Tools for Exchange & Active Directory

Mailscape Provides Exchange Monitoring & Reporting Solution for Baltimore City Public Schools

2012-02-03T14:13:11Z

Los Angeles, CA - November 17, 2011 - ENow, a Microsoft Certified Partner specializing in infrastructure consulting and development of software to simplify Microsoft system management, announced that Baltimore City Public Schools has selected their award-winning Mailscape tool for Microsoft Exchange Server and mobile device management. Mailscape provides insight into the organization's Exchange environment so that the System Administrators Team can prevent costly email outages and enable staff to better service clients.

Mailscape Provides Exchange Monitoring & Reporting Solution for Carnegie Corporation of New York

2012-02-03T14:07:55Z

Los Angeles, CA - December 7, 2011 - ENow, a Microsoft Certified Partner specializing in infrastructure consulting and development of software to simplify Microsoft system management, announced that Carnegie Corporation of New York has selected their award-winning Mailscape tool for Microsoft Exchange Server and mobile device management. Mailscape provides insight into the organization's Exchange environment so that Loretta Harris, the Director of Information Technology at Carnegie Corporation, could gain a clear understanding of how the email system was being used in order to justify expansion of storage capacity

Mailscape Named Best Exchange Reporting Tool

2012-02-03T14:01:09Z

Corona, CA - Thursday, 02 February 2012 - ENow, a Microsoft Gold Certified Partner specializing in infrastructure consulting and development of software to simplify Exchange system management, announced today that its award-winning solution Mailscape was selected as the winner in the Exchange Server Reporting category of the MSExchange.org Reader's Choice survey.

]]>

This is the second coveted award that Mailscape has received in the past 2 months. Recently Mailscape was named the Bronze Medal Winner of the "2011 Editors' Best Awards" in the Best Messaging category by Penton Media's Windows IT Pro Magazine. This new award wins the Exchange Reporting category of the MSExchange.org Readers' Choice Awards.

"We are extremely pleased to receive this award for Mailscape, particularly since it's coming from the leading Microsoft Exchange Server resource site," states Jay Gundotra, CEO of ENow. "Our team really takes pride in listening to the IT administrators who purchase our product and have created a management tool with them in mind. To receive an award from those individuals, the readers of the MSExchange.org site is a true honor and testament to our end users belief in our product."

Mailscape is an award-winning Exchange and mobile device management tool that provides monitoring, reporting, and administrative capabilities in a single, affordable solution. Installed in minutes, easy to deploy, and intuitive enough for the help desk to use, Mailscape lets you manage your entire environment in a sleek, one-look dashboard.

ENow's Mailscape Exchange Server product is used in over 30 countries by enterprise companies, including Facebook, NYSE, DirecTV, Blue Cross Blue Shield, and CB Richard Ellis. The product features a dashboard with red, yellow, and green lights indicating the health of each monitored server. The Mailscape solution enables IT support staff the ability to proactively monitor servers in real time. It also provides mobile device reporting for iPads, iPhones, Androids, Blackberries, and other mobile devices.

About ENow

ENow is a Microsoft Gold Certified Partner focused on helping companies implement the latest Microsoft technologies and developing software tools to simplify the job of an IT administrator. The company's flagship product, Mailscape, is an award winning Exchange monitoring and reporting tool that provides a dashboard view of the messaging environment. For more information, call 1-877-TRY-ENOW, email us at info@enowinc.com, or visit us online at www.enowinc.com

Deep dive into rich coexistence between Exchange Forests

2011-11-09T16:39:50Z

"Deep dive into rich coexistence between Exchange Forests": that's a new multi-part article written by Henrik Walter in msexchange.org. He covers "how rich coexistence is configured between 3 separate Exchange forests with different versions of Exchange deployed".

As reason for a coexistence he describes: "... One reason could be that company policies states that specific entities within a company must run isolated from the other entities. This is typically because of legal requirements. It could also be because of a merger or acquisition, where one company purchased another company or several other companies. The companies could continue to run isolated or be consolidated into one large Active Directory forest...."

As basic conditions Walter assumes ". . . an infrastructure using DNS name resolution between each forest as well as an established trust relationships between them..."

We experience that a lot of companies do not want or are not allowed to establish a trust relationsship. To publish the own internal DNS structure is mostly also forbidden.

So we developed a smart software to overcome these limitations: with NETsec GALsync you can share directory information and free/busy between different forests using different Exchange versions. You do not need a trust or a "shared" DNS.

Link: http://www.netsec.de/en/products/galsync/

]]>

Introducing NETsec GALsync version 4.2

2011-10-20T14:19:37Z

Introducing GALsync 4.2

We are happy to announce a new Version of GALsync has been released. This new version contains many new and important features.

GALsync is an easy to use and cost effective solution that allows you to share Exchange mail-enabled objects between forests.

For details on the improvements, please see the list below:

]]> • Import and Export Policy Optimization

The import and export policies have improved and now offer much better performance.

• Expanded Import Options:

1. Special signs within MailNickname & LegacyExchangeDN for Exchange 2003 Server will be automatically replaced to support mixed Environments of Exchange 2003/2007/2010.

Valid values are: Strings of the form "/o=" optionally followed by "/ou= " optionally followed by one or more instances of "/cn=". Each "" is at least one of uppercase and lowercase letters, digits, a space, and anything from the following group of characters: @!"%&'()*+,-.:<>?[]_{}| Property Name: LegacyExchangeDN".

2. "Use MAPI rich text format (mAPIRecipient)" can now be used when executing an Import policy

With this attribute you configure, if the recipient uses Outlook/Exchange and instructs Exchange to send messages with an attachment named WINMAIL.DA in RTF format. Select this option only if you are sure what you are doing!

3. Attribute "PersonalTitle" synchronization support has been added.

The attribute defines the user's title. The attribute is NOT indexed in Active Directory and is not transmitted to the Global Catalog.

4. User's Manager Details can now be Exported and Imported.

In Active Directory you can configure who the manager of a person is. If you want to export/import this manager too, select this option.

5. Free/busy information for contacts can now also be synchronized

In earlier versions only free/busy information of objects from type user were exported. Because some customers requested also to export contacts free/busy informationwe i9mplemented this feature. Export of contacts with free/busy may happen, if you import with GALsync from multiple sites to a central site (star topology) and then you export the information back to all others back.

6. The main SMPT address can now separately be handled from TargetAddress and Mail Address

In the list of values in attribute proxyaddresses the entry SMTP spelled with capitals is the default reply address. Some customers want to modify this value at import time using GALsync.

If an object has a value in its attribute targetaddress, the mail is send directly to this address (which usually is external). GALsync usually fills this attribute with the primary SMTP address of the source object. Some customers want to modify this value at import time using GALsync. This is often used during migrations.

The attribute mail comes with AD out of the box (not through schema extensions by Exchange). It is generally set by Exchange to the primary SMTP address. But you can fill the attribute with a value different to the primary SMTP-address.

Note: In some Exchange versions the value of targetaddress is deleted/modified if you move the object to another OU!

GALsync deactivates automatical stamping of addresses set by address policies.

• Other Improvements:

1. Auto Purging of Sent Mails in the GALsyncArchiv folder. By default this option is turned off. The recommended number of days is 30.

Because the mailbox of the GALsync service account may become too large after a while you can configure that "archived" outgoing or incoming messages will be deleted by GALsync automatically. So you do not need an Outlook rule or somewhat like an export-mailbox command.

2. Added an object counter to export policy

With object counter you can estimate the amount of objects a policy would affect. So you can determine your license needs.

3. GALsync installer and Scheduler Service has been improved and redesigned.

4. New and improved advanced logging has been added.

5. Added the ability to export and Import of policy configuration and logging files

GALsync, Exchange Server 2010 SP2 and GAL Segmentation

2011-10-18T14:08:37Z

Question:

. . . we have recently installed GALsync 4 into our environment to share GALS with a similar sized third party company. My question is, when we run the import - which works perfectly well, it (obviously) doubles the size of our GAL - which makes life a little more complicated for our user base.

Is there a documented procedure you can recommend - that would enable us to view the imported contacts (in this case some 14,000) in their own dedicated address book - and NOT in the GAL itself.

See answer her:

]]>

Frankfurt, Germany / TEC (Quest)

Just sitting in a meeting with Greg Taylor, Senior Program Manager, Exchange Server, Microsoft Corporation talking about "What's New in Microsoft Exchange Server 2010 SP2: Featuring GAL Segmentation".
He published a nice document at http://media.ch9.ms/teched/na/2011/ppt/EXL326.pptx , where he described the more detailed.

Some helpful links to other documents:Exchange 2003

Shared Hosting with Exchange 2003 (Part 1)
http://www.msexchange.org/tutorials/Shared_Hosting_Exchange_2003_Part1.html
Shared Hosting with Exchange 2003 (Part 2)
http://www.msexchange.org/tutorials/Shared-Hosting-Exchange-2003-Part2.html
Exchange 2003 Address List Segregation Document
http://blogs.msdn.com/b/dgoldman/archive/2008/02/19/exchange-2003-address-list-segregation-document.aspx

Exchange 2007

White Paper: Configuring Virtual Organizations and Address List Segregation in Exchange 2007
http://technet.microsoft.com/en-us/library/bb936719(EXCHG.80).aspx

Exchange 2010

GAL Segmentation announced for Exchange 2010 SP2
http://eightwone.com/2011/01/28/gal-segmentation-in-exchange-2010-sp2/
GAL Segmentation, Exchange Server 2010 and Address Book Policies
http://blogs.technet.com/b/exchange/archive/2011/01/27/gal-segmentation-exchange-server-2010-and-address-book-policies.aspx

Cross Org Free/Busy with Federation Trust and NETsec GALsync

2011-10-14T14:00:40Z

A reply to

"Cross Org Availability using Federation Trust and Organization Relationship" - Published by The Exchange Team 28 Jun 2011 1:30 PM

NETsec GALsync - Published at http://netsec.de/products/galsync

Organizations often need to share availability (aka Free/Busy) information with other Exchange organizations. Depending on the version of Exchange Server you're on, there are different ways to do this. Let's take a look at three common scenarios and go through the exact steps required in order to achieve sharing of availability information between two on-premises Exchange organizations.

Scenarios:

1. Scenario 1: Both organizations running Exchange 2010 SP1

2. Scenario 2: One (or both) organizations running a mix of both Exchange 2007 and Exchange 2010 SP1

3. Scenario 3: One (or both) organizations running a mix of Exchange 2003, Exchange 2007 and Exchange 2010 SP1

[1] see: http://blogs.technet.com/b/exchange/archive/2011/06/28/cross-org-availability-using-federation-trust-and-organization-relationship.aspx

]]> This summary table outlines the requirements in order to facilitate Availability lookups between two organizations:

	Exchange Version present in Source organization
Required Components	Exchange 2003/2010	Exchange 2003/2007/2010	Exchange 2007/2010	Exchange 2010
Federation Trust/ Organization Relationship	X	X	X	X
Availability Address Space	-	X	X	-
Public Folder Database on 2010 Sp1 with Replicas of some/all Free/Busy folders*	X	X	--

*refer to "Option A" and Option B" which are discussed later in this post

Scenario 1: Both organizations are running Exchange 2010 Sp1

This is the simplest scenario. Users in both organizations are on Exchange 2010, both organizations can use Federated Delegation and do not require any additional steps.

1. Both organizations must first set up a Federation Trust. The steps to create a Federation trust are documented in Create a Federation Trust. The Federation Trust should be in place and working for both organizations before the organization relationship is set up.

2. Register the DNS TXT records for the federated domain namespace and all other domains you wish to add to the federation trust. The account namespace (this is the federated delegation organization identifier or OrgID) identifies your organization to the Microsoft Federation Gateway. You must use a domain other than your primary SMTP domain (used to receive inbound email) for the account namespace, as documented in Configure Federated Delegation. The current recommendation is to use exchangedelegation.domain.com as the account namespace.

3. Ensure that the autodiscover web service is configured and working for your domain namespace. Although it's possible to manually configure the organization relationship, we recommended that you use autodiscover.

4. Create an organization relationship with the remote organization. The steps to create an organization relationship are documented in Create an Organization Relationship.

Note: Directory synchronization is not required in order to do cross-org availability in Exchange 2010 SP1, except if you have users on Outlook 2007/2003. However, if you choose to configure directory synchronization, it'll not impact the ability to perform availability lookups.

You need NETsec GALsync in this scenario

1. If the companies are not able to use Federated Delegation (i.e. no internet publishing of web services) but need a cross-forest sync of directory information.

2. If the companies need the partner's directory information in its own directory. With GALsync the partner's directory information are stored in your own Active Directory - so it can be used offline. With Federation all required information only are online available. If Internet connection breaks or user work in offline mode no data are present.

Scenario 2: One or both organizations are running Exchange 2010 SP1 and Exchange 2007

Steps 1-4 in this scenario are the same as Scenario 1. However, with Exchange 2007 in the mix, directory synchronization is requiredbetween the two organizations. You must also create an availability address space for the remote organization. This allows Exchange 2007 users in both organizations to benefit from Exchange 2010's support for federation.

5. For Exchange 2007 to query availability cross org, directory synchronization must be performed for all users for which Free/Busy needs to be shared. This can be performed either manually (create Exchange contacts or Mail-enabled users one at a time), or via an automated process (MIIS, ILM, FIM, other 3rd party dirsync tool, etc.).

Dirsync is required in this case because Exchange 2007 requires (and expects) a local object when the availability request is performed. If no local Exchange object is present, the availability request will fail.

6. Create a new availability address space for the remote organization that directs availability request from 2007 users to the 2010 Sp1 server. The syntax for creating the availability address space is included below.

Add-AvailabilityAddressSpace -AccessMethod InternalProxy -ProxyUrl https://Exchange2010SP1CAS.InternalDomain.com/ews/exchange.asmx -ForestName Fabrikam.com -UseServiceAccount $True

With this setting, when an Exchange 2007 user requests availability information for a user from the remote org, the request will be proxied through the Exchange 2010 Sp1 server, which then will utilize the Federation Trust and Organization Relationship to send the availability request to the remote forest availability endpoint.

Figure 1: Exchange 2007 user requests availability for a user in remote organization

1. Step 1. Exchange 2007 user requests availability from user in Org B. Exchange 2007 proxies the request to the Exchange 2010 SP1 server.

2. Step 2 and 3. Exchange 2010 detects it is for a remote org, and detects there's an Organization Relationship. Exchange then validates the Federation Trust.

3. Step 4. Exchange 2010 then sends a request to the Availability service endpoint for Org B.

4. Step 5. The Availability service in Org B generates a respond and sends back to the Exchange 2010 SP1 CAS server in Org A.

5. Step 6. The availability response is returned to Exchange 2007, which then returns the response to the client.

You need NETsec GALsync in this scenario

1. Dirsync is required in this case because Exchange 2007 requires (and expects) a local object when the availability request is performed. If no local Exchange object is present, the availability request will fail.

2. if you need free/busy information only for a small group of users, you might use free/busy feature of our GALsync software. If you use a lot of users for free/busy, do dirsync with GALsync and with Federation you do free/busy sharing.

Scenario 3: One or both organizations are running Exchange 2003, Exchange 2007 and Exchange 2010 SP1

Steps 1-4 in this scenario are the same as Scenario 1. Steps 5-6 in this scenario are the same as Scenario 2. Additionally, since you have Exchange 2003 in the topology, you must choose one of the two options described below in Option A and Option B.

With either option, there are considerations that must be made. Please reference the known issues section at the end of this post to better understand these considerations. With both options, it's assumed that you have performed all previous steps outlined in Scenario 1 and Scenario 2.

Option A:

1. Ensure that there is an Exchange 2010 Sp1 Mailbox server that hosts a Public Folder database.

2. Move ALL replicas of Free/Busy public folders to the Exchange 2010 Sp1 Public Folder server, and remove ALL replicas from either 2003 or 2007. This will allow Exchange 2010 SP1 to respond to all Public Folder free/busy requests.

As the Public Folder free/busy query comes in, the Microsoft Exchange RPC Client Access Service on the Mailbox server (utilized for Public Folder connections) will intercept the public folder query, and route the request to the Availability service, which will then process the request as outlined in previous scenarios

3. If the remote organization that you need to look up Free/Busy for contains Exchange 2003 users, you must manually populate the targetSharingEPR property on the Organization Relationship (reference Issue #4 at the end of this document). This is done via the Exchange Management Shell by running this command:

Set-organizationrelationship -identity "Org Relationship name" -TargetSharingEPR https://outlook.contoso.com/ews/exchange.asmx/wssecurity

Note: the actual URL that you use will differ from the example above. You can determine the URL by checking the ExternalURL property for your Web Services virtual directory. This can be obtained by running Get-WebServicesVirtualDirectory -server 2010cas.contoso.com | fl name, *url*

Figure 2: Exchange 2003 user requests availability information for user in remote org (Option A)

1. Step 1. Exchange 2003 user requests availability from user in Org B. Since the mailbox is on an Exchange 2003 server, the client will only perform a free/busy query to Public Folders. This is done by looking up the LegacyExchangeDN attribute on the mail-enabled object for the remote user. From the LegacyExchangeDN, the client determines the Administrative Group in which the object was created and then knows which Free/Busy public folder to look in. Outlook first performs a query to the default Public Folder database for its mailbox store (which will typically be the Exchange 2003 Public Folder store).

For example, Joe User's LegacyExchangeDN is LegacyExchangeDN=/o=First Organization/ou=Exchange 2003 Admin Group/cn=Recipients/cn=Joe User. The first part of the LegacyExchangeDN, /o=First Organization/ou=Exchange 2003 Admin Group is used to determine which Free/Busy public folder to look in. The second part of the LegacyExchangeDN, cn=Joe User, is used to look for the existence of a public folder message within that Free/Busy folder.

2. Step 2. The Exchange 2003 Public Folder database will issue a referral to the client to the Exchange 2010 SP1 Public Folder database, which is where the only replica of that Free/Busy public folder resides.

3. Step 3. Outlook queries the Exchange 2010 SP1 Public Folder for Free/Busy. Microsoft Exchange RPC Client Access Service running on the Mailbox server intercepts the Free/Busy request and routes it to the Availability service.

4. Step 4 and 5. Exchange 2010 detects it is for a remote org, and detects there is an Organization Relationship. Exchange then validates the Federation Trust.

5. Step 6. Exchange 2010 then sends a request to the Availability service endpoint for Org B.

6. Step 7. The Availability service in Org B generates a response and sends it back to the Exchange 2010 SP1 CAS server in Org A.

7. Step 8. Microsoft Exchange RPC Client Access Service translates the availability response into a Public Folder free/busy response, and returns the information to the Outlook client. In addition, the availability response is placed into the Free/Busy Public Folder and cached for 15 minutes. If additional availability queries are performed for that remote user within that 15 minute period, they will be returned from the cache.

You need NETsec GALsync in this scenario

1. If the companies are not able to use Federated Delegation (i.e. no internet publishing of web services) but need a cross-forest sync of directory information.

2. if you cannot move all free/busy folders to an Exchange 2010 server

3. If the companies need the partner's directory information in its own directory. With GALsync the partner's directory information are stored in your own Active Directory - so it can be used offline. With Federation all required information only are online available. If Internet connection breaks or user work in offline mode no data are present.

Option B

1. Ensure that there's an Exchange 2010 SP1 Mailbox server that hosts a Public Folder database.

2. If not already present, create the Free/Busy system folder called External (FYDIBOHF25SPDLT) and ensure that the only replica of this Free/Busy Folder is on the Exchange 2010 SP1 server.

Note: This External free busy folder will only be created on a new Exchange 2010 SP1 install when the option to create the public folders is selected during setup. The option is only presented if it's the first server installed in the organization. If a public folder database was not created during setup, you'll need to manually create this folder. The process to create this External folder is simple.

1. Connect to the on-premise Exchange 2010 SP1 Public Folder server (this has to be done from the Public Folder server)

2. Open Windows PowerShell

3. Type " Add-PsSnapin Microsoft.Exchange.Management.Powershell.Setup"

4. Then Type " Install-FreeBusyFolder"

This will create the new Schedule Plus free busy folder called "External (FYDIBOHF25SPDLT)".

3. Modify the LegacyExchangeDN on all mail-enabled objects that reference the remote organization and change the OU value to External (FYDIBOHF25SPDLT). As the Public Folder free/busy query comes in, the Microsoft Exchange RPC Client Access Service on the Mailbox server (utilized for Public Folder connections) will intercept the public folder query and route the request to the Availability service, which will then process the request as outlined in previous scenarios.

4. If the remote organization that you need to look up Free/Busy for contains Exchange 2003 users, you must manually populate the TargetSharingEPR property on the Organization Relationship (reference Issue #4 at the end of this document). This command populates the TargetSharingEPRproperty:

Set-OrganizationRelationship -Identity "Org Relationship name" -TargetSharingEPR https://outlook.contoso.com/ews/exchange.asmx/wssecurity

Note: the actual URL that you use will differ from the example above. You can determine the URL by checking the ExternalURL property for your Web Services virtual directory. You can obtain it by running Get-WebServicesVirtualDirectory -Server 2010cas.contoso.com | fl Name, *url*

Figure 3: Exchange 2003 user requests availability information for user in remote org (Option B)

1. Step 1. Exchange 2003 user requests availability from user in Org B. Since the requesting client mailbox is on an Exchange 2003 server, the client will only perform a free/busy query to Public Folders. This is done by looking up the LegacyExchangeDNattribute on the mail-enabled object for the remote user. From the LegacyExchangeDN, the client determines which Administrative Group the object was created in, and then knows which Free/Busy public folder to look in. Outlook first performs a query to the default Public Folder database for its mailbox store (which will typically be the Exchange 2003 Public Folder store).

For example: LegacyExchangeDN=/o=First Organization/ou= External (FYDIBOHF25SPDLT)/cn=Recipients/cn=Joe User. The first part of the LegacyExchangeDN, /o=First Organization/ou= External (FYDIBOHF25SPDLT)/is used to determine which Free/Busy public folder to look in. The second part of the LegacyExchangeDN, cn=Joe User, is used to look for the existence of a public folder message within that Free/Busy folder.

2. Step 2. Since the mail-enabled user has had the legacyExchangeDN modified, and the only replica of the External free/busy folder is on Exchange 2010, the Exchange 2003 Public Folder database will issue a referral to the client to the Exchange 2010 SP1 Public Folder database, which is where the only replica of that Free/Busy public folder resides.

3. Step 3. Outlook queries the Exchange 2010 SP1 Public Folder for Free/Busy. Microsoft Exchange RPC Client Access Service running on the Mailbox role intercepts the Free/Busy request and routes it to Availability.

4. Step 4 and 5. Exchange 2010 detects it is for a remote org, and detects there is an Organization Relationship. Exchange then validates the Federation Trust.

5. Step 6. Exchange 2010 then sends a request to the Availability service endpoint for Org B.

6. Step 7. The response is generated by the Availability service in Org B and sent back to the Exchange 2010 SP1 CAS server in Org A.

You need NETsec GALsync in this scenario

1. If the companies are not able to use Federated Delegation (i.e. no internet publishing of web services) but need a cross-forest sync of directory information.

2. If you want the partners objects stored in your Active directory (done with GALsync) and you use Federation for free/busy. GALsync will set the required LegacyExchangeDN value automatically.

ENow launches Compass- New Active Directory Management Solution

2011-08-19T10:01:50Z

Los Angeles, CA - August 18, 2011 - ENow, a Microsoft Gold Certified Partner specializing in infrastructure consulting and development of software to simplify Microsoft system management, announced the much anticipated launch of Compass, a new Microsoft Active Directory Management solution.

ENow's Compass is designed to help organizations proactively monitor their Active Directory infrastructure, including replication monitoring and verifying DNS configuration. Compass includes a suite of reports that ensure the critical resources of an organization are adequately protected. The robust reporting capabilities were designed to save time when preparing for an IT audits.

ENow_COMPASS_PR_8_18_2011.pdf

How to check Exchange Rollup version?

2011-04-12T15:10:53Z

Thanks to Henrick Walter for his article "Exchange Schema Versions - Common Questions & Answers". He describes that you can find your Exchange version by looking to the RangeUpper value in Active Directory Schema (configuration partition).

See article

Unfortunately, I did not find out how to check the Rollup version for Exchange servers. To check this you may read Bhargav's IT Playground blog and its article "How do I check Update Rollup version on Exchange 20xx Server?" Download the mentioned PowerShell Script Get-ExchangeUpdateRollups.ps1 and run it! Works fantastically!

http://www.bhargavs.com/index.php/2009/12/14/how-do-i-check-update-rollup-version-on-exchange-20xx-server/

GALsync, Free/Busy, Exchange 2010, Outlook 2010 and Public Folders

2011-03-31T11:03:01Z

A short backgrounder

If you want to synchronize addresses and free/busy information between multiple Active Directory forests (or multiple Exchange Organizations) in a cross-forest scenario without having a Windows domain trust: then GALsync is the solution for you.

Your user or group objects are created at your partner's sites as contacts and they are displayed in the Global Address List (GAL). GALsync can also synchronize free/busy data

]]> Free/Busy information is stored in your partner's sites in a system public folder (that is normal Microsoft technology). So your partner can look up the free/busy information of all contacts which have been synchronized from your site before.

With Outlook 2003 and Exchange 2003, the client asked directly the information store to get free/busy information, which was stored in a system public folder. Microsoft changed its technology. Exchange 2007 and Exchange 2010 provide free/busy information through a web service. The client contacts the web service; the web service accesses the mailboxes for retrieving free/busy information. So the public folder is not used any more for this.

It is more than fair to explain the methods of GALsync and how it provides you with this information.

We have to keep an eye on the different versions of the clients and of the servers. If we speak about Exchange 2010 we address only Exchange 2010 SP1. We do not support Exchange 2010 without Service Pack.

enlarge Support Matrix

Outlook 2003

Outlook 2003 only can retrieve Free/Busy information by accessing the system public folder hosting this information. If you use this version as your messaging client and if you have Exchange 2007 or Exchange 2010 SP1 as server version you only have to install a public folder database.
GALsync will do the rest of work for you.

Because Exchange 2007 and Exchange 2010 SP1 by default require an encrypted communication between MAPI client and server, you have to configure Exchange servers not to require encryption. This is done by a cmdlet on each Exchange 2010 SP1 server.
Set-RpcClientAccess -Server Exchange_server_name -EncryptionRequired $False

You can also retain the default encryption at server side and configure all Outlook 2003 clients to use encryption. This can be automated by Group Policies.

2. Outlook 2007

Outlook 2007 by default tries to get free/busy information by accessing a web service (the so called availability service).

In an Exchange 2003 environment there is no web service present and Outlook 2007 accesses Public Folders without further configuration.

In an Exchange 2007 or Exchange 2010 environment you must force the messaging client to get the free/busy information from public folder. This is done by setting a registry key on the machines with Outlook 2007:

HKCU\Software\Microsoft\Office\12.0\Outlook\Options\Calendar
DWORD registry Key "UseLegacyFB"
value 1

You can distribute this registry key by GPO.

Instead of changing the client's configuration you might prefer a server solution. This solution works in Exchange 2007 and Exchange 2010 SP1 environments (Exchange 2010 without SP is not recommended for this).

The PowerShell cmdlet "Add-AvailabilityAddressSpace" forces the Availability Web Service to access public folders to retrieve free/busy information.

So the Outlook 2007 client connects to the availability server which then accesses the public folder database.

The cmdlet must be run for every domain you have imported objects from. For example, you have the SMTP domain "us.com" and you synchronized with your partner partner.com. After the sync through GALsync there will be contacts from your partner with mail addresses like jb@partner.com in your Active Directory. In your us.com-organization, you have to run this command:

Add-AvailabilityAddressSpace -ForestName partner.com -AccessMethod PublicFolder

After doing so, please restart Internet Information Server by running the iisreset command.

Result: all Outlook 2007 clients can get the free/busy information, which have been replicated by GALsync to your organization.

3. Outlook 2010

Outlook 2010 gets free/busy information by accessing a web service (the so called availability service). . The regkey UseLegacyFB that you could use with Outlook 2007 is ignored by Outlook 2010, so you cannot connect to public folder to retrieve free/busy by this way.

So there is no client side solution we know. But you can use the server side solution with Add-AvailabilityAddressSpace. In this case Outlook 2010 contacts the Availability service which accesses the public folder database.

If you have Exchange 2010 without SP we strongly recommend upgrading to SP1.

Helpful links - reported by GALsync customers

http://support.microsoft.com/kb/947346/en-us

http://technet.microsoft.com/en-us/library/dd421845%28EXCHG.80%29.aspx

We had a great time developing our products and we hope you have an equally great time working with them. If you experience any problems we are more than happy to support you.

MSExchange.org Readers' Choice Awards

2010-12-22T19:20:38Z

December 22, 2010 - Mailscape was selected the 2nd winner in the Exchange Administration Category of the MSExchange.org Readers' Choice Awards. We advise all our customers in taking Mailscape as the preferred monitoring and reporting software!

Download from our website and test it:

http://www.netsec.de/en/products/enowinc-mailscape/

]]>

Mailbox language in Exchange 2010 - not present

2010-12-22T15:58:20Z

Sets the language attribute of Exchange 2010 mailboxes - use this powershell script

usage scenario: During a move mailbox scenario in a mid-large international company users told that they got Non Deleivery Reports (NDRs) in German language. Crazy, because all servers are set up with English OS and English Exchange Software - no German at all!

]]> So we decided to set all mailboxes to have US-EN as default language for NDRs. That resolved our problem!

So I did a short powershell script looking for all Exchange 2010 server mailbox stores (we had 4 maibox servers with 20 databases in a DAG).

After doing that, I was able to set the language of all mailboxes.

Getting all Exchange 2010 servers

Get-mailboxserver | where {$_.admindisplayversion -like "Version 14*"}

Looping through all Exchange 2010 server mailboxes

Get-Mailbox -server $server -resultsize unlimited

Setting new values

SET-mailbox -languages "en-US"

Full code

$servers = Get-mailboxserver | where {$_.admindisplayversion -like "Version 14*"}
foreach($server in $servers)
{

Get-Mailbox -server $server -resultsize unlimited | SET-mailbox -languages "en-US"

}

Modify all extension attributes of Exchange 2010 mailboxes

2010-12-22T15:45:02Z

Empty all extension attributes and replace the value with NULL for all users with Exchange 2010 mailboxes

usage scenario: During a move mailbox scenario in a mid-large international company we had to empty all extension attributes (formerly called custom attributes). Some attributes still had values from a years ago migration.

First I thought to take ADModify.NET. But unfortunatly you can only replace one attribute at a time. So it would be too time-consuming with that utilitiy.

]]> So I did a short powershell script looking for all Exchange 2010 server mailbox stores (we had 4 maibox servers with 20 databases in a DAG.

After doing that, I was able to replace all custome attributes with a NULL value.

Getting all Exchange 2010 servers

Get-mailboxserver | where {$_.admindisplayversion -like "Version 14*"}

Looping through all Exchange 2010 server mailboxes

Get-Mailbox -server $server -resultsize unlimited

Setting new values

SET-mailbox -CustomAttribute1 $null

Full code

$servers = Get-mailboxserver | where {$_.admindisplayversion -like "Version 14*"}

foreach($server in $servers)
{
Get-Mailbox -server $server -resultsize unlimited | SET-mailbox -CustomAttribute1 $null -customAttribute2 $null -CustomAttribute3 $null -CustomAttribute4 $nullCustomAttribute5 -CustomAttribute6 $null -CustomAttribute7 $null -CustomAttribute8 $null -CustomAttribute9 $null -CustomAttribute10 -CustomAttribute11 $null -CustomAttribute12 $null -CustomAttribute13 $null -CustomAttribute14 $null -CustomAttribute15 $null | out-file c:\UserCustomAttributesNEW.txt
}

ADModify - modify user attributes in bulk

2010-12-22T15:02:41Z

Modify attributes of users who are listed in a file - use this powershell script

usage scenario: During a move mailbox scenario in a mid-large international company we had to exclude certain users from moving. So we had to "mark" all users, which were Blackberry mobile users and all VIP-users.

]]> To do this I decided to set a special value in extentionattribute 15. i.e. all Blackberry users got a "BES" and all VIPs a "VIP" as value. The list with all SamAccountNames if the users I got from a colleague - and I wrote the script below to perform my work. After doing that, I was able to make move requests in Exchange Management Console filtering by the attributes value.

Let's explain the script:

Parameters

IsTestMode:     declares if script runs in test-mode or modify-mode
attribute:        attribute which has to be modified
newvalue:         value which is set to the given attribute
outputfilename: log will be written to this file
inputfilename: file which contains the alias names of users
                       who will be checked

RUN

In this example you modify the attribute extensionattribute15 and set the new value BES.

ADModify.ps1 -IsTestMode $true -attribute "extensionattribute15" -newvalue = "BES"

Download the script ADModify.ps1

Code

#############################################################
# ADModify.ps1
# Sets a value to an attribute of users listed in a file
# example: ADModify.ps1 -IsTestMode $true -attribute "extensionattribute15" -newvalue = "BES"
#############################################################
# Scripted by: Hans Willi Kremer, NETsec GmbH & Co. KG, http://www.netsec.de, http://tools4Exchange.com
# Tags: ADModify, modify attribute in bulk, Active Directory attribute modification, bulk modification, support tools, Exchange migration, Exchange move mailbox
###########################################################
Param(
         [string]$IsTestMode = $true,      # declare test-mode or modify-mode
   [string]$attribute = "extensionattribute10",  # attribute which has to be modified
   [string]$newvalue = "BES",       # value which is set to the given attribute
   [string]$outputfilename ="C:\yyy_output.txt",   # log will be written to this file
   [string]$inputfilename ="C:\xxx_input.txt"   # file which contains the alias names of users who will be checked
)
# to check before running script
$IsPresent = ": Correct value already present"    # displayed in log if the value of users attribute is already set
$ErrorWriting = "Error writing: "       # displayed in log if script runs into error state
$IsTestModeString = "IsTestMode: "       # displayed in log if script runs in test mode
$ValueChangedString = ": changed to: "      # displayed in log if value of users attribute is modified
$date = get-date
Write-Output ($date.ToString() + " " + $IsTestModeString + " " + $IsTestMode) | out-file $outputfilename -append
Write-Output ($date.ToString() + " " + "Starting script") | out-file $outputfilename -append

$boxes = Get-Content $inputfilename       # read all users from inputfile
Foreach ($element in $boxes )
{
    $date = get-date
    $mailbox = Get-Mailbox $element -ResultSize unlimited # get user's dn in Active Directory
    $ldap = "LDAP://" + $mailbox.distinguishedname
    $de = New-Object DirectoryServices.DirectoryEntry $ldap # bind to user's object

    if ($de.Properties["$attribute"].Value -eq $newvalue) # if new value is already present
       {
        Write-Output ($date.ToString() + " " + $element + " " + $attribute + " with value " + " " + $newvalue + " " + $IsPresent) | out-file $outputfilename -append
       }
      else             # if new value is not present
      {
        try
        {
           $de.Properties["$attribute"].Value = $newvalue
           if ($IsTestMode -eq $false)
           {
            $de.commitchanges()
           }
        }
        catch
        {
           Write-Output ($date.ToString() + " " + $element + " " + $ErrorWriting) | out-file $outputfilename -append
        }
        finally
        {
           Write-Output ($date.ToString() + " " +   $element + " " +   $attribute + " " + $ValueChangedString + " " + $newvalue) | out-file $outputfilename -append
        }
      } #end if

} # end Foreach element
Write-Output ($date.ToString() + " " + "Finished script") | out-file $outputfilename -append

Managing Mailbox Users on Different Exchange Versions

2010-12-21T17:55:06Z

Do you like to manage your mailbox accounts by having different Active Directory groups for mailboxes on 2003, 2007 and 2010 servers?

We often have the following problem by our customers:

OWA Access should be available via a single URL, regardless if there are different Exchange Versions in the organization. Recently the following scenario seems to happen frequently, when one is in the transition phase between Exchange 2003, and/or 2007 to Exchange 2010. The URL call is routed over an ISA/TMG or a CISCO Netscaler, which then checks the group membership of the user to then forward him to the correct Exchange Server URL
The Organization would like to control various things, depending on which Exchange Server the user has its mailbox on.

To avoid manually adding users to Exchange Groups we developed a small tool which automates this process.

]]> Goals

· If a User has its mailbox on an Exchange 2003, add it to Group XXX.

· If a User has its mailbox on an Exchange 2007, add it to Group YYY.

· If a User has its mailbox on an Exchange 2010, add it to Group ZZZ.

· Automatically Update the User if its mailbox is migrated.

Requirements

So that the User can be removed from the Group both the Source and Target Groups must exist.

Software - SetGroupsXchgVersion.exe

The program automatically run in Test Mode. It will only run normally if in the config file is present.

To Log

SetGroupsXchgVersion.exe >> c:\log.txt

*************************************************

Note: if you want to test this tool, please contact us! We are more
than happy to support you. sales@netsec.de

*************************************************

Example Configuration File