Tips - How to set reviewer permission for default account on New Mailboxes - Exchange 2010

Lot of companies want to allow all users in the company to access others calendars. But the default account will have the permission to see only the free busy (Availability option of others calendars. To accomplish this, we need to change the Default account to have reviewer permission on all users Calendars. Exchange administrator can change the default permission from Availability only to Reviewer permission using the below script.

$mailbox = Get-Mailbox –ResultSize unlimted

foreach($user in $Mailbox) {

$calendar = $User.alias+”:\Calendar”

Set-MailboxFolderPermission -Identity $calendar -User ‘default’ -AccessRights Reviewer }

Above script will set the default account to have reviewer permission on exiting mailbox. You may look for option to automate this task of setting the reviewer permission on new mailbox calendars for the default account. This can be implemented using the scripting agent option in Exchange Server 2010.

Scripting Agent Config: Scripting Agent Config is an option on Exchange Server 2010 which will allow you to automate an exchange task when something occurred on Exchange Server. It is a configuration file which will have to settings to automate a task. Below shows a content of the Scripting Agent Config file

How to delete the First Mailbox Database in Exchange 2013

Once Exchange Server 2013 installation gets completed, it will create the default mailboxes (Administrator and Discovery Mailbox) and the Arbitration Mailboxes on the default Mailbox Database. If you try to delete the first mailbox database you will get the below error message. The reason is, to delete a mailbox database there should not be any mailbox available on that database, and either those mailboxes to be deleted or moved to other database.



 

Exchange Trusted Subsystem is not member of the local administrator group - Exchange 2013

When designating a non Exchange 2010 or Exchange 2013 servers as a file share witness, you have to assign the Exchange Trusted Subsystem as a member of local administrator group on the file share witness server.

Even if you assign the Exchange Trusted Subsystem as a member of local administrator group on the file share witness server, you may get the below warning

Get-DatabaseAvailabilityGroup
Set-DatabaseAvailabilityGroup -Identity DAG-101 -DatabaseAvailabilityGroupIPAddresses 10.10.1.12


There is no need to find a fix for the above warning, because Microsoft informed this warning is normal and we can silently ignore it. for more info

Messaging Records Management (MRM) in Exchange Server 2013

Messaging Records Management is records management technology to manage email lifecycle and reduce the legal risks associated with the emails. Message Records Management in Exchange 2013 will be implemented using Retentions Policies.
Retention tags with the settings to how long to keep\delete\archive emails will be used to apply retention settings on the mailbox or the default folder on a mailbox like Inbox and these retention tags can also be used apply retention settings on mailbox folders of outlook 2010 or later and OWA. Once the Retention Policy with the Retention Settings applied on folder or a mailbox, the Managed Folder Assistant running on Exchange 2013 Mailbox Server will process all mailboxes and apply the retention settings to the mailbox.

Retention Tags
Retention Tags are the one which will define the settings on how long the emails can be kept\deleted\archived and on where to apply the settings like entire mailbox or individual folders. Retention Tags are used to apply retention settings on messages and mailbox folders. There are 3 types of Retention Tag

Default Policy Tag: Default Policy tag will be applied to all items that do not have a retention tag applied. A Retention Policy can have one Default Policy Tag to move items to Archive Folders, one Default Policy Tags to Delete Items and One Default Policy Tags to delete voice mails

Retention Policy Tag: Created for default folders like Inbox and Sent Items folders. A Retention Policy can have one Retention Tag for each and every default folders

Personal Tag: Personal Tags are used by Outlook later and Outlook Web App users to apply retention settings on custom folders and individual messages. A Retention Policy can have n number of Personal Tags
Retention Policy can have any of these Retention tags

Retention Policy
Retention Policy is a group of Retention Tags applied that can be applied to a mailbox.. Also only one Retention Policy can be applied on a mailbox.
Managed Default Folders option introduced in Exchange Server 2007 are not available in Exchange Server 2013.

Default Messaging Records Management Policy
Installation of Exchange 2013 will have a default Messaging Records Management Policy which can be used when creating a new mailbox. The default MRM policy will have these default Retention Tags



Implementing Message Records Management in Exchange Server 2013
Below are the steps that are to be followed to implementing Message Records Management in Exchange Server 2013

1. Create the Retention Tags
2. Create Retention Policy
3. Link Retention Tags to Retention Policy to have one default policy tag and one or more Retention Tags and Personal Tags
4. Apply Retention Policy to Mailbox

Step 1: Create a Retention Tags
This shows how to create a Retention Tags on Exchange Server 2013 using Exchange Control Panel
To create a Retention Tags -> Login to Exchange Control Panel -> Compliance Management -> Retention Tags and Click on New (+) to create a New Retention Tags



To create a Default Policy Tag click on applied automatically to entire mailbox (default) and to create a Retention Policy Tags click on applied automatically to a specified folder and to create a Personal Tag click on applied by users to items and folders (Personal)

On the background, I create 3 Retention Tags, One Default Policy tag to move 60 days old emails to Archive Mailbox



One Retention Policy Tags to permanently delete 30 days old emails from Deleted Items folder



and One Personal Tag with settings not to archive



Step 2: Create a Retention Policy
To create a Retention Policy -> Login to Exchange Control Panel -> Compliance Management -> Retention Policy and Click New (+) -> Type a Name and Click Save

Step 3: Linking Retention Tags to Retention Policy
To Link Retention Tags to Retention Policy-> Login to Exchange Control Panel -> Compliance Management -> Retention Policy -> Select the Policy to which you want link addition Retention Tags and Click edit -> add the Retention Tags as shown below and click save



Step 4: Assign the Retention Policy to a Mailbox
To apply a Retention Policy on a Mailbox -> Login to Exchange Control Panel -> Recipients -> Mailbox -> Select the Mailbox and Click edit ->



Click on Mailbox Features -> Select the Retention Policy and click Save



I believe the above procedure gives a good idea on how to implement Messaging Records Management in Exchange Server 2013. If you need any help on the above please inform us. Please don’t forget to have a look on the Second Part of this article to have more idea on MRM in Exchange Server 2013
 

Send Connectors in Exchange Server 2013

We will discuss about Send Connectors options and how to configure Send Connector in Exchange Server 2013. Like Exchange 2007 & 2010, Send Connectors in Exchange Server 2010 is to route the internal emails to internet\external domain. We can configure Send Connectors to route external emails using two options

1. Route the emails to a Smart Host or
2. Configure DNS to route emails to external domain

By default, there won’t be any Send Connector created to send emails to external domain. We have to configure the Send Connectors manually to send emails to external domains.

To Create a Send Connector in Exchange Server 2013 -> Open Exchange Control Panel -> Mail Flow -> Send Connectors -> Click New (+)



New Send Connector option allow you to create any of the 4 types Send Connectors as shown below, type a name and select the connector which you want to create and click next

• Custom Send Connector – Create this Send Connectors to send email from Exchange 2013 to Other Non-Exchange Servers
• Internal – to send intranet mail
• Internet – to send emails to internet\external domain
• Partner – route mail to trusted 3^rd party servers

On the next page we have the option to select whether to route the external emails via DNS or Smart host. Select the respective option and click next

To route emails via DNS, select “MX record associated with recipient domain” and

To Route emails via smart host, select “Route mail through smart hosts” and you have to specify the smart host IP address



Next option is to select the Address Space. Using Address Space, we are configuring the send to route emails only to allowed emails domain.

 For example, if we want to route emails only to yahoo\gmail, we have to create a address space with yahoo.com and gmail.com and to route emails to all external domain, create a address space with * as shown below



Next option is to set the source servers which are going to use this send connectors, select the mailbox server and click Finish



Below shows the completion of New Send Connector creation in Exchange Server 2013. By default the new send will allow max of emails with the size of 10 MB, we can modify this as per company’s requirement.



Below shows the output of Send connector and it will help you to have a look on the configurable parameters that are available in Exchange Server 20103, you can use all those parameters when using Set-Sendconnector

 

 

Receive Connectors in Exchange Server 2013

Receive Connectors are the connectors that are responsible to handle inbound emails to receive emails both from internal and external domains. Servers having the Transport Roles should have Receive connectors to receive emails from Client or other servers or from external network.

With the architecture changes in Exchange Server 2013, both the Server Roles are having the Transport components where Mailbox Server role has the Hub Transport component and the Client Access Server role has the Front end Transport Component and both the server roles will have a receive connectors

Send connectors are organization specific, where the settings are applied globally but the receive connector are server based and below shows the default Receive Connectors in Exchange Server 2013 and their responsibilities



Default connectors created in Mailbox Server Role
“Default Chennai-EX-01″ is the connector created in Mailbox server role which accepts connection from Mailbox Servers and from Exchange 2010 Edge Transport Servers
“Client Proxy Chennai-EX-01″ will accept connection from Front End Servers (Client Access Server)

Default Connectors created in Client Access Server Role
“Default Frontend Chennai-EX-01″ accepts connection form all SMTP sender using port 25, message enters to the organization using this connectors
“Outbound Proxy Frontend Chennai-EX-01″ accepts messages from the send connector on a Mailbox Server with Front end proxy enabled. By default newly created Send Connectors will not be enabled with Front end proxy option and if we need we need to enable this option on respective send connector
“Client Frontend Chennai-EX-01″ Accepts secure connections with TLS applied
Note: To find whether the connector is associated to Mailbox Server role or Client Access Server role, we have to check the Transport Role option, where the HubTransport refers the connector is associated with Mailbox Server Role and the FrontEndTransport refers that connector is associated with the Client Access Server Role

How to create a Relay Connector in Exchange Server 2013
If we want to create a new Receive Connector in Exchange Server 2013, login to Exchange Control Panel -> Mailbox Flow -> Receive Connectors and Click New (+)



Enter a name and Select the Role as Hub Transport, and on the Type select Custom to create Relay connector to accept emails from Scanner or Printer in Exchange Server 2013

Note: Role option is used to specify whether to create the receive connector related to mailbox server or client access server and below are the types of receive connectors and their functions, based the type of receive connector selection the required type of authentication and the permission will be assigned to that connector

For more information about the Permission – Click here
For more information about the authentication – Click here



On the Network Adapter Bindings page, check All available IPv4 are added and click next to continue



On the Remote Network Settings, remove all IP address and add the Printer or Scanner or the application IP address and click Finish



Note: By default all the internal Receive Connectors are set to receive 35 MB of emails, based on your requirement modify this limit
 

Accepted Domain and Remote Domain in Exchange Server 2013

In this part, we will have a look on the Accepted Domains and Remote Domains in Exchange Server 2013. So what are Accepted Domain and Remote Domain?
Accepted Domain:
An Accepted Domain name is any SMTP namespace that your organization used to send and receive emails. Also the Accepted Domain includes the domains that are authoritative domain, internal relay or external relay domain.

Authoritative Domain – It is the SMTP name space that is used by your Exchange Organization to send\receive emails

Internal Relay Domain – When an Exchange Organization is sharing the same address space with 3^rd party messaging or other exchange organization, the you need to create a internal relay domain, and you have to configure a Send Connector in Mailbox Server as the source with address space matches to the internal relay domain.
For example: If your company (A) and your partner company (B) is sharing the same SMTP namespace as @Chennai.com and your domain is authoritative to receive emails for Chennai.com. If an email sent for the user rajkumar@chennai.com first received by A and if the user mailbox is not there, then the email will be route to B organization using Send Connector

External Relay Domain – When you configure an external relay domain, messages are relayed to an email server that’s outside your Exchange organization and outside the organization’s network perimeter
By default the active directory domain name will be created as the default accepted domain for the Exchange Organization



How to create a new Accepted Domain in Exchange Server 2013
To create a new Accepted domain, login to Exchange Control Panel -> Mail Flow -> Accepted Domain and Click New (+) -> Give a Name -> type the accepted domain name -> Choose the Type of Accepted Domain and Click Save



Remote Domain:
Remote Domains are configured to control the settings of message transfer between your Exchange Organization and the remote domains. We control the settings like Message Format, Automatic Replies and NDR using the Remote domains



By default, a Remote Domain with * which includes all domains will be created and the creation of new remote domains and the configurations can be only done via Exchange Management Shell and not using Exchange Admin Center. Below are the configurable parameters using Set-RemoteDomain

 

Managing Distribution List using Shell Command

This post contains the information on how to manage distribution list in Exchange server 2010. In exchange server 2010, only the universal distribution or the security group can be mail enabled. No other scopes like Local or Global Distribution Groups are supported in Exchange Server 2010. Below are the distribution groups that can be created

• Mail enabled Universal Distribution Group
• Mail enabled universal Security Group
• Dynamic Distribution Group

Now we will have a look at some of the topics related to managing distribution list in exchange server 2010.

[important title ="How to create a Distribution Group in Exchange Server 2010"]

New-DistributionGroup -Name “Name of the Distribution Group” -OrganizationalUnit “DomainName.Com/Exchange Distribution Lists” -SAMAccountName “DIstributionGroupAlias” -Type “Distribution” [/important]

[important title ="How to add owner to a distribution group"]

Set-Group -Identity “DL Group Name” -ManagedBy “Domain Name\UserName” [/important]

[important title ="How to add Permission to distribution group for Owner"]

After adding Managedby user on a distribution group, better to give read and write access permission for Owner

Add-ADPermission -Identity “DL Group Name” -User “DomainName\user” -AccessRights ReadProperty, WriteProperty -Properties ‘Member’ [/important]

[important title ="How to change the owner of a distribution group"]

Set-DistributionGroup -Identity “DL Group Name” -ManagedBy “DomainName\NewOwnerUser”

Add-ADPermission -Identity “DL Group Name” -User “DomainName\NewOwnerUser” -AccessRights ReadProperty, WriteProperty -Properties ‘Member’ [/important]

[important title ="How to add a second or additional owner for a distribution group"]

Giving read and write access permission at active directory level will allow the other user to function as a co owner for a Distribution Group

Set-DistributionGroup -ManagedBy ‘New Onwer Name’,'Old Owner Name’ -Identity ‘Distribution Group Name’

Add-ADPermission -Identity “DL Group Name” -User “DomainName\SecondOwner” -AccessRights ReadProperty, WriteProperty -Properties ‘Member’ [/important]

[important title ="How to remove additional owner from a distribution group"]

Remove-ADPermission -Identity “DL Group Name” -User ” DomainName\SecondOwner ” -AccessRights ReadProperty, WriteProperty -Properties ‘Member’ [/important]

[important title ="How to rename a Display name and Alias Name for a Distribution Group"]Set-DistributionGroup -Identity ‘Distribution Group Name’ -DisplayName ‘Enter New Name’ -Alias “New_Alias” [/important]

[important title ="How to export the members list from a Distribution Group"]

Get-DistributionGroupMember -Identity ‘Distribution Group Name” | FL Name [/important]

[important title ="How to add a New Member to the distribution Group"]

Add-DistributionGroupMember -Identity “Distribution Group Name” -Member “UserName’ [/important]

[important title ="How to disable or remove a Distribution Group"]

Disable-DistributionGroup -Identity “Distribution Group Name”

Remove-DistributionGroup -Identity “Distribution Group Name” [/important]

[important title ="How to mail enable or mail disable a security group"]

If we have an active directory security group available and if we want to mail enable that security group, we can use the below shell command and email address will be created for that security group

Enable-DistributionGroup –Identity “DL Display Name”

Disable-DistributionGroup –Identity “DL Display Name” [/important]

[important title ="How to allow external users to send email to the distribution list"]

Set-DistributionGroup -Identity ‘Distribution Group Name’ -RequireSenderAuthenticationEnabled $True [/important]

[important title ="How to allow owners to approve or restrict member to join or to leave a Distribution Group"]

Set-DistributionGroup -MemberJoinRestriction ‘ApprovalRequired’ -MemberDepartRestriction ‘Closed’ -Identity ‘Distribution Group Name’ [/important]

[important title ="How to allow only few users to send email to distribution list"]

Set-DistributionGroup -AcceptMessagesOnlyFromSendersOrMembers ‘User Name 1’,’User Name 2′ -RequireSenderAuthenticationEnabled $True -Identity ‘Distribution Group Name’ [/important]

[important title ="How to restrict few users to send email to distribution list"]

Set-DistributionGroup -AcceptMessagesOnlyFromSendersOrMembers “All Users” -RequireSenderAuthenticationEnabled $True -Identity ‘Distribution Group Name’ -RejectMessagesFromSendersOrMembers ‘User Name 1’,’User Name 2′ [/important]

[important title ="How to set a Message Moderator to allow emails and to bypass approval from few users"]

Set-DistributionGroup -ModerationEnabled $true -ModeratedBy ‘Moderator User Name’ -BypassModerationFromSendersOrMembers ‘User don’t require approval’ -Identity ‘Distribution Group Name’ [/important]

[important title ="How to hide a distribution group from Gloabll Address List"]

Set-DistributionGroup -Identity ‘Distribution Group Name’ -HiddenFromAddressListsEnabled $true[/important]

[important title ="How to add additional email address to a distribution list"]

Set-DistributionGroup -Identity ‘Distribution Group Name’ -EmailAddresses ‘SMTP:existingemailaddress’,'smtp:Newemailaddress’ [/important]

[important title ="How to create a dynamic distribution list"]

New-DynamicDistributionGroup -Name “Name of DDG” -Alias “Alias_Name” -IncludedRecipients “MailboxUsers,MailContacts” -OrganizationalUnit “DomainName.com/Users” -ConditionalDepartment “DepartmentName1″,”DepartmentName2″ -RecipientContainer “DomainName.com” [/important]

If you are having any issue on running the above shell command or any other management task using shell command to be included, kindly leave your comments

 

Exchange Server 2010 Mail Flow diagram

This post will help you to understand how the mail flow happen in exchange server 2010. Having any query leave a comment here.
Email to the Hub Transport Server are submitted in 3 ways, they are

1. Through SMTP submission,
2. From the Pickup directory and
3. When a user inside the organization sends a message

Those emails submitted to the Hub transport server is picked up from the user’s Outbox by the store driver. The store driver is a software component of the Hub Transport server that delivers inbound messages to Exchange stores, the databases that contain public folder and mailbox stores























Messages that are sent by users in your organization are picked up from the sender’s Outbox by the store driver and are put in the Submission queue on a server that runs the Hub Transport server role. When messages are submitted to the Hub Transport server, they’re processed by the categorizer.

Categoriser: The categorizer is a component of Exchange transport that processes all inbound messages and determines what to do with the messages based on information about the intended recipients.

In Exchange 2010, the Hub Transport server uses the categorizer to expand distribution lists and to identify alternative recipients and forwarding addresses. After the categorizer retrieves full information about the recipients, it uses that information to apply policies, route the messages, and perform content conversion.

If the email is sent to internal user, those emails are then delivered locally by the store driver to a recipient’s mailbox, if the emails is intended for external recipient they’re delivered remotely by using SMTP to send messages to another transport server.
If you are looking for better understanding about Message Routing in Exchange Server 2010, kindly refer here

We will have a look on the types of queues in Transport Server on my next post…

Exchange 2010 Server Roles

Like Exchange Server 2007, we have the same 5 server roles architecture in Exchange Server 2010. Below give the short description of Server roles in Exchange Server 2010.

Mailbox Server: This server hosts mailboxes and public folder databases. Any client connection to access mailboxes comes through CAS server only and Public Folder MAPI access with directly connect to Mailbox Server.

Client Access Server: This is the server that hosts the client protocols responsible to provide access to (POP3), (IMAP4), (HTTPS), Outlook Anywhere, Availability service, and Autodiscover service.

Hub Transport Server: This is the mail routing server that routes mail within the Exchange organization. This server role can also be used as routing server to route emails to external organization.

Unified Messaging Server: This is the server that connects a Private Branch exchange (PBX) system to Exchange 2010. Provides a universal inbox for emails, voice mail and fax messages

Edge Transport Server: This is the mail routing server that typically sits at the perimeter of the topology and routes mail in to and out of the Exchange organization. By default Anti-spam agents are installed and it supports Transport Rule and Address Rewriting.

It’s a short note on server roles in Exchange Server 2010. We will discuss about those server roles functionality in later topics.

Post Installation Steps on Exchange Server 2010

Once Exchange Server 2010 installation is completed the complete functionality of Exchange Server is deployed. We need to perform some post installation tasks to make Exchange Server 2010 fully functional. Below are the details post installation options we are going to see in this post.

Step 1: Verify the Exchange 2010 installation
Step 2: Post installation task on Client Access Server
Step 3: Post installation task on Hub Transport Server
Step 4: Post installation task on Mailbox Server
Steps 5: Post installation task on Unified Messaging Server
Step 6: Post installation task on Edge Transport Server
Verify the Exchange Server 2010 installation
Setup Verification
If any problem with the exchange server infrastructure, the installation won’t complete successful, but when Exchange 2010 installation get completed smoothly it’s good to review the below logs to see whether any error occurred during the installation
Check the application event log for any warning or error message and
Check the Exchange Setup logs which get created during the exchange 2010 installation. It will be available on the exchangeinstallationdirectoryExchange Setup logsExchange Setup.log

Entering Product Key
Click on the Server configuration and selecting a server will give an option to enter a product key on the action pane.
Post Installation task on Client Access Server
Securing Client Access Server
To have secure client access functionality between the client and the Client Access Server, By default all the client protocols like OWA, EAS and Auto discover are ssl enabled. All these certificates are self-signed SSL certificated, we have to deployed a SSL option from a trusted Certification Authority for all the enabled Client Access Server features
By default POP3/IMAP are enabled on mailbox but this feature is disabled in Server. We have to manually set the option by starting the POP3/IMAP4 services.

Exchange Active Sync Policy
By default Exchange Active Sync feature is enabled for all the mailboxes, but we have to define a Exchange Active Sync policy with the security, authentication and policy settings for mobile devices

Configure Client Access Server External Domain
During the first Exchange Server 2010 client access server is installation the below option to configure client access server external domain will prompt to enter the external domain name where we can enter the details if it is a internet facing client access server.



If that first server was not a internet facing client access server, then we can skip this step. If we want to configure this option later then point to Server configuration -> Client Access Server -> Right click and select the configure Client Access server external domain, then you have to enter the external OWA url.

Post installation steps for Hub Transport Server
Accepted Domain
By default, the domain name which is used to installed exchange server 2010 will be considered as a SMTP address space for the entire mailbox. If we want the exchange server 2010 to receive email for other SMTP domain names, then we have to

• Add the Accepted Domains in Exchange Server 2010
• Those domain names to be registered in Global DNS
• MX record for that domain needs to be forwarded/point to your Static IP address

Internet Mail Flow
By default, Hub Transport server is not configured for Internet mail flow. We have to configure the Internet mail flow using one of the below 3 options
Deploy an Edge Transport server and manually configure the Send connectors and Receive connectors that are required for Internet mail flow. Edge Subscription to be done between the Hub Transport Servers and the Edge Transport Server
Manually configure Internet mail flow between your Exchange 2010 organization and Microsoft Exchange Hosted Services or other external SMTP gateway servers, We have to create a Send and receive connectors to point to the Exchange Hosted server or other gateway server to send and receive emails
Configure the Hub Transport server for direct mail flow with the Internet. If exchange 2010 is designed to use the Hub Transport server to send emails directly to internet, we have to create a send and receive connector which is assigned to connect to internet

External Post Master Email Address
We have to manually create a external post master email address to received emails and this email address is used to send system generated emails. By default there won’t any post master email address created when HUB Transport server is installed. We have to manually create it using Set-TransportConfig -ExternalPostmasterAddress postmaster@domainname.com
Post Installation Steps for Mailbox Server
Offline Address Book Generation Server
We have to decide which server will be designated as an offline address book generation server. B y default the first installed mailbox server will be assigned as the OAB generation servers. If we have multiple OAB created then we have to assign it to particular mailbox database and respective user’s mailbox has to be created in that mailbox database.

Offline Address Book Distribution
Based on the outlook client available on the network, we have to set the Offline Address book distribution method. Organization Configuration -> Mailbox –>Offline Address Book –> Properties will help you the decide the distribution method
High Availability
By default there is no High Availability options for mailbox database, if it is in your design, then you can configure Database Availability Group
Post Installation Steps for Unified Messaging Server
Below are the steps that need to be configured once the UM server role is installed

• Create a UM Dial Plan
• Create a UM IP Gateway
• Add a UM Server to a Dial Plan
• Enable a User for Unified Messaging

If additional UM server is installed then if we want to place the server in New Dial Plan, then we have to follow the all 4 steps, if not then we can Add the second UM server into an existing UM dial Plan

Post Installation Steps for Edge Transport Server
Edge Subscription
Edge Subscription has to be established between Hub Transport server and the Edge Transport Server

Address Rewriting
If needed, we can set the address rewrite option on Edge transport Server. This Address Rewriting option cannot be set at Hub Transport Server
Above are the Post installation steps for all the Server roles available in Exchange Server 2010 to make the exchange server 2010 fully functional. Other Post installation option like configuring a Client Access Server, deploying a secure role base access control etc, since those are additional options, it is not discussed over here.
And the discussed post installation steps for Exchange Server 2010 are in short note. We will elaborate the options on how to configure will be posted later in this blog.

Installing Exchange Server 2010 Service Pack 1

In this post, we will look on how to install Exchange Server 2010 Server Pack installation on a new Exchange Server environment. Upgrading from Exchange Server 2010 to Exchange Server 2010 SP1 will be discussed on different post

1. Server Role installation order

If Exchange Server 2010 SP1 is not a typical installation then it has to be installed in the below order

• Client Access Server
• Hub Transport Server
• Mailbox Server
• Unified Message Server
• Edge can be installed after deploying CAS, HUB and MB

1. Prepare the Active Directory

Active Directory Preparation involves the below details

• Domain Controller, Global Catalog Server and Schema Master Server needs to be running with Windows Server 2003 SP1 or later
• Domain and Forest functional level has to be Windows Server 2003 or later

1. Exchange 2010 Server requirements

Operating System has to be Windows Server 2008 SP2 or Windows Server 2008 R2, It can be a Standard or Enterprise edition but it has to be x64 edition
Prerequisites like .Net Framework 3.5 SP1, Windows PowerShell 2.0 and other windows features are to be manually installed if we are installing Exchange Server 2010 SP1 on Windows Server 2008 SP2. If you are installing Exchange Server 2010 Sp1 on Windows Server 2008 R2 SP1, then use the below switch from command prompt to install the basic prerequisite
C:E2K10SP1 Installation FilesScriptsServerManagerCMD –IP –Exchange-Base-XML
For complete prerequisites click here to know the detail

1. Active Directory Preparation

From Exchange 2010 SP1 Server, use the below exchange installation switches to prepare the Schema, Active Directory and Domain

• Schema Preparation

C:E2K10SP1 Installation FilesSetup.com /PrepareSchema

• Prepare Active Directory

C:E2K10SP1 Installation FilesSetup.com /PrepareAD /OrganizationName:YourExchangeOrgName

• Prepare Domain

C:E2K10SP1 Installation FilesSetup.com /PrepareDomain
Installing Exchange Server 2010 SP1
Run the below exchange installation switch from command prompt
C:E2K10SP1 Installation FilesSetup.com /Mode:Install /Roles: CA,HT,MB,UM,MT

Introduction to Database Availability Group in Exchange 2010

Database Availability Group is a group of up to 16 servers that holds the set of replicated Mailbox databases and DAG is the boundary of replication and the failoverswitchover process among those mailbox databases. DAG member servers can be placed in different sites and Database replication can occur over multiple sites.
We will discuss the Database Availability Group concepts on the next 5 chapters, this will be shot introduction on the high availability options that are available in the previous version of exchange 2010.

High Availability in Exchange Server 2003
Exchange Server 2003 depends on Windows Clustering for high availability and that too, the High Availability solution or the redundancy will be available only at the hardware level and not at the database level.

Exchange 2003 cluster nodes shared the same storage system. If the active cluster node suddenly became unavailable, the Exchange Virtual Server (EVS) and any relevant cluster resources would fail over to the passive node and the end users could then continue to access their mailbox.
With Windows Server 2003 Enterprise Edition and Exchange Server 2003 Enterprise Edition, We can set up 8 node cluster for redundancy. With Exchange 2003, we have the high availability option at the server level and not at the StoreDatabase level.

High Availability in Exchange Server 2007
Exchange Server 2007 introduced with the new high availability option both at the server level and the database level. It has 4 High Availability Solution, which uses the continuous replication technology (Asynchronous log file shipping) to have duplicate copy of database at the same server and also at different server. High Availability Solutions in Exchange Server 2007 are

Local Continuous Replication
LCR high availability option can be achieved only at the storage level, Active Copy of the database is replicated to the passive copy of the database using log file shipping, replication of log files will takes inside the server, but to a different disk.

Disadvantage: If the disk goes down, data will be safe at other disk.

Cluster Continuous Replication
Using CCR, High Availability can be achieved at the Server level as well as the storage level, In CCR active copy of the mailbox database will be replicated to passive copy on a Passive node. Using the Windows failover clustering, redundancy will be achieved both at hardware and database level. Using CCR, there is no single point of failure

Disadvantage: No site level redundancy and there is no option to configure a lagged database copy on passive node

Single Copy Cluster
SCC is just like the Exchange 2003 high availability model, where the Single Copy cluster nodes on the cluster shared the same storage device

Disadvantage: We have the high availability option for server and not the database level.

Standby Continuous Replication – SCR is the new high availability model introduced in Exchange 2007 SP1. Data can be replicated to remote site and Site Resiliency can be achieved by shipping log file to another mailbox server in a remote site and there is no need of Windows failover cluster.
Using Standby Continuous Replication, we can have a high available database copy on the remote site for disaster recovery and we have the option to specify lagged log reply time.

High Availability in Exchange Server 2010
Database Availability Group is a group of up to 16 servers that holds the set of replicated Mailbox databases and DAG is the boundary of replication and the failoverswitchover process among those mailbox databases.
High Availability concept of Exchange 2007 like LCR, CCR, SCC and SCR are not available in Exchange Server 2010. Exchange 2010 has a new high availability model name Database Availability Group. In actual LCR and SCC concepts has been completely removed but the concept CCR and SCR are combined and evolved into more unified High Availability Solution knows as Database Availability Group.

Using DAG, We can achieve redundancy at the server level, database level and the data resiliency. Below are the new component in Database Availability Group that manages the failovers

• Active manager is the primary component of Database Availability Group
• Exchange 2010 use AM to manage switch over and failovers, instead of the exchange cluster resource DLL and the associated cluster services used in the previous version of exchange
• Active Manager runs on all mailbox servers that are part of DAG member

New terms and functionality of Database Availability Group will be discussed in next topic

Installing Exchange Server 2010 on Windows Server 2012

I tried a lot to install Exchange Server 2010 on Windows Server 2012 RTM Operating System and end up in lot of errors. Also, I don’t find any information related to that error on Internet. Today I got the information from MS Exchange Team blog stating that Currently, Exchange Server 2010 Sp2 is not supported in Windows Server 2012 and they are working on this to make it possible.

 

Coming to conclusion, by today Exchange Server 2010 SP1 or SP2 can be installed only on Windows Server 2008 Sp2 and Windows Server 2008 R2 Sp1 and Exchange Server 2013 Preview can be installed on Windows Server 2008 R2 Sp1 and Windows Server 2012

5 Shell commands for daily use - Exchange 2007

Below 5 shell commands makes the exchange server administrator work quick and easier in administrating exchange server.

1. To check whether all exchange server related services are running normal?
Test-ServiceHealth or Test-ServiceHealth -Server ServerName

2. To check the Database Mount Status, backup status
Get-MailboxDatabase -Server ServerName -Status | FT Name, Mounted, backupinprogress, lastfullbackup, lastincrementalbackup

3. If High availability configured for Mailbox Server, to check the storage group and mailbox database opy status
Exchange Server 2007 CCR -> Get-StorageGroupCopyStatus -Server ServerName
Exchange Server 2007 SCR -> Get-StorageGroupCopyStatus -Identity MBSRV\SG1 -StandbyMachine Server2

4. To check the Mail queue status
Get-Queue -Server ServerName | FL

5. Testing Mailflow whether mail can be successfully sent from and delivered to the system mailbox on a computer that has the Mailbox server role installed
Test-Mailflow Server1 -TargetMailboxServer Server2
Test-Mailflow Server1 -TargetEmailAddress externalemailaddress
Inform if any details are needed.

Exchange Server 2007 Server Roles in short

Mailbox Server
Mailbox Server holds the Mailbox database and Public folder databases for your organization. It only retains the mailbox and it won’t transfer your mails. Transferring mails between your mailbox servers are handled by Hub Transport servers. The mailbox server role will be introduced only after the installation of Hub Transport Server and Client Access Server Roles. 4 types of high availability options are introduced in Exchange Server 2007, if we are installing Mailbox Server with the High AvailabilityClustering options Like CCR, SCC, or SCR, then no other server roles to be installed with this server role.

LCR – will provide an option to achieve HA at the database level and not at the server level. LCR specifically designed for small business organization, Active Mailbox Databases can be replicated to the passive Mailbox Database on the same server, if the active database goes down, we can activate the passive copy to function as active and if the server goes down, Mailboxes won’t be accessible until the server got rebuild and the mailbox got restored.

CCR – will provide an option to achieve HA at the database level and the server level. CCR will replicate the Active Mailbox Server from one server to Passive Mailbox Database at another Server, Where in, if the active Server goes down, automatic failover will occur and the passive server will function as active.

SCC – will provide HA at the server level only. if the active server goes down, the passive server will begging to function as active by referring the active copy which is accessible for all the servers in SCC. We can have centralized location to place the Mailbox and public folder database and the active server point to the same location. It’s like Clustering option available in Exchange Server 2003. If the SAN goes down, mailbox won’t be accessible.

SCR – will provide HA option at the Site level failure. With SCR there is no need to implement windows failover clustering feature installed to replicate the active database to passive database. Like active and passive mailbox database copy in other HA option, we have Source Database and Target Database in SCR.

Client Access Server
The role that handles client requests for OWA, Outlook Anywhere, ActiveSync, OVA and offline address book distribution. MAPI request from outlook client are directly connected to mailbox database, even though the MAPI clients are directly connected to Mailbox Database to access the mailboxes, MAPI client still depends on client Access Server for Auto Discover and Availability Service. CAS is responsible for any connection to Mailbox Server, when you want the Mailbox Server from outside the Exchange organization CAS is responsible. It’s also responsible for Non MAPI Clients connection.
This role must be installed after the hub transport role and before the mailbox server role. You can install the mailbox server role at the same time as the client access role, but not before.

Hub Transport Server
The Main Purpose of the Hub Transport Server Role is to transfer the mails throughout your exchange environment, this server role is responsible for internal mail flow, it replaces the bridge head servers in Exchange server 2003. This can be used as an edge transport server in Smaller Organization by installing and anti spam agents in Hub Transport Server itself. This must be the first role installed in Exchange 2007. You can install the client access server role and the mailbox server role at the same time as the hub transport role, but not before.

We have two connectors to look at in Hub Transport Server.

Send Connector – Responsible to outbound mail flow, by default, there is no Send Connector created (which means mail flow will not happen externally) to route external mails, we have to create a send connecter based on our requirement.

Receive Connector – Receive connector is responsible to receive inbound emails. By default the external mails are not received internally until the anonymous authentication is enabled

Unified Messaging Server
Functions as the interface point for the VOIP gateway or IP-PBX phone system. Allows user mailbox to be the single point of storage and access for voice mail and fax messages, in addition to their normal email.

Edge Transport Server
The Edge Transport Server Role is to transfer mails from inside of your organization to the outside world. It should be implemented at the edge of the network (perimeter Network). Main purpose is to prevent your exchange server from all kinds of Attack. Must have ports 25 (SMTP) and 50636 (LDAPS) open from it to the hub transport server on the internal LAN. Port 25 is to send mail in. Port 50636 is to replicate the Exchange information that it needs, such as changes to users’ safe and blocked senders lists.

Edge Synchronization –Since the Edge Transport Server is sitting at the edge of the network and to have to communication between the Hub Transport Server, we are having edge synchronization. It is the process to update the ADAM in the Edge Transport Server

Address Rewriting – Its additional feature which is used to rename the email address from internal users. This option will provide an uniformity in the SMTP address if we are having lot of domains and if company wish to have the external SMTP

How to Install Exchange Server 2007 – Short Note

In this article we are going to discuss about the perquisites plan to install Exchange Server 2007, Important topics on this page are

1. Prerequisites to install Exchange Server 2007
2. Exchange server 2007 Installation Types

Prerequisites to Install Exchange Server 2007

Before Installing Exchange Server 2007, we have to go through the Prerequisites to install Exchange Server 2007. First we will look into the preparation before installation

Preparation includes the following operations

1. Hardware Preparation
2. Permissions
3. Active Directory Preparation
4. Prepare Switches
5. Software Preparation and
6. Some Important Considerations

1. Hardware Preparation

• 64 bit Processor – should have 64 Bit Processor
• Memory – 1 GB recommended. Depends upon the Mailbox included in your Exchange Organization
• Hard disk Space – 1.2 GB for exchange and 200 Mega byte for system drives
• Formatted – NTFS

2. Permissions

User who is going to prepare AD should have permissions of

1. Schema Admin
2. Enterprise Admin

Active Directory Preparation

• Schema Master should be in windows 2003 with SP1
• 1 Global catalog server for each site
• ForestDomain functional level – Windows 2003

3. Prepare Switches

/prepare legacy exchange permissions – when we are having exchange 2000 or 2003 in our existing environment

/prepare schema – this will add various objects and attributes related to that object

/prepare AD – prepare the current domain and prepare a universal security group for the new exchange 2007 installation

/prepare domain “domain name”– only in the domain on the remote sites, or in the different domain

4. Software Preparations

1. OS – 64 bit of windows 2003, windows 2008
2. Microsoft Management Console 3.0 – By default included in windows 2003 server SP1
3. .Net Framework 2.0 with the hot fix. This should be installed before installing IIS
4. Power shell 1.0

5. Important Consideration

1. Raise your functional domain to Native mode
2. No exchange 5.5
3. Mailbox role – IIS, If you are installing Exchange Mailbox server IIS installation will be the prerequisites
4. Client Access – asp.net , and for Client Access Server Role asp.net should be enabled

Exchange server 2007 Installation Types

There are two types of installations in Exchange Server 2007,

• Typical Installation
• Custom Installation

1. Typical Installation

When we are performing the Typical Installation, the following server Roles will be automatically Selected, This typical installation is suitable for small Organization.

• Hub transport
• Client access
• Mail box server roles
• Exchange management console will be installed together

2. Custom Installation

If we plan to install the Exchange Server Roles in separate server to go for high availability solution we can go for this option

Following roles are the option for us to choose when we select the Custom Installation

• Hub Transport Server
• Client Access Server
• Mailbox Server
• Unified Messaging Server

The above four Server Roles can be installed together in single Server or in separate server

• Edge Transport Server – Should be install in the perimeter network
  • Exchange management Console – If we want to manage the server from windows XP , we can go for this option

We can also choose for active/passive clustered mailbox server

How to Install and Configure Exchange Server 2007 Edge Transport Server

I plan to discuss the following chapters in the Edge Transport Server Installation and Configuration,

1. Planning
2. Installing Edge Transport Server
3. Protocols and Port Settings
4. Setting up Edge Sync
5. Edge Transport Server Important Points
6. Configuring Edge Transport Server

Planning

Following are the important consideration when we install Edge transport Server. Below mentioned points are to be strictly followed.

1. Edge Transport Should not be included in Active Directory
2. Should be installed in a Standalone Server
3. Edge Transport Should not be Part of the domain
4. ADAM Should be Installed
5. Pre requisites .Net framework , Windows Management Shell, MMC 3.0 to be installed
6. Two networks cards

Installing Edge Transport Server

Start the installation by Double clicking the Setup.exe of Exchange Server 2007 Installation files

Select Install Microsoft Exchange to start the Exchange Installation, Review the Exchange Installation Introduction page and click Next

Click I accepts the terms in the license Agreement and Click Next ( read License Agreement Document Carefully )

In the Error Reporting window choose the option you needed

For installing Edge Transport Server, on the Installation type Page, Select custom installation to choose the Edge Transport Server Installation option

Select The Edge Transport Server Role, If you select the Edge Transport Server Role rest of the server Roles will be deselected because the Edge Transport Server has to installed in a Stand alone server without having any other roles combined to it

Click Next to Start the Readiness Check, this will report the important options that are not configured properly

After the Readiness check has been completed, click next to complete the Edge transport server Installation

The Below Window shows the option after the Edge Transport Server Installation is over. we can configure the below options in Edge Transport Server

1. Anti Spam / Anti Virus
2. Transport Rules and Accepted Domain
3. Address Rewriting

Protocols and Port setting

The following ports are opened through SCW

Port 25 – Should be opened both internally and externally, mails flow takes place with this port

Internal Port setting (Edge Transport Server to Hub Transport Server)

Port 50389 – LDAP local connection to ADAM in Edge Transport Server

Port 50686 – SLDAP (Secure Light weight Directory Access Protocol) Edge Sync Synchronization

Port 3389 – RDP optional

Edge Sync

Edge Sync – it’s a one way replication from Hub Transport Server to Edge Transport Server, while Edge Sync happens the recipient configuration will be replicated from Active Directory to ADAM in Edge Transport Server

In order to establish the Edge sync there are 3 important steps to be followed, the following options are done by exchange Management shell only

1. Create a Edge Subscription file from Edge Transport Server ( XML file)

New-EdgeSubscription –file “c:edge.xml, after entering this command it will ask for confirmation type “Y”

1. Move the file to Hub Transport Server – by using a pen drive or portable media.
2. Subscribe the file in Hub Transport Server

Navigate to Organization Configuration and in the action pane select New Edge Subscription and choose the path where the Edge file exists

Running Security Configuration wizard

1. Install SCW
2. Register SCW extension

Review all the setting and under Network security wizard open the following Ports

Port – 25

Port – 50389

Port – 50636

Edge Transport Server Important Points

1. Edge transport Server is not required for small organization; Hub Transport Server will function as Edge Transport Server

2. Edge Transport Server Role should not be a member of the Active Directory

3. ADAM stores the configuration of Active Directory for Edge Transport Server

4. Edge Synchronization to connect Hub Transport Server and Edge Transport Server

5. Security Configuration Wizard, Important ports to be opened, Port 25, 50389, 50636

Important Configuration for Edge Transport Server

1. Post Master Mailbox – create a New Post Master Mailbox which is used to receive the Non delivery reports, Postmaster can be in Edge Transport Server and also in Edge Transport Server

Post master mailbox can be created by Exchange management shell

To check for Postmaster Mailbox – (Get-TransportServer)

To create a Postmaster mailbox – (Set-TransportServer “server Name ” –Externalpostmaster Address ” Mail Address” After Creating a new email address for Postmaster and running the same command Get-Transport Server will shows the postmaster Mail Address

1. DNS Settings – DNS setting is the most important setting for internal and external mail flow

Internal DNS – Host record for the Edge transport server has to be created

External DNS – MX Record pointing towards Edge Transport Server should be configured

Edge Transport Server Settings

With Edge Transport Server we can have the following configuration

1. Anti Spam / Anti Virus
2. Transport Rule, Accepted Domain and Email Address Policies
3. Address Rewriting

Address Rewriting

Address Rewriting Agent runs in Edge Transport Server. The main purpose of Edge Transport Server is to rewrite the Address the address to some other address. This plays an important role, consider if there are 5 Sub domain inside a forest and the entire sub domain want send mail outside with a unique address space.

Address rewriting can be achieved only with Exchange Management Shell

To know the Address Rewriting entries, (Get-AddressRewriteEntry)

To create a New Address Rewrite Entry,

New-AddressRrewriteEntry – Name ” Internal to External” – InternalAdress raj.syztalk.com – ExternalAddress Syztalk.com

Inform us, if you are having any questions on the above mentioned points… J