[New Release] Recover deleted items using M365 Exchange Admin Center

Users accidentally deleting emails can sometimes be a painstaking task for an administrator. Specially if you are in charge of 1000+ users and majority of them are not tech savvy. For the past few years Office 365, or Microsoft 365 as now we call it gave us two main options. First would be to use the Outlook client and the second would be to use PowerShell.

Finally, Microsoft has released the ability to “Recover deleted items” using the New M365 Exchange Admin Center.


  • The Exchange administrator account that will be used to recover the mail items needs to be assigned with the “Mailbox Import Export” permission. To do this, you can either create a new Role or modify an existing role and add the “Mailbox Import Export” to the permission list.
  • Once permissions are granted, wait for a few minutes, sign-off and sign-in again for the permissions to be active for your session
  • This will adhere to your deleted items retention policies placed within the organization or user level.

For the below demo, we’ll look at the below users Deleted Items folder.

Now that we know what items will be recovered, let’s head to the Exchange Admin Center and see how the recovery is done.

  1. Login to the all-new Exchange Admin Center : https://admin.exchange.microsoft.com
  2. Navigate to Recipients > Mailboxes
  3. Select the user that you wish to recover the items from, click on the three dots (more options) and select Recover deleted items.

  4. Once you are in the Recover deleted items page, adjust the filters as you wish and click Apply filter. As you can see, all mail items are visible in the search results that’s also visible in the users Deleted Items folder from his personal login.

  5. Now to recover, you can either select a single entry, multiple entries or all items and click on the Recover deleted items button.

  6. The email item will now be restored to the Original folder as displayed in the above result summary.

And you are done!

Microsoft has really worked this feature out in terms of user-friendliness with the new EAC. This is just one feature and in the future posts, I will demo the ret of the new additions. Give this a try and share your thoughts.


Microsoft Teams Attendance Report is here

The long await is finally over. Yes, Microsoft has rolled out the much-awaited participation report for a meeting. This feature is long due as getting an attendance report is indeed a must in a meeting specially for Educators. The feature has now come up as a workaround to general availability.

Thank you for the feedback and waiting for this feature with patience. We have enabled the shortterm fix to allow download of a meeting attendance list during a meeting (from the roster view). This is released for general availability.” – Alex (Teams Engineering, Microsoft Teams)

Now let’s see the look and feel;

For this to work, you need to be the meeting organizer. If you are, while you are on the meeting, navigate to the peoples pane and check the top right corner section and you will see the Download icon.

However, there is a catch as of now. The participation list download will only be available while the meeting is going on for the meeting organizer only. So if you are the organizer you might want to download the attendance list right before you exit the call.

That’s it. It’s that simple.

For Administrators

However, if you are an administrator and would like to see the Enabled or Disabled status of the feature to your tenant. You can use the below methods.

Step 01: Open your PowerShell and type

Import-Module SkypeOnlineConnector

Step 02: Run the below command and enter your tenant administrator credentials;

$userCredential = Get-Credentials

Step 03: Create connection to CS Online modules using the below commands;

$sfbSession = New-CsOnlineSession -Credential $userCredential

Step 04: Import CS PowerShell session

Import-PSSession $sfbSession

Step 05: Now that we are connected to the CS online for your tenant, let’s use the below command to view the Global policy settings;

Get-CsTeamsMeetingPolicy -identity Global

Keep a note on the setting highlighted above AllowEngagementReport. In our case this setting is already Enabled. Microsoft is rolling out this feature Enabled by default so you shouldn’t need to worry about it. However, if you are unable to see it yet, you might want to have a look at this setting.

Step 06: In case your setting is shown as Disabled or you want to change it, you can use the below command;

Set-CsTeamsMeetingPolicy -Identity Global -AllowEngagementReport Enabled

That’s it! Your new settings will now be applied. Additionally, you might want to try below options if you still cant see;

  1. Sign-out and sign back in.
  2. Update your Teams app
  3. Wait: yes, give it few days as the global roll-out has already started and it will come to you soon.

Exchange ECP Empty Results Issue in Internet Explorer

When it comes to browser compatibility issues, it’s always about non-Microsoft browsers having issues with Exchange Servers. But in this particular case, the issue was vise-versa.

This was an Exchange 2013 environment, and the administrator reported that while using the ECP in Internet Explorer he was unable to view any data within sub windows and the links within were not clickable. However, when using Google Chrome or FireFox, this was not a problem.

The above image is what you get when you open a Recipient mailbox in ECP. As you can see, the values are all empty and I cannot click any of the action items on left side.

Now let’s see what type of an approach you should take in a scenario like this.

  • Check with multiple Internet Explorer versions/users. Plus clear your cache and cookies as well.
  • Check with compatibility mode on IE.
  • Check if the issue is for both internal and external users. Why I’m saying this is that in most of the cases your Exchange Servers may be placed behind many layers such as proxy, load balancers etc. So, we need to narrow this down to internal or external.
  • Check if the issue is for a single server only. Go to your exchange server, open Internet Explorer and check your ECP using localhost FQDN. By this, we can see if the issue is only for one Exchange Server or multiple servers.
  • Now that you have figured out where and which servers are affected, it’s time to refresh your IIS cache. We do this because that’s the first point where all web connections hit to. And I’ve seen that in most client connectivity issues, doing a simple refresh or may be a reset on IIS fixes the issue. Resetting IIS would be the last resort as it would drop all connections and users will not be able to connect until the service starts which can take some time.

Below are the steps that worked for me;

  1. Open IIS Manager and navigate to Application
  2. Under the list of pools, you can see the MSExchangeECPAppPool. This is responsible for ECP connections and we can easily refresh the cache.
  3. Right click the MSExchangeECPAppPool and click Recycle.

  4. Now IIS will refresh your specific app pool.
  5. Login back to the ECP and check if the issue is sorted.
  6. In my case, it was working again.

Exchange 2016 CU Update error at “Mailbox role: Transport service”

Well, this was a strange case that came across while installing the Exchange Server 2016 CU14 update. The setup goes all the way and throws an error at “Mailbox role: Transport service” component installation and exits.



The following error was generated when "$error.Clear();

if ($RoleProductPlatform -eq "amd64")




# Need to configure the ETL traces before the fast service is installed. This will ensure that when the service comes up

# it will have the necessary trace session setting available to read from the registry

$fastPerfEtlTraceFolderPath = Join-Path -Path $RoleBinPath -ChildPath "\Search\Ceres\Diagnostics\ETLTraces"

$fastDiagnosticTracingRegKeyPath = 'HKLM:\SOFTWARE\Microsoft\Office Server\16.0\Search\Diagnostics\Tracing'

if(-not(Test-Path -Path $fastPerfEtlTraceFolderPath))


$null = New-Item $fastPerfEtlTraceFolderPath -Type 'Directory' -Force


if (-not(Test-Path -Path $fastDiagnosticTracingRegKeyPath))


$null = New-Item -Path $fastDiagnosticTracingRegKeyPath -Force


$null = New-ItemProperty -Path $fastDiagnosticTracingRegKeyPath -Name 'TracingPath' -PropertyType 'string' -Value $fastPerfEtlTraceFolderPath -Force

$null = New-ItemProperty -Path $fastDiagnosticTracingRegKeyPath -Name 'TracingFileName' -PropertyType 'string' -Value 'DocumentProcessingTrace' -Force

$null = New-ItemProperty -Path $fastDiagnosticTracingRegKeyPath -Name 'DocumentParserSuccessLogMessage' -PropertyType 'Dword' -Value 1 -Force

$null = New-ItemProperty -Path $fastDiagnosticTracingRegKeyPath -Name 'DocumentParserLoggingNoInitialisation' -PropertyType 'Dword' -Value 1 -Force

# Max trace folder size 50 * 100 = 5GB

$null = New-ItemProperty -Path $fastDiagnosticTracingRegKeyPath -Name 'MaxTraceFileSize' -PropertyType 'Dword' -Value 50 -Force

$null = New-ItemProperty -Path $fastDiagnosticTracingRegKeyPath -Name 'MaxTraceFileCount' -PropertyType 'Dword' -Value 100 -Force

$null = New-ItemProperty -Path $fastDiagnosticTracingRegKeyPath -Name 'UseGeneralSwitch' -PropertyType 'Dword' -Value 1 -Force

$null = New-ItemProperty -Path $fastDiagnosticTracingRegKeyPath -Name 'GeneralSwitch' -PropertyType 'Dword' -Value 0 -Force




# ETl tracing is not critical. Info only log

Write-ExchangeSetupLog -Info ("An exception ocurred while trying to Configure the FAST ETL traces. Exception: " + $_.Exception.Message);




$fastFusionRegKeyPath = 'HKLM:\SOFTWARE\Microsoft\Office Server\16.0\Search\FlightControl'

if (Test-Path -Path $fastFusionRegKeyPath)


Remove-ItemProperty -Path $fastFusionRegKeyPath -Name 'fusion_new_enabled' -Force -ErrorAction SilentlyContinue

Remove-ItemProperty -Path $fastFusionRegKeyPath -Name 'fusion_old_enabled' -Force -ErrorAction SilentlyContinue

Remove-ItemProperty -Path $fastFusionRegKeyPath -Name 'fusion_compare_outputs' -Force -ErrorAction SilentlyContinue





# Removing new fusion keys is not critical. Info only log

Write-ExchangeSetupLog -Info ("An exception ocurred while trying to remove the fast new fusion reg keys. Exception: " + $_.Exception.Message);


$fastInstallConfigPath = Join-Path -Path $RoleBinPath -ChildPath "Search\Ceres\Installer";

$command = Join-Path -Path $fastInstallConfigPath -ChildPath "InstallConfig.ps1";

$dataFolderPath = Join-Path -Path $RoleBinPath -ChildPath "Search\Ceres\HostController\Data";

# Remove previous SearchFoundation configuration

&$command -action u -silent;



if ([System.IO.Directory]::Exists($dataFolderPath))


[System.IO.Directory]::Delete($dataFolderPath, $true);





$deleteErrorMsg = "Failure cleaning up SearchFoundation Data folder. - " + $dataFolderPath + " - " + $_.Exception.Message;

Write-ExchangeSetupLog -Error $deleteErrorMsg;


# Re-add the SearchFoundation configuration



# the BasePort value MUST be kept in sync with dev\Search\src\OperatorSchema\SearchConfig.cs

&$command -action i -baseport 3800 -dataFolder $dataFolderPath -silent;




$errorMsg = "Failure configuring SearchFoundation through installconfig.ps1 - " + $_.Exception.Message;

Write-ExchangeSetupLog -Error $errorMsg;

# Clean up the failed configuration attempt.

&$command -action u -silent;



if ([System.IO.Directory]::Exists($dataFolderPath))


[System.IO.Directory]::Delete($dataFolderPath, $true);





$deleteErrorMsg = "Failure cleaning up SearchFoundation Data folder. - " + $dataFolderPath + " - " + $_.Exception.Message;

Write-ExchangeSetupLog -Error $deleteErrorMsg;



# Set the PowerShell Snap-in's public key tokens



$PowerShellSnapinsPath = "HKLM:\SOFTWARE\Microsoft\PowerShell\1\PowerShellSnapIns\";

$FastSnapinNames = @("EnginePSSnapin", "HostControllerPSSnapIn", "InteractionEnginePSSnapIn", "JunoPSSnapin", "SearchCorePSSnapIn");

$officePublicKey = "71E9BCE111E9429C";

$exchangePublicKey = "31bf3856ad364e35";

foreach ($fastSnapinName in $FastSnapinNames)


$fastSnapinPath = $PowerShellSnapinsPath + $fastSnapinName;

$assemblyNameProperty = Get-ItemProperty -Path $fastSnapinPath -Name "AssemblyName" -ErrorAction SilentlyContinue;

if ($assemblyNameProperty -ne $null -and (-not [string]::IsNullOrEmpty($assemblyNameProperty.AssemblyName)))


$newAssemblyName = $assemblyNameProperty.AssemblyName -ireplace ($officePublicKey, $exchangePublicKey);

Set-ItemProperty -Path $fastSnapinPath -Name "AssemblyName" -Value $newAssemblyName;






# Info only log

Write-ExchangeSetupLog -Info ("An exception ocurred while configuring Search Foundation PowerShell Snapin. Exception: " + $_.Exception.Message);



" was run: "System.Exception: Failure configuring SearchFoundation through installconfig.ps1 - Error occurred while configuring Search Foundation for Exchange.System.TimeoutException: This request operation sent to net.tcp://sandesha-b.cbsl.lk:3803/Management/AdminService did not receive a reply within the configured timeout (00:01:00). The time allotted to this operation may have been a portion of a longer timeout. This may be because the service is still processing the operation or because the service was unable to send a reply message. Please consider increasing the operation timeout (by casting the channel/proxy to IContextChannel and setting the OperationTimeout property) and ensure that the service is able to connect to the client.

Server stack trace:

at System.ServiceModel.Dispatcher.DuplexChannelBinder.Request(Message message, TimeSpan timeout)

at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)

at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)

at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:

at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)

at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)

at Microsoft.Ceres.CoreServices.Admin.IAdminServiceManagementAgent.UpdateConfiguration()

at Microsoft.Ceres.Exchange.PostSetup.NodeManager.AddNodeAndUpdateConfiguration(String node)

at Microsoft.Ceres.Exchange.PostSetup.NodeManager.DeployContentEngineNode()

at Microsoft.Ceres.Exchange.PostSetup.DeploymentManager.Install(String installDirectory, String dataDirectoryPath, Int32 basePort, String logFile, Boolean singleNode, String systemName, Boolean attachedMode)

at CallSite.Target(Closure , CallSite , RuntimeType , Object , Object , Object , Object , Object , Object , Boolean )

at Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exception, ErrorCategory errorCategory, Object target, String helpUrl)

at Microsoft.Exchange.Management.Deployment.WriteExchangeSetupLog.InternalProcessRecord()

at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__91_1()

at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".



We actually made a few changes from the server end and once we tried again, the setup ran without any issues. Therefore if you encounter such an error above, you might want to try this out and see if any of these will work;

  • Run the setup again and check
  • Check with Anti-virus software is disabled
  • Check with Firewall disabled
  • Check with setting the PowerShell Execution Policy of the server to ‘Unrestricted’ (Set-ExecutionPolicy Unrestricted)

Once you have done the above, give the installer another try and hopefully this will fix. In my case, I was able to finish the installation after doing the last three mentioned.

Happy Installations!!

[Script] Shared Mailbox Convert and Enabling Sent Items Copy

This is a simple script that will allow an administrator to achieve the below tasks;

  1. Convert a User mailbox to a Shared Mailbox
  2. Enable Messages sent from the shared mailbox to be saved to the Sent Items folder of the shared mailbox

Let’s take the below scenario;

User Mailbox – user@contoso.com
Shared Mailbox – shared@contoso.com (user@contoso.com has SendAs and FullAccess permissions)

In a case where if user(user@contoso.com) tries to send an email with SendAs/SendOnBehalfOf permissions for ‘shared@contoso.com‘, the sent email will only be available in the primary users ‘Sent Items‘ ONLY. In a business requirement where the mail should also be present in the ‘shared@contoso.com‘ shared mailbox, we would require the below permissions to be enabled. Once done, the email with SendAs/SendOnBehalfOf permission will be in both user@contoso.com and shared@contoso.com mailboxes’ Sent Items.

The MessageCopyForSendOnBehalfEnabled parameter specifies whether to copy the sender for messages that are sent from a mailbox by users that have the “send on behalf of” permission. In this script we will be enabling this by setting the value to $true; where when a user sends a message from the mailbox by using the “send on behalf of” permission, a copy of the message is sent to the sender’s mailbox.

The MessageCopyForSentAsEnabled parameter specifies whether to copy the sender for messages that are sent from a mailbox by users that have the “send as” permission. In this script we will be enabling this by setting the value to $true; where when a user sends a message from the mailbox by using the “send as” permission, a copy of the message is sent to the sender’s mailbox.

Want to give a try? you can get the script here..


Exchange Server 2019 CU 4 Role Requirements Calculator – Download [Latest]

After much await Microsoft has decided to release the Role Requirements Calculator for Exchange Server 2019.

However unlike other versions, Microsoft has decided to make getting this extremely difficult. How? By including the file only inside the Exchange Server 2019 CU2 update. Yes, now you have to download a 5GB+ file just to get a 761KB file. Well that’s a bummer indeed.

Anyhow, if anyone wants to give a try, you can get the Exchange Server 2019 CU 4 Role Requirements Calculator here..


Restore a Deleted User Mailbox


In this scenario we are going to take an on-premise environment with a Windows Server 2012 R2 Active Directory and an Exchange Server 2016 environment. In our case, a user was accidentally deleted from the OU itself. (NOTE: It is always a best practice to enable ‘Protect object from accidental deletion‘ for your AD Objects.

You can also recover a deleted mailbox using backups. However, note that backups are not current. This will lead to restoring but will not give you the latest data once recovered.


  1. First, we need to get the AD account restored. For this, you should have the Active Directory Recycle-bin enabled in your environment. If you don’t have this enabled already, you are in tough luck.
  2. Secondly, we need to make sure that you are within the time duration mentioned in the ‘Keep deleted mailboxes for (days)’ under Exchange database properties where the user was. In our case, it was 30 days as shown below;


  1. Restore the AD account from Active Directory
  2. Ensure that restored user accounts ‘User logon name‘ has the correct domain mentioned.
  3. Go to AD User properties page, note down the ‘Display Name‘ of the user (ex: Jude Perera).
  4. Open Exchange Control Panel (ECP), go to Recipients > Mailboxes. Click More
    Options icon, and then click Connect mailbox

  5. Click the deleted mailbox that you want to connect.
  6. Note down the ‘Display Name‘ of the user you want to restore (ex: Jude Perera).
  7. Open the Exchange PowerShell and run the below command;
    Connect-Mailbox -Identity "Jude Perera" -Database DB01 -User "Jude Perera" -Alias jude

    NOTE: The Identity parameter specifies the display name of the deleted mailbox retained in the mailbox database provided. The User parameter specifies the Active Directory user account to connect the mailbox to. Alias is what the users email alias is.

    Now we must get the identity and user attributes from the noted in steps 3 and 6 which is as below;

    Connect-Mailbox -Identity "Jude Perera" -Database DB01 -User "Jude Perera" -Alias jude

  8. Once you run the above command the mailbox will now be connected.
  9. To verify, go to the Exchange Admin Center and search for the user mailbox in the ‘Recipients‘. Your reconnected user will be shown.

Tip: In case you receive an error ‘Property expression “jude” isn’t valid. Valid values are: Strings that includes ‘@’, where ‘@’ cannot be the last character.’ Navigate to the AD user properties, select the ‘Account’ tab and verify that the User logon name has the domain selected properly.

SYSVOL migration from FRS to DFSR step by step

If you have a Domain Controller environment that’s Windows server 2003, 2008 or 2008 R2 it is high time to get your environment upgraded to the latest Windows Server environment. However, if you are currently using an above operating system OR if you previously upgraded from a legacy domain controller environment such as 2003, you might want to perform some extra steps prior upgrading or migrating to the new Windows Server 2016+ domain controllers.

Here’s the background of the story.

File Replication Service (FRS) came into the picture with Windows Server 2000. Microsoft was using FRS to replicate the SYSVOL between its domain controller members. Later on with Windows Server 2008, Microsoft introduced Distributed File System Replication (DFSR) that was able to replicate SYSVOL.

However, environments which got migrated from legacy 2003 domain controllers tend to utilize FRS. However when an upgrade is in place for your domain controllers, one thing you need to consider is raising your Forest and Domain functional levels.

For an example, a Windows server 2008 R2 with a Windows Server 2003 Forest and Domain functional level may still be using FRS as the default SYSVOL replication method. In this environment if you are to upgrade your domain controllers to Windows Server 2016 you will come into issues with FRS.

Windows Server version 1709 can no longer be added as an Active Directory domain controller (DC) to an existing domain that is still using File Replication Service (FRS) for replication of the SYSVOL share.

When you try to add a Windows Server version 1709-based server as a DC to the domain, you receive the following error message:

  • The specified domain %1 is still using the File Replication Service (FRS) to replicate the SYSVOL share. FRS is deprecated.
  • The server being promoted does not support FRS and cannot be promoted as a replica into the specified domain.
  • You MUST migrate the specified domain to use DFS Replication using the DFSRMIG command before continuing.

How to overcome this? Well, there is only one way and that is to migrate the replication method of the SYSVOL to DFSR. Let’s see steps to perform the migration.

First thing you might want to do is to check what SYSVOL replication is used in your environment. To do this, open up the command prompt using administrator and run the below command;

dfsrmig /GetGlobalState

dfsrmig /GetMigrationState

What you need to focus on the result is the state mentioned Global state (‘<State>’).

  • In most cases, you will see “START” as the state, you are running FRS and is required to perform the migration.
  • If you have “ELIMINATED” as the state, you don’t have to worry as it will be using DFSR.


This is a very important stage. Why? Well you are dealing with your SYSVOL and its better to start the migration process knowing that your domain environment is running in a healthy state.

  • You should have domain controllers running Windows Server 2008 or above ONLY. Any domain controller running windows server 2003 will not be able to perform the task as you won’t be able to raise the functional levels to 2008 or above.
  • You should be running Windows Server 2008 or above domain/forest functional levels. If you don’t, it’s time to raise the functional levels.
  • Make sure that you have installed all the updates; without updates, you might still be able to go through this but it’s always recommended.
  • Verify that the built-in Administrators group has the “Manage Auditing and Security Log” user right on all your domain controllers. You can check this via running a gpresult.exe command on your domain controllers.
  • Ensure that replication for your entire organization is in a healthy state. For this, use an administrator command prompt to run the below commands;
    • repadmin /syncall /AdeP – Initiate a full sync and wait
    • repadmin /replsum – See if replication was run and you are shown with a minimum time (most recent time would be the time where you ran the above command)
    • dcdiag /e /c /q – Provides you a summary of the errors on your directory configuration for the entire environment
    • dcdiag /e /test:sysvolcheck /test:advertising – This will ensure that SYSVOL is advertised among all domain controllers without any issues
    • If you encounter any abnormal issues, don’t proceed. Fix It!


In this document I will be taking you through the process of what we call a ‘Quick Migration’. This involves migrating in a slow, phase by phase method where you will have the option to roll back. This is always preferred.

The migration will take you through migrating to below levels step by step;

0 Start State

1 Prepared State

2 Redirected State

3 Eliminated State

For the next few steps, we will be using the command ‘dfsrmig /SetGlobalState <state>’ where the state can be chosen from the above numerical value 0-3.

Prepared State

As we saw earlier, you will be shown to be in the ‘Start State’. Our task is to migrate the DFSR state to ‘Prepared’. For this, open the command prompt as administrator and run the below command;

dfsrmig /SetGlobalState 1

What happens is that the initiated domain controller will start the migration task for the given state and will inform the rest of the servers. Therefore this will take time and depending on your links, the time to complete on each server may vary. Once the command is executed, wait for 15mins and run the below command to view the status of the migration process.

dfsrmig /GetMigrationState

As you can see, the state is still ‘Start’ in three of my servers. What you can do to speed up the process is;

  1. Wait till it completes by itself
  2. Run a repadmin /syncall /AdeP to manually invoke replication to each domain controllers

Once the migration is complete, you will receive the below message; Note that it says the state is now ‘Prepared

Also notice that you will have a new folder inside the NTDS for SYSVOL;

Redirected State

As we saw earlier, you will be shown to be in the ‘Start State’. Our task is to migrate the DFSR state to ‘Prepared’. For this, open the command prompt as administrator and run the below command;

dfsrmig /SetGlobalState 2

Once the command is executed, wait for 15mins and run the below command to view the status of the migration process.

dfsrmig /GetMigrationState

As you can see, the state is still ‘Start’ in three of my servers. What you can do to speed up the process is;

  1. Wait till it completes by itself
  2. Run a repadmin /syncall /AdeP to manually invoke replication to each domain controllers

Once the migration is complete, you will receive the below message; Note that it says the state is now ‘Redirected

Eliminated State

After the above task, you will be shown to be in the ‘Redirected State’. The next task would be the final task which is to migrate the DFSR state to ‘Eliminated’. For this, open the command prompt as administrator and run the below command;

dfsrmig /SetGlobalState 3

Once the command is executed, wait for a few mins and run the below command to view the status of the migration process.

dfsrmig /GetMigrationState

As you can see, the state is still ‘Start’ in three of my servers. What you can do to speed up the process is;

  1. Wait till it completes by itself
  2. Run a repadmin /syncall /AdeP to manually invoke replication to each domain controllers

Once the migration is complete, you will receive the below message; Note that it says the state is now ‘Eliminated’

With this, we conclude the migration of the SYSVOL to DFSR. You can monitor for awhile and check for any errors using DCDIAG and REPADMIN.

Really appreciate all your comments, especially if i have missed anything or made a mistake regarding the installation. 🙂

(c) Copyrights Reserved! Do not share or use any content in any way without approval from poster!

Step by Step Guide for Installing Exchange Server 2019 Preview

The following section describes a step-by-step guide for the installation of Microsoft® Exchange Server 2019 Preview. The installation considers a single server deployment of Exchange Server 2019. Additional details of the topology and architecture of the lab environment which was used in the installation is described here;

Active Directory Domain Controller(s)
Operating System Windows Server 2019 preview
Forest Functional Level Windows Server 2019 preview
Domain Functional Level Windows Server 2019 preview
Exchange 2019 server(s)
Operating System Windows Server 2019 preview
.Net Framework Version 4.7.2 (default)



Exchange 2019 prerequisites

Domain Controller Support

The following Active Directory writable Domain Controller(s) are supported;

  • Windows Server 2012 R2
  • Windows Server 2016 (Core and Desktop Experience)
  • Windows Server 2019 preview (Core and Desktop Experience)

Operating System Support

  • Windows Server 2016 (Core and Desktop Experience)
  • Windows Server 2019 preview (Core and Desktop Experience)

.Net Framework Support

Other requirements


Active Directory preparation

The first task in the installation of any version of Exchange is to prepare the Active Directory environment where the Exchange Server will be placed. However, prior to the preparation, it should be checked against the above Domain Controller support prerequisites mentioned earlier. Once the above requirements are verified for consistency, proceed with the following preparation tasks on the server/computer which will be used to prepare the Active Directory.

We will be using the Exchange Server itself to prepare the Active Directory.

  1. Install .NET Framework 4.7.1 or .NET Framework 4.7.2 as supported by your Operating System (mentioned above)

    Note: .Net Framework 4.7.2 is already included and is not required to download or install with Windows Server 2019 preview

  2. Once the installation is complete perform a reboot.
  3. Open a Windows PowerShell
  4. Run the below command to install Remote Administration tools

    Install-WindowsFeature RSAT-ADDS

  5. Run the below command to install the server prerequisites

    Install-WindowsFeature NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS

Prepare Active Directory and domains

To prepare the active Directory and the Domains for Exchange 2019, follow the following steps. To execute the commands, the commands should be run using the Schema Admins group and the Enterprise Admins group membership.

  1. Mount the Exchange Server 2019 Preview Installation Media
  2. Open up a Command Prompt
  3. Navigate to the Exchange Installation media path
  4. Run the following command to extend the schema.

    Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

  5. Once the setup completes successfully, run the following command

    Setup.exe /PrepareAD /OrganizationName:”<organization name>” /IAcceptExchangeServerLicenseTerms

  6. Run the below command to prepare each of the Active Directory domains

    Setup.exe /PrepareAllDomains /IAcceptExchangeServerLicenseTerms

    Now that your Active Directory forest and the domains are prepared, we can finally get running the Exchange Installation Wizard

Install Exchange Server 2019

If you’re installing the first Exchange 2019 Preview server in the organization, and the Active Directory preparation steps have not been performed, the account you use must have membership in the Enterprise Administrators group. If you haven’t previously prepared the Active Directory Schema, the account must also be a member of the Schema Admins group.

  1. Mount the Exchange Server 2013 Preview Installation Media
  2. Start Exchange 2019 Preview Setup by double-clicking Setup.exe
  3. On the Check for Updates page, select whether you want Setup to connect to the Internet and download product and security updates for Exchange 2019 Preview and click Next

  4. Once you click Next, the setup will copy the installation binaries to the local drive and prepare for the installation

  5. Once completed, you will be prompted with the Introduction Page
  6. The Introduction page gives additional guidance for the installation procedure. Review the content and Click Next to continue

  7. On the License Agreement page, review the terms. If you agree to the terms, select I accept the terms in the license agreement, and then click next

  8. On the Error Recommended Settings page, select whether you want to use or not the recommended settings such as error checks and usage feedback etc. and then click next

  9. As you can see, just like Exchange 2016, Exchange 2019 only has a Mailbox role and Edge role only. Proceed with your requirement and to be sure, make a tick on the “Automatically install windows server roles and features…” Although we have covered this initially, running this will ensure that if we have missed anything, the setup will install it for us

  10. On the Installation Space and Location page, either accept the default installation location or click Browse to choose a new location with adequate storage space, click next to proceed

  11. If installing the Mailbox role a Malware Protection Settings page will appear. Choose whether to enable or disable malware scanning and click Next. (For demo purposes, I will be proceeding with Yes)

  12. On the Readiness Checks page, view the status to determine if the organization and server role prerequisite checks completed successfully. If unsuccessful, perform the required tasks and click Back, and Next to run the Readiness check again. If successful, click install to proceed with installing Exchange Server 2019

  13. Now the installation will proceed, note that this will take time depend on your environment

  14. Once the setup completes the installation, on the Completion page, click Finish

  15. Now that the Exchange installation is complete, it’s always good to reboot your server

Review Exchange Installation

Once all the above tasks are performed, proceed with the below steps to verify the installation using the Exchange 2019 Administrative Center and PowerShell.

The Exchange Administration Center (EAC) is the web-based management console in Microsoft Exchange Server 2019 Preview that allows for ease of use and is optimized for on-premises, online, or hybrid Exchange deployments. To navigate to the Exchange Admin Center;

  1. Open the web browser.
  2. Navigate to the bellow URL, provide your credentials and then click sign in.


  3. Review the tabs and sections in the new Admin Center

There you go. Time to play! Hope this guide helped you. Don’t forget to keep on checking for some exiting new posts on how to play around with the all new Admin Center as well as a step by step guide for installing Skype for Business Server 2019 preview in the next couple of days.

Really appreciate all your comments, especially if i have missed anything or made a mistake regarding the installation. 🙂

(c) Copyrights Reserved! Do not share or use any content in any way without approval from poster!

Move Transport Database Files in Exchange 2013/2016 Step by Step


In terms of sizing an Exchange Server environment, it is always advised and recommended to follow the Microsoft Sizing guides, this specifically means that you need to go through the Exchange Sizing Calculator. The tool gives you estimated values of how your databases, logs and transport queues are going to grow. So, if you do not properly plan these sizes, you might end up getting your disks full.

The scenario which I’m going to talk about is such situation where the free space of the C Drive almost got full. While digging in what’s being eating up the storage, we found out that the Exchange Transport queue, or Mail.que file is the culprit.

Exchange Transport Queue

A queue is a temporary holding location for messages that are waiting to enter the next stage of processing or delivery to a destination. Each queue represents a logical set of messages that the Exchange server processes in a specific order. In Exchange 2016, queues hold messages before, during and after delivery. Queues exist in the Transport service on Mailbox servers and on Edge Transport servers.

File Description
Mail.que This queue database file stores all the queued messages.
Tmp.edb This temporary database file is used to verify the queue database schema on startup.
Trn*.log Transaction logs record all changes to the queue database. Changes to the database are first written to the transaction log and then committed to the database. Trn.log is the current active transaction log file. Trntmp.log is the next provisioned transaction log file that’s created in advance. If the existing Trn.log transaction log file reaches its maximum size, Trn.log is renamed to Trn nnnn.log, where nnnn is a sequence number. Trntmp.log is then renamed Trn.log and becomes the current active transaction log file.
Trn.chk This checkpoint file tracks the transaction log entries that have been committed to the database. This file is always in the same location as the mail.que file.
These reserve transaction log files act as placeholders. They’re only used when the hard disk that contains the transaction log runs out of space to stop the queue database cleanly.


In simple, we can move the Mail.que database and log files associated to a different location. The below step by step guide will take you through how you can achieve this.

Before going ahead, here are some tips when it comes to moving your queue database.

  • Ensure that the destination disk/drive has enough and additional buffer space, remember that during peak times, this can grow. If it’s possible to attach a separate disk for this, go ahead. It’s even better.
  • The move process requires the Exchange Transport service to be stopped until the data is moved to the new location. This means that there will be a downtime where mail flow on the server will be interrupted.
  • The transport queue files are located in the below path

Once you have the disk and the downtime planned, we can start the procedure.

  1. Navigate to the location that you would will be moving the data to.
  2. Create a folder where the queue database and transaction logs will be moved. In my case, I’m moving the data do the below path;
    "F:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\data\Queue"
  3. Right click on the above folder “Queue”, select Properties
  4. Navigate to Security tab, click on Edit under Change permissions

  5. Under Permissions verify that the below accounts are listed and the shown permission level is present. It not, add the user/service account and assign permissions
    1. Network Service: Full Control
    2. System: Full Control
    3. Administrators: Full Control
  6. Click OK to apply the permissions to the folder.
  7. Open Notepad using Run as Administrator
  8. Using notepad, click Open and Navigate to the below path


  9. Open the EdgeTransport.exe.config file (you may want to take a backup of the file in case something goes wrong)
  10. On the config file lookup for the following content;
    <add key="QueueDatabasePath" value="<CurrentLocation>" />
    <add key="QueueDatabaseLoggingPath" value="<CurrentLocation>" />
  11. Now we need to modify the <CurrentLocation> and replace it with the new path for the queue files. In our case this will be as below;
    <add key="QueueDatabasePath" value="F:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\data\Queue" />
    <add key="QueueDatabaseLoggingPath" value="F:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\data\Queue" />

  12. Save and close notepad.
  13. Open Services.msc
  14. Stop the Microsoft Exchange Transport Service.

  15. Navigate to the below path where the old queue files are located at;
  16. Take a backup of all the files in the folder into a different location just in case.
  17. Move existing database files (Mail.que, Trn.chk, Trn.log, Trntmp.log, Trn nnnnn.log, Trnres00001.jrs, Trnres00002.jrs, and Temp.edb) to the new location. This is the location you mentioned in Step 11.

  18. Go to Services.msc and Start the Microsoft Exchange Transport service.

  19. Monitor the status of the new location and the files.
  20. Verify that the old path is empty and no new files are being created.
  21. Send a few mails with attachments to verify and monitor mail flow.