Monday, December 18

Accident deleted Active Directory Object – now what?

Dear all,

Good day. Its almost holiday period. Got a call from one of our customer, situation is like this:

The backup of the system state is over the tumbstone mode, 60 days. No more backup after that. He accidently delete an OU, which consists of three departments users.

Normally, we shall say, please use authoritative restore. Yes, this is the best and safe way if you have a recent backup. What if you dont? Does it mean all your object now gone?

The beauty of AD is, it keeps its deleted objects for 60 days by default, you will be able to change it via registry.

Normally, to "undelete" an object from AD can be tedious. We would like to share a tool from Quest software. We would like to thank Prakash, the Malaysia Champ who share this with us.

You can use this tool for FREE, only valid for 6 months. However, as long as it works and save your day!

http://www.quest.com/object_restore_for_active_directory/

Wednesday, December 6

Accessing other users mailboxes using administrators

Dear Folks,

Good day. Still remember Exchange 5.5 days where you can access other users’ mailboxes using administrator account? Too bad - it doesn’t work in Exchange 2000 or Exchange 2003.

Recently, there are few of the companies required to perform this, randomly check on employee's mailboxes; it’s a company policies.

How to do so? Again, Support Tools - best practices, we always encourage administrators to install windows support tools to every server that you had in the network - you simply won’t know when you need it.

1) Go to ADSI Edit using MMC
2) Locate under configuration partition
3) CN=Services, CN=Microsoft Exchange,
4) Right click the organization name, CN=Orgname
5) Click on Security Tab
6) You will notice administrator has "Deny" permissions on the "Receive As" and "Send As" properties. Once you uncheck those you would be able to access all mailboxes using the Administrator account.

NOTE: We always recommend to use Groups rather than individual account to assign/delegate any permission.

There you go...

Thursday, November 30

Exchange DB Defrag

Why you need to perform defrag on Exchange DB?

Basically, you have reached 16GB DB size for Exchange 5.5 Std Exchange 2000 Std and Exchange 2003 Std pre SP2. Before doing such, something you will need to know:

You will need over double the size of the database to do an offline defrag. This size needs to be in on one drive.

Is there risk? You are working on a database file, so yes there is a risk.

If your DB grow till near 16GB before you perform such action, please visit MSFT website, temporary increase the store to 17gb: http://support.microsoft.com/?id=828070

Although Exchange 2003 standard now support 75GB, upgrading to Enterprise Edition is the primary solution. This is what you need to aim for long term. In addition, Exchange Enterprise will give you more features, like supporting cluster, support multiple storage groups and stores, up to 4 storage groups with 20 databases.

Just an advice for shorter term, limits on the size of the mailbox is probably something that you need to look at. Try to encourage users to get rid of some email, archiving or deleting what isn't required. Some users can just store non office stuff in the email, eg: movies, MP3 ++

How to perform defrag? Short answer is eseutil /d. Please visit http://support.microsoft.com/kb/254132/ before performing such action.

Lastly, we always encourage to offline backup the DB in two locations.

Wednesday, November 22

Exchange 2007 licensing - something you need to know

Just had lunch with Microsoft Malaysia Exchange in-charge person. Knowing some changes about licensing. Think its good for us to share:

1) Exchange 2007 Std, Ent server license
2) Exchange 2007 now got Std and Ent Client Access License as mentioned in the past post
3) Outlook license that comes with Exchange CAL is now no longer valid, which previously valid in Exchange Server 2003

Knowing these will definitely change the strategies on how to think for customer, bringing value added to them.

Tuesday, November 21

Netsh command adding primary and secondary DNS

Currently, we are doing a migration for a company. They prefer to use static IP, which give us a challenge on how to modify the TCP/IP setting with the minimum effort.

Just a share on how we perform this, take a while for us to figure out how to add in secondary DNS using netsh, a cool command that available in Windows 2000, XP and 2003.

command is like this:

netsh interface ip set address local static 10.1.2.10 255.255.255.0 10.1.2.254

netsh interface ip set dns local static 10.1.1.1

netsh interface ip add dns local 10.1.1.2

If you want to change back to DHCP,

netsh interface ip set address local dhcp

Hope this help others, which took us 2 days.

Saturday, November 18

Exchange ActiveSync with Symbian

Exchange ActiveSync provides great email access from the mobile phones. Lots of the users prompt this question, shall we let go our existing mobile phones? Specially Nokia Navigator which invested quite a bit.

There is a company DataViz, which provide access to Exchange 2003 SP2/Exchange 2007 activesync. Bravo, this definately will change the way of what it usually run.

From our point of view, it is good for Microsoft as well as other manufacturer, like Nokia, Palm, Java based phone etc.

Interested? Do let us know or simply visit http://www.dataviz.com

Sunday, November 12

Exchange 2007 version

Hi all,

We just a got news on what Exchange 2007 version will be? Standard or Enterprise? What features are there?

Exchange 2007 similar to Exchange 2003, yes, with Standard and Enterprise. Good news are, standard no longer only support one DB, its now 5 with 5 storage group! No more 16/75 GB limitation, hardware is the answer.

One new thing that we will need to know is, CAL license now got two types: standard CAL and Enterprise CAL. The concept is, anyone that is using Exchange will need a standard CAL, for those who wants more features besides those standard feature (Forefront, Per-user journaling, Unified Messaging), need to purchase Enterprise CAL.

Need to know more information? Please visit

http://www.microsoft.com/exchange/preview/edition_compare.mspx

Nice day!

Monday, October 30

Exchange 2007 database - still ESE?

Hi all, the answer that all of us waiting for, is Exchange 2007 databse to put into SQL? Exchange 2007 will still use ESE, the same database used in previous versions of Exchange. However, as usual, improvements made, however, whatever knowledge that we know about ESE database still counts. This article, just spell out some of the most interesting changes are:

The .STM file is gone!! At last. This make lots of confusion when it comes with Exchange server 2000. Whenever you do any maintenance stuff, you have to treat them as one, sounds not right? it is how it should be. Now, the entire database is in the single .EDB file, same as Exchange 5.5. Sometimes the old ways really are the best! ha... olden days...

Transaction log files are now 1 MB in size rather than 5 MB and the file sequence numbers can now go above 1 million.

Till here, hope have time to share more.

Maximum processor and memory configuration for Exchange

Hi,

Just to share, do you know that Exchange only be able to adopt a maximum of processor and memory? No point you put it to the max.

For Exchange 2003
Gateway or Bridghead can support up to 2 dual-core with 2GB ram
Front End Server can support up to 2 dual-core with 2GB ram
Mailbox Server can support up to 4 dual-core with 4GB ram

For Exchange 2007
Edge Transport/Hub Transport can support up to 2 dual-core with 8GB ram
CAS or UM Server can support up to 2 dual-core with 8GB ram
Mailbox Server can support up to 4 dual-core with 32GB ram

P/S please take note that MSFT do not recommend to host more than 4000 mailboxes in a server, regardless of Exchange 2003 or Exchange 2007

This is the power of 64 bit, peers...

Tuesday, October 17

Lots of people sharing on how to install Exchange 2007 via command Shell. How about uninstall?

Lets see:

Log on to the server on which you want to remove one or more Exchange 2007 server roles.
Open a Command Prompt window and navigate to the directory where you installed the Exchange Server 2007 files.

Navigate to the \bin directory.

ExSetup.exe /mode:uninstall /role:

Where , in a comma-separated list:

  • Mailbox (or MB, or M)
  • UnifiedMessaging (or UM, or U)
  • ManagementTools (or MT, or T)
  • HubTransport (or HT, or H)
  • ClientAccess (or CA, or C)
  • EdgeTransport (or ET, or E)

Upgrading to Exchange 2007 - From Exchange 5.5/2000/2003/Lotus Notes

Dear all, lots of our customers are asking, how to move from Exchange 5.5 to Exchange 2007.

This table explain all:

Exchange 5.5
Inplace Upgrade - Not Supported
Transition- Not Supported
Direct Migrate- Upgrage/Migrate to E2000/E2003 first

Exchange 2000
Inplace Upgrade - Not Supported
Transition- Supported
Direct Migrate- Supported

Exchange 2003
Inplace Upgrade - Not Supported
Transition- Supported
Direct Migrate- Supported

Mixed E2000/E2003
Inplace Upgrade - Not Supported
Transition- Supported
Direct Migrate- Supported

Lotus Notes
Inplace Upgrade - Not Supported
Transition- Not Supported
Direct Migrate- Using thrid party tool

Monday, October 16

Personal Firewall or IPSec

IPSec or Personal Firewall?

Recently, Microsoft Malaysia shares lots of info on IPSec. From vendor point of view, we explain it as below:

IPSec and a personal firewall can be used to permit or prevent communications on the network, when should you use one or the other? While the answer is not always clear, my dear customers, peers and friends, here are some guidelines:

A personal firewall is not equipped to provide secure communications between computers - this is for sure. The purpose of a personal firewall is to block or allow communications between the computer. For example, a personal firewall cannot encrypt communications. When you need to secure communications, IPSec should be your choice.

IPSec was not designed to act as a personal firewall - this also you need to put into your consideration. It can only permit or block communications based on port numbers, or IP address. Nowadays, new firewalls provide stateful filtering and application layer filtering, neither of which can be done by IPSec.

IPSec can be scripted in a Windows Server 2003 or Windows 2000 domain, IPSec policies can be configured in Group Policy and deployed to thousands and thousands of computers. IPSec also can block incoming and outgoing communications, while some firewalls only block incoming communications - thats what by default of Windows Firewall.

Finally, IPSec can be applied to systems during startup to protect communications before all services are initialized. Many personal firewalls do not do this.

DNS - SRV records for Active Directory

SRV records are the important elements for Active Directory to function properly. In this session, just a quick share on What SRV records used for Active Directory:

_msdcs
This is a Microsoft-specific subdomain that stores SRV records for domain controllers with roles in AD. These roles include domain controllers, global catalog servers, and primary domain controller emulators.

_sites
This contains records for domain controllers based on site. Microsoft Clients like Windows 2000/XP/Vista can use this record to locate domain controllers and global catalog servers that are in their site, so that they can avoid using services across the WAN.

_tcp
This contains domain controllers in the AD domain. If windows clients need to find a DC in a specific site, they will look here. The TCP protocol will be used to request the information.

_udp
Kerberos clients can use UDP port 88 to request tickets and port 464 for password changes.

DomainDnsZones
Zone information that should be replicated to all DCs in the domain that have the DNS service installed.

ForestDnsZones
Zone information that should be replicated to all DCs in the forest that have the DNS service installed.

Use nslookup to query for SRV service location records, you should:

NOTE: you will need to have reverse lookup zone setup

Type nslookup and then press Enter.
Type set type=all and then press Enter.
Type ldap.tcp.dc._msdcs.domainname and then press Enter.
Repeat this process for as many SRV records as you want to confirm.

Using LDIFDE

ldifde is an Important tools for system administrations. Recently, one of our customer called up for tools to update 600 objects in Active Directory - My God - am I going to do one by one?

Let us intro and explain a bit on LDIFDE.
--------------------------------------------------------------------------------
LDIFDE stands for Lightweight Directory Access Protocol Interchange Format (LDIF) Directory Exchange, a utility for bulk import/export of data between line-delimited (LDIF) text files and Active Directory. Unlike CSVDE, ldifde can add, delete, or modify multiple user accounts, groups, computers, printers, or other AD objects in a single batch operation - solve the problem.

Examples
You can create one file called C:\newusers.txt, copy the text shown below and save it, which creates three new user accounts:

# Create user account for Poo
dn: CN=Poo,OU=Support,DC=London,DC=com
objectClass: users
AMAccountName: Poo
userPrincipalName: poo@london.com
displayName: Poo Malaysia
AccountControl: 514

# Create user account for Jen
dn: CN=Jen,OU=PM,DC=London,DC=com
objectClass: users
AMAccountName: Jen
userPrincipalName: jen@london.com
displayName: Jen Project Manager
AccountControl: 514

# Create user account for Gavin Lai
dn: CN=Gavin Lai,OU=Management,DC=london,DC=com
objectClass: users
AMAccountName: Glai
PrincipalName: gavinlai@london.com
displayName: Gavin Lai
AccountControl: 512

Use ldifde to import the previous file into AD to create the users:

ldifde -i -f C:\newusers.txt

Wednesday, October 11

Outlook 2007 Autodiscover

As known, Exchange 2007 and Outlook 2007 provide a good feature - Autodiscover. However, default, the Autodiscover is disabled by default, you will need to enable it via Exchange Management Shell. The command to enable shown as below: New-AutodiscoverVirtualDirectory -Server MyServer
Some of reasons might make you want to disable it. The command shell:
Remove-AutodiscoverVirtualDirectory -Server MyServer

have fun!

Hardware - Processor, Memory for Exchange 2007

Lots of our customer is asking on, what hardware we should purchase to fit in Exchange server 2007? Actually, there are many factors to consider when selecting hardware. The most critical factors to consider are choice of processor, amount of memory, and selecting of storage. We will only cover Processor and Memory in this article.

The difference between previous versions of Exchange Server and Exchange 2007 is the move from a 32-bit platform to a 64-bit platform. For production, only the 64-bit version of Exchange 2007 running on the x64-based version of Microsoft Windows Server 2003. The change from a 32-bit platform to a 64-bit platform requires a new approach to choosing server hardware for Exchange 2007, especially with respect to processor and memory.

Selecting the Appropriate Processor
For production environments, you must choose a processor that will work with the x64-based version of Windows Server 2003. The following server processors support the x64-based versions of Windows Server 2003, thereby supporting Exchange 2007:
AMD, Intel Xeon with EM64 technology. You have to also know that the Intel Itanium (IA64) processor will not work with Windows Server 2003 x64-based versions; therefore, it cannot work with Exchange 2007. Exchange 2007 is designed to run only on x64-capable processors such as those listed above, and it will not run on Itanium-based systems.

Dual-core processor is so famous now, this will definately benefit Exchange Server 2007. The performance benefit for Exchange Server from dual-core technology depends upon the specific processor used. The findings from Exchange Server 2003 dual-core testing have been summarized in Microsoft Knowledge Base article 827281, please visit this article!

Memory
Exchange 2007, with 64 bit hardware enables much better memory utilization than previous versions of Exchange Server. For example, because of the virtual address space limitations of a 32-bit platform, Exchange Server 2003 is limited to using 4 GB or less of physical memory. Exchange 2007 can use upwards of 16 GB of memory and beyond.

NOTE: Altlhough this is the hardware suggestion for Exchange 2007, you should have different sizing on the Exchange 2007 role in specific.

Exchange 2007 UM ports

Unified Messaging - the new features in Exchange 2007. Take quite a while for me to find the following information. Just wish to share with those who are looking for it. This article is about TCP/UDP ports used.

NOTE: This info is plug from Microsoft Info:

UM Protocols and Services
Exchange 2007 Unified Messaging features and services rely on both static and dynamic TCP and UDP ports to ensure correct operation of the computer that is running the Unified Messaging server role.

SIP
Session Initiation Protocol (SIP) is a protocol that is used for initiating, modifying, and ending an interactive user session that involves multimedia elements such as video, voice, instant messaging, online games, and virtual reality. It is one of the leading signaling protocols for Voice over IP (VoIP), together with H.323. Most VoIP standards-based solutions use either the H.323 or Session Initiation Protocol (SIP) protocols. The VoIP protocols typically support features such as call waiting, conference calling, and call transfer.

SIP clients such as IP/VoIP gateways and IP-PBXs can use TCP and UDP port 5060 to connect to SIP servers. SIP is only used in setting up and tearing down voice or video calls. All voice and video communications occur over RTP.

RTP
Real-time Transport Protocol (RTP) defines a standard packet format for delivering audio and video over a given network, such as the Internet. RTP only carries voice/video data over the network. Call setup and tear-down are generally performed by the SIP protocol.

RTP does not require a standard or static TCP or UDP port to communicate with. RTP communications occur on an even UDP port, and the next higher odd port is used for TCP communications. Although there are no standard port range assignments, RTP is generally configured to use ports 16384-32767. It is difficult for RTP to traverse firewalls because it uses a dynamic port range.

T.38
T.38 is a faxing standard and protocol that enables faxing over an IP-based network. The IP-based network then uses SMTP and MIME to send the message to a recipient's mailbox. T.38 allows for IP fax transmissions for IP-enabled fax devices and fax gateways. The devices can include IP network-based hosts such as client computers and printers. In Exchange 2007 Unified Messaging, the fax images are separate documents encoded as TIFF images and attached to an e-mail message. Both the e-mail message and the TIFF attachment are sent to the recipient's Exchange 2007 UM-enabled mailbox.

UM Web Services
The UM Web Services installed on a computer that is running Exchange 2007 that has the Client Access server role installed use IP for network communication between a client, the UM server, the Client Access server, and computers that are running other Exchange 2007 server roles. There are several Exchange 2007 Outlook Web Access and Microsoft Office Outlook 2007 client features that rely on the UM Web service to operate correctly.

The Unified Messaging client features that rely on the UM Web Service are as follows:

The voice mail options that are available with Exchange 2007 Outlook Web Access, including the Play on Phone feature and the ability to reset a PIN.

The Play on Phone feature found in the Outlook 2007 client.

Note:
When an organization uses the Play on Phone and other client features in Exchange 2007 Unified Messaging, a computer that is running the Client Access, Hub Transport, and Mailbox server roles within the same Active Directory site is required in addition to the computer or computers that have the Unified Messaging server role installed.

Port Assignments
Table 1 shows the IP ports that Unified Messaging uses for each protocol and whether the IP ports that are used for each protocol can be changed.

SIP - UM Service
5060

Ports are hard-coded and cannot be set by using the XML configuration file.

SIP - Worker Process
5061 and 5062

Ports are set by using the XML configuration file.

RTP

Port range above 1024
The range of ports can be changed in the registry.

T.38

Dynamic port above 1024
Ports are defined by the system.

UM Web service
Dynamic port above 1024

Friday, October 6

Features no longer supported by Exchange 2007

Recently, had a long chat with few customers that using Exchange 2003, planning to move to Exchange 2007. Think about few features that no longer supported.

Exchange Server 2007 no longer supports the following features:
  • OWA access to Public Folders. Windows SharePoint Services is the next answer. However, If OWA access to public folder content is important, retain a replica of all folders on an Exchange Server 2003 server and configure access to the public folders on that server.
  • IMAP and NNTP access to Public Folders. Exchange Server 2007 no longer supports Network News Transfer Protocol (NNTP) because Exchange Server customers very rarely used it. Public folder access through IMAP generally wasused for access to newsgroups. Because NNTP is no longer supported, IMAPaccess also is not required. To provide access to public folders, use Outlook :)
  • Outlook Mobile Access (OMA). Because of the high latency of cellular networksand the limitations of browsers, the user experience when accessing ExchangeServer mailboxes through OMA was not satisfactory. Exchange Server 2007 offers enhancements to EAS that provide a much better experience for mobile deviceusers.
  • Coexistence with Exchange 5.5 Server!! This is important thing should know. Bad news to those still stick with 5.5 now. Exchange Server 2007 does not supportcoexistence with Exchange 5.5 Server because the capabilities of Exchange Server2007 depend on Active Directory. Organizations that are still using Exchange 5.5 Server must migrate to Exchange Server 2003 before upgrading to ExchangeServer 2007. Exchange 5.5 Server can exist in a separate organization with nodirect interoperability with Exchange Server 2007.
  • GroupWise and Lotus Notes connector and migration tools.
  • Administrative groups. In Exchange Server2007, you can configure permissions at the server level as well as at the organization-wide (forest) level. To maintain backward compatibility with Exchange Server 2003, all Exchange Server 2007 servers are installed in a single administrative group defined in Active Directory.
  • Routing groups. The Exchange Server 2007 routing topology is based on ActiveDirectory sites and site connectors, not routing groups. To maintain backward compatibility with Exchange Server 2003, all Exchange Server 2007 servers are installed in a single routing group defined in Active Directory.
  • Active/active clustering. When migrating toExchange Server 2007, consider implementing to active/passive clustering orimplementing CCR.
  • Interoperability with X.400 messaging systems.

Good news and Bad news... start to plan now!

Edge Transport Server is for Exchange 2007 only?

Few customer discussed and feedback to us, they are now in Exchange 2000, 2003, how can they benefit from Exchange 2007 - with minimum of investment?

The quickest thing popup in our mind is - The Edge Transport Server Role in Exchange 2007!

The Edge Transport server role is designed to be the Simple Mail Transport Protocol(SMTP) gateway server between LAN email and the Internet. To ensure security,the computer that runs the Edge Transport server role should be deployed in a perimeter network (DMZ) and should not be a member of the Active Directory forest.

How it can help? Lets go into what an EdgeTransport server provides:
  • Connection, recipient, sender, and content filters
  • Sender identity and sender reputation analysis
  • Attachment filters
  • Antivirus control (by using third-party software)- we will highly recommend Antigen.
  • Because the Edge Transport server is not part of an Active Directory domain, it usesActive Directory Application Mode (ADAM) to access recipient information.
  • On the Edge Transport server, you create connectors to define message-flow paths intoand out of your organization. You can define multiple Edge Transport servers to provideload balancing and high availability

Summary, although you are using Exchange 2000 or 2003, you still can benefit using Exchange 2007 - if you are not planning to full move to Exchange 2007, which we recommended.

For Exchange 2007 administrators, PLEASE TAKE NOTE that you are not be able to install other server role into Edge Transport Server Role.

Saturday, September 30

Something to share about Client Access Server

Hi,

Good day. After a discussion with one of the PSS people in India, we found out something is good to know about Exchange 2007 CAS server -

Do you know that

1) Client Access Server is not recommed to deploy in DMZ (E2007 beta 2)?
2) Exchange 2003 Front End cant be used to connec to Exchange 2007 database?
3) Exchange 2007 CAS server can connect to Exchange 2007 mailbox server as well as Exchange 2003 mailbox server...
4) When accessing Exchange 2003 mailbox from CAS server, the URL will remain as https://E2007CAS/exchange, which accessing Exchange 2007, will use URL https://E2007CAS/OWA
5) You cant access normal E2003 URL to E2007 mailbox resource, example, no longer be able to access https://E2003/exchange/user/calendar if you have the rights. In E2007 mailbox, you have to access https://E2007/owa/e2007@e2007.com/?cmd=contents&f=calendar

This will give a good help to developers.

Happy reading!

Sunday, September 17

Enable LCR - Local Continuous Replication in Exchange 2007

Good news for those using Exchange 2007. without implement third party application, you can now replicate your database to different drive (LCR) or server (CCR).

In this session, we would like to share how to enable LCR, in Exchange 2007 Beta 2.

1. Launch Exchange Management Console.

2. In the Exchange Management Console, in the Navigation Pane, expand Microsoft Exchange, expand Server Configuration, and then select Mailbox.

3. In the Settings Pane, right-click , and then click Enable Local Continuous Backup.

4. In the Enable Storage Group Local Continuous Backup Wizard, on the Introduction page, click Next.

5. On the Set Paths page, in the Local continuous backup log files locations dialog box, click Browse, and then select - the other drive for LCR.

6. On the Set Paths page, in the Local continuous backup system files locations dialog box, click Browse, and then select - the other drive for LCR.

7. Click Next to continue.

8. On the Mailbox Database 1 page, in the Local continuous backup Exchange database file path box, click Browse, and then select - the other drive for LCR.

Note: Make sure that there is no path in front of Mailbox Database 1.edb in the File Name box. If there is re-navigate to - the other drive for LCR

9. Click Save

10. Click Next to continue.

11. Review the information on the Enable page and verify that the correct paths have been configured.

12. Click Enable to enable Local Continuous Replication for the storage group. After the storage group and databases have been enabled for LCR, click Finish to close the wizard.

To check on whether it is working:

1. Switch to Windows Explorer and navigate to the other drive for LCR.

2. Examine the contents of the LCR folder and compare the contents with the contents of the path of the original storage group location.

3. Make a note of the highest log file number; for example, E0100000006.LOG.

Thats easy. We will share on how to enable CCR and how to perform test on LCR and CCR.

Thursday, September 14

RPC/HTTPS & OUTLOOK ANYWHERE

Dear all,

Good day. We are back to Blogs again. This time, we would like to share out on Outlook Anywhere, the new name for RPC/HTTPS in Exchange 2007. The concept is still the same, but now, you need to know more theory on what role to deploy and configure.

To summary on how to configure this cool feature, means you do not need a VPN to access your Exchange server using Outlook 2003/Outlook 2007.

The first thing you might want to think about is the certificate. It is recommended that you purchase the certificate rather than setup up one in your organization although it is FREE.

However, we will share on how to configure the certificate.

1) Setup a certificate authority in your organization; we will try to publish on how to do this in coming blogs.

2) Configure your IIS6 (Windows 2003) to use the Web Server certificate.

3) Export the certificate out to a .pfx file extension. You can then copy the certificate to a tumb drive/diskette drive for install this certificate to client side (You can use AD Group Policy to deploy to Windows 2000 workstations and above)

4) Install the certificate to the client workstation

NOTE: Please ensure the installation is successful. To check, simply launch Internet browser to the website that is hosting the RPC Proxy, most of the time, OWA; eg: https://companyname.com/exchange. You should not get any prompt for the untrust certificate. If you can any prompt, please check on the certificate installation.

On Outlook side,

1) For first time launching outlook users, email accounts window prompt. Select “Add a new e-mail account” selection.

2) Click Next.

3) Select Microsoft Exchange Server, click Next.
On the Exchange Server Settings, under Microsoft Exchange Server key-in mailboxexchangeserver.com, key in on the User Name. Click Next.

4) A warning is prompted that the Microsoft Exchange server is unavailable. Click OK to continue.

5) When the window prompt, click on Connection tab. Check “Connect to my Exchange Mailbox using HTTP”. Click Exchange Proxy Settings…

6) On Exchange Proxy Settings, under Proxy authentication settings, select “Basic Authentication”, under Connection settings, key in https://yourpublishproxyserver.com, select Mutually authenticate the session when connecting with SSL, on the Principal name for proxy server: msstd: yourpublishproxyserver.com. Select only “on slow network, connect using HTTP first, then connect using TCP/IP”. Click OK.

7) Launch Outlook 2003, please be patient to wait for the Outlook 2003 to connect to Exchange 2003. Key-in username and password when prompted

NOTE: You can check by clicking Start-> Run-> outlook /rpcdiag to test out whether the outlook is running fine using HTTPS

Till then, this is the good feature to test out.

Wednesday, September 6

Saving Disk Space using VPC - differencing virtual disk

Dear all, during this sharing session, we would like to share on how to make your Virtual Machine file small. This is important for most of our customers, especially keeping all those big VM files for the testlab...

To do this, what you can do is, create a base Operating System, eg: Setup a Windows 2003 Ent with all the Service Packs installed.

There is something call differencing virtual disk in VPC where you can build your machine via a base OS, ya, it is COOL.

Below are the steps we would like to share:
1) Create one OS based, which OS installed and patched.
2) Create a second VM where act as the second VM. once you reach creating disk side, in the Virtual Disk Wizard dialog box, click Next.
3) In the Disk Options dialog box, click Create a new virtual disk, and then click Next.
4) In the Virtual Disk Type dialog box, click A virtual hard disk, and then click Next. By default, the wizard creates the virtual hard disk in the My Documents folder. If you want to store the virtual hard disk in a different location, type the full path of this location when you specify the virtual hard disk name.
5) In the Virtual Hard Disk Location dialog box, type a name for the virtual hard disk, and then click Next.
6) In the Virtual Hard Disk Type dialog box, click Differencing, and then click Next. In the Differencing Virtual Hard Disk dialog box, type the name of the parent disk or click Browse to find it, this is the location where you put in your based OS .VHD file.
7) click Next, and then click Finish.

At the end of the day, the VPC will only save the changes to the differencing disk, not the based OS. You can then use this method with only one based OS.

Saving space? Of course!

Friday, August 25

Exchange 2007 Server Roles

To learn and know-more about Exchange 2007, knowing the role is important. This section, we would like to share the role available:

Edge Transport Role
The Edge Transport server role is deployed in DMZ as a stand-alone server. Short word, SMTP server which we used to use. It is not required to be a domain member, the Edge Transport server handles all Internet-facing mail flow, like we mentioned ealier, SMTP and smart host services for the Exchange organization, no more IIS or thrid party apps for smart host. Edge Transport Role, with Forefront, provide protection against viruses and spam, apply transport rules to control message flow, and provide connection security. Mentioned in previous section, you can have rules here.

Hub Transport Role
Deployed inside the Active Directory forest, or in the LAN normally, the Hub Transport server role handles all mail flow inside the organization, applies transport rules, applies journaling policies, and delivers messages to a recipient's mailbox. Likewise, mails that flow to Internet will pass to the Edge Transport Server. If think that you are not going to deploy Edge Transport server, then configure the Hub Transport server to relay Internet messages directly.

Client Access Role
The Client Access server role accepts connections to exchange server from a variety of different clients. This include outlook, other mail client as well as mobile devices.

Mailbox Role
The Mailbox server role hosts mailbox databases, which contain users' mailboxes and public folders (If you choose that you still have pre Outlook 2007 client during installation, only public folder database created). It allows mailbox access through MAPI and handles core messaging functions. Besides, Mailbox server role improves the information worker experience by providing richer calendaring functionality, resource management, and offline address book downloads.

Unified Messaging Role
The Unified Messaging server role enables users to access their voice mail, e-mail, fax messages, and calendar information that is located in their Exchange Inbox. Unified Messaging combines voice messaging, fax, and e-mail into one Inbox, which can be accessed from the telephone and the computer. Unified Messaging integrates Exchange Server 2007 with the telephony network. We yet to find which telephony network or PABX that support UM.

Till then,

Happy reading.

Sunday, August 20

Vista - a briefing from Jeff













Thanks for Jeff (From Microsoft Malaysia) who is kind enough to share with us his research and experience with Windows Vista. Its really an enjoyed session. We MCT Malaysia, got the first hand knowledge of Vista, in Beta 2. FYI, RC1 is coming out soon.

Monday, August 14

Shall I wait for Exchange 2007 or go to Exchange 2003?

Shall I wait for Exchange 2007 or implement Exchange 2003 currently?

Some of our existing customer which is implementing Exchange 2003, ask us, shall we wait?

Let us share with you – please find out the different between Exchange 2003 and Exchange 2007, listed in the table below:

Since this blog dont allow me to draw a table, list it in the picture below:

What Exchange 5.5/2000/2003 administrators need to know to move to next version

What we would like everyone that is either in Exchange 5.5/Exchange 2000 or Exchange 2003, what you need to know to move forward to Exchange 2007. START PLANNING...

Take note on soon discontinued features

Public Folders
Microsoft mentioned that SPS (Microsoft SharePoint Services) can perform better. As for system folders, which an important element in previous Exchange is now remove from Exchange 2007. Good news!

CDOEx, WebDav, ExOLEDB
These APIs, yes, is discouraged to use. The reasons due to these services need to run in the Exchange server itself. Exchange 2007 provides more rich web-based APIs which support in hosting in different server.

As for those discontinued features

Administrative Groups
Exchange 2000 introduced this to comply with Exchange 5.5. Since Exchange 2007 does not allow Exchange 5.5 servers in the same Organization, it is now relies on Active Directory administrative Topology!

Routing Groups
Lots of people has the headache to plan on this as it is different compared with AD Site and Services. Good new is, Exchange 2007 now uses AD site as a boundary for routing messages.

Co-existence with Exchange 5.5
As predicted, Microsoft Exchange 2007 doest not allow Exchange 5.5 in its Organization. In addition, there is no direct upgrade path from Exchange 5.5 to Exchange 2007. You will need to upgrade to Exchange 2003 first.

OWA to Public Folders
With the Anywhere Access for document (with SPS) and Universal Naming Convension (UNC) shared folder, PF in OWA is now out the picture.

OMA
EAS (Exchange Active Sync) replace OMA, introduced in Exchange 2003. This solved many issues on technical with OMA.

Exchange 2007 - Cool features




Exchange 2007 at last comes out to the market.

We are please that UEMB being selected as the TAP. We would like to share out some features available in E2007.

E2007 supports new data protection mechanisms – LCR & CCR. Local Continuous Replication, the Exchange server maintain a duplicate of storage group on another volume in the server. In Clustered Continuous Replication, another physical server maintains a copy of the storage group.

As for security, E2007 provides improved message security and regulatory compliance – allow establish sender, recipient, connection based anti spam! Besides, it can detect the Sender reputation to avoid any attack on the server. Storage rules now can be defined that allow message retention. Lastly, still remember SmartScreen technology in Exchange 2003 SP2? In E2007, it will then automatically update.

Administration part, the Exchange Management Console replaces Exchange System Manager. Exchange Management Shell provides a powerful, scriptable administrative environment. With Outlook 2007, Exchange 2007 support client AutoDiscover.

With the hottest topic, Unified Messaging Services, now you can have one inbox for e-mail, faxes, and voice mail!

In our next post, we will mentioned more about Hardware and Infrastructure requirements.

Thursday, August 10

My server do not seems to start in Windows Server 2000/2003 - MSCONFIG

Hi all,

Good day. Sorry for not posting for days. This post, would like to share about if you have Windows 2000/2003 servers not be able to start normally - what should we do?

Still remember MSCONFIG in windows 98? Simply just copy it to your tumb drive, boot up Windows 2000/2003 in the safe mode, launch MSCONFIG.exe

You can then control what service/application to start during boot up. In this case, just select the minimum programs/applications to start.

Me myslef find out this is a good/fast way to perform such a scenario. Hope this help.

Wednesday, July 26

MCTian Meetup




Malaysia MCT meetup

Once, MCT meet up again. We met up in Mid Valley, KL.

Result: We are going to do a Vista Preview briefing to MCT KL.

See you there in KLCC, Microsoft in August!

Some photos taken

Monday, July 24

Account Problems


Exchange 5.5 to Exchange 2003 migration is being a hot cake in this part of the world. Lots of the migration used OWA 2003 as the replacement of other email clients. However, password expires, account lockout problems give Administrators lots of issues - increase helpdesk calls+++

In this session, we would like to share on how identify/findout when particular account password expired+++

To reach the objective, Acctinfo.dll need to register to DC.

Acctinfo.dll adds a new property page to the user object Properties dialog box in Active Directory Users and Computers. This will then show the date when a user's password was last set, the date when a user's password will expire, and the dates and times when a user last logged on and logged off. Most of the info needed/important unfortunately is not store in AD - BUT- We can calculate based on the user password set. Normally, we need to run lots of script, which give overhaed to Administrators. Acctinfo.dll performs these calculations for you!

System Requirements
Windows Server 2003 or Windows 2000 Server operating system - You must be an Administrator to install Acctinfo.dll.

How to install
  • First of all, install donwload Windows 2003 resource kit from Microsoft Website. Install the downloaded Resource Kit.
  • Then install Windows Support Tools (From Windows 2003 CD)
  • Copy the file Acctinfo.dll (Depending where you install) to the %windir%\system32 folder. In Windows Server 2003, this is typically C:\Windows\System32. In Windows 2000, this is typically C:\Winnt\System32.
  • Open a command window, and type the following (this example assumes that your %windir%\system32 folder is C:\Windows\System32):
  • regsvr32 c:\windows\system32\acctinfo.dll

Security Event Logs - Logon Event IDs

Lots of people asking us, after setting security events, how to monitor it? Most of them only showing event IDs. Believe that Microsoft has the lists on it showing in Technet website, however, for most of our customers/readers convenient, let us share some important events:

  • 528- This is the successful logon
  • 529-537 - Failed logon. Where (529 - Bad username and password, 530 - time restrictions, 531 - account disabled, 532 - Expired accounts, 533 - cannot logon to specific computer account, 534 - Disallowed logon type, 535 - Expired password, 536 - Server is not available, 537 - Other reasons)
  • 548 - Might be your your trust broken (SID does not match)
  • 550 - Your network might be under DOS attack
  • 551 - Logoff events
  • 552 - UserB force logon to another computer while UserA is logged on
  • 682 - User has reconnect to a disconnected terminal session
  • 683 - User disconnect from terminal session without logoff

With this small piece of information, hope this will help most of the people managing/maintaining your AD!

Monday, July 17

Windows Vista

Hi all,

Good day. After knowing Windows Vista, just wondering how many of them will buy new hardware for Vista? or you will use back the existing one?

To know more about Vista Hardware requirements? Please go to http://www.microsoft.com/technet/windowsvista/evaluate/hardware/vistarpc.mspx

You can reply via this post - just a quick survey.

Saturday, July 15

Exchange 2007 - a quick glance

Our Technology Adoption Program customers, existing and potential customers always ask us, what Microsoft is to give in new Exchange Server 2007?

Lets have a quick tour on partial E2007 features.

Discuss about E2007 installation, you need .NET Framework 2.0, MMC3.0. For choosing server role, you will need to select either 1) Bridgehead Server Role, 2) Mailbox Server Role, 3) Client Access Server Role - We will post more article on discussion what is all these abouts. Please come back to this blogs more often...:)

Still remember ForestPrep and DomainPrep in Exchange 2000 and Exchange 2007, no longer have this in Exchange Server 2007. It will be done automatically.

Installation of Exchane 2007 now is just like Vista - for those who tried. The installation program will then:

Copy Exchange Files - take about 3 minutes
Preparing Organization - take about 25 minutes
Installing Bridgehead Server Role -about 2 minutes
Installing Mailbox Server Role - about 4 minutes
Installing Client Access Server - about 2 minutes

In the Beta 1 version of Exchange Server 2007,ya, Beta 1 - the reason is, we are using this version to test out. The Exchange Management Console is referred to as both the Exchange Management Console and Exchange System Manager. Its a bit different in Exchange 2003, which only has Exchange System Manager.

Administering Exchange become easier with Exchange Management Shell and Administrative Scripts. Most of the administrative task can be done with just few lines of script.

Enforcing Compliance by Creating an EthicalFirewall - yes, you can have rules configured in this version of Exchange. Example, you can filter subjects that can be send via the Exchange Server, eg: Subject that has "Company Secret" be blocked. In addition, you can create Email Life-Cycle Policies.

DR will always be the headache for most of administrators, with the latest feature - Using Exchange Server 2007 LocalContinuous Replication, you can bring up your Exchange 2007 database in minutes! Yes, it is. We will prepare some print screen and lab in the future.

As mentioned, this is the first glanced, we will publish more articles in this blog regarding this.

Thursday, July 13

How to enable Active Directory diagnostic logging

Active Directory is the fundamental of Exchange Server 2000 to Exchange Server 2003. Most of the time, lots of Exchange problems is due to Active Directory. Recently, one of our customer, Exchange is down due to AD- which take about 3 days to solve!

First, event viewer is the best place to start troubleshooting - this method started far from Windows NT4. Good thing about Active Directory, the diagnostic level can be adjustable!

Before go into increasing diagnostic logging, you have to ensure that your DC is ready to increase some overhead filling up logs in faster rate.

Can you perform in GUI, not we know for now - maybe there is. Find it in Internet.

What we are going to share is how to enable using registry key - PLEASE MAKE SURE YOU PERFORM BACKUP on your system state before continue from here.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics

In this key, you will be able to see quite a number of registry key for AD. Example: Backup, KCC++

The default value for the key is 0 - which is minimum. you can increase the number for the key from 0-5 where

1 - Minimal
2 - Basic
3 - Extensive
4 - Verbose
5 - Internal

Normally, we will advice you to increase to 3 for the particular service you would like to troubleshoot. Slowly to 5. 5 menas log EVERYTHING! Then you will be able to gain the record in Directory Service log.

Once you get a clue on how to solve a problem, REMEMBER to turn it back to 0.

Shall I buy third party backup solution for Windows & Exchange?

Lots of our customers and students ask - Is windows backup good enough?

The built in backup program, frank, it is not a feature-rich utility. However, if the provided function is enough for you, the question is, why not? This is saving quite a lot of money$$.

Some brief limitation that I can spell out here:

  1. Not be able to backup system state and other files remotely - only localy. What IT ppl want is to have a centralise or backup to a single backup set.
  2. Not suitable for an enterprise-level backup library (Example robotics)- it does not allows you to manage your backup with large databases of information that other third party backup that sypport, such as Veritas, CA, HP, Htachi+++...

SMEs, small companies which has only less than 5 servers to manage - windows backup definately sufficient.

Tuesday, July 11

Creating custom naming for Exchange attributes

Some of our customers asking us on how to modify/add-in custom naming for Exchange attributes, eg: Socso number, Employee IDs or even IC number. Will be great if we publish in this blog, benefit to the communities.

(This is to apply to Windows 2003 SP1 with Exchange 2003)

To do so, you need to
  • be Schema Administrator to modify the attributes
  • Support tools to be installed in the server to gain ADSI edit
  • Test , test & test before performing this task in a testlab environment.
Steps sound like this:

  1. Connect to schema container with ADSI edit
  2. Find CN=ms-Exch-Extension-Attribute-(1 to 15) - depending on which attribute you would like to change
  3. Select in the window, LDAPDisplayName
  4. Enter a new dispaly name into it

It is that simple. Try it out!

SLA - a simplify version

Information Technology nowadays becomes more and more important to an organization. As an example, Email system which is categorize as non-important servers now become critical servers – which will need a 99% uptime. Furthermore, ICT departments are increasingly called upon to deliver consistent service levels, measure performance, and document the value of IT to the business by showing that written service level agreements (SLAs) are being met - anyway, this is what management wants, isn’t it? However, while necessary, day-to-day monitoring and reporting on SLA compliance can deplete the resources of staffs and budgets that are already stretched. With an approach that covers the fundamentals well, your organization can spend less time and money on the methodology and tools - example - Microsoft Operation Manager.

With products expert as well as developer providing management pack, ICT consultants and engineers will have a clear and right direction to attempt problems, in other word, meet SLA. With the latest technology, MOM 2007 is now proudly present in the market, reliably scales across your organization and environment, and includes the Microsoft application and operating system knowledge you need to rapidly resolve your operational problems. Want to know more about MOM? http://www.microsoft.com/MOM

What's new in the release?

  • Proactively manage business critical IT services, including distributed applications, the supporting infrastructure and hardware, and end-user service delivery.
  • Reduce the complexities of managing your IT environment by providing a monitoring solution that is designed with ease of use in mind.
  • Provide a highly reliable infrastructure by leveraging Windows Server and SQL 2005 clustering for high availability and through agents that automatically failover to a secondary management server if connectivity to the primary server is lost.
  • Include management packs with prescriptive knowledge developed by the application and OS development teams at Microsoft and verified in production deployments to improve monitoring, troubleshooting, and problem resolution for more than 50 Microsoft applications and Windows Server components.

Monday, July 10

Ports used by Exchange

Protocol: LDAPPort (TCP/UDP): 389 (TCP)Description: Lightweight Directory Access Protocol (LDAP), used by Active Directory, Active Directory Connector, and the Microsoft Exchange Server 5.5 directory.

Protocol: LDAP/SSLPort (TCP/UDP): 636 (TCP)Description: LDAP over Secure Sockets Layer (SSL). When SSL is enabled, LDAP data that is transmitted and received is encrypted. To enable SSL, you must install a Computer certificate on the domain controller or Exchange Server 5.5 computer.

Protocol: LDAPPort (TCP/UDP): 379 (TCP)Description: The Site Replication Service (SRS) uses TCP port 379.

Protocol: LDAPPort (TCP/UDP): 390 (TCP)Description: While not a standard LDAP port, TCP port 390 is the recommended alternate port to configure the Exchange Server 5.5 LDAP protocol when Exchange Server 5.5 is running on a Microsoft Windows 2000 Active Directory domain controller.

Protocol: LDAPPort (TCP/UDP): 3268 (TCP)Description: Global catalog. The Windows 2000/2003 Active Directory global catalog listens on TCP port 3268. When you are troubleshooting issues that may be related to a global catalog, connect to port 3268 in LDP.

Protocol: LDAP/SSLPort (TCP/UDP): 3269 (TCP)Description: Global catalog over SSL. Applications that connect to TCP port 3269 of a global catalog server can transmit and receive SSL encrypted data. To configure a global catalog to support SSL, you must install a Computer certificate on the global catalog.

Protocol: IMAP4Port (TCP/UDP): 143 (TCP)Description: Internet Message Access Protocol version 4, may be used by "standards-based" clients such as Microsoft Outlook Express or Netscape Communicator to access the e-mail server. IMAP4 runs on top of the Microsoft Internet Information Service (IIS) Admin Service (Inetinfo.exe), and enables client access to the Exchange 2000/2003 information store.

Protocol: IMAP4/SSLPort (TCP/UDP): 993 (TCP)Description: IMAP4 over SSL uses TCP port 993. Before an Exchange 2000 server supports IMAP4 (or any other protocol) over SSL, you must install a Computer certificate on the Exchange 2000/2003 server.

Protocol: POP3Port (TCP/UDP): 110 (TCP)Description: Post Office Protocol version 3, enables "standards-based" clients such as Outlook Express or Netscape Communicator to access the e-mail server. As with IMAP4, POP3 runs on top of the IIS Admin Service, and enables client access to the Exchange 2000/2003 information store.

Protocol: POP3/SSLPort (TCP/UDP): 995 (TCP)Description: POP3 over SSL. To enable POP3 over SSL, you must install a Computer certificate on the Exchange 2000/2003 server.

Protocol: NNTPPort (TCP/UDP): 119 (TCP)Description: Network News Transport Protocol, sometimes called Usenet protocol, enables "standards-based" client access to public folders in the information store. As with IMAP4 and POP3, NNTP is dependent on the IIS Admin Service.

Protocol: NNTP/SSLPort (TCP/UDP): 563 (TCP)Description: NNTP over SSL. To enable NNTP over SSL, you must install a Computer certificate on the Exchange 2000/2003 Server.

Protocol: HTTPPort (TCP/UDP): 80 (TCP)Description: the protocol used primarily by Microsoft Outlook Web Access (OWA), but also enables some administrative actions in Exchange System Manager. HTTP is implemented through the World Wide Web Publishing Service (W3Svc), and runs on top of the IIS Admin Service.

Protocol: HTTP/SSLPort (TCP/UDP): 443 (TCP)Description: HTTP over SSL. To enable HTTP over SSL, you must install a Computer certificate on the Exchange 2000/2003 server.

Protocol: SMTPPort (TCP/UDP): 25 (TCP)Description: Simple Mail Transfer Protocol, is the foundation for all e-mail transport in Exchange 2000/2003. The SMTP Service (SMTPSvc) runs on top of the IIS Admin Service. Unlike IMAP4, POP3, NNTP, and HTTP, SMTP in Exchange 2000/2003 does not use a separate port for secure communication (SSL), but rather, employs an "in-band security sub-system" called Transport Layer Security (TLS).

Protocol: SMTP/LSAPort (TCP/UDP): 691 (TCP)Description: The Microsoft Exchange Routing Engine (also known as RESvc) listens for routing link state information on TCP port 691. Exchange 2000/2003 uses routing link state information to route messages and the routing table is regularly updated. The Link State Algorithm (LSA) propagates outing status information between Exchange 2000/2003 servers. This algorithm is based on the Open Shortest Path First (OSPF) protocol from networking technology, and transfers link state information between routing groups by using the X-LSA-2 command verb over SMTP and by using a Transmission Control Protocol (TCP) connection to port 691 in a routing group.

Protocol: X.400Port (TCP/UDP): 102 (TCP)Description: ITU-T Recommendation X.400 is really a series of recommendations for what an electronic message handling system (MHS) should look like. TCP port 102 is defined in IETF RFC-1006, which describes OSI communications over a TCP/IP network. In brief, TCP port 102 is the port that the Exchange message transfer agent (MTA) uses to communicate with other X.400-capable MTAs.

Protocol: MS-RPCPort (TCP/UDP): 135 (TCP)Description: Microsoft Remote Procedure Call is a Microsoft implementation of remote procedure calls (RPCs). TCP port 135 is actually only the RPC Locator Service, which is like the registrar for all RPC-enabled services that run on a particular server. In Exchange 2000/2003, the Routing Group Connector uses RPC instead of SMTP when the target bridgehead server is running Exchange 5.5. Also, some administrative operations require RPC. To configure a firewall to enable RPC traffic, many more ports than just 135 must be enabled. Please take note... however, you can static the port by changing the registry. Let me share with you all in future articles...

Protocol: DNSPort (TCP/UDP): 53 (TCP)Description: Domain Name System (DNS) is at the heart of all of the services and functions of Windows 2000/2003 Active Directory and Exchange 2000/2003 Server. You cannot underestimate the impact that a DNS issue can have on the system. Therefore, when service issues arise, it is always good to verify proper name resolution.

This definately clear all of your mind when you want to put in Front End in DMZ...

Last not least, we will always recommend to put in ISA rather than opening ports. This is also the recommended way from MSFT.

What do you need to know before choosing InterOrg Migration

Something to flash your mind before we go for the Migration Phase. (InterOrg…)

What Exchange migration does

The Migration Wizard performs the following tasks:
Migrate all mailbox information to the new Exchange mailboxes, including the following data:

  • Inbox
  • Drafts
  • Sent Items
  • Calendar
  • Tasks
  • Custom folders that were created by the mailbox owner
  • Contacts
  • Create new user accounts in Active Directory (if they do not already exist) based on the Exchange 5.5 accounts in the source organization - you can choose during the step.
  • Migrate X.400, Simple Mail Transfer Protocol (SMTP), cc:Mail, Microsoft Mail, and other e-mail addresses into the e-mail addresses attribute of the new user account in Active Directory.
  • Convert Active Directory contacts to mail-enabled user accounts in Active Directory (if these contacts have been created with the Active Directory Connector) when you migrate from Exchange 5.5. If a contact has been manually created in the target Active Directory and a mailbox that has the same alias is migrated, a new disabled user account with a 1 appended to the name is created in Active Directory. The original contact remains unchanged. Only contacts that are created by the ADC are converted into mail-enabled user accounts by the Migration Wizard.
  • Update Exchange Server 2003 group membership when you migrate from Exchange 5.5. However, Exchange 5.5 distribution lists are not migrated. For example, if a distribution group in Active Directory contains contacts, during a migration procedure these contacts may be converted to user accounts that are turned off, and the distribution group in Active Directory is updated to reflect this change.

Another Important things to know!!

What Exchange migration does not do:

The Migration Wizard is not designed to perform the following tasks:

  • Clean up or remove mailboxes in the source organization. The original mailboxes in the source organization continue to receive messages after the migration process is complete. You must delete the original mailboxes, or configure other recipients that point to the new mailboxes that are hosted in the target Exchange organization.
    Migrate custom recipients. The Migration Wizard creates contacts from custom recipients. However, you can delete the mailbox, if ADC configured, a custom recepient will be created in Exchange 5.5
  • Preserve ACLs. The Migration Wizard does not preserve ACLs to other mailboxes or public folders.
  • Migrate mailboxes in the same organization. The source organization from which you migrate mailboxes must be different from the target organization.
  • Migrate personal mail archives or personal address books.
  • Migrate distribution lists.
    Export the distribution list, and then use the LDIFDE or CSVDE command-line utilities to convert them.
  • Migrate Inbox rules. After you use the Migration Wizard to migrate mailbox information, the mailbox owners must re-create their Microsoft Outlook Inbox rules.
  • Migrate public folders. You can migrate public folders by exporting them to .pst files or by using the Inter-organization replication utility, which sound like PFMigrate.

Have Fun - please remember, we will always recommend a huge organization to go for IntraOrg unless some political or technical issues - eg: Change of company name.

Modify attributes in Exchange 2003 which previously possible in 5.5

Previously in Exchange 5.5, there are lots more attribute that can be enter in Exchange 5.5 administrators. However, those attributes is taken off from Exchange 2000 and 2003, store in attributes but not shown. A good example is assistant attribute.

 

To those who is still would like those entry to be publish and alter,

 

To let users update attributes on their own accounts against the server that is running Microsoft Exchange 2000 Server or Microsoft Exchange Server 2003, follow these steps:

 

  1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. Right-click the Domain container, and then click Delegate Control.
  3. Click Add, click the special account Self, click OK, and then click Next. 
  4. Click to select the Create a custom task to delegate check box, and then click Next. 
  5. Click to select the Only the following objects in the folder check box, click User objects in the list, and then click Next. 
  6. Click to select the Property-specific check box, set each attribute that you want your users to modify, and then click Next. 
  7. Click Finish.

 

Users can now use Galmod32 or the Windows Search applet to update their information in Active Directory.

 

The permissions on your user account determine the global address list entries that you can modify. If you have Domain Users permissions, you can modify the following fields in your own global address book entry:

  • Address
  • City 
  • Business Phone Number
  • State
  • Fax
  • Home Phone Number
  • Mobile Phone Number
  • Notes 
  • Office
  • Pager
  • Zip Code

 

If you have Domain Administrator permissions, you can modify the following fields:

  • Assistant
  • Company
  • Country
  • Department
  • Title

 

Note The Country attribute is not displayed as a text box in the Active Directory Users and Computers snap-in. When you use GAL Modify to change the Country attribute, the changes are displayed in the Outlook Address Book instead of in the user attributes in the Active Directory Users and Computers snap-in.

 

FOR MORE Information, please visit Microsoft KB article - 272198

Vista

First of all, XP has Home & Professional edition, how about Vista? – it has six editions, ya, 6! 4 aims on normal users, 2 aim on Enterprise. Consists of Vista Starter, Vista Home Basic, Vista Home Premium, and Vista ultimate; for business, Vista Business and Vista Enterprise.

1) It should come with Windows Media Center Edition – which include DVD playback, authoring and even burning!
2) Can view and flip windows 3 dimension!
3) With new Sidebar – which can add in news, RSS feed, Stock Price, Whether… - on your desktop!
4) Monitor normal user Internet use, with content filter! – porn website, even IM!
5) ShareView – some sort of P2P technology- eg: sharing PowerPoint technology
6) Easier to deploy for Enterprise users
7) Admin user prompt when doing administrative task (eg: Installing applications) – which solved given admin rights to normal users
8) Secure Startup – Users need to put in the USB drive, the encrypted file for the Vista to startup!
9) Security – definitely

That’s what I can think of, for those who like to add on or modify – go ahead and share among the group.