Adaxes

Performance Exchange Properties

0 votes

Hi,

we have a problem when calling the Exchange properties. This takes a very long time. Can we speed up in any way? How then does the communication with the Exchange?

Thanks a lot and greets,

Dennis

by (40 points)
0

Hello Dennis,

Adaxes communicates with Exchange Servers using Exchange management cmdlets and PowerShell remoting. To troubleshoot the issue with slow loading of Exchange properties, you can:

  1. Enable tracing of commands sent to your Exchange Server. How to Trace Requests to Exchange Servers.
  2. In the generated trace file, you will find the name of the Exchange Server that Adaxes communicates with.
  3. Check whether communication between the computer where Adaxes is installed and the Exchange Server it communicates with is not hindered by any conditions. For example, Adaxes can communicate with an Exchange Server located in another AD site.

By the way, what version of Exchange are you using?

by (216k points)
0

Hi,

thank´s for the quick reply. We´re using Exchange 2013 CU3.

Greets, Dennis

by (40 points)
0

Hello Dennis,

Did you try enabling tracing of commands sent to Exchange Servers? Are the computer where Adaxes is installed and the Exchange Server it connects to located in the same AD site?

How to Trace Requests to Exchange Servers.

by (216k points)
0

Hi,

Computers are in the same AD site. The Command "Get-ADPermission" takes about 40 seconds :roll: Mh.... sooo many entries (?)

Greets, Dennis

by (40 points)
0

Dennis,

Can you send the trace file to our support e-mail (support[at]adaxes.com)?

by (216k points)
0

Hi,

sure... Mail was send...

Greets, Dennis

;-)

by (40 points)
0

Dennis,

The issue really seems to be in Get-ADPermission. It is the only cmdlet that takes so much time to execute.

The thing is that the Get-ADPermission cmdlet gets permissions for the mailbox. Each user that has certain permissions for the mailbox is stored in the form of a Security Identifier (SID). The Get-ADPermission cmdlet translates the SIDs into names of the users/groups that have the permissions. This can take some time in certain situations.

To troubleshoot the issue, can you do the following:

  1. Logon to the Exchange Server that is mentioned in the trace file.

  2. Launch Exchange Management Shell (EMS).

  3. Execute the Get-ADPermission cmdlet exactly as it is shown in the trace file, piping the output to a CSV file. For example: 

     Get-ADPermission -Identity "CN=User,CN=Users,DC=example,DC=com" -DomainController "server.example.com" | Export-CSV C:\Export.csv

    where C:\Export.csv is the full path to the CSV file that will be created.

  4. Send the generated CSV file to us.

by (216k points)
0

Hi,

ok... Mail was send...

Greets, Dennis

;-)

by (40 points)

1 Answer

0 votes
by (216k points)

Hello Dennis,

The issue seems to be in the permissions assigned to the following SID: S-1-5-32-561. Out of the 704 permission entries for the mailbox, almost 670 define permissions for this SID. There seem to be excessive/duplicated permissions. The SID is a well-known SID of the built-in Windows Authorization Access Group.

To remedy the issue, we recommend you to optimize how permissions are assigned to the group and reduce the number of permission entries for it. Bear in mind, that the permissions are inherited by the mailbox from its parent container, and thus you need to adjust the permissions for the parent OUs/Containers.

By the way, how long did it take to execute the command in the EMS? Was it something close to 40 seconds as well?

Can you also do the following for further troubleshooting:

  1. Logon to the Exchange Control Panel (ECP) of the Exchange Server that is mentioned in the trace file.
  2. Open properties of the same mailbox in the ECP.
  3. Switch to the Mailbox Delegation tab. How long does it take the ECP to load the mailbox delegation parameters?
0

Hi,

the SID: S-1-5-32-561 is the SID of the built-in Terminal Server License Servers Group and the SID: S-1-5-32-560 of the Windows Authorization Access Group.

Mhhh... why does have the Terminal Server License Servers Group to be queried? :shock:

In the EMS it takes too so long, we tought it is on iis. But sovile queries for this group? The Test User is only in the DomainUsers Group.

Greets, Dennis

;-)

by (40 points)
0

Hello Dennis,

As we've already mentioned, the Get-ADPermission cmdlet gets permissions for the mailbox. Each user/group that has certain permissions for the mailbox is stored in the form of a Security Identifier (SID). The Get-ADPermission cmdlet translates the SIDs into names of the users/groups that have certain permissions over the mailbox. For this purpose, the cmdlet needs to poll Active Directory each time for each entry.

But sovile queries for this group? The Test User is only in the DomainUsers Group.

The group names are resolved not for the groups in which the member is a user, but for the groups that have certain permissions over the user.

by (216k points)

Related questions

0 votes
1 answer
Unable to Edit Distribution List Exchange Properties

Hello, I am trying to do as best as I can researching the best and effective way to manage the properties of Office 365 Exchange Properties with Adaxes (Latest Version) ... sure if there is a command or config I missed for adjusting the Distribution Lists.

asked Dec 19, 2023 by Edogstraus00 (490 points)
0 votes
0 answers
Distribution groups not showing exchange properties anymore

Hi all, We have Adaxes running in our environment. We don't have an on-prem Exchange environment, everything is in Exchange online. Our existing distrubution groups all ... how to get the exchange properties back for newly created groups? Kind regards, Eddy

asked Dec 8, 2022 by eddy1985 (20 points)
0 votes
1 answer
Adaxes fails to display Exchange Properties

I am using an account with global admin permissions to o365, so it does not appear to be that as the issue. Adaxes V.2017.2 Trace logs showing the following [11/02/2022 11:24:58] ... at #2e.#Vh.#h8() at #eb.#Wb.#j8() at #2e.#Uh.Execute(#ib command) Any ideas?

asked Nov 2, 2022 by bbrunning (50 points)
0 votes
1 answer
Exchange Properties - Accounts with no exchange.

Hi, In our system we a hybrid domain with Office365, so on prem AD accounts, O365 mailboxes with an OnPrem exchange for some legacy mailboxes. We have a number of AD accounts ... it's an option in a newer version that's absolutely fine as well. Thanks Gary

asked Feb 27, 2020 by gazoco (490 points)
0 votes
1 answer
Issue Gathering Exchange properties

Receive the following error when trying to access our Exchange properties. "Could not load file or assembly 'System.Management.Automation, Version=3.0.0.0, Culture=neutral, ... recently, and I'm not sure where to begin searching for a solution. Regards.

asked Oct 22, 2018 by jtop (700 points)
3,548 questions
3,239 answers
8,232 comments
547,814 users