MsExchange Blog Spot Telnet25

May 22, 2015

Export All SMTP Addresses & Exchange 2010

Filed under: General — telnet25 @ 4:24 pm

If you would like to export all SMTP proxy addresses into CSV file to be used for your discovery or preparation for office 365 migration , here is simple PS script to complete the task.

Here is an example of user with three SMTP proxy address, we will capture all SMTP addresses for all users and provide output to CSV file.

image

Get-Recipient -Identity Aki.Armstrong | Select Name -ExpandProperty EmailAddresses

image

Now we want to capture all the SMTP proxy Addresses

Get-Recipient -Identity Aki.Armstrong | Select Name -ExpandProperty EmailAddresses | select Name,SmtpAddress

image

Now we need to add ( make sure you have the Temp directory under C drive or change the output as you wish to make it fit into your particular scenario.

Export-Csv C:\temp\All_SMTP_Proxy_Addresses_List.csv

Last thing is to make sure we add  -ResultSize Unlimited  ( this will be required if the query runs against more than 1000K recipients)

Get-Recipient -ResultSize Unlimited  -Identity Aki.Armstrong | Select Name -ExpandProperty EmailAddresses | select Name,SmtpAddress | export-csvC:\temp\All_SMTP_Proxy_Addresses_List.csv

the CSV file will look similar to this one

image

If you like to collect more data, you can also use  Get-member to see all available properties and adjust your output per your needs from available property list

image

 

Get-Recipient -Identity Aki.Armstrong | Select-Object Name,EmailAddresses,ServerName

image

 

Oz Casey, Dedeal  ( MVP North America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
https://telnet25.wordpress.com/ (Blog)

Twitter: https://twitter.com/message_talk

May 13, 2015

Exchange 2013 unattended Installation step by step documentation

Filed under: General — telnet25 @ 4:10 am

We will use unattended installation to install Exchange 2013 server into existing Exchange 2010 SMTP organization. These simple steps can easily reduce the time it takes to install Exchange 2013 servers into your environment.

Assumptions:

Exchange 2013 will be installed into existing Exchange 2010 SMTP organization environment.

Exchange 2013 Calculator and proper sizing for the environment:

Sizing for Exchange 2013 has been completed per Microsoft best practices. This is where you do not want to make any mistakes and hopefully invested a good month of time to complete the correct build per the given environment.

Active Directory Schema has been updated, Upper schema range has been updated:

Environments  require change control process , and process oriented ( regulated) it is best to perform schema changes ahead of time, rather performing with first Exchange 2013 server installation. My simple reasoning is, schema changes are critical, and one way street. Changes to schema and .DIT database should be treated as a major task. Performing schema changes ahead of time and let it baked also provides proof of concept to your client.

Perform following task from Windows 2012 R2 Server (All Exchange 2013 Servers)

  • Log into Windows 2012 R2 Server via RDP
  • Use your administrator account and privileges
  • Open Windows PowerShell. ( With administrator privileges)
  • Run the following command to install the required Windows components

You can copy and paste this into PowerShell:

Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation

After you’ve installed the operating system roles and features, install the following software in the order shown:

Make sure the server has been added to domain , it has static IP address and it has been configured to be in compliance with your environment.( All security patches and other required software has installed and configured)

Make sure you have obtained all required approvals and satisfied your change management process and scheduled this installation in the LAB (production like environment) first and after successful implementation you may deploy same solution in the production environment.

Test before you do it in the production, catch any issues may raise up and document the fixes as you plan production installation.

LAB preparation: ( Please make sure this fits into your needs)

Widows Server Enterprise Edition R2 is installed the drive and LUN assignment are present as follows:

  • C: 120 GIG (OS Drive & Exchange binaries)
  • E: 20 TB (LUN)
  • D: CD-ROM

Copy and save below simple code into notepad and re-name the file as “Install.ps1” note: change any of the parameters as you wish.

################################################################

# Install Exchange 2013 Server Unattended Install File

# Prepared by Oz Casey, Dedeal

# http://smtp25.blogspot.com

# Roles /m:install /r:C,M

# Logfolderpath E:\Logs\DB1

# Dbfilepath E:\DatabaseFiles\DB1.edb

# Accept LA IAcceptExchangeServerLicenseTerm

#################################################################

D:\setup /m:install /r:C,M /TargetDir:"C:\Program Files\Microsoft\Exchange\V15"’/Dbfilepath:E:\DatabaseFiles\DB1.edb /Logfolderpath:E:\Logs\DB1’ /IAcceptExchangeServerLicenseTerms

 

image

Open PS command prompt and execute the PS script to kick off the installation.

image

image

image

image

Simple and easy now you can deploy more servers quickly and easy by following these steps listed in this article.

Source

Oz Casey, Dedeal  ( MVP North America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
https://telnet25.wordpress.com/ (Blog)

Twitter: https://twitter.com/message_talk

May 11, 2015

Exchange 2016 Supported Scenarios

Filed under: Exchange 2016 — telnet25 @ 5:05 pm

Exchange 2016 and its futures announced at ignite 2015. Many exciting futures are on the way. Here is summary of topology requirements and few of the highlights, what has changed with Exchange Server 2016.

  • Single Role = Mailbox Server Role ( Prior to Exchange 2016, multi-role deployments were MS best practices, With E16 , there is no choice but single role (-:
  • Edge Role will be released with RTM release.
  • CAS Server role has been transitioned into Client Access proxy , service components. At this point all server roles collapse into single Mailbox Server role.
  • DAG no longer requires administrative access point. Only two operation systems are required Windows 2012 and Windows 10 Server.
  • Mailbox Connectivity the protocol instance is always local to the active database copy. Once the request reaches to correct mail Server all required connectivity stays on that server
  • Rendering data will occur on the Server which hosts the active mailbox, OWA clients etc.
  • Creating
  • Clients wont connect directly to MBX role, all connectivity will go trough Client Access Service located on the MBX Server. Entire CAS server role has been moved into  CAS Service
  • Maximum 16 Mailbox Servers Per DAG
  • 100 database copies/Server
  • Due to recent architectural changes done, Database failovers are 33% faster compared to Exchange 2013. How passive database copies are accessed is changed in Exchange 2016.

image

 

source:

http://blogs.technet.com/b/exchange/archive/2015/05/05/exchange-server-2016-architecture.aspx

Oz Casey, Dedeal  ( MVP North America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
https://telnet25.wordpress.com/ (Blog)

Twitter: https://twitter.com/message_talk

May 3, 2015

Exchange 2016 and Future

Filed under: General — telnet25 @ 9:28 pm

Ignite is going alive real soon less than 17hr as I write this blog. Those of you who are attending will be getting tons of rich content and meet with Exchange 2016 at ignite.

What we should expect from the new release of Exchange 2016. As you might have already noticed from  the IT evolving business, the push for cloud world is increasing each year and one way or other many businesses are moving into cloud space. At the least hybrid configuration is fairly common among agencies.

Few highlights provided by MS Exchange team,

To highlight a few examples:

  • A new approach to document collaboration that makes it easy to send links and collaborate without versioning issues of attachments
  • Faster and more intelligent search, to help users quickly find what they need in their mailboxes and calendars
  • Significant improvements to eDiscovery search performance and reliability
  • Better extensibility, including new REST-based APIs for Mail, Calendar, and Contacts that simplify web and mobile development

 http://blogs.technet.com/b/exchange/archive/2015/04/15/coming-soon-a-first-look-at-exchange-server-2016.aspx

If we consider how much Microsoft has invested to Cloud and its surrounding technologies and infrastructure , it is very easy to predict or make educated guess that only online version of most major applications will continue to grow and get better, while on premises versions might not offer all of the futures.

The changes are inevitable , adapting these changes for IT Pros will occur one way or other. On premises version of  major applications might be lacking from future development unless the businesses start investing their own infrastructure to support these application and their managed environment.Of course all these are assumptions with what I have been seeing over few years.

I will come back and update this article especially with improvement related to Exchange 2016 on premises and some of the Office 365 highlights. Office 365 has evolved over the years and now it is providing supper reasonable solid messaging platform to many businesses. Extending Office 365 to Government and its related agencies seems to be also expending, although Government agencies are very slow to adapt these IT changes.

image

Advantage of office 365 are pretty obvious. The new future releases with office 365 very easy to adopt in general, less to manage, less to worry.

Looking forward for ignite news for Exchange 2016 both on premises and Office 365 platforms.

Oz Casey, Dedeal  ( MVP North America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
https://telnet25.wordpress.com/ (Blog)

 

 

March 30, 2015

Running ExFolders in Exchange 2010 server generates following errors.The Active Directory User wasn’t found.

Filed under: General — telnet25 @ 3:29 pm

Running ExFolders in Exchange 2010 server generates following errors.

An error occurred while trying to establish a connection to the Exchange Server. Exception The Active Directory Use wasn’t found. The reason for this error is “empty Servers container” present within the “old admin groups” within the Exchange organization. To be clear what needs to be deleted is “Empty Servers Container” and leaving old administrator group alone. The issue described is also most likely is causing PF replication issues in your organization and most common reason of this issue is completing Exchange 2003 migration by taking out last Exchange 2003 server from environment.

image

image

The fix is fairly simple , open ADSI Edit  Connect to Configuration Partition and delete the empty Servers container ONLY!!!!

  • CN=Configuration,DC=ZtekCorp,DC=org
  • CN=Services
  • CN=Microsoft Exchange
  • CN=ZtekZone
  • CN=Administrative Groups
  • CN=Messaging Servers
  • CN=Servers

image

save the changes and verify the ExFolders works as expected and the issue with PF replication is no longer exist. It is pretty safe to delete the empty server container as long as you wont mess with Old administrator group alone.

http://blogs.technet.com/b/exchange/archive/2010/05/05/3409916.aspx

Oz Casey, Dedeal  ( MVP North America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
https://telnet25.wordpress.com/ (Blog)

Twitter @Message_Talk

March 26, 2015

Running MAP Toolkit for SQL and Exchange Server related reporting.

Filed under: General — telnet25 @ 4:00 pm

MAP toolkit is pretty impressive tool set from Microsoft and it is free. You can perform real simple application related queries ( SQL,Exchange Server ,Oracle ,Desktop,Virtualization etc.) and produce powerful and useful information for the given environment. The MAP toolkit helps increase the agility and cost effectiveness of deploying the latest Microsoft technologies and it provides pretty comprehensive reports. It is worth it to have MAP toolkit  in the environment and it can be pretty valuable tool.

image

Installation MAP is pretty straight forward , I will list the steps and some of the tweaks to save some time.

  • Install MAP tool
  • Create repository database by clicking on file and selecting Create/Select Database

clip_image001

  • Provide name to your database and click on the bottom

clip_image002

  • Verify the database has been created

clip_image003

  • Click Database and under SQL Server Discovery , we will run our fist query

clip_image004

  • Click Collect Data

clip_image005

  • Select SQL servers ( the information pane is very useful it provides detailed information about what has been selected)

clip_image001[4]

  • We will first run SQL server query and come back to run SQL server with Database Details query

clip_image002[4]

  • We will use pre defines text file to import the servers we would like to use for the scan m click next, the text file will have SQL server names in a simple fashion.

clip_image003[4]

  • Click next

clip_image004[4]

  • Click Save and next

image 

  • Click next again, on the import files click "Create"

clip_image001[6]

  • Click "Add"

clip_image002[6]

  • Locate the text file
  • Select "Use All Computers credentials list"

clip_image002[8]

  • And click save

image

  • Click next on the summary page my sure you have captured all you need to run the query

clip_image004[6]

  • Now the query will run against the server provide by the list

clip_image005[4]

  • You will see the numbers will go up as the MAP toolkit discovers and adds the SQL server into inventory

clip_image006[4]

  • You can click on details to see more information

clip_image007

  • Once it is complete , click close
  • Now click on SQL discovery and under options you will have reports you need

clip_image008

image

clip_image010

  • Now export the SQL data by clicking on it

clip_image011

image

  • You can copy and paste these reports onto your workstation.

clip_image013

If you open exported Excel spreadsheet you will find very useful and comprehensive data  for your environment.

 

Location of Local MAP inventory databases

  • C:\Users\UserName \Documents\MAP\Database Backups
  • You can export and import the databases to be used and shared among administrators.

Diagnostic Logging for MAP (Troubleshooting)

  • Location of Map Toolkit.log file C:\Users\UserName\AppData\Local\Microsoft\MAP
  • Each time the MAP tool runs it creates section similar below, this will help for troubleshooting issues to see what is going on.

clip_image001[10]

Firewall Ports for MAP to run properly

  • Will need to open ports 135 and 1024-65535, ( source to destination) the reason for this has to do with the way RPC works. WMI uses DCOM to communicate with remote machines, and DCOM uses RPC extensively.
  • Use Port scanner to determine the ports on the destination and ask assistance firewall team

Resources:

Oz Casey, Dedeal  ( MVP North America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
https://telnet25.wordpress.com/ (Blog)

Twitter @Message_Talk

February 26, 2015

File Share Witness & Exchange 2013

Filed under: General — telnet25 @ 4:28 am

In a DAG ( Exchange 2013) to have ability to perform automatic failover requires three separate physical network locations.In the scenario below two redundant datacenters for DAG and third datacenter is used (Azure Network.) for Witness server for DAG1. If you look carefully you will realize we used two different Active Directory Site for DC1 and DC2 and stretched the DAG1 on both datacenters. We placed Domain controller on the Azure network and created AD site. ( Enabling FSW on the DC  while possible it is not recommended configuration)

Organizations with only two physical locations now can also take advantage of automatic datacenter failover by using a Microsoft Azure file server virtual machine to act as the DAG’s witness server.

This configuration requires a multi-site VPN. It has always been possible to connect your organization’s network to Microsoft Azure using a site-to-site VPN connection. However, in the past, Azure supported only a single site-to-site VPN. Since configuring a DAG and its witness across three datacenters required multiple site-to-site VPNs, placement of the DAG witness on an Azure VM wasn’t initially possible

How to configure Azure network for FSW is documented here

In this configuration several things to be considered.

  • Make sure your operational  requirements meets the usage of the Azure Network
  • Initials configuration extending Azure network to your data centers will require addition network configuration and the work is  documented on the link provided above.
  • You will need to pay as you go within the Azure Network. ( remember Cloud is not cheap)
  • Having Domain Controller AND extending your network to Cloud could help you if your plans to move into Cloud at some point.
  • Configure Multi Site VPN documented here

 

image

 

v/r

Oz Casey, Daedal  ( MVP North America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
https://telnet25.wordpress.com/ (Blog

February 23, 2015

Outlook Connectivity With Exchange 2013

Filed under: General — telnet25 @ 3:32 am

 

There are major changes within Exchange 2013 compared to Exchange 2010. The way Outlook Client connect to Mailbox Server to get its mail data is  “simplified” there is no need for middle tier with Exchange 2013. The way I see,  as long as Exchange Server and its architecture requires less IOPS to operate, there will be more room for improvements and simplicity.

image 

  • User Logs into workstation, it authenticates to active directory with a valid user name and password.
  • User opens Outlook at the first time, outlook performs AutoDiscover Lookup to figure out logged in user mailbox GUID.
  • Outlook connects to CAS Server, and CAS Authenticates the request (Exchange 2013) using HTTP, it provides mailbox GUID as its endpoint to CAS array.
  • CAS takes this information and performs Active Directory lookup
  • AD will provide the user information back to CAS Server
  • CAS server will make a query to Active Manager Instance, which runs inside the “Microsoft Exchange Replication Service” on all Mailbox Servers
  • Active Manager Instance will pull information about requested user mailbox, the name of the mounted database (Active DB) and the Mailbox server name.
  • CAS proxies the request to Mailbox Server hosting the active copy of database.
  • The data rendering happens on the backed Mailbox Server
  • The affinity for user connection is no longer needed on the CAS level.

image

Source:

http://blogs.technet.com/b/exchange/archive/2013/01/25/exchange-2013-client-access-server-role.aspx

Oz Casey, Dedeal  ( MVP North America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
https://telnet25.wordpress.com/ (Blog

January 26, 2015

Microsoft Ignite 2015

Filed under: General — telnet25 @ 12:09 pm

In the past years Microsoft has delivered multiple conferences, with  Ignite we start seeing consolidation of all , the Exchange, SharePoint, Lync, Project, and TechEd conferences.

This gigantic event will be held at May 4-8, 2015 in Chicago, IL and open for all interested.

image

If you curious how much it will cost you here is a pick view

Pass Options to pick from

  • Full Conference Pass = $2,220
  • Plus Pass = $495
  • Plus Pass: Chicago $495
  • Plus Pass: Limited Edition $195
  • Day Pass = $500
  • Expo Only Pass = $300
  • Student = $995
  • Academic Faculty and Staff Discount = $1,220

Registration 

I personally do not like huge conferences, My reasoning is too many good stuff and limited time to to attend and digest all. Those of you who are lucky to make upcoming Ignite will feel reasoning.

The content of the ignite look incredibly rich and exciting by the way if you like to see the content, take a look some of the highlights

Have fun everyone who will be at the ignite 2015.

Oz Casey, Dedeal  ( MVP North America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
https://telnet25.wordpress.com/ (Blog

December 11, 2014

Recovering Active Directory From Total Lost Disaster Recovery Basic Steps.

Filed under: General — telnet25 @ 4:19 am

In this article I will help you to understand, how to recover your entire forest from total lost. Many networks these days do have multiple domain controllers and especially on enterprise networks losing all available domain controllers less likely but still possible. If you do not have published SOP for recovering your Active Directory Forest the steps in this article might provide you frame work you need.

Scenario: Entire datacenter is gone, you do have your backup and infrastructure ready on the second data center.

Note: backup at least two Domain controller from each domain regularly to preserve better recovery option when needed.

Note: per Microsoft it is not recommended to restore FSMO role holder in the interest of simplicity.  (Forest recovery white paper)

image

now we lost DC1 , and we must recover Entire Forest /Domains from tape backup.

image

Steps:

  1. Prepare VM host on the DC2 , ready to be deployed
  2. Make sure each VM is able to talk to ( TCP/IP) your backup media Servers in the DC2
  3. Recover first Domain Controller on the Forest Root from good tape backup (SystemState)
  4. You will need to know DSRM administrator user name and password
  5. Reboot into  DSRM (Directory Services Restore Mode) mode by pressing F8 key after successful restore.
  6. Install VM host integrated Drivers ( Do not remove any of the existing drivers came with image, it could cause blue screen)
  7. Disable all Physical NIC cards , un-check option register this connection into DNS on all the NIC’s which are no longer being user. Domain controllers in general do not need more than single NIC.
  8. Make sure all Disks for the Recovered DC is configured correctly ( SYSVOL and .DIT )
  9. Bring all Disks online , make sure correct disk labeling is in place ( same as lost DC )
  10. Verify SYSVOL and .DIT exist after successful recovery
  11. Configure TCP/IP  IPV4 or IPV6 properties based on your needs, you can use different IP address schema, domain controllers will register their new IP addresses and their DC related DNS records into DNS on the first reboot.
  12. Reboot the DC into regular mode
  13. Wait for SYSVOL to become available ,
  14. login to DC with Domain administrator privileges
  15. Perform an authoritative  SYSVOL restore Set BurFlags to D4
  • Click Start, and then click Run.
  • In the Open box, type cmd and then press ENTER.
  • In the Command box, type net stop ntfrs.
  • Click Start, and then click Run.
  • In the Open box, type regedit and then press ENTER.
  • Locate the following subkey in the registry:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup

  • In the right pane, double-click BurFlags.
  • In the Edit DWORD Value dialog box, type D4 and then click OK.

From command prompt type “net Share” to verify SYSVOL is shared.

Perform metadata cleanup ( Windows 2008 use ADUC ) or NTDSUTIL , if you are in large environment using ADUC is much faster, simply locate the DC computer object and select delete.( Related Link )

Tip: If you leave the FSMO Role holders to last to FSMO role DC’s will force FSMO Seizure to surviving DC ( one last step to worry about seizing the FSMO Roles)

  1. Reset machine account twice
  2. Reset the krbtgt account password twice
  3. Reset all trust passwords
  4. Seize the FSMO roles if you have not done it already
  5. Delete all orphan KCC replication connections
  6. Clean up DNS, Name Servers , Forwarders , Stale CNAME, Glue records, delete them all.
  7. Promote second DC on the root domain, if you have single label domain name space at this point you would DCPROMO other DC’s.
  8. On the Child Domain Restore First Writable Domain Controller
  9. Log into DSRM mode
  10. Perform all initial steps done on the previous restore
  11. Make sure TCP/IP properties Primary DNS for Child Domain controller is pointing to Root DC.
  12. Reboot restored Child Domain controller into regular mode.
  13. Wait for SYSVOL to be available
  14. Log into DC
  15. You need to set BurFlags to D2 on the child domain controller , if you wont do this SYSVOL folder will disappear after some time.
  16. Use RepAdmin  to make sure replication from Child to Parent is working
  17. Perform Metadata Cleanup
  18. Perform FSMO Role Seizure.
  19. Check to make sure DNS comes up.
  20. Cleanup all stale CNAME,A , GLU, RDNS entries 
  21. Make sure DC’s are stable
  22. Start planning your application servers recovery and have fun (-:

DCDiag and RepAdmin are two of the most powerfull command line tools use them.

dcdiag /V /C /D /E /s:DCname > C:\temp\DcDiag.txt

image

Oz Casey, Dedeal  ( MVP North America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
https://telnet25.wordpress.com/ (Blog

Download Forest Recovery White Paper

Next Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 39 other followers