Exchange 2010 – Average message size and similar reports

I needed to report avarage message size in Exchange 2010 environment.

In my case was acceptable to get this value by the following command:

Get-TransportServer | Get-MessageTrackingLog -resultsize unlimited | measure-object -Property TotalBytes -Maximum –Average

Count    : 3673572
Average  : 180381.180685447
Maximum  : 31447136
Property : TotalBytes

Of course that mentioned way cannot be handy for all scenarios. Here is a brief list of available methods which give us ability to report more than avarage message size based upon Message Tracking Logs.

  • Log Parser Studio – Log Parser Studio is a utility that allows you to search through and create reports from your IIS, Event, EXADB and others types of logs. It builds on top of Log Parser 2.2 and has a full user interface for easy creation and management of related SQL queries. (Introducing: Log Parser Studio)
  • Exchange 2007/2010 Email stats – Analyzes Exchange 2007 or 2010 Message Tracking Logs and produces a .csv file of mail stats per user, and keeps distribution list usage.  As posted, it will find all the HT servers in the organizaions, retrieve the logs from the previous day, and generate stats for each user, by primary smtp address, for: Total Messages and Bytes Sent, Unique Messages and Bytes Sent, Total Messages and Bytes Received, both Internal and External emails.
  • Microsoft Exchange Server Profile Analyzer (64 bit) – Use the Microsoft Exchange Server Profile Analyzer tool to collect estimated statistical information from a single mailbox store or across an Exchange Server organization. The collected data can be used for such tasks as analyzing the performance and health of a server that has mailboxes, improving capacity planning models, and improving testing methodologies and tools.

Extending schema for Exchange 2013 – error id: 8224 #2

I have faced another kind of Error ID: 8224, which was, however on virtual machine, not caused by TCP chimney issue, so here is the solution.


When running command

.\setup /PrepareSchema

I have received error 8224 as shown in picture:

In my previous article the problem was caused by incorrect settings of TCP interface (, which caused delays in replication and change actually solved the problem. In this case TCP interface was set correctly and I still experienced delays in replication. Here is how to deal with this kind of problem.


Before extending schema domain controllers hosting FSMO roles (at least Schema master) must be accessible and replication should work correctly. In my case there was a problem replicating Schema and Forest zones to secondary DC, which was connected via VPN. I have resolved VPN connection problems and after that I forced replication between DCs. Note, that MS have incorrect syntax on their technet site. You have to use quotations to run command successfully.
Replication errors:

replication problems

To force replication run the following command from elevated command prompt.

force replication

repadmin /replicate <SOURCE_DC> <DESTINATION_DC> "<DC=domain,DC=local>"


extending schema

After successful replication it is possible to extend schema.

Exchange 2013 RTM CU2 setup on Windows Server 2012 bug? – Default installation directory cannot be changed

I came accross one very odd error, while I was installing CU2 for Exchange 2013 on WS2012. The problem was, that I used command line to install Exchange to different directory C:\EXCHANGE2013.

Command used:

.\setup.exe /IacceptExchangeServerLicenseTerms /roles:mailbox,ClientAccess /MDBName:DB01 /m:install /DBFilePath:E:\DB01\DB01.edb /t:c:\EXCHANGE2013 /installWindowsComponents

Error during setup states, that FMS service cannot be started. Correct. It can be seen for all Exchange-related services. I tried to start the service manually as well:

No success. I checked via GUI and found the root cause. All Exchange related services are set to DEFAULT install path instead of the one I provided to Exchange setup (Sorry for Czech language).FIPS_Cause

I also tried to install Exchange using GUI with the same results. The only solution for my lab was to use default installation directory.
Does someone have the same problem?

How to revive Exchange server 2013 + Windows Server 2012 DC from ash – part 2. – DC installation

This part has been done in GUI in my case, however, better is to do it in PowerShell and here are the steps. To install DC on Windows Server 2012 we just need to:

1. Install windows feature Active Directory Domain Services
Open PowerShell and type “Add-WindowsFeature AD-Domain-Services” Enter

Add-WindowsFeature AD-Domain-Services

2. Install windows feature DNS
type “Add-WindowsFeature DNS” Enter

Add-WindowsFeature DNS

3. Install windows features for administration (RSAT*)
type “Add-WindowsFeature RSAT*” Enter

Add-WindowsFeature RSAT*

Once windows features are installed, we can promote computer to DC:
4. Install new DC to existing forest / domain / Site
DC should be GC as well.

Install-ADDSDomainController -CreateDnsDelegation:$false -DatabasePath 'C:\Windows\NTDS' -DomainName 'domain.local' -InstallDns:$true -LogPath 'C:\Windows\NTDS' -NoGlobalCatalog:$false -SiteName 'Default-First-Site-Name' -SysvolPath 'C:\Windows\SYSVOL' -NoRebootOnCompletion:$true -Force:$true -Credential (Get-Credential) -ReplicationSourceDC Server2.domain.local

Next step is to recover Exchange server on the DC.

How to revive Exchange server 2013 + Windows Server 2012 DC from ash – part 1. – DC cleanup


Before error there was 1 Exchange server 2013 + DC (Server1) and second server with backup DC (Server2). Server1 hosted all FSMO roles. Server2 was only DC + GC + Sharepoint server.


SSD disk as system drive on Exchange server + DC is not a good idea and one of my friends wanted to have it. It worked 6 months and then crashed. Everything is lost, but one last DC in forest. I started to solve the problem. First of all I needed to install the server with same name and promote it to DC. It is not easy task, because first of all it is needed to seize FSMO role to live domain controller. I started to seize the roles, but it is not so easy task when FSMO role holder is dead server. Finally use of NTDSUTIL will help but steps needed are quite hard so here are the steps. Thanks to article:


The goal is to seize roles from Server1 to Server2 and remove old server computer account from AD. In other words make primary domain controller from Server2. We need to use NTDSUTIL.EXE (already part of Windows Server 2012 with installed DC).

1. Run NTDSUTIL.EXE – commands of NTDSUTIL will be opened

PS D:\>ntdsutil

2.At the Ntdsutil: type “metadata cleanup” Enter.

ntdsutil: metadata cleanup
metadata cleanup:

3.At the metadata cleanup: type “connections” Enter.

metadata cleanup: connections
server connections:

4.At the server connections: type “connect to server ServerEnter, where Server is working domain controller, to clean up the metadata of the failed DC.

server connections: connect to server Server2
Binding to Server2 ...
Connected to Server2 using credentials of locally logged on user.
server connections:
Note: Windows Server 2003 Service Pack 1 eliminates the need for the above step.

5.Type “quit” Enter to return you to the metadata cleanup: prompt.

server connections: quit
metadata cleanup:

6.Type “select operation target” Enter.

metadata cleanup: Select operation target
select operation target:

7.Type “list domains” Enter. This lists all domains in the forest with a number associated with each.

select operation target: list domains
Found 1 domain(s)
0 - DC=domain,DC=local
select operation target:

8.Type “select domain number“, where number is the number of domain with failed server.

select operation target: Select domain 0
No current site
Domain - DC=domain,DC=local
No current server
No current Naming Context
select operation target:

9.Type “list sites” Enter.

select operation target: List sites
Found 1 site(s)
0 - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
select operation target:

10.Type “select site numberEnter, where number is the number of the site, where failed DC was member.¨

select operation target: Select site 0
Site - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
Domain - DC=domain,DC=local
No current server
No current Naming Context
select operation target:

11.Type “list servers in site” Enter. This will list all servers in previously selected site.

select operation target: List servers in site
Found 2 server(s)
0 - CN=Server1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
1 - CN=Server2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
select operation target:

12.Type “select server numberEnter, where number refers to the DC to be removed.

select operation target: Select server 0
Site - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
Domain - DC=domain,DC=local
Server - CN=Server1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
 DSA object - CN=NTDS Settings,CN=Server1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
 DNS host name -
 Computer object - CN=Server1,OU=Domain Controllers,DC=domain,DC=local
No current Naming Context
select operation target:

13.Type “quit” Enter. The Metadata cleanup menu is displayed.

select operation target: quit
metadata cleanup:

14.Type “remove selected server” Enter.

Warning message appears. Read it, and if you agree, select Yes.

metadata cleanup: Remove selected server
"CN=Server1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local" removed from server "Server2"
metadata cleanup:

AD confirms DC is removed. First part is over. Roles should be seized to server2:

15. Type “netdom query fsmo” Enter and check results:

PS D:\> netdom query fsmo
Schema master               Server2.domain.local
Domain naming master        Server2.domain.local
PDC                         Server2.domain.local
RID pool manager            Server2.domain.local
Infrastructure master       Server2.domain.local
The command completed successfully.

PS D:\>

16. Delete computer account for Server2 from AD
To perform this step you must give yourself permission to full control this computer object.

17. Check DNS records and remove DNS records for this computer account.

PSTip: Get-Random

The first prize of the famous lottery Sportka (Czech Republic)  is currently about 124000 €.

Sportka allows us to select 6 numbers from 49 (array of numbers 1-49) on the lottery ticket.

I wanted to bet just for fun. So why not to generate 6 numbers by PowerShell and Get-Random ;-).

We can use for example:

PS C:\> Get-Random -InputObject (1..49) -Count 6 

PS C:\> 1..49 | Get-Random -Count 6

PS C:\> 1..5 | % { (1..49 | Get-Random -Count 6) -join (",") }

And what about the following?

PS C:\> 1..6 | % { Get-Random -Minimum 1 -Maximum 50 }

It is not good idea because we can get the same numbers. It is improbable at this point but look at this:

PS C:\> 1..6 | % { Get-Random -Minimum 1 -Maximum 6 }

Of course that we can use something like that:

PS C:\> do { if( ($num=(Get-Random -Minimum 1 -Maximum 7) ) -notin $nums ){ [int[]]$nums+=$num } } while ( $nums.count -lt 6 ) $nums

But why to use that horrible command when 1..6 | Get-Random -Count 6 cannot display duplicates :-D.

By the way, the syntax does not support -Count and -Minimum or -Maximum parameters together.

  • Get-Random [[-Maximum] <Object>] [-Minimum <Object>] [-SetSeed <Int32>] [<CommonParameters>]
  • Get-Random [-InputObject] <Object[]> [-Count <Int32>] [-SetSeed <Int32>] [<CommonParameters>]

Feel free to use Get-Random also in the context of:

  • Get-Mailbox | Get-Random
  • Get-Service | Get-Random

Exchange – One option to restore data from lagged database copy

Recover data from lagged copy:

1. Gather info where user resides

Usually we need to know in which database user resides

2. Check if mailbox is still in disconnected mailboxes

Get-MailboxDatabase mdb13 | get-mailboxstatistics | where {$_.disconnectdate -ne $null}

DisplayName               ItemCount    StorageLimitStatus                                                 LastLogonTime
-----------               ---------    ------------------                                                 -------------
a1			  1962                 BelowLimit                                           5/7/2013 4:01:41 PM
S 		          2075                 BelowLimit                                          6/19/2013 9:26:52 AM
Hän		          185                  BelowLimit                                          4/30/2013 9:19:26 AM

3. Mailbox is not in disconnected state

If mailbox is not in disconnected mailboxes anymore, we have another 14 days before lagged copy disconnected date expires

4. Suspend lagged copy

Suspend lagged copy by command:

Get-MailboxDatabase mdb13 | Get-MailboxDatabaseCopyStatus

Name                                          Status          CopyQueue ReplayQueue LastInspectedLogTime   ContentIndex
                                                              Length    Length                             State
----                                          ------          --------- ----------- --------------------   ------------
MDB13\SRVMBX1                          		Mounted         0         0                                  Healthy
MDB13\SRVMBX2                          		Healthy         0         2           7/9/2013 11:33:38 AM   Healthy
MDB13\SRVMBX3                         		Healthy         0         2           7/9/2013 11:33:38 AM   Healthy
MDB13\SRVPF1                           		Healthy         0         110355      7/9/2013 11:33:38 AM   Healthy

Suspend-MailboxDatabaseCopy MDB13\SRVPF1

Are you sure you want to perform this action?
Suspending mailbox database copy "MDB13" on server "SRVPF1".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"): y

5. Copy lagged database to different location

To perform non destructive recovery we need to create additional copy of lagged database. This database will be restored to particular point in time.

6. Check if database is in clean shutdown

Dump headers of database by command:

eseutil /mh .\MDB13.edb

Extensible Storage Engine Utilities for Microsoft(R) Exchange Server
Version 14.03
Copyright (C) Microsoft Corporation. All Rights Reserved.

Initiating FILE DUMP mode...
         Database: .\MDB13.edb

Checksum Information:
Expected Checksum: 0xf3fb4807
  Actual Checksum: 0xf3fb4807

        File Type: Database
         Checksum: 0xf3fb4807
   Format ulMagic: 0x89abcdef
   Engine ulMagic: 0x89abcdef
 Format ulVersion: 0x620,17
 Engine ulVersion: 0x620,17
Created ulVersion: 0x620,17
     DB Signature: Create time:01/24/2012 02:52:12 Rand:391137630 Computer:
         cbDbPage: 32768
           dbtime: 3824249608 (0xe3f16b08)
            State: Dirty Shutdown

7. Determine PIT backup time and move newer logs elsewhere

In my example I want DB to be recovered to 29.6.2013. Be careful! You need EDB file 🙂


8. Reply logs to database to specified point in time:

Newer logs than specified PIT should be moved elsewhere or deleted (better after recovery process has been done)
Chk file should be removed (checkpoint) to reply all logs present in directory.
The following command will reply logs till PIT to database

Eseutil /r eXX /a


9. Put DB to clean shutdown

If the database is still in Dirty shutdown mode, we need to run integrity check and hard repair the database

eseutil /p .\MDB13.edb /g

DB repaired

10. Check if DB is in clean shutdown after repair

eseutil /mh .\MDB13.edb

Clean Shutdown

11. Delete all log files since those are not needed anymore

12. Create recovery database

New-MailboxDatabase -Recovery -Name RDB_13 -Server SRVPF1 -EdbFilePath e:\lagged_mdb13\mdb13
.edb -LogFolderPath e:\lagged_mdb13
WARNING: Recovery database 'RDB_13' was created using existing file e:\lagged_mdb13\mdb13.edb. The database must be
brought into a clean shutdown state before it can be mounted.

Name                           Server          Recovery        ReplicationType
----                           ------          --------        ---------------
RDB_13                         SRVPF1   True            None

13. Mount database

Mount database by issuing command:

Mount-Database RDB_13

14. Gather data about mailbox, you want to restore

Display name or StoreMailbox guid. For example use this command:

get-mailboxdatabase rdb_13 | Get-MailboxStatistics | where {$_.Displayname -like "Niitty*"}


15. Restore mailbox

To restore mailbox use the following command:

New-MailboxRestoreRequest -SourceDatabase RDB_13 -SourceStoreMailbox "Surname, name" -TargetMailbox alias -AllowLegacyDNMismatch

16. Check results

Get-MailboxRestoreRequest "MailboxRestore"


New PowerShell 4.0 and its features

When I shortly checked what is new in Windows Management Framework 4.0, I was exciting to see feature Windows PowerShell Desired State Configuration (DSC) because it brings us declarative syntax and basically new concept of scripting, wow.

Useful summary of DSC and declarative vs imperative syntax was described by Ravikanth:

Imperative versus declarative syntax in PowerShell

Windows Management Framework 4.0 Preview is also available so we can use it in practice.

Download: Windows Management Framework 4.0 Preview

Windows Management Framework 4.0 Preview includes updates to Windows PowerShell, Windows PowerShell ISE, Windows PowerShell Web Services (Management OData IIS Extension), Windows Remote Management (WinRM), Windows Management Instrumentation (WMI), the Server Manager WMI provider, and a new feature for 4.0, Windows PowerShell Desired State Configuration (DSC). 

IMPORTANT: Not all Microsoft server applications are currently compatible with WMF 4.0. Before installing WMF 4.0 Preview, be sure to read the WMF 4.0 Preview Release Notes. Specifically, systems that are running the following server applications should not run WMF 4.0 Preview at this time:

  • System Center 2012 Configuration Manager (not including SP1)
  • System Center Virtual Machine Manager 2008 R2 (including SP1)
  • Microsoft Exchange Server 2013, Microsoft Exchange Server 2010, and Microsoft Exchange Server 2007
  • Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2010
  • Windows Small Business Server 2011 and Windows Small Business Server 2008

(Important part is copied from Windows Management Framework 4.0 Preview Now Available)

How to disable Managed Availability in Exchange 2013

I’ve finally started exploring the new Exchange 2013 lately (together with Windows Server 2012) 🙂 Having done a fresh lab installation (running on vitual machine using Vmware ESXi 5.1, assigned Dual-Core i3 + 5GB RAM) I noticed that the complete response of Win 2012 Server significantly slowed-down after Exchange installation was completed. I was aware that Exchange 2013 is hungry for RAM but I was not able to provide more memory at that moment. There were no apparent errors in Application/System log. All was running fine but server just seemed to be out of breath.

You probably know that starting with Exchange 2013 Microsoft introduced new built-in monitoring feature “Managed Availability”. Managed Availability will undoubtedly be a welcomed improvement for production environment but if you want to run Exchange 2013 on a low-power server then this will probably consume some extra resources since as stated here “Every second on every Exchange 2013 server, Managed Availability polls and analyzes hundreds of health metrics”. You can see yourself with MessageTracking how many health test messages flow among monitoring mailboxes in Exchange 2013.

In addition to this, by default Exchange 2013 collects logs and performance data (<Exchange Install Drive>\Microsoft\Exchange Server\V15\Logging\Diagnostics\DailyPerformanceLogs) that are required by Microsoft in case you need to open a technical case. Those Perf data take up quite a lot of disk space as well.

Since I rather prefer having good response from my Exchange server I decided to disable those extra features.

Managed Availability is provided by Exchange Health Manager Service (MSExchangeHMHost.exe). Just stop and configure the Startup type to Manual/Disabled.

8-7-2013 13-43-02

I also disabled scheduled task that collects Performace Logs. Open location \Microsoft\Windows\PLA in Task Scheduler and disable taks ExchangeDiagnosticsDailyPerformanceLog & ExchangeDiagnosticsPerformanceLog.

8-7-2013 12-54-36

I can confirm that after above actions my Exchange server runs really nice and server’s response is excellent even on a low-power server.