[ExchangeList] Re: Mailbox Storage Limit

• From: "Michael B. Smith" <michael@xxxxxxxxxxxx>
• To: <exchangelist@xxxxxxxxxxxxx>
• Date: Tue, 25 Sep 2007 19:13:16 -0400

The Exchange General Tab


The Exchange General tab, shown in Figure 9-5, controls a number of
things about a user's mailbox that are commonly modified. The "Mailbox
store" cannot be modified from this window; however it documents the
store where this mailbox is located. To move the mailbox to another
store, use the Exchange Tasks Wizard, as previously discussed (the
"Mailbox store" attribute is known as homeMDB in Active Directory on the
user object).

The Alias field is used to construct the legacyExchangeDN Active
Directory attribute, but after that has little impact on a mailbox. It
may be modified to any value on this window (that doesn't collide with
another Alias that already exists in the organization), however if you
change this value, internal users may have problems with replying to old
messages (and appointment requests, etc.) for this user, since
internally Exchange uses this attribute to locate users.

When you click on the Delivery Restrictions button, you see the window
shown in Figure 4-25. The "Sending message size" (the Active Directory
attribute name is submissionContLength, if the attribute is not present,
then there is no limit) and "Receiving message size" (the Active
Directory attribute name is delivContLength; if the attribute is not
present, then there is no limit) fields are also explained in Chapter 4,
in the section named "Setting Incoming/Outgoing Message Size Limits".

 

Figure 9-5. Exchange General tab

"Message restrictions" are all about controlling from whom a user may
receive email. Using the fields shown, you may identify that a
particular user can only receive email from named users, locally
authenticating users, or choose to exclude specific users from being
able to send email to this mailbox. The "From authenticated users only"
field (the Active Directory attribute name is msExchRequireAuthToSendTo,
and it is a Boolean attribute; if it is not present, it is assumed to be
false) affects all the other options. The "Only from" list is a list of
users, groups, public folders, and/or contacts defining who may send
email to this user (the Active Directory attribute name is authOrig, and
it is a multi-valued text attribute containing the distinguishedNames of
the items in the list). The "From everyone except" list is a list of
users, groups, public folders, and/or contacts defining who may not send
email to this user (the Active Directory attribute name is unauthOrig,
and it is a multi-valued text attribute containing the
distinguishedNames of the items in the list).

When you click on the Delivery Options button, you see the window shown
in Figure 9-6. The "Send on behalf" permission is contained in a
multi-valued Active Directory attribute known as publicDelegates, which
contains a list of the distinguishedNames of the items in the list.
Setting the Send on Behalf privilege for a user is somewhat simpler than
setting the Send As privilege for a user. For more detailed information
about both, see Microsoft KB 327000 (How to grant "Send as" and "Send on
behalf" permissions in Exchange 2000 Server and in Exchange Server
2003).

 

Figure 9-6. Delivery Options windows

Setting a "Forwarding address" allows you to configure a mailbox so that
all of the incoming email destined for that mailbox is delivered to
another user and/or group (either locally or remotely). The "Forward to"
field is contained in an AD attribute named altRecipient, which contains
the distinguishedName of the alternate recipient. The "Deliver messages
to both forwarding address and mailbox" field is contained in a Boolean
AD attribute named deliverAndRedirect. If the attribute is not present
on the user object, the value of the attribute is assumed to be false.
The default value of the attribute is false.

Setting "Recipient limits" allows you to define the maximum number of
destination addresses that may be on an email originated from this
mailbox. Setting "Use default limit" implies that the system specified
limit applies to this mailbox (Global Settings(r)Message
Delivery(r)Properties(r)Defaults(r)Recipient limits). Setting a per-user
limit overrides the system limit, for either of higher or lower values.
If the integer AD attribute msExchRecipLimit is set for the user, then
that value is used for "Maximum recipients".

When you click the Storage Limits button, you see the window shown in
Figure 4-24. The "Storage limits" section of the window is controlled by
four AD attributes: mDBUseDefaults (boolean, "Use mailbox store
defaults"), mDBStorageQuota (integer, "Issue warning at (KB)"),
mDBOverQuotaLimit (integer, "Prohibit send at (KB)"), and
mDBOverHardQuotaLimit (integer, "Prohibit send and receive at (KB)").
Using ADUC, you may only set limits up to 2 GB in these values. You can
modify the values directly in Active Directory using ADSI Edit, LDP,
ADModify, or other tool of choice to set them to larger values.

The Deleted Item Retention section of the window is a bit more
complicated. It is controlled by two AD attributes, but it requires a
little interpretation. If the deletedItemFlags integer attribute is not
present, or if its value is zero, then the "Use mailbox store defaults"
check box is checked. If the attribute is present and non-zero, then the
box is unchecked. If the value of deletedItemFlags is three (3), then
"Do not permanently delete items until the store has been backed up" is
checked, otherwise it is unchecked. And finally, if "Use mailbox store
defaults" is unchecked, then garbageCollPeriod contains the value of
"Keep deleted items for (days)", however it is stored in seconds (days
times 86,400).

 

 

From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Vincent
Sent: Tuesday, September 25, 2007 3:07 AM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: Mailbox Storage Limit

 

We've got a similar issue here: the only solution we found was to script
the value in every day, we did not find a way to restrict the security
access to this value
 

 

Vincent Orgueil 
GSM: +33 6 03 83 11 26

http://www.linkedin.com/in/vorgueil

http://depassersoimeme.blogspot.com
<http://depassersoimeme.blogspot.com/> 

 

 

 

----- Original Message ----
From: Chris Wall <Chris.Wall@xxxxxxxxxxxxxxxxxxx>
To: exchangelist@xxxxxxxxxxxxx
Sent: Monday, September 24, 2007 10:10:54 PM
Subject: [ExchangeList] Mailbox Storage Limit

One of our child domains has delegated rights through AD to local
admins.  They want to restrict those admins from being able to edit
mailbox Storage Limits when in User Properties.  Does anyone know the AD
name for the Storage Limit settings?

 

Better yet, any recommendations on locking down those privileges?


Regards,

 

Chris Wall - MCSE + Messaging

Sr. Exchange Administrator

Chris.Wall@xxxxxxxxxxxxxxxxxxx

T (919) 460.3236

F (919) 468.4889

 

Global Knowledge

LEARNING. To Make a Difference.

http://www.globalknowledge.com <http://www.globalknowledge.com/> 

 

 

 

• References:
  • [ExchangeList] Re: Mailbox Storage Limit
    • From: Vincent

Other related posts:

• » [ExchangeList] Mailbox Storage Limit
• » [ExchangeList] Re: Mailbox Storage Limit
• » [ExchangeList] Re: Mailbox Storage Limit

1. Home
2. exchangelist
3. Archive
4. 09-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---