As an Exchange admin, one of the hardest things to keep an eye on is AD. Not in the sense of your replication or DC health, but that everything is where it is supposed to be. Some of the most trivial calls end up being related to a distribution group, shared mailbox, or room mailbox not being in the proper OU, so the relevant team cannot manage them. Unfortunately there isn’t a tool out there (that I know of) that will help you keep an eye on this sort of thing without pounding you with notifications. For that reason, I created a script that I run weekly as a scheduled task. This script greets me every Monday morning, and shows me the following:
- Mailboxes on Litigation Hold
- Mailboxes without a Retention Policy
- All the existing Journaling Rules
- The user objects in AD that have been inactive for over 60 days
- Shared Mailboxes in the wrong OU
- Room Mailboxes in the wrong OU
- Distribution Groups in the wrong OU
- Shared Mailboxes with enabled user objects
- Room Mailboxes with enabled user objects
And here’s what the report looks like in an Outlook 2016 client:
Now I don’t expect this script to work for every environment. The place I developed the script for has a pretty basic AD hierarchy, with singular specific root OUs for each type of mailbox and distribution groups. If, for example, you keep shared mailboxes in multiple OUs you will have to make some changes to the filters in each relevant cmdlet. The good news is the framework is already here.
Hat tip to Karsten Schneider at ilikesharepoint.de for providing me the starting point on this script.