Publishing Exchange 2007 Autodisover in ISA 2006

In Exchange versions previous to Exchange 2007, users would store data inside a public folder. This data included free/busy information, Out of Office messages, Offline Address Book, etc. Beginning with Exchange 2007, this information is stored in Internet Information Services (IIS). The process of distributing these services in Exchange 2007 is known as web distribution. Keep in mind that you will need to have Outlook 2007 clients to support web distribution. If you are running clients previous to Outlook 2007, you will still need to use public folders.

As you can see in the following image, in Exchange 2007, IIS contains several new directories than its predecessor, Exchange 2003:

The Autodiscover directory is used by the Autodiscover service to provide automatic profile configuration for Outlook 2007 clients as well as compatible mobile devices, such as Windows Mobile 6. In addition to automatic profile configuration, it provides the external URLs necessary to connect to web distributed services. Another directory is the EWS directory which provides access to web distributed services. These web distributed services include the Availability service, Out of Office (OOF) messages, etc. The Availability service grants users on-demand access to free-busy information. For more information regarding the Availability service, please visit the following site: http://msexchangeteam.com/archive/2006/10/23/429296.aspx. The OAB directory is used to store the Offline Address Book (OAB) which provides an offline copy of the Global Adress List (GAL). The file distribution service copies the OAB files from the OAB generation server to the CAS server for web distribution. To learn more about OAB web distribution, please visit the following site: http://msexchangeteam.com/archive/2006/11/15/431502.aspx.

Prerequisite

Properly configure IIS on your Client Access Server (CAS) to host the certificate(s) needed for external and internal access. The certificate recommended for this configuration is a Unified Communications (UC) certificate. You can read more about these different configurations here.

Note: For this article, we will be using a UC certificate that contains 4 Subject Alternative Names (SANs). Our requested certificate's CN was webmail.shudnow.net. The first SAN name requested was also webmail.shudnow.net. Our request was created using the following EMS command:

New-Exchangecertificate -domainname webmail.shudnow.net, autodiscover.shudnow.net, casserver.shudnow.net, casserver -Friendlyname Shudnow -generaterequest:$true -keysize 1024 -path c:\certrequest.req -privatekeyexportable:$true -subjectname "c=US, o=Shudnow Inc, CN=webmail.shudnow.net"

1. NetBIOS name of CAS (casserver)- used if there is a need/want to connect to services such as OWA using the NetBIOS name of the CAS while connected to the internal network.
2. FQDN name of CAS (casserver.shudnow.net)- used so we can publish Autodiscover internal URLs to point directly to the CAS.
3. Autodiscover.shudnow.net - used so external clients can retrieve external URLs to connect to web distributed services.
4. Intuitivname.shudnow.net - used for services such as Outlook Web Access, Outlook Anywhere, Exchange ActiveSync, web service distribution (OAB, OOF, and Availability). Common FQDNs used are exchange.domain.com, owa.domain.com, mail.domain.com, webmail.domain.com, etc. This article will use the example FQDN: webmail.shudnow.net.

ISA 2006 RTM Configuration

Update1 (08/18/2008) - It's been over a year since this article was released.  Things have changed.  Below I explain to create a new rule for Autodiscover, set All users for authentication, etc..  ISA 2006 SP1 is now out and supports SAN certs.  As of now, when I configure ISA 2006 SP1, I leave autodiscover in the Outlook Anywhere Rule, leave Authenticated Users on, and add the autodiscover FQDN to the Public Name Tab as I do below.  So please keep these things in mind due to the remaining section of ISA 2006 is based off of RTM and not SP1.

You must ensure that you go onto the CAS and export the certificate with its private key and import that into ISA 2006 (Please make sure you have the licenses needed for installing a certificate on multiple servers if required by your certificate vendor). A guide on how to do this is out of the scope of this blog. Once the certificate has been imported on the ISA 2006, ISA configuration can begin. Start by publishing each Exchange 2007 role as needed. In ISA 2006, each rule will need to be published by itself. You can see this by looking at the following screen:

The Outlook Anywhere rule contains several /paths/ as can be seen by the following screenshot:

Because Outlook 2007 will contact the Autodiscover service by using https://autodiscover.shudnow.net/Autodiscover/Autodiscover.xml, we will need to remove the /Autodiscover/ Path from the Outlook Anywhere rule and create a dedicated rule just for the Autodiscover.

There are also several other /paths/ that are new to publishing Exchange 2007. As you recall from the previous IIS screenshot from the CAS, there is an /EWS/ and /OAB/ path that allow us to publish the OAB and EWS web distributed folders. In the Exchange ActiveSync (EAS) rule, there is a /Microsoft-Server-Activesync/ path that is used to publish Exchange Active Sync. Because the Public Name for these rules are configured to webmail.shudnow.net, we will need to publish the external URLs on the CAS server to distribute these services to external clients via https://webmail.shudnow.net.

Autodiscover Rule

With the Autodiscover rule created, there are a few configuration settings that need to be modified. The first is done by opening the Autodiscover Rule and navigating to the To: Tab. We need to ensure the, "This rule applies to the published site:" equates to the Common Name of the internal certificate. Since we are using the same certificate on both the CAS and ISA, the common name will be the same on both certificates. Using a separate certificate on your CAS and ISA is out of the scope of this article. The IP Address must be the IP address of the CAS server.

The next tab you will need to modify is the Public Name tab. Because this rule will be listening for a request to Autodiscover.shudnow.net, we will need to ensure this rule accepts requests that are destined to Autodiscover.shudnow.net

You will see an error on the Listener tab that states there is an issue with certificates. Disregard this error as it doesn't affect us. ISA does not see the certificate contains subject alternative names and will work even though the Public Name is set to something other than the Common Name of the certificate.

Note: Microsoft has stated that ISA 2006 SP1 will support SAN certificates (which means all SAN names in a SAN Certificate).  SP1 is due out late summer at earliest.

The final change to the Autodiscover rule that is needed is to modify authentication. Click on the Users tab and remove All Authenticated Users. Add the All Users group. There is currently a bug in Exchange 2007 that does not allow ISA 2006 to publish the Exchange 2007 Autodiscover when All Registered Users is selected. Look out for a fix in Exchange 2007 SP1.

Configuring Autodiscover on CAS

In order to allow a smooth connection to web distributed folders, we need to configure internal and external URLs. Internal URLs are provided to domain-joined clients who have direct connectivity to Active Directory. Because they have direct connectivity to AD, they will be able to pull authoritative internal web distribution URLs directly from the Service Connection Point (SCP). The SCP is an object that gets installed in Active Directory when a CAS is installed. The SCP contains an authoritative list of all Autodiscover service URLs in the forest where Exchange 2007 is installed.

Because we created an Autodiscover rule that listens for connections on Autodiscover.shudnow.net, an Outlook 2007 client as well as a compatible mobile client connecting from a remote network will be able to contact the Autodiscover service to have their profile automatically be configured as well as find the external URLs for web distributed services. Because ISA is publishing these web distributed folders via webmail.shudnow.net, we need to configure the external URLs to use https://webmail.shudnow.net/ServiceAddress. This way when a client connects from the outside network, they will see these external URLs are configured using https://webmail.shudnow.net/OAB and https://webmail.shudnow.net/EWS.

When using a UC certificate with the 4 URLs specified earlier in this article, we can allow an internal client to connect directly to the CAS bypassing ISA. If you are not using the UC certificate, you will most likely be using the same internal and external URL. This is because when not using the UC certificate, you will be need to separate your IIS websites to accommodate multiple certificates. One blank default web site for your self-signed certificate, one site for all your web distributed services, OWA, and Outlook Anywhere that will contain your webmail.shudnow.net certificate, and finally an Autodiscover website for your Autodiscover.shudnow.net certificate. Because you will be only using 3 certificates, you will not have the FQDN of the CAS server defined in your certificates. Because of this, you will need to point both the internal and external URL to webmail.shudnow.net. Because the UC certificate contains both the FQDN of our CAS and the FQDN webmail.shudnow.net, we can point the internal URL to the FQDN of the CAS server and the external URL to the webmail.shudnow.net FQDN for which we configured ISA to accommodate. As stated in the prerequisite section, you can read about these two different types of certificate configurations here.

As of late September, Microsoft has added a new method to make the Autodiscover service accessible from the outside with a single certificate. This is through the use of SRV records. You can read more about this new type of configuration here.

EWS Configuration

In order to see what internal and external URLs are set for the EWS folder, we can run the Get-WebServicesVirtualDirectory cmdlet in the EMS. When a client is on the external network, they will need to go through the published rule in ISA. This is why we configure the external URL to go through https://webmail.shudnow.net. The EWS /path/ is configured in the Outlook Anywhere rule which accepts connections from webmail.shudnow.net (Remember the public name tab is configured to accept connections from webmail.shudnow.net). We will configure the internal URL to go directly to the CAS server bypassing ISA since the FQDN of the CAS server is defined as one of the subject alternative names in our Unified Communications Certificate.

In order to configure the Internal and External URL, we need to use the following commands:

Set-WebServicesVirtualDirectory -Identity "CASServer\EWS (Default Web Site)" -InternalURL https://casserver.shudnow.net/EWS/Exchange.asmx -ExternalURL https://webmail.shudnow.net/EWS/Exchange.asmx -BasicAuthentication:$true

Note: You must ensure that you enable Basic Authentication on the EWS folder in IIS due to the Outlook Anywhere rule using Basic Authentication Delegation.

OAB Configuration

In order to see what internal and external URLs are set for the OAB folder, we can run the Get-OABVirtualDirectory | FL cmdlet in the EMS. When a client is on the external network, they will need to go through the published rule in ISA. This is why we configure the External URL to go through https://webmail.shudnow.net. The OAB /path/ is configured in the Outlook Anywhere rule which accepts connections from webmail.shudnow.net (Remember the public name tab is configured to accept connections from webmail.shudnow.net). We will configure the internal URL to go directly to the CAS server bypassing ISA since the FQDN of the CAS server is defined as one of the subject alternative names in our Unified Communications Certificate.

In order to configure the Internal and External URL, we need to use the following commands:

Set-OABVirtualDirectory -Identity "CASServer\OAB (Default Web Site)" -InternalURL https://casserver.shudnow.net/OAB -ExternalURL https://webmail.shudnow.net/OAB -RequireSSL:$true

Note: You must ensure that you enable SSL on the OAB directory in IIS which is not on by default. The same goes for Basic Authentication on the OAB directory. The above command will only enable SSL, but will not ensure 128-bit SSL is required.

Outlook Anywhere Configuration

Currently, in Exchange 2007, Outlook anywhere only works using Basic Authentication. To enable Outlook anywhere and configure it to use the webmail.shudnow.net with basic authentication, use the following command:

Enable-OutlookAnywhere -Server CASServer -ExternalHostname "webmail.shudnow.net" -ExternalAuthenticationMethod "Basic" -SSLOffloading:$False

Note: The above Enable-OutlookAnywhere command works on RTM. For SP1, substitute -ExternalAuthenticationMethod with ClientAuthenticationMethod.

Exchange ActiveSync

In order to see what external URLs are set for the Microsoft-Server-Activesync folder, we can run the Get-ActiveSyncVirtualDirectory cmdlet in the EMS. When a client is on the external network, they will need to go through the published rule in ISA. This is why we configure the External URL to go through https://webmail.shudnow.net. The Microsoft-Server-Activesync /path/ is configured in its own ActiveSync rule which accepts connections from webmail.shudnow.net (Remember the public name and the To: tab should both be configured to accept connections from webmail.shudnow.net)

In order to configure the External URL, we need to use the following commands:

Set-ActiveSyncVirtualDirectory -Identity "CASServer\Microsoft-Server-ActiveSync (Default Web Site)" -ExternalURL https://webmail.shudnow.net/Microsoft-Server-Activesync

Unified Messaging Configuration

In order to see what internal and external URLs are set for the UnifiedMessaging folder, we can run the Get-UMVirtualDirectory cmdlet in the EMS. When a client is on the external network, they will need to go through the published rule in ISA. This is why we configure the External URL to go through https://webmail.shudnow.net. The unifiedmessaging /path/ is configured in the Outlook Anywhere rule which accepts connections from webmail.shudnow.net (Remember the public name tab is configured to accept connections from webmail.shudnow.net). We will configure the internal URL to go directly to the CAS server bypassing ISA since the FQDN of the CAS server is defined as one of the subject alternative names in our Unified Communications Certificate.

In order to configure the Internal and External URL, we need to use the following commands:

Set-UMVirtualDirectory -Identity "CASServer\UnifiedMessaging (Default Web Site)" -InternalURL https://casserver.shudnow.net/UnifiedMessaging/Service.asmx -ExternalURL https://webmail.shudnow.net/UnifiedMessaging/Service.asmx -BasicAuthentication:$true

Note: You must ensure that you enable Basic Authentication on the UnifiedMessaging folder in IIS due to the Outlook Anywhere rule using Basic Authentication Delegation.

Защиты от нежелательной почты

Инструкции по настройке функций защиты от нежелательной почты для почтового ящика Применимо к: Exchange Server 2007 SP1, Exchange Server 2007 Дата последнего изменения раздела: 2007-01-02 В этом разделе рассматривается, как с помощью среды управления Exchange настроить средства защиты от нежелательной почты для почтового ящика. Все сообщения, поступающие в организацию Exchange из Интернета, проходят фильтрацию с помощью агентов защиты от нежелательной почты, включенных на пограничном транспортном сервере. В процессе фильтрации сообщений в них добавляются метаданные. Допустимые сообщения, которые не были отклонены, доставляются в почтовый ящик получателя. Предварительная подготовка Для выполнения описанных ниже действий используемой учетной записи необходимо делегировать следующую роль: роль администратора организации Exchange. Дополнительные сведения о разрешениях, делегировании ролей и правах, необходимых для администрирования сервера Microsoft Exchange Server 2007, см. в разделе Вопросы, связанные с разрешениями. Кроме того, перед выполнением этих действий убедитесь в следующем: Был изучен раздел Функции защиты от нежелательной почты и вирусов, позволяющий понять общую стратегию настройки различных агентов защиты от нежелательной почты для обеспечения эффективной защиты организации. Был изучен раздел Управление средствами защиты от нежелательной почты и вирусов. Процедура В этом подразделе рассматривается, как с помощью среды управления Exchange настроить возможности защиты от нежелательной почты для почтового ящика. Для настройки возможностей защиты от нежелательной почты с помощью командлета Set-Mailbox используются следующие параметры: AntispamBypassEnabled SCLDeleteEnabled SCLDeleteThreshold SCLJunkEnabled SCLJunkThreshold SCLQuarantineEnabled SCLQuarantineThreshold SCLRejectEnabled SCLRejectThreshold Подробные сведения о синтаксисе и параметрах см. в разделе Set-Mailbox. Примечание. За исключением параметров нежелательной почты, параметры вероятности нежелательной почты для почтового ящика идентичны параметрам, применяемым для агента фильтра содержимого. Параметры фильтрации содержимого применяются для всей организации. Параметры почтового ящика применяются для отдельных пользователей почтовых ящиков. Параметры почтовых ящиков переопределяют параметры фильтрации содержимого, действующие в рамках целой организации. Примечание. Параметры SCLDeleteEnabled, SCLJunkEnabled, SCLQuarantineEnabled и SCLRejectEnabled имеют три возможных значения: $true, $false и $null. Если параметр имеет значение $true или $false, этот параметр переопределяет параметры агента фильтра содержимого. Если параметр имеет значение $null, применяются параметры агента фильтра содержимого. Чтобы настроить возможности защиты от нежелательной почты для отдельного почтового ящика с помощью среды управления Exchange Чтобы настроить все параметры защиты от нежелательной почты для почтового ящика, выполните следующую команду: Копировать кодset-Mailbox -Identity -AntispamBypassEnabled <$true | $false> -RequireSenderAuthenticationEnabled <$true | $false> -SCLDeleteEnabled <$true | $false | $null> -SCLDeleteThreshold -SCLJunkEnabled <$true | $false | $null > -SCLJunkThreshold -SCLQuarantineEnabled <$true | $false | $null > -SCLQuarantineThreshold -SCLRejectEnabled <$true | $false | $null > -SCLRejectThreshold Например, чтобы отключить для почтового ящика пользователя по имени Джон (John) фильтры защиты от нежелательной почты и задать пересылку почтовых сообщений с уровнем вероятности нежелательной почты не менее 5 непосредственно в папку нежелательной почты этого пользователя в Microsoft Office Outlook, выполните следующую команду: Копировать кодSet-Mailbox -Identity John -AntispamBypassEnabled $true -SCLJunkEnabled $true -SCLJunkThreshold 5 Чтобы в среде управления Exchange настроить возможности защиты от нежелательной почты для нескольких почтовых ящиков одновременно с использованием переданной по конвейеру команды Выполните следующую команду: Копировать кодGet-Mailbox | Set-MailboxНапример, чтобы установить значение 7 в качестве порогового уровня вероятности нежелательной почты для перемещения в карантин для всех почтовых ящиков контейнера «Users» в домене Contoso.com, выполните следующую команду: Копировать кодGet-Mailbox -OrganizationalUnit Contoso.com\Users | Set-Mailbox -SCLQuarantineEnabled $true -SCLQuarantineThreshold 7 Чтобы в среде управления Exchange настроить возможности защиты от нежелательной почты для нескольких почтовых ящиков одновременно с использованием командлета Set-OrganizationConfig Выполните следующую команду: Копировать кодSet-OrganizationConfig -SCLJunkThreshold Например, чтобы задать для организации пороговое значение нежелательной почты 5, выполните следующую команду: Копировать кодSet-OrganizationConfig -SCLJunkThreshold 5

How to Configure Anti-Spam Features on a Mailbox

Applies to: Exchange Server 2007 SP1, Exchange Server 2007 Topic Last Modified: 2007-01-02 This topic explains how to use the Exchange Management Shell to configure anti-spam features on a mailbox. All messages that come into the Exchange organization from the Internet are filtered by the anti-spam agents that are enabled on the Edge Transport server. As the messages are filtered, metadata is added to the messages. Legitimate messages that have not been filtered are delivered to the recipient's mailbox. Before You Begin To perform the following procedures, the account you use must be delegated the following: Exchange Organization Administrator role For more information about permissions, delegating roles, and the rights that are required to administer Microsoft Exchange Server 2007, see Permission Considerations. Also, before you perform these procedures, confirm the following: You have reviewed Anti-Spam and Antivirus Functionality to understand the general strategy for configuring all anti-spam agents so that they work together efficiently for your organization. You have read Managing Anti-Spam and Antivirus Features. Procedure This section explains how to use the Exchange Management Shell to configure the anti-spam features on a mailbox. You use the following parameters to configure anti-spam features with the Set-Mailbox cmdlet: AntispamBypassEnabled SCLDeleteEnabled SCLDeleteThreshold SCLJunkEnabled SCLJunkThreshold SCLQuarantineEnabled SCLQuarantineThreshold SCLRejectEnabled SCLRejectThreshold For detailed syntax and parameter information, see Set-Mailbox. Note: With the exception of the junk e-mail settings, the spam confidence level (SCL) settings on the mailbox are the same as the settings that you apply on the Content Filter agent. The content filtering settings are applied to the organization. The mailbox settings are applied to the individual mailbox user. The mailbox settings override the organization-wide content filtering settings. Note: The SCLDeleteEnabled, SCLJunkEnabled, SCLQuarantineEnabled, and SCLRejectEnabled parameters have three possible values: $true, $false, and $null. If a parameter has the value of $true or $false, that parameter overrides the settings on the Content Filter agent. If the setting is $null, the settings on the Content Filter agent are applied. To use the Exchange Management Shell to configure anti-spam features on a single mailbox To configure all the anti-spam settings on a mailbox, run the following command: Copy Codeset-Mailbox -Identity -AntispamBypassEnabled <$true | $false> -RequireSenderAuthenticationEnabled <$true | $false> -SCLDeleteEnabled <$true | $false | $null> -SCLDeleteThreshold -SCLJunkEnabled <$true | $false | $null > -SCLJunkThreshold -SCLQuarantineEnabled <$true | $false | $null > -SCLQuarantineThreshold -SCLRejectEnabled <$true | $false | $null > -SCLRejectThreshold For example, to configure John Peoples' mailbox to bypass all the anti-spam filters and to have messages that meet or exceed an SCL Junk E-mail folder threshold of 5 delivered to his Junk E-mail folder in Microsoft Office Outlook, run the following command: Copy CodeSet-Mailbox -Identity John -AntispamBypassEnabled $true -SCLJunkEnabled $true -SCLJunkThreshold 5 To use the Exchange Management Shell to configure anti-spam features on multiple mailboxes by using a piped command Run the following command: Copy CodeGet-Mailbox | Set-MailboxFor example, to enable the SCL quarantine threshold with a value of 7 on all mailboxes in the Users container in the Contoso.com domain, run the following command: Copy CodeGet-Mailbox -OrganizationalUnit Contoso.com\Users | Set-Mailbox -SCLQuarantineEnabled $true -SCLQuarantineThreshold 7 To use the Exchange Management Shell to configure anti-spam features on multiple mailboxes by using the Set-OrganizationConfig cmdlet Run the following command: Copy CodeSet-OrganizationConfig -SCLJunkThreshold For example, to set the organization's junk e-mail threshold to 5, run the following command: Copy CodeSet-OrganizationConfig -SCLJunkThreshold 5

Junk store threshold not configured

Junk store threshold not configured В данном разделе приведены сведения об устранении проблем, обнаруживаемых с помощью анализатора Exchange. Используйте эти сведения для решения конкретных проблем только на тех системах, для которых был запущен анализатор Exchange. Анализатор Exchange, который можно бесплатно загрузить из Интернета, удаленно собирает конфигурационные данные с каждого сервера в топологии и автоматически анализирует их. В итоговый отчет записываются важные сведения о неправильных настройках, потенциальных проблемах и параметрах, для которых были изменены значения по умолчанию. Следуя рекомендациям анализатора Exchange, можно улучшить производительность, масштабируемость и надежность сервера Exchange Server и сократить время вынужденных простоев. Дополнительные сведения об анализаторе Exchange и о том, как загрузить его новейшие версии, см. в документе "Анализаторы Microsoft Exchange" по адресу http://go.microsoft.com/fwlink/?linkid=34707 (на английском языке). Дата последнего изменения раздела: 2007-07-30 Анализатор Microsoft Exchange запрашивает у среды Exchange сведения о наличии в ней ролей транспортного сервера-концентратора или сервера почтовых ящиков Exchange Server 2007. При обнаружении одной из этих ролей анализатор Exchange выполняет следующий командлет командной консоли Exchange, запрашивая значение параметра SCLJunkThreshold для организации Exchange: Get-OrganizationConfig Параметр SCLJunkThreshold определяет для организации вероятность нежелательной почты, при которой сообщение перемещается в папку нежелательной почты. Если анализатор Exchange выясняет, что параметр SCLJunkThreshold для оpганизации имеет значение по умолчанию 8, он выводит предупреждение. Оно свидетельствует о том, что пороговое значение вероятности нежелательной почты, при котором сообщения перемещаются в папку нежелательной почты, настроено так, что в папку нежелательной почты могут быть помещены сообщения, полученные от легальных пользователей. Параметру SCLJunkThreshold рекомендуется присвоить значение 4. Чтобы устранить причину появления данного предупреждения, присвойте параметру SCLJunkThreshold значение 4 с помощью командлета Set-OrganizationConfig в командной консоли Exchange. Присвоение значения 4 параметру SCLJunkThreshold с помощью командлета Set-OrganizationConfig 1.Ниже приведен пример команды Set-OrganizationConfig, присваивающей параметру SCLJunkThreshold значение 4. 2.Set-OrganizationConfig -SCLJunkThreshold 4

Using Command lines To use switches, at the Start menu, Run command type:

Using Command lines To use switches, at the Start menu, Run command type: Outlook /switch Occasionally you'll need to use the full path to Outlook, so the command line looks like: "C:\Program Files\Microsoft Office\Office11\Outlook.exe " /switch Notes: Before using a command line switch, you need to close Outlook and verify it's closed in Task Manager's Processes tab. Paths that include spaces between words must be enclosed in quotation marks (") and are case sensitive. You'll need the full path if you create desktop shortcuts. If you use Vista, you can type the command line in the Start Search field on the Start menu or type Run to open the Run dialog. The Windows key+R will also open the Run dialog in both Windows XP and Vista. Switches /a Creates an item with the specified file as an attachment. Usage: Outlook /a "C:\My Documents\labels.doc" If no item type is specified, IPM.Note form is assumed. This switch cannot be used with message classes that aren't based on Outlook. /altvba otmfilename Opens the VBA program specified in otmfilename, rather than %appdata%\Microsoft\Outlook\VbaProject.OTM. Use this switch when you need to run macros not in your VBAProject file. /autorun macroname Opens Outlook and immediately runs the macro specified in macroname. /c messageclass Creates a new item of the specified message class, works for any valid MAPI form. Examples: /c ipm.activity creates a Journal entry /c ipm.appointment creates an appointment /c ipm.contact creates a contact /c ipm.note creates an e-mail message /c ipm.stickynote creates a note /c ipm.task creates a task /checkclient Prompts for the default manager of e-mail, news, and contacts. /cleanclientrules Starts Outlook and deletes client-based rules. Used by non-Exchange account users. /cleandmrecords Deletes the logging records saved when a manager or a delegate declines a meeting. Used by Exchange Server accounts. /cleanfinders Removes Search Folders from the Microsoft Exchange server store. /cleanfreebusy Clears and regenerates free/busy information. This switch can only be used when you are able to connect to your Microsoft Exchange server. /cleanprofile Removes invalid profile keys and recreates default registry keys where applicable. /cleanpst Launches Outlook with a clean Personal Folders file (.pst) /cleanreminders Clears and regenerates reminders. /cleanrules Starts Outlook and deletes client- and server-based rules. /cleanschedplus Deletes all Schedule+ data (free/busy, permissions, and .cal file) from the server and enables the free/busy information from the Outlook Calendar to be used and viewed by all Schedule+ 1.0 users. /cleanserverrules Starts Outlook and deletes server-based rules. Used only with Exchange server accounts. /cleansniff Overrides the programmatic lockout that determines which of your computers (when running Outlook simultaneously) processes meeting items. The lockout process helps prevent duplicate reminder messages. This switch clears the lockout on the computer it is used, enabling Outlook to process meeting items. /cleansubscriptions Deletes the subscription messages and properties for subscription features. Used with SharePoint alerts. /cleanviews Restores default views. Use with care as all custom views you created are lost. /designer Starts Outlook without figuring out if Outlook should be the default client in the first run. /embedding Opens the specified message file (.msg) as an OLE embedding. Also used without command-line parameters for standard OLE co-create. /explorer Opens the new window in "explorer" mode (link bar on). /f msgfilename Opens the specified message file (.msg) or Microsoft Office saved search (.oss). /firstrun Starts Outlook as if it were run for the first time. /folder Opens a new window in "folder" mode (Navigation Pane off). /hol holfilename Opens the specified .hol file. /ical icsfilename Opens the specified .ics file. /importprf prffilename Launches Outlook and opens/imports the defined MAPI profile (*.prf). If Outlook is already open, queues the profile to be imported on the next clean launch. /l olkfilename Opens the specified .olk file. /launchtraininghelp assetid Opens a Help window with the Help topic specified in assetid. /m emailname Provides a way for the user to add an e-mail name to the item. Use either the full address or let alias resolve. Only works in conjunction with the /c command-line parameter. Usage: Outlook.exe /c ipm.note /m test@poremsky.com Outlook.exe /c ipm.note /m dianep /nocustomize Starts Outlook without loading outcmd.dat (customized toolbars). With older versions of Outlook the *.fav file doesn't load. /noextensions Starts Outlook with extensions turned off, but listed in the Add-In Manager. /nopollmail Starts Outlook without checking mail at startup. /nopreview Starts Outlook with the Reading Pane off and removes the option from the View menu. /p msgfilename Prints the specified message (.msg). Does not work with HTML. /profile profilename Loads the specified profile. If your profile name contains a space, enclose the profile name in quotation marks. /profiles Opens the Choose Profile dialog box regardless of the Options setting on the Tools menu. /recycle Starts Outlook using an existing Outlook window, if one exists. Can be used in combination with /explorer or /folder. The Outlook shortcut in the Quick Launch bar uses the /recycle switch. /resetfoldernames Resets default folder names (such as Inbox or Sent Items) to default names in the current Office user interface language. For example, if you first connect to your mailbox Outlook using a Russian user interface, the Russian default folder names cannot be renamed. To change the default folder names to another language such as Japanese or English, you can use this switch to reset the default folder names after changing the user interface language or installing a different language version of Outlook. /resetfolders Restores missing folders for the default delivery location. /resetnavpane Clears and regenerates the Navigation Pane for the current profile. Removes all Shortcuts and Favorite Folders. Has the same effect as deleting profilename.xml in your user directory. /rpcdiag Opens Outlook and displays the remote procedure call (RPC) connection status dialog. /s filename Loads the specified shortcuts file (.fav). Use to load *.fav files created in older versions of Outlook. /safe Starts Outlook without extensions, Reading Pane, or toolbar customization. /safe:1 Starts Outlook with the Reading Pane off. New to Outlook 2003. /safe:2 Starts Outlook without checking mail at startup. New to Outlook 2003. /safe:3 Starts Outlook with extensions turned off, but listed in the Add-In Manager. /safe:4 Starts Outlook without loading Outcmd.dat (customized toolbars) and *.fav file. /select foldername Starts Outlook and opens the specified folder in a new window. Usage: "C:\Program Files\Microsoft Office\Office11\Outlook.exe" /select outlook:calendar outlook /select "outlook:Inbox\Old Messages" /sniff Starts Outlook and forces a detection of new meeting requests in the Inbox, and then adds them to the calendar. /t oftfilename Opens the specified .oft file. /v vcffilename Opens the specified .vcf file. /vcal vcsfilename Opens the specified .vcs file. /x xnkfilename Opens the specified .xnk file.