Configure GALSync (ILM 2007 SP1) Between Exchange 2007 Cross forest

December 3, 2009Krishna - MVPExchange 2007, ILM 2007 SP14 Comments

Domain Setup

A Domain
1. One DC with DNS
2. One Exchange 2007 with CAS,HUB and Mailbox Server roles installed

K Domain
1. One DC with DNS
2. One Exchange 2007 with CAS,HUB and Mailbox Server roles installed
3. Windows 2003 for ILM 2007 SP1 – Prereqists Powershell, Exchange 2007 Management , Exchange 2005 – With SP1

To configure Mail flow between forest

1. Configure DNS forwared for A.com and K.Com for DNS resolution
2. Login to ADC and open DNS Services and Properties
3. Forwarders and IP address for K.com

4. Once this is done perform the same steps on KDC and configure forderwares for A.com

5. Then configure forest trust. Open Active Directory Domain and trusts on KDC to configure two way forest trust between two forest

6. Create Internal Send Connector between two exchange forest
http://technet.microsoft.com/en-us/library/bb123546.aspx

7. Create OU for GALsyncronisation in both the domain. Below is the OU Path to dump the contacts from the Target Forest

OU=Contacts,OU=K,OU=GALSyncronisation,DC=A,DC=Com
OU=Contacts,OU=A,OU=GALSyncronisation,DC=K,DC=Com

8. Login to Ksync make sure that you have installed with Powershell 1.0, Exchange 2007 management console and SQL 2005 SP1

9. Install ILM 2007 SP1 default isntallation

10. Open Identity Manager

11. Click on Management Agents and click Create

12. Select Active Directory Global Address List(GAL) and provide the appropriate Name

13. Enter the domain name , forest name and credentials for target domain click next to continue

14. On Configure Directory Partition select Containers. On the Select Containers page, clear the top-level check box for the directory partition, select the containers for which this management agent will gather and store information, and then click OK. Make sure that you point to OU=Contacts,OU=A,OU=GALSyncronisation,DC=K,DC=Com

15.Select the Target path as show below and click on Source to Select the source ou where users , contacts and groups are residing. Make sure that Route mail throught this forest for all the contact from the contacts in this forest and Support Cross-Forest delegation(Exchange 2007 only) is checked

16. Click Next until you get the last page Configure Extention and make sure that you Check Enable Exchange 2007 Provisioning and click finish

17. Create the Similar Management Agent AGAL for sync objects from K domain to A domain. Below is the snap of the Management Agents for both the domain

18. Right click on each of the MA Created above and select run and select blow option one by one
Full Import (Staging Only)
Full Synchronization
Export
Delta Import

19. This completes our Configuration of ILM. Select an Each of the domain to make sure that Contacts are created in the target forest for the respective objects from the source forest

20. Reference Articles

http://technet.microsoft.com/en-us/library/aa998597.aspx

ILMFP1_SS_GalSync

Poweshell to remove all Secondary Email address for given set of users

November 27, 2009Krishna - MVPExchange 2007, PowershellLeave a comment

Below powershell helps to pull out all the secondary email address for the given set of users

Get-Content C:\users.txt|Get-Mailbox | foreach {
for ($i=$_.EmailAddresses.Count;$i -ge 0; $i–)
{
$_.EmailAddresses[$i].ProxyAddressString

if ($_.EmailAddresses[$i].ProxyAddressString -like “smtp:*” )
{
$_.EmailAddresses.RemoveAt($i)
}

}
$_|set-mailbox
}

Send-MailMessage – Exchange 2007 sp2 and Exchange 2010

November 26, 2009Krishna - MVPExchange 2007, Powershell5 Comments

Sending email throught command had multiple steps, now Exchagne 2007 SP2 which works on Powershell V2 has introduced a new cmdlet Send-Mailmessage. Sending email with Send-MailEssage is just single line command Below is the example of the same

Send-MailMessage –From Krishna.k@domain.com –To Rajesh@domain.com –Subject “Send-MailMessage Test” –Body “Send-MailMessage Test” -Attachments “c:\Attachment.txt” –SmtpServer Hubserver.domain

Powershell to Get all the Exchange Services Status

November 26, 2009Krishna - MVPExchange 2007, PowershellLeave a comment

Powershell check can pull all the Exchange Services status runing on the exchange 2007 Servers

$Exchserver = “<Servername>”
$ExchServices = (gwmi -computer $Exchserver -query “select * from win32_service where Name like ‘MSExchange%’ or Name like ‘IIS%’ or Name like ‘SMTP%’ or Name like ‘POP%’ or Name like ‘W3SVC%'”)
$Services = @()
Foreach ($Service in $ExchServices){
$Service.Caption
$Service.Startname
$Service.StartMode
$Service.State
}

Powershell to check last window login time on all user accounts who has mailbox

November 13, 2009Krishna - MVPExchange 2007, PowershellLeave a comment

Powershell to check last window login time on all user accounts who has mailbox in Exchange Server. Below commands need to be executed on the Activel Roles cmd Shell. Its using Get-QADUser to find all the required details

Get-QADUser -IncludeAllProperties |?{($_.msexchhomeservername -ne $null) -and $_.LastLogonTimestamp -lt (get-date).AddDays(-30)} | select name,LastLogonTimestamp

Powershell to formally disable user accounts who have left Orginization

November 11, 2009Krishna - MVPActive Directory, Exchange 2007, PowershellLeave a comment

When user leaves orginization administrators make sure that account is disabled and its marked for deletion. Delection can happen once in 15 days or 1 month. We may need to perform series of steps for disabling the account

eg. Disable Account, Move Object to Disabled Account OU, Hiding from GAL, removing Group members, 0 ing send and receive limits.

Below powershell script helps to perform the same. It uses both Exchange commands and Quest Active roles command lets. We need to add the snapin to execute the code.

Add-PSSnapin Microsoft.Exchange.Management.PowerShell.Admin
Add-PSSnapin Quest.ActiveRoles.ADManagement
$AName = Read-Host “Enter User Alias name for Disable”
$AName | out-file -filePath E:\users.txt
foreach ($user in (get-content E:\users.txt)){(get-qaduser $user).memberof | Get-QADGroup | where {$_.name -ne “domain users”} | Remove-QADGroupMember -member $user}
Move-QADObject $user -NewParentContainer “domain.com/Disabled Accounts”
Disable-QADUser $user
Set-Mailbox $user -HiddenFromAddressListsEnabled $true -UseDatabaseQuotaDefaults:$False -issuewarningQuota 0MB -ProhibitSendQuota 0MB -ProhibitSendReceive 0MB

Below location has copy of the code

http://powershell.com/cs/members/smtpport25.wordpress/files/DisableUserAccounts.ps1.aspx

Powershell to Hide from GAL on all Disabled Mailbox

November 11, 2009Krishna - MVPExchange 2007, PowershellLeave a comment

Normally when ever user leaves orginization his account will be disabled and Hidden from GAL. Some times chances that users are just disabled and not hidden from GAL. Where is the script which pulls out all the mailbox which are in Accountdisabled state and it hides the account from the GAL

Get-Mailbox -ResultSize unlimited |Where{($_.UserAccountControl -like “AccountDisabled*”)} | set-mailbox -HiddenFromAddressListsEnabled $true

Windows Password Change Notification Script

November 4, 2009Krishna - MVPExchange 2007, VB Scripts, Windows 20084 Comments

If your orginization has users who is working outside office network and they normally access email through pop3 then chances that they do not have any notification on password change. This script helps to intimate the give list of users to change the password.

Please find the copy of the script in the below link

http://powershell.com/cs/members/smtpport25.wordpress/files/PasswordChangeNotification.txt.aspx

Powershell to send email with delivery notification enabled

October 28, 2009Krishna - MVPExchange 2007, Powershell1 Comment

Powershell to send email with delivery notification enabled. Once mail is delivered to the recipient mailbox and delivery notification mail will be sent to the sender mailbox. Below powershell help you to atchive the same

$msg = new-object Net.Mail.MailMessage
$smtp = new-object Net.Mail.SmtpClient($smtpServer)
$msg.Headers.Add(“Disposition-Notification-To”, “from@domainname.com”)
$msg.DeliveryNotificationOptions = “OnSuccess”
$msg.From = “from@domainname.com”
$msg.To.Add(”to@domainname.com”)
$msg.Subject = “Make the Delivery Recipt Work Please”
$msg.Body = “In a perfect world this email will generate a delivery receipt”
$msg.Attachments.Add($att)
$smtp.Send($msg)

Powershell to Settup ManagedFolderAssistantSchedule in all Exchange 2007 Mailbox Servers

October 15, 2009Krishna - MVPExchange 2007Leave a comment

The managed folder assistant is a Microsoft Exchange Mailbox Assistant that creates managed folders in users’ mailboxes and applies managed content settings to them. When the managed folder assistant is running, it processes all of the mailboxes on a server. If the managed folder assistant does not finish processing the mailboxes on the server during the time that you have scheduled, it automatically resumes processing where it left off the next time it runs. There is one managed folder assistant for each server

Get-ExchangeServer | Where { $_.AdminDisplayVersion.ToString().SubString(0, 10) -eq “Version 8.” `

-and $_.ServerRole -eq “Mailbox” } |

ForEach { Set-MailboxServer -Identity $_.Identity `

-ManagedFolderAssistantSchedule “Sun.1:00 AM-Sun.3:00 AM”, `

“Mon.1:00 AM-Mon.3:00 AM”, “Tue.1:00 AM-Tue.3:00 AM”, `

“Wed.1:00 AM-Wed.3:00 AM”, “Thu.1:00 AM-Thu.3:00 AM”, `

“Fri.1:00 AM-Fri.3:00 AM”, “Sat.1:00 AM-Sat.3:00 AM” }

http://technet.microsoft.com/en-us/library/bb123958.aspx

Shameless Null Neutrality

Microsoft Exchange & OWA Resources, Information – Optimize, Support, Manage | How-To | Guides | Reference | Admin

Category Archives: Exchange 2007