Author Archives: Sathish Veerapandian

OWA,EWS configuration in Exchange 2013/2007 coexistence

Exchange 2007, Exchange2013, owa September 24, 2014 Leave a comment

We need to consider few factors while planning for coexistence between Exchange 2013 and legacy exchange servers especially exchange 2007 .We might run into few confusions. In this article i will mention few key points which needs to be considered while planning Exchange 2007 and 2013 coexistence for owa,ews setup.

In coexistence with exchange 2013 and legacy version the request happens in 2 types.
For Exchange 2010 – Exchange 2013 does a Proxy for owa and ews requests for users in exchange 2010.
For Exchange 2007 – Exchange 2013 does redirection for owa and ews requests for users in Exchange 2007.

When a user with an Exchange 2007 mailbox logins externally from OWA the requests goes to Exchange 2013. Now the Exchange 2013 needs this connection to be redirected to exchange
2007 server.

In Order to do this Exchange 2013 requires a dedicated external host name configured on exchange
2007 server’s for the required services accessed from externally. So the external and internal hostnames of the Exchange 2007 server need to be different from the hostnames of the Exchange 2013 server and need to be pointed to the Exchange 2007 server.

Better use the Exchange Server Deployment Assistant which will give much clear information.If
you are still confused then you can remember the following key points.

First all the services URL’s needs to be pointed to Exchange 2013 CAS server from exchange
2007.Exchange 2013 CAS server will redirect the connections to Exchange 2007 server.

Legacy Names:
Configure following Legacy host names for the below services in exchange 2007

OwaVirtualDirectory – Create https://ExternalLegacyHostName/owa
WebServicesVirtualDirectory – Create https://ExternalLegacyHostName/EWS/Exchange.asmx
UMVirtualDirectory – Create https://ExternalLegacyHostName/UnifiedMessaging/Service.asmx
OABVirtualDirectory – Create  https://ExternalLegacyHostName/OAB
ActiveSyncVirtualDirectory – Create  https://InternalLegacyHostName/Microsoft-Server-ActiveSync

 

Planning Internal and External owa URL’s

For Exchange 2013 OWA URL: Use same old URL for OWA access to Exchange 2013 and change the IP address from exchange 2007 to E15 internally.
Change the external owa url and redirect the connections to exchange 2013 CAS.

For Exchange 2007 OWA URL:

Create Legacy. Domain.com for external owa users.
Create Legacy.Domain.com for internal owa users.

Below is an example to Modify the OWA url :

On Exchange 2013 point the ExternalUrl  ‘mail.contoso.com’ to Exchange internet facing CAS server.
On Exchange 2007 create the ExternalUrl as ‘legacy.contoso.com’

 

Certificates:

All the required SAN entries for UM,webservices and activesync should be created.
Add external owa legacy URL to the public certificate and install it on both Exchange 2007 and
Exchange 2013 only then owa redirection will work.
You need to Include internal Legacy. Domain.com on Exchange 2007 Certificate for OWA co-
Existence.
Following change needs to be done in Firewall

External OWA URL should be directed to exchange 2013 Internet Facing CAS.

External EWS URL should be directed to  exchange 2013 Internet Facing CAS.

External Autodiscover URL should should be directed to  Exchange 2013 CAS.
External ActivesyncVirtualDirectory should be directed to Exchange 2013 CAS.

External UMvirtualDirectory should be directed to  Exchange 2013 CAS.

Create new NAT rule on firewall for Legacy.domain.com to Exchange 2007 CAS. You can do this as well.By doing this users will be able to log on directly using the URL https://legacy.domain.com/owa with a mailbox on Exchange 2007.

 

External and Internal DNS settings

Public DNS – Map all of your external public DNS records (ews,owa,activesync etc.,) to your
exchange 2013 public IP if you have dedicated one for 2013 or FQDN of your internet facing CAS server.
Example:
Current external owa URL (contoso.domain.com) – point it to dedicated exchange 2013 public ip or internet facing exchange 2013 CAS FQDN.
Current External Autodiscover – point it to dedicated exchange 2013 public ip or internet
facing exchange 2013 CAS FQDN

Internal DNS – Configure the Exchange 2007 to point SCP AutoDiscoverURI to Exchange 2013 Client
Access FQDN by changing DNS entry for Autodiscover.domain.com to exchange 2013 CAS sever Ip
address

The internal DNS records should point to the internal host name and IP address of your Exchange
2013 Client Access server
Make sure that legacy.contoso.com resolves to CAS2007 in internal and external DNS.

Authentication Settings:

This part is little bit tricky. You need to plan according to your organization. If you have FBA configured in TMG or ISA server then you need to configure accordingly.
Set the owa virtual directory authentication only to  Basic in exchange 2007.
In exchange 2013 set owa virtual directory to only (Windows Authentication) or only (form-based authentication) or only (Basic, No redirection, SSL Enabled) depends according to your setup.

Things to check:

If you have redirection configured in IIS on the Exchange 2007 Server Make sure that the above
Virtual Directories doesn’t have it configured.

If you have FBA enabled on ISA or TMG then disable FBA on Exchange 2013 CAS else users will be prompted twice for authentication.

References:

http://technet.microsoft.com/en-us/library/jj898581(v=exchg.150).aspx

Checklist: Upgrade from Exchange 2007
http://technet.microsoft.com/en-us/library/ff805032(v=exchg.150).aspx

Install Exchange 2013 in an Existing Exchange 2007 Organization
http://technet.microsoft.com/en-us/library/jj898582(v=exchg.150).aspx

http://blogs.technet.com/b/meamcs/archive/2013/07/25/part-2-step-by-step-exchange-2007-to-2013-migration.aspx

Thanks

Sathish Veerapandian

Configure new UM Dial Plan and UM IP Gateway in Exchange 2013

Exchange2013, Lync, Unified Communications September 20, 2014 Leave a comment

UM server is the one  that provides Voice Mail, Outlook Voice Access and other Exchange voice features. Integrating the UM functionality along with the existing telephony system or lync is one of the challenging role that admin would face. Planning should be done properly according to the enterprise voice plan which is used in the organization.

As we know from Exchange 2013 there is no separate role for UM. Their services are running in CAS server and Mailbox server and below are the list of services that are handling  UM processes.

Microsoft Exchange Unified Messaging Call Router service

Routes the incoming SIP traffic from Lync server or any other IP-PBX or SBC which sends only SIP traffic. This traffic can come from a VoIP gateway, Session Border Controller (SBC), PBX or IP PBX. . Any media traffic sent to the Client Access servers would be redirected to a Mailbox server since the Client access servers are not capable of handling RTP and SRTP media traffics.

Microsoft Exchange Unified Messaging service

These servers will handle the initiating Session Initiation Protocol (SIP) traffic from the Lync server for voicemails are left over the Unified Messaging service. It accepts the connection either in port 5061  or 5060 (depends on your config secure or unsecure) and then redirects to Worker process in port 5065 or 5066 . This service does not do any media conversion.

Microsoft Exchange Unified Messaging Worker Process

Worker process receives the SIP requests only on port 5065 or 5066. Which means the actual media conversion takes place in this port. It does the following below thing

1) Does Registration of the process with Unified Communications Managed API 4.0 and converts all the required information for media processing for SRTP and RTP protocols.

2) Does the Initialization of Simple Mail Transfer Protocol (SMTP) message Submission and submits the voice message to the user’s mailbox who has UM enabled.

In this article we will have a look at the steps to configure UM and steps to integrating with Lync or existing telephone system in Exchange 2013.

 

Open EAC  Click on Unified Messaging and select UM dial plans as shown below

 

1

 

 

Give it a name and provide the extension length that the users need for the subscriber access number to be used by Enterprise Voice users.

Select the Dial Plan type according to your Lync / IP-PBX or SBC settings you have.

 

2

 

 

Select the VoIP Security mode according to your enterprise voice plan settings that you have.

3

 

 

Select the  appropriate country region and click save

4

 

 

Once finish click save and select configure the dial codes

Specify the codes according to your requirement.

5

 

 

Configure Outlook Voice Access as per requirement

6

 

 

Select settings and configure the options about searching the names when users are directed to the voice mailbox .

7

 

 

Configure the transfer and search options

8

 

 

Configure the transfer and search option according to the requirement and click save we are done.

Now we need to create a New UM IP gateway.

Things to consider before we create a new UM IP gateway

Run ExchUcUtil.ps1 and OcsUmUtil.exe only if you do not have any IP-PBX or SBC and if your are going to  integrate your UM functionality with Lync or OCS pool. If you have multiple dial plans associated with different enterprise voice plan then you need to plan accordingly.

If you plan to integrate with  Lync pool then run ExchUcUtil.ps1 on all Exchange Mailbox servers

Note : The ExchUcUtil.ps1 script creates one or more UM IP gateways for Lync integration. You must disable outgoing calls on all UM IP gateways except one gateway that the script created. This includes disabling outgoing calls on UM IP gateways that were created before you ran the script

Run OcsUmUtil.exe script on the Lync server

OcsUmUtil.exe Creates contact objects for each auto-attendant and subscriber access number to be used by Enterprise Voice users.

Verifies that the name of each Enterprise Voice dial plan matches its corresponding unified messaging (UM) dial plan phone context. This matching is necessary only if the UM dial plan is running on a version of Exchange earlier than Exchange 2010 Service Pack 1 (SP1).

If you are going to integrate UM with any IP-PBX or SBC directly then you can skip the above step.

Now we need to create a new UM IP gateway.

Open EAC click Unified Messaging and select New UM IP gateways

 

9

 

 

Give a name for the IP gateway

In the address tab give the FQDN or the IP address of the SBC or the IP-PBX that you have

Note: When you specify the FQDN on the IP-PBX or SBC then you need to create a Host A record for the same on DNS and map it to its IP.

Now select the associated dial plan that you need

10

 

Now enable the option the allow outgoing calls and allow message waiting indicator. Also set forwarding address if you wish to set forwarding address.

11

Click on save and we are done configuring UM dial plan and UM IP gateway  in Exchange 2013.

Note: Unified Messaging requires enterprise CAL licensing.

There is no mandatory requirement for Public UM certificate.UM cert can be internal as you do not need to publish this service to the outside world, since you’ll connect via Lync to it and therefore the communicationss are all internal in that respect.

References :

http://technet.microsoft.com/en-us/library/gg398193.aspx

http://technet.microsoft.com/en-us/library/bb125151(v=exchg.150).aspx

http://technet.microsoft.com/en-us/library/jj966276(v=exchg.150).aspx

Cheers

Sathish Veerapandian

Configure Text Messaging Delivery in Exchange 2013

Exchange2013, Text Messaging September 16, 2014 Comments: 5

By using the text messaging delivery option we would be able to route text messages to user’s mobile phones and notify them whenever a new email, Meeting request reaches the user mailbox.

In this article we will have a look at steps to configure Text Messaging in Exchange 2013

First let’s have a look at the functionality and the components involved in the text messaging delivery option

Exchange first stamps the Text messages with the local email address phonenumber@domain.com in the categorizer for the user whom we have this option enabled.

Basically this Text Messaging Delivery works on two types of Transport Agents working on the message categorization part.

  • Text Messaging Routing Agent
  • Text Messaging Delivery Agent

These 2 agents’ works with a help of dedicated connector DeliveryAgentConnector for this functionality which is enabled by default from Exchange 2010

We can see this connector by running the below command

Get-DeliveryAgentConnector | fl

Once the emails is processed for any user for whom the email needs to reach his mobile device by these 2 transport agents  it then hand overs the job to the EWS. In EWS there is a component called textmessagingenabled. It verifies if  this parameter enabled in OWA Virtual Directory. If this option is enabled then the text message is transferred to the user via ews to the public ip address. It reaches user telephone service provider and then message is delivered to user as message notification.

 

Below are the steps to configure the text messaging delivery option

First step is to check if the text messaging option is enabled on the CAS server OWA Virtual Directory.

Run the below command to check if its enabled

Get-OwaVirtualDirectory |Ft Servername,textmessagingenabled

 

1

To enable text messaging in all CAS servers  run the below command

Get-OwaVirtualDirectory | Set-OwaVirtualDirectory –TextMessagingEnabled $True

To disable text messaging in CAS  servers run the below command

Get-OwaVirtualDirectory | Set-OwaVirtualDirectory –TextMessagingEnabled $False

 

2

 

Now we need to ensure the transport agents are enabled only then textmessaging option will work.

Run the below command to check if the both the agents are enabled

Get-TransportAgent

If you find it disabled you can run below command to enable them

Enable-TransportAgent   -Identity “Text Messaging Routing Agent”

Enable-TransportAgent   -Identity “Text Messaging Delivery Agent”

3

 

Now run the below command to check if the delivery agent connector is enabled  and ensure that deliveryprotocol  to mobile is enabled.

Get-DeliveryAgentConnector | fl

4

We are done with the config on the server side . We need to enable this option for end user through OWA .Follow the below steps

 

Log on to outlook web app for user whom we need to enable this functionality  and click on options

5

 

 

Now Click on phone and click on text messaging

6

 

 

Select Turn on Notifications option

7

 

 

Choose the mobile operator locale

8

 

 

Choose the mobile operator

9

 

 

Enter the phone number

10

 

 

Enter the Passcode sent to your mobile

11

 

Click on finish and we are done configuring text messaging notifications for user.

Note:

End user will be charged from his mobile operator for each and every notification that he receives in his mobile device.

Thanks
Sathish Veerapandian

Migrate from Lotus notes to Office 365 with Quest Co-Existence Manager

Lotus Notes, Office 365 September 12, 2014 Comments: 8

With Microsoft Office 365 becoming the most successful product most of the organizations prefer to move their messaging systems to Office 365 or they prefer to have a coexistence kind of hybrid setup with their on premise.

In this article we will have a look at readiness to prepare  the Lotus Notes environment  for successful migration from lotus notes to Microsoft Office 365.

First we need to prepare the readiness before we move all users to Office 365 cloud since 2 messaging systems are entirely different (Eg: notes uses mailin database ,routing mailboxes and exchange has mailboxes and connectors) and we need to achieve a way so that these 2 different systems can interact until the migration is complete.

We need to have a mediator which will be able to interact with both of these messaging systems. In order to accomplish this we have multiple third party solutions through which we can integrate.

There is Microsoft tool called Microsoft Notes Online Inspector. There is an article written for the same which you can refer below

http://www.v-and-m.com/vmhomepage.nsf/Content/Microsoft’s+%22Secret%22+Mail+Migration+Tool+?OpenDocument

You can do it from below Microsoft recommended  third party migration partners as well

1) Quest Coexistence Manager.

2) Full Armor

3) Binary Tree Co-Existence

4) CASAHL Technology

In this article we will look at the Components, functionality and readiness to migrate with Quest coexistence manager

Overview of Quest Coexistence Manager

Quest Coexistence manager is a product of Quest software used for migrating from lotus notes to Microsoft Messaging platforms and Office 365

What this software does?

This software integrates and creates a pipeline between notes and Microsoft Exchange platform.

By doing the above

  • We can have an effective coexistence between the lotus notes and Exchange platforms
  • We can transfer the messaging system smoothly from lotus notes to Microsoft Messaging Platform without any hassle.

Basically this software consists of 3 roles or we can call it as components as well.

  • Directory Co-Existence.
  • Mail Co-Existence.
  • Free/Busy Co-Existence.

These above components are same as we had these 3 components in Microsoft Exchange Transport Suite which was legacy  tool of Microsoft used to migrate from notes to Exchange 2007.

Below are the functionality of these 3 roles

Directory Coexistence Role:

Updates the directory data between the domino directory and Microsoft Active Directory or Microsoft Azure directory if it’s Office 365 .

This role is used to keep the data in users, Groups located in 2 different directories i.e, Domino directory and Microsoft Active Directory if it’s on premise or Microsoft Azure if its office 365 to be intact. Since in   a organization new people can come and people can resign so these information should be reflected in office 365 Azure directory. So this Directory coexistence role gives a bidirectional update vice versa and keeps the directory information intact.

Mail Co-Existence Role:

This role is used to communicate users between the 2 different messaging platforms.It is used for communication and routing emails between non migrated users mailin database residing in notes database to the mailboxes which are present in the Microsoft Exchange server or office 365 environments.

Free/Busy Co-Existence Role:

This role is used to share the free busy information between notes and Exchange on premise/ Office 365 environment.

QcalCON

There is a separate component called QcalCON component of free/busy co-existence which needs to be installed on any one of the notes server. By using  this component the notes server will route the calendar request that needs to goes to exchange server and vice versa.

Prerequisites:

We need to install these roles separately on hardware’s according to the number of users  and size of environment we have.

If the organization has less number of users we can install all these 3 roles together on a single server.

If the organization has more number of users and domino servers  then we need to install all these roles on separate servers for better synchronization.

These servers(Domino, Mail and Free/Busy) can be installed on minimum Windows server 2003 to Windows server 2008 R2Sp1

Hardware can be planned according to the size of the environment

Minimum Powershell version 2.0 is required on F/B connector

 

Source Servers should be the following:

Supported Domino Server versions

Versions – Minimum 6.5.1 to  to maximum 8.5.3

Supported Notes Server Versions

Versions – Minimum 6.5.1 to  to maximum 8.5.3

 

Target servers should be the following:

Exchange Servers version – Minimum Exchange 2007 RTM to Microsoft Office 365

SQL Servers Required

We need to have SQL server to store all these information as Co-Existence Manager uses SQL server to store the config information.

Licensing Quest Software:

Quest software sells licensing based on number of users present in the environment. They provide a single licensing by which we will be able to put this license on all these roles.

Coexistence between Notes and Office 365

Direct Coexistence between notes and office 365 practically is not possible. In these scenario we need to create a 2 step coexistence for both migration as well as hybrid scenarios

In order to achieve perform the following

  • Create a local AD server to sync the data between domino directory and Microsoft AD locally.
  • At least one local Exchange 2010 server with 3 roles installed which then synchronizes the data to office 365 through ADFS.
  • Create ADFS and Directory Synchronization between local AD server and Microsoft Azure Directory.
  • Configure Hybrid Deployment Wizard on the on premise Exchange server.
  • We need to choose the migration type as IMAP in the Hybrid Configuration Wizard as non Microsoft -Messaging platforms should be done only in IMAP Migration.

Note: Migration from notes to Office 365 will take time more than migration done from on prem exchange to office 365. The reason because since multiple components are involved and the MAPI throttling might take place.

Once we have met the above prerequisites we can  migrate all the users from notes to office 365 with quest software without any issues.

Thanks

Sathish Veerapandian

Script to Start, Stop and query exchange counters on all Exchange servers

Perfmon, Scripts September 10, 2014 Comments: 8

I have developed a script which can be used to Query, Start and Stop Exchange counters on all servers in Exchange environment.

This script can be executed in scenarios where we need to enable Perfmon counters for Exchange on all Exchange servers during troubleshooting scenarios.

Copy the list of Exchange servers for which we need to run Perfmon and save them in a notepad in the below format in the server where you are going to execute this command.

Scrip1

 

Probably if you have difficulty in collecting the list of servers manually we can run the below command and take the output by running the below command.

Get-ExchangeServer | select name  >c:\servers.txt

Once you get the output just format the text file and ensure no spaces and other characters are present apart from servers as above screenshot.

 

Copy the below text and save it in ps1 file. Ensure you change the server path alone in this script which has the server list.

 

***************************************************************************

write-host ”

1.List Available Counters for Exchange_All

2.Start Counter for  Exchange_All

3.Stop Counter for Exchange_All

$option = Read-host

$server = get-content “Example- d:\exserver.txt”

switch ($option)

 

{

 

1

 

{

 

$server | foreach {logman query Exchange_All -s $_}

 

 

}

 

2

{

 

$server | foreach {logman start Exchange_All -s $_}

 

}

 

3

 

{

 

$server | foreach {logman stop Exchange_All -s $_}

}

 

4

 

{

}

 

}

********************************************************************************

Navigate to the location where we have this file saved and run.

We will get 3 available options as below.

Option 1 –  To List Available Counters for Exchange_All

Option 2 – To Start Counter for Exchange_All

Option 3 – To Stop Counter for Exchange_All

 

scrip2

 

Choose the required option and the command will be executed accordingly.

Below is example for querying the Perfmon counters for Exchange_All in all exchange servers.

script3

 

 

Below is example for starting the Perfmon counters for Exchange_All in all exchange servers.

scrip4

Below is example for stopping the Perfmon counters for Exchange_All in all exchange servers

scrip5

This command can be useful when we might need to enable Perfmon on multiple exchange servers at one time in troubleshooting scenarios.

Thanks

Sathish Veerapandian

Details Template Editor Exchange 2013

Details Template Editor, Exchange2013 September 8, 2014 Comments: 8

Details Template Editor is used to modify or add extra information in the objects properties which are accessed through GAL.

For Example if company demands to have a column called Block or Cabin number to be added in each and every user’s mailbox to be displayed via GAL .We can use the details template editor and create new columns for the same. So by doing this when a user resolves any mailbox from the GAL and access their properties then he/she would be able to see the created object entries (Eg: Cabin number or Block).

In this example we will see how to create an additional column for Building Block which needs to be populated and visible in the user properties when end users accessed from GAL.

 

Details Template Editor can be modified by using Exchange toolbox as well as Exchange Management Shell. We will look through how to modify them with Exchange Toolbox.

Go to start all programs and Open Exchange Toolbox.

Unlike in Exchange 2010 we have only three configuration management tools as below and open Details Template Editor

D1

 

 

Select preferred language and the preferred template type for which we need to add the new columns

There are multiple template types (Contact, User, Group, Public Folder, Mailbox Agent etc..,)

So ensure that you choose the correct Template Type.

D2

 

 

And then it opens up the editor page as below

D3

 

Here we have 2 options over the left

Group Box – When we double click on this option it creates an empty new box where the specified value is entered.

Label – A unique name defined for the newly created group box like (department, Alias as shown in above picture)

Now double click on the group box over the left and it creates a new empty column where the value needs to be displayed.

Over the right editor pane we have the layout height width adjustment option by which we can alter the values and bring it to look uniform with the other group boxes.

D4

 

Now create a new label box by double clicking on the label icon and drag it to the newly created group box.

D5

 

Now im entering the value Block in my example in the text. You can enter the desired value to appear in the GAL object.

D6

 

D7

 

We are done with creating the template. Now we need to assign a attribute to this newly created group box since no attributes will be linked with newly created group box.

Do the below steps to link a unassigned attribute to the newly created Group box.

In the right editor pane select any one of the unassigned attribute.

D8

 

Once done click on file and we have an option called save

D9

 

Run the below command to populate this value to any user via GAL

Set-Mailbox Usermailbox -CustomAttribute “specify the value”

In my example im setting this value for Exchangequery Mailbox

Set-Mailbox Exchangequery -CustomAttribute10 “B”

D10

 

 

Note: By default this new value will not be created for any user and displayed in the GAL. We need to run the above command for the users to display this value in the GAL.

Now we can see this value is populated for the user we have set. This value will be displayed in Outlook when we see the properties of this user and new value Block with the value B will be displayed.

D11

 

We can edit details template using exchange management shell as well

We can use below command to see the accepted property types in details template.

Get-DetailsTemplate | Get-Member

D12

 

 

We can run the below commands to see the examples

Get-DetailsTemplate     – Examples

D13

 

To get the detailed information we can use the below parameter as well.

Get-Help Get-DetailsTemplate –Detailed

D14

It’s better to use the Exchange Toolbox for creating new details template since there are multiple attributes involved and Details Template Editor is much user friendly. We can use Exchange Management Shell to modify or add any entries for users in the custom attributes assigned.

We are done with creating custom entries for objects using details template editor.

Sathish Veerapandian

Configure PowerShell in client PC to remotely manage Exchange server 2010/2013

Powershell, Scripts September 2, 2014 Comments: 5

Sometimes we might run into a situation where we need to perform admin tasks from a client PC where we do not have management tools installed in office location.

In those scenarios we can always connect to the Exchange Management shell and import all the modules from exchange through windows PowerShell.

By using this we can grant access  to the help desk team with only view only admin rights or recipient management rights on their PC without having the Exchange management tools installed so that they can view user mailbox settings and perform basic troubleshooting from their power shell.

Prerequisites

The client PC must be a member of the domain Windows 7 or Windows 8 or minimum windows server 2008.

The client PC must have minimum Windows PowerShell 2.0 and no exchange management tools is required

The user for whom we are going to grant this access should be having local admin rights on his PC as well as  Admin rights on the Exchange Servers( You can give the user administrative roles , end user roles ,organizational management or recipient management according to your criteria)

Applies for Exchange 2010 and 2013

Go to start – Right click on windows power shell and click run as administrator.

 

powershell0

Now we need to check if the PowerShell profile is created for the user who has logged into the PC  by running  $profile in powershell

Though it will display the below default path we need to check if the file actually resides.

powershell2

 

 

Run the below command to check if the file exists in the location.

Test-Path $profile

powershell3

By default the ps1 profile will not be created and that’s the reason it shows as false.

We need to create it by running the below command

New-Item -path $profile –Type File -Force

powershell4

Now we can see the file is created.

Now open the file through PowerShell

Notepad.exe $profile

powershell5

 

Now we need to establish a remote session to connect to Exchange server to import the commands. In order to do those add the following command

The first line of below command will help us to authenticate with the exchange server.

The second line to create a new session with specified exchange server

The third line to import all the pss session from that particular  server.

The last fourth and fifth are optional since I have set directory location in this client PC and command to view all value from all the Exchange Servers in entire forest.

Below is the command. Just copy ,paste the value in the powershell file and save .

************************************************************************

$Credential = Get-credential

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://casservername/powershell -credential $credential

import-pssession $session

set-location c:\

set-adserversettings -viewentireforest $true

***********************************************************************

powershell6

 

 

Now open the PowerShell with run as admin and will prompt you for credentials.

powershell7

 

Once you have authenticated you will see the below screen which says you have successfully connected remotely with Exchange server.

 

powershell8

 

 

We can create PowerShell ISE profile for this user as well which will be very useful and provide additional informational while typing any commands since  the help desk team might not be aware of Exchange commands.

Do the same procedure for creating PowerShell ISE profile

Go to start and run windows PowerShell ISE.

powershell9

 

Opens the below window.

powershell10

 

Type the same command to create profile for ise and click on Run Script Icon or press F5 button to execute.

New-Item -path $profile –Type File -Force

powershell11

 

 

Now copy ,paste the same command as we did for PowerShell   file in the below location.

powershell12

 

Now open Windows PowerShell.ISE and it will prompt for credentials and get connected to Exchange modules.

Below is an example of executing from PowerShell ISE which gives us suggestions while executing the commands in the command pane.

We have an option to choose our command and either Run, Insert or Copy the file in the script pane.

Note : The below option is available only from Windows PowerShell 3.0

final2

Final

 

We are done with connecting to Exchange through Client PC windows power shell.

Cheers

Sathish Veerapandian

 

Install and Configure Lync 2013 server standard edition

Lync August 25, 2014 Comments: 2

In this article we will look at steps to install Lync 2013 server standard edition.

Before we deploy Lync server in environment it’s always mandatory to do a proper planning for the enterprise voice features as there are more factors involved in connecting to the mediation server and need to be designed and planned accordingly.

To install Standard edition front end server we need to plan the below things mandatory

Readiness for Enterprise voice

If we are planning for enterprise voice it’s better to check few things before we install front end server.

By default the mediation server is collocated with the front end server in standard edition. But this needs to be considered and deployed separately or collocated according to our enterprise voice plan.

In Lync 2013 standard edition we can choose to deploy mediation servers separately based on our requirements.

Below are the types of enterprise plan that are available and we need to plan accordingly

 

SIP trunking – For SIP trunk there is separate Standalone mediation servers required because the mediation servers acts as a proxy for all the Lync 2013 clients and transcodes media whenever required. So a dedicated server is required to handle this traffic as we do not have a dedicated pstn or a pbx.

Direct SIP trunk with PSTN – If you have Direct SIP trunk with PSTN gateway then separate mediation servers is not required since they are capable of receiving traffic from any pool and capable of DNS load balancing across the pools.

 

Ip-PBX or SBC – We don’t need to have a separate mediation server as long as the below conditions are met for IP-PBX or SBC

If IP-PBX or SBC is intelligent and can receive traffic from mediation server and route the traffic to the mediation server.

IP-PBX should not support media bypass and it should be able to do the media processing by its own by relieving the mediation server from media processing.

Also it’s always better to run the Microsoft Lync server 2013 planning tool to see if the front end server along with the mediation server can handle the load. If it does not then it is best recommended deploying a separate pool and separate mediation server.

Readiness for SQL

By default, the SQL Server Express back-end database is collocated on the Standard Edition server. You cannot move it to a separate computer.

SQL Standard/Enterprise is not supported with Lync 2013 Standard Edition pools. If you use a separate SQL Standard/Enterprise instance, you can deploy only Lync Enterprise edition.

 

Readiness for Active Directory Services

Domain Functional Level – Minimum should be at least Windows server 2003.

Forest Functional level – Minimum should be at least windows server 2003.

 

Install prerequisites on the front end server

In this article we will look at how to install Lync 2013 on Windows server 2008 R2 server.

Following prerequisites must be installed on the FE server

 

Microsoft .NET Framework 4.5

Remote Server Administration Tools (RSAT)

Microsoft Visual C++ 11 Redistributable

Windows powershell 3.0

HTTP Activation

WCF Activation

Windows Installler 4.5

Microsoft Silver light 5

Run the below commands for installing the below features

Import-Module ServerManager

Add-WindowsFeature Web-Server, Web-Static-Content, Web-Default-Doc, Web-Scripting-Tools, Web-Windows-Auth, Web-Asp-Net, Web-Log-Libraries, Web-Http-Tracing, Web-Stat-Compression, Web-Default-Doc, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Errors, Web-Http-Logging, Web-Net-Ext, Web-Client-Auth, Web-Filtering, Web-Mgmt-Console, Web-Asp-Net45, Web-Net-Ext45, Web-Dyn-Compression, Web-Mgmt-Console, Desktop-Experience

Once the above installation is done ensure that you have joined this server in the domain and  logged in as domain admin.

Note : Admin User account must be a member of domain, enterprise and schema admins for the installation.

Run the setup from the CD

You will be prompted to install the Microsoft visual C++ as sql is installed on front end standard  server by default

 

Lync11

 

Choose the installation location and click install.

lync1

 

Click accept on the license agreement to proceed with the installation.

lync2

 

Once the installation is completed we will have 2 new programs installed in the task bar.

  • Lync server management shell.
  • Lync server deployment wizard.

 

Now open Lync deployment wizard. It determines the deployment state once we open.

 

lync3

 

Click on prepare schema

lync4

 

Click on finish once completed.

Click on Prepare forest and click on finish once done

lync5

 

Click on Prepare domain and click on finish once done

lync6

 

Once prepare domain done open lync deployment wizard again and click on prepare standard edition server.

Once we have done the above things we can see the below groups created

lync7

 

Now we need to add users to provide administrative access to the Lync Server Control Panel.

Add users in CS Administrator group who requires access to Lync Server Control Panel.

lync8

 

Now create SRV record for automatic sign on for the Lync clients.

Create Record: (screenshot below)

  • Service should be :  _sipinternaltls
  • Protocol should be :  _tcp
  • Port number:  5061
  • Host: point to your FQDN to your Front-End Server or Pool

lync9

 

Now go back to the deployment wizard and install Lync administrative tools. Once after you install  you will see a new option called Lync server topology builder.

Open Lync   Server topology builder and select new topology.

lync10

 

Now define the SIP domain for the users to log in

lync14

 

 

Every Lync server front end pool must be deployed in a site. So specify the site and you can also mention multiple sites later..

lync16

 

 

Now define the front end pool fqdn

lync14

 

Now select the features that we need to enable. IM and presence is enabled by default. Select the additional features according to your design. Select collocate mediation server if you need to install mediation server along with FE pool.

lync15

 

Just click default settings on the sql server store as we are installing standard edition.

For define file store alone we need to manually specify the installation path as it wont create the path automatically. We need to create a share folder and grant access to users

RTCHS Universal Services

RTC Component Universal Services

RTC Universal Server Admins

RTC Universal Config Replicato

Now click on Finish

Now open Topology builder and click on publish to publish the topology

 

lync17

 

Once the publishing wizard is completed click install or update lync server system to complete the installation successfully.

We are done with installing the Front end server collocated along with mediation server.

You can later install monitoring and archiving server separately.

Cheers

Sathish Veerapandian

Exchange Mailbox Folder Permission Script

Scripts August 20, 2014 1 Comment

One of the important task of the Exchange admin to assign the folder permission to the delegates, When new delegates added to the generic mailbox and Resource mailboxes. If the mailboxes has multiple folders and sub folders its time consuming process. The script simplifies the task and eliminates the manual errors

Browse to the folder and run the ps1 file, the initial screen looks below and select the option based on your action

 

***************************************************************************

<#
.SYNOPSIS

Add mailbox folder permission to the delegates for user and resource mailboxes

.DESCRIPTION

Important task of the Exchange admin to assign the folder permission to the delegates
when new delegates added to the generic mailbox and Resource mailboxes.
the script simplify the task and eliminate the manual errors

#>

Write-host ”

Assign Mailbox folder Permission
——————————–

1.Assign Folder permission to Single folder

2.Assign Folder Permission to All folders(includes user created,default,recoverable mailbox folders)

3.Assign Folder permission only to the default folders(inbox,calendar,….)

4.Assign Folder permission only to the user created folders

5.Exit ” -ForeGround “Cyan”

$option = Read-host “Choose the Option”

switch ($option)
{

1 {

$Mailbox = Read-Host “Enter Mailbox ID ”

$Folder = Read-Host “Enter the FOLDER NAME ( Examplles : Inbox,calendar…)”

$delegate = Read-Host “Enter Delegate ID ”

$Permission = Read-Host “Enter Type of Permission(Author, Editor, Owner, Reviewer, none)”

$foldername = $Mailbox + “:\” + $folder

If ($folder -ne “”)

{
Add-MailboxFolderPermission $foldername -User $delegate -AccessRights $Permission -confirm:$true

}

Else

{ Write-Host ” Please Enter Folder name ” -ForeGround “red”}

;break

}

2
{

$Mailbox = Read-Host “Enter Mailbox ID”

$delegate = Read-Host “Enter Delegate ID ”

$Permission = Read-Host “Enter Type of Permission(Author, Editor, Owner, Reviewer, none)”

$AllFolders = Get-MailboxFolderStatistics $Mailbox | Where { $_.FolderPath.ToLower().StartsWith(“/“) -eq $True }

ForEach($folder in $AllFolders)

{

$foldername = $Mailbox + “:” + $folder.FolderPath.Replace(“/”,”\”)
Add-MailboxFolderPermission $foldername -User $delegate -AccessRights $Permission -confirm:$true

}
;Break}
3 {

$Mailbox = Read-Host “Enter Mailbox ID”

$delegate = Read-Host “Enter Delegate ID ”

$Permission = Read-Host “Enter Type of Permission(Author, Editor, Owner, Reviewer, none)”

$Default = Get-MailboxFolderStatistics $mailbox | ?{$_.foldertype -ne “user created” -and $_.foldertype -ne “Recoverableitemsroot” -and $_.foldertype -ne “RecoverableItemsDeletions” -and $_.foldertype -ne “RecoverableItemspurges” -and $_.foldertype -ne “RecoverableItemsversions” -and $_.foldertype -ne “syncissues” -and $_.foldertype -ne “conflicts” -and $_.foldertype -ne “localfailures” -and $_.foldertype -ne “serverfailures” -and $_.foldertype -ne “RssSubscription” -and $_.foldertype -ne “JunkEmail” -and $_.foldertype -ne “CommunicatorHistory” -and $_.foldertype -ne “conversationactions”}

ForEach($folder in $default)

{

$foldername = $Mailbox + “:” + $folder.FolderPath.Replace(“/”,”\”)
Add-MailboxFolderPermission $foldername -User $delegate -AccessRights $Permission -confirm:$true
}

;break}

4 {

$Mailbox = Read-Host “Enter Mailbox ID”

$delegate = Read-Host “Enter Delegate ID ”

$Permission = Read-Host “Enter Type of Permission(Author, Editor, Owner, Reviewer, none)”

$Default = Get-MailboxFolderStatistics $mailbox | ?{$_.foldertype -eq “user created”}

ForEach($folder in $default)

{

$foldername = $Mailbox + “:” + $folder.FolderPath.Replace(“/”,”\”)
Add-MailboxFolderPermission $foldername -User $delegate -AccessRights $Permission -confirm:$true

}

;break}

5 {

}
}

************************************************************************

copy above code and save it as ps1 as extension(addmailboxfolderperm.ps1)

 

Custom Transport rules in Exchange 2013

DLP, Exchange2013 August 19, 2014 Comments: 2

By using transport rules in Exchange 2013  we can filter, inspect or block any confidential emails that match any specific conditions with the email that matches the transport rule. By using this we would be able to prevent the leakage of the sensitive data in any organization.

Transport rules along with DLP and policy tips can be used to give end users warning informational tips when they try to send any emails which does not abide the company policy.

In-order to achieve this we need to create a transport rule first, and then create a associated DLP policy and then configure policy tips for the same. we will look into how to perform this with a small example.

Below example is a simple rule that helps us to block any emails with attachments that has a character set invoice

Open EAC – Go to Mail Flow – Select Rules

Click on the + sign to create a new rule – Give it a name

pic1

 

We have scope to choose as well. In my example im selecting the option if the recipient is located outside the organization this applies for external users.

 

pic2

 

We can apply a condition to this rule. Specify a character set. In my case im specifying name invoice so that all emails which contains character invoice will be sent for review and approval.

 

pic3

 

We can take the following action on the message that matches the criteria for invoice. In my case im forwarding the email for approval by administrator.

 

pic4

 

We can add an exception too by excluding few recipients who are entitled to send those messages or even according to subject or few other parameters as shown below.

 

pic5

 

We can still enhance this rule and notify end users before they try to send any emails which do not meet the company policy. This task can be accomplished with the help of policy tips.

Policy tips are informative messages displayed to the end users in owa, outlook and owa for devices before they tend to send any offending content in any organization.

They function similar to MailTips where an informational message is given to the user while he/she tries to add any attachment like pdf file which an organization restricts to send through email to external users. By using this users will come to know that this kind of email is not allowed to send and they can abide the rules.

 

Policy Tips works along with DLP. An associated DLP policy also should be created for the same.

To create Custom DLP Policy

Open EAC – Click Compliance management – Select Data Loss Protection – Select New Custom DLP Policy

 

DLP1

 

Now give it a name and specify the description.

Select the state to be enabled and choose option Test DLP policy with Policy Tips and click save.

 

DLP2

 

Now Click on the DLP policy created and click edit

Select Rules – You can create a new rule.

im selecting option notify sender when sensitive information is sent outside organization rule in my case.You can create a new rule or an existing one which matches your criteria and click save.

 

DLP3

 

To edit Policy Tips

In-order to do that  click edit on the custom created DLP policy and select Manage policy tips

 

DLP4

Click on the option notify the sender option .

 

pic6

 

Select the locale language

And specify the text message  that needs to be displayed to the end user when he/she tries to send an email which matches our Transport rule, DLP and policy tips.

 

pic7

 

Below is the example of the policy tip notification.

 

DLP5

Note : If you are using policy tip for SSN, Passport Numbers , Credit Card numbers with already existing DLP templates then policy tips will be triggered only  for valid passport numbers,credit card numbers and SSN numbers.

Sathish Veerapandian