The Exchange General Tab The Exchange General tab, shown in Figure 9-5, controls a number of things about a user's mailbox that are commonly modified. The "Mailbox store" cannot be modified from this window; however it documents the store where this mailbox is located. To move the mailbox to another store, use the Exchange Tasks Wizard, as previously discussed (the "Mailbox store" attribute is known as homeMDB in Active Directory on the user object). The Alias field is used to construct the legacyExchangeDN Active Directory attribute, but after that has little impact on a mailbox. It may be modified to any value on this window (that doesn't collide with another Alias that already exists in the organization), however if you change this value, internal users may have problems with replying to old messages (and appointment requests, etc.) for this user, since internally Exchange uses this attribute to locate users. When you click on the Delivery Restrictions button, you see the window shown in Figure 4-25. The "Sending message size" (the Active Directory attribute name is submissionContLength, if the attribute is not present, then there is no limit) and "Receiving message size" (the Active Directory attribute name is delivContLength; if the attribute is not present, then there is no limit) fields are also explained in Chapter 4, in the section named "Setting Incoming/Outgoing Message Size Limits". Figure 9-5. Exchange General tab "Message restrictions" are all about controlling from whom a user may receive email. Using the fields shown, you may identify that a particular user can only receive email from named users, locally authenticating users, or choose to exclude specific users from being able to send email to this mailbox. The "From authenticated users only" field (the Active Directory attribute name is msExchRequireAuthToSendTo, and it is a Boolean attribute; if it is not present, it is assumed to be false) affects all the other options. The "Only from" list is a list of users, groups, public folders, and/or contacts defining who may send email to this user (the Active Directory attribute name is authOrig, and it is a multi-valued text attribute containing the distinguishedNames of the items in the list). The "From everyone except" list is a list of users, groups, public folders, and/or contacts defining who may not send email to this user (the Active Directory attribute name is unauthOrig, and it is a multi-valued text attribute containing the distinguishedNames of the items in the list). When you click on the Delivery Options button, you see the window shown in Figure 9-6. The "Send on behalf" permission is contained in a multi-valued Active Directory attribute known as publicDelegates, which contains a list of the distinguishedNames of the items in the list. Setting the Send on Behalf privilege for a user is somewhat simpler than setting the Send As privilege for a user. For more detailed information about both, see Microsoft KB 327000 (How to grant "Send as" and "Send on behalf" permissions in Exchange 2000 Server and in Exchange Server 2003). Figure 9-6. Delivery Options windows Setting a "Forwarding address" allows you to configure a mailbox so that all of the incoming email destined for that mailbox is delivered to another user and/or group (either locally or remotely). The "Forward to" field is contained in an AD attribute named altRecipient, which contains the distinguishedName of the alternate recipient. The "Deliver messages to both forwarding address and mailbox" field is contained in a Boolean AD attribute named deliverAndRedirect. If the attribute is not present on the user object, the value of the attribute is assumed to be false. The default value of the attribute is false. Setting "Recipient limits" allows you to define the maximum number of destination addresses that may be on an email originated from this mailbox. Setting "Use default limit" implies that the system specified limit applies to this mailbox (Global Settings(r)Message Delivery(r)Properties(r)Defaults(r)Recipient limits). Setting a per-user limit overrides the system limit, for either of higher or lower values. If the integer AD attribute msExchRecipLimit is set for the user, then that value is used for "Maximum recipients". When you click the Storage Limits button, you see the window shown in Figure 4-24. The "Storage limits" section of the window is controlled by four AD attributes: mDBUseDefaults (boolean, "Use mailbox store defaults"), mDBStorageQuota (integer, "Issue warning at (KB)"), mDBOverQuotaLimit (integer, "Prohibit send at (KB)"), and mDBOverHardQuotaLimit (integer, "Prohibit send and receive at (KB)"). Using ADUC, you may only set limits up to 2 GB in these values. You can modify the values directly in Active Directory using ADSI Edit, LDP, ADModify, or other tool of choice to set them to larger values. The Deleted Item Retention section of the window is a bit more complicated. It is controlled by two AD attributes, but it requires a little interpretation. If the deletedItemFlags integer attribute is not present, or if its value is zero, then the "Use mailbox store defaults" check box is checked. If the attribute is present and non-zero, then the box is unchecked. If the value of deletedItemFlags is three (3), then "Do not permanently delete items until the store has been backed up" is checked, otherwise it is unchecked. And finally, if "Use mailbox store defaults" is unchecked, then garbageCollPeriod contains the value of "Keep deleted items for (days)", however it is stored in seconds (days times 86,400). From: exchangelist-bounce@xxxxxxxxxxxxx [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Vincent Sent: Tuesday, September 25, 2007 3:07 AM To: exchangelist@xxxxxxxxxxxxx Subject: [ExchangeList] Re: Mailbox Storage Limit We've got a similar issue here: the only solution we found was to script the value in every day, we did not find a way to restrict the security access to this value Vincent Orgueil GSM: +33 6 03 83 11 26 http://www.linkedin.com/in/vorgueil http://depassersoimeme.blogspot.com <http://depassersoimeme.blogspot.com/> ----- Original Message ---- From: Chris Wall <Chris.Wall@xxxxxxxxxxxxxxxxxxx> To: exchangelist@xxxxxxxxxxxxx Sent: Monday, September 24, 2007 10:10:54 PM Subject: [ExchangeList] Mailbox Storage Limit One of our child domains has delegated rights through AD to local admins. They want to restrict those admins from being able to edit mailbox Storage Limits when in User Properties. Does anyone know the AD name for the Storage Limit settings? Better yet, any recommendations on locking down those privileges? Regards, Chris Wall - MCSE + Messaging Sr. Exchange Administrator Chris.Wall@xxxxxxxxxxxxxxxxxxx T (919) 460.3236 F (919) 468.4889 Global Knowledge LEARNING. To Make a Difference. http://www.globalknowledge.com <http://www.globalknowledge.com/>