Exchange 2010 – Part 15 – Overview of the Exchange CAS Server Role

The Exchange 2010 CAS Server Role

In this post, we will review the purpose of the Client Access Server (CAS) Role in Exchange 2010.

We will discuss the following CAS Role aspects:

  • Outlook Web App
  • Exchange Active Sync
  • Outlook Anywhere
  • POP3 and IMAP
  • The Availability Service
  • The Autodiscover Service

Take for example the scenario: a Team Meeting to Discuss CAS role

  • The more mobile your users wish to be, the more the CAS Role comes into focus
  • You most likely will have mobile users that want to connect to Exchange using their browser, mobile, smart phone or tablet, through Outlook or some POP/IMAP oriented mail application
  • The role of an administrator is to ensure connectivity from any remote location, and that connectivity is provided without compromising security

 

The Evolution of CAS

  • Exchange 2000/2003 didn’t have CAS servers, they had “Front End” servers
  •      – With “Front End” servers, internal clients connected with Outlook using MAPI. MAPI is “Messaging Application Program Interface” – it allows you to send email with Outlook. MAPI is the protocol Outlook uses to connect with Exchange. Internal Outlook clients connected directly to Mailbox servers using MAPI over RPC.
  •      – External clients used the “Front End” as more of a proxy that could handle RPC over HTTP (for Outlook Anywhere), HTTPS (for Outlook Web Access, or OWA), and POP/IMAP. Clients connect in, provide credentials, and the Front End server would decide which mailbox to connect.
  • Exchange 2007 introduces the CAS role which is more than a proxy server but offloads a significant amount of the load that the mailbox servers typically handled
  •      – Internal MAPI clients still connect directly to the MB role. In 2007, The Client Access Role started to handle middle tier of a three tier application (the logic tier).
  • Exchange 2010 introduces a new service (MSExchangeRPC) so that the CAS Role is “true” middle tier. It now takes on the brunt of the work that the MailBox Role had to do in the past.

The Exchange 2010 CAS Role is Middle Tier

  • In Exchange 2010, the CAS Role handles both external and internal connections to the Mailbox role; with the exception of Public Folder connections. So whether they’re coming from OWA or Outlook inside the LAN, they will both go through the CAS Role.
  • MAPI and directory connections are handled by thte CAS server now, relieving a ton of load off the Mailbox server role, and ultimately increasing the number of concurrent connections to a Mailbox server (in Exchange 2007, we had 64K and now we have 250K).
  • By offloading the CAS features, now we have a lot more responsibility with CAS, so we need to ensure load balancing and CAS Array concerns as well as security concerns are met.

CAS Role Aspects

  •  Outlook Web App: Allows you to access email through a web browser (including IE, Firefox, Safari and Chrome). This used to be called “Outlook Web Access”. The biggest change that users appreciate is that it works in different browsers on the same level. It is handled by the CAS Role and IIS
  • Exchange ActiveSync: Allows you to synch your data between your mobile device or smart phone and Exchange – There are varying levels of ActiveSync support in devices and one key security element is remote wipe, which is not available for all devices.
  • Outlook Anywhere: Allows you to connect to your Exchange Mailbox externally using Outlook (RPC over HTTP) without going through a VPN connection. Its great for Outlook at home with the “In-house” experience.
  • POP/IMAP support – Mail clients other than Outlook (e.g. Mozilla Thunderbird/Live Mail) that connect with POP or IMAP are supported through the CAS role.
  • Availability Service: Shows free/busy data to Outlook 2007/2010 users.
  • Autodiscover Service: Helps Outlook clients and some mobile phones to automatically receive profile settings and locate Exchange services.

Looking at the Exchange Management Console:

Under Organization Configuration, you can make changes to the Client Access Role:

ClientAccessRole

At this point you have two options, modify the default policy of Outlook Web App Policies or the Exchange ActiveSync Mailbox Policies.

As an administrator you can control functionality of the user experience and even the devices connecting to the CAS.

Is modifying the following options a good or bad April Fools joke to play on your User’s smart phones?

Click Image to Enlarge

 

ActiveSynchOptions2
Click Image to Enlarge

Maybe not such a good idea to mess with these…

Client Access under the Server Configuration Node in the EMC, provides us with much more configuration options.

ServerConfigCAS

Some of the different tabs located here are:

  • Outlook Web App – Config changes to owa Default Web Site
  • Exchange Control Panel – connected with IIS ecp default web site
  • Exchange ActiveSync – Configure IIS/ActiveSync default website
  • POP3/IMAP4 – configure these mail protocols
  • Offline Address Book Distribution – If you recall we talked about the OAB now being distributed through web services
  • Outlook Anywhere – in a future post we will hit the “Enable Outlook Anywhere…” feature and go through it’s configuration.

So in review we’ve explained the purpose of the Client Access Server roles, discussed the different CAS features, and toured the EMC locations for working with the Client Access Service.

 

 

 

A good majority of the content provided in my Blog’s Exchange series is derived from J. Peter Bruzzese’ excellent Train Signals Exchange Server 2010 Video Disk Series, as well as my own Exchange 2010 lab. Trainsignal.com is an invaluable source for accurate, easy to understand, IT information and training. http://www.trainsignal.com

Hits: 22

Exchange 2010 – Part 14 – Creating Recipient Types

Exchange 2010 – Part 14 – Creating Recipient Types

In Exchange 2010, you can have a wide variety of recipients. In this post we will discuss and create the various recipient types, including:

  • User Mailboxes
  • Resource Mailboxes (Room and Equipment)
  • Contacts
  • Mail Users
  • Distribution Groups
  • Dynamic Distribution Groups
If you have multiple sites or locations with their own Exchange servers, you may wish to prepare, or create and train, a “Recipient Creation Team” in each location. Often times the creation of recipients is something that can be handled by a junior level admin, and so you could give their user account permissions to do just that, after they have been trained.
A review of Recipient Types that we can create:
The EMC makes it easy for us to create recipient types. On our mailbox server, we can open the Exchange Management Console, and expand Recipient Configuration which is under Microsoft Exchange -> Microsoft Exchange On-Premises->Recipient Configuration
Click Image to Enlarge
– The Mailbox Type:
  • User Mailbox (can use an existing user account or create a user account at the same time if you have permission)
  • Resource Mailboxes: Room Mailbox/Equipment
  • Linked Mailbox
– The Mail Contact
– The Mail User
– The Distribution Group
– The Dynamic Distribution Group
The “Disconnected Mailboxes” feature controls mailboxes that you disconnect from their active directory user (and can be connected to a different user).
The “Move Requests” feature is used if we might need to move users from different versions of Exchange or move them from one MB DB to another, and can view those move requests here.
When we highlight the Recipient Configuration in the EMC, in the Actions pane we have two options:
  1. Modify Recipient Scope… Lets say we only want to see those recipients that are in a specific Organizational Unit (narrow the scope).
  2. Modify the Maximum Number of Recipients to Display… – lets say we have a large organization with over 2000 mailboxes, by default, in the Results Pane, the Maximum recipients to display is set at 1000. We can change this number higher or lower to organize the results to our preference.
We will typically use the Mailbox Type -> User Mailbox. A UM is an AD user account that is connected to a mailbox on the Exchange user.
The Resource Mailbox types:
  • Room mailbox – a mailbox that represents a conference room (we need one of these for the bathroom at home) *Note – when created, these accounts are disabled by default
  • Equipment – projector that has a schedule; is it available or not available

Linked Mailboxes: an individual in one forest may have a mailbox in another forest. Requires a specific scenario; linked mailboxes rarely created.

Mail Contacts: allow you to have an AD contact object that can be searched and located but is external mailbox and cannot be assigned to a user. Someone working with your company but not for your company. This user cannot log into the domain.

Mail User: AD user, someone that can log into the domain. From a recipient perspective, they may have a gmail or hotmail account. Has an AD account but not a mail account.

The Distribution Group: Groups of mail contacts and users

The Dynamic Distribution Group: For example, adding a user to a Dynamic Distribution group named Marketing, a marketing user will become a member of the Marketing Distribution group. If that person moves to sales, that attribute changes that they will automatically become a member of the Sales Distribution Group.

Creating the different recipient types in the EMC is pretty straight-forward with the Wizard. The only sticky part is when it asks for the Mailbox Database to use. You should by now know how to locate your current Mailbox Database, if not, see my earlier post.

Functionality Changes in SP1:

  • Hierarchical Address Books
  • Internet Calendar Publishing
  • The Calendar Repair Assistant enhancements

Hierarchical Address Books

With hierarchical address book support you have the ability to configure address lists and offline address books (OABs) in a hierarchical view for your users

  • Note: this is not new to SP1 but most admins never used this because it involved such convoluted adjustments through ADSI Edit that it was passed over as a feature.
  • Now? You still have to jump through many flaming hoops with doggies following behind  but you can now do it through the Exchange Management Shell and it isn’t as difficult.

For example in Outlook, in the Address Book – All Users – you typically have all the users listed. With SP1, you have a new organization tab. Once you set up a hierarchy, you will see the hierarchy in that tab.

Click Image to Enlarge

Internet Calendar Publishing

Exchange RTM allowed for the sharing of calendar information through a federation trust and an organization relationship or sharing policy. SP1 introduces Internet calendar publishing. Allows users of Exchange the ability to share calendar information to anyone on the internet.

Key points include:

  • Federation is not necessary
  • Internet users are not required to belong to any form of authentication group (like Windows Live) and all they require is a browser to access it.
  • Users can invite friends, family, business persons to view their calendar by providing them a link
  • Exchange admins can control who can publish their calendar and what can be shared

The Calendar Repair Assistant Enhancements

Introduced in the RTM of Exchange 2010, the CRA repairs problems with the calendar assistant

New scenarios that are detected and repaired with the Calendar Repair Assistant in SP1 include:

  • If an attendee’s calendar is missing an occurrence or an exception of a meeting
  • If an attendee’s start/end time doesn’t match the organizer’s star/end time (*includes time zone inconsistencies)
  • The location of the attendee is different from that of the organizer
  • Organizer is missing an item
  • Recurrence patterns of an attendee and an organizer are different

Thanks for reading through this post and I hope you gained some understanding of the different Recipient types in Exchange 2010 as well as learned about new SP1 features.

 

 

 

A good majority of the content provided in my Blog’s Exchange series is derived from J. Peter Bruzzese’ excellent Train Signals Exchange Server 2010 Video Disk Series, as well as my own Exchange 2010 lab. Trainsignal.com is an invaluable source for accurate, easy to understand, IT information and training. http://www.trainsignal.com

Hits: 123

Exchange 2010 – Part 13 – Address Lists and the Offline Address Book (OAB)

Address Lists and the Offline Address Book in Exchange 2010

In this post, we will review different address list types, including:

  • Global Address List
  • Custom Address Lists
  • Offline Address Lists
– We will try creating new address lists based on Organizational Units
– We will review the Offline Address Book (OAB) settings
– We will create new Offline Address Books and assign them
In review, let’s discuss and describe Address Lists and the OAB:
  • An address list allows persons to browse different recipients in your Exchange organization so that you can contact other persons easily. It’s difficult (for most people, not me) to remember email addresses for 100’s of associates.
  • In Exchange 2010 there are three different types of address lists
  •      – Global Address List (GAL): A collection of all mailbox-enabled users, mail-enabled users, mail-enabled contacts, dynamic distribution groups, mail-enabled groups, mail-enabled public folders, and system mailboxes. By default you have one Global Address List, but Exchange may handle multiple companies or organizations, with different GALs. If you have an organization with the need for multiple GALs, you will need to produce them using the Exchange Management Shell.
  •      – Custom Address Lists: Although typically there are breakdowns of the GAL into lists like All Contacts, All Groups, All Rooms, All Users and Public Folders (if you use these) you can create customized lists. You’re going to find that the custom lists are pretty flexible. Be sure you do not over-do the custom lists, but keep them in logical groups. You want to keep these as simple as possible.
  •      – Offline Address Book: Although a separate aspect of the Organization structure, this is connected with address lists. For users that are on the road a lot and are offline, they will still want to be able to find email addresses.
Now we can jump into a scenario:
– Create 3 new address lists (New York, Chicago, and Dallas). Note: These will be based off of Organizational Units.
– Create and configure a new Offline Address Book and apply it to the mailbox database.
– Create a special “Dallas” OAB and assign it only to those persons in the Dallas OU.
On your mailbox server, open Active Directory Users and Computers and ensure that the corresponding Organizational Units are available and ready.
For example, if a user is logged in, they will see all the users in the Global Address List. If the user goes offline (disable the Network Interface), and goes to the different address lists, they will be able to still view the Global Address List as it is set to be an Offline Address Book by default. However, the other Address Lists will be unavailable.
Go to the Exchange Management Console -> MS Exchange -> MS Exchange on-Premises -> Organization Configuration ->Mailbox ->Address Lists tab. Click on New Address List (wizard).
Place the new list in the top-level container (All Address Lists). Under Filter Settings, you will select the recipient container where you want to apply the filter (Organizational Unit). In our case we can select New York -> OK.
 ScreenShot042
Under Recipient Types, we can narrow down to specific types such as:
– Users with Exchange Mailboxes
– Users with external email addresses
– Resource mailboxes (Room or Equipment mailboxes)
– Contacts with external email addresses
– Mail-enabled groups
In our case we will use All recipient types.
At this point we can choose Conditions:ScreenShot0411
It depends on how involved you want to get in building an Address list and you can even apply Custom Attributes. Once you’ve selected the attributes you desire, go ahead and click the preview button at the bottom of the screen to get an idea of how the Address List will look.
Next you can schedule when the address list should be applied (perhaps in the evening/after hours.)
Now we’ve created our 3 Address Lists.
In the EMC, under Recipient Configuration, select one of your users and under the General Tab, you can see the Custom Attributes… button, where you can setup address lists that relate back to these custom Attributes. Under the General tab you can also hide a user from Exchange Address Lists.
However although we’ve created 3 new Address Lists, when a user is offline, they still will only see the Global Address List. First, lets look at the properties of our Default Offline Address Book.
In the EMC -> Org Config -> Mailbox ->Offline Address Book tab.
The default Generation Server will be a Mailbox Server. The distribution Mechanism is Web-Based. If you look at the properties of the Default Offline Address Book, under the General Tab, you can find Updates are scheduled to run at 5:00am. Under the Address Lists tab, you can add include other lists… Add -> so if you want an individual see lists exactly as they see it at work, but we will create a separate OAB. Now under the Distribution Tab, with modern Outlook clients, Exchange will use Web-based distribution from a virtual directory. The virtual directory may or may not reside on your Mailbox server. The Mailbox server provides the OAB, however, the OAB will be distributed by a Virtual Directory.
ScreenShot0431
Now we want to create a new Offline Address Book and apply it to our Mailbox database where all of our users reside.
Mailbox -> New Offline Address Book.
Name it something like New Default OAB. For the Address book generation server choose your Mailbox server. We will include the default Global Address List, and Include the following address lists:
We will select the three address lists New York, Dallas, and Chicago:ScreenShot044
After hitting Next, we will be prompted for Distribution Points.
We will Enable Web-Based distribution here and choose our default virtual directory (client-access server). If we had older Outlook clients we would Enable public Folder Distribution. We do have the option of choosing both Web-based and public folder distribution, however which is nice.
Now we have a new Offline Address Book. In Database Management, we will see our Mailbox Databases. We can organize our Offline Address Books to different Mailbox Databases. With a particular mailbox selected, in the action pane, you can set the default OAB as well.
If you want to apply an Offline Address book only to a limited amount of special recipients, first create the SpecialOAB, then open up the Exchange Management Shell. First we need to get the users who have the Organizational Unit Dallas, and pipe it out to set the OAB. Your code will look something like the following:
[PS] C:Windowssystem32>Get-User -OrganizationalUnit Dallas | set-Mailbox -OfflineAddressBook “SpecialOAB”
In review:
  • We looked at different address list types
  •      – Global Address List
  •      – Custom Address Lists
  •      – Offline Address Lists
  • We created several new address lists based on Organizational Units but also showed how to determine other conditions to filter which users are in an address list
  • We reviewed the settings for the Offline Address Book (OAB) and especially discussed the generation and distribution methods
  •      – Generation is done on the Mailbox server
  •      – Distribution is done through Public Folders or Web-based
  • We created new Offline Address Books and assigned one to the mailbox database and used the EMS to assign the other to individuals.
Lastly, in one of my previous posts http://www.jasoncoltrin.com/?p=77 , I explained how changes to these Offline Address Books in certain instances can take up to 56 hours to propagate down to the client. If you have changes you want to make available to clients who are going offline, there are some manual steps you need to take to ensure they get the latest Offline Address Book right away.
A good majority of the content provided in my Blog’s Exchange series is derived from J. Peter Bruzzese’ excellent Train Signals Exchange Server 2010 Video Disk Series, as well as my own Exchange 2010 lab. Trainsignal.com is an invaluable source for accurate, easy to understand, IT information and training. http://www.trainsignal.com

Hits: 287

Exchange 2010 – Working with Public Folders – Part 12

In this post, we will look at Public Folders in Exchange 2010. More specifically:

  • We will review the purpose and use of Public Folders within your organization (and discuss the fact that they may no longer be used in some future version of Exchange).
  • We will go through the creation of a Public Folder database in the Exchange Management Console and see the properties that we can configure.
  • We will work with the Public Folder Management Console and the Outlook client to create and manage Public Folders.
  • We will review permission settings and delegating permissions for folders and sub-level folders.
In review, the purpose of Public Folders:
  • Public Folders are Nostalgic (out of date) – Public Folders were introduced with the first version of Exchange and have been used for many years as a means of collaborating with persons in your organization through a shared folder structure.
  • Users will see the Public Folder structure in their Outlook client and can view items that have been either posted or emailed to the folder (if it is mail-enabled) and they may have the ability to add content, create sub-folders and so-forth if they have permissions to do so.
  • Are Public Folders required in Exchange 2010?
  •      If you have Outlook 2007 and/or 2010 clients only, than the answer is no (it is completely optional if you want to).
  •      If you have Outlook 2003 clients, then the answer is yes. They use the Public Folder structure for Offline Address book distribution, free/busy lookups, organization form library, and security settings.
The Offline Address Book distribution in Exchange 2010 is now done with the BITS HTTP connection to the Exchange Client Access server. The Free/Busy look-ups are now done through the Availability Web Service. Security settings are done through Group Policy. Organizational Forms have been pushed aside in favor of InfoPath forms.
Starting with Exchange 2010, Public Folders are De-emphasized
  • Public Folders have become the dumping grounds for anything and everything your people want to share with each other. Public folders tend to sprawl out of control.
  • Public Folders are so late-1990’s. They aren’t designed for two very important 2010+ aspects of corporate life: Archiving data, and Document Sharing and Collaboration (check-in/check-out, versioning). Associates tend to try to hide their personal mail archives in Public Folders so that they are backed up.
  • As a result, the Microsoft Exchange Team has been making threats to pull Public Folder support from a future version of Exchange.
  • The idea is to encourage organizations toward SharePoint (although you are welcome to research and use some other collaboration solution).
  • While SharePoint has great features, any collaboration software has the potential to become the NEW dumping grounds for your organization.
How do I create the Public Folder database in Exchange 2010?
  • During the installation of the first Exchange 2010 Mailbox Server in your organization you see the question: “Do you have any client computers running Outlook 2003 and earlier or Entourage in your Organization?” If you answer “Yes” then the Public Folder database is automatically created.
  • You can also manually create a Public Folder database on any Mailbox Server in your organization and then determine if you want to replicate folders to that server.
How do I establish or create a High Availability structure for my Public Folders?
  • In Exchange 2010 there are no HA solutions you can use by default. The only way to ensure content is available is to create a new database and replicate content to that server.
Options for configuring Public Folder databases:
  • Maintenance Schedule
  • Replication Interval – specific to DB
  • Storage Limits
  • Deletion Settings
  • Age Limits
  • Public Folder Referral
Options for configuring individual Public Folders:
  • Replication (Both server choice and replication schedule)
  • Limits (Storage, Deleted Item, Age)
Path to managing the Public Folder in the Exchange Management Console (EMC):
MS Exchange -> MS Exchange On Premises -> Organization Configuration -> Mailbox -> Database Management Tab -> Right-click on Public Folder DB file and choose Properties.
Maintenance Schedules run from 1-5am by default. (ESE scanning check sum is an option as well. For smaller databases, you can get away with un-checking this option).
Circular Logging, again, is not having transaction logs building up. This is a space saver but not good when trying to recover from an emergency.
Replication Tab – replication of messages between PF databases.
Limits Tab – storage limits on the database. There is by default a maximum size of message of 10MB for each item placed in a Public Folder by default.
Public Folder Referral – Use Active Directory site costs. Essentially PFR comes into play with large organizations with multiple PF DBs, multiple Mail Box servers hosting PF DB’s. Certain PF’s may not be hosted at that same location. Site costs can be used to determine or manage PF locations.

You can configure  certain items on individual public folders like replication. Replication at the database level can be scheduled, or you can establish on the individual folder themselves.

Go to the Public Folder Console by going to the EMC -> Toolbox -> Public Folder Management Console:

Default Public Folders – include existing public folders created by an administrator. Try to maintain and organize Public Folders with a structure to maintain focus. One possibility is organizing by location. To add new folders, select New Public Folder… in the Action Pane. You can create sub-folders inside each Public Folder. You can delegate permissions on Public Folders to allow users the ability to create new sub-folders. Right-Click on a Public Folder, choose Properties. Under the Replication tab, you can add servers to replicate the content to and if you want High Availablity, you will select a different MailBox server and replicate the folder. You might replicate content to put them closer to actual user’s locations. You can use the default public folder replication schedule, or create your own. For limits, you can use the default quotas, or establish your own.

System Public Folders – we will cover these later.

 

Key Focus Points of Public Folders:

What are some of the key concepts of Public Folders?

  • Public Folder Trees
  •      Default Public Folders (IPM_Subtree – folders that users are typically aware of)
  •      System Public Folders (System PF structure known as the Non_IPM_Subtree – used by outlook for free/busy data, eforms registry and events root, for outlook clients that do not support 2010 or 2007 features (Availability service etc.) Legacy clients don’t know where to look for this, but can get their legacy data from these structures)
  • Replication
  •      Hierarchy – Properties of the folders, and organizational information, name of public folder, which server holds the replicas, and permissions are replicated with the heirarchy
  •      Content (Requires configured replication) – you decide which mailbox servers have copies of the content.
  • Referrals
  •      If a client looks for somethign in the Public Folder heirarchy, if they click on the folder, do they get it from their local Mailbox server? If it can’t find the data from their Mailbox, it will look for a replica in the same site. If it can’t find it there, it will look for the lowest cost site.
  • What are Mail-enabled Public Folders?
  •      They provide a bit more functionality to PFs
  •      Users can post to a PF through email.
Permissions: The Reality vs. The Potential
  • Exchange Administrators should consider delegating folder creation and management to others.
  • The easiest way to delegate is to assign persons to the Public Folder Management Group and let them worry about creating and managing Public Folders through Outlook
  • If you wanted to see the permissions or set the permissions on Public Folders, you cannot use the EMC/Public Folder Management Console. You must use the Exchange Management Shell.
  •      – Cmdlet used to add administrative permissions:  Add-PublicFolderAdministrativePermission
  •      – Cmdlet used to add client permissions: Add-PublicFolderClientPermission

In an Outlook 2010 client, if a user does not have permissions to create a sub-folder in a Public Folder, check the properties of the folder first -> Summary Tab.

To add a user to a Public Folder Management Group so that they can make changes/add folders to a Public Folder, you’ll need to open the Exchange Management Shell:

Edit – you can change permissions now through the Public Folders Management Console if Exchange 2010 SP1 is installed

[PS] c:windowssystem32>Add-RoleGroupMember -Identity “Public Folder Management” -Member User.Name 

After hitting Enter, nothing appears to happen, but when logged in as the user, and visiting the properties of a Public Folder in Outlook, you will see the additional properties/permissions available. And from here you can give additional permissions to other users.

If a Public Folder is mail-enabled, in the Global Address List, you can change the address book to Public Folders, which will list all available Mail-Enabled Public Folders.

Permissions: Rights vs. Roles

  • When using Outlook to assign permissions to a Public Folder you assign Roles (like Editor, Author and so forth).
  • Those Roles have underlying Rights assigned to them. For example, a Reviewer (role) has the rights ReadItems and FolderVisible.
  • There are 10 different Rights that mix and match for each role:
  1. ReadItems
  2. CreateItems
  3. EditOwnedItems
  4. DeleteOwnedItems
  5. EditAllItems
  6. DeleteAllItems
  7. CreateSubFolders
  8. FolderOwner
  9. FolderContact
  10. FolderVisible
Each of these is a different set of permissions that combine to create a different role. A “none” role doesn’t allow any permissions and the user will not be able to even view items.
If you are the type that doesn’t want to delegate to users rights and roles, and want to adjust them on the EMShell, you can use the following commands:
[PS] c:windowssystem32>Get-PublicFolderClientPermission -identity “PublicFolderName”
Let’s say we want to give Jason.Coltrin a role:
[PS] c:windowssystem32>Add-PublicFolderClientPermission -identity “PublicFolderName” -user “jason.coltrin” -accessrights Editor
It can be more simple to use the Outlook client GUI, but using the above commands, you can make the changes in the Exchange Management Shell.

With Exchange SP1, you can change permissions (rights and roles) for public folders using the Public Folder Management Console -> Right-click on Default Public Folders -> Choose Properties -> Permissions Tab. 

 

 

 

 

A good majority of the content provided in my Blog’s Exchange series is derived from J. Peter Bruzzese’ excellent Train Signals Exchange Server 2010 Video Disk Series, as well as my own Exchange 2010 lab. Trainsignal.com is an invaluable source for accurate, easy to understand, IT information and training. http://www.trainsignal.com

Hits: 70

Exchange 2010 – Understanding and Managing Databases – Part 11

In this post, we will discuss the following topics:

  • The concept of the Exchange Database including the Extensible Storage Engine or ESE
  • The way transaction logs and database files work together – storage architecture
  • How to create and mount databases
  • Some best practice concepts and implementing them with a newly created mailbox database
It’s important for you to visually realize that every email that goes to your Mailbox server must go into a database, and this creates challenges because of the huge variety of messages Exchange handles. From the tiny on-line emails to the monster MB emails with video attachments.
The I/O profile of a Mailbox server is not predictable (RANDOM). Read/write that occurs between memory and disk is substantial. At times there may be waves of messages, other times may be idle.
Exchange uses the Extensible Storage Engine (ESE) database engine (MS has mentioned moving this to SQL but that has been determined to be too much of an investment, so ESE remains in Exchange 2010). The ESE engine has received some enhancements to improve I/O by 70% (meaning, Exchange 2010 can read/write emails to disk 70% faster than 2007 using the same engine). These improvements included increasing the page size from 8kb to 32kb, storing header data in a single DB table, and compressing attachments. In turn, because of these optimizations, you actually have more options for using lower-end disks for your Exchange server.
Disk Types for Exchange:
  • Better IOPS performance mean flexibility in storage options:
  •      High-end storage (SANs or RAID arrays)
  •      Exchange 2010 uses reduced I/O and this allows for Lower cost SATA disks or Just a Bunch of Disks (JBOD) storage
  • One important point to keep in mind is that Microsoft removes Single Instance Storage with Exchange 2010
  •      The idea behind SIS is when a message is sent to a bunch of people (perhaps with a large file included) the original message is stored once.
  •      SIS is replaced by database compression technology and new tools to help administrators to purge mailboxes and reduce the overall size of the database
To visualize email flow consider the following:
The email comes in, the CPU/Memory sends it to the hard disk but not immediately into the database, because it might be busy. First it goes into transaction logs, which ensure the data is written into the database. Transaction logs don’t do anything, they are 1 MB in size and the amount of files/logs grows. But they are written into the “one monolithic database” file. The exchange store uses write-ahead Transaction Logs and CheckPoint files to help prevent data loss. These files record all changes that have been committed to the in-memory database. While checkpoint files record which data has been committed. If the DB is corrupted, and the transaction logs are safe, your DB will be up to date. Its recommended to keep TL and DB on separate disks. JRS files are used when the hard drive runs out of space and help to stop the queue DB cleanly. When the store runs out of hard disk space, the transport service will be stopped. At 1 GB it will run out of space and is BAD. Space cannot be reclaimed. *Make extra effort to ensure you do not run out of disk space!*
In the Exchange Management Console -> Mailbox server role -> Database Management tab, we can see the database file path and where the Transaction Logs are located.
In the Mailbox Database folder on the hard drive, in the transaction logs, when the placeholder E00 log is complete, it will be renamed.
When you create a new Mailbox, you can change the DB file locations. (PS command: new – mailboxdatabase Server…)
Exchange 2010 Database Best Practices:
  • Place transaction logs and database files on separate disks (off the system disk and/or the location where Exchange is installed – you can move the location of your DB)
  • Place transaction logs on a mirrored volume
  • Place database files on a RAID 5
  • Use the Exchange 2010 Mailbox Server Role Requirements Calculator to help you determine your storage needs. The latest version can be found here: http://blogs.technet.com/b/exchange/archive/2009/11/09/exchange-2010-mailbox-server-role-requirements-calculator.aspx
  • Note: Standard Edition supports 5 databases. Enterprise Edition supports 100 databases
For an existing DB, you can “Move Database Path” at any time and change the default locations for transaction logs and database file location.
EMC -> Organization Configuration -> Mailbox -> Database Management Tab -> Right-click on Database -> Properties ->
Maintenance Tab ->
Database Management Properties
  • Mount and Dismount the Database
  • Move Database and Log Paths
  • Background Database Maintenance (24×7 ESE scanning)
  • Circular Logging
  • Storage Limits
  • Deletion Settings
We will touch upon Journal Recipient later.
Here the Exchange Mailbox Database Maintenance Schedule can be adjusted or Customized.
Database maintenance performs the following maintenance tasks:
  1. Purging mailbox DB and PF DB indexes
  2. Maintaining Tombstones
  3. Cleans up deleted Items Dumpster
  4. Removes public folders that have exceeded expiration time
  5. Removes Deleted Public Folders which have exceeded the tombstone lifetime
  6. Cleans up conflicting Public Folder messages
  7. Updates server versions
  8. Checks schedule plus Free/Busy and offline folders
  9. Cleans up deleted mailboxes
  10. Checks message tables for orphaned messages
  11. Cleans up reliable event tables
By default, from 1am to 5 am, these tasks above are completed.
An online defragmentation process will be run to free up pages in the database at the end of every maintenance schedule. This is done to reduce the amount of I/O.
Legacy versions of Exchange would do a DB check-sum and look at every page to see if there was corruption at end of maintenance schedule.
However, ESE Scanning does the DB check sum process for corruption on the fly, outside of the maintenance schedule. Un-checking the option for ESE 24/7, the defrag will still take place at the end of the scheduled maintenance.
– Enable Circular Logging – saves disk space – allows exchange to overwrite transaction logs. If your database is corrupt, the transaction logs will restore the DB from the logs. It’s not recommended to use this option – but good if you want to save disk space (perhaps you can turn this on for specific databases)
Limits Tab:
Storage limits – mailbox and storage limits
By default, every day at 1am if the user hits these limits, they will be sent a notification that their mailbox has gotten so large that they will either be prohibited to send or send and receive.
Issue Warning at (kb):
Prohibit send at (kb):
Prohibit send and receive at (kb):
Deletion settings defaults:
Keep deleted items for (days): – deleted items do not count against user’s total mailbox size
Keep deleted mailboxes for (days)
Don’t permanently delete items until the database has been backed up (recommended to enable this option)
In summary, there is a lot to consider when managing an Exchange database. We talked about the concept of an Exchange Database, Transaction logs and database files, mounting/dismounting databases, best practices for configuring DB’s and logs, and finally, maintaining our databases with best practices.
A good majority of the content provided in my Blog’s Exchange series is derived from J. Peter Bruzzese’ excellent Train Signals Exchange Server 2010 Video Disk Series, as well as my own Exchange 2010 lab. Trainsignal.com is an invaluable source for accurate, easy to understand, IT information and training. http://www.trainsignal.com

Hits: 14

Exchange 2010 – Understanding and Managing Databases – Part 11

In this post, we will discuss the following topics:

  • The concept of the Exchange Database including the Extensible Storage Engine or ESE
  • The way transaction logs and database files work together – storage architecture
  • How to create and mount databases
  • Some best practice concepts and implementing them with a newly created mailbox database
It’s important for you to visually realize that every email that goes to your Mailbox server must go into a database, and this creates challenges because of the huge variety of messages Exchange handles. From the tiny on-line emails to the monster MB emails with video attachments.
The I/O profile of a Mailbox server is not predictable (RANDOM). Read/write that occurs between memory and disk is substantial. At times there may be waves of messages, other times may be idle.
Exchange uses the Extensible Storage Engine (ESE) database engine (MS has mentioned moving this to SQL but that has been determined to be too much of an investment, so ESE remains in Exchange 2010). The ESE engine has received some enhancements to improve I/O by 70% (meaning, Exchange 2010 can read/write emails to disk 70% faster than 2007 using the same engine). These improvements included increasing the page size from 8kb to 32kb, storing header data in a single DB table, and compressing attachments. In turn, because of these optimizations, you actually have more options for using lower-end disks for your Exchange server.
Disk Types for Exchange:
  • Better IOPS performance mean flexibility in storage options:
  •      High-end storage (SANs or RAID arrays)
  •      Exchange 2010 uses reduced I/O and this allows for Lower cost SATA disks or Just a Bunch of Disks (JBOD) storage
  • One important point to keep in mind is that Microsoft removes Single Instance Storage with Exchange 2010
  •      The idea behind SIS is when a message is sent to a bunch of people (perhaps with a large file included) the original message is stored once.
  •      SIS is replaced by database compression technology and new tools to help administrators to purge mailboxes and reduce the overall size of the database
To visualize email flow consider the following:
The email comes in, the CPU/Memory sends it to the hard disk but not immediately into the database, because it might be busy. First it goes into transaction logs, which ensure the data is written into the database. Transaction logs don’t do anything, they are 1 MB in size and the amount of files/logs grows. But they are written into the “one monolithic database” file. The exchange store uses write-ahead Transaction Logs and CheckPoint files to help prevent data loss. These files record all changes that have been committed to the in-memory database. While checkpoint files record which data has been committed. If the DB is corrupted, and the transaction logs are safe, your DB will be up to date. Its recommended to keep TL and DB on separate disks. JRS files are used when the hard drive runs out of space and help to stop the queue DB cleanly. When the store runs out of hard disk space, the transport service will be stopped. At 1 GB it will run out of space and is BAD. Space cannot be reclaimed. *Make extra effort to ensure you do not run out of disk space!*
In the Exchange Management Console -> Mailbox server role -> Database Management tab, we can see the database file path and where the Transaction Logs are located.
In the Mailbox Database folder on the hard drive, in the transaction logs, when the placeholder E00 log is complete, it will be renamed.
When you create a new Mailbox, you can change the DB file locations. (PS command: new – mailboxdatabase Server…)
Exchange 2010 Database Best Practices:
  • Place transaction logs and database files on separate disks (off the system disk and/or the location where Exchange is installed – you can move the location of your DB)
  • Place transaction logs on a mirrored volume
  • Place database files on a RAID 5
  • Use the Exchange 2010 Mailbox Server Role Requirements Calculator to help you determine your storage needs. The latest version can be found here: http://blogs.technet.com/b/exchange/archive/2009/11/09/exchange-2010-mailbox-server-role-requirements-calculator.aspx
  • Note: Standard Edition supports 5 databases. Enterprise Edition supports 100 databases
For an existing DB, you can “Move Database Path” at any time and change the default locations for transaction logs and database file location.
EMC -> Organization Configuration -> Mailbox -> Database Management Tab -> Right-click on Database -> Properties ->
Maintenance Tab ->
Database Management Properties
  • Mount and Dismount the Database
  • Move Database and Log Paths
  • Background Database Maintenance (24×7 ESE scanning)
  • Circular Logging
  • Storage Limits
  • Deletion Settings
We will touch upon Journal Recipient later.
Here the Exchange Mailbox Database Maintenance Schedule can be adjusted or Customized.
Database maintenance performs the following maintenance tasks:
  1. Purging mailbox DB and PF DB indexes
  2. Maintaining Tombstones
  3. Cleans up deleted Items Dumpster
  4. Removes public folders that have exceeded expiration time
  5. Removes Deleted Public Folders which have exceeded the tombstone lifetime
  6. Cleans up conflicting Public Folder messages
  7. Updates server versions
  8. Checks schedule plus Free/Busy and offline folders
  9. Cleans up deleted mailboxes
  10. Checks message tables for orphaned messages
  11. Cleans up reliable event tables
By default, from 1am to 5 am, these tasks above are completed.
An online defragmentation process will be run to free up pages in the database at the end of every maintenance schedule. This is done to reduce the amount of I/O.
Legacy versions of Exchange would do a DB check-sum and look at every page to see if there was corruption at end of maintenance schedule.
However, ESE Scanning does the DB check sum process for corruption on the fly, outside of the maintenance schedule. Un-checking the option for ESE 24/7, the defrag will still take place at the end of the scheduled maintenance.
– Enable Circular Logging – saves disk space – allows exchange to overwrite transaction logs. If your database is corrupt, the transaction logs will restore the DB from the logs. It’s not recommended to use this option – but good if you want to save disk space (perhaps you can turn this on for specific databases)
Limits Tab:
Storage limits – mailbox and storage limits
By default, every day at 1am if the user hits these limits, they will be sent a notification that their mailbox has gotten so large that they will either be prohibited to send or send and receive.
Issue Warning at (kb):
Prohibit send at (kb):
Prohibit send and receive at (kb):
Deletion settings defaults:
Keep deleted items for (days): – deleted items do not count against user’s total mailbox size
Keep deleted mailboxes for (days)
Don’t permanently delete items until the database has been backed up (recommended to enable this option)
In summary, there is a lot to consider when managing an Exchange database. We talked about the concept of an Exchange Database, Transaction logs and database files, mounting/dismounting databases, best practices for configuring DB’s and logs, and finally, maintaining our databases with best practices.
A good majority of the content provided in my Blog’s Exchange series is derived from J. Peter Bruzzese’ excellent Train Signals Exchange Server 2010 Video Disk Series, as well as my own Exchange 2010 lab. Trainsignal.com is an invaluable source for accurate, easy to understand, IT information and training. http://www.trainsignal.com

Hits: 53

Exchange 2010 – Mailbox Server Role Overview – Part 10

In this post we will review the overall purpose of the Mailbox role.

We will also review the management options that relate to the Mailbox role including:

  • Database Management
  • Messaging Records Management (MRM)
  • Address Lists
  • The Offline Address Book
  • Public Folders
Mailbox Server Role functions:
A server that runs the Mailbox Server role (“Mailbox server”) performs the following:
  • Hosts mailbox databases (which hold recipient mailboxes)
  • Hosts public folder databases
  • Handles email address policies
  • Generates Offline Address Books (OABs)
  • Generates Address Lists
  • Enables content indexing
  • Allows for messaging records management (MRM)
  • Allows for retention policies
As you can tell that the role is an important one and that High Availability and Site Resilience is a key concern and Exchange 2010 has been designed specifically to provide those features.
The mailbox server has quite a bit of connectivity to all the other server roles (except for the Edge Transport Server).
____________________________________
Configuration Aspects of the Mailbox Role
Organization Configuration
  • Database Management and Database Availabilty Groups
  • Messaging Records Management (MRM)
  •      Managed Default Folders
  •      Managed Custom Folders
  •      Managed Folder Mailbox Policies
  • Address Lists
  • Offline Address book
  • Sharing Policies
Server Configuration
  • Most of the configuration work is being done on the Organization Configuration side. In Exchange 2007, Database Management was under Server Config – related to storage groups. Very limited settings including MRM schedule and a view of Database Copies (if any exist).
MRM – policies to adjust for example, how long items stay in the deleted items folders in (all) user’s mailboxes. Sharing policies control how to share calendars with persons outside the organization.
Click image to enlarge

To manage the mailbox server, open the EMC, go to Organization Configuration -> Mailbox. You’ll notice that I have two databases. One is the Mailbox database and the other is the Public Folders database. You can right-click on the Mailbox Database and choose properties, where you will find General, Maintenace, Limits, and Client Settings Tabs.

Database availability groups tab will by default not contain objects as this tab is used for High Availability/Fail-over configuration.

The Managed Default Folders tab – lists out typical folders in a user’s mailbox. You can also create additional default folders. You may want to create two different Deleted Items folders.

Managed Custom Folders – place a folder in User’s Outlook – for example, Archive, you can create it, and place it in this tab.

Managed Folder Mailbox Policies – no policies by default, create a policy and then apply – we will go over this later.

Offline Address Book – default OAB

Address Lists – pre-configured Address Lists as well as the Default Global Address List. You may want to create lists for departments, sites, organizations.

Sharing Policies – Default Sharing Policy

_________________________

Server Configuration

Mailbox Role configuration

ServerConfigurationMailbox
Click Image to Enlarge

In the top pane, right click on the Mailbox and click on properties. Here you will find a General tab, a Systems Settings tab, and a Customer Feedback Options. For some unknown reason, Scheduled Managed Folder Assistant tab is not available on my installation as it is in others. This may be due to permissions.

By Right-clicking on the database copy, you can get the General Status of the Mailbox Database: the Content Index State, the Status (Mounted), the Copy queue length and Replay Queue Length. Under the Status tab you will find: Seeding, Messages, Latest available log time, Last inspected log time, Last copied log time, and Last replayed log time. Here you can also View Errors Messages.

 

 

 

 

A good majority of the content provided in my Blog’s Exchange series is derived from J. Peter Bruzzese’ excellent Train Signals Exchange Server 2010 Video Disk Series, as well as my own Exchange 2010 lab. Trainsignal.com is an invaluable source for accurate, easy to understand, IT information and training. http://www.trainsignal.com

Hits: 64

Transitioning Exchange 2007 to Exchange 2010 – Part 9

This post has to do with transitioning from Exchange 2007 to 2010. Essentially you will be installing Exchange 2010 on the 2007 Exchange server, setup some co-existence if necessary, transfer the mailboxes, and then uninstall Exchange 2007.

* Upgrades – There is no “In-Place” upgrade from 2007 to 2010

– You can either deploy fresh, migrate, or transition.

*Migration

From Exchange 5.5 or 2000 to Exchange 2010 – when moving over to Exchange 2010 you will not be able to move over mailboxes or use transitioning coexistence. You might have to upgrade from 5.5 or 2000 to 2003, and then transition. Quest is a good transitioning tool from older versions to 2010. Lotus Domino has a transition path to 2007.

*Transition: involves introducing an Exchange Server(s) into the environment and moving over mailboxes and public folders

– Co-Existence: the state of your Exchange environment when different versions of Exchange are running together side-by-side within the same Exchange Organization

You can run exchange 2003, 2007, and 2010 all co-existing together. Slowly move the mailboxes and public folders over.

When migrating from a single 2007 server:

1. Ensure Exchange 2007 servers are running SP2

2. Deploy Exchange 2010 Servers in this order: Client Access Server, then Hub Transport Server, Unified Messaging, and then Mailbox server

3. Configure legacy DNS host name records* and implement new certificates for CAS

*Legacy DNS host name records: only necessary if you cannot transition quickly and need to provide remote OWA/Mobile usage.

4. Move over mailboxes and public folder data to Exchange 2010.

5. Tie up loose ends and uninstall Exchange 2007

Legacy Host Names and Certificates for CAS

  • If you plan for a period of co-existence with 2007, you will need to establish a legacy host name
  • The goal is to move your primary namespace, mail.companyname.com and autodiscover.companyname.com over to Exchange 2010
  • So for example, your mail.companyname.com domain continues but a new legacy.companyname.com is put in place for 2003/2007 users of OWA, ActiveSync, etc…
  • You will need to obtain a new certificate for Exchange and you should consider a Subject Alternative Name (SAN) certificate although wildcard certificates are also supported

Some DNS Record Types Review:

  • A Record: an address record that maps a host name to an IP address
  • NS Record: a name server record that maps a domain name to a list of DNS servers that are authoritative for that domain
  • MX Record: mail exchange record – maps a domain name to a list of mail exchange servers for that record
  • CNAME Record: gives the ability to provide an alias of one name to another
  • SRV Record: links a particular service to a specific server
  • SOA: Specifies the DNS server providing authoritative service for a particular domain

Users trying to log into an Exchange 2010 server, but have not had their mailbox transitioned yet, will be re-directed to the previous server if the legacy A record is listed in DNS.

Deployment Assistant: (upgrade means transistion) -this tool can be used from the website or downloaded.

The tool can be found here:

http://technet.microsoft.com/en-us/exdeploy2010/default.aspx#Index

Disjointed namespace: the FQDN of a server does not match the domain of which it is a member.

Transitioning Paths Vary

* Depending on your organization you may have the following variables in play for your transition to mold itself around:

– Exchange 2003 to 2010 (or mixed 2003/2007 to 2010)

– Public folders need to be transitioned

– Co-existence is necessary (requires legacy host name)

* Our example transition includes the following concerns:

-Public folders do, in fact, exist and need to be transitioned

-Co-existence is not necessary (we will perform the move in a minimal amount of time over a weekend of inactivity within the organization)

In a transition from Exchange 2007 to 2010 here are the following necessary items:

  1. Exchange 2007 is already running SP2
  2. The Server is 2008 and the forest functional level is already higher than the required 2003 forest functional level mode
  3. Exchange 2010 is already installed with CAS/HT/MB roles
Items to Complete:
  1. Move Offline Address Book (OAB) generation to Exchange 2010
  2. Move Exchange 2007 Mailboxes to 2010
  3. Move Public Folder data to Exchange 2010
  4. Ensure funtionality, test connectivity options, remove Exchange 2007

To check the domain functional level

  1. Go to Active Directory Computers and Users
  2. Right-click on the domain name, click “Raise Domain Functional Level”
  3. Look at Current Domain Functional Level

 

Moving the OAB generation from 2007 over to Exchange 2010

  1. Open Exchange Management Console
  2. Expand Organization Configuration node
  3. Select the Mailbox node
  4. Select Offline Address Book tab
  5. Select the Default Offline Address book, ->Actions -> Properties -> Distribution tab
  6. Make sure Enable Web-based distribution is On (checked)
  7. Enable public folder distribution (On/checked) -> ok

Warning (ok)

In the actions pane click Move

Click Browse -> Select the new Exchange 2010 server -> Move

Completed (Warning) -> Finish

Generation server should now be your new 2010 server.

Online Mailbox Moves:

  • Previous transitions called for mailboxes to be offline for a period of time while they moved to the new server
  • Exchange 2010 eliminates this issue by allowing the mailbox to be moved while still online. Note: If transitioning from Exchange 2003 to 2010 you will still need to do an offline mailbox move
  • To the user, short of a restart of Outlook, they will not know a difference or notice any loss of service
  • Need to use the wizard or new powershell cmdlet New-MoveRequest

You need to start on the new Exchange 2010 server to move mailboxes from 2007 to 2010

Start Exchange Management Console

Go to Recipient Configuration node -> Mailbox

Add a column (Database) and place next to the display name

Select multiple users -> Actions -> New Local Move Request…

Target Mailbox Database (Browse) -> Select new 2010 server DB -> ok -> Next

Move options:

If corrupted messages are found:

  • Skip the mailbox (recommended)
  • Skip the corrupted messages
Next -> New -> Finish
Move Request -> If you look at the status it should say completed
Using the exchange management shell: (more flexibility and control)
get-help new-moverequest -examples
(3 examples)
System will perform check of mailbox for readiness
>New MoveRequest Identity ‘jason.coltrin@jasoncoltrin.com’ -TargetDatabase “MBEX2K10”
To test
>get move-request
-shows which move requests have been completed
For example to move just mailboxes from one organizational unit into exchange 2010

> get user organizationalunit LegalDept | New MoveRequest -TargetDatabase “MBEX2K10”

Replicating Public Folder Structure:

Once we have replicas we can remove the original copy

Go to Toolbox – Public Folder Management Console – should connect back to your 2007 exchange server.

We first need an Exchange 2010 Public Folder database:
Organization Configuration under Mailbox

Database Management Tab -> Actions -> New Public Folder Database

Give it a name (2K10PF) -> Next -> New -> Finish.

Go back to PF management console -> Right click on folder and choose properties -> Replication tab -> Add -> Select new 2K10PF database -> OK

Change “Use public folder database replication schedule” to Run Every Hour.

Now we’ve asked the public folders to replicate over. One way to check if it’s working ok is right click on the root, and choose connect to server, select 2010 server, and find the replicated folders (update Heirarchy)

Now you can remove 2007 replicas. Make sure you have complete all public folders.

2007 Exchange Pre-Removal Tasks 

  • If you are confident that your Exchange 2010 server(s) are ready to work alone – don’t uninstall the Exchange 2007 server yet…
  • In the EMC Toolbox is the Exchange Best Practices Analyzer – use it!
  • Use the Exchange Remote Connectivity Analyzer Tool is another option
  • When your testing is complete and you feel comfortable — Uninstall Exchange 2007 from the Programs and Features item in the control panel

Decommissioning is simply removing the Programs and Features. It will go through the process of uninstalling the various roles (MB, CAS, etc)

We have ended the period of coexistence, and have transitioned over to 2010.

 

 

 

A good majority of the content provided in my Blog’s Exchange series is derived from J. Peter Bruzzese’ excellent Train Signals Exchange Server 2010 Video Disk Series, as well as my own Exchange 2010 lab. Trainsignal.com is an invaluable source for accurate, easy to understand, IT information and training. http://www.trainsignal.com

Hits: 52

Exchange 2010: Exchange Management Console (EMC) – Part 8

A quick overview of the Exchange Management Console, or EMC; a very capable management console accessed via the OWA web interface.

We can access the EMC through Outlook Web App. On the Exchange Mailbox server itself, you can get to OWA through the address https://localhost/owa

Note: I encountered an issue here. When first logging into OWA I received the following error message: “Your mailbox appears to be unavailable. Try to access it again in 10 seconds. If you see this error again, contact your helpdesk.”

My first instinct when I receive a message like this is to check services. Yes, as I suspected, upon viewing my primary Exchange server services, the Microsoft Exchange Server Information Store Service was not started. I started the service manually, logged into OWA again, and found I could now completely log in and see my OWA inbox.

Once inside the administrator’s mailbox, you can manage the organization by clicking on the Options drop-down in the upper right-hand corner, and then on “See all options…”

ManageOptions
Now that you’ve clicked into all of the options, you will want to change the Mail > Options: “Manage Myself” drop-down to “My Organization”. You are now in the Exchange Management Console.EMC

Once inside the EMC you have the following Options:

  1. Users and Groups – contains Mailboxes, Distribution Groups, and External Contacts
  2. Roles and Auditing – contains Administrator Roles, User Roles, and Auditing. There are some nice Auditing controls available here including * Run a non-owner mailbox access report… * Run a litigation hold report… * Run an administrator role group report… * Export Mailbox Audit Logs… * Export the Administrator Audit Log…
  3. Mail Control – contains Rules, Journaling, and Delivery Reports
  4. Phone and Voice – contains ActiveSync Access (Quarantined Devices and Device Access Rules); and ActiveSync Device Policy
Take note that Multi Mailbox Search (which is under mail control in RTM). RVAC, even the admin is not able to see the Multi Mailbox Search; you have the add the administrator into the Discovery Management Role Group. Once added to that group, you will see MultiMailbox search in the Administrators EMC.

 

 

 

 

A good majority of the content provided in my Blog’s Exchange series is derived from J. Peter Bruzzese’ excellent Train Signals Exchange Server 2010 Video Disk Series, as well as my own Exchange 2010 lab. Trainsignal.com is an invaluable source for accurate, easy to understand, IT information and training. http://www.trainsignal.com

Hits: 254

Exchange 2010 – The Exchange Management Console and Shell – Part 7

* There are 3 tools for managing Exchange. 1. The Exchange Management Console, 2. The Exchange Management Shell, and, 3. The Exchange Control Panel, which is accessed through Outlook Web App (OWA)

* We will first look at the use of the EMC and explore its various nodes, panes, and actions we can perform

* Then we’ll look at the purpose of PowerShell and the EMS, focusing on how commands are formed using cmdlets and how they are made more complex and useful through pipe-lining.

The EMC has 4 primary interface elements:

  1. Console Tree
  2. Result Pane
  3. Work Pane
  4. Action Pane
The EMC is based on MS MMC 3.0 and the GUI version used for Exchange.
Organization Configuration
Server Configuration
Recipient Configuration
Under Server Configuration, when you click on Mailbox, Client Access or Hub Transport, you’ll notice that there are two middle panes. A results pane and a work pane.
The Actions pane can be turned off by clicking Show/Hide the action pane button on the toolbar. When you turn it off, you can still perform functions by right-clicking on objects.
One thing to note in the Console Tree is that you have by default the “Microsoft Exchange on-Premises.” It is designed so that you can manage Exchange Servers in the cloud.
The Exchange Management Shell is a requirement for Exchange Administrators (and there are questions about it in exams). Learning PowerShell is not an option, it is a necessity.
The EMS is built upon PowerShell (PS)
  • PS is both a command-line tool and a scripting platform.
  • Exchange 2010 requires PowerShell v2.
  • PowerShell commands are built using cmdlets
  • Through PowerShell commands, you can manage EVERY aspect of Exchange, whereas the EMC you can manage ALMOST every aspect of Exchange
Local Shell and Remote Shell
  • The EMC allows you to make configuration changes to the Organization or to individual Servers. In Exchange 2007, you could only run the POwerShell compone3nts on the local machine.
  • With Exchange 2010 you can connect to a remote session on a remote Exchange 2010 system.
  • When you open the EMS it connects to the closest exchange session
  • you cannot connect remotely to an Edge Transport Server
  • Remote Sessions are created using the New-PSSession and Import-PSSession cmdlets
What are CMDLETS?
  • Simple verb-noun structure
  • Common verbs are : Get, Set, Remove, Test, Enable, Disable, Install, Uninstall, New and Move
  • Pipelines | help to string cmdlets together
  • Examples:
  • Get-Mailbox
  • Get-MailboxStatistics <Mailbox>
  • Get-Mailbox -OrganizationalUnit Sales
  • Get-Mailbox | Set-Mailbox -prohibitsendquota 500MB (this will take every mailbox in the organzation and set the prohibit send quota to 500MB – manually would take forever!
The Exchange Management Shell contains modules we need. You can import them into PowerShell, but the EMS already is loaded.
Try for example:
>get-excommand – quite a number of different cmdlets! To investigate how to use one of these commands?
>get-help test-systemhealth
This outputs
Name:
Synopsis:
Syntax: (might want to port out to txt and print)
Description:
Related Links:
Remarks: (Examples)
>Get-Service -> shows all the services running on our system
>Get-Mailbox ->  shows all the mailboxes on the server – names, where they reside, quota.
To narrow down to the sales org unit use:
>get-mailbox – OrganizationalUnit Sales
>Get-MailboxStatistics jason.coltrin
shows last login time, storage stats, etc
>get-mailbox -OrganizationalUnit Sales | Set-Mailbox -ProhibitSendQuota 500MB
To give a number of users mailbox with one line of code you can do the following:
Andy Grogan created a script to create (fake) users on a domain. You can create several hundred users.
Go to UserTools, and you can see a .csv file which contains basic info for creating users. You can change these, and use your real names and create an entire domain of your users.
The script will create an Organizational Unit called “Exchange Users”
You can download the script here:
and here is a screenshot of the script and .csv files:
Click image to enlarge
Run the powershell script within powershell, and you should see the users scroll down the screen as they are created.
Now that the users have been created, go to your Mailbox server and go to Organization Configuration -> Mailbox -> “MailboxDatabase” is the database where we will be placing our new users. We will use the ExchangeUsers OU to help build mailboxes for our lab users.
Under Recipient Configuration, we do not yet have users listed. We do not have mailboxes for them.
Go to the EMS and type in the following command:
> get-user -OrganizationalUnit ExchangeUsers | where-object{$_.RecipientType -eq “User”} | Enable-Mailbox -Database “MailboxDatabase”
Now that your users have been given mailboxes, goto OWA at https://yourdomain/owa , log in as one of the users and test sending/receiving to the administrator.

Hits: 22