When you use the EMS cmdlet Set-CASMailbox to configure user-based segmentation for Outlook Web Access, you may already have noticed that even though you set the value of just one property to $False, by running a simple line like:
Set-CASMailbox UserA -OWAChangePasswordEnabled:$False
Exchange will set the value of all properties starting with OWA to $False, thereby disabling almost every feature of Outlook Web Access for that user or the users you selected to change.
And yes, it’s the same when you run:
Set-CASMailbox UserA -OWAChangePasswordEnabled:$True
Exchange will enable the ability to change the password using OWA, but will disable all other features that weren’t explicitly enabled or disabled prior to running the cmdlet.
There are quite a few easy ways to reset or undo the changes, but for me using the ActiveRole Management Shell for Active Directory (Quest) is the quickest way to change settings, since it allows you to change the value of the msExchMailboxFolderSet attribute of one or more users, which actually stores the segmentation settings for a mailbox-enabled user in AD. Depending on the features that are enabled and disabled, this attribute will have a different value. But these are the two which may help you out to reset the value of all OWA* properties for a user to True or to the default value of <not set>.
To reset the value of the parameter to the default <not set>, just run the following line:
Set-QADUser ‘<domainname>/<OU>/username’ -objectattributes @{msExchMailboxFolderSet=$Null}
To set the value of all properties (starting with OWA) to $True, just run the following:
Set-QADUser ‘<domainname>/<OU>/username’ -objectattributes @{msExchMailboxFolderSet=2147483647}
So, for example, if you want to disable the ability of user A to change its passwords using OWA, I would run:
Get-QADUser ‘<domainname>/<OU>/user A’ | Set-QADUser -objectattributes @{msExchMailboxFolderSet=2147483647}
Set-CASMailbox UserA -OWAChangePasswordEnabled:$False
For other settings, create or use a test user, and see what the value is of the attribute msExchMailboxFolderSet, and you’re ready to change the setting for any amount of users at once 🙂
$testuser = Get-QADUser UserA
$testuser.msExchMailboxFolderSet
Did you ever find any issues with segmenting individual mailboxes?
I set OwaCalendarEnabled to $false and had all the other items disabled like you mentioned. The same evening (possibly coincidence) the CMS failed over after a free/busy publishing error.
That may be unrelated but I wanted to ask if you’ve ever seen any specific problems related to per-user segmentation.
thanks!
Personally, I haven’t seen any problems related to per-user segmentation. Must be a coincidence…
– Ilse