Sending an automatic “Welcome Message” for new Exchange mailboxes

6 min readJul 17, 2019

In this blog, I will review a script that sends a “Welcome” message for every new mailbox which is created on Exchange On-Premises.

There are few ways to implement a “Welcome” message for every new mailbox being created, while the most common one is using an Extension Agent:
https://docs.microsoft.com/en-us/exchange/cmdlet-extension-agents-exchange-2013-help

Extension Agent is an XML file that is edited and configured according to the company’s needs.
The XML file then needs to be copied to EVERY Exchange server in the organization.
The Extension Agent can modify, replace, or extend the functionality of Exchange Management Shell cmdlets by running additional actions based on the command that was running.
For example, for every New-Mailbox command that runs in the Exchange organization, the Set-CasMailbox command will run against that mailbox and close the POP3 protocol connectivity option.

But Extension Agent has a few disadvantages:

The XML must be copied to ALL Exchange servers in the organization.
In case you have changed something in the XML file, it has to be copied again to all Exchange servers.
In case of a new Exchange server installation or Recoverserver process, Extension Agent must be disabled and then Enabled back:
https://docs.microsoft.com/en-us/exchange/manage-cmdlet-extension-agents-exchange-2013-help
If you don’t do so, the Installation or RecoverServer processes will be stopped.

The script process:

Using the Search-AdminAuditLog command, the script checks if a new mailbox was created during the last hour (default and can be changed) using the New-Mailbox/Enable-Mailbox commands.

2. In case that no new mailbox/es were created, the script doesn’t do anything, just display a message to console that “There are no new mailboxes”.

3. In case that new mailbox/es were created, the script sends an HTML message (available at the next paragraph and can be changed) to the new mailbox using the Send-MailMessage command.
Also, it displays a message to console that “A Message was sent to UserX”):

4. In case that during the time the script checks the Admin Audit Log, a new mailbox/es were created and didn’t get a welcome message and another new mailbox/es were created and got a welcome message, the script will display a message to console that “A Message was sent to UserX” — for the first user that didn’t get the message AND “A Message was already sent to UserZ” — for the second user that didn’t get the welcome message.

5. In case the new mailbox/es were created, but the script already sent a message to the new mailbox, it displays a message to console that “A Message was already sent to UserX”).

Welcome message sample:

Permissions and prerequisites to run the script

To run the script we must have the Exchange Management Shell installed on the computer that runs the script:
https://docs.microsoft.com/en-us/exchange/plan-and-deploy/post-installation-tasks/install-management-tools?view=exchserver-2019

Connect to a remote session to one of the existing Exchange servers: https://docs.microsoft.com/en-us/powershell/exchange/exchange-server/connect-to-exchange-servers-using-remote-powershell?view=exchange-ps

Before running the script we have to set the permissions needed to the mail flow test.
There are 2 commands that the test user should use when running the script, it uses the Search-AdminAuditLog, Get-MailboxServer and the Get-MessageTrackingLog commands.

In case that the user who’s running the script has high privileges like the built-in Organization Management and Compliance Management groups, you can continue to the next paragraph.
In case that you want to have a simple user (not a strong one ) running the test, need to create an RBAC (Role Based Access Control) role and give this user the right permissions.

Now let’s run the following commands to allow the user running the script:

Replicate all the roles from “Audit Logs” role:
New-ManagementRole -Name “Audit-Changes” -Parent “Audit Logs”

Remove all cmdlets except Search-AdminAuditLogs from the Audit Logs role:
Get-ManagementRoleEntry “Audit-Changes\*” | Where-Object {$_.Name -ne ‘Search-AdminAuditLog’}| %{Remove-ManagementRoleEntry “$($_.Role)\$($_.Name)” -Confirm:$False}

Remove all cmdlets except Get-MailboxServer from the MailboxServer role:
Get-ManagementRoleEntry “Mailbox-Server\*” | Where-Object {$_.Name -ne ‘Get-MailboxServer’}| %{Remove-ManagementRoleEntry “$($_.Role)\$($_.Name)” -Confirm:$False}

Remove all cmdlets except Get-MailboxServer from the MailboxServer role:
Get-ManagementRoleEntry “Mailbox-Server\*” | Where-Object {$_.Name -ne ‘Get-MailboxServer’}| %{Remove-ManagementRoleEntry “$($_.Role)\$($_.Name)” -Confirm:$False}

Replicate all the roles from “View-Only Recipients” role:
New-ManagementRole -Name “MessageTrace” -Parent “View-Only Recipients”

Remove all cmdlets except Get-MessageTrace from the MessageTrace role:
Get-ManagementRoleEntry “MessageTrace\*” | Where-Object {$_.Name -ne ‘Get-MessageTrackingLog’}| %{Remove-ManagementRoleEntry “$($_.Role)\$($_.Name)” -Confirm:$False}

Create a new group named Audit which contains only the Search-AuditLog role, Mailbox-Server role and add tkolber@msft.net user to the group:
New-RoleGroup -Name “Audit-Admin” -Roles “Audit-Changes”,”Mailbox-Server”,MessageTrace -Members “tkolber@msft.net”

Running the script

There 4 main parameters that you should know and maybe change before running the script:

$welcomemsg=”C:\scripts\Microsoft-Welcome.html”
The default location of the HTML welcome message (Microsoft-Welcome.html) is located at C:\Scripts.
You can change the location, name and HTML file in this parameter.
$Sender=”SYSTEM@msft.net”
Change the SYSTEM@msft.net to the email address that you are going to use for sending the welcome email message from, to any email address in your domain.
$Sub=”Welcome to MSFT”
Change the subject to any text you would like the welcome message will have.
$hr=”1"
Change this value the amount of time in hours the script checks for new mailboxes.
The default is 1 hour back, which means that it checks which mailboxes were created in the last hour.

To not miss any welcome messages for newly created mailboxes, verify that the script will run at least in less time than this value.
For example, if you are going to use Task Scheduler, verify it runs, for example, every 30 minutes and that the hr value is 1 hour.

To run the script, just open the Exchange Management Shell and navigate to the script location.

The most common and recommended option is to schedule a task using task scheduler and run the script every 10–15 minutes.

Program/Script: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Add Arguments (Optional): -command “. ‘C:\Program Files\Microsoft\Exchange Server\V15\bin\RemoteExchange.ps1’; Connect-ExchangeServer -auto; . ‘C:\Scripts\WelcomeMSG.ps1’’