Hi All,
Everything you ever wanted to know about installing Exchange 2010 but were too afraid to ask, enjoy!
http://technet.microsoft.com/en-us/library/bb691354(EXCHG.140).aspx#WS08R2
On servers that will host the Hub Transport or Mailbox server role, install the Microsoft Filter Pack
http://www.microsoft.com/downloads/details.aspx?FamilyId=60C92A37-719C-4077-B5C6-CAC34F4227CC&displaylang=en
1. On the Start Menu, navigate to All Programs, then Accessories, then Windows PowerShell. Open an elevated Windows PowerShell console, and run the following command:
Import-Module ServerManager
2. Use the Add-WindowsFeature cmdlet to install the necessary operating system components:
For a server that will have the typical installation of Client Access, Hub Transport, and the Mailbox role:
Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy –Restart
Restart
3. After the system has restarted, log on as an administrator, open an elevated Windows PowerShell console, and configure the Net.Tcp Port Sharing Service for Automatic startup by running the following command:
Set-Service NetTcpPortSharing -StartupType Automatic
http://technet.microsoft.com/en-us/library/bb125224(EXCHG.140).aspx
ServerManagerCmd -i RSAT-ADDS
Note:
You can skip this step and prepare the legacy Exchange permissions as part of Step 2 or Step 3. The advantages of running each step separately are that you can run each step with an account that has the minimum permissions required for that step, and you can verify completion, success, and replication before continuing to the next step.
5. For information on how to transfer
o After you run this command, you must wait for the permissions to replicate across your Exchange organization before continuing to the next step. If the permissions haven't replicated, the Recipient Update Service on your Exchange Server 2003 computers could fail. The amount of time that replication takes depends on your Active Directory site topology.
To track the progress of Active Directory replication, you can use the Active Directory Replication Monitor tool (replmon.exe), which is installed as part of the Microsoft Windows Server 2003 Support Tools Setup. By default, it's located at "%programfiles%\support tools\." Add your domain controllers as monitored servers so that you can track the progress of replication throughout the domain.
From a Command Prompt window, run the following command. setup /PrepareSchema or setup /ps
You can skip this step and prepare the schema as part of Step 3.
Important:
You must not run this command in a forest in which you don't plan to run setup /PrepareAD. If you do, the forest will be configured incorrectly, and you won't be able to read some attributes on user objects.
It isn't supported to use the LDIF Directory Exchange tool (LDIFDE) to manually import the Exchange 2010 schema changes. You must use Setup to update the schema.
This command performs the following tasks:
o Connects to the schema master and imports LDAP Data Interchange Format (LDIF) files to update the schema with Exchange 2010 specific attributes. The LDIF files are copied to the Temp directory, and then deleted after they are imported into the schema.
o If you haven't completed Step 1, setup /PrepareSchema will automatically perform the PrepareLegacyExchangePermissions step.
Note the following:
o If you want to verify the updates to the schema before the changes are replicated to other servers in the domain, you must disable outbound replication on the computer on which you run the command before you run it, and then enable outbound replication after you have verified that the import completed successfully.
o To run this command, you must be a member of the Schema Admins group and the Enterprise Admins group.
o You must run this command on a 64-bit computer in the same domain and in the same Active Directory site as the schema master.
o If you haven't completed Step 1, setup /PrepareSchema will automatically perform the PrepareLegacyExchangePermissions step. To complete the PrepareLegacyExchangePermissions step, the domain in which you run this command must be able to contact all domains in the forest. The advantages of running each step separately are that you can run each step with an account that has the minimum permissions required for that step, and you can verify completion, success, and replication before continuing to the next step.
o If you use the /DomainController parameter with this command, you must specify the domain controller that is the schema master.
o After you run this command, you should wait for the changes to replicate across your Exchange organization before continuing to the next step. The amount of time this takes is dependent upon your Active Directory site topology.
To track the progress of Active Directory replication, you can use the Active Directory Replication Monitor tool (replmon.exe), which is installed as part of the Windows Server 2003 Support Tools Setup. By default, it's located at "%programfiles%\support tools\." Add your domain controllers as monitored servers so that you can track the progress of replication throughout the domain.
For more information, see Exchange Server Changes to the Active Directory Schema.
From a Command Prompt window, run the following command. setup /PrepareAD [/OrganizationName: <organization name> ] or setup /p [/on:<organization name>] This command performs the following tasks:
o If the Microsoft Exchange container doesn't exist, this command creates it under CN=Services,CN=Configuration,DC=<root domain>.
o If no Exchange organization container exists under CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain >, you must specify an organization name by using the /OrganizationName parameter. The organization container will be created with the name that you specify. The Exchange organization name can contain only the following characters: A through Z a through z 0 through 9 Space (not leading or trailing) Hyphen or dash The organization name can't contain more than 64 characters. The organization name can't be blank. If the organization name contains spaces, you must enclose the name in quotation marks.
o Verifies that the schema has been updated and that the organization is up to date by checking the objectVersion property in Active Directory. The objectVersion property is in the CN=<your organization>, CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<domain> container. The objectVersion value for the RTM version of Exchange Server 2007 is 10666.
o If they don't exist, creates the following containers and objects under CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>. These are required for Exchange 2010. CN=Address Lists Container,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain> CN=Addressing,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain> CN=Administrative Groups,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain> CN=Client Access,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain> CN=Connections,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain> CN=ELC Folders Container,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain> CN=ELC Mailbox Policies,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain> CN=Global Settings,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain> CN=Mobile Mailbox Policies,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain> CN=Recipient Policies,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain> CN=System Policies,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain> CN=Transport Settings,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain> CN=UM AutoAttendant,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain> CN=UM DialPlan,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain> CN=UM IPGateway Container,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain> CN=UM Mailbox Policies,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
o If it doesn't exist, creates the default Accepted Domains entry, based on the forest root namespace, under CN=Transport Settings,CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>.
o Assigns specific permissions throughout the configuration partition.
o Imports the Rights.ldf file. This adds the extended rights required for Exchange to install into Active Directory.
o Creates the Microsoft Exchange Security Groups organizational unit (OU) in the root domain of the forest and assigns specific permissions on this OU.
o Creates the following universal security groups (USGs) within the Microsoft Exchange Security Groups OU: Exchange Organization Administrators Exchange Recipient Administrators Exchange Servers Exchange View-Only Administrators Exchange Public Folder Administrators (New in Exchange Server 2007 Service Pack 1) ExchangeLegacyInterop
o Adds the new USGs that are within the Microsoft Exchange Security Groups OU to the otherWellKnownObjects attribute stored on the CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain> container.
o Creates the Unified Messaging Voice Originator contact in the Microsoft Exchange System Objects container of the root domain.
o Prepares the local domain for Exchange 2010. For information about what tasks are completed to prepare a domain, see Step 4.
o To run this command, you must be a member of the Enterprise Admins group.
o The computer where you run this command must be able to contact all domains in the forest on port 389.
o You must run this command on a computer in the same domain and in the same Active Directory site as the schema master. Setup will make all configuration changes to the schema master to avoid conflicts because of replication latency.
o If you haven't completed Step 1, setup /PrepareAD will automatically perform the PrepareLegacyExchangePermissions step. To complete the PrepareLegacyExchangePermissions step, the domain in which you run this command must be able to contact all domains in the forest. If you are also a member of the Schema Admins group, and if you haven't completed Step 2, setup /PrepareAD will automatically perform the PrepareSchema step. The advantages of running each step separately are that you can run each step with an account that has the minimum permissions required for that step, and you can verify completion, success, and replication before continuing to the next step.
To track the progress of Active Directory replication, you can use the Active Directory Replication Monitor tool (replmon.exe), which is installed as part of the Windows Server 2003 Support Tools Setup. By default, it is located at "%programfiles%\support tools\." Add your domain controllers as monitored servers so that you can track the progress of replication throughout the domain.
o To verify that this step completed successfully, make sure that there is a new OU in the root domain called Microsoft Exchange Security Groups. This OU should contain the following new Exchange USGs: Exchange Organization Administrators Exchange Recipient Administrators Exchange View-Only Administrators Exchange Servers Exchange Public Folder Administrators (new in Exchange 2007 SP 1) ExchangeLegacyInterop
From a Command Prompt window, run one of the following commands:
o Run setup /PrepareDomain or setup /pd to prepare the local domain. Note that you don't need to run this in the domain where you ran Step 3. Running setup /PrepareAD prepares the local domain.
o Run setup /PrepareDomain:<FQDN of domain you want to prepare> to prepare a specific domain.
o Run setup /PrepareAllDomains or setup /pad to prepare all domains in your organization.
These commands perform the following tasks:
o Sets permissions on the domain container for the Exchange Servers, Exchange Organization Administrators, Authenticated Users, and Exchange Mailbox Administrators.
o If this is a new organization, creates the Microsoft Exchange System Objects container in the root domain partition in Active Directory and sets permissions on this container for the Exchange Servers, Exchange Organization Administrators, and Authenticated Users. This container is used to store public folder proxy objects and Exchange-related system objects, such as the mailbox database's mailbox.
o Sets the objectVersion property in the Microsoft Exchange System Objects container under DC=<root domain>. This objectVersion property contains the version of domain preparation. The version for Exchange 2007 RTM is 10628.
o Creates a new domain global group in the current domain called Exchange Install Domain Servers. The command places this group in the Microsoft Exchange System Objects container. It also adds the Exchange Install Domain Servers group to the Exchange Servers USG in the root domain.
The Exchange Install Domain Servers group is used if you install Exchange 2010 in a child domain that is an Active Directory site other than the root domain. The creation of this group allows you to avoid installation errors if group memberships haven't replicated to the child domain.
o Assigns permissions at the domain level for the Exchange Servers USG and the Exchange Recipient Administrators USG.
o For domains that are in an Active Directory site other than the root domain, /PrepareDomain might fail with the following messages: "PrepareDomain for domain <YourDomain> has partially completed. Because of the Active Directory site configuration, you must wait at least 15 minutes for replication to occur, and run PrepareDomain for <YourDomain> again." "Active Directory operation failed on <YourServer>. This error is not retriable. Additional information: The specified group type is invalid. Active Directory response: 00002141: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0 The server cannot handle directory requests." If you see these messages, wait for or force Active Directory replication between this domain and the root domain, and then run /PrepareDomain again.
o To run setup /PrepareAllDomains, you must be a member of the Enterprise Admins group.
o To run setup /PrepareDomain, if the domain that you are preparing existed before you ran setup /PrepareAD, you must be a member of the Domain Admins group in the domain. If the domain that you are preparing was created after you ran setup /PrepareAD, you must be a member of the Exchange Organization Administrators group, and you must be a member of the Domain Admins group in the domain.
o You must run this command in every domain in which you will install Exchange 2007. You must also run this command in every domain that will contain mail-enabled users, even if the domain doesn't have Exchange 2007 installed.
To verify that this step completed successfully, confirm the following:
o You have a new global group in the Microsoft Exchange System Objects container called Exchange Install Domain Servers.
To view the Microsoft Exchange System Objects container in Active Directory Users and Computers, on the View menu, click Advanced Features.
o The Exchange Install Domain Servers group is a member of the Exchange Servers USG in the root domain.
o On each domain controller in a domain in which you will install Exchange 2010, the Exchange Servers USG has permissions on the Domain Controller Security Policy\Local Policies\User Rights Assignment\Manage Auditing and Security Log policy.
Im getting alot of questions around the default authentication setting for the exchange virtual directories - So I though I would dig this out as a handy reference;
You can find these settings in IIS7. Select each Virtual Directory and then IIS section –> Authentication. Listed are the virtual directories that are enabled by default with a clean install of Exchange 2007/Exchange 2010
Note these settings are from Exchange 2007 Standard SP2 Installation, but should be the correct settings for Exchange 2010
SSL Settings:
All the Virtual directories are set to Require SSL with 128bit except for OAB that DOES NOT require SSL and RpcWithCert which DOES NOT require 128bit (it DOES require SSL though).
MailTips is a one of the new features of Exchange Server 2010. When a Sender composing a message, MailTips gives the some status information of the recipient and that helps to reduces unnecessary and undeliverable e-mails, as well as reduce some embarrassing things done by senders. MailTips are hosted as an Exchange Web Services on the Client Access Server.
MailTips are work with the Scenarios given below.
Run below CMDlets on Exchange Management Shell to gather ORG settings. See figure 1.
Get-OrganizationConfig | fl *mailtips*
Figure 1
You must use “Set-OrganizationConfig” CmdLet to enable or disable mailTips. Mailtips are enabled by default. See figure 2.
Set-OrganizationConfig -MailTipsAllTipsEnabled $true
Figure 2
You must use “Set-OrganizationConfig” Cmdlet to configure large audience size. With a fresh Exchange Server 2010 installation it would be 25 by default. If we decrease it to 15, then Mailtip would be display to sender if sender add more than 15 recipients. See figure 3.
Set-OrganizationConfig -MailTipsLargeAudienceThreshold 15
Figure 3
Large Audience Threshold MailTip will display after adding more than 15 recipients . See figure 4.
Figure 4
We have some embarrassing experiences of sending some internal information to external parties. However company doesn’t want to restrict sending emails to outside domains. With MailTips at least we can give a alert to the sender before click send button. See figure 5.
Set-OrganizationConfig –MailTipsExternalRecipientsTipsEnabled $True
Figure 5
External Recipients MailTips displays when trying to send to an external domains. See figure 6.
Figure 6
Mailbox based MailTips are rely on the mailbox data. There are two Mailbox based Mailtips, The Recipient Out of Office and Mailbox Full MailTips, rely on the mailbox data. See figure 7,8 and 9 .
Set-OrganizationConfig -MailTipsMailboxSourcedTipsEnabled $true
Figure 7
The Recipient Out of Office. You can get to know if whether the recipient is out of the office before you send the email. See figure 8.
Figure 8
Mailbox Full. If recipient’s Mailbox is full, you can know that before sending the email. See figure 9.
Figure 9
MailTIps relies on Group Metrics data to provide information on the the size of distribution groups and dynamic distribution groups. Exchange server normally query a lot of LDAP requests to the Active Directory to get group membership information for each message.This could affect the the performance experienced by the users. To eliminate these issues Exchange server uses the Group Metric data. Group Metric data can be scheduled to run during office hours. You should use Set-MailboxServer CmdLet to configure Group metric Data. See figure 10.
Set-MailboxServer EX10-MB01 -GroupMetricsGenerationEnabled $true
This is a really great blog by Astrid McClean from EHLO packed with answers to the questions I get asked almost daily right now!
Many of you have heard about the changes we've made in Exchange 2010 that combine to give you the ability to use less expensive storage and deploy large mailboxes. There have been many discussions around the choices you have around Exchange storage, and along the way we've heard some interesting questions. To add some clarity to the discussion, we've put together some resources to bust some of the most common myths and mis-perceptions that we have heard.
To help you better understand our thinking around large mailboxes, we've published the Large Mailbox Vision Whitepaper.
AND here are the top 10 Myths about Exchange storage that we've heard . Busted!
Today, March 2, we annonced RTM of FIM 2010 during Scott Charney's keynote at the RSA Conference. Our product webpages on www.microsoft.com/fim are updated and we will continue updating these pages as well as our technical prouduct pages with more and more information in the coming weeks.
Want to know more about FIM? Join the below webcasts as well as look at the Technet Edge video.
TechNet Webcasts (Level 300)
3/9/2010 - TechNet Webcast: Forefront Identity Manager 2010: Technical Overview and Deployment (Level 300)
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032444011&Culture=en-US
3/18/2010 - TechNet Webcast: Forefront Identity Manager 2010: Monitoring and Troubleshooting FIM in Production (Level 300)
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032444015&Culture=en-US
3/30/2010 - TechNet Webcast: Forefront Identity Manager 2010: Deploying FIM (Level 300)
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032444017&Culture=en-US
4/5/2010 - TechNet Webcast: Forefront Identity Manager 2010: Extending FIM (Level 300)
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032444019&Culture=en-US
TechNet Edge Video
Identity and Access Management Solution
http://edge.technet.com/Media/Identity-and-Access-Management-Solution/
The Forefront blog has more on the announcements made at RSA today: http://blogs.technet.com/forefront/archive/2010/03/02/rsa-conference-2010-identity-at-the-forefront.aspx