Sunday, February 24, 2008

Exchange2007: LCR--Storage Group and its databases

Local Continuous Replication

LCR supports direct-attached storage as well as storage connected by Fibre Channel or iSCSI.

Create a storage group: Kinko Storage Group
[PS] C:\>new-StorageGroup -Server 'W2008' -Name 'Kinko Storage Group' -LogFolderPath 'C:\Program Files\Microsoft\Exchange Server\Mailbox\Kinko Storage Group' -SystemFolderPath 'C:\Program Files\Microsoft\Exchange Server\Mailbox\Kinko Storage Group' -HasLocalCopy $true -CopyLogFolderPath 'G:\LocalCopies\Kinko Storage Group\Logs' -CopySystemFolderPath 'G:\LocalCopies\Kinko Storage Group\Systems'

[PS]C:\>new-mailboxdatabase -StorageGroup 'W2008\Kinko Storage Group' -Name 'Staff' -EdbFilePath 'C:\Program Files\Microsoft\Exchange Server\Mailbox\Kinko Storage Group\Staff.edb' -HasLocalCopy $true -CopyEdbFilePath 'G:\LocalCopies\Kinko Storage Group\Staff.edb'

[PS]C:\>mount-database -Identity 'Kinko Storage Group\Staff'

[PS] C:\>$password =Read-host "Enter password:" -AsSecureString

[PS] C:\>New-Mailbox -Name 'Kim Funny' -Alias 'KFunny' -OrganizationalUnit 'Itsyou.com/Users' -UserPrincipalName 'KFunny@Itsyou.com' -SamAccountName 'KFunny' -FirstName 'Kim' -Initials '' -LastName 'Funny' -Password $password -ResetPasswordOnNextLogon $false -Database 'W2008\Kinko Storage Group\Staff'

[PS] C:\>New-Mailbox -Name 'Albert Tonny' -Alias 'ATonny' -OrganizationalUnit 'Itsyou.com/Users' -UserPrincipalName 'ATonny@Itsyou.com' -SamAccountName 'ATonny' -FirstName 'Albert' -Initials '' -LastName 'Tonny' -Password $password -ResetPasswordOnNextLogon $false -Database 'W2008\Kinko Storage Group\staff'

=====
Suppose the Kinko Storage Group does not have the LCR enabled;

You enable the LCR for the database first and then the Kinko Storage Group.

[PS]C:\>enable-DatabaseCopy -Identity 'W2008\Kinko Storage Group\Staff' -CopyEdbFilePath 'G:\LocalCopies\Kinko Storage Group\Staff.edb'

[PS]C:\>enable-StorageGroupCopy -Identity 'W2008\Kinko Storage Group' -CopyLogFolderPath 'G:\LocalCopies\Kinko Storage Group\Logs' -CopySystemFolderPath 'G:\LocalCopies\Kinko Storage Group\Systems'

====
When you database cannot be mounted, the first defence is to run the Restore-StorageGroupCopy.

Suppose the Kinko Storage Group\Staff.edb cannot be mounted.

[PS] C:\>Dismount-Database -Identity 'Kinko Storage Group\Staff'

[PS] C:\>restore-StorageGroupCopy -Identity 'W2008\Juno Storage Group' -ReplaceLocations

[PS] C:\>Mount-Database -Identity 'Kinko Storage Group\staff'

=====
Seed
Seeding--copying the active mailbox database to the LCR location.
Automatic seeding only occurs during the creation of a new server, creation of a new storage group and database, or on a database that has never been backed up.

Because my default First Storage Group has not been backed up, the Enable-DatabaseCopy and Enable-StorageGroupCopy cmdlets will automatically seed the target LCR directories.

[PS]C:\>enable-DatabaseCopy -Identity 'W2008\First Storage Group\Mailbox Database' -CopyEdbFilePath 'G:\First Storage Group\Mailbox Database.edb'
[PS]C:\>enable-StorageGroupCopy -Identity 'W2008\First Storage Group' -CopyLogFolderPath 'G:\First Storage Group\Logs' -CopySystemFolderPath 'G:\First Storage Group\Systems'

====
How about you want to reseed or resynchronize the LCR copy (passive copy)?
Why do you do that?
You have a corrupt LCR copy and you want to invalidate the passive copy.

suspend-StorageGroupCopy -Identity 'W2008\First Storage Group' -SuspendComment 'Administrator initiated Update-StorageGroupCopy'
update-StorageGroupCopy -Identity 'W2008\First Storage Group' -DeleteExistingFiles

===
Verifying LCR copy

[PS] C:\Windows\System32>suspend-StorageGroupCopy -Identity 'W2008\First Storage Group' -SuspendComment 'Administrator initiated Update-StorageGroupCopy'

[PS] C:\Windows\System32>eseutil /k 'G:\First Storage Group\Mailbox Database.edb'
[PS] C:\Windows\System32>Resume-StorageGroupCopy -Identity 'W2008\First StorageGroup'
====

Exchange2007: Content Indexing

Exchange 2007 content indexing is for server-stored mailboxes and public folders. It is not for personal folders, such as outlook pst file.
The Exchange Server storage engine automatically implements and manages the standard indexing. It is used every time that a user uses the FIND feature in Microsoft Outlook. The standard indexing searches for TO, FROM, CC, and Subject fields of mail. The standard indexing searches for FROM and Subject fields of a public folder.

To quickly search the message body and its attachment, you should start the MSExchangeSearch service (indexer).

Rebuild an index:
  1. Net Stop MsExchangeSearch
  2. Windows Explorer to delete the %SystemDrive%\Program Files\Microsoft\Exchange Server\Mailbox\First Storage Group\CatalogDat-
  3. Net Start MsExchangeSearch

Tuesday, February 19, 2008

Exchange2007: Messaging Record management

Requirement: All mail contents put in the Junk E-mail folder of Outlook 2007 will be kept for one day. After it passes the retention period, the messages will be moved to the deleted folder.
In the following diagram, Tom and John want to implement the automatic messaging content management.


Because it is the default folder: Junk E-mail, I define a new Managed Content Settings for the Junk E-mail.

[PS] C:\>New-ManagedContentSettings -name '1dayretention' -messageClass * -RetentionEnabled $True -AgeLimitForRetention 1 -RetentionAction MoveToDeletedItems -FolderName 'Junk E-mail'
[PS] C:\>New-ManagedFolderMailboxPolicy -Name JunkEmailFolder -ManagedFolderLinks 'Junk E-mail'


[PS] C:\>$password = Read-Host "Enter password" -AsSecureString


[PS] C:\>New-mailbox -UserPrincipalName Tom.Hicken@itsyou.com -alias THicken -database "First Storage Group\Mailbox Database" -Name Tom -OrganizationalUnit Users -password $password -FirstName 'tom' -LastName Hicken -DisplayName "Tom Hicken" -ResetPasswordOnNextLogon $false -ManagedFolderMailboxPolicy JunkEmailFolder -ManagedFolderMailboxPolicyAllowed


[PS] C:\>New-mailbox -UserPrincipalName John.Stephen@itsyou.com -alias JStephen -database "First Storage Group\Mailbox Database" -Name 'John Stephen' -OrganizationalUnit Users -password $password -FirstName John -LastName Stephen -DisplayName "John Stephen" -ResetPasswordOnNextLogon $false -ManagedFolderMailboxPolicy JunkEmailFolder -ManagedFolderMailboxPolicyAllowed


Outlook 2007 client--two profiles

The USN name should be used for the logon as shown below:

Open Outlook profile: Tom Hicken

Send an e-mail to both Tom.Hicken@itsyou.com and John.Stephen@itsyou.com;

Move the test mail from the Inbox to Junk E-mail folder;

Forward your computer clock 1 days + 10 minutes later;

[PS] C:\>Start-ManagedFolderAssistant

The test mail is automatically moved to Deleted Folder.


--------------

Remember to move your clock back.

--------------

How about Sam and Jim want to 2 day retention policy on their Junk E-mail folder?

[PS] C:\>New-ManagedFolder -Name 'A Junk' -DefaultFolderType 'JunkEmail' -Comment 'Unsolicited Commercial Email'

[PS] C:\>New-ManagedContentSettings -Name '2dayretention' -messageClass * -RetentionEnabled $True -AgeLimitForRetention 2 -RetentionAction MoveToDeletedItems -FolderName 'A Junk'

[PS] C:\>New-ManagedFolderMailboxPolicy -Name AJunkFolderPolicy -ManagedFolderLinks 'A Junk'

[PS] C:\>$password = Read-Host "Enter password" -AsSecureString

[PS] C:\>New-mailbox -UserPrincipalName Sam.Lion@itsyou.com -alias Slion -database "W2008\First Storage Group\Mailbox Database" -Name 'Sam Lion' -OrganizationalUnit Users -password $password -FirstName Sam -LastName Lion -DisplayName "Sam Lion" -ResetPasswordOnNextLogon $false -ManagedFolderMailboxPolicy AjunkFolderPolicy -ManagedFolderMailboxPolicyAllowed


[PS] C:\>New-mailbox -UserPrincipalName Jim.Jones@itsyou.com -alias JJones -database "W2008\First Storage Group\Mailbox Database" -Name 'Jim Jones' -OrganizationalUnit Users -password $password -FirstName Jim -LastName Jones -DisplayName "Jim Jones" -ResetPasswordOnNextLogon $false -ManagedFolderMailboxPolicy AjunkFolderPolicy -ManagedFolderMailboxPolicyAllowed

Create outlook profiles as:

Open Administrator profile and send a mail to Jim.Jones@itsyou.com and Sam.Lion@itsyou.com; Close the outlook;


Open Jim.Jones profile and move the e-mail from inbox to Junk E-mail box;


Move the Exchange Server 2007 clock 2 days +10 minutes later;


Start the Managed Folder Assistant;


[PS] C:\>Start-ManagedFolderAssistant


===============

How about you want some users have a Pending Approval folder. The users cannot remove the folder and any messages within will be automatically moved to Deleted Folder.

[PS] C:\>New-ManagedFolder -Name 'PendingApproval' -FolderName 'Pending Approval' -Comment 'All proposals must put in this folder'

[PS] C:\>New-ManagedContentSettings -Name '20dayretention' -messageClass * -RetentionEnabled $True -AgeLimitForRetention 20 -RetentionAction MoveToDeletedItems -FolderName 'PendingApproval'

[PS] C:\>new-ManagedFolderMailboxPolicy -Name 'JunkAndPending' -ManagedFolderLinks 'Junk E-mail','PendingApproval'

[PS] C:\>set-mailbox -Identity 'Tom Hicken' -ManagedFolderMailboxPolicy JunkAndPending -ManagedFolderMailboxPolicyAllowed

[PS] C:\>Start-ManagedFolderAssistant

Open Outlook as Tom Hicken;

You will find the Pending Approval folder under Managed Folder.

========================

Confusing parameter: FolderName

Used with New-ManagedFolder cmdLet

-FolderName parameter specifies the name of the folder as it will appear in users' mailboxes. You cannot set the FolderName value for managed default folders.

-Name parameter specifies a unique name for the folder.

Used with New-ManagedContentSettings cmdLet:


-FolderName parameter specifies the name or GUID of the managed folder to which the managed content settings apply --Unique ID of the folder

[PS] C:\>Get-ManagedFolder * Format-Table Name, FolderName




The Name column is the Unique ID of the managed folder. The following example shows that the value of FolderName parameter is 'Junk E-mail', which shows in the first column of the image. For the default managed folder, the Name and its FolderName are same. For the customized managed folder as shown above, the PendingApproval is the Unique ID and Pending Approval will show at Outlook client.

Vista: Ad-hoc vs. Infrastructure wireless connection

An ad-hoc wireless network allows nearby computers and devices to communicate with each other without a wireless access point or router. It is used for sharing data among a group of nearby computers. However, this configuration would not allow you access Internet.

Infrastructure wireless configuration requires a wireless access point or router. It allows you sharing data among a group of computers and at same time all systems can access Internet.

As shown above, when you use the Windows Meeting Space to create a new meeting, its option includes the Ad-hoc wireless connection. If your network does not have a wireless router or access point, you should choose this option. Otherwise, you must not check this option.

Vista: Public Folder

For a Vista machine shared by two or more users, the public folder on that computer is a common location that all users of the computer can access.

If you want the user2 can see the schedule of user1, you tell the user1 to publish its calendar to the public folder. User2 can open the Windows Calendar.

Monday, February 18, 2008

Exchange2007:Error: Service 'MSExchangeTransport' failed to start. Check the event log for possible reasons for the service start failure.

On my Intel Desktop system:
============
When Installing Exchange 2007 SP1 into Windows 2008, the "Error: Service 'MSExchangeTransport' failed to start. Check the event log for possible reasons for the service start failure." pops up.

I did two things:

First, I set the IPv6 address for my NIC according to the online help. Restart the setup and fail again.

Second, according to Microsoft Technet, I access the registry and set the permission as follows:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters

Add the computerName to the permission list and assign READ permission.
run the setup again and it works.

The transport role is installed during the permission modification because I start the setup procedure first and access the Registry a little bit later. Anyway, it works.

======
On HP DC5100 computer, I install Exchange 2007 SP1 32bit on Windows 2008 32bit without error.

I deselected the IPv6 on my NIC card properties.
======

Friday, February 15, 2008

Export messages from Windows Mail into EXCHANGE

When you configure your Windows Mail or Outlook Express with POP3, by default, it will download all the messages from Exchange server.

When you access the mailbox from OUTLOOK, all old messages were gone. In this case, you can use the EXPORT Wizard of Windows Mail or Outlook Express, which has the option to export all the messages downloaded onto Exchange Server.

The best way is to configure the POP3 with option "LEAVE a Copy of messages on the server".

Wednesday, February 13, 2008

Vista: Publishing Windows Calendar and IIS

To publish Windows Calendar to IIS, you must install the WebDav. In Windows Server 2003, you run the Add/Remove Components to add the WebDav. I published Windows Calendar to IIS 6.0 with WebDav configured.

For Windows 2008, you need to download the WebDav extension.

However, I cannot publish Windows Calendar to Vista IIS, even though I install the WebDav module. After I install the WebDav extension for IIS 7.0, there is no WebDav authoring icon in IIS manager console. It exists in the module section.

Configuring the Vista IIS 7.0 to support WebDav

Modify the configuration file %systemroot\system32\inetsrv\config\applicationHost.config


IIS 7.0 WebDav supports Windows Authentication and HTTPS.

Run as Administrator to open the Command prompt, and
NET USE * http://localhost/

The above command will map a drive.

Even though you set the Vista IIS 7.o to support WebDav, you still cannot publish the Windows Calendar to the web site. To publish it, you must attach a SSL certificate to the Web Site. You must use the HTTPS:// to publish the Windows Calendar.

Friday, February 8, 2008

Windows Meeting Space


All Vista machine belongs to the WORKGROUP.

Make sure that TCP/IPv6 is selected.




Make sure that Windows Firewall allows the Windows Meeting Space traffic pass through.
If you create a meeting atLina Computer and Jane Computer, when you open the Windows Meeting Space from Kaiming Computer, you will see the two meetings shows.



"Join a meeting near me" applies only to computers in the same network. For computers in different networks, you need to send an invitation.

Make sure that Distributed File Sytem Replication service is running.

Membership difference between Universal Group and Domain Local Group

VANStudents.COM windows server 2000 native domain

VAN.COM Windows Server 2003 function level domain


VANSTUDNETS\Enterprise Admins is a Universal scope type.

You cannot add a user from VAN.COM domain even though the Enterprise Admins has the Universal scope.

However, you can add the VAN\Administrator to the built-in group VANSTUDENTS\Administrators, which has the local scope. You can add VAN\administrator user to administrators group of VANSTUDENTS domain's XP computers.

Thursday, February 7, 2008

CSVDE exports and import user accounts

Domain: VAN.COM
OU: Students

Inside the Students Organizational Unit, I have many user accounts. I want to recreate them in my VANSTUDENTS.COM domain.

First, run:
C:\>csvde -d "ou=students,dc=van,dc=com" -f c:\out.csv

Second, open the out.csv with MS Excel and modify it by keeping only the following columns:

DN
objectClass
ou
distinguishedName
name
cn
sn
givenName
displayName
sAMAccountName
userPrincipalName

===
Replace the VAN with VANSTUDENTS
Save it
===
Import it to VANSTUDENTS.COM domain

C:\>csvde -i -f C:\out.csv

All users and organizational Unit will be created. All users have the disabled status and no password.

Create users with a script and dsadd command

Domain: VAN.COM
Organizational Unit: Students

I will use the MS Excel spreadsheet to create the script.

Before you input the option such as -upn, format the cell as TEXT.

ROW one

CELL A1:
dsadd user

CELL B1:
="CN=" & D1 & " " & F1 & ",OU=Students,DC=VAN,DC=COM"

CELL C1:
-fn

CELL D1:

CELL E1:
-ln

CELL F1:

CELL G1:
-display

CELL H1:
=D1 & "," & F1

CELL I1:
-samid

CELL J1:
=LEFT(D1,1) & F1

CELL K1:
-upn

CELL L1:
=D1 & "." & F1 & "@van.com"

CELL M1:
-pwd

CELL N1:
=LOWER(D1)

=====
Copy the row 1 to row 2, 3, ...

input some names: D1, F1; D2,F2;D3,F3

====
Save the worksheet as a MS-DOS Text format with .bat extension.

Copy the batch file to domain controller and run it. All users will be created.

===

Tuesday, February 5, 2008

USMT: Moving the user settings and MS outlook from domain VANSTUDENTS to domain VAN

First, Migrate the user accounts from Vanstudents.COM domain to VAN.COM with keeping the SID history. It is covered in my other blog.





join a newXP machine to VAN.COM.






Source Computer: VANSTUDENTS domain and XP machine

C:\Program Files\USMT301>scanstate z:\Misc\order /ue:*\* /ui:vanstudents\order /i:miguser.xml /i:migapp.xml

Log messages are being sent to 'C:\Program Files\USMT301\ScanState.log'

Scanning the computer for files and settings...

Collecting files and settings for:

This Computer 'VANSTUDENTS\order' (user 1 of 1)

Saving files and settings - 2 minute(s) remaining...

ScanState has successfully collected the files and settings.

Target Computer: VAN domain and XP machine

C:\Program Files\USMT301>loadstate z:\Misc\order /ue:*\* /ui:vanstudents\order /mu:vanstudents\order:van\order /i:miguser.xml /i:migapp.xml

Log messages are being sent to 'C:\Program Files\USMT301\LoadState.log'

Scanning the computer for files and settings...

Applying files and settings -

LoadState has successfully restored the files and settings.

=====

Pay attention to the option match in both scanstate and loadstate.

When you use the /mu option with loadstate, loadstate will fail if there is a /i:migsys.xml option. That means we cannot transfer the settings of outlook express to the new XP machine in the new domain. Outlook express settings are defined in migsys.xml file.

Saturday, February 2, 2008

Exchange: mail-enabled user and mail-enabled contact

An mail-enabled user attributes:

  • an exchange alias
  • an external e-mail address,
  • but does not have a mailbox in Exchange organization.
  • can log on to Active Directory and access the resources

An mail-enabled contact attributes:

  • an exchange alias
  • an external email address
  • no mailbox in Exchange organization
  • cannot log on to Active Directory

Mail-enabled Contact: Gordan Grey

Mail--enabled User: Kevin Smith

Both the mail-enabled contact and mail-enabled user share the similar E-Mail Address attribute. They have the internal email address (@itsme.com, which is my domain suffix) and an primary External email address, even though they can have many mail addresses.



Usually, mail-enabled user and contact are used for the convenience of sending email to external users from within your Exchange Organization. Your exchange organization cannot receive email for them.


By combining the mailbox and mail-enabled contact, your exchange organization can accept email and deliver it to offsite address.

[PS] E:\>New-MailContact -Name "Rommey Mitt" -ExternalEmailAddress "Rommey.Mitt@gmail.com" -Alias rMitt

[PS] E:\>New-Mailbox -Name "John McCain" -Alias JMcCain -FirstName John -LastName McCain -SamAccountName jMcCain -UserPrincipalName "John.McCain@itsme.com" -database "kmlserver\First Storage Group\Mailbox database"

Open Active Directory Users and Computers utility and locate the "John McCain" and Disable the user account;

Open Exchange Management Console and modify the John McCain mailbox's property;


When external users send email to John.McCain@itsme.com, it will be forwarded to Rommey.Mitt@gmail.com.