MsExchange Blog Spot Telnet25

September 18, 2015

Schema Updates Windows 2012 R2

Filed under: Windows 2012 — telnet25 @ 3:57 pm

Schema updates are important task and it is necessary for applications Operations systems etc. Active directory Schema updates can be done ahead of time or it can be done with installation of first operating system or the application ( most of the time )

In cases where schema updates needs to be done separate ahead of time , you would need to build step by step upgrading schema implementation plan. After extending schema you would need to make sure , existing applications would continue to work.

Testing Active Directory Schema updates can be trick task as schema updates are “One Way”  meaning the schema updates needs to get done on your domain controller holds the schema master FSMO role from there it gets replicated to all other domain controllers within the Active directory forest environment. Time to time Active directory engineers will recommend stopping inbound and outbound AD replication on the Schema Master Role holder DC and believing this would prevent schema changes getting replicated to rest of the domain controllers within the environment. Which in reality buys you “Nothing or very little” . When you realize your critical legacy application is no longer functioning due to recent schema updates, your only option is to perform Forest Level recovery and this will be a “surgery” in term of getting everything up and running and especially  large environments. The domain controllers you shutdown will only buy you  recovery time “recover from your backup , active directory database” and you will still have to deal with having old .DIT , SysVOL etc. to replicate rest of the domain controllers and deal with FSMO roles.

If you are not familiar with process check out my previous article “ Active Directory From Total Lost Disaster Recovery Basic Steps.” and make sure you have developed restoring Active Directory from total lost white paper for your environment.

in order to perform AD recovery You need to understand the BurFlag keys and what they do and how to  Perform an authoritative  SYSVOL restore Set BurFlags to D4 or none authoritative restore D2 and understand the crucial difference in between. 

Extending Schema

We will extend the schema from windows 2008 R2 to windows 2012 R2. We will document steps and verify the schema version change.

  1. Log onto your existing windows 2008 R2 Server via RDP ( Remote Desktop Services) with your domain administrator privileges and provide your credentials when prompted.
  2. In order to extend the schema you will need to be member of Schema Admins security group.
  3. After successful logon , click start and on the search menu type PowerShell and press enter.
  4. On the PowerShell window type
Import-Module ActiveDirectory

image

On the PowerShell window type the following one liner PowerShell to find out the current schema version

Get-ADObject (Get-ADRootDSE).schemaNamingContext -Properties objectversion

image

let’s explore the schema version numbers

Schema versions :

  • 69 = Widows 2012 R2
  • 56 = Windows 2012
  • 47 = windows Server 2008 R2
  • 44 = Windows Server 2008

You will need adprep folder to perform the schema updates."adprep" folder is located within windows 2012 R2 install CD , under support folder, copy "adprep" folder onto C drive of the domain controller ( windows 2008 R2)

clip_image001

From C:\Temp\adprep folder we will start executing adarep to perform schema updates.

Adprep /? Will show all available options;

clip_image002

Type

Adprep /ForestPrep and press enter , you will need to type letter "C" to confirm and start the schema upgrade.

Adprep /ForestPrep

clip_image003

Schema changes will get done on the schema master first and from there it will get replicated to your other domain controllers. You can use "netdom" to find out the domain controller holds the schema master role and remember there is only one schema master per active directory forest.

clip_image004

clip_image005

Now run the Domain Prep

clip_image006

Now we need to run the PowerShell to get the Schema object version  69 = Widows 2012 R2

Oz Casey, Dedeal  ( MVP North America)
MCITP (EMA), MCITP (SA)
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
https://telnet25.wordpress.com/ (Blog

 

August 9, 2015

Move Ad Computer Accounts from csv File into Target OU.

Filed under: General — telnet25 @ 11:24 pm

In this example we will move selected computer accounts from csv file into target OU. You will need to prepare csv file similar the one below and name the first column “CN”  and save it to server where you will be running the script from.This script will be very handy if you need to move computers from different locations into selected target OU.

You will need to change few things within the script to make it work within your environment.

$TargetOU = ‘OU=Computers,OU=VA,DC=TekPros,DC=com’  (Change this to make sure it suits your needs)

 

image

Here is the script

#################################################################
# This script will help to move bulk ad computer accounts into target OU
# Written 08/08/15 Casey, Dedeal
# Fell free to change use any part of this script
#
http://www.smtp25.blogspot.com/
#################################################################

#Importing AD Module
Write-Host " Importing AD Module….. "
import-module ActiveDirectory
Write-Host " Importing Move List….. "
# Reading list of computers from csv and loading into variable
$MoveList = Import-Csv -Path "C:\Temp\PC_Move_List.csv"
# defining Target Path
$TargetOU = ‘OU=Computers,OU=VA,DC=TekPros,DC=com’
$countPC    = ($movelist).count
Write-Host " Starting import computers …"

foreach ($Computer in $MoveList){   
    Write-Host " Moving Computer Accounts…"
    Get-ADComputer $Computer.CN | Move-ADObject -TargetPath $TargetOU
}

Write-Host " Completed Move List "

Write-Host " $countPC  Computers has been moved "

You can download the script from this link

https://gallery.technet.microsoft.com/scriptcenter/Move-AD-Computer-Object-4ed2c5f8

http://1drv.ms/1L07yMU

Oz Casey, Dedeal  ( MVP North America)
MCITP (EMA), MCITP (SA)
MCSE , M+, S+, MCDST
Security+, Project +, Server +

https://telnet25.wordpress.com/ (Blog)
http://smtp25.blogspot.com/ (Blog)

https://twitter.com/message_talk

 

Active Directory Moving Users to Another OU via CSV File.

Filed under: General — telnet25 @ 10:36 pm

In this task we will move AD users location from their current OU into different OU.

  • we will need to prepare CSV file contains all AD users ( names ) you wish to move into another OU ( Organizational Unit ) see the sample below. Name the first column as “name” and list all the account underneath.
  • Save this into a location on your server where you will be running the PS script from, for instance  C:\temp\Acc_MoveList.csv

image

image

This is the location where we will move all the accounts into

image

# Import AD Module
import-module ActiveDirectory

# Import CSV
$MoveList = Import-Csv -Path "C:\Temp\Acc_MoveList.csv"
# Specify target OU.This is where users will be moved.
$TargetOU =  "OU=SVC_Users,OU=VA,DC=TekPros,DC=com"
# Import the data from CSV file and assign it to variable
$Imported_csv = Import-Csv -Path "C:\temp\Acc_MoveList.csv"

$Imported_csv | ForEach-Object {
     # Retrieve DN of User.
     $UserDN  = (Get-ADUser -Identity $_.Name).distinguishedName
     Write-Host " Moving Accounts ….. "
     # Move user to target OU.
     Move-ADObject  -Identity $UserDN  -TargetPath $TargetOU
}
Write-Host " Completed move "
$total = ($MoveList).count
$total
Write-Host "Accounts have been moved succesfully…"

Few things you will need to change to run the PS,

  • $TargetOU =  "OU=SVC_Users,OU=VA,DC=TekPros,DC=com" ( you will need to change this to make sure it fits into your environment
  • $MoveList = Import-Csv -Path "C:\Temp\Acc_MoveList.csv" (you will need to change this to make sure it fits into your environment)

Once you make the changes you should be able to move the users listed on your CSV file with no issues.

image

Download the script and sample CSV from here

http://1drv.ms/1IXThhx

you can also download the script from  here

https://gallery.technet.microsoft.com/scriptcenter/Move-AD-users-into-target-4322d774

Oz Casey, Dedeal  ( MVP North America)
MCITP (EMA), MCITP (SA)
MCSE , M+, S+, MCDST
Security+, Project +, Server +

https://telnet25.wordpress.com/ (Blog)
http://smtp25.blogspot.com/ (Blog)

https://twitter.com/message_talk

July 24, 2015

Installing Exchange 2016 on Windows 2012 R2 Server

Filed under: Exchange 2016 — telnet25 @ 8:30 pm

We will install Exchange 2016 on Windows 2012 R2 in a single labeled Forest/domain. Installing Exchange 2016 is very similar task compared  to Exchange 2013.  Follow the  basic steps outlined here to install your first Exchange 2016 server.

Make sure you have completed the prerequisite work outlined here after completing the prerequisite task, you can execute setup from install directory to run setup and start the install.

image

Follow the install wizard, it is pretty straight forward install.

clip_image001

clip_image002

clip_image003

clip_image004

clip_image005

clip_image006

clip_image007

clip_image008

clip_image009

clip_image010

image

Now we will open  EAC ( Exchange Admin Center ) and the Exchange PowerShell

image

image

you many want to PIN the exchange related shortcuts to start menu for easy access

image

here is  EAC and EMS

image

if you release the look is for the EAC is same as Exchange 2013.

image

I will rename the database to db1

image

image

Oz Casey, Dedeal  ( MVP North America)
MCITP (EMA), MCITP (SA)
MCSE , M+, S+, MCDST
Security+, Project +, Server +

https://telnet25.wordpress.com/ (Blog)
http://smtp25.blogspot.com/ (Blog)

https://twitter.com/message_talk

 

Installing Exchange 2016 on premises , prerequisite Task.

Filed under: Exchange 2016 — telnet25 @ 7:16 pm

We will install Exchange 2016 into new Forest/Domain. In case you have missed E2016 preview  here is download link to try it out. Exchange 2016 is another major road map release for the greatest messaging application ever existed.

Installing Exchange 2016 Active Directory must meet following requirements

AD functional level;

  • Windows 2008 and the Schema Master ( FSMO ) running on Windows 2008 or later version
  • Windows 2012 R2 is required for all Exchange 2016 Server roles and management tools.

Active Directory Preparation;

NET Framework 4.5.2 on the computer that will be used to prepare Active Directory.

Install Remote Tools Administration Pack by running below PowerShell command

Install-WindowsFeature RSAT-ADDS

clip_image001

Mailbox Role;

Copy and paste the code below onto PowerShell command window.

Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation

clip_image002

clip_image003

Reboot the server by typing below PowerShell and pressing enter

Shutdown -r -f -t 5

For EDGE Role

Installing EDGE ROLE

Install-WindowsFeature ADLDS

Now install ;

clip_image004

clip_image005

clip_image006

clip_image007

Now install Unified Communications Managed API 4.0

clip_image008

clip_image009

Now we are ready to perform Exchange 2016 install into new forest/domain.

Oz Casey, Dedeal  ( MVP North America)
MCITP (EMA), MCITP (SA)
MCSE , M+, S+, MCDST
Security+, Project +, Server +

https://telnet25.wordpress.com/ (Blog)
http://smtp25.blogspot.com/ (Blog)

https://twitter.com/message_talk

 

July 7, 2015

How to Configuring external time source on PDC and why

Filed under: General — telnet25 @ 3:40 pm

By default all computers part of a domain will sync their time from domain controller which holds the PDC FSMO role. If you wish to see which DC holds the FSMO roles, you can open PS or command prompt and type "netdom Query FSMO" and press enter.

image

PDC Domain controller is the default authoritative time source for the forest/domain.Only PDC in your environment should have the external time source to sync its time from. All other domain joined & connected computers, servers and domain controllers will sync their time from PDC Emulator.

Step#1 ( setting external time source )

w32tm /config /manualpeerlist:"time.windows.com,0x1" /syncfromflags:manual /reliable:yes /update

image[37]

Setting Multiple time source

w32tm.exe /config /manualpeerlist:”0.us.pool.ntp.org 1.us.pool.ntp.org 2.us.pool.ntp.org 3.us.pool.ntp.org” /syncfromflags:manual /reliable:YES /update

Step#2  ( Updating configuration)

w32tm.exe /config /update

image

Step#3 ( restarting service ) 

Restart-Service w32time ( PowerShell)

image

Step#4 ( verify service is running )

Get-Service –Name W32time

image

Step#4 ( Verify the settings )

w32tm /query /configuration

image

w32tm /query /status

image

W32tm /tz

image

w32tm /query /peers

imagei

If for some reason you will need to revert back the changes you have done

Step#1
Back out the changes

w32tm.exe /config /syncfromflags:Domhier /reliable:NO /update

image

Step#2
Restart-Service w32time

Step#3 ( see the roll back changes)

w32tm /query /configuration

image

Oz Casey, Dedeal  ( MVP North America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

https://telnet25.wordpress.com/ (Blog)
http://smtp25.blogspot.com/ (Blog)

https://twitter.com/message_talk


July 5, 2015

The IP address you have entered for this network adapter is already assigned to another adapter.

Filed under: General — telnet25 @ 12:39 am

 

If you are having issues assigning IP address to NIC card on your server and receiving following error " The IP address you have entered for this network adapter is already assigned to another adapter…"

One of the possible reasons for the error is,  there is another hidden NIC which has the same TCP/IP settings you are trying to configure on  another NIC card TCP/IP properties on the same server.

To remediate the issue follow the simple steps listed below.

clip_image001

1.Click Start, open cmd.exe, and then press enter

clip_image002

2.Type "set devmgr_show_nonpresent_devices=1" , and then press enter

clip_image003

3.Type Start "devmgmt.msc", and then press ENTER.

clip_image004

4.Click View, and then click "Show Hidden Devices"

clip_image005

5.Expand the Network Adapters.

6.Right-click the  hidden network adapter, and then click Uninstall.

clip_image006

Oz Casey, Dedeal  ( MVP North America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
https://telnet25.wordpress.com/ (Blog)

Twitter: https://twitter.com/message_talk

May 22, 2015

Export All SMTP Addresses & Exchange 2010

Filed under: General — telnet25 @ 4:24 pm

If you would like to export all SMTP proxy addresses into CSV file to be used for your discovery or preparation for office 365 migration , here is simple PS script to complete the task.

Here is an example of user with three SMTP proxy address, we will capture all SMTP addresses for all users and provide output to CSV file.

image

Get-Recipient -Identity Aki.Armstrong | Select Name -ExpandProperty EmailAddresses

image

Now we want to capture all the SMTP proxy Addresses

Get-Recipient -Identity Aki.Armstrong | Select Name -ExpandProperty EmailAddresses | select Name,SmtpAddress

image

Now we need to add ( make sure you have the Temp directory under C drive or change the output as you wish to make it fit into your particular scenario.

Export-Csv C:\temp\All_SMTP_Proxy_Addresses_List.csv

Last thing is to make sure we add  -ResultSize Unlimited  ( this will be required if the query runs against more than 1000K recipients)

Get-Recipient -ResultSize Unlimited  -Identity Aki.Armstrong | Select Name -ExpandProperty EmailAddresses | select Name,SmtpAddress | export-csvC:\temp\All_SMTP_Proxy_Addresses_List.csv

the CSV file will look similar to this one

image

If you like to collect more data, you can also use  Get-member to see all available properties and adjust your output per your needs from available property list

image

 

Get-Recipient -Identity Aki.Armstrong | Select-Object Name,EmailAddresses,ServerName

image

 

Oz Casey, Dedeal  ( MVP North America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
https://telnet25.wordpress.com/ (Blog)

Twitter: https://twitter.com/message_talk

May 13, 2015

Exchange 2013 unattended Installation step by step documentation

Filed under: General — telnet25 @ 4:10 am

We will use unattended installation to install Exchange 2013 server into existing Exchange 2010 SMTP organization. These simple steps can easily reduce the time it takes to install Exchange 2013 servers into your environment.

Assumptions:

Exchange 2013 will be installed into existing Exchange 2010 SMTP organization environment.

Exchange 2013 Calculator and proper sizing for the environment:

Sizing for Exchange 2013 has been completed per Microsoft best practices. This is where you do not want to make any mistakes and hopefully invested a good month of time to complete the correct build per the given environment.

Active Directory Schema has been updated, Upper schema range has been updated:

Environments  require change control process , and process oriented ( regulated) it is best to perform schema changes ahead of time, rather performing with first Exchange 2013 server installation. My simple reasoning is, schema changes are critical, and one way street. Changes to schema and .DIT database should be treated as a major task. Performing schema changes ahead of time and let it baked also provides proof of concept to your client.

Perform following task from Windows 2012 R2 Server (All Exchange 2013 Servers)

  • Log into Windows 2012 R2 Server via RDP
  • Use your administrator account and privileges
  • Open Windows PowerShell. ( With administrator privileges)
  • Run the following command to install the required Windows components

You can copy and paste this into PowerShell:

Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation

After you’ve installed the operating system roles and features, install the following software in the order shown:

Make sure the server has been added to domain , it has static IP address and it has been configured to be in compliance with your environment.( All security patches and other required software has installed and configured)

Make sure you have obtained all required approvals and satisfied your change management process and scheduled this installation in the LAB (production like environment) first and after successful implementation you may deploy same solution in the production environment.

Test before you do it in the production, catch any issues may raise up and document the fixes as you plan production installation.

LAB preparation: ( Please make sure this fits into your needs)

Widows Server Enterprise Edition R2 is installed the drive and LUN assignment are present as follows:

  • C: 120 GIG (OS Drive & Exchange binaries)
  • E: 20 TB (LUN)
  • D: CD-ROM

Copy and save below simple code into notepad and re-name the file as “Install.ps1” note: change any of the parameters as you wish.

################################################################

# Install Exchange 2013 Server Unattended Install File

# Prepared by Oz Casey, Dedeal

# http://smtp25.blogspot.com

# Roles /m:install /r:C,M

# Logfolderpath E:\Logs\DB1

# Dbfilepath E:\DatabaseFiles\DB1.edb

# Accept LA IAcceptExchangeServerLicenseTerm

#################################################################

D:\setup /m:install /r:C,M /TargetDir:"C:\Program Files\Microsoft\Exchange\V15"’/Dbfilepath:E:\DatabaseFiles\DB1.edb /Logfolderpath:E:\Logs\DB1’ /IAcceptExchangeServerLicenseTerms

 

image

Open PS command prompt and execute the PS script to kick off the installation.

image

image

image

image

Simple and easy now you can deploy more servers quickly and easy by following these steps listed in this article.

Source

Oz Casey, Dedeal  ( MVP North America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
https://telnet25.wordpress.com/ (Blog)

Twitter: https://twitter.com/message_talk

May 11, 2015

Exchange 2016 Supported Scenarios

Filed under: Exchange 2016 — telnet25 @ 5:05 pm

Exchange 2016 and its futures announced at ignite 2015. Many exciting futures are on the way. Here is summary of topology requirements and few of the highlights, what has changed with Exchange Server 2016.

  • Single Role = Mailbox Server Role ( Prior to Exchange 2016, multi-role deployments were MS best practices, With E16 , there is no choice but single role (-:
  • Edge Role will be released with RTM release.
  • CAS Server role has been transitioned into Client Access proxy , service components. At this point all server roles collapse into single Mailbox Server role.
  • DAG no longer requires administrative access point. Only two operation systems are required Windows 2012 and Windows 10 Server.
  • Mailbox Connectivity the protocol instance is always local to the active database copy. Once the request reaches to correct mail Server all required connectivity stays on that server
  • Rendering data will occur on the Server which hosts the active mailbox, OWA clients etc.
  • Creating
  • Clients wont connect directly to MBX role, all connectivity will go trough Client Access Service located on the MBX Server. Entire CAS server role has been moved into  CAS Service
  • Maximum 16 Mailbox Servers Per DAG
  • 100 database copies/Server
  • Due to recent architectural changes done, Database failovers are 33% faster compared to Exchange 2013. How passive database copies are accessed is changed in Exchange 2016.

image

 

source:

http://blogs.technet.com/b/exchange/archive/2015/05/05/exchange-server-2016-architecture.aspx

Oz Casey, Dedeal  ( MVP North America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
https://telnet25.wordpress.com/ (Blog)

Twitter: https://twitter.com/message_talk

« Previous PageNext Page »

Blog at WordPress.com.