Scott Scholl est un des gourous techniques sur Exchange. Il intervient à des conférences telles que Microsoft TechEd, The Experts Conference, TechReady… et Il nous fait le privilège d’animer cette session (attention, session en anglais). Il est l’auteur de plusieurs livres de référence sur Exchange. Durant cette session découvrez les nouveautés du SP2 d'Exchange sortie en décembre 2011 et les bonnes pratiques de déploiement. Cette session sera l'occasion de découvrir les nouveautés de Exchange Server 2010 SP2 tout en n'oubliant pas de revenir sur quelques fondamentaux de Exchange 2010. Nous parcourerons les améliorations autour du setup et du déploiement, de l'audit des boites aux lettres, de la messagerie unifiée, de la haute disponibilité amsi aussi des solutions d'archivage et de protection de l'information du système de messagerie.
4. PST Capture Tool Released!
Released 9:00 am, Jan 30th
Announcement – http://aka.ms/pstwalk
Download – http://aka.ms/getpstcapture
Documentation – http://aka.ms/pstcapture
Helps you search your network to discover and import PST
files across your environment
Import PST files into Exchange Online or Exchange Server
2010 directly into users' primary mailboxes or archives
5. New ActiveSyncReport Script
PowerShell-based script that can be used to identify
devices causing resource depletion issues on Exchange
servers
Can help in spotting trends and automatically generate
reports for continuous monitoring
Uses LogParser 2.2 and Windows PowerShell 2.0
Download from http://aka.ms/al5ohw
6. New Guidance for Hosters
http://aka.ms/xglwn4
/hosting SP2 migration guidance
Intended for service providers, system integrators, and technical
consultants who may be involved in the planning and
implementation of a migration from Exchange 2010 in /hosting
mode to Exchange 2010 SP2
The only supported scenario is to
Deploy Exchange Server 2010 SP2 into a new forest
Migrate user accounts, mailboxes, and other resources from
the /hosting forest to the new Exchange 2010 SP2 forest
8. Exchange 2010 SP2
Development January 24, 2011
Development began
Released December 4, 2011
Build Number 14.2.247.5
http://aka.ms/E14SP2
SP2 has hundreds of bug fixes and some new features
Every bug is triaged for risk, cost and applicability
Each new feature gets spec‟d (Functional, Dev, and
Test), and undergoes a thorough review
9. Exchange 2010 SP2
Development of using customers during development
Exchange has a history
(JDP, RDP, TAP)
TAP consists of customers who deploy pre-release bits in
production and receive
support from Microsoft
access to a private DL and a Wiki with all the latest info
conference calls with Exchange team folks
a chance to provide feedback, change the product, and find
bugs
SP2 TAP just shut down
10. Exchange Server 2010 SP2
Development in three Server Editions
SP2 is available
Standard Edition (retail and volume)
Enterprise Edition (volume only)
Includes all Exchange 2010 Standard features, plus
support for up to 100 databases per server
Hybrid Edition (volume only)
This is a Standard Edition SKU designed to be a
“gateway” for upgrading from previous versions of
Exchange to Exchange Online
11. Exchange 2010 SP2
Development
Hybrid Edition
Can be used only for connecting on-premises environment
with Office 365
If you move a mailbox to it, or leverage any features
outside the scope of a hybrid deployment, you must
purchase regular license and CALs
Multiple Hybrid Edition servers can be deployed, if needed
Not available for Office 365 trial customers; simply use
Trial edition of Exchange 2010 SP2
13. Upgrading Tips
SP2 includes Active Directory schema updates
3 new classes (and class object IDs) have been added
59 new attributes (and attribute object IDs) have been
added
29 new MAPI IDs have been added
46 new indexed attributes
36 new global catalog attributes
Get complete listing of all schema changes from MSDN
http://aka.ms/E14SP2Schema
14. Upgrading Tips
SP2 includes database schema updates
Upgrading from RTM SP2 can take a while (20-30
minutes) due to database schema upgraders that run
Look for instances of MSExchangeIS Mailbox Store
event 1185 in event log
Once a mailbox database has been upgraded to a later
version, it cannot be moved to an earlier version (e.g.,
database *over or database portability use is limited
during upgrade period)
15. Upgrading Tips
Client Access Server role has new operating system pre-
requisites in SP2
ASP.NET
ISAPI Filters
IIS 6 WMI Compatibility
Exchange Setup can install the new pre-reqs for you
Setup /Mode:Upgrade /InstallWindowsComponents
16. Upgrading Tips
SP2 includes some updated RBAC management role definitions
If you manage Exchange 2010 from a pre-SP2 server in an Org that
has been updated to SP2 you will get warning messages
Exchange Management Shell
WARNING: The object MyMailboxDelegation has been corrupted,
and it's in an inconsistent state. The following validation errors
happened: WARNING: The property value you specified, "15",
isn't defined in the Enum type "ScopeType".
Exchange Management Console
The object MyMailboxDelegation has been corrupted, and it's in
an inconsistent state. The following validation errors happened:
The property value you specified, "15", isn't defined in the Enum
type "ScopeType".
17. Upgrading Tips
Mailbox Replication Service (MRS) has changed in SP2
MRS Proxy will be disabled on upgrade to SP2 (thus, cross-
forest mailbox moves will not be processed)
Enable using Set-WebServicesVirtualDirectory -
MRSProxyEnabled
MaxMRSProxyConnections
20. New Scripts -
ConvertOABVDir.ps1 to convert the OAB virtual
Execute this script on each CAS
directory to an IIS web application, and create a new
application pool called MSExchangeOabAppPool
Converting the OAB virtual directory is necessary to
support Kerberos authentication, which we recommend
See http://aka.ms/f2ndij for more information
21. New Scripts - ExPerfwiz.ps1
Formerly an out-of-band tool; now shipped in the product!
Helps automate the collection of performance data on
Exchange 2007 and Exchange 2010 servers
Automatically adds the appropriate counters for each
detected server role
22. New Scripts - LargeToken-
IIS_EWS.ps1
Solves issue where the size of the availability request
exceeds the limit when you have large access tokens (>
200)
This script and a companion script, LargeToken-
Kerberos.ps1, were actually first released in UR4 for
Exchange 2010 SP1
LargeToken-IIS_EWS.ps1 increases the value of the
MaxFieldLength and MaxRequestBytes IIS parameters
and changes the EWS Web.config bindings on all CAS
in the site
See http://aka.ms/kknmtd for more info
23. New Scripts - LargeToken-
Kerberos.ps1
This script sets
HKLMSystemCurrentControlSetControlLsaKerberosParameter
s values MaxPacketSize to DWORD 1 and MaxTokenSize
to DWORD 65535 on all specified machines in the domain
See http://aka.ms/enracj for more info
25. Mini Version of Outlook Web
App
Feature driven by demand from markets where browser-
based phones still rule
Administer using PowerShell
This is not Outlook Mobile Access from Exchange 2003
None of the Exchange 2003 code was re-used
Completely new code built as a set of OWA forms
26. Mini Version of Outlook Web
App
Enabled and disabled using Set-OWAMailboxPolicy
Set-OWAMailboxPolicy PolicyName -
OWALightEnabled:$True
Provides an alternative view of OWA, so
OWA mailbox policies and segmentation are inherited
Any unsupported features in the policy are disabled
Features such as calendar, contacts, etc., can be enabled
or disabled on a per policy basis
If a new language is added to OWA, mini version gets it
28. Hybrid Configuration Wizard
EMC-based wizard plus cmdlets for setting up on-
premises Exchange and Office 365 to work together – in
Hybrid mode
Vastly simpler process than the current SP1 manual
experience
What once took ~49 steps, now takes 6 (your mileage
may vary)
>80% reduction for the administrator
30. Address Book Policies
Common Scenarios
Legal or compliance reasons – People are not allowed to see
each other in the GAL
Privacy reasons – School scenario where students can‟t see other
classes but are all in one school
Optimization reasons – Organization has logical sub-divisions but
still needs to share some resources and infrastructure (MSN and
Xbox)
Hosting reasons – You want to host multiple organizations on one
platform and don‟t want them seeing each other
Usability reasons – You have a huge GAL which is hard to
navigate, the sort order may be mixed up, or the GAL may simply
be massive (US Army or DoD)
31. Address Book Policies
Address Book Policies (ABPs) enable you to achieve GAL
Segmentation in Exchange 2010
ABPs work on the principal of direct GAL and Address List
assignment rather than allowing or denying access to all
available lists
Any request that comes through the Address Book Service
on CAS is evaluated against the ABP assigned to the user
32. Address Book Policies
ABPs apply only to users and clients on Exchange 2010 that
use CAS for directory and
Opens the address list picker
Tries to resolve a name or an alias
Adds a room resource to a meeting request
Searches the GAL
Searches the directory from Outlook Voice Access
Queries the directory from a mobile device
Views someone‟s DL memberships, or views the members
of a DL
34. OWA Cross-Site Silent
Redirection via CAS in the „wrong‟ AD site, CAS has a decision
If you access OWA
to make
It can proxy or redirect the connection to the target site
If there is no ExternalURL in that site, we proxy, the mailbox opens
and the user gets access
If the target site has an ExternalURL the user gets a page with a
link to click
The user clicks the link, and logs in again, and gets access
The user has to log in twice
We are removing the need to click the link
Which for some scenarios will result in a Single Sign On
experience
36. OWA Cross-Site Silent
Redirection
Enabled on Internet-facing CAS, on a per OWA virtual directory
basis
Set-OWAVirtualDirectory –Identity “CAS1owa (default Web
site)”
–CrossSiteRedirectType Silent
When you enable silent redirection
You will be informed that the target CAS must have an
ExternalURL that leverages HTTP SSL protocol
You will receive a warning that single sign-on experience
may not be possible if FBA is not enabled
Demo video at http://aka.ms/OWACSSR
38. Additional Enhancements in
SP2
Disable Mailbox Auto-Mapping
Outlook 2007/2010 can map to any mailbox to which a user
has Full Access and, through Autodiscover, automatically
loads all mailboxes to which the user has Full Access
If the user has Full Access to a large number of mailboxes,
performance suffers when starting Outlook
SP2 enables admin to disable this behavior by setting new
Automapping parameter for Add-MailboxPermission to
False
See http://aka.ms/gxxxk1 for steps
39. Additional Enhancements in
SP2
Custom Attribute Enhancements
Five new multi-value custom attributes
(ExtensionCustomAttribute1 to ExtensionCustomAttribute5)
that you can use to store additional information for mail
recipient objects
Each can hold up to 1,300 values, and support multi-values
by using comma-delimited list
Supported by Set-DistributionGroup, Set-
DynamicDistributionGroup, Set-Mailbox, Set-MailContact,
Set-MailUser, Set-MailPublicFolder, Set-RemoteMailbox
40. Additional Enhancements in
SP2
Litigation Hold
You can‟t disable or remove a mailbox that has been placed on
litigation hold; prior to SP2, you had to disable litigation hold
SP2 includes new IgnoreLegalHold parameter that is supported by
the following cmdlets
Disable-Mailbox
Remove-Mailbox
Disable-RemoteMailbox
Remove-RemoteMailbox
Disable-MailUser
Remove-MailUser
41. Additional Enhancements in
SP2 Availability
High
Move-ActiveMailboxDatabase has new
SkipActiveCopyChecks parameter which bypasses the
check to see if the copy being activated is currently
being used as a source for seeding
If you use this parameter when activating a copy, the
seeding/update process will be terminated
43. Mailbox Database
Housekeeping you may need to periodically scan
In large environments,
Active Directory for disconnected mailboxes that aren't yet
marked as disconnected in the Information Store and
update the status of those mailboxes in the Store
You can use Clean-MailboxDatabase to do this, but that
requires mailbox database GUIDs
To get the GUID: Get-MailboxDatabase | fl Identity, Guid
Or simply run: Get-MailboxDatabase | Clean-MailboxDatabase
44. ActiveSync Approval
Delegation Help Desk folks to approve or deny EAS devices
Scenario: You want
without giving them Org Management rights
Solution
Create mail-enabled security group used for quarantine
notifications
Enable EAS quarantine and configure notification message
Copy management role containing Set-CASMailbox
–ActiveSyncAllowedDeviceIDs cmdlet/parameter
Remove all other management role entries from custom role
Create new role group containing security group
Add user to new role group and Recipient Management role
45. Get all Email Addresses for
Domain addresses for an SMTP domain, including those
All email
assigned to mail-enabled public folders
Get-Recipient | where {$_.emailaddresses
-match “contoso.com”} | fl name,emailaddresses
>>emailaddresses.txt
46. Analyze Message Tracking Logs
http://aka.ms/ExMailStats
Analyzes Message Tracking Logs and produces a .csv file
of mail stats per user, and keeps distribution list usage
Finds all Hub Transport servers in the Org, retrieves the
logs from the previous day, and generates stats for each
user, for both Internal and External emails, by primary
address, for
Total Messages and Bytes Sent
Unique Messages and Bytes Sent
Total Messages and Bytes Received
47. Free script repository for
Exchange Center Repository -
TechNet Script
http://aka.ms/Ex2010Scripts
Over 50 scripts for Exchange 2010 created by internal and
external community contributors
Each contribution is licensed to you under a License
Agreement by its owner, not Microsoft
Microsoft does not guarantee the contribution or purport to
grant rights to it
48. Questions?
Thank you for attending!
Contact me at any time with questions:
scott.schnoll@microsoft.com
Twitter: @schnoll
Blog:
http://blogs.technet.com/scottschnoll
To resolve the warnings, upgrade the server to Exchange 2010 SP2. The cause of these warnings doesn't prevent Exchange from functioning correctly and can safely be ignored until the server is upgraded to Exchange 2010 SP2.
Do not manually edit web.config file on Exchange 2010 SP2 or later server.
If a user in a DL is outside the scope of your ABP, you won’t see themThis prevents GAL mining by surfing up and down the member/memberof properties in some scenariosThis means you might be sending to more people than you think you are and that MailTips might not display the real recipient count
From http://www.itworkedinthelab.com/2011/08/exchange-2010-activesync-quarantine-approval-delegation/New-DistributionGroup -Name "Exchange ActiveSync Approvers" -Type "Security" -OrganizationalUnit “<domain>/Users_And_Groups/Groups/Security" -SamAccountName “EAS Approvers" -Alias "EASApprovers“Set-ActiveSyncOrganizationSettings –DefaultAccessLevel Quarantine –AdminMailRecipientsEASApprovers@<SMTPdomain>New-ManagementRole -Parent "Organization Client Access" -Name “EAS Approval“Get-ManagementRoleEntry "ActiveSync Approval\\*" | Where {$_.Name -NotLike "Set-CASMailbox*"} | Remove-ManagementRoleEntryNew-RoleGroup -Name "ActiveSync Device Management" -Roles "ActiveSync Approval" -Members “EAS Approvers" -Description "Members of this management role group have rights to approve and deny EAS devices"Adding members to the role group enables them to approve and deny EAS devices