palais des congrès Paris

7, 8 et 9 février 2012

09-févr-12Scott SchnollPrincipal Technical WriterMicrosoft Corporation

Exchange Server 2010 SP2Tips & Tricks

MSG208

En Anglais!

Dernières nouvelles

ANNONCES

Released 9:00 am, Jan 30th

Announcement – http://aka.ms/pstwalk Download – http://aka.ms/getpstcapture Documentation – http://aka.ms/pstcapture

Helps you search your network to discover and import PST files across your environmentImport PST files into Exchange Online or Exchange Server 2010 directly into users' primary mailboxes or archives

PST Capture Tool Released!

PowerShell-based script that can be used to identify devices causing resource depletion issues on Exchange serversCan help in spotting trends and automatically generate reports for continuous monitoringUses LogParser 2.2 and Windows PowerShell 2.0Download from http://aka.ms/al5ohw

New ActiveSyncReport Script

http://aka.ms/xglwn4/hosting SP2 migration guidanceIntended for service providers, system integrators, and technical consultants who may be involved in the planning and implementation of a migration from Exchange 2010 in /hosting mode to Exchange 2010 SP2The only supported scenario is to Deploy Exchange Server 2010 SP2 into a new forest Migrate user accounts, mailboxes, and other resources from

the /hosting forest to the new Exchange 2010 SP2 forest

New Guidance for Hosters

Exchange Server 2010 SP2 Development

Development began January 24, 2011Released December 4, 2011 Build Number 14.2.247.5 http://aka.ms/E14SP2

SP2 has hundreds of bug fixes and some new features Every bug is triaged for risk, cost and

applicability Each new feature gets spec’d (Functional, Dev,

and Test), and undergoes a thorough review

Exchange 2010 SP2 Development

Exchange has a history of using customers during development (JDP, RDP, TAP)TAP consists of customers who deploy pre-release bits in production and receive support from Microsoft access to a private DL and a Wiki with all the latest info conference calls with Exchange team folks a chance to provide feedback, change the product, and

find bugsSP2 TAP just shut down

Exchange 2010 SP2 Development

SP2 is available in three Server Editions Standard Edition (retail and volume) Enterprise Edition (volume only)

Includes all Exchange 2010 Standard features, plus support for up to 100 databases per server

Hybrid Edition (volume only) This is a Standard Edition SKU designed to be a

“gateway” for upgrading from previous versions of Exchange to Exchange Online

Exchange Server 2010 SP2 Development

Hybrid Edition Can be used only for connecting on-premises

environment with Office 365 If you move a mailbox to it, or leverage any features

outside the scope of a hybrid deployment, you must purchase regular license and CALs

Multiple Hybrid Edition servers can be deployed, if needed Not available for Office 365 trial customers; simply

use Trial edition of Exchange 2010 SP2

Exchange 2010 SP2 Development

Upgrading Tips

SP2 includes Active Directory schema updates 3 new classes (and class object IDs) have been added 59 new attributes (and attribute object IDs) have

been added 29 new MAPI IDs have been added 46 new indexed attributes 36 new global catalog attributes

Get complete listing of all schema changes from MSDN http://aka.ms/E14SP2Schema

Upgrading Tips

SP2 includes database schema updates Upgrading from RTM SP2 can take a while (20-30

minutes) due to database schema upgraders that run Look for instances of MSExchangeIS Mailbox Store

event 1185 in event log Once a mailbox database has been upgraded to a

later version, it cannot be moved to an earlier version (e.g., database *over or database portability use is limited during upgrade period)

Upgrading Tips

Client Access Server role has new operating system pre-requisites in SP2 ASP.NET ISAPI Filters IIS 6 WMI Compatibility

Exchange Setup can install the new pre-reqs for you Setup /Mode:Upgrade

/InstallWindowsComponents

Upgrading Tips

SP2 includes some updated RBAC management role definitions If you manage Exchange 2010 from a pre-SP2 server in an Org that has

been updated to SP2 you will get warning messages Exchange Management Shell

WARNING: The object MyMailboxDelegation has been corrupted, and it's in an inconsistent state. The following validation errors happened: WARNING: The property value you specified, "15", isn't defined in the Enum type "ScopeType".

Exchange Management Console The object MyMailboxDelegation has been corrupted, and it's in an

inconsistent state. The following validation errors happened: The property value you specified, "15", isn't defined in the Enum type "ScopeType".

Upgrading Tips

Mailbox Replication Service (MRS) has changed in SP2 MRS Proxy will be disabled on upgrade to SP2 (thus,

cross-forest mailbox moves will not be processed) Enable using Set-WebServicesVirtualDirectory -

MRSProxyEnabled SP2 also introduces the MaxMRSProxyConnections

parameter for New-WebServicesVirtualDirectory and Set-WebServicesVirtualDirectory

No more manual editing of web.config file! See http://aka.ms/fxvume for steps

Upgrading Tips

New Cmdlets and Scripts in SP2

Address Book Policies New-AddressBookPolicy Get-AddressBookPolicy Set-AddressBookPolicy Remove-AddressBookPolicy

Hybrid Deployments New-HybridConfiguration Get-HybridConfiguration Set-HybridConfiguration Update-HybridConfiguration

New Cmdlets

Execute this script on each CAS to convert the OAB virtual directory to an IIS web application, and create a new application pool called MSExchangeOabAppPoolConverting the OAB virtual directory is necessary to support Kerberos authentication, which we recommendSee http://aka.ms/f2ndij for more information

New Scripts - ConvertOABVDir.ps1

Formerly an out-of-band tool; now shipped in the product!Helps automate the collection of performance data on Exchange 2007 and Exchange 2010 serversAutomatically adds the appropriate counters for each detected server role

New Scripts - ExPerfwiz.ps1

Solves issue where the size of the availability request exceeds the limit when you have large access tokens (> 200)This script and a companion script, LargeToken-Kerberos.ps1, were actually first released in UR4 for Exchange 2010 SP1 LargeToken-IIS_EWS.ps1 increases the value of the

MaxFieldLength and MaxRequestBytes IIS parameters and changes the EWS Web.config bindings on all CAS in the site

See http://aka.ms/kknmtd for more info

New Scripts - LargeToken-IIS_EWS.ps1

This script sets HKLM\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters values MaxPacketSize to DWORD 1 and MaxTokenSize to DWORD 65535 on all specified machines in the domainSee http://aka.ms/enracj for more info

New Scripts - LargeToken-Kerberos.ps1

Exchange Server 2010 Service Pack 2Feature: Mini Version of Outlook Web App

Feature driven by demand from markets where browser-based phones still ruleAdminister using PowerShellThis is not Outlook Mobile Access from Exchange 2003 None of the Exchange 2003 code was re-used Completely new code built as a set of OWA

forms

Mini Version of Outlook Web App

Enabled and disabled using Set-OWAMailboxPolicy Set-OWAMailboxPolicy PolicyName -OWALightEnabled:

$TrueProvides an alternative view of OWA, so OWA mailbox policies and segmentation are inherited Any unsupported features in the policy are disabled Features such as calendar, contacts, etc., can be

enabled or disabled on a per policy basis If a new language is added to OWA, mini version gets it

Mini Version of Outlook Web App

Exchange Server 2010 Service Pack 2Feature: Hybrid Configuration Wizard

EMC-based wizard plus cmdlets for setting up on-premises Exchange and Office 365 to work together – in Hybrid modeVastly simpler process than the current SP1 manual experienceWhat once took ~49 steps, now takes 6 (your mileage may vary) >80% reduction for the administrator

Hybrid Configuration Wizard

Exchange Server 2010 Service Pack 2Feature: Address Book Policies

Common Scenarios Legal or compliance reasons – People are not allowed to see each

other in the GAL Privacy reasons – School scenario where students can’t see other

classes but are all in one school Optimization reasons – Organization has logical sub-divisions but still

needs to share some resources and infrastructure (MSN and Xbox) Hosting reasons – You want to host multiple organizations on one

platform and don’t want them seeing each other Usability reasons – You have a huge GAL which is hard to navigate,

the sort order may be mixed up, or the GAL may simply be massive (US Army or DoD)

Address Book Policies

Address Book Policies (ABPs) enable you to achieve GAL Segmentation in Exchange 2010 ABPs work on the principal of direct GAL and Address List assignment rather than allowing or denying access to all available listsAny request that comes through the Address Book Service on CAS is evaluated against the ABP assigned to the user

Address Book Policies

ABPs apply only to users and clients on Exchange 2010 that use CAS for directory and Opens the address list picker Tries to resolve a name or an alias Adds a room resource to a meeting request Searches the GAL Searches the directory from Outlook Voice Access Queries the directory from a mobile device Views someone’s DL memberships, or views the members

of a DL

Address Book Policies

Exchange Server 2010 Service Pack 2Feature: OWA Cross-Site Silent Redirection

If you access OWA via CAS in the ‘wrong’ AD site, CAS has a decision to makeIt can proxy or redirect the connection to the target site

If there is no ExternalURL in that site, we proxy, the mailbox opens and the user gets access

If the target site has an ExternalURL the user gets a page with a link to click

The user clicks the link, and logs in again, and gets access The user has to log in twice We are removing the need to click the link Which for some scenarios will result in a Single Sign On experience

OWA Cross-Site Silent Redirection

Experience: Beforeand After

Enabled on Internet-facing CAS, on a per OWA virtual directory basisSet-OWAVirtualDirectory –Identity “CAS1\owa (default Web site)” –CrossSiteRedirectType Silent

When you enable silent redirection You will be informed that the target CAS must have an

ExternalURL that leverages HTTP SSL protocol You will receive a warning that single sign-on experience may

not be possible if FBA is not enabledDemo video at http://aka.ms/OWACSSR

OWA Cross-Site Silent Redirection

Additional Enhancements in SP2

Disable Mailbox Auto-Mapping Outlook 2007/2010 can map to any mailbox to which a user

has Full Access and, through Autodiscover, automatically loads all mailboxes to which the user has Full Access

If the user has Full Access to a large number of mailboxes, performance suffers when starting Outlook

SP2 enables admin to disable this behavior by setting new Automapping parameter for Add-MailboxPermission to False

See http://aka.ms/gxxxk1 for steps

Additional Enhancements in SP2

Custom Attribute Enhancements Five new multi-value custom attributes

(ExtensionCustomAttribute1 to ExtensionCustomAttribute5) that you can use to store additional information for mail recipient objects

Each can hold up to 1,300 values, and support multi-values by using comma-delimited list

Supported by Set-DistributionGroup, Set-DynamicDistributionGroup, Set-Mailbox, Set-MailContact, Set-MailUser, Set-MailPublicFolder, Set-RemoteMailbox

Additional Enhancements in SP2

Litigation Hold You can’t disable or remove a mailbox that has been placed on

litigation hold; prior to SP2, you had to disable litigation hold SP2 includes new IgnoreLegalHold parameter that is supported

by the following cmdlets Disable-Mailbox Remove-Mailbox Disable-RemoteMailbox Remove-RemoteMailbox Disable-MailUser Remove-MailUser

Additional Enhancements in SP2

High Availability Move-ActiveMailboxDatabase has new

SkipActiveCopyChecks parameter which bypasses the check to see if the copy being activated is currently being used as a source for seeding

If you use this parameter when activating a copy, the seeding/update process will be terminated

Additional Enhancements in SP2

Random Tips

In large environments, you may need to periodically scan Active Directory for disconnected mailboxes that aren't yet marked as disconnected in the Information Store and update the status of those mailboxes in the StoreYou can use Clean-MailboxDatabase to do this, but that requires mailbox database GUIDsTo get the GUID: Get-MailboxDatabase | fl Identity, Guid

Or simply run: Get-MailboxDatabase | Clean-MailboxDatabase

Mailbox Database Housekeeping

Scenario: You want Help Desk folks to approve or deny EAS devices without giving them Org Management rightsSolution

Create mail-enabled security group used for quarantine notifications

Enable EAS quarantine and configure notification message Copy management role containing Set-CASMailbox

–ActiveSyncAllowedDeviceIDs cmdlet/parameter Remove all other management role entries from custom role Create new role group containing security group Add user to new role group and Recipient Management role

ActiveSync Approval Delegation

All email addresses for an SMTP domain, including those assigned to mail-enabled public folders

Get-Recipient | where {$_.emailaddresses -match “contoso.com”} | fl name,emailaddresses >>emailaddresses.txt

Get all Email Addresses for Domain

http://aka.ms/ExMailStatsAnalyzes Message Tracking Logs and produces a .csv file of mail stats per user, and keeps distribution list usageFinds all Hub Transport servers in the Org, retrieves the logs from the previous day, and generates stats for each user, for both Internal and External emails, by primary address, for Total Messages and Bytes Sent Unique Messages and Bytes Sent Total Messages and Bytes Received

Analyze Message Tracking Logs

TechNet Script Center Repository - http://aka.ms/Ex2010ScriptsOver 50 scripts for Exchange 2010 created by internal and external community contributorsEach contribution is licensed to you under a License Agreement by its owner, not MicrosoftMicrosoft does not guarantee the contribution or purport to grant rights to it

Free script repository for Exchange

Thank you for attending!Contact me at any time with questions: scott.schnoll@microsoft.com Twitter: @schnoll Blog:

http://blogs.technet.com/scottschnoll

Questions?

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a

commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.