Category Archives: Exchange 2013

CodeTwo Exchange Migration

Exchange 2003, Exchange 2007, Exchange 2010, Exchange 2013Leave a comment

CodeTwo Exchange Migration tool is one of the great products from CodeTwo, which allows us to migrate Exchange mailboxes from one version of Exchange to the other version of Exchange. It can be a direct migration from Exchange to Exchange or from the SBS to Exchange and can be used in exchange cross-forest scenario as well. It also supports to migrate from non-Microsoft products like Google apps or Gmail to Exchange servers. It is easier and faster to use; and safer to migrate exchange in the below supported scenario.

· Exchange 2003, 2007 to Exchange 2010 migration

· Exchange 2003, 2007 to Exchange 2013 migration

· Exchange 2010 to Exchange 2013 migration

· Google Apps to Exchange migration

I think the most interesting feature is the support for cross-forest migration. Cross-forest migration using traditional tool it more complex, tedious and can be extremely slow and time consuming.

In this article we will perform cross-forest migration using the CodeTwo Exchange Migration tool. Normally, organizations perform cross-forest migration when there is a merger or acquisition, a security reason or when leaving the old environment and when starting a fresh one, etc.

Our lab environment consists of two forest Green.com – Source forest and blue.com – Target forest, which allow users to migrate from source forest to target forest.

As part of the migration, we need to prepare our environment to perform the cross-forest migration. Given below are the configurations necessary between the two forests which help to perform the smooth migration.

1. Configure DNS resolution between green.com and blue.com

2. Configure Trust between the two forests, green.com and blue.com

3. Configure the mail flow between source to target using the send and receive connectors

4. At the green.com domain, change the accepted domain as an internal relay to make sure that emails continue to be received even after the migration of mailbox to blue domain.

5. Configure Free busy sharing between blue.com and green.com

6. Configure GAL Sync between blue.com and green.com

7. Install and Configure ADMT and password export server which will export the password to the target account after user account migration.

8. Migrate users AD account from source to Target forest using ADMT

9. Finally, enable the mailbox for all the migrated users at the target forest. This can be done using PowerShell or using Exchange management console.

 

We are almost done with the environment configuration. Next, install CodeTwo Exchange Migration tool on any machine on the source forest with the necessary prerequisites:

Given below are the step by step instruction to configure CodeTwo Exchange migration tool and migrate the users to the target forest.

1. Login the machine where Exchange migration tool is installed with the Domain admin account

2. Run “ Exchange Migration Administrator Panel” from the start menu

3. Source server connection wizard helps to connect to the source forest. Select the option “on-Premises” Exchange server and click on Next

4. Select the Exchange 2010 server from the green.com (source) forest and make sure to select the Administrator account which has necessary permission to enumerate mailboxes in the source forest and then click on “Next”

5. Select the necessary folder for migration and by default, most of the folder is selected except the junk folder. Keep the default settings and click on “Next”

6. “Email address rewriting” has to be checked when mailbox has to be migrated to the different forest, it rewrites the email address based on the target forest. Since the new forest has a different domain and its email address is different, these settings are mandatory.

7. Finally, verification checks the source server connection and validates administrator account for the necessary permission and group membership.

8. Target server connection helps to connect to the target forest servers.

9. I would prefer to connect manually using FQDN of the Target exchange 2010 server. Exchange Web service URL (EWS URL) gets auto filled based on the target exchange server name and click on “Next”. EWS URL is necessary to connect and access the mailbox during the migration.

10. Enter the User Principal Name (UPN) and password of the target forest administrator account at the Admin’s credentials, and click on “Next”

11. Final verification allows us to validate the target server connection, impersonation rights to access the migration mailboxes through PowerShell.

With this we are almost ready to start the migration. Identify the source mailbox which you want to migrate and associate it with the new target mailbox in the CodeTwo Exchange Migration Administration panel. Association can be done both manually and automatically. Manually, you can select the source mailbox from the list and then highlight target mailbox in the window. This process is painful, when you have larger number of users to migrate. Automatically, association can be done by selecting all the users and click on Automatch button on the Administration Panel’s ribbon. This automatically matches the all the users account from the source forest to the target forest and generate the report for the reference. Once the association is done, you can start the migration. By default, it can only migrate two mailboxes at a time and this count can be increased by modifying the settings at the administration panel.

I personally feel I like the tool and it helps me to perform migration tasks in a simpler, easier and more effective way than using the traditional migration tool. It has a simple GUI which helps the administrator to perform the operation much easier. Again, it supports various migration scenario and even perform the direct upgrade from Exchange 2003 to Exchange 2013. It voids any kind of caveats which occur during the migration and also avoids the complexity of two step migration. CodeTwo also has a great support team which can help us to address any queries, issue or problem whenever there is a situation

Download CodeTwo Exchange Migration

 

 

Product Review – Lepide Exchange Reporter Tool

Exchange 2003, Exchange 2007, Exchange 2010, Exchange 20131 Comment

Lepide Exchange Reporter Tool is the proactive tool for the Exchange administrator. It provides some good reports to monitor the exchange environment and proactively helps administrators to keep the environment healthy and secure. Let’s delve deep into understanding some of the greatest features it offers.

The trial version of Lepide Exchange Reporter tool can be downloaded from the Lepide Website, which supports all legacy versions right from Exchange 2000, Exchange 2003, Exchange 2007, Exchange 2010 and to the latest version of Exchange 2013. It is a simple installable tool which can be installed on any server or client OS with the mandatory requirements demanded of outlook and SQL server. The requirement of the Outlook and SQL server versions needed to suit Exchange environment can be found at the download link given above.

The Lepide Exchange Reporter Tool generates various reports and has been divided as follows:

· Dash View

· Report View

· Mailbox Folder

Let’s get into each of these reports in detail to understand what it is able to provide its Exchange Administrators.

DASH VIEW

The Dash View provides some quick summary view for the administrator to get the following information:

1. Top 5 senders by number of the messages.

2. Top 5 receivers by number of messages.

3. Information Store by EDB and STM Size.

4. Information Store by Mailbox store and Public folder size.

5. Top 5 mailboxes by size.

6. Top 5 OWA users by usage count.

Figure 1. Dash View

REPORT VIEW

The Report View provides detailed information about the exchange environments, which we may need to focus more here. This report view is further divided into three parts: Email flow, OWA Report and General Report.

Email Flow

The Email Flow report is generated from the message-tracking logs and archives all the history log information into the SQL database. The email flow information queries can be filtered on the basis of the required time stamp.

It has mail flow information based on the user, subject, receivers’ and senders’ messages from within and outside an organization. This information can be sorted based on their date and size. Shown below is a reference snap shot.

OWA Report

The OWA Report is one of the important components of Exchange since many of the remote clients can connect OWA through Web browser in order to access their emails. Since these OWA connections majorly come from the internet, it is important to closely monitor them. For instance, sometimes, cyber attaches can happen over OWA, which in turn can adversely affect a user’s access.

The OWA Reports includes information of heavy OWA users, clients and server computers sending high OWA request and download the maximum data.

General Report

The General Report has a lot of information, which is necessary for day-to-day activities and can also be used for upgrades or transitions. It generates many reports, such as:

Directory Reports

It has detailed information of every user’s mailbox, distribution group and other directory objects in the organization.

Message Delivery Reports

It has detail information on every message sent/received in an organization. It also keeps track on the time taken for the message delivered to the target recipient.

Mailbox Information Reports

It provides detail information about every mailbox in an organization. It has information on each and every mailbox’s permission, rules, folder size, item age graph, item size graph, attachment per mailbox, etc.

I found this part to be informative, and hence it is imperative for users to take note on this. Shown below is the reference snapshot.

Mailbox Traffic Reports

It has detailed information on the daily traffic, mailbox-traffic growth, traffic between users and other such useful data.

Shown below is a reference snapshot.

Outlook Web Access

Outlook Web Access has important information to perform the strategic decision on the usage. It has information on the hourly and daily usage and also has information based on every OWA user.

Public Folder Reports

Monitoring public folders is very important to keep them in control. Many organizations do not monitor public folders and these folders grow enormously over a period of time. Public folder reports provide vital information like growth graph, along with the size, content, permission and restriction of the public folder.

Server Traffic Reports

Server Traffic Reports help to understand an email sent from and received of every domain based on the count and also has the traffic comparison graph between the domains.

Given below is the reference screen shot.

Storage Reports

Storage Reports have the most important report to keep the storage growth under control. Generally after the initial build of an Exchange server, expansion of storage is not easy. Sometimes there can be limitation of expansion slots or companies may not have the budget for expansion. Sometimes database grow enormously over a period of time for various reasons. Storage reports helps to provide information on Mailbox size growth graph and Information store size growth graph. Monitoring these reports will help to predict the data growth to plan for the expansion. They also help in identifying abnormal mailbox growth.

Mailbox Folders

Mailbox folders are the last report on Lepide Exchange Reporter tool which help administrators to access public folders and content of various mailboxes. It allow administrators to review the details of every mailbox folder and generate a report in the easy understandable format. For instance, report can be filtered on the basis of its date; and exported in various standard formats like CSV, PDF, and DOC etc. These reports are great helpful when huge amount of data needs to be tracked and it’s generate the report with all the minute change in the exchange mailboxes. For example sometimes we may wanted to get the report of mailbox size and its growth or unused mailboxes.

Majority of the reports from this tool are generated from the SQL Server, which is installed along with this tool. This help to generate various history report, where logs are no longer available on the Exchange servers. It scans all the necessary logs from the Exchange servers on the regular basics or based on the schedule time and updates into the SQL servers. Logs Scan schedule can be configure to run “Full Scan” once and incremental scan for the next consecutive runs.

Various logs it scans from the Exchange servers are:

· Messaging Tracking logs

· IIS Logs

· Information Store

· Mailbox Information

In my opinion, Lepide Exchange Reporting tool (http://www.lepide.com/exchange-reporter/) is an excellent tool which can help administrators to keep the environment under control and help in generating various reports for the management, as and when required, without writing any complex scripts. This is a tool that needs to be configured once and schedule it to collect reports on a day-to-day basis in order to generate a customized report, whenever needed. The reports, thus generated, can also be used for sizing, when you are upgrading your Exchange environment to a higher or to the latest versions of Exchange.

Why Exchange Server backups are important

Exchange 2003, Exchange 2007, Exchange 2010, Exchange 2013, Office 365, Windows 2012Leave a comment

Most of the business communications are these days carried out through emails. Even in the organizations that have full-fledged enterprise level CRM system in place, many sales related communications takes place through emails, particularly in the initial phase. Many of the emails contain critical client related information as email attachments that can be required anytime in the contract phase. Hence, Exchange Server data protection should be of primary importance for all the Exchange Server administrators.

When it comes to Exchange Server data protection, there are different measures that you can take. All these measures can be broadly classified into two parts based on the approach: pre-emptive measures where you try to prevent the occurrence of a disaster situation that can put the data to risk; and reactive measures where you make provisions after a disaster has struck.

Here we will discuss how backups can be a used a very effective methods to deal with any unforeseen circumstances. Exchange Server backups can be used in any of the following situations:

To recover from disaster situation: If your Exchange environment experiences a hardware or software failure, Exchange Server backups can help you to restore to a point-in-time with zero loss of data.

Recover any accidently deleted item: If any User deletes an email item accidentally, it can be restored from the correct backup. With Exchange 2013, the recovery of accidentally deleted items is even faster with Recoverable Item folder and the Hold policy that can be applied to it.

Uphold Compliance: Compliance requirements require you to archive email data for extended period of time. Backup is an excellent way to archive email communication to satisfy compliance requirements.

With Exchange 2013, many such features have been decentralized and even end Users can archive, perform granular recovery and search across mailboxes.

Let’s see what all options are available to backup Exchange Server data:

Normal backup: Normal backup process backups the entire Exchange Server and directory in its entirety. The log files are also backed up. You can restore mailboxes from just a normal backup.

Creating a Copy: A Copy backup is similar to the normal backup without the incremental and differential context. It can be used to backup the entire Exchange Store without disturbing the state of any incremental or differential backups that might be going on.

Incremental: This type of back up only backups the components that have changed since last normal or incremental backup. To restore from an incremental backup, normal backup and all incremental backups created in between are required.

Differential: This kind of backup captures the changes that have occurred since last normal backup and the current state. To restore from this kind of backups, one normal backup the specific differential backup is required.

While recovering data from backups, you may require to setup a recovery server apart from the production Exchange Server; this causes additional cost for setting up an expensive recovery server. There are some third-party software that can restore data directly from backups, thus doing away the need of recovery server and save significant cost. Lepide Exchange Recovery Manager is a third-party application that can be tried in such situations.

PowerShell to Customize RBAC Permission in Exchange 2013

Exchange 2013Leave a comment

RBAC is the new permission model in Exchange 2013. With RBAC, we don’t need to modify and manage access control lists (ACLs). It enables us to control at both broad and granular level, what administrator and end user can do. In Exchange 2013, RBAC now controls both the administrative tasks that can be performed and extent to which users can now administer their own mailbox and distribution groups.

Go through following link to understand more on the RBAC Permission in Exchange 2013

PowerShell to Customize RBAC Permission in Exchange 2013

Regards,

Krishna

Exchange 2013 Multi site CAS URL configuration with global name space for site resilience

Exchange 2013Leave a comment

Exchange 2013 has simplified the Client Access Server (CAS) design architecture using global/single namespace. This is because of the way CAS works in Exchange 2013. Outlook no longer uses RPC protocol to access the email, but instead it connects to the CAS server and accesses the mailbox through https protocol.  The CAS server makes a direct connection with the mailbox server, if the mailbox exists on the same AD site. If not, then it decides, whether to proxy the request or to redirect the request to another CAS/Mailbox infrastructure. It queries the Active Manager to determine the mailbox server hosting the active copy and it will proxy the request to mailbox server. This occurs irrespectively of a mailbox location. One CAS server redirects its request to another CAS server only if there is a telephony related request or an OWA request.

To read about more on this topic, please use the below link at blog.netwrix.com

Exchange 2013 Multi site CAS URL configuration with global name space for site resilience

Configure Exchange 2013 Internet mail flow during migration

Exchange 2013Leave a comment

As part of upgrading to Exchange 2013 from Exchange 2007/2010, we need to make sure that Exchange 2013 is the point of communication for sending and receiving email from the Internet.In addition to installing, configuring, and testing Exchange 2013 Server, migration also consists of configuring and testing mail flow between Exchange 2013 and Exchange 2007/2010. In this article we will understand on how to configure for both sending and receiving emails from internet

 

Configure Exchange 2013 Internet mail flow during migration

Hope this articles helps you

Exchange 2013 DAG recovery in a stretched AD site

Exchange 20131 Comment

 

An Active Directory site is stretched if it is spread across multiple physical sites. Exchange setup may vary from organization to organization. Some Exchange organization are single site , some are multi site and some times single sites is spread across multiple AD site. In this series of two posts, I will show you how to recover an Exchange 2013 Data Availability Group in a stretched AD site.

 

Exchange 2013 DAG recovery in a stretched AD site – Part 1

Exchange 2013 DAG recovery in a stretched AD site – Part 2

I hope this article gives you a clear picture of understanding and recovering the DAG in the stretched AD site scenario

Exchange 2013 HA and Site Resiliency

Exchange 2013Leave a comment

I would say Exchange 2013 HA and site resiliency got into a matured state from the previous version of Exchange. Exchange 2013 provides multiple options for HA and site resilience. Microsoft has tried to keep human intervention to a minimum and allow Exchange to recover itself from any kind of failures so that the administrator can focus on recovering the failed hardware or server rather than recovering the service.

Below are the two articles by me on Exchange 2013 HA and Site resiliency

Exchange 2013 High Availability(HA)

Exchange 2013 Site Resiliency

I hope you got some quick understanding on Exchange 2013 HA and Site Resiliency options 🙂

Automating Jetstress 2013 for Exchange 2013 using powershell

Exchange 2013, PowershellLeave a comment

Last week I wrote an article on Jetstress 2013 using PowerShell. It’s a very good script to automate Jetstress on exchange mailbox servers before the server build. It really helps on the large scale deployment. Please find the below link with the details of the same with the live example. This script is inspired by Neil Johnson’s – Automating Jetstress and it’s an updated version of the script.

http://www.enowsoftware.com/about-enow/solutions-engine-blog/bid/150173/Automating-Jetstress-2013-for-Exchange-2013-Part-1

http://www.enowsoftware.com/about-enow/solutions-engine-blog/bid/150621/Automating-Jetstress-2013-for-Exchange-2013-Part-2

 

Hope you like the article and let me know if you have any questions. 🙂

Netwrix Active Directory Change Reporter

Exchange 2007, Exchange 2010, Exchange 2013Leave a comment

Auditing is one of the most complex activities of the Windows Active Directory. Monitoring the changes and reporting immediately makes it very challenging for administrators. I would say that Netwrix Active Directory Change Reporter is one of the best tools available in the market with comprehensive collection of features to audit changes in Active Directory and report on them. It has a very robust way of checking, if any modification/change was done to Active Directory objects. It uses both Active Directory event logs and also takes the Active Directory snapshot to compare the data and get a consolidated report on who made the changes, what was changed, when and where exactly. These changes are logged into a local database and are stored in the SQL server for reporting purposes. It is a unified solution for a complete Active Directory auditing, reporting and monitoring.

The Latest version of Netwrix Active Directory Change Reporter is 7.2.721 and it is available in two flavors, Freeware and the fully loaded Enterprise Edition. Free version has limited functionality features and can be used for an unlimited time period. Enterprise version has lots of auditing and reporting options which will make the life of an Active Directory administrator easier and allow him to get necessary data right in the finger tips. It can be evaluated free of charge for 20 days.

Netwrix Active Directory Change Reporter tool supports Active Directory starting from Windows 2000, Windows 2003, Windows 2008 and even the latest Windows 2012 Active Directory environment.

Requirements:

It has other basic technical requirements to function.

1. Intel or AMD Processor with Minimum of 2 GHz for 32 bit processor or 3 GHz for 64 bit    processor is recommended

2. Memory 2 GB and above

3. Minimum of 50 GB disk for installation and an addition space for user, event and other necessary logs.

4. Active Directory permission to query an Active Directory

5. SQL server – SQL server 2005 Express Edition or above with an advanced service of SQL server, SQL server reporting tool and permission to generate reports.

6. Group policy management console to audit Active Directory Group Policy.

Required details of the tool can be found below link.

http://www.Netwrix.com/download/QuickStart/Active_Directory_Change_Reporter_Quick_Start.pdf

Native Active Directory tools do not provide a great flexibility to audit Active Directory changes and to report immediately. Raw data generated by the Windows native tools are always difficult to understand, analyze and it is an extremely time consuming process to analyze tons of logs. Most the times it is too late to analyze the logs as they would be overwritten. Netwrix solution for Active Directory Auditing overcomes these problems by saving the data in the SQL server.

There are also agents available for installing on the domain controller and these agents are optional. It helps to compress the data across the network and it is necessary if a change reporting tool is collecting data over the slow network but it should not make much of a difference if you are on a high speed network. Definitely it would be recommended to have agents installed in order to make the best utilization of all available networks.

Netwrix Active Directory Change Reporter also has some supporting tools like Group Policy Change reporter and Exchange Change Reporter. These two go very well with the Active Directory Change Reporter. Group Policy changes are critical and must be executed very carefully. Any mistake in Group Policy changes can have a big impact and not everyone in the organization has permission to modify the Group Policy. Netwrix Group Policy Change Reporter comes in handy to get complete details of the GPO with the details like who made the change, when was it made and also has details about “before and after” values more modified settings.

Exchange Change Reporter is another additional great component. Exchange is one of the business critical application and any downtime will have a major impact on an organization. Exchange Change Reporter keeps track of any addition, deletion, modification of the exchange attributes and generates reports on the changes. It also provides details about “before and after” values. The tool supports the earlier version of an exchange like the Exchange 2003, 2007 and 2010. The latest version of the Exchange Change Reporter supports Microsoft Exchange Server 2013 environment, which is one of the latest promising product of Microsoft.

­­­­­­Let’s understand some of the features of Netwrix Active Directory Change Reporter and what it can do for us.

It provides in-depth change details about every Active Directory object, its attributes and also includes security changes. Changes can be addition, deletion or modification of Active Directory objects and It includes complete details like, who made the changed, what was changed and where.

It provides a real time reporting where an administrator or the security team can be notified with an email or SMS immediately after the change is detected. It also integrates with Microsoft SCOM using SCOM Management pack which captures Active Directory data and feeds into the SCOM for reporting and alerting. It also provides flexibility to integrate with other third party reporting tools available in your organization.

All reporting information is stored in SQL Server, where an administrator can manually query, generate custom and automated reports. Reporting is one of the key features and it can generate some predefined reports for the purpose of compliance regulations like SOX, HIPAA, GLBA, and FISMA. As these regulations require storing the data for later review the tool provides the long-term storage option. These long-term storages can be also at different servers other than the SQL server. By default, the long-term audit archiving is done for 24 months and these settings can be changed, if required. It can also generate daily reports with all the change details performed during the previous day. The product provides an administrator with a console view and gives a great flexibility to query and generate reports with ease.

Any kinds of accidental changes have to be rolled back immediately and this tool provides option to roll back all accidental or unwanted changes using roll back wizard. Performing this kind of roll back/restore operation using native windows tool is cumbersome and has many limitations. This tool performs a smooth, quick and an easy roll back from all kinds of accidental or unwanted changes. This overcomes any downtime, security risk or ill effects caused due to accidental changes.

It can be easily installed on any workstation with latest Windows OS like Windows 8 or on a server OS like windows 2012. It just has to be setup once and it runs forever. It can query and manage multiple domains from a single installed machine and can even manage multiple domains with its own unique settings. This gives lot of flexibility to manage and modify the settings based on the business requirement.

It provides an easy option to query and generate default and custom reports from the management console. It has got all necessary filters like timelines (from-date and to-date), types/kind of changes, where the changes were made and it also provides an option to specify an individual domain and individual forest. It has a great flexibility, which helps to get any data from any domain and any forest within no time. Finally, once you have all the data in the report then it can be easily exported into CSV, Excel, PDF, Word or even a Tiff format.

Reports come in an easy understandable format with color coding. Actions like adding, removing, modifying all highlighted with different colors. Most importantly, it gives clear information on who made these changes, when they were made and what was done. With this you can find all the necessary data/reports from one location and you really don’t have to depend on multiple logs or have in-depth knowledge to analyses and understand the logs from different locations.

Active Directory snapshot is one of the best features of this tool. It takes Active Directory snapshot at multiple points and keeps it in the database. It helps to look back at a specific AD object and what settings were in the past. These details can be viewed through reporting custom queries and these come under an advance reporting tool that requires some configuration before using it.

Real-time altering is one of the key components for any reporting tool to notify on any critical changes. By default Netwrix Active Directory Change Reporter provides the real-time alerts option for the below mentioned groups and you can also add more users or groups, if necessary.

· Changes to Admin Group

· Changes to Domain Configuration

· Changes to any Active Directory Object

These real-time alerts can be sent via email or a text message right to the mobile device.

Netwrix Active Directory Change Reporter is very easy to install and configure. It needs some necessary configurations to function as required and these configurations can be made easily using wizards. Supported by other tools like Group Policy Change Reporter and Exchange Change Reporter it provides a great management option for IT administrators and security team. It will save a lot of time and energy of the administrator helping to avoid writing custom scripts or manual/LDAP queries to get the data for auditing or management purposes.

With this, I would like to finish my article saying that “Netwrix Active Directory Change Reporter is a great tool which is helpful for IT administrators and security teams”.

Use this link download Netwrix Active Directory Change Reporter: http://www.netwrix.com/active_directory_change_reporting_freeware.html