Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2012-07-23

You can retrieve PIN information for a user who is enabled for Microsoft Exchange Server 2010 Unified Messaging (UM). After a user has been enabled for Unified Messaging and a PIN is generated or created, the PIN is stored in the user's mailbox as a salted hash, and the checksum for the PIN is stored in an attribute called ExUMPINChecksum in the Active Directory directory service.

When you retrieve PIN information for a UM-enabled user, the information returned to you is calculated by using the PIN data stored in an encrypted format in the user's mailbox. This lets you view information from the user's mailbox and also indicates whether the user has been locked out of the mailbox.

Important:
When a UM-enabled user enters a PIN, the PIN data is passed in a format that isn't encrypted from an IP gateway over the IP-based network to Unified Messaging servers. To increase the security for a user's PIN, use Internet Protocol security (IPsec) and Transport Layer Security (TLS)/Secure Realtime Transport Protocol (SRTP) to encrypt the PIN data.

After the PIN for a UM-enabled user is received by a Unified Messaging server and is passed from the Session Initiation Protocol (SIP)/RTP transport stack to the UM code, the PIN is temporarily held in a memory buffer in a form that isn't encrypted. Although this poses a small security risk, there's still the potential for an attacker to view the PIN while it isn't encrypted in the memory buffers on the Unified Messaging server.

Looking for other management tasks related to UM users? Check out Managing Unified Messaging Users.

Prerequisites

Use the EMC to retrieve PIN information for a UM-enabled user

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "UM mailboxes" entry in the Unified Messaging Permissions topic.

  1. In the console tree, click Recipient Configuration.

  2. In the result pane, select the user mailbox that you want to view.

  3. In the action pane, click Properties.

  4. On the Mailbox Features tab, click Unified Messaging, and then click Properties.

  5. In the UM Mailbox Status section, view the Lockout status for the user.

Use the Shell to retrieve PIN information for a UM-enabled user

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "UM mailboxes" entry in the Unified Messaging Permissions topic.

This example displays the user ID, whether a PIN is expired, the UM mailbox is locked out and whether Tony is a first time user.

Copy Code
Get-UMMailboxPIN -identity tony@contoso.com

For more information about syntax and parameters, see Get-UMMailboxPIN.

Other Tasks

After you retrieve PIN information for a UM-enabled user, you may also want to: