Exchange 2010 – The Exchange Management Console and Shell – Part 7

* There are 3 tools for managing Exchange. 1. The Exchange Management Console, 2. The Exchange Management Shell, and, 3. The Exchange Control Panel, which is accessed through Outlook Web App (OWA)

* We will first look at the use of the EMC and explore its various nodes, panes, and actions we can perform

* Then we’ll look at the purpose of PowerShell and the EMS, focusing on how commands are formed using cmdlets and how they are made more complex and useful through pipe-lining.

The EMC has 4 primary interface elements:

  1. Console Tree
  2. Result Pane
  3. Work Pane
  4. Action Pane
The EMC is based on MS MMC 3.0 and the GUI version used for Exchange.
Organization Configuration
Server Configuration
Recipient Configuration
Under Server Configuration, when you click on Mailbox, Client Access or Hub Transport, you’ll notice that there are two middle panes. A results pane and a work pane.
The Actions pane can be turned off by clicking Show/Hide the action pane button on the toolbar. When you turn it off, you can still perform functions by right-clicking on objects.
One thing to note in the Console Tree is that you have by default the “Microsoft Exchange on-Premises.” It is designed so that you can manage Exchange Servers in the cloud.
The Exchange Management Shell is a requirement for Exchange Administrators (and there are questions about it in exams). Learning PowerShell is not an option, it is a necessity.
The EMS is built upon PowerShell (PS)
  • PS is both a command-line tool and a scripting platform.
  • Exchange 2010 requires PowerShell v2.
  • PowerShell commands are built using cmdlets
  • Through PowerShell commands, you can manage EVERY aspect of Exchange, whereas the EMC you can manage ALMOST every aspect of Exchange
Local Shell and Remote Shell
  • The EMC allows you to make configuration changes to the Organization or to individual Servers. In Exchange 2007, you could only run the POwerShell compone3nts on the local machine.
  • With Exchange 2010 you can connect to a remote session on a remote Exchange 2010 system.
  • When you open the EMS it connects to the closest exchange session
  • you cannot connect remotely to an Edge Transport Server
  • Remote Sessions are created using the New-PSSession and Import-PSSession cmdlets
What are CMDLETS?
  • Simple verb-noun structure
  • Common verbs are : Get, Set, Remove, Test, Enable, Disable, Install, Uninstall, New and Move
  • Pipelines | help to string cmdlets together
  • Examples:
  • Get-Mailbox
  • Get-MailboxStatistics <Mailbox>
  • Get-Mailbox -OrganizationalUnit Sales
  • Get-Mailbox | Set-Mailbox -prohibitsendquota 500MB (this will take every mailbox in the organzation and set the prohibit send quota to 500MB – manually would take forever!
The Exchange Management Shell contains modules we need. You can import them into PowerShell, but the EMS already is loaded.
Try for example:
>get-excommand – quite a number of different cmdlets! To investigate how to use one of these commands?
>get-help test-systemhealth
This outputs
Name:
Synopsis:
Syntax: (might want to port out to txt and print)
Description:
Related Links:
Remarks: (Examples)
>Get-Service -> shows all the services running on our system
>Get-Mailbox ->  shows all the mailboxes on the server – names, where they reside, quota.
To narrow down to the sales org unit use:
>get-mailbox – OrganizationalUnit Sales
>Get-MailboxStatistics jason.coltrin
shows last login time, storage stats, etc
>get-mailbox -OrganizationalUnit Sales | Set-Mailbox -ProhibitSendQuota 500MB
To give a number of users mailbox with one line of code you can do the following:
Andy Grogan created a script to create (fake) users on a domain. You can create several hundred users.
Go to UserTools, and you can see a .csv file which contains basic info for creating users. You can change these, and use your real names and create an entire domain of your users.
The script will create an Organizational Unit called “Exchange Users”
You can download the script here:
and here is a screenshot of the script and .csv files:
Click image to enlarge
Run the powershell script within powershell, and you should see the users scroll down the screen as they are created.
Now that the users have been created, go to your Mailbox server and go to Organization Configuration -> Mailbox -> “MailboxDatabase” is the database where we will be placing our new users. We will use the ExchangeUsers OU to help build mailboxes for our lab users.
Under Recipient Configuration, we do not yet have users listed. We do not have mailboxes for them.
Go to the EMS and type in the following command:
> get-user -OrganizationalUnit ExchangeUsers | where-object{$_.RecipientType -eq “User”} | Enable-Mailbox -Database “MailboxDatabase”
Now that your users have been given mailboxes, goto OWA at https://yourdomain/owa , log in as one of the users and test sending/receiving to the administrator.

Configuring SonicWall TZ210 and XP/Vista/7 client with RDP passthrough

Clients on your network may wish to work from home. While there are alternatives like GoToMyPC or LogMeIn, this is a free alternative. You will need spare public IP addresses that you can configure your domain’s DNS and your SonicWall to allow RDP traffic to clients on your LAN.

1. Ensure the client has RDP enabled. On the Windows PC, go to System Settings and then the Remote tab and make sure “any RDP client” is allowed access. Some of your clients may be using Macs and do not use Windows RDP clients. Also, it’s best to narrow down access to only particular user accounts (the user and administrator). Once RDP is enabled be sure to test connecting from a different client within your Local Area Network. If you can’t RDP into the client from within your LAN, you sure won’t be able to get to the machine remotely!

2. Go to your Domain Registrar and setup a sub domain for your user. In this example, I’m using my.1and1.com. Once logged in, click on “Domains”, then click on “New” and then “Subdomain”. Give the subdomain a friendly name. In this case I am using Julie.domainname.com. Once the subdomain has been added, place a checkmark next to the new subdomain, and then click on the DNS button dropdown and click Edit. Under Advanced DNS Settings -> IP Address (A-Record) : Change the radio button to “Other IP Addresses”. Enter in the Public IP address you want specified for the client. Make sure you record the IP address, because we will be using it again soon on the SonicWALL. As far as DNS replication is concerned, I’ve found that it takes place pretty quickly, if not 5 to 10 minutes for the new address to be resolved.

click image to enlarge

 

 

 

 

 

 

 

 

 

 

 

 

3. You should now see the entry along with the rest of your domain’s records. That should take care of the external DNS side of things.

Click Image to Enlarge

 

 

 

 

 

 

4. Now log into your SonicWALL and browse to Network -> Address Objects. Here we will create two new address objects. “Username_Computer Private”, and “Username_Computer Public”. Click on the Add… button.

— For Username_Computer Private use:

Name: Username_Computer Private

Zone Assignment: LAN

Type: Host

IP Address: (Internal IP Address 192.168…..)

— Click the Add… button again for Username_Computer Public:

Name: Username_Computer Private

Zone Assignment: WAN

Type: Host

IP Address: (External IP address you created in your Domain’s registrar)

5. Now that the Address Objects have been created, we can move on to Services. On the sonicwall, browse to Network -> Services.

Click on Add Group. In the Name field, type in “Username Computer Services”. Then find Terminal Services in the list on the left side of the screen, and add it to the right-hand pane and click OK. That’s it for this part.

6. Now we are going to add NAT policies for our Network. Browse to Network -> NAT Policies.

First we are going to want to add a Loopback policy which should look like the following:

click image to enlarge

 

 

 

 

 

 

 

 

 

 

 

 

Be sure to add a comment “Loopback for Username_Computer”

Next, we’ll add Private to Public Translation which will look like the following. Make sure your Outbound interface is your WAN interface, typically X1:

click image to enlarge

 

 

 

 

 

 

 

 

 

 

 

 

Next we’re going to do Public to Private Translation:

click image to enlarge

 

 

 

 

 

 

 

 

 

 

 

 

7. Lastly, we’re going to configure the firewall to allow traffic. Go to Firewall – Access Rules -> WAN to LAN which should have the following settings:

click image to enlarge

 

 

 

 

 

 

 

 

 

 

 

 

Action: Allow

From Zone: WAN

To Zone: LAN

Services: Username_Computer Services

Source: ANY

Destination: Username_Computer Public

Users allowed: All

Schedule: Always On

 

That should do it! You can now test by trying to RDP from any computer using the friendly subdomain name you setup with your domain’s registrar. If you are prompted for a username and password, your subdomain name and firewall are configured correctly.

Perhaps you may want to email your users the following instructions to assist them in connecting to their PC at work:

Greetings, you now have the ability to access your work PC from home. Before you try connecting for the first time, make sure you have the following:
1. A stable DSL, Cable, WiFi, Satellite, or 3G/4G internet connection (no dial-up).
2. A PC running at least: Windows XP with Service Pack 2 or Service Pack 3, Windows Vista, or Windows 7. To find the RDP client on a Windows PC, go to the Start button, then Programs, Accessories, Remote Desktop Connection.
3. A Mac with at least OSX and a Terminal Services (RDP) client. There are some free RDP clients like CoRD, or TSclientX that you can download and install on your Mac.
4. Up-to-date Anti-Virus protection.
If you’re going to access your work PC from your home PC, you will need to start up an RDP client on your home PC. Type in the friendly name for the PC at work for the “computer” name (give the user their friendly name somewhere in the email). For example, Scott would start an RDP session at home and use “Scott.DomainName.com” (without quotes) as the name of the computer he’s connecting into. When you’re prompted for your username and password, put in the domain name followed by a backslash and your username. In Scott’s case, the username is: DomainNameScottH. Then type in your password and click the Connect button. You may be prompted to login again. Simply login again using the same credentials you would normally use, as if you are sitting in front of your PC at work.
In our experience, there are some things to look out for when using Terminal Services:
1. You should only print to the printers connected to your PC at work. Trying to print to your printer at home may or may not work, and trying to do so may cause your session to hang or disconnect. If you have to print to your printer at home, you may want to email yourself the file. Also, trying to transfer files to and from your Home PC or Mac with your Work PC is slow and cumbersome. It’s best to leave work files on your PC at work.
2. Your session should stay active for long periods of time. If you are consistently losing your connection, you may need to speak to your ISP to see if there are interruptions in your service.
3. You can only RDP into your PC at work if it is powered up. PC’s at work that are set to sleep, hibernate, or shut down after a period of inactivity may not be accessible. If you plan on using your work PC from home, make sure it’s powered up and not set to automatically shutdown/sleep/hibernate.
“The Management”

 

 

Exchange 2010 SP1 Installation – Part 6

Exchange 2010 SP1

Exchange Team Points For Deployment Prepraration

The installation of SP1 can be very frustrating, despite it’s great features. There is always some side-IIS elements that were not installed, and they need to be installed before you can move forward. The hotfixes are the key. When you start with an OS, e.g. Server 2008 R2, make sure you first have all of the OS updates installed. Visit Windows Updates and make sure you install any that are available. Then you want to visit the Microsoft Exchange Team site and find all the hot fixes for your Exchange 2010 installation. Make sure all of those hot fixes are installed as well. Then, even though you can install roles and features with checkboxes, it’s better to use the import-modules servermanager commandlet with PowerShell and copy the text for installing roles and features.

Do a google search for “Install Exchange 2010 SP1” and go to the EHLO blog. http://blogs.technet.com/b/exchange/archive/2010/09/01/3410888.aspx

Go to the Upgrade order if you’re going to upgrade from 2007.

Use the Matrix of Updates Required chart. Use the chart and don’t just go with what the Exchange installer tells you. You don’t want to miss one; you may be shown that you finished completely, but end up having to go back to ADSI edit etc. So make sure you have the hotfixes based off the chart.

In my case, all of the updates in the matrix were not required by my system, and the SP1 install went well with my latest install. After the SP1 install, it’s a good idea to install the update roll-up #5 released by Microsoft here:

http://www.microsoft.com/download/en/details.aspx?id=22090

After the update roll-up has been installed, be sure to check Windows Update a few times to ensure you have the latest patches and updates.

After SP1 is installed, and the updates have been installed as well, open up the Exchange console, click on the Organization Configuration, and then Mailbox, and you should see two new Retention tabs:

ExchangeSP1
Click image to enlarge

 

 

 

 

 

 

 

 

 

 

 

 

A good majority of the content provided in my Blog’s Exchange series is derived from J. Peter Bruzzese’ excellent Train Signals Exchange Server 2010 Video Disk Series, as well as my own Exchange 2010 lab. Trainsignal.com is an invaluable source for accurate, easy to understand, IT information and training. http://www.trainsignal.com

Exchange 2010 Installation Part 5

Absolute Necessities for Exchange 2010

  • You need an Active Directory Domain in place
  • You need a solid DNS infrastructure
  • You can technically install Exchange 2010 on a server that is your Active Directory Server and your DNS server (case in point, Small Business Server)

Typical or Custom Installations:

Exchange 2010 can be deployed through either a Typical or a Custom Installation

1. Typical: will install the Hub Transport, Client Access and Mailbox Server roles

2. Custom: You can install one server type, or some, or all of the roles

  • If you install the Edge Transport (greys out other roles), you cannot install other roles. Can only exist on a DMZ
  • If you are installing one of the other roles, you can combine them together (you may install them on separate servers all together.)
  • You don’t need the Unified Messaging Server role in order for your organization to function. The same with the Edge Transport server, not required but is recommended by Microsoft to provide better protection for Exchange.

The installation itself is fairly typical, and if your prerequisites have been installed you should not encounter any errors.

After installation, if your Exchange server is not licensed, you will have approximately 120 days to activate or license the server.

Be sure to check for critical updates for your exchange server after installation. If you don’t see any updates for exchange in Windows Update, even after a reboot, you may need to start the Exchange Setup.exe Installer again, and click on “Step 5: Get critical updates for Microsoft Exchange”. This is the only way I could force Windows/Exchange to find new updates, for example Exchange Update Rollup 5 for Exchange Server 2010 KB2407113.

 

Exchange Updates
Click Image to Enlarge

 

 

 

 

 

 

 

 

 

Everything we need installed for a working Exchange environment has been accomplished.

When starting the Exchange 2010 Management Console, we are not simply opening it for this server, but for our Exchange Organziation. Whether on a single server, or a multitude of servers, the console will manage the entire Exchange Organization system.

For the Edge Transport Server

We will install Active Directory Lightweight Directory Services. Even though the Edge Transport Server is not a part of the AD (for our own safety) it still requires a directory to work with. We can install it via the GUI, or through the PowerShell.

For the Edge Transport server, we will use the code:

> import-module servermanager

> Add-WindowsFeature NET-Framework, RSAT-ADDS, ADLDS -Restart

When running the command you may receive the following result error:

PS C:UsersAdministrator> Add-WindowsFeature NET-Framwork,RSAT-ADDS,ADLDS -Restart
Add-WindowsFeature : ArgumentNotValid: Invalid role, role service, or feature: 'NET-Framwork'. The name was not found.
At line:1 char:19
+ Add-WindowsFeature <<<<  NET-Framwork,RSAT-ADDS,ADLDS -Restart
    + CategoryInfo          : InvalidData: (:) [Add-WindowsFeature], Exception
    + FullyQualifiedErrorId : NameDoesNotExist,Microsoft.Windows.ServerManager.Commands.AddWindowsFeatureCommand

Success Restart Needed Exit Code Feature Result
------- -------------- --------- --------------
False   No             Invali... {}

If you receive this error, it means that the prerequisite, .NET Framework 3.5.1 is required. See screenshot below. An easy way to install the prerequisite is to use the GUI role installation feature, which will prompt you to install the framework. Be sure to apply all critical updates and service packs to .NET prior completing the installation of Lightweight Directory Services; remember, this is your public-facing computer.

Click image to enlarge

 

 

 

 

 

 

Once .NET and the rest of the Edge Transport role is installed, you’ve rebooted, updated and have rebooted again, now would be a good time to backup the Edge Transport server with either a bare metal/VM system snapshot. Although snapshots are beneficial, an Edge Transport XML export/backup should be performed as well on a regular basis. I exported my first as Edge_BaselineXML.

A very useful article on backing up and restoring the Edge Transport Server can be found here: http://exchangeserverpro.com/exchange-2010-edge-transport-server-backup-and-recovery

Note: The Windows Backup feature is not installed by default on a newly installed Server2008 R2 installation. You can quickly install the backup feature at the powershell using the following two commands:

> import-module servermanager

> add-WindowsFeature backup

When logging into the Edge Server, and launching the Management Console, I encountered the following error:

[ERROR] Provisioning layer initialization failed: ‘Active Directory error 0x8007052E occurred while searching for domain controllers in domain

The problem was that I had logged into the local machine only and not the domain, and when trying to run the console, it was not logged in as a domain user. I logged off, logged back in as DOMAINAdministrator, and then found the Management Console to work correctly and identify my machine as an Edge Transport Server.

Another error I hit was the following:

The following error occurred when searching for On-Premises Exchange Server:

The term ‘C:Program FilesMicrosoftExchange Server V14BinConnectFunctions.ps1′ is not recongnized as the name of a cmdlet, function, script files, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. It was running the command’. ‘C:Program FilesMicrosoftExchange ServerV14BinConnectFunctions.ps1’

(Click here to retry)

By following the workaround here: http://blogs.technet.com/b/nawar/archive/2010/09/03/exchange-management-shell-ems-missing-after-applying-exchange-2010-sp1.aspx I was able to continue with the configuration and open up the Exchange Console. However, all roles were available, which is incorrect. We should only see the Edge Transport role. After re-installing only the Edge Transport Role through the Exchange Setup, I now have the Edge Transport Role up and running. The Exchange Management Console should show only the Edge Transport Role on the Edge Transport server itself.

Click Image to Enlarge

 

 

 

 

 

This makes it clear what we’re working on. We’re on an Edge Transport server and that is all we can work on.

At this point we now have the ability to send mail internally from one mailbox to another. We do not have the ability to send email to the internet or from the internet because we have not configured DNS, or our Send/Receive connectors. We will save these tasks for a different post.

 

 

 

 

A good majority of the content provided in my Blog’s Exchange series is derived from J. Peter Bruzzese’ excellent Train Signals Exchange Server 2010 Video Disk Series, as well as my own Exchange 2010 lab. Trainsignal.com is an invaluable source for accurate, easy to understand, IT information and training. http://www.trainsignal.com

Exchange 2010 Installation Part 5

Absolute Necessities for Exchange 2010

  • You need an Active Directory Domain in place
  • You need a solid DNS infrastructure
  • You can technically install Exchange 2010 on a server that is your Active Directory Server and your DNS server (case in point, Small Business Server)

Typical or Custom Installations:

Exchange 2010 can be deployed through either a Typical or a Custom Installation

1. Typical: will install the Hub Transport, Client Access and Mailbox Server roles

2. Custom: You can install one server type, or some, or all of the roles

  • If you install the Edge Transport (greys out other roles), you cannot install other roles. Can only exist on a DMZ
  • If you are installing one of the other roles, you can combine them together (you may install them on separate servers all together.)
  • You don’t need the Unified Messaging Server role in order for your organization to function. The same with the Edge Transport server, not required but is recommended by Microsoft to provide better protection for Exchange.

The installation itself is fairly typical, and if your prerequisites have been installed you should not encounter any errors.

After installation, if your Exchange server is not licensed, you will have approximately 120 days to activate or license the server.

Be sure to check for critical updates for your exchange server after installation. If you don’t see any updates for exchange in Windows Update, even after a reboot, you may need to start the Exchange Setup.exe Installer again, and click on “Step 5: Get critical updates for Microsoft Exchange”. This is the only way I could force Windows/Exchange to find new updates, for example Exchange Update Rollup 5 for Exchange Server 2010 KB2407113.

 

Exchange Updates
Click Image to Enlarge

 

 

 

 

 

 

 

 

 

Everything we need installed for a working Exchange environment has been accomplished.

When starting the Exchange 2010 Management Console, we are not simply opening it for this server, but for our Exchange Organziation. Whether on a single server, or a multitude of servers, the console will manage the entire Exchange Organization system.

For the Edge Transport Server

We will install Active Directory Lightweight Directory Services. Even though the Edge Transport Server is not a part of the AD (for our own safety) it still requires a directory to work with. We can install it via the GUI, or through the PowerShell.

For the Edge Transport server, we will use the code:

> import-module servermanager

> Add-WindowsFeature NET-Framework, RSAT-ADDS, ADLDS -Restart

When running the command you may receive the following result error:

PS C:UsersAdministrator> Add-WindowsFeature NET-Framwork,RSAT-ADDS,ADLDS -Restart
Add-WindowsFeature : ArgumentNotValid: Invalid role, role service, or feature: 'NET-Framwork'. The name was not found.
At line:1 char:19
+ Add-WindowsFeature <<<<  NET-Framwork,RSAT-ADDS,ADLDS -Restart
    + CategoryInfo          : InvalidData: (:) [Add-WindowsFeature], Exception
    + FullyQualifiedErrorId : NameDoesNotExist,Microsoft.Windows.ServerManager.Commands.AddWindowsFeatureCommand

Success Restart Needed Exit Code Feature Result
------- -------------- --------- --------------
False   No             Invali... {}

If you receive this error, it means that the prerequisite, .NET Framework 3.5.1 is required. See screenshot below. An easy way to install the prerequisite is to use the GUI role installation feature, which will prompt you to install the framework. Be sure to apply all critical updates and service packs to .NET prior completing the installation of Lightweight Directory Services; remember, this is your public-facing computer.

Click image to enlarge

 

 

 

 

 

 

Once .NET and the rest of the Edge Transport role is installed, you’ve rebooted, updated and have rebooted again, now would be a good time to backup the Edge Transport server with either a bare metal/VM system snapshot. Although snapshots are beneficial, an Edge Transport XML export/backup should be performed as well on a regular basis. I exported my first as Edge_BaselineXML.

A very useful article on backing up and restoring the Edge Transport Server can be found here: http://exchangeserverpro.com/exchange-2010-edge-transport-server-backup-and-recovery

Note: The Windows Backup feature is not installed by default on a newly installed Server2008 R2 installation. You can quickly install the backup feature at the powershell using the following two commands:

> import-module servermanager

> add-WindowsFeature backup

When logging into the Edge Server, and launching the Management Console, I encountered the following error:

[ERROR] Provisioning layer initialization failed: ‘Active Directory error 0x8007052E occurred while searching for domain controllers in domain

The problem was that I had logged into the local machine only and not the domain, and when trying to run the console, it was not logged in as a domain user. I logged off, logged back in as DOMAINAdministrator, and then found the Management Console to work correctly and identify my machine as an Edge Transport Server.

Another error I hit was the following:

The following error occurred when searching for On-Premises Exchange Server:

The term ‘C:Program FilesMicrosoftExchange Server V14BinConnectFunctions.ps1′ is not recongnized as the name of a cmdlet, function, script files, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. It was running the command’. ‘C:Program FilesMicrosoftExchange ServerV14BinConnectFunctions.ps1’

(Click here to retry)

By following the workaround here: http://blogs.technet.com/b/nawar/archive/2010/09/03/exchange-management-shell-ems-missing-after-applying-exchange-2010-sp1.aspx I was able to continue with the configuration and open up the Exchange Console. However, all roles were available, which is incorrect. We should only see the Edge Transport role. After re-installing only the Edge Transport Role through the Exchange Setup, I now have the Edge Transport Role up and running. The Exchange Management Console should show only the Edge Transport Role on the Edge Transport server itself.

Click Image to Enlarge

 

 

 

 

 

This makes it clear what we’re working on. We’re on an Edge Transport server and that is all we can work on.

At this point we now have the ability to send mail internally from one mailbox to another. We do not have the ability to send email to the internet or from the internet because we have not configured DNS, or our Send/Receive connectors. We will save these tasks for a different post.

 

 

 

 

A good majority of the content provided in my Blog’s Exchange series is derived from J. Peter Bruzzese’ excellent Train Signals Exchange Server 2010 Video Disk Series, as well as my own Exchange 2010 lab. Trainsignal.com is an invaluable source for accurate, easy to understand, IT information and training. http://www.trainsignal.com

Exchange 2010 Installation Part 4

Updating Your AD Schema and Preparing the Domain.

What is the AD Schema?

* Consider it like the blueprint for all your objects and attributes within AD.

Do you need to update the schema?

* Not in smaller environments (unless it is a policy) because it will occur automatically if you install Exchange with an account that has permissions to prepare AD and the domain.

We prepare ahead of time from the command line the commands are:

-Setup /PrepareLegacyExchangePermissions (or setup /pl)

-Setup /PrepareSchema (or setup /ps) ( this will also do legacyexchangepermissions)

-Setup /PrepareAD (or setup /p) ( this will also do schema and legacy)

 

Make sure you’re in enterprise admin group and for schema, schema admin group.

How do you prepare the domain?

* From the command line the commands are:

– setup /PrepareDomain (or setup /pd)

– Setup /PrepareDomain:<DomainFQDN>(or setup /pd:<FQDN)

– Setup /PrepareAllDomains (or setup /pad)

You can confirm that these commands completed successfully by looking for the organizational unit called Microsoft exchange security groups (10-11 security groups created).

Give this time to replicate throughout the organization.

I ran:

D:> setup /PrepareAD /OrganizationName: jasoncoltrin

You can cancel the setup.

You can co-exist with an existing 2007 environment. So you can be running Exchange 2007 and 2010 at the same time. However, you cannot install/run Exchange 2007 after 2010 is installed first.

Once this finishes, you will run

D: setup /PrepareDomain

That’s it, your environment is now ready to install the Exchange 2010 system in your domain.

 

 

 

A good majority of the content provided in my Blog’s Exchange series is derived from J. Peter Bruzzese’ excellent Train Signals Exchange Server 2010 Video Disk Series, as well as my own Exchange 2010 lab. Trainsignal.com is an invaluable source for accurate, easy to understand, IT information and training. http://www.trainsignal.com

Exchange 2010 and Server 2008 R2 Prerequisites Installation Part 3

Server 2008 R2 Prerequisites Installation:

This sub-section will guide you to prepare your Active Directory and Domain environment.

1. To perform this tasks we need an User ID with Schema AdminsDomain Admins and Enterprise Admins group membership.

2. In the Active Directory Domain Server run the following command

Go to StartRunServerManagerCmd -i RSAT-ADDS .This command will install the Active Directory management tools.

3. In the Active Directory Domain Server run the following command.

setup /PrepareAD /OrganizationName: or setup /p /on:

Note: In this command is a variable this will vary according to your environment Ex: setup /PrepareAD /OrganizationName:jasoncoltrin. Before run this command browse to Exchange 2010 binaries path or include the Exchange binaries path Ex: “M:Setup.com /PrepareAD /OrganizationName:jasoncoltrin”

  1. For Hub Transport and Mailbox servers install the MS Filter Pack. The filterpack can be found here: http://www.microsoft.com/downloads/en/details.aspx?familyid=60c92a37-719c-4077-b5c6-cac34f4227cc&displaylang=en . Be sure to install the 64bit version. Run the setup wizard, and complete the install. *Note: On Exchange 2010 RTM, you can meet the prerequisite by installing 2007 Office System Converter: Microsoft Filter Pack. However, MS recommends that you upgrade to the Microsoft Office 2010 Filter Packs.
  2. In the PowerShell, type Import-Module ServerManager – Open powershell. type in import-module servermanager.
  3. Use the Add-WindowsFeature cmdlet to type (in actuality it’s much easier to install the features throught the PowerShell). Go to TechNet page here: http://technet.microsoft.com/en-us/library/bb691354.aspx and find the bullet that lists: “Install the Windows Server 2008 R2 operating system prerequisites”. Below is the command:
    Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy,Desktop-Experience -Restart

    Prerequisites_Install_Progress
    Click to enlarge image
    * As an alternative you can run the script from the Scripts folder on the Exchange DVD. Go to Start | Run | cmd | Browse to Exchange 2010 Binaries Scripts folder by using cd Scripts command | Run ServerManagerCmd -ip Exchange-Typical.xml –RestartNote: This command should be run from Scripts directory of Exchange 2010 DVD *Note: it’s a good idea to extract the Exchange 2010 binaries to a folder off of your C: drive (something like c:exch2k10, so that it’s easier to find the “Scripts” folder.)
  4. Note: If you aren’t using the UM role you can remove Desktop-Experience. Conclude after the restart by configuring the TCP Port Service to start automatically using (only CAS roles):
    From the PowerShell, execute the command: Set-Service NetTcpPortSharing -StartupType Automatic

This prerequisites guide is not exhaustive, but you should now have all the prerequisites to installing Exchange 2010. Please let me know if you find any other prerequisites missing.

A great installation guide can be found here as well:

http://muc-ug.org.in/index.php/articles/exchange-2010/109-installing-exchange-server-2010.html

 

 

 

A good majority of the content provided in my Blog’s Exchange series is derived from J. Peter Bruzzese’ excellent Train Signals Exchange Server 2010 Video Disk Series, as well as my own Exchange 2010 lab. Trainsignal.com is an invaluable source for accurate, easy to understand, IT information and training. http://www.trainsignal.com

 

Exchange 2010 Installation Considerations Part 2

More requirements for Exchange 2010:

Your Forest is required to be running at Server 2008 R2 Forest Functional Level.

x64 based hardware is required.

There is no in-place upgrade for Exchange 2007 to 2010.

It’s always important to map out your network prior to installing servers.

Consider your existing infrastructure and the needs of the company.

Discuss your design and deployment goals for using Exchange 2010.

Review the order of your deployments and consider the physical network layout and network connection speeds.

The following table shows minimum CPU core requirements for Exchange 2010 components:

Exchange2010_Cores
Click image to enlarge

The following table shows the minimum memory requirements for Exchange 2010:

Exchange2010_Memory
Click Image to Enlarge

Exchange Server 2010 is available in two different editions: Standard and Enterprise

The edition is determined by the product key, however, when installing as a trial version it will be running as Enterprise Edition.

The Exchange Management tools can run on Windows 7, Windows Vista with Service Pack 2, Server 2008 SP2, Windows Server 2008 R2.

Standard Edition – Limited to 5 Databases per server

Enterprise Edition – Can run up to 100 databases per server (previous editions both standard and enterprise allow database availability groups (High Availability) but require cluster which require Enterprise Edition of Server 2008 Enterprise.

Client Access Licensing (CAL’s) also come with both Standard and Enterprise versions. Sometimes the type of license will limit clients. For example, mobile devices without the correct license may not be able to use certain features.

Prerequisites: Use the powershell commandlet or Server Roles and Features to install prerequisites. Different Exchange roles will have certain requirements. Eg. the UM role requires the Desktop Experience feature installed.

 

More Hardware Requirements:

Processor(s): x64 Intel or AMD

Memory: can change due to different role being installed, but typically 4GB min per server. If combining roles, 8GB. Add 2-10MB memory per mailbox. The maximum memory for a Mailbox role is 64GB

Disk Space: For the Mailbox Role, you will need a minimum of 1.2GB to install Exchange.

Server OS: Server 2008 or Server 2008 R2

Prerequisites for Server 2008 SP2

  1. .NET Framework 3.5 SP1
  2. Install the .NET Framework 3.5 Family Update
  3. Windows Remote Management (WinRM) 2.0 here: http://support.microsoft.com/kb/968929
  4. PowerShell v2
  5. For Hub Transport and MailBox servers, install the MS Filter Pack. *Note: On Exchange 2010 RTM, you can meet the prerequisite by installing 2007 Office System Converter: Microsoft Filter Pack. However, MS recommends that you upgrade to the Microsoft Office 2010 Filter Packs.
  6. From an elevated command prompt, from the Scripts folder, issue the following commands:
  • Sc config NetTCPPortSharing start auto
  • ServerMangerCmd -ip Exchange-Typical.xml -Restart

7.  With the Unified Messaging role type:

  • ServerManagerCmd -i Desktop-Experience

Some useful tools in the scoping and stress testing of Exchange are:

1. Risk and Health Assessment Program for Exchange Server (ExRAP) – Scoping Tool v1.5 http://www.microsoft.com/download/en/details.aspx?id=20857

2. Planning and deployment guide: http://technet.microsoft.com/en-us/library/aa995902.aspx *Especially the Mailbox Server Storage Design

3. Install and run Jetstress on your hardware prior to deployment

The documentation for the Exchange Server 2010 version of Jetstress is available on TechNet at the following location.

http://technet.microsoft.com/en-us/library/ff706601.aspx

 

Version Build Usage Link
14.01.0225.017 32 bit
  • Exchange 2003[1]
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=6c9c1180-4dd8-49c4-85fe-ca1cdcb2453c&displayLang=us
14.01.0225.017 64 bit
  • Exchange 2007
  • Exchange 2010
http://www.microsoft.com/downloads/en/details.aspx?displaylang=en&FamilyID=13267027-8120-48ed-931b-29eb0aa52aa6

Table 1 – Jetstress version and download table



[1] Refer to Appendix D – Exchange 2003 for information on configuring Jetstress 14.01.225.x for Exchange 2003

 

 

 

A good majority of the content provided in my Blog’s Exchange series is derived from J. Peter Bruzzese’ excellent Train Signals Exchange Server 2010 Video Disk Series as well as my own Exchange 2010 lab. Trainsignal.com is an invaluable source for accurate, easy to understand, IT information and training. http://www.trainsignal.com

 

Exchange Server 2010 Overview Part 1

Microsoft’s Exchange Server:

Email is a mission critical tool for business. How do you provide that capability? Hosted, in-house, BPOS? There are many options. With Exchange you gain the following:

  • A reliable and flexible messaging platform for business communications.
  • Provides e-mail capabilities
  • Also provides calendar access and contact management
  • Users can have access to their communications anywhere; through their browser, mobile device, or their Outlook client.

Exchange 2010 adds the following:

  • Provides the email typical for Exchange that we’ve come to expect. Some features are the same as Exchange 2007, but new features are notable.
  • Continues the Server Roles for your organization’s deployment strategy. (5 Roles)
  • Includes High Availability and Site Resilience
  • Allows Unified Communications through the Unified Messaging Server Role that will give users a Universal Inbox (fax’s, voicemail, etc)

5 Server Roles: – Prior to Exchange Server 2010, you installed the entire Exchange infrastructure on an Exchange Server. Eg. if a Front-end server was only needed, you still had to install the entire Exchange Infrastructure. Now you have a lighter footprint with Roles. Server 2008 also uses Roles and Features.

  • The Mailbox Role: user mailboxes with mailbox DB’s. Also contains public folders.
  • Client Access Role: connection point for all users to their mailboxes internally or externally. (MAPI, OWA, Outlook Anywhere, ActiveSync, IMAP/POP)
  • Hub Transport Role: Flow of traffic to and from the Mailbox server. (These first 3 roles need to be installed in order for Exchange to work, but not necessarily on the same server.)
  • Optional Role – Unified Messaging Role: Provides the Universal Inbox for voicemail, email, faxes, etc.
  • Optional Role (recommended)- Edge Transport Role: Perimeter-based server to handle anti-spam and anti-virus protection and additional transport rules.

Requirments for Exchange 2010:

1. Domain Controller – AD Domain controller

2. DNS Services

3. Member Server (on which you will install Exchange)

 

For Exchange 2010 running behind your firewall or DMZ on your internal network, you can install the following 4 roles on their own server: Client Access Server, Mailbox Server, Hub Transport Server, and Unified Messaging Server.

To add an Edge Transport Server to your network, you will need to setup a Member Server that is not a member of the Domain. You install Exchange, but only the ET server role. This will sit out on the Perimeter Network (between internal and external firewalls – DMZ). Again, the ET server cannot be a member of the Domain.

New in Exchange 2010:

Storage Architecture – There’s a new focus on the database itself, not on a storage group. Storage groups have been removed from Exchange’s DB design (Exchange 2000 – 2007)

High Availability and Site Resiliency – Database Availability Groups have replaced legacy Exchange  HA versions.

Permissions – Role-based access control has been implemented – permissions to manage exchange.

Control – A cool new Web-Based Exchange Control Panel (ECP). Carries over Exchange 2007’s exchange management console and an exchange management shell.

Voicemail and Unified Messaging – including voicemail preview, better protection.

Exchange 2010 has something for everyone. It is a complete communications platform for organizations large and small.

 

 

A good majority of the content provided in my Exchange series is derived from J. Peter Bruzzese’ excellent Train Signals Exchange Server 2010 Video Disk Series. Trainsignal.com is an invaluable source for accurate, easy to understand, IT information and training. http://www.trainsignal.com

Networking Fundamentals – Part 2

Repeater: A repeater’s job is to repeat an electrical signal. The form that our data has taken to be sent across a cable is one’s and zeros. The repeater takes an incoming signal and then generates a new clean copy of that exact signal. This prevents maximum cable lengths from stopping transmissions and helps ward off attenuation; the gradual weakening of a signal.

Hubs – only one PC at a time can send data; if multiple PC’s are connected to a single hub, it’s One Big Collision Domain. To prevent collisions, a host will use CSMA/CD (Carrier sense multiple access with collision detection).

CSMA/CD:

  • carrier sensing scheme is used.
  • a transmitting data station that detects another signal while transmitting a frame, stops transmitting that frame, transmits a jam signal, and then waits for a random time interval before trying to send that frame again.

Bridge – used to create smaller collision domains. Place a bridge between multiple hubs. More collision domains is more beneficial. Segmenting the collision domains does not reduce the amount of broadcasts (for example, multiple hubs separated by multiple bridges is still one big broadcast domain). Every single host will receive a broadcast.

Broadcasts are not a bad thing, broadcasts can be beneficial by providing routing updates. But we do want to lower the number of broadcasts.

Switches: each host is in it’s own collision domain. Collisions cannot occur. Each host has more bandwidth available; not sharing bandwidth. Theoretically each host can run at 200mb (100mb sending, 100mb receiving with full duplex). Switches by default do not break up broadcast domains. Microsegmentation is a term sometimes used with Cisco documentation to describe the one host/one collision effect.

A switch will do one of three things with an incoming frame:

  • Forward it
  • Flood it
  • Filter it

The switch looks at it’s Mac address table to check if there is an entry for the destination MAC address, but first the switch will look to see if there’s an entry for the source MAC address in the frame. The switch uses the source MAC address to build the table. You can statically configure MAC address tables but not recommended.

#show mac-address-table    —   The command we use to look at the mac address table on a switch.

An unknown UNICAST frame is always flooded. – If an unknown unicast frame has to hit 79 other ports in an 80 port switch, it can cause a bit of overhead on the switch/cpu.

#show mac-address-table dynamic

If the switch does not have an entry for the destination mac address, and a host replies to the flood with the correct response, the switch will create an entry for the new host.

Take into consideration the following diagram:

SwitchFilterExample
click image to enlarge

In this instance, hosts A and B are in the same collision domain, separated by a hub. When Host A sends out a frame destined for Host B, and the frame arrives at the switch, the switch looks at it’s dynamic MAC address table and sees that the frame is destined for the same port as it’s origin. In this case the switch will FILTER the frame (drop the frame):

MacTableFilterExample
Click to enlarge image

Switches never send a frame back out the same port from which the frame arrived.

Flooding: When the switch has no entry for the frame’s destination MAC address. The frame is sent out every single port on the switch except the one it came in on. Unknown unicast frames  are always flooded.

Forwarding: when the switch does have an entry for the frame’s destination MAC address. Forwarding a frame means the frame is being sent out only one port on the switch.

Filtering: when the switch has an entry for both the source and the destination MAC address; the MAC table indicates that both addresses are found on the same port. (See image above)

Broadcast frames: a frame that is sent out every port on the switch except the one that received it. Broadcast frames are intended for all hosts, and the MAC broadcast address is ff-ff-ff-ff-ff-ff.

We can statically configure a port with a MAC address but not best practice. Dynamically learned MAC addresses will age out with a default of 300 seconds (5 minutes).

Command to see help for the tables is

#mac-address-table ?

then

#mac-address-table aging-time ?

0-0 Enter 0 to disable aging (not a good thing to do)

10-1000000 Aging time in seconds

The benefit of Dynamically configured MAC addresses is that if the host is not seen in 5 minutes or the interface goes down; physical damage to the port, when the host is connected to a different port, the switch will dynamically update the table with the source. The current entry will be aged out. Let the switch do it’s work, and use dynamically assigned addresses.

When the switch forwards, floods, or filters the frame, there is another decision to be made – how will the forwarding be processed?

Three different processing options:

  • Store-And-Forward
  • Cut-Through
  • Fragment-Free

Store and Forward is the default method on newer switches. The entire frame is stored and then forwarded.

Store and Forward – uses FCS – allows the recipient of the frame to determine if the data was corrupted during transmission (error detection). In the incoming frame the switch will read the destination MAC address before it looks at the FCS. The switch can check the FCS before forwarding the incoming frame. Gives us more error detection than the other two methods above.

Cut-Through – switch reads the MAC addresses on the incoming frame, and immediately begins forwarding the frame before rest of the frame is even read. Cut through is a lot faster. Cannot check for damaged frames.

Fragment-Free (middle ground for speed vs. error detection) works on the presumption that the corruption will be found in the first 64 bytes of the frame for damage. If no damage, then the forwarding process will begin.

Use virtual LANs to segment a network into smaller broadcast domains. In a production network, you can have a lot of hosts and each host can send out broadcasts with a cumulative effects. Hosts tend to respond to Broadcasts with a Broadcast of their own.

Broadcast Storm: can max out a switch’s resources (memory and cpu) making the switch useless. But before this, broadcasts may take up most of the bandwidth.

Create multiple broadcast domains to limit the scope of a broadcasts.

Basic command to view vlans is

#show vlan

but for practical use, the command below is better:

#show vlan brief

By default, you will have a single vlan on modern cisco switches.

To put for example two hosts in a separate single vlan (broadcast domain),

#conf t

#interface fast 0/2

#description Connected to Host 2

#switchport access vlan 24

#switchport mode access    — to makes access to only one vlan – no trunking

then

#int fast 0/4

#description Connected to Host 4

#switchport mode access

#switchport access vlan 24

#^Z

#copy run start

#show vlan brief

Once host2 and host4 are on the same vlan they won’t be able to ping other hosts on other vlans.

No traffic – pings or data packets can be sent from one VLAN to another without intervention of a Layer 3 device; most likely a router.