchedule parameter specifies when quota messages are sent to mailboxes that have reached
one of the quota values.
"Sun.11:30 PM -Mon.1:30 AM"
Type: Schedule
Required: False
Position: Named
Default value: None
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
This settings applies to all mailboxes in the database that don't have their own Recoverable Items quota configured.
Type: Unlimited
Required: False
Position: Named
Default value: None
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
This settings applies to all mailboxes in the database that don't have their own Recoverable Items warning quota
configured.
Type: Unlimited
Required: False
Position: Named
Default value: None
-RetainDeletedItemsUntilBackup
The RetainDeletedItemsUntilBackup parameter specifies whether to keep items in the Recoverable Items\Deletions
folder of the mailbox until the next database backup occurs. Valid values are:
$true: Deleted items are kept until the next mailbox database backup. This value could effectively override the
deleted item retention and recoverable items quota values.
$false: Retention of deleted items doesn't depend on a backup of the mailbox database. This is the default value.
This settings applies to all mailboxes in the database that don't have this value specifically configured.

Required: False
Position: Named
Default value: None
-RpcClientAccessServer
The RpcClientAccessServer parameter specifies the Client Access server or Client Access server array through
which RPC clients (for example, Microsoft Office Outlook 2007 clients) access their mailboxes. This feature is
supported for all versions of Outlook.
When connecting with Outlook 2003 clients, RPC encryption is disabled by default. Unless RPC encryption is
enabled on Outlook 2003 or disabled on the server, Outlook 2003 clients won't be able to connect. For more
information, see Understanding RPC Client Access.
Type: ClientAccessServerOrArrayIdParameter
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-MailboxServer
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-MailboxServer cmdlet to modify the mailbox
configuration settings and attributes of Mailbox servers. For information about the parameter sets in the Syntax
Syntax
Set-MailboxServer [-Identity] <MailboxServerIdParameter>
[-AutoDagServerConfigured <$true | $false>]
[-AutoDatabaseMountDial <Lossless | GoodAvailability | BestAvailability>]
[-CalendarRepairIntervalEndWindow <Int32>]
[-CalendarRepairLogDirectorySizeLimit <Unlimited>]
[-CalendarRepairLogEnabled <$true | $false>]
[-CalendarRepairLogFileAgeLimit <EnhancedTimeSpan>]
[-CalendarRepairLogPath <LocalLongFullPath>]
[-CalendarRepairLogSubjectLoggingEnabled <$true | $false>]
[-CalendarRepairMissingItemFixDisabled <$true | $false>]
[-CalendarRepairMode <ValidateOnly | RepairAndValidate>]
[-CalendarRepairSchedule <ScheduleInterval[]>]
[-CalendarRepairWorkCycle <EnhancedTimeSpan>]
[-CalendarRepairWorkCycleCheckpoint <EnhancedTimeSpan>]
[-Confirm]
[-DarTaskStoreTimeBasedAssistantWorkCycle <EnhancedTimeSpan>]
[-DarTaskStoreTimeBasedAssistantWorkCycleCheckpoint <EnhancedTimeSpan>]
[-DatabaseCopyActivationDisabledAndMoveNow <$true | $false>]
[-DatabaseCopyAutoActivationPolicy <Unrestricted | IntrasiteOnly | Blocked>]
[-DirectoryProcessorWorkCycle <EnhancedTimeSpan>]
[-DirectoryProcessorWorkCycleCheckpoint <EnhancedTimeSpan>]
[-FaultZone <String>]
[-FolderLogForManagedFoldersEnabled <$true | $false>]
[-ForceGroupMetricsGeneration <$true | $false>]
[-GroupMailboxWorkCycle <EnhancedTimeSpan>]
[-GroupMailboxWorkCycleCheckpoint <EnhancedTimeSpan>]
[-GroupMetricsGenerationTime <String>]
[-InferenceDataCollectionWorkCycle <EnhancedTimeSpan>]
[-InferenceDataCollectionWorkCycleCheckpoint <EnhancedTimeSpan>]
[-InferenceTrainingWorkCycle <EnhancedTimeSpan>]
[-InferenceTrainingWorkCycleCheckpoint <EnhancedTimeSpan>]
[-JournalingLogForManagedFoldersEnabled <$true | $false>]
[-JunkEmailOptionsCommitterWorkCycle <EnhancedTimeSpan>]
[-Locale <MultiValuedProperty>]
[-LogDirectorySizeLimitForManagedFolders <Unlimited>]
[-LogFileAgeLimitForManagedFolders <EnhancedTimeSpan>]
[-LogFileSizeLimitForManagedFolders <Unlimited>]
[-LogPathForManagedFolders <LocalLongFullPath>]
[-MailboxAssociationReplicationWorkCycle <EnhancedTimeSpan>]
[-MailboxAssociationReplicationWorkCycleCheckpoint <EnhancedTimeSpan>]
[-MailboxProcessorWorkCycle <EnhancedTimeSpan>]
[-MailboxProcessorWorkCycle <EnhancedTimeSpan>]
[-ManagedFolderAssistantSchedule <ScheduleInterval[]>]
[-ManagedFolderWorkCycle <EnhancedTimeSpan>]
[-ManagedFolderWorkCycleCheckpoint <EnhancedTimeSpan>]
[-MAPIEncryptionRequired <$true | $false>]
[-MaximumActiveDatabases <Int32>]
[-MaximumPreferredActiveDatabases <Int32>]
[-MessageTrackingLogEnabled <$true | $false>]
[-MessageTrackingLogMaxAge <EnhancedTimeSpan>]
[-MessageTrackingLogMaxDirectorySize <Unlimited>]
[-MessageTrackingLogMaxFileSize <ByteQuantifiedSize>]
[-MessageTrackingLogPath <LocalLongFullPath>]
[-MessageTrackingLogSubjectLoggingEnabled <$true | $false>]
[-MigrationLogFilePath <LocalLongFullPath>]
[-MigrationLogLoggingLevel <None | Error | Warning | Information | Verbose | Instrumentation>]
[-MigrationLogMaxAge <EnhancedTimeSpan>]
[-MigrationLogMaxDirectorySize <ByteQuantifiedSize>]
[-MigrationLogMaxFileSize <ByteQuantifiedSize>]
[-OABGeneratorWorkCycle <EnhancedTimeSpan>]
[-OABGeneratorWorkCycleCheckpoint <EnhancedTimeSpan>]
[-PeopleCentricTriageWorkCycle <EnhancedTimeSpan>]
[-PeopleCentricTriageWorkCycleCheckpoint <EnhancedTimeSpan>]
[-PeopleRelevanceWorkCycle <EnhancedTimeSpan>]
[-PeopleRelevanceWorkCycleCheckpoint <EnhancedTimeSpan>]
[-ProbeTimeBasedAssistantWorkCycle <EnhancedTimeSpan>]
[-ProbeTimeBasedAssistantWorkCycleCheckpoint <EnhancedTimeSpan>]
[-PublicFolderWorkCycle <EnhancedTimeSpan>]
[-PublicFolderWorkCycleCheckpoint <EnhancedTimeSpan>]
[-RetentionLogForManagedFoldersEnabled <$true | $false>]
[-SearchIndexRepairTimeBasedAssistantWorkCycle <EnhancedTimeSpan>]
[-SearchIndexRepairTimeBasedAssistantWorkCycleCheckpoint <EnhancedTimeSpan>]
[-SharePointSignalStoreWorkCycle <EnhancedTimeSpan>]
[-SharePointSignalStoreWorkCycleCheckpoint <EnhancedTimeSpan>]
[-SharingPolicySchedule <ScheduleInterval[]>]
[-SharingPolicyWorkCycle <EnhancedTimeSpan>]
[-SharingPolicyWorkCycleCheckpoint <EnhancedTimeSpan>]
[-SharingSyncWorkCycle <EnhancedTimeSpan>]
[-SharingSyncWorkCycleCheckpoint <EnhancedTimeSpan>]
[-SiteMailboxWorkCycleCheckpoint <EnhancedTimeSpan>]
[-StoreDsMaintenanceWorkCycle <EnhancedTimeSpan>]
[-StoreDsMaintenanceWorkCycleCheckpoint <EnhancedTimeSpan>]
[-StoreIntegrityCheckWorkCycle <EnhancedTimeSpan>]
[-StoreIntegrityCheckWorkCycleCheckpoint <EnhancedTimeSpan>]
[-StoreMaintenanceWorkCycle <EnhancedTimeSpan>]
[-StoreMaintenanceWorkCycleCheckpoint <EnhancedTimeSpan>]
[-StoreScheduledIntegrityCheckWorkCycle <EnhancedTimeSpan>]
[-StoreScheduledIntegrityCheckWorkCycleCheckpoint <EnhancedTimeSpan>]
[-StoreUrgentMaintenanceWorkCycle <EnhancedTimeSpan>]
[-StoreUrgentMaintenanceWorkCycleCheckpoint <EnhancedTimeSpan>]
[-SubjectLogForManagedFoldersEnabled <$true | $false>]
[-SubmissionServerOverrideList <MultiValuedProperty>]
[-TopNWorkCycle <EnhancedTimeSpan>]
[-TopNWorkCycleCheckpoint <EnhancedTimeSpan>]
[-UMReportingWorkCycle <EnhancedTimeSpan>]
[-UMReportingWorkCycleCheckpoint <EnhancedTimeSpan>]
[-WacDiscoveryEndpoint <String>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-MailboxServer -Identity MBX02 -CalendarRepairWorkCycle 7.00:00:00 -CalendarRepairWorkCycleCheckpoint

7.00:00:00
In Exchange 2013, this example throttles the Calendar Repair Assistant to detect and repair calendar inconsistencies
for the Mailbox server MBX02 in a 7-day period. During that 7-day period, all mailboxes will be scanned, and at the
end of the period, the process will start over.
-------------------------- Example 2 --------------------------
Set-MailboxServer -Identity MBX01 -CalendarRepairIntervalEndWindow 40 -CalendarRepairLogDirectorySizeLimit

750MB -CalendarRepairLogFileAgeLimit 15.00:00:00 -CalendarRepairLogPath "D:\Exchange Logs\Calendar Repair
Assistant"
This example changes some of the default settings of the Calendar Repair Assistant on the server named MBX01.
-------------------------- Example 3 --------------------------
Set-MailboxServer -Identity MBX02 -CalendarRepairWorkCycle 7.00:00:00 -CalendarRepairWorkCycleCheckpoint

7.00:00:00
In Exchange 2010, this example throttles the Calendar Repair Assistant to detect and repair calendar inconsistencies
for the Mailbox server MBX02 in a 7-day period. During that 7-day period, all mailboxes will be scanned, and at the
end of the period, the process will start over.
-------------------------- Example 4 --------------------------
Set-MailboxServer -Identity MBX02 -ManagedFolderWorkCycle 10.00:00:00 -ManagedFolderWorkCycleCheckpoint

10.00:00:00
In Exchange 2013, this example throttles the Managed Folder Assistant, which applies message retention settings
to all mailboxes for the Mailbox server MBX02 in a 10-day period. During that 10-day period, all mailboxes will be
scanned, and at the end of the period, the process will start over.
-------------------------- Example 5 --------------------------
Set-MailboxServer -Identity MBX02 -ManagedFolderWorkCycle 10.00:00:00 -ManagedFolderWorkCycleCheckpoint

10.00:00:00
In Exchange 2010, this example throttles the Managed Folder Assistant, which applies message retention settings
to all mailboxes for the Mailbox server MBX02 in a 10-day period. During that 10-day period, all mailboxes will be
scanned, and at the end of the period, the process will start over.
-------------------------- Example 6 --------------------------
Set-MailboxServer -Identity MBX02 -SharingPolicyWorkCycle 7.00:00:00 -SharingPolicyWorkCycleCheckpoint

7.00:00:00 -SharingSyncWorkCycle 7.00:00:00 -SharingSyncWorkCycleCheckpoint 7.00:00:00
In Exchange 2013, this example throttles the Sharing Policy and Sharing Sync Assistants to apply sharing policies,
sync shared calendars, and free/busy information for the mailboxes on server MBX02 in a 7-day period. During
that 7-day period, all mailboxes will be scanned, and at the end of the period, the process will start over.
-------------------------- Example 7 --------------------------
Set-MailboxServer -Identity MBX02 -SharingPolicyWorkCycle 7.00:00:00 -SharingPolicyWorkCycleCheckpoint

7.00:00:00 -SharingSyncWorkCycle 7.00:00:00 -SharingSyncWorkCycleCheckpoint 7.00:00:00
In Exchange 2010, this example throttles the Sharing Policy and Sharing Sync Assistants to apply sharing policies,
sync shared calendars, and free/busy information for the mailboxes on server MBX02 in a 7-day period. During
that 7-day period, all mailboxes will be scanned, and at the end of the period, the process will start over.
-------------------------- Example 8 --------------------------
Set-MailboxServer -Identity MBX02 -TopNWorkCycle 10.00:00:00 -TopNWorkCycleCheckpoint 10.00:00:00 -

UMReportingWorkCycle 10.00:00:00 -UMReportingWorkCycleCheckpoint 10.00:00:00
In Exchange 2010, this example throttles the TopN Words Assistant and the Unified Messaging Reporting Assistant
for mailboxes that reside on the Mailbox server MBX02 in a 10-day period. During that 10-day period, all
mailboxes that have Unified Messaging enabled will be scanned, and at the end of the period, the process will start
over.
Parameters
-AutoDagServerConfigured

Required: False
Position: Named
Default value: None
-AutoDatabaseMountDial
The AutoDatabaseMountDial parameter specifies the automatic database mount behavior for a continuous
replication environment after a database failover on the Mailbox server. You can use the following values:
BestAvailability: The database automatically mounts immediately after a failover if the copy queue length is less
than or equal to 12. The copy queue length is the number of logs recognized by the passive copy that needs to
be replicated. If the copy queue length is more than 12, the database doesn't automatically mount. When the
copy queue length is less than or equal to 12, Exchange attempts to replicate the remaining logs to the passive
copy and mounts the database.
GoodAvailability: The database automatically mounts immediately after a failover if the copy queue length is
less than or equal to six. The copy queue length is the number of logs recognized by the passive copy that needs
to be replicated. If the copy queue length is more than six, the database doesn't automatically mount. When the
copy queue length is less than or equal to six, Exchange attempts to replicate the remaining logs to the passive
copy and mounts the database.
Lossless: The database doesn't automatically mount until all logs that were generated on the active copy have
been copied to the passive copy. This setting also causes Active Manager's best copy selection algorithm to sort
potential candidates for activation based on the database copy's activation preference value and not its copy
queue length.
The default value is GoodAvailability. If you specify either BestAvailability or GoodAvailability, and all of the logs
from the active copy haven't been replicated to the passive copy, you may lose some mailbox data. However, the
Safety Net feature, (which is enabled by default) helps protect against data loss by resubmitting messages that are
in Safety Net.
Type: Lossless | GoodAvailability | BestAvailability

Required: False
Position: Named
Default value: None
-CalendarRepairIntervalEndWindow
The CalendarRepairIntervalEndWindow parameter specifies the number of days into the future to repair calendar
items in mailboxes on the Mailbox server. The default value is 30. This means the Calendar Repair Assistant repairs
meetings in calendars up to 30 days from now. Meetings that are scheduled to occur more than 30 days in the
future aren't repaired.
Type: Int32
Required: False
Position: Named
Default value: None
-CalendarRepairLogDirectorySizeLimit
The CalendarRepairLogDirectorySizeLimit parameter specifies the maximum size of calendar repair log directory
on the Mailbox server. When the directory reaches its maximum size, the server deletes the oldest log files first.
Calendar repair log files begin with the name prefix CRA. The maximum size of the calendar repair log directory is
calculated as the total size of all log files that have the CRA name prefix. Other files aren't counted in the total
directory size calculation. Renaming old log files or copying other files into the calendar repair log directory could
cause the directory to exceed its specified maximum size.
The default value is 500 megabytes (MB ).
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
If you enter the value unlimited, no size limit is imposed on the calendar repair log directory.
Type: Unlimited
Required: False
Position: Named
Default value: None
-CalendarRepairLogEnabled
The CalendarRepairLogEnabled parameter specifies whether the Calendar Repair Attendant logs items that it
repairs on the Mailbox server. The repair log doesn't contain failed repair attempts.
The value of this parameter affects the following parameters:
CalendarRepairLogDirectorySizeLimit
CalendarRepairLogFileAgeLimit
CalendarRepairLogPath
CalendarRepairLogSubjectLoggingEnabled

Required: False
Position: Named
Default value: None
-CalendarRepairLogFileAgeLimit
The CalendarRepairLogFileAgeLimit parameter specifies the calendar repair log maximum file age on the Mailbox
server. Log files older than the specified value are deleted. The default value is 10 days.
seconds.
For example, to specify 30 days, enter 30.00:00:00. The value 00:00:00 prevents the automatic removal of calendar
repair log files because of their age.
Required: False
Position: Named
Default value: None
-CalendarRepairLogPath
The CalendarRepairLogPath parameter specifies the location of the calendar repair log files on the Mailbox server.
The default value is %ExchangeInstallPath%Logging\Calendar Repair Assistant.
Required: False
Position: Named
Default value: None
-CalendarRepairLogSubjectLoggingEnabled
The CalendarRepairLogSubjectLoggingEnabled parameter specifies whether to include the subject of repaired
calendar items in the calendar repair log on the Mailbox server. Valid input for this parameter is $true or $false. The

Required: False
Position: Named
Default value: None
-CalendarRepairMissingItemFixDisabled
The CalendarRepairMissingItemFixDisabled parameter specifies whether the Calendar Repair Assistant won't fix
missing calendar items in mailboxes on the Mailbox server.Valid input for this parameter is $true or $false. The

Required: False
Position: Named
Default value: None
-CalendarRepairMode
The CalendarRepairMode parameter specifies the Calendar Repair Assistant mode on the Mailbox server. Valid
values for this parameter are ValidateOnly or RepairAndValidate. The default value is RepairAndValidate.
Type: ValidateOnly | RepairAndValidate

Required: False
Position: Named
Default value: None
-CalendarRepairSchedule
The CalendarRepairSchedule parameter specifies the intervals each week during which the Calendar Repair
Assistant applies checks for calendar failures.
The syntax for this parameter is: StartDay.Hour:Minute [AM/PM ]-EndDay.Hour:Minute [AM/PM ]. You can specify
multiple schedules separated by commas: "<Schedule1>","<Schedule2>",..."<ScheduleN>".
The start time and end time must be at least 15 minutes apart. Minutes are rounded down to 0, 15, 30, or 45. If you
specify more than one interval, there must be at least 15 minutes between each interval.
"Sun.11:30 PM -Mon.1:30 AM"
"Monday.4:30 AM -Monday.5:30 AM","Wednesday.4:30 AM -Wednesday.5:30 AM" (Run on Monday and
Wednesday mornings from 4:30 until 5:30.)
Type: ScheduleInterval[]
Required: False
Position: Named
Default value: None
-CalendarRepairWorkCycle
This parameter is available or functional only in Exchange Server 2010 or Exchange Server 2013.
The CalendarRepairWorkCycle parameter specifies the time span in which all mailboxes on the Mailbox server will
be scanned by the Calendar Repair Assistant. The default value is 1 day.
Calendars that have inconsistencies will be flagged and repaired according to the interval specified by the
CalendarRepairWorkCycleCheckpoint parameter.
For example, to specify 2 days for this parameter, use 2.00:00:00. The Calendar Repair Assistant will then process all
mailboxes on this server every 2 days.
Required: False
Position: Named
Default value: None
-CalendarRepairWorkCycleCheckpoint
The CalendarRepairWorkCycleCheckpoint parameter specifies the time span at which all mailboxes on the Mailbox
server will be identified as needing work completed on them. The default value is 1 day.
To specify a value, enter it as a time span: dd.hh:mm:ss where d = days, h = hours, m = minutes and s = seconds.
For example, to specify 2 days for this parameter, use 2.00:00:00. The Calendar Repair Assistant will then process all
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DarTaskStoreTimeBasedAssistantWorkCycle
Required: False
Position: Named
Default value: None
-DarTaskStoreTimeBasedAssistantWorkCycleCheckpoint
Required: False
Position: Named
Default value: None
-DatabaseCopyActivationDisabledAndMoveNow
The DatabaseCopyActivationDisabledAndMoveNow parameter specifies whether to prevent databases from being
mounted on this Mailbox server if there are other healthy copies of the databases on other Mailbox servers. It will
also immediately move any mounted databases on the server to other servers if copies exist and are healthy.
Setting this parameter to $truewon't cause databases to move to a server that has the
DatabaseCopyAutoActivationPolicy parameter set to Blocked.

Required: False
Position: Named
Default value: None
-DatabaseCopyAutoActivationPolicy
The DatabaseCopyAutoActivationPolicy parameter specifies the type of automatic activation available for mailbox
database copies on the specified Mailbox server. Valid values for this parameter are:
Blocked: Databases can't be automatically activated on the specified Mailbox server. In Exchange 2013 prior to
Cumulative Update 7 (CU7), this setting stops server locator requests to the specified server, which prevents all
client access to manually activated databases on the server if all DAG members are configured with a value of
Blocked. In Exchange 2013 CU7 or later versions of Exchange, server locator requests are sent to a blocked
server if no other Mailbox servers are available, thus client access is not impacted.
IntrasiteOnly: The database copy is allowed to be activated only on Mailbox servers in the same Active
Directory site. This prevents cross-site failover and activation.
Unrestricted: There are no special restrictions on activating mailbox database copies on the specified Mailbox
server. This is the default value.
Type: Unrestricted | IntrasiteOnly | Blocked

Required: False
Position: Named
Default value: None
-DirectoryProcessorWorkCycle
Required: False
Position: Named
Default value: None
-DirectoryProcessorWorkCycleCheckpoint
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-FaultZone
Type: String
Required: False
Position: Named
Default value: None
-FolderLogForManagedFoldersEnabled
This parameter is used for coexistence with Exchange 2010. Specifically, this parameter works with messaging
records management (MRM ) 1.0 (managed folders). This parameter doesn't work with MRM 2.0 (retention
policies) that were introduced in Exchange 2010 Service Pack 1 (SP1).
The FolderLogForManagedFoldersEnabled parameter specifies whether managed folder logging is enabled on the
Mailbox server. Valid input for this parameter is$true or $false. The default value is $false.
If you specify $true, managed folder logging is enabled. Message activity in folders that have managed folder
mailbox policies applied to them is logged.
The value of this parameter affects the following parameters:
JournalingLogForManagedFoldersEnabled
LogDirectorySizeLimitForManagedFolders
LogFileAgeLimitForManagedFolders
LogFileSizeLimitForManagedFolders
LogPathForManagedFolders
RetentionLogForManagedFoldersEnabled
SubjectLogForManagedFoldersEnabled

Required: False
Position: Named
Default value: None
-ForceGroupMetricsGeneration
The ForceGroupMetricsGeneration parameter specifies that group metrics information must be generated on the
Mailbox server regardless of whether that server generates an offline address book (OAB ). Valid input for this
By default, group metrics are generated only on servers that generate OABs. Group metrics information is used by
MailTips to inform senders about how many recipients their messages will be sent to. You need to set this
parameter to $true if your organization doesn't generate OABs and you want the group metrics data to be
available.

Required: False
Position: Named
Default value: None
-GroupMailboxWorkCycle
Required: False
Position: Named
Default value: None
-GroupMailboxWorkCycleCheckpoint
Required: False
Position: Named
Default value: None
-GroupMetricsGenerationTime
The GroupMetricsGenerationTime parameter specifies the time of day when group metrics data is generated on a
Mailbox server. You must use the 24-hour clock notation (HH:MM ) when specifying the generation time.
Type: String
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Mailbox server that you want to modify. You can use any value that uniquely
Name
GUID
Required: True
Position: 1
Default value: None
-InferenceDataCollectionWorkCycle
Required: False
Position: Named
Default value: None
-InferenceDataCollectionWorkCycleCheckpoint
Required: False
Position: Named
Default value: None
-InferenceTrainingWorkCycle
Required: False
Position: Named
Default value: None
-InferenceTrainingWorkCycleCheckpoint
Required: False
Position: Named
Default value: None
-IrmLogEnabled
The IrmLogEnabled parameter enables or disables logging of Information Rights Management (IRM ) transactions.
IRM logging is enabled by default. Values include:
$true Enable IRM logging
$false Disable IRM logging

Required: False
Position: Named
Default value: None
-IrmLogMaxAge
The IrmLogMaxAge parameter specifies the maximum age for the IRM log file. Log files that are older than the
specified value are deleted. The default value is 30 days.
Setting the value of the IrmLogMaxAge parameter to 00:00:00 prevents the automatic removal of connectivity log
files because of their age.
Required: False
Position: Named
Default value: None
-IrmLogMaxDirectorySize
The IrmLogMaxDirectorySize parameter specifies the maximum size of all IRM logs in the connectivity log
directory. When a directory reaches its maximum file size, the server deletes the oldest log files first. The default
value is 250 megabytes (MB ). When you enter a value, qualify the value with one of the following units:
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
Unqualified values are treated as bytes. The value of the IrmLogMaxFileSize parameter must be less than or equal
to the value of the IrmLogMaxDirectorySize parameter.
The valid input range for either parameter is from 1 through 9223372036854775807 bytes. If you enter a value of
unlimited, no size limit is imposed on the connectivity log directory.
Type: Unlimited
Required: False
Position: Named
Default value: None
-IrmLogMaxFileSize
The IrmLogMaxFileSize parameter specifies the maximum size of each IRM log file. When a log file reaches its
maximum file size, a new log file is created. The default value is 10 MB. When you enter a value, qualify the value
with one of the following units:
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
Unqualified values are treated as bytes. The value of the IrmLogMaxFileSize parameter must be less than or equal
to the value of the IrmLogMaxDirectorySize parameter. The valid input range for either parameter is from 1
through 9223372036854775807 bytes. If you enter a value of unlimited, no size limit is imposed on the IRM log
files.
Required: False
Position: Named
Default value: None
-IrmLogPath
The IrmLogPath parameter specifies the default IRM log directory location. The default value is C:\Program
Files\Microsoft\Exchange Server\ v14\Logging\IRMLogs.
If you set the value of the IrmLogPath parameter to $null, you effectively disable IRM logging. However, if you set
the value of the IrmLogPath parameter to $null when the value of the IrmLogEnabled parameter is $true, Exchange
will log errors in the Application event log. The preferred way for disabling IRM logging is to set the
IrmLogEnabled parameter to $false.
Required: False
Position: Named
Default value: None
The IsExcludedFromProvisioning parameter specifies that the Mailbox server isn't considered by the OAB
provisioning load balancer. Valid input for this parameter is $true or $false. The default value is $false.
If you specify$true, the server won't be used for provisioning a new OAB or for moving existing OABs.

Required: False
Position: Named
Default value: None
-JournalingLogForManagedFoldersEnabled
The JournalingLogForManagedFoldersEnabled parameter specifies whether journaling activity is recorded in the
managed folder log on the Mailbox server.Valid input for this parameter is$true or $false. The default value is
$false.
If you specify $true, information about messages that were journaled in managed folders is logged. The managed
folder log directory is specified by the LogPathForManagedFolders parameter.

Required: False
Position: Named
Default value: None
-JunkEmailOptionsCommitterWorkCycle
Required: False
Position: Named
Default value: None
-Locale
The Locale parameter specifies the locale of the Mailbox server. A locale is a collection of language-related user
preferences such as writing system, calendar, and date format. The following are examples:
en-US (English - United States)
de-AT (German - Austria)
es-CL (Spanish - Chile)
For more information, see CultureInfo Class (https://go.microsoft.com/fwlink/p/?linkId=68806).
Required: False
Position: Named
Default value: None
-LogDirectorySizeLimitForManagedFolders
The LogDirectorySizeLimitForManagedFolders parameter specifies the maximum size of all managed folder logs
from a single mailbox database in the managed folder log directory on the Mailbox server. When a set of log files
reaches its maximum size, the server deletes the oldest log files first.
Every mailbox database on the server uses a different log file name prefix (for example,
Managed_Folder_Assistant[Mailbox database name]). Therefore, the maximum size of the managed folder log
directory is the number of mailbox databases multiplied by the value of the
LogDirectorySizeLimitForManagedFolders parameter. Other files aren't counted in the total size calculation.
Renaming old log files or copying other files into the managed folder log directory could cause the directory to
exceed its specified maximum size.
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
The default value is unlimited, which means no size limit is imposed on the managed folder log directory.
Type: Unlimited
Required: False
Position: Named
Default value: None
-LogFileAgeLimitForManagedFolders
The LogFileAgeLimitForManagedFolders parameter specifies how long to retain managed folder logs on the
Mailbox server. Log files older than the specified value are deleted.
seconds.
For example, to specify a 30 days, enter 30.00:00:00. The default value is 00:00:00, which prevents the automatic
removal of managed folder log files because of their age.
Required: False
Position: Named
Default value: None
-LogFileSizeLimitForManagedFolders
The LogFileSizeLimitForManagedFolders parameter specifies the maximum size for each managed folder log file
on the Mailbox server. When a log file reaches its maximum size, a new log file is created. The default value is 10
megabytes (MB ).
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
If you enter the value unlimited, no size limit is imposed on a managed folder log file.
Type: Unlimited
Required: False
Position: Named
Default value: None
-LogPathForManagedFolders
The LogPathForManagedFolders parameter specifies the location of the managed folder log files on the Mailbox
server. The default value is %ExchangeInstallPath%Logging\ Managed Folder Assistant.
Required: False
Position: Named
Default value: None
-MailboxAssociationReplicationWorkCycle
Required: False
Position: Named
Default value: None
-MailboxAssociationReplicationWorkCycleCheckpoint
Required: False
Position: Named
Default value: None
-MailboxProcessorWorkCycle
The MailboxProcessorWorkCycle parameter specifies how often to scan for locked mailboxes on the Mailbox
server. The default value is 1 day.
Required: False
Position: Named
Default value: None
-ManagedFolderAssistantSchedule
The ManagedFolderAssistantSchedule parameter specifies the intervals each week during which the Managed
Folder Assistant applies messaging records management (MRM ) settings to managed folders in mailboxes on the
Mailbox server.
"Sun.11:30 PM -Mon.1:30 AM"
If the Managed Folder Assistant doesn't finish processing the mailboxes on the server during the time that you've
scheduled, it automatically resumes processing where it left off the next time it runs.
Required: False
Position: Named
Default value: None
-ManagedFolderWorkCycle
The ManagedFolderWorkCycle parameter specifies the time span in which all mailboxes on the Mailbox server will
be processed by the Managed Folder Assistant. The default value is 1 day.
The Managed Folder Assistant applies retention policies according to the ManagedFolderWorkCycleCheckpoint
interval.
For example, to specify 2 days for this parameter, use 2.00:00:00. The Managed Folder Assistant will then process
all mailboxes on this server every 2 days.
Required: False
Position: Named
Default value: None
-ManagedFolderWorkCycleCheckpoint
The ManagedFolderWorkCycleCheckpoint parameter specifies the time span at which to refresh the list of
mailboxes on the Mailbox server so that new mailboxes that have been created or moved will be part of the work
queue. The default value is 1 day.
Also, as mailboxes are prioritized, existing mailboxes that haven't been successfully processed for a long time will
be placed higher in the queue and will have a greater chance of being processed again in the same work cycle.
For example, to specify 2 days for this parameter, use 2.00:00:00.
Required: False
Position: Named
Default value: None
-MAPIEncryptionRequired
The MAPIEncryptionRequired parameter specifies whether Exchange blocks MAPI client connections to the
Mailbox server that don't use encrypted remote procedure calls (RPCs). Valid input for this parameter is$true or

Required: False
Position: Named
Default value: None
-MaximumActiveDatabases
The MaximumActiveDatabases parameter specifies the maximum number of databases that can be mounted on
the Mailbox server.
When the maximum number is reached, the database copies on the server won't be activated if a failover or
switchover occurs. If the copies are already active on a server, the Information Store on the server won't allow
databases to be mounted.
The default value is blank ($null), which means no maximum value is configured.
Type: Int32
Required: False
Position: Named
Default value: None
-MaximumPreferredActiveDatabases
The MaximumPreferredActiveDatabases parameter specifies a preferred maximum number of databases that
theMailbox server should have. This value is different from the actual maximum, which is configured using the
MaximumActiveDatabases parameter. The value of MaximumPreferredActiveDatabases is only honored during
best copy and server selection, database and server switchovers, and when rebalancing the DAG.
The default value is blank ($null), which means no maximum value is configured.
Type: Int32
Required: False
Position: Named
Default value: None
-MessageTrackingLogEnabled
The MessageTrackingLogEnabled parameter specifies whether message tracking is enabled. The default value is
$true.

Required: False
Position: Named
Default value: None
-MessageTrackingLogMaxAge
The MessageTrackingLogMaxAge parameter specifies the message tracking log maximum file age. Log files older
than the specified value are deleted. The default value is 30 days.
The valid input range for this parameter is 00:00:00 to 24855.03:14:07. Setting the value of the
MessageTrackingLogMaxAge parameter to 00:00:00 prevents the automatic removal of message tracking log files
because of their age.
Required: False
Position: Named
Default value: None
-MessageTrackingLogMaxDirectorySize
The MessageTrackingLogMaxDirectorySize parameter specifies the maximum size of the message tracking log
directory. When the maximum directory size is reached, the server deletes the oldest log files first.
The maximum size of the message tracking log directory is calculated as the total size of all log files that have the
same name prefix. Other files that don't follow the name prefix convention aren't counted in the total directory size
calculation. Renaming old log files or copying other files into the message tracking log directory could cause the
directory to exceed its specified maximum size.
When the Hub Transport server role and the Mailbox server role are installed on the same server, the maximum
size of the message tracking log directory isn't the specified maximum size because the message tracking log files
generated by the different server roles have different name prefixes. Message tracking log files for the Hub
Transport server role or Edge Transport server role begin with the name prefix MSGTRK. Message tracking log files
for the Mailbox server role begin with the name prefix MSGTRKM. When the Hub Transport server role and the
Mailbox server role are installed on the same server, the maximum size of the message tracking log directory is two
times the specified value.
The default value is 250 MB. When you enter a value, qualify the value with one of the following units:
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
Unqualified values are treated as bytes. The value of the MessageTrackingLogMaxFileSize parameter must be less
than or equal to the value of the MessageTrackingLogMaxDirectorySize parameter. The valid input range for either
parameter is from 1 through 9223372036854775807 bytes.
Type: Unlimited
Required: False
Position: Named
Default value: None
-MessageTrackingLogMaxFileSize
The MessageTrackingLogMaxFileSize parameter specifies the maximum size of the message tracking log files.
When a log file reaches its maximum file size, a new log file is created. The default value is 10 MB. When you enter
a value, qualify the value with one of the following units:
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
Unqualified values are treated as bytes. The value of the MessageTrackingLogMaxFileSize parameter must be less
than or equal to the value of the MessageTrackingLogMaxDirectorySize parameter. The valid input range for either
parameter is from 1 through 4294967296 bytes (4 GB ).
Required: False
Position: Named
Default value: None
-MessageTrackingLogPath
The MessageTrackingLogPath parameter specifies the location of the message tracking logs. The default location is
C:\Program Files\Microsoft\Exchange Server TransportRoles\Logs\MessageTracking. If you set the value of the
MessageTrackingLogPath parameter to $null, you effectively disable message tracking. However, if you set the
value of the MessageTrackingLogPath parameter to $null when the value of the MessageTrackingLogEnabled
attribute is $true, event log errors occur. The preferred method to disable message tracking is to use the
MessageTrackingLogEnabled parameter.
Required: False
Position: Named
Default value: None
-MessageTrackingLogSubjectLoggingEnabled
The MessageTrackingLogSubjectLoggingEnabled parameter specifies if the message subject should be included in
the message tracking log. The default value is $true.

Required: False
Position: Named
Default value: None
-MigrationLogFilePath
Required: False
Position: Named
Default value: None
-MigrationLogLoggingLevel
Type: None | Error | Warning | Information | Verbose | Instrumentation

Required: False
Position: Named
Default value: None
-MigrationLogMaxAge
Required: False
Position: Named
Default value: None
-MigrationLogMaxDirectorySize
Required: False
Position: Named
Default value: None
-MigrationLogMaxFileSize
Required: False
Position: Named
Default value: None
-OABGeneratorWorkCycle
The OABGeneratorWorkCycle parameter specifies the time span in which the OAB generation on the Mailbox
server will be processed. The default value is 8 hours.
For example, to specify 16 hours for this parameter, use 16:00:00.
Required: False
Position: Named
Default value: None
-OABGeneratorWorkCycleCheckpoint
The OABGeneratorWorkCycleCheckpoint parameter specifies the time span at which to run OAB generation on the
Mailbox server. The default value is 1 hour.
Required: False
Position: Named
Default value: None
-PeopleCentricTriageWorkCycle
Required: False
Position: Named
Default value: None
-PeopleCentricTriageWorkCycleCheckpoint
Required: False
Position: Named
Default value: None
-PeopleRelevanceWorkCycle
Required: False
Position: Named
Default value: None
-PeopleRelevanceWorkCycleCheckpoint
Required: False
Position: Named
Default value: None
-ProbeTimeBasedAssistantWorkCycle
Required: False
Position: Named
Default value: None
-ProbeTimeBasedAssistantWorkCycleCheckpoint
Required: False
Position: Named
Default value: None
-PublicFolderWorkCycle
The PublicFolderWorkCycle parameter is used by the public folder assistant to determine how often the mailboxes
in a database are processed by the assistant on the Mailbox server. The default value is 1 day.
Required: False
Position: Named
Default value: None
-PublicFolderWorkCycleCheckpoint
The PublicFolderWorkCycleCheckpoint determines how often the mailbox list for a database is evaluated on the
Mailbox server. The processing speed is also calculated. The default value is 1 day.
Required: False
Position: Named
Default value: None
-RetentionLogForManagedFoldersEnabled
The RetentionLogForManagedFoldersEnabled parameter specifies whether retention policy activity is recorded in
the managed folder log on the Mailbox server. Valid input for this parameter is$true or $false. The default value is
$false.
If you specify $true, information about messages in managed folders that have been processed because they have
reached their retention limits is logged. The managed folder log directory is specified by the
LogPathForManagedFolders parameter.

Required: False
Position: Named
Default value: None
-SearchIndexRepairTimeBasedAssistantWorkCycle
Required: False
Position: Named
Default value: None
-SearchIndexRepairTimeBasedAssistantWorkCycleCheckpoint
Required: False
Position: Named
Default value: None
-SharePointSignalStoreWorkCycle
Required: False
Position: Named
Default value: None
-SharePointSignalStoreWorkCycleCheckpoint
Required: False
Position: Named
Default value: None
-SharingPolicySchedule
The SharingPolicySchedule parameter specifies the intervals each week during which the sharing policy runs on
the Mailbox server. The Sharing Policy Assistant checks permissions on shared calendar items and contact folders
in users' mailboxes against the assigned sharing policy. The assistant lowers or removes permissions according to
the policy.
"Sun.11:30 PM -Mon.1:30 AM"
Required: False
Position: Named
Default value: None
-SharingPolicyWorkCycle
The SharingPolicyWorkCycle parameter specifies the time span in which all mailboxes on the Mailbox server will
be scanned by the Sharing Policy Assistant. The default value is 1 day.
The Sharing Policy Assistant scans all mailboxes and enables or disables sharing polices according to the interval
specified by the SharingPolicyWorkCycle.
For example, to specify 2 days for this parameter, use 2.00:00:00. The Sharing Policy Assistant will then process all
Required: False
Position: Named
Default value: None
-SharingPolicyWorkCycleCheckpoint
The SharingPolicyWorkCycleCheckpoint parameter specifies the time span at which to refresh the list of mailboxes
on the Mailbox server so that new mailboxes that have been created or moved will be part of the work queue. The
default value is 1 day.
For example, to specify 2 days for this parameter, use 2.00:00:00. The Sharing Policy Assistant will then process all
Required: False
Position: Named
Default value: None
-SharingSyncWorkCycle
The SharingSyncWorkCycle parameter specifies the time span in which all mailboxes on the Mailbox server will be
synced to the cloud-based service by the Sharing Sync Assistant. The default value is 3 hours.
Mailboxes that require syncing will be synced according to the interval specified by the
SharingSyncWorkCycleCheckpoint parameter.
For example, to specify 8 hours for this parameter, use 08:00:00. The Sharing Sync Assistant will then process all
mailboxes on this server every 8 hours.
Required: False
Position: Named
Default value: None
-SharingSyncWorkCycleCheckpoint
The SharingSyncWorkCycleCheckpoint parameter specifies the time span at which to refresh the list of mailboxes
on the Mailbox server so that new mailboxes that have been created or moved will be part of the work queue. The
default value is 3 hours.
For example, to specify 8 hours for this parameter, use 08:00:00. The Sharing Sync Assistant will then process all
mailboxes on this server every 8 hours.
Required: False
Position: Named
Default value: None
-SiteMailboxWorkCycle
The SiteMailboxWorkCycle parameter specifies the time span in which the site mailbox information on the Mailbox
server will be processed. The default value is 6 hours.
Required: False
Position: Named
Default value: None
-SiteMailboxWorkCycleCheckpoint
The SiteMailboxWorkCycleCheckpoint parameter specifies the time span at which to refresh the site mailbox
workcycle on the Mailbox server. The default value is 6 hours.
Required: False
Position: Named
Default value: None
-StoreDsMaintenanceWorkCycle
Required: False
Position: Named
Default value: None
-StoreDsMaintenanceWorkCycleCheckpoint
Required: False
Position: Named
Default value: None
-StoreIntegrityCheckWorkCycle
Required: False
Position: Named
Default value: None
-StoreIntegrityCheckWorkCycleCheckpoint
Required: False
Position: Named
Default value: None
-StoreMaintenanceWorkCycle
Required: False
Position: Named
Default value: None
-StoreMaintenanceWorkCycleCheckpoint
Required: False
Position: Named
Default value: None
-StoreScheduledIntegrityCheckWorkCycle
Required: False
Position: Named
Default value: None
-StoreScheduledIntegrityCheckWorkCycleCheckpoint
Required: False
Position: Named
Default value: None
-StoreUrgentMaintenanceWorkCycle
Required: False
Position: Named
Default value: None
-StoreUrgentMaintenanceWorkCycleCheckpoint
Required: False
Position: Named
Default value: None
-SubjectLogForManagedFoldersEnabled
The SubjectLogForManagedFoldersEnabled parameter specifies whether to include the subject of messages in the
managed folder logs on the Mailbox server. Valid input for this parameter is$true or $false. The default value is
$false.
By default, the subject of messages is blank in the managed folder log.
Required: False
Position: Named
Default value: None
-SubmissionServerOverrideList
Required: False
Position: Named
Default value: None
-TopNWorkCycle
The TopNWorkCycle parameter specifies the time span in which all mailboxes that have Unified Messaging on the
Mailbox server will be scanned by the TopN Words Assistant. The default value is 7 days.
The TopN Words Assistant scans voice mail for the most frequently used words to aid in transcription. The most
common words are then indexed according to the interval specified by the TopNWorkCycleCheckpoint parameter.
For example, to specify 10 days for this parameter, use 10.00:00:00. The TopN Words Assistant will then process all
mailboxes on which Unified Messaging is enabled on this server every 10 days.
Required: False
Position: Named
Default value: None
-TopNWorkCycleCheckpoint
The TopNWorkCycleCheckpoint parameter specifies the time span at which to refresh the list of mailboxes on the
Mailbox server so that new mailboxes that have been created or moved will be part of the work queue. The default
value is 1 day.
For example, to specify 2 days for this parameter, use 2.00:00:00. The TopN Words Assistant will then process all
Required: False
Position: Named
Default value: None
-UMReportingWorkCycle
The UMReportingWorkCycle parameter specifies the time span in which the arbitration mailbox named
SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9} on the Mailbox server will be scanned by the Unified
Messaging Reporting Assistant. The default value is 1 day.
The Unified Messaging Reporting Assistant updates the Call Statistics reports by reading Unified Messaging call
data records for an organization on a regular basis.
For example, to specify 2 days for this parameter, use 2.00:00:00. The Unified Messaging Reporting Assistant will
then process all mailboxes that have Unified Messaging enabled on this server every 2 days.
Changing the default work cycle for this assistant might impact the performance of the Mailbox server.
Required: False
Position: Named
Default value: None
-UMReportingWorkCycleCheckpoint
The UMReportingWorkCycleCheckpoint parameter specifies the time span at which the arbitration mailbox named
SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9} on the Mailbox server will be marked by processing.
The default value is 1 day.
For example, to specify 2 days for this parameter, use 2.00:00:00.
Required: False
Position: Named
Default value: None
-WacDiscoveryEndpoint
The WacDiscoveryEndpoint parameter specifies the discovery endpoint for Office Online Server (formerly known
as Office Web Apps Server and Web Access Companion Server) for all mailboxes on the server. For example,
https://oos.internal.contoso.com/hosting/discovery.
Office Online Server enables users to view supported file attachments in Outlook on the web (formerly known as
Outlook Web App).
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-SearchDocumentFormat
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-SearchDocumentFormat cmdlet to enable or
disable the file format for Exchange Search. When you disable a file format for content indexing by Exchange
Search, contents of the file become unsearchable by Exchange Search clients such as Outlook on the web,
Microsoft Outlook in online mode and In-Place eDiscovery. For information about the parameter sets in the Syntax
Syntax
Set-SearchDocumentFormat [-Identity] <SearchDocumentFormatId> -Enabled <$true | $false> [-Confirm]
[-Server <ServerIdParameter>] [-WhatIf] [<CommonParameters>]
Description
Exchange Search includes built-in support for indexing many file formats. If you disable indexing for a supported
file format, items containing an attachment of that file type aren't considered unsearchable. When you perform an
In-Place eDiscovery (https://technet.microsoft.com/library/dd298021.aspx) search and you select the option to
include unsearchable items, only items that are actually unsearchable are returned. Items that weren't searched
because the associated file format is set as unsearchable aren't returned.
Examples
-------------------------- Example 1 --------------------------
Set-SearchDocumentFormat ZIP -Enabled $false
This command disables the Zip file format for indexing by Exchange Search.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter specifies whether the file format is enabled. Set the parameter to $false to disable the
format for content indexing.

Required: True
Position: Named
Default value: None
-Identity
The Identity parameter specifies the identity of the file format.
Required: True
Position: 1
Default value: None
-Server
Name
FQDN
Exchange Legacy DN
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Test-AssistantHealth
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Test-AssistantHealth cmdlet to verify that the
Microsoft Exchange Mailbox Assistants service (MSExchangeMailboxAssistants) is healthy, to recover from health
issues, and to report the status of the diagnosis or recovery action. For information about the parameter sets in the
Syntax
Test-AssistantHealth [[-ServerName] <ServerIdParameter>] [-Confirm] [-IncludeCrashDump]
[-MaxProcessingTimeInMinutes <UInt32>] [-MonitoringContext] [-ResolveProblems] [-WhatIf]
[-WatermarkBehindWarningThreholdInMinutes <UInt32>] [<CommonParameters>]
Description
The Mailbox Assistants service runs on all servers that have the Mailbox server role installed. This service is
responsible for scheduling and dispatching several assistants that ensure mailboxes function correctly.
By default, when you run this cmdlet, it returns the RunspaceId, events, and performance counters in a table format.
Examples
-------------------------- Example 1 --------------------------
Test-AssistantHealth -ServerName MBXSVR01 -IncludeCrashDump -ResolveProblems | Format-List
This example detects and repairs the mailbox assistant's health on MBXSVR01, includes the error information, and
formats the output to a list.
-------------------------- Example 2 --------------------------
Test-AssistantHealth -MaxProcessingTimeInMinutes 30 | Format-List
This example detects the mailbox assistant's health on the local Mailbox server. The MaxProcessingTimeInMinutes
parameter specifies 30 minutes as the maximum amount of time the service is allowed to process an event without
responding, and formats the output to a list.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-IncludeCrashDump
The IncludeCrashDump parameter specifies that the command should take an error report prior to taking any
recovery actions. This parameter should only be used if running from a local computer. If you use the parameter
while connected remotely, the command fails.
The default value for this parameter is $false.
You don't have to specify a value with this parameter.
Required: False
Position: Named
Default value: None
-MaxProcessingTimeInMinutes
The MaxProcessingTimeInMinutes parameter specifies the maximum amount of time the
MSExchangeMailboxAssistants service is allowed to process an event without responding. You can specify a value
from 1 through 3600 minutes. The default value is 15 minutes.
Type: UInt32
Required: False
Position: Named
Default value: None
-MonitoringContext
Required: False
Position: Named
Default value: None
-ResolveProblems
This ResolveProblems parameter specifies that if the command detects an issue, it attempts to fix it. This command
attempts to fix the following issues:
Starts the Mailbox Assistants service if it isn't running.
Restarts the Mailbox Assistants service if it detects that the service is hung or deadlocked for more than 15
minutes.
Required: False
Position: Named
Default value: None
-ServerName
The ServerName parameter specifies the Mailbox server where you want to run this command. You can use any
Name
FQDN
Exchange Legacy DN
Required: False
Position: 1
Default value: None
-WatermarkBehindWarningThreholdInMinutes
The WatermarkBehindWarningThreholdInMinutes parameter specifies the threshold for watermark age. Event
watermarks indicate the last time that events were successfully processed by an assistant. An event watermark that
hasn't been updated in a while may indicate a problem. For each Mailbox Assistant, the Test-AssistantHealth cmdlet
compares the current time with the time stamp of the last event watermark to determine the watermark age. If that
age exceeds the value set by the WatermarkBehindWarningThreholdInMinutes parameter, a warning is generated.
You can specify a value from 1 through 10080 minutes. The default value is 60 minutes.
Type: UInt32
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Test-ExchangeSearch
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Test-ExchangeSearch cmdlet to test that Exchange
Search is currently enabled and is indexing new email messages in a timely manner. For information about the
Syntax
Test-ExchangeSearch [[-Identity] <MailboxIdParameter>] [-Archive]
[-Confirm]
[-IndexingTimeoutInSeconds <Int32>]
Test-ExchangeSearch [-MailboxDatabase <DatabaseIdParameter>]

[-Confirm]
Test-ExchangeSearch [-Server <ServerIdParameter>]

[-Confirm]
Description
The Test-ExchangeSearch cmdlet creates a hidden message and an attachment in the specified mailbox that's visible
only to Exchange Search. The command waits for the message to be indexed and then searches for the content. It
reports success or failure depending on whether the message is found after the interval set in the
IndexingTimeoutInSeconds parameter has elapsed.
You can use the Verbose switch to get detailed information about each step performed by the cmdlet as part of the
test.
Examples
-------------------------- Example 1 --------------------------
Test-ExchangeSearch -Identity john@contoso.com
This example tests Exchange Search results for the mailbox database on which the specified mailbox resides.
-------------------------- Example 2 --------------------------
Test-ExchangeSearch -Identity john@contoso.com -Verbose
This example tests Exchange Search results for the mailbox database on which the specified mailbox resides. The
Verbose switch is used to display detailed information.
Parameters
-Archive
The Archive switch specifies that the test be run against the archive mailbox for the mailbox user specified in the
Identity parameter. When the Archive switch is used, you must also use the Identity parameter to specify the
mailbox.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox that you want to test Exchange Search against. You can use any value
that uniquely identifies the mailbox. For example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
You can't use this parameter with the MailboxDatabase or Server parameters.
Required: False
Position: 1
Default value: None
-IndexingTimeoutInSeconds
The IndexingTimeoutInSeconds parameter specifies, in seconds, the maximum amount of time to wait between
adding the new email message to the test mailbox and waiting for it to be returned in a search result. The default
value is 120 seconds. If this parameter isn't specified, the default interval is used.
Type: Int32
Required: False
Position: Named
Default value: None
-MailboxDatabase
This parameter is available or functional only in Exchange Server 2010 and 2013.
The MailboxDatabase parameter specifies the mailbox database to test Exchange Search against. You can use any
value that uniquely identifies the database. For example:
Name
GUID
Required: False
Position: Named
Default value: None
-MonitoringContext
Required: False
Position: Named
Default value: None
-Server
The Server parameter specifies the Exchange server for the recipient that you want to test Exchange Search against.
Name
FQDN
Exchange Legacy DN
You can't use this parameter with the MailboxDatabase or Identity parameters.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Test-MRSHealth
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Test-MRSHealth cmdlet to test the health of an
instance of the Microsoft Exchange Mailbox Replication service. For information about the parameter sets in the
Syntax
Test-MRSHealth [[-Identity] <ServerIdParameter>] [-Confirm] [-DomainController <Fqdn>]
[-MaxQueueScanAgeSeconds <Int32>] [-MonitoringContext <$true | $false>] [-WhatIf]
[-MRSProxyCredentials <PSCredential>] [-MRSProxyServer <Fqdn>] [<CommonParameters>]
Description
The Microsoft Exchange Mailbox Replication service runs on Mailbox servers. This command ensures that the
Mailbox Replication service is running and that it responds to a remote procedure call (RPC ) ping check.
Examples
-------------------------- Example 1 --------------------------
Get-MailboxServer | Test-MRSHealth
This example tests the health of the Mailbox Replication service on all Mailbox servers.
-------------------------- Example 2 --------------------------
Test-MRSHealth MBX01
This example tests the health of the Mailbox Replication service on the Mailbox server named MBX01.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the server on which to perform the health test. You can use any value that uniquely
Name
ExchangeLegacyDN
GUID
If you don't specify the server, the command runs on the local server.
Required: False
Position: 1
Default value: None
-MaxQueueScanAgeSeconds
The MaxQueueScanAgeSeconds parameter specifies the threshold for the last queue scan property. If the time
stamp on the last queue scan property is older than the value specified by this parameter, an error event is created
that shows the Mailbox Replication service isn't scanning mailbox database queues. The default value is 1800
seconds (30 minutes).
Type: Int32
Required: False
Position: Named
Default value: None
-MonitoringContext

Required: False
Position: Named
Default value: None
-MRSProxyCredentials
The MRSProxyCredentials parameter specifies the credentials that are required for the MRSProxyPingCheck test
on the server that's specified by the MRSProxyServer parameter.
Type: PSCredential
Required: False
Position: Named
Default value: None
-MRSProxyServer
The MRSProxyServer parameter specifies the fully qualified domain name (FQDN ) of the target server for the
MRSProxyPingCheck test.
The Microsoft Replication proxy service is part of the Mailbox Replication service, and is used for remote mailbox
moves. However, the Mailbox Replication proxy service communicates only with the Mailbox Replication service on
another server. You can test the Mailbox Replication proxy service in the following ways:
If you specify an MRSProxyServer value and you specify the source server by using the Identity parameter, the
test is performed between that server and the target server specified by the MRSProxyServer parameter.
If you specify an MRSProxyServer value and you don't specify a source server by using the Identity parameter,
the test is performed between the local server and the target server specified by the MRSProxyServer
parameter.
If you don't specify an MRSProxyServer value or an Identity value, the test is performed between the Mailbox
Replication service and the Mailbox Replication proxy service on the local server.
Type: Fqdn
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Update-DatabaseSchema
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Update-DatabaseSchema cmdlet to upgrade the
database schema for one or more databases after an Exchange software update that includes database schema
updates has been installed on Mailbox servers in a database availability group (DAG ). Some software updates for
Exchange may include database schema updates. After such an update has been installed on all members of a DAG,
the administrator must run the Update-DatabaseSchema cmdlet for each database in the DAG to trigger the
database schema update. The in-place database schema upgrade engine ensures that no schema updates occur
until all members of the DAG have compatible versions of the software. For information about the parameter sets
Syntax
Update-DatabaseSchema [-Identity] <DatabaseIdParameter> -MajorVersion <UInt16> -MinorVersion <UInt16>
Description
Examples
-------------------------- Example 1 --------------------------
Update-DatabaseSchema DB1
This example updates the database schema for database DB1.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox database for which you want to set one or more attributes. You can
Name
GUID
Required: True
Position: 1
Default value: None
-MajorVersion
Type: UInt16
Required: True
Position: Named
Default value: None
-MinorVersion
Type: UInt16
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Update-FileDistributionService
In ths Article
This cmdlet is available only in Exchange Server 2010. Use the Update-FileDistributionService cmdlet to access the
Microsoft Exchange File Distribution service to poll for offline address book (OAB ), Group Metrics, and Unified
Messaging (UM ) configuration and data. For information about the parameter sets in the Syntax section below, see
Syntax
Update-FileDistributionService [-Identity] <ServerIdParameter>
[-Confirm]
[-Type <String>]
Description
The Update-FileDistributionService cmdlet forces the Microsoft Exchange File Distribution service to reload its
configuration and poll for new data associated with OAB, Group Metrics, and Unified Messaging configuration.
If you don't use the Type parameter when running this command, OAB, Unified Messaging, and Group Metrics
data are reloaded.
Examples
-------------------------- Example 1 --------------------------
Update-FileDistributionService -Identity Server1 -Type "OAB"
This example polls Server1 to check for updated OAB files for OABs associated with Server1.
-------------------------- Example 2 --------------------------
Update-FileDistributionService -Identity Server1
This example polls Server1 for changes to OAB, Group Metrics, and Unified Messaging files associated with
Server1.
-------------------------- Example 3 --------------------------
Update-FileDistributionService -Identity Server1 -Type GM
This example polls Server1 for changes to Group Metrics files associated with Server1.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Exchange server where you want to run this command. You can use any value
Name
FQDN
Exchange Legacy DN
Required: True
Position: 1
Default value: None
-Type
The Type parameter specifies whether to reload OAB, Unified Messaging, or Group Metrics data. If you don't use
the Type parameter when running this command, OAB, Unified Messaging, and Group Metrics data are reloaded.
The Type parameter takes the following values:
OAB Using the OAB value forces the Exchange File Distribution service to reload its configuration and poll for
new data associated with OABs.
UM Using the UM value forces the Exchange File Distribution service to reload its configuration and poll for
new data associated with Unified Messaging.
GM Using the GM value forces the Exchange File Distribution service to reload its configuration and poll for
new data associated with Group Metrics.
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Update-StoreMailboxState
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Update-StoreMailboxState cmdlet to synchronize
the mailbox state for a mailbox in the Exchange mailbox store with the state of the corresponding Active Directory
user account. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Update-StoreMailboxState -Database <DatabaseIdParameter> -Identity <StoreMailboxIdParameter> [-Confirm]
Description
The Update-StoreMailboxState cmdlet forces the mailbox store state in the Exchange store to be synchronized with
Active Directory. In some cases, it's possible that the store state for a mailbox to become out-of-sync with the state
of the corresponding Active Directory user account. This can result from Active Directory replication latency. For
example, if a mailbox-enabled user account is disabled in Active Directory but isn't marked as disabled in the
Exchange mailbox store. In this case, running the Update-StoreMailboxState will synchronize the mailbox store
state with the state of the Active Directory user account and mark the mailbox as disabled in the mailbox store. You
can use this command to troubleshoot issues that may be a result when the store state for a mailbox is unexpected
or if you suspect that the store state is different than the state for the corresponding Active Directory account.
Examples
-------------------------- Example 1 --------------------------
Update-StoreMailboxState -Database MDB01 -Identity 4a830e3f-fd07-4629-baa1-8bce16b86d88
This example updates the mailbox state for a mailbox located on the mailbox database MDB01 and whose GUID is
4a830e3f-fd07-4629-baa1-8bce16b86d88.
-------------------------- Example 2 --------------------------
Get-MailboxStatistics -Database MDB02 | ForEach { Update-StoreMailboxState -Database $_.Database -Identity

$_.MailboxGuid -Confirm:$false }
This example updates the mailbox state for all mailboxes on the mailbox database MDB02.
-------------------------- Example 3 --------------------------
Get-MailboxStatistics -Database MDB03 | Where { $_.DisconnectReason -ne $null } | ForEach { Update-

StoreMailboxState -Database $_.Database -Identity $_.MailboxGuid -Confirm:$false }
This example updates the mailbox state for all disconnected mailboxes on the mailbox database MDB03.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Database
The Database parameter specifies the mailbox database that contains the mailbox. You can use any value that
Name
GUID
Required: True
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox that you want to update. Use the mailbox GUID as the value for this
parameter.
Run the following command to obtain the mailbox GUID and other information for all mailboxes in your
organization: Get-MailboxDatabase | Get-MailboxStatistics | Format-List
DisplayName,MailboxGuid,Database,DisconnectReason,DisconnectDate.
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Add-MailboxFolderPermission
In ths Article
may be exclusive to one environment or the other. Use the Add-MailboxFolderPermission cmdlet to add folder-
level permissions for users in mailboxes. For information about the parameter sets in the Syntax section below, see
Syntax
Add-MailboxFolderPermission [-Identity] <MailboxFolderIdParameter> -AccessRights <MailboxFolderAccessRight[]>
-User <MailboxFolderUserIdParameter> [-Confirm] [-DomainController <Fqdn>] [-WhatIf] [-SendNotificationToUser
<$true | $false>] [-SharingPermissionFlags <None | Delegate | CanViewPrivateItems>] [<CommonParameters>]
Description
To modify the permissions that are assigned to the user on a mailbox folder, use the Set-MailboxFolderPermission
cmdlet. To remove all permissions that are assigned to a user on a mailbox folder, use the Remove-
MailboxFolderPermission cmdlet.
Examples
-------------------------- Example 1 --------------------------
Add-MailboxFolderPermission -Identity ayla@contoso.com:\Marketing -User ed@contoso.com -AccessRights Owner
This example grants the Owner role to Ed on the Marketing folder in Ayla's mailbox.
-------------------------- Example 2 --------------------------
Add-MailboxFolderPermission -Identity ayla@contoso.com:\Calendar -User julia@contoso.com -AccessRights Editor -

SharingPermissionFlags Delegate
In Office 365, this example adds Julia as a calendar delegate to Ayla's mailbox, but without access to private items.
-------------------------- Example 3 --------------------------
Add-MailboxFolderPermission -Identity ayla@contoso.com:\Calendar -User laura@contoso.com -AccessRights Editor -

SharingPermissionFlags Delegate,CanViewPrivateItems
In Office 365, this example adds Laura as a calendar delegate to Ayla's mailbox with access to private items.
Parameters
-AccessRights
The AccessRights parameter specifies the permissions that you want to add for the user on the mailbox folder.
You can specify individual folder permissions or roles, which are combinations of permissions. You can specify
multiple permissions and roles separated by commas.
The following individual permissions are available:
CreateItems: The user can create items within the specified folder.
CreateSubfolders: The user can create subfolders in the specified folder.
DeleteAllItems: The user can delete all items in the specified folder.
DeleteOwnedItems: The user can only delete items that they created from the specified folder.
EditAllItems: The user can edit all items in the specified folder.
EditOwnedItems: The user can only edit items that they created in the specified folder.
FolderContact: The user is the contact for the specified public folder.
FolderOwner: The user is the owner of the specified folder. The user can view the folder, move the folder and
create subfolders. The user can't read items, edit items, delete items or create items.
FolderVisible: The user can view the specified folder, but can't read or edit items within the specified public
folder.
ReadItems: The user can read items within the specified folder.
The roles that are available, along with the permissions that they assign, are described in the following list:
Author: CreateItems, DeleteOwnedItems, EditOwnedItems, FolderVisible, ReadItems
Contributor: CreateItems, FolderVisible
Editor: CreateItems, DeleteAllItems, DeleteOwnedItems, EditAllItems, EditOwnedItems, FolderVisible,
ReadItems
None: FolderVisible
NonEditingAuthor: CreateItems, FolderVisible, ReadItems
Owner: CreateItems, CreateSubfolders, DeleteAllItems, DeleteOwnedItems, EditAllItems, EditOwnedItems,
FolderContact, FolderOwner, FolderVisible, ReadItems
PublishingEditor: CreateItems, CreateSubfolders, DeleteAllItems, DeleteOwnedItems, EditAllItems,
EditOwnedItems, FolderVisible, ReadItems
PublishingAuthor: CreateItems, CreateSubfolders, DeleteOwnedItems, EditOwnedItems, FolderVisible,
ReadItems
Reviewer: FolderVisible, ReadItems
The following roles apply specifically to calendar folders:
AvailabilityOnly: View only availability data
LimitedDetails: View availability data with subject and location
Type: MailboxFolderAccessRight[]
Required: True
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the target mailbox and folder. The syntax is <Mailbox>:\<Folder>. For the value of
<Mailbox>, you can use any value that uniquely identifies the mailbox. For example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Example values for the Identity parameter are john@contoso.com:\\Calendar or John:\Marketing\Reports.
Type: MailboxFolderIdParameter
Required: True
Position: 1
Default value: None
-SendNotificationToUser
The SendNotificationToUser parameter specifies whether to send a sharing invitation to the user when you add
calendar permissions for them. The message will be a normal calendar sharing invitation that can be accepted by
the recipient. Valid values are:
$true: A sharing invitation is sent.
$false: No sharing invitation is sent. This is the default value.
This parameter only applies to calendar folders and can only be used with the following AccessRights parameter
values:
AvailabilityOnly
LimitedDetails
Reviewer
Editor

Required: False
Position: Named
Default value: None
-SharingPermissionFlags
The SharingPermissionFlags parameter assigns calendar delegate permissions. This parameter only applies to
calendar folders and can only be used when the AccessRights parameter value is Editor. Valid values are:
None: Has no effect. This is the default value.
Delegate: The user is made a calendar delegate, which includes receiving meeting invites and responses. If there
are no other delegates, this value will create the meeting message rule. If there are existing delegates, the user is
added to the meeting message rule without changing how delegate messages are sent.
CanViewPrivateItems: The user can access private items on the calendar. You must use this value with the
Delegate value.
Type: None | Delegate | CanViewPrivateItems

Required: False
Position: Named
Default value: None
-User
The User parameter specifies who's granted permission to the mailbox folder. Valid values are mail-enabled security
principals (mail-enabled accounts or groups that have security identifiers or SIDs that can have permissions
assigned to them). For example:
User mailboxes
Mail users
Mail-enabled security groups
You can use any value that uniquely identifies the user or group. For example:
Name
Alias
Canonical DN
Email address
GUID
Type: MailboxFolderUserIdParameter
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Add-MailboxPermission
In ths Article
may be exclusive to one environment or the other. Use the Add-MailboxPermission cmdlet to add permissions to a
mailbox. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Add-MailboxPermission [-Identity] <MailboxIdParameter> -AccessRights <MailboxRights[]> -User
<SecurityPrincipalIdParameter>
[-AutoMapping <$true | $false>]
[-Confirm]
[-Deny]
Add-MailboxPermission [-Identity] <MailboxIdParameter> -Owner <SecurityPrincipalIdParameter>

[-Confirm]
Add-MailboxPermission -Instance <MailboxAcePresentationObject>

[-AccessRights <MailboxRights[]>]
[-AutoMapping <$true | $false>]
[-Confirm]
[-Deny]
Description
This cmdlet updates the mailbox object that's specified by the Identity parameter.
Examples
-------------------------- Example 1 --------------------------
Add-MailboxPermission -Identity "Terry Adams" -User "Kevin Kelly" -AccessRights FullAccess -InheritanceType All
This example assigns the user Kevin Kelly Full Access permission to Terry Adams's mailbox.
-------------------------- Example 2 --------------------------
Add-MailboxPermission -Identity "Room 222" -Owner "Tony Smith"
This example sets the user Tony Smith as the owner of the resource mailbox named Room 222.
-------------------------- Example 3 --------------------------
Add-MailboxPermission -Identity "Jeroen Cool" -User "Mark Steele" -AccessRights FullAccess -InheritanceType All
-AutoMapping $false
This example assigns the user Mark Steele Full Access permission to Jeroen Cool's mailbox, prevents Outlook from
opening Jeroen Cool's mailbox when Mark Steele opens Outlook.
-------------------------- Example 4 --------------------------
Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox') -and (Alias -ne 'Admin')} |
Add-MailboxPermission -User admin@contoso.com -AccessRights FullAccess -InheritanceType All
In Office 365, this example assigns the administrator account admin@contoso.com Full Access permission to all
user mailboxes in the contoso.com Office 365 organization.
Parameters
-AccessRights
The AccessRights parameter specifies the permission that you want to assign to the user on the mailbox. Valid
values are:
ChangeOwner
ChangePermission
DeleteItem
ExternalAccount
FullAccess
ReadPermission
Type: MailboxRights[]
Required: True
Position: Named
Default value: None
-AutoMapping
The AutoMapping parameter specifies whether to enable or disable the auto-mapping feature in Microsoft Outlook
that uses Autodiscover to automatically open other mailboxes for the user. Valid values are:
$true: Outlook automatically opens the mailbox where the user is assigned Full Access permission. This is the
default value.
$false: Outlook doesn't automatically open the mailbox where the user is assigned Full Access permission.
If you've already assign the user Full Access to the mailbox, and you want to prevent the mailbox from
automatically opening in the user's Outlook, you need to remove the user's Full Access permission by using the
Remove-MailboxPermission cmdlet, and then assign the permission to the user on the mailbox again, but this time
include -AutoMapping $false in the command.

Required: False
Position: Named
Default value: $true
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Deny
The Deny switch specifies whether to deny the specified permissions to the user on the mailbox. You don't need to
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox where you want to assign permissions to the user. You can use any
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-IgnoreDefaultScope
automatically.
accepted.
Required: False
Position: Named
Default value: None
-InheritanceType
The InheritanceType parameter specifies how permissions are inherited by folders in the mailbox. Valid values are:
All
Children
Descendents[sic]
SelfAndChildren

Required: False
Position: Named
Default value: None
-Instance
Type: MailboxAcePresentationObject
Required: True
Position: Named
Default value: None
-Owner
The Owner parameter specifies the owner of the mailbox object. The default mailbox owner is NT
AUTHORITY\SELF.
The owner that you specify for this parameter must be a user or security group (a security principal that can have
permissions assigned). You can use any value that uniquely identifies the owner. For example: For example:
Name
Canonical DN
GUID
Required: True
Position: Named
Default value: None
-User
The User parameter specifies the user that you're assigning the permission to.
The user that you specify for this parameter must be a user or security group (a security principal that can have
permissions assigned). You can use any value that uniquely identifies the user. For example: For example:
Name
Canonical DN
GUID
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Add-RecipientPermission
In ths Article
This cmdlet is available only in the cloud-based service. Use the Add-RecipientPermission cmdlet to add SendAs
permission to users in a cloud-based organization. For information about the parameter sets in the Syntax section
Syntax
Add-RecipientPermission [-Identity] <RecipientIdParameter> -AccessRights <MultiValuedProperty>
-Trustee <SecurityPrincipalIdParameter> [-SkipDomainValidationForMailContact] [-
SkipDomainValidationForMailUser] [-SkipDomainValidationForSharedMailbox] [-Confirm] [-WhatIf]
Description
SendAs permission allows a user or group members to send messages that appear to come from the specified
mailbox, mail contact, mail user, or group.
Examples
-------------------------- Example 1 --------------------------
Add-RecipientPermission "Help Desk" -AccessRights SendAs -Trustee "Ayla Kol"
This example gives the user Ayla Kol SendAs permission for the mailbox Help Desk. Ayla can send messages that
appear to come directly from the Help Desk mailbox.
Parameters
-AccessRights
The AccessRights parameter specifies the permission. The only value for this parameter is SendAs.
Required: True
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the target recipient. The user or group specified by the Trustee parameter receives
SendAs permission on this recipient.
You can specify any type of recipient, for example:
Mailboxes
Mail users
External contacts
Distribution groups
Dynamic distribution groups
You can use any value that uniquely identifies the recipient. For example:
Name
Alias
Canonical DN
Email address
GUID
Required: True
Position: 1
Default value: None
-SkipDomainValidationForMailContact
The SkipDomainValidationForMailContact switch skips the check that confirms the proxy addresses of the external
contact specified by the Identity parameter are in the accepted domains of the organization. You don't need to
Required: False
Position: Named
Default value: None
-SkipDomainValidationForMailUser
The SkipDomainValidationForMailUser switch skips the check that confirms the proxy addresses of the mail user
specified by the Identity parameter are in the accepted domains of the organization. You don't need to specify a
Required: False
Position: Named
Default value: None
-SkipDomainValidationForSharedMailbox
The SkipDomainValidationForSharedMailbox switch skips the check that confirms the proxy addresses of the
shared mailbox specified by the Identity parameter are in the accepted domains of the organization. You don't need
Required: False
Position: Named
Default value: None
-Trustee
The Trustee parameter specifies the user or group that receives SendAs permission on the recipient specified by the
Identity parameter.
You can specify the following types of users or groups (security principals) for this parameter:
Mailbox users
Mail users with a Microsoft account (formerly known as a Windows Live ID )
Security groups
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Connect-Mailbox
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Connect-Mailbox cmdlet to connect disconnected
mailboxes to existing user accounts that don't already have mailboxes. For information about the parameter sets in
Syntax
Connect-Mailbox [-Identity] <StoreMailboxIdParameter> [-Database] <DatabaseIdParameter> [-Equipment]
[-Alias <String>]
[-Confirm]
[-Force]
[-ManagedFolderMailboxPolicy <MailboxPolicyIdParameter>]
[-ManagedFolderMailboxPolicyAllowed]
[-RetentionPolicy <MailboxPolicyIdParameter>]
[-User <UserIdParameter>]
[-WhatIf]
Connect-Mailbox [-Identity] <StoreMailboxIdParameter> [-Database] <DatabaseIdParameter> -LinkedDomainController

<Fqdn> -LinkedMasterAccount <UserIdParameter>
[-Alias <String>]
[-Confirm]
[-Force]
[-LinkedCredential <PSCredential>]
Connect-Mailbox [-Identity] <StoreMailboxIdParameter> [-Database] <DatabaseIdParameter> [-Room]

[-Alias <String>]
[-Confirm]
[-Force]
Connect-Mailbox [-Identity] <StoreMailboxIdParameter> [-Database] <DatabaseIdParameter> [-Shared]
[-Alias <String>]
[-Confirm]
[-Force]
Connect-Mailbox [-Identity] <StoreMailboxIdParameter> [-Database] <DatabaseIdParameter> [-ValidateOnly]

[-Confirm]
[-Force]
Connect-Mailbox [-Identity] <StoreMailboxIdParameter> [-Database] <DatabaseIdParameter> [-AddressBookPolicy

<AddressBookMailboxPolicyIdParameter>] [-AllowLegacyDNMismatch] [-Archive]
[-Alias <String>]
[-Confirm]
[-Force]
Description
If you link a mailbox to an existing user account, that user account has full access to the mailbox and all mail in the
mailbox.
If you use the User parameter to specify the user account, make sure you specify the correct account. If you don't
use the User parameter, we recommend that you use the ValidateOnly switch to verify which user account the
mailbox will try to connect to.
There is no Disconnect-Mailbox cmdlet. You can use the Disable-Mailbox or Remove-Mailbox cmdlets to effectively
disconnect mailboxes from user accounts.
Use the Disable-Mailbox cmdlet to:
Disconnect the mailbox from the user account.
Keep the mailbox in the disabled state before it's permanently deleted, subject to the deleted mailbox retention
period.
Keep the user account, but remove the Exchange attributes from the account.
Use the Remove-Mailbox cmdlet to:
Disconnect the mailbox from the user account.
Keep the mailbox in the disabled state before it's permanently deleted, subject to the deleted mailbox retention
period (except if you use the Permanent or StoreMailboxIdentity parameters, which immediately deletes the
mailbox from the database).
Remove the user account.
Examples
-------------------------- Example 1 --------------------------
Connect-Mailbox -Database "Mailbox Database" -Identity "John Evans"
This example connects John Evans' disconnected mailbox. The example doesn't specify a user to connect the
mailbox to, so the command attempts to find a uniquely matched user object.
-------------------------- Example 2 --------------------------
Connect-Mailbox -Identity "John Evans" -Database "MBXDB02" -LinkedDomainController FabrikamDC01 -

LinkedMasterAccount john@fabrikam.com
This example connects a linked mailbox.

-------------------------- Example 3 --------------------------
Connect-Mailbox -Identity "CAR001" -Database "MBXResourceDB" -Equipment -User "CAR001"
This example connects an equipment mailbox.

-------------------------- Example 4 --------------------------
Connect-Mailbox -Identity "ConfRm212" -Database "MBXResourceDB" -Room -User "Conference Room 212"
This example connects a room mailbox.
Parameters
The ActiveSyncMailboxPolicy parameter specifies the mobile device mailbox policy that's applied to the mailbox.
You can use any value that uniquely identifies the policy. For example:.
Name
GUID
If you don't use this parameter, the default mobile device mailbox policy is used.
Required: False
Position: Named
Default value: None
-AddressBookPolicy
The AddressBookPolicy parameter specifies the address book policy that's applied to the mailbox. You can use any
value that uniquely identifies the address book policy. For example:
Name
GUID
For more information about address book policies, see Address book policies
(https://technet.microsoft.com/library/hh529948.aspx).
Type: AddressBookMailboxPolicyIdParameter
Required: False
Position: Named
Default value: None
-Alias
characters.
question marks (?).
Type: String
Required: False
Position: Named
Default value: None
-AllowLegacyDNMismatch
Required: False
Position: Named
Default value: None
-Archive
The Archive switch specifies whether to connect the associated archive mailbox. You don't need to specify a value
with this switch.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Database
The Database parameter specifies the Exchange database that contains the mailbox that you want to connect. You
can use any value that uniquely identifies the database. For example:
Name
GUID
You use this parameter with the Identity parameter to specify the mailbox that you want to connect.
Required: True
Position: 2
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Equipment
The Equipment switch is required to connect equipment mailboxes. You don't need to specify a value with this
switch.
computers).
Required: True
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox that you want to connect to a user account. This parameter doesn't
specify an Active Directory object. You can use the following values to identify the mailbox:
Display name
GUID
LegacyExchangeDN
You use this parameter with the Database parameter to specify the mailbox that you want to connect.
Required: True
Position: 1
Default value: None
-LinkedCredential
The LinkedCredential parameter specifies the credentials used to access the domain controller that's specified by
the LinkedDomainController parameter. This parameter is optional, even if you're connecting a linked mailbox.
Type: PSCredential
Required: False
Position: Named
Default value: None
-LinkedDomainController
The LinkedDomainController parameter specifies the domain controller in the forest where the user account
resides, if the mailbox is a linked mailbox. The domain controller in the forest where the user account resides is
used to get security information for the account specified by the LinkedMasterAccount parameter. Use the fully
qualified domain name (FQDN ) of the domain controller that you want to use as the value for this parameter.
This parameter is required only if you're connecting a linked mailbox.
Type: Fqdn
Required: True
Position: Named
Default value: None
-LinkedMasterAccount
The LinkedMasterAccount parameter specifies the master account in the forest where the user account resides, if
this mailbox is a linked mailbox. The master account is the account that the mailbox is linked to. The master account
grants access to the mailbox. This parameter is required only if you're creating a linked mailbox. You can use any
value that uniquely identifies the master account. For example: For example:
Name
Canonical DN
GUID
This parameter is required only if you're connecting a linked mailbox.
Required: True
Position: Named
Default value: None
-ManagedFolderMailboxPolicy
Required: False
Position: Named
Default value: None
-ManagedFolderMailboxPolicyAllowed
Required: False
Position: Named
Default value: None
-RetentionPolicy
The RetentionPolicy parameter specifies the retention policy that's applied to the mailbox. You can use any value
Name
GUID
Retention policies consist of tags that are applied to mailbox folders and mail items to determine the period of time
that the items should be retained.
Required: False
Position: Named
Default value: None
-Room
The Room switch is required to connect room mailboxes. You don't need to specify a value with this switch.
Room mailboxes are resource mailboxes that are associated with a specific location (for example, conference
rooms).
Required: True
Position: Named
Default value: None
-Shared
The Shared switch is required to connect shared mailboxes. You don't need to specify a value with this switch.
A shared mailbox is a mailbox where multiple users can log on to access the mailbox contents. This mailbox isn't
associated with any of the users that can log on. It's associated with a disabled user account.
Required: True
Position: Named
Default value: None
-User
The User parameter specifies the user object in Active Directory that you want to connect the mailbox to. You can
use any value that uniquely identifies the user. For example: For example:
Name
Canonical DN
GUID
If you don't use this parameter, the command uses the LegacyExchangeDN and DisplayName property values of
the mailbox to find a user account that has those same values. If it can't find a unique match, it doesn't connect the
mailbox.
Required: False
Position: Named
Default value: None
-ValidateOnly
The ValidateOnly switch tells the cmdlet to evaluate the conditions and requirements necessary to perform the
operation and then reports whether the operation will succeed or fail. No changes are made when the ValidateOnly
switch is used.
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Disable-App
In ths Article
may be exclusive to one environment or the other. Use the Disable-App cmdlet to disable (turn off) a specific app
for a specific user. For information about the parameter sets in the Syntax section below, see Exchange cmdlet
Syntax
Disable-App [-Identity] <AppIdParameter> [-Confirm] [-DomainController <Fqdn>] [-Mailbox <MailboxIdParameter>]
Description
The Disable-App cmdlet requires that the specified app has already been installed (for example, that the app has
been installed with the New -App cmdlet, or that it's a default app for Microsoft Outlook).
Examples
-------------------------- Example 1 --------------------------
Disable-App -Identity 7a774f0c-7a6f-11e0-85ad-07fb4824019b -Mailbox Tony
This example disables the Bing Maps app for user Tony.
For more information, see Manage user access to add-ins for Outlook
-------------------------- Example 2 --------------------------
Disable-App -Identity -Mailbox Tony
This example disables the administrator-installed app FinanceTestApp for user Tony.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the GUID of the app.
Type: AppIdParameter
Required: True
Position: 1
Default value: None
-Mailbox
The Mailbox parameter specifies the identity of the mailbox. You can use any value that uniquely identifies the
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Disable-InboxRule
In ths Article
may be exclusive to one environment or the other. Use the Disable-InboxRule cmdlet to disable existing Inbox rules
in mailboxes. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Disable-InboxRule [-Identity] <InboxRuleIdParameter> [-AlwaysDeleteOutlookRulesBlob] [-Confirm]
[-DomainController <Fqdn>] [-Force] [-Mailbox <MailboxIdParameter>] [-WhatIf] [<CommonParameters>]
Description
When you create, modify, remove, enable, or disable an Inbox rule in Exchange PowerShell, any client-side rules
created by Microsoft Outlook are removed.
Examples
-------------------------- Example 1 --------------------------
Disable-InboxRule -Identity "MoveAnnouncements" -Mailbox "Joe@Contoso.com"
This example disables the Inbox rule MoveAnnouncements in the mailbox Joe@Contoso.com.
Parameters
-AlwaysDeleteOutlookRulesBlob
The AlwaysDeleteOutlookRulesBlob parameter suppresses a warning that end users or administrators get if they
use Outlook Web App or Windows PowerShell to modify Inbox rules.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Force
A confirmation prompt warns you if the mailbox contains rules that were created by Outlook, because any client-
side rules will be removed by the actions of this cmdlet.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name of the Inbox rule to be disabled.
Type: InboxRuleIdParameter
Required: True
Position: 1
Default value: None
-Mailbox
The Mailbox parameter specifies the mailbox that contains the Inbox rule. You can use any value that uniquely
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Disable-Mailbox
In ths Article
may be exclusive to one environment or the other. Use the Disable-Mailbox cmdlet to disable the mailbox of
existing users who already have mailboxes. For this cmdlet, a user could also be a public folder mailbox or an
InetOrgPerson object. The user account that's associated with the mailbox remains, but it's no longer associated
with a mailbox. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Disable-Mailbox [-Identity] <MailboxIdParameter> [-Arbitration] [-DisableLastArbitrationMailboxAllowed] [-
DisableArbitrationMailboxWithOABsAllowed]
[-Confirm]
[-IgnoreLegalHold]
Disable-Mailbox [-Identity] <MailboxIdParameter> [-Archive] [-PermanentlyDisable]

[-Confirm]
[-IgnoreLegalHold]
Disable-Mailbox [-Identity] <MailboxIdParameter> [-Confirm] [-PublicFolder]

[-IgnoreLegalHold]
Disable-Mailbox [-Identity] <MailboxIdParameter> [-RemoteArchive]

[-Confirm]
[-IgnoreLegalHold]
Description
The Disable-Mailbox cmdlet removes the mailbox's Exchange attributes from Active Directory. The mailbox isn't
deleted and can be reconnected to its user at a later date by using the Connect-Mailbox cmdlet.
The Disable-Mailbox cmdlet also performs the clean-up task on the individual mailbox, so the mailbox is
disconnected immediately after this task completes.
Under normal circumstances, a mailbox is marked as disconnected immediately after the Disable-Mailbox or
Remove-Mailbox command completes. However, if the mailbox was disabled or removed while the Exchange
Information Store service was stopped, or if it was disabled or removed by an external means other than Exchange
management interfaces, the status of the mailbox object in the Exchange mailbox database won't be marked as
disconnected.
Examples
-------------------------- Example 1 --------------------------
Disable-Mailbox -Identity "John Woods"
This example disables the mailbox of the user named John Woods and removes all mailbox attributes from John's
user account..
-------------------------- Example 2 --------------------------
Disable-Mailbox -Identity "John Woods" -RemoteArchive
This example disables the remote archive for the on-premises user named John Woods.
Parameters
-Arbitration
The Arbitration switch is required to mailbox-disable arbitration mailboxes. You don't need to specify a value with
this switch.
Arbitration mailboxes are system mailboxes that are used for storing different types of system data and for
managing messaging approval workflow.
Required: False
Position: Named
Default value: None
-Archive
The Archive switch specifies whether to disconnect the archive mailbox from the associated user. You don't need to
You can't use this switch with the RemoteArchive switch.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DisableArbitrationMailboxWithOABsAllowed
The DisableArbitrationMailboxWithOABsAllowed switch specifies whether to bypass the checks for offline address
books (OABs) within the specified arbitration mailbox that is being mail-disabled. When you use this switch, the
arbitration mailbox is disabled even if OABs are present in the mailbox. You don't need to specify a value with this
switch.
Required: False
Position: Named
Default value: None
-DisableLastArbitrationMailboxAllowed
The DisableLastArbitrationMailboxAllowed switch specifies whether to disable the specified mailbox, even if it's the
last arbitration mailbox in the organization. If you disable the last arbitration mailbox in the organization, you can't
have user-created distribution groups or moderated recipients. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox that you want to mailbox-disable. You can use any value that uniquely
identifies the mailbox. For example: For example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-IgnoreDefaultScope
automatically.
accepted.
Required: False
Position: Named
Default value: None
-IgnoreLegalHold
The IgnoreLegalHold switch specifies whether to ignore the legal hold status of the user. When you disable or
remove the user, the user's cloud-based mailbox that's on legal hold is also disabled or removed. You don't need to
After you disable or remove a mailbox, you can't include it in a discovery search. When you disable a mailbox, the
mailbox is disconnected from the user account. Disconnected mailboxes and removed mailboxes are permanently
deleted from the mailbox database after the deleted mailbox retention period expires. However, you can also
remove a mailbox and purge it immediately from the mailbox database. Check with your organization's legal or
Human Resources department before you disable or remove a mailbox that's on legal hold.
Required: False
Position: Named
Default value: None
-PermanentlyDisable
The PermanentlyDisable switch specifies whether to permanently disable the mailbox. You don't need to specify a
You can only use this switch on user mailboxes that aren't licensed and aren't on hold.
Required: False
Position: Named
Default value: None
-PublicFolder
The PublicFolder switch is required to mailbox-disable public folder mailboxes. You don't need to specify a value
with this switch.
Public folder mailboxes are specially designed mailboxes that store the hierarchy and content of public folders.
Required: False
Position: Named
Default value: None
-RemoteArchive
The RemoteArchive switch specifies whether to disconnect the remote archive for this mailbox. Remote archives
exist in the cloud-based service. When you use this switch, the RemoteRecipientType property for the mailbox is
reset to specify that this mailbox doesn't have a remote archive. You don't need to specify a value with this switch.
You can't use this switch with the Archive switch.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Disable-ServiceEmailChannel
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Disable-ServiceEmailChannel cmdlet to disable the
.NET service channel for a specific user. The .NET service channel enables Microsoft Exchange to store information
that it later forwards to applications or devices that aren't permanently connected to the server running Exchange.
Syntax
Disable-ServiceEmailChannel [-Identity] <MailboxIdParameter> [-Confirm] [-DomainController <Fqdn>] [-WhatIf]
Description
The Disable-ServiceEmailChannel cmdlet deletes the receive folder in the user's mailbox under the root folder.
Examples
-------------------------- Example 1 --------------------------
Disable-ServiceEmailChannel -Identity JeffHay
This example disables the .NET service channel for the user Jeff Hay.
-------------------------- Example 2 --------------------------
Disable-ServiceEmailChannel -Identity JeffHay -Confirm $true
This example disables the .NET service channel for the user Jeff Hay after confirmation is given.
-------------------------- Example 3 --------------------------
Disable-ServiceEmailChannel -Identity JeffHay -Confirm $false
This example disables the .NET service channel for the user Jeff Hay without requiring confirmation.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the identity of the user for which you want to enable the .NET service channel. The
user specified must be a valid user in Active Directory who has an Exchange mailbox.
You can use any value that uniquely identifies the mailbox. For example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Disable-SweepRule
In ths Article
may be exclusive to one environment or the other. Use the Disable-SweepRule cmdlet to disable Sweep rules in
mailboxes. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Disable-SweepRule [-Identity] <SweepRuleIdParameter> [-Confirm] [-DomainController <Fqdn>]
Description
Examples
-------------------------- Example 1 --------------------------
Disable-SweepRule -Identity "x2hlsdpGmUifjFgxxGIOJw=="
This example disables the specified Sweep rule.

-------------------------- Example 2 --------------------------
Get-SweepRule -Mailbox laura@contoso.com | Disable-SweepRule
This example disables all Sweep rules in the specified mailbox.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Sweep rule that you want to disable. You can use any value that uniquely
RuleId property (for example, x2hlsdpGmUifjFgxxGIOJw==).
Exchange Online: <mailbox alias>\<RuleId> (for example, rzaher\x2hlsdpGmUifjFgxxGIOJw==.
On-premises Exchange: <mailbox canonical name>\<RuleId> (for example, contoso.com/Users/Rick
Zaher\x2hlsdpGmUifjFgxxGIOJw==.
Type: SweepRuleIdParameter
Required: True
Position: 1
Default value: None
-Mailbox
The Mailbox parameter specifies the mailbox that contains the rule you want to disable. You can use any value that
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Enable-App
In ths Article
may be exclusive to one environment or the other. Use the Enable-App cmdlet to enable (turn on) a specific app for
a specific user. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Enable-App [-Identity] <AppIdParameter> [-Confirm] [-DomainController <Fqdn>] [-Mailbox <MailboxIdParameter>]
Description
The Enable-App cmdlet requires that the specified app has already been installed (for example, that it has been
installed with the New -App cmdlet, or that it's a default app for Microsoft Outlook).
Examples
-------------------------- Example 1 --------------------------
Enable-App -Identity 7a774f0c-7a6f-11e0-85ad-07fb4824019b -Mailbox Tony
This example enables the default Bing Maps app installed for user Tony.
-------------------------- Example 2 --------------------------
Enable-App -Identity -Mailbox Tony
This example enables the administrator-installed app FinanceTestApp for user Tony.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the GUID of the app.
Required: True
Position: 1
Default value: None
-Mailbox
The Mailbox parameter specifies the the mailbox. You can use any value that uniquely identifies the mailbox. For
example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Enable-InboxRule
In ths Article
may be exclusive to one environment or the other. Use the Enable-InboxRule cmdlet to enable an Inbox rule. Inbox
rules are used to process messages in the Inbox based on conditions specified and take actions such as moving a
message to a specified folder or deleting a message. For information about the parameter sets in the Syntax section
Syntax
Enable-InboxRule [-Identity] <InboxRuleIdParameter> [-AlwaysDeleteOutlookRulesBlob] [-Confirm]
Description
Examples
-------------------------- Example 1 --------------------------
Enable-InboxRule "Move To Junk Mail" -Mailbox "User 1"
This example enables the Inbox rule named Move To Junk Mail in the mailbox that belongs to User 1.
Parameters
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the display name or GUID of the Inbox rule.
Required: True
Position: 1
Default value: None
-Mailbox
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Enable-Mailbox
In ths Article
may be exclusive to one environment or the other. Use the Enable-Mailbox cmdlet to create mailboxes for existing
users who don't already have mailboxes. You can also use this cmdlet to create In-Place archives for existing
mailboxes. Note: In Exchange Online, this cmdlet doesn't activate/enable a mailbox the same way it does in on-
premises Exchange. To add a mailbox for an existing Azure AD account, you can simply add a license to the account
by using the Set-MsolUserLicense cmdlet. For information about the parameter sets in the Syntax section below,
Syntax
Enable-Mailbox [-Identity] <UserIdParameter> [-Arbitration]
[-Alias <String>]
[-Confirm]
[-Database <DatabaseIdParameter>]
[-Force]
[-RoleAssignmentPolicy <MailboxPolicyIdParameter>]
Enable-Mailbox [-Identity] <UserIdParameter> -ArchiveDomain <SmtpDomain>

[-Alias <String>]
[-Confirm]
[-Force]
[-RemoteArchive]
Enable-Mailbox [-Identity] <UserIdParameter> [-Discovery]
[-Alias <String>]
[-Confirm]
[-Force]
Enable-Mailbox [-Identity] <UserIdParameter> [-Equipment]

[-Alias <String>]
[-Confirm]
[-Force]
Enable-Mailbox [-Identity] <UserIdParameter> -LinkedDomainController <String> -LinkedMasterAccount

<UserIdParameter> [-LinkedCredential <PSCredential>] [-LinkedRoom]
[-Alias <String>]
[-Archive]
[-ArchiveDatabase <DatabaseIdParameter>]
[-ArchiveGuid <Guid>]
[-Confirm]
[-Force]
Enable-Mailbox [-Identity] <UserIdParameter> -LinkedDomainController <String> -LinkedMasterAccount
<UserIdParameter> [-LinkedCredential <PSCredential>]
[-Alias <String>]
[-Confirm]
[-Force]
Enable-Mailbox [-Identity] <UserIdParameter> [-PublicFolder]

[-Alias <String>]
[-Confirm]
[-Force]
[-HoldForMigration]
Enable-Mailbox [-Identity] <UserIdParameter> [-Room]

[-Alias <String>]
[-Confirm]
[-Force]
Enable-Mailbox [-Identity] <UserIdParameter> [-Shared]

[-Alias <String>]
[-Confirm]
[-Force]
Enable-Mailbox [-Identity] <UserIdParameter>
[-AddressBookPolicy <AddressBookMailboxPolicyIdParameter>]
[-Alias <String>]
[-Confirm]
[-Force]
Enable-Mailbox [-Identity] <UserIdParameter>] [-Archive] [-ArchiveDatabase <DatabaseIdParameter> [-ArchiveGuid

<Guid>] [-ArchiveName <MultiValuedProperty>]
[-Alias <String>
[-Confirm]
[-Force]
Enable-Mailbox [-Identity] <UserIdParameter> [AuditLog]

[-Alias <String>]
[-Confirm]
[-Force]
Enable-Mailbox [-Identity] <UserIdParameter> [-AutoExpandingArchive]

[-Confirm]
[-Force]
[-WhatIf]
Description
The Enable-Mailbox cmdlet mailbox-enables existing users, public folders, or InetOrgPerson objects by adding the
mailbox attributes that are required by Exchange. When the user logs on to the mailbox or receives email messages,
the mailbox object is actually created in the Exchange database.
When mailbox-enabling an existing user, beware of non-supported characters in the user account or Name
property. If you don't specify an Alias value when you mailbox-enable the user, Exchange converts all non-
supported characters to question marks (?). To avoid question marks in the Alias, verify that the user account and
Name properties have only supported ASCII or Unicode characters or specify an Alias value when you mailbox-
enable the user.
Examples
-------------------------- Example 1 --------------------------
Enable-Mailbox -Identity Ayla
This example creates a mailbox for the existing user named Ayla.
-------------------------- Example 2 --------------------------
Enable-Mailbox -Identity Ayla -Archive
This example creates an In-Place archive for the existing username Ayla who already has a mailbox.
-------------------------- Example 3 --------------------------
Enable-Mailbox -Identity ayla@contoso.com -RemoteArchive -ArchiveDomain "archive.contoso.com"
This example creates a remote archive for the existing on-premises user named Ayla. The archive is created in the
cloud-based organization that uses the domain archive.contoso.com.
Parameters
Name
GUID
If you don't use this parameter, the default mobile device mailbox policy is applied to the mailbox.
Required: False
Position: Named
Default value: None
-AddressBookPolicy
Name
GUID
Required: False
Position: Named
Default value: None
-Alias
characters.
question marks (?).
Type: String
Required: False
Position: Named
Default value: None
-Arbitration
The Arbitration switch is required to mailbox-enable arbitration mailboxes. You don't need to specify a value with
this switch.
Required: True
Position: Named
Default value: None
-Archive
The Archive switch creates an archive mailbox for an existing user that already has a mailbox. You don't need to
Required: False
Position: Named
Default value: None
-ArchiveDatabase
The ArchiveDatabase parameter specifies the Exchange database that contains the archive that's associated with
this mailbox. You can use any value that uniquely identifies the database. For example:
Name
GUID
Required: False
Position: Named
Default value: None
-ArchiveDomain
The ArchiveDomain parameter specifies the domain in the cloud-based service where the archive that's associated
with this mailbox exists. For example, if the SMTP email address of the user is tony@contoso.com, the SMTP
domain could be archive.contoso.com.
Only use this parameter if the archive is hosted in the cloud-based service.
Type: SmtpDomain
Required: True
Position: Named
Default value: None
-ArchiveGuid
Type: Guid
Required: False
Position: Named
Default value: None
-ArchiveName
The ArchiveName parameter specifies the name of the archive mailbox. This is the name displayed to users in
Outlook and Outlook Web App.
If you don't use this parameter, the default value is In-Place Archive - <Mailbox User's Display Name>.
Required: False
Position: Named
Default value: None
-AuditLog
Required: False
Position: Named
Default value: None
-AutoExpandingArchive
The AutoExpandingArchive switch enables the unlimited archiving feature (called auto-expanding archiving) for the
specified mailbox. You don't need to specify a value with this switch.
After you enable auto-expanding archiving, additional storage space is automatically added to the user's archive
mailbox when it approaches the storage limit.
Notes:
The user's archive mailbox has to be enabled before auto-expanding archiving can be enabled.
After you enable auto-expanding archiving for the user's mailbox, it can't be disabled.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Database
The Database parameter specifies the Exchange database that contains the new mailbox. You can use any value that
Name
GUID
Required: False
Position: Named
Default value: None
-Discovery
The Discovery switch is required to mailbox-enable Discovery mailboxes. You don't need to specify a value with this
switch.
Discovery mailboxes are created as target mailboxes for Discovery searches. After being created or enabled, a
Discovery mailbox can't be converted to another type of mailbox. For more information, see In-Place eDiscovery
Required: True
Position: Named
Default value: None
-DisplayName
admin center and in address lists. The maximum length is 256 characters. If the value contains spaces, enclose the
If you don't use DisplayName parameter, the value of the Name property is used for the display name.
Type: String
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Equipment
The Equipment switch is required to mailbox-enable equipment mailboxes. You don't need to specify a value with
this switch.
computers).
Required: True
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-HoldForMigration
The HoldForMigration switch specifies whether to prevent any client or user, except the Microsoft Exchange
Mailbox Replication service (MRS ) process, from logging on to a public folder mailbox. You don't need to specify a
You need to use this parameter when you create the first public folder, which is called the hierarchy mailbox, in your
organization.
Use this parameter only if you plan to migrate legacy Exchange 2010 public folders to Exchange 2016. If you use
this switch but don't have legacy public folders to migrate, you won't be able to create any public folders.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the user or InetOrgPerson object that you want to mailbox-enable. You can use
any value that uniquely identifies the user. For example:
Name
Canonical DN
GUID
Required: True
Position: 1
Default value: None
-LinkedCredential
The LinkedCredential parameter specifies the credentials used to access the domain controller that's specified by
the LinkedDomainController parameter. This parameter is optional, even if you're enabling a linked mailbox.
Type: PSCredential
Required: False
Position: Named
Default value: None
This parameter is required only if you're enabling a linked mailbox.
Type: String
Required: True
Position: Named
Default value: None
the mailbox is a linked mailbox. The master account is the account that the mailbox is linked to. The master account
grants access to the mailbox. You can use any value that uniquely identifies the master account. For example: For
example:
Name
Canonical DN
GUID
This parameter is required only if you're enabling a linked mailbox.
Required: True
Position: Named
Default value: None
-LinkedRoom
The LinkedRoom switch is required to mailbox-enable linked resource mailboxes. You don't need to specify a value
with this switch.
A linked resource mailbox is useful in a scenario where you have an account in an authentication forest and you
want it to be directly linked to a resource mailbox in resource forest.
Required: True
Position: Named
Default value: None
The ManagedFolderMailboxPolicy parameter specifies the managed folder mailbox policy to enable for the mailbox
that you create. If you don't specify this parameter, the default managed folder mailbox policy is used.
Required: False
Position: Named
Default value: None
The ManagedFolderMailboxPolicyAllowed parameter specifies whether to bypass the warning that messaging
records management (MRM ) features aren't supported for clients using versions of Outlook earlier than Office
Outlook 2007. When a managed folder mailbox policy is assigned to a mailbox using the
ManagedFolderMailboxPolicy parameter, the warning appears by default unless the
ManagedFolderMailboxPolicyAllowed parameter is used.
Outlook 2003 Service Pack 3 clients are supported but are provided limited functionality for MRM.
Required: False
Position: Named
Default value: None
-PrimarySmtpAddress
If you use the PrimarySmtpAddress parameter to specify the primary email address, the command sets the
EmailAddressPolicyEnabled property of the mailbox to False, which means the email addresses of the mailbox
aren't automatically updated by email address policies.
Type: SmtpAddress
Required: False
Position: Named
Default value: None
-PublicFolder
The PublicFolder switch is required to mailbox-enable public folder mailboxes. You don't need to specify a value
with this switch.
Required: True
Position: Named
Default value: None
-RemoteArchive
The RemoteArchive switch specifies that a remote archive mailbox is created for this mailbox. A remote archive
exists in the cloud-based service. You don't need to specify a value with this switch.
You need to use this parameter with the ArchiveDomain parameter, and you can't use this parameter with the
Archive parameter.
Required: False
Position: Named
Default value: None
-RetentionPolicy
Name
GUID
Required: False
Position: Named
Default value: None
-RoleAssignmentPolicy
The RoleAssignmentPolicy parameter specifies the management role assignment policy that's assign to the
mailbox. You can use any value that uniquely identifies the policy. For example:
Name
GUID
If you don't use this parameter, the default role assignment policy is used. If the assignment policy name contains
spaces, enclose the name in quotation marks ("). If you don't want to assign an assignment policy when a mailbox is
created or enabled, specify a value of $null. For more information about assignment policies, see Understanding
management role assignment policies (https://technet.microsoft.com/library/dd638100.aspx).
Required: False
Position: Named
Default value: None
-Room
The Room switch is required to mailbox-enable room mailboxes. You don't need to specify a value with this switch.
rooms).
Required: True
Position: Named
Default value: None
-Shared
The Shared switch is required to connect shared mailboxes. You don't need to specify a value with this switch.
A shared mailbox is a mailbox where multiple users can log on to access the mailbox contents. The mailbox isn't
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Enable-ServiceEmailChannel
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Enable-ServiceEmailChannel cmdlet to enable the
.NET service channel for a specific user. For information about the parameter sets in the Syntax section below, see
Syntax
Enable-ServiceEmailChannel [-Identity] <MailboxIdParameter> [-Confirm] [-DomainController <Fqdn>] [-WhatIf]
Description
The .NET service channel enables Microsoft Exchange to store information that it later forwards to applications or
devices that aren't permanently connected to the server running Exchange. This cmdlet creates a receive folder in
the user's mailbox under the root folder named Service E -mail.
Examples
-------------------------- Example 1 --------------------------
Enable-ServiceEmailChannel -Identity "fourthcoffee\tony"
This example enables the .NET service channel for the user Tony Smith.
-------------------------- Example 2 --------------------------
Enable-ServiceEmailChannel -Identity "tony@contoso.com"
-------------------------- Example 3 --------------------------
Enable-ServiceEmailChannel -Identity "TonySmith"
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the identity of the user for which you want to enable the .NET service channel. The
user specified must be a valid user in Active Directory who has an Exchange mailbox.
You can use any value that uniquely identifies the mailbox. For example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Enable-SweepRule
In ths Article
may be exclusive to one environment or the other. Use the Enable-SweepRule cmdlet to enable Sweep rules in
Syntax
Enable-SweepRule [-Identity] <SweepRuleIdParameter> [-Confirm] [-DomainController <Fqdn>]
Description
Examples
-------------------------- Example 1 --------------------------
Enable-SweepRule -Identity "x2hlsdpGmUifjFgxxGIOJw=="
This example enables the specified Sweep rule.

-------------------------- Example 2 --------------------------
Get-SweepRule -Mailbox laura@contoso.com | Enable-SweepRule
This example enables all Sweep rules in the specified mailbox.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Sweep rule that you want to enable. You can use any value that uniquely
Required: True
Position: 1
Default value: None
-Mailbox
The Mailbox parameter specifies the mailbox that contains the rule you want to enable. You can use any value that
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Export-MailboxDiagnosticLogs
In ths Article
may be exclusive to one environment or the other. Use the Export-MailboxDiagnosticLogs cmdlet to export
diagnostic data from user and system mailboxes in your organization. For information about the parameter sets in
Syntax
Export-MailboxDiagnosticLogs [-Identity] <GeneralMailboxIdParameter> -ComponentName <String>
[-Archive]
[-Confirm]
Export-MailboxDiagnosticLogs [-Identity] <GeneralMailboxIdParameter> [-ExtendedProperties]

[-Archive]
[-Confirm]
Description
Examples
-------------------------- Example 1 --------------------------
Export-MailboxDiagnosticLogs -ComponentName OOF -Identity JohnSmith
In Exchange Server 2010 and 2013, this example retrieves the out-of-office diagnostic log for the user John Smith.
-------------------------- Example 2 --------------------------
Export-MailboxDiagnosticLogs -ComponentName CalendarPermissions -Identity "Yuuto Sasaki"

This example retrieves the calendar permissions diagnostic log for the mailbox named Yuuto Sasaki.
Parameters
-Archive
The Archive switch retrieves the diagnostics logs of the archive mailbox instead of the primary mailbox. You don't
Required: False
Position: Named
Default value: None
-ComponentName
The ComponentName parameter specifies the component that you want to retrieve the diagnostic logs for. Valid
values depend on the type and location of the mailbox (on-premises Exchange or Exchange Online). Valid values
include:
ActionProcessingAgent
BirthdayAssistant
CalendarPermissions
CalendarSharingLocalFolder
DefaultViewIndexer
FreeBusyPublishingAssistantQuickLog
HoldTracking
InternetCalendar
InternalCalendarSharingMigration
MRM
OnlineMeetings
OOFRules
RemindersAssistant
SharingMigrationAssistant
SharingSyncAssistant
SweepRules
Type: String
Required: True
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Credential
Type: PSCredential
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-ExtendedProperties
The ExtendedProperties switch specifies whether to retrieve all of the well-known properties from the mailbox table
that are useful for troubleshooting. You don't need to specify a value with this switch.
Required: True
Position: Named
Default value: None
-Identity
The Identity parameter specifies that mailbox that contains the diagnostics logs that you want to view. You can use
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
Required: False
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Export-RecipientDataProperty
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Export-RecipientDataProperty cmdlet to download a
user's picture or spoken name sound file. The picture and audio files display in the Global Address List property
dialog box, contact card, reading pane, and meeting requests in Microsoft Outlook and Outlook on the web. For
Syntax
Export-RecipientDataProperty [-Identity] <MailboxUserContactIdParameter> [-Picture]
[-Confirm]
Export-RecipientDataProperty [-Identity] <MailboxUserContactIdParameter> [-SpokenName]

[-Confirm]
Description
Examples
-------------------------- Example 1 --------------------------
Export-RecipientDataProperty -Identity tony@contoso.com -SpokenName | ForEach { $_.FileData | Add-Content

C:\tonysmith.wma -Encoding Byte}
This example exports Tony Smith's spoken name audio file and saves it to the local computer.
-------------------------- Example 2 --------------------------
Export-RecipientDataProperty -Identity "Ayla" -Picture | ForEach { $_.FileData | Add-Content C:\aylakol.jpg -

Encoding Byte}
This example exports Ayla Kol's picture file to the local computer.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox or mail contact from which you want to export the recipient data. You
can use any value that uniquely identifies the user. For example:
Name
Alias
Canonical DN
Email address
GUID
Type: MailboxUserContactIdParameter
Required: True
Position: 1
Default value: None
-Picture
The Picture switch specifies that the file you're exporting is the user's picture file. You don't need to specify a value
with this switch.
You can't use this switch with the SpokenName switch. You can only export one file type at a time.
Required: False
Position: Named
Default value: None
-SpokenName
The SpokenName switch specifies that the file you're exporting is the user's audio file. You don't need to specify a
This cmdlet exports the WMA 9-voice format. You can't use this switch with the Picture switch. You can only export
one file type at a time.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-App
In ths Article
may be exclusive to one environment or the other. Use the Get-App cmdlet to view installed apps. For information
Syntax
Get-App [[-Identity] <AppIdParameter>] [-DomainController <Fqdn>] [-Mailbox <MailboxIdParameter>]
[-OrganizationApp] [-PrivateCatalog] [<CommonParameters>]
Description
The Get-App cmdlet returns information about all installed apps or the details of a specific installed app.
Examples
-------------------------- Example 1 --------------------------
Get-App -Mailbox Tony
This example returns the summary list of apps installed for user Tony. The command returns the name of the app,
whether the app is enabled, and the app version number.
-------------------------- Example 2 --------------------------
Get-App -Identity 7a774f0c-7a6f-11e0-85ad-07fb4824019b | Format-List
This example displays detailed information for the Bing Maps app for the currently logged on user.
-------------------------- Example 3 --------------------------
Get-App -OrganizationApp
This example displays the summary list of apps installed by administrators for the entire organization.
For information about installing or removing apps for Outlook, see Install or remove add-ins for Outlook for your
organization (https://technet.microsoft.com/library/jj943752.aspx).
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the GUID of the app that you want to view. To find the GUID value of an app, run
the command Get-App | Format-Table -Auto DisplayName,AppId.
Required: False
Position: 1
Default value: None
-Mailbox
The Mailbox parameter specifies the identity of the mailbox where the apps are installed. You can use any value that
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-OrganizationApp
The OrganizationApp switch includes apps that are installed for the organization (not bound to a specific user) in
the results. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-PrivateCatalog
The PrivateCatalog switch includes private catalog add-ins in the results. You don't need to specify a value with this
switch.
You need to use this switch with the OrganizationApp switch.
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-CalendarDiagnosticAnalysis
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-CalendarDiagnosticAnalysis cmdlet to troubleshoot calendar-related
reliability issues. You can use this cmdlet to analyze calendar item data that's recorded in the Calendar Diagnostic logs. You provide the
calendar item data to this cmdlet by using the Get-CalendarDiagnosticLog cmdlet. For information about the parameter sets in the Syntax
Syntax
Get-CalendarDiagnosticAnalysis -CalendarLogs <CalendarLog[]>
[-DetailLevel <Basic | Advanced>]
[-GlobalObjectId <String>]
[-OutputAs <HTML | CSV | XML>]
Get-CalendarDiagnosticAnalysis -LogLocation <String[]>

[-DetailLevel <Basic | Advanced>]
[-GlobalObjectId <String>]
[-OutputAs <HTML | CSV | XML>]
Description
The following properties of the calendar item are returned in the default output of the cmdlet (when the DetailLevel parameter is set to
Basic):
Local Log Time
ItemId
NormalizedSubject
StartTime
EndTime
CalendarLogTriggerAction
ClientInfoString
OriginalLastModifiedTime
ClientIntent
CleanGlobalObjectId
ItemClass
ParentDisplay
Duration
AppointmentRecurring
SentRepresentingEmailAddress
SenderEmailAddress
SentRepresentingDisplayName
You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not
have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any
cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet
(https://technet.microsoft.com/library/mt432940.aspx).
Examples
-------------------------- Example 1 --------------------------
$logs = Get-CalendarDiagnosticLog -Identity oevans -MeetingID

040000008200E00074C5B7101A82E008000000009421DCCD5046CD0100000000000000001000000010B0349F6B17454685E17D9F9512E71F; Get-
CalendarDiagnosticAnalysis -CalendarLogs $logs -DetailLevel Advanced | Set-Content -Path "C:\My Documents\Oscar Evans Analysis.csv"
This example gets the specified calendar item from Oscar Evans' mailbox, stores the item as a variable and writes the advanced analysis of
the item to a CSV file.
For basic analysis of the item, don't include the DetailLevel parameter, or use the value Basic instead of Advanced.
-------------------------- Example 2 --------------------------
Get-CalendarDiagnosticAnalysis -LogLocation "C:\My Documents\Exported Calendar Logs\jkozma@contoso.com" -DetailLevel Advanced -

OutputAs HTML | Set-Content -Path "C:\My Documents\Jasen Kozma Analysis.html"
This example analyzes the calendar items that were exported from Jasen Kozma's mailbox by using the Get-CalendarDiagnosticLog cmdlet
with the LogLocation parameter and writes the advanced analysis of the items to an HTML file.
For basic analysis of the items, don't include the DetailLevel parameter, or use the value Basic instead of Advanced.
Parameters
-CalendarLogs
The CalendarLogs parameter specifies the calendar item that you want to analyze. You identify the calendar item by storing the output of
the Get-CalendarDiagnosticLog cmdlet to a variable and using that variable for the value of this parameter.
For example, to analyze the meeting with the subject "November Budget Meeting" in Shannon Steele's mailbox, run the command
$Budget = Get-CalendarDiagnosticLog -Identity "Shannon Steele" -Subject "November Budget Meeting" -ExactMatch and then use the
value $Budget for this parameter.
Note that you can't use this parameter to analyze multiple calendar items. The value that you use for this parameter must identify a single
item.
You can't use this parameter with the LogLocation parameter.
Type: CalendarLog[]
Required: True
Position: Named
Default value: None
-DetailLevel
The DetailLevel parameter specifies the level of detail you want to see in the analysis output. Valid values are:
Basic: This is the default value. The calendar item properties that are returned are listed in the Detailed Description.
Advanced: 37 additional calendar item properties are returned. You should use this value only for detailed debugging information.
Type: Basic | Advanced

Required: False
Position: Named
Default value: None
-GlobalObjectId
The GlobalObjectId parameter specifies the identity of the calendar item you want to analyze. You can use this parameter with the
LogLocation parameter to specify the calendar item if the location contains multiple exported .msg files.
The GlobalObjectId property of the meeting uses the same format as the CleanGlobalObjectId property (for example,
040000008200E00074C5B7101A82E008000000009421DCCD5046CD0100000000000000001000000010B0349F6B17454685E17D9F9512E71F )
and the value of the two properties is likely the same. However, the value of GlobalObjectId might not stay the same for all instances of the
same meeting in multiple calendars (for example, different attendees invited to different instances of the same recurring meeting).
Type: String
Required: False
Position: Named
Default value: None
-LogLocation
The LogLocation parameter specifies the location of the exported calendar items that you want to analyze. You can specify a local path, or a
UNC path (\\<Server>\<Share>\<User>). If the value contains spaces, enclose the value in quotation marks (").
You export the calendar items to .msg files by using the Get-CalendarDiagnosticLog cmdlet with the LogLocation parameter. If the path
contains multiple .msg files, all of those files are analyzed when you run Get-CalendarDiagnosticAnalysis.
You can't use this parameter with the CalendarLogs parameter.
Type: String[]
Required: True
Position: Named
Default value: None
-OutputAs
The OutputAs parameter specifies the output format of the command. Valid values are:
CSV (This is the default value)
HTML
XML
Type: HTML | CSV | XML

Required: False
Position: Named
Default value: None
Inputs
To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types (https://go.microsoft.com/fwlink/p/?linkId=616387). If
the Input Type field for a cmdlet is blank, the cmdlet doesn't accept input data.
Outputs
To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types
(https://go.microsoft.com/fwlink/p/?linkId=616387). If the Output Type field is blank, the cmdlet doesn't return data.
Related Links
Online Version
Get-CalendarDiagnosticLog
In ths Article
This cmdlet is available in on-premises Exchange and in the cloud-based service. Some parameters and settings may be exclusive to one
environment or the other. Use the Get-CalendarDiagnosticLog cmdlet to collect a range of calendar logs. The Calendar Diagnostic logs
track all calendar items and meeting requests in mailboxes. You can use this information to troubleshoot calendar issues that occur in
Syntax
Get-CalendarDiagnosticLog [-Identity] <MailboxIdParameter> -MeetingID <String>
[-LogLocation <String>]
Get-CalendarDiagnosticLog [-Identity] <MailboxIdParameter> -Subject <String>

[-LogLocation <String>]
Get-CalendarDiagnosticLog [-Identity] <MailboxIdParameter> -LogLocation <String>

[-EndDate <ExDateTime>]
[-EntryId <String>]
[-ExactMatch <Boolean>]
[-ItemClass <String[]>]
[-ItemIds <String[]>]
[-Latest]
[-MeetingID <String>]
[-StartDate <ExDateTime>]
[-Subject <String>]
Description
The output of this cmdlet contains the following information:
IsFileLink: Indicates whether the calendar item has been exported to a .msg file by using the LogLocation parameter. Values are True or
False.
Identity: Identifies the mailbox that holds the calendar item. An example value is: excallog://laura@contoso.com/?
id=RgAAAACF/h/dHTTkQbdPrk7z+G4SBwCoatc7EmnEQq1iF35p17stAAAAAAFEAACoatc7EmnEQq1iF35p17stAAAAABEIAAAP.
LogDate: The date-time that the calendar item was logged.
NormalizedSubject: The Subject field of the calendar item.
CleanGlobalObjectId: The identifier that's constant throughout the lifetime of the calendar item. For example,
040000008200E00074C5B7101A82E00800000000B0225ABF0710C80100000000000000001000000005B27C05AA7C4646B0835D5EB4E41C55.
After you run the Get-CalendarDiagnosticLog cmdlet, you can analyze the calendar data using the Get-CalendarDiagnosticAnalysis cmdlet.
For more information, see Get-CalendarDiagnosticAnalysis.
Examples
-------------------------- Example 1 --------------------------
Get-CalendarDiagnosticLog -Identity "Shannon Steele" -Subject "Weekly development meeting" -ExactMatch $true
This example retrieves the Calendar Diagnostic log entries for Shannon Steele's mailbox by using the subject Weekly development
meeting.
-------------------------- Example 2 --------------------------
Get-CalendarDiagnosticLog -Identity oevans -StartDate "6/1/2018 6:00:00 AM" -EndDate "6/30/2018 5:00:00 PM"
This example retrieves the Calendar Diagnostic log entries for Oscar Evans' mailbox from 6/1/2018 to 6/30/2018.
-------------------------- Example 3 --------------------------
Get-CalendarDiagnosticLog -Identity jkozma@contoso.com -Subject "Weekly development meeting" -Latest
This example retrieves the Calendar Diagnostic log data only for the most recent calendar item in Jasen Kozma's mailbox with a message
subject of "Weekly development meeting".
-------------------------- Example 4 --------------------------
Get-CalendarDiagnosticLog -Identity "Jasen Kozma" -Subject "Budget Meeting" -ExactMatch $true -LogLocation "C:\My Documents\Calendar
Diagnostic Export"
This example exports all calendar items in the Calendar Diagnostic log for Jasen Kozma's mailbox that have "Budget Meeting" anywhere in
the subject to the specified folder.
Notes:
In this example, the message files are written to C:\My Documents\Calendar Diagnostic Export\jkozma@contoso.com.
In on-premises Exchange organizations, you can use the Get-CalendarDiagnosticAnalysis cmdlet with the LogLocation parameter to
analyze the exported .msg files.
Parameters
-Credential
The Credential parameter specifies the username and password that's used to run this command. Typically, you use this parameter in
scripts or when you need to provide different credentials that have the required permissions.
A value for this parameter requires the Get-Credential cmdlet. To pause this command and receive a prompt for credentials, use the value
(Get-Credential) . Or, before you run this command, store the credentials in a variable (for example, $cred = Get-Credential ) and then use
the variable name ( $cred ) for this parameter. For more information, see Get-Credential (https://go.microsoft.com/fwlink/p/?
linkId=142122).
Type: PSCredential
Required: False
Position: Named
Default value: None
-DomainController
The DomainController parameter specifies the domain controller that's used by this cmdlet to read data from or write data to Active
Directory. You identify the domain controller by its fully qualified domain name (FQDN ). For example, dc01.contoso.com.
Type: Fqdn
Required: False
Position: Named
Default value: None
-EndDate
Use the short date format that's defined in the Regional Options settings on the computer where you're running the command. For
example, if the computer is configured to use the short date format mm/dd/yyyy, enter 09/01/2018 to specify September 1, 2018. You can
enter the date only, or you can enter the date and time of day. If you enter the date and time of day, enclose the value in quotation marks ("),
for example, "09/01/2018 5:00 PM".
Type: ExDateTime
Required: False
Position: Named
Default value: None
-EntryId
The EntryId parameter filters the results by entry ID. You can specify multiple values separated by commas.
Type: String
Required: False
Position: Named
Default value: None
-ExactMatch
The ExactMatch parameter specifies whether to use an exact match or a partial match for text values that you specify for the Subject
parameter. Valid values are:
$true: The subject search uses an exact match and searches all calendar items in the mailbox. For example, if you search for "budget",
the search looks for items that have "budget" anywhere in the subject, but not "budgeting".
$false: The subject search uses a partial match and searches a maximum of 1000 calendar items in the mailbox. For example, if you
search for "budget", the search looks for items that have "budget" and "budgeting" anywhere in the subject. This is the default value.
A partial subject match search may not return all of the relevant calendar items. Try using an exact subject match search for more accurate
results.
You only use this parameter with the Subject parameter.
The value of this parameter is ignored when you use the MeetingId parameter.

Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox that contains the calendar items. You can use any value that uniquely identifies the mailbox.
For example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
-ItemClass
The ItemClass parameter filters the results by the specified MessageClass property value of the calendar item (for example,
IPM.Appointment). You can specify multiple values separated by commas.
You can only use this parameter with the MeetingID parameter.
Type: String[]
Required: False
Position: Named
Default value: None
-ItemIds
The ItemIds parameter filters the results by item ID. You can specify multiple values separated by commas.
Type: String[]
Required: False
Position: Named
Default value: None
-Latest
The Latest switch specifies whether to return calendar log data for only the most recent calendar item. You don't need to specify a value
with this switch.
Required: False
Position: Named
Default value: None
-LogLocation
The LogLocation parameter specifies the location to export the calendar items to .msg files. You can specify a local path, or a UNC path (\\
<Server>\<Share>). If the value contains spaces, enclose the value in quotation marks (").
In the location you specify, a subfolder is automatically created for the specified mailbox that holds the exported calendar items. For
example, if you specify the value "C:\My Documents\Calendar Export" to export calendar items from the mailbox of Shannon Steele, the
.msg files are actually stored in C:\My Documents\Calendar Export\ssteele@contoso.com.
In on-premises Exchange organizations, you can use the Get-CalendarDiagnosticAnalysis cmdlet with the LogLocation parameter to
analyze the exported .msg files.
Note: Commands that use this parameter might fail if the calendar item doesn't have a title. If you receive errors when you use this
parameter, run the command again and replace this parameter with redirection to a file (| Set-Content -Path "C:\My Documents\Calendar
Export") or substitute the output to a PowerShell variable.
Type: String
Required: True
Position: Named
Default value: None
-MeetingID
The MeetingID parameter filters the results by the globally unique identifier of the calendar item. The value is the CleanGlobalObjectId
property of the calendar item that's available in the output of this cmdlet, or by using other MAPI examination tools. An example value is
This value is constant throughout the lifetime of the calendar item.
To find this value, it's easiest to first search for the calendar item by using the Subject, StartDate and EndDate parameters. After you find
the calendar item that you want, you can use its CleanGlobalObjectId value for the MeetingID parameter in future commands.
Don't use this parameter with the Subject parameter, because the value of the MeetingID parameter takes precedence.
Type: String
Required: True
Position: Named
Default value: None
The ReadFromDomainController switch specifies that information should be read from a domain controller in the user's domain. If you run
the command Set-AdServerSettings -ViewEntireForest $true to include all objects in the forest and you don't use the
ReadFromDomainController switch, it's possible that information will be read from a global catalog that has outdated information. When
you use the ReadFromDomainController switch, multiple reads might be necessary to get the information. You don't have to specify a
Required: False
Position: Named
Default value: None
-ResultSize
This parameter determines the number of results returned by the cmdlet. The maximum value is 1000.
Type: Unlimited
Required: False
Position: Named
Default value: None
-StartDate
for example, "09/01/2018 5:00 PM".
Type: ExDateTime
Required: False
Position: Named
Default value: None
-Subject
The Subject parameter identifies the calendar items by the specified text in the Subject field. The text values that you specify aren't case
sensitive. If the value contains spaces, enclose the value in quotation marks ("). You can control whether to use exact matching by using the
ExactMatch parameter.
Don't use this parameter with the MeetingID parameter, because the value of the MeetingID parameter takes precedence.
Type: String
Required: True
Position: Named
Default value: None
Inputs
To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types (https://go.microsoft.com/fwlink/p/?LinkId=616387). If
the Input Type field for a cmdlet is blank, the cmdlet doesn't accept input data.
Outputs
To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types
(https://go.microsoft.com/fwlink/p/?LinkId=616387). If the Output Type field is blank, the cmdlet doesn't return data.
Related Links
Online Version
Get-CalendarDiagnosticObjects
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-CalendarDiagnosticObjects cmdlet to collect a range of calendar logs.
The calendar diagnostic logs track important calendar-related event data for each mailbox, and can be used to troubleshoot calendar issues
that occur in mailboxes. The logs track all calendar items and meeting messages. For information about the parameter sets in the Syntax
Syntax
Get-CalendarDiagnosticObjects [-Identity] <UnifiedGroupOrUserMailboxIdParameter>
[-CustomPropertyNames <String[]>]
[-EndDate <ExDateTime>]
[-EntryId <String>]
[-ExactMatch <$true | $false>]
[-ItemClass <String[]>]
[-ItemIds <String[]>]
[-MeetingId <String>]
[-ShouldBindToItem <$true | $false>]
[-ShouldFetchRecurrenceExceptions <$true | $false>]
[-StartDate <ExDateTime>]
[-Subject <String>]
Description
Some of the more interesting properties that are returned in the results are:
AppointmentState: 1 = The appointment is a meeting, 2 = The appointment has been received, 4 = The appointment has been
cancelled, and 8 = the appointment is a forwarded appointment.
CalendarLogTriggerAction: The action that's taken on the item (for example, Create or Update).
ClientInfoString: The entity that made the change (for example, Client=OWA;<AdditionalDetails>, Client=WebServices;
<AdditionalDetails>;, or Client=TBA;Service=MSExchangeMailboxAssistants;Action=ELCAssistant;).
MeetingRequestType: 1 = The meeting message is a meeting request, 65536 = The meeting message is a full update to an existing
meeting, 131072 = The meeting message is an informational update to an existing meeting, 262144 = The meeting message is a silent
update, 524288 = The update is outdated, or 1048576 = The meeting message is forwarded to a delegate, and the copy is marked as
informational.
OriginalLastModifiedTime: Used as the primary sort field to order the events.
ResponseType: 0 = The organizer hasn't received a response, 1 = The organizer's copy of the meeting, 2 = Tentative, 3 = Accept, 4 =
Decline, or 5 = The attendee hasn't responded.
ResponsibleUserName: The LegacyExchangeDN value of the user who made the change (for example, /o=ExchangeLabs/ou=Exchange
Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=BN6PR11MB1587/cn=Microsoft System Attendant
or /o=ExchangeLabs/ou=Exchange Administrative Group
(FYDIBOHF23SPDLT)/cn=Recipients/cn=696eea97d3c449eab648920d03385efb-admin).
Examples
-------------------------- Example 1 --------------------------
Get-CalendarDiagnosticObjects -Identity "Pedro Pizarro" -Subject "Team Meeting" -ExactMatch $true
This example retrieves the calendar diagnostic logs from Pedro Pizarro's mailbox for all items where the Subject is an exact match for Team
Meeting.
-------------------------- Example 2 --------------------------
$A = Get-CalendarDiagnosticObjects -Identity "Pedro Pizarro" -Subject "Team Meeting" -ExactMatch $true; $A | Select-Object
*,@{n='OLMT'; e={[DateTime]::Parse($_.OriginalLastModifiedTime.ToString())}} | sort OLMT | Format-Table
OriginalLastModifiedTime,CalendarLogTriggerAction,ItemClass,ClientInfoString
This is the same as the previous example, but now the results are sorted by original last modified time.
-------------------------- Example 3 --------------------------
Get-CalendarDiagnosticObjects -Identity "Pedro Pizarro" -MeetingID

40000008200E00074C5B7101A82E00800000000693ADAA3B5FCD201000000000000000010000000FF760A70460EAA4096B879872DF24F49
This example retrieves the calendar diagnostic logs for Pedro Pizarro's mailbox for a meeting with the specified unique global object ID
(GOID ).
-------------------------- Example 4 --------------------------
Get-CalendarDiagnosticObjects -Identity "Pedro Pizarro" -Subject "Team Lunch" -StartDate 7/1/2018 -EndDate 7/31/2018 | Export-Csv
"C:\My Documents\Team Lunch Meeting.csv" -NoTypeInformation
This example returns diagnostic information for meetings with the subject Team Lunch in Pedro Pizarro's mailbox in the month of July,
2018, and exports the results to the file C:\My Documents\Team Lunch Meeting.csv.
Parameters
-CustomPropertyNames
The CustomPropertyNames parameter returns the specified calendar item custom property in the results. You can specify multiple values
Type: String[]
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-EndDate
for example, "09/01/2018 5:00 PM".
Type: ExDateTime
Required: False
Position: Named
Default value: None
-EntryId
The EntryID parameter filters the results by the specified EntryID property value, which corresponds to the MAPI property PR_ENTRYID.
Type: String
Required: False
Position: Named
Default value: None
-ExactMatch
The ExactMatch parameter specifies whether to use an exact match or a partial match for text values that you specify for the Subject
parameter. Valid values are:
$true: The subject search uses an exact match and searches all calendar items in the mailbox. For example, if you search for "budget",
the search looks for items that have "budget" anywhere in the subject, but not "budgeting".
$false: The subject search uses a partial match and searches a maximum of 1000 calendar items in the mailbox. For example, if you
search for "budget", the search looks for items that have "budget" and "budgeting" anywhere in the subject. This is the default value.
A partial subject match search may not return all of the relevant calendar items. Try using an exact subject match search for more accurate
results.
You only use this parameter with the Subject parameter.
The value of this parameter is ignored when you use the MeetingId parameter.

Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox or Office 365 Group whose calendar you want to view. You can use any value that uniquely
identifies the mailbox or Office 365 Group. For example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Type: UnifiedGroupOrUserMailboxIdParameter
Required: True
Position: 1
Default value: None
-ItemClass
The ItemClass parameter filters the results by the specified MessageClass property value of the calendar item (for example,
IPM.Appointment). You can specify multiple values separated by commas.
Type: String[]
Required: False
Position: Named
Default value: None
-ItemIds
The ItemIds parameter filters the results by item ID. You can specify multiple values separated by commas.
Type: String[]
Required: False
Position: Named
Default value: None
-MeetingId
The MeetingId parameter filters the results by the globally unique identifier of the calendar item. The value is the CleanGlobalObjectId
property of the calendar item that's available in the output of this cmdlet, or by using other MAPI examination tools. An example value is
This value is constant throughout the lifetime of the calendar item.
Type: String
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
-ResultSize
This parameter determines the number of results returned by the cmdlet. The maximum value is 1000.
Type: Unlimited
Required: False
Position: Named
Default value: None
-ShouldBindToItem
The ShouldBindToItem parameter specifies whether to truncate large streamable property values (for example,
AppointmentRecurrenceBlob). Valid values are:
$true: The values of large streamable properties aren't truncated, so the full value is returned.
$false: The values of large streamable properties are truncated. This is the default value.

Required: False
Position: Named
Default value: None
-ShouldFetchRecurrenceExceptions
The ShouldFetchRecurrenceExceptions parameter specifies whether to include exceptions to recurring meetings. Valid values are:
$true: Include exceptions to recurring meetings. When you use this value, you also need to use the ItemIds parameter.
$false: Don't Include exceptions to recurring meetings. This is the default value.

Required: False
Position: Named
Default value: None
-StartDate
for example, "09/01/2018 5:00 PM".
Type: ExDateTime
Required: False
Position: Named
Default value: None
-Subject
The Subject parameter identifies the calendar items by the specified text in the Subject field. The text values that you specify aren't case
sensitive. If the value contains spaces, enclose the value in quotation marks. You can control whether to use exact matching by using the
ExactMatch parameter
Type: String
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Get-CalendarNotification
In ths Article
may be exclusive to one environment or the other. Use the Get-CalendarNotification cmdlet to return a list of all
calendar notification settings for a user. For information about the parameter sets in the Syntax section below, see
Syntax
Get-CalendarNotification [-Identity] <MailboxIdParameter> [-Credential <PSCredential>]
Description
The Get-CalendarNotification cmdlet retrieves and displays the rules used to trigger the calendar agenda
notification, reminder notification, or update notification.
Examples
-------------------------- Example 1 --------------------------
Get-CalendarNotification -Identity "TonySmith"
This example returns the calendar notification settings for the user Tony Smith using the user's alias.
-------------------------- Example 2 --------------------------
Get-CalendarNotification -Identity tony@contoso.com -ReadFromDomainController
This example returns the calendar notification settings for the user Tony Smith.
-------------------------- Example 3 --------------------------
Get-CalendarNotification -Identity "contoso\tonysmith"
This example returns the calendar notification settings for the user Tony Smith using the user's domain and name.
Parameters
-Credential
Type: PSCredential
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox. You can use any value that uniquely identifies the mailbox. For
example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
The ReadFromDomainController parameter specifies whether the command should return data from the domain
controller.
Required: False
Position: Named
Default value: None
-ResultSize
The ResultSize parameter specifies the amount of data returned.
Type: Unlimited
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-CalendarProcessing
In ths Article
may be exclusive to one environment or the other. Use the Get-CalendarProcessing cmdlet to view the calendar
processing options for resource mailboxes, which include the Calendar Attendant, resource booking assistant and
calendar configuration. Note that the settings returned by this cmdlet are editable only on resource mailboxes. For
Syntax
Get-CalendarProcessing [-Identity] <MailboxIdParameter> [-DomainController <Fqdn>] [-ReadFromDomainController]
Description
For details about the properties that are returned in the output of this cmdlet, see Set-CalendarProcessing
(https://docs.microsoft.com/powershell/module/exchange/mailboxes/set-calendarprocessing).
Examples
-------------------------- Example 1 --------------------------
Get-CalendarProcessing -Identity "Room 212" | Format-List
This example shows the calendar processing options for the resource mailbox Room 212.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the resource mailbox that you want to view. You can use any value that uniquely
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
Required: False
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-Clutter
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-Clutter cmdlet to view Clutter settings for
mailboxes in your organization. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Get-Clutter -Identity <MailboxIdParameter> [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-Clutter -Identity "Constancia Pena"
This example returns the Clutter settings for the user Constancia Pena.
Parameters
-Identity
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online version
Get-FocusedInbox
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-FocusedInbox cmdlet to view the Focused
Inbox configuration for mailboxes in your organization. For information about the parameter sets in the Syntax
Syntax
Get-FocusedInbox -Identity <MailboxIdParameter> [<CommonParameters>]
Description
Focused Inbox is a replacement for Clutter that separates the Inbox into the Focused and Other tabs in Outlook on
the web and newer versions of Outlook. Important emails are on the Focused tab while the rest are on the Other
tab.
Examples
-------------------------- Example 1 --------------------------
Get-FocusedInbox -Identity julia@contoso.com
This example returns the Focused Inbox configuration for the mailbox of julia@contoso.com.
Parameters
-Identity
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online version
Get-InboxRule
In ths Article
may be exclusive to one environment or the other. Use the Get-InboxRule cmdlet to view Inbox rule properties.
Inbox rules are used to process messages in the Inbox based on conditions specified and take actions such as
moving a message to a specified folder or deleting a message. For information about the parameter sets in the
Syntax
Get-InboxRule [[-Identity] <InboxRuleIdParameter>] [-DescriptionTimeFormat <String>]
[-DescriptionTimeZone <ExTimeZoneValue>] [-DomainController <Fqdn>] [-Mailbox <MailboxIdParameter>]
[-IncludeHidden] [-BypassScopeCheck] [-SweepRules] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-InboxRule -Mailbox Joe@Contoso.com
This example retrieves all Inbox rules for the mailbox Joe@Contoso.com.
-------------------------- Example 2 --------------------------
Get-InboxRule "ReceivedLastYear" -Mailbox joe@contoso.com -DescriptionTimeFormat "mm/dd/yyyy" -

DescriptionTimeZone "Pacific Standard Time"
This example retrieves the Inbox rule ReceivedLastYear from the mailbox joe@contoso.com on which the
ReceivedBeforeDate parameter was set when the rule was created. The DescriptionTimeFormat and
DescriptionTimeZone parameters are used in this example to specify formatting of the time and the time zone used
in the rule's Description property.
Parameters
-BypassScopeCheck
The BypassScopeCheck switch specifies whether to bypass the scope check for the user that's running the
command. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-DescriptionTimeFormat
The DescriptionTimeFormat parameter specifies the format for time values in the rule description. For example:
mm/dd/yyyy, where mm is the 2-digit month, dd is the 2-digit day and yyyy is the 4-digit year.
Type: String
Required: False
Position: Named
Default value: None
-DescriptionTimeZone
The DescriptionTimeZone parameter specifies time zone that's used for time values in the rule description.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Inbox rule that you want to view. You can use any value that uniquely identifies
the rule. For example:
Name
RuleIdentity property (for example, 16752869479666417665).
Exchange Online: <mailbox alias>\<RuleIdentity> (for example, rzaher\16752869479666417665.
On-premises Exchange: <mailbox canonical name>\<RuleIdentity> (for example, contoso.com/Users/Rick
Zaher\16752869479666417665.
Required: False
Position: 1
Default value: None
-IncludeHidden
The IncludeHidden switch specifies whether to include hidden Inbox rules in the results. You don't need to specify a
Required: False
Position: Named
Default value: None
-Mailbox
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-SweepRules
The SweepRules switch specifies whether to return only Sweep rules in the results. You don't need to specify a
Sweep rules run at regular intervals to help keep your Inbox clean.
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-Mailbox
In ths Article
may be exclusive to one environment or the other. Use the Get-Mailbox cmdlet to view mailbox objects and
attributes, populate property pages, or supply mailbox information to other tasks. For information about the
Syntax
Get-Mailbox [-Anr <String>]
[-Arbitration]
[-Archive]
[-AuditLog]
[-AuxAuditLog]
[-Filter <String>]
[-GroupMailbox]
[-InactiveMailboxOnly]
[-IncludeInactiveMailbox]
[-Migration]
[-Monitoring]
[-PublicFolder]
[-RecipientTypeDetails <RecipientTypeDetails[]>]
[-RemoteArchive]
[-SoftDeletedMailbox]
[-SortBy <String>]
Get-Mailbox [-Database <DatabaseIdParameter>]
[-Arbitration]
[-Archive]
[-AuditLog]
[-AuxAuditLog]
[-Filter <String>]
[-GroupMailbox]
[-Migration]
[-Monitoring]
[-PublicFolder]
[-RemoteArchive]
[-SortBy <String>]
Get-Mailbox [[-Identity] <MailboxIdParameter>]

[-Arbitration]
[-Archive]
[-AuditLog]
[-AuxAuditLog]
[-Filter <String>]
[-GroupMailbox]
[-Migration]
[-Monitoring]
[-PublicFolder]
[-RemoteArchive]
[-SortBy <String>]
Get-Mailbox [-Server <ServerIdParameter>]
[-Arbitration]
[-Archive]
[-AuditLog]
[-AuxAuditLog]
[-Filter <String>]
[-GroupMailbox]
[-Migration]
[-Monitoring]
[-PublicFolder]
[-RemoteArchive]
[-SortBy <String>]
Get-Mailbox [-MailboxPlan <MailboxPlanIdParameter>]

[-Archive]
[-Filter <String>]
[-GroupMailbox]
[-Migration]
[-PublicFolder]
Get-Mailbox [-Async] -Properties <String[]>

[-Archive]
[-Filter <String>]
[-GroupMailbox]
[-Migration]
[-PublicFolder]
[-ResultSize <>]
Description
When you use the Get-Mailbox cmdlet in on-premises Exchange environments to view the quota settings for a
mailbox, you first need to check the value of the UseDatabaseQuotaDefaults property. The value True means per-
mailbox quota settings are ignored, and you need to use the Get-MailboxDatabase cmdlet to see the actual values.
If the UseDatabaseQuotaDefaults property is False, the per-mailbox quota settings are used, so what you see with
the Get-Mailbox cmdlet are the actual quota values for the mailbox.
Examples
-------------------------- Example 1 --------------------------
Get-Mailbox -ResultSize unlimited
This example returns a summary list of all the mailboxes in your organization.
-------------------------- Example 2 --------------------------
Get-Mailbox -OrganizationalUnit Users
This example returns a list of all the mailboxes in your organization in the Users OU.
-------------------------- Example 3 --------------------------
Get-Mailbox -Anr Chr
This example returns all the mailboxes that resolve from the ambiguous name resolution search on the string "Chr".
This example returns mailboxes for users such as Chris Ashton, Christian Hess, and Christa Geller.
-------------------------- Example 4 --------------------------
Get-Mailbox -Archive -Server Mailbox01
This example returns a summary list of all archive mailboxes on the Mailbox server named Mailbox01.
-------------------------- Example 5 --------------------------
Get-Mailbox -Identity ed@contoso.com -RemoteArchive
This example returns information about the remote archive mailbox for the user ed@contoso.com.
Parameters
-Anr
searched are:
CommonName (CN )
DisplayName
FirstName
LastName
Alias
Type: String
Required: False
Position: Named
Default value: None
-Arbitration
The Arbitration switch is required to return arbitration mailboxes in the results. You don't need to specify a value
with this switch.
To return arbitration mailboxes that are used to store audit log settings or data, don't use this switch. Instead, use
the AuditLog or AuxAuditLog switches.
Required: False
Position: Named
Default value: None
-Archive
The Archive switch is required to return archive mailboxes in the results. You don't need to specify a value with this
switch.
Required: False
Position: Named
Default value: None
-Async
{{Fill Async Description}}
Required: True
Position: Named
Default value: None
-AuditLog
The AuditLog switch is required to return audit log mailboxes in the results. You don't need to specify a value with
this switch.
Audit log mailboxes are arbitration mailboxes that are used to store audit log settings.
To return other types of arbitration mailboxes, don't use this switch. Instead, use the Arbitration switch.
Required: False
Position: Named
Default value: None
-AuxAuditLog
The AuxAuditLog switch is required to return auxillary audit log mailboxes in the results. You don't need to specify
To return other types of arbitration mailboxes, don't use this switch. Instead, use the Arbitration switch.
Required: False
Position: Named
Default value: None
-Credential
Type: PSCredential
Required: False
Position: Named
Default value: None
-Database
The Database parameter filters the results by mailbox database. When you use this parameter, only mailboxes on
the specified database are included in the results. You can any value that uniquely identifies the database. For
example:
Name
GUID
You can't use this parameter with the Anr, Identity, or Server parameters.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Filter
Type: String
Required: False
Position: Named
Default value: None
-GroupMailbox
The GroupMailbox switch is required to return Office 365 groups in the results. You don't need to specify a value
with this switch.
Required: False
Position: Named
Default value: None
-Identity
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
You can't use this parameter with the Anr, Database, MailboxPlan or Server parameters.
Required: False
Position: 1
Default value: None
-IgnoreDefaultScope
automatically.
accepted.
Required: False
Position: Named
Default value: None
-InactiveMailboxOnly
The InactiveMailboxOnly switch specifies whether to return only inactive mailboxes in the results. You don't need to
An inactive mailbox is a mailbox that's placed on Litigation Hold or In-Place Hold before it's soft-deleted. The
contents of an inactive mailbox are preserved until the hold is removed.
To include active and inactive mailboxes in the results, don't use this switch. Instead, use the IncludeInactiveMailbox
switch.
Required: False
Position: Named
Default value: None
-IncludeInactiveMailbox
The IncludeInactiveMailbox switch specifies whether to include inactive mailboxes in the results. You don't need to
An inactive mailbox is a mailbox that's placed on Litigation Hold or In-Place Hold before it's soft-deleted. The
contents of an inactive mailbox are preserved until the hold is removed.
To return only inactive mailboxes in the results, don't use this switch. Instead, use the InactiveMailboxOnly switch.
Required: False
Position: Named
Default value: None
-MailboxPlan
The MailboxPlan parameter filters the results by mailbox plan. When you use this parameter, only mailboxes that
are assigned the specified mailbox plan are returned in the results. You can use any value that uniquely identifies
the mailbox plan. For example:
Name
Alias
Display name
GUID
A mailbox plan specifies the permissions and features available to a mailbox user in cloud-based organizations. You
can see the available mailbox plans by using the Get-MailboxPlan cmdlet.
You can't use this parameter with the Anr or Identity parameters.
Required: False
Position: Named
Default value: None
-Migration
The Migration switch is required to return migration mailboxes in the results. You don't need to specify a value with
this switch.
Required: False
Position: Named
Default value: None
-Monitoring
with this switch.
Required: False
Position: Named
Default value: None
-OrganizationalUnit
Name
Canonical name
GUID
Required: False
Position: Named
Default value: None
-Properties
{{Fill Properties Description}}
Type: String[]
Required: True
Position: Named
Default value: None
-PublicFolder
The PublicFolder switch is required to return public folder mailboxes in the results. You don't need to specify a
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
-RecipientTypeDetails
The RecipientTypeDetails parameter filters the results by the specified mailbox subtype. Valid values are:
DiscoveryMailbox
EquipmentMailbox
GroupMailbox
LegacyMailbox
LinkedMailbox
LinkedRoomMailbox
RoomMailbox
SchedulingMailbox
SharedMailbox
TeamMailbox
UserMailbox
Type: RecipientTypeDetails[]
Required: False
Position: Named
Default value: None
-RemoteArchive
The RemoteArchive switch is required to return remote archive mailboxes in the results. You don't need to specify a
Remote archive mailboxes are archive mailboxes in the cloud-based service that are associated with mailbox users
in on-premises Exchange organizations.
Required: False
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
-Server
The Server parameter filters the results by Exchange server. When you use this parameter, only mailboxes on the
specified Exchange server are included in the results.
Name
FQDN
Exchange Legacy DN
You can't use this parameter with the Anr, Database, or Identity parameters.
The ServerName and ServerLegacyDN properties for a mailbox may not be updated immediately after a mailbox
move within a database availability group (DAG ). To get the most up-to-date values for these mailbox properties,
run the command Get-Mailbox <Identity> | Get-MailboxStatistics | Format-List
Name,ServerName,ServerLegacyDN.
Required: False
Position: Named
Default value: None
-SoftDeletedMailbox
The SoftDeletedMailbox switch is required to return soft-deleted mailboxes in the results. You don't need to specify
Soft-deleted mailboxes are deleted mailboxes that are still recoverable.
Required: False
Position: Named
Default value: None
-SortBy
Name
DisplayName
Alias
Office
ServerLegacyDN
Type: String
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-MailboxAutoReplyConfiguration
In ths Article
may be exclusive to one environment or the other. Use the Get-MailboxAutoReplyConfiguration cmdlet to retrieve
Automatic Replies settings for a specific mailbox. For information about the parameter sets in the Syntax section
Syntax
Get-MailboxAutoReplyConfiguration [-Identity] <MailboxIdParameter> [-Credential <PSCredential>]
Description
You can use the Get-MailboxAutoReplyConfiguration cmdlet to retrieve all the mailboxes enabled for Automatic
Replies. When run, the cmdlet returns Automatic Replies settings for the specified mailbox that include the
following:
Mailbox identity value
Whether Automatic Replies is enabled, scheduled, or disabled for the mailbox
Start and end date, time during which Automatic Replies will be sent
Whether external senders receive Automatic Replies (none, known senders, or all)
Automatic Replies message to be sent to internal and external senders
Examples
-------------------------- Example 1 --------------------------
Get-Mailbox | Get-MailboxAutoReplyConfiguration
This example returns Automatic Replies settings for all mailboxes in the Exchange organization.
-------------------------- Example 2 --------------------------
Get-MailboxAutoReplyConfiguration -Identity 'contoso.com/Users/Tony Smith'

This example retrieves Automatic Replies settings for Tony's mailbox at contoso.com.
-------------------------- Example 3 --------------------------
Get-Mailbox | Get-MailboxAutoReplyConfiguration -ResultSize unlimited
This example retrieves all Automatic Replies settings for all mailboxes in the Exchange organization.
Parameters
-Credential
Type: PSCredential
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
The ReadFromDomainController parameter specifies that the user information is read from a domain controller in
the user's domain. If you set the recipient scope to include all recipients in the forest and if you don't use this
parameter, it's possible that the user information is read from a global catalog with outdated information. If you use
this parameter, multiple reads might be necessary to get the information.
By default, the recipient scope is set to the domain that hosts your servers that run Microsoft Exchange.
Required: False
Position: Named
Default value: None
-ResultSize
The ResultSize parameter specifies the maximum number of settings to return. If you want to return all settings
that match the command, use unlimited for the value of this parameter.
Type: Unlimited
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-MailboxCalendarFolder
In ths Article
may be exclusive to one environment or the other. Use the Get-MailboxCalendarFolder cmdlet to retrieve the
publishing or sharing settings for a specified mailbox calendar folder. For information about the parameter sets in
Syntax
Get-MailboxCalendarFolder [-Identity] <MailboxFolderIdParameter> [-DomainController <Fqdn>]
Description
The Get-MailboxCalendarFolder cmdlet retrieves information for the specified calendar folder. This information
includes the calendar folder name, whether the folder is currently published or shared, the start and end range of
calendar days published, the level of details published for the calendar, whether the published URL of the calendar
can be searched on the web and the published URL for the calendar.
Examples
-------------------------- Example 1 --------------------------
Get-MailboxCalendarFolder -Identity kai:\Calendar
This example returns all provided publishing information for the specified calendar folder in Kai's mailbox. In this
example, the Identity parameter specifies the mailbox with the alias format.
-------------------------- Example 2 --------------------------
Get-MailboxCalendarFolder -Identity kai:\Calendar -DomainController DC1
This example returns all provided publishing information for the specified calendar folder in Kai's mailbox. This
example also specifies DC1 as the domain controller to retrieve this information from Active Directory.
-------------------------- Example 3 --------------------------
Get-MailboxCalendarFolder -Identity contoso\kai:\Calendar

This example returns all provided publishing information for the specified calendar folder in Kai's mailbox. In this
example, the Identity parameter specifies the mailbox with the domain\account format.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox and folder path or folder name to the calendar folder that has the
publishing settings configured. You can use the following values:
GUID
ADObjectID
Domain\Account
LegacyExchangeDN
SmtpAddress
Alias
Required: True
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-MailboxExportRequest
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-MailboxExportRequest cmdlet to view the
detailed status of an ongoing export request that was initiated by using the New -MailboxExportRequest cmdlet.
This cmdlet is available only in the Mailbox Import Export role, and by default, the role isn't assigned to any role
groups. To use this cmdlet, you need to add the Mailbox Import Export role to a role group (for example, to the
Syntax
Get-MailboxExportRequest [[-Identity] <MailboxExportRequestIdParameter>]
Get-MailboxExportRequest [-Mailbox <MailboxOrMailUserIdParameter>]

[-BatchName <String>]
[-HighPriority <$true | $false>]
[-Name <String>]
[-Status <None | Queued | InProgress | AutoSuspended | CompletionInProgress | Completed | CompletedWithWarning
| Suspended | Failed>]
[-Suspend <$true | $false>]
[-RequestQueue <DatabaseIdParameter>] [<CommonParameters>]
Get-MailboxExportRequest [-Mailbox <MailboxLocationIdParameter>]

[-Name <String>]
Description
The search criteria for the Get-MailboxExportRequest cmdlet is a Boolean And statement. If you use multiple
parameters, you narrow your search and reduce your search results.
Examples
-------------------------- Example 1 --------------------------
Get-MailboxExportRequest -Identity "tony\DB01toPST"
This example returns the status of the ongoing export request with the identity tony\DB01toPST.
-------------------------- Example 2 --------------------------
Get-MailboxExportRequest -Status InProgress -Database DB01
In Exchange Server 2010, this example returns the status of in progress export requests for mailboxes or archives
that reside on database DB01.
-------------------------- Example 3 --------------------------
Get-MailboxExportRequest -BatchName "Attachment_CompanyReport" -Status Completed
This example returns the status of export requests in the Attachment_CompanyReport batch that completed.
-------------------------- Example 4 --------------------------
Get-MailboxExportRequest -Name "DB01toPST" -Suspend $true
This example returns all export requests that have the name DB01toPST where the export has been suspended.
Parameters
-BatchName
The BatchName parameter specifies the name given to a batch export request.
Type: String
Required: False
Position: Named
Default value: None
-Database
The Database parameter specifies the database in which the user's mailbox or archive resides. You can use any
Name
GUID
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-HighPriority
The HighPriority parameter filters the results based on the Priority value that was assigned when the request was
created. Valid input for this parameter is $true or $false. Here's how these values filter the results:
$true Returns requests that were created with the Priority value High, Higher, Highest or Emergency.
$false Returns requests that were created with the Priority value Normal, Low, Lower or Lowest.

Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the identity of the export request. By default, export requests are named
<alias>\MailboxExportX (where X = 0-9). If you specified a name for the export request when the request was
created using the New -MailboxExportRequest cmdlet, use the following syntax: <alias>\<name>. Exchange
automatically precedes the request with the mailbox's alias.
This parameter can't be with the following parameters:
BatchName
Mailbox
Name
Status
Suspend
HighPriority
Type: MailboxExportRequestIdParameter
Required: False
Position: 1
Default value: None
-Mailbox
The Mailbox parameter filters the results by the source mailbox where the contents are being exported from.
In Exchange 2016 CU7 or later, this parameter is the type MailboxLocationIdParameter, so the easiest value that
you can use to identify the mailbox is the Alias value.
In Exchange 2016 CU6 or earlier, this parameter is the type MailboxOrMailUserIdParameter, so you can use any
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Type: MailboxOrMailUserIdParameter
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies that export requests that have the specified name are returned.
Use this parameter to search on the name that you provided when you created the export request.
If you didn't specify a name when the request was created, the default name is MailboxExportX (where X = 0-9).
Type: String
Required: False
Position: Named
Default value: None
-RequestQueue
The RequestQueue parameter identifies the request based on the mailbox database where the request is being run.
Name
GUID
Required: False
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
-Status
The Status parameter filters the results based on status. You can use the following values:
AutoSuspended
Completed
CompletedWithWarning
CompletionInProgress
Failed
InProgress
Queued
Retrying
Suspended
Synced
CompletionInProgress and AutoSuspended don't apply to export requests and won't return any information.
Type: None | Queued | InProgress | AutoSuspended | CompletionInProgress | Completed | CompletedWithWarning |

Suspended | Failed
Required: False
Position: Named
Default value: None
-Suspend
The Suspend parameter specifies whether to return requests that have been suspended. Valid input for this
parameter is $true or $false.

Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-MailboxExportRequestStatistics
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-MailboxExportRequestStatistics cmdlet to view
detailed information about export requests. This cmdlet is available only in the Mailbox Import Export role, and by
default, the role isn't assigned to any role groups. To use this cmdlet, you need to add the Mailbox Import Export
Syntax
Get-MailboxExportRequestStatistics [-Identity] <MailboxExportRequestIdParameter> [-DomainController <Fqdn>]
[-IncludeReport] [-Diagnostic] [-DiagnosticArgument <String>] [-DiagnosticInfo <String>] [-ReportOnly]
Get-MailboxExportRequestStatistics -MRSInstance <Fqdn> [-DomainController <Fqdn>] [-RequestGuid <Guid>]

Get-MailboxExportRequestStatistics -RequestQueue <DatabaseIdParameter> [-DomainController <Fqdn>]

[-IncludeReport] [-RequestGuid <Guid>] [-Diagnostic] [-DiagnosticArgument <String>] [-ReportOnly]
Description
You can pipeline the Get-MailboxExportRequestStatistics cmdlet from the Get-MailboxExportRequest cmdlet.
Examples
-------------------------- Example 1 --------------------------
Get-MailboxExportRequestStatistics -Identity Tony\MailboxExport1
This example returns the default statistics for the second export request for Tony Smith. The type of information
returned by default includes name, mailbox, and status.
-------------------------- Example 2 --------------------------
Get-MailboxExportRequestStatistics -Identity Tony\MailboxExport | Export-CSV
\\SERVER01\ExportRequest_Reports\Tony_Exportstats.csv
This example returns statistics for Tony Smith's mailbox and exports the report to a .csv file.
-------------------------- Example 3 --------------------------
Get-MailboxExportRequestStatistics -Identity Tony\LegalHold -IncludeReport | Format-List
This example returns additional information about the export request for Tony Smith's mailbox by using the
IncludeReport parameter and by pipelining the results to the Format-List command. (The export request was
created using the New -MailboxExportRequest.)
-------------------------- Example 4 --------------------------
Get-MailboxExportRequestStatistics -MRSInstance CAS01.contoso.com
In Exchange Server 2010, this example returns default statistics for an export request being processed by the
instance of MRS running on the server CAS01. This command only returns information for export requests that
are currently being processed by an instance of MRS. If the request is already finished, it won't be returned.
-------------------------- Example 5 --------------------------
Get-MailboxExportRequestStatistics -RequestQueue MailboxDatabase01
This example returns default statistics for an export request being processed by the instance of MRS running on
the server CAS01. This command only returns information for export requests currently being processed by an
instance of MRS. If the request is already finished, it won't be returned.
-------------------------- Example 6 --------------------------
Get-MailboxExportRequest -Status Failed | Get-MailboxExportRequestStatistics -IncludeReport | Format-List >

AllExportReports.txt
This example returns additional information for all the export requests that have a status of Failed by using the
IncludeReport parameter, and then saves the information to the text file AllExportReports.txt.
Parameters
-Diagnostic
The Diagnostic switch specifies whether to return extremely detailed information in the results. Typically, you use
this switch only at the request of Microsoft Customer Service and Support to troubleshoot problems.
Required: False
Position: Named
Default value: None
-DiagnosticArgument
The DiagnosticArgument parameter modifies the results that are returned by using the Diagnostic switch. Typically,
you use the Diagnostic switch and the DiagnosticArgument parameter only at the request of Microsoft Customer
Service and Support to troubleshoot problems.
Type: String
Required: False
Position: Named
Default value: None
-DiagnosticInfo
Typically, you use the DiagnosticInfo parameter only at the request of Microsoft Customer Service and Support to
troubleshoot problems.
Type: String
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
<alias>\MailboxExportX (where X = 0-9). If you specified a name for the export request when it was created by
using the New -MailboxExportRequest cmdlet, use the following syntax: <alias>\<name>.
This parameter can't be used with the RequestGuid or RequestQueue parameters.
Required: True
Position: 1
Default value: None
-IncludeReport
Required: False
Position: Named
Default value: None
-MRSInstance
The MRSInstance parameter specifies the fully qualified domain name (FQDN ) of the Client Access server on
which the Microsoft Exchange Mailbox Replication service (MRS ) resides. When using this parameter, all records
are returned for this instance of MRS.
You can't use this parameter with the Identity or RequestQueue parameters.
Type: Fqdn
Required: True
Position: Named
Default value: None
-ReportOnly
The ReportOnly switch returns the results as an array of report entries (encoded strings). You don't need to specify
Required: False
Position: Named
Default value: None
-RequestGuid
The RequestGuid parameter specifies the unique identifier for the export request. To find the export request GUID,
use the Get-MailboxExportRequest cmdlet. If you specify the RequestGuid parameter, you must also specify the
RequestQueue parameter. You can't use this parameter with the Identity parameter.
Type: Guid
Required: False
Position: Named
Default value: None
-RequestQueue
This parameter is for debugging purposes only.
Name
GUID
Required: True
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-MailboxFolder
In ths Article
may be exclusive to one environment or the other. Use the Get-MailboxFolder cmdlet to view folders in your own
mailbox. Administrators can't use this cmdlet to view folders in other mailboxes (the cmdlet is available only from
the MyBaseOptions user role). For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Get-MailboxFolder [[-Identity] <MailboxFolderIdParameter>] [-GetChildren]
[-MailFolderOnly]
Get-MailboxFolder [[-Identity] <MailboxFolderIdParameter>] [-Recurse]

[-MailFolderOnly]
Description
This command checks that the mailbox specified in the Identity parameter is a valid Exchange mailbox before
retrieving the requested folders. The cmdlet returns all folders if the MailFolderOnly switch isn't specified.
Examples
-------------------------- Example 1 --------------------------
Get-MailboxFolder -Identity Tony:\Inbox
This example retrieves the Inbox folder in Tony's mailbox. The Identity parameter is supplied in the format of
<Mailbox Identity>:<Folder>.
-------------------------- Example 2 --------------------------
Get-MailboxFolder -Identity Tony
This example returns the root folders in Tony's mailbox. The Identity parameter is supplied in the format of
<Mailbox Identity>.
-------------------------- Example 3 --------------------------
Get-MailboxFolder -Identity Tony -GetChildren -MailFolderOnly
This example returns the first level of mail folders in Tony's mailbox.
-------------------------- Example 4 --------------------------
Get-MailboxFolder -Identity Tony:\Inbox -GetChildren
This example returns information about all the subfolders under Inbox in Tony's mailbox.
-------------------------- Example 5 --------------------------
Get-MailboxFolder -Identity Tony:\Inbox -Recurse
This example returns all levels of folders under Inbox in Tony's mailbox.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-GetChildren
The GetChildren switch specifies whether to return only the first level of subfolders under the specified parent
folder. You don't need to specify a value with this switch.
You can't use this switch with the Recurse switch.
Required: True
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox and the folder that you want to view. If you don't specify the folder, the
command returns information about folders in the root hierarchy of the specified mailbox. You specify values for
this parameter by using the syntax: <Mailbox Identity>:<Parent>.
Valid values for <Mailbox Identity> are unique identifiers for the mailbox. For example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Values for <Parent> can be both the store object ID and a path string such as \Inbox\Personal.
Required: False
Position: 1
Default value: None
-MailFolderOnly
The MailFolderOnly switch specifies whether to return only the mail folders in the specified mailbox. You don't
Required: False
Position: Named
Default value: None
-Recurse
The Recurse switch specifies whether to return the specified parent folder and all of its subfolders. You don't need
You can't use this switch with the GetChildren switch.
Required: True
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-MailboxFolderPermission
In ths Article
may be exclusive to one environment or the other. Use the Get-MailboxFolderPermission cmdlet to view folder-
level permissions in mailboxes. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Get-MailboxFolderPermission [-Identity] <MailboxFolderIdParameter> [-DomainController <Fqdn>]
[-User <MailboxFolderUserIdParameter>] [-GroupMailbox] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-MailboxFolderPermission -Identity john@contoso.com:\Marketing\Reports
This example returns the current list of user permissions for the Reports subfolder in the Marketing folder in John's
mailbox.
-------------------------- Example 2 --------------------------
Get-MailboxFolderPermission -Identity john@contoso.com:\Marketing\Reports -User Ayla@contoso.com
This example returns the permissions for the same folder in John's mailbox, but only for the user Ayla.
-------------------------- Example 3 --------------------------
Get-MailboxFolderPermission -Identity john@contoso.com:\Calendar -User Ayla@contoso.com
This example returns the permissions for the Calendar folder in John's mailbox, but only for the user Ayla.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-GroupMailbox
The GroupMailbox switch is required to return Office 365 groups in the results. You don't need to specify a value
with this switch.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox folder that you want to view. This parameter uses the syntax:
<Mailbox>:\<Folder>. For the value of <Mailbox>, you can use any value that uniquely identifies the mailbox. For
example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Example values for this parameter are john@contoso.com:\\Calendar or John:\Marketing\Reports.
Required: True
Position: 1
Default value: None
-User
The User parameter filters the results by the specified mailbox, mail user, or mail-enabled security group (security
principal) that's granted permission to the mailbox folder. You can use any value that uniquely identifies the user or
group. For example:
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-MailboxFolderStatistics
In ths Article
may be exclusive to one environment or the other. Use the Get-MailboxFolderStatistics cmdlet to retrieve
information about the folders in a specified mailbox, including the number and size of items in the folder, the folder
name and ID, and other information. For information about the parameter sets in the Syntax section below, see
Syntax
Get-MailboxFolderStatistics [-Identity] <GeneralMailboxOrMailUserIdParameter> [-Archive] [-DiagnosticInfo
<String>]
[-DomainController <Fqdn>] [-FolderScope
<Microsoft.Exchange.Data.Directory.SystemConfiguration.ElcFolderType>]
[-IncludeAnalysis] [-IncludeOldestAndNewestItems] [-IncludeSoftDeletedRecipients] [<CommonParameters>]
Get-MailboxFolderStatistics [-AuditLog] [-DomainController <Fqdn>]

[-FolderScope <Microsoft.Exchange.Data.Directory.SystemConfiguration.ElcFolderType>]
[[-Identity] <GeneralMailboxOrMailUserIdParameter>] [-IncludeAnalysis]
[-IncludeOldestAndNewestItems] [-DiagnosticInfo <String>] [-IncludeSoftDeletedRecipients] [<CommonParameters>]
Description
A mailbox can have hidden items that are never visible to the user and are only used by applications. The Get-
MailboxFolderStatistics cmdlet can return hidden items for the following values: FolderSize,
FolderAndSubfolderSize, ItemsInFolder and ItemsInFolderAndSubfolders.
The Get-MailboxFolderStatistics cmdlet shouldn't be confused with the Get-MailboxStatistics cmdlet. For more
information, see Get-MailboxStatistics.
Examples
-------------------------- Example 1 --------------------------
Get-MailboxFolderStatistics -Identity contoso\chris
This example doesn't specify the FolderScope parameter and retrieves all the information about the user Chris in
the Contoso domain.
-------------------------- Example 2 --------------------------
Get-MailboxFolderStatistics -Identity Chris -FolderScope Calendar
This example uses the FolderScope parameter to view the statistics for calendar folders for the user Chris.
-------------------------- Example 3 --------------------------
Get-MailboxFolderStatistics -Identity Ayla@contoso.com -Archive
This example uses the Archive switch to view the statistics for Ayla's archive.
-------------------------- Example 4 --------------------------
Get-MailboxFolderStatistics -Identity "Tony" -FolderScope RecoverableItems -IncludeAnalysis
This example uses the IncludeAnalysis switch to view the statistics of Tony's Recoverable Items folder.
Parameters
-Archive
The Archive switch specifies whether to return the usage statistics of the archive associated with the mailbox or
mail user. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-AuditLog
Required: False
Position: Named
Default value: None
-DiagnosticInfo
Type: String
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-FolderScope
The FolderScope parameter specifies the scope of the search by folder type. Valid parameter values include:
All
Archive
Calendar
Contacts
ConversationHistory
DeletedItems
Drafts
Inbox
JunkEmail
Journal
LegacyArchiveJournals
ManagedCustomFolder
NonIpmRoot
Notes
Outbox
Personal
RecoverableItems
RssSubscriptions
SentItems
SyncIssues
Tasks
The ManagedCustomFolder value returns output for all managed custom folders. The RecoverableItems value
returns output for the Recoverable Items folder and the Deletions, DiscoveryHolds, Purges, and Versions
subfolders.
Type: Microsoft.Exchange.Data.Directory.SystemConfiguration.ElcFolderType
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the identity of the mailbox or mail user. You can use any value that uniquely
identifies the mailbox or mail user. For example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Type: GeneralMailboxOrMailUserIdParameter
Required: True
Position: 1
Default value: None
-IncludeAnalysis
The IncludeAnalysis switch specifies whether to scan all items within a folder and return statistics related to the
folder and item size. You don't need to specify a value with this switch.
You should use this switch for troubleshooting purposes, because the command might take a long time to
complete.
Required: False
Position: Named
Default value: None
-IncludeOldestAndNewestItems
The IncludeOldestAndNewestItems switch specifies whether to return the dates of the oldest and newest items in
each folder. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-IncludeSoftDeletedRecipients
{{Fill IncludeSoftDeletedRecipients Description}}
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
may be exclusive to one environment or the other. Use the Get-MailboxImportRequest cmdlet to view the detailed
status of an ongoing import request that was initiated using the New -MailboxImportRequest cmdlet. This cmdlet is
available only in the Mailbox Import Export role, and by default, the role isn't assigned to any role groups. To use
this cmdlet, you need to add the Mailbox Import Export role to a role group (for example, to the Organization
Management role group). For more information, see the "Add a role to a role group" section in Manage role groups
Syntax
Get-MailboxImportRequest [[-Identity] <MailboxImportRequestIdParameter>]
[-Mailbox <MailboxOrMailUserIdParameter>]
[-Name <String>]
[-Mailbox <MailboxLocationIdParameter>]
[-Name <String>]
Description
The search criteria for the Get-MailboxImportRequest cmdlet is a Boolean And statement. If you use multiple
parameters, you narrow your search and reduce your search results.
Examples
-------------------------- Example 1 --------------------------
Get-MailboxImportRequest -Identity "tony\Recovered"
This example returns the default information regarding the status of the ongoing import request with the identity
tony\Recovered. The type of information returned by default includes name, mailbox, and status.
-------------------------- Example 2 --------------------------
Get-MailboxImportRequest -Status InProgress -Database DB01
In Exchange Server 2010, this example returns the status of in progress import requests for mailboxes or archives
that reside on database DB01.
-------------------------- Example 3 --------------------------
Get-MailboxImportRequest -BatchName "ImportingDB1PSTs" -Status Completed
This example returns the status of import requests in the ImportingDB1PSTs batch that completed.
-------------------------- Example 4 --------------------------
Get-MailboxImportRequest -Name "Recovered" -Suspend $true
This example returns all import requests that have the name Recovered where the import has been suspended.
Parameters
-BatchName
The BatchName parameter specifies the name given to a batch import request.
Type: String
Required: False
Position: Named
Default value: None
-Database
The Database parameter specifies the database in which the user's mailbox or archive resides. You can use any
Name
GUID
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-HighPriority

Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the identity of the import request. By default, import requests are named
<alias>\MailboxImportX (where X = 0-9). If you specify a name for the import request, use the following syntax:
<alias>\<name>. Microsoft Exchange automatically precedes the request with the mailbox's alias.
You can't use this parameter with the following parameters:
BatchName
Mailbox
Name
Status
Suspend
HighPriority
Type: MailboxImportRequestIdParameter
Required: False
Position: 1
Default value: None
-Mailbox
The Mailbox parameter filters the results by the destination mailbox where the content is being imported to.
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies that import requests that have the specified name are returned.
Use this parameter to search on the name that you provided when you created the import request. If you didn't
specify a name when the request was created, the default name is MailboxImportX (where X = 0-9).
Type: String
Required: False
Position: Named
Default value: None
-RequestQueue
Name
GUID
Required: False
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
-Status
AutoSuspended
Completed
Failed
InProgress
Queued
Retrying
Suspended
Synced
CompletionInProgress and AutoSuspended don't apply to import requests and won't return any information.

Suspended | Failed
Required: False
Position: Named
Default value: None
-Suspend

Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-MailboxImportRequestStatistics
In ths Article
may be exclusive to one environment or the other. Use the Get-MailboxImportRequestStatistics cmdlet to view
detailed information about import requests. This cmdlet is available only in the Mailbox Import Export role, and by
Syntax
Get-MailboxImportRequestStatistics [-Identity] <MailboxImportRequestIdParameter>
[-Diagnostic]
[-DiagnosticArgument <String>]
[-IncludeReport]
[-ReportOnly]
Get-MailboxImportRequestStatistics [-Identity] <MailboxImportRequestIdParameter>

[-DiagnosticInfo <String>]
[-IncludeReport]
[-ReportOnly]
Get-MailboxImportRequestStatistics -MRSInstance <Fqdn>

[-RequestGuid <Guid>]
Get-MailboxImportRequestStatistics -RequestQueue <DatabaseIdParameter>

[-Diagnostic]
[-IncludeReport]
[-ReportOnly]
Description
You can pipeline the Get-MailboxImportRequestStatistics cmdlet from the Get-MailboxImportRequest cmdlet.
Examples
-------------------------- Example 1 --------------------------
Get-MailboxImportRequestStatistics -Identity Tony\MailboxImport1
This example returns the default statistics for the second import request for Tony Smith. The type of information
returned by default includes name, mailbox and status.
-------------------------- Example 2 --------------------------
Get-MailboxImportRequestStatistics -Identity Tony\MailboxImport1 | Export-CSV

\\SERVER01\ImportRequest_Reports\Tony_Importstats.csv
This example returns the detailed statistics for the second import request for Tony Smith's mailbox and exports the
report to a .csv file.
-------------------------- Example 3 --------------------------
Get-MailboxImportRequestStatistics -Identity Tony\LegalHold -IncludeReport | Format-List
This example returns additional information about the import request for Tony Smith's mailbox by using the
IncludeReport parameter and by pipelining the results to the Format-List command.
-------------------------- Example 4 --------------------------
Get-MailboxImportRequestStatistics -MRSInstance CAS01.contoso.com
In Exchange Server 2010, this example returns default statistics for an import request that was processed by the
instance of MRS running on the server CAS01.
-------------------------- Example 5 --------------------------
Get-MailboxImportRequest -Status Failed | Get-MailboxImportRequestStatistics -IncludeReport | Format-List >

AllImportReports.txt
This example returns additional information for all the import requests that have a status of Failed by using the
IncludeReport parameter, and then saves the information to the text file AllImportReports.txt.
Parameters
-Diagnostic
Required: False
Position: Named
Default value: None
-DiagnosticArgument
Type: String
Required: False
Position: Named
Default value: None
-DiagnosticInfo
Type: String
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
<alias>\MailboxImportX (where X = 0-9). If you specified a name when you created the import request, use the
following syntax: <alias>\<name>.
Required: True
Position: 1
Default value: None
-IncludeReport
Required: False
Position: Named
Default value: None
-MRSInstance
Type: Fqdn
Required: True
Position: Named
Default value: None
-ReportOnly
Required: False
Position: Named
Default value: None
-RequestGuid
The RequestGuid parameter (together with the RequestQueue parameter) specifies the unique identifier for the
import request. To find the import request GUID, use the Get-MailboxImportRequest cmdlet.
Type: Guid
Required: False
Position: Named
Default value: None
-RequestQueue
Name
GUID
Required: True
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-MailboxLocation
In ths Article
may be exclusive to one environment or the other. Use the Get-MailboxLocation cmdlet to view mailbox location
information in Exchange Online. For information about the parameter sets in the Syntax section below, see
Syntax
Get-MailboxLocation -Database <DatabaseIdParameter>
[-Confirm]
[-MailboxLocationType <MailboxLocationType>]
Get-MailboxLocation -Identity <MailboxLocationIdParameter>

[-Confirm]
Get-MailboxLocation -User <UserIdParameter> [-IncludePreviousPrimary]

[-Confirm]
Description
Examples
-------------------------- Example 1 --------------------------
Get-MailboxLocation -User chris@contoso.com
In Exchange Online, this example returns the mailbox location information for the user chris@contoso.com.
-------------------------- Example 2 --------------------------
Get-MailboxLocation -Identity e15664af-82ed-4635-b02a-df7c2e03d950
In Exchange Server or Exchange Online, this example returns the mailbox location information for the specified
mailbox GUID (the ExchangeGuid property value from the results of Get-Mailbox -Identity <MailboxIdentity> |
Format-List ExchangeGuid).
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Database
The Database parameter returns the mailbox location information for all mailboxes on the specified mailbox
database. You can use any value that uniquely identifies the database. For example:
Name
GUID
Required: True
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox location object that you want to view. The value uses the either of the
following formats:
<TenantGUID>\<MailboxGUID>
<MailboxGUID>
In Exchange Server or Exchange Online, you can run the following command to find and compare the
<MailboxGUID> values for the user: Get-Mailbox -Identity <MailboxIdentity> | Format-List
*GUID,MailboxLocations.
In Exchange Online, you can find the <TenantGUID> and <MailboxGUID> values after you run Get-
MailboxLocation with the User parameter.
You can't use this parameter with the User parameter.
Type: MailboxLocationIdParameter
Required: True
Position: Named
Default value: None
-IncludePreviousPrimary
The IncludePreviousPrimary switch specifies whether to include the previous primary mailbox in the results. You
You can only use this switch with the User parameter.
Required: False
Position: Named
Default value: None
-MailboxLocationType
The MailboxLocationType filters the results by the type of mailbox. Valid values are:
Aggregated
AuxArchive
AuxPrimary
ComponentShared
MainArchive
PreviousPrimary (Exchange Online only)
Primary
Type: MailboxLocationType
Required: False
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
-User
The User parameter specifies the user whose mailbox location you want to view. You can use any value that
uniquely identifies the user. For example:
Name
Canonical DN
GUID
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Get-MailboxPermission
In ths Article
may be exclusive to one environment or the other. Use the Get-MailboxPermission cmdlet to retrieve permissions
on a mailbox. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Get-MailboxPermission [-Identity] <MailboxIdParameter> [-Owner]
Get-MailboxPermission [-Identity] <MailboxIdParameter> [-User <SecurityPrincipalIdParameter>]

Description
The output of this cmdlet shows the following information:
Identity: The mailbox in question.
User: The security principal (user, security group, Exchange management role group, etc.) that has permission to
the mailbox.
AccessRights: The permission that the security principal has on the mailbox. The available values are
ChangeOwner (change the owner of the mailbox), ChangePermission (change the permissions on the mailbox),
DeleteItem (delete the mailbox), ExternalAccount (indicates the account isn't in the same domain), FullAccess
(open the mailbox, access its contents, but can't send mail) and ReadPermission (read the permissions on the
mailbox). Whether the permissions are allowed or denied is indicated in the Deny column.
IsInherited: Whether the permission is inherited (True) or directly assigned to the mailbox (False). Permissions
are inherited from the mailbox database and/or Active Directory. Typically, directly assigned permissions
override inherited permissions.
Deny: Whether the permission is allowed (False) or denied (True). Typically, deny permissions override allow
permissions.
By default, the following permissions are assigned to user mailboxes:
FullAccess and ReadPermission are directly assigned to NT AUTHORITY\SELF. This entry gives a user
permission to their own mailbox.
FullAccess is denied to Administrator, Domain Admins, Enterprise Admins and Organization Management.
These inherited permissions prevent these users and group members from opening other users' mailboxes.
ChangeOwner, ChangePermission, DeleteItem, and ReadPermission are allowed for Administrator, Domain
Admins, Enterprise Admins and Organization Management. Note that these inherited permission entries also
appear to allow FullAccess. However, these users and groups do not have FullAccess to the mailbox because the
inherited Deny permission entries override the inherited Allow permission entries.
FullAccess is inherited by NT AUTHORITY\SYSTEM and ReadPermission is inherited by NT
AUTHORITY\NETWORK.
FullAccess and ReadPermission are inherited by Exchange Servers, ChangeOwner, ChangePermission,
DeleteItem, and ReadPermission are inherited by Exchange Trusted Subsystem and ReadPermission is inherited
by Managed Availability Servers.
By default, other security groups and role groups inherit permissions to mailboxes based on their location (on-
premises Exchange or Office 365).
Examples
-------------------------- Example 1 --------------------------
Get-MailboxPermission -Identity john@contoso.com | Format-List
This example returns permissions on the mailbox by its SMTP address john@contoso.com.
-------------------------- Example 2 --------------------------
Get-MailboxPermission -Identity john@contoso.com -User "Ayla"
This example returns permissions that the user Ayla has on John's mailbox.
-------------------------- Example 3 --------------------------
Get-MailboxPermission -Identity Room222 -Owner
This example returns the owner information for the resource mailbox Room222.
Parameters
-Credential
Type: PSCredential
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox you want to view. You can use any value that uniquely identifies the
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-Owner
The Owner parameter returns the owner information for the mailbox identified in the Identity parameter.
This parameter can't be used with the User parameter.
Required: False
Position: Named
Default value: None
the user's domain.
If you set the recipient scope to include all recipients in the forest, and if you don't use this parameter, it's possible
that the user information is read from a global catalog with outdated information.
If you use this parameter, multiple reads might be necessary to get the information.
By default, the recipient scope is set to the domain that hosts your servers that run Exchange.
Required: False
Position: Named
Default value: None
-ResultSize
The ResultSize parameter specifies the maximum number of recipient objects returned.
Type: Unlimited
Required: False
Position: Named
Default value: None
-User
The User parameter specifies the UPN, domain\user, or the alias of the user.
This parameter can't be used with the Owner parameter.
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-MailboxPlan
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-MailboxPlan cmdlet to view information about
mailbox plans in the cloud-based service. For information about the parameter sets in the Syntax section below, see
Syntax
Get-MailboxPlan [[-Identity] <MailboxPlanIdParameter>]
[-AllMailboxPlanReleases]
[-Filter <String>]
[-SortBy <String>]
Description
A mailbox plan is a template that automatically configures mailbox properties. Mailbox plans correspond to license
types, and are applied when you license the user. The availability of a mailbox plan is determined by your selections
when you enroll in the service and the age of your organization.
Examples
-------------------------- Example 1 --------------------------
Get-MailboxPlan
This example returns a summary list of all mailbox plans in the organization.
-------------------------- Example 2 --------------------------
Get-MailboxPlan -Identity ExchangeOnlineEnterprise | Format-List
This example returns detailed information for the mailbox plan that has the display name
ExchangeOnlineEnterprise.
Parameters
-AllMailboxPlanReleases
The AllMailboxPlanReleases switch specifies whether to include mailbox plans that were used in previous versions
of the service in the results. You don't need to specify a value with this switch.
If you don't use this switch, the command returns only mailbox plans that are used in the current version of the
service. This parameter has meaning only for organizations that were enrolled in previous versions of the service.
Required: False
Position: Named
Default value: None
-Credential
Type: PSCredential
Required: False
Position: Named
Default value: None
-Filter
Type: String
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox plan that you want to view. You can use any value that uniquely
identifies the mailbox plan. For example:
Name
Alias
Display name
GUID
Required: False
Position: 1
Default value: None
-IgnoreDefaultScope
Required: False
Position: Named
Default value: None
-OrganizationalUnit
Required: False
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
-SortBy
You can sort by the following attributes:
Alias
DisplayName
Name
Type: String
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-MailboxRestoreRequest
In ths Article
may be exclusive to one environment or the other. Use the Get-MailboxRestoreRequest cmdlet to view detailed
status of an ongoing restore request that was initiated by using the New -MailboxRestoreRequest cmdlet. For
Syntax
Get-MailboxRestoreRequest [[-Identity] <MailboxRestoreRequestIdParameter>]
Get-MailboxRestoreRequest [-BatchName <String>] [-HighPriority <$true | $false>] [-Name <String>] [-

RequestQueue <DatabaseIdParameter>] [-SourceDatabase <DatabaseIdParameter>] [-Status <None | Queued |
InProgress | AutoSuspended | CompletionInProgress | Completed | CompletedWithWarning | Suspended | Failed>] [-
Suspend <$true | $false>] [-TargetDatabase <DatabaseIdParameter>] [-TargetMailbox
<MailboxOrMailUserIdParameter>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-MailboxRestoreRequest -Identity "ayla\MailboxRestore"
This example returns the status of the in-progress and queued restore request with the identity
ayla\MailboxRestore.
-------------------------- Example 2 --------------------------
Get-MailboxRestoreRequest -TargetDatabase MBD01
In Exchange Server 2010, this example returns the status of in progress and queued restore requests that are being
restored to the target database MBD01.
-------------------------- Example 3 --------------------------
Get-MailboxRestoreRequest -RequestQueue MBD01
This example returns the status of in-progress and queued restore requests that are being restored to the mailbox
database MBD01.
-------------------------- Example 4 --------------------------
Get-MailboxRestoreRequest -Name "RestoreToMBD01" -Suspend $true
This example returns all restore requests that have the name RestoreToMBD01 where the restore request has been
suspended.
Parameters
-BatchName
The BatchName parameter specifies the name given to a batch of restore requests.
Type: String
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-HighPriority
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the identity of the restore request. The Identity parameter consists of the alias of
the mailbox to be restored and the name that was specified when the restore request was created. The identity of
the restore request uses the following syntax: <alias>\<name>.
If you didn't specify a name for the restore request when it was created, Exchange automatically generated the
default name MailboxRestore. Exchange generates up to 10 names, starting with MailboxRestore and then
MailboxRestoreX (where X = 1-9).
You can't use this parameter with the Name parameter.
Type: MailboxRestoreRequestIdParameter
Required: False
Position: 1
Default value: None
-Name
The Name parameter specifies that any restore request that has the specified name is returned.
Use this parameter to search on the name you provided when you created the restore request.
Type: String
Required: False
Position: Named
Default value: None
-RequestQueue
Name
GUID
Required: False
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
-SourceDatabase
The SourceDatabase parameter specifies that the cmdlet should only return restore requests for mailboxes that are
being restored from the specified source database. You can use any value that uniquely identifies the database. For
example:
Name
GUID
Required: False
Position: Named
Default value: None
-Status
AutoSuspended
Completed
Failed
InProgress
Queued
Retrying
Suspended
Synced

Suspended | Failed
Required: False
Position: Named
Default value: None
-Suspend

Required: False
Position: Named
Default value: None
-TargetDatabase
The TargetDatabase parameter specifies that the cmdlet should only return restore requests for mailboxes that
reside on the target database. You can use any value that uniquely identifies the database. For example:
Name
GUID
Required: False
Position: Named
Default value: None
-TargetMailbox
The TargetMailbox parameter specifies the identity of the target mailbox. You can use the following values:
GUID
Domain\Account
Legacy Exchange DN
SMTP address
Alias
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-MailboxRestoreRequestStatistics
In ths Article
may be exclusive to one environment or the other. Use the Get-MailboxRestoreRequestStatistics cmdlet to view
detailed information about restore requests. For information about the parameter sets in the Syntax section below,
Syntax
Get-MailboxRestoreRequestStatistics [-Identity] <MailboxRestoreRequestIdParameter>
[-Diagnostic]
[-IncludeReport]
[-ReportOnly]
Get-MailboxRestoreRequestStatistics [-Identity] <MailboxRestoreRequestIdParameter>

[-IncludeReport]
[-DiagnosticInfo <String>]
[-ReportOnly]
Get-MailboxRestoreRequestStatistics -MRSInstance <Fqdn>

Get-MailboxRestoreRequestStatistics -RequestQueue <DatabaseIdParameter>

[-Diagnostic]
[-IncludeReport]
[-ReportOnly]
Description
Examples
-------------------------- Example 1 --------------------------
Get-MailboxRestoreRequestStatistics -Identity "Tony\MailboxRestore1"
This example returns the default statistics for the restore request with the identity Tony\MailboxRestore1. The type
of information returned by default includes name, mailbox, status and percent complete.
-------------------------- Example 2 --------------------------
Get-MailboxRestoreRequestStatistics -Identity Tony\MailboxRestore | Export-CSV

\\SERVER01\RestoreRequest_Reports\Tony_Restorestats.csv
This example returns the statistics for Tony Smith's mailbox and exports the report to a CSV file.
-------------------------- Example 3 --------------------------
Get-MailboxRestoreRequestStatistics -Identity Tony\MailboxRestore -IncludeReport | Format-List
This example returns additional information about the restore request for Tony Smith's mailbox by using the
IncludeReport parameter and by pipelining the results to the Format-List command.
-------------------------- Example 4 --------------------------
Get-MailboxRestoreRequestStatistics -MRSInstance CAS01.contoso.com
In Exchange Server 2010 and 2013, this example returns default statistics for a restore request being processed by
the instance of MRS running on the server CAS01. This command only returns information for restore requests
currently being processed by an instance of MRS. If the Client Access server is finished processing all restore
requests, no information is returned. This command is for debugging purposes only and should only be performed
if requested by support personnel.
-------------------------- Example 5 --------------------------
Get-MailboxRestoreRequest -Status Failed | Get-MailboxRestoreRequestStatistics -IncludeReport | Format-List >

C:\Reports\AllRestoreReports.txt
This example returns additional information for all the restore requests that have a status of Failed by using the
IncludeReport parameter and then saves the information to the text file C:\Reports\AllRestoreReports.txt.
Parameters
-Diagnostic
Required: False
Position: Named
Default value: None
-DiagnosticArgument
Type: String
Required: False
Position: Named
Default value: None
-DiagnosticInfo
Type: String
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
You can't use this parameter with the MRSInstance or RequestQueue parameters.
Required: True
Position: 1
Default value: None
-IncludeReport
Required: False
Position: Named
Default value: None
-MRSInstance
Type: Fqdn
Required: True
Position: Named
Default value: None
-ReportOnly
Required: False
Position: Named
Default value: None
-RequestGuid
The RequestGuid parameter specifies the unique identifier for the restore request. To find the GUID, use the Get-
MailboxRestoreRequest cmdlet.
Type: Guid
Required: False
Position: Named
Default value: None
-RequestQueue
Name
GUID
Required: True
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-MailboxSentItemsConfiguration
In ths Article
This cmdlet is available only in Exchange Server 2010. Use the Get-MailboxSentItemsConfiguration cmdlet to view
the Sent Items settings on mailboxes. For information about the parameter sets in the Syntax section below, see
Syntax
Get-MailboxSentItemsConfiguration [-DomainController <Fqdn>] [-Identity <MailboxIdParameter>]
Description
By default, when you use Send As or Send On Behalf Of to send a message from another mailbox, the message is
saved in your Sent Items folder (not in the Sent Items folder of the source mailbox). In Microsoft Exchange Server
2010 Service Pack 3 (SP3), you can save copies messages in the Sent Items folder of the sender and the source
mailbox. For example, consider a shared mailbox that receives customer feedback and is monitored by multiple
users. When someone responds to a message in the shared mailbox, you can save the message in the Sent Items
folder of the shared mailbox and the sender's mailbox.
Examples
-------------------------- Example 1 --------------------------
Get-MailboxSentItemsConfiguration -Identity "Customer Support Feedback"
This example returns the Sent Items configuration for the shared mailbox named "Customer Support Feedback".
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox whose Sent Items configuration you want to view. You can use any
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Get-MailboxStatistics
In ths Article
may be exclusive to one environment or the other. Use the Get-MailboxStatistics cmdlet to obtain information
about a mailbox, such as the size of the mailbox, the number of messages it contains, and the last time it was
accessed. In addition, you can get the move history or a move report of a completed move request. For information
Syntax
Get-MailboxStatistics -Database <DatabaseIdParameter> [[-StoreMailboxIdentity] <StoreMailboxIdParameter>]
[-CopyOnServer <ServerIdParameter>]
[-Filter <String>]
[-IncludeMoveHistory]
[-IncludeMoveReport]
[-IncludeQuarantineDetails]
[-NoADLookup] [<CommonParameters>]
Get-MailboxStatistics [-Identity] <GeneralMailboxOrMailUserIdParameter> [-Archive]

[-IncludeSoftDeletedRecipients]
[-NoADLookup]
Get-MailboxStatistics -Server <ServerIdParameter>

[-Filter <String>]
[-IncludePassive]
[-NoADLookup] [<CommonParameters>]
Description
On Mailbox servers only, you can use the Get-MailboxStatistics cmdlet without parameters. In this case, the cmdlet
returns the statistics for all mailboxes on all databases on the local server.
The Get-MailboxStatistics cmdlet requires at least one of the following parameters to complete successfully: Server,
Database or Identity.
You can use the Get-MailboxStatistics cmdlet to return detailed move history and a move report for completed
move requests to troubleshoot a move request. To view the move history, you must pass this cmdlet as an object.
Move histories are retained in the mailbox database and are numbered incrementally and the last executed move
request is always numbered 0. For more information, see "Example 7," "Example 8," and "Example 9" in this topic.
You can only see move reports and move history for completed move requests.
Examples
-------------------------- Example 1 --------------------------
Get-MailboxStatistics -Identity AylaKol
This example retrieves the mailbox statistics for the mailbox of the user Ayla Kol by using its associated alias
AylaKol.
-------------------------- Example 2 --------------------------
Get-MailboxStatistics -Server MailboxServer01
This example retrieves the mailbox statistics for all mailboxes on the server MailboxServer01.
-------------------------- Example 3 --------------------------
Get-MailboxStatistics -Identity contoso\chris
This example retrieves the mailbox statistics for the specified mailbox.
-------------------------- Example 4 --------------------------
Get-MailboxStatistics -Database "Mailbox Database"
This example retrieves the mailbox statistics for all mailboxes in the specified mailbox database.
-------------------------- Example 5 --------------------------
Get-MailboxDatabase | Get-MailboxStatistics -Filter 'DisconnectDate -ne $null'
This example retrieves the mailbox statistics for the disconnected mailboxes for all mailbox databases in the
organization. The -ne operator means not equal.
-------------------------- Example 6 --------------------------
Get-MailboxStatistics -Database "Mailbox Database" -StoreMailboxIdentity 3b475034-303d-49b2-9403-ae022b43742d
This example retrieves the mailbox statistics for a single disconnected mailbox. The value for the
StoreMailboxIdentity parameter is the mailbox GUID of the disconnected mailbox. You can also use the LegacyDN.
-------------------------- Example 7 --------------------------
Get-MailboxStatistics -Identity AylaKol -IncludeMoveHistory | Format-List
This example returns the summary move history for the completed move request for Ayla Kol's mailbox. If you
don't pipeline the output to the Format-List cmdlet, the move history doesn't display.
-------------------------- Example 8 --------------------------
$temp=Get-MailboxStatistics -Identity AylaKol -IncludeMoveHistory; $temp.MoveHistory[0]
This example returns the detailed move history for the completed move request for Ayla Kol's mailbox. This
example uses a temporary variable to store the mailbox statistics object. If the mailbox has been moved multiple
times, there are multiple move reports. The last move report is always MoveReport[0].
-------------------------- Example 9 --------------------------
$temp=Get-MailboxStatistics -Identity AylaKol -IncludeMoveReport; $temp.MoveHistory[0] | Export-CSV

C:\MoveReport_AylaKol.csv
This example returns the detailed move history and a verbose detailed move report for Ayla Kol's mailbox. This
example uses a temporary variable to store the move request statistics object and outputs the move report to a
CSV file.
Parameters
-Archive
The Archive switch parameter specifies whether to return mailbox statistics for the archive mailbox associated with
the specified mailbox.
Required: False
Position: Named
Default value: None
-CopyOnServer
The CopyOnServer parameter is used to retrieve statistics from a specific database copy on the specified server.
Name
FQDN
Exchange Legacy DN
Required: False
Position: Named
Default value: None
-Database
The Database parameter returns statistics for all mailboxes on the specified database. You can use any value that
Name
GUID
This parameter accepts pipeline input from the Get-MailboxDatabase cmdlet.
Required: True
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Filter
The Filter parameter specifies a filter to filter the results of the Get-MailboxStatistics cmdlet. For example, to display
all disconnected mailboxes on a specific mailbox database, use the following syntax for this parameter: -Filter
'DisconnectDate -ne $null'
Type: String
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox that you want to return statistics for. You can use any value that
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-IncludeMoveHistory
The IncludeMoveHistory switch specifies whether to return additional information about the mailbox that includes
the history of a completed move request, such as status, flags, target database, bad items, start times, end times,
duration that the move request was in various stages, and failure codes.
Required: False
Position: Named
Default value: None
-IncludeMoveReport
The IncludeMoveReport switch specifies whether to return a verbose detailed move report for a completed move
request, such as server connections and move stages.
Because the output of this command is verbose, you should send the output to a .CSV file for easier analysis.
Required: False
Position: Named
Default value: None
-IncludePassive
Without the IncludePassive parameter, the cmdlet retrieves statistics from active database copies only. Using the
IncludePassive parameter, you can have the cmdlet return statistics from all active and passive database copies.
Required: False
Position: Named
Default value: None
-IncludeQuarantineDetails
The IncludeQuarantineDetails switch specifies whether to return additional quarantine details about the mailbox
that aren't otherwise included in the results. You can use these details to determine when and why the mailbox was
quarantined.
Specifically, this switch returns the values of the QuarantineDescription, QuarantineLastCrash and QuarantineEnd
properties on the mailbox. To see these values, you need use a formatting cmdlet. For example, Get-
MailboxStatistics <MailboxIdentity> -IncludeQuarantineDetails | Format-List Quarantine*.
Required: False
Position: Named
Default value: None
-IncludeSoftDeletedRecipients
{{Fill IncludeSoftDeletedRecipients Description}}
Required: False
Position: Named
Default value: None
-NoADLookup
The NoADLookup switch specifies that information is retrieved from the mailbox database, and not from Active
Directory. This helps improve cmdlet performance when querying a mailbox database that contains a large number
of mailboxes.
Required: False
Position: Named
Default value: None
-Server
The Server parameter specifies the server from which you want to obtain mailbox statistics. You can use one of the
following values:
NetBIOS name
When you specify a value for the Server parameter, the command returns statistics for all the mailboxes on all the
databases, including recovery databases, on the specified server. If you don't specify this parameter, the command
returns logon statistics for the local server.
Required: True
Position: Named
Default value: None
The StoreMailboxIdentity parameter specifies the mailbox identity when used with the Database parameter to
return statistics for a single mailbox on the specified database. You can use one of the following values:
MailboxGuid
LegacyDN
Use this syntax to retrieve information about disconnected mailboxes, which don't have a corresponding Active
Directory object or that has a corresponding Active Directory object that doesn't point to the disconnected mailbox
in the mailbox database.
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-MailboxUserConfiguration
In ths Article
may be exclusive to one environment or the other. Use the Get-MailboxUserConfiguration cmdlet to view user
configuration items in mailboxes. For information about the parameter sets in the Syntax section below, see
Syntax
Get-MailboxUserConfiguration [-Identity] <MailboxUserConfigurationIdParameter> -Mailbox <MailboxIdParameter>
[-Confirm] [-DomainController <Fqdn>] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-MailboxUserConfiguration -Mailbox laura@contoso.com -Identity Configuration\* | Format-Table -Auto Identity
This example returns a summary list of all user configuration items in the Configuration folder in the mailbox
laura@contoso.com.
-------------------------- Example 2 --------------------------
Get-MailboxUserConfiguration -Mailbox julia@contoso.com -Identity

Configuration\IPM.Configuration.Aggregated.OwaUserConfiguration
This example returns detailed information for the specified user configuration item in the mailbox
julia@contoso.com.
Parameters
-Confirm
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the user configuration item that you want to view. This parameter uses the syntax
<MailboxFolder>\<ItemName>:
Valid values for <MailboxFolder> are folder names (for example, Inbox or Calendar), the value Configuration,
or the value Root. Wildcards (*) aren't supported.
Valid values for <ItemName> start with IPM.Configuration (for example,
IPM.Configuration.Aggregated.OwaUserConfiguration. Wildcards (*) are supported.
Type: MailboxUserConfigurationIdParameter
Required: True
Position: 1
Default value: None
-Mailbox
The Mailbox parameter specifies the mailbox that contains the user configuration items you want to view. You can
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Get-MessageCategory
In ths Article
may be exclusive to one environment or the other. Use the Get-MessageCategory cmdlet to retrieve a message
category from the specified mailbox. For information about the parameter sets in the Syntax section below, see
Syntax
Get-MessageCategory [[-Identity] <MessageCategoryIdParameter>] [-DomainController <Fqdn>]
[-Mailbox <MailboxIdParameter>] [<CommonParameters>]
Description
The Get-MessageCategory cmdlet is used by the web management interface in Microsoft Exchange to populate
fields that display message category information.
Examples
-------------------------- Example 1 --------------------------
Get-MessageCategory -Mailbox "User1"
This example retrieves message categories from the mailbox User1.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name of the message category to be retrieved.
Type: MessageCategoryIdParameter
Required: False
Position: 1
Default value: None
-Mailbox
The Mailbox parameter specifies mailbox that you want to view. You can use any value that uniquely identifies the
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-RecipientPermission
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-RecipientPermission cmdlet to view
information about SendAs permissions that are configured for users in a cloud-based organization. For information
Syntax
Get-RecipientPermission [[-Identity] <RecipientIdParameter>] [-AccessRights <MultiValuedProperty>]
[-ReadFromDomainController] [-ResultSize <Unlimited>] [-Trustee <SecurityPrincipalIdParameter>]
Description
When a user is given SendAs permission to another user or group, the user can send messages that appear to
come from the other user or group.
Examples
-------------------------- Example 1 --------------------------
Get-RecipientPermission -Trustee "Kim Akers"
This example lists the recipients for whom the user Kim Akers has SendAs permission. Kim can send messages that
appear to come directly from the recipients.
-------------------------- Example 2 --------------------------
Get-RecipientPermission "Help Desk"
This example lists the users who have SendAs permission on the mailbox Help Desk. The users listed can send
messages that appear to come directly from the Help Desk mailbox.
Parameters
-AccessRights
The AccessRights parameter filters the results by permission.
Valid input for this parameter is SendAs.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter filters the results by the target recipient. The user or group specified by the Trustee
parameter can operate on this recipient.
Mailboxes
Mail users
External contacts
Distribution groups
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: 1
Default value: None
the user's domain.
Required: False
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
-Trustee
The Trustee parameter filters the results by the user or group to whom you're granting the permission. The user or
group can operate on the recipient specified by the Identity parameter.
You can specify the following types of users or groups:
Mailbox users
Mail users with a Microsoft account (formerly known as a Windows Live ID )
Security groups
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-RecoverableItems
In ths Article
may be exclusive to one environment or the other. Use the Get-RecoverableItems items cmdlet to view deleted
items in mailboxes. After you find the deleted items, you use the Restore-RecoverableItems cmdlet to restore them.
This cmdlet is available only in the Mailbox Import Export role, and by default, the role isn't assigned to any role
groups. To use this cmdlet, you need to add the Mailbox Import Export role to a role group (for example, to the
Syntax
Get-RecoverableItems -Identity <GeneralMailboxOrMailUserIdParameter>
[-EntryID <String>]
[-FilterEndTime <DateTime>]
[-FilterItemType <String>]
[-FilterStartTime <DateTime>]
[-LastParentFolderID <String>]
[-SourceFolder <RecoverableItemsFolderType>]
[-SubjectContains <String>]
Get-RecoverableItems -Identity <GeneralMailboxOrMailUserIdParameter[]>

[-EntryID <String>]
[-MaxParallelSize <Int32>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-RecoverableItems -Identity laura@contoso.com -Subject -SubjectContains "FY17 Accounting" -FilterItemType
IPM.Note -FilterStartTime "2/1/2018 12:00:00 AM" -FilterEndTime "2/5/2018 11:59:59 PM"
This example returns all of the available recoverable deleted messages with the specified subject in the mailbox
laura@contoso.com for the specified date/time range.
-------------------------- Example 2 --------------------------
Get-RecoverableItems -Identity "malik@contoso.com", "lillian@contoso.com" -FilterItemType IPM.Note -

FilterStartTime "3/15/2019 12:00:00 AM" -FilterEndTime "3/25/2019 11:59:59 PM"
This example returns all of the available recoverable deleted messages with the specified subject in the mailboxes of
both malik@contoso.com and lillian@contoso.com for the specified date/time range.
Parameters
-EntryID
The EntryID parameter specifies the deleted item that you want to restore. The EntryID value for the deleted item is
unique in the mailbox.
You can find the EntryID for specific items by using other search filters on the Get-RecoverableItems cmdlet
(subject, date range, etc.).
Type: String
Required: False
Position: Named
Default value: None
-FilterEndTime
The FilterEndTime specifies the end date/time of the date range.
Type: DateTime
Required: False
Position: Named
Default value: None
-FilterItemType
The FilterItemType parameter filters the results by the specified MessageClass (ItemClass) property value of the
deleted item. For example:
IPM.Appointment (Meetings and appointments)
IPM.Contact
IPM.File
IPM.Note
IPM.Task
Type: String
Required: False
Position: Named
Default value: None
-FilterStartTime
The FilterStartTime specifies the start date/time of the date range.
Type: DateTime
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox that contains the deleted items that you want to view. You can use any
Name
Alias
Canonical DN
<domain name><account name>
Email address
GUID
LegacyExchangeDN
SamAccountName
In tExchange Online, you can specify multiple mailboxes separated by commas. If the values contain spaces or
otherwise require quotation marks, use the following syntax: "<Value1>","<Value2>",..."<ValueX>".
Required: False
Position: 1
Default value: None
-LastParentFolderID
The LastParentFolderID parameter specifies the FolderID value of the item before it was deleted. For example,
53B93149989CA54DBC9702AE619B9CCA000062CE9397.
Type: String
Required: False
Position: Named
Default value: None
-MaxParallelSize
The MaxParallelSize parameter specifies the maximum number of mailboxes that are processed by the command in
parallel. A valid value is an integer from 1 to 10. Typically, a higher value decreases the amount of time it takes to
complete the command on multiple mailboxes.
The value of this parameter has no effect when the Identity parameter specifies only one mailbox.
Type: Int32
Required: False
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
-SourceFolder
The SourceFolder parameter specifies where to search for deleted items in the mailbox. Valid values are:
DeletedItems: The Deleted Items folder.
RecoverableItems: The Recoverable Items\Deletions folder. This folder contains items that have been deleted
from the Deleted Items folder (soft-deleted items).
PurgedItems: (Cloud only) The Recoverable Items\Purges folder. This folder contains items that have been
purged from the Recoverable Items folder (hard-deleted items).
If you don't use this parameter, the command will search all of these folders.
Type: RecoverableItemsFolderType
Required: False
Position: Named
Default value: None
-SubjectContains
The SubjectContains parameter filters the items by the specified text value in the Subject field. If the value contains
Type: String
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Get-ResourceConfig
In ths Article
may be exclusive to one environment or the other. Use the Get-ResourceConfig cmdlet to view custom room and
equipment mailbox properties that you've configured by using the Set-ResourceConfig cmdlet. For information
Syntax
Get-ResourceConfig [[-Identity] <OrganizationIdParameter>] [-DomainController <Fqdn>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-ResourceConfig
This example returns all of the available custom room and equipment mailbox properties.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-SweepRule
In ths Article
may be exclusive to one environment or the other. Use the Get-SweepRule cmdlet to view Sweep rules in
mailboxes. Sweep rules run a regular intervals to help keep your Inbox clean. For information about the parameter
Syntax
Get-SweepRule [[-Identity] <SweepRuleIdParameter>] [-BypassScopeCheck] [-DomainController <Fqdn>]
[-Mailbox <MailboxIdParameter>] [-Provider <String>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-SweepRule
This example returns a summary list of all Sweep rules.

-------------------------- Example 2 --------------------------
Get-SweepRule -Mailbox julia@contoso.com
This example returns a summary list of all Sweep rules in the specified mailbox.
-------------------------- Example 3 --------------------------
Get-SweepRule -Identity "x2hlsdpGmUifjFgxxGIOJw=="
This example returns detailed information for the Sweep rule with the specified RuleId property value.
Parameters
-BypassScopeCheck
The BypassScopeCheck switch specifies whether to bypass the scope check for the user that's running the
command. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Sweep rule that you want to view. You can use any value that uniquely
Required: False
Position: 1
Default value: None
-Mailbox
The Mailbox parameter filters the results by the specified mailbox. You can use any value that uniquely identifies the
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-Provider
The Provider parameter filters the results by the specified provider.
Type: String
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Get-UserPhoto
In ths Article
may be exclusive to one environment or the other. Use the Get-UserPhoto cmdlet to view information about the
user photos feature that allows users to associate a picture with their account. User photos appear in on-premises
and cloud-based client applications, such as Outlook on the web, Lync, Skype for Business and SharePoint. For
Syntax
Get-UserPhoto [-Anr <String>]
[-Filter <String>]
[-GroupMailbox]
[-PhotoType <String>]
[-Preview]
Get-UserPhoto [[-Identity] <MailboxIdParameter>]

[-Filter <String>]
[-GroupMailbox]
[-Preview]
Description
The user photos feature allows users to associate a picture with their account. User photos are stored in the user's
Active Directory account and in the root directory of the user's Exchange mailbox. The user photo feature must be
set for a user before you can run the Get-UserPhoto cmdlet to view information about the user's photo. Otherwise,
you get an error message saying the user photo doesn't exist for the specified users. Administrators use the Set-
UserPhoto cmdlet or the Exchange admin center (EAC ) to configure user photos. Users can upload, preview, and
save a user photo to their account by using the Outlook on the web Options page.
Examples
-------------------------- Example 1 --------------------------
Get-UserPhoto "Susan Burk"
This example displays information about the user photo configured for Susan Burk.
-------------------------- Example 2 --------------------------
Get-UserPhoto "Pilar Pinilla" -Preview
This example displays information about the user photo that was uploaded to Pilar Pinilla's account, but wasn't
saved.
Parameters
-Anr
searched are:
CommonName (CN )
DisplayName
FirstName
LastName
Alias
Type: String
Required: False
Position: Named
Default value: None
-Credential
Type: PSCredential
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Filter
Type: String
Required: False
Position: Named
Default value: None
-GroupMailbox
The GroupMailbox switch is required to modify Office 365 groups. You don't need to specify a value with this
switch.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the user account. You can use any value that uniquely identifies the user account.
For example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: 1
Default value: None
-IgnoreDefaultScope
automatically.
accepted.
Required: False
Position: Named
Default value: None
-OrganizationalUnit
Name
Canonical name
GUID
Required: False
Position: Named
Default value: None
-PhotoType
Type: String
Required: False
Position: Named
Default value: None
-Preview
The Preview switch filters the results by preview photos. You don't need to specify a value with this switch.
A preview photo is a photo that was uploaded to the user's account, but wasn't saved, for example, if a user uploads
a photo in Outlook on the web Options, but doesn't save it. If you use the Preview switch after a user photo is
saved, this cmdlet returns an error saying the preview photo doesn't exist.
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
-SortBy
You can sort by the Id property.
Type: String
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Import-ContactList
In ths Article
This cmdlet is available only in the cloud-based service. Use the Import-ContactList cmdlet and a .csv file to import
a user's mail contacts to a cloud-based mailbox. Users can use an email client to export their contacts to a .csv file
that is formatted for Microsoft Office Outlook. For information about the parameter sets in the Syntax section
Syntax
Import-ContactList [-Identity] <MailboxIdParameter> [-CSV] -CSVData <Byte[]>
[-DateCultureName] <String>
[-Confirm]
Import-ContactList [-Identity] <MailboxIdParameter> [-CSV] -CSVStream <Stream>

[-DateCultureName] <String>
[-Confirm]
Description
The Import-ContactList cmdlet submits a request to import a list of mail contacts that are contained in a .csv file to
a cloud-based mailbox. Many MAPI and Web-based email clients allow users to export contacts to a Microsoft
Office Outlook .csv format. Users can then provide that .csv file to you to import contacts to their cloud-based
mailbox. During the import process, Microsoft Exchange matches the column names in the header row of the .csv
file to the property names of an Exchange contact.
Examples
-------------------------- Example 1 --------------------------
Import-ContactList -CSV -CSVData

([System.IO.File]::ReadAllBytes("D:\Users\Administrator\Desktop\TerryAdams.csv")) -DateCultureName "en-GB" -
Identity terrya@contoso.edu
This example imports a list of contacts in a .csv file named TerryAdams.csv to a mailbox for a user whose email
address is terrya@contoso.edu. The date fields are parsed using the date format of "en-GB" locale (dd/MM/YYYY ).
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-CSV
The CSV parameter simply specifies that the contacts will be imported from a .csv file.
Required: True
Position: Named
Default value: None
-CSVData
The CSVData parameter specifies the .csv file you want to import. Use the following syntax for this parameter:
([System.IO.File]::ReadAllBytes("<file name and path>")). For example, ([System.IO.File]::ReadAllBytes("C:\My
Documents\Contacts.csv")).
Type: Byte[]
Required: True
Position: Named
Default value: None
-CSVStream
Type: Stream
Required: True
Position: Named
Default value: None
-DateCultureName
The DateCultureName parameter specifies the culture to use for parsing date fields (e.g. Birthday and Anniversary).
For example, setting the parameter to "en-GB" would lead to 01/02/2018 being parsed as February 1st, 2018,
whereas setting it to "en-US" would lead to the same date being parsed as January 2nd, 2018. If the parameter is
not provided, the culture of the current user is assumed.
Type: String
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the target mailbox to which the contacts are imported. You can use any value that
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Import-RecipientDataProperty
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Import-RecipientDataProperty cmdlet to add a
picture or an audio file of a spoken name to a mailbox or contact. The picture and audio files display on the Global
Address List property dialog box, contact card, reading pane, and meeting requests in Microsoft Outlook and
Outlook on the web. For information about the parameter sets in the Syntax section below, see Exchange cmdlet
Syntax
Import-RecipientDataProperty [-Identity] <MailboxUserContactIdParameter> -FileData <Byte[]> [-Picture]
[-Confirm]
Import-RecipientDataProperty [-Identity] <MailboxUserContactIdParameter> -FileData <Byte[]> [-SpokenName]

[-Confirm]
Description
Importing and exporting files require a specific syntax because importing and exporting use Remote PowerShell.
Examples
-------------------------- Example 1 --------------------------
Import-RecipientDataProperty -Identity "Tony Smith" -SpokenName -FileData ([Byte[]]$(Get-Content -Path

"M:\AudioFiles\TonySmith.wma" -Encoding Byte -ReadCount 0))
This example imports the audio file for Tony Smith's spoken name.
-------------------------- Example 2 --------------------------
Import-RecipientDataProperty -Identity Ayla -Picture -FileData ([Byte[]]$(Get-Content -Path "M:\Employee

Photos\AylaKol.jpg" -Encoding Byte -ReadCount 0))
This example imports the picture file for Ayla Kol.

Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-FileData
The FileData parameter specifies the location and file name of the picture or audio file.
Type: Byte[]
Required: True
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox or contact that you're adding the picture or spoken name file to. You
can use any value that uniquely identifies the user. For example:
Name
Canonical DN
GUID
Type: MailboxUserContactIdParameter
Required: True
Position: 1
Default value: None
-Picture
The Picture switch specifies that the file you're importing is a picture file. You don't need to specify a value with this
switch.
The picture must be a JPEG file and shouldn't be larger than 10 kilobytes (KB ). You can't use this switch with the
SpokenName switch. You can only import one file type at a time.
Required: False
Position: Named
Default value: None
-SpokenName
The SpokenName switch specifies that the file you're importing is an audio file. You don't need to specify a value
with this switch.
The maximum file size should be less than 32 KB. You can use one of the following formats:
WMA 9-voice
PCM 8-KHz, 16-bits, mono format
You can't use this switch with the Picture switch. You can only import one file type at a time.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-App
In ths Article
may be exclusive to one environment or the other. Use the New -App cmdlet to install apps for Outlook. For
Syntax
New-App [-Etoken <String>] [-Mailbox <MailboxIdParameter>] [-MarketplaceCorrelationID <String>] [-
MarketplaceAssetID <String>] [-MarketplaceQueryMarket <String>] [-MarketplaceServicesUrl <String>] [-
MarketplaceUserProfileType <String>]
[-AllowReadWriteMailbox]
[-Confirm]
[-DefaultStateForUser <Enabled | Disabled | AlwaysEnabled>]
[-DownloadOnly]
[-OrganizationApp]
[-PrivateCatalog]
[-ProvidedTo <Everyone | SpecificUsers>]
[-UserList <MultiValuedProperty>]
New-App [-FileData <Byte[]>]

[-Confirm]
[-DownloadOnly]
[-OrganizationApp]
[-PrivateCatalog]
New-App [-FileStream <Stream>]
[-Confirm]
[-DownloadOnly]
[-OrganizationApp]
[-PrivateCatalog]
New-App [-Url <Uri>]

[-Confirm]
[-DownloadOnly]
[-OrganizationApp]
[-PrivateCatalog]
Description
If the app is enabled for the entire organization, users can activate the new app when viewing mail or calendar
items within Microsoft Outlook or Outlook on the web. If an installed app isn't enabled, users can enable the app
from Outlook on the web Options. Similarly, administrators can enable installed apps from the Exchange admin
center or by using the Enable-App or Set-App cmdlet.
Examples
-------------------------- Example 1 --------------------------
New-App -FileData ([Byte[]](Get-Content -Encoding Byte -Path "C:\Apps\FinanceTestApp.xml" -ReadCount 0))
This example installs the Finance Test app manifest file that has been copied to the local hard disk.
For more information, see Install or remove add-ins for Outlook for your organization
-------------------------- Example 2 --------------------------
New-App -OrganizationApp -Url https://Server01.Contoso.com/apps/ContosoCRMApp/manifest.xml -ProvidedTo

SpecificUsers -UserList "user1,user2,user3,user4,user5" -DefaultStateForUser Enabled
This example installs the Contoso CRM app manifest.xml from a URL on the Contoso corporate network. The
Exchange server must be able to reach the target URL. This app is installed as an organization app,is made
available to a specific list of users, and is enabled for those users by default.
Parameters
-AllowReadWriteMailbox
The AllowReadWriteMailbox switch specifies whether the app allows read/write mailbox permission. You don't
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DefaultStateForUser
The DefaultStateForUser parameter specifies the default initial state of an organization app. Valid values are:
Enabled: The organization app is enabled by default.
Disabled: The organization app is disabled by default. This is the default value.
AlwaysEnabled: The organization app is enabled and users can't disable it.
You need to use the OrganizationApp switch when you use this parameter.
Type: Enabled | Disabled | AlwaysEnabled
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-DownloadOnly
The DownloadOnly switch specifies whether to get the app manifest file and prompt the user for confirmation
before committing to actual installation. You don't need to specify a value with this switch.
When you use this switch, the cmdlet only downloads the app manifest file and displays the app properties without
installing the app.
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter specifies whether the app is available to users in the organization. Valid values are:
$true: The app is available to the specified users. This is the default value.
$false: The app is hidden from all users in the organization.
This setting overrides the ProvidedTo, UserList and DefaultStateForUser settings. This setting doesn't prevent users
from installing their own instance of the app if they have install permissions.

Required: False
Position: Named
Default value: None
-Etoken
Type: String
Required: False
Position: Named
Default value: None
-FileData
The FileData parameter specifies the location of the app manifest file. You need to specify only one source location
for the app manifest file. You can specify the app manifest file by using the MarketplaceServicesUrl, Url, or FileData
parameter.
Type: Byte[]
Required: False
Position: Named
Default value: None
-FileStream
The FileStream parameter is used only by the Exchange admin center to support the app file uploader. Don't use
this parameter to specify the app manifest file. You can specify the app manifest file by using the
MarketplaceServicesUrl, Url or FileData parameter.
Type: Stream
Required: False
Position: Named
Default value: None
-Mailbox
The Mailbox parameter specifies the mailbox where you want to install the app. You can use any value that uniquely
identifies the mailbox. For example: For example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-MarketplaceAssetID
The MarketplaceAssetID parameter specifies the Office Store identifier for the app. You need to use this parameter
if you use theMarketplaceServicesUrl parameter.
Type: String
Required: False
Position: Named
Default value: None
-MarketplaceCorrelationID
The MarketplaceCorrelationID parameter specifies the Office Store correlation identifier for the app.
Type: String
Required: False
Position: Named
Default value: None
-MarketplaceQueryMarket
The MarketplaceQueryMarket parameter specifies the locale that an app is filed under at the office marketplace.
For example, an app for the United States market in English uses the value en-US. The default value is en-US.
Type: String
Required: False
Position: Named
Default value: None
-MarketplaceServicesUrl
The MarketplaceServicesUrl parameter specifies the full services URL for the app. You need to specify only one
source location for the app manifest file. You can specify the app manifest file by using the MarketplaceServicesUrl,
Url or FileData parameter.
Type: String
Required: False
Position: Named
Default value: None
-MarketplaceUserProfileType
The MarketplaceUserProfileType parameter specifies the user profile type for the Office Store.
Type: String
Required: False
Position: Named
Default value: None
-OrganizationApp
The OrganizationApp switch specifies that the scope of the app is organizational (not bound to a specific user). You
Required: False
Position: Named
Default value: None
-PrivateCatalog
The PrivateCatalog switch specifies whether the app is located in a private catalog. You don't need to specify a value
with this switch.
Required: False
Position: Named
Default value: None
-ProvidedTo
The ProvidedTo parameter specifies the availability of the app in your organization. Valid values are:
Everyone: This is the default value. This app is provided to every user in the organization. Every user sees this
app listed in the installed apps list in Outlook on the web Options. When an app in the installed apps list is
enabled, users can use the features of this app in their email. All users are blocked from installing their own
instances of this app, including but not limited to users with install apps permissions.
SpecificUsers: This app is provided to only the users specified by the UserList parameter. All other users don't
see this organizational app in their management view, nor will it activate in their mail or calendar items. The
specified users are also blocked from installing their own instance of this app. Unlisted users aren't blocked
from installing their own instance of this app.
You use this parameter with the OrganizationApp switch.
Type: Everyone | SpecificUsers

Required: False
Position: Named
Default value: None
-Url
The Url parameter specifies the full URL location of the app manifest file that you want to install. You need to
specify only one source location for the app manifest file. You can specify the app manifest file by using the
MarketplaceServicesUrl, Url or FileData parameter.
Type: Uri
Required: False
Position: Named
Default value: None
-UserList
The UserList parameter specifies who can use an organizational app. Valid values are mailboxes or mail users in
your organization. You can use any value that uniquely identifies the user. For example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-InboxRule
In ths Article
may be exclusive to one environment or the other. Use the New -InboxRule cmdlet to create Inbox rules in
mailboxes. Inbox rules process messages in the Inbox based on conditions and take actions such as moving a
message to a specified folder or deleting a message. You must have adequate permissions on the mailbox to create
an Inbox rule. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
New-InboxRule [-Name] <String>
[-AlwaysDeleteOutlookRulesBlob]
[-ApplyCategory <MultiValuedProperty>]
[-ApplySystemCategory <MultiValuedProperty>]
[-BodyContainsWords <MultiValuedProperty>]
[-Confirm]
[-CopyToFolder <MailboxFolderIdParameter>]
[-DeleteMessage <$true | $false>]
[-DeleteSystemCategory <MultiValuedProperty>]
[-ExceptIfBodyContainsWords <MultiValuedProperty>]
[-ExceptIfFlaggedForAction <String>]
[-ExceptIfFrom <RecipientIdParameter[]>]
[-ExceptIfFromAddressContainsWords <MultiValuedProperty>]
[-ExceptIfFromSubscription <AggregationSubscriptionIdentity[]>]
[-ExceptIfHasAttachment <$true | $false>]
[-ExceptIfHasClassification <MessageClassificationIdParameter[]>]
[-ExceptIfHeaderContainsWords <MultiValuedProperty>]
[-ExceptIfMessageTypeMatches <AutomaticReply | AutomaticForward | Encrypted | Calendaring |
CalendaringResponse | PermissionControlled | Voicemail | Signed | ApprovalRequest | ReadReceipt |
NonDeliveryReport>]
[-ExceptIfMyNameInCcBox <$true | $false>]
[-ExceptIfMyNameInToBox <$true | $false>]
[-ExceptIfMyNameInToOrCcBox <$true | $false>]
[-ExceptIfMyNameNotInToBox <$true | $false>]
[-ExceptIfReceivedAfterDate <ExDateTime>]
[-ExceptIfReceivedBeforeDate <ExDateTime>]
[-ExceptIfRecipientAddressContainsWords <MultiValuedProperty>]
[-ExceptIfSentOnlyToMe <$true | $false>]
[-ExceptIfSubjectContainsWords <MultiValuedProperty>]
[-ExceptIfSubjectOrBodyContainsWords <MultiValuedProperty>]
[-ExceptIfWithImportance <Low | Normal | High>]
[-ExceptIfWithinSizeRangeMaximum <ByteQuantifiedSize>]
[-ExceptIfWithinSizeRangeMinimum <ByteQuantifiedSize>]
[-ExceptIfWithSensitivity <Normal | Personal | Private | CompanyConfidential>]
[-FlaggedForAction <String>]
[-Force]
[-ForwardAsAttachmentTo <RecipientIdParameter[]>]
[-ForwardTo <RecipientIdParameter[]>]
[-From <RecipientIdParameter[]>]
[-FromAddressContainsWords <MultiValuedProperty>]
[-FromSubscription <AggregationSubscriptionIdentity[]>]
[-HasAttachment <$true | $false>]
[-HasClassification <MessageClassificationIdParameter[]>]
[-HeaderContainsWords <MultiValuedProperty>]
[-MarkAsRead <$true | $false>]
[-MarkImportance <Low | Normal | High>]
[-MessageTypeMatches <AutomaticReply | AutomaticForward | Encrypted | Calendaring | CalendaringResponse |
PermissionControlled | Voicemail | Signed | ApprovalRequest | ReadReceipt | NonDeliveryReport>]
[-MoveToFolder <MailboxFolderIdParameter>]
[-MyNameInCcBox <$true | $false>]
[-MyNameInToBox <$true | $false>]
[-MyNameInToOrCcBox <$true | $false>]
[-MyNameNotInToBox <$true | $false>]
[-PinMessage <$true | $false>]
[-Priority <Int32>]
[-ReceivedAfterDate <ExDateTime>]
[-ReceivedBeforeDate <ExDateTime>]
[-RecipientAddressContainsWords <MultiValuedProperty>]
[-RedirectTo <RecipientIdParameter[]>]
[-SendTextMessageNotificationTo <MultiValuedProperty>]
[-SentOnlyToMe <$true | $false>]
[-StopProcessingRules <$true | $false>]
[-SubjectContainsWords <MultiValuedProperty>]
[-SubjectOrBodyContainsWords <MultiValuedProperty>]
[-WhatIf]
[-WithImportance <Low | Normal | High>]
[-WithinSizeRangeMaximum <ByteQuantifiedSize>]
[-WithinSizeRangeMinimum <ByteQuantifiedSize>]
[-WithSensitivity <Normal | Personal | Private | CompanyConfidential>]
New-InboxRule -FromMessageId <MailboxStoreObjectIdParameter>

[-ValidateOnly]
[-Confirm]
[-Force]
Description
disabled by Microsoft Outlook and outbound rules are removed.
Parameters that are used for conditions also have corresponding exception parameters. When conditions specified
in an exception are matched, the rule isn't applied to the message. Exception parameters begin with ExceptIf. For
example, the exception parameter for SubjectOrBodyContainsWords is ExceptIfSubjectOrBodyContainsWords.
Examples
-------------------------- Example 1 --------------------------
New-InboxRule "CheckActionRequired" -MyNameInToBox $true -FlaggedForAction Any -MarkImportance "High"
This example raises the message importance to High if the mailbox owner is in the To field. In addition, the
message is flagged for action.
Parameters
Required: False
Position: Named
Default value: None
-ApplyCategory
The ApplyCategory parameter specifies an action for the Inbox rule that applies the specified category to messages.
A valid value is any text value that you want to define as a category. You can specify multiple categories separated
by commas. If the value contains spaces, enclose the value in quotation marks (").
The categories that you specify for this parameter are defined in the mailbox (they aren't shared between
mailboxes).
Required: False
Position: Named
Default value: None
-ApplySystemCategory
The ApplySystemCategory parameter specifies an action for the Inbox rule that applies the specified system
category to messages. System categories are available to all mailboxes in the organization. Valid values are:
NotDefined
Bills
Document
DocumentPlus
Event
Family
File
Flight
FromContact
Important
LiveView
Lodging
MailingList
Newsletter
Photo
Purchase
RentalCar
RestaurantReservation
RetiredPromotion
ShippingNotification
Shopping
SocialUpdate
Travel
Video
Required: False
Position: Named
Default value: None
-BodyContainsWords
The BodyContainsWords parameter specifies a condition for the Inbox rule that looks for the specified words or
phrases in the body of messages.
If the phrase contains spaces, you need to enclose the value in quotation marks. You can specify multiple values
The corresponding exception parameter to this condition is ExceptIfBodyContainsWords.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-CopyToFolder
The CopyToFolder parameter specifies an action for the Inbox rule that copies messages to the specified mailbox
folder. You can specify the existing folder by name, or by the store object ID and a path string (for example,
\Inbox\Personal).
Required: False
Position: Named
Default value: None
-DeleteMessage
The DeleteMessage parameter specifies an action for the Inbox rule that sends messages to the Deleted Items
$true: Messages that match the conditions of the rule are moved to the Deleted Items folder.
$false: The action isn't used.

Required: False
Position: Named
Default value: None
-DeleteSystemCategory
The DeleteSystemCategory parameter specifies an action for the Inbox rule that deletes the specified system
category from messages. System categories are available to all mailboxes in the organization. Valid values are:
NotDefined
Bills
Document
DocumentPlus
Event
Family
File
Flight
FromContact
Important
LiveView
Lodging
MailingList
Newsletter
Photo
Purchase
RentalCar
RetiredPromotion
Shopping
SocialUpdate
Travel
Video
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-ExceptIfBodyContainsWords
The ExceptIfBodyContainsWords parameter specifies an exception for the Inbox rule that looks for the specified
words or phrases in the body of messages.
The corresponding condition parameter to this exception is BodyContainsWords.
Required: False
Position: Named
Default value: None
-ExceptIfFlaggedForAction
The ExceptIfFlaggedForAction parameter specifies an exception for the Inbox rule that looks messages with the
specified message flag. Valid values are:
Any
Call
DoNotForward
FollowUp
ForYourInformation
Forward
NoResponseNecessary
Read
Reply
ReplyToAll
Review
The corresponding condition parameter to this exception is FlaggedForAction.
Type: String
Required: False
Position: Named
Default value: None
-ExceptIfFrom
The ExceptIfFrom parameter specifies an exception for the Inbox rule that looks for the specified sender in
messages. You can use any value that uniquely identifies the sender. For example: For example:
Name
Alias
Canonical DN
Email address
GUID
The corresponding condition parameter to this exception is From.
Required: False
Position: Named
Default value: None
-ExceptIfFromAddressContainsWords
The ExceptIfFromAddressContainsWords parameter specifies an exception for the Inbox rule that looks for
messages where the specified words are in the sender's email address.
The corresponding condition parameter to this exception is FromAddressContainsWords.
Required: False
Position: Named
Default value: None
-ExceptIfFromSubscription
The ExceptIfFromSubscription parameter specifies an exception for the Inbox rule that looks for messages received
from subscriptions (for example, POP or IMAP subscriptions). You can identify the subscription by using the Get-
Subscription cmdlet.
The corresponding condition parameter to this exception is FromSubscription.
Type: AggregationSubscriptionIdentity[]
Required: False
Position: Named
Default value: None
-ExceptIfHasAttachment
The ExceptIfHasAttachment parameter specifies an exception for the Inbox rule that looks for messages with
attachments. Valid values are:
$true: The rule action isn't applied to messages that have attachments.
$false: The exception isn't used.
The corresponding condition parameter to this exception is HasAttachment.

Required: False
Position: Named
Default value: None
-ExceptIfHasClassification
The ExceptIfHasClassification parameter specifies an exception for the Inbox rule that looks for messages with the
specified message classification. You can find message classifications by using the Get-MessageClassification
cmdlet. You can specify multiple message classifications separated by commas.
The corresponding condition parameter to this exception is HasClassification.
Type: MessageClassificationIdParameter[]
Required: False
Position: Named
Default value: None
-ExceptIfHeaderContainsWords
The HeaderContainsWords parameter specifies an exception for the Inbox rule that looks for the specified words or
phrases in the header fields of messages.
The corresponding condition parameter to this exception is HeaderContainsWords.
Required: False
Position: Named
Default value: None
-ExceptIfMessageTypeMatches
The ExceptIfMessageTypeMatches parameter specifies an exception for the Inbox rule that looks for messages of
the specified type. Valid values are:
AutomaticReply
AutomaticForward
Encrypted
Calendaring
CalendaringResponse
PermissionControlled
Voicemail
Signed
ApprovalRequest
ReadReceipt
NonDeliveryReport
The corresponding condition parameter to this exception is MessageTypeMatches.
Type: AutomaticReply | AutomaticForward | Encrypted | Calendaring | CalendaringResponse | PermissionControlled

| Voicemail | Signed | ApprovalRequest | ReadReceipt | NonDeliveryReport
Required: False
Position: Named
Default value: None
-ExceptIfMyNameInCcBox
The ExceptIfMyNameInCcBox parameter specifies an exception for the Inbox rule that looks for messages where
the mailbox owner is in the Cc field. Valid values are:
$true: The rule action isn't applied to messages where the mailbox owner is in the Cc field.
The corresponding condition parameter to this exception is MyNameInCcBox.

Required: False
Position: Named
Default value: None
-ExceptIfMyNameInToBox
The ExceptIfMyNameInToBox parameter specifies an exception for the Inbox rule that looks for messages where
the mailbox owner is in the To field. Valid values are:
$true: The rule action isn't applied to messages where the mailbox owner is in the To field.
The corresponding condition parameter to this exception is MyNameInToBox.

Required: False
Position: Named
Default value: None
-ExceptIfMyNameInToOrCcBox
The ExceptIfMyNameInToOrCcBox parameter specifies an exception for the Inbox rule that looks for messages
where the mailbox owner is in the To or Cc fields Valid values are.
$true: The rule action isn't applied to messages where the mailbox owner is in the To or Cc fields.
The corresponding condition parameter to this exception is MyNameInToOrCcBox.

Required: False
Position: Named
Default value: None
-ExceptIfMyNameNotInToBox
The ExceptIfMyNameNotInToBox parameter specifies an exception for the Inbox rule that looks for messages
where the mailbox owner isn't in the To field. Valid values are:
$true: The rule action isn't applied to messages where the mailbox owner isn't in the To field.
The corresponding condition parameter to this exception is MyNameNotInToBox.

Required: False
Position: Named
Default value: None
-ExceptIfReceivedAfterDate
The ExceptIfReceivedAfterDate parameter specifies an exception for the Inbox rule that looks for messages received
after the specified date.
The corresponding condition parameter to this exception is ReceivedAfterDate.
Type: ExDateTime
Required: False
Position: Named
Default value: None
-ExceptIfReceivedBeforeDate
The ExceptIfReceivedBeforeDate parameter specifies an exception for the Inbox rule that looks for messages
received before the specified date.
The corresponding condition parameter to this exception is ReceivedBeforeDate.
Type: ExDateTime
Required: False
Position: Named
Default value: None
-ExceptIfRecipientAddressContainsWords
The ExceptIfRecipientAddressContainsWords parameter specifies an exception for the Inbox rule that looks for
messages where the specified words are in recipient email addresses.
The corresponding condition parameter to this exception is RecipientAddressContainsWords.
Required: False
Position: Named
Default value: None
-ExceptIfSentOnlyToMe
The ExceptIfSentOnlyToMe parameter specifies an exception for the Inbox rule that looks for messages where the
only recipient is the mailbox owner. Valid values are:
$true: The rule action isn't applied to messages where the mailbox owner is the only recipient.
The corresponding condition parameter to this exception is SentOnlyToMe.
Required: False
Position: Named
Default value: None
-ExceptIfSentTo
Name
Alias
Canonical DN
Email address
GUID
The corresponding condition parameter to this exception is SentTo.
Required: False
Position: Named
Default value: None
-ExceptIfSubjectContainsWords
The ExceptIfSubjectContainsWords parameter specifies an exception for the Inbox rule that looks for the specified
words or phrases in the Subject field of messages.
The corresponding condition parameter to this exception is SubjectContainsWords.
Required: False
Position: Named
Default value: None
-ExceptIfSubjectOrBodyContainsWords
The ExceptIfSubjectOrBodyContainsWords parameter specifies an exception for the Inbox rule that looks for the
specified words or phrases in the Subject field or body of messages.
The corresponding condition parameter to this exception is ExceptIfSubjectOrBodyContainsWords.
Required: False
Position: Named
Default value: None
-ExceptIfWithImportance
The ExceptIfWithImportance parameter specifies an exception for the Inbox rule that looks for messages with the
specified importance level. Valid values are:
High
Normal
Low
The corresponding condition parameter to this exception is WithImportance.
Type: Low | Normal | High

Required: False
Position: Named
Default value: None
-ExceptIfWithinSizeRangeMaximum
The ExceptIfWithinSizeRangeMaximum parameter specifies part of an exception for the Inbox rule that looks for
messages that smaller than specified maximum size.
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
You need to use this parameter with the ExceptIfWithinSizeRangeMinimum parameter, and the value of this
parameter must be greater than the value of ExceptIfWithinSizeRangeMinimum.
The corresponding condition parameter to this exception is WithinSizeRangeMaximum.
Required: False
Position: Named
Default value: None
-ExceptIfWithinSizeRangeMinimum
The ExceptIfWithinSizeRangeMinimum parameter specifies part of an exception for the Inbox rule that looks for
messages that are larger than the specified minimum size.
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
You need to use this parameter with the ExceptIfWithinSizeRangeMaximum parameter, and the value of this
parameter must be less than the value of ExceptIfWithinSizeRangeMaximum.
The corresponding condition parameter to this exception is WithinSizeRangeMinimum.
Required: False
Position: Named
Default value: None
-ExceptIfWithSensitivity
The ExceptIfWithSensitivity parameter specifies an exception for the Inbox rule that looks for messages with the
specified sensitivity level. Valid values are:
Normal
Personal
Private
CompanyConfidential
The corresponding condition parameter to this exception is WithSensitivity.
Type: Normal | Personal | Private | CompanyConfidential

Required: False
Position: Named
Default value: None
-FlaggedForAction
The FlaggedForAction parameter specifies a condition for the Inbox rule that looks for messages with the specified
message flag. Valid values are:
Any
Call
DoNotForward
FollowUp
ForYourInformation
Forward
NoResponseNecessary
Read
Reply
ReplyToAll
Review
Type: String
Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-ForwardAsAttachmentTo
The ForwardAsAttachmentTo parameter specifies an action for the Inbox rule that forwards the message to the
specified recipient as an attachment. You can use any value that uniquely identifies the recipient. For example:
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
-ForwardTo
The ForwardTo parameter specifies an action for the Inbox rule that forwards the message to the specified
recipient. You can use any value that uniquely identifies the recipient. For example:
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
-From
The From parameter specifies a condition for the Inbox rule that looks for the specified sender in messages. You
can use any value that uniquely identifies the sender. For example:
Name
Alias
Canonical DN
Email address
GUID
The corresponding exception parameter to this condition is ExceptIfFrom.
Required: False
Position: Named
Default value: None
-FromAddressContainsWords
The FromAddressContainsWords parameter specifies a condition for the Inbox rule that looks for messages where
the specified words are in the sender's email address.
The corresponding exception parameter to this condition is ExceptIfFromAddressContainsWords.
Required: False
Position: Named
Default value: None
-FromMessageId
The FromMessageId parameter specifies the message that's used to create the Inbox rule. The rule is based on the
properties of the message. You identify the message by its Base64-encoded StoreObjectId property value. For
example:
MailboxId\StoreObjectId
StoreObjectId
When you use this parameter to create an Inbox rule, the following message properties are used in the rule:
Subject: The message subject is added to the SubjectContainsWords condition.
From: The message sender is added to the From condition.
To and Cc: Recipients in the To and Cc fields are added to the SentTo condition.
Type: MailboxStoreObjectIdParameter
Required: True
Position: Named
Default value: None
-FromSubscription
The FromSubscription parameter specifies a condition for the Inbox rule that looks for messages received from
subscriptions (for example, POP or IMAP subscriptions). You can identify the subscription by using the Get-
The corresponding exception parameter to this condition is ExceptIfFromSubscription.
Required: False
Position: Named
Default value: None
-HasAttachment
The HasAttachment parameter specifies a condition for the Inbox rule that looks for messages with attachments.
Valid values are:
$true: The rule action is applied to messages that have attachments.
$false: The condition isn't used.
The corresponding exception parameter to this condition is ExceptIfHasAttachment.

Required: False
Position: Named
Default value: None
-HasClassification
The HasClassification parameter specifies a condition for the Inbox rule that looks for messages with the specified
message classification. You can find message classifications by using the Get-MessageClassification cmdlet. You can
specify multiple message classifications separated by commas.
The corresponding exception parameter to this condition is ExceptIfHasClassification.
Required: False
Position: Named
Default value: None
-HeaderContainsWords
The HeaderContainsWords parameter specifies a condition for the Inbox rule that looks for the specified words or
The corresponding exception parameter to this condition is ExceptIfHeaderContainsWords.
Required: False
Position: Named
Default value: None
-Mailbox
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-MarkAsRead
The MarkAsRead parameter specifies an action for the Inbox rule that marks messages as read. Valid values are:
$true: Messages that match the conditions of the rule are marked as read.

Required: False
Position: Named
Default value: None
-MarkImportance
The MarkImportance parameter specifies an action for the Inbox rule that marks messages with the specified
importance flag. Valid values are:
Low
Normal
High

Required: False
Position: Named
Default value: None
-MessageTypeMatches
The MessageTypeMatches parameter specifies a condition for the Inbox rule that looks for messages of the
specified type. Valid values are:
AutomaticReply
AutomaticForward
Encrypted
Calendaring
CalendaringResponse
Voicemail
Signed
ApprovalRequest
ReadReceipt
NonDeliveryReport
The corresponding exception parameter to this condition is ExceptIfMessageTypeMatches.

Required: False
Position: Named
Default value: None
-MoveToFolder
The MoveToFolder parameter specifies an action for the Inbox rule that moves messages to the specified mailbox
\Inbox\Personal).
Required: False
Position: Named
Default value: None
-MyNameInCcBox
The MyNameInCcBox parameter specifies a condition for the Inbox rule that looks for messages where the mailbox
owner is in the Cc field. Valid values are:
$true: The rule action is applied to messages where the mailbox owner is in the Cc field.
The corresponding exception parameter to this condition is ExceptIfMyNameInCcBox.

Required: False
Position: Named
Default value: None
-MyNameInToBox
The MyNameInToBox parameter specifies a condition for the Inbox rule that looks for messages where the mailbox
owner is in the To field. Valid values are:
$true: The rule action is applied to messages where the mailbox owner is in the To field.
The corresponding exception parameter to this condition is ExceptIfMyNameInToBox.

Required: False
Position: Named
Default value: None
-MyNameInToOrCcBox
The MyNameInToOrCcBox parameter specifies a condition for the Inbox rule that looks for messages where the
mailbox owner is in the To or Cc fields Valid values are.
$true: The rule action is applied to messages where the mailbox owner is in the To or Cc fields.
The corresponding exception parameter to this condition is ExceptIfMyNameInToOrCcBox.
Required: False
Position: Named
Default value: None
-MyNameNotInToBox
The MyNameNotInToBox parameter specifies a condition for the Inbox rule that looks for messages where the
mailbox owner isn't in the To field. Valid values are:
$true: The rule action is applied to messages where the mailbox owner isn't in the To field.
The corresponding exception parameter to this condition is ExceptIfMyNameNotInToBox.

Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the name of the Inbox rule. The maximum length is 64 characters. If the value
Type: String
Required: True
Position: 1
Default value: None
-PinMessage
The PinMessage parameter specifies an action for the Inbox rule that pins messages to the top of the Inbox. Valid
values are:
$true: Message that match the conditions of the rule are pinned to the top of the Inbox.

Required: False
Position: Named
Default value: None
-Priority
The Priority parameter specifies a priority for the Inbox rule that determines the order of rule processing. A lower
integer value indicates a higher priority,
Type: Int32
Required: False
Position: Named
Default value: None
-ReceivedAfterDate
The ReceivedAfterDate parameter specifies a condition for the Inbox rule that looks for messages received after the
specified date.
The corresponding exception parameter to this condition is ExceptIfReceivedAfterDate.
Type: ExDateTime
Required: False
Position: Named
Default value: None
-ReceivedBeforeDate
The ReceivedBeforeDate parameter specifies a condition for the Inbox rule that looks for messages received before
the specified date.
The corresponding exception parameter to this condition is ExceptIfReceivedBeforeDate.
Type: ExDateTime
Required: False
Position: Named
Default value: None
-RecipientAddressContainsWords
The RecipientAddressContainsWords parameter specifies a condition for the Inbox rule that looks for messages
where the specified words are in recipient email addresses.
The corresponding exception parameter to this condition is ExceptIfRecipientAddressContainsWords.
Required: False
Position: Named
Default value: None
-RedirectTo
The RedirectTo parameter specifies an action for the Inbox rule that redirects the message to the specified recipient.
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
-SendTextMessageNotificationTo
The SendTextMessageNotificationTo parameter specifies an action for the Inbox rule that send a text message
notification to the specified telephone number.
Required: False
Position: Named
Default value: None
-SentOnlyToMe
The SentOnlyToMe parameter specifies a condition for the Inbox rule that looks for messages where the only
recipient is the mailbox owner. Valid values are:
$true: The rule action is applied to messages where the mailbox owner is the only recipient.
The corresponding exception parameter to this condition is ExceptIfSentOnlyToMe.
Required: False
Position: Named
Default value: None
-SentTo
The SentTo parameter specifies a condition for the Inbox rule that looks for messages with the specified recipients.
Name
Alias
Canonical DN
Email address
GUID
The corresponding exception parameter to this condition is ExceptIfSentTo.
Required: False
Position: Named
Default value: None
-StopProcessingRules
The StopProcessingRules parameter specifies an action for the Inbox rule that stops processing additional rules if
the conditions of this Inbox rule are met. Valid values are:If set to $true, the StopProcessingRules parameter
instructs Exchange to stop processing additional rules if the conditions of this Inbox rule are met.
$true: Stop processing more rules.
$false: The action isn't used (continue processing more rules after this one).

Required: False
Position: Named
Default value: None
-SubjectContainsWords
The SubjectContainsWords parameter specifies a condition for the Inbox rule that looks for the specified words or
phrases in the Subject field of messages.
The corresponding exception parameter to this condition is ExceptIfSubjectContainsWords.
Required: False
Position: Named
Default value: None
-SubjectOrBodyContainsWords
The SubjectOrBodyContainsWords parameter specifies a condition for the Inbox rule that looks for the specified
words or phrases in the Subject field or body of messages.
The corresponding exception parameter to this condition is ExceptIfSubjectOrBodyContainsWords.
Required: False
Position: Named
Default value: None
-ValidateOnly
switch is used.
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-WithImportance
The WithImportance parameter specifies a condition for the Inbox rule that looks for messages with the specified
importance level. Valid values are:
High
Normal
Low
The corresponding exception parameter to this condition is ExceptIfWithImportance.

Required: False
Position: Named
Default value: None
-WithinSizeRangeMaximum
The WithinSizeRangeMaximum parameter specifies part of a condition for the Inbox rule that looks for messages
that are smaller than specified maximum size.
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
You need to use this parameter with the WithinSizeRangeMinimum parameter, and the value of this parameter
must be greater than the value of WithinSizeRangeMinimum.
The corresponding exception parameter to this condition is ExceptIfWithinSizeRangeMaximum.
Required: False
Position: Named
Default value: None
-WithinSizeRangeMinimum
The WithinSizeRangeMinimum parameter specifies part of a condition for the Inbox rule that looks for messages
that are larger than the specified minimum size.
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
You need to use this parameter with the WithinSizeRangeMaximum parameter, and the value of this parameter
must be less than the value of WithinSizeRangeMaximum.
The corresponding exception parameter to this condition is ExceptIfWithinSizeRangeMinimum.
Required: False
Position: Named
Default value: None
-WithSensitivity
The WithSensitivity parameter specifies a condition for the Inbox rule that looks for messages with the specified
sensitivity level. Valid values are:
Normal
Personal
Private
CompanyConfidential
The corresponding exception parameter to this condition is ExceptIfWithSensitivity.

Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-Mailbox
In ths Article
may be exclusive to one environment or the other. Use the New -Mailbox cmdlet to create mailboxes and user
accounts at the same time. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
New-Mailbox [-Name] <String> -Password <SecureString> -UserPrincipalName <String> [-InactiveMailbox
<MailboxIdParameter>] [-RemovedMailbox <RemovedMailboxIdParameter>]
[-Alias <String>]
[-ArbitrationMailbox <MailboxIdParameter>]
[-Archive]
[-Confirm]
[-FirstName <String>]
[-Force]
[-Initials <String>]
[-LastName <String>]
[-MailboxPlan <MailboxPlanIdParameter>]
[-MailboxRegion <String>]
[-RemotePowerShellEnabled <$true | $false>]
[-SharingPolicy <SharingPolicyIdParameter>]
[-TargetAllMDBs]
[-ThrottlingPolicy <ThrottlingPolicyIdParameter>]
New-Mailbox [-Name] <String> -Password <SecureString> -MicrosoftOnlineServicesID <WindowsLiveId> [-
InactiveMailbox <MailboxIdParameter>] [-RemovedMailbox <RemovedMailboxIdParameter>]
[-Alias <String>]
[-Archive]
[-Confirm]
[-Discovery]
[-Force]
[-TargetAllMDBs]
New-Mailbox [-Name] [-Arbitration] <String> [-Password <SecureString>] [-UserPrincipalName <String>]

[-Alias <String>]
[-Archive]
[-Confirm]
[-Force]
[-TargetAllMDBs]
New-Mailbox [-Name] <String> -UserPrincipalName <String> [-AuditLog]
[-Alias <String>]
[-Archive]
[-Confirm]
[-Force]
New-Mailbox [-Name] <String> [-AuxAuditLog] [-UserPrincipalName <String>]

[-Alias <String>]
[-Archive]
[-Confirm]
[-Force]
New-Mailbox [-Name] <String> [-AccountDisabled] [-Password <SecureString>] [-UserPrincipalName <String>]
[-Alias <String>]
[-Archive]
[-Confirm]
[-Force]
[-RemovedMailbox <RemovedMailboxIdParameter>]
[-TargetAllMDBs]
New-Mailbox [-Name] <String> [-Discovery] [-Password <SecureString>] [-UserPrincipalName <String>]

[-Alias <String>]
[-Archive]
[-Confirm]
[-Force]
[-TargetAllMDBs]
New-Mailbox [-Name] <String> -EnableRoomMailboxAccount <$true | $false> [-MicrosoftOnlineServicesID
<WindowsLiveId> [-Room] [-RoomMailboxPassword <SecureString>] [-UserPrincipalName <String>]
[-Alias <String>]
[-Archive]
[-Confirm]
[-Force]
[-TargetAllMDBs]
New-Mailbox [-Name] <String> [-Equipment] [-Password <SecureString>] [-UserPrincipalName <String>]

[-Alias <String>]
[-Archive]
[-Confirm]
[-Force]
[-TargetAllMDBs]
New-Mailbox [-Name] <String> -FederatedIdentity <String> [-RemovedMailbox <RemovedMailboxIdParameter>]
[-Alias <String>]
[-Archive]
[-Confirm]
[-Force]
[-TargetAllMDBs]
New-Mailbox [-Name] <String> -InactiveMailbox <MailboxIdParameter> [-Password <SecureString>]

[-Alias <String>]
[-Archive]
[-Confirm]
[-Force]
[-TargetAllMDBs]
New-Mailbox [-Name] <String> -LinkedDomainController <String> -LinkedMasterAccount <UserIdParameter> [-
LinkedCredential <PSCredential>] [-Password <SecureString>] [-UserPrincipalName <String>]
[-Alias <String>]
[-Archive]
[-Confirm]
[-Force]
[-TargetAllMDBs]
New-Mailbox [-Name] <String> -LinkedDomainController <String> -LinkedMasterAccount <UserIdParameter> [-
LinkedCredential <PSCredential>] [-LinkedRoom] [-Office <String>] [-Password <SecureString>] [-Phone <String>]
[-Alias <String>]
[-Archive]
[-Confirm]
[-Force]
[-ResourceCapacity <Int32>]
[-TargetAllMDBs]
New-Mailbox [-Name] <String> -FederatedIdentity <String> -MicrosoftOnlineServicesID <WindowsLiveId> [-

RemovedMailbox <RemovedMailboxIdParameter>]
[-Alias <String>]
[-Archive]
[-Confirm]
[-Force]
[-TargetAllMDBs]
New-Mailbox [-Name] <String> [-Arbitration] [-Migration] [-Password <SecureString>] [-UserPrincipalName
<String>]
[-Alias <String>]
[-Archive]
[-Confirm]
[-Force]
[-TargetAllMDBs]
New-Mailbox [-Name] <String> [-PublicFolder] [-HoldForMigration] [-IsExcludedFromServingHierarchy <$true |

$false>]
[-Alias <String>]
[-Archive]
[-Confirm]
[-Force]
[-TargetAllMDBs]
New-Mailbox [-Name] <String> -ArchiveDomain <SmtpDomain> -Password <SecureString> -UserPrincipalName <String>
[-RemoteArchive]
[-Alias <String>]
[-Archive]
[-Confirm]
[-Force]
[-TargetAllMDBs]
New-Mailbox [-Name] <String> -RemovedMailbox <RemovedMailboxIdParameter> [-Password <SecureString>]
[-Alias <String>]
[-Archive]
[-Confirm]
[-Force]
[-TargetAllMDBs]
New-Mailbox [-Name] <String> [-Password <SecureString>] [-ResourceCapacity <Int32>] [-Room] [-UserPrincipalName
<String>]
[-Alias <String>]
[-Archive]
[-Confirm]
[-Force]
[-Office <String>]
[-Phone <String>]
[-TargetAllMDBs]
New-Mailbox [-Name] <String> [-Password <SecureString>] [-UserPrincipalName <String>] [-Scheduling]

[-Alias <String>]
[-Archive]
[-Confirm]
[-Force]
[-TargetAllMDBs]
New-Mailbox [-Name] <String> [-Password <SecureString>] [-Shared] [-UserPrincipalName <String>]
[-Alias <String>]
[-Archive]
[-Confirm]
[-Force]
[-TargetAllMDBs]
Description
Examples
-------------------------- Example 1 --------------------------
$password = Read-Host "Enter password" -AsSecureString; New-Mailbox -UserPrincipalName chris@contoso.com -Alias

chris -Database "Mailbox Database 1" -Name ChrisAshton -OrganizationalUnit Users -Password $password -FirstName
Chris -LastName Ashton -DisplayName "Chris Ashton" -ResetPasswordOnNextLogon $true
This example creates a user Chris Ashton in Active Directory and creates a mailbox for the user. The mailbox is
located on Mailbox Database 1. The password must be reset at the next logon. To set the initial value of the
password, this example creates a variable ($password), prompts you to enter a password, and assigns that
password to the variable as a SecureString object.
-------------------------- Example 2 --------------------------
New-Mailbox -UserPrincipalName confmbx@contoso.com -Alias confmbx -Name ConfRoomMailbox -Database "Mailbox

Database 1" -OrganizationalUnit Users -Room -ResetPasswordOnNextLogon $true
This example creates a user in Active Directory and a resource mailbox for a conference room. The resource
mailbox is located in Mailbox Database 1. The password must be reset at the next logon. You are prompted for the
value of the initial password because it's not specified.
-------------------------- Example 3 --------------------------
New-Mailbox -UserPrincipalName confroom1010@contoso.com -Alias confroom1010 -Name "Conference Room 1010" -Room
-EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String P@ssw0rd -AsPlainText -
Force)
This example creates an enabled user account in Active Directory and a room mailbox for a conference room in an
on-premises Exchange organization. The RoomMailboxPassword parameter specifies the password for the user
account.
-------------------------- Example 4 --------------------------
New-Mailbox -Shared -Name "Sales Department" -DisplayName "Sales Department" -Alias Sales; Set-Mailbox -
Identity Sales -GrantSendOnBehalfTo MarketingSG; Add-MailboxPermission -Identity Sales -User MarketingSG -
AccessRights FullAccess -InheritanceType All
This example creates the shared mailbox "Sales Department" and grants Full Access and Send on Behalf
permissions for the security group "MarketingSG". Users who are members of the security group will be granted
the permissions to the mailbox.
This example assumes that you've already created a mail-enabled security group named "MarketingSG" by using
the New -DistributionGroup cmdlet.
Parameters
-AccountDisabled
The AccountDisabled switch specifies that the user account associated with the mailbox is disabled. You don't need
The mailbox is created, and the associated account is created, but the account is disabled, so you can't log on to the
mailbox.
Required: True
Position: Named
Default value: None
Name
GUID
If you don't use this parameter, the default mobile device mailbox policy is used.
Required: False
Position: Named
Default value: None
-AddressBookPolicy
Name
GUID
Required: False
Position: Named
Default value: None
-Alias
characters.
question marks (?).
Type: String
Required: False
Position: Named
Default value: None
-Arbitration
The Arbitration switch is required to create arbitration mailboxes. You don't need to specify a value with this switch.
Arbitration mailboxes are system mailbox that are used for storing different types of system data and for managing
messaging approval workflow.
To create arbitration mailboxes that are used to store audit log settings or data, don't use this switch. Instead, use
Required: True
Position: Named
Default value: None
-ArbitrationMailbox
The ArbitrationMailbox parameter specifies the arbitration mailbox that's used to manage the moderation process
for this recipient. You can use any value that uniquely identifies the arbitration mailbox. For example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-Archive
The Archive switch specifies that an archive mailbox is created for this mailbox. You don't need to specify a value
with this switch.
Required: False
Position: Named
Default value: None
-ArchiveDatabase
Name
GUID
Required: False
Position: Named
Default value: None
-ArchiveDomain
Type: SmtpDomain
Required: True
Position: Named
Default value: None
-AuditLog
The AuditLog switch is required to create audit log mailboxes. You don't need to specify a value with this switch.
To create other types of arbitration mailboxes, don't use this switch. Instead, use the Arbitration switch.
Required: True
Position: Named
Default value: None
-AuxAuditLog
The AuxAuditLog switch is required to create auxillary audit log mailboxes. You don't need to specify a value with
this switch.
To create other types of arbitration mailboxes, don't use this switch. Instead, use the Arbitration switch.
Required: True
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Database
Name
GUID
Use the Get-MailboxDatabase cmdlet to see the available mailbox databases.
Required: False
Position: Named
Default value: None
-Discovery
The Discovery switch is required to create Discovery mailboxes. You don't need to specify a value with this switch.
Discovery mailboxes are created as target mailboxes for Discovery searches. After being created or enabled, a
Discovery mailbox can't be repurposed or converted to another type of mailbox. For more information, see In-Place
eDiscovery (https://technet.microsoft.com/library/dd298021.aspx).
Required: True
Position: Named
Default value: None
-DisplayName
admin center, in address lists, and in Outlook. The maximum length is 256 characters. If the value contains spaces,
Type: String
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-EnableRoomMailboxAccount
The EnableRoomMailboxAccount parameter specifies whether to enable the disabled user account that's associated
with this room mailbox. Valid values are:
$true: The disabled account that's associated with the room mailbox is enabled. You also need to use the
RoomMailboxPassword with this value. This allows the account to log on to the room mailbox.
$false: The account that's associated with the room mailbox is disabled. You can't use the account to logon to the
room mailbox. This is the default value.
You need to use this parameter with the Room switch.
Typically, the account that's associated with a room mailbox is disabled. However, you need to enable the account
for features like the Lync Room System or the Skype for Business Room System.
In Exchange Online, a room mailbox with an associated enabled account doesn't require a license.

Required: True
Position: Named
Default value: None
-Equipment
The Equipment switch is required to create equipment mailboxes. You don't need to specify a value with this switch.
computers).
Required: True
Position: Named
Default value: None
-FederatedIdentity
The FederatedIdentity parameter associates an on-premises Active Directory user with a user in the cloud.
Type: String
Required: True
Position: Named
Default value: None
-FirstName
The FirstName parameter specifies the user's first name.
Type: String
Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-HoldForMigration
The HoldForMigration switch specifies whether to prevent any client or user, except the Microsoft Exchange
Mailbox Replication service (MRS ) process, from logging on to a public folder mailbox. You don't need to specify a
You need to use this parameter when you create the first public folder, which is called the hierarchy mailbox, in your
organization.
Use this parameter only if you plan to migrate legacy Exchange 2010 public folders to Exchange 2016. If you use
this switch but don't have legacy public folders to migrate, you won't be able to create any public folders.
Required: False
Position: Named
Default value: None
-ImmutableId
Type: String
Required: False
Position: Named
Default value: None
-InactiveMailbox
The InactiveMailbox parameter specifies the inactive mailbox that you want to recover. To find inactive mailboxes,
run the command
Get-Mailbox -InactiveMailboxOnly | Format-List Name,PrimarySmtpAddress,DistinguishedName,ExchangeGuid and then
use the DistinguishedName or ExchangeGuid property values to identify the inactive mailbox for this parameter
(only those values are guaranteed to be unique for inactive mailboxes).
Required: True
Position: Named
Default value: None
-Initials
The Initials parameter specifies the user's middle initials.
Type: String
Required: False
Position: Named
Default value: None
-IsExcludedFromServingHierarchy
The IsExcludedFromServingHierarchy parameter prevents users from accessing the public folder hierarchy on this
public folder mailbox. For load-balancing purposes, users are equally distributed across public folder mailboxes by
default. When this parameter is set on a public folder mailbox, that mailbox isn't included in this automatic load-
balancing and won't be accessed by users to retrieve the public folder hierarchy. However, if an administrator has
set the DefaultPublicFolderMailbox property on a user mailbox to a specific public folder mailbox, the user will still
access the specified public folder mailbox even if the IsExcludedFromServingHierarchy parameter is set for that
public folder mailbox.

Required: False
Position: Named
Default value: None
-LastName
The LastName parameter specifies the user's last name.
Type: String
Required: False
Position: Named
Default value: None
-LinkedCredential
The LinkedCredential parameter specifies credentials to use to access the domain controller specified by the
LinkedDomainController parameter. This parameter is optional, even if you're enabling a linked mailbox.
Type: PSCredential
Required: False
Position: Named
Default value: None
This parameter is required only if you're creating a linked mailbox.
Type: String
Required: True
Position: Named
Default value: None
grants access to the mailbox. You can use any value that uniquely identifies the master account. For example:
Name
Canonical DN
GUID
Required: True
Position: Named
Default value: None
-LinkedRoom
The LinkedRoom switch is required to create linked resource mailboxes. You don't need to specify a value with this
switch.
A linked resource mailbox is useful in a scenario where you have an account in an authentication forest and you
want it to be directly linked to a resource mailbox in resource forest.
Required: True
Position: Named
Default value: None
-MailboxPlan
The MailboxPlan parameter specifies the mailbox plan to apply to the mailbox. You can use any value that uniquely
Name
Alias
Display name
GUID
A mailbox plan specifies the permissions and features that are available to a mailbox. In Office 365, mailbox plans
correspond to the subscriptions and licenses that administrators purchase and assign in the Office 365 admin
center.
You can see the available mailbox plans by using the Get-MailboxPlan cmdlet.
Required: False
Position: Named
Default value: None
-MailboxRegion
Type: String
Required: False
Position: Named
Default value: None
The ManagedFolderMailboxPolicy parameter specifies the managed folder mailbox policy to enable for the mailbox
that you create.
Required: False
Position: Named
Default value: None
The ManagedFolderMailboxPolicyAllowed parameter specifies whether to bypass the warning that messaging
records management (MRM ) features aren't supported for clients using versions of Microsoft Outlook earlier than
Office Outlook 2007. When a managed folder mailbox policy is assigned to a mailbox using the
ManagedFolderMailboxPolicy parameter, the warning appears by default unless the
ManagedFolderMailboxPolicyAllowed parameter is used.
Outlook 2003 Service Pack 3 clients are supported but are provided limited functionality for MRM.
Required: False
Position: Named
Default value: None
-MicrosoftOnlineServicesID
The MicrosoftOnlineServicesID parameter specifies the user ID for the object. This parameter only applies to
objects in the cloud-based service. It isn't available for on-premises deployments.
Type: WindowsLiveId
Required: True
Position: Named
Default value: None
-Migration
The Migration switch is required to create migration mailboxes. You don't need to specify a value with this switch.
Required: True
Position: Named
Default value: None
-ModeratedBy
Name
Alias
Canonical DN
Email address
GUID
to the value $true.
Required: False
Position: Named
Default value: None
-ModerationEnabled

Required: False
Position: Named
Default value: None
-Name
Type: String
Required: True
Position: 1
Default value: None
-Office
The Office parameter specifies the user's physical office name or number.
Type: String
Required: False
Position: Named
Default value: None
-OrganizationalUnit
The OrganizationalUnit parameter specifies the location in Active Directory where the new mailbox is created.
Name
Canonical name
GUID
Required: False
Position: Named
Default value: None
-Password
The Password parameter specifies the password for the mailbox (the user account that's associated with the
mailbox). This parameter isn't required if you're creating a linked mailbox, resource mailbox, or shared mailbox,
because the associated user accounts are disabled for these types of mailboxes.
parameter.
Type: SecureString
Required: True
Position: Named
Default value: None
-Phone
The Phone parameter specifies the user's telephone number.
Type: String
Required: False
Position: Named
Default value: None
-PrimarySmtpAddress
If you use the PrimarySmtpAddress parameter to specify the primary email address, the command sets the
EmailAddressPolicyEnabled property of the mailbox to False, which means the email addresses of the mailbox
aren't automatically updated by email address policies.
Type: SmtpAddress
Required: False
Position: Named
Default value: None
-PublicFolder
The PublicFolder switch is required to create public folder mailboxes. You don't need to specify a value with this
switch.
The first public folder mailbox created in your Exchange organization is the primary hierarchy mailbox that contains
the writeable copy of the hierarchy of public folders for the organization and public folder content. There can be
only one writeable copy of the public folder hierarchy in your organization. All other public folder mailboxes are
secondary public folder mailboxes that contain a read-only copy of the hierarchy and the content for public folders.
Required: True
Position: Named
Default value: None
-RemoteArchive
The RemoteArchive switch specifies that a remote archive mailbox is created for this mailbox. A remote archive
exists in the cloud-based service. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-RemotePowerShellEnabled
The RemotePowerShellEnabled parameter specifies whether the user has access to remote PowerShell. Valid values
are:
$true: The user has access to Exchange Online PowerShell, the Exchange Management Shell, and the Exchange
admin center (EAC ). This is the default value.
$false: The user has doesn't have access to Exchange Online PowerShell, the Exchange Management Shell, or
the EAC.
Access to remote PowerShell is required even if you're trying to open the Exchange Management Shell or the EAC
on the local Exchange server.
A user's experience in any of these management interfaces is still controlled by the role-based access control
(RBAC ) permissions that are assigned to them.

Required: False
Position: Named
Default value: None
-RemovedMailbox
Type: RemovedMailboxIdParameter
Required: False
Position: Named
Default value: None
The ResetPasswordOnNextLogon parameter specifies whether the user is required to change their password the
next time they log on to their mailbox. Valid values are:
$true: The user is required to change their password the next time they log on to their mailbox.
$false: The user isn't required to change their password the next time they log on to their mailbox. This is the
default value.
Required: False
Position: Named
Default value: None
-ResourceCapacity
The ResourceCapacity parameter specifies the capacity of the resource mailbox. For example, you can use this
parameter to identify the number of seats in a conference room (room mailbox) or in a vehicle (equipment
mailbox). A valid value is an integer.
Type: Int32
Required: False
Position: Named
Default value: None
-RetentionPolicy
The RetentionPolicy parameter specifies the retention policy that you want applied to this mailbox. You can use any
Name
GUID
Use the Get-RetentionPolicy cmdlet to see the available retention policies.
If you don't use this parameter, the retention policy named Default MRM Policy is applied to the mailbox.
Required: False
Position: Named
Default value: None
The RoleAssignmentPolicy parameter specifies the role assignment policy that's applied to the mailbox. You can use
any value that uniquely identifies the role assignment policy. For example:
Name
GUID
In Office 365, if you don't use this parameter, the default role assignment policy named Default Role Assignment
Policy is automatically applied to the mailbox. In on-premises Exchange, no role assignment policy is automatically
applied to the mailbox.
Use the Get-RoleAssignmentPolicy cmdlet to see the available role assignment policies. For more information
about assignment policies, see Understanding management role assignment policies
Required: False
Position: Named
Default value: None
-Room
The Room switch is required to create room mailboxes. You don't need to specify a value with this switch.
rooms).
When you use this switch, a logon-disabled account is created with the room mailbox, which prevents users from
signing in to the mailbox. When you use the EnableRoomMailboxAccount and RoomMailboxPassword parameters,
you can mail-enable the associated account.
Required: True
Position: Named
Default value: None
-RoomMailboxPassword
Use the RoomMailboxPassword parameter to configure the password for a room mailbox that has a logon-enabled
account (the EnableRoomMailboxAccount parameter is set to the value $true.)
To use this parameter, you need to be a member of one of the following role groups:
Office 365: The Organization Management role group via the Mail Recipients, Reset Password, and User
Options roles, the Help Desk role group via the Reset Password and User Options roles, or the Recipient
Management role group via the Mail Recipients and Reset Password roles.
On-premises Exchange: The Organization Management role group via the Mail Recipients and User Options
roles, the Recipient Management role group via the Mail Recipients role, or the Help Desk role group via the
User Options role. The Reset Password role also allows you to use this parameter, but it isn't assigned to any
role groups by default.
parameter.
Type: SecureString
Required: False
Position: Named
Default value: None
-SamAccountName
Type: String
Required: False
Position: Named
Default value: None
-Scheduling
Required: True
Position: Named
Default value: None
values are:
$true).

Required: False
Position: Named
Default value: None
-Shared
The Shared switch is required to create shared mailboxes. You don't need to specify a value with this switch.
A shared mailbox is a mailbox where multiple users can log on to access the mailbox contents. The mailbox isn't
Required: True
Position: Named
Default value: None
-SharingPolicy
The SharingPolicy parameter specifies the sharing policy that's applied to the mailbox. You can use any value that
uniquely identifies the sharing policy. For example:
Name
GUID
Use the Get-SharingPolicy cmdlet to see the available sharing policies.
If you don't use this parameter, the sharing policy named Default Sharing Policy is applied to the mailbox.
Type: SharingPolicyIdParameter
Required: False
Position: Named
Default value: None
-TargetAllMDBs
Required: False
Position: Named
Default value: None
-ThrottlingPolicy
The ThrottlingPolicy parameter specifies the throttling policy that's applied to the mailbox. You can use any value
that uniquely identifies the throttling policy. For example:
Name
GUID
Use the Get-ThrottlingPolicy cmdlet to see the available throttling policies.
By default, no throttling policy is applied to the mailbox.
Type: ThrottlingPolicyIdParameter
Required: False
Position: Named
Default value: None
-UserPrincipalName
Type: String
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-MailboxExportRequest
In ths Article
This cmdlet is available only in on-premises Exchange. Use the New -MailboxExportRequest cmdlet to begin the
process of exporting contents of a primary mailbox or archive to a .pst file. This cmdlet is available only in the
Mailbox Import Export role, and by default, the role isn't assigned to any role groups. To use this cmdlet, you need
to add the Mailbox Import Export role to a role group (for example, to the Organization Management role group).
Syntax
New-MailboxExportRequest [-Mailbox] <MailboxOrMailUserIdParameter> -FilePath <LongPath>
[-AcceptLargeDataLoss]
[-AssociatedMessagesCopyOption <DoNotCopy | MapByMessageClass | Copy>]
[-BadItemLimit <Unlimited>]
[-CompletedRequestAgeLimit <Unlimited>]
[-Confirm]
[-ConflictResolutionOption <KeepSourceItem | KeepLatestItem | KeepAll>]
[-ContentFilter <String>]
[-ContentFilterLanguage <CultureInfo>]
[-ExcludeDumpster]
[-ExcludeFolders <String[]>]
[-IncludeFolders <String[]>]
[-InternalFlags <InternalMrsFlag[]>]
[-IsArchive]
[-LargeItemLimit <Unlimited>]
[-MRSServer <Fqdn>]
[-Name <String>]
[-Priority <Normal | High>]
[-RemoteCredential <PSCredential>]
[-RemoteHostName <Fqdn>]
[-SkipMerging <SkippableMergeComponent[]>]
[-SourceRootFolder <String>]
[-Suspend]
[-SuspendComment <String>]
[-TargetRootFolder <String>]
[-WhatIf]
[-WorkloadType <None | Local | Onboarding | Offboarding | TenantUpgrade | LoadBalancing | Emergency |
RemotePstIngestion | SyncAggregation | RemotePstExport>]
New-MailboxExportRequest [-Mailbox] <MailboxLocationIdParameter> -FilePath <LongPath>
[-Confirm]
[-ConflictResolutionOption <KeepSourceItem | KeepLatestItem | KeepAll | UpdateFromSource | ForceCopy |
KeepTargetItem>]
[-ExcludeDumpster]
[-IsArchive]
[-Name <String>]
[-Priority <Lowest | Lower | Low | Normal | High | Higher | Highest | Emergency>]
[-RequestExpiryInterval <Unlimited>]
[-Suspend]
[-WhatIf]
RemotePstIngestion | SyncAggregation | RemotePstExport | XO1Migration | CrossResourceForest | ShadowSync |
XrmSharing | ThirdPartyContactSync>]
New-MailboxExportRequest [-Mailbox] <MailboxLocationIdParameter> -ComplianceStorePath <String> -

RemoteCredential <PSCredential>
[-Confirm]
[-IsArchive]
[-Name <String>]
[-PreferredMessageFormat <Default | Mime>]
[-Suspend]
[-WhatIf]
Description
You can create more than one mailbox export request per mailbox, and each mailbox export request must have a
unique name. Microsoft Exchange automatically generates up to 10 unique names for a mailbox export request.
However, to create more than 10 export requests for a mailbox, you need to specify a unique name when creating
the export request. You can remove existing export requests with the Remove-MailboxExportRequest cmdlet before
starting a new request with the default request name <alias>\MailboxExportX (where X = 0-9).
You need to grant the following permission to the group Exchange Trusted Subsystem to the network share where
you want to export or import PST files:
To import PST files from the share: Read permission
To save exported PST files to the share: Read/Write permission.
If you don't grant this permission, you will receive an error message stating that Exchange is unable to establish a
connection to the PST file on the network share.
Examples
-------------------------- Example 1 --------------------------
New-MailboxExportRequest -Mailbox AylaKol -FilePath "\\SERVER01\PSTFileShare\Ayla_Recovered.pst"
This example exports the user Ayla Kol's primary mailbox to a .pst file on the network shared folder PSTFileShare
on SERVER01.
-------------------------- Example 2 --------------------------
New-MailboxExportRequest -Mailbox Kweku -FilePath "\\SERVER01\PSTFileShare\Kweku_Archive.pst" -IsArchive
This example exports the user Kweku's archive to a .pst file on the network shared folder PSTFileShare on
SERVER01.
-------------------------- Example 3 --------------------------
New-MailboxExportRequest -Mailbox Tony -ContentFilter {(body -like "*company*") -and (body -like "*profit*") -
and (Received -lt "01/01/2018")} -FilePath "\\SERVER01\PSTFileShare\Tony_CompanyProfits.pst"
This example exports messages that contain the words "company" and "profit" in the body of the message for the
user Tony received before January 1, 2018.
-------------------------- Example 4 --------------------------
New-MailboxExportRequest -Mailbox Kweku -IncludeFolders "#Inbox#" -FilePath

\\SERVER01\PSTFileShare\Kweku\InPlaceHold.pst
This example exports all messages from Kweku's Inbox to the .pst file InPlaceHold.
Parameters
-AcceptLargeDataLoss
The AcceptLargeDataLoss switch specifies the request should continue even if a large number of items in the
source mailbox can't be copied to the target mailbox. You need to use this switch if you set either the BadItemLimit
or LargeItemLimit parameters to a value of 51 or higher. Otherwise, the command will fail.
Required: False
Position: Named
Default value: None
-AssociatedMessagesCopyOption
The AssociatedMessagesCopyOption parameter specifies whether associated messages are copied when the
request is processed. Associated messages are special messages that contain hidden data with information about
rules, views, and forms. By default, associated messages are copied. This parameter accepts the following values:
DoNotCopy: The associated messages aren't copied.
MapByMessageClass: This option finds the corresponding associated message by looking up the MessageClass
attribute of the source message. If there's an associated message of this class in both source and target folders,
it overwrites the associated message in the target. If there isn't an associated message in the target, it creates a
copy in the target.
Copy: This option copies associated messages from the source to the target. If the same message type exists
both in the source and the target location, these associated messages are duplicated. This is the default option.
Content filtering doesn't apply to associated messages.
Type: DoNotCopy | MapByMessageClass | Copy

Required: False
Position: Named
Default value: None
-BadItemLimit
The BadItemLimit parameter specifies the maximum number of bad items that are allowed before the request fails.
A bad item is a corrupt item in the source mailbox that can't be copied to the target mailbox. Also included in the
bad item limit are missing items. Missing items are items in the source mailbox that can't be found in the target
mailbox when the request is ready to complete.
Valid input for this parameter is an integer or the value unlimited. The default value is 0, which means the request
will fail if any bad items are detected. If you are OK with leaving a few bad items behind, you can set this parameter
to a reasonable value (we recommend 10 or lower) so the request can proceed. If too many bad items are detected,
consider using the New -MailboxRepairRequest cmdlet to attempt to fix corrupted items in the source mailbox, and
try the request again.
If you set this value to 51 or higher, you also need to use the AcceptLargeDataLoss switch. Otherwise, the
command will fail.
Type: Unlimited
Required: False
Position: Named
Default value: None
-BatchName
The BatchName parameter specifies a descriptive name for exporting a batch of mailboxes. You can use the name
in the BatchName parameter as a string search when you use the Get-MailboxExportRequest cmdlet.
Type: String
Required: False
Position: Named
Default value: None
-CompletedRequestAgeLimit
The CompletedRequestAgeLimit parameter specifies how long the request will be kept after it has completed
before being automatically removed. The default CompletedRequestAgeLimit is 30 days.
Type: Unlimited
Required: False
Position: Named
Default value: None
-ComplianceStorePath
Type: String
Required: True
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-ConflictResolutionOption
The ConflictResolutionOption parameter specifies what to do if there are multiple matching messages in the target.
Valid values are:
ForceCopy
KeepAll
KeepLatestItem
KeepSourceItem (This is the default value.)
KeepTargetItem
UpdateFromSource
Type: KeepSourceItem | KeepLatestItem | KeepAll

Required: False
Position: Named
Default value: None
-ContentFilter
The ContentFilter parameter specifies message content to search for. Only contents that match the ContentFilter
parameter will be exported into the .pst file.
Type: String
Required: False
Position: Named
Default value: None
-ContentFilterLanguage
The ContentFilterLanguage parameter specifies the language being used in the ContentFilter parameter for string
searches.
Type: CultureInfo
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-ExcludeDumpster
The ExcludeDumpster parameter specifies whether to exclude the Recoverable Items folder. You don't have to
include a value with this parameter. If you don't specify this parameter, the Recoverable Items folder is copied with
the following subfolders:
Deletions
Versions
Purges
Required: False
Position: Named
Default value: None
-ExcludeFolders
The ExcludeFolders parameter specifies the list of folders to exclude during the export.
Folder names aren't case-sensitive, and there are no character restrictions. Use the following syntax:
<FolderName>/*: Use this syntax to denote a personal folder under the folder specified in the SourceRootFolder
parameter, for example, "MyProjects" or "MyProjects/FY2010".
#<FolderName>#/*: Use this syntax to denote a well-known folder regardless of the folder's name in another
language. For example, #Inbox# denotes the Inbox folder even if the Inbox is localized in Turkish, which is Gelen
Kutusu. Well-known folders include the following types:
Inbox
SentItems
DeletedItems
Calendar
Contacts
Drafts
Journal
Tasks
Notes
JunkEmail
CommunicatorHistory
Voicemail
Fax
Conflicts
SyncIssues
LocalFailures
ServerFailures
If the user creates a personal folder with the same name as a well-known folder and the # symbol surrounding it,
you can use a back slash (\) as an escape character to specify that folder. For example, if a user creates a folder
named #Notes# and you want to specify that folder, but not the well-known Notes folder, use the following syntax:
\#Notes\#.
Wildcard characters can't be used in folder names.
Type: String[]
Required: False
Position: Named
Default value: None
-FilePath
The FilePath parameter specifies the network share path of the .pst file to which data is exported, for example,
\\SERVER01\PST Files\exported.pst.
Type: LongPath
Required: True
Position: Named
Default value: None
-IncludeFolders
The IncludeFolders parameter specifies the list of folders to include during the export.
Inbox
SentItems
DeletedItems
Calendar
Contacts
Drafts
Journal
Tasks
Notes
JunkEmail
CommunicationHistory
Voicemail
Fax
Conflicts
SyncIssues
LocalFailures
ServerFailures
\#Notes\#.
Type: String[]
Required: False
Position: Named
Default value: None
-InternalFlags
The InternalFlags parameter specifies the optional steps in the request. This parameter is used primarily for
debugging purposes.
Type: InternalMrsFlag[]
Required: False
Position: Named
Default value: None
-IsArchive
The IsArchive switch specifies that you're exporting from the user's archive. You don't need to specify a value with
this switch.
Required: False
Position: Named
Default value: None
-LargeItemLimit
The LargeItemLimit parameter specifies the maximum number of large items that are allowed before the request
fails. A large item is a message in the source mailbox that exceeds the maximum message size that's allowed in the
target mailbox. If the target mailbox doesn't have a specifically configured maximum message size value, the
organization-wide value is used.
For more information about maximum message size values, see the following topics:
Exchange 2016: Message size limits in Exchange 2016 (https://technet.microsoft.com/library/bb124345.aspx)
Exchange Online: Exchange Online Limits (https://go.microsoft.com/fwlink/p/?LinkId=524926)
will fail if any large items are detected. If you are OK with leaving a few large items behind, you can set this
parameter to a reasonable value (we recommend 10 or lower) so the request can proceed.
command will fail.
Type: Unlimited
Required: False
Position: Named
Default value: None
-Mailbox
The Mailbox parameter specifies the source mailbox where the contents are being exported from.
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-MRSServer
The MRSServer parameter specifies the FQDN of the Client Access server on which the instance of the Microsoft
Exchange Mailbox Replication service (MRS ) is running. This parameter is used for debugging purposes only. Use
this parameter only if directed by support personnel.
Type: Fqdn
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the name of the specific request for tracking and display purposes. Because you can
have multiple export requests per mailbox, Exchange precedes the name with the mailbox's alias. For example, if
you create an export request for a user's mailbox that has the alias Kweku and specify the value of this parameter as
PC1toArchive, the identity of this export request is Kweku\PC1toArchive.
If you don't specify a name using this parameter, Exchange generates up to 10 request names per mailbox, which is
MailboxExportX (where X = 0-9). The identity of the request is displayed and searchable as
<alias>\MailboxExportX.
Type: String
Required: False
Position: Named
Default value: None
-PreferredMessageFormat
Type: Default | Mime

Required: False
Position: Named
Default value: None
-Priority
The Priority parameter specifies the order in which the request should be processed in the request queue. Requests
are processed in order, based on server health, status, priority, and last update time. Valid priority values are:
Lower
Low
Normal (This is the default value.)
High
Higher
Highest
Emergency
Type: Normal | High

Required: False
Position: Named
Default value: None
-RemoteCredential
Type: PSCredential
Required: True
Position: Named
Default value: None
-RemoteHostName
Type: Fqdn
Required: False
Position: Named
Default value: None
-RequestExpiryInterval
The RequestExpiryInterval parameter specifies an age limit for a completed or failed request. When you use this
parameter, the completed or failed request is automatically removed after the specified interval expires. If you don't
use this parameter:
The completed request is automatically removed based on the CompletedRequestAgeLimit parameter value.
If the request fails, you need to manually remove it by using the corresponding Remove-*Request cmdlet.
seconds.
When you use the value Unlimited, the completed request isn't automatically removed.
Type: Unlimited
Required: False
Position: Named
Default value: None
-SkipMerging
The SkipMerging parameter specifies steps in the export that should be skipped. This parameter is used primarily
for debugging purposes.
Type: SkippableMergeComponent[]
Required: False
Position: Named
Default value: None
-SourceRootFolder
The SourceRootFolder parameter specifies the root folder of the mailbox from which data is exported. If this
parameter isn't specified, the command exports all folders.
Type: String
Required: False
Position: Named
Default value: None
-Suspend
The Suspend switch specifies whether to suspend the request. If you use this switch, the request is queued, but the
request won't reach the status of InProgress until you resume the request with the relevant resume cmdlet. You
don't have to specify a value with this switch.
Required: False
Position: Named
Default value: None
-SuspendComment
The SuspendComment parameter specifies a description about why the request was suspended. You can only use
this parameter if you specify the Suspend parameter.
Type: String
Required: False
Position: Named
Default value: None
-TargetRootFolder
The TargetRootFolder parameter specifies the top-level folder in which to export data. If you don't specify this
parameter, the command exports folders to the top of the folder structure in the target .pst file. Content is merged
under existing folders, and new folders are created if they don't already exist in the target folder structure.
Type: String
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-WorkloadType
The WorkloadType parameter is reserved for internal Microsoft use.
Type: None | Local | Onboarding | Offboarding | TenantUpgrade | LoadBalancing | Emergency | RemotePstIngestion

| SyncAggregation | RemotePstExport
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-MailboxFolder
In ths Article
may be exclusive to one environment or the other. Use the New -MailboxFolder cmdlet to create folders in your
own mailbox. Administrators can't use this cmdlet to create folders in other mailboxes (the cmdlet is available only
from the MyBaseOptions user role). For information about the parameter sets in the Syntax section below, see
Syntax
New-MailboxFolder [-Name] <String> -Parent <MailboxFolderIdParameter> [-Confirm] [-DomainController <Fqdn>]
Description
If no parent folder is specified, the cmdlet creates a mail folder in the root folder hierarchy of the mailbox. If the
mailbox isn't specified, the cmdlet creates the folder in the mailbox of the user currently running the task. When
run, the cmdlet returns the new folder name and the folder path as the output.
required to run any Exchange cmdlet (https://technet.microsoft.com/library/mt432940.aspx). .
Examples
-------------------------- Example 1 --------------------------
New-MailboxFolder -Parent Tony:\Inbox -Name Personal
This example creates the folder Personal under the Inbox folder of Tony's mailbox.
-------------------------- Example 2 --------------------------
New-MailboxFolder -Parent Tony -Name Personal
This example creates the folder Personal in the root folder hierarchy of Tony's mailbox.
-------------------------- Example 3 --------------------------
New-MailboxFolder -Parent :\Inbox -Name Personal
This example creates the folder Personal under the Inbox folder in the mailbox for Tony who's running the
command.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the name of the new folder. If the value contains spaces, enclose the value in
Type: String
Required: True
Position: 1
Default value: None
-Parent
The Parent parameter specifies values of the mailbox identity and the parent folder under which the new folder is to
be created. If the parent folder isn't specified, the cmdlet creates the folder in the root folder hierarchy of the
specified mailbox. You specify values for this parameter by using the syntax: <Mailbox Identity>:<Parent>
Valid values for <Mailbox Identity> are unique identifiers for the mailbox. For example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Values for <Parent> can be both the store object ID and a path string such as "\Inbox\Personal".
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-MailboxImportRequest
In ths Article
may be exclusive to one environment or the other. Use the New -MailboxImportRequest cmdlet to begin the
process of importing a .pst file to a mailbox or archive that's hosted in on-premises Exchange. Importing .pst files is
not possible in Exchange Online. This cmdlet is available only in the Mailbox Import Export role, and by default, the
role isn't assigned to any role groups. To use this cmdlet, you need to add the Mailbox Import Export role to a role
group (for example, to the Organization Management role group). For more information, see the "Add a role to a
role group" section in Manage role groups (https://technet.microsoft.com/library/jj657480.aspx). For information
Syntax
New-MailboxImportRequest [-Mailbox] <MailboxOrMailUserIdParameter> -FilePath <LongPath>
[-Confirm]
[-ConflictResolutionOption <KeepSourceItem | KeepLatestItem | KeepAll>]
[-ContentCodePage <Int32>]
[-ExcludeDumpster]
[-IsArchive]
[-MRSServer <Fqdn>]
[-Name <String>]
[-Suspend]
[-WhatIf]
New-MailboxImportRequest [-Mailbox] <MailboxLocationIdParameter> -FilePath <LongPath>
[-Confirm]
KeepTargetItem>]
[-ExcludeDumpster]
[-IsArchive]
[-MigrationMailbox <MailboxIdParameter>]
[-Name <String>]
[-SourceEndpoint <MigrationEndpointIdParameter>]
[-Suspend]
[-WhatIf]
New-MailboxImportRequest [-Mailbox] <MailboxLocationIdParameter> -AzureBlobStorageAccountUri <Uri> -
AzureSharedAccessSignatureToken <String>
[-AzureStatusPublishEndpointInfo <String>]
[-Confirm]
KeepTargetItem>]
[-ExcludeDumpster]
[-IsArchive]
[-MRSContentFilterSasUri <Uri>]
[-Name <String>]
[-Suspend]
[-WhatIf]
New-MailboxImportRequest [-Mailbox] <MailboxLocationIdParameter> -RemoteFilePath <LongPath> -RemoteHostName
<Fqdn>
[-Confirm]
KeepTargetItem>]
[-ExcludeDumpster]
[-IsArchive]
[-Name <String>]
[-Suspend]
[-WhatIf]
Description
You can create more than one mailbox import request per mailbox and each mailbox import request must have a
unique name. Microsoft Exchange automatically generates up to 10 unique names for a mailbox import request.
However, to create more than 10 import requests for a mailbox, you need to specify a unique name when creating
the import request, or you can remove existing import requests with the Remove-MailboxExportRequest cmdlet
before starting a new import request with the default request <Alias>\MailboxImportX (where X = 0-9).
By default, the import checks for duplication of items and doesn't copy the data from the .pst file into the mailbox or
archive if a matching item exists in the target mailbox or target archive.
In on-premises Exchange, you need to grant the following permission to the group Exchange Trusted Subsystem to
the network share where you want to export or import PST files:
Examples
-------------------------- Example 1 --------------------------
New-MailboxImportRequest -Mailbox Ayla -FilePath \\SERVER01\PSTFiles\Recovered.pst -TargetRootFolder
"RecoveredFiles" -IncludeFolders "#Inbox#"
This example imports a recovered .pst file on SERVER01 into the user Ayla's primary mailbox. Only data in the .pst
file's Inbox is imported. The data is imported into the RecoveredFiles folder of the target mailbox for Ayla.
-------------------------- Example 2 --------------------------
New-MailboxImportRequest User2 -FilePath \\server\share\User1.pst -IsArchive -TargetRootFolder /
This example imports a .pst file into Kweku's archive folder. The TargetRootFolder isn't specified; therefore, content
is merged under existing folders and new folders are created if they don't already exist in the target folder structure.
-------------------------- Example 3 --------------------------
Dir \\SERVER01\PSTshareRO\Recovered\*.pst | %{ New-MailboxImportRequest -Name RecoveredPST -BatchName Recovered

-Mailbox $_.BaseName -FilePath $_.FullName -TargetRootFolder SubFolderInPrimary}
This example imports all of the .pst files on a shared folder. Each .pst file name is named after a corresponding
user's alias. The command creates an import request for all the .pst files and imports the data into the matching
mailbox.
Parameters
Required: False
Position: Named
Default value: None
DoNotCopy: The associated messages aren't copied.
copy in the target.
both in the source and the target location, these associated messages are duplicated. This is the default option.
Required: False
Position: Named
Default value: None
-AzureBlobStorageAccountUri
PARAMVALUE: Uri
Type: Uri
Required: True
Position: Named
Default value: None
-AzureSharedAccessSignatureToken
PARAMVALUE: String
Type: String
Required: True
Position: Named
Default value: None
-AzureStatusPublishEndpointInfo
PARAMVALUE: String
Type: String
Required: False
Position: Named
Default value: None
-BadItemLimit
command will fail.
Type: Unlimited
Required: False
Position: Named
Default value: None
-BatchName
The BatchName parameter specifies a descriptive name for importing a batch of mailboxes. You can use the name
in the BatchName parameter as a string search when you use the Get-MailboxImportRequest cmdlet.
Type: String
Required: False
Position: Named
Default value: None
before being automatically removed. The default value of the CompletedRequestAgeLimit parameter is 30 days.
Type: Unlimited
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
Valid values are:
ForceCopy
KeepAll
KeepLatestItem
KeepTargetItem
UpdateFromSource
Type: KeepSourceItem | KeepLatestItem | KeepAll

Required: False
Position: Named
Default value: None
-ContentCodePage
The ContentCodePage parameter specifies the specific code page to use for an ANSI pst file. ANSI pst filesare used
in Outlook 97 to Outlook 2002. You can find the valid values in the Code Page Identifiers
(https://go.microsoft.com/fwlink/p/?linkId=328514) topic.
Type: Int32
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-ExcludeDumpster
Deletions
Versions
Purges
Required: False
Position: Named
Default value: None
-ExcludeFolders
The ExcludeFolders parameter specifies the list of folders to exclude during the import.
Inbox
SentItems
DeletedItems
Calendar
Contacts
Drafts
Journal
Tasks
Notes
JunkEmail
CommunicatorHistory
Voicemail
Fax
Conflicts
SyncIssues
LocalFailures
ServerFailures
\#Notes\#.
If the TargetRootFolder parameter isn't specified when the Recoverable Items folder is imported, the recoverable
item content is placed in the Recoverable Items folder of the target mailbox or archive.
Type: String[]
Required: False
Position: Named
Default value: None
-FilePath
The FilePath parameter specifies the network share path of the .pst file from which data is imported, for example,
\\SERVER01\PST Files\ToImport.pst.
Type: LongPath
Required: True
Position: Named
Default value: None
-IncludeFolders
The IncludeFolders parameter specifies the list of folders to include during the import.
Inbox
SentItems
DeletedItems
Calendar
Contacts
Drafts
Journal
Tasks
Notes
JunkEmail
Voicemail
Fax
Conflicts
SyncIssues
LocalFailures
ServerFailures
\#Notes\#.
Type: String[]
Required: False
Position: Named
Default value: None
-InternalFlags
debugging purposes.
Required: False
Position: Named
Default value: None
-IsArchive
The IsArchive switch specifies that you're importing the .pst file into the user's archive. You don't need to specify a
Required: False
Position: Named
Default value: None
-LargeItemLimit
command will fail.
Type: Unlimited
Required: False
Position: Named
Default value: None
-Mailbox
The Mailbox parameter specifies the destination mailbox where the content is being imported to.
In Exchange 2016 CU7 or later and Exchange Online, this parameter is the type MailboxLocationIdParameter, so
the easiest value that you can use to identify the mailbox is the Alias value.
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-MigrationMailbox
Required: False
Position: Named
Default value: None
-MRSContentFilterSasUri
Type: Uri
Required: False
Position: Named
Default value: None
-MRSServer
Type: Fqdn
Required: False
Position: Named
Default value: None
-Name
have multiple import requests per mailbox, Exchange precedes the name with the mailbox's alias. For example, if
you create an import request for a user's mailbox that has the alias Kweku and specify the value of this parameter
as PC1toArchive, the identity of this import request is Kweku\PC1toArchive.
If you don't specify a name using this parameter, Exchange generates up to 10 request names per mailbox, which is
MailboxImportX (where X = 0-9). The identity of the request is displayed and searchable as
<alias>\MailboxImportX.
Type: String
Required: False
Position: Named
Default value: None
-Priority
The Priority parameter specifies the order in which this request should be processed in the request queue. Requests
are processed in order, based on server health, status, priority and last update time.
Type: Normal | High

Required: False
Position: Named
Default value: None
-RemoteCredential
The RemoteCredential parameter specifies the credentials of an administrator who has permission to perform the
mailbox import request.
Type: PSCredential
Required: False
Position: Named
Default value: None
-RemoteFilePath
Type: LongPath
Required: True
Position: Named
Default value: None
-RemoteHostName
Type: Fqdn
Required: True
Position: Named
Default value: None
use this parameter:
seconds.
Type: Unlimited
Required: False
Position: Named
Default value: None
-SkipMerging
The SkipMerging parameter specifies steps in the import that should be skipped. This parameter is used primarily
Required: False
Position: Named
Default value: None
-SourceEndpoint
Type: MigrationEndpointIdParameter
Required: False
Position: Named
Default value: None
-SourceRootFolder
The SourceRootFolder parameter specifies the root folder of the .pst file from which data is imported. When
specified, the folder hierarchy outside the value of the SourceRootFolder parameter isn't imported, and the
SourceRootFolder parameter is mapped to the TargetRootFolder parameter. If this parameter isn't specified, the
command imports all folders.
Type: String
Required: False
Position: Named
Default value: None
-Suspend
Required: False
Position: Named
Default value: None
-SuspendComment
Type: String
Required: False
Position: Named
Default value: None
-TargetRootFolder
The TargetRootFolder parameter specifies the top-level mailbox folder that the imported content is placed in. If you
don't specify this parameter, the command imports folders to the top of the folder structure in the target mailbox or
archive. If the folder already exists, content is merged under existing folders, and new folders are created if they
don't already exist in the target folder structure.
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-WorkloadType

Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-MailboxRestoreRequest
In ths Article
may be exclusive to one environment or the other. Use the New -MailboxRestoreRequest cmdlet to restore a soft-
deleted or disconnected mailbox. This cmdlet starts the process of moving content from the soft-deleted mailbox,
disabled mailbox, or any mailbox in a recovery database into a connected primary or archive mailbox. For
Syntax
New-MailboxRestoreRequest -SourceDatabase <DatabaseIdParameter> -SourceStoreMailbox <StoreMailboxIdParameter> -
TargetMailbox <MailboxLocationIdParameter>
[-AllowLegacyDNMismatch]
[-Confirm]
KeepTargetItem>]
[-ExcludeDumpster]
[-Name <String>]
[-Suspend]
[-TargetIsArchive]
[-TargetType <Primary | Archive | MailboxLocation>]
[-WhatIf]
New-MailboxRestoreRequest -SourceDatabase <DatabaseIdParameter> -SourceStoreMailbox <StoreMailboxIdParameter> -
TargetMailbox <MailboxOrMailUserIdParameter>
[-Confirm]
KeepTargetItem>]
[-ExcludeDumpster]
[-MRSServer <Fqdn>]
[-Name <String>]
[-Suspend]
[-TargetIsArchive]
[-WhatIf]
New-MailboxRestoreRequest -RemoteCredential <PSCredential> -RemoteDatabaseGuid <Guid> -RemoteHostName <Fqdn> -

RemoteRestoreType <None | RecoveryDatabase | DisconnectedMailbox | SoftDeletedRecipient> -SourceStoreMailbox
<StoreMailboxIdParameter> -TargetMailbox <MailboxLocationIdParameter>
[-Confirm]
KeepTargetItem>]
[-ExcludeDumpster]
[-Name <String>]
[-Suspend]
[-TargetIsArchive]
[-WhatIf]
New-MailboxRestoreRequest -SourceStoreMailbox <StoreMailboxIdParameter> -TargetMailbox
<MailboxOrMailUserIdParameter>
[-Confirm]
KeepTargetItem>]
[-ExcludeDumpster]
[-Name <String>]
[-Suspend]
[-TargetIsArchive]
[-WhatIf]
New-MailboxRestoreRequest -SourceMailbox <MailboxLocationIdParameter> -TargetMailbox

<MailboxLocationIdParameter>
[-Confirm]
KeepTargetItem>]
[-ExcludeDumpster]
[-Name <String>]
[-SourceIsArchive]
[-Suspend]
[-TargetIsArchive]
[-WhatIf]
Description
When mailboxes are moved from one database to another, Exchange doesn't fully delete the mailbox from the
source database immediately upon completion of the move. Instead, the mailbox in the source mailbox database is
switched to a soft-deleted state, which allows mailbox data to be accessed during a mailbox restore operation by
using the new MailboxRestoreRequest cmdlet set. The soft-deleted mailboxes are retained in the source database
until either the deleted mailbox retention period expires or you use the Remove-StoreMailbox cmdlet to purge the
mailbox.
To view soft-deleted mailboxes, run the Get-MailboxStatistics cmdlet against a database and look for results that
have a DisconnectReason with a value of SoftDeleted. For more information, see Example 1 later in this topic.
A mailbox is marked as Disabled a short time after the Disable-Mailbox or Remove-Mailbox command completes.
The mailbox won't be marked as Disabled until the Microsoft Exchange Information Store service determines that
Active Directory has been updated with the disabled mailbox's information. You can expedite the process by
running the Update-StoreMailboxState cmdlet against that database.
Exchange retains disabled mailboxes in the mailbox database based on the deleted mailbox retention settings
configured for that mailbox database. After the specified period of time, the mailbox is permanently deleted.
To view disabled mailboxes, run the Get-MailboxStatistics cmdlet against a database and look for results that have a
DisconnectReason with a value of Disabled. For more information, see Example 1 later in this topic.
Examples
-------------------------- Example 1 --------------------------
Get-MailboxStatistics -Database MBD01 | Where {$_.DisconnectReason -eq "SoftDeleted" -or $_.DisconnectReason -

eq "Disabled"} | Format-List LegacyDN, DisplayName, MailboxGUID, DisconnectReason
To create a restore request, you must provide the DisplayName, LegacyDN, or MailboxGUID for the soft-deleted or
disabled mailbox.
This example uses the Get-MailboxStatistics cmdlet to return the DisplayName, LegacyDN, MailboxGUID, and
DisconnectReason for all mailboxes on mailbox database MBD01 that have a disconnect reason of SoftDeleted or
Disabled.
-------------------------- Example 2 --------------------------
New-MailboxRestoreRequest -SourceDatabase "MBD01" -SourceStoreMailbox 1d20855f-fd54-4681-98e6-e249f7326ddd -

TargetMailbox Ayla
This example restores the source mailbox with the MailboxGUID 1d20855f-fd54-4681-98e6-e249f7326ddd on
mailbox database MBD01 to the target mailbox with the alias Ayla.
-------------------------- Example 3 --------------------------
New-MailboxRestoreRequest -SourceDatabase "MBD01" -SourceStoreMailbox "Tony Smith" -TargetMailbox

Tony@contoso.com -TargetIsArchive
This example restores the content of the source mailbox with the DisplayName of Tony Smith on mailbox database
MBD01 to the archive mailbox for Tony@contoso.com.
Parameters
Required: False
Position: Named
Default value: None
-AllowLegacyDNMismatch
The AllowLegacyDNMismatch switch specifies that the operation should continue if the LegacyExchangeDN of the
source physical mailbox and the target mailbox don't match. You don't need to specify a value with this switch.
By default, this cmdlet checks to make sure that the LegacyExchangeDN on the source physical mailbox is present
on the target user in the form of the LegacyExchangeDN or an X500 proxy address that corresponds to the
LegacyExchangeDN. This check prevents you from accidentally restoring a source mailbox into the incorrect target
mailbox.
Required: False
Position: Named
Default value: None
DoNotCopy: The associated messages aren't copied. This is the default option.
copy in the target.
both in the source and the target location, these associated messages are duplicated.
Required: False
Position: Named
Default value: None
-BadItemLimit
command will fail.
Type: Unlimited
Required: False
Position: Named
Default value: None
-BatchName
The BatchName parameter specifies a descriptive name for restoring a batch of mailboxes. You can use the name in
the BatchName parameter as a string search when you use the Get-MailboxRestoreRequest cmdlet.
Type: String
Required: False
Position: Named
Default value: None
The CompletedRequestAgeLimit parameter specifies how long the status of a completed restore request is set to
Completed. If this parameter is set to a value of 0, the status is cleared immediately instead of being changed to
Completed.
Type: Unlimited
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
Valid values are:
ForceCopy
KeepAll
KeepLatestItem
KeepTargetItem
UpdateFromSource
Type: KeepSourceItem | KeepLatestItem | KeepAll | UpdateFromSource | ForceCopy | KeepTargetItem

Required: False
Position: Named
Default value: KeepSourceItem
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-ExcludeDumpster
Deletions
Versions
Purges
Required: False
Position: Named
Default value: None
-ExcludeFolders
The ExcludeFolders parameter specifies the list of folders to exclude during the restore request.
Inbox
SentItems
DeletedItems
Calendar
Contacts
Drafts
Journal
Tasks
Notes
JunkEmail
CommunicatorHistory
Voicemail
Fax
Conflicts
SyncIssues
LocalFailures
ServerFailures
\#Notes\#.
Type: String[]
Required: False
Position: Named
Default value: None
-IncludeFolders
The IncludeFolders parameter specifies the list of folder to include during the restore request.
Inbox
SentItems
DeletedItems
Calendar
Contacts
Drafts
Journal
Tasks
Notes
JunkEmail
Voicemail
Fax
Conflicts
SyncIssues
LocalFailures
ServerFailures
\#Notes\#.
Type: String[]
Required: False
Position: Named
Default value: None
-InternalFlags
debugging purposes.
Required: False
Position: Named
Default value: None
-LargeItemLimit
command will fail.
Type: Unlimited
Required: False
Position: Named
Default value: None
-MRSServer
Type: Fqdn
Required: False
Position: Named
Default value: None
-Name
have multiple restore requests per mailbox, Exchange precedes the name with the mailbox's alias. For example, if
you create an export request for a user's mailbox that has the alias Kweku and specify the value of this parameter as
RestoreFailedMoves, the identity of this export request is Kweku\RestoreFailedMoves.
If you didn't specify a name for the restore request when it was created, Exchange automatically generates the
Type: String
Required: False
Position: Named
Default value: None
-Priority
Lowest
Lower
Low
Normal (This is the default value.)
High
Higher
Highest
Emergency
Type: Normal | High
Required: False
Position: Named
Default value: None
-RemoteCredential
Type: PSCredential
Required: True
Position: Named
Default value: None
-RemoteDatabaseGuid
Type: Guid
Required: True
Position: Named
Default value: None
-RemoteHostName
Type: Fqdn
Required: True
Position: Named
Default value: None
-RemoteRestoreType
Type: None | RecoveryDatabase | DisconnectedMailbox | SoftDeletedRecipient

Required: True
Position: Named
Default value: None
use this parameter:
seconds.
Type: Unlimited
Required: False
Position: Named
Default value: None
-SkipMerging
The SkipMerging parameter specifies folder-related items to skip when restoring the mailbox. Use one of the
following values:
FolderRules
FolderACLs
InitialConnectionValidation
Use this parameter only if a restore request fails because of folder rules, folder access control lists (ACLs), or initial
connection validation.
Required: False
Position: Named
Default value: None
-SourceDatabase
The SourceDatabase parameter specifies the identity of the database from which you're restoring the soft-deleted
or disconnected mailbox. You can use any value that uniquely identifies the database. For example:
Name
GUID
Required: True
Position: Named
Default value: None
-SourceIsArchive
The SourceIsArchive switch specifies that the source mailbox is an archive mailbox. You can use this switch only
with the SourceMailbox parameter.
Required: False
Position: Named
Default value: None
-SourceMailbox
The SourceMailbox parameter specifies the soft-deleted mailbox that you want to restore. The best way to identify
the soft-deleted mailbox is by its GUID value. You can find the GUID value by running the following command:
Get-Mailbox -SoftDeletedMailbox.
Type: SourceMailbox
Required: True
Position: Named
Default value: None
-SourceRootFolder
The SourceRootFolder parameter specifies the root folder of the mailbox from which data is restored. If this
parameter isn't specified, the command restores all folders.
Type: String
Required: False
Position: Named
Default value: None
-SourceStoreMailbox
The SourceStoreMailbox parameter specifies the MailboxGUID of the source mailbox that you want to restore
content from.
You can find the MailboxGUID by running the Get-MailboxStatistics cmdlet.
Required: True
Position: Named
Default value: None
-Suspend
Required: False
Position: Named
Default value: None
-SuspendComment
Type: String
Required: False
Position: Named
Default value: None
-TargetIsArchive
The TargetIsArchive parameter specifies that the content is restored into the specified target mailbox's archive.
Required: False
Position: Named
Default value: None
-TargetMailbox
The TargetMailbox parameter specifies the GUID of the target mailbox or mail user where you want to restore
content to. The target mailbox or mail user needs to exist before you can run this command successfully.
You can find the GUID value for the mailbox or mail user by running the Get-Mailbox or Get-MailUser cmdlets.
In Exchange 2016 or later and Exchange Online, this parameter is the type MailboxLocationIdParameter.
In Exchange 2013 or earlier, this parameter is the type MailboxOrMailUserIdParameter.
Required: True
Position: Named
Default value: None
-TargetRootFolder
The TargetRootFolder parameter specifies the top-level folder in which to restore data. If you don't specify this
parameter, the command restores folders to the top of the folder structure in the target mailbox or archive. Content
is merged under existing folders, and new folders are created if they don't already exist in the target folder
structure.
Type: String
Required: False
Position: Named
Default value: None
-TargetType
The TargetType parameter specifies the type of mailbox that's the target for the restore operation. Valid values are:
Archive
MailboxLocation
Primary (This is the default value)
Type: Primary | Archive | MailboxLocation

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-WorkloadType
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-MailMessage
In ths Article
may be exclusive to one environment or the other. Use the New -MailMessage cmdlet to create an email message
for the specified user mailbox and place the email message in the Drafts folder of the user's mailbox. For
Syntax
New-MailMessage [[-Body] <String>] -Mailbox <MailboxIdParameter> [-BodyFormat <PlainText | Html | Rtf>]
[-Confirm] [-DomainController <Fqdn>] [-Subject <String>] [-WhatIf] [<CommonParameters>]
Description
If the cmdlet is run without specifying the Subject or Body parameters, an empty email message is placed in the
user's Drafts folder.
Examples
-------------------------- Example 1 --------------------------
New-MailMessage -Subject "Delivery Report" -Body "Click here to view this report" -Mailbox tony
In Exchange Server 2010, this example creates an message in the Drafts folder of Tony's mailbox, with the subject
and body specified by the Subject and Body parameters. The message body is rendered in plain text because no
format for the message body is specified.
-------------------------- Example 2 --------------------------
New-MailMessage -Subject "Delivery Report" -Body "Click here to view this report"
This example creates an email message in the Drafts folder with the subject and body specified by the Subject and
Body parameters. The message body is rendered in plain text because no format for the message body is specified.
-------------------------- Example 3 --------------------------
New-MailMessage -Mailbox tony@contoso.com

In Exchange Server 2010, this example creates an empty message in the Drafts folder of Tony's mailbox because no
subject or message body is specified.
-------------------------- Example 4 --------------------------
New-MailMessage
This example creates an empty email message in the Drafts folder because no subject or message body is specified.
-------------------------- Example 5 --------------------------
New-MailMessage -Subject "Delivery Information" -Body "Click here to see details" -Mailbox tony -BodyFormat
Html
In Exchange Server 2010, this example creates an message in the Drafts folder of Tony's mailbox with the subject
and body specified by the Subject and Body parameters. The message body is rendered in HTML format.
-------------------------- Example 6 --------------------------
New-MailMessage -Subject "Delivery Information" -Body "Click here to see details" -BodyFormat Html
This example creates an email message in the Drafts folder with the subject and body specified by the Subject and
Body parameters. The message body is rendered in HTML format.
Parameters
-Body
The Body parameter specifies the content of the body section of the new email message.
Type: String
Required: False
Position: 1
Default value: None
-BodyFormat
The BodyFormat parameter specifies the format of the message body. The values can be PlainText, Rtf (Rich Text
Format), or Html. By default, if the BodyFormat parameter isn't specified when the Body parameter is used, the
message body is rendered in plain text.
Type: PlainText | Html | Rtf

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Mailbox
The Mailbox parameter specifies the target mailbox where the message is created. You can use any value that
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: Named
Default value: None
-Subject
The Subject parameter specifies the content of the subject field of the new email message.
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-SiteMailbox
In ths Article
This cmdlet is available only in on-premises Exchange. Site mailboxes were removed from Exchange Online and
SharePoint Online in 2017. The New -SiteMailbox cmdlet is used by the Microsoft SharePoint and Microsoft
Exchange user interfaces to create site mailboxes. We recommend that you don't use this cmdlet in the Exchange
Management Shell; instead use SharePoint to create the site mailbox. This cmdlet should only be used for
diagnostic and troubleshooting purposes. For information about the parameter sets in the Syntax section below, see
Syntax
New-SiteMailbox [[-DisplayName] <String>] -SharePointUrl <Uri>
[-Alias <String>]
[-Confirm]
[-Force]
[-Name <String>]
[-OverrideRecipientQuotas]
Description
Examples
-------------------------- Example 1 --------------------------
New-SiteMailbox
You can't run this cmdlet from the Exchange Management Shell. Use SharePoint to create a site mailbox.
Parameters
-Alias
The Alias parameter specifies the alias of the site mailbox.
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Database
The Database parameter specifies the mailbox database that holds the mailbox data for the site mailbox. You can
Name
GUID
Required: False
Position: Named
Default value: None
-DisplayName
The DisplayName parameter specifies the display name that displays in the user's global address list and on
SharePoint.
Type: String
Required: False
Position: 1
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Force
This parameter specifies whether to test that the site mailbox provisioning is working independently of the
SharePoint deployment. We recommend that you never use this parameter for production site mailboxes.
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the name of the site mailbox.
Type: String
Required: False
Position: Named
Default value: None
-OrganizationalUnit
The OrganizationalUnit parameter specifies the organizational unit in which the site mailbox resides.
Required: False
Position: Named
Default value: None
-OverrideRecipientQuotas
Required: False
Position: Named
Default value: None
-SharePointUrl
The SharePointUrl parameter specifies the SharePoint URL where the site mailbox is hosted, for example,
"https://myserver/teams/edu".
Type: Uri
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-SweepRule
In ths Article
may be exclusive to one environment or the other. Use the New -SweepRule cmdlet to create Sweep rules in
mailboxes. Sweep rules run a regular intervals to help keep your Inbox clean. For information about the parameter
Syntax
New-SweepRule [-Name] <String> -Provider <String> [-Confirm] [-DestinationFolder <MailboxFolderIdParameter>]
[-DomainController <Fqdn>] [-Enabled <$true | $false>] [-ExceptIfFlagged <$true | $false>]
[-ExceptIfPinned <$true | $false>] [-KeepForDays <Int32>] [-KeepLatest <Int32>]
[-Mailbox <MailboxIdParameter>] [-Sender <RecipientIdParameter>] [-SourceFolder <MailboxFolderIdParameter>]
[-SystemCategory <NotDefined | FromContact | Newsletter | Photo | SocialUpdate | Video | Document | File |
MailingList | ShippingNotification | LiveView | DocumentPlus | Important | Family | Bills | Shopping | Travel |
Flight | RestaurantReservation | Lodging | RentalCar | Purchase | Event | RetiredPromotion>]
Description
Examples
-------------------------- Example 1 --------------------------
New-SweepRule -Name "From Michelle" -Mailbox "Felipe Apodaca" -Provider Exchange16 -Sender
michelle@fabrikam.com -KeepLatest 1
This example creates a new Sweep rule named "From Michelle" in Felipe Apodaca's mailbox that keeps the latest
message from michelle@fabrikam.com in the Inbox folder, and moves older messages to the Deleted Items folder.
-------------------------- Example 2 --------------------------
New-SweepRule -Name "From Lila" -Mailbox "Felipe Apodaca" -Provider Exchange16 -Sender lila@fabrikam.com -
KeepForDays 10
This example creates a new Sweep rule named "From Lila" in Felipe Apodaca's mailbox that moves messages from
lila@fabrikam.com in the Inbox folder that are older than 10 days to the Deleted Items folder.
-------------------------- Example 3 --------------------------
New-SweepRule -Name "From Jeff" -Mailbox "Felipe Apodaca" -Provider Exchange16 -Sender jeffm@fabrikam.com -
SourceFolder "Felipe:\Sent Items" -KeepForDays 10
This example creates a new Sweep rule named "From Jeff" in Felipe Apodaca's mailbox that moves messages from
jeffm@fabrikam.com in the Sent Items folder that are older than 10 days to the Deleted Items folder.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DestinationFolder
The DestinationFolder parameter specifies an action for the Sweep rule that moves messages to the specified folder
based on the conditions of the rule.
The default value is Deleted Items.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter specifies whether the Sweep rule is enabled or disabled. Valid values are:
After you create the rule, you can enable or disable it by using the Enable-SweepRule and Disable-SweepRule
cmdlets.

Required: False
Position: Named
Default value: None
-ExceptIfFlagged
The ExceptIfFlagged parameter specifies an exception for the Sweep rule that looks messages with a message flag
applied. Valid values are:
$true: The rule action isn't applied to messages that have a message flag applied.
The typical message flag values are:
Any
Call
DoNotForward
FollowUp
ForYourInformation
Forward
NoResponseNecessary
Read
Reply
ReplyToAll
Review

Required: False
Position: Named
Default value: None
-ExceptIfPinned
The PinMessage parameter specifies an exception for the Sweep rule that looks for pinned messages. Valid values
are:
$true: The rule action isn't applied to messages that are pinned to the top of the Inbox.

Required: False
Position: Named
Default value: None
-KeepForDays
The KeepForDays parameter specifies an action for the Sweep rule that specifies the number of days to keep
messages that match the conditions of the rule. After the number of days have passed, the messages are moved to
the location that's specified by the DestinationFolder parameter (by default, the Deleted Items folder).
You can't use this parameter with the KeepLatest parameter and the Sweep rule must contain a KeepForDays or
KeepLatest parameter value.
Type: Int32
Required: False
Position: Named
Default value: None
-KeepLatest
The KeepLatest parameter specifies an action for the Sweep rule that specifies the number of messages to keep that
match the conditions of the rule. After the number of messages is exceeded, the oldest messages are moved to the
location that's specified by the DestinationFolder parameter (by default, the Deleted Items folder).
You can't use this parameter with the KeepForDays parameter and the Sweep rule must contain a KeepForDays or
Type: Int32
Required: False
Position: Named
Default value: None
-Mailbox
The Mailbox parameter specifies the mailbox where you want to create the Sweep rule. You can use any value that
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the name of the Sweep rule. If the value contains spaces, enclose the value in
quotation marks.
Type: String
Required: True
Position: 1
Default value: None
-Provider
The Provider parameter specifies the provider for the Sweep rule. If the value contains spaces, enclose the value in
quotation marks.
For Sweep rules that you create in Outlook on the web, the default value is Exchange16.
Type: String
Required: True
Position: Named
Default value: None
-Sender
The Sender parameter specifies a condition for the Sweep rule that looks for the specified sender in messages. For
internal senders, you can use any value that uniquely identifies the sender. For example:
Name
Alias
Canonical DN
Email address
GUID
For external senders, use their email address.
Required: False
Position: Named
Default value: None
-SourceFolder
The SourceFolder parameter specifies a condition for the Sweep rule that looks for messages in the specified folder.
The default value is Inbox.
Required: False
Position: Named
Default value: None
-SystemCategory
The SystemCategory parameter specifies a condition for the sweep rule that looks for messages with the specified
system category. System categories are available to all mailboxes in the organization. Valid values are:
NotDefined
Bills
Document
DocumentPlus
Event
Family
File
Flight
FromContact
Important
LiveView
Lodging
MailingList
Newsletter
Photo
Purchase
RentalCar
RetiredPromotion
Shopping
SocialUpdate
Travel
Video
Type: NotDefined | FromContact | Newsletter | Photo | SocialUpdate | Video | Document | File | MailingList |
ShippingNotification | LiveView | DocumentPlus | Important | Family | Bills | Shopping | Travel | Flight |
RestaurantReservation | Lodging | RentalCar | Purchase | Event | RetiredPromotion
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Remove-App
In ths Article
may be exclusive to one environment or the other. Use the Remove-App cmdlet to uninstall an app. For information
Syntax
Remove-App [-Identity] <AppIdParameter> [-Confirm] [-DomainController <Fqdn>] [-Mailbox <MailboxIdParameter>]
[-OrganizationApp] [-WhatIf] [-PrivateCatalog] [<CommonParameters>]
Description
The Remove-App cmdlet requires that the specified app has already been installed (for example, that the app has
been installed with the New -App cmdlet. Apps installed by default can't be uninstalled, but they can be disabled.
Examples
-------------------------- Example 1 --------------------------
Remove-App -Identity -Mailbox Tony
This example removes the Finance Test app installed for user Tony.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the AppID (GUID value) of the app that you want to remove. To find the GUID
value of an app, run the command Get-App | Format-Table -Auto DisplayName,AppId.
Required: True
Position: 1
Default value: None
-Mailbox
The Mailbox parameter specifies the mailbox that you want to modify. You can use any value that uniquely
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-OrganizationApp
The OrganizationApp parameter specifies that the scope of the app is organizational. This is set to $false by default.
This parameter is required if the targeted app is installed for the organization.
Required: False
Position: Named
Default value: None
-PrivateCatalog
The PrivateCatalog switch specifies that the app you want to remove is located in a private catalog. You don't need
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-CalendarEvents
In ths Article
may be exclusive to one environment or the other. Use the Remove-CalendarEvents cmdlet to cancel future
meetings in user or resource mailboxes. Cancelling future meetings removes them from attendee and resource
calendars (for example, you're going to remove the mailbox, or the user is going on a leave of absence). For
Syntax
Remove-CalendarEvents [-Identity] <MailboxIdParameter>
[-CancelOrganizedMeetings]
[-Confirm]
[-PreviewOnly]
[-QueryStartDate <ExDateTime>]
[-QueryWindowInDays <Int32>]
Description
This cmdlet cancels meetings in the specified mailbox where the mailbox is the meeting organizer, and the meeting
has one or more attendees or resources. It doesn't cancel appointments or meetings without attendees or
resources. Because meeting cancellations must be sent out, the mailbox must still be enabled to send mail.
Examples
-------------------------- Example 1 --------------------------
Remove-CalendarEvents -Identity chris@contoso.com -CancelOrganizedMeetings
This example cancels every meeting in the mailbox chris@contoso.com that occurs on or after today's date. After
you cancel the meetings, you can remove the mailbox.
-------------------------- Example 2 --------------------------
Remove-CalendarEvents -Identity "Angela Gruber" -CancelOrganizedMeetings -QueryStartDate 11-1-2018 -

QueryWindowInDays 120
This example cancels the meetings in Angela Gruber's calendar for the specified date range. Angela is taking a
temporary leave of absence from the company, so cancelling these meetings removes them from the user and
resource calendars during her absence.
-------------------------- Example 3 --------------------------
Remove-CalendarEvents -Identity "Jacob Berger" -CancelOrganizedMeetings -QueryStartDate 9-1-2018 -

QueryWindowInDays 90 -PreviewOnly -Verbose
This example previews the meetings that would be cancelled in Jacob Berger's calendar for the specified date
range. No changes are made to the mailbox.
Parameters
-CancelOrganizedMeetings
The CancelOrganizedMeetings switch specifies whether to cancel meetings in the mailbox. You don't need to
To cancel meetings in the mailbox, you need to use this switch.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-PreviewOnly
The PreviewOnly switch specifies whether to preview the results of the command without actually cancelling any
meetings. You don't need to specify a value with this switch.
You use this switch with the Verbose switch.
Required: False
Position: Named
Default value: None
-QueryStartDate
The QueryStartDate parameter specifies the start date to look for meetings that you want to cancel.
If you don't use this parameter, today's date is used.
You use the QueryWindowInDays parameter to specify the end date.
Type: ExDateTime
Required: False
Position: Named
Default value: None
-QueryWindowInDays
The QueryWindowInDays parameter specifies the number of days after the QueryStartDate parameter value to
look for meetings that you want to cancel.
If you don't use this parameter, all future meetings on or after the specified start date will be cancelled.
If an instance of a recurring meeting occurs during the specified time period, the entire series is cancelled (not just
the instances during the time period).
Type: Int32
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Remove-InboxRule
In ths Article
may be exclusive to one environment or the other. Use the Remove-InboxRule cmdlet to remove an Inbox rule. For
Syntax
Remove-InboxRule [-Identity] <InboxRuleIdParameter> [-AlwaysDeleteOutlookRulesBlob] [-Confirm]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-InboxRule -Mailbox Joe@Contoso.com -Identity "ProjectA-MoveToFolderA"
This example removes the Inbox rule ProjectA-MoveToFolderA from the mailbox Joe@Contoso.com.
-------------------------- Example 2 --------------------------
Get-InboxRule -Mailbox "Joe@Contoso.com" | Remove-InboxRule
This example removes all Inbox rules from the mailbox Joe@Contoso.com.
Parameters
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name of the Inbox rule to be removed.
Required: True
Position: 1
Default value: None
-Mailbox
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-Mailbox
In ths Article
may be exclusive to one environment or the other. Use the Remove-Mailbox cmdlet to delete mailboxes and the
associated user accounts. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Remove-Mailbox [-Identity] <MailboxIdParameter> [-Permanent <$true | $false>]
[-Arbitration]
[-AuditLog]
[-AuxAuditLog]
[-Confirm]
[-Force]
[-IgnoreLegalHold]
[-Migration]
[-PublicFolder]
[-RemoveArbitrationMailboxWithOABsAllowed]
[-RemoveLastArbitrationMailboxAllowed]
Remove-Mailbox -Database <DatabaseIdParameter> -StoreMailboxIdentity <StoreMailboxIdParameter>

[-Arbitration]
[-AuditLog]
[-AuxAuditLog]
[-Confirm]
[-Force]
[-IgnoreLegalHold]
[-Migration]
[-PublicFolder]
[-RemoveArbitrationMailboxWithOABsAllowed]
[-RemoveLastArbitrationMailboxAllowed]
Remove-Mailbox [-Identity] <MailboxIdParameter> [-PermanentlyDelete]

[-Confirm]
[-Force]
[-IgnoreLegalHold]
[-Migration]
[-PublicFolder]
Description
Use the Identity parameter alone to disconnect the mailbox from the user and remove the user account. The
mailbox still exists, and is retained until the deleted mailbox retention period expires. The deleted mailbox retention
period is controlled by the MailboxRetention property on the mailbox database or on the mailbox itself if the
UseDatabaseRetentionDefaults property is False.
Use the Identity and Permanent parameters to disconnect the mailbox from the user, remove the user account, and
immediately remove the mailbox from the mailbox database. The mailbox doesn't remain in the mailbox database
as a disconnected mailbox.
Use the Disable-Mailbox cmdlet to disconnect the mailbox from the user account, but keep the user account. The
mailbox is retained until the deleted mailbox retention period for the database or the mailbox expires, and then the
mailbox is permanently deleted (purged). Or, you can immediately purge the disconnected mailbox by using the
Database and StoreMailboxIdentity parameters on the Remove-Mailbox cmdlet.
Examples
-------------------------- Example 1 --------------------------
Remove-Mailbox -Identity "John Rodman"
This example removes the mailbox and the user account for the user named John Rodman. The mailbox remains in
the mailbox database for the deleted mailbox retention period that's configured for the database.
-------------------------- Example 2 --------------------------
Remove-Mailbox -Identity "John Rodman" -Permanent $true
This example removes the mailbox and the user account for the user named John Rodman. The mailbox is
immediately and permanently removed from the mailbox database.
-------------------------- Example 3 --------------------------
$Temp = Get-Mailbox | Where {$_.DisplayName -eq 'John Rodman'}; Remove-Mailbox -Database Server01\Database01 -
StoreMailboxIdentity $Temp.MailboxGuid
This example removes John Rodman's mailbox from the mailbox database after the mailbox has been disconnected
from the user account. The example uses the Get-Mailbox cmdlet to retrieve the mailbox GUID value of the
disconnected mailbox, which is required by the StoreMailboxIdentity parameter.
-------------------------- Example 4 --------------------------
Get-Mailbox -Identity Laura -SoftDeleted | Remove-Mailbox -PermanentlyDelete.
In Exchange Online, this example removes the specified soft-deleted mailbox mailbox.
Parameters
-Arbitration
The Arbitration switch is required to remove arbitration mailboxes. You don't need to specify a value with this
switch.
To remove arbitration mailboxes that are used to store audit log settings or data, don't use this switch. Instead, use
Required: False
Position: Named
Default value: None
-AuditLog
The AuditLog switch is required to remove audit log mailboxes. You don't need to specify a value with this switch.
To remove other types of arbitration mailboxes, don't use this switch. Instead, use the Arbitration switch.
Required: False
Position: Named
Default value: None
-AuxAuditLog
The AuxAuditLog switch is required to remove auxillary audit log mailboxes. You don't need to specify a value with
this switch.
To remove other types of arbitration mailboxes, don't use this switch. Instead, use the Arbitration switch.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Database
The Database parameter specifies the Exchange database that contains the mailbox that you want to remove. You
Name
GUID
When you use this parameter with the StoreMailboxIdentity parameter to identify and remove the mailbox, the
mailbox is immediately and permanently deleted from the database, so you can't reconnect or restore the mailbox.
You can't use either of these parameters with the Identity parameter.
If you've disconnected a mailbox from its associated user and want to remove the mailbox object from the
Exchange store, use the Database and StoreMailboxIdentity parameters.
Required: True
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter identifies the mailbox that you want to remove. You can use any value that uniquely
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-IgnoreDefaultScope
automatically.
accepted.
Required: False
Position: Named
Default value: None
-IgnoreLegalHold
The IgnoreLegalHold switch specifies whether to ignore the legal hold status of the user. When you disable or
remove the user, the user's cloud-based mailbox that's on legal hold is also disabled or removed. You don't need to
After you disable or remove a mailbox, you can't include it in a discovery search. When you disable a mailbox, the
mailbox is disconnected from the user account. Disconnected mailboxes and removed mailboxes are permanently
deleted from the mailbox database after the deleted mailbox retention period expires. However, you can also
remove a mailbox and purge it immediately from the mailbox database. Check with your organization's legal or
Human Resources department before you disable or remove a mailbox that's on legal hold.
Required: False
Position: Named
Default value: None
-Migration
The Migration switch is required to remove migration mailboxes. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-Permanent
The Permanent parameter specifies whether to permanently delete the mailbox from the mailbox database. Valid
values are:
$true: The mailbox is immediately and permanently deleted (purged). You can't reconnect or restore the
mailbox.
$false: The mailbox disabled and retained until the deleted mailbox retention period expires. You can reconnect
or restore the mailbox until the deleted mailbox retention period expires. This is the default value.

Required: False
Position: Named
Default value: None
-PermanentlyDelete
The PermanentlyDelete switch specifies whether to immediately and permanently delete (purge) the mailbox, which
prevents you from recovering or restoring the mailbox. You don't need to specify a value with this switch.
Notes:
This switch works only on mailboxes that have already been deleted, but are still recoverable (known as soft-
deleted mailboxes). Use the Get-Mailbox cmdlet to identify the soft-deleted mailbox, and then pipe the results to
the Remove-Mailbox cmdlet as shown in Example 3 in this topic.
This switch doesn't work on soft-deleted mailboxes that are on In-Place Hold or Litigation Hold (known as
inactive mailboxes).
Required: False
Position: Named
Default value: None
-PublicFolder
The PublicFolder switch is required to remove public folder mailboxes. You don't need to specify a value with this
switch.
Required: False
Position: Named
Default value: None
-RemoveArbitrationMailboxWithOABsAllowed
The RemoveArbitrationMailboxWithOABsAllowed switch specifies whether to bypass the checks for offline address
books (OABs) within the specified arbitration mailbox that is being removed. When you use this switch, the
arbitration mailbox is removed even if OABs are present in the mailbox. You don't need to specify a value with this
switch.
Required: False
Position: Named
Default value: None
-RemoveLastArbitrationMailboxAllowed
The RemoveLastArbitrationMailboxAllowed switch specifies whether to remove the specified mailbox, even if it's
the last arbitration mailbox in the organization. If you remove the last arbitration mailbox in the organization, you
can't have user-created distribution groups or moderated recipients. You don't need to specify a value with this
switch.
Required: False
Position: Named
Default value: None
The StoreMailboxIdentity parameter specifies the mailbox that you want to remove. When you use this parameter,
you identify the mailbox by its MailboxGUID value. You can find the GUID value by using the Get-Mailbox or Get-
When you use this parameter with the Database parameter to identify and remove the mailbox, the mailbox is
immediately and permanently deleted from the database, so you can't reconnect or restore the mailbox. You can't
either of these parameters with the Identity parameter.
If you've disconnected a mailbox from its associated user and want to remove the mailbox object from the
Exchange store, use the Database and StoreMailboxIdentity parameters.
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-MailboxExportRequest
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Remove-MailboxExportRequest cmdlet to remove
fully or partially completed export requests. You can create multiple export requests for a specified mailbox
provided that you specify a distinct name. Completed export requests aren't cleared automatically; they need to be
removed by using this cmdlet. This cmdlet is available only in the Mailbox Import Export role, and by default, the
role isn't assigned to any role groups. To use this cmdlet, you need to add the Mailbox Import Export role to a role
group (for example, to the Organization Management role group). For more information, see the "Add a role to a
role group" section in Manage role groups (https://technet.microsoft.com/library/jj657480.aspx). When a partially
completed export request is removed, content already exported isn't removed from the PST file. If you want to start
a new export request to the same file name and start with an empty PST file, you need to rename or delete the
previous PST file. For information about the parameter sets in the Syntax section below, see Exchange cmdlet
Syntax
Remove-MailboxExportRequest [-Identity] <MailboxExportRequestIdParameter> [-Force]
[-Confirm]
Remove-MailboxExportRequest -RequestGuid <Guid> -RequestQueue <DatabaseIdParameter>

[-Confirm]
Description
The parameter set that requires the Identity parameter allows you to remove a fully or partially completed export
request.
The parameter set that requires the RequestGuid and RequestQueue parameters is used for Microsoft Exchange
Mailbox Replication service (MRS ) debugging purposes only.
Examples
-------------------------- Example 1 --------------------------
Remove-MailboxExportRequest -Identity "Ayla\MailboxExport1"

This example removes the second export request Ayla\MailboxExport1.
-------------------------- Example 2 --------------------------
Get-MailboxExportRequest -Status Completed | Remove-MailboxExportRequest
This example removes all export requests that have the status of Completed.
-------------------------- Example 3 --------------------------
Remove-MailboxExportRequest -RequestQueue MBXDB01 -RequestGuid 25e0eaf2-6cc2-4353-b83e-5cb7b72d441f
This example cancels the export request by using the RequestGuid parameter for a mailbox or archive on
MBXDB01.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-Identity
<alias>\MailboxExportX (where X = 0-9). Use the following syntax: <alias>\<name>.
You can't use this parameter with the RequestGuid parameter.
Required: True
Position: 1
Default value: None
-RequestGuid
The RequestGuid parameter specifies the unique identifier for the export request. To find the export request GUID,
use the Get-MailboxExportRequest cmdlet. If you specify the RequestGuid parameter, you must also specify the
RequestQueue parameter. You can't use this parameter with the Identity parameter.
Type: Guid
Required: True
Position: Named
Default value: None
-RequestQueue
Name
GUID
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-MailboxFolderPermission
In ths Article
may be exclusive to one environment or the other. Use the Remove-MailboxFolderPermission cmdlet to remove
folder-level permissions for users in mailboxes. For information about the parameter sets in the Syntax section
Syntax
Remove-MailboxFolderPermission [-Identity] <MailboxFolderIdParameter> -User <MailboxFolderUserIdParameter>
Description
You can't use this cmdlet to selectively remove permissions from a user on a mailbox folder. The cmdlet removes all
permissions that are assigned to the user on the specified folder. To modify the permissions that are assigned to the
user on a mailbox folder, use the Set-MailboxFolderPermission cmdlet.
Examples
-------------------------- Example 1 --------------------------
Remove-MailboxFolderPermission -Identity kim@contoso.com:\Training -User john@contoso.com
This example removes John's permissions to the Training folder in Kim's mailbox.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
The SendNotificationToUser parameter specifies whether to send a notification to the user when you remove their
calendar permissions. Valid values are:
$true: A notification is sent.
$false: No notification is sent. This is the default value.
This parameter only applies to calendar folders.

Required: False
Position: Named
Default value: None
-User
The User parameter specifies the mailbox, mail user, or mail-enabled security group (security principal) that's
granted permission to the mailbox folder. You can use any value that uniquely identifies the user or group. For
example:
Name
Alias
Canonical DN
Email address
GUID
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-MailboxImportRequest
In ths Article
may be exclusive to one environment or the other. Use the Remove-MailboxImportRequest cmdlet to remove fully
or partially completed import requests. Completed import requests aren't automatically cleared. Requests need to
be removed by using the Remove-MailboxImportRequest cmdlet. Multiple import requests can exist against the
same mailbox if you provide a distinct import request name. This cmdlet is available only in the Mailbox Import
Export role, and by default, the role isn't assigned to any role groups. To use this cmdlet, you need to add the
Mailbox Import Export role to a role group (for example, to the Organization Management role group). For more
information, see the "Add a role to a role group" section in Manage role groups
(https://technet.microsoft.com/library/jj657480.aspx). Removing a partially completed import request removes the
request from the Microsoft Exchange Mailbox Replication service (MRS ) job queue. Any import progress that was
made until the removal won't be reverted. For information about the parameter sets in the Syntax section below,
Syntax
Remove-MailboxImportRequest [-Identity] <MailboxImportRequestIdParameter> [-Force]
[-Confirm]
Remove-MailboxImportRequest -RequestGuid <Guid> -RequestQueue <DatabaseIdParameter>

[-Confirm]
Description
The parameter set that requires the Identity parameter allows you to remove a fully or partially completed import
request.
The parameter set that requires the RequestGuid and RequestQueue parameters is used for MRS debugging
purposes only.
Examples
-------------------------- Example 1 --------------------------
Remove-MailboxImportRequest -Identity "Ayla\MailboxImport1"
This example removes the second import request for Ayla's mailbox Ayla\MailboxImport1.
-------------------------- Example 2 --------------------------
Remove-MailboxImportRequest -RequestQueue MBXDB01 -RequestGuid 25e0eaf2-6cc2-4353-b83e-5cb7b72d441f
This example cancels the import request by using the RequestGuid parameter for a mailbox or archive on
MBXDB01.
-------------------------- Example 3 --------------------------
Get-MailboxImportRequest -Status Completed | Remove-MailboxImportRequest
This example removes all completed import requests.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-Identity
<alias>\MailboxImportX (where X = 0-9). If you created the request using the Name parameter, use the following
syntax: <alias>\<name>.
You can't use this parameter with the RequestGuid parameter.
Required: True
Position: 1
Default value: None
-RequestGuid
The RequestGuid parameter (together with the RequestQueue parameter) specifies the unique identifier for the
import request. To find the import request GUID, use the Get-MailboxImportRequest cmdlet.
Type: Guid
Required: True
Position: Named
Default value: None
-RequestQueue
Name
GUID
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-MailboxPermission
In ths Article
may be exclusive to one environment or the other. Use the Remove-MailboxPermission cmdlet to remove
permissions from a user's mailbox. For information about the parameter sets in the Syntax section below, see
Syntax
Remove-MailboxPermission [-Identity] <MailboxIdParameter> -AccessRights <MailboxRights[]> -User
<SecurityPrincipalIdParameter>
[-Confirm]
[-Deny]
Remove-MailboxPermission -Instance <MailboxAcePresentationObject>

[-Confirm]
[-Deny]
[-DomainController <Fqdn>] [-IgnoreDefaultScope]
[-ResetDefault]
Remove-MailboxPermission [[-Identity] <MailboxIdParameter>]

[-Confirm]
Remove-MailboxPermission [-Identity] <MailboxIdParameter> [-ClearAutoMapping]

[-Confirm]
[-Deny]
Remove-MailboxPermission [-Identity] <MailboxIdParameter> [-ResetDefault]
[-Confirm]
Description
The Remove-MailboxPermission cmdlet allows you to remove permissions from a user's mailbox, for example,
removing full access to another user's mailbox.
Examples
-------------------------- Example 1 --------------------------
Remove-MailboxPermission -Identity Test1 -User Test2 -AccessRights FullAccess -InheritanceType All
This example removes user Test2's full access rights to Test1's mailbox.
Parameters
-AccessRights
The AccessRights parameter specifies the rights required to perform the operation. You can use the following
values:
FullAccess
SendAs
ExternalAccount
DeleteItem
ReadPermission
ChangePermission
ChangeOwner
Type: MailboxRights[]
Required: True
Position: Named
Default value: None
-ClearAutoMapping
The ClearAutoMapping switch specifies that the mailbox is automatically mapped (auto-mapped) by Autodiscover
only into the mailbox owner's Outlook profile. The mailbox isn't auto-mapped to other users who have FullAccess
permission to the mailbox.
To re-add auto-mapping capability on the mailbox for other users, run the command: Add-MailboxPermission -
Identity <Mailbox> -AccessRights FullAccess -AutoMapping $true.
Required: True
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Deny
The Deny parameter denies permissions to the user on the Active Directory object.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox where you are removing permissions. You can use any value that
uniquely identifies the mailbox: For example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-IgnoreDefaultScope
automatically.
accepted.
Required: False
Position: Named
Default value: None
-InheritanceType
The InheritanceType parameter specifies whether permissions are inherited to folders within the mailbox.

Required: False
Position: Named
Default value: None
-Instance
Type: MailboxAcePresentationObject
Required: True
Position: Named
Default value: None
-ResetDefault
The ResetDefault switch resets the default security descriptor of the mailbox. Permissions on the mailbox are reset
so only the mailbox owner has FullAccess permission to the mailbox. The following types of permissions are not
affected:
Recipient permissions (for example, SendAs, SendOnBehalf and delegates).
Mailbox folder permissions assigned using the MailboxFolderPermission cmdlets.
Mailbox folder permissions assigned using Outlook or other MAPI clients.
Also, because this switch removes FullAccess permission from other users on the mailbox, the mailbox is no longer
auto-mapped by Autodiscover into the Outlook profiles of other users.
Required: True
Position: Named
Default value: None
-User
The User parameter specifies the user mailbox that will get permissions removed.
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-MailboxRestoreRequest
In ths Article
may be exclusive to one environment or the other. Use the Remove-MailboxRestoreRequest cmdlet to remove fully
or partially completed restore requests. For information about the parameter sets in the Syntax section below, see
Syntax
Remove-MailboxRestoreRequest [-Identity] <MailboxRestoreRequestIdParameter> [-Force]
[-Confirm]
Remove-MailboxRestoreRequest -RequestGuid <Guid> -RequestQueue <DatabaseIdParameter>

[-Confirm]
Description
The parameter set that requires the Identity parameter allows you to remove a fully or partially completed restore
request.
The parameter set that requires the RequestGuid and RequestQueue parameters is used for Microsoft Exchange
Mailbox Replication service (MRS ) debugging purposes only.
Examples
-------------------------- Example 1 --------------------------
Remove-MailboxRestoreRequest -Identity "Ayla\MailboxRestore1"
This example removes the second restore request Ayla\MailboxRestore1.

-------------------------- Example 2 --------------------------
Get-MailboxRestoreRequest -Status Completed | Remove-MailboxRestoreRequest

This example removes all restore requests that have the status of Completed.
-------------------------- Example 3 --------------------------
Remove-MailboxRestoreRequest -RequestQueue MBXDB01 -RequestGuid 25e0eaf2-6cc2-4353-b83e-5cb7b72d441f
This example cancels the restore request by using the RequestGuid parameter for a request stored on MBXDB01.
The parameter set that requires the RequestGuid and RequestQueue parameters is used for MRS debugging
purposes only. You should only use this parameter set if instructed by Microsoft Customer Service and Support.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-Identity
If you didn't specify a name for the restore request when it was created, Exchange automatically generated a default
name MailboxRestore. Exchange generates up to 10 names, starting with MailboxRestore and then
Required: True
Position: 1
Default value: None
-RequestGuid
The RequestGuid parameter specifies the unique identifier for the restore request. To find the GUID, use the Get-
MailboxRestoreRequest cmdlet. If you specify the RequestGuid parameter, you must also specify the RequestQueue
parameter.
Type: Guid
Required: True
Position: Named
Default value: None
-RequestQueue
The RequestQueue parameter specifies the target mailbox database on which the mailbox or archive of the request
resides. You can use any value that uniquely identifies the database. For example:
Name
GUID
You must use this parameter with the RequestGuid parameter. You can't use this parameter with the Identity
parameter.
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-MailboxUserConfiguration
In ths Article
may be exclusive to one environment or the other. Use the Remove-MailboxUserConfiguration cmdlet to remove
user configuration items from mailboxes. Typically, after you delete a user configuration item, it's automatically
recreated the next time the user uses that feature in their mailbox. For information about the parameter sets in the
Syntax
Remove-MailboxUserConfiguration [-Identity] <MailboxUserConfigurationIdParameter> -Mailbox <MailboxIdParameter>
Description
Examples
-------------------------- Example 1 --------------------------
Remove-MailboxUserConfiguration -Mailbox julia@contoso.com -Identity

Configuration\IPM.Configuration.Aggregated.OwaUserConfiguration
This example removes the specified user configuration item from the mailbox julia@contoso.com.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the user configuration item that you want to remove. This parameter uses the
syntax <MailboxFolder>\<ItemName>:
Valid values for <MailboxFolder> are folder names (for example, Inbox or Calendar), the value Configuration,
or the value Root. Wildcards (*) aren't supported.
Valid values for <ItemName> start with IPM.Configuration (for example,
IPM.Configuration.Aggregated.OwaUserConfiguration. Wildcards (*) are supported.
Type: MailboxUserConfigurationIdParameter
Required: True
Position: 1
Default value: None
-Mailbox
The Mailbox parameter specifies the mailbox that contains the user configuration items you want to remove. You
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Remove-RecipientPermission
In ths Article
This cmdlet is available only in the cloud-based service. Use the Remove-RecipientPermission cmdlet to remove
SendAs permission from users in a cloud-based organization. For information about the parameter sets in the
Syntax
Remove-RecipientPermission [-Identity] <RecipientIdParameter> -AccessRights <MultiValuedProperty>
-Trustee <SecurityPrincipalIdParameter> [-Confirm] [-WhatIf] [<CommonParameters>]
Description
When a user is given SendAs permission to another user or group, the user can send messages that appear to
come from the other user or group.
Examples
-------------------------- Example 1 --------------------------
Remove-RecipientPermission "Help Desk" -AccessRights SendAs -Trustee "Ayla Kol"
This example removes the SendAs permission from the user Ayla Kol for the mailbox Help Desk. Ayla can't send
messages that appear to come directly from the Help Desk mailbox.
Parameters
-AccessRights
The AccessRights parameter specifies the permission.
Valid input for this parameter is SendAs.
Required: True
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the target recipient. The user or group specified by the Trustee parameter can no
longer operate on this recipient.
Mailboxes
Mail users
External contacts
Distribution groups
Name
Alias
Canonical DN
Email address
GUID
Required: True
Position: 1
Default value: None
-Trustee
The Trustee parameter specifies the user or group from whom you're removing the permission. This prevents the
user or group from operating on the recipients specified by the Identity parameter.
You can specify the following types of users or groups:
Mailbox users
Mail users with a cloud-based account
Security groups
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Remove-SweepRule
In ths Article
may be exclusive to one environment or the other. Use the Remove-SweepRule cmdlet to remove Sweep rules from
Syntax
Remove-SweepRule [-Identity] <SweepRuleIdParameter> [-Confirm] [-DomainController <Fqdn>]
Description
Examples
-------------------------- Example 1 --------------------------
Remove-SweepRule -Identity "x2hlsdpGmUifjFgxxGIOJw=="
This example removes the specified Sweep rule.

-------------------------- Example 2 --------------------------
Get-SweepRule -Mailbox laura@contoso.com | Remove-SweepRule
This example removes all Sweep rules in the specified mailbox.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Sweep rule that you want to remove. You can use any value that uniquely
Required: True
Position: 1
Default value: None
-Mailbox
The Mailbox parameter specifies the mailbox that contains the rule you want to remove. You can use any value that
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Remove-UserPhoto
In ths Article
may be exclusive to one environment or the other. Use the Remove-UserPhoto cmdlet to delete the photo
associated with a user's account. The user photo feature allows users to associate a picture with their account. User
photos appear in on-premises and cloud-based client applications, such as Outlook on the web, Lync, Skype for
Business and SharePoint. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Remove-UserPhoto [-Identity] <MailboxIdParameter>
[-Confirm]
Remove-UserPhoto [-Identity] <MailboxIdParameter> [-ClearMailboxPhotoRecord] [-GroupMailbox] [-PhotoType

<String>]
[-Confirm]
Description
Use the Remove-UserPhoto cmdlet to delete the user photo currently associated with a user's account. User photos
are stored in the user's Active Directory account and in the root directory of the user's Exchange mailbox, both of
which are deleted when you run this cmdlet. Administrators can also use the Exchange admin center (EAC ) to
delete user photos by accessing the user's Outlook on the web Options page.
Examples
-------------------------- Example 1 --------------------------
Remove-UserPhoto "Ann Beebe"
This example deletes the photo associated with Ann Beebe's user account.
Parameters
-ClearMailboxPhotoRecord
The ClearMailboxPhoto switch specifies that a deleted mailbox photo is considered blank instead of deleted.
By default, when a user deletes their mailbox photo, a flag is set on the mailbox that causes subsequent photo
requests to:
Return a blank photo.
Prevent searching Active Directory for a photo.
Using this switch allows photo requests to search Active Directory for a photo. You don't have to specify a value
with this switch.
Required: True
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-GroupMailbox
switch.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the identity of the user. You can use any value that uniquely identifies the user. For
example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-IgnoreDefaultScope
automatically.
accepted.
Required: False
Position: Named
Default value: None
-PhotoType
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Restore-Mailbox
In ths Article
This cmdlet is available only in Exchange Server 2010. Use the Restore-Mailbox cmdlet to extract mailbox content
from a restored database. Note: In Exchange Server 2010 Service Pack 1 (SP1) or later, use the New -
MailboxRestoreRequest cmdlet instead of the Restore-Mailbox cmdlet to extract mailbox content from a restored
database. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Restore-Mailbox [-Identity] <MailboxIdParameter> -RecoveryDatabase <DatabaseIdParameter>
-RecoveryMailbox <StoreMailboxIdParameter> -TargetFolder <String> [-AllowDuplicates]
[-AllContentKeywords <String[]>] [-AttachmentFilenames <String[]>] [-BadItemLimit <Int32>] [-Confirm]
[-ContentKeywords <String[]>] [-EndDate <DateTime>] [-ExcludeFolders <MapiFolderPath[]>]
[-GlobalCatalog <Fqdn>] [-IncludeFolders <MapiFolderPath[]>] [-Locale <CultureInfo>] [-MaxThreads <Int32>]
[-RecipientKeywords <String[]>] [-SenderKeywords <String[]>] [-StartDate <DateTime>]
[-SubjectKeywords <String[]>] [-ValidateOnly] [-WhatIf] [<CommonParameters>]
Description
The Restore-Mailbox cmdlet copies end-user data from any server running Microsoft Exchange Server 2010 to a
mailbox on an Exchange 2010 Mailbox server in the same organization that has adequate space and resources to
support the mailbox. The Restore-Mailbox cmdlet can only use disconnected mailboxes on a server as a source of
data, and the cmdlet can only use connected mailboxes as a target for data.
Examples
-------------------------- Example 1 --------------------------
Restore-Mailbox -Identity Scott -RecoveryDatabase MyRecoveryDatabase
This example restores a mailbox for user Scott from the database MyRecoveryDatabase.
-------------------------- Example 2 --------------------------
Restore-Mailbox -Identity Scott -RecoveryDatabase MyRecoveryDatabase -RecoveryMailbox John -TargetFolder

Recovery
This example restores John's mailbox content into Scott's mailbox under the Recovery folder.
-------------------------- Example 3 --------------------------
Restore-Mailbox -Identity Scott -RecoveryDatabase MyRecoveryDatabase -SubjectKeywords "Meeting" -

ContentKeywords "business" -IncludeFolders \Inbox,\Calendar
This example restores only the mail with the subject Meeting, with the message body containing the word business,
and with the message location either in the Inbox or Calendar folder. This example assumes that the mailbox is in
English.
-------------------------- Example 4 --------------------------
Get-Mailbox -Database MyDatabase | Restore-Mailbox -RecoveryDatabase MyRecoveryDatabase
This example bulk restores all the mailboxes in the MyDatabase mailbox database that are also present in
MyRecoveryDatabase.
Parameters
-AllContentKeywords
The AllContentKeywords parameter specifies the filters for all of the following:
Subject
Message body
Attachment content
This allows an OR search of all these fields. If your search criteria are part of the subject, message body, or
attachment content, you get results.
Type: String[]
Required: False
Position: Named
Default value: None
-AllowDuplicates
The AllowDuplicates parameter specifies whether to copy mail items without checking if they're duplicates of
existing items and without removing duplicate items. We recommend that you use the AllowDuplicates parameter
together with the IncludeFolders parameter.
Required: False
Position: Named
Default value: None
-AttachmentFilenames
The AttachmentFilenames parameter specifies the filter for the attachment file name. You can use wildcard
characters in the string. For example, you can use *.txt to export items that have a .txt extension.
Type: String[]
Required: False
Position: Named
Default value: None
-BadItemLimit
The BadItemLimit parameter specifies the number of corrupted items in a mailbox to skip before the export
operation fails.
Type: Int32
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-ContentKeywords
The ContentKeywords parameter specifies the keyword filters for the message body and content of attachments in
the source mailbox.
Type: String[]
Required: False
Position: Named
Default value: None
-EndDate
The EndDate parameter specifies the end date for filtering content that will be exported from the source mailbox.
Only items in the mailbox whose date is prior to the end date are exported. When you enter a specific date, use the
short date format defined in the Regional Options settings configured on the local computer. For example, if your
computer is configured to use the short date format mm/dd/yyyy, enter 03/01/2010 to specify March 1, 2010.
Type: DateTime
Required: False
Position: Named
Default value: None
-ExcludeFolders
The ExcludeFolders parameter specifies the list of folders to exclude during the export. Folders are excluded as
they're entered. They aren't localized. For example, excluding calendar only excludes calendar in English because
calendar in other languages is a different word.
Type: MapiFolderPath[]
Required: False
Position: Named
Default value: None
-GlobalCatalog
The GlobalCatalog parameter specifies the global catalog to use to search for the target mailbox.
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox that you want to restore. You can use any value that uniquely identifies
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-IncludeFolders
The IncludeFolders parameter specifies the list of folders to include during the export. Folders are included as
they're entered. They aren't localized. For example, including calendar only includes calendar in English because
calendar in other languages is a different word.
Type: MapiFolderPath[]
Required: False
Position: Named
Default value: None
-Locale
The Locale parameter specifies the locale setting on a message to restore. With this filter set, only messages with
the specified locale setting are extracted.
Type: CultureInfo
Required: False
Position: Named
Default value: None
-MaxThreads
The MaxThreads parameter specifies the maximum number of threads to use.
Type: Int32
Required: False
Position: Named
Default value: None
-RecipientKeywords
The RecipientKeywords parameter specifies the keyword filters for recipients of items in the source mailbox. This
filter finds the search string even if it's part of a word. This isn't a whole word search.
Type: String[]
Required: False
Position: Named
Default value: None
-RecoveryDatabase
The RecoveryDatabase parameter specifies the recovery database where you are restoring the mailbox from. You
Name
GUID
Required: True
Position: Named
Default value: None
-RecoveryMailbox
The RecoveryMailbox parameter specifies the mailbox to be used as the source mailbox. This parameter is required
if the source mailbox is different from the target mailbox.
Required: True
Position: Named
Default value: None
-SenderKeywords
The SenderKeywords parameter specifies the keyword filters for senders of items in the source mailbox. This filter
finds the search string even if it's part of a word. This isn't a whole word search.
Type: String[]
Required: False
Position: Named
Default value: None
-StartDate
The StartDate parameter specifies the start date. The start date must be before the end date.
Type: DateTime
Required: False
Position: Named
Default value: None
-SubjectKeywords
The SubjectKeywords parameter specifies the keyword filters for subjects of items in the source mailbox. This filter
finds the search string even if it's part of a word. This isn't a whole word search.
Type: String[]
Required: False
Position: Named
Default value: None
-TargetFolder
The TargetFolder parameter specifies the mailbox folder that's created on the mailbox specified. This parameter is
required if the mailbox being restored is different from the target mailbox. (For example, the value specified with
the Identity parameter isn't the same as the value specified with the RecoveryMailbox parameter.) In this case, the
Restore-Mailbox command performs a merge. If the values are the same, the TargetFolder parameter isn't required.
Type: String
Required: True
Position: Named
Default value: None
-ValidateOnly
switch is used.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Restore-RecoverableItems
In ths Article
may be exclusive to one environment or the other. Use the Restore-RecoverableItems items cmdlet to restore
deleted items in mailboxes. You use the Get-RecoverableItems cmdlet to find the deleted items to recover. This
cmdlet is available only in the Mailbox Import Export role, and by default, the role isn't assigned to any role groups.
To use this cmdlet, you need to add the Mailbox Import Export role to a role group (for example, to the
Syntax
Restore-RecoverableItems -Identity <GeneralMailboxOrMailUserIdParameter>
[-EntryID <String>]
Restore-RecoverableItems -Identity <GeneralMailboxOrMailUserIdParameter[]>

[-EntryID <String>]
[-MaxParallelSize <Int32>]
[-NoOutput]
Description
Items are restored to the original folder location if the information is available for the item. If the information can't
be found, the item is restored to the default folder for the item type (Inbox for messages, Calendar for meetings and
appointments, etc.).
Examples
-------------------------- Example 1 --------------------------
Restore-RecoverableItems -Identity laura@contoso.com -FilterItemType IPM.Note -SubjectContains "FY18

Accounting" -FilterStartTime "2/1/2018 12:00:00 AM" -FilterEndTime "2/5/2018 11:59:59 PM"
After using the Get-RecoverableItems cmdlet to verify the existence of the item, this example restores the specified
deleted item from the specified mailbox:
Mailbox: laura@contoso.com
Item type: Email message
Message subject: FY18 Accounting
Location: Recoverable Items\Deletions
Date range: 2/1/2018 to 2/5/2018
-------------------------- Example 2 --------------------------
$mailboxes = Import-CSV "C:\My Documents\RestoreMessage.csv"; $mailboxes | foreach {Restore-RecoverableItems -

Identity $_.SMTPAddress -SubjectContains Project X" -SourceFolder DeletedItems -FilterItemType IPM.Note}
In Exchange Server, this example restores the deleted email message "Project X" for the mailboxes that are
specified in the comma-separated value (CSV ) file C:\My Documents\RestoreMessage.csv. The CSV file uses the
header value SMTPAddress, and contains the email address of each mailbox on a separate line like this:
SMTPAddress
chris@contoso.com
michelle@contoso.com
laura@contoso.com
julia@contoso.com
The first command reads the CSV file to the variable named $mailboxes. The second command restores the
specified message from the Deleted Items folder in those mailboxes.
-------------------------- Example 3 --------------------------
Restore-RecoverableItems -Identity "malik@contoso.com","lillian@contoso.com" -FilterItemType IPM.Note -

SubjectContains "COGS FY17 Review" -FilterStartTime "3/15/2019 12:00:00 AM" -FilterEndTime "3/25/2019 11:59:59
PM" -MaxParallelSize 2
In Exchange Online, after using the Get-RecoverableItems cmdlet to verify the existence of the item, this example
restores the specified deleted items in the specified mailboxes:
Mailboxes: malik@contoso.com, lillian@contoso.com
Item type: Email message
Message subject: COGS FY17 Review
Location: Recoverable Items\Deletions
Date range: 3/15/2019 to 3/25/2019
Number of mailboxes processed simultaneously: 2
Parameters
-EntryID
The EntryID parameter specifies the deleted item that you want to restore. The EntryID value for the deleted item is
unique in the mailbox.
You can find the EntryID for specific items by using other search filters on the Get-RecoverableItems cmdlet
(subject, date range, etc.).
Type: String
Required: False
Position: Named
Default value: None
-FilterEndTime
The FilterEndTime specifies the end date/time of the date range.
Type: DateTime
Required: False
Position: Named
Default value: None
-FilterItemType
The FilterItemType parameter filters the results by the specified MessageClass (ItemClass) property value of the
deleted item. For example:
IPM.Appointment (Meetings and appointments)
IPM.Contact
IPM.File
IPM.Note
IPM.Task
Type: String
Required: False
Position: Named
Default value: None
-FilterStartTime
The FilterStartTime specifies the start date/time of the date range.
Type: DateTime
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox that contains the deleted items that you want to restore. You can use
Name
Alias
Canonical DN
<domain name><account name>
Email address
GUID
LegacyExchangeDN
SamAccountName
In Exchange Online, you can specify multiple mailboxes separated by commas. If the values contain spaces or
otherwise require quotation marks, use the following syntax: "<Value1>","<Value2>",..."<ValueX>".
Required: False
Position: 1
Default value: None
-LastParentFolderID
The LastParentFolderID parameter specifies the FolderID value of the item before it was deleted. For example,
53B93149989CA54DBC9702AE619B9CCA000062CE9397.
Type: String
Required: False
Position: Named
Default value: None
-MaxParallelSize
The MaxParallelSize parameter specifies the maximum number of mailboxes that are processed by the command in
parallel. A valid value is an integer from 1 to 10. Typically, a higher value decreases the amount of time it takes to
complete the command on multiple mailboxes.
The value of this parameter has no effect when the Identity parameter specifies only one mailbox.
Type: Int32
Required: False
Position: Named
Default value: None
-NoOutput
The NoOutput switch specifies whether to restore the deleted items directly without any command output in the
console. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
-SourceFolder
The SourceFolder parameter specifies where to search for deleted items in the mailbox. Valid values are:
DeletedItems: The Deleted Items folder.
RecoverableItems: The Recoverable Items\Deletions folder. This folder contains items that have been deleted
from the Deleted Items folder (soft-deleted items).
PurgedItems: (Cloud only) The Recoverable Items\Purges folder. This folder contains items that have been
purged from the Recoverable Items folder (hard-deleted items).
If you don't use this parameter, the command will search all of these folders.
Type: RecoverableItemsFolderType
Required: False
Position: Named
Default value: None
-SubjectContains
The SubjectContains parameter filters the deleted items by the specified text value in the Subject field. If the value
Type: String
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Resume-MailboxExportRequest
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Resume-MailboxExportRequest cmdlet to resume
an export request that was suspended or failed. This cmdlet is available only in the Mailbox Import Export role and
by default, the role isn't assigned to any role groups. To use this cmdlet, you need to add the Mailbox Import Export
Syntax
Resume-MailboxExportRequest [-Identity] <MailboxExportRequestIdParameter> [-Confirm] [-DomainController <Fqdn>]
Description
The Resume-MailboxExportRequest cmdlet can be pipelined with the Get-MailboxExportRequest cmdlet.
Examples
-------------------------- Example 1 --------------------------
Resume-MailboxExportRequest -Identity kweku\export
This example resumes the export request kweku\export.

-------------------------- Example 2 --------------------------
Get-MailboxExportRequest -Status Failed | Resume-MailboxExportRequest
This example resumes any failed export move requests.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Resume-MailboxImportRequest
In ths Article
may be exclusive to one environment or the other. Use the Resume-MailboxImportRequest cmdlet to resume an
import request that was suspended or failed. This cmdlet is available only in the Mailbox Import Export role and by
Syntax
Resume-MailboxImportRequest [-Identity] <MailboxImportRequestIdParameter> [-Confirm] [-DomainController <Fqdn>]
Description
This cmdlet can be pipelined with the Get-MailboxImportRequest cmdlet.
Examples
-------------------------- Example 1 --------------------------
Resume-MailboxImportRequest -Identity kweku\MailboxImport1
This example resumes the second import request for Kweku's mailbox kweku\MailboxImport1
-------------------------- Example 2 --------------------------
Get-MailboxImportRequest -Status Failed | Resume-MailboxImportRequest
This example resumes all failed import requests.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
<alias>\MailboxImportX (where X = 0-9). If you created the request using the Name parameter, use the following
syntax: <alias>\<name>.
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Resume-MailboxRestoreRequest
In ths Article
may be exclusive to one environment or the other. Use the Resume-MailboxRestoreRequest cmdlet to resume a
restore request that was suspended or failed. For information about the parameter sets in the Syntax section below,
Syntax
Resume-MailboxRestoreRequest [-Identity] <MailboxRestoreRequestIdParameter> [-Confirm]
Description
Examples
-------------------------- Example 1 --------------------------
Resume-MailboxRestoreRequest -Identity "kweku\RestoreFromDB01"
This example resumes the restore request with the identity kweku\RestoreFromDB01.
-------------------------- Example 2 --------------------------
Get-MailboxRestoreRequest -Status Failed | Resume-MailboxRestoreRequest
This example resumes any restore request with the status of Failed.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Search-Mailbox
In ths Article
may be exclusive to one environment or the other. Use the Search-Mailbox cmdlet to search a mailbox and copy the
results to a specified target mailbox, delete messages from the source mailbox, or both. For information about the
Syntax
Search-Mailbox [-Identity] <MailboxOrMailUserIdParameter> [-EstimateResultOnly]
[-Confirm]
[-DoNotIncludeArchive]
[-Force]
[-IncludeUnsearchableItems]
[-SearchDumpster]
[-SearchDumpsterOnly]
[-SearchQuery <String>]
Search-Mailbox [-Identity] <MailboxOrMailUserIdParameter> -TargetFolder <String> -TargetMailbox

<MailboxIdParameter>
[-Confirm]
[-DeleteContent]
[-Force]
[-LogLevel <Suppress | Basic | Full>]
[-LogOnly]
[-SearchDumpster]
Search-Mailbox [-Identity] <MailboxOrMailUserIdParameter>

[-Confirm]
[-DeleteContent]
[-Force]
[-SearchDumpster]
Description
You can use the Search-Mailbox cmdlet to search messages in a specified mailbox and perform any of the following
tasks:
Copy messages to a specified target mailbox.
Delete messages from the source mailbox. You have to be assigned the Mailbox Import Export management
role to delete messages.
Perform single item recovery to recover items from a user's Recoverable Items folder.
Clean up the Recoverable Items folder for a mailbox when it has reached the Recoverable Items hard quota.
Note: By default, Search-Mailbox is available only in the Mailbox Search or Mailbox Import Export roles, and these
roles aren't assigned to any role groups. To use this cmdlet, you need to add one or both of the roles to a role group
(for example, the Organization Management role group). Only the Mailbox Import Export role gives you access to
the DeleteContent parameter. For more information about adding roles to role groups, see the "Add a role to a role
group" section in Manage role groups.
Examples
-------------------------- Example 1 --------------------------
Search-Mailbox -Identity "Joe Healy" -SearchQuery "Subject:Project Hamilton" -TargetMailbox "DiscoveryMailbox"

-TargetFolder "JoeHealy-ProjectHamilton" -LogLevel Full
This example searches the mailbox of Joe Healy and copies the search results to the DiscoveryMailbox in the folder
JoeHealy-ProjectHamilton.
-------------------------- Example 2 --------------------------
Search-Mailbox -Identity "April Stewart" -SearchQuery 'Subject:"Your bank statement"' -TargetMailbox

"administrator" -TargetFolder "SearchAndDeleteLog" -LogOnly -LogLevel Full
This example searches April Stewart's mailbox for messages that contain the phrase "Your bank statement" in the
subject and logs the result in the SearchAndDeleteLog folder in the administrator's mailbox. Messages aren't
copied to the target mailbox.
-------------------------- Example 3 --------------------------
Search-Mailbox -Identity "April Stewart" -SearchQuery 'Subject:"Your bank statement"' -DeleteContent
This example searches April Stewart's mailbox for messages that contain the phrase "Your bank statement" in the
subject and deletes the messages from the source mailbox. You have to be assigned the Mailbox Import Export
management role to use the DeleteContent switch.
-------------------------- Example 4 --------------------------
Get-Mailbox | Search-Mailbox -SearchQuery 'election OR candidate OR vote' -TargetMailbox "Discovery Search

Mailbox" -TargetFolder "AllMailboxes-Election" -LogLevel Full
This example searches all mailboxes in your organization for messages that contain the words "election",
"candidate", or "vote". The search results are copied to the Discovery Search Mailbox in the folder AllMailboxes-
Election.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DeleteContent
The DeleteContent switch specifies that the messages returned by the search be permanently deleted from the
source mailbox. When used with the TargetMailbox parameter, messages are copied to the target mailbox and
removed from the source mailbox. If you set the logging level for the search to Basic or Full, you must specify a
target mailbox and a target folder to place the log in. To delete messages from the source mailbox without copying
them to the target mailbox, don't specify the TargetMailbox, TargetFolder, and LogLevel parameters.
You need to be assigned the Mailbox Import Export management role to use this switch. By default, this role isn't
assigned to any role group. Typically, you assign a role to a built-in or custom role group. Or you can assign a role
to a user, or a universal security group.
Before you use the DeleteContent switch to delete content, we recommend that you test search parameters by
using the LogOnly parameter, as shown in Example 2.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-DoNotIncludeArchive
The DoNotIncludeArchive switch specifies that the user's archive mailbox shouldn't be included in the search. You
don't need to specify a value for this switch. By default, the archive mailbox is always searched.
If auto-expanding archiving is enabled for an Exchange Online mailbox, only the user's primary archive mailbox is
searched. Auxiliary archive mailboxes aren't included in the search.
Required: False
Position: Named
Default value: None
-EstimateResultOnly
The EstimateResultOnly switch specifies that only an estimate of the total number and size of messages returned
by the search be provided. Messages aren't copied to the target mailbox. You can't use this switch with the
TargetMailbox parameter.
Required: True
Position: Named
Default value: None
-Force
The Force switch overrides the confirmation prompt displayed when your use the DeleteContent switch to
permanently delete messages.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the identity of the mailbox to search. You can use any value that uniquely identifies
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-IncludeUnsearchableItems
The IncludeUnsearchableItems switch specifies whether to include items that couldn't be indexed by Exchange
Search. When set to $true, the IncludeUnsearchableItems switch specifies that items that couldn't be indexed by
Exchange Search should be included in the search results.
Required: False
Position: Named
Default value: None
-LogLevel
The LogLevel parameter specifies the logging level for the search. It can have one of the following values:
Suppress: No logs are kept.
Basic: Basic information about the query and who ran it is kept.
Full: In addition to the information kept by the Basic log level, the Full log level adds a complete list of search
results.
The default log level is Basic.
Type: Suppress | Basic | Full

Required: False
Position: Named
Default value: None
-LogOnly
The LogOnly switch specifies that a search be performed and only a log be generated. Messages returned by the
search aren't copied to the target mailbox. The logging level is specified by using the LogLevel parameter.
Required: False
Position: Named
Default value: None
-SearchDumpster
The SearchDumpster parameter specifies whether to search the Recoverable Items folder, which is the storage
location in which items deleted from the Deleted Items folder or hard-deleted items are stored until they're purged
from the mailbox database. By default, the Recoverable Items folder is always searched. To exclude the folder from
the search, set the SearchDumpster switch to $false, for example,-SearchDumpster:$false
Required: False
Position: Named
Default value: None
-SearchDumpsterOnly
The SearchDumpsterOnly switch specifies that only the Recoverable Items folder of the specified mailbox be
searched. You can also use this switch with the DeleteContent switch to delete messages from the Recoverable
Items folder and reduce the size of the folder.
Required: False
Position: Named
Default value: None
-SearchQuery
The SearchQuery parameter specifies a search string or a query formatted using Keyword Query Language (KQL ).
For more information about KQL in Exchange, see Message properties and search operators for In-Place
eDiscovery(https://docs.microsoft.com/exchange/security-and-compliance/in-place-ediscovery/message-
properties-and-search-operators).
If this parameter is empty, all messages are returned.
Note: The Search-Mailbox cmdlet returns up to 10000 results per mailbox if a search query is specified.
Type: String
Required: False
Position: Named
Default value: None
-TargetFolder
The TargetFolder parameter specifies a folder name in which search results are saved in the target mailbox. The
folder is created in the target mailbox upon execution.
Type: String
Required: True
Position: Named
Default value: None
-TargetMailbox
The TargetMailbox parameter specifies the destination mailbox where search results are copied. You can use any
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
You must use this parameter with the TargetFolder parameter. You can't use this parameter with the
EstimateResultOnly switch.
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-App
In ths Article
may be exclusive to one environment or the other. Use the Set-App cmdlet to modify the availability of organization
apps. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Set-App [-Identity] <AppIdParameter> [-Confirm] [-DefaultStateForUser <Enabled | Disabled | AlwaysEnabled>]
[-DomainController <Fqdn>] [-Enabled <$true | $false>] [-OrganizationApp]
[-ProvidedTo <Everyone | SpecificUsers>] [-UserList <MultiValuedProperty>] [-WhatIf] [-PrivateCatalog]
Description
The Set-App cmdlet can only be used when configuring the availability of an organization app. This task requires
that the specified app has already been installed (for example, that the app has been installed with the New -App
cmdlet, or that it's a default app for Outlook).
Default apps in Outlook on the web and apps that you've installed for use by users in your organization are known
as organization apps. Organization apps can't be removed by end users, but can be enabled or disabled. If an app is
an organization app (scope default or organization), the delete control on the toolbar is disabled for end users.
Administrators are able to remove organization apps. Administrators can't remove default apps, but they can
disable them for the entire organization.
Examples
-------------------------- Example 1 --------------------------
$a= Get-DistributionGroupMember -Identity "Finance Team"; Set-App -OrganizationApp -Identity 3f10017a-9bbe-

4a23-834b-6a8fe3af0e37 -ProvidedTo SpecificUsers -UserList $a.Identity -DefaultStateForUser Enabled
This example changes the organization app named FinanceTestApp, which was installed to everyone in the
organization, to be provided to members of the Finance Team group and to be enabled by default.
-------------------------- Example 2 --------------------------
Set-App -OrganizationApp -Identity 3f10017a-9bbe-4a23-834b-6a8fe3af0e37 -Enabled $false
This example disables the organization app named FinanceTestApp across the organization and hides it from end
user view.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DefaultStateForUser
The DefaultStateForUser parameter specifies the default initial state of the organization app for the specified users.
Valid values are:
Enabled: The organization app is enabled.
Disabled: The organization app is disabled. This is the default value.
AlwaysEnabled: The organization app is enabled, and users can't disable it.
Type: Enabled | Disabled | AlwaysEnabled

Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter specifies whether the app is available to users in the organization. Valid values are:
$true: The app is enabled for the specified users. This is the default value.
$false: The app isn't enabled for any users in the organization. This hides the app from user view for all users.
This setting overrides the ProvidedTo, UserList, and DefaultStateForUser settings. This setting doesn't prevent
users from installing their own instance of the app if they have install permissions.

Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the AppID (GUID value) of the app that you want to modify. To find the GUID
value of an app, run the command Get-App | Format-Table -Auto DisplayName,AppId.
Required: True
Position: 1
Default value: None
-OrganizationApp
The OrganizationApp switch specifies that the scope of the app is organizational (not bound to a specific user). You
Required: False
Position: Named
Default value: None
-PrivateCatalog
The PrivateCatalog switch specifies that the app you want to modify is located in a private catalog. You don't need
Required: False
Position: Named
Default value: None
-ProvidedTo
The ProvidedTo parameter specifies the availability of the app in your organization. Valid value are:
Everyone: The app is provided to every user in the organization. This is the default value. Every user sees this
app listed in the installed apps list in Outlook on the web Options. When an app in the installed apps list is
enabled, users can use the features of this app in their email. All users are blocked from installing their own
instances of this app, including but not limited to users with install apps permissions.
SpecificUsers: This app is provided to only the users specified by the UserList parameter. All other users don't
see this organizational app in their management view, nor will it activate in their mail or calendar items. The
specified users are also blocked from installing their own instance of this app. Unlisted users aren't blocked
from installing their own instance of this app.
Type: Everyone | SpecificUsers

Required: False
Position: Named
Default value: None
-UserList
The UserList parameter specifies who can use an organizational app. This parameter is currently limited to 1000
users. This will not change in the future as we are planning on moving to Centralized Deployment
(https://docs.microsoft.com/office/dev/add-ins/publish/centralized-deployment).
Valid values are mailboxes or mail users in your organization. You can use any value that uniquely identifies the
user. For example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
otherwise require quotation marks, use the following syntax: "<value1>","<value2>",..."<valueX>". Maximum size
of the list is 1000 recipients.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-CalendarNotification
In ths Article
may be exclusive to one environment or the other. Use the Set-CalendarNotification cmdlet to set text message
notifications for calendar events for a user. For information about the parameter sets in the Syntax section below,
Syntax
Set-CalendarNotification [-Identity] <MailboxIdParameter> [-CalendarUpdateNotification <$true | $false>]
[-CalendarUpdateSendDuringWorkHour <$true | $false>] [-Confirm] [-DailyAgendaNotification <$true | $false>]
[-DailyAgendaNotificationSendTime <TimeSpan>] [-DomainController <Fqdn>] [-IgnoreDefaultScope]
[-MeetingReminderNotification <$true | $false>] [-MeetingReminderSendDuringWorkHour <$true | $false>]
[-NextDays <Int32>] [-WhatIf] [<CommonParameters>]
Description
Users can receive text message notifications of changes to calendar events and daily agendas. Use the Set-
CalendarNotification cmdlet to configure these notifications for a user.
Examples
-------------------------- Example 1 --------------------------
Set-CalendarNotification -Identity "tony@contoso.com" -CalendarUpdateNotification $true
This example enables calendar updates to be sent in text messages to the user Tony Smith.
-------------------------- Example 2 --------------------------
Set-CalendarNotification -Identity "TonySmith" -CalendarUpdateNotification $true -MeetingReminderNotification

$true -MeetingReminderSendDuringWorkHour $true
This example enables calendar updates and meeting reminders to be sent in text messages to the user Tony Smith.
-------------------------- Example 3 --------------------------
Set-CalendarNotification -Identity contoso\tonysmith -DailyAgendaNotification $true
This example enables a daily agenda to be sent in text messages to the user Tony Smith.
Parameters
-CalendarUpdateNotification
The CalendarUpdateNotification parameter specifies whether calendar notifications are enabled for the user.

Required: False
Position: Named
Default value: None
-CalendarUpdateSendDuringWorkHour
The CalendarUpdateSendDuringWorkHour parameter specifies whether calendar notifications are sent during
working hours.

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DailyAgendaNotification
The DailyAgendaNotification parameter specifies whether a daily agenda should be sent to the user's mobile
phone.

Required: False
Position: Named
Default value: None
-DailyAgendaNotificationSendTime
The DailyAgendaNotificationSendTime parameter specifies the time to send the daily agenda.
seconds.
For example, a time span of 2 days and 8 hours is shown: 02.08:00:00.
Type: TimeSpan
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-IgnoreDefaultScope
The IgnoreDefaultScope parameter isn't implemented yet.
Required: False
Position: Named
Default value: None
-MeetingReminderNotification
The MeetingReminderNotification parameter specifies whether meeting reminders are sent to the user's mobile
phone.

Required: False
Position: Named
Default value: None
-MeetingReminderSendDuringWorkHour
The MeetingReminderSendDuringWorkHour parameter specifies whether meeting reminders are only sent during
working hours.

Required: False
Position: Named
Default value: None
-NextDays
The NextDays parameter specifies how many days should be sent in the daily agenda.
Type: Int32
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-CalendarProcessing
In ths Article
may be exclusive to one environment or the other. Use the Set-CalendarProcessing cmdlet to modify calendar
processing options for resource mailboxes, which include the Calendar Attendant, resource booking assistant, and
calendar configuration. Note that this cmdlet is effective only on resource mailboxes. For information about the
Syntax
Set-CalendarProcessing [-Identity] <MailboxIdParameter>
[-AddAdditionalResponse <$true | $false>]
[-AdditionalResponse <String>]
[-AddNewRequestsTentatively <$true | $false>]
[-AddOrganizerToSubject <$true | $false>]
[-AllBookInPolicy <$true | $false>]
[-AllowConflicts <$true | $false>]
[-AllowRecurringMeetings <$true | $false>]
[-AllRequestInPolicy <$true | $false>]
[-AllRequestOutOfPolicy <$true | $false>]
[-AutomateProcessing <None | AutoUpdate | AutoAccept>]
[-BookingType <Standard | Reserved>]
[-BookingWindowInDays <Int32>]
[-BookInPolicy <RecipientIdParameter[]>]
[-Confirm]
[-ConflictPercentageAllowed <Int32>]
[-DeleteAttachments <$true | $false>]
[-DeleteComments <$true | $false>]
[-DeleteNonCalendarItems <$true | $false>]
[-DeleteSubject <$true | $false>]
[-EnableResponseDetails <$true | $false>]
[-EnforceSchedulingHorizon <$true | $false>]
[-ForwardRequestsToDelegates <$true | $false>]
[-MaximumConflictInstances <Int32>]
[-MaximumDurationInMinutes <Int32>]
[-OrganizerInfo <$true | $false>]
[-ProcessExternalMeetingMessages <$true | $false>]
[-RemoveForwardedMeetingNotifications <$true | $false>]
[-RemoveOldMeetingMessages <$true | $false>]
[-RemovePrivateProperty <$true | $false>]
[-RequestInPolicy <RecipientIdParameter[]>]
[-RequestOutOfPolicy <RecipientIdParameter[]>]
[-ResourceDelegates <RecipientIdParameter[]>]
[-ScheduleOnlyDuringWorkHours <$true | $false>]
[-TentativePendingApproval <$true | $false>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-CalendarProcessing -Identity "Conf 212" -AutomateProcessing AutoAccept -DeleteComments $true -

AddOrganizerToSubject $true -AllowConflicts $false
This example automates the processing of calendar requests to the resource mailbox Conf 212.
-------------------------- Example 2 --------------------------
Set-CalendarProcessing -Identity "Car 53" -AutomateProcessing None
This example disables automatic processing for the resource mailbox Car 53.
-------------------------- Example 3 --------------------------
Set-CalendarProcessing -Identity "5th Floor Conference Room" -AutomateProcessing AutoAccept -AllBookInPolicy

$true
This example allows the Calendar Attendant to approve in-policy requests from all users.
-------------------------- Example 4 --------------------------
Set-CalendarProcessing -Identity "5th Floor Conference Room" -AutomateProcessing AutoAccept -AllRequestInPolicy

$true -AllBookInPolicy $false -ResourceDelegates "chris@contoso.com","michelle@contoso.com"
This example allows all users to submit in-policy requests, but the request is still subject to approval by one of the
specified delegates.
-------------------------- Example 5 --------------------------
Set-CalendarProcessing -Identity "Room 221" -AutomateProcessing AutoAccept -RequestOutOfPolicy

DavidPelton@contoso.com -ResourceDelegates "chris@contoso.com","michelle@contoso.com"
This example allows the Calendar Attendant to accept out-of-policy requests from David Pelton. The request is still
subject to approval by one of the specified delegates.
-------------------------- Example 6 --------------------------
Set-CalendarProcessing -Identity "Car 53" -AutomateProcessing AutoAccept -BookInPolicy

"ayla@contoso.com","tony@contoso.com" -AllBookInPolicy $false
This example allows a list of users to submit in-policy meeting requests to the equipment mailbox for Car 53.
-------------------------- Example 7 --------------------------
Set-CalendarProcessing -Identity "Room 221" -ProcessExternalMeetingMessages $false

This example rejects meeting requests from any user who isn't a member of the Exchange organization.
Parameters
-AddAdditionalResponse
The AddAdditionalResponse parameter specifies whether additional information (the value of the
AdditionalResponse parameter) is added to meeting request responses. Valid values are:
$true: Text from the AdditionalResponse parameter is added to meeting request responses.
$false: No additional text is added to meeting request responses (any text in the AddAdditionalResponse
parameter isn't used). This is the default value.
This parameter is used only on resource mailboxes where the AutomateProcessing parameter is set to AutoAccept.

Required: False
Position: Named
Default value: None
-AdditionalResponse
The AdditionalResponse parameter specifies the additional information to be included in responses to meeting
requests when the value of the AdditionalResponse parameter is $true. If the value contains spaces, enclose the
Type: String
Required: False
Position: Named
Default value: None
-AddNewRequestsTentatively
The AddNewRequestsTentatively parameter specifies whether new meeting requests are added to the calendar as
tentative. Valid values are:
$true: New calendar items are added to the calendar as tentative. This is the default value.
$false: Only existing calendar items are updated by the Calendar Attendant.

Required: False
Position: Named
Default value: None
-AddOrganizerToSubject
The AddOrganizerToSubject parameter specifies whether the meeting organizer's name is used as the subject of
the meeting request. Valid values are:
$true: The meeting organizer's name replaces any existing Subject value for the meeting request. This is the
default value.
$false: The original Subject value is preserved.

Required: False
Position: Named
Default value: None
-AllBookInPolicy
The AllBookInPolicy parameter specifies whether to automatically approve in-policy requests from all users to the
resource mailbox. Valid values are:
$true: In-policy requests from all users are automatically approved. This is the default value.
$false: In-policy requests from all users aren't automatically approved (approval by a delegate is required).

Required: False
Position: Named
Default value: None
-AllowConflicts
The AllowConflicts parameter specifies whether to allow conflicting meeting requests. Valid values are:
$true: Conflicts are allowed.
$false: Conflicts aren't allowed. This is the default value.

Required: False
Position: Named
Default value: None
-AllowRecurringMeetings
The AllowRecurringMeetings parameter specifies whether to allow recurring meetings in meeting requests. Valid
values are:
$true: Recurring meetings are allowed. This is the default value.
$false: Recurring meetings aren't allowed.
Required: False
Position: Named
Default value: None
-AllRequestInPolicy
The AllRequestInPolicy parameter specifies whether to allow all users to submit in-policy requests to the resource
mailbox. Valid values are:
$true: All users are allowed to submit in-policy requests to the resource mailbox. These requests require
approval by a resource mailbox delegate if the AllBookInPolicy parameter is set to $false (the default value is
$true).
$false: All users can't submit in-policy requests to the resource mailbox. This is the default value.

Required: False
Position: Named
Default value: None
-AllRequestOutOfPolicy
The AllRequestOutOfPolicy parameter specifies whether to allow all users to submit out-of-policy requests to the
resource mailbox. Valid values are:
$true: All users are allowed to submit out-of-policy requests to the resource mailbox. Out-of-policy requests
require approval by a resource mailbox delegate.
$false: All users can't submit out-of-policy requests to the resource mailbox. This is the default value.

Required: False
Position: Named
Default value: None
-AutomateProcessing
The AutomateProcessing parameter enables or disables calendar processing on the mailbox. Valid values are:
None: Calendar processing is disabled on the mailbox. Both the resource booking attendant and the Calendar
Attendant are disabled on the mailbox.
AutoUpdate: Only the Calendar Attendant processes meeting requests and responses. Meeting requests are
tentative in the calendar until they're approved by a delegate. Meeting organizers receive only decisions from
delegates.
AutoAccept: Both the Calendar Attendant and resource booking attendant are enabled on the mailbox. This
means that the Calendar Attendant updates the calendar, and then the resource booking assistant accepts the
meeting based upon the policies. Eligible meeting organizers receive the decision directly without human
intervention (free = accept; busy = decline).
In on-premises Exchange, resource mailboxes created in the Exchange admin center (EAC ) have the default value
AutoAccept, while resource mailboxes created in PowerShell have the default value AutoUpdate.
In Exchange Online, resource mailbox created in the EAC and resource mailboxes created in PowerShell after
November 15, 2018 have the default value AutoAccept. Resource mailboxes created in PowerShell before
November 15 have the default value AutoUpdate.
The default value for user mailboxes is AutoUpdate, but you can't change the value on a user mailbox.
Type: None | AutoUpdate | AutoAccept

Required: False
Position: Named
Default value: None
-BookingType
The BookingType parameter specifies how reservations work on the resource mailbox. Valid values are:
Standard: The resource can be reserved based on the other settings in this cmdlet. This is the default value
Reserved: The resource can't be reserved.
Type: <Standard | Reserved>

Required: False
Position: Named
Default value: None
-BookingWindowInDays
The BookingWindowInDays parameter specifies the maximum number of days in advance that the resource can be
reserved. A valid value is an integer from 0 through 1080. The default value is 180 days. The value 0 means today.
Type: Int32
Required: False
Position: Named
Default value: None
-BookInPolicy
The BookInPolicy parameter specifies users who are allowed to submit in-policy meeting requests to the resource
mailbox that are automatically approved. You can use any value that uniquely identifies the users. For example:
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-ConflictPercentageAllowed
The ConflictPercentageAllowed parameter specifies the maximum percentage of meeting conflicts for new
recurring meeting requests. A valid value is an integer from 0 through 100. The default value is 0.
If a new recurring meeting request conflicts with existing reservations for the resource more than the percentage
specified by this parameter, the recurring meeting request is automatically declined. When the value is 0, no
conflicts are permitted for new recurring meeting requests.
Type: Int32
Required: False
Position: Named
Default value: None
-DeleteAttachments
The DeleteAttachments parameter specifies whether to remove attachments from all incoming messages. Valid
values are:
$true: Remove any attachments in incoming messages. This is the default value.
$false: Preserve any attachments in incoming messages.
Required: False
Position: Named
Default value: None
-DeleteComments
The DeleteComments parameter specifies whether to remove or keep any text in the message body of incoming
meeting requests. Valid values are:
$true: Remove any text in the message body of incoming meeting requests. This is the default value.
$false: Preserve any text in the message body of incoming meeting requests.

Required: False
Position: Named
Default value: None
-DeleteNonCalendarItems
The DeleteNonCalendarItems parameter specifies whether to remove or keep all non-calendar-related messages
that are received by the resource mailbox. Valid values are:
$true: Non-calendar messages are deleted. This is the default value.
$false: Non-calendar messages are preserved.

Required: False
Position: Named
Default value: None
-DeleteSubject
The DeleteSubject parameter specifies whether to remove or keep the subject of incoming meeting requests. Valid
values are:
$true: Remove the Subject value of incoming meeting requests. This is the default value.
$false: Preserve The Subject value of incoming meeting requests.

Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-EnableResponseDetails
The EnableResponseDetails parameter specifies whether to include the reasons for accepting or declining a
meeting in the response email message. Valid values are:
$true: The reasons for accepting or declining a meeting are included in the response message. This is the default
value.
$false: The reasons for accepting or declining a meeting aren't included in the response message.

Required: False
Position: Named
Default value: None
-EnforceSchedulingHorizon
The EnforceSchedulingHorizon parameter controls the behavior of recurring meetings that extend beyond the date
specified by the BookingWindowInDays parameter. Valid values are:
$true: A recurring meeting request is automatically declined if the meetings start on or before the date specified
by the BookingWindowInDays parameter, and the meetings extend beyond the specified date. This is the default
value.
$false: A recurring meeting request is automatically accepted if the meetings start on or before the date
specified by the BookingWindowInDays parameter, and the meetings extend beyond the specified date.
However, the number of meetings is automatically reduced so meetings won't occur after the specified date.

Required: False
Position: Named
Default value: None
-ForwardRequestsToDelegates
The ForwardRequestsToDelegates parameter specifies whether to forward incoming meeting requests to the
delegates that are configured for the resource mailbox. Valid values are:
$true: Forward incoming meeting requests to the delegates. This is the default value.
$false: Don't forward incoming meeting requests to the delegates.

Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the resource mailbox that you want to modify. You can use any value that uniquely
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-IgnoreDefaultScope
automatically.
accepted.
Required: False
Position: Named
Default value: None
-MaximumConflictInstances
The MaximumConflictInstances parameter specifies the maximum number of conflicts for new recurring meeting
requests when the AllowRecurringMeetings parameter is set to $true. A valid value is an integer from 0 through
INT32 (2147483647). The default value is 0.
If a new recurring meeting request conflicts with existing reservations for the resource more than the number of
times specified by the MaximumConflictInstances parameter value, the recurring meeting request is automatically
declined. When the value is 0, no conflicts are permitted for new recurring meeting requests.
Type: Int32
Required: False
Position: Named
Default value: None
-MaximumDurationInMinutes
The MaximumDurationInMinutes parameter specifies the maximum duration in minutes for meeting requests. A
valid value is an integer from 0 through INT32 (2147483647). The default value is 1440 (24 hours).
When the value is set to 0, the maximum duration of a meeting is unlimited. For recurring meetings, the value of
this parameter applies to the length of an individual meeting instance.
Type: Int32
Required: False
Position: Named
Default value: None
-OrganizerInfo
The OrganizerInfo parameter specifies whether the resource mailbox sends organizer information when a meeting
request is declined because of conflicts. Valid values are:
$true: Organizer information is sent when a meeting request is declined because of conflicts. This is the default
value.
$false: Organizer information isn't sent when a meeting request is declined because of conflicts.

Required: False
Position: Named
Default value: None
-ProcessExternalMeetingMessages
The ProcessExternalMeetingMessages parameter specifies whether to process meeting requests that originate
outside the Exchange organization. Valid values are:
$true: Meeting requests from external senders are processed.
$false: Meeting requests from external senders are rejected. This is the default value.

Required: False
Position: Named
Default value: None
-RemoveForwardedMeetingNotifications
The RemoveForwardedMeetingNotifications parameter specifies whether forwarded meeting notifications are
moved to the Deleted Items folder after they're processed by the Calendar Attendant. Valid values are:
$true: Processed forwarded meeting notifications are deleted (moved to the Deleted Items folder).
$false: Processed forwarded meeting notifications aren't deleted. This is the default value.

Required: False
Position: Named
Default value: None
-RemoveOldMeetingMessages
The RemoveOldMeetingMessages parameter specifies whether the Calendar Attendant removes old and
redundant updates and responses. Valid values are:
$true: Outdated and redundant meeting messages are deleted. This is the default value.
$false: Outdated and redundant meeting messages aren't deleted.

Required: False
Position: Named
Default value: None
-RemovePrivateProperty
The RemovePrivateProperty parameter specifies whether to clear the private flag for incoming meetings that were
sent by the organizer in the original requests. Valid values are:
$true: The private flag for incoming meeting requests is cleared (the meeting is no longer private). This is the
default value.
$false: The private flag for incoming meeting requests is preserved (private meetings stay private).
Required: False
Position: Named
Default value: None
-RequestInPolicy
The RequestInPolicy parameter specifies users who are allowed to submit in-policy meeting requests to the
resource mailbox that require approval by a resource mailbox delegate. You can use any value that uniquely
identifies the user. For example:
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
-RequestOutOfPolicy
The RequestOutOfPolicy parameter specifies users who are allowed to submit out-of-policy requests that require
approval by a resource mailbox delegate. You can use any value that uniquely identifies the user. For example:
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
-ResourceDelegates
The ResourceDelegates parameter specifies users can approve or reject requests that are sent to the resource
mailbox. You can use any value that uniquely identifies the user. For example:
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
-ScheduleOnlyDuringWorkHours
The ScheduleOnlyDuringWorkHours parameter specifies whether to allow meetings to be scheduled outside of the
working hours that are defined for the resource mailbox. Valid values are:
$true: Meeting requests that are outside of working hours are automatically rejected.
$false: Meeting requests that are outside of working hours aren't automatically rejected. This is the default
value.
You configure the working hours of the resource mailbox by using the WorkDays, WorkingHoursStartTime,
WorkingHoursEndTime and WorkingHoursTimeZone parameters on the Set-MailboxCalendarConfiguration
cmdlet.

Required: False
Position: Named
Default value: None
-TentativePendingApproval
The TentativePendingApproval parameter specifies whether to mark pending requests as tentative on the calendar.
Valid values are:
$true: Meeting requests that are awaiting approval from a delegate appear in the calendar as tentative. This is
the default value.
$false: Meeting requests that are awaiting approval appear in the calendar as free.

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-Clutter
In ths Article
This cmdlet is available only in the cloud-based service. Use the Set-Clutter cmdlet to configure Clutter settings for
mailboxes in your organization. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Set-Clutter -Identity <MailboxIdParameter> [-Enable <$true | $false>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-Clutter -Identity "Alexander Martinez" -Enable $false
This example disables Clutter for the user Alexander Martinez.
Parameters
-Enable
The Enable parameter specifies whether to enable or disable Clutter for the mailbox. Valid values are:
$true: Clutter is enabled for the mailbox. This is the default value.
$false: Clutter is disabled for the mailbox.

Required: False
Position: Named
Default value: None
-Identity
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online version
Set-FocusedInbox
In ths Article
This cmdlet is available only in the cloud-based service. Use the Set-FocusedInbox cmdlet to enable or disable
Focused Inbox for mailboxes in your organization. For information about the parameter sets in the Syntax section
Syntax
Set-FocusedInbox -Identity <MailboxIdParameter> [-FocusedInboxOn <$true | $false>] [<CommonParameters>]
Description
Focused Inbox is a replacement for Clutter that separates the Inbox into the Focused and Other tabs in Outlook on
the web and newer versions of Outlook. Important emails are on the Focused tab while the rest are on the Other
tab.
Examples
-------------------------- Example 1 --------------------------
Set-FocusedInbox -Identity laura@contoso.com -FocusedInboxOn $false
This example disables Focused Inbox for the mailbox of laura@contoso.com.
Parameters
-FocusedInboxOn
The FocusedInboxOn parameter enables or disables Focused Inbox for the mailbox. Valid values are:
$true: Focused Inbox is enabled. This is the default value.
$false: Focused Inbox is disabled.

Required: False
Position: Named
Default value: None
-Identity
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online version
Set-InboxRule
In ths Article
may be exclusive to one environment or the other. Use the Set-InboxRule cmdlet to modify existing Inbox rules in
mailboxes. Inbox rules process messages in the Inbox based on conditions specified and take actions such as
moving a message to a specified folder or deleting a message. For information about the parameter sets in the
Syntax
Set-InboxRule [-Identity] <InboxRuleIdParameter>
[-ApplyCategory <MultiValuedProperty>]
[-ApplySystemCategory <MultiValuedProperty>]
[-BodyContainsWords <MultiValuedProperty>]
[-Confirm]
[-CopyToFolder <MailboxFolderIdParameter>]
[-DeleteMessage <$true | $false>]
[-DeleteSystemCategory <MultiValuedProperty>]
[-ExceptIfBodyContainsWords <MultiValuedProperty>]
[-ExceptIfFlaggedForAction <String>]
[-ExceptIfFrom <RecipientIdParameter[]>]
[-ExceptIfFromAddressContainsWords <MultiValuedProperty>]
[-ExceptIfHasAttachment <$true | $false>]
[-ExceptIfHasClassification <MessageClassificationIdParameter[]>]
[-ExceptIfHeaderContainsWords <MultiValuedProperty>]
[-ExceptIfMessageTypeMatches <AutomaticReply | AutomaticForward | Encrypted | Calendaring |
CalendaringResponse | PermissionControlled | Voicemail | Signed | ApprovalRequest | ReadReceipt |
NonDeliveryReport>]
[-ExceptIfMyNameInCcBox <$true | $false>]
[-ExceptIfMyNameInToBox <$true | $false>]
[-ExceptIfMyNameInToOrCcBox <$true | $false>]
[-ExceptIfMyNameNotInToBox <$true | $false>]
[-ExceptIfReceivedAfterDate <ExDateTime>]
[-ExceptIfReceivedBeforeDate <ExDateTime>]
[-ExceptIfRecipientAddressContainsWords <MultiValuedProperty>]
[-ExceptIfSentOnlyToMe <$true | $false>]
[-ExceptIfSubjectContainsWords <MultiValuedProperty>]
[-ExceptIfSubjectOrBodyContainsWords <MultiValuedProperty>]
[-ExceptIfWithImportance <Low | Normal | High>]
[-ExceptIfWithinSizeRangeMaximum <ByteQuantifiedSize>]
[-ExceptIfWithinSizeRangeMinimum <ByteQuantifiedSize>]
[-ExceptIfWithSensitivity <Normal | Personal | Private | CompanyConfidential>]
[-FlaggedForAction <String>]
[-Force]
[-ForwardAsAttachmentTo <RecipientIdParameter[]>]
[-ForwardTo <RecipientIdParameter[]>]
[-From <RecipientIdParameter[]>]
[-FromAddressContainsWords <MultiValuedProperty>]
[-HeaderContainsWords <MultiValuedProperty>]
[-MarkAsRead <$true | $false>]
[-MarkImportance <Low | Normal | High>]
[-MessageTypeMatches <AutomaticReply | AutomaticForward | Encrypted | Calendaring | CalendaringResponse |
PermissionControlled | Voicemail | Signed | ApprovalRequest | ReadReceipt | NonDeliveryReport>]
[-MoveToFolder <MailboxFolderIdParameter>]
[-MyNameInCcBox <$true | $false>]
[-MyNameInToBox <$true | $false>]
[-MyNameInToOrCcBox <$true | $false>]
[-MyNameNotInToBox <$true | $false>]
[-Name <String>]
[-PinMessage <$true | $false>]
[-Priority <Int32>]
[-ReceivedAfterDate <ExDateTime>]
[-ReceivedBeforeDate <ExDateTime>]
[-RecipientAddressContainsWords <MultiValuedProperty>]
[-RedirectTo <RecipientIdParameter[]>]
[-SendTextMessageNotificationTo <MultiValuedProperty>]
[-SentOnlyToMe <$true | $false>]
[-StopProcessingRules <$true | $false>]
[-SubjectContainsWords <MultiValuedProperty>]
[-SubjectOrBodyContainsWords <MultiValuedProperty>]
[-WhatIf]
[-WithImportance <Low | Normal | High>]
[-WithinSizeRangeMaximum <ByteQuantifiedSize>]
[-WithinSizeRangeMinimum <ByteQuantifiedSize>]
[-WithSensitivity <Normal | Personal | Private | CompanyConfidential>]
Description
The Set-InboxRule cmdlet allows you to modify the rule conditions, exceptions, and actions.
Examples
-------------------------- Example 1 --------------------------
Set-InboxRule ProjectContoso -MarkImportance "High"
This example modifies the action of the existing Inbox rule ProjectContoso. The MarkImportance parameter is used
to mark the message with high importance.
Parameters
Required: False
Position: Named
Default value: None
-ApplyCategory
The ApplyCategory parameter specifies an action for the Inbox rule that applies the specified category to messages.
A valid value is any text value that you want to define as a category. You can specify multiple categories separated
by commas. If the value contains spaces, enclose the value in quotation marks (").
The categories that you specify for this parameter are defined in the mailbox (they aren't shared between
mailboxes).
Required: False
Position: Named
Default value: None
-ApplySystemCategory
The ApplySystemCategory parameter specifies an action for the Inbox rule that applies the specified system
category to messages. System categories are available to all mailboxes in the organization. Valid values are:
NotDefined
Bills
Document
DocumentPlus
Event
Family
File
Flight
FromContact
Important
LiveView
Lodging
MailingList
Newsletter
Photo
Purchase
RentalCar
RetiredPromotion
Shopping
SocialUpdate
Travel
Video
Required: False
Position: Named
Default value: None
-BodyContainsWords
The BodyContainsWords parameter specifies a condition for the Inbox rule that looks for the specified words or
phrases in the body of messages.
The corresponding exception parameter to this condition is ExceptIfBodyContainsWords.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-CopyToFolder
The CopyToFolder parameter specifies an action for the Inbox rule that copies messages to the specified mailbox
\Inbox\Personal).
Required: False
Position: Named
Default value: None
-DeleteMessage
The DeleteMessage parameter specifies an action for the Inbox rule that sends messages to the Deleted Items
$true: Messages that match the conditions of the rule are moved to the Deleted Items folder.

Required: False
Position: Named
Default value: None
-DeleteSystemCategory
The DeleteSystemCategory parameter specifies an action for the Inbox rule that deletes the specified system
category from messages. System categories are available to all mailboxes in the organization. Valid values are:
NotDefined
Bills
Document
DocumentPlus
Event
Family
File
Flight
FromContact
Important
LiveView
Lodging
MailingList
Newsletter
Photo
Purchase
RentalCar
RetiredPromotion
Shopping
SocialUpdate
Travel
Video
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-ExceptIfBodyContainsWords
The ExceptIfBodyContainsWords parameter specifies an exception for the Inbox rule that looks for the specified
words or phrases in the body of messages.
The corresponding condition parameter to this exception is BodyContainsWords.
Required: False
Position: Named
Default value: None
-ExceptIfFlaggedForAction
The ExceptIfFlaggedForAction parameter specifies an exception for the Inbox rule that looks messages with the
specified message flag. Valid values are:
Any
Call
DoNotForward
FollowUp
ForYourInformation
Forward
NoResponseNecessary
Read
Reply
ReplyToAll
Review
The corresponding condition parameter to this exception is FlaggedForAction.
Type: String
Required: False
Position: Named
Default value: None
-ExceptIfFrom
The ExceptIfFrom parameter specifies an exception for the Inbox rule that looks for the specified sender in
messages. You can use any value that uniquely identifies the sender. For example: For example:
Name
Alias
Canonical DN
Email address
GUID
The corresponding condition parameter to this exception is From.
Required: False
Position: Named
Default value: None
-ExceptIfFromAddressContainsWords
The ExceptIfFromAddressContainsWords parameter specifies an exception for the Inbox rule that looks for
messages where the specified words are in the sender's email address.
The corresponding condition parameter to this exception is FromAddressContainsWords.
Required: False
Position: Named
Default value: None
-ExceptIfFromSubscription
The ExceptIfFromSubscription parameter specifies an exception for the Inbox rule that looks for messages received
from subscriptions (for example, POP or IMAP subscriptions). You can identify the subscription by using the Get-
The corresponding condition parameter to this exception is FromSubscription.
Required: False
Position: Named
Default value: None
-ExceptIfHasAttachment
The ExceptIfHasAttachment parameter specifies an exception for the Inbox rule that looks for messages with
attachments. Valid values are:
$true: The rule action isn't applied to messages that have attachments.
The corresponding condition parameter to this exception is HasAttachment.

Required: False
Position: Named
Default value: None
-ExceptIfHasClassification
The ExceptIfHasClassification parameter specifies an exception for the Inbox rule that looks for messages with the
specified message classification. You can find message classifications by using the Get-MessageClassification
cmdlet. You can specify multiple message classifications separated by commas.
The corresponding condition parameter to this exception is HasClassification.
Required: False
Position: Named
Default value: None
-ExceptIfHeaderContainsWords
The HeaderContainsWords parameter specifies an exception for the Inbox rule that looks for the specified words or
The corresponding condition parameter to this exception is HeaderContainsWords.
Required: False
Position: Named
Default value: None
-ExceptIfMessageTypeMatches
The ExceptIfMessageTypeMatches parameter specifies an exception for the Inbox rule that looks for messages of
the specified type. Valid values are:
AutomaticReply
AutomaticForward
Encrypted
Calendaring
CalendaringResponse
Voicemail
Signed
ApprovalRequest
ReadReceipt
NonDeliveryReport
The corresponding condition parameter to this exception is MessageTypeMatches.

Required: False
Position: Named
Default value: None
-ExceptIfMyNameInCcBox
The ExceptIfMyNameInCcBox parameter specifies an exception for the Inbox rule that looks for messages where
the mailbox owner is in the Cc field. Valid values are:
$true: The rule action isn't applied to messages where the mailbox owner is in the Cc field.
The corresponding condition parameter to this exception is MyNameInCcBox.
Required: False
Position: Named
Default value: None
-ExceptIfMyNameInToBox
The ExceptIfMyNameInToBox parameter specifies an exception for the Inbox rule that looks for messages where
the mailbox owner is in the To field. Valid values are:
$true: The rule action isn't applied to messages where the mailbox owner is in the To field.
The corresponding condition parameter to this exception is MyNameInToBox.

Required: False
Position: Named
Default value: None
-ExceptIfMyNameInToOrCcBox
The ExceptIfMyNameInToOrCcBox parameter specifies an exception for the Inbox rule that looks for messages
where the mailbox owner is in the To or Cc fields Valid values are.
$true: The rule action isn't applied to messages where the mailbox owner is in the To or Cc fields.
The corresponding condition parameter to this exception is MyNameInToOrCcBox.

Required: False
Position: Named
Default value: None
-ExceptIfMyNameNotInToBox
The ExceptIfMyNameNotInToBox parameter specifies an exception for the Inbox rule that looks for messages
where the mailbox owner isn't in the To field. Valid values are:
$true: The rule action isn't applied to messages where the mailbox owner isn't in the To field.
The corresponding condition parameter to this exception is MyNameNotInToBox.
Required: False
Position: Named
Default value: None
-ExceptIfReceivedAfterDate
The ExceptIfReceivedAfterDate parameter specifies an exception for the Inbox rule that looks for messages received
after the specified date.
The corresponding condition parameter to this exception is ReceivedAfterDate.
Type: ExDateTime
Required: False
Position: Named
Default value: None
-ExceptIfReceivedBeforeDate
The ExceptIfReceivedBeforeDate parameter specifies an exception for the Inbox rule that looks for messages
received before the specified date.
The corresponding condition parameter to this exception is ReceivedBeforeDate.
Type: ExDateTime
Required: False
Position: Named
Default value: None
-ExceptIfRecipientAddressContainsWords
The ExceptIfRecipientAddressContainsWords parameter specifies an exception for the Inbox rule that looks for
messages where the specified words are in recipient email addresses.
The corresponding condition parameter to this exception is RecipientAddressContainsWords.
Required: False
Position: Named
Default value: None
-ExceptIfSentOnlyToMe
The ExceptIfSentOnlyToMe parameter specifies an exception for the Inbox rule that looks for messages where the
only recipient is the mailbox owner. Valid values are:
$true: The rule action isn't applied to messages where the mailbox owner is the only recipient.
The corresponding condition parameter to this exception is SentOnlyToMe.

Required: False
Position: Named
Default value: None
-ExceptIfSentTo
Name
Alias
Canonical DN
Email address
GUID
The corresponding condition parameter to this exception is SentTo.
Required: False
Position: Named
Default value: None
-ExceptIfSubjectContainsWords
The ExceptIfSubjectContainsWords parameter specifies an exception for the Inbox rule that looks for the specified
words or phrases in the Subject field of messages.
The corresponding condition parameter to this exception is SubjectContainsWords.
Required: False
Position: Named
Default value: None
-ExceptIfSubjectOrBodyContainsWords
The ExceptIfSubjectOrBodyContainsWords parameter specifies an exception for the Inbox rule that looks for the
specified words or phrases in the Subject field or body of messages.
The corresponding condition parameter to this exception is ExceptIfSubjectOrBodyContainsWords.
Required: False
Position: Named
Default value: None
-ExceptIfWithImportance
The ExceptIfWithImportance parameter specifies an exception for the Inbox rule that looks for messages with the
specified importance level. Valid values are:
High
Normal
Low
The corresponding condition parameter to this exception is WithImportance.

Required: False
Position: Named
Default value: None
-ExceptIfWithinSizeRangeMaximum
The ExceptIfWithinSizeRangeMaximum parameter specifies part of an exception for the Inbox rule that looks for
messages that smaller than specified maximum size.
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
You need to use this parameter with the ExceptIfWithinSizeRangeMinimum parameter, and the value of this
parameter must be greater than the value of ExceptIfWithinSizeRangeMinimum.
The corresponding condition parameter to this exception is WithinSizeRangeMaximum.
Required: False
Position: Named
Default value: None
-ExceptIfWithinSizeRangeMinimum
The ExceptIfWithinSizeRangeMinimum parameter specifies part of an exception for the Inbox rule that looks for
messages that are larger than the specified minimum size.
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
You need to use this parameter with the ExceptIfWithinSizeRangeMaximum parameter, and the value of this
parameter must be less than the value of ExceptIfWithinSizeRangeMaximum.
The corresponding condition parameter to this exception is WithinSizeRangeMinimum.
Required: False
Position: Named
Default value: None
-ExceptIfWithSensitivity
The ExceptIfWithSensitivity parameter specifies an exception for the Inbox rule that looks for messages with the
specified sensitivity level. Valid values are:
Normal
Personal
Private
CompanyConfidential
The corresponding condition parameter to this exception is WithSensitivity.

Required: False
Position: Named
Default value: None
-FlaggedForAction
The FlaggedForAction parameter specifies a condition for the Inbox rule that looks for messages with the specified
message flag. Valid values are:
Any
Call
DoNotForward
FollowUp
ForYourInformation
Forward
NoResponseNecessary
Read
Reply
ReplyToAll
Review
Type: String
Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-ForwardAsAttachmentTo
The ForwardAsAttachmentTo parameter specifies an action for the Inbox rule that forwards the message to the
specified recipient as an attachment. You can use any value that uniquely identifies the recipient. For example:
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
-ForwardTo
The ForwardTo parameter specifies an action for the Inbox rule that forwards the message to the specified
recipient. You can use any value that uniquely identifies the recipient. For example:
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
-From
The From parameter specifies a condition for the Inbox rule that looks for the specified sender in messages. You
can use any value that uniquely identifies the sender. For example:
Name
Alias
Canonical DN
Email address
GUID
The corresponding exception parameter to this condition is ExceptIfFrom.
Required: False
Position: Named
Default value: None
-FromAddressContainsWords
The FromAddressContainsWords parameter specifies a condition for the Inbox rule that looks for messages where
the specified words are in the sender's email address.
The corresponding exception parameter to this condition is ExceptIfFromAddressContainsWords.
Required: False
Position: Named
Default value: None
-FromSubscription
The FromSubscription parameter specifies a condition for the Inbox rule that looks for messages received from
subscriptions (for example, POP or IMAP subscriptions). You can identify the subscription by using the Get-
The corresponding exception parameter to this condition is ExceptIfFromSubscription.
Required: False
Position: Named
Default value: None
-HasAttachment
The HasAttachment parameter specifies a condition for the Inbox rule that looks for messages with attachments.
Valid values are:
$true: The rule action is applied to messages that have attachments.
The corresponding exception parameter to this condition is ExceptIfHasAttachment.

Required: False
Position: Named
Default value: None
-HasClassification
The HasClassification parameter specifies a condition for the Inbox rule that looks for messages with the specified
message classification. You can find message classifications by using the Get-MessageClassification cmdlet. You can
specify multiple message classifications separated by commas.
The corresponding exception parameter to this condition is ExceptIfHasClassification.
Required: False
Position: Named
Default value: None
-HeaderContainsWords
The HeaderContainsWords parameter specifies a condition for the Inbox rule that looks for the specified words or
The corresponding exception parameter to this condition is ExceptIfHeaderContainsWords.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Inbox rule that you want to modify. You can use any value that uniquely
Name
RuleIdentity property (for example, 16752869479666417665).
Exchange Online: <mailbox alias>\<RuleIdentity> (for example, rzaher\16752869479666417665.
On-premises Exchange: <mailbox canonical name>\<RuleIdentity> (for example, contoso.com/Users/Rick
Zaher\16752869479666417665.
Required: True
Position: 1
Default value: None
-Mailbox
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-MarkAsRead
The MarkAsRead parameter specifies an action for the Inbox rule that marks messages as read. Valid values are:
$true: Messages that match the conditions of the rule are marked as read.

Required: False
Position: Named
Default value: None
-MarkImportance
The MarkImportance parameter specifies an action for the Inbox rule that marks messages with the specified
importance flag. Valid values are:
Low
Normal
High

Required: False
Position: Named
Default value: None
-MessageTypeMatches
The MessageTypeMatches parameter specifies a condition for the Inbox rule that looks for messages of the
specified type. Valid values are:
AutomaticReply
AutomaticForward
Encrypted
Calendaring
CalendaringResponse
Voicemail
Signed
ApprovalRequest
ReadReceipt
NonDeliveryReport
The corresponding exception parameter to this condition is ExceptIfMessageTypeMatches.

Required: False
Position: Named
Default value: None
-MoveToFolder
The MoveToFolder parameter specifies an action for the Inbox rule that moves messages to the specified mailbox
\Inbox\Personal).
Required: False
Position: Named
Default value: None
-MyNameInCcBox
The MyNameInCcBox parameter specifies a condition for the Inbox rule that looks for messages where the mailbox
owner is in the Cc field. Valid values are:
$true: The rule action is applied to messages where the mailbox owner is in the Cc field.
The corresponding exception parameter to this condition is ExceptIfMyNameInCcBox.

Required: False
Position: Named
Default value: None
-MyNameInToBox
The MyNameInToBox parameter specifies a condition for the Inbox rule that looks for messages where the mailbox
owner is in the To field. Valid values are:
$true: The rule action is applied to messages where the mailbox owner is in the To field.
The corresponding exception parameter to this condition is ExceptIfMyNameInToBox.

Required: False
Position: Named
Default value: None
-MyNameInToOrCcBox
The MyNameInToOrCcBox parameter specifies a condition for the Inbox rule that looks for messages where the
mailbox owner is in the To or Cc fields Valid values are.
$true: The rule action is applied to messages where the mailbox owner is in the To or Cc fields.
The corresponding exception parameter to this condition is ExceptIfMyNameInToOrCcBox.

Required: False
Position: Named
Default value: None
-MyNameNotInToBox
The MyNameNotInToBox parameter specifies a condition for the Inbox rule that looks for messages where the
mailbox owner isn't in the To field. Valid values are:
$true: The rule action is applied to messages where the mailbox owner isn't in the To field.
The corresponding exception parameter to this condition is ExceptIfMyNameNotInToBox.

Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies a name for the Inbox rule. The maximum length is 64 characters. If the value
Type: String
Required: False
Position: Named
Default value: None
-PinMessage
The PinMessage parameter specifies an action for the Inbox rule that pins messages to the top of the Inbox. Valid
values are:
$true: Message that match the conditions of the rule are pinned to the top of the Inbox.

Required: False
Position: Named
Default value: None
-Priority
The Priority parameter specifies a priority for the Inbox rule that determines the order of rule processing. A lower
integer value indicates a higher priority,
Type: Int32
Required: False
Position: Named
Default value: None
-ReceivedAfterDate
The ReceivedAfterDate parameter specifies a condition for the Inbox rule that looks for messages received after the
specified date.
The corresponding exception parameter to this condition is ExceptIfReceivedAfterDate.
Type: ExDateTime
Required: False
Position: Named
Default value: None
-ReceivedBeforeDate
The ReceivedBeforeDate parameter specifies a condition for the Inbox rule that looks for messages received before
the specified date.
The corresponding exception parameter to this condition is ExceptIfReceivedBeforeDate.
Type: ExDateTime
Required: False
Position: Named
Default value: None
-RecipientAddressContainsWords
The RecipientAddressContainsWords parameter specifies a condition for the Inbox rule that looks for messages
where the specified words are in recipient email addresses.
The corresponding exception parameter to this condition is ExceptIfRecipientAddressContainsWords.
Required: False
Position: Named
Default value: None
-RedirectTo
The RedirectTo parameter specifies an action for the Inbox rule that redirects the message to the specified recipient.
Name
Alias
Canonical DN
Email address
GUID
Required: False
Position: Named
Default value: None
-SendTextMessageNotificationTo
The SendTextMessageNotificationTo parameter specifies an action for the Inbox rule that send a text message
notification to the specified telephone number.
Required: False
Position: Named
Default value: None
-SentOnlyToMe
The SentOnlyToMe parameter specifies a condition for the Inbox rule that looks for messages where the only
recipient is the mailbox owner. Valid values are:
$true: The rule action is applied to messages where the mailbox owner is the only recipient.
The corresponding exception parameter to this condition is ExceptIfSentOnlyToMe.

Required: False
Position: Named
Default value: None
-SentTo
The SentTo parameter specifies a condition for the Inbox rule that looks for messages with the specified recipients.
Name
Alias
Canonical DN
Email address
GUID
The corresponding exception parameter to this condition is ExceptIfSentTo.
Required: False
Position: Named
Default value: None
-StopProcessingRules
The StopProcessingRules parameter specifies an action for the Inbox rule that stops processing additional rules if
the conditions of this Inbox rule are met. Valid values are:If set to $true, the StopProcessingRules parameter
instructs Exchange to stop processing additional rules if the conditions of this Inbox rule are met.
$true: Stop processing more rules.
$false: The action isn't used (continue processing more rules after this one).

Required: False
Position: Named
Default value: None
-SubjectContainsWords
The SubjectContainsWords parameter specifies a condition for the Inbox rule that looks for the specified words or
phrases in the Subject field of messages.
The corresponding exception parameter to this condition is ExceptIfSubjectContainsWords.
Required: False
Position: Named
Default value: None
-SubjectOrBodyContainsWords
The SubjectOrBodyContainsWords parameter specifies a condition for the Inbox rule that looks for the specified
words or phrases in the Subject field or body of messages.
The corresponding exception parameter to this condition is ExceptIfSubjectOrBodyContainsWords.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-WithImportance
The WithImportance parameter specifies a condition for the Inbox rule that looks for messages with the specified
importance level. Valid values are:
High
Normal
Low
The corresponding exception parameter to this condition is ExceptIfWithImportance.

Required: False
Position: Named
Default value: None
-WithinSizeRangeMaximum
The WithinSizeRangeMaximum parameter specifies part of a condition for the Inbox rule that looks for messages
that are smaller than specified maximum size.
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
You need to use this parameter with the WithinSizeRangeMinimum parameter, and the value of this parameter
must be greater than the value of WithinSizeRangeMinimum.
The corresponding exception parameter to this condition is ExceptIfWithinSizeRangeMaximum.
Required: False
Position: Named
Default value: None
-WithinSizeRangeMinimum
The WithinSizeRangeMinimum parameter specifies part of a condition for the Inbox rule that looks for messages
that are larger than the specified minimum size.
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
You need to use this parameter with the WithinSizeRangeMaximum parameter, and the value of this parameter
must be less than the value of WithinSizeRangeMaximum.
The corresponding exception parameter to this condition is ExceptIfWithinSizeRangeMinimum.
Required: False
Position: Named
Default value: None
-WithSensitivity
The WithSensitivity parameter specifies a condition for the Inbox rule that looks for messages with the specified
sensitivity level. Valid values are:
Normal
Personal
Private
CompanyConfidential
The corresponding exception parameter to this condition is ExceptIfWithSensitivity.
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-Mailbox
In ths Article
may be exclusive to one environment or the other. Use the Set-Mailbox cmdlet to modify the settings of existing
Syntax
Set-Mailbox [-Identity] <MailboxIdParameter>
[-AccountDisabled <$true | $false>]
[-Alias <String>]
[-AntispamBypassEnabled <$true | $false>]
[-Arbitration]
[-ArchiveDomain <SmtpDomain>]
[-ArchiveQuota <Unlimited>]
[-ArchiveStatus <None | Active>]
[-ArchiveWarningQuota <Unlimited>]
[-AttributesToClear <SetMailbox+ClearableADAttributes[]>]
[-AuditAdmin <MultiValuedProperty>]
[-AuditDelegate <MultiValuedProperty>]
[-AuditEnabled <$true | $false>]
[-AuditLog]
[-AuditLogAgeLimit <EnhancedTimeSpan>]
[-AuditOwner <MultiValuedProperty>]
[-AuxAuditLog]
[-CalendarLoggingQuota <Unlimited>]
[-CalendarRepairDisabled <$true | $false>]
[-CalendarVersionStoreDisabled <$true | $false>]
[-ClientExtensions <$true | $false>]
[-Confirm]
[-CreateDTMFMap <$true | $false>]
[-DefaultAuditSet <MultiValuedProperty>]
[-DefaultPublicFolderMailbox <RecipientIdParameter>]
[-DeliverToMailboxAndForward <$true | $false>]
[-DowngradeHighPriorityMessagesEnabled <$true | $false>]
[-DumpsterMessagesPerFolderCountReceiveQuota <Int32>]
[-DumpsterMessagesPerFolderCountWarningQuota <Int32>]
[-EmailAddressPolicyEnabled <$true | $false>]
[-EnableRoomMailboxAccount <$true | $false>]
[-EndDateForRetentionHold <DateTime>]
[-ExtendedPropertiesCountQuota <Int32>]
[-ExternalOofOptions <InternalOnly | External>]
[-FolderHierarchyChildrenCountReceiveQuota <Int32>]
[-FolderHierarchyChildrenCountWarningQuota <Int32>]
[-FolderHierarchyDepthReceiveQuota <Int32>]
[-FolderHierarchyDepthWarningQuota <Int32>]
[-FoldersCountReceiveQuota <Int32>]
[-FoldersCountWarningQuota <Int32>]
[-Force]
[-ForwardingAddress <RecipientIdParameter>]
[-ForwardingSmtpAddress <ProxyAddress>]
[-GMGen <$true | $false>]
[-ImListMigrationCompleted <$true | $false>]
[-IsExcludedFromServingHierarchy <$true | $false>]
[-IsHierarchyReady <$true | $false>]
[-IsHierarchySyncEnabled <$true | $false>]
[-Languages <MultiValuedProperty>]
[-LinkedCredential <PSCredential>]
[-LinkedDomainController <String>]
[-LinkedMasterAccount <UserIdParameter>]
[-LitigationHoldDate <DateTime>]
[-LitigationHoldDuration <Unlimited>]
[-LitigationHoldEnabled <$true | $false>]
[-LitigationHoldOwner <String>]
[-MailboxMessagesPerFolderCountReceiveQuota <Int32>]
[-MailboxMessagesPerFolderCountWarningQuota <Int32>]
[-MailTip <String>]
[-Management <$true | $false>]
[-MaxBlockedSenders <Int32>]
[-MaxReceiveSize <Unlimited>]
[-MaxSafeSenders <Int32>]
[-MaxSendSize <Unlimited>]
[-MessageCopyForSendOnBehalfEnabled <$true | $false>]
[-MessageCopyForSentAsEnabled <$true | $false>]
[-MessageTracking <$true | $false>]
[-MessageTrackingReadStatusEnabled <$true | $false>]
[-Migration <$true | $false>]
[-Name <String>]
[-NewPassword <SecureString>]
[-OABGen <$true | $false>]
[-Office <String>]
[-OldPassword <SecureString>]
[-OMEncryption <$true | $false>]
[-OMEncryptionStore <$true | $false>]
[-PstProvider <$true | $false>]
[-PublicFolder]
[-QueryBaseDN <OrganizationalUnitIdParameter>]
[-RecipientLimits <Unlimited>]
[-RemoteRecipientType <None | ProvisionMailbox | ProvisionArchive | Migrated | DeprovisionMailbox |
DeprovisionArchive | RoomMailbox | EquipmentMailbox | SharedMailbox>]
[-RemoveManagedFolderAndPolicy]
[-RemovePicture]
[-RemoveSpokenName]
[-ResourceCustom <MultiValuedProperty>]
[-RetainDeletedItemsFor <EnhancedTimeSpan>]
[-RetainDeletedItemsUntilBackup <$true | $false>]
[-RetentionComment <String>]
[-RetentionHoldEnabled <$true | $false>]
[-RetentionUrl <String>]
[-RoomMailboxPassword <SecureString>]
[-RulesQuota <ByteQuantifiedSize>]
[-SCLDeleteEnabled <$true | $false>]
[-SCLDeleteThreshold <Int32>]
[-SCLJunkEnabled <$true | $false>]
[-SCLJunkThreshold <Int32>]
[-SCLQuarantineEnabled <$true | $false>]
[-SCLQuarantineThreshold <Int32>]
[-SCLRejectEnabled <$true | $false>]
[-SCLRejectThreshold <Int32>]
[-SecondaryAddress <String>]
[-SecondaryDialPlan <UMDialPlanIdParameter>]
[-SimpleDisplayName <String>]
[-SingleItemRecoveryEnabled <$true | $false>]
[-StartDateForRetentionHold <DateTime>]
[-StsRefreshTokensValidFrom <DateTime>]
[-SystemMessageSizeShutoffQuota <Int64>]
[-SystemMessageSizeWarningQuota <Int64>]
[-UMDataStorage <$true | $false>]
[-UMDtmfMap <MultiValuedProperty>]
[-UMGrammar <$true | $false>]
[-UseDatabaseQuotaDefaults <$true | $false>]
[-UseDatabaseRetentionDefaults <$true | $false>]
[-UserCertificate <MultiValuedProperty>]
[-UserSMimeCertificate <MultiValuedProperty>]
[-WhatIf]
[-WindowsEmailAddress <SmtpAddress>] [<CommonParameters>]
Set-Mailbox [-Identity] <MailboxIdParameter> [-RecalculateInactiveMailbox]
[-Alias <String>]
[-AuxAuditLog]
[-Confirm]
[-DataEncryptionPolicy <DataEncryptionPolicyIdParameter>]
[-ElcProcessingDisabled <$true | $false>]
[-Force]
[-InactiveMailbox]
[-JournalArchiveAddress <SmtpAddress>]
[-MailTip <String>]
[-MailTip <String>]
[-MicrosoftOnlineServicesID <SmtpAddress>]
[-Name <String>]
[-Office <String>]
[-ProvisionedForOfficeGraph]
[-PublicFolder]
[-SkipDualWrite]
[-WhatIf]
Set-Mailbox [-Identity] <MailboxIdParameter> [-RemoveDelayHoldApplied]

[-Alias <String>]
[-AuxAuditLog]
[-Confirm]
[-Force]
[-InactiveMailbox]
[-MailTip <String>]
[-Name <String>]
[-Office <String>]
[-PublicFolder]
[-SkipDualWrite]
[-WhatIf]
Set-Mailbox [-Identity] <MailboxIdParameter> [-RemoveDisabledArchive]

[-Alias <String>]
[-Confirm]
[-ExternalOofOptions <ExternalOofOptions>]
[-Force]
[-InactiveMailbox]
[-MailTip <String>]
[-Name <String>]
[-Office <String>]
[-PublicFolder]
[-SendModerationNotifications <TransportModerationNotificationFlags>]
[-SkipDualWrite]
[-Type <ConvertibleMailboxSubType>]
[-UseDatabaseQuotaDefaults <Boolean>]
[-WhatIf]
Set-Mailbox [-Identity] <MailboxIdParameter> [-ExcludeFromAllOrgHolds]

[-Alias <String>]
[-AuxAuditLog]
[-Confirm]
[-Force]
[-InactiveMailbox]
[-MailTip <String>]
[-Name <String>]
[-Office <String>]
[-PublicFolder]
[-SkipDualWrite]
[-WhatIf]
Set-Mailbox [-Identity] <MailboxIdParameter> [-ExcludeFromOrgHolds <String>]

[-Alias <String>]
[-AuxAuditLog]
[-Confirm]
[-Force]
[-InactiveMailbox]
[-MailTip <String>]
[-Name <String>]
[-Office <String>]
[-Office <String>]
[-PublicFolder]
[-SkipDualWrite]
[-WhatIf]
Set-Mailbox [-Identity] <MailboxIdParameter> [-RemoveOrphanedHolds <String[]>]

[-Alias <String>]
[-Confirm]
[-DataEncryptionPolicy <DataEncryptionPolicyIdParameter>
[-ExternalOofOptions <ExternalOofOptions>]
[-Force]
[-InactiveMailbox]
[-MailTip <String>]
[-Name <String>]
[-Office <String>]
[-PublicFolder]
[-ResourceCapacity <System.Int32>]
[-SkipDualWrite]
[-UseDatabaseQuotaDefaults <System.$true | $false>]
[-WhatIf]
Description
You can use this cmdlet for one mailbox at a time. To perform bulk management, you can pipeline the output of
various Get- cmdlets (for example, the Get-Mailbox or Get-User cmdlets) and configure several mailboxes in a
single-line command. You can also use the Set-Mailbox cmdlet in scripts.
Examples
-------------------------- Example 1 --------------------------
Set-Mailbox -Identity "John Woods" -DeliverToMailboxAndForward $true -ForwardingSMTPAddress manuel@contoso.com
This example delivers John Woods's email messages to John's mailbox and also forwards them to Manuel
Oliveira's (manuel@contoso.com) mailbox.
-------------------------- Example 2 --------------------------
Get-Mailbox -OrganizationalUnit "Marketing" | Set-Mailbox -UseDatabaseQuotaDefaults $false -IssueWarningQuota

200MB -ProhibitSendQuota 250MB -ProhibitSendReceiveQuota 280MB
This example uses the Get-Mailbox cmdlet to find all the mailboxes in the Marketing organizational unit, and then
uses the Set-Mailbox cmdlet to configure these mailboxes. The custom warning, prohibit send, and prohibit send
and receive limits are set to 200 megabytes (MB ), 250 MB, and 280 MB respectively, and the mailbox database's
default limits are ignored.
-------------------------- Example 3 --------------------------
Get-User -Filter "Department -eq 'Customer Service'" | Set-Mailbox -MaxSendSize 2MB
This example uses the Get-User command to find all users in the Customer Service department, and then uses the
Set-Mailbox command to change the maximum message size for sending messages to 2 MB.
-------------------------- Example 4 --------------------------
Set-Mailbox John@contoso.com -MailTipTranslations ("FR: C'est la langue française", "CHT: 這是漢語語言")

This example sets the MailTip translation in French and Chinese.
-------------------------- Example 5 --------------------------
$password = Read-Host "Enter password" -AsSecureString; Set-Mailbox florencef -Password $password -

ResetPasswordOnNextLogon $true
In on-premises Exchange, this example resets the password for Florence Flipo's mailbox. The next time she signs in
to her mailbox, she'll have to change her password.
-------------------------- Example 6 --------------------------
Set-Mailbox -Arbitration -Identity "SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}" -MessageTracking

$false; Set-Mailbox -Arbitration -Identity "SystemMailbox{1f05a927-b864-48a7-984d-95b1adfbfe2d}" -
MessageTracking $true
This example removes the message tracking organization capability from the arbitration mailbox named
SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c} and assigns it to an arbitration mailbox named
SystemMailbox{1f05a927-b864-48a7-984d-95b1adfbfe2d}.
Parameters
-AcceptMessagesOnlyFrom
The AcceptMessagesOnlyFrom parameter specifies who is allowed to send messages to this recipient. Messages
from other senders are rejected.
Name
Alias
Canonical DN
Email address
GUID
AcceptMessagesOnlyFromSendersOrMembers property. Therefore, you can't use the AcceptMessagesOnlyFrom
and AcceptMessagesOnlyFromSendersOrMembers parameters in the same command.
Required: False
Position: Named
Default value: None
-AcceptMessagesOnlyFromDLMembers
The AcceptMessagesOnlyFromDLMembers parameter specifies who is allowed to send messages to this recipient.
Messages from other senders are rejected.
and dynamic distribution groups). Specifying a group means all members of the group are allowed to send
Name
Alias
Canonical DN
Email address
GUID
AcceptMessagesOnlyFromSendersOrMembers property. Therefore, you can't use the
AcceptMessagesOnlyFromDLMembers and AcceptMessagesOnlyFromSendersOrMembers parameters in the
same command.
Required: False
Position: Named
Default value: None
-AcceptMessagesOnlyFromSendersOrMembers
The AcceptMessagesOnlyFromSendersOrMembers parameter specifies who is allowed to send messages to this
recipient. Messages from other senders are rejected.
dynamic distribution groups. Specifying a group means all members of the group are allowed to send messages to
this recipient.
Name
Alias
Canonical DN
Email address
GUID
AcceptMessagesOnlyFrom and AcceptMessageOnlyFromDLMembers parameters.
AcceptMessagesOnlyFrom and AcceptMessagesOnlyFromDLMembers properties, respectively. Therefore, you
can't use the AcceptMessagesOnlyFromSendersOrMembers parameter and the AcceptMessagesOnlyFrom or
AcceptMessagesOnlyFromDLMembers parameters in the same command.
Required: False
Position: Named
Default value: None
-AccountDisabled
The AccountDisabled parameter specifies whether to disable the account that's associated with the mailbox. Valid
values are:
$true: The associated account is disabled. The user can't log in to the mailbox.
$false: The associated account is enabled. The user can log in to the mailbox.

Required: False
Position: Named
Default value: None
-AddressBookPolicy
Name
GUID
Required: False
Position: Named
Default value: None
-Alias
characters.
question marks (?).
Type: String
Required: False
Position: Named
Default value: None
-AntispamBypassEnabled
The AntispamBypassEnabled parameter specifies whether to skip anti-spam processing on the mailbox. Valid
values are:
$true: Anti-spam processing is skipped on the mailbox.
$false: Anti-spam processing occurs on the mailbox. This is the default value

Required: False
Position: Named
Default value: None
-ApplyMandatoryProperties
The ApplyMandatoryProperties switch specifies whether to update the msExchVersion attribute of the mailbox. You
may need to use this switch to fix inaccessible mailboxes or mailboxes that were created in previous versions of
Exchange. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-Arbitration
The Arbitration switch is required to modify arbitration mailboxes. You don't need to specify a value with this
switch.
To modify arbitration mailboxes that are used to store audit log settings or data, don't use this switch. Instead, use
Required: False
Position: Named
Default value: None
-ArbitrationMailbox
The ArbitrationMailbox parameter specifies the arbitration mailbox that's used to manage the moderation process
for this recipient. You can use any value that uniquely identifies the arbitration mailbox. For example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-ArchiveDatabase
Name
GUID
Required: False
Position: Named
Default value: None
-ArchiveDomain
Type: SmtpDomain
Required: False
Position: Named
Default value: None
-ArchiveName
The ArchiveName parameter specifies the name of the archive mailbox. This is the name displayed to users in
Outlook and Outlook Web App.
If you don't use this parameter, the default value is In-Place Archive - <Mailbox User's Display Name>.
Required: False
Position: Named
Default value: None
-ArchiveQuota
The ArchiveQuota parameter specifies the maximum size for the user's archive mailbox. If the archive mailbox
reaches or exceeds this size, it no longer accepts messages.
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
The ArchiveQuota value must be greater than or equal to the ArchiveWarningQuota value.
Type: Unlimited
Required: False
Position: Named
Default value: None
-ArchiveStatus
Type: None | Active

Required: False
Position: Named
Default value: None
-ArchiveWarningQuota
The ArchiveWarningQuota parameter specifies the warning threshold for the size of the user's archive mailbox. If
the archive mailbox reaches or exceeds this size, the user receives a descriptive warning message.
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
The ArchiveWarningQuota value must be less than or equal to the ArchiveQuota value.
Type: Unlimited
Required: False
Position: Named
Default value: None
-AttributesToClear
Type: SetMailbox+ClearableADAttributes[]
Required: False
Position: Named
Default value: None
-AuditAdmin
The AuditAdmin parameter specifies the mailbox operations to log for administrators as part of mailbox audit
logging. Valid values are:
None
AddFolderPermissions (Available only in Exchange 2019 and the cloud-based service.)
ApplyRecord (Available only in the cloud-based service.)
Copy
Create (Enabled by default.)
FolderBind (Enabled by default in on-premises Exchange 2010 or later.)
HardDelete (Enabled by default.)
MessageBind (This has been deprecated in the cloud-based service.)
ModifyFolderPermissions (Available only in Exchange 2019 and the cloud-based service.)
Move (Enabled by default in on-premises Exchange 2010 or later.)
MoveToDeletedItems (Enabled by default.)
RecordDelete (Available only in the cloud-based service.)
RemoveFolderPermissions (Available only in Exchange 2019 and the cloud-based service.)
SendAs (Enabled by default.)
SendOnBehalf (Enabled by default.)
SoftDelete (Enabled by default.)
Update (Enabled by default.)
UpdateFolderPermissions (Available only in Exchange 2019 and the cloud-based service; enabled by default.)
UpdateCalendarDelegation (Available only in Exchange 2019 and the cloud-based service; enabled by default.)
UpdateInboxRules (Available only in Exchange 2019 and the cloud-based service; enabled by default.)
The AuditEnabled parameter must be set to $true to enable mailbox audit logging.
Required: False
Position: Named
Default value: None
-AuditDelegate
The AuditDelegate parameter specifies the mailbox operations to log for delegate users as part of mailbox audit
logging. Valid values are:
None
Create (Enabled by default.)
FolderBind
HardDelete (Enabled by default.)
Move
MoveToDeletedItems (Enabled by default only in the cloud-based service.)
SendAs (Enabled by default.)
SendOnBehalf (Enabled by default only in the cloud-based service.)
SoftDelete (Enabled by default only in the cloud-based service.)
Update (Enabled by default only in the cloud-based service.)
UpdateCalendarDelegation (Available only in the cloud-based service.)
UpdateFolderPermissions (Available only in Exchange 2019 and the cloud-based service; enabled by default.)
UpdateInboxRules (Available only in Exchange 2019 and the cloud-based service; enabled by default.)
Required: False
Position: Named
Default value: None
-AuditEnabled
The AuditEnabled parameter specifies whether to enable or disable mailbox audit logging for the mailbox. If
auditing is enabled, actions specified in the AuditAdmin, AuditDelegate, and AuditOwner parameters are logged.
Valid values are:
$true: Mailbox audit logging is enabled.
$false: Mailbox audit logging is disabled. This is the default value.

Required: False
Position: Named
Default value: None
-AuditLog
The AuditLog switch is required to modify audit log mailboxes. You don't need to specify a value with this switch.
To modify other types of arbitration mailboxes, don't use this switch. Instead, use the Arbitration switch.
Required: False
Position: Named
Default value: None
-AuditLogAgeLimit
The AuditLogAgeLimit parameter specifies the maximum age of audit log entries for the mailbox. Log entries older
than the specified value are removed. The default value is 90 days.
seconds.
For example, to specify 60 days for this parameter, use 60.00:00:00. Setting this parameter to the value 00:00:00
removes all audit log entries for the mailbox. The entries are removed the next time the Managed Folder Assistant
processes the mailbox (automatically or manually by running the Start-ManagedFolderAssistant cmdlet).
Required: False
Position: Named
Default value: None
-AuditOwner
The AuditOwner parameter specifies the mailbox operations to log for mailbox owners as part of mailbox audit
logging. Valid values include:
None (This is the default value in Exchange 2010, Exchange 2013, and Exchange 2016.)
Create
FolderBind (Available only in Exchange 2013.)
HardDelete (Enabled by default in the cloud-based service.)
MailboxLogin (Available only in Exchange 2016, Exchange 2019, and the cloud-based service.)
MessageBind (Available only in Exchange 2013.)
Move
MoveToDeletedItems (Enabled by default in the cloud-based service.)
SoftDelete (Enabled by default in the cloud-based service.)
Update (Enabled by default in the cloud-based service.)
UpdateFolderPermissions (Available only in the cloud-based service; enabled by default.)
UpdateCalendarDelegation (Available only in the cloud-based service; enabled by default.)
UpdateInboxRules (Available only in the cloud-based service; enabled by default.)
Required: False
Position: Named
Default value: None
-AuxAuditLog
The AuxAuditLog switch is required to modify auxillary audit log mailboxes. You don't need to specify a value with
this switch.
To modify other types of arbitration mailboxes, don't use this switch. Instead, use the Arbitration switch.
Required: False
Position: Named
Default value: None
-BypassModerationFromSendersOrMembers
The BypassModerationFromSendersOrMembers parameter specifies who is allowed to send messages to this
moderated recipient without approval from a moderator. Valid values for this parameter are individual senders and
groups in your organization. Specifying a group means all members of the group are allowed to send messages to
this recipient without approval from a moderator.
Name
Alias
Canonical DN
Email address
GUID
To enter multiple senders and overwrite any existing entries, use the following syntax: <sender1>,<sender2>,...
<senderN>. If the values contain spaces or otherwise require quotation marks, use the following syntax: "
<sender1>","<sender2>",..."<senderN>".
To add or remove one or more senders without affecting any existing entries, use the following syntax: @{Add="
<sender1>","<sender2>"...; Remove="<sender3>","<sender4>"...}.
This parameter is meaningful only when moderation is enabled for the recipient. By default, this parameter is blank
($null), which means messages from all senders other than the designated moderators are moderated. When a
moderator sends a message to this recipient, the message is isn't moderated. In other words, you don't need to use
this parameter to include the moderators.
Required: False
Position: Named
Default value: None
-CalendarLoggingQuota
The CalendarLoggingQuota parameter specifies the maximum size of the log in the Recoverable Items folder of the
mailbox that stores changes to calendar items. When the log exceeds this size, calendar logging is disabled until
messaging records management (MRM ) removes older calendar logs to free up more space.
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
The value of this parameter must be less than or equal to the value of the RecoverableItemsQuota parameter.
When the UseDatabaseQuotaDefaults parameter is set to the value $true, the value of the this parameter is
ignored, and the mailbox uses the CalendarLoggingQuota value on the mailbox database. To use this parameter to
enforce a specific quota value for the mailbox, you need to set the UseDatabaseQuotaDefaults parameter to the
value $false.
Type: Unlimited
Required: False
Position: Named
Default value: None
-CalendarRepairDisabled
The CalendarRepairDisabled parameter specifies whether to prevent calendar items in the mailbox from being
repaired by the Calendar Repair Assistant. Valid values are:
$true: The Calendar Repair Assistant doesn't repair calendar items in the mailbox.
$false: The Calendar Repair Assistant repairs calendars items in the mailbox. This is the default value.

Required: False
Position: Named
Default value: None
-CalendarVersionStoreDisabled
The CalendarVersionStoreDisabled parameter specifies whether to prevent calendar changes in the mailbox from
being logged. Valid values are:
$true: Changes to a calendar item aren't recorded.
$false: Changes to a calendar item are recorded. This keeps older versions of meetings and appointments. This

Required: False
Position: Named
Default value: None
-ClientExtensions
The ClientExtensions parameter specifies whether the organization-wide client extensions (also called Apps for
Outlook) will be installed in the arbitration mailbox (also called the organization mailbox). Only one arbitration
mailbox in the organization can be configured to store client extensions. You can use this parameter only on an
arbitration mailbox.
Valid values are $true or $false.

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-CreateDTMFMap
The CreateDTMFMap parameter specifies whether to create a dual-tone multiple-frequency (DTMF ) map for the
recipient. This allows the recipient to be identified by using a telephone keypad in Unified Messaging (UM )
environments. Valid values are:
$true: A DTMF map is created for the recipient. This is the default value.
$false: A DTMF map isn't created for the recipient.

Required: False
Position: Named
Default value: None
-CustomAttribute1
Type: String
Required: False
Position: Named
Default value: None
-CustomAttribute10
Type: String
Required: False
Position: Named
Default value: None
-CustomAttribute11
Type: String
Required: False
Position: Named
Default value: None
-CustomAttribute12
Type: String
Required: False
Position: Named
Default value: None
-CustomAttribute13
Type: String
Required: False
Position: Named
Default value: None
-CustomAttribute14
Type: String
Required: False
Position: Named
Default value: None
-CustomAttribute15
Type: String
Required: False
Position: Named
Default value: None
-CustomAttribute2
Type: String
Required: False
Position: Named
Default value: None
-CustomAttribute3
Type: String
Required: False
Position: Named
Default value: None
-CustomAttribute4
Type: String
Required: False
Position: Named
Default value: None
-CustomAttribute5
Type: String
Required: False
Position: Named
Default value: None
-CustomAttribute6
Type: String
Required: False
Position: Named
Default value: None
-CustomAttribute7
Type: String
Required: False
Position: Named
Default value: None
-CustomAttribute8
Type: String
Required: False
Position: Named
Default value: None
-CustomAttribute9
Type: String
Required: False
Position: Named
Default value: None
-Database
Name
GUID
Use the Get-MailboxDatabase cmdlet to see the available mailbox databases.
Required: False
Position: Named
Default value: None
-DataEncryptionPolicy
The DataEncryptionPolicy parameter specifies the data encryption policy that's applied to the mailbox. You can use
Name
GUID
You can use the Get-DataEncryptionPolicy cmdlet to view the available policies.
Required: False
Position: Named
Default value: None
-DefaultAuditSet
The DefaultAuditSet parameter specifies whether to revert the mailbox operations that are logged in the mailbox
audit log back to the set of default operations for the specified logon type. Valid values are:
Admin: Reverts the mailbox operations to log for administrators back to the default list of operations.
Delegate: Reverts the mailbox operations to log for delegate users back to the default list of operations.
Owner: Reverts the mailbox operations to log for mailbox owners back to the default list of operations.
With on-by-default mailbox auditing in the cloud-based service, a set of mailbox operations are logged by default
for each logon type. This list of operations is managed by Microsoft, who will automatically add new operations to
be audited when they are released. If you change the list of mailbox operations for any logon type (by using the
AuditAdmin, AuditDelegate, or AuditOwner parameters), any new mailbox operation released by Microsoft will not
be audited; you'll need to explicitly add new mailbox operations to the list of operations for a logon type. Use this
parameter to revert the mailbox back to the Microsoft-managed list of mailbox operations that are audited for a
logon type. For more information about on-by-default mailbox auditing, see Manage mailbox auditing
(https://docs.microsoft.com/office365/securitycompliance/enable-mailbox-auditing).
Required: False
Position: Named
Default value: None
-DefaultPublicFolderMailbox
The DefaultPublicFolderMailbox parameter assigns a specific public folder mailbox to the user. You can use any
value that uniquely identifies the public folder mailbox. For example:
Name
Alias
Canonical DN
Email address
GUID
By default, the public folder mailbox used by a user is automatically selected by an algorithm that load-balances
users across all public folder mailboxes.
Required: False
Position: Named
Default value: None
-DeliverToMailboxAndForward
The DeliverToMailboxAndForward parameter specifies the message delivery behavior when a forwarding address
is specified by the ForwardingAddress or ForwardingSmtpAddress parameters. Valid values are:
$true: Messages are delivered to this mailbox and forwarded to the specified recipient or email address.
$false: If a forwarding recipient or email address is configured, messages are delivered only to the specified
recipient or email address, and messages aren't delivered to this mailbox. If no forwarding recipient or email
address is configured, messages are delivered only to this mailbox.
The default value is $false. The value of this parameter is meaningful only if you configure a forwarding recipient or
email address.

Required: False
Position: Named
Default value: None
-DisplayName
admin center, in address lists, and in Outlook. The maximum length is 256 characters. If the value contains spaces,
Type: String
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-DowngradeHighPriorityMessagesEnabled
The DowngradeHighPriorityMessagesEnabled parameter specifies whether to prevent the mailbox from sending
high priority messages to an X.400 mail system. Valid values are:
$true: High priority messages sent to X.400 recipients are changed to normal priority.
$false: High priority messages set to X.400 recipients remain high priority. This is the default value.

Required: False
Position: Named
Default value: None
-DumpsterMessagesPerFolderCountReceiveQuota
The DumpsterMessagesPerFolderCountReceiveQuota parameter specifies the maximum number of messages that
can be contained in each folder in the Recoverable Items folder (called the dumpster in previous versions of
Exchange). When a folder exceeds this limit, it can't store new messages. For example, if the Deletions folder in the
Recoverable Items folder has exceeded the message count limit and the mailbox owner attempts to permanently
delete items from their mailbox, the deletion will fail.
To see the current value of this property, run the command Get-MailboxStatistics <MailboxIdentity> | Format-List
DumpsterMessagesPerFolderCountReceiveQuota
Type: Int32
Required: False
Position: Named
Default value: None
-DumpsterMessagesPerFolderCountWarningQuota
The DumpsterMessagesPerFolderCountWarningQuota parameters specifies the number of messages that each
folder in the Recoverable Items folder (called the dumpster in previous versions of Exchange) can hold before
Exchange sends a warning message to the mailbox owner and logs an event to the application event log. When this
quota is reached, warning messages and logged events occur once a day.
DumpsterMessagesPerFolderCountWarningQuota
Type: Int32
Required: False
Position: Named
Default value: None
-ElcProcessingDisabled
The ElcProcessingDisabled parameter specifies whether to prevent the Managed Folder Assistant from processing
the mailbox. Valid values are:
$true: The Managed Folder Assistant isn't allowed to process the mailbox. Note that this setting will be ignored
if a retention policy that has Preservation Lock enabled is applied to the mailbox.
$false: The Managed Folder Assistant is allowed to process the mailbox. This is the default value.

Required: False
Position: Named
Default value: None
-EmailAddresses

smtp.
Required: False
Position: Named
Default value: None
-EmailAddressPolicyEnabled
The EmailAddressPolicyEnabled parameter specifies whether to apply email address policies to this recipient. Valid
values are:
$true: Email address policies are applied to this recipient. This is the default value.
$false: Email address policies aren't applied to this recipient.
Required: False
Position: Named
Default value: None
-EnableRoomMailboxAccount
The EnableRoomMailboxAccount parameter specifies whether to enable the disabled user account that's associated
with this room mailbox. Valid values are:
$true: The disabled account that's associated with the room mailbox is enabled. You also need to use the
RoomMailboxPassword with this value. This allows the account to log on to the room mailbox.
$false: The account that's associated with the room mailbox is disabled. You can't use the account to logon to the
room mailbox. This is the default value.
Typically, the account that's associated with a room mailbox is disabled. However, you need to enable the account
for features like the Lync Room System or the Skype for Business Room System.
In Exchange Online, a room mailbox with an associated enabled account doesn't require a license.
In an on-premises Exchange organization, you also need to enable the corresponding user account in Active
Directory Users and Computers or by running the Enable-ADAccount cmdlet in Windows PowerShell.

Required: False
Position: Named
Default value: None
-EndDateForRetentionHold
The EndDateForRetentionHold parameter specifies the end date for retention hold for messaging records
management (MRM ). To use this parameter, you need to set the RetentionHoldEnabled parameter to the value
$true.
Type: DateTime
Required: False
Position: Named
Default value: None
-ExcludeFromAllOrgHolds
This parameter is available only in Exchange Online.
The ExcludeFromAllOrgHolds switch excludes the mailbox from all organization-wide Office 365 retention policies.
This switch can only be used for inactive mailboxes. You don't need to specify a value with this switch.
When you use this switch, use the DistinguishedName or ExchangeGuid property value for the identity of the
inactive mailbox (those are the only values that guarantee uniqueness).
Required: False
Position: Named
Default value: None
-ExcludeFromOrgHolds
This parameter is available only in Exchange Online.
The ExcludeFromOrgHolds parameter excludes the mailbox from one or more organization-wide Office 365
retention policies. This parameter can only be used for inactive mailboxes. A valid value for this parameter is the
GUID of the organization-wide Office 365 retention policy that the inactive mailbox is excluded from. To find the
GUID values of organization-wide Office 365 retention policies, run the command Get-OrganizationConfig |
Format-List InplaceHolds. Note that retention policies assigned to mailboxes are prefaced by 'mbx'.
You can specify multiple values by using the syntax: "GUID1","GUID2",..."GUIDX".
When you use this parameter, use the DistinguishedName or ExchangeGuid property value for the identity of the
inactive mailbox (those are the values that guarantee uniqueness).
Type: String[]
Required: False
Position: Named
Default value: None
-ExtendedPropertiesCountQuota
The ExtendedPropertiesCountQuota property is used to configure the Named Properties and NonMAPI Named
Properties quotas for a mailbox. This should typically only be done if you are experiencing
QuotaExceededException or MapiExceptionNamedPropsQuotaExceeded errors.
Type: Int32
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
Required: False
Position: Named
Default value: None
-ExternalOofOptions
The ExternalOofOptions parameter specifies the automatic replies or Out of Office (also known OOF ) message
options that are available for the mailbox. Valid values are:
External: Automatic replies can be configured for external senders. This is the default value.
InternalOnly: Automatic replies can be configured only for internal senders.
Type: InternalOnly | External

Required: False
Position: Named
Default value: None
-FolderHierarchyChildrenCountReceiveQuota
The FolderHierarchyChildrenCountReceiveQuota parameter specifies the maximum number of subfolders that can
be created in a mailbox folder. The mailbox owner won't be able to create a new subfolder when this limit is
reached.
FolderHierarchyChildrenCountReceiveQuota
Type: Int32
Required: False
Position: Named
Default value: None
-FolderHierarchyChildrenCountWarningQuota
The FolderHierarchyChildrenCountWarningQuota parameter specifies the number of subfolders that can be
created in a mailbox folder before Exchange sends a warning message to the mailbox owner and logs an event to
the application event log. When this quota is reached, warning messages and logged events occur once a day.
FolderHierarchyChildrenCountWarningQuota
Type: Int32
Required: False
Position: Named
Default value: None
-FolderHierarchyDepthReceiveQuota
The FolderHierarchyDepthReceiveQuota parameter specifies the maximum number of levels in the folder hierarchy
of a mailbox folder. The mailbox owner won't be able to create another level in the folder hierarchy of the mailbox
folder when this limit is reached.
FolderHierarchyDepthReceiveQuota
Type: Int32
Required: False
Position: Named
Default value: None
-FolderHierarchyDepthWarningQuota
The FolderHierarchyDepthWarningQuota parameter specifies the number of levels in the folder hierarchy of a
mailbox folder that can be created before Exchange sends a warning message to the mailbox owner and logs an
event to the application event log. When this quota is reached, warning messages and logged events occur once a
day.
FolderHierarchyDepthWarningQuota
Type: Int32
Required: False
Position: Named
Default value: None
-FoldersCountReceiveQuota
The FoldersCountReceiveQuota parameter is used to specify a maximum number of folders within a mailbox,
typically a public folder mailbox. If this value is configured and the limit is reached, no new folders will be able to be
created.
FoldersCountReceiveQuota
Type: Int32
Required: False
Position: Named
Default value: None
-FoldersCountWarningQuota
The FoldersCountWarningQuota parameter is used to display a warning message that the folder hierarchy is full
when the value specified for this parameter is reached. This parameter is typically used for public folder mailboxes.
FoldersCountReceiveQuota
Type: Int32
Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-ForwardingAddress
The ForwardingAddress parameter specifies a forwarding address in your organization for messages that are sent
to this mailbox. You can use any value that uniquely identifies the internal recipient. For example:
Name
Alias
Canonical DN
Email address
GUID
How messages are delivered and forwarded is controlled by the DeliverToMailboxAndForward parameter.
DeliverToMailboxAndForward is $true: Messages are delivered to this mailbox and forwarded to the specified
recipient.
DeliverToMailboxAndForward is $false: Messages are only forwarded to the specified recipient. Messages
aren't delivered to this mailbox.
The default value is blank ($null), which means no forwarding recipient is configured.
If you configure values for both the ForwardingAddress and ForwardingSmtpAddress parameters, the value of
ForwardingSmtpAddress is ignored. Messages are forwarded to the recipient specified by the ForwardingAddress
parameter.
Required: False
Position: Named
Default value: None
-ForwardingSmtpAddress
The ForwardingSmtpAddress parameter specifies a forwarding SMTP address for messages that are sent to this
mailbox. Typically, you use this parameter to specify external email addresses that aren't validated.
How messages are delivered and forwarded is controlled by the DeliverToMailboxAndForward parameter.
DeliverToMailboxAndForward is $true: Messages are delivered to this mailbox and forwarded to the specified
email address.
DeliverToMailboxAndForward is $false: Messages are only forwarded to the specified email address. Messages
aren't delivered to this mailbox.
The default value is blank ($null), which means no forwarding email address is configured.
If you configure values for both the ForwardingAddress and ForwardingSmtpAddress parameters, the value of
ForwardingSmtpAddress is ignored. Messages are forwarded to the recipient specified by the ForwardingAddress
parameter.
Type: ProxyAddress
Required: False
Position: Named
Default value: None
-GMGen
The GMGen parameter specifies whether the arbitration mailbox (also called an organization mailbox) is used for
group metrics generation for the organization. In MailTips, group metrics information is used to indicate the
number of recipients in a message or whether recipients are outside your organization. You can use this parameter
only on an arbitration mailbox.

Required: False
Position: Named
Default value: None
-GrantSendOnBehalfTo
The GrantSendOnBehalfTo parameter specifies who can send on behalf of this mailbox. Although messages send
on behalf of the mailbox clearly show the sender in the From field (<Sender> on behalf of <Mailbox>), replies to
these messages are delivered to the mailbox, not the sender.
The sender you specify for this parameter must a mailbox, mail user or mail-enabled security group (a mail-enabled
security principal that can have permissions assigned). You can use any value that uniquely identifies the sender. For
example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
By default, this parameter is blank, which means no one else has permission to send on behalf of this mailbox.
Required: False
Position: Named
Default value: None
-HiddenFromAddressListsEnabled
The HiddenFromAddressListsEnabled parameter specifies whether this recipient is visible in address lists. Valid
values are:
$true: The recipient isn't visible in address lists.
$false: The recipient is visible in address lists. This is the default value.

Required: False
Position: Named
Default value: None
-Identity
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-IgnoreDefaultScope
automatically.
accepted.
Required: False
Position: Named
Default value: None
-ImListMigrationCompleted
The ImListMigrationCompleted parameter specifies whether a user's Lync or Skype for Business contact list is
stored in their mailbox.
Valid values are:
$true: The user's Lync or Skype for Business contact list is stored in their Exchange 2016 mailbox. This prevents
you from migrating the mailbox back to an Exchange 2010 server.
$false: The user's Lync or Skype for Business contact list is stored on a Lync or Skype for Business server. This
doesn't prevent you from migrating the mailbox back to an Exchange 2010 server. This is the default value.
Lync Server 2013 and Skype for Business Server 2015 support storing the user's contact list in their Exchange
2016 mailbox. This feature is known as the unified contact store (UCS ), and it allows applications to show a
consistent, up-to-date contact list. However, Exchange 2010 doesn't support the unified contact store. Therefore,
before you migrate a user's Exchange 2016 mailbox back to Exchange 2010, you need to move the user's Lync or
Skype for Business contact list from the unified contact store back to a Lync 2013 or Skype for Business server. For
more information, see Configuring Microsoft Lync Server 2013 to use the unified contact store
(https://go.microsoft.com/fwlink/p/?LinkID=313550).
If you migrate an Exchange 2013 mailbox back to Exchange 2010 while the user's Lync or Skype for Business
contact list is stored in the unified contact store, the user could permanently lose access to those contacts. After you
verify the user's Lync or Skype for Business contact list has been moved back to a Lync 2013 or Skype for Business
server, you should be able to complete the mailbox migration. If you need to migrate the mailbox despite the
potential for data loss, you can manually set the ImListMigrationCompleted parameter to $false.

Required: False
Position: Named
Default value: None
-ImmutableId
Type: String
Required: False
Position: Named
Default value: None
-InactiveMailbox
The InactiveMailbox switch specifies that the mailbox is an inactive mailbox. You don't need to specify a value with
this switch.
An inactive mailbox is a mailbox that's placed on Litigation Hold or In-Place Hold before it's soft-deleted.
To find inactive mailboxes, run the command Get-Mailbox -InactiveMailboxOnly | FL
Name,PrimarySmtpAddress,DistinguishedName,ExchangeGuid and then use the DistinguishedName or
ExchangeGuid property values for the Identity parameter (values guaranteed to be unique).
This switch is required to use the LitigationHoldEnabled and LitigationHoldDuration parameters on inactive
mailboxes.
You can't use this switch to modify other properties on inactive mailboxes.
Required: False
Position: Named
Default value: None
-IsExcludedFromServingHierarchy
The IsExcludedFromServingHierarchy parameter prevents users from accessing the public folder hierarchy on this
public folder mailbox. For load-balancing purposes, users are equally distributed across public folder mailboxes by
default. When this parameter is set on a public folder mailbox, that mailbox isn't included in this automatic load-
balancing and won't be accessed by users to retrieve the public folder hierarchy. However, if an administrator has
set the DefaultPublicFolderMailbox property on a user mailbox to a specific public folder mailbox, the user will still
access the specified public folder mailbox even if the IsExcludedFromServingHierarchy parameter is set for that
public folder mailbox.
You should use this parameter only during public folder migrations. Don't use this parameter once the initial
migration validation is complete.

Required: False
Position: Named
Default value: None
-IsHierarchyReady

Required: False
Position: Named
Default value: None
-IsHierarchySyncEnabled

Required: False
Position: Named
Default value: None
-IssueWarningQuota
The IssueWarningQuota parameter specifies the warning threshold for the size of the mailbox. If the mailbox
reaches or exceeds this size, the user receives a descriptive warning message.
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
In Office 365, the quota value is determined by the subscriptions and licenses that administrators purchase and
assign in the Office 365 admin center. You can lower the quota value, and you may be able to raise the quota, but
you can't exceed the maximum value that's allowed by the subscription or license. In Office 365, you can't use this
parameter on public folder mailboxes.
In on-premises Exchange, the default value of this parameter is unlimited. When the UseDatabaseQuotaDefaults
parameter is set to $true, the value of the this parameter is ignored, and the mailbox uses the IssueWarningQuota
value on the mailbox database. To use this parameter to enforce a specific quota value for the mailbox, you need to
set the UseDatabaseQuotaDefaults parameter to the value $false.
Type: Unlimited
Required: False
Position: Named
Default value: None
-JournalArchiveAddress
Type: SmtpAddress
Required: False
Position: Named
Default value: None
-Languages
The Languages parameter specifies the language preferences for this mailbox, in order of preference. Several
Exchange components display information to a mailbox user in the preferred language, if that language is
supported. Some of those components include quota messages, non-delivery reports (NDRs), the Outlook on the
web user interface, and Unified Messaging (UM ) voice prompts.
Required: False
Position: Named
Default value: None
-LinkedCredential
The LinkedCredential parameter specifies the credentials used to access the domain controller specified by the
LinkedDomainController parameter.
Type: PSCredential
Required: False
Position: Named
Default value: None
Type: String
Required: False
Position: Named
Default value: None
grants access to the mailbox. You can use any value that uniquely identifies the master account. For example:
Name
Canonical DN
GUID
Required: False
Position: Named
Default value: None
-LitigationHoldDate
The LitigationHoldDate parameter specifies the date that the mailbox is placed on litigation hold. The parameter is
populated automatically when you place a mailbox on litigation hold. The date you specify can be used for
informational or reporting purposes.
When you use the LitigationHoldEnabled parameter to place the mailbox on litigation hold, you can specify any
date using the LitigationHoldDate parameter. However, the mailbox is actually placed on litigation hold when you
run the command to place the mailbox on litigation hold.
Type: DateTime
Required: False
Position: Named
Default value: None
-LitigationHoldDuration
The LitigationHoldDuration parameter specifies how long mailbox items are held if the mailbox is placed on
litigation hold. The duration is calculated from the date a mailbox item is received or created.
A valid value is an integer that represents the number of days, or the value unlimited. The default value is unlimited,
which means items are held indefinitely or until the hold is removed.
Type: Unlimited
Required: False
Position: Named
Default value: None
-LitigationHoldEnabled
The LitigationHoldEnabled parameter specifies whether to place the mailbox on litigation hold. Valid values are:
$true: The mailbox is on litigation hold.
$false: The mailbox isn't on litigation hold. This is the default value.
After a mailbox is placed on litigation hold, messages can't be deleted from the mailbox. Deleted items and all
versions of changed items are retained in the Recoverable Items folder. Items that are purged from the dumpster
are also retained and the items are held indefinitely. If you enable litigation hold, single-item recovery quotas aren't
applied.
Placing public folder mailboxes on Litigation Hold isn't supported. To place public folder mailboxes on hold, create
an In-Place Hold by using the New -MailboxSearch cmdlet with the InPlaceHoldEnabled parameter.

Required: False
Position: Named
Default value: None
-LitigationHoldOwner
The LitigationHoldOwner parameter specifies the user who placed the mailbox on litigation hold. If you don't use
this parameter when you place the mailbox on litigation hold, the value is populated automatically. If you use this
parameter when you place the mailbox on litigation hold, you can specify a text value. If the value contains spaces,
include the value in quotation marks ("). You can use this value for informational and reporting purposes.
Type: String
Required: False
Position: Named
Default value: None
-MailboxMessagesPerFolderCountReceiveQuota
This parameter is a available only in on-premises Exchange.
The MailboxMessagesPerFolderCountReceiveQuota parameter specifies the maximum number of messages for a
mailbox folder. When this limit is reached, the folder can't receive new messages.
The MailboxMessagesPerFolderCountReceiveQuota value must be greater than or equal to the
MailboxMessagesPerFolderCountWarningQuota value.
MailboxMessagesPerFolderCountReceiveQuota
Type: Int32
Required: False
Position: Named
Default value: None
-MailboxMessagesPerFolderCountWarningQuota
This parameter is a available only in on-premises Exchange.
The MailboxMessagesPerFolderCountWarningQuota parameter specifies the number of messages that a mailbox
folder can hold before Exchange sends a warning message to the mailbox owner and logs an event to the
application event log. When this quota is reached, warning messages and logged events occur once a day.
The MailboxMessagesPerFolderCountReceiveQuota value must be greater than or equal to the
MailboxMessagesPerFolderCountWarningQuota value.
MailboxMessagesPerFolderCountWarningQuota
Type: Int32
Required: False
Position: Named
Default value: None
-MailboxRegion
Type: String
Required: False
Position: Named
Default value: None
-MailTip
The MailTip parameter specifies the custom MailTip text for this recipient. The MailTip is shown to senders when
they start drafting an email message to this recipient. If the value contains spaces, enclose the value in quotation
marks (").
When you add a MailTip to a recipient, two things happen:
HTML tags are automatically added to the text. For example, if you enter the text: "This mailbox is not
monitored", the MailTip automatically becomes: <html><body>This mailbox is not monitored</body>
</html>. Additional HTML tags aren't supported, and the length of the MailTip can't exceed 175 displayed
characters.
The text is automatically added to the MailTipTranslations property of the recipient as the default value: default:
<MailTip text>. If you modify the MailTip text, the default value is automatically updated in the
MailTipTranslations property, and vice-versa.
Type: String
Required: False
Position: Named
Default value: None
-MailTipTranslations
The MailTipTranslations parameter specifies additional languages for the custom MailTip text that's defined by the
MailTip parameter. HTML tags are automatically added to the MailTip translation, additional HTML tags aren't
supported, and the length of the MailTip translation can't exceed 175 displayed characters.
To add or remove MailTip translations without affecting the default MailTip or other MailTip translations, use the
following syntax:
@{Add="<culture 1>:<localized text 1>","<culture 2>:<localized text 2>"...; Remove="<culture 3>:<localized text
3>","<culture 4>:<localized text 4>"...}
<culture> is a valid ISO 639 two-letter culture code that's associated with the language.
For example, suppose this recipient currently has the MailTip text: "This mailbox is not monitored." To add the
Spanish translation, use the following value for this parameter: @{Add="ES:Esta caja no se supervisa."}.
Required: False
Position: Named
Default value: None
The ManagedFolderMailboxPolicy parameter specifies a managed folder mailbox policy that controls MRM for the
mailbox. If the parameter is set to $null, Exchange removes the managed folder mailbox policy from the mailbox
but any managed folders in the mailbox remain.
Required: False
Position: Named
Default value: None
The ManagedFolderMailboxPolicyAllowed parameter bypasses the warning that MRM features aren't supported
for clients running versions of Outlook earlier than Outlook 2007. When a managed folder mailbox policy is
assigned to a mailbox by using the ManagedFolderMailboxPolicy parameter, the warning appears by default unless
the ManagedFolderMailboxPolicyAllowed parameter is used.
Although Outlook 2003 Service Pack 3 clients are supported, they have limited MRM functionality.
Required: False
Position: Named
Default value: None
-Management
The Management parameter specifies whether the arbitration mailbox (also call an organization mailbox) is used to
manage mailbox moves and mailbox migrations. You can use this parameter only on an arbitration mailbox.
Required: False
Position: Named
Default value: None
-MaxBlockedSenders
The MaxBlockedSenders parameter specifies the maximum number of senders that can be included in the blocked
senders list. Blocked senders are senders that are considered junk senders by the mailbox and are used in junk
email rules. This parameter is validated only when the junk email rules are updated using Outlook on the web or
Exchange Web Services.
Type: Int32
Required: False
Position: Named
Default value: None
-MaxReceiveSize
The MaxReceiveSize parameter specifies the maximum size of a message that can be sent to the mailbox. Messages
larger than the maximum size are rejected.
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
A valid value is a number up to 1.999999 gigabytes (2147483647 bytes) or the value unlimited.
In Office 365, the value is determined by the subscriptions and licenses that administrators purchase and assign in
the Office 365 admin center. You can lower the value, and you may be able to raise the value, but you can't exceed
the maximum value that's allowed by the subscription or license.
In Office 365, you use this parameter to configure the MaxReceiveSize value on existing mailboxes. Use the Set-
MailboxPlan cmdlet to change the MaxReceiveSize value for all new mailboxes that you create in the future.
In on-premises Exchange, the default value unlimited indicates the maximum receive size for the mailbox is
imposed elsewhere (for example, organization, server, or connector limits).
For any message size limit, you need to set a value that's larger than the actual size you want enforced. This
accounts for the Base64 encoding of attachments and other binary data. Base64 encoding increases the size of the
message by approximately 33%, so the value you specify should be approximately 33% larger than the actual
message size you want enforced. For example, if you specify a maximum message size value of 64 MB, you can
expect a realistic maximum message size of approximately 48 MB.
Type: Unlimited
Required: False
Position: Named
Default value: None
-MaxSafeSenders
The MaxSafeSenders parameter specifies the maximum number of senders that can be included in the safe senders
list. Safe senders are senders that are trusted by the mailbox and are used in junk email rules. This parameter is
validated only when the junk email rules are updated using cloud-based organizations or services.
Type: Int32
Required: False
Position: Named
Default value: None
-MaxSendSize
The MaxSendSize parameter specifies the maximum size of a message that can be sent by the mailbox.
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
A valid value is a number up to 1.999999 gigabytes (2147483647 bytes) or the value unlimited.
In Office 365, the value is determined by the subscriptions and licenses that administrators purchase and assign in
the Office 365 admin center. You can lower the value, and you may be able to raise the value, but you can't exceed
the maximum value that's allowed by the subscription or license.
In Office 365, you use this parameter to configure the MaxSendSize value on existing mailboxes. Use the Set-
MailboxPlan cmdlet to change the MaxSendSize value for all new mailboxes that you create in the future.
In on-premises Exchange, the default value unlimited indicates the maximum send size for the mailbox is imposed
elsewhere (for example, organization, server, or connector limits).
Type: Unlimited
Required: False
Position: Named
Default value: None
-MessageCopyForSendOnBehalfEnabled
Note: Previously, this parameter was available only for shared mailboxes. In Exchange Online or Exchange 2016
CU6 or later, this parameter is also available for user mailboxes.
The MessageCopyForSendOnBehalfEnabled parameter specifies whether to copy the sender for messages that are
sent from a mailbox by users that have the "send on behalf of" permission. Valid values are:
$true: When a user sends a message from the mailbox by using the "send on behalf of" permission, a copy of
the message is sent to the sender's mailbox.
$false: When a user sends a message from the mailbox by using the "send on behalf of" permission, a copy of
the message isn't sent to the sender's mailbox. This is the default value.
You give users permission to send on behalf of a mailbox by using the GrantSendOnBehalfTo parameter on the
mailbox.

Required: False
Position: Named
Default value: None
-MessageCopyForSentAsEnabled
Note: Previously, this parameter was available only for shared mailboxes. In Exchange Online or Exchange 2016
CU6 or later, this parameter is also available for user mailboxes.
The MessageCopyForSentAsEnabled parameter specifies whether to copy the sender for messages that are sent
from a mailbox by users that have the "send as" permission. Valid values are:
$true: When a user sends a message from the mailbox by using the "send as" permission, a copy of the message
is sent to the sender's mailbox.
$false: When a user sends a message from the mailbox by using the "send as" permission, a copy of the
message isn't sent to the sender's mailbox. This is the default value.
In Exchange Online, you give a user permission to send as a mailbox by running this command:
Add-RecipientPermission <Mailbox> -AccessRights SendAs -Trustee <User> .
In on-premises Exchange, you give a user permission to send as a mailbox by running this command:
Add-ADPermission <Mailbox> -ExtendedRights "Send As" -User <User> .

Required: False
Position: Named
Default value: None
-MessageTracking
The MessageTracking parameter specifies whether the arbitration mailbox (also called an organization mailbox) is
the anchor mailbox that's used for cross-organizational message tracking scenarios. By default, the message
tracking organizational capability is assigned to the arbitration mailbox named SystemMailbox{bb558c35-97f1-
4cb9-8ff7-d53741dc928c}. You can use this parameter only on an arbitration mailbox.
Valid values are$true or $false.

Required: False
Position: named
Default value: None
-MessageTrackingReadStatusEnabled
The MessageTrackingReadStatusEnabled parameter specifies whether to include detailed information in delivery
reports for messages sent to the mailbox. Valid values are:
$true: The read status of the message and the date-time that the message was delivered is shown in the
delivery report for messages sent to this mailbox. This is the default value.
$false: The read status of the message isn't displayed in the delivery report for messages sent to this mailbox.
Only the date-time that the message was delivered is shown in the delivery report.

Required: False
Position: Named
Default value: None
-MicrosoftOnlineServicesID
The MicrosoftOnlineServicesID parameter specifies the Microsoft work or school account for the mailbox (for
example, lila@contoso.onmicrosoft.com).
Type: SmtpAddress
Required: False
Position: Named
Default value: None
-Migration
The Migration switch is required to modify migration mailboxes. You don't need to specify a value with this switch.
Required: False
Position: Named
Default value: None
-ModeratedBy
Name
Alias
Canonical DN
Email address
GUID
to the value $true.
Required: False
Position: Named
Default value: None
-ModerationEnabled
Required: False
Position: Named
Default value: None
-Name
Type: String
Required: False
Position: Named
Default value: None
-NewPassword
The NewPassword parameter is used with the OldPassword parameter when a user changes their own password in
Outlook on the web. By default, the NewPassword and OldPassword parameters are also available to members of
the Help Desk and Organization Management role groups via the User Options role. However, administrators use
the Password parameter to reset a user's password, because that parameter doesn't require the user's current
password.
parameter.
Type: SecureString
Required: False
Position: Named
Default value: None
-OABGen
The OABGen parameter specifies whether the arbitration mailbox (also called an organization mailbox) is used for
offline address book (OAB ) file generation and storage for the organization. OAB requests are sent to the server
where this arbitration mailbox is located. You can use this parameter only on an arbitration mailbox.
Required: False
Position: Named
Default value: None
-Office
The Office parameter specifies the user's physical office name or number.
Type: String
Required: False
Position: Named
Default value: None
-OfflineAddressBook
The OfflineAddressBook parameter specifies the offline address book (OAB ) that's associated with the mailbox. You
can use any value that uniquely identifies the OAB. For example:
Name
GUID
Use the Get-OfflineAddressBook cmdlet to see the available offline address books.
Required: False
Position: Named
Default value: None
-OldPassword
The OldPassword parameter is used with the NewPassword parameter when a user changes their own password in
Outlook on the web. By default, the NewPassword and OldPassword parameters are also available to members of
the Help Desk and Organization Management role groups via the User Options role. However, administrators
typically use the Password parameter to reset a user's password, because that parameter doesn't require the user's
current password.
parameter.
Type: SecureString
Required: False
Position: Named
Default value: None
-OMEncryption

Required: False
Position: Named
Default value: None
-OMEncryptionStore
PARAMVALUE: $true | $false

Required: False
Position: Named
Default value: None
-Password
The Password parameter resets the password of the user account that's associated with the mailbox to the value
you specify. To use this parameter on a mailbox other than your own, you need to be a member of one of the
following role groups:
Office 365: You can't use this parameter to change another user's password. To change another user's password,
use the Set-MsolUserPassword cmdlet in Office 365 (Azure AD ) PowerShell. For connection instructions, see
Connect to Office 365 PowerShell (https://go.microsoft.com/fwlink/p/?LinkId=614839). To change a another
user's password in the Office 365 admin center, see Reset a user's password
On-premises Exchange: The Organization Management or Help Desk role groups via the User Options role.
The Reset Password role also allows you to use this parameter, but it isn't assigned to any role groups by
default.
parameter.
Type: SecureString
Required: False
Position: Named
Default value: None
-PrimarySmtpAddress
If you set the EmailAddressPolicyEnabled parameter to $false, you can specify the primary address using the
PrimarySmtpAddress parameter, but that means the email addresses of the mail user no longer automatically
updated by email address policies.
Type: SmtpAddress
Required: False
Position: Named
Default value: None
-ProhibitSendQuota
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
assign in the Office 365 admin center. You can lower the quota value, and you may be able to raise the quota, but
you can't exceed the maximum value that's allowed by the subscription or license. In Office 365, you can't use this
parameter on public folder mailboxes.
parameter is set to the value $true, the value of the this parameter is ignored, and the mailbox uses the
ProhibitSendQuota value on the mailbox database. To use this parameter to enforce a specific quota value for the
mailbox, you need to set the UseDatabaseQuotaDefaults parameter to the value $false.
Type: Unlimited
Required: False
Position: Named
Default value: None
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
assign in the Office 365 admin center. You can lower the quota value, but you can't exceed the maximum value
that's allowed by the subscription or license. In Office 365, you can't use this parameter on public folder mailboxes.
parameter is set to the value $true, the value of the this parameter is ignored, and the mailbox uses the
ProhibitSendReceiveQuota value on the mailbox database. To use this parameter to enforce a specific quota value
for the mailbox, you need to set the UseDatabaseQuotaDefaults parameter to the value $false.
Type: Unlimited
Required: False
Position: Named
Default value: None
-ProvisionedForOfficeGraph
Required: False
Position: Named
Default value: None
-PstProvider

Required: False
Position: Named
Default value: None
-PublicFolder
The PublicFolder switch is required to modify public folder mailboxes. You don't need to specify a value with this
switch.
Required: False
Position: Named
Default value: None
-QueryBaseDN
Required: False
Position: Named
Default value: None
-RecalculateInactiveMailbox
The RecalculateInactiveMailbox switch specifies whether to recalculate the hold status of an inactive mailbox. You
An inactive mailbox is a mailbox that's placed on Litigation Hold or In-Place Hold before it's soft-deleted.
You use this switch with the InactiveMailbox switch and the Identity parameter (with DistinguishedName or
ExchangeGuid property values) to force the recalculation of the hold status for the inactive mailbox, which might
lead to the soft-deletion of the mailbox if all holds on the mailbox have expired.
Required: True
Position: Named
Default value: None
-RecipientLimits
The RecipientLimits parameter specifies the maximum number of recipients allowed in messages sent by the
mailbox.
A valid value is an integer or the value unlimited. The default value is unlimited.
The value unlimited indicates the maximum number of recipients per message for the mailbox is controlled
elsewhere (for example, organization, server, or connector limits).
Type: Unlimited
Required: False
Position: Named
Default value: None
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
ignored, and the mailbox uses the RecoverableItemsQuota value on the mailbox database. To use this parameter to
enforce a specific quota value for the mailbox, you need to set the UseDatabaseQuotaDefaults parameter to the
value $false.
Type: Unlimited
Required: False
Position: Named
Default value: None
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
ignored, and the mailbox uses the RecoverableItemsWarningQuota value on the mailbox database. To use this
parameter to enforce a specific quota value for the mailbox, you need to set the UseDatabaseQuotaDefaults
parameter to the value $false.
Type: Unlimited
Required: False
Position: Named
Default value: None
-RejectMessagesFrom
The RejectMessagesFrom parameter specifies who isn't allowed to send messages to this recipient. Messages from
these senders are rejected.
Name
Alias
Canonical DN
Email address
GUID
RejectMessagesFromSendersOrMembers property. Therefore, you can't use the RejectMessagesFrom and
RejectMessagesFromSendersOrMembers parameters in the same command.
Required: False
Position: Named
Default value: None
-RejectMessagesFromDLMembers
The RejectMessagesFromDLMembers parameter specifies who isn't allowed to send messages to this recipient.
Messages from these senders are rejected.
and dynamic distribution groups). Specifying a group means all members of the group aren't allowed to send
Name
Alias
Canonical DN
Email address
GUID
RejectMessagesFromSendersOrMembers property. Therefore, you can't use the RejectMessagesFromDLMembers
and RejectMessagesFromSendersOrMembers parameters in the same command.
Required: False
Position: Named
Default value: None
-RejectMessagesFromSendersOrMembers
The RejectMessagesFromSendersOrMembers parameter specifies who isn't allowed to send messages to this
recipient. Messages from these senders are rejected.
dynamic distribution groups. Specifying a group means all members of the group aren't allowed to send messages
to this recipient.
Name
Alias
Canonical DN
Email address
GUID
RejectMessagesFrom and RejectMessagesFromDLMembers parameters.
RejectMessagesFrom and RejectMessagesFromDLMembers properties, respectively. Therefore, you can't use the
RejectMessagesFromSendersOrMembers parameter and the RejectMessagesFrom or
RejectMessagesFromDLMembers parameters in the same command.
Required: False
Position: Named
Default value: None
-RemoteRecipientType
Type: None | ProvisionMailbox | ProvisionArchive | Migrated | DeprovisionMailbox | DeprovisionArchive |
RoomMailbox | EquipmentMailbox | SharedMailbox
Required: False
Position: Named
Default value: None
-RemoveDelayHoldApplied
The RemoveDelayHoldApplied switch specifies whether to remove delay holds from the mailbox. You don't need to
The removal of a hold from a mailbox is temporarily delayed to prevent the accidental purge of content that's no
longer affected by the hold. This temporary delay in the removal of the hold is known as a delay hold. To see the
hold history on a mailbox, replace <MailboxIdentity> with the name, email address, or alias of the mailbox, and run
this command: Export-MailboxDiagnosticLogs -Identity <MailboxIdentity> -ComponentName HoldTracking.
Required: True
Position: Named
Default value: None
-RemoveDisabledArchive
The RemoveDisabledArchive switch specifies whether to remove the disabled archive that's associated with the
mailbox. You don't need to specify a value with this switch.
Required: True
Position: Named
Default value: None
-RemoveManagedFolderAndPolicy
The RemoveManagedFolderAndPolicy switch specifies whether to remove all MRM policies and attributes from a
mailbox.
Required: False
Position: Named
Default value: None
-RemoveOrphanedHolds
The RemoveOrphanedHolds parameter is used to remove the mailbox (typically, an inactive mailbox) from In-Place
Holds that no longer exist, but are still applied to the mailbox. You identify the In-Place Hold by using its GUID
value. You can specify multiple GUID values separated by commas.
If you use the GUID value of an In-Place Hold that still exists as a value for this parameter, the command will return
an error. If that happens, you'll need to remove the mailbox (or inactive mailbox) from the In-Place Hold.
In an Exchange hybrid deployment, In-Place Holds that are created in the on-premises organization can be applied
to cloud-based mailboxes. In this scenario, it's possible that the hold object hasn't been synced to the cloud-based
organization, and using this parameter will remove the specified hold from the cloud-based mailbox even though
the hold may still exist. To prevent this from happening, make sure the hold doesn't exist in the on-premises
organization before you use this parameter.
Type: String[]
Required: False
Position: Named
Default value: None
-RemovePicture
The RemovePicture switch specifies whether to remove the picture from the mailbox. You don't need to specify a
You can add a picture to a mailbox by using the Import-RecipientDataProperty cmdlet.
Required: False
Position: Named
Default value: None
-RemoveSpokenName
The RemoveSpokenName parameter specifies whether to remove the spoken name from the mailbox. You don't
You can add a sound file to a mailbox by using the Import-RecipientDataProperty cmdlet.
Required: False
Position: Named
Default value: None
-RequireSenderAuthenticationEnabled
The RequireSenderAuthenticationEnabled parameter specifies whether to accept messages only from
authenticated (internal) senders. Valid values are:
$true: Messages are accepted only from authenticated (internal) senders. Messages from unauthenticated
(external) senders are rejected.
$false: Messages are accepted from authenticated (internal) and unauthenticated (external) senders.

Required: False
Position: Named
Default value: None
The ResetPasswordOnNextLogon parameter specifies whether the user is required to change their password the
next time they log on to their mailbox. Valid values are:
$true: The user is required to change their password the next time they log on to their mailbox.
$false: The user isn't required to change their password the next time they log on to their mailbox. This is the
default value.
In Office 365, administrators can require users to reset their password the next time they log on by using the
ResetPasswordOnNextLogon parameter on the Set-User cmdlet.

Required: False
Position: Named
Default value: None
-ResourceCapacity
The ResourceCapacity parameter specifies the capacity of the resource mailbox. For example, you can use this
parameter to identify the number of seats in a conference room (room mailbox) or in a vehicle (equipment
mailbox). A valid value is an integer.
Type: Int32
Required: False
Position: Named
Default value: None
-ResourceCustom
The ResourceCustom parameter specifies one or more custom resource properties to add to the resource mailbox.
You can use this parameter only on resource mailboxes.
You use the Set-ResourceConfig and Get-ResourceConfig cmdlets to create and view custom resource properties.
After you create custom resource properties, you use this parameter to assign one or more of those properties to a
resource mailbox. Properties that begin with the prefix Room/ are available only on room mailboxes, and properties
that begin with the prefix Equipment/ are available only on equipment mailboxes. When you specify a property
value for this parameter, don't include the prefix.
Required: False
Position: Named
Default value: None
-RetainDeletedItemsFor
The RetainDeletedItemsFor parameter specifies the length of time to keep soft-deleted items for the mailbox. Soft-
deleted items are items that have been deleted by using any of these methods:
Deleting items from the Deleted Items folder.
Selecting the Empty Deleted Items Folder action.
Deleting items using Shift + Delete.
These actions move the items to the Recoverable Items folder, into a subfolder named Deletions.
Before the deleted item retention period expires, users can recover soft-deleted items in Outlook and Outlook on
the web by using the Recover Deleted Items feature. For more information, see Recoverable Items folder in
Exchange Server (https://technet.microsoft.com/library/ee364755.aspx).
seconds.
The default value is 14 days (14.00:00:00). In Office 365, you can increase the value to a maximum of 30 days.
In Office 365, you use this parameter to configure the RetainDeletedItemsFor value on existing mailboxes. Use the
Set-MailboxPlan cmdlet to change the RetainDeletedItemsFor value for all new mailboxes that you create in the
future.
In on-premises Exchange, the default value is configured by the value of the DeletedItemRetention parameter on
mailbox database. To override the default value, enter a value for the RetainDeletedItemsFor parameter on the
mailbox.
Required: False
Position: Named
Default value: None
-RetainDeletedItemsUntilBackup
The RetainDeletedItemsUntilBackup parameter specifies whether to keep items in the Recoverable Items\Deletions
folder of the mailbox until the next database backup occurs. Valid values are:
$true: Deleted items are kept until the next mailbox database backup. This value could effectively override the
deleted item retention and recoverable items quota values.
$false: Retention of deleted items doesn't depend on a backup of the mailbox database. This is the default value.
The default value is configured by the value of the DeletedItemRetention parameter on mailbox database. To
override the default value, enter a value for the RetainDeletedItemsFor parameter on the mailbox.

Required: False
Position: Named
Default value: None
-RetentionComment
The RetentionComment parameter specifies a comment that's displayed in Outlook regarding the user's retention
hold status.
This comment can only be set if the RetentionHoldEnabled parameter is set to $true. This comment should be
localized to the user's preferred language. If the comment contains spaces, enclose the comment in quotation
marks (").
Type: String
Required: False
Position: Named
Default value: None
-RetentionHoldEnabled
The RetentionHoldEnabled parameter specifies whether the mailbox is placed on retention hold. Placing the
mailbox on retention hold temporarily suspends the processing of retention policies or managed folder mailbox
policies for the mailbox (for example, when the user is on vacation). Valid values are:
$true: The mailbox is placed on retention hold. Retention policies and managed folder policies are suspended
for the mailbox.
$false: The retention hold is removed from the mailbox. The mailbox is subject to retention policies and
managed folder policies. This is the default value.
To set the start date for retention hold, use the StartDateForRetentionHold parameter.

Required: False
Position: Named
Default value: None
-RetentionPolicy
The RetentionPolicy parameter specifies the retention policy that you want applied to this mailbox. You can use any
Name
GUID
Required: False
Position: Named
Default value: None
-RetentionUrl
The RetentionUrl parameter specifies the URL or an external web page with additional details about the
organization's messaging retention policies.
This URL can be used to expose details regarding retention policies in general, which is usually a customized legal
or IT website for the company.
Type: String
Required: False
Position: Named
Default value: None
The RoleAssignmentPolicy parameter specifies the role assignment policy that's assigned to the mailbox. You can
use any value that uniquely identifies the role assignment policy. For example:
Name
GUID
In Office 365, a role assignment policy must be assigned to the mailbox. In on-premises Exchange, to configure the
mailbox so there's no role assignment policy assigned, use the value $null.
Use the Get-RoleAssignmentPolicy cmdlet to see the available role assignment policies. For more information, see
Understanding management role assignment policies (https://technet.microsoft.com/library/dd638100.aspx).
Required: False
Position: Named
Default value: None
-RoomMailboxPassword
Use the RoomMailboxPassword parameter to change the password for a room mailbox that has an enabled
account (the EnableRoomMailboxAccount parameter is set to the value $true.)
parameter.
Type: SecureString
Required: False
Position: Named
Default value: None
-RulesQuota
The RulesQuota parameter specifies the limit for the size of Inbox rules for the mailbox. When you enter a value,
qualify the value with one of the following:
A valid value is a number from 32 to 256 kilobytes (32768 to 262144 bytes). When you enter a value, qualify the
value with one of the following units:
B (bytes)
KB (kilobytes)
The default value is 64 kilobytes (65536 bytes).
The quota for Inbox rules applies only to enabled rules. There is no restriction on the number of disabled rules a
mailbox can have. However, the total size of rules that are enabled or active can't exceed the value specified for this
parameter.
Required: False
Position: Named
Default value: None
-SamAccountName
Type: String
Required: False
Position: Named
Default value: None
-SCLDeleteEnabled
The SCLDeleteEnabled parameter specifies whether to silently delete messages that meet or exceed the spam
confidence level (SCL ) specified by the SCLDeleteThreshold parameter. Valid values are:
$true: Messages that meet or exceed the SCLDeleteThreshold value are silently deleted without sending an
non-delivery report (NDR ).
$false: Messages that meet or exceed the SCLDeleteThreshold value aren't deleted.
$null (blank): The value isn't configured. This is the default value.

Required: False
Position: Named
Default value: None
-SCLDeleteThreshold
The SCLDeleteThreshold parameter specifies the SCL delete threshold. When the SCLDeleteEnabled parameter is
set to $true, messages with an SCL greater than or equal to the specified value are silently deleted.
A valid value is an integer from 0 through 9. This value should be greater than the other SCL*Threshold values.
Type: Int32
Required: False
Position: Named
Default value: None
-SCLJunkEnabled
The SCLJunkEnabled parameter specifies whether messages that exceed(not meet) the SCL specified by the
SCLJunkThreshold parameter are moved to the Junk Email folder. Valid values are:
$true: Messages that exceed the SCLJunkThreshold value are moved to the Junk Email folder. Messages that
meet the SCLJunkThreshold value aren't moved to the Junk Email folder.
$false: Messages that meet or exceed the SCLJunkThreshold value aren't moved to the Junk Email folder.
Required: False
Position: Named
Default value: None
-SCLJunkThreshold
The SCLJunkThreshold parameter specifies the SCL Junk Email folder threshold. When the SCLJunkEnabled
parameter is set to $true, messages with an SCL greater than (not equal to) the specified value are moved to the
Junk Email folder.
A valid value is an integer from 0 through 9. This value should be less than the other SCL*Threshold values.
Type: Int32
Required: False
Position: Named
Default value: None
-SCLQuarantineEnabled
The SCLQuarantineEnabled parameter specifies whether messages that meet or exceed the SCL specified by the
SCLQuarantineThreshold parameter are quarantined. If a message is quarantined, it's sent to the quarantine
mailbox where administrators can review it. Valid values are:
$true: Messages that meet or exceed the SCLQuarantineThreshold value are sent to the quarantine mailbox.
$false: Messages that meet or exceed the SCLQuarantineThreshold value aren't sent to the quarantine mailbox.
To configure the quarantine mailbox, see Configure a spam quarantine mailbox

Required: False
Position: Named
Default value: None
-SCLQuarantineThreshold
The SCLQuarantineThreshold parameter specifies the SCL quarantine threshold. When the
SCLQuarantineEnabled parameter is set to $true, messages with an SCL greater than or equal to the specified
value are quarantined.
A valid value is an integer from 0 through 9. This value should be less than the SCLRejectThreshold value, but
greater than the SCLJunkThreshold value.
Type: Int32
Required: False
Position: Named
Default value: None
-SCLRejectEnabled
The SCLRejectEnabled parameter specifies whether messages that meet or exceed the SCL specified by the
SCLRejectThreshold parameter are rejected. Valid values are:
$true: Messages that meet or exceed the SCLRejectThreshold value are rejected, and an NDR is sent to the
sender.
$false: Messages that meet or exceed the SCLRejectThreshold value aren't rejected.

Required: False
Position: Named
Default value: None
-SCLRejectThreshold
The SCLRejectThreshold parameter specifies the SCL reject threshold. When the SCLRejectEnabled parameter is
set to $true, messages with an SCL greater than or equal to the specified value are rejected, and an NDR is sent to
the sender.
A valid value is an integer from 0 through 9. This value should be less than the SCLDeleteThreshold value, but
greater than the SCLQuarantineThreshold value.
Type: Int32
Required: False
Position: Named
Default value: None
-SecondaryAddress
The SecondaryAddress parameter specifies the secondary address used by the UM -enabled user.
Type: String
Required: False
Position: Named
Default value: None
-SecondaryDialPlan
The SecondaryDialPlan parameter specifies a secondary UM dial plan to use. This parameter is provided to create a
secondary proxy address.
Type: UMDialPlanIdParameter
Required: False
Position: Named
Default value: None
values are:
$true).

Required: False
Position: Named
Default value: None
-SharingPolicy
The SharingPolicy parameter specifies the sharing policy that's assigned to the mailbox. You can use any value that
uniquely identifies the sharing policy. For example:
Name
GUID
Use the Get-SharingPolicy cmdlet to see the available sharing policies.
Type: SharingPolicyIdParameter
Required: False
Position: Named
Default value: None
-SimpleDisplayName
The SimpleDisplayName parameter is used to display an alternative description of the object when only a limited
set of characters is permitted. Valid characters are:
a-z
A-Z
0-9
"<space>", """, "'", "(", ")", "+", ",", "-", ".", "/", ":", and "?".
Type: String
Required: False
Position: Named
Default value: None
-SingleItemRecoveryEnabled
The SingleItemRecoveryEnabled parameter specifies whether to prevent the Recovery Items folder from being
purged. Valid values are:
$true: Single item recovery is enabled. The Recovery Items folder can't be purged. and items that have been
deleted or edited can't be removed.
$false: Single item recovery isn't enabled. The Recovery Items folder can be purged, and, items that have been
deleted or edited can be removed. This is the default value.

Required: False
Position: Named
Default value: None
-SkipDualWrite
Required: False
Position: Named
Default value: None
-StartDateForRetentionHold
The StartDateForRetentionHold parameter specifies the start date for the retention hold that's placed on the
mailbox.
To use this parameter, you need to set the RetentionHoldEnabled parameter to value $true.
Type: DateTime
Required: False
Position: Named
Default value: None
-StsRefreshTokensValidFrom
Type: DateTime
Required: False
Position: Named
Default value: None
-SystemMessageSizeShutoffQuota
Type: Int64
Required: False
Position: Named
Default value: None
-SystemMessageSizeWarningQuota
Type: Int64
Required: False
Position: Named
Default value: None
-ThrottlingPolicy
The ThrottlingPolicy parameter specifies the throttling policy that's assigned to the mailbox. You can use any value
that uniquely identifies the throttling policy. For example:
Name
GUID
Use the Get-ThrottlingPolicy cmdlet to see the available throttling policies.
Type: ThrottlingPolicyIdParameter
Required: False
Position: Named
Default value: None
-Type
The Type parameter specifies the mailbox type for the mailbox. Valid values are:
Regular
Room
Equipment
Shared
Type: Regular | Room | Equipment | Shared

Required: False
Position: Named
Default value: None
-UMDataStorage
The UMDataStorage parameter specifies whether the arbitration mailbox (also called an organization mailbox) is
used to store UM call data records and UM custom prompts. This capability can be assigned to only one arbitration
mailbox for the organization. You can use this parameter only on an arbitration mailbox.

Required: False
Position: Named
Default value: None
-UMDtmfMap
The UMDtmfMap parameter specifies the dual-tone multiple-frequency (DTMF ) map values for the recipient. This
allows the recipient to be identified by using a telephone keypad in Unified Messaging (UM ) environments.
Typically, these DTMF values are automatically created and updated, but you can use this parameter to make
changes manually. This parameter uses the following syntax:
emailAddress:<integers>
lastNameFirstName:<integers>
firstNameLastName:<integers>
To enter values that overwrite all existing entries, use the following syntax: emailAddress:
<integers>,lastNameFirstName:<integers>,firstNameLastName:<integers>.
If you use this syntax and you omit any of the DTMF map values, those values are removed from the recipient. For
example, if you specify only emailAddress:<integers>, all existing lastNameFirstName and firstNameLastName
values are removed.
To add or remove values without affecting other existing entries, use the following syntax: @{Add="emailAddress:
<integers>","lastNameFirstName:<integers>","firstNameLastName:<integers>"; Remove="emailAddress:
<integers>","lastNameFirstName:<integers>","firstNameLastName:<integers>"}.
If you use this syntax, you don't need to specify all of the DTMF map values, and you can specify multiple DTMF
map values. For example, you can use @{Add="emailAddress:<integers1>","emailAddress:<integers2>} to add two
new values for emailAddress without affecting the existing lastNameFirstName and firstNameLastName values.
Required: False
Position: Named
Default value: None
-UMGrammar
The UMGrammar parameter specifies whether the arbitration mailbox (also called an organization mailbox) is used
for UM directory speech grammar generation for the organization. UM directory speech grammars will be
generated and used on the Mailbox server of this arbitration mailbox. UM directory speech grammars are used in
speech-enabled directory search features, such as UM auto attendants. You can use this parameter only on an
arbitration mailbox.

Required: False
Position: Named
Default value: None
-UseDatabaseQuotaDefaults
The UseDatabaseQuotaDefaults parameter specifies whether the mailbox uses the applicable quota values that are
configured on the mailbox or on the mailbox database. Valid values are:
$true: The mailbox uses the applicable quota values that are configured on the mailbox database. Any of those
quota values configured directly on the mailbox are ignored.
$false: The mailbox uses its own values for the applicable quota values. Any of those quota values on the
mailbox database are ignored.
In Office 365, the default value is $false. In on-premises Exchange, the default value is $true.
The applicable quota values are:
CalendarLoggingQuota
IssueWarningQuota
ProhibitSendQuota
ProhibitSendReceiveQuota
RecoverableItemsQuota
RecoverableItemsWarningQuota

Required: False
Position: Named
Default value: None
-UseDatabaseRetentionDefaults
The UseDatabaseRetentionDefaults parameter specifies whether the mailbox uses the MailboxRetention attribute
value that's configured on the mailbox database. This value controls how long deleted mailboxes are kept in the
database before they are permanently removed (purged). The default value is 30 days. Valid values are:
$true: The mailbox uses the MailboxRetention value that's configured on the mailbox database. This is the
default value.
$false: When the mailbox is deleted, it's retained indefinitely.

Required: False
Position: Named
Default value: None
-UserCertificate
The UserCertificate parameter specifies the digital certificate used to sign a user's email messages.
Required: False
Position: Named
Default value: None
-UserPrincipalName
Type: String
Required: False
Position: Named
Default value: None
-UserSMimeCertificate
The UserSMimeCertificate parameter specifies the S/MIME certificate that's used to sign a user's email messages.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-WindowsEmailAddress
The WindowsEmailAddress parameter specifies the Windows email address for this recipient. This is a common
Active Directory attribute that's present in all environments, including environments without Exchange. Using the
WindowsEmailAddress parameter on a recipient has one of the following results:
In environments where the recipient is subject to email address policies (the EmailAddressPolicyEnabled
property is set to the value True for the recipient), the WindowsEmailAddress parameter has no effect on the
WindowsEmailAddress property or the primary email address value.
In environments where the recipient isn't subject to email address policies (the EmailAddressPolicyEnabled
property is set to the value False for the recipient), the WindowsEmailAddress parameter updates the
WindowsEmailAddress property and the primary email address to the same value.
The WindowsEmailAddress property is visible for the recipient in Active Directory Users and Computers in the E -
mail attribute. The attribute common name is E -mail-Addresses, and the Ldap-Display-Name is mail. If you modify
this attribute in Active Directory, the recipient's primary email address is not updated to the same value.
Type: SmtpAddress
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-MailboxAutoReplyConfiguration
In ths Article
may be exclusive to one environment or the other. Use the Set-MailboxAutoReplyConfiguration cmdlet to
configure Automatic Replies settings for a specific mailbox. For information about the parameter sets in the Syntax
Syntax
Set-MailboxAutoReplyConfiguration [-Identity] <MailboxIdParameter>
[-AutoDeclineFutureRequestsWhenOOF <$true | $false>]
[-AutoReplyState <Disabled | Enabled | Scheduled>]
[-Confirm]
[-CreateOOFEvent <$true | $false>]
[-DeclineAllEventsForScheduledOOF <$true | $false>]
[-DeclineEventsForScheduledOOF <$true | $false>]
[-DeclineMeetingMessage <String>]
[-EndTime <DateTime>]
[-EventsToDeleteIDs <String[]>]
[-ExternalAudience <None | Known | All>]
[-ExternalMessage <String>]
[-InternalMessage <String>]
[-OOFEventSubject <String>]
[-StartTime <DateTime>]
Description
You can disable Automatic Replies for a specified mailbox or organization.
Examples
-------------------------- Example 1 --------------------------
Set-MailboxAutoReplyConfiguration -Identity tony -AutoReplyState Scheduled -StartTime "7/10/2018 08:00:00" -

EndTime "7/15/2018 17:00:00" -InternalMessage "Internal auto-reply message"
This example configures Automatic Replies for Tony's mailbox to be sent between the specified start and end dates
and includes an internal message.
-------------------------- Example 2 --------------------------
Set-MailboxAutoReplyConfiguration -Identity tony -AutoReplyState Enabled -InternalMessage "Internal auto-reply
message." -ExternalMessage "External auto-reply message."
This example configures Automatic Replies for Tony's mailbox to be sent and includes an internal and an external
message.
Parameters
-AutoDeclineFutureRequestsWhenOOF
The AutoDeclineFutureRequestsWhenOOF parameter specifies whether to automatically decline new meeting
requests that are sent to the mailbox during the scheduled time period when Automatic Replies are being sent.
Valid values are:
$true: New meeting requests that are received during the scheduled time period are automatically declined.
$false: Meeting requests received during the scheduled time period aren't automatically declined. This is the
default value.
You can use this parameter only when the AutoReplyState parameter is set to Scheduled.

Required: False
Position: Named
Default value: None
-AutoReplyState
The AutoReplyState parameter specifies whether the mailbox is enabled for Automatic Replies. Valid values are:
Enabled: Automatic Replies are sent for the mailbox.
Disabled: Automatic Replies aren't sent for the mailbox. This is the default value.
Scheduled: Automatic Replies are sent for the mailbox during the time period that's specified by the StartTime
and EndTime parameters.
The Enabled and Scheduled values require these additional settings:
A value for the InternalMessageValue parameter.
A value for the ExternalMessageValue parameter if the ExternalAudience parameter is set to Known or All.
Type: Disabled | Enabled | Scheduled

Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-CreateOOFEvent
The CreateOOFEvent parameter specifies whether to create a calendar event that corresponds to the scheduled
time period when Automatic Replies are being sent for the mailbox. Valid values are:
$true: When you configure a scheduled time period for Automatic Replies by using the value Scheduled for the
AutoReplyState parameter, a calendar event is created in the mailbox for those dates. You can specify the subject
for the event by using the OOFEventSubject parameter.
$false: When you configure a scheduled time period for Automatic Replies by using the value Scheduled for the
AutoReplyState parameter, no calendar event is created for those dates. This is the default value.

Required: False
Position: Named
Default value: None
-DeclineAllEventsForScheduledOOF
The DeclineAllEventsForScheduledOOF parameter specifies whether to decline all existing calendar events in the
mailbox during the scheduled time period when Automatic Replies are being sent. Valid values are:
$true: Existing calendar events in the mailbox that occur during the scheduled time period are declined and
removed from the calendar.
$false: Existing calendar events in the mailbox that occur during the scheduled time period remain in the
calendar. This is the default value.
You can use this parameter only when the DeclineEventsForScheduledOOF parameter is set to $true.
You can't use this parameter with the EventsToDeleteIDs parameter.
Required: False
Position: Named
Default value: None
-DeclineEventsForScheduledOOF
The DeclineEventsForScheduledOOF parameter specifies whether it's possible to decline existing calendar events
in the mailbox during the scheduled time period when Automatic Replies are being sent. Valid values are:
$true: Existing calendar events in the mailbox that occur during the scheduled time period can be declined and
removed from the calendar. To decline specific events during the scheduled time period, use the
EventsToDeleteIDs parameter. To decline all events during the scheduled time period, use the
DeclineAllEventsForScheduledOOF parameter.
$false: Existing calendar events in the mailbox that occur during the scheduled time period remain in the
calendar. This is the default value.
You can use this parameter only when the AutoReplyState parameter is set to Scheduled.

Required: False
Position: Named
Default value: None
-DeclineMeetingMessage
The DeclineMeetingMessage parameter specifies the text in the message when meetings requests that are sent to
the mailbox are automatically declined. For example:
The AutoDeclineFutureRequestsWhenOOF parameter is set to $true.
The DeclineEventsForScheduledOOF parameter is set to $true, and the DeclineAllEventsForScheduledOOF
parameter is set to $true, or individual events are specified by using the EventsToDeleteIDs parameter.
If the value contains spaces, enclose the value in quotation marks ("). HTML tags aren't automatically added to the
text, but you can use values that contain HTML tags. For example, "<html><body>I'm on vacation.<br>I can't
attend the meeting.</body></html>".
To clear the value of this parameter, use the value $null.
Type: String
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-EndTime
The EndTime parameter specifies the end date and time that Automatic Replies are sent for the mailbox. You use
this parameter only when the AutoReplyState parameter is set to Scheduled, and the value of this parameter is
meaningful only when AutoReplyState is Scheduled.
Type: DateTime
Required: False
Position: Named
Default value: None
-EventsToDeleteIDs
The EventsToDeleteIDs parameter specifies the calendar events to delete from the mailbox when the
DeclineEventsForScheduledOOF parameter is set to $true.
You can specify multiple calendar events separated by commas.
You can't use this parameter with the DeclineAllEventsForScheduledOOF parameter.
Type: String[]
Required: False
Position: Named
Default value: None
-ExternalAudience
The ExternalAudience parameter specifies whether Automatic Replies are sent to external senders. Valid values are:
None: Automatic Replies aren't sent to any external senders.
Known: Automatic Replies are sent only to external senders that are specified in the Contact list of the mailbox.
All: Automatic Replies are sent to all external senders. This is the default value.
The value of this parameter is meaningful only when the AutoReplyState parameter is set to Enabled or Scheduled.
Type: None | Known | All

Required: False
Position: Named
Default value: None
-ExternalMessage
The ExternalMessage parameter specifies the Automatic Replies message that's sent to external senders or senders
outside the organization. If the value contains spaces, enclose the value in quotation marks (").
HTML tags are automatically added to the text. For example, if you enter the text, "I'm on vacation", the value
automatically becomes: <html><body>I'm on vacation</body></html>. Additional HTML tags are supported if
you enclose the value in quotation marks. For example, "<html><body>I'm on vacation.<br>I'll respond when I
return.</body></html>".
The value of this parameter is meaningful only when both of the following conditions are true:
The AutoReplyState parameter is set to Enabled or Scheduled.
The ExternalAudience parameter is set to Known or All.
To clear the value of this parameter when it's no longer required (for example, if you change the ExternalAudience
parameter to None), use the value $null.
Type: String
Required: False
Position: Named
Default value: None
-Identity
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-IgnoreDefaultScope
automatically.
accepted.
Required: False
Position: Named
Default value: None
-InternalMessage
The InternalMessage parameter specifies the Automatic Replies message that's sent to internal senders or senders
within the organization. If the value contains spaces, enclose the value in quotation marks (").
HTML tags are automatically added to the text. For example, if you enter the text: "I'm on vacation", the value
automatically becomes: <html><body>I'm on vacation</body></html>. Additional HTML tags are supported if
you enclose the value in quotation marks. For example, "<html><body>I'm on vacation.<br>Please contact my
manager.</body></html>".
The value of this parameter is meaningful only when the AutoReplyState parameter is set to Enabled or Scheduled.
To clear the value of this parameter when it's no longer required (for example, if you change the AutoReplyState
parameter to Disabled), use the value $null.
Type: String
Required: False
Position: Named
Default value: None
-OOFEventSubject
The OOFEventSubject parameter specifies the subject for the calendar event that's automatically created when the
CreateOOFEvent parameter is set to $true.
If the value contains spaces, enclose the value in quotation marks ("). To clear the value of this parameter, use the
value $null.
Type: String
Required: False
Position: Named
Default value: None
-StartTime
The StartTime parameter specifies the start date and time that Automatic Replies are sent for the specified mailbox.
You use this parameter only when the AutoReplyState parameter is set to Scheduled, and the value of this
parameter is meaningful only when AutoReplyState is Scheduled.
Type: DateTime
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-MailboxCalendarFolder
In ths Article
may be exclusive to one environment or the other. Use the Set-MailboxCalendarFolder cmdlet to configure
calendar publishing or sharing settings on a mailbox for the visibility of calendar information to external users. To
add or modify the permissions so internal users can access the calendar, use the Add-MailboxFolderPermission or
Set-MailboxFolderPermission cmdlets. For information about the parameter sets in the Syntax section below, see
Syntax
Set-MailboxCalendarFolder [-Identity] <MailboxFolderIdParameter> [-Confirm]
[-DetailLevel <AvailabilityOnly | LimitedDetails | FullDetails>] [-DomainController <Fqdn>]
[-PublishDateRangeFrom <OneDay | ThreeDays | OneWeek | OneMonth | ThreeMonths | SixMonths | OneYear>]
[-PublishDateRangeTo <OneDay | ThreeDays | OneWeek | OneMonth | ThreeMonths | SixMonths | OneYear>]
[-PublishEnabled <$true | $false>] [-ResetUrl] [-SearchableUrlEnabled <$true | $false>] [-WhatIf]
[-SetAsSharingSource] [-UseHttps] [<CommonParameters>]
Description
The Set-MailboxCalendarFolder cmdlet configures publishing information. The calendar folder can be configured
as follows:
Whether the calendar folder is enabled for publishing
Range of start and end calendar days to publish
Level of detail to publish for the calendar
Whether the published URL of the calendar is enabled for search on the web
Examples
-------------------------- Example 1 --------------------------
Set-MailboxCalendarFolder -Identity kai:\Calendar -DetailLevel LimitedDetails
This example sets the level of details to publish for Kai's shared calendar to LimitedDetails, which means limited
details are displayed.
-------------------------- Example 2 --------------------------
Set-MailboxCalendarFolder -Identity kai:\Calendar -SearchableUrlEnabled $true
This example enables the calendar in Kai's mailbox to be searchable on the web.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DetailLevel
The DetailLevel parameter specifies the level of calendar detail that's published and available to anonymous users.
You can use the following values:
AvailabilityOnly
LimitedDetails
FullDetails
Editor
The default value is AvailabilityOnly.
Type: AvailabilityOnly | LimitedDetails | FullDetails

Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox and folder path or folder name to the calendar folder that has the
publishing settings configured. You can use the following values:
GUID
ADObjectID
Domain\Account
LegacyExchangeDN
SmtpAddress
Alias
Required: True
Position: 1
Default value: None
-PublishDateRangeFrom
The PublishDateRangeFrom parameter specifies the number of days of calendar information to publish before the
current date. You can use the following values:
OneDay
ThreeDays
OneWeek
OneMonth
ThreeMonths
SixMonths
OneYear
The default value is ThreeMonths.
Type: OneDay | ThreeDays | OneWeek | OneMonth | ThreeMonths | SixMonths | OneYear
Required: False
Position: Named
Default value: None
-PublishDateRangeTo
The PublishDateRangeTo parameter specifies the number of days of calendar information to publish after the
current date. You can use the following values:
OneDay
ThreeDays
OneWeek
OneMonth
ThreeMonths
SixMonths
OneYear
The default value is ThreeMonths.
Type: OneDay | ThreeDays | OneWeek | OneMonth | ThreeMonths | SixMonths | OneYear

Required: False
Position: Named
Default value: None
-PublishEnabled
The PublishEnabled parameter specifies whether the specified calendar should be enabled for publishing. The

Required: False
Position: Named
Default value: None
-ResetUrl
The ResetUrl parameter replaces the existing non-public URL with a new URL for a calendar that has been
published without being publicly searchable.
Required: False
Position: Named
Default value: None
-SearchableUrlEnabled
The SearchableUrlEnabled parameter specifies whether the published calendar URL can be searched on the web.

Required: False
Position: Named
Default value: None
-SetAsSharingSource
The SetAsSharingSource switch specifies whether to set the calendar folder as a sharing source. You don't need to
Required: False
Position: Named
Default value: None
-UseHttps
The UseHttps switch specifies whether to use HTTPS for the published URL of the calendar folder. You don't need
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-MailboxExportRequest
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Set-MailboxExportRequest cmdlet to change export
request options after the request has been created. You can use the Set-MailboxExportRequest cmdlet to recover
from failed export requests. This cmdlet is available only in the Mailbox Import Export role, and by default, the role
isn't assigned to any role groups. To use this cmdlet, you need to add the Mailbox Import Export role to a role group
Syntax
Set-MailboxExportRequest [-Identity] <MailboxExportRequestIdParameter> [-RehomeRequest]
[-Confirm]
Set-MailboxExportRequest [-Identity] <MailboxExportRequestIdParameter>

[-Confirm]
Description
You can pipeline the Set-MailboxExportRequest cmdlet from the Get-MailboxExportRequest cmdlet.
Examples
-------------------------- Example 1 --------------------------
Set-MailboxExportRequest -Identity "Ayla\MailboxExport1\" -BadItemLimit 10
This example changes the second export request Ayla\MailboxExport1 to accept up to 10 corrupt mailbox items.
Parameters
Required: False
Position: Named
Default value: None
-BadItemLimit
command will fail.
Type: Unlimited
Required: False
Position: Named
Default value: None
-BatchName
The BatchName parameter specifies the name of the batch.
Type: String
Required: False
Position: Named
Default value: None
before being automatically removed. The default value is 30 days.
Type: Unlimited
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
<alias>\MailboxExportX (where X = 0-9). If you specify a name for the export request, use the following syntax:
<alias>\<name>.
Required: True
Position: 1
Default value: None
-InternalFlags
debugging purposes.
Required: False
Position: Named
Default value: None
-LargeItemLimit
command will fail.
Type: Unlimited
Required: False
Position: Named
Default value: None
-Priority
Lowest
Lower
Low
Normal: This is the default value.
High
Higher
Highest
Emergency
Type: Normal | High
Required: False
Position: Named
Default value: None
-RehomeRequest
The RehomeRequest parameter specifies to the Microsoft Exchange Mailbox Replication service (MRS ) that the
request needs to be moved to the same database as the mailbox that's being exported. This parameter is used
primarily for debugging purposes.
Required: True
Position: Named
Default value: None
-RemoteCredential
Type: PSCredential
Required: False
Position: Named
Default value: None
-RemoteHostName
Type: Fqdn
Required: False
Position: Named
Default value: None
use this parameter:
seconds.
Type: Unlimited
Required: False
Position: Named
Default value: None
-SkipMerging
The SkipMerging parameter specifies steps in the export that should be skipped. This parameter is used primarily
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-MailboxFolderPermission
In ths Article
may be exclusive to one environment or the other. Use the Set-MailboxFolderPermission cmdlet to modify folder-
level permissions for users in mailboxes. This cmdlet differs from the Add-MailboxFolderPermission cmdlet in that
it modifies existing permission entries. To configure calendar publishing or sharing settings for a mailbox so
calendar information is visible to external users, use the Set-MailboxCalendarFolder cmdlet. For information about
Syntax
Set-MailboxFolderPermission [-Identity] <MailboxFolderIdParameter> -AccessRights <MailboxFolderAccessRight[]>
-User <MailboxFolderUserIdParameter> [-Confirm] [-DomainController <Fqdn>] [-WhatIf] [-SendNotificationToUser
<$true | $false>] [-SharingPermissionFlags <None | Delegate | CanViewPrivateItems>]
Description
In Office 365, if you don't use the SendNotificationToUser or SharingPermissionFlags parameters, there are no
changes to the functionality of the cmdlet. For example, if the user is an existing delegate, and you change their
permissions to Editor without using the SendNotificationToUser or SharingPermissionFlags parameters, the user
remains a delegate. But, if you use the SendNotificationToUser parameter ($true or $false), the
SharingPermissionFlags parameter has the default value None, which can affect delegate access for existing users.
For example, you change an existing delegate's permission to Editor, and you use SendNotificationToUser with the
value $true. The user will no longer be a delegate and will only have Editor permissions to the folder.
Examples
-------------------------- Example 1 --------------------------
Set-MailboxFolderPermission -Identity ayla@contoso.com:\Marketing -User ed@contoso.com -AccessRights Owner
This example overwrites Ed's existing permissions for the Marketing folder in Ayla's mailbox. Ed is now granted the
Owner role on the folder.
-------------------------- Example 2 --------------------------
Set-MailboxFolderPermission -Identity ayla@contoso.com:\Calendar -User ed@contoso.com -AccessRights Editor -
SharingPermissionFlags Delegate -SendNotificationToUser $true
In Office 365, this example resends the sharing invitation to an existing delegate without changing their effective
permissions (Ed is already a delegate with Editor permissions to Ayla's mailbox).
-------------------------- Example 3 --------------------------

SharingPermissionFlags Delegate
In Office 365, this example removes access to private items for an existing delegate.
-------------------------- Example 4 --------------------------

SharingPermissionFlags None
In Office 365, this example changes an existing calendar delegate to Editor.

-------------------------- Example 5 --------------------------
Set-MailboxFolderPermission -Identity ayla@contoso.com:\Calendar -User ed@contoso.com -AccessRights Editor
In Office 365, this example changes an existing user's permissions to Editor without changing their current delegate
status.
-------------------------- Example 6 --------------------------

SendNotificationToUser $false
In Office 365, this example changes an existing user's permissions to Editor and removes their current delegate
status.
Parameters
-AccessRights
The AccessRights parameter specifies the permissions that you want to modify for the user on the mailbox folder.
The values that you specify replace the existing permissions for the user on the folder.
You can specify individual folder permissions or roles, which are combinations of permissions. You can specify
multiple permissions and roles separated by commas.
The following individual permissions are available:
CreateItems: The user can create items in the specified folder.
CreateSubfolders: The user can create subfolders in the specified folder.
DeleteAllItems: The user can delete all items in the specified folder.
DeleteOwnedItems: The user can only delete items that they created from the specified folder.
EditAllItems: The user can edit all items in the specified folder.
EditOwnedItems: The user can only edit items that they created in the specified folder.
FolderContact: The user is the contact for the specified public folder.
FolderOwner: The user is the owner of the specified folder. The user can view the folder, move the folder, and
create subfolders. The user can't read items, edit items, delete items, or create items.
FolderVisible: The user can view the specified folder, but can't read or edit items within the specified public
folder.
ReadItems: The user can read items within the specified folder.
The roles that are available, along with the permissions that they assign, are described in the following list:
Author:CreateItems, DeleteOwnedItems, EditOwnedItems, FolderVisible, ReadItems
Contributor:CreateItems, FolderVisible
Editor:CreateItems, DeleteAllItems, DeleteOwnedItems, EditAllItems, EditOwnedItems, FolderVisible,
ReadItems
None:FolderVisible
NonEditingAuthor:CreateItems, FolderVisible, ReadItems
Owner:CreateItems, CreateSubfolders, DeleteAllItems, DeleteOwnedItems, EditAllItems, EditOwnedItems,
FolderContact, FolderOwner, FolderVisible, ReadItems
PublishingEditor:CreateItems, CreateSubfolders, DeleteAllItems, DeleteOwnedItems, EditAllItems,
EditOwnedItems, FolderVisible, ReadItems
PublishingAuthor:CreateItems, CreateSubfolders, DeleteOwnedItems, EditOwnedItems, FolderVisible,
ReadItems
Reviewer:FolderVisible, ReadItems
The following roles apply specifically to calendar folders:
AvailabilityOnly: View only availability data
LimitedDetails: View availability data with subject and location
Type: MailboxFolderAccessRight[]
Required: True
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
The SendNotificationToUser parameter specifies whether to send a sharing invitation to the user when you modify
their calendar permissions. The message will be a normal calendar sharing invitation that can be accepted by the
recipient. Valid values are:
$true: A sharing invitation is sent.
$false: No sharing invitation is sent. This is the default value.
This parameter only applies to calendar folders and can only be used with the following AccessRights parameter
values:
AvailabilityOnly
LimitedDetails
Reviewer
Editor

Required: False
Position: Named
Default value: None
-SharingPermissionFlags
The SharingPermissionFlags parameter assigns calendar delegate permissions. This parameter only applies to
calendar folders and can only be used when the AccessRights parameter value is Editor. Valid values are:
None: Removes delegate permissions and updates the meeting message rule so the user stops receiving
meeting invites and responses for the mailbox. This is the default value when you use the
SendNotificationToUser parameter without specifying a value for the SharingPermissionFlags parameter.
Delegate: The user is made a calendar delegate, which includes receiving meeting invites and responses. If there
are no other delegates, this value will create the meeting message rule. If there are existing delegates, the user is
added to the meeting message rule without changing how delegate messages are sent.
CanViewPrivateItems: The user can access private items on the calendar. You must use this value with the
Delegate value.
Type: None | Delegate | CanViewPrivateItems

Required: False
Position: Named
Default value: None
-User
The User parameter specifies the mailbox, mail user, or mail-enabled security group (security principal) that's
granted permission to the mailbox folder. You can use any value that uniquely identifies the user or group. For
example:
Name
Alias
Canonical DN
Email address
GUID
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-MailboxImportRequest
In ths Article
may be exclusive to one environment or the other. Use the Set-MailboxImportRequest cmdlet to change import
request options after the request has been created. You can use the Set-MailboxImportRequest cmdlet to recover
from failed import requests. This cmdlet is available only in the Mailbox Import Export role, and by default, the role
isn't assigned to any role groups. To use this cmdlet, you need to add the Mailbox Import Export role to a role group
Syntax
Set-MailboxImportRequest [-Identity] <MailboxImportRequestIdParameter> [-RehomeRequest]
[-AzureSharedAccessSignatureToken <String>]
[-Confirm]
Set-MailboxImportRequest [-Identity] <MailboxImportRequestIdParameter>

[-AzureSharedAccessSignatureToken <String>]
[-Confirm]
Description
You can pipeline the Set-MailboxImportRequest cmdlet from the Get-MailboxImportRequest cmdlet.
Examples
-------------------------- Example 1 --------------------------
Set-MailboxImportRequest -Identity "Kweku\Import" -BadItemLimit 5
This example changes the import request Kweku\Import to accept up to five corrupted mailbox items.
-------------------------- Example 2 --------------------------
Get-MailboxImportRequest -Status Suspended | Set-MailboxImportRequest -BatchName April14
This example finds all import requests that have a status of Suspended, and then gives them a batch name of
April14.
Parameters
Required: False
Position: Named
Default value: None
-AzureSharedAccessSignatureToken
PARAMVALUE: String
Type: String
Required: False
Position: Named
Default value: None
-BadItemLimit
command will fail.
Type: Unlimited
Required: False
Position: Named
Default value: None
-BatchName
The BatchName parameter specifies the name of the batch.
Type: String
Required: False
Position: Named
Default value: None
The CompletedRequestAgeLimit parameter specifies how long the request is kept after it has completed before
being automatically removed. The default CompletedRequestAgeLimit parameter value is 30 days.
Type: Unlimited
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
<alias>\MailboxImportX (where X = 0-9). If you specified a name for the import request with the New -
MailboxImportRequest cmdlet, use the following syntax: <alias>\<name>.
Required: True
Position: 1
Default value: None
-InternalFlags
debugging purposes.
Required: False
Position: Named
Default value: None
-LargeItemLimit
command will fail.
Type: Unlimited
Required: False
Position: Named
Default value: None
-Priority
Lowest
Lower
Low
High
Higher
Highest
Emergency
Type: Normal | High

Required: False
Position: Named
Default value: None
-RehomeRequest
The RehomeRequest parameter specifies to the Microsoft Exchange Mailbox Replication service (MRS ) that the
request needs to be moved to the same database as the mailbox being imported. This parameter is used primarily
Required: True
Position: Named
Default value: None
-RemoteCredential
The RemoteCredential parameter specifies the username and password an administrator who has permission to
perform the mailbox import request.
Type: PSCredential
Required: False
Position: Named
Default value: None
-RemoteHostName
The RemoteHostName parameter specifies the FQDN of the cross-forest organization from which you're
configuring the import request.
Type: Fqdn
Required: False
Position: Named
Default value: None
use this parameter:
seconds.
Type: Unlimited
Required: False
Position: Named
Default value: None
-SkipMerging
The SkipMerging parameter specifies the steps in the import that should be skipped. This parameter is used
primarily for debugging purposes.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-MailboxPlan
In ths Article
This cmdlet is available only in the cloud-based service. Use the Set-MailboxPlan cmdlet to modify the settings of
mailbox plans in the cloud-based service. For information about the parameter sets in the Syntax section below, see
Syntax
Set-MailboxPlan [-Identity] <MailboxPlanIdParameter>
[-Confirm]
[-Force]
[-IsDefault]
Description
A mailbox plan is a template that automatically configures mailbox properties. Mailbox plans correspond to license
types, and are applied when you license the user. The availability of a mailbox plan is determined by your selections
when you enroll in the service and the age of your organization.
Modifying the settings in a mailbox plan doesn't affect existing mailboxes that were created using the mailbox plan.
The only way to use a mailbox plan to modify the settings on an existing mailbox is to assign a different license to
the user, which will apply the corresponding mailbox plan to the mailbox.
Each mailbox plan has a corresponding Client Access services (CAS ) mailbox plan with the same name and display
name value. You can use the Set-CasMailboxPlan cmdlet to enable or disable POP3, IMAP4 or Exchange
ActiveSync (EAS ) access to new or newly-enabled mailboxes, and you can specify the Outlook on the web (formerly
known as Outlook Web App) mailbox policy for the mailboxes.
Examples
-------------------------- Example 1 --------------------------
Set-MailboxPlan -Identity ExchangeOnlineEnterprise -ProhibitSendReceiveQuota 40GB -ProhibitSendQuota 39.5GB -
IssueWarningQuota 39GB
This example lowers the default mailbox quotas in the mailbox plan named ExchangeOnlineEnterprise.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Force
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox plan that you want to modify. You can use any value that uniquely
Name
Alias
Display name
GUID
Required: True
Position: 1
Default value: None
-IsDefault
The IsDefault switch specifies that the mailbox plan is the default mailbox plan. You don't need to specify a value
with this switch.
New and newly-enabled mailboxes receive the settings in the default mailbox plan.
Required: False
Position: Named
Default value: None
-IssueWarningQuota
The IssueWarningQuota parameter specifies the warning threshold for the size of the mailboxes that are created or
enabled using the mailbox plan. If the mailbox reaches or exceeds this size, the user receives a descriptive warning
message.
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
The maximum value is determined by the mailbox plan. You can lower the value, and you may be able to raise the
value, but you can't exceed the maximum value that's specified by the subscription or license that corresponds to
the mailbox plan.
Type: Unlimited
Required: False
Position: Named
Default value: None
-MaxReceiveSize
The MaxReceiveSize parameter specifies the maximum size of a message that can be sent to the mailbox. Messages
larger than the maximum size are rejected.
B (bytes)
KB (kilobytes)
MB (megabytes)
A valid value is a number up to 150 MB. The default value is 36 MB.
the mailbox plan.
Type: Unlimited
Required: False
Position: Named
Default value: None
-MaxSendSize
The MaxSendSize parameter specifies the maximum size of a message that can be sent by the mailbox.
B (bytes)
KB (kilobytes)
MB (megabytes)
A valid value is a number up to 150 MB. The default value is 35 MB.
the mailbox plan.
Type: Unlimited
Required: False
Position: Named
Default value: None
-ProhibitSendQuota
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
the mailbox plan.
Type: Unlimited
Required: False
Position: Named
Default value: None
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
The maximum value is determined by the mailbox plan. You can lower the value, but you can't exceed the maximum
value that's specified by the subscription or license that corresponds to the mailbox plan.
Type: Unlimited
Required: False
Position: Named
Default value: None
-RetainDeletedItemsFor
The RetainDeletedItemsFor parameter specifies the length of time to keep soft-deleted items for the mailbox. Soft-
deleted items are items that have been deleted by using any of these methods:
Deleting items from the Deleted Items folder.
Selecting the Empty Deleted Items Folder action.
Deleting items using Shift + Delete.
These actions move the items to the Recoverable Items folder, into a subfolder named Deletions.
Before the deleted item retention period expires, users can recover soft-deleted items in Outlook and Outlook on
the web by using the Recover Deleted Items feature. For more information, see Recoverable Items folder in
Exchange Online (https://docs.microsoft.com/Exchange/security-and-compliance/recoverable-items-
folder/recoverable-items-folder).
seconds.
The default value is 14 days (14.00:00:00). In Exchange Online, you can increase the value to a maximum of 30
days.
Required: False
Position: Named
Default value: None
-RetentionPolicy
Name
GUID
that the items should be retained. The default value is Default MRM Policy.
Required: False
Position: Named
Default value: None
The RoleAssignmentPolicy parameter specifies the role assignment policy that's applied to the mailbox. You can use
any value that uniquely identifies the role assignment policy. For example:
Name
GUID
The default value is Default Role Assignment Policy.
To see the available role assignment policies, use the Get-RoleAssignmentPolicy cmdlet.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-MailboxRestoreRequest
In ths Article
may be exclusive to one environment or the other. Use the Set-MailboxRestoreRequest cmdlet to change restore
request options after the request has been created. You can use this cmdlet to recover from failed restore requests.
Syntax
Set-MailboxRestoreRequest [-Identity] <MailboxRestoreRequestIdParameter> [-RehomeRequest]
[-Confirm]
Set-MailboxRestoreRequest [-Identity] <MailboxRestoreRequestIdParameter>

[-Confirm]
[-WhatIf]
Description
Examples
-------------------------- Example 1 --------------------------
Set-MailboxRestoreRequest -Identity "Ayla\MailboxRestore1" -BadItemLimit 10
This example changes the second restore request for Ayla\MailboxRestore1 to skip 10 corrupt mailbox items.
-------------------------- Example 2 --------------------------
Set-MailboxRestoreRequest -Identity "Kweku\MailboxRestore" -BadItemLimit 100 -AcceptLargeDataLoss
This example changes the first restore request for Kweku's mailbox to skip 100 corrupt items. Because the
BadItemLimit is greater than 50, the AcceptLargeDataLoss parameter must be specified.
Parameters
Required: False
Position: Named
Default value: None
-BadItemLimit
command will fail.
Type: Unlimited
Required: False
Position: Named
Default value: None
-BatchName
The BatchName parameter specifies the name of the batch. Use this parameter to change, create, or remove a batch
name.
To remove a batch name, set the BatchName parameter value to an empty string or to null, for example, -
BatchName "" or -BatchName $null.
Type: String
Required: False
Position: Named
Default value: None
The CompletedRequestAgeLimit parameter specifies how long the status of a completed restore request is set to
Completed. If this parameter is set to a value of 0, the status is cleared immediately instead of changing it to
Completed.
Type: Unlimited
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
the restore request uses the following syntax: <alias>\<name>
Required: True
Position: 1
Default value: None
-InternalFlags
debugging purposes.
Required: False
Position: Named
Default value: None
-LargeItemLimit
command will fail.
Type: Unlimited
Required: False
Position: Named
Default value: None
-Priority
Lowest
Lower
Low
High
Higher
Highest
Emergency
Type: Normal | High

Required: False
Position: Named
Default value: None
-RehomeRequest
The RehomeRequest switch specifies that the mailbox restore request be moved to a different mailbox database.
Use this parameter to edit a mailbox restore request in the case where the source mailbox database from the
original move request has to be removed.
Required: True
Position: Named
Default value: None
-RemoteHostName
Type: Fqdn
Required: False
Position: Named
Default value: None
use this parameter:
seconds.
Type: Unlimited
Required: False
Position: Named
Default value: None
-SkipMerging
The SkipMerging parameter specifies folder-related items to skip when restoring the mailbox. Use one of the
following values:
FolderRules
FolderACLs
InitialConnectionValidation
Use this parameter only if a restore request fails because of folder rules, folder access control lists (ACLs), or initial
connection validation.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-MailboxSentItemsConfiguration
In ths Article
This cmdlet is available only in Exchange Server 2010. Use the Set-MailboxSentItemsConfiguration cmdlet to
modify the Sent Items settings for mailboxes in your organization. For information about the parameter sets in the
Syntax
Set-MailboxSentItemsConfiguration [-Confirm] [-DomainController <Fqdn>] [-Identity <MailboxIdParameter>]
[-SendAsItemsCopiedTo <SentItemsCopiedTo>] [-SendOnBehalfOfItemsCopiedTo <SentItemsCopiedTo>] [-WhatIf]
Description
By default, when you use Send As or Send On Behalf Of to send a message from another mailbox, the message is
saved in your Sent Items folder (not in the Sent Items folder of the source mailbox). In Microsoft Exchange Server
2010 Service Pack 3 (SP3), you can save copies messages in the Sent Items folder of the sender and the source
mailbox. For example, consider a shared mailbox that receives customer feedback and is monitored by multiple
users. When someone responds to a message in the shared mailbox, you can save the message in the Sent Items
folder of the shared mailbox and the sender's mailbox.
Examples
-------------------------- Example 1 --------------------------
Set-MailboxSentItemsConfiguration -Identity "Customer Support Feedback" -SendAsItemsCopiedTo SenderAndFrom
This example configures the shared mailbox named "Customer Support Feedback" so that sent messages are saved
both to the Sent Items folder of the "Customer Support Feedback" mailbox, and the Sent Items folder of the user
that sent the message.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the mailbox whose Sent Items configuration you want to modify. You can use any
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-SendAsItemsCopiedTo
The SendAsItemsCopiedTo parameter specifies where messages that are sent from the mailbox using Send As
permission are saved. Valid values are:
Sender: Messages sent from the mailbox are saved in the Sent Items folder of the user who sent the message.
SenderAndFrom: Messages sent from the mailbox are saved in the Sent Items folder of the user who sent the
message, and in the Sent Items folder of the mailbox.
Type: SentItemsCopiedTo
Required: False
Position: Named
Default value: None
-SendOnBehalfOfItemsCopiedTo
The SendOnBehalfOfItemsCopiedTo parameter specifies where messages that are sent from the mailbox using
Send On Behalf Of permission are saved. Valid values are:
Sender: Messages sent from the mailbox are saved in the Sent Items folder of the user who sent the message.
SenderAndFrom: Messages sent from the mailbox are saved in the Sent Items folder of the user who sent the
message, and in the Sent Items folder of the mailbox.
Type: SentItemsCopiedTo
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Set-ResourceConfig
In ths Article
may be exclusive to one environment or the other. Use the Set-ResourceConfig cmdlet to create custom resource
properties that you can add to room and equipment mailboxes. For information about the parameter sets in the
Syntax
Set-ResourceConfig [-Confirm] [-DomainController <Fqdn>] [-ResourcePropertySchema <MultiValuedProperty>]
Description
After you use this cmdlet to create custom resource properties, you use the ResourceCustom parameter on the Set-
Mailbox cmdlet to add one or more of those properties to a room or equipment mailbox. For more information, see
the ResourceCustom parameter description in Set-Mailbox.
Examples
-------------------------- Example 1 --------------------------
Set-ResourceConfig -ResourcePropertySchema Room/Whiteboard,Equipment/Van
This example adds the custom resource properties Room/Whiteboard and Equipment/Van. These values replace
any existing custom resource properties that are already configured.
-------------------------- Example 2 --------------------------
Set-ResourceConfig -ResourcePropertySchema @{Add="Room/TV"; Remove="Equipment/Laptop"}
This example adds the custom resource property Room/TV and removes Equipment/Laptop without affecting
other custom resource properties that are already configured.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-ResourcePropertySchema
The ResourcePropertySchema parameter specifies the custom resource property that you want to make available
to room or equipment mailboxes. This parameter uses the syntax Room/<Text> or Equipment/<Text> where the
<Text> value doesn't contain spaces. For example, Room/Whiteboard or Equipment/Van. You can specify multiple
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Set-SweepRule
In ths Article
may be exclusive to one environment or the other. Use the Set-SweepRule cmdlet to modify Sweep rules in
Syntax
Set-SweepRule [-Identity] <SweepRuleIdParameter> [-Confirm] [-DestinationFolder <MailboxFolderIdParameter>]
[-DomainController <Fqdn>] [-Enabled <$true | $false>] [-ExceptIfFlagged <$true | $false>]
[-ExceptIfPinned <$true | $false>] [-KeepForDays <Int32>] [-KeepLatest <Int32>]
[-Mailbox <MailboxIdParameter>] [-Name <String>] [-Provider <String>] [-Sender <RecipientIdParameter>]
[-SourceFolder <MailboxFolderIdParameter>]
[-SystemCategory <NotDefined | FromContact | Newsletter | Photo | SocialUpdate | Video | Document | File |
MailingList | ShippingNotification | LiveView | DocumentPlus | Important | Family | Bills | Shopping | Travel |
Flight | RestaurantReservation | Lodging | RentalCar | Purchase | Event | RetiredPromotion>]
Description
Examples
-------------------------- Example 1 --------------------------
Set-SweepRule -Identity x2hlsdpGmUifjFgxxGIOJw== -KeepForDays 15 -ExceptIfPinned $true
This example modifies the existing rule that has the rule ID value x2hlsdpGmUifjFgxxGIOJw== with the specified
value.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DestinationFolder
The DestinationFolder parameter specifies an action for the Sweep rule that moves messages to the specified folder
based on the conditions of the rule.
The default value is Deleted Items.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Enabled

Required: False
Position: Named
Default value: None
-ExceptIfFlagged
The ExceptIfFlagged parameter specifies an exception for the Sweep rule that looks messages with a message flag
applied. Valid values are:
$true: The rule action isn't applied to messages that have a message flag applied.
The typical message flag values are:
Any
Call
DoNotForward
FollowUp
ForYourInformation
Forward
NoResponseNecessary
Read
Reply
ReplyToAll
Review

Required: False
Position: Named
Default value: None
-ExceptIfPinned
The PinMessage parameter specifies an exception for the Sweep rule that looks for pinned messages. Valid values
are:
$true: The rule action isn't applied to messages that are pinned to the top of the Inbox.

Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Sweep rule that you want to modify. You can use any value that uniquely
You can get these identity values by using the Get-SweepRule cmdlet.
Required: True
Position: 1
Default value: None
-KeepForDays
The KeepForDays parameter specifies an action for the Sweep rule that specifies the number of days to keep
messages that match the conditions of the rule. After the number of days have passed, the messages are moved to
the location that's specified by the DestinationFolder parameter (by default, the Deleted Items folder).
You can't use this parameter with the KeepLatest parameter, and the Sweep rule must contain a KeepForDays or
Type: Int32
Required: False
Position: Named
Default value: None
-KeepLatest
The KeepLatest parameter specifies an action for the Sweep rule that specifies the number of messages to keep that
match the conditions of the rule. After the number of messages is exceeded, the oldest messages are moved to the
location that's specified by the DestinationFolder parameter (by default, the Deleted Items folder).
You can't use this parameter with the KeepForDays parameter, and the Sweep rule must contain a KeepForDays or
Type: Int32
Required: False
Position: Named
Default value: None
-Mailbox
The Mailbox parameter specifies the mailbox that contains the rule you want to modify. You can use any value that
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the name of the Sweep rule. If the value contains spaces, enclose the value in
quotation marks.
Type: String
Required: False
Position: Named
Default value: None
-Provider
The Provider parameter specifies the provider for the Sweep rule. If the value contains spaces, enclose the value in
quotation marks.
For Sweep rules that you create in Outlook on the web, the default value is Exchange16.
Type: String
Required: False
Position: Named
Default value: None
-Sender
The Sender parameter specifies a condition for the Sweep rule that looks for the specified sender in messages. For
internal senders, you can use any value that uniquely identifies the sender. For example:
Name
Alias
Canonical DN
Email address
GUID
For external senders, use their email address.
Required: False
Position: Named
Default value: None
-SourceFolder
The SourceFolder parameter specifies a condition for the Sweep rule that looks for messages in the specified folder.
The default value is Inbox.
Required: False
Position: Named
Default value: None
-SystemCategory
The SystemCategory parameter specifies a condition for the sweep rule that looks for messages with the specified
system category. System categories are available to all mailboxes in the organization. Valid values are:
NotDefined
Bills
Document
DocumentPlus
Event
Family
File
Flight
FromContact
Important
LiveView
Lodging
MailingList
Newsletter
Photo
Purchase
RentalCar
RetiredPromotion
Shopping
SocialUpdate
Travel
Video
Type: NotDefined | FromContact | Newsletter | Photo | SocialUpdate | Video | Document | File | MailingList |
ShippingNotification | LiveView | DocumentPlus | Important | Family | Bills | Shopping | Travel | Flight |
RestaurantReservation | Lodging | RentalCar | Purchase | Event | RetiredPromotion
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
Outputs
Related Links
Online Version
Set-UserPhoto
In ths Article
may be exclusive to one environment or the other. Use the Set-UserPhoto cmdlet to configure the user photos
feature that allows users to associate a picture with their account. User photos appear in on-premises and cloud-
based client applications, such as Outlook on the web, Lync, Skype for Business, and SharePoint. For information
Syntax
Set-UserPhoto [-Identity] <MailboxIdParameter> [-Cancel]
[-Confirm]
[-GroupMailbox]
Set-UserPhoto [-Identity] <MailboxIdParameter> -PictureData <Byte[]>

[-Confirm]
[-GroupMailbox]
Set-UserPhoto [-Identity] <MailboxIdParameter> [-PictureData <Byte[]>] [-PictureStream <Stream>] [-Preview]

[-Confirm]
[-GroupMailbox]
Set-UserPhoto [-Identity] <MailboxIdParameter> -PictureStream <Stream>

[-Confirm]
[-GroupMailbox]
Set-UserPhoto [-Identity] <MailboxIdParameter> [-Save]
[-Confirm]
[-GroupMailbox]
Description
The user photos feature allows users to associate a picture with their account. User photos are stored in the user's
Active Directory account and in the root directory of the user's Exchange mailbox. Administrators use the Set-
UserPhoto cmdlet to configure user photos. Users can upload, preview, and save a user photo to their account by
using the Outlook on the web Options page. When a user uploads a photo, a preview of the photo is displayed on
the Outlook on the web Options page. This is the preview state, and creates the same result as running the Set-
UserPhoto cmdlet using the Preview parameter. If the user clicks Save, the preview photo is saved as the user's
photo. This is the same result as running the Set-UserPhoto -Save command or running both the Set-UserPhoto -
Preview and Set-UserPhoto -Save commands. If the user cancels the preview photo on the Outlook on the web
Options page, then the Set-UserPhoto -Cancel command is called.
A user photo must be set for a user before you can run the Get-UserPhoto cmdlet to view information about the
user's photo. Otherwise, you'll get an error message saying the user photo doesn't exist for the specified user.
Alternatively, you can run the Get-UserPhoto -Preview command to view information about a preview photo.
Examples
-------------------------- Example 1 --------------------------
Set-UserPhoto -Identity "Paul Cannon" -PictureData

([System.IO.File]::ReadAllBytes("C:\Users\Administrator\Desktop\PaulCannon.jpg"))
This example uploads and saves a photo to Paul Cannon's user account using a single command.
-------------------------- Example 2 --------------------------
Set-UserPhoto -Identity "Ann Beebe" -PictureData

([System.IO.File]::ReadAllBytes("C:\Users\Administrator\Desktop\AnnBeebe.jpg")) -Preview; Set-UserPhoto "Ann
Beebe" -Save
This example shows how to use two commands to upload and save a preview photo to Ann Beebe's user account.
The first command uploads a preview photo to Ann Beebe's user account, and the second command saves the
uploaded photo as the preview photo.
-------------------------- Example 3 --------------------------
Set-UserPhoto -Identity "Ann Beebe" -Cancel
This example deletes the preview photo that was uploaded in the previous example.
Parameters
-Cancel
The Cancel switch parameter deletes the photo that's currently uploaded as the preview photo. You don't need to
To delete the photo that's currently associated with a user's account, use the Remove-UserPhoto cmdlet. The Cancel
switch only deletes the preview photo.
Required: True
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-GroupMailbox
switch.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the identity of the user. You can use any value that uniquely identifies the user. For
example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
Required: True
Position: 1
Default value: None
-IgnoreDefaultScope
automatically.
accepted.
Required: False
Position: Named
Default value: None
-PhotoType
Type: String
Required: False
Position: Named
Default value: None
-PictureData
The PictureData parameter specifies the photo file that will be uploaded to the user's account.
This parameter uses the syntax ([System.IO.File]::ReadAllBytes("<file name and path>")). The following is an
example. ([System.IO.File]::ReadAllBytes("C:\Documents\Pictures\MyPhoto.jpg")).
Type: Byte[]
Required: True
Position: Named
Default value: None
-PictureStream
The PictureStream parameter specifies the photo that will be uploaded to the user's account. This parameter is used
by client applications such as Outlook on the web when users add a photo. To upload a photo using PowerShell,
use the PictureData parameter to specify the photo file.
Type: Stream
Required: True
Position: Named
Default value: None
-Preview
The Preview switch uploads a preview photo for the user account. You don't need to specify a value with this switch.
A preview photo is the photo object that is uploaded to the user's account, but isn't saved. For example, if a user
uploads a photo in Outlook on the web Options to preview before saving it. If you use the Preview switch to upload
a preview photo, you need to run the command Set-UserPhoto -Save to save it as the user's photo.
Required: True
Position: Named
Default value: None
-Save
The Save switch specifies that the photo that's uploaded to the user's account will be saved as the user's photo. You
Required: True
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Suspend-MailboxExportRequest
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Suspend-MailboxExportRequest cmdlet to suspend
an export request any time after the request was created, but before the request reaches the status of Completed.
You can resume the request by using the Resume-MailboxExportRequest cmdlet. This cmdlet is available only in the
Mailbox Import Export role, and by default, the role isn't assigned to any role groups. To use this cmdlet, you need
to add the Mailbox Import Export role to a role group (for example, to the Organization Management role group).
Syntax
Suspend-MailboxExportRequest [-Identity] <MailboxExportRequestIdParameter> [-Confirm]
[-DomainController <Fqdn>] [-SuspendComment <String>] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Suspend-MailboxExportRequest -Identity "Ayla\MailboxExport1"
This example suspends the second export request for Ayla's mailbox with the identity Ayla\MailboxExport1.
-------------------------- Example 2 --------------------------
Get-MailboxExportRequest -Status InProgress | Suspend-MailboxExportRequest -SuspendComment "Resume after 22:00

(10 P.M.)"
This example suspends all export requests that are in progress by using the Get-MailboxExportRequest cmdlet to
retrieve all requests with a status of InProgress, and then pipelining the output to the Suspend-
MailboxExportRequest cmdlet with the suspend comment "Resume after 22:00 (10 P.M.)".
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
Required: True
Position: 1
Default value: None
-SuspendComment
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Suspend-MailboxImportRequest
In ths Article
may be exclusive to one environment or the other. Use the Suspend-MailboxImportRequest cmdlet to suspend an
import request any time after the request was created, but before the request reaches the status of Completed. You
can resume the move request by using the Resume-MailboxImportRequest cmdlet. This cmdlet is available only in
the Mailbox Import Export role, and by default, the role isn't assigned to any role groups. To use this cmdlet, you
need to add the Mailbox Import Export role to a role group (for example, to the Organization Management role
group). For more information, see the "Add a role to a role group" section in Manage role groups
Syntax
Suspend-MailboxImportRequest [-Identity] <MailboxImportRequestIdParameter> [-Confirm]
Description
Examples
-------------------------- Example 1 --------------------------
Suspend-MailboxImportRequest -Identity "Ayla\MailboxImport1"
This example suspends the second import request for Ayla's mailbox with the identity Ayla\MailboxImport1.
-------------------------- Example 2 --------------------------
Get-MailboxImportRequest -Status InProgress | Suspend-MailboxImportRequest -SuspendComment "Resume after 22:00

(10 P.M.)"
This example suspends all import requests that are in progress by using the Get-MailboxImportRequest cmdlet to
retrieve all requests with a Status of InProgress and then pipelining the output to the Suspend-
MailboxImportRequest cmdlet with the suspend comment "Resume after 22:00 (10 P.M.)".
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
<alias>\MailboxImportX (where X = 0-9). If you created the request by using the Name parameter, use the
following syntax: <alias>\<name>.
Required: True
Position: 1
Default value: None
-SuspendComment
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Suspend-MailboxRestoreRequest
In ths Article
may be exclusive to one environment or the other. Use the Suspend-MailboxRestoreRequest cmdlet to suspend a
restore request any time after the request was created, but before the request reaches the status of Completed. You
can resume the restore request by using the Resume-MailboxRestoreRequest cmdlet. For information about the
Syntax
Suspend-MailboxRestoreRequest [-Identity] <MailboxRestoreRequestIdParameter> [-Confirm]
Description
Examples
-------------------------- Example 1 --------------------------
Suspend-MailboxRestoreRequest -Identity "Ayla\MailboxRestore1"
This example suspends the second restore request for Ayla's mailbox with the identity Ayla\MailboxRestore1.
-------------------------- Example 2 --------------------------
Get-MailboxRestoreRequest -Status InProgress | Suspend-MailboxRestoreRequest -SuspendComment "Resume after

10:00 PM"
This example suspends all restore requests that are in progress by using the Get-MailboxRestoreRequest cmdlet to
retrieve all requests with a status of InProgress and then pipelines the output to the Suspend-
MailboxRestoreRequest cmdlet with the suspend comment "Resume after 10:00 PM."
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
Required: True
Position: 1
Default value: None
-SuspendComment
The SuspendComment parameter specifies a description about why the request was suspended.
Type: String
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Test-MAPIConnectivity
In ths Article
may be exclusive to one environment or the other. Use the Test-MapiConnectivity cmdlet to verify server
functionality by logging on to the mailbox that you specify. If you don't specify a mailbox, the cmdlet logs on to the
SystemMailbox on the database that you specify. For information about the parameter sets in the Syntax section
Syntax
Test-MAPIConnectivity -Database <DatabaseIdParameter>
[-ActiveDirectoryTimeout <Int32>]
[-AllConnectionsTimeout <Int32>]
[-Confirm]
[-MonitoringContext <$true | $false>]
[-PerConnectionTimeout <Int32>]
Test-MAPIConnectivity [-Identity] <MailboxIdParameter>

[-Archive]
[-Confirm]
Test-MAPIConnectivity [-Server <ServerIdParameter>]

[-Confirm]
[-IncludePassive]
Description
The Test-MapiConnectivity cmdlet verifies server functionality. This cmdlet logs on to the mailbox that you specify
(or to the SystemMailbox if you don't specify the Identity parameter) and retrieves a list of items in the Inbox.
Logging on to the mailbox tests two critical protocols used when a client connects to a Mailbox server: MAPI and
LDAP. During authentication, the Test-MapiConnectivity cmdlet indirectly verifies that the MAPI server, Exchange
store, and Directory Service Access (DSAccess) are working.
The cmdlet logs on to the mailbox that you specify using the credentials of the account with which you're logged on
to the local computer. After a successful authentication, the Test-MapiConnectivity cmdlet accesses the mailbox to
verify that the database is working. If a successful connection to a mailbox is made, the cmdlet also determines the
time that the logon attempt occurred.
There are three distinct parameters that you can use with the command: Database, Identity and Server:
The Database parameter takes a database identity and tests the ability to log on to the system mailbox on the
specified database.
The Identity parameter takes a mailbox identity and tests the ability to log on to a specific mailbox.
The Server parameter takes a server identity and tests the ability to log on to each system mailbox on the
specified server.
Examples
-------------------------- Example 1 --------------------------
Test-MapiConnectivity -Server "Server01"
This example tests connectivity to the server Server01.

-------------------------- Example 2 --------------------------
Test-MapiConnectivity -Identity "midwest\john"
This example tests connectivity to a mailbox, specified as a domain name and user name.
Parameters
-ActiveDirectoryTimeout
The ActiveDirectoryTimeout parameter specifies the amount of time, in seconds, allowed for each Active Directory
operation to complete before the operation times out. The default value is 15 seconds.
Type: Int32
Required: False
Position: Named
Default value: None
-AllConnectionsTimeout
The AllConnectionsTimeout parameter specifies the amount of time, in seconds, allowed for all connections to
complete before the cmdlet times out. The time-out countdown doesn't begin until all information necessary to
perform the connections is gathered from Active Directory.The default value is 90 seconds.
Type: Int32
Required: False
Position: Named
Default value: None
-Archive
The Archive parameter specifies whether to test the MAPI connectivity of the personal archive associated with the
specified mailbox. If you don't specify this parameter, only the primary mailbox is tested.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-CopyOnServer
The CopyOnServer parameter specifies the Mailbox server that holds the specific database copy to test. You can
use any value that uniquely identifies the server. For example:
Name
FQDN
Exchange Legacy DN
You can only use this parameter with the Server parameter, not the Identify or Database parameters.
Required: False
Position: Named
Default value: None
-Database
The Database parameter specifies the database on which to test the connectivity to the system mailbox. You can use
Name
GUID
If you don't use this parameter or the Identity parameter, the command tests the SystemMailbox on each active
database on the Exchange server (the local Exchange server or the server you specify with the Server parameter).
You can't use the Identity, Database, or Server parameters in the same command.
Required: True
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies a mailbox to test. You can use any value that uniquely identifies the mailbox. For
example:
Name
Alias
Canonical DN
Email address
GUID
LegacyExchangeDN
SamAccountName
This cmdlet accepts pipeline input from the Get-Mailbox or Get-Recipient cmdlet. If you pipe the identify from the
Get-Mailbox or Get-Recipient cmdlets, you don't need to use this parameter.
If you don't use this parameter, the cmdlet tests the SystemMailbox on the database that you specify.
Required: True
Position: 1
Default value: None
-IncludePassive
Without the IncludePassive parameter, the cmdlet tests MAPI connectivity from active database copies only. Using
the IncludePassive parameter, you can have the cmdlet test MAPI connectivity from all active and passive database
copies.
Required: False
Position: Named
Default value: None
-MonitoringContext
Required: False
Position: Named
Default value: None
The PerConnectionTimeout parameter specifies the amount of time, in seconds, allowed for each connection to
complete before the connection times out. The default value is 10 seconds.
Type: Int32
Required: False
Position: Named
Default value: None
-Server
The Server parameter specifies the server on which you will test the MAPI connectivity. The command tests the
MAPI connectivity to each system mailbox hosted on active databases on the specified server. You can use any
Name
FQDN
Exchange Legacy DN
If you don't specify this parameter, the command tests the mailbox on the local server.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Undo-SoftDeletedMailbox
In ths Article
This cmdlet is available only in the cloud-based service. Use the Undo-SoftDeletedMailbox cmdlet to recover a
mailbox that has been deleted. Mailboxes can be recovered within 30 days of being deleted. For information about
Syntax
Undo-SoftDeletedMailbox [-SoftDeletedObject] <MailboxIdParameter> [-DisplayName <String>] [-PublicFolder]
[-Confirm]
[-Name <String>]
Undo-SoftDeletedMailbox [-SoftDeletedObject] <MailboxIdParameter> [-Password <SecureString>] [-WindowsLiveID

<WindowsLiveId>]
[-Confirm] [-DisplayName <String>]
[-Name <String>]
Description
Use the Undo-SoftDeletedMailbox cmdlet to recover a mailbox that has been deleted. When a mailbox is deleted
with the Remove-Mailbox cmdlet, it's not actually deleted. It's hidden in Exchange and moved in Active Directory to
the organizational unit (OU ) Soft Deleted Objects. This enables administrators to recover deleted mailboxes for up
to 30 days after deletion.
If the Microsoft account (formerly known as a Windows Live ID ) wasn't deleted when the mailbox was deleted, you
have to specify a new Microsoft account and password when you use the Undo-SoftDeletedMailbox cmdlet to
recover a mailbox.
Examples
-------------------------- Example 1 --------------------------
Undo-SoftDeletedMailbox -SoftDeletedObject florencef
This example recovers the deleted mailbox for the user Florence Flipo. When this mailbox was deleted, the
associated Windows Live ID was also deleted.
-------------------------- Example 2 --------------------------
Undo-SoftDeletedMailbox bjohnson@contoso.edu -WindowsLiveID brianj@contoso.edu -Password (ConvertTo-

SecureString -String 'Pa$$word1' -AsPlainText -Force)
This example recovers the deleted mailbox for the user Brian Johnson. When this mailbox was deleted, the
associated Microsoft account (formerly known as a Windows Live ID ) wasn't deleted. Note that a new Microsoft
account and password have to be created to recover this mailbox. In the scenario, the old Microsoft account is
retained as a proxy address for the mailbox.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DisplayName
The DisplayName parameter specifies the new display name for the recovered mailbox.
Type: String
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies a new value for the Name property of the recovered mailbox. Otherwise, the
original value is retained when the mailbox is recovered. The new name value is also used in the
DistinguishedName property.
Type: String
Required: False
Position: Named
Default value: None
-Password
The Password parameter specifies a new password for the mailbox.
parameter.
You have to include the Password parameter to recover a deleted mailbox with an existing Microsoft account
(formerly known as a Windows Live ID ) that wasn't deleted with the mailbox.
Type: SecureString
Required: False
Position: Named
Default value: None
-PublicFolder
The PublicFolder switch is required to recover public folder mailboxes. You don't need to specify a value with this
switch.
Required: True
Position: Named
Default value: None
-SoftDeletedObject
The SoftDeletedObject parameter specifies the deleted mailbox to recover. You can use the alias or the email
address of the deleted mailbox for the value of this parameter. Use the Get-Mailbox -SoftDeletedMailbox command
to get information for deleted mailboxes.
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
-WindowsLiveID
The WindowsLiveID parameter specifies a new Microsoft account (formerly known as a Windows Live ID ) and
primary SMTP for the mailbox. The previous Microsoft account is retained as a proxy address for the mailbox.
You have to include the WindowsLiveID parameter to recover a deleted mailbox with an existing Microsoft account
that wasn't deleted with the mailbox.
Type: WindowsLiveId
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Add-ResubmitRequest
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Add-ResubmitRequest cmdlet to add requests to
replay redundant copies of messages from Safety Net after a mailbox database recovery. For information about the
Syntax
Add-ResubmitRequest -EndTime <DateTime> -StartTime <DateTime> [-Destination <Guid>]
[-Confirm]
[-CorrelationId <Guid>]
[-TestOnly <$true | $false>]
[-UnresponsivePrimaryServers <MultiValuedProperty>]
Add-ResubmitRequest -EndTime <DateTime> -StartTime <DateTime> [-MessageId <String>] [-Recipient <String>] [-

ResubmitTo <String>] [-Sender <String>]
[-Confirm]
[-CorrelationId <Guid>]
[-TestOnly <$true | $false>]
[-UnresponsivePrimaryServers <MultiValuedProperty>]
Description
Examples
-------------------------- Example 1 --------------------------
Add-ResubmitRequest -Destination 5364aeea-6e6b-4055-8258-229b2c6ac9a2 -StartTime "06/01/2018 6:00 PM" -EndTime

"06/02/2018 5:00 AM"
This example replays the redundant copies of messages delivered from 6:00 PM June 1, 2018 to 5:00 AM June 2
2018 to the recovered mailbox database 5364aeea-6e6b-4055-8258-229b2c6ac9a2.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-CorrelationId
Type: Guid
Required: False
Position: Named
Default value: None
-Destination
The Destination parameter specifies the GUID of the destination mailbox database. To find the GUID of the mailbox
database, run the command: Get-MailboxDatabase -Server <servername> | Format-List Name,GUID.
You can't use this parameter with the Recipient, ResubmitTo, or Sender parameters.
Type: Guid
Required: False
Position: Named
Default value: None
-EndTime
The EndTime parameter specifies the delivery time of the latest messages that need to be resubmitted from Safety
Net.
The date and time specified by the EndTime parameter must be later than the date and time specified by the
StartTime parameter. The date and time specified by both parameters must be in the past.
Type: DateTime
Required: True
Position: Named
Default value: None
-MessageId
the value in quotation marks (for example, "d9683b4c-127b-413a-ae2e-fa7dfb32c69d@contoso.com").
Type: String
Required: False
Position: Named
Default value: None
-Recipient
The Recipient parameter filters the messages to resubmit from Safety Net by the specified recipient's email
address.
You can't use this parameter with the Destination parameter.
Type: String
Required: False
Position: Named
Default value: None
-ResubmitTo
The ResubmitTo parameter specifies the recipient's email address for resubmitted messages that are identified by
using the Recipient or Sender parameters.
Type: String
Required: False
Position: Named
Default value: None
-Sender
The Sender parameter filters the messages to resubmit from Safety Net by the specified sender's email address.
You can't use this parameter with the Destination parameter.
Type: String
Required: False
Position: Named
Default value: None
-Server
Name
FQDN
Exchange Legacy DN
Required: False
Position: Named
Default value: None
-StartTime
The StartTime parameter specifies the delivery time of the oldest messages that need to be resubmitted from
Safety Net.
The date and time specified by the StartTime parameter must be earlier than the date and time specified by the
EndTime parameter. The date and time specified by both parameters must be in the past.
Type: DateTime
Required: True
Position: Named
Default value: None
-TestOnly
Required: False
Position: Named
Default value: None
-UnresponsivePrimaryServers
The UnresponsivePrimaryServers parameter identifies the primary servers that should resubmit the messages
from Safety Net as being unavailable so other servers can resubmit the messages. If the primary servers are
unavailable, you can designate other servers that hold redundant copies of the messages in Safety Net to resubmit
their copies of the messages. However, you must identify the unresponsive primary servers to the other servers
using this parameter.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Disable-TransportAgent
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Disable-TransportAgent cmdlet to disable a
transport agent. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Disable-TransportAgent [-Identity] <TransportAgentObjectId> [-Confirm] [-DomainController <Fqdn>] [-WhatIf]
Description
Examples
-------------------------- Example 1 --------------------------
Disable-TransportAgent "Test App" -TransportService Hub
This example shows how a fictitious application named Test App is disabled in the Transport service on a Mailbox
server.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the display name of the transport agent to be disabled. The length of the name
can't exceed 64 characters.
Type: TransportAgentObjectId
Required: True
Position: 1
Default value: None
-TransportService
this parameter are:

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Enable-TransportAgent
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Enable-TransportAgent cmdlet to enable a transport
agent. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax
Syntax
Enable-TransportAgent [-Identity] <TransportAgentObjectId> [-Confirm] [-DomainController <Fqdn>] [-WhatIf]
Description
Examples
-------------------------- Example 1 --------------------------
Enable-TransportAgent "Test App" -TransportService Hub
This example enables a fictitious application named Test App in the Transport service on a Mailbox server.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the display name of the transport agent to be enabled. The length of the name
Required: True
Position: 1
Default value: None
-TransportService
this parameter are:

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Export-Message
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Export-Message cmdlet to copy a message from a
queue on a Mailbox server or an Edge Transport server to a specified file path in your organization. For information
Syntax
Export-Message [-Identity] <MessageIdentity> [-Confirm] [-WhatIf] [<CommonParameters>]
Description
The Export-Message cmdlet copies messages from the Delivery queue, the Unreachable queue, or the poison
message queue on Mailbox server or an Edge Transport server to a specified file path. Before you export a
message, you must first suspend the message. Messages in the poison message queue are already suspended. You
can use the Export-Message cmdlet to copy messages to the Replay directory of another Mailbox server for
delivery.
Examples
-------------------------- Example 1 --------------------------
Export-Message ExchSrv1\contoso.com\1234 | AssembleMessage -Path "c:\exportfolder\filename.eml"
This example exports a single message to the specified file path. Because the Export-Message cmdlet returns a
binary object, you must use the AssembleMessage filter to be able to save the message content into a specified
location.
-------------------------- Example 2 --------------------------
Get-Message -Queue "Server1\contoso.com" -ResultSize Unlimited | ForEach-Object {Suspend-Message $_.Identity -

Confirm:$False; $Temp="C:\ExportFolder\"+$_.InternetMessageID+".eml"; $Temp=$Temp.Replace("<","_");
$temp="$Temp.Replace(" "="">","_"); Export-Message $_.Identity | AssembleMessage -Path $Temp}
This example retrieves all messages from the specified queue. The query results are then piped to the Export-
Message command, and all the messages are copied to individual .eml files. The Internet Message IDs of each
message are used as the file names. To accomplish this, the command does the following:
Retrieves all messages in a specific queue using the Get-Message cmdlet.
The result is pipelined into the ForEach-Object cmdlet, which prepares a file name including full path using the
temporary variable $Temp that consists of the Internet Message ID with .eml extension. The Internet Message
ID field contains angled brackets (">" and "<") which need to be removed as they are invalid file names. This is
done using the Replace method of the temporary variable.
The ForEach-Object cmdlet also exports the message using the file name prepared.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the message. Valid input for this parameter uses the syntax
Server\Queue\MessageInteger or Queue\MessageInteger or MessageInteger, for example,
Mailbox01\contoso.com\5 or 10. For details about message identity, see the "Message identity" section in Find
queues and messages in queues in the Exchange Management Shell
(https://technet.microsoft.com/library/aa998047.aspx).
Type: MessageIdentity
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-AcceptedDomain
In ths Article
may be exclusive to one environment or the other. Use the Get-AcceptedDomain cmdlet to view the configuration
information for the accepted domains in your organization. For information about the parameter sets in the Syntax
Syntax
Get-AcceptedDomain [[-Identity] <AcceptedDomainIdParameter>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-AcceptedDomain
This example lists all the accepted domains in your organization.

-------------------------- Example 2 --------------------------
Get-AcceptedDomain | Where{$_.DomainType -eq 'Authoritative'}
This example lists all the authoritative accepted domains in your organization.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies a string value for the accepted domain. Enter either the GUID or the name of the
accepted domain.
Type: AcceptedDomainIdParameter
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
AddressRewriteEntry cmdlet to view an existing address rewrite entry that rewrites sender and recipient email
addresses in messages sent to or sent from your organization through an Edge Transport server. For information
Syntax
Get-AddressRewriteEntry [[-Identity] <AddressRewriteEntryIdParameter>] [-DomainController <Fqdn>]
Description
Examples
-------------------------- Example 1 --------------------------
This example returns a summary listing of all address rewrite entries.

-------------------------- Example 2 --------------------------
Get-AddressRewriteEntry "Address rewrite entry for contoso.com" | Format-List
This example returns the detailed configuration of a single address rewrite entry by piping the results to the
Format-List command.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the address rewrite entry to be retrieved. The Identity parameter accepts a GUID
or the unique address rewrite name. You can omit the Identity parameter label.
Type: AddressRewriteEntryIdParameter
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-DeliveryAgentConnector
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-DeliveryAgentConnector cmdlet to retrieve
information about a specific delivery agent connector in your organization. For information about the parameter
Syntax
Get-DeliveryAgentConnector [[-Identity] <DeliveryAgentConnectorIdParameter>] [-DomainController <Fqdn>]
Description
Delivery agent connectors are used to route messages addressed to foreign systems that don't use the SMTP
protocol. When a message is routed to a delivery agent connector, the associated delivery agent performs the
content conversion and message delivery. Delivery agent connectors allow queue management of foreign
connectors, thereby eliminating the need for storing messages on the file system in Drop and Pickup directories.
For more information, see Delivery agents and Delivery Agent connectors
Examples
-------------------------- Example 1 --------------------------
Get-DeliveryAgentConnector "Contoso X.400 Connector" | Format-List
This example reads the configuration of the delivery agent connector named Contoso X.400 Connector from Active
Directory and displays all of its properties in a list format.
-------------------------- Example 2 --------------------------
Get-DeliveryAgentConnector | Format-Table Name,DeliveryProtocol
This example retrieves a list of all delivery agent connectors in your organization and displays their names and
delivery protocols in a table format.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the GUID or name of the delivery agent connector.
Type: DeliveryAgentConnectorIdParameter
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-EdgeSubscription
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-EdgeSubscription cmdlet to retrieve
information about Edge Subscriptions in your organization. For information about the parameter sets in the Syntax
Syntax
Get-EdgeSubscription [[-Identity] <TransportServerIdParameter>] [-DomainController <Fqdn>] [<CommonParameters>]
Description
Run the Get-EdgeSubscription cmdlet on an Exchange server in your organization. This cmdlet retrieves the list of
Edge Subscriptions. Each Edge Transport server that's subscribed to the Exchange organization has a separate Edge
Subscription. You can use this cmdlet to view the Edge Subscription information for a specific Edge Transport
server. You can also use this cmdlet to view the Edge Subscription information for all Edge Transport servers
subscribed to Active Directory sites.
Examples
-------------------------- Example 1 --------------------------
Get-EdgeSubscription | Format-List
This example retrieves detailed Edge Subscription information for all Edge Transport servers subscribed to your
Exchange organization.
-------------------------- Example 2 --------------------------
Get-EdgeSubscription Edge1 -DomainController DC1.contoso.com
This example retrieves the Edge Subscription information for the Edge Transport server name Edge1 from the
domain controller named DC1.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name of the Edge Transport server for which you want to retrieve Edge
Subscription information. The identity is expressed as the host name of the Edge Transport server. If no identity is
specified, all Edge Subscriptions are returned.
Type: TransportServerIdParameter
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-EdgeSyncServiceConfig
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-EdgeSyncServiceConfig cmdlet to retrieve the
edge synchronization services settings that control the general synchronization behavior shared by all Microsoft
Exchange EdgeSync services. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Get-EdgeSyncServiceConfig [[-Identity] <EdgeSyncServiceConfigIdParameter>] [-DomainController <Fqdn>]
[-Site <AdSiteIdParameter>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-EdgeSyncServiceConfig "Primary EdgeSync Settings" | Format-List
This example reads the configuration of the Microsoft Exchange EdgeSync service settings named Primary
EdgeSync Settings from Active Directory and displays all its properties in a list format.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name of the Microsoft Exchange EdgeSync service configuration you want to
view.
Type: EdgeSyncServiceConfigIdParameter
Required: False
Position: 1
Default value: None
-Site
The Site parameter specifies the Active Directory site that EdgeSync connects to for synchronizing configuration
and recipient data.
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-ForeignConnector cmdlet to view the
configuration information for a Foreign connector in the Transport service of a Mailbox server. For information
Syntax
Get-ForeignConnector [[-Identity] <ForeignConnectorIdParameter>] [-DomainController <Fqdn>]
Description
Examples
-------------------------- Example 1 --------------------------
This example lists all Foreign connectors in your organization.

-------------------------- Example 2 --------------------------
Get-ForeignConnector "Fax Connector" | Format-List
This example displays detailed configuration information for the Foreign connector named Fax Connector.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Foreign connector that you want to examine. The Identity parameter can take
any of the following values for the Foreign connector object:
GUID
Connector name
ServerName\ConnectorName
Type: ForeignConnectorIdParameter
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-FrontendTransportService
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-FrontEndTransportService cmdlet to view the
configuration of the Front End Transport service on Exchange 2013 or later servers that have the Client Access
server role installed. For information about the parameter sets in the Syntax section below, see Exchange cmdlet
Syntax
Get-FrontendTransportService [[-Identity] <FrontendTransportServerIdParameter>] [-DomainController <Fqdn>]
Description
The Front End Transport service acts as a stateless proxy for all inbound and outbound external SMTP traffic for the
Exchange organization.
Examples
-------------------------- Example 1 --------------------------
Get-FrontEndTransportService
This example returns a list of all Exchange servers that have the Client Access server role installed.
-------------------------- Example 2 --------------------------
Get-FrontEndTransportService MBX01 | Format-List
This example retrieves the detailed configuration information for the Front End Transport service on the server
named MBX01.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Exchange server with the Client Access server role installed that you want to
view.
Type: FrontendTransportServerIdParameter
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-InboundConnector cmdlet to view the settings
for an Inbound connector in your cloud-based organization. For information about the parameter sets in the Syntax
Syntax
Get-InboundConnector [[-Identity] <InboundConnectorIdParameter>] [<CommonParameters>]
Description
Inbound connectors accept email messages from remote domains that require specific configuration options.
Examples
-------------------------- Example 1 --------------------------
Get-InboundConnector "Inbound Connector for Contoso.com" | Format-List
This example displays detailed configuration information for the Inbound connector named Inbound Connector for
Contoso.com.
-------------------------- Example 2 --------------------------
This example lists all the Inbound connectors configured in your cloud-based organization.
Parameters
-Identity
The Identity parameter specifies the name or GUID of the Inbound connector. If the Identity name contains spaces,
enclose the name in quotation marks ("). You can omit the Identity parameter label.
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-MailboxTransportService cmdlet to view the
configuration of the Mailbox Transport service on Exchange 2013 or later Mailbox servers. For information about
Syntax
Get-MailboxTransportService [[-Identity] <MailboxTransportServerIdParameter>] [-DomainController <Fqdn>]
Description
The Mailbox Transport service runs on all Mailbox servers and is responsible for delivering messages to and
accepting messages from local mailbox databases using remote procedure calls (RPC ). The Mailbox Transport
service also uses SMTP to send messages to and from the Transport service that runs on all Mailbox servers for
routing their ultimate destinations.
Examples
-------------------------- Example 1 --------------------------
This example displays a list of all Mailbox servers in your organization.

-------------------------- Example 2 --------------------------
Get-MailboxTransportService Mailbox01 | Format-List
This example retrieves the detailed transport configuration information for the Mailbox Transport service on the
Mailbox server named Mailbox01.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the server that you want to view.
Type: MailboxTransportServerIdParameter
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-Message
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-Message cmdlet to view the details of one or
more messages in queues on Mailbox servers or Edge Transport servers. For information about the parameter sets
Syntax
Get-Message [-Filter <String>]
[-BookmarkIndex <Int32>]
[-BookmarkObject <ExtensibleMessageInfo>]
[-IncludeBookmark <$true | $false>]
[-IncludeComponentLatencyInfo]
[-IncludeRecipientInfo]
[-ReturnPageInfo <$true | $false>]
[-SearchForward <$true | $false>]
[-SortOrder <QueueViewerSortOrderEntry[]>] [<CommonParameters>]
Get-Message [[-Identity] <MessageIdentity>]

Get-Message [-Queue <QueueIdentity>]

Description
You can display messages by including the server name as part of the Identity parameter or the Queue parameter
or by including the Server parameter with a filter query. The Identity parameter, Queue parameter, and Filter
parameter settings are mutually exclusive.
Examples
-------------------------- Example 1 --------------------------
Get-Message -Filter {FromAddress -like "*@contoso.com"} | Format-List
This example displays detailed information about all messages queued on the local server and received from any
sender at the contoso.com domain.
-------------------------- Example 2 --------------------------
Get-Message -Filter {FromAddress -like "*@contoso.com" -and SCL -gt 3}
This example lists all messages queued on the local server, received from any sender at the contoso.com domain
and that have an SCL value greater than 3.
-------------------------- Example 3 --------------------------
Get-Message -Server Server01.contoso.com -SortOrder: +FromAddress,-Size
This example displays all messages queued on the server named Server01. The results are sorted first in ascending
order by sender address and then in descending order of size.
Parameters
-BookmarkIndex
The BookmarkIndex parameter specifies the position in the result set where the displayed results start. The value of
this parameter is a 1-based index in the total result set. The BookmarkIndex parameter can't be used with the
BookmarkObject parameter.
Type: Int32
Required: False
Position: Named
Default value: None
-BookmarkObject
The BookmarkObject parameter specifies the object in the result set where the displayed results start. The
BookmarkObject parameter can't be used with the BookmarkIndex parameter.
Type: ExtensibleMessageInfo
Required: False
Position: Named
Default value: None
-Filter
The Filter parameter specifies one or more messages by using OPath filter syntax. The OPath filter includes a
message property name followed by a comparison operator and value, for example, {FromAddress -like
"*@contoso.com"}. For details about filterable message properties and comparison operators, see Properties of
messages in queues (https://technet.microsoft.com/library/bb123714.aspx) and
https://technet.microsoft.com/library/aa998047.aspx (Find queues and messages in queues in the Exchange
Management Shell).
You can specify multiple criteria by using the and comparison operator. Property values that aren't expressed as an
integer must be enclosed in quotation marks (").
Type: String
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the message. Valid input for this parameter uses the syntax
Server\Queue\MessageInteger or Queue\MessageInteger or MessageInteger, for example,
Mailbox01\contoso.com\5 or 10. For details about message identity, see the "Message identity" section in Find
queues and messages in queues in the Exchange Management Shell
Type: MessageIdentity
Required: False
Position: 1
Default value: None
-IncludeBookmark
The IncludeBookmark parameter specifies whether to include the bookmark object when the query results are
displayed. The IncludeBookmark parameter is valid when it's used with the BookmarkObject or BookmarkIndex
parameters. If you don't specify a value for the IncludeBookmark parameter, the default value of $true is used.

Required: False
Position: Named
Default value: None
-IncludeComponentLatencyInfo
The IncludeComponentLatencyInfo switch specifies whether the information about component latency is included
in the message properties. If you include this switch, the message objects returned will include latency
measurements for each Transport component that has contributed to the local server latency for each queued
message.
Required: False
Position: Named
Default value: None
-IncludeRecipientInfo
The IncludeRecipientInfo switch specifies whether to display the message recipients in the Recipients field. If you
don't include the IncludeRecipientInfo switch, the Recipients field is blank.
Storing the results of a Get-Message -IncludeRecipientInfo command in a variable allows you to display additional
properties for the message recipients. The following list describes the available recipient properties:
Address: The email address of the recipient.
Type: The recipient type, which may be External, Mailbox or Distribution Group. Distribution Group is used
when the destination is an expansion server.
FinalDestination: The distinguished name (DN ) of the object used to route the message.
Status: The recipient status may be Complete, Ready or Retry.
LastError: The SMTP response after the last delivery attempt or a localized error message if the message is
placed in the unreachable queue.
For example, to store the recipient information of a message in the contoso.com remote delivery queue that has the
MessageIdentity value of 1234 to a variable named $x, use the following command: $x=Get-Message -Identity
"contoso.com\1234" -IncludeRecipientInfo.
To display the extended recipient properties that are now stored in the $x variable, use the following command :
$x.Recipients.
Required: False
Position: Named
Default value: None
-Queue
The Queue parameter specifies the identity of the queue that contains the messages that you want to display. Valid
input for this parameter uses the syntax <Server>\<Queue> or <Queue>, for example, Mailbox01\contoso.com or
Unreachable. For details about queue identity, see the "Queue identity" section in Find queues and messages in
queues in the Exchange Management Shell.
If you use the Queue parameter, you can't use the Identity, Filter or Server parameters.
Type: QueueIdentity
Required: False
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
-ReturnPageInfo
The ReturnPageInfo parameter is a hidden parameter. Use it to return information about the total number of results
and the index of the first object of the current page. The default value is $false.

Required: False
Position: Named
Default value: None
-SearchForward
The SearchForward parameter specifies whether to search forward or backward in the result set. The default value
is $true. This value causes the result page to be calculated forward from either the start of the result set or forward
from a bookmark if specified.

Required: False
Position: Named
Default value: None
-Server
Name
FQDN
Exchange Legacy DN
You can use the Server parameter and the Filter parameter in the same command. You can't use the Server
parameter and the Identity parameter in the same command.
Required: False
Position: Named
Default value: None
-SortOrder
The SortOrder parameter specifies an array of message properties used to control the sort order of the result set.
Separate each property by using a comma. Prepend a plus sign (+) symbol to the beginning of the property name
to display the results in ascending order. Prepend a minus sign (-) symbol to the beginning of the property name to
display the results in descending order.
If you don't specify a sort order, the result set is displayed in ascending order by MessageIdentity integer.
Type: QueueViewerSortOrderEntry[]
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-MessageTrace
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-MessageTrace cmdlet to trace messages as
they pass through the cloud-based organization. For information about the parameter sets in the Syntax section
Syntax
Get-MessageTrace [-EndDate <DateTime>] [-Expression <Expression>] [-FromIP <String>]
[-MessageId <MultiValuedProperty>] [-MessageTraceId <Guid>] [-Page <Int32>] [-PageSize <Int32>]
[-ProbeTag <String>] [-RecipientAddress <MultiValuedProperty>] [-SenderAddress <MultiValuedProperty>]
[-StartDate <DateTime>] [-Status <MultiValuedProperty>] [-ToIP <String>] [<CommonParameters>]
Description
You can use this cmdlet to search message data for the last 10 days. If you run this cmdlet without any parameters,
only data from the last 48 hours is returned.
If you enter a time period that's older than 10 days, you won't receive an error, but the command will return no
results. To search for message data that's between 10 and 90 days old, use the Start-HistoricalSearch and Get-
HistoricalSearch cmdlets.
This cmdlet returns a maximum of 1000000 results, and will timeout on very large queries. If your query returns
too many results, consider splitting it up using smaller StartDate and EndDate intervals.
Examples
-------------------------- Example 1 --------------------------
Get-MessageTrace -SenderAddress john@contoso.com -StartDate 06/13/2018 -EndDate 06/15/2018
This example retrieves message trace information for messages sent by john@contoso.com between June 13, 2018
and June 15, 2018.
Parameters
-EndDate
Type: DateTime
Required: False
Position: Named
Default value: None
-Expression
Type: Expression
Required: False
Position: Named
Default value: None
-FromIP
The FromIP parameter filters the results by the source IP address. For incoming messages, the value of FromIP is
the public IP address of the SMTP email server that sent the message. For outgoing messages from Exchange
Online, the value is blank.
Type: String
Required: False
Position: Named
Default value: None
-MessageId
Required: False
Position: Named
Default value: None
-MessageTraceId
Type: Guid
Required: False
Position: Named
Default value: None
-Page
Type: Int32
Required: False
Position: Named
Default value: None
-PageSize
Type: Int32
Required: False
Position: Named
Default value: None
-ProbeTag
Type: String
Required: False
Position: Named
Default value: None
-RecipientAddress
Required: False
Position: Named
Default value: None
-SenderAddress
Required: False
Position: Named
Default value: None
-StartDate
Type: DateTime
Required: False
Position: Named
Default value: None
-Status
The Status parameter filters the results by the delivery status of the message. Valid values for this parameter are:
None: The message has no delivery status because it was rejected or redirected to a different recipient.
Failed: Message delivery was attempted and it failed or the message was filtered as spam or malware, or by
transport rules.
Pending: Message delivery is underway or was deferred and is being retried.
Delivered: The message was delivered to its destination.
Expanded: There was no message delivery because the message was addressed to a distribution group and the
membership of the distribution was expanded.
Required: False
Position: Named
Default value: None
-ToIP
The ToIP parameter filters the results by the destination IP address. For outgoing messages, the value of ToIP is the
public IP address in the resolved MX record for the destination domain. For incoming messages to Exchange
Online, the value is blank.
Type: String
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-MessageTraceDetail cmdlet to view the
message trace event details for a specific message. Note that these detailed results are returned less quickly than
the Get-MessageTrace cmdlets. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
[-Action <MultiValuedProperty>]
[-Event <MultiValuedProperty>]
[-Expression <Expression>]
[-MessageId <String>]
[-MessageTraceId <Guid>]
[-Page <Int32>]
[-PageSize <Int32>]
[-ProbeTag <String>]
[-RecipientAddress <String>]
[-SenderAddress <String>]
[-StartDate <DateTime>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-MessageTrace -MessageTraceId 2bbad36aa4674c7ba82f4b307fff549f -SenderAddress john@contoso.com -StartDate

06/13/2018 -EndDate 06/15/2018 | Get-MessageTraceDetail
This example uses the Get-MessageTrace cmdlet to retrieve message trace information for messages with the
Exchange Network Message ID value 2bbad36aa4674c7ba82f4b307fff549f send by john@contoso.com between
June 13, 2018 and June 15, 2018, and pipelines the results to the Get-MessageTraceDetail cmdlet.
Parameters
-Action
Required: False
Position: Named
Default value: None
-EndDate
Type: DateTime
Required: False
Position: Named
Default value: None
-Event
The Event parameter filters the report by the message event. The following are examples of common events:
RECEIVE: The message was received by the service.
SEND: The message was sent by the service.
FAIL: The message failed to be delivered.
DELIVER: The message was delivered to a mailbox.
EXPAND: The message was sent to a distribution group that was expanded.
TRANSFER: Recipients were moved to a bifurcated message because of content conversion, message recipient
limits, or agents.
DEFER: The message delivery was postponed and may be re-attempted later.
Required: False
Position: Named
Default value: None
-Expression
Type: Expression
Required: False
Position: Named
Default value: None
-MessageId
Type: String
Required: False
Position: Named
Default value: None
-MessageTraceId
Type: Guid
Required: False
Position: Named
Default value: None
-Page
Type: Int32
Required: False
Position: Named
Default value: None
-PageSize
Type: Int32
Required: False
Position: Named
Default value: None
-ProbeTag
Type: String
Required: False
Position: Named
Default value: None
-RecipientAddress
Type: String
Required: False
Position: Named
Default value: None
-SenderAddress
Type: String
Required: False
Position: Named
Default value: None
-StartDate
Type: DateTime
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-MessageTrackingLog
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-MessageTrackingLog cmdlet to search for
message delivery information stored in the message tracking log. For information about the parameter sets in the
Syntax
Get-MessageTrackingLog [-DomainController <Fqdn>] [-End <DateTime>] [-EventId <String>]
[-InternalMessageId <String>] [-MessageId <String>] [-MessageSubject <String>] [-Recipients <String[]>]
[-Reference <String>] [-ResultSize <Unlimited>] [-Sender <String>] [-Server <ServerIdParameter>]
[-Start <DateTime>] [-NetworkMessageId <String>] [-Source <String>] [-TransportTrafficType <String>]
Description
A unique message tracking log exists for the Transport service on a Mailbox server, for the Mailbox Transport
service on a Mailbox server, and on an Edge Transport server. The message tracking log is a comma-separated
value (CSV ) file that contains detailed information about the history of each email message as it travels through an
Exchange server.
The field names displayed in the results from the Get-MessageTrackingLog cmdlet are similar to the actual field
names used in the message tracking logs. The differences are:
The dashes are removed from the field names. For example internal-message-id is displayed as
InternalMessageId.
The date-time field is displayed as Timestamp.
The recipient-address field is displayed as Recipients.
The sender-address field is displayed as Sender.
For more information about the message tracking log files, see Message tracking
The Get-MessageTrackingLog results are displayed on-screen. You can write the results to a file by piping the
output to ConvertTo-Html or ConvertTo-Csv and adding "> <filename>" to the command. For example:
Examples
-------------------------- Example 1 --------------------------
Get-MessageTrackingLog -Server Mailbox01 -Start "03/13/2018 09:00:00" -End "03/15/2018 17:00:00" -Sender
"john@contoso.com"
This example searches the message tracking logs on the Mailbox server named Mailbox01 for information about all
messages sent from March 13, 2018, 09:00 to March 15, 2018, 17:00 by the sender john@contoso.com.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-End
The End parameter specifies the end date and time of the date range. Message delivery information is returned up
to, but not including, the specified date and time.
Type: DateTime
Required: False
Position: Named
Default value: None
-EventId
The EventId parameter filters the message tracking log entries by the value of the EventId field. The EventId value
classifies each message event. Example values include DSN, Defer, Deliver, Send, or Receive.
Type: String
Required: False
Position: Named
Default value: None
-InternalMessageId
The InternalMessageId parameter filters the message tracking log entries by the value of the InternalMessageId
field. The InternalMessageId value is a message identifier that's assigned by the Exchange server that's currently
processing the message.
The value of the internal-message-id for a specific message is different in the message tracking log of every
Exchange server that's involved in the delivery of the message.
Type: String
Required: False
Position: Named
Default value: None
-MessageId
The MessageId parameter filters the message tracking log entries by the value of the MessageId field. The value of
MessageId corresponds to the value of the Message-Id: header field in the message. If the Message-ID header field
is blank or doesn't exist, an arbitrary value is assigned. Be sure to include the full MessageId string (which may
include angle brackets) and enclose the value in quotation marks (for example, "d9683b4c-127b-413a-ae2e-
fa7dfb32c69d@contoso.com").
Type: String
Required: False
Position: Named
Default value: None
-MessageSubject
The MessageSubject parameter filters the message tracking log entries by the value of the message subject. The
value of the MessageSubject parameter automatically supports partial matches without using wildcards or special
characters. For example, if you specify the MessageSubject value sea, the results include messages with Seattle in
the subject. By default, message subjects are stored in the message tracking logs.
Type: String
Required: False
Position: Named
Default value: None
-NetworkMessageId
The NetworkMessageId parameter filters the message tracking log entries by the value of the NetworkMessageId
field. This field contains a unique message ID value that persists across copies of the message that may be created
due to bifurcation or distribution group expansion. An example value is 1341ac7b13fb42ab4d4408cf7f55890f.
Type: String
Required: False
Position: Named
Default value: None
-Recipients
The Recipients parameter filters the message tracking log entries by the SMTP email address of the message
recipients. Multiple recipients in a single message are logged in a single message tracking log entry. Unexpanded
distribution group recipients are logged by using the group's SMTP email address. You can specify multiple
recipient email addresses separated by commas.
Type: String[]
Required: False
Position: Named
Default value: None
-Reference
The Reference parameter filters the message tracking log entries by the value of the Reference field. The Reference
field contains additional information for specific types of events. For example, the Reference field value for a DSN
message tracking entry contains the InternalMessageId value of the message that caused the DSN. For many types
of events, the value of Reference is blank.
Type: String
Required: False
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
-Sender
The Sender parameter filters the message tracking log entries by the sender's SMTP email address.
Type: String
Required: False
Position: Named
Default value: None
-Server
Name
FQDN
Exchange Legacy DN
Required: False
Position: Named
Default value: None
-Source
The Source parameter filters the message tracking log entries by the value of the Source field. These values indicate
the transport component that's responsible for the message tracking event. For more information, see Source
values in the message tracking log (https://technet.microsoft.com/library/bb124375.aspx#Source).
Type: String
Required: False
Position: Named
Default value: None
-Start
The Start parameter specifies the start date and time of the date range.
Type: DateTime
Required: False
Position: Named
Default value: None
-TransportTrafficType
The TransportTrafficType parameter filters the message tracking log entries by the value of the TransportTrafficType
field. However, this field isn't interesting for on-premises Exchange organizations.
Type: String
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-MessageTrackingReport
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-MessageTrackingReport cmdlet to return data
for a specific message tracking report. This cmdlet is used by the delivery reports feature. In Exchange Online,
delivery reports has been replaced by message trace (the Get-MessageTrace and Get-MessageTraceDetail cmdlets).
Syntax
Get-MessageTrackingReport [-Identity] <MessageTrackingReportId> [-BypassDelegateChecking]
[-DetailLevel <Basic | Verbose>] [-DomainController <Fqdn>] [-DoNotResolve]
[-RecipientPathFilter <SmtpAddress>] [-Recipients <String[]>] [-ReportTemplate <Summary | RecipientPath>]
[-ResultSize <Unlimited>] [-Status <Unsuccessful | Pending | Delivered | Transferred | Read>]
[-TraceLevel <Low | Medium | High>] [<CommonParameters>]
Description
This cmdlet requires the ID for the message tracking report that you want to view. Therefore, first you need to use
the Search-MessageTrackingReport cmdlet to find the message tracking report ID for a specific message, and then
pass the results to this cmdlet. For more information, see Search-MessageTrackingReport.
Examples
-------------------------- Example 1 --------------------------
$Temp = Search-MessageTrackingReport -Identity "David Jones" -Recipients "wendy@contoso.com"; Get-

MessageTrackingReport -Identity $Temp.MessageTrackingReportID -ReportTemplate Summary
This example gets the message tracking report for messages sent from one user to another. This example returns
the summary of the message tracking report for a message that David Jones sent to Wendy Richardson.
-------------------------- Example 2 --------------------------
Search-MessageTrackingReport -Identity "Cigdem Akin" -Sender "joe@contoso.com" -ByPassDelegateChecking -

DoNotResolve | ForEach-Object { Get-MessageTrackingReport -Identity $_.MessageTrackingReportID -DetailLevel
Verbose -BypassDelegateChecking -DoNotResolve -RecipientPathFilter "cigdem@fabrikam.com" -ReportTemplate
RecipientPath }
This example gets the message tracking report for the following scenario: The user Cigdem Akin was expecting an
email message from joe@contoso.com that never arrived. She contacted the Help desk, which needs to generate
the message tracking report on behalf of Cigdem and doesn't need to see the display names.
This example searches the message tracking data for the specific message tracking reports and then returns
detailed troubleshooting information for the specific recipient path.
Parameters
-BypassDelegateChecking
The BypassDelegateChecking switch allows Help desk staff and administrators to retrieve message tracking reports
for any user. You don't need to specify a value with this switch.
By default, each user can only see the message tracking reports for messages that they send or receive from their
own mailbox. When you use this switch, you can view the message tracking reports for message exchanges among
other users.
Required: False
Position: Named
Default value: None
-DetailLevel
The DetailLevel parameter specifies the amount of detail to return in the results. Valid values are:
Basic: Simple delivery report information is returned, which is more appropriate for users.
Verbose: Full report information is returned, including server names and physical topology information.
Type: Basic | Verbose

Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-DoNotResolve
The DoNotResolve switch specifies whether to prevent the resolution of email addresses to display names. You
Using this switch improves performance, but the lack of display names might make the results more difficult to
interpret.
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the message tracking report ID that you want to view.
You need to run the Search-MessageTrackingReport cmdlet to find the message tracking report ID for the specific
message that you're tracking, and then pass the value of the MessageTrackingReportID field to this parameter.
Type: MessageTrackingReportId
Required: True
Position: 1
Default value: None
-RecipientPathFilter
The RecipientPathFilter parameter specifies the email address of the recipient when you use the ReportTemplate
parameter with the value RecipientPath.
Type: SmtpAddress
Required: False
Position: Named
Default value: None
-Recipients
The Recipients parameter specifies the email addresses of the recipients when you use the ReportTemplate
parameter with the value Summary. You can specify multiple email addresses separated by commas.
Type: String[]
Required: False
Position: Named
Default value: None
-ReportTemplate
The ReportTemplate parameter specifies a predefined format for the output. Valid values are:
RecipientPath: Returns a detailed tracking report for one recipient of the message. You specify the recipient by
using the RecipientPathFilter parameter.
Summary: Returns a summary for all recipients of the message. You specify the recipients by using the
Recipients parameter.
Type: Summary | RecipientPath
Required: False
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
-Status
The Status parameter filters the results by the specified delivery status codes. Valid values are:
Delivered
Read
Pending
Transferred
Unsuccessful
Type: Unsuccessful | Pending | Delivered | Transferred | Read

Required: False
Position: Named
Default value: None
-TraceLevel
The TraceLevel parameter specifies the details to include in the results. Valid values are:
Low: Minimal additional data is returned, including servers that were accessed, timing, message tracking search
result counts and any error information.
Medium: In addition to the data returned for the Low setting, the actual message tracking search results are also
returned.
High: Full diagnostic data is returned.
You only need to use this parameter for troubleshooting message tracking issues.
Type: Low | Medium | High
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-NetworkConnectionInfo
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-NetworkConnectionInfo cmdlet to view the
network configuration information for all network adapters configured on the local server. For information about
Syntax
Get-NetworkConnectionInfo [[-Identity] <ServerIdParameter>] [-DomainController <Fqdn>] [<CommonParameters>]
Description
This cmdlet retrieves the following configuration information for each network adapter configured on the server:
Name: This field displays the name of the network adapter. This name indicates the manufacturer and model of
the network adapter or the administrator-specified name of the network adapter.
DnsServers: This field displays the DNS servers used by the network adapter. The server names are separated
by commas.
IPAddresses: This field displays the IP addresses used by the network adapter. The IP addresses are separated
by commas.
AdapterGuid: This field displays the GUID assigned to the network adapter by Windows.
MacAddress: This field displays the media access control (MAC ) address of the network adapter.
Examples
-------------------------- Example 1 --------------------------
Get-NetworkConnectionInfo Mailbox01
This example retrieves network configuration information for all network adapters on the server named Mailbox01.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the server you want to query. You can use any value that uniquely identifies the
server. For example:
Name
FQDN
Exchange Legacy DN
If you don't use the Identity parameter, the command is run on the local server.
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-OutboundConnector
In ths Article
This cmdlet is available only in the cloud-based service. Use the Get-OutboundConnector cmdlet to view the
configuration information for an Outbound connector in your cloud-based organization. For information about the
Syntax
Get-OutboundConnector [[-Identity] <OutboundConnectorIdParameter>]
[-IncludeTestModeConnectors <$true | $false>] [-IsTransportRuleScoped <$true | $false>] [<CommonParameters>]
Description
Outbound connectors send email messages to remote domains that require specific configuration options.
Examples
-------------------------- Example 1 --------------------------
Get-OutboundConnector "Contoso Outbound Connector" | Format-List
This example displays detailed information about the Outbound connector named Contoso Outbound Connector.
Parameters
-Identity
The Identity parameter specifies the Outbound connector that you want to view. You can use any value that
uniquely identifies the connector. For example:
Name
GUID
Required: False
Position: 1
Default value: None
-IncludeTestModeConnectors
The IncludeTestModeConnectors parameter filters the results by Outbound connectors that are in test mode. Valid
values are:
$true: Only Outbound connectors that are in test mode are returned in the results.
$false: All Outbound connectors that aren't in test mode are returned in the results.. This is the default value.
You configure an Outbound connector in test mode by using the TestMode parameter on the New -
OutboundConnector or Set-OutboundConnector cmdlets.

Required: False
Position: Named
Default value: None
-IsTransportRuleScoped
The IsTransportRuleScoped parameter filters the results by Outbound connectors that are scoped to transport rules
(also known as mail flow rules). Valid values are:
$true: Only Outbound connectors that are scoped to transport rules are returned in the results.
$false: All Outbound connectors that aren't scoped to transport rules are returned in the results.. This is the
default value.
You scope a transport rule to a specific Outbound connector by using the RouteMessageOutboundConnector
parameter on the New -TransportRule or Set-TransportRule cmdlets.

Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-Queue
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-Queue cmdlet to view configuration
information for queues on Mailbox servers or Edge Transport servers. For information about the parameter sets in
Syntax
Get-Queue [[-Identity] <QueueIdentity>]
[-BookmarkObject <ExtensibleQueueInfo>]
[-Exclude <QueueViewerIncludesAndExcludes>]
[-Include <QueueViewerIncludesAndExcludes>]
Get-Queue [-Server <ServerIdParameter>] [-Filter <String>]

[-BookmarkObject <ExtensibleQueueInfo>]
[-Exclude <QueueViewerIncludesAndExcludes>]
[-Include <QueueViewerIncludesAndExcludes>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-Queue | Format-List
This example displays detailed information for all queues on the Mailbox server on which the command is run.
-------------------------- Example 2 --------------------------
Get-Queue -Filter {MessageCount -gt 100}
This example lists the queues that contain more than 100 messages.
-------------------------- Example 3 --------------------------
Get-Queue Server1\contoso.com | Format-List
This example displays detailed information for a specific queue that exists on the Mailbox server named Server1.
-------------------------- Example 4 --------------------------
Get-Queue -Exclude Internal
This example lists only the external queues.
Parameters
-BookmarkIndex
The BookmarkIndex parameter specifies the position in the result set where the displayed results start. The value of
this parameter is a 1-based index in the total result set. The BookmarkIndex parameter can't be used with the
BookmarkObject parameter.
Type: Int32
Required: False
Position: Named
Default value: None
-BookmarkObject
The BookmarkObject parameter specifies the object in the result set where the displayed results start. The
BookmarkObject parameter can't be used with the BookmarkIndex parameter.
Type: ExtensibleQueueInfo
Required: False
Position: Named
Default value: None
-Exclude
The Exclude parameter specifies the types of queues you want to exclude from the results. Valid values for this
parameter are:
Internal
External
A valid queue DeliveryType value. For details, see the NextHopSolutionKey section in Queues and messages in
queues.
Type: QueueViewerIncludesAndExcludes
Required: False
Position: Named
Default value: None
-Filter
The Filter parameter specifies one or more queues by using OPath filter syntax. The OPath filter includes a queue
property name followed by a comparison operator and value, for example, {NextHopDomain -eq "contoso.com"}.
For details about filterable queue properties and comparison operators, see Queue properties
(https://technet.microsoft.com/library/bb125237.aspx) and Find queues and messages in queues in the Exchange
Management Shell (https://technet.microsoft.com/library/aa998047.aspx).
Type: String
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the queue. Valid input for this parameter uses the syntax Server\Queue or Queue,
for example, Mailbox01\contoso.com or Unreachable. For details about queue identity, see the "Queue identity"
section in Find queues and messages in queues in the Exchange Management Shell
Type: QueueIdentity
Required: False
Position: 1
Default value: None
-Include
The Include parameter specifies the types of queues you want to include the results. Valid values for this parameter
are:
Internal
External
A valid queue DeliveryType value. For details, see the NextHopSolutionKey section in Queues and messages in
queues.
Type: QueueViewerIncludesAndExcludes
Required: False
Position: Named
Default value: None
-IncludeBookmark
The IncludeBookmark parameter specifies whether to include the bookmark object when the query results are
displayed. The IncludeBookmark parameter is valid when it's used with the BookmarkObject or BookmarkIndex
parameters. If you don't specify a value for the IncludeBookmark parameter, the default value of $true is used.

Required: False
Position: Named
Default value: None
-ResultSize
Type: Unlimited
Required: False
Position: Named
Default value: None
-ReturnPageInfo
The ReturnPageInfo parameter is a hidden parameter. Use it to return information about the total number of results
and the index of the first object of the current page. The default value is $false.

Required: False
Position: Named
Default value: None
-SearchForward
The SearchForward parameter specifies whether to search forward or backward in the result set. The default value
is $true. This value causes the result page to be calculated forward from either the start of the result set or forward
from a bookmark if specified.

Required: False
Position: Named
Default value: None
-Server
Name
FQDN
Exchange Legacy DN
You can use the Server parameter and the Filter parameter in the same command. You can't use the Server
parameter and the Identity parameter in the same command.
Required: False
Position: Named
Default value: None
-SortOrder
The SortOrder parameter specifies an array of message properties used to control the sort order of the result set.
Separate each property by using a comma. Prepend a plus sign (+) symbol to the beginning of the property name
to display the results in ascending order. Prepend a minus sign (-) symbol to the beginning of the property name to
display the results in descending order.
If you don't specify a sort order, the result set is displayed in ascending order by QueueIdentity.
Type: QueueViewerSortOrderEntry[]
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-QueueDigest
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-QueueDigest cmdlet to view information about
message delivery queues across database availability groups (DAGs) Active Directory sites, or Active Directory
forests in your organization. By default, the Get-QueueDigest cmdlet displays delivery queues that contain ten or
more messages, and the results are between one and two minutes old. For instructions on how to change these
default values, see Configure Get-QueueDigest. For information about the parameter sets in the Syntax section
Syntax
Get-QueueDigest -Dag <MultiValuedProperty>
[-DetailsLevel <None | Normal | Verbose>]
[-Filter <String>]
[-GroupBy <NextHopDomain | NextHopCategory | NextHopKey | DeliveryType | Status | RiskLevel | LastError |
ServerName | OutboundIPPool>]
[-Timeout <EnhancedTimeSpan>] [<CommonParameters>]
Get-QueueDigest [-Forest]
[-Filter <String>]
Get-QueueDigest -Server <MultiValuedProperty>

[-Filter <String>]
[-IncludeE14Servers]
Get-QueueDigest -Site <MultiValuedProperty>

[-Filter <String>]
[-IncludeE14Servers]
Description
Examples
-------------------------- Example 1 --------------------------
Get-QueueDigest -Forest
This example returns information about all queues in the Active Directory forest.
-------------------------- Example 2 --------------------------
Get-QueueDigest -Dag DAG01
This example returns information about all queues in the DAG named DAG01.
Parameters
-Dag
The Dag parameter filters the delivery queue results by DAG. You can specify any value that uniquely identifies the
DAG. You can specify multiple values separated by commas. If the value contains spaces, enclose the value in
You can't use the Dag parameter with the Server, Site or Forest parameters.
Required: True
Position: Named
Default value: None
-DetailsLevel
The DetailsLevel parameter specifies the level of detail to display in the results. Valid values for this parameter are
None, Normal and Verbose. The default value is Normal.
Type: None | Normal | Verbose

Required: False
Position: Named
Default value: None
-Filter
The Filter parameter specifies one or more queues by using OPath filter syntax. The OPath filter includes a queue
property name followed by a comparison operator and value, for example, {NextHopDomain -eq "contoso.com"}.
For details about filterable queue properties and comparison operators, see Queue properties
(https://technet.microsoft.com/library/bb125237.aspx) and Find queues and messages in queues in the Exchange
Management Shell (https://technet.microsoft.com/library/aa998047.aspx).
Type: String
Required: False
Position: Named
Default value: None
-Forest
The Forest switch filters the delivery queue results by Active Directory forest. You don't need to specify a value with
the Forest switch.
You can't use the Forest switch with the Server, Site or Dag parameters.
Required: True
Position: Named
Default value: None
-GroupBy
The GroupedBy parameter sorts the messages in the delivery queue results. Valid values for this parameter are:
DeliveryType
LastError
NextHopCategory
NextHopDomain
NextHopKey
RiskLevel
Status
ServerName
OutboundIPPool
The default value is NextHopDomain.
Type: NextHopDomain | NextHopCategory | NextHopKey | DeliveryType | Status | RiskLevel | LastError | ServerName

| OutboundIPPool
Required: False
Position: Named
Default value: None
-ResultSize
The ResultSize parameter filters the delivery queue results by the number of messages in the queue. Valid input for
this parameter is an integer. The default value is 1000. For example, if you specify the value 50, the command
displays the 50 queues that contain the most messages.
Type: Unlimited
Required: False
Position: Named
Default value: None
-Server
The Server parameter filters the delivery queue results by Exchange server. You can specify any value that uniquely
identifies the server. You can specify multiple values separated by commas. If the value contains spaces, enclose the
You can't use the Server parameter with the Dag, Site or Forest parameters.
Required: True
Position: Named
Default value: None
-Site
The Site parameter filters the delivery queue results by Active Directory site. You can specify any value that
uniquely identifies the site. You can specify multiple sites separated by commas.
You can't use the Site parameter with the Server, Dag or Forest parameters.
Required: True
Position: Named
Default value: None
-Timeout
The Timeout parameter specifies the number of seconds before the operation times out. The default value is 10
seconds.
seconds.
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-ReceiveConnector
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-ReceiveConnector cmdlet to view Receive
connectors on Mailbox servers and Edge Transport servers. Receive connectors listen for inbound SMTP
connections on the Exchange server. For information about the parameter sets in the Syntax section below, see
Syntax
Get-ReceiveConnector [[-Identity] <ReceiveConnectorIdParameter>]
Get-ReceiveConnector [-Server <ServerIdParameter>]

Description
You can view Receive connectors on Mailbox servers and Edge Transport servers.
Examples
-------------------------- Example 1 --------------------------
Get-ReceiveConnector -Server Exchange01
This example returns a summary list of all Receive connectors on the server named Exchange01.
-------------------------- Example 2 --------------------------
Get-ReceiveConnector -Identity "Receive Connector for Contoso.com" | Format-List
This example displays detailed information for the Receive connector named Receive Connector for Contoso.com
on the local server.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Receive connector that you want to view. You can use any value that uniquely
identifies the Receive connector. For example:
Name
GUID
<ServerName>\<Name>
Type: ReceiveConnectorIdParameter
Required: False
Position: 1
Default value: None
-Server
The Server parameter filters the results by the specified Mailbox server or Edge Transport server. You can use any
Name
FQDN
Exchange Legacy DN
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-RemoteDomain
In ths Article
may be exclusive to one environment or the other. Use the Get-RemoteDomain cmdlet to view the configuration
information for the remote domains configured in your organization. You can view the remote domain
configuration from inside the Exchange organization or from an Edge Transport server in the perimeter network.
Syntax
Get-RemoteDomain [[-Identity] <RemoteDomainIdParameter>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-RemoteDomain
This example returns a summary list of all remote domains in the organization.
-------------------------- Example 2 --------------------------
Get-RemoteDomain -Identity Contoso | Format-List
This example returns detailed information for the remote domain named Contoso.
-------------------------- Example 3 --------------------------
Get-RemoteDomain | Where {$_.TNEFEnabled -eq $false}
This example returns all domains where Transport Neutral Encapsulation Format (TNEF ) encoding isn't used.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the remote domain that you want to view. You can use any value that uniquely
identifies the remote domain. For example:
Name
GUID
Type: RemoteDomainIdParameter
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-ResubmitRequest
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-ResubmitRequest cmdlet to view requests to
replay redundant copies of messages from Safety Net after a mailbox database recovery. For information about the
Syntax
Get-ResubmitRequest [[-Identity] <ResubmitRequestIdentityParameter>] [-Server <ServerIdParameter>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-ResubmitRequest
This example returns the details of all resubmit requests.

-------------------------- Example 2 --------------------------
Get-ResubmitRequest 1
This example returns details about the resubmit request with the identity 1.
Parameters
-Identity
The Identity parameter specifies the resubmit request you want to view. Each resubmit request is identified by an
incremented integer value.
Type: ResubmitRequestIdentityParameter
Required: False
Position: 1
Default value: None
-Server
Name
FQDN
Exchange Legacy DN
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-RoutingGroupConnector
In ths Article
This cmdlet is available only in Exchange Server 2010. Use the Get-RoutingGroupConnector cmdlet to view the
configuration details of the routing group connectors in a Microsoft Exchange Server 2010 organization. For
Syntax
Get-RoutingGroupConnector [[-Identity] <RoutingGroupConnectorIdParameter>] [-DomainController <Fqdn>]
Description
The Get-RoutingGroupConnector cmdlet displays the configuration details of routing group connectors that exist
when an organization is running Exchange 2010 and Exchange Server 2003. A routing group connector is used to
send and receive messages between Exchange 2010 Hub Transport servers and Exchange 2003 bridgehead
servers.
Examples
-------------------------- Example 1 --------------------------
Get-RoutingGroupConnector -Identity "Exchange Administrative Group (FYDIBOHF23SPDLT)\Exchange Routing Group

(DWBGZMFD01QNBJR)\Ex2010 to Ex2003 RGC"
This example displays detailed configuration information for the routing group connector Ex2010 to Ex2003 RGC.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name or GUID of the routing group connector. The name is expressed as
[[Administrative Group Name\]Routing Group Name]\Routing Group Connector Name. You can use the wildcard
character (*) as part of the administrative group or routing group name.
Type: RoutingGroupConnectorIdParameter
Required: False
Position: 1
Default value: None
Inputs
Outputs
Related Links
Online Version
Get-SendConnector
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-SendConnector cmdlet to view the settings for
a Send connector. For information about the parameter sets in the Syntax section below, see Exchange cmdlet
Syntax
Get-SendConnector [[-Identity] <SendConnectorIdParameter>] [-DomainController <Fqdn>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-SendConnector "Contoso.com Send Connector" | Format-List
This example displays detailed information about the Send connector named Contoso.com Send Connector.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the name, or GUID of the Send connector. If the Identity name contains spaces,
enclose the name in quotation marks ("). You can omit the Identity parameter label. You can also include the server
name by using the format ServerName\ConnectorName.
Type: SendConnectorIdParameter
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-SystemMessage
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-SystemMessage cmdlet to view default or
custom system messages. System messages are delivery status notifications (also known as DSNs, non-delivery
reports, NDRs or bounce messages) and quota messages. For information about the parameter sets in the Syntax
Syntax
Get-SystemMessage [[-Identity] <SystemMessageIdParameter>] [-DomainController <Fqdn>] [<CommonParameters>]
Get-SystemMessage [-Original] [-DomainController <Fqdn>] [<CommonParameters>]
Description
NDRs are issued to the senders of email messages that haven't reached their intended recipients. Quota messages
are issued to users whose mailboxes or public folders have reached the specific warning, prohibit send, or prohibit
receive quotas. Custom NDRs and quota messages replace the default messages that are included with Exchange.
Examples
-------------------------- Example 1 --------------------------
Get-SystemMessage
This example displays a summary list of all custom system messages in your organization.
-------------------------- Example 2 --------------------------
Get-SystemMessage En\Internal\5.3.2 | Format-List
This example displays detailed information for the specified custom NDR (combination of language, audience, and
enhanced status code values).
-------------------------- Example 3 --------------------------
Get-SystemMessage En\WarningMailbox | Format-List

This example displays detailed information for the specified custom quota message (combination of language and
quota values).
-------------------------- Example 4 --------------------------
Get-SystemMessage -Original | Select-Object -Property Identity,DsnCode,Language,Text | ConvertTo-Html | Set-

Content -Path "C:\My Documents\Default System Messages.html"
This example outputs the list of all default system messages in all languages to an HTML file named C:\My
Documents\Default System Messages.html.
You should output the list to a file, because the list is very long, and you'll receive errors if you don't have the
required language packs installed.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
TheIdentity parameter specifies the custom system message that you want to view. You can use any value that
uniquely identifies the system message. For example:
Identity
GUID
You can't use this parameter with the Original switch.
The identity value of a system message uses one of these formats:
System messages for enhanced status codes:<Language>\<Internal | External>\<DSNcode>. For example,
En\Internal\5.1.2 or Ja\External\5.1.2.
System messages for quotas:<Language>\<QuotaMessageType>. For example,
En\ProhibitSendReceiveMailBox.
<Language>: For the list of supported language codes, see Supported languages for NDRs
(https://technet.microsoft.com/library/aa996803.aspx#NDRLanguages).
<DSNcode>: Valid values are 4.x.y or 5.x.y where x and y are one to three digit numbers.
<QuotaMessageType>: Valid value are:
Mailbox size quotas:
ProhibitSendReceiveMailBox: A mailbox exceeds its ProhibitSendReceiveQuota limit.
ProhibitSendMailbox: A mailbox exceeds its ProhibitSendQuota limit.
WarningMailbox: A mailbox exceeds its IssueWarningQuota limit when it has a ProhibitSendQuota or
ProhibitSendReceiveQuota limit configured.
WarningMailboxUnlimitedSize: A mailbox exceeds its IssueWarningQuota limit when it doesn't have a
ProhibitSendQuota or ProhibitSendReceiveQuota limit configured.
Public folder size quotas:
ProhibitPostPublicFolder: A public folder exceeds its ProhibitPostQuota limit.
WarningPublicFolder: A public folder exceeds its IssueWarningQuota limit when it has a ProhibitPostQuota
limit configured.
WarningPublicFolderUnlimitedSize: A public folder exceeds its IssueWarningQuota limit when it doesn't have a
ProhibitPostQuota limit configured.
Maximum number of messages in a mailbox folder:
ProhibitReceiveMailboxMessagesPerFolderCount: A mailbox exceeds its
MailboxMessagesPerFolderCountReceiveQuota limit.
WarningMailboxMessagesPerFolderCount: A mailbox exceeds its
MailboxMessagesPerFolderCountWarningQuota limit when it has a
MailboxMessagesPerFolderCountReceiveQuota limit configured.
WarningMailboxMessagesPerFolderUnlimitedCount: A mailbox exceeds its
MailboxMessagesPerFolderCountWarningQuota limit when it doesn't have a
MailboxMessagesPerFolderCountReceiveQuota limit configured.
Maximum number of subfolders in a mailbox folder:
ProhibitReceiveFolderHierarchyChildrenCountCount: A mailbox exceeds its
FolderHierarchyChildrenCountReceiveQuota limit.
WarningFolderHierarchyChildrenCount: A mailbox exceeds its FolderHierarchyChildrenCountWarningQuota
limit when it has a FolderHierarchyChildrenCountReceiveQuota limit configured.
WarningFolderHierarchyChildrenUnlimitedCount: A mailbox exceeds its
FolderHierarchyChildrenCountWarningQuota limit when it doesn't have a
FolderHierarchyChildrenCountReceiveQuota limit configured.
ProhibitReceiveFoldersCount: A mailbox exceeds its FoldersCountReceiveQuota limit.
WarningFoldersCount: A mailbox exceeds its FoldersCountWarningQuota limit when it has a
FoldersCountReceiveQuota limit configured.
WarningFoldersCountUnlimited A mailbox exceeds its FoldersCountWarningQuota limit when it doesn't have a
FoldersCountReceiveQuota limit configured.
Maximum number of levels (depth) in a mailbox folder:
ProhibitReceiveFolderHierarchyDepth: A mailbox exceeds its FolderHierarchyDepthWarningQuota limit.
WarningFolderHierarchyDepth: A mailbox exceeds its FolderHierarchyDepthWarningQuota limit when it has a
FolderHierarchyDepthReceiveQuota limit configured.
WarningFolderHierarchyDepthUnlimited: : A mailbox exceeds its FolderHierarchyDepthWarningQuota limit
when it doesn't have a FolderHierarchyDepthReceiveQuota limit configured.
Type: SystemMessageIdParameter
Required: False
Position: 1
Default value: None
-Original
The Original switch filters the results by the default system messages that are included with Exchange. You don't
You can't use this switch with the Identity parameter.
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-TransportAgent
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-TransportAgent cmdlet to view the
configuration of a transport agent. For information about the parameter sets in the Syntax section below, see
Syntax
Get-TransportAgent [[-Identity] <TransportAgentObjectId>] [-DomainController <Fqdn>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-TransportAgent
This example displays a summary list of all transport agents installed on all Exchange servers in your organization.
-------------------------- Example 2 --------------------------
Get-TransportAgent "Transport Rule Agent" -TransportService Hub | Format-List
This example displays detailed information about the Transport Rule agent that's installed in the Transport service
on a Mailbox server. The output of the Get-TransportAgent command is piped to the Format-List command to
display the detailed configuration of the transport agent.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the display name of the transport agent to be displayed. The length of the name
Required: False
Position: 1
Default value: None
-TransportService
this parameter are:

Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-TransportConfig
In ths Article
may be exclusive to one environment or the other. Use the Get-TransportConfig cmdlet to view organization-wide
transport configuration settings. For information about the parameter sets in the Syntax section below, see
Syntax
Get-TransportConfig [[-Identity] <OrganizationIdParameter>] [-DomainController <Fqdn>] [<CommonParameters>]
Description
The Get-TransportConfig cmdlet displays configuration information for global transport settings applied across the
organization when the cmdlet is run on a Mailbox server. When this cmdlet is run on an Edge Transport server, only
the transportation configuration settings for the local computer are shown.
Examples
-------------------------- Example 1 --------------------------
Get-TransportConfig
This example lists the organization-wide transport settings on Mailbox server, or the local transport settings on an
Edge Transport server.
-------------------------- Example 2 --------------------------
Get-TransportConfig | Format-List *DSN*
This example lists all delivery status notification-related (DSN ) configuration settings for your organization when
run on a Mailbox server. When run on an Edge Transport server, it displays the DSN -related settings configured on
that Edge Transport server.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-TransportPipeline cmdlet to view transport
agents and the SMTP event where the transport agent is registered. For information about the parameter sets in
Syntax
Get-TransportPipeline [-DomainController <Fqdn>] [<CommonParameters>]
Description
The Get-TransportPipeline cmdlet enables you to view all the transport agents that are configured in the following
locations:
In the Transport service on Mailbox servers.
In the Front End Transport service on Mailbox servers.
On Edge Transport server in the perimeter network.
The associated transport service must be started and at least one email message must be sent through the server
since the last service restart before the transport pipeline can be viewed. Only the transport events and agents that
were involved in the processing of email messages since the associated service was last started are returned.
Examples
-------------------------- Example 1 --------------------------
This example returns a summary list of all agents in the transport pipeline that were involved in processing email
messages since the last server or service restart.
-------------------------- Example 2 --------------------------
Get-TransportPipeline | Format-List
This example returns a list of agents registered in the transport pipeline, with full details for each transport event.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-TransportServer
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-TransportServer cmdlet to view settings that are
associated with the Hub Transport server role or the Edge Transport server role. Note: In Exchange 2013 or later,
use the Get-TransportService cmdlet instead. If you have scripts that use Get-TransportServer, update them to use
Get-TransportService. For information about the parameter sets in the Syntax section below, see Exchange cmdlet
Syntax
Get-TransportServer [[-Identity] <TransportServerIdParameter>] [-DomainController <Fqdn>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-TransportServer
This example provides different results depending on the server role on which it's run. When you run this
command on an Edge Transport server, it provides a configuration summary for the local server. Otherwise, it
displays a list of all Mailbox servers in your organization.
-------------------------- Example 2 --------------------------
Get-TransportServer Mailbox01 | Format-List
This example retrieves the detailed transport configuration information for the Transport service on the Mailbox
server named Mailbox01.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Transport server that you want to view. You can use any value that uniquely
Name
GUID
ExchangeLegacyDN
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-TransportService cmdlet to view the settings of
the Transport service on Exchange 2013 or later Mailbox servers or Edge Transport servers. For information about
Syntax
Get-TransportService [[-Identity] <TransportServerIdParameter>] [-DomainController <Fqdn>] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
This example provides different results depending on the server role on which it's run. When you run this
command on an Edge Transport server, it provides a configuration summary for the local server. Otherwise, it
displays a list of all Mailbox servers in your organization.
-------------------------- Example 2 --------------------------
Get-TransportService Mailbox1 | Format-List
This example retrieves the detailed transport configuration information for the Transport service on the Mailbox
server named Mailbox1.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies the Mailbox server that hosts the Transport service configuration you want to view.
Name
GUID
ExchangeLegacyDN
You can't use this parameter on an Edge Transport server.
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Get-X400AuthoritativeDomain
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Get-X400AuthoritativeDomain cmdlet to view the
configuration information for the X.400 authoritative domains configured in your organization. For more
information about how to configure an X.400 authoritative domain, see Set-X400AuthoritativeDomain. For
Syntax
Get-X400AuthoritativeDomain [[-Identity] <X400AuthoritativeDomainIdParameter>] [-DomainController <Fqdn>]
Description
Examples
-------------------------- Example 1 --------------------------
Get-X400AuthoritativeDomain "Europe Sales X.400 Domain" | Format-List
This example displays detailed information about the X.400 authoritative domain Europe Sales X.400 Domain.
Parameters
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Identity
The Identity parameter specifies a string value for the X.400 authoritative domain. Enter either the GUID or the
name of the remote domain.
Type: X400AuthoritativeDomainIdParameter
Required: False
Position: 1
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
Install-TransportAgent
In ths Article
This cmdlet is available only in on-premises Exchange. Use the Install-TransportAgent cmdlet to register transport
agents on Exchange servers. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
Install-TransportAgent [-Name] <String> -AssemblyPath <String> -TransportAgentFactory <String> [-Confirm]
[-DomainController <Fqdn>] [-WhatIf]
[-TransportService <Hub | Edge | FrontEnd | MailboxSubmission | MailboxDelivery>] [-EscalationTeam <String>]
Description
Transport agents have full access to all email messages that they encounter. Exchange puts no restrictions on a
transport agent's behavior. Transport agents that are unstable or contain security flaws may affect the stability and
security of Exchange. Therefore, you need to only install transport agents that you fully trust and that have been
fully tested.
Examples
-------------------------- Example 1 --------------------------
Install-TransportAgent -Name "Test App" -TransportAgentFactory "vendor.exchange.avTransportAgentfactory" -

AssemblyPath "c:\Program Files\Vendor\TransportAgent\AvTransportAgentFactory.dll" -TransportService Hub
This example shows how a fictitious application named Test App is installed in the Transport service on a Mailbox
server.
Parameters
-AssemblyPath
The AssemblyPath parameter specifies the location of the transport agent Microsoft.NET assembly. Universal
Naming Convention (UNC ) file paths can't be used.
Type: String
Required: True
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-EscalationTeam
Type: String
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the display name of the transport agent to be installed. The length of the name can't
exceed 64 characters.
Type: String
Required: True
Position: 1
Default value: None
-TransportAgentFactory
The TransportAgentFactory parameter specifies the Microsoft.NET class type of the transport agent factory. The
developer of the transport agent being installed provides the transport agent factory and related information. For
more information, see the documentation provided by the developer of the transport agent.
Type: String
Required: True
Position: Named
Default value: None
-TransportService
this parameter are:

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-AcceptedDomain
In ths Article
This cmdlet is available only in on-premises Exchange. Use the New -AcceptedDomain cmdlet to create an accepted
domain in your organization. An accepted domain is any SMTP namespace for which an Exchange organization
sends and receives email. For information about the parameter sets in the Syntax section below, see Exchange
Syntax
New-AcceptedDomain [-Name] <String> -DomainName <SmtpDomainWithSubdomains>
[-Confirm] [-DomainController <Fqdn>] [-DomainType <Authoritative | ExternalRelay | InternalRelay>]
Description
Examples
-------------------------- Example 1 --------------------------
New-AcceptedDomain -DomainName Contoso.com -DomainType Authoritative -Name Contoso
This example creates the new authoritative accepted domain Contoso.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-DomainName
The DomainName parameter specifies the SMTP domain that you want to establish as an accepted domain. Valid
input for the DomainName parameter is an SMTP domain. You can use a wildcard character to specify all
subdomains of a specified domain, as shown in the following example: *.contoso.com.
However, you can't embed a wildcard character, as shown in the following example: domain.*.contoso.com. The
domain name string may not contain more than 256 characters.
Required: True
Position: Named
Default value: None
-DomainType
The DomainType parameter specifies the type of accepted domain that you want to configure. Valid values are
Authoritative, InternalRelay or ExternalRelay. You must set at least one value.
In an authoritative domain, messages are delivered to a recipient that has a domain account in your Exchange
organization. In an internal relay domain, messages are relayed to a server outside your Exchange organization, but
still under the authority of your company or IT department. Use the internal relay domain if you want to treat the
messages to this domain as internal messages. In an external relay domain, messages are relayed to an email
server, outside your organization, which you don't control.
The default value is Authoritative.
Type: Authoritative | ExternalRelay | InternalRelay
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies a unique name for the accepted domain object.
Type: String
Required: True
Position: 1
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-AddressRewriteEntry
In ths Article
This cmdlet is available or effective only on Edge Transport servers in on-premises Exchange. Use the New -
AddressRewriteEntry cmdlet to create an address rewrite entry that rewrites sender and recipient email addresses
in messages sent to or sent from your organization through an Edge Transport server. For information about the
Syntax
New-AddressRewriteEntry [-Name] <String> -ExternalAddress <String> -InternalAddress <String> [-Confirm]
[-DomainController <Fqdn>] [-ExceptionList <MultiValuedProperty>] [-OutboundOnly <$true | $false>] [-WhatIf]
Description
Examples
-------------------------- Example 1 --------------------------
New-AddressRewriteEntry -Name "Address rewrite entry for david@contoso.com" -InternalAddress david@contoso.com

-ExternalAddress david@northwindtraders.com
This example creates an address rewrite entry that rewrites the email address david@contoso.com to
david@northwindtraders.com in outbound mail. Because the OutboundOnly parameter is not set to $true, inbound
mail sent to david@northwindtraders.com is rewritten back to david@contoso.com.
-------------------------- Example 2 --------------------------
New-AddressRewriteEntry -Name "Address rewrite entry for all contoso.com email addresses" -InternalAddress
contoso.com -ExternalAddress northwindtraders.com
This example creates an address rewrite entry that rewrites all email addresses in the contoso.com domain to
northwindtraders.com in outbound mail. Because the OutboundOnly parameter is not set to $true, inbound mail
sent to northwindtraders.com recipients is rewritten back to contoso.com.
-------------------------- Example 3 --------------------------
New-AddressRewriteEntry -Name "Address rewrite entry for contoso.com and all subdomain email addresses" -
InternalAddress *.contoso.com -ExternalAddress northwindtraders.com -ExceptionList
research.contoso.com,corp.contoso.com -OutboundOnly $true
This example creates an address rewrite entry that rewrites all email addresses in the contoso.com domain and all
subdomains to northwindtraders.com. However, email addresses in research.contoso.com and corp.contoso.com
are not rewritten. Because this address rewrite entry affects a domain and all subdomains (*.contoso.com), address
rewriting occurs on outbound mail only.
Parameters
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-ExceptionList
The ExceptionList parameter specifies the email address domains that shouldn't be rewritten when the
InternalAddress parameter contains the wildcard character to rewrite addresses in a domain and all subdomains
(*.contoso.com). You can enter multiple domain values in the ExceptionList parameter separated by commas.
Required: False
Position: Named
Default value: None
-ExternalAddress
The ExternalAddress parameter specifies the final email addresses that you want. If the InternalAddress parameter
specifies a single email address (chris@contoso.com), the ExternalAddress parameter must also specify a single
email address (support@contoso.com). If the InternalAddress parameter specifies a single domain (contoso.com) or
a domain and all subdomains (*.contoso.com), the ExternalAddress parameter must specify a single domain
(fabrikam.com).
You can't use the wildcard character (*) with the ExternalAddress parameter.
Type: String
Required: True
Position: Named
Default value: None
-InternalAddress
The InternalAddress parameter specifies the original email addresses that you want to change. You can use the
following values:
Single email address: david@contoso.com
Single domain: contoso.com or sales.contoso.com
Domain and all subdomains: *.contoso.com
Type: String
Required: True
Position: Named
Default value: None
-Name
The Name parameter specifies a unique name for this address rewrite entry.
Type: String
Required: True
Position: 1
Default value: None
-OutboundOnly
The OutboundOnly parameter enables or disables outbound-only address rewriting. Valid input for this parameter
is $true or $false. The value $true means address rewriting occurs in outbound mail only. The value $false means
address rewriting occurs on outbound mail and also on inbound mail (rewritten email addresses are changed back
to the original email addresses in inbound mail). The default value is $false.
You must set this parameter to $true if the InternalAddress parameter contains the wildcard character to rewrite
addresses in a domain and all subdomains (*.contoso.com).
Also, when you configure outbound-only address rewriting, you need to configure the rewritten email address as a
proxy address on the affected recipients. For example, if laura@sales.contoso.com is rewritten to
laura@contoso.com, the proxy address laura@contoso.com must be configured on Laura's mailbox. This allows
replies and inbound messages to be delivered correctly.

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-DeliveryAgentConnector
In ths Article
This cmdlet is available only in on-premises Exchange. The New -DeliveryAgentConnector cmdlet creates a delivery
agent connector in your organization. For information about the parameter sets in the Syntax section below, see
Syntax
New-DeliveryAgentConnector [-Name] <String> -AddressSpaces <MultiValuedProperty> -DeliveryProtocol <String>
[-Comment <String>] [-Confirm] [-DomainController <Fqdn>] [-Enabled <$true | $false>]
[-IsScopedConnector <$true | $false>] [-MaxConcurrentConnections <Int32>] [-MaxMessageSize <Unlimited>]
[-MaxMessagesPerConnection <Int32>] [-SourceTransportServers <MultiValuedProperty>] [-WhatIf]
Description
Delivery agent connectors are used to route messages addressed to foreign systems that don't utilize the SMTP
protocol. When a message is routed to a delivery agent connector, the associated delivery agent performs the
content conversion and message delivery. Delivery agent connectors allow queue management of foreign
connectors, thereby eliminating the need for storing messages on the file system in the Drop and Pickup
directories. For more information, see Delivery agents and Delivery Agent connectors
Examples
-------------------------- Example 1 --------------------------
New-DeliveryAgentConnector -Name "Contoso X.400 Connector" -AddressSpaces "X400:c=US;a=Fabrikam;p=Contoso;1" -

DeliveryProtocol "X.400" -SourceTransportServers Hub01,Hub02,Hub05
This example creates a delivery agent connector named Contoso X.400 Connector with the following configuration:
The delivery agent connector is hosted on the following servers:
Hub01
Hub02
Hub05
The delivery agent connector is designed to handle X.400 connections to a company called Contoso that uses the
carrier Fabrikam.
The address space for the connector is c=US;a=Fabrikam;p=Contoso.
Parameters
-AddressSpaces
The AddressSpaces parameter specifies the domain names for which this delivery agent connector is responsible.
The syntax for entering an address space is as follows: <AddressSpaceType>:<AddressSpace>;
<AddressSpaceCost>. You must enclose each address space in quotation marks (").
Required: True
Position: Named
Default value: None
-Comment
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DeliveryProtocol
The DeliveryProtocol parameter specifies the communication protocol that determines which delivery agents are
responsible for servicing the connector.
Type: String
Required: True
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter specifies whether the delivery agent connector is enabled.

Required: False
Position: Named
Default value: None
-IsScopedConnector
The IsScopedConnector parameter specifies the availability of the connector to other Mailbox servers. If the value
of this parameter is $false, the connector can be used by all Mailbox servers in your organization. If the value of this
parameter is $true, the connector can only be used by Mailbox servers in the same Active Directory site. The default
value is $false.

Required: False
Position: Named
Default value: None
-MaxConcurrentConnections
The MaxConcurrentConnections parameter specifies the maximum number of concurrent connections this
connector accepts from a specific IP address. The default value is 5.
Type: Int32
Required: False
Position: Named
Default value: None
-MaxMessageSize
The MaxMessageSize parameter specifies the maximum size of a message that's allowed to pass through this
connector. When you enter a value, qualify the value with one of the following units:
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
Unqualified values are treated as bytes. The valid input range for this parameter is from 65536 through
2147483647 bytes. The default value is unlimited.
Type: Unlimited
Required: False
Position: Named
Default value: None
-MaxMessagesPerConnection
The MaxMessagesPerConnection parameter specifies the maximum number of messages this connector accepts
per connection. The connector terminates the connection after this limit is reached, and the sending server has to
initiate a new connection to send more messages. The default value is 20.
Type: Int32
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the name of this delivery agent connector. The value for the Name parameter can't
exceed 64 characters.
Type: String
Required: True
Position: 1
Default value: None
-SourceTransportServers
The SourceTransportServers parameter specifies the list of Mailbox servers that host this connector. You can specify
more than one server by separating their names with commas.
By default, only the local server on which the command is executed is added to this parameter.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-EdgeSubscription
In ths Article
This cmdlet is available only in on-premises Exchange. Use the New -EdgeSubscription cmdlet to export an Edge
Subscription file from an Edge Transport server and to import the Edge Subscription file to a Mailbox server. For
Syntax
New-EdgeSubscription [-AccountExpiryDuration <TimeSpan>] [-Confirm]
[-CreateInboundSendConnector <$true | $false>] [-CreateInternetSendConnector <$true | $false>]
[-DomainController <Fqdn>] [-FileData <Byte[]>] [-FileName <LongPath>] [-Force] [-Site <AdSiteIdParameter>]
Description
The Edge Transport server doesn't have access to Active Directory. All configuration and recipient information is
stored in the Active Directory Lightweight Directory Services (AD LDS ) instance. The New -EdgeSubscription
cmdlet creates the Edge Subscription file that will be imported on a Mailbox server in the Active Directory site to
which you want to subscribe this Edge Transport server..
Examples
-------------------------- Example 1 --------------------------
New-EdgeSubscription -FileName "c:\EdgeServerSubscription.xml"
This example creates the Edge Subscription file. It should be run on your Edge Transport server.
-------------------------- Example 2 --------------------------
[byte[]]$Temp = Get-Content -Path "C:\EdgeServerSubscription.xml" -Encoding Byte -ReadCount 0; New-

EdgeSubscription -FileData $Temp -Site "Default-First-Site-Name"
This example imports the Edge Subscription file generated in Example 1 to the Active Directory site Default-First-
Site-Name. Importing the Edge Subscription file completes the Edge Subscription process. You must run this
command on the Mailbox server.
The first command reads the data from the Edge Subscription file and stores it in a temporary variable as a byte-
encoded data object. The second command completes the Edge subscription process.
-------------------------- Example 3 --------------------------
New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path "C:\EdgeServerSubscription.xml" -Encoding Byte -

ReadCount 0)) -Site "Default-First-Site-Name"
This example also imports the Edge Subscription file generated in Example 1 to the Active Directory site Default-
First-Site-Name; however, the end result is accomplished using one command. You must run this command on the
Mailbox server.
Parameters
-AccountExpiryDuration
The AccountExpiryDuration parameter specifies how soon the EdgeSync bootstrap replication account (ESBRA)
created by this command will expire.
seconds.
The value for this parameter must be a minimum of 00:02:00 or 2 minutes. The default value is 24:00:00 or 24
hours.
Type: TimeSpan
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-CreateInboundSendConnector
The CreateInboundSendConnector parameter specifies whether to create the Send connector to connect the Edge
Transport server and the Hub Transport servers. The default value is $true. The Send connector address space is set
to "--", the smart hosts are set to "--", the Edge Transport server is set as the source server and Domain Name
System (DNS ) routing is disabled. This parameter is only used when you run the command on the Hub Transport
server.
Required: False
Position: Named
Default value: None
-CreateInternetSendConnector
The CreateInternetSendConnector parameter specifies whether to create the Send connector to connect to the
Internet. The default value is $true. The Send connector address space is set to all domains (*), the Edge Transport
server is set as the source server, and DNS routing is enabled. This parameter is only used when you run the
command on the Hub Transport server.

Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-FileData
The FileData parameter specifies the byte-encoded data object that contains the Edge Subscription file information.
You can only use this parameter when you're running this command on a Mailbox server.
Type: Byte[]
Required: False
Position: Named
Default value: None
-FileName
The FileName parameter specifies the full path of the Edge Subscription file.
You can only use this parameter when you're running this command on an Edge Transport server.
Type: LongPath
Required: False
Position: Named
Default value: None
-Force
This switch is useful when you use a script with the Edge Subscription command because it bypasses confirmation.
Another scenario in which this switch is useful is when you have to subscribe an Edge Transport server again and
you want to overwrite the existing configuration information.
Required: False
Position: Named
Default value: None
-Site
The Site parameter specifies the name of the Active Directory site that contains the Mailbox servers with which the
Edge Transport servers are associated. This parameter is used and required only when you run the command on a
Mailbox server.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-EdgeSyncServiceConfig
In ths Article
This cmdlet is available only in on-premises Exchange. Use the New -EdgeSyncServiceConfig cmdlet to create edge
synchronization service settings that control the general synchronization behavior shared by all EdgeSync services.
Syntax
New-EdgeSyncServiceConfig [-ConfigurationSyncInterval <EnhancedTimeSpan>] [-Confirm]
[-CookieValidDuration <EnhancedTimeSpan>] [-DomainController <Fqdn>] [-FailoverDCInterval <EnhancedTimeSpan>]
[-LockDuration <EnhancedTimeSpan>] [-LockRenewalDuration <EnhancedTimeSpan>] [-LogEnabled <$true | $false>]
[-LogLevel <None | Low | Medium | High>] [-LogMaxAge <EnhancedTimeSpan>] [-LogMaxDirectorySize <Unlimited>]
[-LogMaxFileSize <Unlimited>] [-LogPath <String>] [-OptionDuration <EnhancedTimeSpan>]
[-RecipientSyncInterval <EnhancedTimeSpan>] [-Site <AdSiteIdParameter>] [-WhatIf] [<CommonParameters>]
Description
Examples
-------------------------- Example 1 --------------------------
New-EdgeSyncServiceConfig -LogEnabled $true -LogPath "\\Server01\EdgeSyncLog" -LogMaxFileSize 5MB -LogMaxAge 3
This example creates EdgeSync service settings with the following configuration:
EdgeSync logging is enabled.
The log files are stored in the EdgeSyncLog share on Server01.
The maximum individual log file size is 5 megabytes (MB ).
The log files are kept for 3 days.
Parameters
-ConfigurationSyncInterval
The ConfigurationSyncInterval parameter specifies how frequently the EdgeSync service synchronizes
configuration data. The default value is 3 minutes.
seconds.
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-CookieValidDuration
The CookieValidDuration parameter specifies how long a cookie record is valid. The default value is 21 days.
seconds.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-FailoverDCInterval
The FailoverDCInterval parameter specifies how long EdgeSync waits before failing over to another domain
controller if it can't read configuration data from Active Directory. The default value is 5 minutes.
seconds.
Required: False
Position: Named
Default value: None
-LockDuration
The LockDuration parameter specifies how long an instance of the EdgeSync service can maintain an exclusive lock
on the synchronization rights. While an EdgeSync service maintains an exclusive lock on synchronization rights, no
other EdgeSync service can take over synchronization. The default value is 6 minutes.
seconds.
Required: False
Position: Named
Default value: None
-LockRenewalDuration
The LockRenewalDuration parameter specifies how long before the expiry of an exclusive lock an EdgeSync service
can renew the lock. The default value is 4 minutes.
seconds.
Required: False
Position: Named
Default value: None
-LogEnabled
The LogEnabled parameter enables or disables the EdgeSync log. Valid input for this parameter is $true or $false.

Required: False
Position: Named
Default value: None
-LogLevel
The LogLevel parameter specifies the EdgeSync logging level. Valid values for this parameter are None, Low,
Medium and High. The default value is None.
Type: None | Low | Medium | High

Required: False
Position: Named
Default value: None
-LogMaxAge
The LogMaxAge parameter specifies the maximum duration in days to keep the EdgeSyncLog files. Log files older
than the specified value can be overwritten. The default value is 30 days.
seconds.
Required: False
Position: Named
Default value: None
-LogMaxDirectorySize
The LogMaxDirectorySize parameter specifies the maximum amount of disk space the EdgeSyncLog directory can
use. The default value is 250 MB.
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
The value of the LogMaxFileSize parameter must be less than or equal to the value of the LogMaxDirectorySize
parameter. The valid input range for either parameter is from 1 through 9223372036854775807 bytes. If you enter
a value of unlimited, no size limit is imposed on the EdgeSyncLLog directory.
Type: Unlimited
Required: False
Position: Named
Default value: None
-LogMaxFileSize
The LogMaxFileSize parameter specifies the maximum log file size for the EdgeSyncLog files. The default value is
10 MB.
B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)
The value of the LogMaxFileSize parameter must be less than or equal to the value of the LogMaxDirectorySize
parameter. The valid input range for either parameter is from 1 through 9223372036854775807 bytes. If you enter
a value of unlimited, no size limit is imposed on the EdgeSyncLog files.
Type: Unlimited
Required: False
Position: Named
Default value: None
-LogPath
The LogPath parameter specifies the default location for the EdgeSyncLog files. The default value is
TransportRoles\Logs\EdgeSync\.
Type: String
Required: False
Position: Named
Default value: None
-OptionDuration
The OptionDuration parameter specifies how long an instance of the EdgeSync service can maintain an optional
lock on synchronization rights. While an EdgeSync service maintains an optional lock on synchronization rights,
another EdgeSync service can take over synchronization after the optional lock has expired if it's initiated using the
Start-EdgeSynchronization command. The default value is 30 minutes.
seconds.
Required: False
Position: Named
Default value: None
-RecipientSyncInterval
The RecipientSyncInterval parameter specifies how frequently the EdgeSync service synchronizes recipient data
from the global catalog. The default value is 5 minutes.
seconds.
Required: False
Position: Named
Default value: None
-Site
The Site parameter specifies the Active Directory site that EdgeSync connects to for synchronizing configuration
and recipient data.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-ForeignConnector
In ths Article
This cmdlet is available only in on-premises Exchange. Use the New -ForeignConnector cmdlet to create a new
Foreign connector in the Transport service of a Mailbox server. For information about the parameter sets in the
Syntax
New-ForeignConnector [-Name] <String> -AddressSpaces <MultiValuedProperty> [-Confirm]
[-DomainController <Fqdn>] [-IsScopedConnector <$true | $false>]
[-SourceTransportServers <MultiValuedProperty>] [-WhatIf] [<CommonParameters>]
Description
A Foreign connector uses a Drop directory in the Transport service of a Mailbox server to send messages to a local
messaging server that doesn't use SMTP as its primary transport mechanism. These messaging servers are known
as foreign gateway servers. Third-party fax gateway servers are examples of foreign gateway servers. The address
spaces assigned to a Foreign connector can be SMTP or non-SMTP.
Examples
-------------------------- Example 1 --------------------------
New-ForeignConnector -Name "Contoso Foreign Connector" -AddressSpaces "X400:c=US;a=Fabrikam;P=Contoso;5" -

SourceTransportServers Hub01,Hub02
This example creates a Foreign connector with the following properties:

Connector name: Contoso Foreign Connector
Address space: "c=US;a=Fabrikam;P=Contoso"
Address space type: X.400
Address space cost: 5
Source transport servers: Hub01 and Hub02
Parameters
-AddressSpaces
The AddressSpaces parameter specifies the domain names to which the Foreign connector sends messages. The
complete syntax for entering each address space is as follows: <AddressSpaceType>:<AddressSpace>;
<AddressSpaceCost>
AddressSpaceType: The address space type may be SMTP, X400, or any other text string. If you omit the
address space type, an SMTP address space type is assumed.
AddressSpace: For SMTP address space types, the address space that you enter must be RFC 1035-compliant.
For example, *, *.com, and *.contoso.com are permitted, but *contoso.com isn't permitted. For X.400 address
space types, the address space that you enter must be RFC 1685-compliant, such as
o=MySite;p=MyOrg;a=adatum;c=us. For all other values of an address type, you can enter any text for the
address space.
AddressSpaceCost: The valid input range for the cost is from 1 through 100. A lower cost indicates a better
route. If you omit the address space cost, a cost of 1 is assumed. If you enter a non-SMTP address space that
contains the semicolon character (;), you must specify the address space cost.
If you specify the address space type or the address space cost, you must enclose the address space in quotation
marks ("). For example, the following address space entries are equivalent:
"SMTP:contoso.com;1"
"contoso.com;1"
"SMTP:contoso.com"
contoso.com
You may specify multiple address spaces by separating the address spaces with commas, for example:
contoso.com,fabrikam.com. If you specify the address space type or the address space cost, you must enclose the
address space in quotation marks ("), for example: "contoso.com;2","fabrikam.com;3".
Required: True
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-DomainController
Type: Fqdn
Required: False
Position: Named
Default value: None
-IsScopedConnector
The IsScopedConnector parameter specifies the availability of the connector to other Mailbox servers. When the
value of this parameter is $false, the connector can be used by all Mailbox servers in the Exchange organization.
When the value of this parameter is $true, the connector can be used only by Mailbox servers in the same Active
Directory site. The default value is $false.

Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the name for the Foreign connector.
Type: String
Required: True
Position: 1
Default value: None
-SourceTransportServers
The SourceTransportServers parameter specifies the names of the Mailbox servers that use this Foreign connector.
Having a single Foreign connector homed on multiple servers provides fault tolerance and high availability if one
of the Mailbox servers fails. The default value of this parameter is the name of the server on which this Foreign
connector is first installed.
Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-InboundConnector
In ths Article
This cmdlet is available only in the cloud-based service. Use the New -InboundConnector cmdlet to create a new
Inbound connector in your cloud-based organization. For information about the parameter sets in the Syntax
Syntax
New-InboundConnector [-Name] <String> -SenderDomains <MultiValuedProperty>
[-AssociatedAcceptedDomains <MultiValuedProperty>] [-CloudServicesMailEnabled <$true | $false>]
[-Comment <String>] [-Confirm] [-ConnectorSource <Default | Migrated | HybridWizard | AdminUI>]
[-ConnectorType <OnPremises | Partner>] [-Enabled <$true | $false>] [-RequireTls <$true | $false>]
[-RestrictDomainsToCertificate <$true | $false>] [-RestrictDomainsToIPAddresses <$true | $false>]
[-SenderIPAddresses <MultiValuedProperty>] [-TlsSenderCertificateName <TlsCertificate>]
[-TreatMessagesAsInternal <$true | $false>] [-WhatIf] [<CommonParameters>]
Description
Inbound connectors accept email messages from remote domains that require specific configuration options.
Examples
-------------------------- Example 1 --------------------------
New-InboundConnector -Name "Contoso Inbound Connector" -SenderDomains *.contoso.com -SenderIPAddresses

192.168.0.1/25 -RestrictDomainsToIPAddresses $true
This example creates the Inbound connector named Contoso Inbound Connector with the following properties:
It listens for incoming connections from the domain contoso.com and all subdomains.
It only accepts mail from contoso.com, and from the IP range 192.168.0.1/25. It rejects mail from contoso.com
if it originates from any other IP address.
-------------------------- Example 2 --------------------------
New-InboundConnector -Name "Contoso Inbound Secure Connector" -SenderDomains *.contoso.com -SenderIPAddresses

192.168.0.1/25 -RestrictDomainsToIPAddresses $true -RequireTLS $true -TlsSenderCertificateName *.contoso.com
This example creates the Inbound connector named Contoso Inbound Secure Connector and requires TLS
transmission for all messages.
Parameters
-AssociatedAcceptedDomains
The AssociatedAcceptedDomains parameter specifies the accepted domains that the connector applies to, thereby
limiting its scope. For example, you can apply the connector to a specific accepted domain in your organization,
such as contoso.com.
Required: False
Position: Named
Default value: None
-CloudServicesMailEnabled
Note: We recommend that you don't use this parameter unless you are directed to do so by Microsoft Customer
Service and Support, or by specific product documentation. Instead, use the Hybrid Configuration wizard to
configure mail flow between your on-premises and cloud organizations. For more information, see Hybrid
Configuration wizard (https://technet.microsoft.com/library/hh529921.aspx).
The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an
on-premises Exchange environment and Microsoft Office 365. Specifically, this parameter controls how certain
internal X-MS -Exchange-Organization-* message headers are handled in messages that are sent between accepted
domains in the on-premises and cloud organizations. These headers are collectively known as cross-premises
headers.
Valid values are:
$true: The connector is used for mail flow in hybrid organizations, so cross-premises headers are preserved or
promoted in messages that flow through the connector. This is the default value for connectors that are created
by the Hybrid Configuration wizard. Certain X-MS -Exchange-Organization-* headers in outbound messages
that are sent from one side of the hybrid organization to the other are converted to X-MS -Exchange-
CrossPremises-* headers and are thereby preserved in messages. X-MS -Exchange-CrossPremises-* headers in
inbound messages that are received on one side of the hybrid organization from the other are promoted to X-
MS -Exchange-Organization-* headers. These promoted headers replace any instances of the same X-MS -
Exchange-Organization-* headers that already exist in messages.
$false: The connector isn't used for mail flow in hybrid organizations, so any cross-premises headers are
removed from messages that flow through the connector.

Required: False
Position: Named
Default value: None
-Comment
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-ConnectorSource
The ConnectorSource parameter specifies how the connector is created. Valid input for this parameter includes the
following values:
Default: The connector is manually created.
HybridWizard: The connector is automatically created by the Hybrid Configuration Wizard.
Migrated: The connector was originally created in Microsoft Forefront Online Protection for Exchange.
The default value for connectors you create yourself is Default. It isn't recommended that you change this value.
Type: Default | Migrated | HybridWizard | AdminUI

Required: False
Position: Named
Default value: None
-ConnectorType
The ConnectorType parameter specifies a category for the domains that are serviced by the connector. Valid input
for this parameter includes the following values:
Partner: The connector services domains that are external to your organization.
OnPremises: The connector services domains that are used by your on-premises organization. Use this value
for accepted domains in your cloud-based organization that are also specified by the SenderDomains
parameter.
Type: OnPremises | Partner
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter enables or disables the connector. Valid input for this parameter is $true or $false. The

Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies a descriptive name for the connector.
Type: String
Required: True
Position: 1
Default value: None
-RequireTls
The RequireTLS parameter specifies that all messages received by this connector require TLS transmission. Valid
values for this parameter are $true or $false. The default value is $false.

Required: False
Position: Named
Default value: None
-RestrictDomainsToCertificate
The RestrictDomainsToCertificate parameter specifies that Office 365 should identify incoming messages that are
eligible for this connector by verifying that the remote server authenticates using a TLS certificate that has the
TlsSenderCertificateName in the Subject. Valid values are $true or $false.

Required: False
Position: Named
Default value: None
-RestrictDomainsToIPAddresses
The RestrictDomainsToIPAddresses parameter, when set to $true, automatically rejects mail from the domains
specified by the SenderDomains parameter if the mail originates from an IP address that isn't specified by the
SenderIPAddresses parameter.

Required: False
Position: Named
Default value: None
-SenderDomains
The SenderDomains parameter specifies the remote domains from which this connector accepts messages, thereby
limiting its scope. You can use a wildcard character to specify all subdomains of a specified domain, as shown in the
following example: *.contoso.com. However, you can't embed a wildcard character, as shown in the following
example: domain.*.contoso.com. You can specify multiple domains separated by commas.
Required: True
Position: Named
Default value: None
-SenderIPAddresses
The SenderIPAddresses parameter specifies the remote IP addresses from which this connector accepts messages.
CIDR IP: You can use Classless InterDomain Routing (CIDR ), for example, 192.168.0.1/25.
You can specify multiple IP addresses separated by commas.
Required: False
Position: Named
Default value: None
-TlsSenderCertificateName
The TlsSenderCertificateName parameter specifies the certificate used by the sender's domain when the RequireTls
parameter is set to $true. Valid input for the TlsSenderCertificateName parameter is an SMTP domain. You can use
a wildcard character to specify all subdomains of a specified domain, as shown in the following example:
*.contoso.com.
You can't embed a wildcard character, as shown in the following example: domain.*.contoso.com.
Type: TlsCertificate
Required: False
Position: Named
Default value: None
-TreatMessagesAsInternal
The TreatMessagesAsInternal parameter specifies an alternative method to identify messages sent from an on-
premises organization as internal messages. You should only consider using this parameter when your on-premises
organization doesn't use Exchange. Valid values are:
$true: Messages are considered internal if the sender's domain matches a domain that's configured in Office
365. This setting allows internal mail flow between Office 365 and on-premises organizations that don't have
Exchange Server 2010 or later installed. However, this setting has potential security risks (for example, internal
messages bypass antispam filtering), so use caution when configuring this setting.
$false: Messages aren't considered internal. This is the default value.
In hybrid environments, you don't need to use this parameter, because the Hybrid Configuration wizard
automatically configures the required settings on the Inbound connector in Office 365 and the Send connector in
the on-premises Exchange organization (the CloudServicesMailEnabled parameter).

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-OutboundConnector
In ths Article
This cmdlet is available only in the cloud-based service. Use the New -OutboundConnector cmdlet to create a new
Outbound connector in your cloud-based organization. For information about the parameter sets in the Syntax
Syntax
New-OutboundConnector [-Name] <String>
[-AllAcceptedDomains <$true | $false>]
[-CloudServicesMailEnabled <$true | $false>]
[-Comment <String>]
[-Confirm]
[-ConnectorSource <Default | Migrated | HybridWizard | AdminUI>]
[-ConnectorType <OnPremises | Partner>]
[-IsTransportRuleScoped <$true | $false>]
[-LinkForModifiedConnector <Guid>]
[-RecipientDomains <MultiValuedProperty>]
[-RouteAllMessagesViaOnPremises <$true | $false>]
[-SmartHosts <MultiValuedProperty>]
[-TestMode <$true | $false>]
[-TlsDomain <SmtpDomainWithSubdomains>]
[-TlsSettings <EncryptionOnly | CertificateValidation | DomainValidation>]
[-UseMXRecord <$true | $false>]
Description
Outbound connectors send email messages to remote domains that require specific configuration options.
Examples
-------------------------- Example 1 --------------------------
New-OutboundConnector -Name "Contoso Outbound Connector" -RecipientDomains *.contoso.com -TlsSettings

DomainValidation -TlsDomain *.contoso.com
This example creates the Outbound connector named Contoso Outbound Connector with the following properties:
It sends messages to recipients in the contoso.com domain and all subdomains.
It uses TLS encryption and certificate verification for mail routed to the contoso.com domain and all
subdomains
Parameters
-AllAcceptedDomains
The AllAcceptedDomains parameter specifies whether the Outbound connector is used in hybrid organizations
where message recipients are in accepted domains of the cloud-based organization. Valid values are:
$true: The Outbound connector is used in hybrid organizations when message recipients are in an accepted
domain of the cloud-based organization. You can only use this value when the ConnectorType parameter value
is OnPremises.
$false: The Outbound connector isn't used in hybrid organizations. This is the default value.

Required: False
Position: Named
Default value: None
-CloudServicesMailEnabled
Note: We recommend that you don't use this parameter unless you are directed to do so by Microsoft Customer
Service and Support, or by specific product documentation. Instead, use the Hybrid Configuration wizard to
configure mail flow between your on-premises and cloud organizations. For more information, see Hybrid
Configuration wizard (https://technet.microsoft.com/library/hh529921.aspx).
The CloudServicesMailEnabled parameter specifies whether the connector is used for hybrid mail flow between an
on-premises Exchange environment and Microsoft Office 365. Specifically, this parameter controls how certain
internal X-MS -Exchange-Organization-* message headers are handled in messages that are sent between accepted
domains in the on-premises and cloud organizations. These headers are collectively known as cross-premises
headers.
Valid values are:
$true: The connector is used for mail flow in hybrid organizations, so cross-premises headers are preserved or
promoted in messages that flow through the connector. This is the default value for connectors that are created
by the Hybrid Configuration wizard. Certain X-MS -Exchange-Organization-* headers in outbound messages
that are sent from one side of the hybrid organization to the other are converted to X-MS -Exchange-
CrossPremises-* headers and are thereby preserved in messages. X-MS -Exchange-CrossPremises-* headers in
inbound messages that are received on one side of the hybrid organization from the other are promoted to X-
MS -Exchange-Organization-* headers. These promoted headers replace any instances of the same X-MS -
Exchange-Organization-* headers that already exist in messages.
$false: The connector isn't used for mail flow in hybrid organizations, so any cross-premises headers are
removed from messages that flow through the connector.

Required: False
Position: Named
Default value: None
-Comment
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-ConnectorSource
The ConnectorSource parameter specifies how the connector is created. Valid values are:
Default: The connector is manually created. This is the default value when you use this cmdlet, and we
recommend that you don't change this value.
HybridWizard: The connector is automatically created by the Hybrid Configuration Wizard.
Migrated: The connector was originally created in Microsoft Forefront Online Protection for Exchange.
Type: Default | Migrated | HybridWizard | AdminUI

Required: False
Position: Named
Default value: None
-ConnectorType
The ConnectorType parameter specifies a category for the domains that are serviced by the connector. Valid values
are:
Partner: The connector services domains that are external to your organization.
OnPremises: The connector services domains that are used by your on-premises organization.
Type: OnPremises | Partner
Required: False
Position: Named
Default value: None
-Enabled
The Enabled parameter specifies whether to enable or disable the Outbound connector. Valid values are:
$true: The connector is enabled. This is the default value.
$false: The connector is disabled.

Required: False
Position: Named
Default value: None
-IsTransportRuleScoped
The IsTransportRuleScoped parameter specifies whether the Outbound connector is associated with a transport
rule (also known as a mail flow rule). Valid values are:
$true: The connector is associated with a transport rule.
$false: The connector isn't associated with a transport rule. This is the default value.
You scope a transport rule to an Outbound connector by using the RouteMessageOutboundConnector parameter
on the New -TransportRule or Set-TransportRule cmdlets. Messages that match the conditions of the transport rule
are routed to their destinations by using the specified Outbound connector.

Required: False
Position: Named
Default value: None
-LinkForModifiedConnector
Type: Guid
Required: False
Position: Named
Default value: None
-Name
The Name parameter specifies the unique name for the connector. The maximum length is 64 characters. If the
Type: String
Required: True
Position: 1
Default value: None
-RecipientDomains
The RecipientDomains parameter specifies the domains that the Outbound connector routes mail to. You can
specify multiple domains separated by commas.
You can use a wildcard character to specify all subdomains of a specified domain, as shown in the following
example: *.contoso.com. However, you can't embed a wildcard character, as shown in the following example:
domain.*.contoso.com.
Required: False
Position: Named
Default value: None
-RouteAllMessagesViaOnPremises
The RouteAllMessagesViaOnPremises parameter specifies that all messages serviced by this connector are first
routed through the on-premises messaging system in hybrid organizations. Valid values are:
$true: Messages are routed through the on-premises messaging system. This setting requires you to set the
ConnectorType parameter to the value OnPremises in the same command.
$false: Messages aren't routed through the on-premises messaging system. This is the default value.

Required: False
Position: Named
Default value: None
-SmartHosts
The SmartHosts parameter specifies the smart hosts the Outbound connector uses to route mail. This parameter is
required if you set the UseMxRecord parameter to $false and must be specified on the same command line. The
SmartHosts parameter takes one or more FQDNs, such as server.contoso.com, or one or more IP addresses, or a
combination of both FQDNs and IP addresses. Separate each value by using a comma. If you enter an IP address,
you may enter the IP address as a literal, for example: 10.10.1.1, or using Classless InterDomain Routing (CIDR ), for
example, 192.168.0.1/25. The smart host identity can be the FQDN of a smart host server, a mail exchange (MX)
record, or an address (A) record.
Required: False
Position: Named
Default value: None
-TestMode
The TestMode parameter specifies whether you want to enabled or disable test mode for the Outbound connector.
Valid values are:
$true: Test mode is enabled.
$false: Test mode is disabled. This is the default value.

Required: False
Position: Named
Default value: None
-TlsDomain
The TlsDomain parameter specifies the domain name that the Outbound connector uses to verify the FQDN of the
target certificate when establishing a TLS secured connection. This parameter is only used if the TlsSettings
parameter is set to DomainValidation. Valid input for the TlsDomain parameter is an SMTP domain. You can use a
wildcard character to specify all subdomains of a specified domain, as shown in the following example:
*.contoso.com. However, you can't embed a wildcard character, as shown in the following example:
domain.*.contoso.com
Required: False
Position: Named
Default value: None
-TlsSettings
The TlsSettings parameter specifies the TLS authentication level that's used for outbound TLS connections
established by this Outbound connector. Valid values are:
EncryptionOnly: TLS is used only to encrypt the communication channel. No certificate authentication is
performed.
CertificateValidation: TLS is used to encrypt the channel and certificate chain validation and revocation lists
checks are performed.
DomainValidation: In addition to channel encryption and certificate validation, the Outbound connector also
verifies that the FQDN of the target certificate matches the domain specified in the TlsDomain parameter.
$null (blank): This is the default value.
Type: EncryptionOnly | CertificateValidation | DomainValidation

Required: False
Position: Named
Default value: None
-UseMXRecord
The UseMXRecord parameter enables or disables DNS routing for the connector. Valid values are:
$true: The connector uses DNS routing (MX records in DNS ) to deliver email. This is the default value.
$false: The connector delivers email to one or more smart hosts. When you use this value, you also need to
specify the smart hosts by using the SmartHosts parameter in the same command.

Required: False
Position: Named
Default value: None
-WhatIf
Required: False
Position: Named
Default value: None
Inputs
accept input data.
Outputs
Related Links
Online Version
New-ReceiveConnector
In ths Article
This cmdlet is available only in on-premises Exchange. Use the New -ReceiveConnector cmdlet to create Receive
connectors on Mailbox servers and Edge Transport servers. Receive connectors listen for inbound SMTP
connections on the Exchange server. For information about the parameter sets in the Syntax section below, see
Syntax
New-ReceiveConnector [-Name] <String> -Bindings <MultiValuedProperty> -RemoteIPRanges <MultiValuedProperty> [-
Custom]
[-AdvertiseClientSettings <$true | $false>]
[-AuthMechanism <None | Tls | Integrated | BasicAuth | BasicAuthRequireTLS | ExchangeServer |
ExternalAuthoritative>]
[-AuthTarpitInterval <EnhancedTimeSpan>]
[-Banner <String>]
[-BinaryMimeEnabled <$true | $false>]
[-ChunkingEnabled <$true | $false>]
[-Comment <String>]
[-Confirm]
[-ConnectionInactivityTimeout <EnhancedTimeSpan>]
[-ConnectionTimeout <EnhancedTimeSpan>]
[-DefaultDomain <AcceptedDomainIdParameter>]
[-DeliveryStatusNotificationEnabled <$true | $false>]
[-DomainSecureEnabled <$true | $false>]
[-EightBitMimeEnabled <$true | $false>]
[-EnableAuthGSSAPI <$true | $false>]
[-EnhancedStatusCodesEnabled <$true | $false>]
[-ExtendedProtectionPolicy <None | Allow | Require>]
[-Fqdn <Fqdn>]
[-LongAddressesEnabled <$true | $false>]
[-MaxAcknowledgementDelay <EnhancedTimeSpan>]
[-MaxHeaderSize <ByteQuantifiedSize>]
[-MaxHopCount <Int32>]
[-MaxInboundConnection <Unlimited>]
[-MaxInboundConnectionPercentagePerSource <Int32>]
[-MaxInboundConnectionPerSource <Unlimited>]
[-MaxLocalHopCount <Int32>]
[-MaxLogonFailures <Int32>]
[-MaxMessageSize <ByteQuantifiedSize>]
[-MaxProtocolErrors <Unlimited>]
[-MaxRecipientsPerMessage <Int32>]
[-MessageRateLimit <Unlimited>]
[-MessageRateSource <None | IPAddress | User | All>]
[-OrarEnabled <$true | $false>]
[-PermissionGroups <None | AnonymousUsers | ExchangeUsers | ExchangeServers | ExchangeLegacyServers | Partners
| Custom>]
[-PipeliningEnabled <$true | $false>]
[-ProtocolLoggingLevel <None | Verbose>]
[-RejectReservedSecondLevelRecipientDomains <$true | $false>]
[-RejectReservedTopLevelRecipientDomains <$true | $false>]
[-RejectSingleLabelRecipientDomains <$true | $false>]
[-RequireEHLODomain <$true | $false>]
[-RequireTLS <$true | $false>]
[-ServiceDiscoveryFqdn <Fqdn>]
[-SizeEnabled <Disabled | Enabled | EnabledWithoutValue>]
[-SuppressXAnonymousTls <$true | $false>]
[-TarpitInterval <EnhancedTimeSpan>]
[-TlsCertificateName <SmtpX509Identifier>]
[-TlsDomainCapabilities <MultiValuedProperty>]
[-TransportRole <None | Cafe | Mailbox | ClientAccess | UnifiedMessaging | HubTransport | Edge | All |
Monitoring | CentralAdmin | CentralAdminDatabase | DomainController | WindowsDeploymentServer |
ProvisionedServer | LanguagePacks | FrontendTransport | CafeArray | FfoWebService | OSP | ARR |
ManagementFrontEnd | ManagementBackEnd | SCOM | CentralAdminFrontEnd | NAT | DHCP>]
New-ReceiveConnector [-Name] <String> -Bindings <MultiValuedProperty> [-Internet]
[-RemoteIPRanges <MultiValuedProperty>]
[-Banner <String>]
[-Comment <String>]
[-Confirm]
[-Fqdn <Fqdn>]
| Custom>]
New-ReceiveConnector [-Name] <String> -Bindings <MultiValuedProperty> -RemoteIPRanges <MultiValuedProperty> [-
Partner]
[-Banner <String>]
[-Comment <String>]
[-Confirm]
[-Fqdn <Fqdn>]
| Custom>]
New-ReceiveConnector [-Name] <String> -RemoteIPRanges <MultiValuedProperty> [-Bindings <MultiValuedProperty>]
[-Internal]
[-Banner <String>]
[-Comment <String>]
[-Confirm]
[-Fqdn <Fqdn>]
| Custom>]
New-ReceiveConnector [-Name] <String> -RemoteIPRanges <MultiValuedProperty> [-Bindings <MultiValuedProperty>]
[-Client]
[-Banner <String>]
[-Comment <String>]
[-Confirm]
[-Fqdn <Fqdn>]
| Custom>]
New-ReceiveConnector [-Name] <String> -Usage <Custom | Internet | Internal | Client | Partner> [-Bindings
<MultiValuedProperty>] [-RemoteIPRanges <MultiValuedProperty>]
[AdvertiseClientSettings <$true | $false>]
[-Banner <String>]
[-Comment <String>]
[-Confirm]
[-Fqdn <Fqdn>]
| Custom>]
Description
On Mailbox servers, you can create Receive connectors in the Front End Transport service, and the Transport (Hub)
service. On Edge Transport servers, you can create Receive connectors in the Transport service.
For more information about Receive connector usage types, permission groups, and authentication methods, see
Receive connectors (https://technet.microsoft.com/library/aa996395.aspx).
Examples
-------------------------- Example 1 --------------------------
New-ReceiveConnector -Name Test -Usage Custom -Bindings 10.10.1.1:25 -RemoteIPRanges 192.168.0.1-192.168.0.24
This example creates the custom Receive connector Test with the following properties:
It listens for incoming SMTP connections on the IP address 10.10.1.1 and port 25.
It accepts incoming SMTP connections only from the IP range 192.168.0.1-192.168.0.24
Parameters
-AdvertiseClientSettings
The AdvertiseClientSettings parameter specifies whether the SMTP server name, port number, and authentication
settings for the Receive connector are displayed to users in the options of Outlook on the web. Valid values are:
$true: The SMTP values are displayed in Outlook on the web. Typically, you would only use this setting for a
Receive connector with the usage type Client (authenticated SMTP connections on TCP port 587 for POP3 and
IMAP4 clients).
$false: The SMTP values are displayed in Outlook on the web. This is the default value.

Required: False
Position: Named
Default value: None
-AuthMechanism
The AuthMechanism parameter specifies the advertised and accepted authentication mechanisms for the Receive
connector. Valid values are:
None
Tls
Integrated
BasicAuth
BasicAuthRequireTLS
ExchangeServer
ExternalAuthoritative
You can specify multiple values separated by commas, but some values have dependencies and exclusions:
You can only use the value None by itself.
The value BasicAuthRequireTLS also requires the values BasicAuth and Tls.
The only other value that you can use with ExternalAuthoritative is Tls.
The value Tls is required when the value of the RequireTLS parameter is $true.
The value ExternalAuthoritative requires you to set the value of the PermissionGroups parameter to
ExchangeServers.
Type: None | Tls | Integrated | BasicAuth | BasicAuthRequireTLS | ExchangeServer | ExternalAuthoritative

Required: False
Position: Named
Default value: None
-AuthTarpitInterval
The AuthTarpitInterval parameter specifies the period of time to delay responses to failed authentication attempts
from remote servers that may be abusing the connection. The default value is 5 seconds.
seconds.
When you set the value to 00:00:00, you disable the authentication tarpit interval. Setting the value to more than a
few seconds can cause timeouts and mail flow issues.
You can configure the delay for other SMTP failure responses by using the TarpitInterval parameter.
Required: False
Position: Named
Default value: None
-Banner
The Banner parameter specifies a custom SMTP 220 banner that's displayed to remote messaging servers that
connect to the Receive connector. When you specify a value, enclose the value in quotation marks, and start the
value with 220 (the default "Service ready" SMTP response code).
The default value of this parameter is blank ($null), which uses the following SMTP banner:
220 <Servername> Microsoft ESMTP MAIL service ready at <RegionalDay-Date-24HourTimeFormat>
<RegionalTimeZoneOffset>
Type: String
Required: False
Position: Named
Default value: None
-BinaryMimeEnabled
The BinaryMimeEnabled parameter specifies whether the BINARYMIME Extended SMTP extension is enabled or
disabled on the Receive connector. Valid values are:
$true: BINARYMIME is enabled and is advertised in the EHLO response. This setting requires that the
ChunkingEnabled parameter is also set to the value $true. This is the default value.
$false: BINARYMIME is disabled and isn't advertised in the EHLO response.
The binary MIME extension is defined in RFC 3030.

Required: False
Position: Named
Default value: None
-Bindings
The Bindings parameter specifies the local IP address and TCP port number that's used by the Receive connector.
This parameter uses the syntax "<IPv4 Address>:<TCP Port>","<IPv6 Address>:<TCP Port>". You can specify an
IPv4 address and port, and IPv6 address and port, or both. The IP address values 0.0.0.0 or [::]: indicate that the
Receive connector uses all available local IPv4 or all IPv6 addresses.
You need to specify a valid local IP address from the network adapters of the Exchange server. If you specify an
invalid local IP address, the Microsoft Exchange Transport service might fail to start when the service is restarted.
You need to use this parameter when you use these usage type parameters:
The Internet switch (or the Usage parameter with the value Internet).
The Partner switch (or the Usage parameter with the value Partner).
The Custom switch (or the Usage parameter with the value Custom).
You can't use this parameter when you use the following usage type parameters:
The Client switch (or the Usage parameter with the value Client. The default value is 0.0.0.0:587.
The Internal switch (or Usage parameter with the value Internal). The default value is 0.0.0.0:25.
The values for this parameter must satisfy one of the following uniqueness requirements:
The combination of IP address and TCP port doesn't conflict with the IP address and TCP port that's used on
another Receive connector on the server.
You use an existing combination of IP address and TCP port that's configured on another Receive connector on
the server, but you restrict the remote IP addresses by using the RemoteIPRanges parameter. When you create
a Receive connector, you can only use the RemoteIPRanges and Bindings parameters together with the Custom
and Partner switches (or the Usage parameter with the value Custom or Partner).
Required: True
Position: Named
Default value: None
-ChunkingEnabled
The ChunkingEnabled parameter specifies whether the CHUNKING Extended SMTP extension is enabled or
disabled on the Receive connector. Valid values are:
$true: CHUNKING is enabled and is advertised in the EHLO response. This is the default value.
$false: CHUNKING is disabled and isn't advertised in the EHLO response.
Chunking is defined in RFC 3030.

Required: False
Position: Named
Default value: None
-Client
The Client switch specifies the Client usage type for the Receive connector. You don't need to specify a value with
this switch.
This usage type assigns the following default permission groups and authentication methods:
Permission groups:ExchangeUsers
Authentication methods:TLS, BasicAuth, BasicAuthRequireTLS, and Integrated.
When you use this switch, you also need to use the RemoteIPRanges parameter, and you can't use the Bindings
parameter (the default value is 0.0.0.0:587).
You can't use this switch with any other usage type parameters (Internal, Internet, Partner, Custom, or Usage).
Required: True
Position: Named
Default value: None
-Comment
Type: String
Required: False
Position: Named
Default value: None
-Confirm
before proceeding.
Required: False
Position: Named
Default value: None
-ConnectionInactivityTimeout
The ConnectionInactivityTimeout parameter specifies the maximum amount of idle time before a connection to the
Receive connector is closed.
seconds.
A valid value for this parameter is 00:00:01 (one second) to 1.00:00:00 (one day).
The default value for Receive connectors on Mailbox servers is 00:05:00 (5 minutes). The default value for Receive
connectors on Edge Transport servers is 00:01:00 (1 minute).
The value of this parameter must be less than the value of the ConnectionTimeout parameter.
Required: False
Position: Named
Default value: None
-ConnectionTimeout
The ConnectionTimeout parameter specifies the maximum time that the connection to the Receive connector can
remain open, even if the connection is actively transmitting data.
seconds.
A valid value for this parameter is 00:00:01 (one second) to 1.00:00:00 (one day).
The default value for Receive connectors on Mailbox servers is 00:10:00 (10 minutes). The default value for Receive
connectors on Edge Transport servers is 00:05:00 (5 minutes).
The value of this parameter must be greater than the value of the ConnectionInactivityTimeout parameter.
Required: False
Position: Named
Default value: None
-Custom
The Custom switch specifies the Custom usage type for the Receive connector. You don't need to specify a value
with this switch.
This usage type assigns the following default permission groups and authentication methods:
Permission groups:None
Authentication methods:TLS
When you use this switch, you also need to use the Bindings and RemoteIPRanges parameters.
If you don't also use the PermissionGroups parameter to assign at least one permission group, you'll need to use
the PermissionGroups parameter on the Set-ReceiveConnector cmdlet after you create the Receive connector
(otherwise, the Receive connector can't accept inbound SMTP connections).
You can't use this switch with any other usage type parameters (Client, Internal, Internet, Partner, or Usage).
Required: False
Position: Named
Default value: None
-DefaultDomain
The DefaultDomain parameter specifies the default accepted domain to use for the Exchange organization. You can
use any value that uniquely identifies the accepted domain. For example:
Name
GUID
Although you can configure any accepted domain as the default domain, you typically specify an authoritative
domain. The default domain is used by:
The external postmaster address: postmaster@<default domain>.
Encapsulated non-SMTP email addresses (Internet Mail Connector Encapsulated Address or IMCEA
encapsulation).
The primary address for all recipients in the default email address policy. If you configure another accepted
domain as the default domain, the default email address

Exchange Powershell

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Exchange Powershell

Caricato da

Copyright:

Formati disponibili

Contents

Add-ADPermission [-Identity] <ADRawEntryIdParameter> -Owner <SecurityPrincipalIdParameter>

Add-ADPermission -Instance <ADAcePresentationObject>

Type: None | All | Descendents | SelfAndChildren | Children

Dump-ProvisioningCache [-Server] <Fqdn> -Application <String> [-CurrentOrganization] [-Organizations

Dump-ProvisioningCache -Server EXSRV1.contoso.com -Application Powershell-Proxy -GlobalCache

Get-ADPermission [-Identity] <ADRawEntryIdParameter> [-User <SecurityPrincipalIdParameter>]

Get-ADPermission "Contoso.com" -User Chris

This example returns a list of all IP site links in your organization.

Get-AdSiteLink | Where {$_.ExchangeCost -ne $null}

Get-DomainController [-DomainName <Fqdn>]

$UserCredentials = Get-Credential; Get-DomainController -DomainName corp.contoso.com -Credential

Get-OrganizationalUnit [-SearchText <String>]

Get-OrganizationalUnit "North America" -SingleNodeOnly | Format-Table Name, DistinguishedName

Get-Trust -DomainName Contoso.com

This example enumerates all trusts for the domain Contoso.com.

Remove-ADPermission [-Identity] <ADRawEntryIdParameter>

Remove-ADPermission -Instance <ADAcePresentationObject>

Remove-ADPermission -Identity Administrator -User Kim -ExtendedRights "Send As"

Type: None | All | Descendents | SelfAndChildren | Children

Reset-ProvisioningCache [-Server] <Fqdn> -Application <String>] [-CurrentOrganization] [-Organizations

Reset-ProvisioningCache -Application Powershell-Proxy -Server datacenter1.adatum.com -GlobalCache

Set-AdServerSettings [-ConfigurationDomainController <Fqdn>] [-PreferredGlobalCatalog <Fqdn>] [-

Set-AdServerSettings [[-PreferredServer] <Fqdn>] [-RecipientViewRoot <String>] [-ViewEntireForest <$true |

Set-AdServerSettings -RecipientViewRoot "contoso.com/Marketing Users"

Set-AdSite Default-First-Site-Name -HubSiteEnabled $true

Type: $true | $false

Set-AdSiteLink DEFAULT_IP_SITE_LINK -ExchangeCost 25 -MaxMessageSize 10MB

Disable-AntiPhishRule -Identity "Engineering Department Phishing Rule"

Disable-SafeAttachmentRule -Identity "Engineering Department Attachment Rule"

Disable-SafeLinksRule -Identity "Engineering Department URL Rule"

Enable-AntiPhishRule -Identity "Marketing Department Phishing Rule"

Enable-SafeAttachmentRule -Identity "Marketing Department Attachment Rule"

Enable-SafeLinksRule -Identity "Marketing Department URL Rule"

Get-AdvancedThreatProtectionTrafficReport -Organization contoso.com -StartDate "4/26/2018" -EndDate "4/28/2018"

This example shows a summary list of all antiphish policies.

Get-AntiPhishPolicy -Identity Default | Format-List

Get-AntiPhishRule -Identity "Research Department Phishing Rule" | Format-List

Type: Enabled | Disabled

Get-MailDetailATPReport -StartDate 7/1/2018 -EndDate 7/31/2018

Get-MailTrafficATPReport -StartDate 7/20/2018 -EndDate 7/20/2018 -Direction Outbound | Format-Table

Get-MailTrafficATPReport -StartDate 7/20/2018 -EndDate 7/20/2018 -Direction Outbound -SummarizeBy

Get-PhishFilterPolicy -Detailed -SpoofAllowBlockList -SpoofType Internal

This example exports the list of spoofed senders to a CSV file.

This example shows a summary list of all Safe Attachments policies.

Get-SafeAttachmentPolicy -Identity Default | Format-List

Get-SafeAttachmentRule -Identity "Research Department Attachment Rule" | Format-List

Type: Enabled | Disabled

Get-SafeLinksPolicy | Format-Table Name,IsEnabled,IsDefault

This example shows a summary list of all Safe Links policies.

Get-SafeLinksPolicy -Identity Default

Get-SafeLinksRule | Format-Table -Auto Name,State,Priority,SafeLinksPolicy,Comments

Get-SafeLinksRule -Identity "Research Department URL Rule"

Type: Enabled | Disabled

Get-SpoofMailReport -StartDate 03/01/2016 -EndDate 03/31/2016

Get-UrlTrace -RecipientAddress "michelle@contoso.com" -StartDate "5/9/2016" -EndDate "5/11/2016"

New-AntiPhishPolicy -Name "Test Policy" -EnableTargetedDomainsProtection $true -AdminDisplayName "Default

Type: Delete | MoveToJmf | Quarantine

Type: $true | $false

Type: $true | $false

Type: $true | $false

Type: $true | $false

Type: $true | $false