Exchange 2010 SP2 & Tips


Published on

Scott Scholl est un des gourous techniques sur Exchange. Il intervient à des conférences telles que Microsoft TechEd, The Experts Conference, TechReady… et Il nous fait le privilège d’animer cette session (attention, session en anglais). Il est l’auteur de plusieurs livres de référence sur Exchange. Durant cette session découvrez les nouveautés du SP2 d'Exchange sortie en décembre 2011 et les bonnes pratiques de déploiement. Cette session sera l'occasion de découvrir les nouveautés de Exchange Server 2010 SP2 tout en n'oubliant pas de revenir sur quelques fondamentaux de Exchange 2010. Nous parcourerons les améliorations autour du setup et du déploiement, de l'audit des boites aux lettres, de la messagerie unifiée, de la haute disponibilité amsi aussi des solutions d'archivage et de protection de l'information du système de messagerie.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • LogParser -
  • To resolve the warnings, upgrade the server to Exchange 2010 SP2. The cause of these warnings doesn't prevent Exchange from functioning correctly and can safely be ignored until the server is upgraded to Exchange 2010 SP2.
  • Do not manually edit web.config file on Exchange 2010 SP2 or later server.
  • If a user in a DL is outside the scope of your ABP, you won’t see themThis prevents GAL mining by surfing up and down the member/memberof properties in some scenariosThis means you might be sending to more people than you think you are and that MailTips might not display the real recipient count
  • From -Name "Exchange ActiveSync Approvers" -Type "Security" -OrganizationalUnit “<domain>/Users_And_Groups/Groups/Security" -SamAccountName “EAS Approvers" -Alias "EASApprovers“Set-ActiveSyncOrganizationSettings –DefaultAccessLevel Quarantine –AdminMailRecipientsEASApprovers@<SMTPdomain>New-ManagementRole -Parent "Organization Client Access" -Name “EAS Approval“Get-ManagementRoleEntry "ActiveSync Approval\\*" | Where {$_.Name -NotLike "Set-CASMailbox*"} | Remove-ManagementRoleEntryNew-RoleGroup -Name "ActiveSync Device Management" -Roles "ActiveSync Approval" -Members “EAS Approvers" -Description "Members of this management role group have rights to approve and deny EAS devices"Adding members to the role group enables them to approve and deny EAS devices
  • Exchange 2010 SP2 & Tips

    1. 1. palais descongrèsParis7, 8 et 9février 2012
    2. 2. Exchange Server 2010SP209-févr-12 TricksTips &Scott SchnollPrincipal Technical WriterMicrosoft Corporation MSG208
    3. 3. ANNONCESDernières nouvelles
    4. 4. PST Capture Tool Released! Released 9:00 am, Jan 30th  Announcement –  Download –  Documentation – Helps you search your network to discover and import PST files across your environment Import PST files into Exchange Online or Exchange Server 2010 directly into users primary mailboxes or archives
    5. 5. New ActiveSyncReport Script PowerShell-based script that can be used to identify devices causing resource depletion issues on Exchange servers Can help in spotting trends and automatically generate reports for continuous monitoring Uses LogParser 2.2 and Windows PowerShell 2.0 Download from
    6. 6. New Guidance for Hosters /hosting  SP2 migration guidance Intended for service providers, system integrators, and technical consultants who may be involved in the planning and implementation of a migration from Exchange 2010 in /hosting mode to Exchange 2010 SP2 The only supported scenario is to  Deploy Exchange Server 2010 SP2 into a new forest  Migrate user accounts, mailboxes, and other resources from the /hosting forest to the new Exchange 2010 SP2 forest
    7. 7. Exchange Server 2010SP2 Development
    8. 8. Exchange 2010 SP2Development January 24, 2011 Development began Released December 4, 2011  Build Number  SP2 has hundreds of bug fixes and some new features  Every bug is triaged for risk, cost and applicability  Each new feature gets spec‟d (Functional, Dev, and Test), and undergoes a thorough review
    9. 9. Exchange 2010 SP2Development of using customers during development Exchange has a history (JDP, RDP, TAP) TAP consists of customers who deploy pre-release bits in production and receive  support from Microsoft  access to a private DL and a Wiki with all the latest info  conference calls with Exchange team folks  a chance to provide feedback, change the product, and find bugs SP2 TAP just shut down
    10. 10. Exchange Server 2010 SP2Development in three Server Editions SP2 is available  Standard Edition (retail and volume)  Enterprise Edition (volume only)  Includes all Exchange 2010 Standard features, plus support for up to 100 databases per server  Hybrid Edition (volume only)  This is a Standard Edition SKU designed to be a “gateway” for upgrading from previous versions of Exchange to Exchange Online
    11. 11. Exchange 2010 SP2Development Hybrid Edition  Can be used only for connecting on-premises environment with Office 365  If you move a mailbox to it, or leverage any features outside the scope of a hybrid deployment, you must purchase regular license and CALs  Multiple Hybrid Edition servers can be deployed, if needed  Not available for Office 365 trial customers; simply use Trial edition of Exchange 2010 SP2
    12. 12. Upgrading Tips
    13. 13. Upgrading Tips SP2 includes Active Directory schema updates  3 new classes (and class object IDs) have been added  59 new attributes (and attribute object IDs) have been added  29 new MAPI IDs have been added  46 new indexed attributes  36 new global catalog attributes Get complete listing of all schema changes from MSDN 
    14. 14. Upgrading Tips SP2 includes database schema updates  Upgrading from RTM  SP2 can take a while (20-30 minutes) due to database schema upgraders that run  Look for instances of MSExchangeIS Mailbox Store event 1185 in event log  Once a mailbox database has been upgraded to a later version, it cannot be moved to an earlier version (e.g., database *over or database portability use is limited during upgrade period)
    15. 15. Upgrading Tips Client Access Server role has new operating system pre- requisites in SP2  ASP.NET  ISAPI Filters  IIS 6 WMI Compatibility Exchange Setup can install the new pre-reqs for you  Setup /Mode:Upgrade /InstallWindowsComponents
    16. 16. Upgrading Tips SP2 includes some updated RBAC management role definitions  If you manage Exchange 2010 from a pre-SP2 server in an Org that has been updated to SP2 you will get warning messages  Exchange Management Shell  WARNING: The object MyMailboxDelegation has been corrupted, and its in an inconsistent state. The following validation errors happened: WARNING: The property value you specified, "15", isnt defined in the Enum type "ScopeType".  Exchange Management Console  The object MyMailboxDelegation has been corrupted, and its in an inconsistent state. The following validation errors happened: The property value you specified, "15", isnt defined in the Enum type "ScopeType".
    17. 17. Upgrading Tips Mailbox Replication Service (MRS) has changed in SP2  MRS Proxy will be disabled on upgrade to SP2 (thus, cross- forest mailbox moves will not be processed)  Enable using Set-WebServicesVirtualDirectory - MRSProxyEnabled  MaxMRSProxyConnections  
    18. 18. New Cmdlets and Scriptsin SP2
    19. 19. New Cmdlets Address Book Policies  New-AddressBookPolicy  Get-AddressBookPolicy  Set-AddressBookPolicy  Remove-AddressBookPolicy Hybrid Deployments  New-HybridConfiguration  Get-HybridConfiguration  Set-HybridConfiguration  Update-HybridConfiguration
    20. 20. New Scripts -ConvertOABVDir.ps1 to convert the OAB virtual Execute this script on each CAS directory to an IIS web application, and create a new application pool called MSExchangeOabAppPool Converting the OAB virtual directory is necessary to support Kerberos authentication, which we recommend See for more information
    21. 21. New Scripts - ExPerfwiz.ps1 Formerly an out-of-band tool; now shipped in the product! Helps automate the collection of performance data on Exchange 2007 and Exchange 2010 servers Automatically adds the appropriate counters for each detected server role
    22. 22. New Scripts - LargeToken-IIS_EWS.ps1 Solves issue where the size of the availability request exceeds the limit when you have large access tokens (> 200) This script and a companion script, LargeToken- Kerberos.ps1, were actually first released in UR4 for Exchange 2010 SP1  LargeToken-IIS_EWS.ps1 increases the value of the MaxFieldLength and MaxRequestBytes IIS parameters and changes the EWS Web.config bindings on all CAS in the site See for more info
    23. 23. New Scripts - LargeToken-Kerberos.ps1 This script sets HKLMSystemCurrentControlSetControlLsaKerberosParameter s values MaxPacketSize to DWORD 1 and MaxTokenSize to DWORD 65535 on all specified machines in the domain See for more info
    24. 24. Exchange Server 2010Service Pack 2Feature: Mini Version of Outlook Web App
    25. 25. Mini Version of Outlook WebApp Feature driven by demand from markets where browser- based phones still rule Administer using PowerShell This is not Outlook Mobile Access from Exchange 2003  None of the Exchange 2003 code was re-used  Completely new code built as a set of OWA forms
    26. 26. Mini Version of Outlook WebApp Enabled and disabled using Set-OWAMailboxPolicy  Set-OWAMailboxPolicy PolicyName - OWALightEnabled:$True Provides an alternative view of OWA, so  OWA mailbox policies and segmentation are inherited  Any unsupported features in the policy are disabled  Features such as calendar, contacts, etc., can be enabled or disabled on a per policy basis  If a new language is added to OWA, mini version gets it
    27. 27. Exchange Server 2010Service Pack 2Feature: Hybrid Configuration Wizard
    28. 28. Hybrid Configuration Wizard EMC-based wizard plus cmdlets for setting up on- premises Exchange and Office 365 to work together – in Hybrid mode Vastly simpler process than the current SP1 manual experience What once took ~49 steps, now takes 6 (your mileage may vary)  >80% reduction for the administrator
    29. 29. Exchange Server 2010Service Pack 2Feature: Address Book Policies
    30. 30. Address Book Policies Common Scenarios  Legal or compliance reasons – People are not allowed to see each other in the GAL  Privacy reasons – School scenario where students can‟t see other classes but are all in one school  Optimization reasons – Organization has logical sub-divisions but still needs to share some resources and infrastructure (MSN and Xbox)  Hosting reasons – You want to host multiple organizations on one platform and don‟t want them seeing each other  Usability reasons – You have a huge GAL which is hard to navigate, the sort order may be mixed up, or the GAL may simply be massive (US Army or DoD)
    31. 31. Address Book Policies Address Book Policies (ABPs) enable you to achieve GAL Segmentation in Exchange 2010 ABPs work on the principal of direct GAL and Address List assignment rather than allowing or denying access to all available lists Any request that comes through the Address Book Service on CAS is evaluated against the ABP assigned to the user
    32. 32. Address Book Policies ABPs apply only to users and clients on Exchange 2010 that use CAS for directory and  Opens the address list picker  Tries to resolve a name or an alias  Adds a room resource to a meeting request  Searches the GAL  Searches the directory from Outlook Voice Access  Queries the directory from a mobile device  Views someone‟s DL memberships, or views the members of a DL
    33. 33. Exchange Server 2010Service Pack 2Feature: OWA Cross-Site Silent Redirection
    34. 34. OWA Cross-Site SilentRedirection via CAS in the „wrong‟ AD site, CAS has a decision If you access OWA to make It can proxy or redirect the connection to the target site  If there is no ExternalURL in that site, we proxy, the mailbox opens and the user gets access  If the target site has an ExternalURL the user gets a page with a link to click  The user clicks the link, and logs in again, and gets access  The user has to log in twice  We are removing the need to click the link  Which for some scenarios will result in a Single Sign On experience
    35. 35. Experience: Before After and
    36. 36. OWA Cross-Site SilentRedirection Enabled on Internet-facing CAS, on a per OWA virtual directory basis Set-OWAVirtualDirectory –Identity “CAS1owa (default Web site)” –CrossSiteRedirectType Silent When you enable silent redirection  You will be informed that the target CAS must have an ExternalURL that leverages HTTP SSL protocol  You will receive a warning that single sign-on experience may not be possible if FBA is not enabled Demo video at
    37. 37. Additional Enhancementsin SP2
    38. 38. Additional Enhancements inSP2 Disable Mailbox Auto-Mapping  Outlook 2007/2010 can map to any mailbox to which a user has Full Access and, through Autodiscover, automatically loads all mailboxes to which the user has Full Access  If the user has Full Access to a large number of mailboxes, performance suffers when starting Outlook  SP2 enables admin to disable this behavior by setting new Automapping parameter for Add-MailboxPermission to False  See for steps
    39. 39. Additional Enhancements inSP2 Custom Attribute Enhancements  Five new multi-value custom attributes (ExtensionCustomAttribute1 to ExtensionCustomAttribute5) that you can use to store additional information for mail recipient objects  Each can hold up to 1,300 values, and support multi-values by using comma-delimited list  Supported by Set-DistributionGroup, Set- DynamicDistributionGroup, Set-Mailbox, Set-MailContact, Set-MailUser, Set-MailPublicFolder, Set-RemoteMailbox
    40. 40. Additional Enhancements inSP2 Litigation Hold  You can‟t disable or remove a mailbox that has been placed on litigation hold; prior to SP2, you had to disable litigation hold  SP2 includes new IgnoreLegalHold parameter that is supported by the following cmdlets  Disable-Mailbox  Remove-Mailbox  Disable-RemoteMailbox  Remove-RemoteMailbox  Disable-MailUser  Remove-MailUser
    41. 41. Additional Enhancements inSP2 Availability High  Move-ActiveMailboxDatabase has new SkipActiveCopyChecks parameter which bypasses the check to see if the copy being activated is currently being used as a source for seeding  If you use this parameter when activating a copy, the seeding/update process will be terminated
    42. 42. Random Tips
    43. 43. Mailbox DatabaseHousekeeping you may need to periodically scan In large environments, Active Directory for disconnected mailboxes that arent yet marked as disconnected in the Information Store and update the status of those mailboxes in the Store You can use Clean-MailboxDatabase to do this, but that requires mailbox database GUIDs To get the GUID: Get-MailboxDatabase | fl Identity, Guid Or simply run: Get-MailboxDatabase | Clean-MailboxDatabase
    44. 44. ActiveSync ApprovalDelegation Help Desk folks to approve or deny EAS devices Scenario: You want without giving them Org Management rights Solution  Create mail-enabled security group used for quarantine notifications  Enable EAS quarantine and configure notification message  Copy management role containing Set-CASMailbox –ActiveSyncAllowedDeviceIDs cmdlet/parameter  Remove all other management role entries from custom role  Create new role group containing security group  Add user to new role group and Recipient Management role
    45. 45. Get all Email Addresses forDomain addresses for an SMTP domain, including those All email assigned to mail-enabled public folders Get-Recipient | where {$_.emailaddresses -match “”} | fl name,emailaddresses >>emailaddresses.txt
    46. 46. Analyze Message Tracking Logs Analyzes Message Tracking Logs and produces a .csv file of mail stats per user, and keeps distribution list usage Finds all Hub Transport servers in the Org, retrieves the logs from the previous day, and generates stats for each user, for both Internal and External emails, by primary address, for  Total Messages and Bytes Sent  Unique Messages and Bytes Sent  Total Messages and Bytes Received
    47. 47. Free script repository forExchange Center Repository - TechNet Script Over 50 scripts for Exchange 2010 created by internal and external community contributors Each contribution is licensed to you under a License Agreement by its owner, not Microsoft Microsoft does not guarantee the contribution or purport to grant rights to it
    48. 48. Questions? Thank you for attending! Contact me at any time with questions:   Twitter: @schnoll  Blog:
    49. 49. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.