Category Archives: Exchange 2007

Office 365 Hybrid Configuring Using Windows Azure – Part 2

Exchange 2007, Exchange 2010, Exchange 2013, Office 365Leave a comment

In the first part of the article series, we created new windows Azure LAB, installed and configured a new domain controller and Exchange server. We also created additional windows 2012 Azure servers for ADFS, ADFS Proxy and Directory synchronization (DirSync). ADFS (Krisadfs.cloupdapp.net) and Dirsync (krisdrisync.cloudapp.net) are joined to the windows domain ‘checkwhatsin.com’. ADFS Proxy (krisadfsproxy.cloudapp.net) is not joined to the domain, since it is designed to be placed in DMZ

Office 365 Hybrid Configuring Using Windows Azure – Part 1

Office 365 Hybrid Configuring Using Windows Azure – Part 3

Office 365 Hybrid Configuring Using Windows Azure – Part 4

Office 365 Hybrid Configuring Using Windows Azure – Part 5

Office 365 Hybrid Configuring Using Windows Azure – Part 6

In this part of the article series, we will perform the activities shown below to configure Single Sign on (SSO). With single sign-on (SSO), users in your organization will be able to use their corporate credentials to access the Office 365 service offerings, thereby, removing the burden of managing multiple logon identities and passwords. Without an SSO, an Office 365 user would have to maintain separate user names and passwords.

I. Installation and configuration of ADFS server

II. Installation and configuration of ADFS proxy server

Installation and configuration of ADFS server

Active Directory Federation Services (AD FS) is a server role in Windows Server that provides Web single-sign-on (SSO) technologies to authenticate a user to multiple Web applications over the life of a single online session. At the outset, we need to create a service account before configuring Exchange

1. Login to the Krisadc.cloudapp.net with the domain admin credentials

2. Using Active Directory users and computers, Create a new service account to configure ADFS federation server and set password never expires

Account name: svr-federation

3. Access DNS Manager and create a new ‘A’ record to point to the internal IP address of ADFS server.

4. Login to ADFS server Krishadfs.cloudapp.net with the domain credentials

5. ADFS server needs a Third Party CA Certificate. Since, we already have wild card certificate configured on the Exchange server, we will have to simply export it from the exchange server and import into the ADFS server

Export the wildcard certificate with the private key from the Exchange 2013 server and copy to the root (C:\) directory of the server krisadfs.cloudapp.net

6. Start the PowerShell on the server krisadfs.cloudap.net and execute the command given below. Type the certificate password which had been used to export the certificate. Given below is the command that imports the certificate into the local computer personal certificate folder

Certutil.exe –f –importpfx c:\checkwhatsin.pfx

7. Install Active Directory Federation Server is as simple as running a PowerShell command. Execute the below PowerShell cmdlet to install ADFS server

Add-WindowsFeature ad-federation-services

8. ADFS server need to be configured once is it installed. Start Server manager and click on the amber symbol -> click on ‘Run the AD FS management snap-in’ to configure it.

9. It will open a new ADFS Snap-in page. Click on “AD FS federation server configuration Wizard” to start the configuration wizard.

10. To create new federation service, select ‘Create a new Federation service’ on the welcome page and click on ‘Next’

11. Select ‘New Federation Server Farm’ on the Development type page and click on ‘Next’

12. At the Federation Service Name page, select the SSL certificate as ‘Checkwhatsin’ and provide the Federation service name as ‘sts.checkwhatsin.com’ and click on ‘Next’

13. Input the ADFS service account ‘checkwhatsin\svr-federation’ and password at ‘Specify service Account’ page and click on ‘Next’

14. Verify details at the summary page and click on ‘Next’ to start the installation

15. Wait for the installation to be completed and make sure that the entire component configuration is finished and click on ‘Close’ to finish the installation.

16. To validate the successful installation, click on the below link and make sure you get the page displayed below image on the Internet Explorer

https://sts.chekcwhatsin.com/FederationMetadata/2007-06/FederationMetadata.xml

With this we have created and configured ADFS server and it is ready to use.

Installation and configuration of ADFS proxy server

The AD FS 2.0 Proxy is a service that brokers a connection between external users and internal AD FS 2.0 server. It acts as a reverse proxy and typically resides in your organization’s perimeter network (aka DMZ). Since the Krisadfsproxy.cloudapp.net is not a domain joined computer, it does not know to resolve nodes at the internal network. We need to create a host entry to resolve internal ADFS server.

1. Login to Krisadfsproxy.cloupdapp.net using the local admin credentials

2. Create a manual host entry to connect to point to the AD FS server

Access the ‘Hosts’ file using the notepad from the path C:\Windows\System32\drivers\etc\. Add a new entry to point to the ADFS server IP address with domain name sts.checkwhatsin.com

.

3. ADFS Proxy server also needs a Third Party CA Certificate. Since, we already have wild card certificate on the Exchange server, we will just need to export it and configure on the ADFS server

Export the wildcard certificate with private key from the Exchange 2013 server and copy to the root (C:\) directory of the server krisadfs.cloudapp.net

4. Start the PowerShell on the server krisadfsproxy.cloudapp.net and execute the below command. Type the certificate password which was used to export the certificate. Shown below is the command that imports the certificate into the local computer personal certificate folder

c:\KrishnaCertutil.exe –f –importpfx c:\checkwhatsin.pfx

5. Configure the Imported certificate on the Internet Information Service (IIS) Manager

a. Start IIS from the control panel, select ‘Default Web Site’ and select ‘Bindings’ on the action pane

b. Click on ‘Add’ to add a new site binding. Make sure to select the type as “https” and “Checkwhatsin” for SSL certificate and click on “OK”.

c. Click on “Close” to finish the IIS configuration

6. Install ADFS proxy using the below PowerShell cmdlet

Add-WindowsFeature ADFS-Proxy

7. Post installation of ADFS Proxy, it needs to be configured. Start ‘Server Manager’ and click on the amber symbol and select ‘Run the AD FS Federation Server Proxy Configuration’

8. On the Welcome page of ‘AD FD Federation Server proxy configuration wizard’ click on ‘Next’

9. Specify Sts.checkwhatsin.com as the Federation Server name and click ‘Test Connection’ to get connection successful status. Click on ‘Next’ to continue

10. Input the ADFS service account credentials at the windows security credentials pop up and click on ‘OK’ to continue.

11. Verify the settings on the ‘Ready to Apply Page’ and click on ‘Next’ to start the configuration

12. Verify the ‘configuration results’ page with the successful completion status and click on ‘Close’

13. Since ADFS proxy server is the internet facing server and ADFS server is configured using STS.checkwhatsin.com as federation name. We need to create a CNAME record at DNS for STS.checkwhatsin.com to point it to ADFS proxy server ‘Krisadfsproxy.cloudapp.net’.

Below is the reference snap from Go Daddy DNS.

With this we have created and configured ADFS and ADFS Proxy server. We have also made all the necessary changes in configuration so as to deploy SSO.

In the next part of the article, we will be completing the configuration of SSO and Directory Sync between Office 365 and on-premises exchange server.

Office 365 Hybrid Configuring Using Windows Azure – Part 1

Office 365 Hybrid Configuring Using Windows Azure – Part 3

Office 365 Hybrid Configuring Using Windows Azure – Part 4

Office 365 Hybrid Configuring Using Windows Azure – Part 5

Office 365 Hybrid Configuring Using Windows Azure – Part 6

Office 365 Hybrid configuring using Windows Azure – Part 1

Exchange 2007, Exchange 2010, Exchange 2013, Office 365Leave a comment

A hybrid deployment provides a wonderful experience for your Office 365 deployment. It enables users to have mailboxes in your on-premises Exchange Server environment and Office 365; find one another in the global address list (GAL); share calendar; send or receive; and reply to emails, regardless of the system your mailbox.

Simulating Office 365 with Hybrid configuration and testing can be a bit challenging, unlike an exchange 2013 lab, where you build a new virtual machine, install exchange 2013, configure it and play. Office 365 hybrid configuration has certain requirements like Office 365 account, certificates, public facing on-premises Exchange, ADFS, Public facing ADFS proxy server etc.

A majority of organizations is now looking for Hybrid solution for the interesting features it offers and has become a mandatory skill set for the Exchange administrator. Microsoft offers 30 days free Office 365 Enterprise E3 account and free 30 days Widows Azure trail with a $200 credit to create and configure virtual machines. In addition to the specified trial accounts, you also need the following listed particulars to start and build your own Office 365 – Exchange 2013 Hybrid lab environment using Windows Azure

1. Domain name: Register a domain name using ‘Go daddy’. We would need to own and manage a domain DNS. You can register a domain from any ISP. With Office 365 and Go daddy, some of the DNS registration has been made automated. In this lab, we will be using the domain name “CHECKWHATSIN.COM” which is registered using Go daddy.

2. Third Party SAN Certificate: A Third Party SAN certificate is required for Exchange server and Federation server. The certificate has to match the registered domain name. We can use SAN certificate with multiple SAN or a wildcard certificate. In this lab, we will be using wild card certificate with the name – *.Checkwhatsin.com

In this first part of the article series, you will perform the tasks given below:

I. Creating and configuring Exchange On-premises Serves at Windows Azure

II. Registering and configuring Office 365 trial account

Other part of the articles are be found below

Office 365 Hybrid Configuring Using Windows Azure – Part 2

Office 365 Hybrid Configuring Using Windows Azure – Part 3

Office 365 Hybrid Configuring Using Windows Azure – Part 4

Office 365 Hybrid Configuring Using Windows Azure – Part 5

Office 365 Hybrid Configuring Using Windows Azure – Part 6

Creating and configuring Exchange On-premises Serves at Windows Azure

1. Create a Windows Azure Trail account

2. Login to the Azure portal and create:

  • A new Affinity Group
  • A new Storage and link to the affinity group
  • A new virtual network 3. Create two “SMALL” VM’s for Domain Controller and Exchange 2013 server with base OS Windows 2012. Shown below is the screen shot of the lab with the server named Krisdc01.cloudapp.net and KrisExch01.cloudapp.net. These are the names used to connect from internet.4. Promote the new domain controller on server Krisdc01.cloudapp.net with the new domain name ‘CHECKWHATSIN.COM’ 5. Join the server KrisExch01.cloudapp.net to the domain ‘CHECKWHATSIN.COM’ 6. Install and configure new Exchange 2013 on the server KrisExch01.cloudapp.net7. Once the Domain Controller and Exchange is installed and configured, we need to configure DNS with MX and CName record.

    8. Login to Go daddy DNS manager for checkwhatsin.com

    9. Create a new MX record to point to KrishExch01.cloupdapp.net to allow users to send and receive email from internet

    10. Create a new CName for mail.checkwhatsin.com to point to KrisExch01.cloudapp.net. This is to allow users to connect to Outlook Web App (OWA) from internet.

    11. Create a new CName record for autodiscover.checkwhatsin.com to point to KrishExch01.cloudapp.net. This is to allow users Internet users to perform autodiscover for client configuration.

    12. Once the DNS is registered, we should be able perform the autodiscover and other test using Microsoft Remote Connectivity Analyzer below

    13. Create new 3 additional “SMALL” VM with Windows 2012 OS for Active Directory Federation Server (ADFS), Active Directory Federation Server Proxy (ADFS Proxy) and Directory Sync (DirSync) Server role. Below is the Windows Azure virtual machines with three additional VM – Krisadfs.cloupapp.net, KrisAdfsproxy.cloudapp.net and Krisdirsync.cloudapp.net

    Registering and configuring Office 365 trial account

    1. Connect to the below Office 365 URL to register for a new Office 365 Enterprise E3 account

    http://office.microsoft.com/en-in/business/compare-office-365-for-business-plans-FX102918419.aspx

    2. Provided all the necessary administrator account information

    3. Provide the account and the domain name to register. Verify your phone number by sending a txt message or call and click on “create an account”.

    4. Below is the first look of Office 365

    5. Click on the setup on the left ribbon and click on “Add domain”

    6. Click on Start Step 1 to specify the domain name and confirm the ownership

    7. Input the domain name as ‘Checkwhatsin.com and click on ‘Next’

    8. For auto DNS configuration, click on “Confirm Ownership”.

    9. It connects the Go daddy with the credentials

    10. Click on “Accept” to allow Office 365 to create the new TXT record for the domain ‘Checkwhatsin.com’ and to confirm the ownership.

    11. This completed the domain verification process and click “Finish” to return to the main screen

    12. We can verify again by clicking on the ‘setup’ on the left bar to see checkwhatsin.com is added and status is ‘domain verified’.

    13. We can also verify the TXT record entry created by Office 365 at the Go daddy DNS for the domain ‘Checkwhatsin.com’. Login to Checkwhatsin.com DNS manager to view the TXT entry for Office 365 validation.

    14. From the above point 12, we still have the setup to continue. Click on complete setup to get the below page and click on “Start Step 2”

    15. Select “I don’t want to add users right now” and click on Next

    16. Since we will be configuring ADFS and single sign-on (SSO), we need the hold the Step 3 and revisit this part at the Part 3 of the article.

    With this we have created and configured on-premises Exchange 2013 using windows Azure and also created the Office 365 trail account with the addition and configuration of new domain checkwahtsin.com.

    In the next part, we will be creating and configuring ADFS and ADFS proxy servers which is deployed with the name KrisADFS.cloudapp.net and Krisproxy.cloudapp.net

           Other part of the articles are be found below

Office 365 Hybrid Configuring Using Windows Azure – Part 2

Office 365 Hybrid Configuring Using Windows Azure – Part 3

Office 365 Hybrid Configuring Using Windows Azure – Part 4

Office 365 Hybrid Configuring Using Windows Azure – Part 5

Office 365 Hybrid Configuring Using Windows Azure – Part 6

CodeTwo Exchange Migration

Exchange 2003, Exchange 2007, Exchange 2010, Exchange 2013Leave a comment

CodeTwo Exchange Migration tool is one of the great products from CodeTwo, which allows us to migrate Exchange mailboxes from one version of Exchange to the other version of Exchange. It can be a direct migration from Exchange to Exchange or from the SBS to Exchange and can be used in exchange cross-forest scenario as well. It also supports to migrate from non-Microsoft products like Google apps or Gmail to Exchange servers. It is easier and faster to use; and safer to migrate exchange in the below supported scenario.

· Exchange 2003, 2007 to Exchange 2010 migration

· Exchange 2003, 2007 to Exchange 2013 migration

· Exchange 2010 to Exchange 2013 migration

· Google Apps to Exchange migration

I think the most interesting feature is the support for cross-forest migration. Cross-forest migration using traditional tool it more complex, tedious and can be extremely slow and time consuming.

In this article we will perform cross-forest migration using the CodeTwo Exchange Migration tool. Normally, organizations perform cross-forest migration when there is a merger or acquisition, a security reason or when leaving the old environment and when starting a fresh one, etc.

Our lab environment consists of two forest Green.com – Source forest and blue.com – Target forest, which allow users to migrate from source forest to target forest.

As part of the migration, we need to prepare our environment to perform the cross-forest migration. Given below are the configurations necessary between the two forests which help to perform the smooth migration.

1. Configure DNS resolution between green.com and blue.com

2. Configure Trust between the two forests, green.com and blue.com

3. Configure the mail flow between source to target using the send and receive connectors

4. At the green.com domain, change the accepted domain as an internal relay to make sure that emails continue to be received even after the migration of mailbox to blue domain.

5. Configure Free busy sharing between blue.com and green.com

6. Configure GAL Sync between blue.com and green.com

7. Install and Configure ADMT and password export server which will export the password to the target account after user account migration.

8. Migrate users AD account from source to Target forest using ADMT

9. Finally, enable the mailbox for all the migrated users at the target forest. This can be done using PowerShell or using Exchange management console.

 

We are almost done with the environment configuration. Next, install CodeTwo Exchange Migration tool on any machine on the source forest with the necessary prerequisites:

Given below are the step by step instruction to configure CodeTwo Exchange migration tool and migrate the users to the target forest.

1. Login the machine where Exchange migration tool is installed with the Domain admin account

2. Run “ Exchange Migration Administrator Panel” from the start menu

3. Source server connection wizard helps to connect to the source forest. Select the option “on-Premises” Exchange server and click on Next

4. Select the Exchange 2010 server from the green.com (source) forest and make sure to select the Administrator account which has necessary permission to enumerate mailboxes in the source forest and then click on “Next”

5. Select the necessary folder for migration and by default, most of the folder is selected except the junk folder. Keep the default settings and click on “Next”

6. “Email address rewriting” has to be checked when mailbox has to be migrated to the different forest, it rewrites the email address based on the target forest. Since the new forest has a different domain and its email address is different, these settings are mandatory.

7. Finally, verification checks the source server connection and validates administrator account for the necessary permission and group membership.

8. Target server connection helps to connect to the target forest servers.

9. I would prefer to connect manually using FQDN of the Target exchange 2010 server. Exchange Web service URL (EWS URL) gets auto filled based on the target exchange server name and click on “Next”. EWS URL is necessary to connect and access the mailbox during the migration.

10. Enter the User Principal Name (UPN) and password of the target forest administrator account at the Admin’s credentials, and click on “Next”

11. Final verification allows us to validate the target server connection, impersonation rights to access the migration mailboxes through PowerShell.

With this we are almost ready to start the migration. Identify the source mailbox which you want to migrate and associate it with the new target mailbox in the CodeTwo Exchange Migration Administration panel. Association can be done both manually and automatically. Manually, you can select the source mailbox from the list and then highlight target mailbox in the window. This process is painful, when you have larger number of users to migrate. Automatically, association can be done by selecting all the users and click on Automatch button on the Administration Panel’s ribbon. This automatically matches the all the users account from the source forest to the target forest and generate the report for the reference. Once the association is done, you can start the migration. By default, it can only migrate two mailboxes at a time and this count can be increased by modifying the settings at the administration panel.

I personally feel I like the tool and it helps me to perform migration tasks in a simpler, easier and more effective way than using the traditional migration tool. It has a simple GUI which helps the administrator to perform the operation much easier. Again, it supports various migration scenario and even perform the direct upgrade from Exchange 2003 to Exchange 2013. It voids any kind of caveats which occur during the migration and also avoids the complexity of two step migration. CodeTwo also has a great support team which can help us to address any queries, issue or problem whenever there is a situation

Download CodeTwo Exchange Migration

 

 

Product Review – Lepide Exchange Reporter Tool

Exchange 2003, Exchange 2007, Exchange 2010, Exchange 20131 Comment

Lepide Exchange Reporter Tool is the proactive tool for the Exchange administrator. It provides some good reports to monitor the exchange environment and proactively helps administrators to keep the environment healthy and secure. Let’s delve deep into understanding some of the greatest features it offers.

The trial version of Lepide Exchange Reporter tool can be downloaded from the Lepide Website, which supports all legacy versions right from Exchange 2000, Exchange 2003, Exchange 2007, Exchange 2010 and to the latest version of Exchange 2013. It is a simple installable tool which can be installed on any server or client OS with the mandatory requirements demanded of outlook and SQL server. The requirement of the Outlook and SQL server versions needed to suit Exchange environment can be found at the download link given above.

The Lepide Exchange Reporter Tool generates various reports and has been divided as follows:

· Dash View

· Report View

· Mailbox Folder

Let’s get into each of these reports in detail to understand what it is able to provide its Exchange Administrators.

DASH VIEW

The Dash View provides some quick summary view for the administrator to get the following information:

1. Top 5 senders by number of the messages.

2. Top 5 receivers by number of messages.

3. Information Store by EDB and STM Size.

4. Information Store by Mailbox store and Public folder size.

5. Top 5 mailboxes by size.

6. Top 5 OWA users by usage count.

Figure 1. Dash View

REPORT VIEW

The Report View provides detailed information about the exchange environments, which we may need to focus more here. This report view is further divided into three parts: Email flow, OWA Report and General Report.

Email Flow

The Email Flow report is generated from the message-tracking logs and archives all the history log information into the SQL database. The email flow information queries can be filtered on the basis of the required time stamp.

It has mail flow information based on the user, subject, receivers’ and senders’ messages from within and outside an organization. This information can be sorted based on their date and size. Shown below is a reference snap shot.

OWA Report

The OWA Report is one of the important components of Exchange since many of the remote clients can connect OWA through Web browser in order to access their emails. Since these OWA connections majorly come from the internet, it is important to closely monitor them. For instance, sometimes, cyber attaches can happen over OWA, which in turn can adversely affect a user’s access.

The OWA Reports includes information of heavy OWA users, clients and server computers sending high OWA request and download the maximum data.

General Report

The General Report has a lot of information, which is necessary for day-to-day activities and can also be used for upgrades or transitions. It generates many reports, such as:

Directory Reports

It has detailed information of every user’s mailbox, distribution group and other directory objects in the organization.

Message Delivery Reports

It has detail information on every message sent/received in an organization. It also keeps track on the time taken for the message delivered to the target recipient.

Mailbox Information Reports

It provides detail information about every mailbox in an organization. It has information on each and every mailbox’s permission, rules, folder size, item age graph, item size graph, attachment per mailbox, etc.

I found this part to be informative, and hence it is imperative for users to take note on this. Shown below is the reference snapshot.

Mailbox Traffic Reports

It has detailed information on the daily traffic, mailbox-traffic growth, traffic between users and other such useful data.

Shown below is a reference snapshot.

Outlook Web Access

Outlook Web Access has important information to perform the strategic decision on the usage. It has information on the hourly and daily usage and also has information based on every OWA user.

Public Folder Reports

Monitoring public folders is very important to keep them in control. Many organizations do not monitor public folders and these folders grow enormously over a period of time. Public folder reports provide vital information like growth graph, along with the size, content, permission and restriction of the public folder.

Server Traffic Reports

Server Traffic Reports help to understand an email sent from and received of every domain based on the count and also has the traffic comparison graph between the domains.

Given below is the reference screen shot.

Storage Reports

Storage Reports have the most important report to keep the storage growth under control. Generally after the initial build of an Exchange server, expansion of storage is not easy. Sometimes there can be limitation of expansion slots or companies may not have the budget for expansion. Sometimes database grow enormously over a period of time for various reasons. Storage reports helps to provide information on Mailbox size growth graph and Information store size growth graph. Monitoring these reports will help to predict the data growth to plan for the expansion. They also help in identifying abnormal mailbox growth.

Mailbox Folders

Mailbox folders are the last report on Lepide Exchange Reporter tool which help administrators to access public folders and content of various mailboxes. It allow administrators to review the details of every mailbox folder and generate a report in the easy understandable format. For instance, report can be filtered on the basis of its date; and exported in various standard formats like CSV, PDF, and DOC etc. These reports are great helpful when huge amount of data needs to be tracked and it’s generate the report with all the minute change in the exchange mailboxes. For example sometimes we may wanted to get the report of mailbox size and its growth or unused mailboxes.

Majority of the reports from this tool are generated from the SQL Server, which is installed along with this tool. This help to generate various history report, where logs are no longer available on the Exchange servers. It scans all the necessary logs from the Exchange servers on the regular basics or based on the schedule time and updates into the SQL servers. Logs Scan schedule can be configure to run “Full Scan” once and incremental scan for the next consecutive runs.

Various logs it scans from the Exchange servers are:

· Messaging Tracking logs

· IIS Logs

· Information Store

· Mailbox Information

In my opinion, Lepide Exchange Reporting tool (http://www.lepide.com/exchange-reporter/) is an excellent tool which can help administrators to keep the environment under control and help in generating various reports for the management, as and when required, without writing any complex scripts. This is a tool that needs to be configured once and schedule it to collect reports on a day-to-day basis in order to generate a customized report, whenever needed. The reports, thus generated, can also be used for sizing, when you are upgrading your Exchange environment to a higher or to the latest versions of Exchange.

Why Exchange Server backups are important

Exchange 2003, Exchange 2007, Exchange 2010, Exchange 2013, Office 365, Windows 2012Leave a comment

Most of the business communications are these days carried out through emails. Even in the organizations that have full-fledged enterprise level CRM system in place, many sales related communications takes place through emails, particularly in the initial phase. Many of the emails contain critical client related information as email attachments that can be required anytime in the contract phase. Hence, Exchange Server data protection should be of primary importance for all the Exchange Server administrators.

When it comes to Exchange Server data protection, there are different measures that you can take. All these measures can be broadly classified into two parts based on the approach: pre-emptive measures where you try to prevent the occurrence of a disaster situation that can put the data to risk; and reactive measures where you make provisions after a disaster has struck.

Here we will discuss how backups can be a used a very effective methods to deal with any unforeseen circumstances. Exchange Server backups can be used in any of the following situations:

To recover from disaster situation: If your Exchange environment experiences a hardware or software failure, Exchange Server backups can help you to restore to a point-in-time with zero loss of data.

Recover any accidently deleted item: If any User deletes an email item accidentally, it can be restored from the correct backup. With Exchange 2013, the recovery of accidentally deleted items is even faster with Recoverable Item folder and the Hold policy that can be applied to it.

Uphold Compliance: Compliance requirements require you to archive email data for extended period of time. Backup is an excellent way to archive email communication to satisfy compliance requirements.

With Exchange 2013, many such features have been decentralized and even end Users can archive, perform granular recovery and search across mailboxes.

Let’s see what all options are available to backup Exchange Server data:

Normal backup: Normal backup process backups the entire Exchange Server and directory in its entirety. The log files are also backed up. You can restore mailboxes from just a normal backup.

Creating a Copy: A Copy backup is similar to the normal backup without the incremental and differential context. It can be used to backup the entire Exchange Store without disturbing the state of any incremental or differential backups that might be going on.

Incremental: This type of back up only backups the components that have changed since last normal or incremental backup. To restore from an incremental backup, normal backup and all incremental backups created in between are required.

Differential: This kind of backup captures the changes that have occurred since last normal backup and the current state. To restore from this kind of backups, one normal backup the specific differential backup is required.

While recovering data from backups, you may require to setup a recovery server apart from the production Exchange Server; this causes additional cost for setting up an expensive recovery server. There are some third-party software that can restore data directly from backups, thus doing away the need of recovery server and save significant cost. Lepide Exchange Recovery Manager is a third-party application that can be tried in such situations.

Migrate from Exchange 2010 to Exchange 2013

Exchange 20072 Comments

Microsoft has released the latest cumulative update 2 (CU2) of Exchange Server 2013. I believe it is the right time for an organization to start planning to migrate Exchange 2010 to Exchange 2013.

Below article should give you the quick idea on how to migrate from Exchange 2010 to Exchange 2013 environment in the production environment.

How to migrate Exchange 2010 to 2013 – Part 1

 

How to migrate Exchange 2010 to 2013 – Part 2

Hope you like this article 😉

ENow Management System 6.0 Delivers Exchange 2013 and Lync Support

Exchange 2007Leave a comment

Media Contact:

Shawn Gundotra

(951) 268-7015

Email: info@enowinc.com

Website: www.enowsoftware.com

 

Corona, CA- August 13, 2013 – ENow, a Silver Microsoft Independent Software Vendor, specializing in the development of applications to simplify Microsoft system management, announced the release of EMS 6.0.

The EMS 6.0 release includes many benefits that will make the jobs of Microsoft Exchange and Lync administrators easier while at the same time increasing service availability. Microsoft Exchange 2013 has many improvements and is now being deployed. The EMS 6.0 release now enables Exchange 2013 administrators to proactively monitor and have visibility into their messaging infrastructure. EMS 6.0’s Mailscape module has received over 12 awards in the last 3 years including recently being named best Exchange Administration Tool by MSExchange.org. Mailscape proactively tests all the core messaging components including DAG configuration, external and internal mail flow, OWA, and ActiveSync. The reporting module has over 210 reports including detailed insight on mobile device usage.

Also included in this release is a new module, named UniScope, which provides visibility into Microsoft Lync deployments. Microsoft Lync is an outstanding Unified Communications platform that seamlessly integrates instant messaging, video conferencing, telecommunications and presence information. It enables consumers and company employees to communicate more efficiently and also increase productivity. Lync is being widely adopted and the need to proactively monitor this technology is critical as outages can cost a company thousands of dollars. UniScope proactively tests the core components of a Lync deployment including Front End, Web Conferencing, Mediation servers, end user connectivity, PSTN access and address book downloads.

“Due to our global customer base, we have a broad perspective on what technologies are being adopted.” states Jay Gundotra, CEO of ENow. “Microsoft has done a great job of continually adding useful features to both the Exchange and Lync platforms. As companies roll these technologies out, the dependency upon them grows and so does the need to ensure service availability. Our new additions to the EMS platform enable administrators to proactively manage both Exchange and Lync from a single dashboard.”

The ENow Management System is a monitoring and reporting platform which is currently used in over 50 countries by enterprise companies, including Facebook, NYSE, DirecTV, Blue Cross Blue Shield, Wendy’s and Advanced Auto Parts. The EMS platform features a dashboard with red, yellow, and green lights indicating the health of each monitored server. The solution enables IT support staff to proactively monitor servers in real time and avoid costly outages. It also provides administrators with deep reporting capabilities for Exchange, Office 365, BlackBerry, Active Directory, Lync and SharePoint servers.

About ENow

ENow is a Microsoft Silver Independent Software Vendor focused on helping companies implement the latest Microsoft technologies and developing software tools to simplify the job of an IT administrator. The ENow Management System (EMS) is an award winning platform that provides a dashboard view of Exchange, BlackBerry, SharePoint and Active Directory servers. For more information, call 1-877-TRY-ENOW, email us at info@enowsoftware.com, or visit us at www.enowsoftware.com.

Bangalore User Group Event

Exchange 2007Leave a comment

Please register for the Bangalore User Group Event using the below link,i will be taking a session on Exchange 2013 Role requirements Calculator.

http://bitprojuly2013.eventbrite.com/

Event Details

This is a Bangalore IT Pro and PowerShell Bangalore User Group combined UG meet.

Agenda for this meet is as follows:

10.00AM – 10.15AM – Registrations and Welcome note.

10.15AM – 10.45AM – PowerShell for Beginners – Deepak Dhami

10.45AM – 11.15AM – Introduction to Exchange Calculator – Krishna Kumar

11.15AM – 11.30AM – Break

11.30AM – 12.00Noon – PowerShell 4.0 – First Look – Ravikath Chaganti

12.00Noon – 12.30PM – Building GUI for PowerShell Scripts – Vinith Menon

Regards,

Krishna

Netwrix Active Directory Change Reporter

Exchange 2007, Exchange 2010, Exchange 2013Leave a comment

Auditing is one of the most complex activities of the Windows Active Directory. Monitoring the changes and reporting immediately makes it very challenging for administrators. I would say that Netwrix Active Directory Change Reporter is one of the best tools available in the market with comprehensive collection of features to audit changes in Active Directory and report on them. It has a very robust way of checking, if any modification/change was done to Active Directory objects. It uses both Active Directory event logs and also takes the Active Directory snapshot to compare the data and get a consolidated report on who made the changes, what was changed, when and where exactly. These changes are logged into a local database and are stored in the SQL server for reporting purposes. It is a unified solution for a complete Active Directory auditing, reporting and monitoring.

The Latest version of Netwrix Active Directory Change Reporter is 7.2.721 and it is available in two flavors, Freeware and the fully loaded Enterprise Edition. Free version has limited functionality features and can be used for an unlimited time period. Enterprise version has lots of auditing and reporting options which will make the life of an Active Directory administrator easier and allow him to get necessary data right in the finger tips. It can be evaluated free of charge for 20 days.

Netwrix Active Directory Change Reporter tool supports Active Directory starting from Windows 2000, Windows 2003, Windows 2008 and even the latest Windows 2012 Active Directory environment.

Requirements:

It has other basic technical requirements to function.

1. Intel or AMD Processor with Minimum of 2 GHz for 32 bit processor or 3 GHz for 64 bit    processor is recommended

2. Memory 2 GB and above

3. Minimum of 50 GB disk for installation and an addition space for user, event and other necessary logs.

4. Active Directory permission to query an Active Directory

5. SQL server – SQL server 2005 Express Edition or above with an advanced service of SQL server, SQL server reporting tool and permission to generate reports.

6. Group policy management console to audit Active Directory Group Policy.

Required details of the tool can be found below link.

http://www.Netwrix.com/download/QuickStart/Active_Directory_Change_Reporter_Quick_Start.pdf

Native Active Directory tools do not provide a great flexibility to audit Active Directory changes and to report immediately. Raw data generated by the Windows native tools are always difficult to understand, analyze and it is an extremely time consuming process to analyze tons of logs. Most the times it is too late to analyze the logs as they would be overwritten. Netwrix solution for Active Directory Auditing overcomes these problems by saving the data in the SQL server.

There are also agents available for installing on the domain controller and these agents are optional. It helps to compress the data across the network and it is necessary if a change reporting tool is collecting data over the slow network but it should not make much of a difference if you are on a high speed network. Definitely it would be recommended to have agents installed in order to make the best utilization of all available networks.

Netwrix Active Directory Change Reporter also has some supporting tools like Group Policy Change reporter and Exchange Change Reporter. These two go very well with the Active Directory Change Reporter. Group Policy changes are critical and must be executed very carefully. Any mistake in Group Policy changes can have a big impact and not everyone in the organization has permission to modify the Group Policy. Netwrix Group Policy Change Reporter comes in handy to get complete details of the GPO with the details like who made the change, when was it made and also has details about “before and after” values more modified settings.

Exchange Change Reporter is another additional great component. Exchange is one of the business critical application and any downtime will have a major impact on an organization. Exchange Change Reporter keeps track of any addition, deletion, modification of the exchange attributes and generates reports on the changes. It also provides details about “before and after” values. The tool supports the earlier version of an exchange like the Exchange 2003, 2007 and 2010. The latest version of the Exchange Change Reporter supports Microsoft Exchange Server 2013 environment, which is one of the latest promising product of Microsoft.

­­­­­­Let’s understand some of the features of Netwrix Active Directory Change Reporter and what it can do for us.

It provides in-depth change details about every Active Directory object, its attributes and also includes security changes. Changes can be addition, deletion or modification of Active Directory objects and It includes complete details like, who made the changed, what was changed and where.

It provides a real time reporting where an administrator or the security team can be notified with an email or SMS immediately after the change is detected. It also integrates with Microsoft SCOM using SCOM Management pack which captures Active Directory data and feeds into the SCOM for reporting and alerting. It also provides flexibility to integrate with other third party reporting tools available in your organization.

All reporting information is stored in SQL Server, where an administrator can manually query, generate custom and automated reports. Reporting is one of the key features and it can generate some predefined reports for the purpose of compliance regulations like SOX, HIPAA, GLBA, and FISMA. As these regulations require storing the data for later review the tool provides the long-term storage option. These long-term storages can be also at different servers other than the SQL server. By default, the long-term audit archiving is done for 24 months and these settings can be changed, if required. It can also generate daily reports with all the change details performed during the previous day. The product provides an administrator with a console view and gives a great flexibility to query and generate reports with ease.

Any kinds of accidental changes have to be rolled back immediately and this tool provides option to roll back all accidental or unwanted changes using roll back wizard. Performing this kind of roll back/restore operation using native windows tool is cumbersome and has many limitations. This tool performs a smooth, quick and an easy roll back from all kinds of accidental or unwanted changes. This overcomes any downtime, security risk or ill effects caused due to accidental changes.

It can be easily installed on any workstation with latest Windows OS like Windows 8 or on a server OS like windows 2012. It just has to be setup once and it runs forever. It can query and manage multiple domains from a single installed machine and can even manage multiple domains with its own unique settings. This gives lot of flexibility to manage and modify the settings based on the business requirement.

It provides an easy option to query and generate default and custom reports from the management console. It has got all necessary filters like timelines (from-date and to-date), types/kind of changes, where the changes were made and it also provides an option to specify an individual domain and individual forest. It has a great flexibility, which helps to get any data from any domain and any forest within no time. Finally, once you have all the data in the report then it can be easily exported into CSV, Excel, PDF, Word or even a Tiff format.

Reports come in an easy understandable format with color coding. Actions like adding, removing, modifying all highlighted with different colors. Most importantly, it gives clear information on who made these changes, when they were made and what was done. With this you can find all the necessary data/reports from one location and you really don’t have to depend on multiple logs or have in-depth knowledge to analyses and understand the logs from different locations.

Active Directory snapshot is one of the best features of this tool. It takes Active Directory snapshot at multiple points and keeps it in the database. It helps to look back at a specific AD object and what settings were in the past. These details can be viewed through reporting custom queries and these come under an advance reporting tool that requires some configuration before using it.

Real-time altering is one of the key components for any reporting tool to notify on any critical changes. By default Netwrix Active Directory Change Reporter provides the real-time alerts option for the below mentioned groups and you can also add more users or groups, if necessary.

· Changes to Admin Group

· Changes to Domain Configuration

· Changes to any Active Directory Object

These real-time alerts can be sent via email or a text message right to the mobile device.

Netwrix Active Directory Change Reporter is very easy to install and configure. It needs some necessary configurations to function as required and these configurations can be made easily using wizards. Supported by other tools like Group Policy Change Reporter and Exchange Change Reporter it provides a great management option for IT administrators and security team. It will save a lot of time and energy of the administrator helping to avoid writing custom scripts or manual/LDAP queries to get the data for auditing or management purposes.

With this, I would like to finish my article saying that “Netwrix Active Directory Change Reporter is a great tool which is helpful for IT administrators and security teams”.

Use this link download Netwrix Active Directory Change Reporter: http://www.netwrix.com/active_directory_change_reporting_freeware.html

Gal Sync between exchange 2003 and Exchange 2007 – Part 2

Exchange 2007Leave a comment

This article is continuation of part 1 to configure Gal Sync between Exchange 2003 and Exchange 2007.  Please refer this link before coming to part 2

3. Creating and Configure IIFP Management Agents

3.1. Creating and Configuring Red.com – GAL MA

1. Login to IIFP Server, open Identity Manager.

2. From the Tools menu, click Management Agents.

3. From the Actions menu, click Create.

4. In Management Agent Designer, in Management agent for, click Active Directory global address list (GAL) (from the pull down).

5. In Name, type “Red GAL MA” and click Next.

6. On the “Connect to an Active Directory forest” page, type the values for

7. Forest name = Red.com

8. User name = redgalsync

9. Password = xxxxx

10. Domain = Red.com

11. Click on options and clear the Sign and encrypt LDAP traffic check box and click Next

12. On the Configure Directory Partitions page, in Select directory partitions, select the only partition listed

13. Clear the Sign and encrypt LDAP traffic check box and select Containers

14. Clear the check box next to the directory partition to clear all organizational units under the directory partition

15. Select “Blue” and all other OU where users and DL accounts are based.

16. Click OK to and click Next

17. On the “Configure GAL” page click on Target container and select the “Contacts” OU which is under Blue OU and click on OK

18. Click on “Source” and select all the OUs where user’s mailbox and DLs are based and click on OK

19. Click on Edit under Exchange Configuration and add DNS suffix @blue.com and click on OK and click Next to continue

20. On the Select Object Types page, verify that the object types required for GAL synchronization are selected. Default settings are taken and Click Next.

21. On the Select Attributes page, verify that the attributes required for GAL synchronization are selected. Default settings are taken and Click Next.

22. On the Configure Connector Filter page, verify that the connector filters required for GAL synchronization are specified. Default settings are taken and Click Next.

23. On the Configure Join and Projection Rules page, verify that the four join and projection rules for GAL synchronization are specified. Default settings are taken and Next

24. In Configure Attribute Flow, verify that the five attribute flow mappings for GAL synchronization are specified. Default settings are taken and click Next

25. On the Configure Deprovisioning page, in Deprovisioning Options, verify that the Determine with a rules extension option is selected and click on Next

On the Configure Extensions page, in Assembly name, verify that the GALSync.dll file is specified and click on Finish

3.2. Creating and Configuring Blue.com – GAL MA

1. Login to IIFP Server, open Identity Manager.

2. From the Tools menu, click Management Agents.

3. From the Actions menu, click Create.

4. In Management Agent Designer, in Management agent for, click Active Directory global address list (GAL) (from the pull down).

5. In Name, type “Blue GAL MA” and click Next.

6. On the “Connect to an Active Directory forest” page, type the values for

7. Forest name = Blue.com

8. User name = bluegalsync

9. Password = xxxxx

10. Domain = blue.com

11. Click on options and clear the Sign and encrypt LDAP traffic check box and click Next

12. On the Configure Directory Partitions page, in Select directory partitions, select the only partition listed

13. Clear the Sign and encrypt LDAP traffic check box and select Containers

14. Clear the check box next to the directory partition to clear all organizational units under the directory partition

15. Select “Red” and all other OU where users and DL accounts are based.

16. Click OK to and click Next

17. On the “Configure GAL” page click on Target container and select “Contacts” OU which is under RED OU and click on OK

18. Click on “Source” and select all the OUs where red.com user’s mailbox and DLs are based and click on OK

19. Click on Edit under Exchange Configuration and add DNS suffix @red.com and click on OK and click Next to continue

20. On the Select Object Types page, verify that the object types required for GAL synchronization are selected. Default settings are taken and Click Next.

21. On the Select Attributes page, verify that the attributes required for GAL synchronization are selected. Default settings are taken and Click Next.

22. On the Configure Connector Filter page, verify that the connector filters required for GAL synchronization are specified. Default settings are taken and Click Next.

23. On the Configure Join and Projection Rules page, verify that the four join and projection rules for GAL synchronization are specified. Default settings are taken and Next

24. In Configure Attribute Flow, verify that the five attribute flow mappings for GAL synchronization are specified. Default settings are taken and click Next

25. On the Configure Deprovisioning page, in Deprovisioning Options, verify that the Determine with a rules extension option is selected and click on Next

On the Configure Extensions page, in Assembly name, verify that the GALSync.dll file is specified and click on Finish

4. Enable Provisioning

1. Open Identity Manager

2. From the Tools menu, click Options.

3. Under Metaverse Rules Extensions, ensure that the Enable metaverse rules extensions check box is selected.

4. In the box located next to Rules extension name, ensure GALSync.dll is present.

5. Select the check box next to Enable Provisioning Rules Extensions to enable provisioning rules extension to be used with the GAL synchronization management agent.

6. Click OK.

 

Hope you like the article  🙂