Using PowerShell to determine the state of MAPI Encryption on Exchange Servers

In specifically, or even 2007/2010 mixed orgs you can easily detect which servers require MAPI encryption.

The easiest would be to run Get-RPCClientAccess, which returns all servers  hosting MAPI Endpoints and all levels as well as if the server carries  MAPI client and/or public folder responsibility.


The output above may be a bit confusing, since the client MAPI end point is the server, however LON-MLT has CAS/HUB and mailbox roles installed on it. These are RTM servers only.


Let’s contrast that with the 2007 servers in the org.

Red-MBX-2007 is the client MAPI endpoint (mailbox server), RED-MBX-1/2 and LON-MLT all host Public folders only and as far as 2007 is concerned.

The next question may be, how do you know what versions of are deployed on each server – Glad you asked, Get-ExchangeServer to the rescue


Obviously you can specify specific servers on the command line to interrogate each server individually if you want to.