Upload
microsoft-technet-france
View
1.992
Download
1
Embed Size (px)
Citation preview
palais des congrès Paris
7, 8 et 9 février 2012
09-févr-12Scott SchnollPrincipal Technical WriterMicrosoft Corporation
Exchange Server 2010 SP2Tips & Tricks
MSG208
En Anglais!
Dernières nouvelles
ANNONCES
Released 9:00 am, Jan 30th
Announcement – http://aka.ms/pstwalk Download – http://aka.ms/getpstcapture Documentation – http://aka.ms/pstcapture
Helps you search your network to discover and import PST files across your environmentImport PST files into Exchange Online or Exchange Server 2010 directly into users' primary mailboxes or archives
PST Capture Tool Released!
PowerShell-based script that can be used to identify devices causing resource depletion issues on Exchange serversCan help in spotting trends and automatically generate reports for continuous monitoringUses LogParser 2.2 and Windows PowerShell 2.0Download from http://aka.ms/al5ohw
New ActiveSyncReport Script
http://aka.ms/xglwn4/hosting SP2 migration guidanceIntended for service providers, system integrators, and technical consultants who may be involved in the planning and implementation of a migration from Exchange 2010 in /hosting mode to Exchange 2010 SP2The only supported scenario is to Deploy Exchange Server 2010 SP2 into a new forest Migrate user accounts, mailboxes, and other resources from
the /hosting forest to the new Exchange 2010 SP2 forest
New Guidance for Hosters
Exchange Server 2010 SP2 Development
Development began January 24, 2011Released December 4, 2011 Build Number 14.2.247.5 http://aka.ms/E14SP2
SP2 has hundreds of bug fixes and some new features Every bug is triaged for risk, cost and
applicability Each new feature gets spec’d (Functional, Dev,
and Test), and undergoes a thorough review
Exchange 2010 SP2 Development
Exchange has a history of using customers during development (JDP, RDP, TAP)TAP consists of customers who deploy pre-release bits in production and receive support from Microsoft access to a private DL and a Wiki with all the latest info conference calls with Exchange team folks a chance to provide feedback, change the product, and
find bugsSP2 TAP just shut down
Exchange 2010 SP2 Development
SP2 is available in three Server Editions Standard Edition (retail and volume) Enterprise Edition (volume only)
Includes all Exchange 2010 Standard features, plus support for up to 100 databases per server
Hybrid Edition (volume only) This is a Standard Edition SKU designed to be a
“gateway” for upgrading from previous versions of Exchange to Exchange Online
Exchange Server 2010 SP2 Development
Hybrid Edition Can be used only for connecting on-premises
environment with Office 365 If you move a mailbox to it, or leverage any features
outside the scope of a hybrid deployment, you must purchase regular license and CALs
Multiple Hybrid Edition servers can be deployed, if needed Not available for Office 365 trial customers; simply
use Trial edition of Exchange 2010 SP2
Exchange 2010 SP2 Development
Upgrading Tips
SP2 includes Active Directory schema updates 3 new classes (and class object IDs) have been added 59 new attributes (and attribute object IDs) have
been added 29 new MAPI IDs have been added 46 new indexed attributes 36 new global catalog attributes
Get complete listing of all schema changes from MSDN http://aka.ms/E14SP2Schema
Upgrading Tips
SP2 includes database schema updates Upgrading from RTM SP2 can take a while (20-30
minutes) due to database schema upgraders that run Look for instances of MSExchangeIS Mailbox Store
event 1185 in event log Once a mailbox database has been upgraded to a
later version, it cannot be moved to an earlier version (e.g., database *over or database portability use is limited during upgrade period)
Upgrading Tips
Client Access Server role has new operating system pre-requisites in SP2 ASP.NET ISAPI Filters IIS 6 WMI Compatibility
Exchange Setup can install the new pre-reqs for you Setup /Mode:Upgrade
/InstallWindowsComponents
Upgrading Tips
SP2 includes some updated RBAC management role definitions If you manage Exchange 2010 from a pre-SP2 server in an Org that has
been updated to SP2 you will get warning messages Exchange Management Shell
WARNING: The object MyMailboxDelegation has been corrupted, and it's in an inconsistent state. The following validation errors happened: WARNING: The property value you specified, "15", isn't defined in the Enum type "ScopeType".
Exchange Management Console The object MyMailboxDelegation has been corrupted, and it's in an
inconsistent state. The following validation errors happened: The property value you specified, "15", isn't defined in the Enum type "ScopeType".
Upgrading Tips
Mailbox Replication Service (MRS) has changed in SP2 MRS Proxy will be disabled on upgrade to SP2 (thus,
cross-forest mailbox moves will not be processed) Enable using Set-WebServicesVirtualDirectory -
MRSProxyEnabled SP2 also introduces the MaxMRSProxyConnections
parameter for New-WebServicesVirtualDirectory and Set-WebServicesVirtualDirectory
No more manual editing of web.config file! See http://aka.ms/fxvume for steps
Upgrading Tips
New Cmdlets and Scripts in SP2
Address Book Policies New-AddressBookPolicy Get-AddressBookPolicy Set-AddressBookPolicy Remove-AddressBookPolicy
Hybrid Deployments New-HybridConfiguration Get-HybridConfiguration Set-HybridConfiguration Update-HybridConfiguration
New Cmdlets
Execute this script on each CAS to convert the OAB virtual directory to an IIS web application, and create a new application pool called MSExchangeOabAppPoolConverting the OAB virtual directory is necessary to support Kerberos authentication, which we recommendSee http://aka.ms/f2ndij for more information
New Scripts - ConvertOABVDir.ps1
Formerly an out-of-band tool; now shipped in the product!Helps automate the collection of performance data on Exchange 2007 and Exchange 2010 serversAutomatically adds the appropriate counters for each detected server role
New Scripts - ExPerfwiz.ps1
Solves issue where the size of the availability request exceeds the limit when you have large access tokens (> 200)This script and a companion script, LargeToken-Kerberos.ps1, were actually first released in UR4 for Exchange 2010 SP1 LargeToken-IIS_EWS.ps1 increases the value of the
MaxFieldLength and MaxRequestBytes IIS parameters and changes the EWS Web.config bindings on all CAS in the site
See http://aka.ms/kknmtd for more info
New Scripts - LargeToken-IIS_EWS.ps1
This script sets HKLM\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters values MaxPacketSize to DWORD 1 and MaxTokenSize to DWORD 65535 on all specified machines in the domainSee http://aka.ms/enracj for more info
New Scripts - LargeToken-Kerberos.ps1
Exchange Server 2010 Service Pack 2Feature: Mini Version of Outlook Web App
Feature driven by demand from markets where browser-based phones still ruleAdminister using PowerShellThis is not Outlook Mobile Access from Exchange 2003 None of the Exchange 2003 code was re-used Completely new code built as a set of OWA
forms
Mini Version of Outlook Web App
Enabled and disabled using Set-OWAMailboxPolicy Set-OWAMailboxPolicy PolicyName -OWALightEnabled:
$TrueProvides an alternative view of OWA, so OWA mailbox policies and segmentation are inherited Any unsupported features in the policy are disabled Features such as calendar, contacts, etc., can be
enabled or disabled on a per policy basis If a new language is added to OWA, mini version gets it
Mini Version of Outlook Web App
Exchange Server 2010 Service Pack 2Feature: Hybrid Configuration Wizard
EMC-based wizard plus cmdlets for setting up on-premises Exchange and Office 365 to work together – in Hybrid modeVastly simpler process than the current SP1 manual experienceWhat once took ~49 steps, now takes 6 (your mileage may vary) >80% reduction for the administrator
Hybrid Configuration Wizard
Exchange Server 2010 Service Pack 2Feature: Address Book Policies
Common Scenarios Legal or compliance reasons – People are not allowed to see each
other in the GAL Privacy reasons – School scenario where students can’t see other
classes but are all in one school Optimization reasons – Organization has logical sub-divisions but still
needs to share some resources and infrastructure (MSN and Xbox) Hosting reasons – You want to host multiple organizations on one
platform and don’t want them seeing each other Usability reasons – You have a huge GAL which is hard to navigate,
the sort order may be mixed up, or the GAL may simply be massive (US Army or DoD)
Address Book Policies
Address Book Policies (ABPs) enable you to achieve GAL Segmentation in Exchange 2010 ABPs work on the principal of direct GAL and Address List assignment rather than allowing or denying access to all available listsAny request that comes through the Address Book Service on CAS is evaluated against the ABP assigned to the user
Address Book Policies
ABPs apply only to users and clients on Exchange 2010 that use CAS for directory and Opens the address list picker Tries to resolve a name or an alias Adds a room resource to a meeting request Searches the GAL Searches the directory from Outlook Voice Access Queries the directory from a mobile device Views someone’s DL memberships, or views the members
of a DL
Address Book Policies
Exchange Server 2010 Service Pack 2Feature: OWA Cross-Site Silent Redirection
If you access OWA via CAS in the ‘wrong’ AD site, CAS has a decision to makeIt can proxy or redirect the connection to the target site
If there is no ExternalURL in that site, we proxy, the mailbox opens and the user gets access
If the target site has an ExternalURL the user gets a page with a link to click
The user clicks the link, and logs in again, and gets access The user has to log in twice We are removing the need to click the link Which for some scenarios will result in a Single Sign On experience
OWA Cross-Site Silent Redirection
Experience: Beforeand After
Enabled on Internet-facing CAS, on a per OWA virtual directory basisSet-OWAVirtualDirectory –Identity “CAS1\owa (default Web site)” –CrossSiteRedirectType Silent
When you enable silent redirection You will be informed that the target CAS must have an
ExternalURL that leverages HTTP SSL protocol You will receive a warning that single sign-on experience may
not be possible if FBA is not enabledDemo video at http://aka.ms/OWACSSR
OWA Cross-Site Silent Redirection
Additional Enhancements in SP2
Disable Mailbox Auto-Mapping Outlook 2007/2010 can map to any mailbox to which a user
has Full Access and, through Autodiscover, automatically loads all mailboxes to which the user has Full Access
If the user has Full Access to a large number of mailboxes, performance suffers when starting Outlook
SP2 enables admin to disable this behavior by setting new Automapping parameter for Add-MailboxPermission to False
See http://aka.ms/gxxxk1 for steps
Additional Enhancements in SP2
Custom Attribute Enhancements Five new multi-value custom attributes
(ExtensionCustomAttribute1 to ExtensionCustomAttribute5) that you can use to store additional information for mail recipient objects
Each can hold up to 1,300 values, and support multi-values by using comma-delimited list
Supported by Set-DistributionGroup, Set-DynamicDistributionGroup, Set-Mailbox, Set-MailContact, Set-MailUser, Set-MailPublicFolder, Set-RemoteMailbox
Additional Enhancements in SP2
Litigation Hold You can’t disable or remove a mailbox that has been placed on
litigation hold; prior to SP2, you had to disable litigation hold SP2 includes new IgnoreLegalHold parameter that is supported
by the following cmdlets Disable-Mailbox Remove-Mailbox Disable-RemoteMailbox Remove-RemoteMailbox Disable-MailUser Remove-MailUser
Additional Enhancements in SP2
High Availability Move-ActiveMailboxDatabase has new
SkipActiveCopyChecks parameter which bypasses the check to see if the copy being activated is currently being used as a source for seeding
If you use this parameter when activating a copy, the seeding/update process will be terminated
Additional Enhancements in SP2
Random Tips
In large environments, you may need to periodically scan Active Directory for disconnected mailboxes that aren't yet marked as disconnected in the Information Store and update the status of those mailboxes in the StoreYou can use Clean-MailboxDatabase to do this, but that requires mailbox database GUIDsTo get the GUID: Get-MailboxDatabase | fl Identity, Guid
Or simply run: Get-MailboxDatabase | Clean-MailboxDatabase
Mailbox Database Housekeeping
Scenario: You want Help Desk folks to approve or deny EAS devices without giving them Org Management rightsSolution
Create mail-enabled security group used for quarantine notifications
Enable EAS quarantine and configure notification message Copy management role containing Set-CASMailbox
–ActiveSyncAllowedDeviceIDs cmdlet/parameter Remove all other management role entries from custom role Create new role group containing security group Add user to new role group and Recipient Management role
ActiveSync Approval Delegation
All email addresses for an SMTP domain, including those assigned to mail-enabled public folders
Get-Recipient | where {$_.emailaddresses -match “contoso.com”} | fl name,emailaddresses >>emailaddresses.txt
Get all Email Addresses for Domain
http://aka.ms/ExMailStatsAnalyzes Message Tracking Logs and produces a .csv file of mail stats per user, and keeps distribution list usageFinds all Hub Transport servers in the Org, retrieves the logs from the previous day, and generates stats for each user, for both Internal and External emails, by primary address, for Total Messages and Bytes Sent Unique Messages and Bytes Sent Total Messages and Bytes Received
Analyze Message Tracking Logs
TechNet Script Center Repository - http://aka.ms/Ex2010ScriptsOver 50 scripts for Exchange 2010 created by internal and external community contributorsEach contribution is licensed to you under a License Agreement by its owner, not MicrosoftMicrosoft does not guarantee the contribution or purport to grant rights to it
Free script repository for Exchange
Thank you for attending!Contact me at any time with questions: [email protected] Twitter: @schnoll Blog:
http://blogs.technet.com/scottschnoll
Questions?
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a
commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.