Exchange 2010 and Business Reason to upgrade

It has been long time waiting being able to talk about Exchange 2010. I am going to list tree business reason why everyone will go for upgrading to Exchange 2010, the business justification always been to driving factor behind the upgrades in my opinion and if you wont upgrade to exchange 2010 you will lose $$$$ (-:

Business Reasons

1. COST
2. COST
3. COST

Yes, if you keep reading other posts coming soon you will understand how much you will save and how much benefits and improvements exchange 2010 is going to bring on the air (-:

I am so excited to talk about the **BEST** version of exchange  ever, when you learn about the futures and the changes in exchange 2010, you will be very happy and upgrade your exchange to 2010 without loosing time (-:, just because it makes so much sense for upgrade!!!!!!

Oz Casey Dedeal

MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

Http://smtp25.blogspot.com (Blog)

Https://telnet25.spaces.live.com (Blog)

Https://telnet25.worldpress.com (Blog)

How to configure Helpdesk mailbox and delegate send behalf of rights to Distribution Group

Scenario:

Business needs to create mailbox called helpdesk to keep track of new helpdesk e-mail. The helpdesk consist of several team members and they all need to monitor helpdesk mail box and also send mail as helpdesk mailbox while the members logged into their own workstation.

If you wish to download the full document please click  here

Steps:
Use GUI EMC (Console) to create desired mailboxes.

1. Helpdesk@telnet25.org ( mailbox)
2. Tier1@telnet25.org (mail enabled Universal Distribution Group) the reason why we are creating DL is to make all helpdesk team members to make a member of this DL called Tier1. This will give us ability to assign proper right to the Group and simply manage the rest of the operations by adding users in it.

Reference

Adding mailbox permission “helpdesk” for user “Tier1″ with access rights “‘FullAccess’

Add-MailboxPermission helpdesk -AccessRights FullAccess -User Tier1

Removing mailbox permission “helpdesk” for user “Tier1″ with access rights “‘FullAccess’”

Remove-MailboxPermission helpdesk -AccessRights FullAccess -User Tier1

Adding Active Directory permission “helpDesk” for user “Tier1″ with access rights “‘all’”.

Add-MailboxPermission helpdesk -AccessRights Sendas -User Tier1

 

Remove-MailboxPermission helpdesk -AccessRights Sendas -User Tier1

 

Add-ADPermission helpDesk -ExtendedRights all -User Tier1

Removing Active Directory permission “helpDesk” for user “Tier1″ with access rights “‘all’”.

Remove-ADPermission helpDesk -ExtendedRights all -User Tier1

Adding Active Directory permission “helpDesk” for user “Tier1″ with access rights “’send-as’”.

This also adds send as rights on the Helpdesk mailbox for Tier 1 Group. Initially if you go to exchange server and open EMC, find the Helpdesk mail enables user account, right click, pick send as permissions and assign it to Tier1 Group, you will notice the AD object will get the same effects and send as right will be give to Tier1 group on Helpdesk object. Below command achieves same results from EMS.

 

Add-ADPermission helpDesk -ExtendedRights send-as -User Tier1

 

Removing Active Directory permission “helpDesk” for user “Tier1″ with access rights “’send-as’”.

This also removes send as rights on the Helpdesk mailbox for Tier 1 Group

Remove-ADPermission helpDesk -ExtendedRights send-as -User Tier1

 

Finally we will set Grand Send on Behalf right to Tier1 group for helpdesk mailbox.

Set-DistributionGroup -Identity Tier1 -GrantSendOnBehalfTo Helpdesk

 

Another example assigning Grand Send on behalf right to another mail enabled user.

Set-Mailbox –ID HelpDesk –GrantSendOnBehalfTo Odedeal

 

Remove-MailboxPermission -ID helpdesk -User Tier1 -AccessRights FullAccess

 

Step one:

Make sure you have already created helpdesk mail box as well as mail enabled group called Tier1 (Change the names as you wish). Also make sure you have added appropriate members into Tier1 mail enabled group.

• Open EMS
• Type or copy & paste below command.
• As you can see after this command is issues, members of Tier1 Group will be able to bring helpdesk mailbox as additional mailbox on to their outlook shown below.

Add-MailboxPermission helpdesk -AccessRights FullAccess -User Tier1

 Adding Mailbox Permission, we mailbox called Helpdesk and Mail Enabled Universal Security Group called Tier1. The command below will add Full access rights to Helpdesk for Tier1 Mail Enabled Universal Security Group.

Note: If your account is member of Tier1 Group you will be able to log in to outlook as yourself and by going properties of your mailbox (where your name appears within the outlook) and add Helpdesk mailbox as second mailbox to your own, so that you can monitor it.

This is also useful to troubleshoot a user problem, assign the rights to yourself and Plug the trouble mailbox to your own and when you are done remove the rights.

• Properties
• Advance
• Advance
• Click Add
• Type the name of the mailbox (Helpdesk)
• Click Ok two times to get out

Remember this does not grand the Tier1 Group send as helpdesk mailbox and most likely the person who monitors this mailbox will need ability to “send as” Helpdesk while they logged in as themselves. If you try to send mail as if coming from helpdesk you will receive

“You don’t have the permission to send the message on behalf of the specific user”

Step 2:

AD Send as Permission ON AD object as well as Mailbox itself

Add-ADPermission helpdesk -ExtendedRights send-as -user tier1

 

Remove AD Send as permission.

Remove-ADPermission helpdesk -ExtendedRights receive-as -user tier1

 Note: This command will modify AD Object permissions for helpdesk mailbox as well as Exchange mailbox rights as it is shown below windows.
To see AD rights from command line

Get-ADPermission HelpDesk |fl

 

Step 3

Note: remember we are assigning Send behalf rights to a mail enabled Group in this example

Set-DistributionGroup -Identity Tier1 -GrantSendOnBehalfTo Helpdesk

 

If we were doing the same work for user1 needs send behalf right to user 2 we would do this

Get-MailboxPermission -Identity HelpDesk -User Tier1

 

You can run the following command to verify that the mailbox permissions applied successfully:

Oz ozugurlu

Oz ozugurlu MVP (Exchange)

MCITP (EMA), MCITP (EA) MCITP (SA),

MCSE (M+, S+) MCDST,

Security+, Server +, Project+

Blog:smtp25.blogspot.com

Blog: telnet25.wordpress.com

Exchange Free / Busy

 

The Free/Busy information could not be retrieved when we access from Ms Outlook 2007. The environment has Mailbox server, CAS server and ISA 2006.
Let’s take a look at the free busy information on Exchange 2003 first. What is a free busy data? It is the data within outlook shows users published availability information based on their Calendar information. (Individual schedule)

Exchange 2000&2003 FB

In exchange 2000/2003 Free Busy is stored in dedicated public folder called SCHEDULE+FREE BUSY. This folder also contains several subfolders for each administrative group. When user publishes FB data (outlook calendar appointment, etc) this information gets stored suitable FB subfolder

What happens if this folder is missing or corrupted in exchange 2003, users will get error indicating “Unable to update public free/busy data

http://support.microsoft.com/kb/284200

Exchange 2007 FB

What change in Exchange 2007, where is free /busy being stored? The new service called Availability Service in exchange 2007 handles the Free/Busy information. The free/busy process works by downloading information directly from the calendar in the mailbox. The FB information read from the client, so client is responsible for generating it.

Exchange 2007 will not store FB data on the public folders and eliminated unnecessary replication in exchange environment. The service deployed via CAS server role, the outlook client 2007 will discover the availability service via Autodiscover.

• Remember outlook client will use Autodiscover service to use Availability service and retrieve free, busy information from CAS server.
  
• Outlook 2007 employs availability service, whereas outlook 2003 clients still use public folders.
  
• Availability service has ability to contact legacy exchange server, public folder and retrieve FB information
  

Here is excelled post explaining FB generation, after reading the post you will quickly realize the client will publish the FB information to the Server and things are changed in exchange 2007.

http://msexchangeteam.com/archive/2006/08/04/428597.aspx

What does Exchange 2007 Availability Service Do?

http://msexchangeteam.com/archive/2006/10/23/429296.aspx

Troubleshooting Free Busy in Exchange 2007

If free/busy is not working properly in exchange 2007, Autodiscover service or the Availability service needs to be investigated for the problem.

Troubleshoot the auto discovery connectivity on outlook 2007, turn on diagnosing login and investigate “olkdisc.log”

• Logon to Outlook to troubleshoot the issue
  
• Click Tools, Options, click the other tab, click Advanced Options.
  
• Select Enable logging (troubleshooting), click ok.
  
• Restart Outlook 2007, and then try to view free/busy information for another user.
  
• In Microsoft Windows, click Start, click Run, and then type %temp%.
  
• In Windows Explorer, open the olkdisc.log file and locate the files in the olkas directory.
  
• The information that is contained in this directory can frequently provide information about which service is not functioning correctly.
  

Exchange Management Shell to test the Availability service

Open EMS (Exchange management Shell)

Test-OutlookWebServices -id:user1@smtp25.org -TargetAddress: user2@smtp25.org

 

Note:

I have seen troubles when single certificate is being used for exchange 2007 server with CAS and ISA 2006. The external published URL webmail.myCompany.com is mapping the ISA virtual IP address and it is getting routed to the CAS server IP, trough the ISA.

The name in the certificate wont math the CAS server name and therefore the warning message will appear when starting Outlook 2007 and then connect to a mailbox that is hosted on an Exchange 2007-based server: “The name of the security certificate is invalid or does not match the name of the site”

After following the steps explained in the KB 940726, make sure the record publish for outside Webmail.MyCompony.com is pointing to internal CAS server

http://support.microsoft.com/kb/940726

The clients who will connect from outside will go through Firewall, ISA, and CAS server. Internal clients will connect to CAS server directly. If you do have more than one CAS server to achieve round robin behavior and bring some redundancy for internal OWA users, create multiple A records for each CAS server, as

• Webmail.MyCompany.com=10.10.10.15 (CAS01)
  
• Webmail.MyCompany.com=10.10.10.16 (CAS02)
  
• Webmail.MyCompany.com=10.10.10.17 (CAS03)
  

Make proper changes on the IIS each CAS server (redirection to OWA folder). The Form base authentication won’t be available for internal OWA users since turning it on will break the ISA configuration.

To see the Directories

Get-AutoDiscoveryVirtualDirectory | FL

 

Set-ClientAccessServer -Identity EXCCAS01 -AutodiscoverServiceInternalUri https://webmail.smtp25.org/autodiscover/autodiscover.xml

 

Set-WebServicesVirtualDirectory -Identity “EXCCAS01\EWS (Default Web Site)” -InternalUrl https://webmail.smtp25.org/ews/exchange.asmx

 

Set-OABVirtualDirectory -Identity “EXCCAS01\oab (Default Web Site)” -InternalUrl https://webmail.smtp25.org/oab

Troubleshooting Free/Busy Information for Outlook 2007

Follow the link below

http://technet.microsoft.com/en-us/library/bb397225.aspx

Note:

There is also way to force outlook 2007 to look for FB information on the PF folders

HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Options\Calendar Value Type: DWORD Value Name: UseLegacyFB Values:0 or not set (default behavior which is to use the Availability Service) or 1 (use Public Folder based Free/Busy information)

 

Oz ozugurlu MVP (Exchange)

MCITP (EMA), MCITP (EA) MCITP (SA),

MCSE (M+, S+) MCDST,

Security+, Server +, Project+

Blog: http://smtp25.blogspot.com/

Blog: http://telnet25.wordpress.com

Offline defrag & Exchange maintenance

Should offline defrag be considered as one of the scheduled maintenance task for Exchange administrators? The short answer is going to be “No”. The simple reason behind this, taking Exchange offline will cause “Outage” and if there is no space gain (white space, 30 percent usable space) there is no point of performing offline defragmentation at any cost.

Let me state this up front, those of you who are running enterprise version of Exchange should never perform offline defrag and cause outage, you need to create empty database and move user mailboxes

(In the night& off business hours) onto it and delete the old one contains white space. (Assuming you does have at least, one mail store available to achieve this goal.)

The process behind running offline defrags is that, exchange wont takes existing database and remove the white pages out the database and makes it ready to use. It Instead it copies used pages from old database and creates new database. When copy pages finishes it re-point the logs to the new database and it assigns nee signature to it.

How do we know if we need to perform offline defragmentation, the Exchange server’s application logs “1221″ will tell you how much white space (unusable)

Here is great article goes deep into 1221

http://blogs.msdn.com/jeremyk/archive/2004/04/09/110553.aspx

Here is MS team blog goes deep into

http://msexchangeteam.com/archive/2004/07/08/177574.aspx

Best,

Oz ozugurlu MVP (Exchange)

MCITP (EMA) , MCITP (EA ) MCITP(SA),

MCSE (M+,S+) MCDST, Security+, Server +,Project+

Blog: http://www.smtp25.blogspot.com/