Praveen

Praveen

Recently I was taking an inventory of Distribution Lists in my messaging infrastructure, which lead me to take an additional step to look at the statistics about the total number of members and the usage of each group. As you would be wondering, it wouldn’t be as easy as we think if we plan to achieve it without a script. Here is one simple script, which let you extract the DL usage statistics with the following information,

-          The total number of users in each Distribution Group

-          The total number of times the group has used in the past number of days

Most Exchange Server Administrators keep the tracking log retention period as 30 or 60 days. Which means you will only be able to extract usage statistics for the past number of days equal to the message tracking log retention.

Permissions Required: You need to login as Server Admins to get the result or a user who has access to message tracking and Get-TransportServer cmdlet, as the script looks for all transport servers.

Download Script
How to Use?

You can run the script with or without specific parameters,

Examples,

.\DLStatistics.ps1 [Get you ALL the DL Information with members and usage statistics for last 7 days]

.\DLStatistics.ps1 -Days [Usage Days] -filePath [Give the report Path]

    e.g. {.\DL_Usage_Stats.ps1 -Days 1 -filePath C:\scripts\Dev\}

DL Usage Examples1

    Default File Path is C:\Scripts and the Default usage days is 7 days 

Though the script can be run with n number of days duration, I suggest you to run it for a week to get a report faster. The following information will give you a fare idea about the total time the script takes to complete,

Total Number of Groups = ~100

Total Tracking Log Size (all servers) = 8GB

Total time taken = 1- 2 hours. 

Once you test the script succesfully, I suggest you to write a batch file and schedule it to run every week so that you can create statitical information for longer periods.

Download Script

The script can be easily modified to include general DL property field as per your requirements, add additional properties just after the following section similar to below,

$reportObj | Add-Member NoteProperty -Name "Group Name" -Value $DL.DisplayName
$reportObj | Add-Member NoteProperty -Name "Email Address" -Value $DL.PrimarySMTPAddress 

Ensure you keep the format similar to above, which should avoid any confusion at the end. It is important for you to know the Distribution Group property field name such as alias,ManagedBy etc. Get-DistributionGroup command can help you get all field names.

Share your comments to improve the script to match the regular requirements.

Download Script

-Praveen

We all know that the OWA page (ECP in purticular) has the option to update the user contact information. However, at time you might in need for a script to enable the similar feature, such as when the OWA feature is not available to all user. I had similar situation in my company, where the OWA feature is not enabled for ALL users, and forced to develop a small PS script which enables the users to update their on contact information self.

Download the Script Here

Following script gives you a sample, and can extend the fields according to your requirement. Below shows the interface that each user gets, and the username field is choosen authomatically from the user's login page. That makes it clear that the script can only run by the users who directly logged into domain joined computers with their network credentials.

 GAL Script

Download the Script Here

As you are aware, the unsigned script can not be executed from the user machine, unless you change the restriction setting of windows powershell. The following section discuss about how to by pass the powershell execution policy.

How to by pass Powershell Restriction

You may run the .ps1 script with the switch "Bypass" when running the command.

e.g. PowerShell.exe -NoProfile -nologo -ExecutionPolicy Bypass -File ./script.ps1

Or you may create a batch file (.bat) and call the ps1 script from it, sample batch file entry will look like this,

@ECHO OFF
PowerShell.exe -NoProfile -nologo -ExecutionPolicy Bypass -Command "& '\\server\GAL\UpdatePhone_v2.PS1'"

Save the above line in a .bat file and run it from any computer.

 

Download the Script Here

Share you comments.

-Praveen

 

A short video has been uploaded to share you the process of installing Microsoft Exchange Server 2016. The video gives you an idea about preparing a new infrastructure for Exchange Server 2016, however you might need to work on understanding the co-existence scenario.

If you have not gone through the earlier articles including the installation guide, please do so to understand in detail.

Step by Step Installation Guide – Exchange Server 2016, preview version

Exchange Server 2016 Architecture, farewell to CAS role

Meet Exchange Server 2016 - Microsoft Ignite 2015

 Your experiences are important to me, therefore please do not forget to share through the comments.

 -Praveen

 

I have tried to make it simple on how to install your first Exchange Server 2016 on a Windows Server 2012 r2 infrastructure.

My Lab,

One Domain Controller (Windows Server 2008 r2 Std), and the functional level is Windows 2008 r2 (you may chose 2012 as well). – DC1

One Member Server (Windows Server 2012 r2 Std) – EX1

Domain Name is ed.com (I used short form of ExchangeDictionary.com)

Once you added the EX1 server into domain, you have 2 following options to install the exchange pre-requisites.

- Use the exchange installation wizard and select the option “Automatically install Windows Server roles and features that are required to install Exchange Server”

- Manually install the pre-requisites and start the Exchange installation wizard.

I recommend you to follow the first option, which will ensure all required roles are installed and the easiest between the two.

Download the required software’s before we start the actual installation process.

Exchange Server 2016: Download Microsoft Exchange Server 2016 - Preview

Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit: Download

.NET Framework 4.5.2: Download

Installation Guide

Note: Please note that, I use a fresh AD and Exchange infra and hence you would not see any co-existing scenarios in this article.

Stage1

Start the Exchange installation wizard (Extract the EXE downloaded from MS Download site)

Double click the setup application from the extracted folder, and follow the initial wizard and accept the EULA (End User License Agreement) and click Next to continue.

At the Recommended Settings section, select “Don’t use recommended settings” and click Next to continue.

Recomended Settings

Next screen will ask you for the Server Role Selection, select Mailbox role and ensure that you selected “Automatically install Windows Server roles and features that are required to install Exchange Server” option at the bottom and click Next to continue.

Server Selection and Role installation

Follow the wizard and ensure you have chosen correct option & values in the following screens,

- Installation space and Location

- Specify the Name for this Exchange Organization (I entered as ExchangeDictionay)

The wizard will now install the required server roles and features automatically. Wait for the process to complete until you get Readiness Check result. The result page will display many errors and warning. You may safely ignore the errors & warning, because many roles and feature requires a server restart.

Before you initiate the server restart, please run the following command to add the “Server Media Foundation” feature (this feature does not get installed automatically, let’s hope that MS update the process in the full release).

Run “Install-WindowsFeature server-media-foundation” from Windows PowerShell

Media Foundation - Install

Initiate a server restart to continue the Exchange Server installation wizard.

Stage2

Once the server is restarted, please install the following applications/software which are download earlier,

Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit
File Name – UcmaRuntimeSetup.EXE
.NET Framework 4.5.2
File Name - NDP452-KB2901907-x86-x64-AllOS-ENU.exe

Restart the Server once again to finalize the setup process.

Stage3

By now you have completed installing all the required pre-requisites for installing Exchange Server 2016. Please start the Exchange Server 2016 installation wizard again from the extracted folder.

Follow the wizard exactly we did it in the stage1.

You will see a clean “Readiness Checks” result, and it is all set to continue the installation. Click on Install button to continue the installation process.

Readiness Check Result

Sit back and relax, the process will take approximately 40 minutes to complete and again depends on the server configuration you use. Restart the server once the wizard successfully finishes the installation process and Open your Exchange Administration Console.

More articles to follow, stay connected in Facebook, Linked IN & twitter.

-Praveen

As communnicated by MS, the preview version of Exchange Server 2016 is now available for download. Get your hands dirty with the new version of Exchange and share the experiences.

Download Microsoft Exchange Server 2016 - Preview

The fillowing articles are shared earlier in view of new features n Exchange Server 2016, go through then if you have not done so earlier.

Exchange Server 2016 Architecture, farewell to CAS role

http://www.exchangedictionary.com/news/a-first-look-at-exchange-server-2016

Interested in reading more before download, please refer Announcing Exchange Server 2016 Preview!

-Praveen

 

As you are aware, by November 2015, the 3rd party SSL providers will stop supporting the internal domain names if you don’t own them publically. For example, if you use domain.local as internal domain, then please be aware that the 3rd party CAs will stop issuing certificates with these internal names with effect from November 2015. In simple words, you can only get SSL certificates for the domains you own publically as each domain names included in the SSL certificate should be validated against the domain ownership.

Ref: https://cabforum.org/wp-content/uploads/Guidance-Deprecated-Internal-Names.pdf

In order or to avoid service break down, you must reconfigure the internal service URLs to be trusted with a publically trusted domain OR you should use an Enterprise CA SSL for the internal service URL.

The later configuration, in my opinion, is bit more complicated because it would lead you to create separate traffic rules for internal and external messaging client. So, I suggest you to create a split DNS internally and reconfigure the Exchange internal URLs with the publically trusted domains so that to ensure smooth transition during this phase out period. Reconfiguring internal URL with publically trusted domain can also help reduce the number of SAN used in your SSL certificate.

This article is specifically focused on the areas where you need to keep an eye on reconfiguring the internal service URLs of Exchange 2010, this can be also used to reconfigure the version Exchange Server 2007 and 2013.

The following services are to be reconfigured to bring them in line with the new SSL standards,

  1. Autodiscover
  2. EWS (Exchange Web Services)
  3. OAB (Offline AddressBook)
  4. OWA and ECP (Exchange Control Panel and Outlook Web Access)
  5. Outlook anywhere
  6. Exchange Active Sync

Before you proceed, please ensure that you have done all pre-requisites for split DNS configuration. Because once you reconfigure the URLs, the traffic will be diverted to publically trusted domain. Not using a split DNS will cause the client to reach external lookup find the services.

Find the commands to reconfigure in order with the above services,

Note: My external domain is exchangedictionary.com, for this exercise. Please replace it with your externally trusted domain. I assume that you already have the external URLs set with externally trusted domain.

Set-ClientAccessServer -Identity EXH1 -AutoDiscoverServiceInternalUri “https://autodiscover.exchangedictionary.com/Autodiscover/Autodiscover.xml

Set-WebServicesVirtualDirectory -Identity "EXH1\EWS (Default Web Site)" -InternalUrl “https://email.exchangedictionary.com/ews/exchange.asmx

Set-OabVirtualDirectory -Identity "EXH1\OAB (Default Web Site)" -InternalUrl "http://email.exchangedictionary.com/OAB"

Set-OwaVirtualDirectory – identity “EXH1\owa (Default Web Site)” –InternalUrl “https://email.exchangedictionary.com/owa”

Set-EcpVirtualDirectory -identity “EXH1\ecp (Default Web Site)” –InternalUrl “https://email.exchangedictionary.com /ecp”

Set-ActiveSyncVirtualDirectory -identity “EXH1\Microsoft-Server-ActiveSync (Default Web Site)” –InternalUrl “https://email.exchangedictionary.com /Microsoft-Server-ActiveSync

Additional Informations:

  • Usually an IIS reset would apply these changes to the infrastructure, however I had to restart few servers (not all) to replicate the changes to clients.
  • You may use fiddler to test the client traffic to ensure there are not host name specific URLs are being requested.

Ref URLs,

https://cabforum.org/wp-content/uploads/Guidance-Deprecated-Internal-Names.pdf

https://www.digicert.com/internal-names.htm

https://www.digicert.com/internal-domain-name-tool.htm

-Praveen

I recently posted couple of articles discussing the Exchagne Server 2016 features and changes (Exchange Server 2016 Architecture, farewell to CAS role & Coming Soon - A first look at Exchange Server 2016 & On-Premises Version is to Stay).

Take a look at the video, and explore more details on the new On-Premise version Exchange, Exchange Server 2016.

 

-Praveen

The Exchange Server 2016 built on the similar architecture as in Exchange Server 2013, with one major change by removing the Client Access Server role. MS has removed Client Access Server role and introduced client access services to the Mailbox role. As a result, the Mailbox server role contains,

1. The logic to route protocol requests to the correct destination endpoint
2. Hosts all of the components and/or protocols that process, render and store the data.

It might remind some of us the architecture in Exchange Server 2003, but with a FE role. However, we still need to wait and see the actual product and its capabilities.

As per the introductory note, it is underlining that MS is not compromising the backend infrastructure client connectivity security. Even by removing the CAS role, no clients would connect directly to the back-end endpoints on the Mailbox server; instead, clients connect client access services and are routed (via local or remote proxy) to the Mailbox server that hosts the active database that contains the user’s mailbox.

There are changes in the architecture of DAG as well. As usual, the building block concept is still valid, as the additional mailbox servers can be added to form HA unit with the following additional enhancements,

1. DatabaseAvailabilityGroupIpAddresses is no longer required when creating a DAG. By default, the failover cluster will be created without an administrative access point, as this is the recommended best practice.
2. Replay Lag Manager is enabled by default.
3. Lagged database copy play down can be delayed based on disk latency, thereby ensuring active users are not impacted.
4. Database failovers times are reduced by 33% when compared to Exchange Server 2013.

The following diagram from MS shows the client protocol connectivity.

PA-Client Protocol Connectivity

This is not all, there are major other developments in the overall architecture, please follow the article from Microsoft Exchange Blog here. Happy reading.

-Praveen

 

According to the information available from Microsoft Exchange Team, the on-premises release is planned to ship in the second half of this year (2015). As always, they convey the message that there are new features, enhancements, and refinements that add up to goodness on the way for end users, IT, and your organization as a whole. From the blog, some of the highlights of the new versions are,

  • - A new approach to document collaboration that makes it easy to send links and collaborate without versioning issues of attachments
  • - Faster and more intelligent search, to help users quickly find what they need in their mailboxes and calendars
  • - Significant improvements to eDiscovery search performance and reliability
  • - Better extensibility, including new REST-based APIs for Mail, Calendar, and Contacts that simplify web and mobile development

It is also unveiled that, some of these features are already birthed in the cloud, office 365 platform. Lets wait to see the enhancement that MS always committed to deliver.

Ref - Coming soon: A first look at Exchange Server 2016

I will try to grab information and share it with you all as and when it becomes available.

-Praveen

 

Couple of times in the past, I observed this behavior that the database copy status turns to DisconnectedAndResynchronizing from DisconnectedAndHealthy after removing the activation restriction.

DisconnectedAndResynchronizing

This situation arise because, the copy try to replay the recent logs from other nodes. If your database copy could not find any copy to copy the pending logs, the status would stay the same for longer period.

Solution:

If you wish to have 2 DAG cluster with one of the cluster node as DR instance, then it is not a good idea to keep the ActivationSuspended parameter to true. Following are the approach you should consider to ensure a seamless recovery in case of a failover.

Option 1:

      1. Disable the ActivationSuspended value in the second node

      2. The database would failover immediately in the event of a node failure.

Option 2:

      1. Enable the ActivationSuspended value in the DR node

      2. In the event of active node failure, follow the DR procedure to evict the failed node prior to release the Activation suspension

It is recommended that, activation suspension can be released either when the nodes are available or after evicting failed nodes from the DAG cluster.

-Praveen

Page 2 of 15
theme by reviewshub