Using PowerShell to determine the state of MAPI Encryption on Exchange Servers

In Exchange 2010 specifically, or even Exchange 2007/2010 mixed orgs you can easily detect which servers require MAPI encryption.

The easiest would be to run Get-RPCClientAccess, which returns all Exchange 2010 servers  hosting MAPI Endpoints and all encryption levels as well as if the server carries  MAPI client and/or public folder responsibility.


The output above may be a bit confusing, since the client MAPI end point is the CAS server, however LON-MLT has CAS/HUB and mailbox roles installed on it. These are Exchange 2010 RTM servers only.


Let’s contrast that with the Exchange 2007 servers in the org.

Red-MBX-2007 is the client MAPI endpoint (mailbox server), RED-MBX-1/2 and LON-MLT all host Public folders only and as far as Exchange 2007 is concerned.

The next question may be, how do you know what versions of Exchange are deployed on each server – Glad you asked, Get-ExchangeServer to the rescue


Obviously you can specify specific Exchange servers on the command line to interrogate each server individually if you want to.