When removing a mailbox database from an Exchange Server 2007 Mailbox server you may be presented with this warning message.

Exchange Server 2007 May Not Warn of Active Mailboxes When Removing Databases

If you are attempting the removal via the Exchange Management Shell the same warning is presented.

[PS] C:\>Remove-MailboxDatabase "Mailbox Database"
Remove-MailboxDatabase : This mailbox database contains one or more mailboxes.
To get a list of all mailboxes in this database, run the command Get-Mailbox -D
atabase . To disable a mailbox so that you can delete the mailbox
database, run the command Disable-Mailbox
At line:1 char:23
+ Remove-MailboxDatabase  <<<< "Mailbox Database"

A similar warning will appear if you attempt to uninstall the Exchange Server product from the server while it still hosts active mailboxes in one of its databases.

Exchange Server 2007 May Not Warn of Active Mailboxes When Removing Databases
Click to enlarge

However in some scenarios the Exchange server will not warn of active mailboxes, and will allow you to remove the database or the entire Exchange Server product from the server.  This behaviour can occur in multi-Domain Forests.

Example Multi-Domain Forest and Exchange Organization

In this example the mycompany.com Forest consists of two domains:

  • mycompany.com (the Forest root domain)
  • branch.mycompany.com

The Exchange server EX2007 is installed in the Forest root domain.  In the real world this might also be installed in a resource Domain in the Forest, fairly common for large enterprises especially those that have undergone mergers, domain consolidations, or have multiple subsidiaries.

Exchange Server 2007 May Not Warn of Active Mailboxes When Removing Databases

There are mailbox users in both Domains in the Forest, and for the purposes of this demonstration they have been deployed onto two mailbox databases:

  • “Mailbox Database 1” contains mycompany.com mailbox users
  • “Mailbox Database 2” contains branch.mycompany.com mailbox users

Administrative Tasks and Recipient Scope

Logged on to the Exchange server EX2007 as a mycompany.com administrator the following Exchange Management Shell command is run to view a list of mailboxes.

[PS] C:\>Get-MailboxDatabase | get-mailbox

Name                      Alias                ServerName       ProhibitSendQuo
                                                                ta
----                      -----                ----------       ---------------
headoffice user           headoffice.user      ex2007           unlimited

The command does not display all mailboxes within the Exchange Organization. The same command run a second time with the -IgnoreDefaultScope parameter has different output.

[PS] C:\>Get-MailboxDatabase | get-mailbox -IgnoreDefaultScope

Name                      Alias                ServerName       ProhibitSendQuo
                                                                ta
----                      -----                ----------       ---------------
branch user               branch.user          ex2007           unlimited
headoffice user           headoffice.user      ex2007           unlimited

The same situation occurs when listing mailboxes on the “Mailbox Database 2” database. Note how the first command returns no results, but the second command returns the expected results.

[PS] C:\>get-mailbox -database "mailbox database 2"
[PS] C:\>
[PS] C:\>get-mailbox -database "mailbox database 2" -IgnoreDefaultScope

Name                      Alias                ServerName       ProhibitSendQuo
                                                                ta
----                      -----                ----------       ---------------
branch user               branch.user          ex2007           unlimited

This is due to the concept of Recipient Scope. From Microsoft Technet:

Recipient scope refers to the specified portion of the Active Directory directory service hierarchy that the Exchange Management Console and the Exchange Management Shell will use for recipient management. When you set the recipient scope to a specific location within Active Directory, you can view and manage all recipients stored in that location and all of the containers under it.

When you set the recipient scope, the management interface you are using operates within the recipient scope that you specified.

Recipient scope can be controlled on a per-cmdlet basis using the -IgnoreDefaultScope parameter as demonstrated above.  It can also be applied to an entire Exchange Management Shell session using the $AdminSessionADSettings variable.

[PS] C:\>$adminsessionadsettings

ViewEntireForest              : False
DefaultScope                  : mycompany.com
PreferredGlobalCatalog        :
ConfigurationDomainController : ex2007.mycompany.com
PreferredDomainControllers    : {}

Changing the ViewEntireForest field to $true expands the recipient scope to be Forest-wide, and overrides the DefaultScope field. If ViewEntireForest is left as $false the DefaultScope value applies.

Within a single Exchange Management Shell session the field an be modified as desired:

[PS] C:\>$adminsessionadsettings.viewentireforest = $true

The shell command run earlier to view mailboxes on “Mailbox Database 2” now returns the expected result without requiring the -IgnoreDefaultScope parameter.

[PS] C:\>Get-MailboxDatabase "Mailbox Database 2" | Get-Mailbox

Name                      Alias                ServerName       ProhibitSendQuo
                                                                ta
----                      -----                ----------       ---------------
branch user               branch.user          ex2007           unlimited

Changes made to $AdminSessionADSettings within the shell are applicable only to that session. Once the shell window is closed and reopened the previous values are restored. To make the change permanent, edit the BinExchange.ps1 file in the Exchange installation folder.

Open the file in a text editor and look for this line. Change the value from $false to $true and then save the file again.

$global:AdminSessionADSettings.ViewEntireForest = $true

The next Exchange Management Shell window you launch will now have this setting configured.

[PS] C:\>$AdminSessionADSettings

ViewEntireForest              : True
DefaultScope                  :
PreferredGlobalCatalog        :
ConfigurationDomainController : ex2007.mycompany.com
PreferredDomainControllers    : {}

[PS] C:\>Get-MailboxDatabase "Mailbox Database 2" | Get-Mailbox

Name                      Alias                ServerName       ProhibitSendQuo
                                                                ta
----                      -----                ----------       ---------------
branch user               branch.user          ex2007           unlimited

As you can see, the command issued to list all mailboxes on “Mailbox Database 2” again returns the expected results.

The modification to Exchange.ps1 also applies to the Exchange Management Console.  Here a newly launched console session is shown to already be set to “Entire Forest” scope.

Exchange Server 2007 May Not Warn of Active Mailboxes When Removing Databases

Recipient Scope Not Applicable to all Administrative Actions

Despite the Forest-wide scope for the shell and console sessions, “Mailbox Database 2” containing active mailboxes in the branch.mycompany.com domain can still be removed.  Note how the server prevents removal of “Mailbox Database 1”, but not “Mailbox Database 2”.

[PS] C:\>remove-mailboxdatabase "Mailbox Database 1"
Remove-MailboxDatabase : This mailbox database contains one or more mailboxes.
To get a list of all mailboxes in this database, run the command Get-Mailbox -D
atabase . To disable a mailbox so that you can delete the mailbox
database, run the command Disable-Mailbox
At line:1 char:23
+ remove-mailboxdatabase  <<<< "Mailbox Database 1" [PS] C:\>

[PS] C:\>remove-mailboxdatabase "Mailbox Database 2"

Confirm
Are you sure you want to perform this action?
Removing Mailbox Database "ex2007.mycompany.comMailbox Database 2".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help
(default is "Y"):y
WARNING: The specified database has been removed. You must remove the database
file located in C:Program FilesMicrosoftExchange ServerMailboxThird
Storage GroupMailbox Database 21.edb from your computer manually if it exists.
 Specified database: Mailbox Database 2

The impact of this is the mailbox users in branch.mycompany.com that were on “Mailbox Database 2” now have corrupted Exchange attributes.

Exchange Server 2007 May Not Warn of Active Mailboxes When Removing Databases
Click to enlarge

Recipient Scope Not Applicable to Exchange Server Uninstall

Similar to the database removal process, the removal of the Mailbox Server role also generates a warning for active mailboxes in the same domain as the Exchange server, as seen in the screenshot at the beginning of this post.

However, even with the shell and console defaulting to Forest-wide scope for some administrative actions, this does not always apply to removal of the Mailbox Server role.

In this example the mailbox users in mycompany.com have been removed or migrated to another server, but mailbox users in branch.mycompany.com remain on “Mailbox Database 2”.  Despite this, the Exchange server will permit the removal of the Mailbox Server role.

Click to enlarge
Click to enlarge

As you can see the setup routine has passed its pre-requisite checks and is ready to proceed with the uninstall, even though active mailboxes are shown to still be on “Mailbox Database 2”.

The Exchange setup log records that the Active Directory session settings are Forest-wide, and that a status check is performed on “Mailbox Database 2”, but the active mailboxes are not detected.

[2/17/2010 3:48:32 PM] [1] Beginning processing.
[2/17/2010 3:48:32 PM] [1] Administrator Active Directory session settings are:  View Entire Forest: 'True', Configuration Domain Controller: 'ex2007.mycompany.com', Preferred Global Catalog: 'ex2007.mycompany.com', Preferred Domain Controllers: '{ ex2007.mycompany.com }'
[2/17/2010 3:48:32 PM] [1] Searching objects "EX2007Third Storage GroupMailbox Database 2" of type "MailboxDatabase" under the root "$null".
[2/17/2010 3:48:32 PM] [1] Previous operation run on domain controller 'ex2007.mycompany.com'.
[2/17/2010 3:48:32 PM] [1] Verifying that there is no associated mailbox user on the mailbox database "EX2007Third Storage GroupMailbox Database 2".
[2/17/2010 3:48:32 PM] [1] Establishing the Admin RPC connection with Server "ex2007.mycompany.com".
[2/17/2010 3:48:32 PM] [1] Checking the status of database "EX2007Third Storage GroupMailbox Database 2".
[2/17/2010 3:48:32 PM] [1] Ending processing.

Checking for Active Mailboxes Before Removing Databases

With the above behaviour in mind it is wise to perform manual checks before removing mailbox databases.  You can check the status of an individual mailbox database with this command:

[PS] C:\>Get-MailboxDatabase "Mailbox Database 2" | Get-Mailbox -IgnoreDefaultScope

Or if the $AdminSessionADSettings are set to Forest-wide:

[PS] C:\>Get-MailboxDatabase "Mailbox Database 2" | Get-Mailbox

Before uninstalling the Mailbox Server role you can also check the entire server for active mailboxes with this command:

[PS] C:\>Get-Mailbox -Server EX2007 -IgnoreDefaultScope

Or again, if the $AdminSessionADSettings are set to Forest-wide:

[PS] C:\>Get-Mailbox -Server EX2007

Notes on Testing Environment

These scenarios were tested with Exchange Server 2007 Service Pack 2, with Update Rollup 2, on Windows Server 2008 servers.  The Forest topology was configured per the diagram earlier in the post.

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for Practical365.com.

Comments

  1. JoeB

    Hello – There are 25 domains in my organization and I manage 5 of them. Is there a way to modify $global:AdminSessionADSettings.ViewEntireForest = $true so that I can scan one of the 5 domains or run it against a list of the 5 domains I manage?

    Thanks

    1. Avatar photo

      Hi Joe, thats really an all or none setting, nothing in between.

      You could use the -OrganizationalUnit switch to run commands for each domain. For some of your more common admin tasks you could also automate it into custom scripts.

      See this article for -OrganizationalUnit usage with Get-Mailbox:
      http://technet.microsoft.com/en-us/library/bb123685(EXCHG.80).aspx

  2. anirban paul

    dear sir
    i have got the error,i am using server 2003 sp2 and exchange server 2007 sp1…..can i use the same procedure just u did it …or some thing else please rectify my problem

    thank you

Leave a Reply