Upgrading Email Policies and Address lists to Ex07

After I test mail flow, I upgrade the existing email address policies (EAPs) and Address lists to Exchange 2007.
This is done thru the Exchange Powershell commands.
The short version is this:
Set-EmailAddressPolicy “Default Policy” -IncludedRecipients AllRecipients

Set-AddressList “All Users” -IncludedRecipients MailboxUsers

Set-AddressList “All Groups” -IncludedRecipients MailGroups

Set-AddressList “All Contacts” -IncludedRecipients MailContacts

Set-AddressList “Public Folders” -RecipientFilter { RecipientType -eq ‘PublicFolder’ }

Set-GlobalAddressList “Default Global Address List” -RecipientFilter {(Alias -ne $null -and (ObjectClass -eq ‘user’ -or ObjectClass -eq ‘contact’ -or ObjectClass -eq ‘msExchSystemMailbox’ -or ObjectClass -eq ‘msExchDynamicDistributionList’ -or ObjectClass -eq ‘group’ -or ObjectClass -eq ‘publicFolder’))}

The long version is here:

http://msexchangeteam.com/archive/2007/01/11/432158.aspx

Advertisements

Testing new Exchange installation; step 2

Continuing on from my blog entry from Dec 2nd, after you get the server installed I like to reboot the server.
After a reboot, I make sure all the Exchange services start, no errors exist in event viewer, then I install the latest updates… follow this link http://support.microsoft.com/kb/937052
At the time of this writing, “update rollup 5” is out.

Again I reboot, make sure all the Exchange services start, no errors exist in event viewer, then
I test email flow within, across servers, and in-out from Internet.

The easiest way to do this is setup a test account on the new server. This means create a new user account and new mailbox on the Exchange 2007 server using the Exchange Management console. I make the password pretty simple, so I can’t fat finger it.
I typically use OWA for testing. That means I type https://servername/owa and say yes to any prompts due to the self signed certificate.
It cuts out any issues that might exist with outlook the client and the Exchange server.

1. Send yourself a test message. It should show up in the Inbox instantly.
2. Send a test message from this test account to a working account on the old server, then send it back.
3. Send a test message from this test account to your gmail, yahoo, or something like that. Then send it back.
4. Launch OWA from the server console. I make sure I see the same thing in OWA as I see in Outlook.

Making the OST file contiguous



This program makes the OST into one contiguous file, it essentially defrags a single file.

The OST file is local copy of the mailbox in Outlook.

Make sure you have closed outlook before running this program (the program will kill outlook if it is running)

Here is the autoit code:

ProcessClose("OUTLOOK.EXE")
ProcessClose("Communicator.exe")
ProcessWaitClose("OUTLOOK.EXE")
ProcessWaitClose("Communicator.exe")
FileCopy ( "./contigbat.bat", "c:\windows", 1 )
MsgBox(4096,"Defrag the OST file", "You are about to make the Outlook OST file contiguous")
RunWait (@ComSpec & " /c " & ‘contigbat.bat’, "", @SW_MAXIMIZE )

and here is the batch file called contigbat.bat, just place these two files anywhere. Oh, this tool assumes you already have contig.exe tool installed in your path (like c:\windows or c:\windows\system32)

CD\
CLS
CONTIG -V "%userprofile%\Local Settings\Application Data\Microsoft\Outlook\*.OST"

@ECHO .
@ECHO .
@ECHO .
@ECHO .
@ECHO .

@ECHO LOOK ABOVE FOR REPORT, THEN PRESS THE SPACEBAR
PAUSE

Installing Exchange 2007 sp1on Win 2008; step 1

I like to setup a Windows box with at least a 12 GB hard drive for the C drive. If space is no problem, I’ll make it 40 Gig.
Realize that you will place the databases and the transaction logs on their own drives.
What windows services to install? That depends on what roles will be running on this server. Mailbox role? Hub Transport and Client Access role?
How to install these services? That depends on what version of Windows we are running. 2008 or 2003 ? In either case, it needs to be x64.
For now, let’s assume all roles (single exchange server installation), and Windows 2008.

Go here, and download the xml files. Extract them and place them in a new folder, c:\xml-files\
Run the cmd as Administrator, and run this:

ServerManagerCmd -ip c:\xml-files\exchange-base.xml
ServerManagerCmd -ip c:\xml-files\exchange-CAS.xml (or MBX)
This will install all the necessary windows services (iis, rpc proxy, powershell, .net, etc). If the server requires a reboot at any time, say yes, then rerun the same command.

This is the long version, from the Exchange Team.

Then, if there is enough room on the C drive, I make a folder called c:\Ex2007setup (or something like that), then copy the install files there. The install runs faster if you run it off the c: drive. Also, it’s not uncommon to have to reinstall a role if something breaks.
If you have domain controllers located at other sites (hence you have delayed replication), you need to prepare active directory’s schema first. If this is the case, run setup /preparead, and if you are dealing with a multi-domain forest, you better read this at technet. After you prepare ad, use replmon tool to force replication of the schema to all domain controllers.
From there, I right click on the setup.exe and run as Administrator. I follow these steps, starting with “figure 3”. Ignore the part about ServerManagerCmd commands. Those steps were written before the publishing of the xml files, hence, more commands to type.
Installing all the Exchange Roles on a single server is the “Typical” install, but if you want to check the boxes for all three roles, go ahead and click the “Custom” option.
After the setup is complete, reboot the server, and check event viewer for errors, start the new exchange managment tool. Create two test accounts testuser1, testuser2. Make the passwords real simple to type out on the keyboard… you will be doing a lot of testing and sometimes at the powershell prompt, which is less forgiving than the gui.
Looking down the road….. we will test mail flow, setup certificates requests, enter product keys, apply patches, move transaction logs and databases to their own disks, hmmm, probably upgrade some exchange 2003 stuff.

Multiple Routing Group Connectors between Exchange 2003 and Exchange 2007

Company XYZ has two locations.
Each location has two servers, one Exchange 2003 and one Exchange 2007. All incoming mail from the internet goes to Server C.
The location on the left is the main office, the location on the right is the branch office.

image 
The default installation of the first exchange server happened to be Server D. This created a connector between the two version.
Unfortunately, Incoming mail from the Interent can be assigned to Server A or Server C, as the location on the Left is where the Incoming connection exists.
The problem exists when mail is sent from Internet to mailboxes that exist on Server A. The mail unnecessarily travels across the WAN link to the branch office, then back to the Main office after going thru the Exchange connector.
 

image

This problem is resolved by using the following powershell command to build a connector between Server A and Server C

New-RoutingGroupConnector -Name "Interop RGC" -SourceTransportServers "Ex2007Hub1.contoso.com" -TargetTransportServers "Ex2003BH1.contoso.com" -Cost 100 -Bidirectional $true -PublicFolderReferralsEnabled $true

It’s explained in technet here: How to Create Routing Group Connectors from Exchange 2007 to Exchange Server 2003

Because there is a possibility of looping, you need to Suppress Link State Updates on all Exchange 2003 servers. Instead of traversing the registry, I decided to make a reg file. Just copy and paste the following text to a file called SupressLinkState.reg

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RESvc\Parameters]

"SuppressStateChanges"=dword:00000001

Then double click it, and say yes to this:

image 
Now the flow of traffic looks like this

 

image 
Exchange 2007 can’t send mail directly to a 2003 server unless there is a connector between them. The Blue arrows represent connectors, the Black arrows represent built in mail flow based on lookup of mailbox location.

This is what it looks like in ESM on 2003, but you can’t edit it. You get the error message seen below:

image 
And you can’t modify any of the properties once you do get into it.

image 
Exchange 2007 does not have any gui interface to these connectors, just powershell.

Get-RoutingGroupConnector and Get-RoutingGroupConnector | fl      for a full listing.

Dcpromo and the logon as a service story.

There once was a file and print server that needed to be a domain controller. Install the dns service, then dcpromo it.

I forgot to take note that the dcpromo process applies a security template for domain controllers in the system. So accounts used by third party services may need to have the “allow logon as service” right assigned to it.

The easiest way to make this happen is go into the service, try to start it, watch it fail.  Then go to the password, type it in (twice), then click ok. You should see a popup dialog box indicating that the account has been given the above mentioned privilege.

The service in my case was Backup Exec.

Routing Group Connector with Exchange 2003 & 2007

Company XYZ has two locations.
Each location has two servers, one Exchange 2003 and one Exchange 2007. All incoming mail from the internet goes to Server C.
The location on the left is the main office, the location on the right is the branch office.

image 
The default installation of the first exchange server happened to be Server D. This created a connector between the two version.
Unfortunately, Incoming mail from the Interent can be assigned to Server A or Server C, as the location on the Left is where the Incoming connection exists.
The problem exists when mail is sent from Internet to mailboxes that exist on Server A. The mail unnecessarily travels across the WAN link to the branch office, then back to the Main office after going thru the Exchange connector.
 

image

This problem is resolved by using the following powershell command to build a connector between Server A and Server C

New-RoutingGroupConnector -Name "Interop RGC" -SourceTransportServers "Ex2007Hub1.contoso.com" -TargetTransportServers "Ex2003BH1.contoso.com" -Cost 100 -Bidirectional $true -PublicFolderReferralsEnabled $true

It’s explained in technet here: How to Create Routing Group Connectors from Exchange 2007 to Exchange Server 2003

Because there is a possibility of looping, you need to Suppress Link State Updates on all Exchange 2003 servers. Instead of traversing the registry, I decided to make a reg file. Just copy and paste the following text to a file called SupressLinkState.reg

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RESvc\Parameters]

"SuppressStateChanges"=dword:00000001

Then double click it, and say yes to this:

image 
Now the flow of traffic looks like this

 

image 
Exchange 2007 can’t send mail directly to a 2003 server unless there is a connector between them. The Blue arrows represent connectors, the Black arrows represent built in mail flow based on lookup of mailbox location.

This is what it looks like in ESM on 2003, but you can’t edit it. You get the error message seen below:

image 
And you can’t modify any of the properties once you do get into it.

image 
Exchange 2007 does not have any gui interface to these connectors, just powershell.

Get-RoutingGroupConnector and Get-RoutingGroupConnector | fl      for a full listing.