Embed Size (px)
Citation preview
Recipient Management, Policies, and Permissions in
Exchange 2007
Daniel Kenyon-smith
http://blogs.technet.com/danielkenyon-smith/default.aspx
Introduction
Daniel Kenyon-smith
Audience Discovery
Exchange 5.5
Exchange 2000 or 2003
Exchange 2007
What Will We Cover?
• Recipient management model update
• Administrative permission model
overview
Administrative
Level 300
Helpful Experience
IT administration experience with Microsoft Exchange Server 2003, Exchange 2000 Server, or Exchange Server 5.5
• Using the Exchange 2007 Toolset•New ways of working
• Managing Recipients•New recipient types
• Understanding Administrative Permissions•Split permission model
•Delegation
Agenda
• Make it simple, intuitive, and organized
• Enable administrative automation
Design Principles
• Using the Exchange 2007 Toolset
• Managing Recipients
• Understanding Administrative Permissions
Agenda
PowerShell Engine
Exchange cmdlets
AD*
RegistryFiles
E2007Store
Processboundary
* AD=Active Directory
Exchange 2007 Management Model
PowerShell Engine
Exchange cmdlets
AD*
RegistryFiles
E2007Store
Processboundary
Command-line
* AD=Active Directory
Exchange 2007 Management Model
PowerShell Engine
Exchange cmdlets
AD*
RegistryFiles
E2007Store
Processboundary
WinForms
PowerShell data provider
Command-line
Graphical* AD=Active Directory
Exchange 2007 Management Model
Exchange System Manager
Exchange Management Console
Console treeConsole tree11
11
Result paneResult pane2222
Work paneWork pane33
33 Action paneAction pane4444
Wizard Interface
• The Shell is a powerful and flexible
command-line interface
• Built on command-line PowerShell technology
from Windows
• Extends functionality of the Exchange Management Console
• Supports automation and bulk operations
• Enables administrators to write secure automation scripts
Exchange Management Shell
Exchange Management Shell Continued
• Object-oriented data handling
• Namespaces enable groups or
families of related commands
• Pipelining
• Access to CMD commands
• Trusted scripts
Why Use the Shell?
• One-liners
• Raw mode
• Whatif?
• Interactive
• Using the Exchange 2007 Toolset
• Managing Recipients
• Understanding Administrative Permissions
Agenda
Challenges
• Improve poor separation between Active
Directory and Exchange administration
• Make implementation of split-permissions
model easier
Mailbox ComponentsActive Directory
User John Smith
Exchange 2007
MailboxJohn Smith
User Mailbox – John Smith
Challenges Continued
• Automate user management
• Solve Recipient Update Service problems
• Admin role delegation needs to be more
granular
• Simplified recipient provisioning
• Instant-on recipients
• Rich filtering support
• New recipient types
• Policy support for select mailbox settings
What’s New
What’s New
• Unified Messaging
• New and improved client functionality
• Information worker functionality
Explicit Recipient Types
• Recipient types are now explicit versus
implicit
• Visual indicator
• Filtering on type
Mailboxes
• MailboxUser
• SharedMailbox
• LinkedMailbox
• LegacyMailbox
• Catch-All Mailbox
Resource Mailboxes
• ConferenceRoomMailbox
• EquipmentMailbox
Contacts
• MailEnabledContact
• MailEnabledUser
Distribution Groups
• MailEnabled
UniversalSecurityGroup
• MailEnabled
UniversalDistributionGroup
• MailEnabled
NonUniversalGroup
• MailEnabled
DynamicDistributionGroup
Recipient types Exchange 2007
Public Folders
• Deemphasized in 2007
• Supported through the Shell
• Mixed environments still use public
folders
Rich Filtering
• Server and Recipient Configuration
workcenter can filter objects
• Support for up to 10 expressions
• Support for AND and OR
Recipient Scoping
• Domain- and forest-wide scoping supported
• Results size limited to 1,000, but can be overridden
• Console uses same list of GCs and DCs used by Services
Pickers
Demo
Locating Recipients
Work with Recipient TypesUse FilteringUse Domain and Forest Scoping
demonstration
Enable/Disable
• Enable/Disable
• Adds or removes Exchange attributes
from existing Active Directory objects
New/Remove
• Creates or deletes Active Directory
objects and adds or removes Exchange
attributes
Demo
Creating Recipients
Create and Manage MailboxesCreate Distribution Groups and Dynamic
Distribution GroupsCreate ContactsDisable or Remove Recipients
demonstration
• Restore mailboxes
• Simplified proxy address
• Advanced settings
Mailbox Management Updates
• Exclusive use of universal groups to
avoid DL expansion problems in
multidomain environments
• Simplified proxy address
• Advanced settings
Distribution Group Management Updates
• Created pre-defined filters
• Simplified proxy address
• Advanced settings
Dynamic Group Management Updates
• Created pre-defined filters
• Mailbox Manager functionality separated
from e-mail address policies
• Ability to schedule creation and
application of e-mail address policies
E-mail Address Policy Updates
• RUS no longer needed
• Automatic update of e-mail address policy
• Advanced settings
E-mail Address Policy Updates Continued
• Created pre-defined filters
• Ability to schedule creation and
application of address lists
• RUS no longer needed
• Advanced settings
Address List Updates
• Public folder distribution optional, but still
supported
• New HTTP(S)-based distribution
mechanism
• Advanced features
Offline Address List Updates
General Recipient Management
• Use Templates to Create Recipients
• Secure Recipient Templates
• Set storage quotas on a mailbox
• Set delivery options on a mailbox
• Add a new e-mail address to a mailbox
• Policy support for a mailbox
• Using the Exchange 2007 Toolset
• Managing Recipients
• Understanding Administrative Permissions
Agenda
Exchange 2003 Security and Permissions Model
• Exchange Full Administrator
• Exchange Administrator
• Exchange View Only Administrator
How Things Have Changed
Admin Groups
Exchange 200xExchange 5.x
Sites
Exchange 2007
Granular
Why We Made Changes
• Separate Admins for Exchange and AD
• A lack of granularity
• Perception
• No clear separation
New Administration Model
• New administrator roles
• Exchange Management Console
• Exchange Management Shell
• More granular delegation abilities
• Incorporated usage of universal security
groups to represent the different roles
• Authorization same as Exchange 2003
What’s New
• Setup creates a USG for each admin role in
forest root domain
• SID of each USG is granted rights on all the
Exchange objects and property sets
• Coexistence with Exchange 2003 delegation
model works – permissions are additive
Universal Security Group Usage
• Exchange-specific Active Directory property
sets
• ACL-ing is based on new property sets, not
individual attributes
• Exchange-information property set
• Exchange-personal information property set
Property Sets
• Global data
• Server data
• Recipient data
• Hierarchy maps to admin roles and console
navigation tree
Data Hierarchy
Roles
• Exchange Server Admin
• Exchange Recipient Admin
Role-Effective Rights
Demo
Delegating Admin Roles
Use the Delegate WizardConfigure mailbox permissions Set Advanced Permissions from the Shell
demonstration
Session Summary
• Recipient management is simple,
intuitive, and organized
• Split permissions is now supported
• Permissions model more granular
www.microsoft.com/technet/EXC-106
Visit TechNet at:
www.microsoft.com/technet
Visit the following site for additional information:
For More Information
Exchange 2007 Public Beta
Be the first to know about upcoming Microsoft
betas! Register to receive updates on the
Exchange 2007 public beta through a
customized Microsoft TechNet Flash
newsletter! Find out more here:
http://www.microsoft.com/technet/pro
dtechnol/beta/preregister.mspx
This book can be purchased at all major bookstores and online retailers
Non-Microsoft Publications
Course ID Title
3910 Getting Started with MicrosoftExchange Server 2007 Clinic
3911 Getting Started with MicrosoftExchange Server 2007 HOL
For training information and availability: www.microsoft.com/learning
Training Resources
• Self-study learning tool free to anyone
• Determines skills gaps
• Provides learning plans
• Post your score; see how you stack up
Visit:www.microsoft.com/assessment
Readiness with Skills Assessment
Become a Microsoft Certified Professional
• What are MCP certifications?
Validation in performing critical IT functions
• Why certify?
Wide recognition of skills gained through experience
More effective deployments with reduced costs
• What certifications are there for IT pros?
MCP, MCSE, MCSA, MCDST, MCDBA
www.microsoft.com/learning/mcp
www.microsoft.com/technet/subscriptions
Heard the News About TechNet?
• Software without time limits
• Complimentary technical support
• The most current resources on hand
Find all these support options at www.microsoft.com/technet/supportMicrosoft offers a progressive series of support options starting with no-charge online support and developing through subscription, incident, and contract support.
1. No-Charge Online Support
Knowledge BaseSearch a vast database of articles to pinpoint the information you need.
NewsgroupsAccess over 20,000 active newsgroups on scores of topics.
Product Support CentersGet answers to frequently asked questions, plus how-to articles and step-by-step instructions organized by product.
DLL Help Database Search here to identify the software used to install a specific DLL version.
Events and Errors Message CenterResolve event and error messages fast with explanations, recommendations, and links to support and resources.
Support WebcastsTune in to live technical presentations by Microsoft experts and take part in real-time Q&A.
ChatsChat online with Microsoft specialists or search the transcript archives.
User Group ProgramAccess information and support for IT and other interest-specific user groups.
TechNet Security Resource CenterGet ahead of security risks with resources that keep you current, including security newsletters and the Microsoft notification service.
2. Subscription-Based Support
TechNet SubscriptionSubscribe to TechNet for a personal library of articles, service packs, how-to’s, resource kits, tools, utilities, and more. Your subscription includes monthly updates delivered on CD or DVD, so you always have the latest information, straight from the source.
Upgrade to a TechNet Plus subscription and add all this:
1. Full-version evaluation software, including Microsoft Office System and Windows Server System™ products, without time restrictions.
2. Free support — two complimentary incidents, plus a discount on other support calls.
3. Unlimited, next-business-day access to reliable answers from the IT community and Microsoft Support Professionals through Managed Newsgroups (English only).
3. Assisted Incident Support
E-mail SupportGet online incident help via e-mail from a Microsoft Support Professional.
Phone SupportGet incident help over the phone from a Microsoft Support Professional.
Phone Support ContractSave with a discounted 5-Pack Phone Support contract.
Advisory ServicesAdd remotely delivered consultation options from Microsoft Advisory Services for proactive support that goes far beyond routine product maintenance.
4. Contract-Based Support
Premier SupportGet the flexibility to match support options to your organization and enjoy direct access to Microsoft technical experts at any time, day or night. Premier Support delivers customized options for businesses with complex needs, including dedicated technical professionals to oversee your support, 24x7 problem resolution, and training and workshops that keep your IT staff up to date.
Essential SupportEssential Support offers prepackaged options specifically designed to meet the fundamental support requirements of any business, large or small. Includes account management, problem resolution, and information services.
•Free chats and webcasts
•List of newsgroups
•Microsoft community sites
•Community events and columns
Where Else Can I Get Help?
www.microsoft.com/technet/community
© 2004 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
Q & A
