Tag: Active Directory

Exchange Administrator’s toolkit

There are lots of tools for Exchange Server available, you can find most of them at the Exchange Server Wiki (some of the tools listed are for previous versions of Exchange).

Here is a short selection from the vast collection available:

Microsoft Exchange 2013 Public Folder Directory Sync Support Scripts

Microsoft has recently updated the Microsoft Exchange 2013 Public Folders Directory Sync Support Scripts to version 15.00.1017.003.

Brief Description
Scripts to enable creation of public folder related objects in the O365 Active Directory and synchronization of public folder related Active Directory objects between on-premise and O365 directories.

Overview
Use this scripts if you need to do one of the following – – Initial creation of mail enabled public folder objects in the destination Active Directory for public folder migration from Exchange 2007 or 2010 to Exchange 2013 – Synchronization of mail enabled public folder objects from cloud to on-premise Active Directory – Synchronization of mail enabled public folder objects from on-premise to cloud Active Directory – Synchronization of public folder mailbox objects from cloud to on-premise Active Directory

Exchange 2010 SP3 Rollup 7

The Exchange Team released Rollup 7 for Exchange Server 2010 Service Pack 3 (KB2961522). This update raises Exchange 2010 version number to 14.3.210.2.

Fixes:

  • 2983261 “HTTP 400 – Bad Request” error when you open a shared mailbox in Outlook Web App in an Exchange Server 2010 environment
  • 2982873 Outlook Web App logon times out in an Exchange Server 2010 environment
  • 2980300 Event 4999 is logged when the World Wide Web publishing service crashes after you install Exchange Server 2010 SP3
  • 2979253 Email messages that contain invalid control characters cannot be retrieved by an EWS-based application
  • 2978645 S/MIME option disappears when you use Outlook Web App in Internet Explorer 11 in an Exchange Server 2010 environment
  • 2977410 Email attachments are not visible in Outlook or other MAPI clients in an Exchange Server 2010 environment
  • 2976887 eDiscovery search fails if an on-premises Exchange Server 2010 mailbox has an Exchange Online archive mailbox
  • 2976322 Assistant stops processing new requests when Events in Queue value exceeds 500 in Exchange Server 2010
  • 2975988 S/MIME certificates with EKU Any Purpose (2.5.29.37.0) are not included in OAB in Exchange Server 2010
  • 2966923 Domain controller is overloaded after you change Active Directory configurations in Exchange Server 2010

Download Exchange 2010 SP3 Rollup 7 here.

Exchange Tools

Here I’ll share some free tools that can help simplify Microsoft Exchange deployment, troubleshooting, and administration. Some of the tools are simple—but still convenient—whereas others provide some powerful functionality.

There are some tools you can use during deployment to ease the process and reduce issues in the future, tools you can use for troubleshooting to reduce down-times, and tools you can use during day-to-day administration to monitor server health and perform tasks.

Microsoft Exchange Server Deployment Assistant

Microsoft’s Exchange Server Deployment Assistant is an online tool that produces a custom step-by-step checklist you can utilize during a server installation or upgrade. It first asks you questions about your current and desired deployment environment, such as the deployment type (on-premise, cloud, or hybrid), migration questions, desired features/functionality, and other miscellaneous caveats that impact the installation or upgrade.

Microsoft Remote Connectivity Analyzer

Microsoft’s Remote Connectivity Analyzer is a website with many tools to help test and troubleshoot connectively of Exchange servers, Outlook, Lync, OCS, Office 365, and POP, IMAP, and STMP email. Plus it offers downloadable Connectivity Analyzer Tools for local testing and a message header analyzer.

PFDAVAdmin and ExFolders
These are tools that enable you to perform tasks on Exchange public folders and mailboxes, such as checking or changing permissions. It can also connect to mailboxes, check the contents, and generate reports. PFDAVAdmin is for Exchange 2000, 2003, and 2007 and ExFolders is the updated version for Exchange 2007 and 2010 SP1 and later.

Jetstress

The Jetstress tool simulates disk I/O load on your server, allowing you to specify the amount of simulated Exchange users and profiles. This can help you verify the performance and stability of your server before installing Exchange and putting it into production-use.

Exchange Server Role Requirements Calculators

These are calculator tools that give sizing recommendations for your particular Exchange server roles for both client access and mailbox. The 2010 version is focused on mailbox calculations while the 2013 version includes recommendations on sizing Client Access servers too.

Exchange Environment Report

This Exchange Environment Report tool is from Steve Goodman and is a PowerShell script that generates an automatic overview of your Exchange environment. It supports Exchange 2003, 2007, 2010 and 2013 servers and database availability groups. It reports the number of and details about the servers, mailboxes, roles, and versions. It also gives you useful status on the Database Availability Groups (DAG) and non-DAG databases.

Exchange Reports

Exchange Reports offers reports on overall information about your Exchange Environment, supporting Exchange 2010 & Exchange 2013. You can keep an eye on configuration changes and status with Group Reports, Single Group Information, Mailbox Report, Single Mailbox Information, Message Tracking, and Environment Report.

The program doesn’t require any installation, but requires .Net 4.0, Powershell 2.0, and Remote Powershell access to the Exchange Server. Reports can be saved in history and also exported to Excel.

Microsoft Exchange Server MAPI Editor (MFCMAPI)

Microsoft’s Microsoft Exchange Server MAPI Editor (MFCMAPI) tool provides access to MAPI stores, useful when troubleshooting Exchange and Outlook issues, which can serve as a replacement to the old Microsoft Exchange Server Information Store Viewer. You can open and navigate through the message stores that are exposed through MAPI.

Free Exchange Monitor

The Free Exchange Monitor from SolarWinds supports Microsoft Exchange Server 2000 and 2003. It keeps tabs on the Exchange server stats, services, mail queue sizes, and host server health. In addition to notifying you of outages it can be useful in troubleshooting Exchange server problems and even help with pro-active monitoring, for instance detecting growing mail queues that can indicate bigger issues like transport failures, Internet connection failures, and virus activity.

Free Exchange Monitoring

This is another monitoring application, but from ManageEngine and supports Exchange Server 2003, 2007, 2010, and 2013. It gives stats on server health and Exchange services. It also provides details on the client access server, transport, Active Sync counters, and delivery aspects. You can generate real-time performance reports to be downloaded or emailed in PDF format.

Exclaimer Outlook Photos

Exclaimer Outlook Photos can help you import staff photos into the Active Directory so they’ll show up in the Outlook People Pane, SharePoint profile, and on Microsoft Lync. It can auto-match pictures from a batch to names or other data in Active Directory, and even automatically crop and center the photos as well.

Certificate Manager for Exchange 2007

Exchange 2007 enables SSL within IIS by default, but creating and managing SSL certificates via PowerShell commands can be confusing. However, the Certificate Manager for Exchange 2007 from U-BTech eases the process with a GUI.

You can generate an Exchange 2007 Certificate Signing Request and process the Certificate Authority and enable certificates for Exchange 2007 Services (POP, IMAP, SMTP, IIS, UM). Plus you can include additional subject names in a single certificate. It supports import and exporting as well.

Exchange PST Capture

Exchange PST Capture from Microsoft will search your network for PST files and then import those files to mailboxes in your organization. It supports both on-premises Exchange Server 2010 and 2013 and Exchange Online. This tool can help, for instance, during the initial deployment of an Exchange Server, to move local Outlook data files into the Exchange Server.

LINK

Exchange 2013 RMS Shared Identity user FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042 not found

Today I was re-installing Exchange 2013 into an Active Directory forest The schema was already extended with the Exchange 2013 schema extensions.

When installing Exchange 2013, installation of the Mailbox Transport role failed with the following error:

Error:
The following error was generated when “$error.Clear();
if ( ($server -eq $null) -and ($RoleIsDatacenter -ne $true) )
{
Update-RmsSharedIdentity -ServerName $RoleNetBIOSName
}
” was run: “RMS Shared Identity user FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042 not found.”.

FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042 is a Exchange 2013 built in arbitration user account which must exist in every Exchange 2013 environment. The GUID never changes, it is always “4c1f4d8b-8179-4148-93bf-00a95fa1e042”.

The setup failed because someone deleted this user account from Active Directory!

How can we get it back?

You have two ways to get this mailbox back. If you have a computer on your network with the Exchange 2010 management tools installed, you can create the user account using powershell with the following command:

New-Mailbox -Arbitration -Name FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042 -UserPrincipalName FederatedEmail.4c1f4d8b-8179-4148-93bf-00a95fa1e042@default_accepted_domain

For more information on this see Microsoft KB978776

What happens if you do not have exchange management shell installed on any computers? Well there is another way to get this account back. This account is originally created when you prepare the domain/schema. If you run setup.com /PrepareAD on your domain it will re-create this account for you. See below:

Exchange Server Active Directory Supportability Matrix

Operating system environment

Exchange 2013 SP1

Exchange 2013 CU2 and CU3

Exchange 2010 SP3 RU5 or later

Exchange 2010 SP2

Exchange 2007 SP3 RU13 or later

Windows Server 2008 R2 SP1 Active Directory servers

X

X

X

X

X

Windows Server 2012 Active Directory servers

X

X

X

X

X

Windows Server 2012 R2 Active Directory servers

X

X

X

  

X

Domain and forest functional level

Exchange 2013 SP1

Exchange 2013 CU2 and CU3

Exchange 2010 SP3 RU5 or later

Exchange 2010 SP2

Exchange 2007 SP3 RU13 or later

Windows Server 2008 R2 SP1 domain functional level

X

X

X

X

X

Windows Server 2012 domain functional level

X

X

X

X

X

Windows Server 2012 R2 domain functional level

X

  

X

    

Windows Server 2008 R2 SP1 forest functional level

X

X

X

X

X

Windows Server 2012 forest functional level

X

X

X

X

X

Windows Server 2012 R2 forest functional level

X

  

X

    

Cumulative Update 3 for Microsoft Exchange Server 2013

Issues that the cumulative update resolves

Cumulative Update 3 for Microsoft Exchange Server 2013 contains the fix for the security issue that is described in Security Bulletin MS13-061

(http://technet.microsoft.com/en-us/security/bulletin/MS13-061)

and resolves the issues that are described in the following Microsoft Knowledge Base (KB) articles:

  • 2865161 “Errors: Failed exporting item id: from source id” when you try to copy search results in an Exchange Server 2013 environment

  • 2866064 Can’t load OWA Premium by using Internet Explorer 11 in an Exchange Server environment

  • 2871980 Child domains are not displayed for selection when you create a mailbox by using EAC in an Exchange Server 2013 environment

  • 2874216 Security issue that is described in Security Bulletin MS13-061 is resolved by an Exchange Server update

  • 2878160 “The Active Directory user wasn’t found” error when you create or update an In-Place eDiscovery search in an Exchange Server 2013 environment

  • 2882608 Exchange Server 2013 does not share the inproxy.dll file

  • 2886115 Retention policies are not applied to Exchange Server 2013 mailboxes when user accounts are on different domains

  • 2888274 WebClientReadFormQueryString string and WebClientEditFormQueryString string return incorrect URLs in an Exchange Server 2013 environment

  • 2888315 Event 2112 or 2180 is logged when you try to back up a database in an Exchange Server 2013 environment

  • 2888612 Retention policy does not work after you run a cmdlet in an Exchange Server 2013 environment

  • 2889786 Sign-in format for Outlook Web App on mobile devices is not adjusted according to the Set-OwaVirtualDerictory cmdlet in an Exchange Server 2013 environment

  • 2890650 Items in the Drafts folder are not stamped with the retention policy tag in an Exchange Server 2010 or 2013 environment

  • 2895487 “Copy Search Results” option does not work in an Exchange server 2013 environment

  • 2895500 DBCS characters appear garbled when you run some PowerShell scripts in EMS in an Exchange Server 2013 environment

  • 2895678 “Nombre de usuario\dominio” is displayed unexpectedly on the Spanish version of the OWA and EAC logon pages in an Exchange Server 2013 environment

  • 2902929 You cannot forward an external meeting request in an Exchange Server 2013 environment

  • 2902933 “Generate incident report” does not display the “Bcc” field in an Exchange Server 2013 environment

  • 2902934 Korean language localization issue in Exchange 2013 OWA user interface

  • 2902936 You cannot change SMTP addresses for distribution groups by using EAC in an Exchange Server 2013 environment

  • 2902938 You cannot preview Office documents in shared folders by using Outlook Web App in an Exchange Server 2013 environment

  • 2902939 EMS connection error when you separately install an Exchange Server 2013 Mailbox server and a Client Access server

  • 2883203 Exchange Server 2013 restarts frequently after Cumulative Update 2 is installed

  • 2890814 No redirection to the Outlook Web App URL for Exchange Online users in an Exchange hybrid deployment

Download

Rollup 4 for Forefront Threat Management Gateway 2010 Service Pack 2

Issues that are fixed in this rollup package

2889345 FIX: Accounts are locked out beyond the AccountLockoutResetTime period in Forefront Threat Management Gateway 2010 SP2

2890549 FIX: Incorrect Performance Monitor values when queried from a .NET Framework app in Forefront Threat Management Gateway 2010

2890563 FIX: “URL” and “Destination Host Name” values are unreadable in the web proxy log of Forefront Threat Management Gateway 2010

2891026 FIX: Firewall Service leaks memory if Malware Inspection is enabled in Forefront Threat Management Gateway 2010

2888619 FIX: A password change is unsuccessful if a user’s DN attribute contains a forward slash and an Active Directory LDAP-defined special character in Forefront Threat Management Gateway 2010

2863383 FIX: “Query stopped because an error occurred while it was running” when you run a non-live query in Forefront Threat Management Gateway 2010 SP2

2899720 FIX: Threat Management Gateway 2010 incorrectly sends “Keep-Alive” headers when it replies to Media Player WPAD file requests

2899716 FIX: Firewall service (Wspsrv.exe) crashes when a web publishing request is handled in Forefront Threat Management Gateway 2010

2899713 FIX: Access to certain SSL websites may be unavailable when HTTPS Inspection is enabled in Forefront Threat Management Gateway 2010

Exchange Server 2013 Service Pack 1 Coming in Early 2014

Today on the Office blog Exchange Team announced that service pack 1 for the 2013 set of products including Office, SharePoint and Exchange will be released early next year. We know our Exchange customers have been looking for confirmation of the release but also have a desire for an early look at what’s coming with Exchange Server 2013 Service Pack 1 (SP1). So let’s have a first look a few things you can expect to see in SP1. But wait… we haven’t released CU3 – well, news about CU3 is imminent – stay tuned for more information about CU3 coming very soon.

In this post we are highlighting a few of the notable improvements to be included in SP1. This isn’t an all-inclusive list, so stay tuned for additional details as we approach release.

  • Windows Server 2012 R2 Support First answering one the most common questions since the release of Windows Server 2012 R2. Exchange 2013 SP1 will add Windows Server 2012 R2 as a supported operating system for Exchange Server 2013 with SP1. Let your planning begin.
  • S/MIME support for OWA Support for S/MIME in OWA will be brought back in SP1. With SP1 customers will have S/MIME support across Outlook, Exchange ActiveSync clients, and OWA.
  • Edge Transport Server Role The Edge Transport server role for Exchange Server 2013 will be available with SP1.
  • Fixes and Improvements Of course, SP1 will include fixes and improvements in areas you’ve helped us identity. SP1 is the first service pack issued in the new Exchange Server cumulative update release model – thus SP1 is essentially CU4. The installation of SP1 will follow the same process as the prior Exchange 2013 CU releases. SP1 will include all fixes included in previously released cumulative updates for Exchange 2013.

SP1 will require customers to update their Active Directory schema – customers should assume this requirement for all Exchange Server 2013 updates. Plan for this required update to quickly take advantage SP1 updates. Active Directory Schema updates for Exchange are additive and always backwards compatible with previous releases and versions.

Creating a Home Drive with Windows PowerShell

With the following script I will do 3 things:

1. Set the user his home folder with drive letter
2. Create a folder on your home folders file share
3. Giving users full control on there folder.

 

The Script:

Get-ADUser -Filter * -SearchBase “OU=wardusers,DC=wardvissers,DC=local” | Foreach-Object {
$sam = $_.SamAccountName
$sid = $_.Sid
$HomeDrive=’J:’
$Domain=wardvissers.local’
$UserRoot=’\\wardvissers.local\dfs\home\’
$HomeDir=$UserRoot+$sam

# Assign the Drive letter and Home Drive for the user in Active Directory

SET-ADUSER $sam –HomeDrive $HomeDrive –HomeDirectory $HomeDir

# Create the folder on the root of the common Users Share

NEW-ITEM –path $HomeDir -type directory -force

$account=$Domain+’\’+$Accountname

# Set parameters for Access rule

$rights=[System.Security.AccessControl.FileSystemRights]::FullControl
$inheritance=[System.Security.AccessControl.InheritanceFlags]”ContainerInherit,ObjectInherit”
$propagation=[System.Security.AccessControl.PropagationFlags]::None
$allowdeny=[System.Security.AccessControl.AccessControlType]::Allow
$dirACE=New-Object System.Security.AccessControl.FileSystemAccessRule ($sid,$rights,$inheritance,$propagation,$allowdeny)
$dirACL=Get-Acl $HomeDir

$dirACL.AddAccessRule($dirACE)

Set-Acl -path $HomeDir -AclObject $dirACL

Write-Host $HomeDir access rights assigned

}

Translate »