Exchange2007:Message Routing in a Coexistence Environment

www.1ask2.com
Exchange 2003 organization



You should install the first Exchange 2007 server in VANCOUVER Site.

All Exchange 2007 servers belong to Exchange Routing Group (DWBGZMFD01QNBJR). When you install the first Exchange 2007 in VANCOUVER SITE, the routing group connector (two-way) between Exchange Routing Group (DWBGZMFD01QNBJR) and VANCOUVER routing group is created.

All messages that are relayed between Exchange 2007 and Exchange 2003 are routed through the initial routing group connector.


An Exchange 2007 is introduced into Burnaby Site. Tim's mailbox is hosted in Exchange 2003 of burnaby site. Chris's mailbox is hosted in Exchange 2007 of Burnaby Site.

When Tim sends mail to Chris, it will be routed through VANCOUVER Site and come back.


To avoid such excessive routing hops, you can create another routing group connector that connects the single Exchange 2007 routing group to the Burnaby routing group.


To avoid routing loop, modify the registry to suppress link state. Routing loop is a potential situation. It only occurs in a complex environment.
To suppress link state updates on Exchange 2003 or Exchange 2000

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RESvc\Parameters.
Right-click Parameters and select New DWORD value. Name the new DWORD value SuppressStateChanges--value:1

Restart computer


New-RoutingGroupConnector -Name "RGC Burnaby Vancouver" -SourceTransportServers "Ex2007Burnaby.contoso.com" -TargetTransportServers "Ex2003Burnaby.contoso.com" -Cost 1 -bidirectional $true -PublicFolderReferralsEnabled $true



After a new routing group connector is created between Burnaby Routing Group and Exchange Routing Group, Tim sends mail directly to Chris without going through VANCOUVER SITE. However, if you want that message sent by Chris to TIM is routed without going through VANCOUVER SITE, you are better to assign the same cost for both routing group connectors.

The lowest cost routing path across routing group connectors is always used, and the Active Directory IP site link cost to reach the first routing group connector is only considered when two routing paths across routing group connectors have the same cost.
In the following diagram, all exchange 2007 servers are in same Exchange Routing Group, even though they are in different site.

All Exchange 2007 servers are in the same routing group: Exchange Routing Group.

Logical diagram of the routing groups communication:

Messages among Exchange 2007 servers are based on AD sites.

Messages from Exchange 2003 servers to Exchange 2007 and messages from Exchange 2007 to Exchange 2003 are based on Routing Group Connectors (RGC).

Example: A hub transport server in Site A delivers a message to Routing Group B.

Three possible routing paths exist.

Option 1:

RGC-1 and RGC 1-2 (10+10)

Option 2:

RGC-2 (10). The source mailbox is in Site A. Best routing path based on Routing Group Connector cost does not count the AD IP Site Link cost. The message travels from HUB Transport server in Site A to Hub Transport Server in Site B. Site B delivers the message to Routing Group B.

Option 3:

RGC-3 and RGC 2-3 (10+10)

The source mailbox is in Site A. Best routing path based on Routing Group Connector cost does not count the AD IP Site Link cost. The message travels from HUB Transport server in Site A to Hub Transport Server in Site C. Site C delivers the message to Routing Group C and then to Routing Group B.

Best route: option 2.
===

Routing loop

There are two reasons. If there are 2 or more connectors between two routing groups and primary connector is down, Exchange 2003 will pick the alternate connector (route). Exchange 2003 uses the minor link state method to notify each other about a down link. However, Exchange 2007 does not use the link state. Without knowing a routing group connector down, Exchange 2007 continues to route messages to the down connector.

Let me modify the cost of Routing Group Connectors.

Messages from Site A to routing group B.

Best route is RGC-3 (cost 5) + RGC 2-3 (cost 10).

However, RGC 2-3 is down. Because of the minor link state update, all Exchange 2003 servers know the RGC 2-3 down. However, Exchange 2007 servers don't have any knowledge of down link. Exchange 2007 servers still use the RGC-3 and RGC 2-3 route. When messages reach the Routing Group C, Routing Group C selects the RGC 1-3 path because the RGC 2-3 path down. When Routing Group A gets the messages, it routes them through RGC-1 connector because it has the lower cost.

Looping:

Exchange2007:Internal And External delivery of System Messages

www.1ask2.com
Pre-Exchange 2007, when exchange generates DSN messages, the sender is "System Administrator".
In Exchange 2007, system-generated internal messages (DSN messages, Journal reports, Quota messages, Agent-generated messages) are sent out by Microsoft Exchange Recipient object. From the outlook, you should see the sender from Microsoft Exchange.

Get-OrganizationConfig format-list *recipient*
ForeignForestRecipientAdminUSGSid:
MicrosoftExchangeRecipientEmailAddresses : {SMTP:MicrosoftExchange329e71ec88ae4615bbc36ab6ce4109e@TLCTest.local}
MicrosoftExchangeRecipientReplyRecipient:
MicrosoftExchangeRecipientPrimarySmtpAddress: MicrosoftExchange329e71ec88ae4615bbc36ab6ce41109e@TLCTest.local
MicrosoftExchangeRecipientEmailAddressPolicyEnabled:True

If you want to modify Microsoft Exchange Recipient address, Set-OrganizationConfig cmdlet should be used.

External Postmaster is configured per transport server.

get-transportserver select name,*externalPost*

Name ExternalPostmasterAddress
TLCSV167:
TLC25 :Postmaster@test.com

TLCSV167 transport server does not have a externalPostmasterAddress.

TLC25 has email address Postmaster@test.com.

Both TLC25 and TLCSV167 transport servers are in the same organization.

Exchange2007:TransientFailureRetryCount, TransientFailureRetryInterval,OutboundConnectionFailureRetryInterval

Outbound connection failure retry interval (minutes)

Use this field to specify the retry interval for subsequent connection attempts to a remote server where earlier connection attempts as specified by the transient failure retry attempts and the transient failure retry interval have failed.

Transient failure retry interval (seconds) :300

Transient failure retry attempts :6

The relationship among the above three parameters are shown below:

Exchange2007:Edge Transport role--source server

www.1ask2.com

Network Layout

At EdgeTransportServer:

New-EdgeSubscription -FileName c:\subscription.xml

copy subscription.xml to TransportServer computer

At TransportServer:

New-EdgeSubscription -filename "C:\subscription.xml" -CreateInternetSendConnector $true - CreateInboundSendConnector $true -site "Default-First-Site-Name"

Start-EdgeSynchronization

The two send connectors are pushed to Edge Transport.
get-sendconnector [pipe] format-list Name, AddressSpaces, SourceTransportServers
Name: EdgeSync - Default-First-Site-Name to Internet
AddressSpaces: {smtp:*;100}
SourceTransportServers : {edgecomputer}

Name: EdgeSync - Inbound to Default-First-Site-Name
AddressSpaces: {smtp:--;100}
SourceTransportServers : {edgecomputer}

What does the two dashes (smtp:- -) represent?

It represents the smart hosts. It actually represents all Transport Servers in the subscribed site. In the diagram, it has only one transport server. If there are transport servers in the site, the -- represents the both transport servers.

Hub Transport servers that are added to an Active Directory site after an Edge Subscription has been established do not participate in the EdgeSync synchronization process. However, they are automatically added to the list of smart hosts for the inbound Send connector. If more than one Hub Transport server is located in the subscribed Active Directory site, inbound connections will be load balanced across the smart hosts.

The source transport server property is important.

If you change SourceTransportServers : {edgecomputer} to SourceTransportServers : {TransportServer}, the send connector will not be synchronized to the Edge Transport server.

To illustrate further, I create a send connector in Transport Server and I want it to be synchronized to Edge Transport server.

[PS] D:\>get-sendconnector [pipe] format-list Name, AddressSpaces, SourceTransportServers
Name : EdgeSync - Default-First-Site-Name to Internet

AddressSpaces : {smtp:*;100}

SourceTransportServers : {edgecomputer}

Name: EdgeSync - Inbound to Default-First-Site-Name

AddressSpaces : {smtp:--;100}

SourceTransportServers : {edgecomputer}

Name : TelusSmartHost

AddressSpaces : {SMTP:*.telus.com;1}

SourceTransportServers : {USA}

The {USA} is the Transport Server. After I change it to {edgecomputer}, the TelusSmartHost will be pushed to EdgeComputer.

The COST is from 1 to 100. The lower the value, the best route it is.

Exchange2007:Move mail.que to another transport server

In this network, Internet speed is 1Mbps, whereas the LAN has 1Gbps. When users send mail, it will be in mail.que, first. And then, transport servers deliver it.

Scenario

TransportServer1 computer gets a problem. The transport service wouldn't start. All messages accumulated in TransportRoles\Data\Queue\mail.que has not been delivered. It either cannot be fixed or will take more than two days to solve it.

Luckily, the TransportServer2 is running. New messages can be delivered even though it is overloaded.

TransportServer2 can deliver the messages in the mail.que of TransportServer1. How?

At TransportServer1:

Net Stop MSExchangeTransport

Copy all files in the folder (TransportRoles\Data\Queue\) of TransportServer1 and save them to a folder of TransportServer2, e.g. TempQueue.

At TransportServer2:

TempQueue:

This folder will have the following files from TransportServer1.

Still at Transport server2.

Repair the mail.que database;

Exchange Management Shell,
CD C:\TempQueue
Eseutil /r Trn /d. /8

offline defragmentation of the queue database by using Eseutil;
Eseutil /d mail.que

The Transport server will not accept the new mail but send out all messages in its own mail.que.
Net Pause MSExchangeTransport

From queue viewer utility, you could see that all messages are delivered or not.
After all messages are delivered,

If the mail.que is over two days, you must do the following. If you don't, messages are not delivered and NDR will be sent back. By default, expiration time is 2 days.

Set-TransportServer -MessageExpirationTimeout longertime

Net Stop MSExchangeTransport

Copy c:\TempQueue\*.* to c:\Program Files\Microsoft\Exchange Server\TransportRoles\data\Queue

Net Start MSExchangeTransport

All messages will be delivered.

Net Stop MSExchangeTransport

Delete all files in the directory c:\Program Files\Microsoft\Exchange Server\TransportRoles\data\Queue

Net Start MSExchangeTransport

A fresh mail.que will be automatically created.


============
Observation

We can use the ESEUTIL utility to fix some problems of mail.que.

Scenario:
An Exchange transport server has a fragmented queue database that grows so large that it consumes all available hard disk drive space.

The transport server is working but the performance is bad because of the fragmented queue.

Net Stop MSExchangeTransport

Exchange Management Shell,
CD C:\Program Files\Microsoft\Exchange Server\TransportRoles\data\Queue
Eseutil /r Trn /d. /8

offline defragmentation of the queue database by using Eseutil;
Eseutil /d mail.que

Net Start MSExchangeTransport

========
How do you change the path for the mail.que?
EdgeTransport.exe.config file
look for key="QueueDatabasePath"

Exchange2007:Hard Recovery and Soft Recovery

Hard recovery

A transaction log replay process that occurs after restoring a database from an online backup.
Soft recovery

A transaction log replay process that occurs when a database is remounted after an unexpected stop, when transaction logs are replayed into an offline file copy backup of a database, or when logs are replayed into a Volume Shadow Copy Service (VSS) backup set.

I don't have a clue about the definitions.

Let me show you the difference between Hard recovery and soft recovery.

For most, both Hard recovery and soft recovery talk about log files.

Then, NTBackup: Full, differential, and incremental.

Transaction logs

Each storage group has its own set of transaction log files. Periodically, the information in the transaction log is committed—that is, it is written into the storage group’s database file. Not all logs are committed right away. However, committed log is not deleted.

Transaction logs are deleted only when you do a full online backup of all the databases in the storage group.

You should not delete transaction log files manually.

A check point file is used to indicate which transaction log entries have been written to a database file.

Checkpoint file—E00.chk is for first storage group; E01.chk is for second storage group; etc.

When the transaction log files are deleted?

Before any full backup is performed,
After full backup is performed, some log files are deleted.After sending messages to the mailboxes in the staff mail store:

After incremental backup, some log files are deleted:

After sending messages to the mailboxes in the staff mail store:

After differential backupàlog files are not deleted:

The result of the backup—incremental and differential backups include only the transaction logs

To restore a mail store, you must follow the order: full backup, incremental …
If there is more than one store in the storage group, you can select which store to be restored; however, you still need to follow the backup order to restore the incremental or differential backups.

Because the differential or incremental backups include only the log files, to bring the restore database to a consistent state, you must replay the log files included in incremental backups or differential backups. That replay is referred to HARD RECOVERY.

If you tick "Last Restore Set" option when you restore the last backup set, when NTbackup restore process complete, HARD RECOVERY will automatically start. All the log files from incremental backups or differential backups are replayed.

If you fail to trigger hard recovery from the backup application, you must run hard recovery manually from the command prompt with Eseutil before a restored database can be mounted. You forget to tick "Last Restore Set".

You can start the hard recovery using ESEUTIL /C.

After the hard recovery, the database is in clean shutdown state. You can mount it. As you see, the hard recovery occurs when the database is in unmounted state.

SOFT Recovery--when the database is re-mounted.

Log directory has log files not backed up.

Scenario 1:

The database is in dirty shutdown state. When you re-mount it, the uncommitted log files will be committed (chk file has the records).--soft recovery

Scenario 2:

After hard recovery, you can mount the database. The log directory includes a lot of log files that have not backed up. If you still use the same log directory for your storage group, you can move the chk file away from the log folder, the log files will be replayed into the database. If the soft recovery does not start, you can manually start it as eseutil /R. Please run the command directly from the log directory.

============

When you cannot mount the database, ESEUTIL /P (repair) and ESEUTIL /D (defrag) can be used. Before using it, back up the database and log files.

After ESEUTIL /P and ESEUTIL /D, run Isinteg -s servername -fix -test alltests

ESEUTIL works on physical level, tables, indexes, etc

Isinteg works on application level, relations among tables, indexes, etc.

When you run Database Troubleshooter from Exchange Management Console, it starts both ESEUTIL and ISINTEG.

Exchange2007: Move a mailbox database from one server to another

www.1ask2.com
Two Servers: TLC25 and TLCSV167

I will move Telus Storage Group\Telus Database from TLCSV167 to TLC25\First Storage Group\Telus Database.

Clean Shutdown the TLCSV167\Telus Storage Group\Telus Database;

Dismount-Database -Identity 'TLC25\First storage group\Telus database'

New-MailboxDatabase -StorageGroup 'TLC25\First Storage Group' -Name 'Telus Database'

(don't use the Exchange Management console to create the new database)

Set-MailboxDatabase 'TLC25\First Storage Group\Telus Database' -AllowFileRestore:$true

Copy everything under TLCSV167\Telus Storage Group to TLC25\First Storage Group

Mount-Database -Identity 'TLC25\First storage group\Telus database'

Get-Mailbox -Database 'TLCSV167\Telus Storage Group\Telus Database' (pipe) Where {$_.ObjectClass -NotMatch '(SystemAttendantMailbox (pipe) exOleDbSystemMailbox)'} (pipe)Move-Mailbox -ConfigurationOnly -TargetDatabase 'TLC25\First Storage Group\Telus database'

All outlook 2007 clients and OWA clients will automatically connect the new server: TLC25.

Outlook 2003 clients must be re-configured.

=======

Clean Shutdown State?

It is related to transaction log files. Data is first written to transaction log files, and later committed to database. The *.chk file records the point between committed and uncommitted. Clean Shutdown a database will commit all uncommitted log records. So the database is detached from the log file stream. You can mount the database again without performing any recovery operation.

Exchange2007:Move-Mailbox -ConfigurationOnly

www.1ask2.com

Move-mailbox -configurationOnly to direct the mailbox to a functional server. The mailbox content is not moved.

Exchange Server 1: TLC25
Exchange Server 2: TLCSV167

TLCSV167\First Storage Group\Test database hosts mailboxes: test1 and test2. The good thing is that the database is already backed up.

Weird thing occurs. TLCSV167 whole server cannot be restored.

create a new mailbox database (dial tone) on TLC25 as:
TLC25\First Storage Group\Test database

From TLC25 computer, run the commandlet:

Get-MailBox -Database 'TLCSV167\First Storage Group\test database' (pipe) Move-Mailbox -ConfigurationOnly -TargetDatabase 'TLC25\First Storage Group\Test database'

Database Recovery Management Tool
Create a Recovery Storage Group for the 'TLC25\First Storage Group';

Using the backup/restore utility to restore the 'Test database' from TLCSV167 backup.

Mount the Recovery Storage Group\Test database;

Get-MailboxDatabase -server tlc25 -status (pipe) format-list Name, StorageGroup,mounted
Name : Mailbox Database
StorageGroup : TLC25\First Storage Group
Mounted : True
Name : test database
StorageGroup : TLC25\First Storage Group
Mounted : True

And then, you can directly run the merge or copy wizard.
Or, do the dial tone swap first and then merge or copy wizard.

Office 2007 clients and OWA can automatically discover the configuration change because of the AutoDiscover service. However, for Office 2003 clients, you must reconfigure their profiles.

Exchange2007:backup and restore MapiExceptionCallFailed: Unable to mount database

Telus Storage Group has two mailbox databases: telus database and Shaw database

Because the Shaw Database has status MOUNTED, restore process will fail.


Dismount the Shaw database:

The restore process will succeed. However, when you try to mount the database, it is possible you get the error message: "MapiExceptionCallFailed: Unable to mount database". Why?

Two things:

The temporary location D:\temp is not empty.

And the Last Restore Set is not checked.

Because the backup is the last one, I make sure the D:\temp is empty and select "Last Restore Set". After the restore process completes, I could mount the database.

Exchange2007:Dial tone recovery--failed database

Database backup is very important.

Server Name: TLCSV167

Get-MailboxDatabase -status format-list name,storagegroup,mounted

Name : Mailbox Database
StorageGroup : TLCSV167\First Storage Group
Mounted : True

Name : Telus Database
StorageGroup : TLCSV167\Telus Storage Group
Mounted : False

The Telus Database fails and cannot be mounted.

====

Dial tone

mkdir c:\backup

Move everything under Telus Storage Group to c:\backup folder

Mount a empty database: telus database ------dial tone

Exchange Management Console

Right Click on Telus Database --Mount

Click YES button



Mailbox users who belong to Telus Storage Group\Telus Database can send and receive e-mail now--very fast, except they don't have the access to the old mail, for now.

We can use the tool to restore the old mail.

Restore the database from backup:


As noticed, the data goes to Recovery Storage Group.

Mount-mailboxdatabase 'Recovery Storage Group\Telus database'

Get-MailboxDatabase -status format-list name,storagegroup,edbfilepath, mounted
Name : Mailbox Database

StorageGroup : TLCSV167\First Storage Group

EdbFilePath : C:\Program Files\Microsoft\Exchange Server\Mailbox\First Storage Group\Mailbox Database.edb

Mounted : True

Name : Telus Database

StorageGroup : TLCSV167\Telus Storage Group

EdbFilePath : C:\Program Files\Microsoft\Exchange Server\Mailbox\Telus Storage Group\RSG20080722160745\Telus Database.edb

Mounted : True

Name : Telus Database

StorageGroup : TLCSV167\Recovery Storage Group

EdbFilePath : C:\Program Files\Microsoft\Exchange Server\Mailbox\Telus Storage Group\Telus database.edb

Mounted : True

After the swap, the path of Telus Storage Group\Telus Database has changed. Why do you swap? Why don't you directly perform the merge or copy task? For a big database, running the merge or copy wizard will take a long time.

When the Recovery Storage Group\Telus Database and Telus Storage Group\Telus Database are on the same logical drive, the swap is instantaneous--the actual content does not move at all but only the path pointer.

Because the temporary mailbox database is small, running the merge or copy wizard will not cause the performance degradation.

Exchange2007:Multiple Global Address Lists and GlobalAddressList attribute

ADSIEDIT.msc

Microsoft Exchange

globalAddressList attribute has the following:

By default, the globalAddressList2 attribute is not configured. With the following setting, the new users which are members of Rogers global address list can be set up in OUTLOOK CLIENTS. The members of Rogers global address list don't belong to the Default Global Address List.

This is the best method.. I added more GALs in the globalAddressList2 but it didn't work. The OUTLOOK Client still cannot locate the address list.

What do I do?
For users from Shaw global address list, I add the Shaw GAL to the globalAddressList2. For users from Telus GAL, I kept only the Telus GAL in the globalAddressList2.
==========
The following method will be better.

By default, Default Global Address list includes all mail object. If one exchange organization hosts two or more companies, such as Shaw, Telus, and Rogers, you must modify the PurportedSearch filter of Default Global Address List. If not, all outlook clients will see all the mail objects.

Don't take the purportedsearch attribute lightly. When you set up a new outlook client, the user must be included in the default global address list.

What do I do? The PurportedSearch attribute must use the LDAP filter.

I learn the LDAP filter from the Exchange Management Console wizard.

new-DynamicDistributionGroup -Name 'Shaw Customers' -IncludedRecipients 'MailboxUsers' -ConditionalCompany 'Shaw' -OrganizationalUnit 'terrace.com/Shaw' -Alias 'ShawCustomers' -RecipientContainer 'terrace.com/Shaw'
//please remove the [ ]

Get-DynamicDistributionGroup 'Shaw Customers' [ ]format-list *Filter*
RecipientFilter : ((Company -eq 'Shaw' -and RecipientType -eq 'UserMailbox' ) -and -not(Name -like 'SystemMailbox{*') -and -not(Name -like 'CAS_{*'))
LdapRecipientFilter : (&(company=Shaw)(objectClass=user)(objectCategory=person)(mailNickname=*)(msExchHomeServerName=*)(!(name=SystemMailbox{*))(!(name=CAS_{*)))
RecipientFilterType : Precanned

From the DynamicDistributionGroup, I get the LDAP filter.

Using ADSIEDIT.msc tool

I copy the LdapRecipientFilter to the purportedsearch attribute of Default Global Address List and copy the RecipientFilter to msExchQueryFilter of Default Global Address list.
New mailbox user will have the company attribute set to SHAW. After it is configured in outlook, I change the company name to Telus, for example.

Don't forget to modify permissions for Global Address List. By default, Authenticated Users are granted READ and OPEN ADDRESS LIST. You should remove these two permissions.

I create a group for Telus, a group for Shaw, and a Group for Rogers. Telus group has the READ and OPEN ADDRESS LIST permissions to Telus global address list; shaw group has the READ and OPEN ADDRESS LIST permissions to Shaw global address list.

For outlook client in the Exchange 2007 computer, because the cache mode in OUTLOOK, global address list will not reflect the membership change right away. After I disable the cache mode and restart outlook, the global address list is correct. And then, enable the cache mode.

For outlook client in computer other than Exchange 2007, after you modify the company parameter and update-globaladdresslist, you should see the Global Address List reflecting the change!!!!!!!!!

Make sure your offline address list and global address list match each other. Telus users are hosted in telus database. Their offline address list includes all users from Telus. The Global Address List includes all users whose Company attribute is set to Telus. When you create mailboxes for Telus users, make sure the mailbox database is Telus database.

When you create a new mailbox for Telus user, specify the Company Attribute to TLC (because the purportedSearch is filtered to TLC, see above). So, the Default Global Address List includes the new mailbox user. After the outlook client is configured, set the company attribute to Telus for the mailbox user.

Exchange2007: Offline Address Book

Databases:

New-GlobalAddressList -Name 'Shaw' -IncludedRecipients 'AllRecipients' -ConditionalCompany 'shaw'

Update-GlobalAddressList Shaw

New-GlobalAddressList -Name 'Telus' -IncludedRecipients 'AllRecipients' -ConditionalCompany 'Telus'

Update-GlobalAddressList Telus

New-GlobalAddressList -Name 'Rogers' -IncludedRecipients 'AllRecipients' -ConditionalCompany 'Rogers'

Update-GlobalAddressList Rogers

Modify the definition of Default Global Address List by adsiedit.msc

The Default Global Address List includes all recipients in default mailbox database.

Both attributes of msExchQueryFilter and PurportedSearch:

(&(&(mailNickname=*) (homeMDB=CN=Mailbox Database,CN=First Storage Group,CN=InformationStore,CN=USA,CN=Servers,CN= Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Terrace,DC=com)) ((objectClass=user)(objectClass=contact)(objectClass=msExchSystemMailbox)(objectClass=msExchDynamicDistributionList)(objectClass=group)(objectClass=publicFolder)))

Update-GlobalAddressList 'Default Global Address List'

The default value of PurportedSeach is:

(&(mailNickname=*)((objectClass=user)(objectClass=contact)(objectClass=msExchSystemMailbox)(objectClass=msExchDynamicDistributionList)(objectClass=group)(objectClass=publicFolder)))

note: the pipe operator disappears. The blog site eats it.

Before you configure a outlook client, I restore the default value of PurportedSearch. If you don't, the Outlook client cannot find the user name in the default address list unless the user is from the default mailbox database. After the outlook client is configured, I set the customized settings.

If I could find a way to set up a OUTLOOK Client without looking up the default global address list, then the multiple global address lists will work.

What I do? new mailbox users are created in Default mailbox store. After they are set up in outlook, I move them to their own mailbox stores.

You can do the similiar modification for Shaw, Telus, and Rogers global address list, so Shaw global address list includes all recipients in Shaw Database.

New-AddressList -Name 'ShawAddress' -IncludedRecipients 'AllRecipients' -ConditionalCompany 'Shaw' -Container '\'

Update-AddressList 'ShawAddress'

New-AddressList -Name 'RogersAddress' -IncludedRecipients 'AllRecipients' -ConditionalCompany 'Rogers' -Container '\'

Update-AddressList 'RogersAddress'

New-AddressList -Name 'TelusAddress' -IncludedRecipients 'AllRecipients' -ConditionalCompany 'Telus' -Container '\'

Update-AddressList 'TelusAddress'

new-OfflineAddressBook -Name 'TelusOfflineAddress' -Server 'USA' -AddressLists '\TelusAddress' -PublicFolderDistributionEnabled $true -VirtualDirectories 'USA\OAB (Default Web Site)'

new-OfflineAddressBook -Name 'ShawOfflineAddress' -Server 'USA' -AddressLists '\ShawAddress' -PublicFolderDistributionEnabled $true -VirtualDirectories 'USA\OAB (Default Web Site)'

new-OfflineAddressBook -Name 'RogersOfflineAddress' -Server 'USA' -AddressLists '\RogersAddress' -PublicFolderDistributionEnabled $true -VirtualDirectories 'USA\OAB (Default Web Site)'

Update-OfflineAddressBook 'TelusOfflineAddress'

Update-OfflineAddressBook 'ShawOfflineAddress'

Update-OfflineAddressBook 'RogersOfflineAddress'

Update-OfflineAddressBook 'Default Offline Address Book'

Set-MailboxDatabase -Identity 'Mailbox database' -OfflineAddressBook 'Default Offline Address Book'
Set-MailboxDatabase -Identity 'Shaw database' -OfflineAddressBook 'ShawOfflineAddress'
Set-MailboxDatabase -Identity 'Telus database' -OfflineAddressBook 'TelusOfflineAddress'
Set-MailboxDatabase -Identity 'Rogers database' -OfflineAddressBook 'RogersOfflineAddress'

Download offline address from Outlook;

Tools-Send/Receive--Download Address Book

=====

I created Offline Address Book based on the customized Global Address List, such Shaw, Telus, and rogers. Outlook clients don't use them.

Sharepoint: indexer

1. start the Windows Sharepoint Service Search

How?

Sharepoint 3.0 Central administration

Operations

Services in server

Click start the Windows Sharepoint service search. It's better go to services.msc to configure the sharepoint search to automatic start.

2.

Sharepoint 3.0 Central Administration

Application Management

Content Database

Click on the Content Database Name

Specify the indexer server as shown below:

Sharepoint:Add a URL mapping to the web application

I created a sharepoint application with http://tlc-tndc.dyndns.org/. I could access the sharepoint application using the URL. However, internal user wants to use http://tndc-main/, the Netbios name.

Configure the Web Application in IIS with multiple host header mapping as shown below:

Access the web application with both http://tlc-tndc.dyndns.org/ and http://tndc-main/ without problem. However, with http://tndc-main/, you cannot use the search feature. It gives you the error message: Add a URL mapping to the web application. How?

Sharepoint 3.0 Central Administration

--Operations

--Alternate Access Mapping

Add an internal URLs

http://tndc-main/

done!

Exchange2007:Specify Address Lists in Outlook Web Access

For multiple hostings, when users from Telus access OWA, they should see the Global Address List 'Telus', when users from Shaw access OWA, they should see the Global Address List 'Shaw', when users from TLC access OWA, they should see the Global Address List 'TLC', etc.

How?
Set-OwaVirtualDirectory -Identity 'owa (Default Web Site)' -AllAddressListsEnabled $false

New-GlobalAddressList -Name 'Shaw' -IncludedRecipients 'AllRecipients' -ConditionalCompany 'shaw'

New-GlobalAddressList -Name 'Telus' -IncludedRecipients 'AllRecipients' -ConditionalCompany 'Telus'

New-GlobalAddressList -Name 'Rogers' -IncludedRecipients 'AllRecipients' -ConditionalCompany 'Rogers'

Create mailboxes: SeungBum Yoo, Kevin Smith, and Kaiming Liao
set-user -Identity 'Kaiming Liao' -Company 'Shaw'
set-user -Identity 'SeungBum Yoo' -Company 'Rogers'
set-user -Identity 'Kevin Smith' -Company 'Telus'

Update-GlobalAddressList ‘Telus’

$global=get-globalAddresslist ‘Telus’
Get-Recipient -RecipientPreviewFilter $global.RecipientFilter


Kevin Smith

Update-GlobalAddressList ‘Shaw’
$global=get-globalAddresslist ‘Shaw’
Get-Recipient -RecipientPreviewFilter $global.RecipientFilter

Kaiming Liao

Update-GlobalAddressList ‘Rogers
$global=get-globalAddresslist ‘Rogers
Get-Recipient -RecipientPreviewFilter $global.RecipientFilter


SeungBum Yoo

-------
Get-GlobalAddressList format-list DistinguishedName
DistinguishedName : CN=Shaw,CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Terrace,DC=com

DistinguishedName : CN=Telus,CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Terrace,DC=com

DistinguishedName : CN=Rogers,CN=All Global Address Lists, CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Terrace,DC=com

ADSIEDIT.msc


Default Naming Context [USA.Terrace.Com]
-DC=Terrace,DC=COM
Locate CN=Kaiming Liao --Properties
Locate the msExchQueryBaseDN

Set it to CN=Shaw,CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Terrace,DC=com

msExchQueryBaseDN of SeungBum Yoo will be set to CN=Rogers,CN=All Global Address Lists, CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Terrace,DC=com

msExchQueryBaseDN of Kevin Smith will be set to CN=Telus,CN=All Global Address Lists,CN=Address Lists Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Terrace,DC=com

Test them--Pretty

=======

Modifying the msExchQueryBaseDN attribute for all related users is a tedious job. Can we copy the user template? How?

Open Active Directory Schema console

Locate msExchQueryBaseDN attribute

Double-click msExchQueryBaseDN

Select "Attribute is copied when duplicating a user". Then, it will be really good.

Exchange2007:The admin has temporarily disallowed this secure domain

At Terrace.COM,

Set-transportConfig

set-transportconfig -TLSReceiveDomainSecureList van.com
set-transportconfig -TLSSendDomainSecureList terrace.com

Because I haven't configured TLS authentication yet and VAN.COM send connector uses the DNS MX record for delivery, VAN.COM organization cannot send mail to Terrace.com.

The error message shows in the queue viewer at VAN.COM exchange 2007:

Last Error: 451 4.7.3 The admin has temporarily disallowed this secure domain.


At terrace.com,
set-transportconfig -TLSReceiveDomainSecureList a.a
set-transportconfig -TLSSendDomainSecureList a.a

then, mail delivery to terrace.com is restored.

Actually, from Event Viewer at Terrace.com domain controller, you could find the application error record:

Source: MSExchangeTransport

The connection to domain 'van.com' on connector 'Internet' could not be established for the exchange of domain-secured e-mail because the DomainSecureEnabled parameter on the connector was not set to true. Set the value of the DomainSecureEnabled parameter to true, or remove domain 'van.com' from the list of domains for which domain secured e-mail is enabled.

Exchange2007: Deliver report and non-delivery report

A domain named terrace.com.

The administrator@terrace.com sends an e-mail to a non-existed address aaa@terrace.com. NDR will be received. Within an exchange organization, you cannot turn it off. Anyway, why would you do?

How about delivery report?

In outlook, you create a new message with a receiving address jane.liao@terrace.com. Don't send it yet.

After you select "Request a Delivery Receipt", press the SEND button. A delivery report will be received shortly.

==========

Remote Domain options

At VAN.COM organization,

Remote Domains: Default

Remote Domain: Terrace.COM

At Terrace.COM:

OUTLOOK client program can request a delivery receipt from Terrace.com side. If you want the NDR message to be delivered to terrace.com domain, you select the "Allow non-delivery reports" in VAN.COM organization.

Automatic Reply option is used for out of office assistant in OUTLOOK Client Program, which a automatic reply message can be created as a rule.

At terrace.com, after you set ALLOW AUTOMATIC FORWARD in remote domain. When Kaiming.Liao@terrace.com receives email, it will be automatically forwarded to fact@van.com account.

Exchange2007:Pickup and Replay directories

By default, Pickup and Replay directories are in the following directory.
c:\Program Files\Microsoft\Exchange Server\TransportRoles\

The Replay directory is used to resubmit exported Exchange messages and to receive messages from foreign gateway servers. These messages are already formatted for the Replay directory. There is little or no need for an administrator or other application to compose and submit new message files by using the Replay directory. The Pickup directory should be used to create and submit new message files.

Take a look of the eml file used in both directories.

I have an domain: terrace.com with exchange 2007 installed. Kaiming.Liao@Terrace.com is my email address for testing.

I have a pop3 account, which is configured in Windows Mail. You could open an e-mail and save it to the pickup directory. It will automatically be delivered.

The following simple code composes the eml file, which can be put in PICKUP directory but not REPLAY directory.

From: "Kaiming Liao" <kaiming.liao@terrace.com>
To: "'Kaiming Liao'" <Kaiming.liao@terrace.com>
Subject: NIFCS website development

Hello TLC Team:

http://dev.nifcs.org/ This is development homepage of NIFCS.

The last two at the bottom is what we are working with. Your participationand suggestion would be greatly appreciated.

Regards,

The following simple code composes the eml file, which could be put in REPLAY directory for delivery.

X-Receiver: <kaiming.liao@terrace.com>
X-Sender: <bob@contoso.com>
To: Kaiming.liao@terrace.com
From: bob@contoso.com
Subject: Optional message subject

The Replay directory receives messages from foreign gateway servers and resubmits messages that administrators export from the queues of Exchange 2007 servers.

=======
An application could use the pickup directory to send e-mail.

Exchange2007:OWA and Sharepoint

www.1ask2.com
I create a sharepoint farm with web application http://tlc-nifcs.dyndns.org/, which hosts in server nifcs-main.dyndns.org server.

Exchange2007 is installed in the same server.

How to enable OWA access the sharepoint?

Exchange Management Console -- Server Configuration -- Client Access --OWA --Properties
--Remote File Servers
--Allow button and add tlc-nifcs.dyndns.org

--Configure button and add tlc-nifcs.dyndns.org as internal domain suffix.

And then, from OWA -- docunments --open http://tlc-nifcs.dyndns.org/

I have a file server named as tlc25, which contends the companyFile shared folder.

I add the tlc25 computer name to Remote File Servers ALLOW list. From OWA, I can access it as long as the mail user has the permission.

USMT 3.01 --wipe and load migration

1. create a user, Kevin.Smith, in XP Professional machine
2. log on as Kevin.Smith, customize desktop, set up Outlook with POP3 account, etc.
3. Restart the machine
4. Logon as administrator
5. CD \Program Files\USMT3.01
6.
SCANSTATE D:\transfer /ue:*\* /ui:Kevin.Smith /i:miguser.xml /i:migapp.xml /i:migsys.xml

7. Right-click My Computer--Properties--Advanced--User Profiles,
Remove Kevin.Smith's profile;
Delete the user Kevin.Smith from the computer;

8.
LoadState d:\transfer /i:miguser.xml /i:migapp.xml /i:migsys.xml /lac /lae

Done!
=====
However, USMT does not migrate password, such as outlook password.

Symantec Antivirus Corporate Edition 10.2:managed installation

1. install Symantec System Center


2. install Symantec Antivirus server

It will create a group, e.g. Symantec Antivirus 1.

Restart your system

3. open the Symantec System Center and expand System Hierarchy, locate the server name, e.g. TLC25, right click and select Make Server a Primary Server.

4. At client computer, install Symantec Antivirus Client, choose Managed.

OUTLOOK: Exchange Mailbox and PST file by POP3 setup

User: Blue has a pop3 account setup.

All mail was delivered to outlook.pst personal file.

Then, the user-blue has a Exchange Mailbox account. In the same profile as the default outlook, he added the new e-mail account.

Warning: mail from Exchange Server account will be delivered to the existing Personal Folder. Click Yes button.

And modify the default OUTLOOK profile to deliver all mail to Exchange Mailbox.

The outlook will automatically upload its mail from the existing Personal Folder file to Exchange mailbox.

When the pop3 account receives mail, as long as you open the outlook with both Exchange mailbox and pop3, the mail will automatically upload to Exchange mailbox as well.

However, the personal contact and calendar will not automatically upload to exchange. We have to use the import and export utility.

After you select Contacts in Personal Folders, click FILE menu--Import/Export tool

Export the contact list to a file

Select Contacts, click FILE menu--import/export tool

Import the contact list

Last, you could remove the personal folder file from outlook.

IE: Default Home Page

GPO -- User Configuration --Windows Settings --Internet Explorer Maintenance --URLs
Double-click "Important URLs"

If you want to reset the default home page after the user changes it, you should enable "Internet Explorer maintenance policy processing".

Default Domain Policy--Computer Configuration --Administrative Templates --System--Group Policy --Internet Explorer Maintainance policy processing
--check "Process even if the Group Policy objects have not changed.

IE:Automatically Logon with current user name and password

Integrated Windows Authentication is about how the username and its password are sent across the network.

With Integrated Windows authentication (formerly called NTLM, and also known as Windows NT Challenge/Response authentication), the user name and password (credentials) are hashed before being sent across the network. When you enable Integrated Windows authentication, the client browser proves its knowledge of the password through a cryptographic exchange with your Web server, involving hashing.

To enable Integrated Windows Authentication, you access the Advanced Tab of Internet Options.


In IE browser, the user logon has many options:

• anonymous logon


• automatic logon only in Intranet zone


• automatic logon with current user name and password


• prompt for use name and password

IE browser -- Tools --Internet Options --Security --select Internet zone --click Custom Level button, and scroll down,
you will find the User Authentication.

I have a sharepoint site hosted in IIS 6, the users cannot automatically logon. The user must be prompted for user name and password. It annoys the customer.

After I add the sharepoint web application address, such as http://tlc-nifcs.dyndns.org/ to the Intranet zone. The user is automatically accessing the sharepoint.

You can also select the option for Internet zone: Automatic logon with current user name and password without adding the site address to the Intranet zone.





In the domain environment, you should use the Group Policy to control the automatically logon.

Computer Configuration--Administrative Templates

--Windows Components--Internet Explorer --Internet Control Panel

--Security Page--Internet Zone--Logon Options