Skip to main content

EWS-FAI Module for browsing and updating Exchange Folder Associated Items from PowerShell

Folder Associated Items are hidden Items in Exchange Mailbox folders that are commonly used to hold configuration settings for various Mailbox Clients and services that use Mailboxes. Some common examples of FAI's are Categories,OWA Signatures and WorkHours there is some more detailed documentation in the https://msdn.microsoft.com/en-us/library/cc463899(v=exchg.80).aspx protocol document. In EWS these configuration items can be accessed via the UserConfiguration operation https://msdn.microsoft.com/en-us/library/office/dd899439(v=exchg.150).aspx which will give you access to either the RoamingDictionary, XMLStream or BinaryStream data properties that holds the configuration depending on what type of FAI data is being stored.

I've written a number of scripts over the years that target particular FAI's (eg this one that reads the workhours http://gsexdev.blogspot.com.au/2015/11/finding-timezone-being-used-in-mailbox.html is a good example ) but I didn't have a generic script that could allow you to browse and read the data from any FAI in a Mailbox which would be useful when you are trying to peer into FAI's when debugging or reporting on different clients and services that use these FAI's.

So what I've done for this post in publish a really basic Powershell Module to the PowerShell Gallery https://www.powershellgallery.com/packages/EWS-FAI that can do this. The script requires that you have the EWS Managed API installed and then it has two Cmdlets. The source for the module can be found on GitHub here https://github.com/gscales/Powershell-Scripts/tree/master/EWS-FAI/Module

Invoke-ListFAIItems

The cmdlet will browse and display a list of any configuration FAI Items in a Folder eg to show the Items in the Non_IPM_SubTree use

Invoke-ListFAIItems -MailboxName mailbox@domain.com -Folder Root 


it will produce an output such as


Other folders such as the Inbox and Calendar contain some of the more useful FAI's eg


A quick rundown on these

AvailiablityOptions is a newie
Calendar Contains the calendar processing information more of intrest when looking at a room mailbox
CategoryList Is the Master Cateogry List of a Mailbox (XML)
WorkHours Is the workhours setting for a Mailbox (XML)


Get-FAIItem

If you see an FAI that you want to view the contents of for example the OWA.UserOptions this the cmdlet you can use to do this

Get-FAIItem -MailboxName mailbox@domain.com -Folder Root -ConfigItemName OWA.UserOptions
eg


Because this FAI is a Roaming Directory this is what is returned to the pipeline.

If you have an FAI the contains XML like the Category list the cmdlet will return XML back to you which you may or may not be able to work with depending on your skill level in PowerShell. But if you just want to look at the Content in plain text at the cmdlet line you can do the following


Get-FAIItem -MailboxName mailbox@domain.com -Folder Calendar -ConfigItemName CategoryList | Select-Object InnerXML | FL

The other optional parameter for this cmdlet is the -ReturnConfigObject switch which will return the actual UserConfiguration Typed object from the EWS Managed API which is useful if you want to update the FAI in question or your dealing with the BinaryStream which this module doesn't handle. Eg you can use the following script to turn off the FocusedInbox in OWA for a user

$OwaOptions = Get-FAIItem -MailboxName user@domain.com -Folder Root -ConfigItemName OWA.UserOptions -ReturnConfigObject
if($OwaOptions.Dictionary.ContainsKey("IsFocusedInboxEnabled")){  $OwaOptions.Dictionary["IsFocusedInboxEnabled"] = $false  $OwaOptions.Update() }
One last one because it was the topic of a recent conversation is if you want to look to see the user configuration status for the  Focused Inbox in Outlook you can use the following to read the FAI that stores this information.


Get-FAIItem -MailboxName mailbox@domain.com -Folder Inbox -ConfigItemName AccountPrefs
eg this will return something like



Popular posts from this blog

Testing and Sending email via SMTP using Opportunistic TLS and oAuth in Office365 with PowerShell

As well as EWS and Remote PowerShell (RPS) other mail protocols POP3, IMAP and SMTP have had OAuth authentication enabled in Exchange Online (Official announcement here ). A while ago I created  this script that used Opportunistic TLS to perform a Telnet style test against a SMTP server using SMTP AUTH. Now that oAuth authentication has been enabled in office365 I've updated this script to be able to use oAuth instead of SMTP Auth to test against Office365. I've also included a function to actually send a Message. Token Acquisition  To Send a Mail using oAuth you first need to get an Access token from Azure AD there are plenty of ways of doing this in PowerShell. You could use a library like MSAL or ADAL (just google your favoured method) or use a library less approach which I've included with this script . Whatever way you do this you need to make sure that your application registration  https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-

How to test SMTP using Opportunistic TLS with Powershell and grab the public certificate a SMTP server is using

Most email services these day employ Opportunistic TLS when trying to send Messages which means that wherever possible the Messages will be encrypted rather then the plain text legacy of SMTP.  This method was defined in RFC 3207 "SMTP Service Extension for Secure SMTP over Transport Layer Security" and  there's a quite a good explanation of Opportunistic TLS on Wikipedia  https://en.wikipedia.org/wiki/Opportunistic_TLS .  This is used for both Server to Server (eg MTA to MTA) and Client to server (Eg a Message client like Outlook which acts as a MSA) the later being generally Authenticated. Basically it allows you to have a normal plain text SMTP conversation that is then upgraded to TLS using the STARTTLS verb. Not all servers will support this verb so if its not supported then a message is just sent as Plain text. TLS relies on PKI certificates and the administrative issue s that come around certificate management like expired certificates which is why I wrote th

The MailboxConcurrency limit and using Batching in the Microsoft Graph API

If your getting an error such as Application is over its MailboxConcurrency limit while using the Microsoft Graph API this post may help you understand why. Background   The Mailbox  concurrency limit when your using the Graph API is 4 as per https://docs.microsoft.com/en-us/graph/throttling#outlook-service-limits . This is evaluated for each app ID and mailbox combination so this means you can have different apps running under the same credentials and the poor behavior of one won't cause the other to be throttled. If you compared that to EWS you could have up to 27 concurrent connections but they are shared across all apps on a first come first served basis. Batching Batching in the Graph API is a way of combining multiple requests into a single HTTP request. Batching in the Exchange Mail API's EWS and MAPI has been around for a long time and its common, for email Apps to process large numbers of smaller items for a variety of reasons.  Batching in the Graph is limited to a m
All sample scripts and source code is provided by for illustrative purposes only. All examples are untested in different environments and therefore, I cannot guarantee or imply reliability, serviceability, or function of these programs.

All code contained herein is provided to you "AS IS" without any warranties of any kind. The implied warranties of non-infringement, merchantability and fitness for a particular purpose are expressly disclaimed.