Microsoft Exchange team releases Exchange Server Security Updates (SUs) when vulnerabilities are discovered. You don't…
Recreate arbitration mailboxes in Exchange Server
A couple of arbitration mailboxes are corrupt, and we like to make them healthy. It can also happen that the arbitration mailboxes objects are missing. That’s because they are removed from Active Directory Users and Computers (ADUC). The good news is that we can recreate the missing arbitration mailboxes. In this article, you will learn how to recreate arbitration mailboxes in Exchange Server.
Table of contents
Before you start to recreate missing arbitration mailboxes
Read the following articles about the arbitration mailboxes:
Find the arbitration mailboxes in Exchange Server. Run Exchange Management Shell as administrator. Make use of the Get-Mailbox -Arbitration cmdlet. If you run the same cmdlet and you don’t see all the arbitration mailboxes, it means they are not in a good state. In our example, we have seven arbitration mailboxes.
We are running Exchange Server 2016 CU16. All of the arbitration mailboxes are configured in Exchange Server 2016 mailbox database DB01. You can see that we have seven arbitration mailboxes in the Exchange organization:
- 5x System mailboxes
- 1x Migration mailbox
- 1x Federation mailbox
[PS] C:\>Set-ADServerSettings -ViewEntireForest $true; Get-Mailbox -Arbitration | Format-Table Name, ServerName, Database, AdminDisplayVersion, ProhibitSendQuota
Name ServerName Database AdminDisplayVersion ProhibitSendQuota
---- ---------- -------- ------------------- -----------------
SystemMailbox{1f05a927-47dc-4efe-b7bf-aa11d93f5395} ex01-2016 DB01 Version 15.1 (Build 1979.3) Unlimited
SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c} ex01-2016 DB01 Version 15.1 (Build 1979.3) Unlimited
SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9} ex01-2016 DB01 Version 15.1 (Build 1979.3) Unlimited
Migration.8f3e7716-2011-43e4-96b1-aba62d229136 ex01-2016 DB01 Version 15.1 (Build 1979.3) 300 MB (314,572,800 bytes)
FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042 ex01-2016 DB01 Version 15.1 (Build 1979.3) 1 MB (1,048,576 bytes)
SystemMailbox{D0E409A0-AF9B-4720-92FE-AAC869B0D201} ex01-2016 DB01 Version 15.1 (Build 1979.3) Unlimited
SystemMailbox{2CE34405-31BE-455D-89D7-A7C7DA7A0DAA} ex01-2016 DB01 Version 15.1 (Build 1979.3) UnlimitedIn ADUC you will see the federation mailbox, migration mailbox and six system mailboxes. That’s a total of eight mailboxes. Why do we see eight mailboxes in total in ADUC and seven with PowerShell? The answer is that one of the system mailboxes is an audit mailbox.
The audit mailbox is the SystemMailbox{8cc370d3-822a-4ab8-a926-bb94bd0641a9}. You have to run the Get-Mailbox cmdlet with the -AuditLog switch to retrieve the mailbox.
[PS] C:\>Set-ADServerSettings -ViewEntireForest $true; Get-Mailbox -AuditLog | Format-Table Name, ServerName, Database, AdminDisplayVersion, ProhibitSendQuota
Name ServerName Database AdminDisplayVersion ProhibitSendQuota
---- ---------- -------- ------------------- -----------------
SystemMailbox{8cc370d3-822a-4ab8-a926-bb94bd0641a9} ex01-2016 DB01 Version 15.1 (Build 1979.3) 50 GB (53,687,091,200 bytes)Remove arbitration mailboxes
Go to ADUC. Right-click the mailboxes and click remove. We are going to remove the seven arbitration mailboxes. You will get a prompt if you are sure to delete the seven objects. Click Yes.
Run the cmdlet and check if the arbitration mailboxes are removed. There will be no results.
[PS] C:\>Set-ADServerSettings -ViewEntireForest $true; Get-Mailbox -Arbitration | Format-Table Name, ServerName, Database, AdminDisplayVersion, ProhibitSendQuotaRemove audit mailbox
Let’s remove the audit mailbox too. It’s only one mailbox. A prompt will show up if you are sure to delete the object. Click on Yes
Run the cmdlet to check if the audit mailbox is removed.
[PS] C:\>Set-ADServerSettings -ViewEntireForest $true; Get-Mailbox -AuditLog | Format-Table Name, ServerName, Database, AdminDisplayVersion, ProhibitSendQuotaIn the next step, we are going to recreate the arbitration mailboxes and the audit mailbox.
Recreate arbitration mailboxes and audit mailbox
Find the Exchange Server ISO file in your files. If you don’t have it, download Exchange Server ISO from the Microsoft website. After it’s finished downloading, mount the ISO.
Always save the Exchange Server ISO files, because Microsoft does not keep the ISO files available online if newer versions are released.
Find to which drive letter the ISO is mounted. In our example, it’s the I: drive.
Run Command Prompt as administrator and run the command I:\Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAD. This will recreate the missing arbitration mailboxes and the audit mailbox.
C:\>I:\Setup.exe /IAcceptExchangeServerLicenseTerms /PrepareAD
Microsoft Exchange Server 2016 Cumulative Update 16 Unattended Setup
Copying Files...
File copy complete. Setup will now collect additional information needed for installation.
Performing Microsoft Exchange Server Prerequisite Check
Prerequisite Analysis COMPLETED
Configuring Microsoft Exchange Server
Organization Preparation COMPLETED
The Exchange Server setup operation completed successfully.Start ADUC and make sure that you click the refresh button in the toolbar. If that doesn’t work, close and start ADUC. Verify that the PrepareAD setup created the arbitration mailboxes and audit mailbox in ADUC. A total of eight mailboxes.
Run both cmdlets to check if the arbitration mailboxes and audit mailbox show up. The results are empty, but why is that? That’s because we have to enable the mailboxes.
[PS] C:\>Set-ADServerSettings -ViewEntireForest $true; Get-Mailbox -Arbitration | Format-Table Name, ServerName, Database, AdminDisplayVersion, ProhibitSendQuota
[PS] C:\>Set-ADServerSettings -ViewEntireForest $true; Get-Mailbox -AuditLog | Format-Table Name, ServerName, Database, AdminDisplayVersion, ProhibitSendQuotaIn the next step, we are going to enable the arbitration mailboxes. We will also enable the audit mailbox.
Enable arbitration mailboxes
Enable Microsoft Exchange Federation Mailbox
There are two cmdlets that we have to run.
[PS] C:\>Enable-Mailbox -Identity "FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042" -Arbitration
Name Alias ServerName ProhibitSendQuota
---- ----- ---------- -----------------
FederatedEmail.4c1f4d8... FederatedEmail.4c... ex01-2016 Unlimited
[PS] C:\>Set-Mailbox -Identity "FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042" -Arbitration -ProhibitSendQuota 1MB -ForceEnable Microsoft Exchange Migration mailbox
Run the two cmdlets.
[PS] C:\>Enable-Mailbox -Identity "Migration.8f3e7716-2011-43e4-96b1-aba62d229136" -Arbitration
Name Alias ServerName ProhibitSendQuota
---- ----- ---------- -----------------
Migration.8f3e7716-201... Migration.8f3e771... ex01-2016 Unlimited
[PS] C:\>Set-Mailbox -Identity "Migration.8f3e7716-2011-43e4-96b1-aba62d229136" -Arbitration -Management $true -ProhibitSendQuota 300MB -ForceEnable Microsoft Exchange Approval Assistant mailbox
Run the cmdlet.
[PS] C:\>Get-User -ResultSize Unlimited | where {$_.Name -like "SystemMailbox{1f05a927*"} | Enable-Mailbox -Arbitration
Name Alias ServerName ProhibitSendQuota
---- ----- ---------- -----------------
SystemMailbox{1f05a927... SystemMailbox{1f0... ex01-2016 UnlimitedEnable Microsoft Exchange organization mailbox for OABs
Run the three cmdlets.
[PS] C:\>Enable-Mailbox -Identity "SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}" -Arbitration
Name Alias ServerName ProhibitSendQuota
---- ----- ---------- -----------------
SystemMailbox{bb558c35... SystemMailbox{bb5... ex01-2016 Unlimited
[PS] C:\>Set-Mailbox -Identity "SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}" -Arbitration -UMGrammar $true -OABGen $true -GMGen $true -ClientExtensions $true -MessageTracking $true -PstProvider $true -MaxSendSize 1GB -Force
WARNING: You must invoke Update-OfflineAddressBook manually against at least one Offline Address Book in this organization in order to activate the OAB generation capability of this mailbox.
[PS] C:\>$OABMBX = Get-Mailbox "SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}" -Arbitration; Set-ADUser $OABMBX.SamAccountName -Add @{"msExchCapabilityIdentifiers"="40","42","43","44","47","51","52","46"}A warning is showing that you must invoke the cmdlet Update-OfflineAddressBook manually. Get the Offline Address Book and run an update.
[PS] C:\>Get-OfflineAddressBook
Name Versions AddressLists
---- -------- ------------
Default Offline Address Book {Version4} {\Default Global Address List}
[PS] C:\>Update-OfflineAddressBook -Identity "Default Offline Address Book"Enable Microsoft Exchange Discovery system mailbox
Run two cmdlets to enable.
[PS] C:\>Enable-Mailbox -Identity "SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}" -Arbitration
Name Alias ServerName ProhibitSendQuota
---- ----- ---------- -----------------
SystemMailbox{e0dc1c29... SystemMailbox{e0d... ex01-2016 Unlimited
[PS] C:\>Set-Mailbox -Identity "SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}" -Arbitration -UMDataStorage $true -ForceEnable arbitration mailbox Exchange 2016 CU8 and later (1)
Microsoft did not put any information regarding this arbitration mailbox at the time of writing. One cmdlet to enable.
[PS] C:\>Enable-Mailbox -Identity "SystemMailbox{D0E409A0-AF9B-4720-92FE-AAC869B0D201}" -Arbitration
Name Alias ServerName ProhibitSendQuota
---- ----- ---------- -----------------
SystemMailbox{D0E409A0... SystemMailbox{D0E... ex01-2016 UnlimitedEnable arbitration mailbox Exchange 2016 CU8 and later (2)
At the moment, Microsoft did not yet put any information regarding this arbitration mailbox. Run the seven cmdlets.
[PS] C:\>Enable-Mailbox -Identity "SystemMailbox{2CE34405-31BE-455D-89D7-A7C7DA7A0DAA}" -Arbitration
Name Alias ServerName ProhibitSendQuota
---- ----- ---------- -----------------
SystemMailbox{2CE34405... SystemMailbox{2CE... ex01-2016 Unlimited
[PS] C:\>$ShardMBX = Get-Mailbox -Identity "SystemMailbox{2CE34405-31BE-455D-89D7-A7C7DA7A0DAA}" -Arbitration
[PS] C:\>Set-ADUser $ShardMBX.SamAccountName -Add @{"msExchCapabilityIdentifiers"="66"}
[PS] C:\>Set-ADUser $ShardMBX.SamAccountName -Add @{"msExchMessageHygieneSCLDeleteThreshold"="9"}
[PS] C:\>Set-ADUser $ShardMBX.SamAccountName -Add @{"msExchMessageHygieneSCLJunkThreshold"="4"}
[PS] C:\>Set-ADUser $ShardMBX.SamAccountName -Add @{"msExchMessageHygieneSCLQuarantineThreshold"="9"}
[PS] C:\>Set-ADUser $ShardMBX.SamAccountName -Add @{"msExchMessageHygieneSCLRejectThreshold"="7"}Enable audit mailbox
As of last, enable the audit mailbox.
[PS] C:\>Enable-Mailbox -Identity "SystemMailbox{8cc370d3-822a-4ab8-a926-bb94bd0641a9}" -AuditLog
Name Alias ServerName ProhibitSendQuota
---- ----- ---------- -----------------
SystemMailbox{8cc370d3... SystemMailbox{8cc... ex01-2016 50 GB (53,687,091,200 bytes)Verify arbitration mailboxes
The mailboxes are placed in random mailbox databases. In our example, it’s placed in mailbox database DB01 and DB02. You can always move the arbitration mailboxes to another database.
[PS] C:\>Set-ADServerSettings -ViewEntireForest $true; Get-Mailbox -Arbitration | Format-Table Name, ServerName, Database, AdminDisplayVersion, ProhibitSendQuota
Name ServerName Database AdminDisplayVersion ProhibitSendQuota
---- ---------- -------- ------------------- -----------------
SystemMailbox{1f05a927-92b3-4677-b58e-289476b74140} ex01-2016 DB01 Version 15.1 (Build 1979.3) Unlimited
SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c} ex01-2016 DB02 Version 15.1 (Build 1979.3) Unlimited
SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9} ex01-2016 DB01 Version 15.1 (Build 1979.3) Unlimited
Migration.8f3e7716-2011-43e4-96b1-aba62d229136 ex01-2016 DB02 Version 15.1 (Build 1979.3) 300 MB (314,572,800 bytes)
FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042 ex01-2016 DB02 Version 15.1 (Build 1979.3) 1 MB (1,048,576 bytes)
SystemMailbox{D0E409A0-AF9B-4720-92FE-AAC869B0D201} ex01-2016 DB02 Version 15.1 (Build 1979.3) Unlimited
SystemMailbox{2CE34405-31BE-455D-89D7-A7C7DA7A0DAA} ex01-2016 DB01 Version 15.1 (Build 1979.3) UnlimitedArbitration mailboxes are showing up and looking great.
Verify audit mailbox
[PS] C:\>Set-ADServerSettings -ViewEntireForest $true; Get-Mailbox -AuditLog | Format-Table Name, ServerName, Database, AdminDisplayVersion, ProhibitSendQuota
Name ServerName Database AdminDisplayVersion ProhibitSendQuota
---- ---------- -------- ------------------- -----------------
SystemMailbox{8cc370d3-822a-4ab8-a926-bb94bd0641a9} ex01-2016 DB01 Version 15.1 (Build 1979.3) 50 GB (53,687,091,200 bytes)Audit mailbox is showing up. Everything is looking fantastic.
Keep reading: Cannot delete mailbox database Exchange 2016 »
Conclusion
In this article, you learned how to recreate arbitration mailboxes in Exchange Server. Not only that, but you also learned that there is another system mailbox showing in Active Directory. It makes it confusing if you see a system mailbox in AD, but you can’t find it when running the Get-Mailbox -Arbitration switch. That’s because you have to run Get-Mailbox -AuditLog switch. After you recreate the mailboxes, don’t forget to enable them.
Did you enjoy this article? You may also like Enable search indexing Exchange. Don’t forget to follow us and share this article.
What Others Are Reading
This Post Has 0 Comments