Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2012-11-19

Use the Set-UMMailboxPIN cmdlet to reset the PIN for a Unified Messaging (UM)–enabled mailbox.


Set-UMMailboxPIN -Identity <MailboxIdParameter> [-Confirm [<SwitchParameter>]] [-DomainController <Fqdn>] [-IgnoreDefaultScope <SwitchParameter>] [-LockedOut <$true | $false>] [-NotifyEmail <String>] [-Pin <String>] [-PinExpired <$true | $false>] [-SendEmail <$true | $false>] [-WhatIf [<SwitchParameter>]]

Detailed Description

The Set-UMMailboxPIN cmdlet is used when a UM-enabled user has been locked out of a mailbox because either the user tried to log on by using an incorrect PIN multiple times or because the user has forgotten the PIN. You can use this cmdlet to set the user's PIN. The new PIN must comply with the PIN policy rules specified in the user's mailbox policy. The new PIN is sent to the user in an e-mail message, or sent to an alternative e-mail address. You can control whether the user must reset the PIN at logon and if the mailbox will continue to be locked.

After this task is completed, the PIN on a UM-enabled mailbox is set.

You need to be assigned permissions before you can run this cmdlet. Although all parameters for this cmdlet are listed in this topic, you may not have access to some parameters if they're not included in the permissions assigned to you. To see what permissions you need, see the "UM mailbox" entry in the Unified Messaging Permissions topic.


Parameter Required Type Description




The Identity parameter specifies the UM-enabled user PIN being set. The values for this parameter include the following:

  • ADObjectID

  • GUID

  • DN

  • Domain\Account

  • UPN

  • LegacyExchangeDN

  • SmtpAddress

  • Alias




The Confirm switch causes the command to pause processing and requires you to acknowledge what the command will do before processing continues. You don't have to specify a value with the Confirm switch.




The DomainController parameter specifies the fully qualified domain name (FQDN) of the domain controller that writes this configuration change to Active Directory.




The IgnoreDefaultScope parameter instructs the command to ignore the default recipient scope setting for the Exchange Management Shell session and use the entire forest as the scope. This allows the command to access Active Directory objects that aren't currently in the default scope. Using the IgnoreDefaultScope parameter introduces the following restrictions:

  • You can't use the DomainController parameter. The command uses an appropriate global catalog server automatically.

  • You can only use the distinguished name (DN) for the Identity parameter. Other forms of identification, such as alias or GUID, aren't accepted.




The LockedOut parameter specifies whether the mailbox will continue to be locked. If set to $true, the mailbox is marked as locked out. By default, if this parameter is omitted or set to $false, the command clears the locked-out status on the mailbox.




The NotifyEmail parameter specifies the e-mail address to which the server sends the e-mail message that contains the PIN reset information. By default, the message is sent to the SMTP address of the enabled user.




The Pin parameter specifies a new PIN for use with the mailbox. The PIN is checked against the PIN rules defined in the Unified Messaging mailbox policy. If the PIN isn't supplied, the command generates a new PIN for the mailbox and includes it in an e-mail message sent to the user.




The PINExpired parameter specifies whether the PIN is treated as expired. If this parameter is supplied and is set to $false, the user isn't required to reset the PIN the next time that the user logs on. If the PIN isn't supplied, the PIN is treated as expired and the user is prompted to reset the PIN the next time that the user logs on.




The SendEmail parameter specifies whether to send a PIN to the user in an e-mail message. The default is $true.




The WhatIf switch instructs the command to simulate the actions that it would take on the object. By using the WhatIf switch, you can view what changes would occur without having to apply any of those changes. You don't have to specify a value with the WhatIf switch.

Input Types

To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank, the cmdlet doesn’t accept input data.

Return Types

To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the Output Type field is blank, the cmdlet doesn’t return data.



This example resets the PIN on the UM-enabled mailbox for

Copy Code
Set-UMMailboxPIN -Identity


This example resets the initial PIN to 1985848 on the UM-enabled mailbox for, and then sets the PIN as expired so that the user will be asked to change the PIN the next time the user logs on.

Copy Code
Set-UMMailboxPIN -Identity -PIN 1985848 -PinExpired $true


This example locks the UM-enabled mailbox for to prevent the user from accessing the mailbox.

Copy Code
Set-UMMailboxPIN -Identity -LockedOut $true


This example unlocks the UM-enabled mailbox for and allows the user access to the mailbox.

Copy Code
Set-UMMailboxPIN -Identity -LockedOut $false