locked
Disable IMAP for all users by default RRS feed

  • Question

  • Currently the IMAP service is disabled on the 2010 servers, we would like to enable it and provide IMAP4 for certain users.  It appears that the feature is enabled by default for all users.  Is there a way I can set all users IMAP4 support to disabled, and then enable it manually.
    Shon
    Wednesday, April 28, 2010 7:43 PM

Answers

  • Ok. you didn't say in the original post that you have Exchange 2003.

    how many users do you have on the 2010 server, also do legacy mailboxes are affected in any mean, I think not.

    try:

    get-mailbox -server <exchange2010name> | set-casmailbox -imapenabled $false

    for the old users I suggest running setup.com /PreparelegacyExchangPermission


    Regards, Mahmoud Magdy http://busbar.blogspot.com http://ingazat.wordpress.com
    • Marked as answer by Shon Miles Friday, April 30, 2010 7:22 PM
    Thursday, April 29, 2010 2:28 PM

All replies

  • start and enable the IMAP service.

    configure the IMAP service to do basich auth if you don't have certificate, restart IMAP.

    now disable IMAP for all of the users

    get-mailbox | set-casmailbox -imapenabled $false

    then enable the IMAP for users you want from their properties


    Regards, Mahmoud Magdy http://busbar.blogspot.com http://ingazat.wordpress.com
    Wednesday, April 28, 2010 7:54 PM
  • start and enable the IMAP service.

    configure the IMAP service to do basich auth if you don't have certificate, restart IMAP.

    now disable IMAP for all of the users

    get-mailbox | set-casmailbox -imapenabled $false

    then enable the IMAP for users you want from their properties


    Regards, Mahmoud Magdy http://busbar.blogspot.com http://ingazat.wordpress.com
    Thanks for the reply, this looks like the right track, however I gave this a shot, but got a warning and all kinds of errors, I listed the first few: (replaced some info with generic names) This worked but only for 1000 users, we have about 55,000 mailboxes.

    [PS] C:\Windows\system32>get-mailbox | set-casmailbox -imapenabled $false
    WARNING: By default, only the first 1000 items are returned. Use the ResultSize parameter to specify the number of
    items returned. To return all items, specify "-ResultSize Unlimited". Be aware that, depending on the actual number of
    items, returning all items can take a long time and consume a large amount of memory. Also, we don't recommend storing
    the results in a variable. Instead, pipe the results to another task or script to perform batch changes.
    The proxy address "SMTP:ExAdmin@ourdomain.com" is already being used by "ourdomain.com/Users/ExAdmin
    CNF:38be0014-c59d-4fdf-9661-b7f7cc5ebddf". Please choose another proxy address.
        + CategoryInfo          : NotSpecified: (ourdomain.com/Users/ExAdmin:ADObjectId) [Set-CASMailbox], ProxyAddress
       ExistsException
        + FullyQualifiedErrorId : 81CEEFAB,Microsoft.Exchange.Management.RecipientTasks.SetCASMailbox

    The proxy address "x400:C=us;A= ;P=DMACC;O=Exchange;S=ExAdmin;" is already being used by "ourdomain.com/Users/ExAdmi
    n
    CNF:38be0014-c59d-4fdf-9661-b7f7cc5ebddf". Please choose another proxy address.
        + CategoryInfo          : NotSpecified: (ourdomain.com/Users/ExAdmin:ADObjectId) [Set-CASMailbox], ProxyAddress
       ExistsException
        + FullyQualifiedErrorId : 81CEEFAB,Microsoft.Exchange.Management.RecipientTasks.SetCASMailbox

    Active Directory operation failed on dc06.ourdomain.com. This error is not retriable. Additional information: Insu
    fficient access rights to perform the operation.
    Active directory response: 00002098: SecErr: DSID-03150E8A, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
        + CategoryInfo          : NotSpecified: (14:Int32) [Set-CASMailbox], ADOperationException
        + FullyQualifiedErrorId : 6E167F7F,Microsoft.Exchange.Management.RecipientTasks.SetCASMailbox

    Shon
    • Edited by Shon Miles Thursday, April 29, 2010 1:38 PM added info
    Thursday, April 29, 2010 1:35 PM
  • This seems to have had a negative impact on 2003 users in our domain.  Now users that had legacy mailboxes, do not even show the IMAP feature from ADUC, it shows up however according to the 2010 ECM they have IMAP and it is enabled.
    Shon
    Thursday, April 29, 2010 2:12 PM
  • Ok. you didn't say in the original post that you have Exchange 2003.

    how many users do you have on the 2010 server, also do legacy mailboxes are affected in any mean, I think not.

    try:

    get-mailbox -server <exchange2010name> | set-casmailbox -imapenabled $false

    for the old users I suggest running setup.com /PreparelegacyExchangPermission


    Regards, Mahmoud Magdy http://busbar.blogspot.com http://ingazat.wordpress.com
    • Marked as answer by Shon Miles Friday, April 30, 2010 7:22 PM
    Thursday, April 29, 2010 2:28 PM
  • Did you check your permissions?

    "Active Directory operation failed on dc06.ourdomain.com. This error is not retriable. Additional information: Insu

    fficient access rights to perform the operation."




    Michel de Rooij,
    MCITP Ent.Msg | MCTS W2008, E2k7Conf | MCSE+Msg2k3 | MCSE+Inet2k3 | Prince2 Fnd | ITIL
    I blog on http://eightwone.wordpress.com/ and tweet on http://twitter.com/mderooij
    Thursday, April 29, 2010 2:29 PM
  • Hi,

    For first warning just attach -ResultSize Unlimited  to your command like this 

    get-mailbox -ResultSize Unlimited | set-casmailbox -imapenabled $false

    For all errors
    The proxy address "SMTP:ExAdmin@ourdomain.com" is already being used

    Plz ensure that you have not assigned an email address to multiple users[ may be due to moved mailboxes]. If it is so then remove erratic email address from the recipients except the one which u want to assign that email address, be it an SMTP or X400 email address.

    Also verify that the logged in user has been assigned the role "Server Management".

    Regards,


    Laeeq Qazi|Team Lead(Exchange + Sharepoint + BES + DynamicsCRM) www.HostingController.com
    Thursday, April 29, 2010 2:30 PM
  • Ok. you didn't say in the original post that you have Exchange 2003.

    how many users do you have on the 2010 server, also do legacy mailboxes are affected in any mean, I think not.

    try:

    get-mailbox -server <exchange2010name> | set-casmailbox -imapenabled $false

    for the old users I suggest running setup.com /PreparelegacyExchangPermission


    Regards, Mahmoud Magdy http://busbar.blogspot.com http://ingazat.wordpress.com
    About 995 legacy mailboxes are now broke with respect to IMAP, the IMAP features is not even listed in the Exchange Features tab of AD users and computers now.  I have to move the mailboxes to 2010 or delete and recreate the account to get IMAP back.
    Shon
    Thursday, April 29, 2010 6:05 PM
  • UPDATE: Because of the undesired effects this has on legacy mailboxes, I am just using ADModify.NET to disable IMAP for all users safely.
    Shon
    Thursday, April 29, 2010 6:13 PM
  • Hi Shon,

    I also test it in my lab(I have only 2007 coexistence with 2003,but I think it is same with 2010).

    Use EMC or EMS disable the IMAP feature for legacy mailboxes, the IMAP is not listed in the ADUC(2003).

    But if you want it back, you don't need to move the mailboxes to 2010 or delete and recreate the account.

    If you disable the IMAP in the EMC, you can find the user's properties:"protocolSettings" changed using ADSIEDIT.MSC .

    The value will be IMAP4 §  0 § § § § § § § §

    If you  delete the value, the IMAP feature will be back in ADUC.

     


    Frank Wang
    Friday, April 30, 2010 6:33 AM
  • Hi,

    Must use this commander under Exchange Powershel :

    get-mailbox -ResultSize Unlimited | set-casmailbox -imapenabled $false

    you can also use EMC and select all maiboxs

     

    BR


    Dhafer
    Friday, April 30, 2010 7:41 AM
  • Hi,

    Must use this commander under Exchange Powershel :

    get-mailbox -ResultSize Unlimited | set-casmailbox -imapenabled $false

    you can also use EMC and select all maiboxs

     

    BR


    Dhafer
    As I said above, this is not effective for me, I have over 55,000 mailboxes, and most are still sitting on the 2003 side, if I run this command it breaks IMAP, and re-enabling it from EMC in 2010 does NOT fix it.  It has to be manually edited, either using Frank.Wangs's method above, or proceeding with moving the mailbox to 2010.

    Shon
    Friday, April 30, 2010 1:27 PM