Problem : New-ADUser is not working as expected to populate a password coming from a CSV file (the account stays disabled) here is the example and the reason:

Prerequisites: Import the Active Directory module on your powershell session using Import-Module ActiveDirectory

Here is my BulkAddADUsers.csv file sample :

GivenNAme,Surname,Name,SamAccountNAme,Description,Department,EmployeeID,Path,Enabled,Password,PasswordNeverExpires
User,Test1,UserTest1,UserTest1,UserTest1,IT,189478,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test2,UserTest2,UserTest2,UserTest2,IT,187516,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test3,UserTest3,UserTest3,UserTest3,IT,134530,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test4,UserTest4,UserTest4,UserTest4,IT,162455,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test5,UserTest5,UserTest5,UserTest5,IT,121901,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test6,UserTest6,UserTest6,UserTest6,IT,170221,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test7,UserTest7,UserTest7,UserTest7,IT,128669,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test8,UserTest8,UserTest8,UserTest8,IT,108705,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test9,UserTest9,UserTest9,UserTest9,IT,106381,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test10,UserTest10,UserTest10,UserTest10,IT,193922,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test11,UserTest11,UserTest11,UserTest11,IT,174066,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test12,UserTest12,UserTest12,UserTest12,IT,105871,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test13,UserTest13,UserTest13,UserTest13,IT,126670,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test14,UserTest14,UserTest14,UserTest14,IT,124671,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test15,UserTest15,UserTest15,UserTest15,IT,118935,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test16,UserTest16,UserTest16,UserTest16,IT,183367,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test17,UserTest17,UserTest17,UserTest17,IT,185662,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test18,UserTest18,UserTest18,UserTest18,IT,118972,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test19,UserTest19,UserTest19,UserTest19,IT,187421,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True
User,Test20,UserTest20,UserTest20,UserTest20,IT,167020,"OU=Test,DC=CONTOSO,DC=CA",$True,P@ssw0rd,$True

 The following command will create the users with the attributes defined above, but since the Password is not encrypted, the account will be deactivated.

[PS] C:\users\Administrator.DOMAINA\Desktop>import-CSV .\BulkAddADUsers.csv|New-ADUser

Note the AD accounts are not enabled, because the password was not taken from the CSV file, as New-ADUser requires a Secure String for the Password. Here is what you get when you try to enable it :

==>

Solution : Type a longer command line using all New-ADUser properties + the ConvertTo-SecureString commandlet

[PS] C:\users\Administrator.DOMAINA\Desktop>import-csv .\BulkAddADUsers.csv | % {New-ADUser -GivenName $_.GivenName -Surname $_.Surname -Name $_.Name -SamAccountName $_.SamAccountName -Description $_.Description -Department $_.Department -EmployeeID $_.EmployeeID -Path $_.Path -Enabled $True -AccountPassword (ConvertTo-SecureString $_.Password -AsPlainText -force) -PasswordNeverExpires $True}

Quod erat demonstrandum.

Sam

First, a reminder of the theory:

• Exchange store is comprised of 3 services:

• msexchangerepl.exe = Replication Service Process
• Microsoft.Exchange.Store.Service.exe = Store Service Process (or Controller)
• Microsoft.Exchange.Store.Worker.exe = Store Worker Process (1 per DB)

•Algorithm will allocate total ESE cache available for all store worker processes based on physical RAM

– ~25% of total memory allocated to ESE cache

•ESE cache allocated to each database (store worker process) based on number of local database copies and MaximumActiveDatabases configuration

– Static amount of ESE cache allocated to passive and active database copies

•Passive database allocates 20% of max ESE cache target used for active database

– Store worker process will only use max cache target when operating as active

•Max cache target computed at service process startup

– Restart service process when adding/removing copies or changing maximum active database configuration

Example/illustration:

1- Let’s say your server has 64GB RAM

2- Exchange 2013 store will calculate a max cache target

25% x 64GB RAM = 16GB

That means that potentially, Exchange Store can allocate and use 16GB RAM maximum.

That would be if your server is hosting active databases only: as stated above, for passive databases, Exchange will allocate less memory.

See the point 3- below:

3- Say you will host 10 databases on your server.

The Max cache target computed at service process startup (Microsoft.Exchange.Store.Service.exe) will be evenly distributed between each database : 16GB / 10 = 1.6GB.

For databases that are active on this server, Exchange Store will use 1.6GB cache for these databases.

But for the passive ones on this server, it will use only 20% of the 1.6GB that the Store service that is 327.68MB

So for 5 Passive databases and 5 Active databases, the RAM usage for the Store processes will be

( Max allocated cache per DB x nb active DBs ) + 20% x (Max allocated cache per DB x nb of passive DBs)

( 1.6 x 5 ) + 20% x ( 1.6 x 5 ) = 9.6GB

If you activate all 10 databases on this server, then the RAM usage will then just be :

1.6 x 10 = 16GB.

Hi all,

Today I’m concentrating my efforts into generating graphs as painless as possible for many data collected on Exchange servers. I’ll start by generating graphs from the two following counters which give an idea of the load of the servers:

- Active User Count

- RPC Operations/sec

The first step (Essay#1) is to generate as quickly as possible a nice graph to display the trend for these counters.

The second step (Essay#2) will be to generate quickly also graphs from a bunch of files located on a folder.

The third step (Essay#3) will be to quickly generate these graphs on a separate Excel spreadsheet, or even better on a Word document to start a report

the fourth step (Essay #4) will then be to generate the most significant graphs to generate a report that will enable a good graphical performance analysis of many servers at a time, simply using Excel and Word.

First you need to collect Perfmon data and configure the Perfmon data collector to dump statistics on .CSV files. You can also chose to convert existing BLG files to .CSV files using RELOG for example … or loading .BLG files onto a Perfmon console, and export the data on .CSV files … many ways to do this, but it’s not the purpose of this post.

Second, we will then generate our graph with the above mentioned two counters (as a start of my live project).

You have to open Excel 2010, show the “Developer” tab, and copy the following code :

Sub Macro_Search_Active_User()

'NAME the first column which is the timeline column
Range("A:A").Name = "Time_Line"

'FIND the column showing the number of active user count
    Cells.Find(What:="Active User Count", After:=ActiveCell, LookIn:=xlFormulas, _
        LookAt:=xlPart, SearchOrder:=xlByRows, SearchDirection:=xlNext, _
        MatchCase:=False, SearchFormat:=False).Select
'NAME the column just found
Range(Selection, Selection.End(xlDown)).Name = "Active_User_Count"

'FIND the column showing the RPC activity
    Cells.Find(What:="RPC Operations/sec", After:=ActiveCell, LookIn:=xlFormulas, _
        LookAt:=xlPart, SearchOrder:=xlByRows, SearchDirection:=xlNext, _
        MatchCase:=False, SearchFormat:=False).Select
'NAME the column just found
Range(Selection, Selection.End(xlDown)).Name = "RPC_Ops_Per_Sec"

'SELECT then all these 3 colums
Range("Time_Line, Active_User_Count, RPC_Ops_Per_Sec").Select
Range("A1").Activate

'GENERATE the Excel graph
ActiveSheet.Shapes.AddChart2(227, xlLine).Select
ActiveChart.SetSourceData Source:=Range("Time_Line, Active_User_Count, RPC_Ops_Per_Sec")
'NAME the graph to easily retrieve it on other code lines
ActiveChart.Parent.Name = "ActiveUsersAndRPCOps"

'This step is optional : DELETE the X axe label - "xlCategory" (or find an equivalent function to deactivate it) – because you may want to keep the X-axe time data
ActiveChart.Axes(xlCategory).Select
Selection.Delete

' Add a secondary Axe for one of the data series(no matter which one)
' .. Select series nb 1
ActiveChart.FullSeriesCollection(1).Select
' .. add data as a secondart axe
ActiveChart.FullSeriesCollection(1).AxisGroup = 2
' .. Color selected collection to in RGB(xxx,xxx,xxx) with xxx btw 0 and 255
    With Selection.Format.Line
        .Visible = msoTrue
        .ForeColor.RGB = RGB(255, 0, 0)
        .Transparency = 0
    End With
' .. Color the axis linked to the secondary collection into the same color
' ... Select the secondary axe first
ActiveChart.Axes(xlValue, xlSecondary).Select
' ... then set the selection properties : line visible, color and not transparent ...
    With Selection.Format.Line
        .Visible = msoTrue
        .ForeColor.RGB = RGB(255, 0, 0)
        .Transparency = 0
    End With
    ActiveChart.Axes(xlValue, xlSecondary).Select
    With Selection.TickLabels.Font
        .Color = RGB(255, 0, 0)
    End With

'. Same SELECTing and FORMATting the second data collection and axe
ActiveChart.FullSeriesCollection(2).Select
    With Selection.Format.Line
        .Visible = msoTrue
        .ForeColor.RGB = RGB(0, 130, 0)
        .Transparency = 0
    End With
ActiveChart.Axes(xlValue).Select
    With Selection.Format.Line
        .Visible = msoTrue
        .ForeColor.RGB = RGB(0, 130, 0)
        .Transparency = 0
    End With

'Finally, delete the title
    ActiveChart.ChartTitle.Select
    Selection.Delete

End Sub

Execute the macro and you’ll instantly have the following type of graph:

Next I’ll try (and succeed hopefully) to generate the above graph type for many CSV Perfmon files stored in a directory.

The aim of the procedure in this post is to avoid you to dig around the technet to rebuild it. It’s written for Exchange 2010 SP1 here, but can easily be adapted for any product schema updates by replacing the Exchange 2010 SP1 values and links !

AD Schema upgrade procedure with verifications (can be adapted as a general procedure by changing the Exchange 2010 SP1 references and values)

Perform Exchange server 2010 SP1 schema extension, the full procedure list is available online at http://technet.microsoft.com/en-us/library/bb125224.aspx :

1. Confirmation that the “Back-Out Plan” (see below) has been prepared.

2. Logon to the Domain Controller holding the Schema Master FSMO role using a credential that belongs to the Schema Admins security group and Enterprise Admins security group.

3. Dump the current schema into a file for comparison.  From a command prompt, run the command:  Ldifde -f Before_Schema_Update.ldf -d "cn=schema,cn=configuration,dc=domain,dc=root"

Important note : although the following step technically works, blocking AD replication by any means is not recommended, and not supported by Microsoft. As my colleague and AD expert Tanner Slayton comments (taking his words as these are complete and meaningful), Microsoft Best Practices are to test the upgrade in a Lab, ensure that a tested and well-documented Disaster Recovery plan is in place (e.g. including a detailed authoritative restore procedure of the AD to recover a previous good AD state in an unlikely case of corruption during the schema update), validate the schema extensions using Step 6. below for example, and ensure all DC's are healthy and replicating properly.

<***update**** Unsupported and not recommended... test in a lab, document DR plan, rely on this DR plan in case of schema update issue **********>

4. Ensure no replication from this Domain Controller is going to replicate to other server until Schema Extension is completed and verified:

a. Disable Outbound Replication on the server

i. At a command prompt, run the command: “repadmin /options +DISABLE_OUTBOUND_REPL” without the quotation marks.

ii. Unplug the physical network connection to ensure no communication could occur with other domain controllers.

<\***update**** Apart from the above "+disable_outbound_repl" steps and the below "-disable_outbound_repl" on Step 8., the remainder of the article remains well supported **********>

5. At a command prompt, run the command “setup /PrepareSchema” from the folder where the Exchange 2007 SP3 installation files are located.

6. If there is no error during the schema extension, then verify the current schema version. 

a. Open ADSIEdit and check the Schema version located in:

   CN=ms-Exch-Schema-Version-Pt,CN=Schema,CN=Configuration,DC <root domain>

   Attribute: rangeUpper

   For Exchange server 2010 SP1, the value should be “14726”

b. In the same ADSIEdit session, check the ObjectVersion location in:

   CN=<your organization>, CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<domain

   Attribute: ObjectVersion

   For Exchange server 2010 SP1, the value should be “13214”

c. Dump the current schema into a file and compare with the one obtained in step 3.  From a command prompt, run the command:  Ldifde -f After_Schema_Update.ldf -d "cn=schema,cn=configuration,dc=domain,dc=root"

d. Compare the content in the file Before_Schema_Update.ldf and After_Schema_Update.ldf to ensure proper extension is completed.  For a list of schema changes applied by Exchange server 2010 SP1 is available online at http://msdn.microsoft.com/en-us/library/dd877014(EXCHG.140).aspx

7. If the schema extension is unsuccessful or error was encountered during the extension, perform back out procedure for Schema Extension.

<***update**** Unsupported and not recommended... test in a lab, document DR plan, rely on this DR plan in case of schema update issue **********>

8. If schema extension is successful and verified

a. re-enable Outbound Replication on the server

    i. At a command prompt, run the command: “repadmin /options -DISABLE_OUTBOUND_REPL” without the quotation marks.

    ii. Re-connect the network cable

<\***update******* Apart from the "+disable_outbound_repl" steps on Step 4. and the above "-disable_outbound_repl" on Step 8., the remainder of the article remains well supported **********>

9. Force replication of Active Directory

10. Allow time for replication to be completed before execution of this step.  At a command prompt, run the command “setup /PrepareAD” from the folder where the Exchange 2010 SP1 installation files are located.

11. For every domain that you have Exchange servers deployed and users having Exchange mailboxes, run the command “setup /PrepareDomain”.

***Update: The below back-out procedure takes into account the steps used to disable replication above, which are not supported and not recommended by Microsoft any more.

Instead, the recommended Back-Out plan procedure is to have a well-documented and tested DR procedure including an authoritative restore procedure in case of AD corruption.

Back-out plan Procedure (never had to use it but it’s a parachute/belt/mattress to sleep well)

In case of incomplete schema extension or getting error during the schema extension, to avoid for any partial update of the schema to be replicated to other Domain Controllers, we must follow the steps below:

1. Power off the current Domain Controller that we’re working with, i.e. the current Schema master.

2. Go to another Domain Controller in the same domain, and seize the Schema Master FSMO role:

a. Logon to the Domain Controller using a credential that has Enterprise Administrator privilege

b. Click Start, click Run, type ntdsutil in the Open box, and then click OK.

c. Type roles, and then press ENTER.

d. Type connections, and then press ENTER.

e. Type connect to server <servername>, and then press ENTER, where <servername> is the name of the domain controller that you want to assign the FSMO role to.

f. At the server connections prompt, type q, and then press ENTER.

g. Type seize Schema Master.

h. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.

3. Perform meta data clean up to remove the domain controller we use for Schema Extension, this is to ensure non partial schema extension get replicated:

a. Stay logon to the same server with the same credential as in step 2

b. Click Start, click Run, type ntdsutil in the Open box, and then click OK.

c. Type metadata cleanup, and then press ENTER.

d. At the metadata cleanup prompt, type remove selected server <ServerName> where <ServerName> is the distinguished name of the domain controller whose metadata you want to remove, in the form of cn=ServerName,cn=Servers,cn=SiteName,cn=Sites,cn=Configuration,dc=ForestRootDomain

e. To verify that the server was removed, type list servers in site, and then press ENTER. Ensure that the domain controller that you wanted to be removed is no longer displayed in the command output.

f. At the metadata cleanup: and ntdsutil: prompts, type quit.

Important:  If the domain controller that was removed was also a DNS server, ensure that references to it are removed from the Name Servers tab in the DNS console. To do this, open the DNS console using another DNS server in the domain (dnsmgmt.msc), and then click the domain name under Forward Lookup Zones. Remove any references to the domain controller that was removed from the domain.

4. Clean up all DNS record related to the old Schema Master server

5. Format the old Schema Master machine, reinstall Operating System, Reset computer account for the old server name, join back into the domain and prompt to Domain Controller and Global Catalog if that was its old configuration.

Full documentation of how to clean up the Active Directory after an unsuccessful demotion of Domain Controllers, which is similar to the situation we have here, is available online at http://support.microsoft.com/kb/216498.

Cached Mode Clients

- Uncheck Download Shared Folders or Download Public Folder favorites

- Ensure that Client’s desktop search is only indexing offline files, not online services/mailbox

- Confirm that clients are using 1 copy of the OAB (not multiple) and/or are directly accessing the online GAL to a “closest” GC

Online Clients

- Do not allow desktop search to index the online mailbox

- Do not allow File-level antivirus to scan the mailbox

- Do not integrate desktop applications with the mailbox (ex: BES, Adobe, etc)

All Outlook Clients

- Be sure that clients are running tested and approved versions of Outlook.  Try to keep them current

- Disable unused Outlook add-ins

- Do not use the To-Do bar

- Disable Planner Options (for most resources)

- Do not store OST/PST files on a network share

- Use TCPView to randomly check that clients are connecting to the correct servers using the expected protocols (TCP vs HTTP)

- Request users to close other user’s folder connections when they are no longer needed.  Many people will share a folder/calendar and never release it from their client

- Turn off/disable unused or unpopular features (ex: journaling, RSS feeds, Sharepoint integration, Internet calendars, etc)

Here is how to change the Network type of a specific network (or networks) to Private or Public, to help you better master Firewall policies.

This is especially useful if you have a bunch of Windows 2008 servers on a DMZ as it’s more and more the case, which are not controlled by GPOs then.

Credits goes to Vladimir Averkin’s great Powershell post, that I slightly modified to  be a little bit more precise regarding the settings. I added the $PrivateNetwork and $PublicNetwork variables to better understand the use of the SetCategory() .Net method.

Want to pull out statistics from Exchange such as :

· messages sent per mailbox per day

· messages received per mailbox per day

· average message size

… And more if you want ?

Use Powershell and Excel now !

I- If you want to pull data from Exchange 2003 to 2007 Exchange versions, then you can use Exchange Profile Analyzer (EPA):

This tool uses WebDAV to interrogate the mailboxes and generates user profile data.

II- If you want to pull data from Exchange 2007/2010 servers, then you have to use Powershell to pull out these data

You cannot use Exchange Profile Analyzer on Exchange 2010 (you still can on Exchange 2007) as in Exchange 2010 and after, we gave up the WebDav protocol.

But we now use Powershell to query and ask the Exchange 2010 (and 2007) message tracking logs to pull out the same data as we had on EPA.

You can use the following TechNet script:

Exchange 2007/2010 Email stats

http://gallery.technet.microsoft.com/scriptcenter/bb94b422-eb9e-4c53-a454-f7da6ddfb5d6

And here is how to interpret data using Excel functions. Quick and easy:

User Profile Analysis for Exchange Server 2010

http://blogs.technet.com/b/neiljohn/archive/2011/08/09/user-profile-analysis-for-exchange-server-2010.aspx

Thanks very much to mjolinor and Neil Johnson for their scripts and explanations !

Users on Exchange 2010 who try to update or create a Distribution List may get the following error message:

"Changes to the public group membership cannot be saved. You do not have sufficient permission to perform this operation on this object.”

Usually, it’s because they don’t have the permissions (reminder: RBAC only for Exchange 2010 users) to create or modify security groups).

To assign these permissions to a security group in which you add users (recommended) or to a single user:

1 – First create a security group

2 – All the DL owners should be member of this group ( This way you do not have to assign permissions to individual users, it will be easier to manage permissions Only for the required users, )

3 – Assign permissions to security group (recommended)

• New-managementroleassignment –role “Security group creation and membership” –securitygroup “DL Owners”

or to assign the roles directly to user

• New-managementroleassignment –role “Security group creation and membership” –User “username”

5 – Add all the users who needs to manage DL’s to the security group

6 – Wait for AD Replication

7 – now users will be able to manage Mail enabled Security DL using outlook

8 – Any helpdesk users can use Exchange management shell and manage DL membership

9 - logout and login to their outlooks and try to change the Security group membership

NOTE : If you configured Outlook 2010 or earlier to directly use a GC (using the “ClosestGC” or the “DS Server” registry key) as per http://support.microsoft.com/kb/319206 , users won’t be able to manage DL memberships or creation as this will bypass RBAC check and use AD permissions instead – it’s not recommended you give users direct AD permissions – Also remember that the registry keys described in the above article (KB 319206) works, but is NOT SUPPORTED when mailboxes are in Exchange 2010/2013 (one example why is the bypass of RBAC permissions for AD related operations like DL management). So please only use these for troubleshooting purposes.

Sam.

Context :

You noticed more than 300 system messages stuck in some HUB transport servers queues with error code : 432 4.3.2 STOREDRV.Deliver ;Recipient thread limit exceeded

This is a known issue from Exchange 2010 SP1, which implements a default limitation on delivery threads, to avoid mail storms or Public Folder replication storms that could take Hub servers down (note that Public Folders are used by Outlook 2003 clients for system messages).

The solution is to slightly increase this default limitation to stay away from this issue with Public Folders replication. Below is the procedure to do this (EdgeTransport.exe.config is located on your \Exchange\V14\Bin folder on your servers)

Hub transport queue building up due to public folder replication messages.

Symptoms

Hub transport queue building up due to public folder replication messages. 
Last Error: 432 4.3.2 STOREDRV.Deliver; recipient thread limit exceeded

Cause

Exchange 2010 SP1 implements delivery thread limits so a hand full of recipients does not cause a disruption on the hub server. Example given, Journal mailbox or public folders.

Resolution

To resolve the issue we added the following settings to edgetransport.exe.config. 
<add key="RecipientThreadLimit" value="2" />
<add key="MaxMailboxDeliveryPerMdbConnections" value="3" />

The above information is explained in details in the following article as well:

http://blogs.technet.com/b/exchange/archive/2011/04/11/store-driver-fault-isolation-improvements-in-exchange-2010-sp1.aspx

And confirming the action plan above, here is the relevant part of the article:

- There are two scenarios after applying SP1 where we are seeing customers with messages backing up in the queue. The temporary error message is:

432 4.3.2 STOREDRV.Deliver; recipient thread limit exceeded

The two scenarios are:

- Journaling

- Public Folders replication

In both cases, the deliveries are occurring to a single recipient (or very small number of recipients). But it can be enough to paralyze or slow down the HUB servers.

Like every other throttling & performance related feature that has ever been in Exchange, the solution isn’t exactly straight forward. The solution is to incrementing both values up one, as follows:

<add key="RecipientThreadLimit" value="2" />
<add key="MaxMailboxDeliveryPerMdbConnections" value="3" />

=> In general, Microsoft recommends to stay below 3 for RecipientThreadLimit and below 4 for MaxMAilboxDeliveryPerMdbConnections to avoid performance issues, but you may go upper depending on your hardware performance.

•On an Outlook station of a user who complains about Outlook startup latencies :

–From the file-level antivirus on the desktop/laptop, Exclude files present

• in the following directories (whichever is applying to your Windows version (Windows XP, Windows Vista or Windows 7)

• %userprofile%\Application Data\Microsoft\Outlook (Outlook system files)
• %userprofile%\Local Settings\Application Data\Microsoft\Outlook (Windows XP/Vista, shortcut to "AppData\Local\Microsoft\Outlook" on Windows 7)
• %userprofile%\AppData\Local\Microsoft\Outlook (Windows 7 location)

->Or exclude *.nk2, *.dat, *.srs, *.xml, *.otm, OutlPrnt, *.ost, *.ost.tmp, *.obi and *.oab files from these directories.

Note 1: if you don’t want to exclude the whole *.xml extensions, which is understandable, you can just exclude the Policy*.xml and *autodiscover.xml files only.

Note 2: If you still are reluctant about excluding too many files, the following have to be excluded anyways or sooner or later you WILL be exposed to OST or OAB corruption,Outlook cached mode having more latencies that Outlook Online mode, or Calendar meetings being corrupted or simply not updated for you: *.OST, *.PST, *autodiscover.xml, policy*.xml, *.ost.tmp, OutlPrnt, and *.oab 

• Exclude all PST files that the user uses (*.pst)

-> or the best option is to plan to replace the use of PST files by the Exchange 2010 personal archiving feature (to be discussed with the IT team)

- Check the startup time without any Add-Ons (disable or uninstall them all, and if not possible, open an Outlook profile on an other “neutral” desktop/laptop with a simple Outlook client – without add-ons installed)

• If without add-ons there are no more latencies, then add the add-ons one by one and restart Outlook until you see the latencies to identify a potential guilty add-on.

– If no add-ons are causing the issues, take and analyse a network trace on the Outlook workstation

•Check for dropped network frames

•Check for client/server disconnections ([RST] or [ACK, RST])

•Check for proper server connection (i.e. outlook is not trying to reach other servers before reaching the final one)

–If nothing it noticed on the Network trace analysis, take an outlook application trace and check if there is an issue with the application installation itself (Outlook troubleshooting mode in the advanced options)

- Outlook troubleshooting mode useful files :

> The Outlook troubleshooting transport log file %UserProfile%\AppData\Local\Temp\Outlook logging\Opmlog.log
> The application and system event logs from the Laptop having the issue in both CSV and EVTX formats.
> the Application and System event Logs from the machine where the problem has been reproduced:

- All the following from the %TEMP% directory :

o The OLKRPCLOG_DD_MM_YYYY_HH_MM_SS_X.ELT files

o The oldisc.log file

o The logcalb2 file

o The “Outlook logging” subdirectory (there will be a couple of text files inside)

o The OlkCalLogs subdirectory

Remeber ISINGEG ? The Exchange tool to repair logical corruptions in databases ? Now this tool is over, replaced by a commandlet in Exchange 2010+ which does not need to dismount databases !

• Type de tâche dans project :

• Capacité : taux d’utilisation d’une ressource (exemple : Consultant_1 à 75% ==> travaillera 6h sur une journée de 8h)

• Durée : sur combien de temps la tâche va-t-elle s’étaler

• Travail : combien de temps est nécessaire pour réaliser la tâche (jours/homme)

• Choisir le “Type de tâche par défaut” :

1/ Capacité fixe : Project calculera par défaut la durée (calendrier) et/ou le travail (jours/homme) en fonction du % de travail affecté à la ressource.

2/ Durée fixe : Project calculera par défaut le travail (jours/homme) et/ou la capacité de la ressource en fonction de la durée souhaitée pour la tâche (exemple : on fixe 10 jours pour réaliser le travail, mais pour une charge de 5 jours/homme ==> la ressource sera utilisée à 50% sur 10 jours)

3/ Travail fixe : Project calculera par défaut la durée (étalement d’une tâche) et/ou la capacité de la ressourceen fonction de la charge de travail entrée dans l’outil.

Note : pour toute modification de la durée, capacité ou du travail, Project ajustera le champ que l’on aura choisi par défaut, mais demandera quand même ce qu’il faut ajuster en affichant une petite note -

• Le type de tâche par défaut se règle de 2 manières :

1/ Globalement pour toute nouvelle tâche créée :

Menu Outils –> Options –> Prévisions puis Type de tâche par défaut :

2/ Individuellement pour chaque tâche :

Double-cliquer sur la tâche, puis choisir l’onglet “Avancées” puis Type de tâche :

Sam.

De : http://en.wikipedia.org/wiki/SOAP_(protocol)

SOAP, originally defined as Simple Object Access Protocol, is a protocol specification for exchanging structured information in the implementation of Web Services in computer networks. It relies on Extensible Markup Language (XML) for its message format, and usually relies on other Application Layer protocols, most notably Remote Procedure Call (RPC) and Hypertext Transfer Protocol (HTTP), for message negotiation and transmission. SOAP can form the foundation layer of a web services protocol stack, providing a basic messaging framework upon which web services can be built……..more on http://en.wikipedia.org/wiki/SOAP_(protocol)

Remember the good old ISINTEG ? Now in Exchange 2010 SP1 we can do the same without dismounting a database !

Again, put this procedure on your Wiki intranet or in your favorite folders, just in case…

Having trouble with “disappearing” meetings in calendars ? Sometimes for meeting organizers, sometimes for attendees ?

- First check the file-level ANTI-VIRUS EXCLUSIONS ON THE CLIENT ! (OST and OAB files on the Outlook workstation)

- Second, check the file-level Anti-virus exclusions on the Server itself (EDB, LOG, TMP, CHK, Binaries, etc…)

- Third, educate users who have concurrent access to a manager’s calendar to not post meeting at the same time !

- Four, if you still encounter calendar inconsistencies, use the following procedure:

Users experiencing issues connecting or using Exchange messaging service via Outlook or OWA ? Here is how to sort this out on most of the cases :

· First thing to look at is the Application Log, then the System Log,.

· Second thing to look at are the performance counters to check if we have RPC latencies (as all the actions an Exchange user is doing corresponds to RPC requests being sent to the Exchange server). The methodology is the following :

o Check for RPC latencies

o Check for CPU performance issues

o Check for Memory load issues

o Check for Disk bound issues

o Check for Network issues

o Check for Active Directory related issues

o Check for Virus scanning issues

A list of the most important counters has to be built for future reference, but the thing is, if an issue is not visible in the Application or System Log, then the Performance logging analysis will point the cause of the issue on most of the time, provided you use the correct methodology as introduced above.

· Performance analysis enable to fine-tune Exchange components analysis. For example, if users are still able to connect to the Exchange server, but they encounter huge latencies, THEN performance analysis with the right counters will tell you where the issue is.

o As there are hundreds of counters on an Exchange Server : Disks, Memory, Processor Exchange components, …, it is essential to have a subset of counters to begin with the performance anlaysis. That is the easiest and more effective approach.

o Once the component causing the Exchange issue (Disk, Memory, Network, etc…) has been identified, then we can dig further in the analysis of this component by using more of this component’s counters. For example, for the Memory component, we must check the “Available MB” and “Pages/Sec” counters, and if one of these shows an issue, then we will add more Memory counters (total counters for the Memory component is 35 ! That’s why we start with only 2 counters, Available MB and Pages/Sec. The principle is the same for all other components : take 2 to 4 significant counters, then dig further)

Here is the list of Exchange 2007 counters that will help pointing out where the issue is – I will post a link to my Excel spreadsheet if you ask, I promise ! (I currently have the same for Exchange 2003 – for Exchange 2010, take the same counters as for Exchange 2007 – I am in the process of updating the Exchange 2010 spreadsheet to have a consistent/complete Excel tool) :

Part I :

Part II :

Part II :

- How-To procedure - Exchange Server 2010 SP1 - Operations - Exclude PDC Emulator from Exchange servers

- How-To procedure - Use the Shell to create a transport rule for messages that have a blank subject

- How-To Use ADTD to export Exchange, AD information

- How-to procedure - Exchange Server 2010 SP1 - Configuring - What to do after CAS Array creation

- How-to procedure - Messaging in general - build SPF record

See ya !

Sam

To manage your public folders permissions, including the system folders if you still use them with Outlook 2003 clients, you no longer use PFDAVAdmin, but use ExFolders in replacement.

Some of the many new features that deserve to be underlined are :

• This can be run from an Exchange 2010 server only
• Can connect to Exchange 2010 or Exchange 2007 only, not Exchange 2003
• You can export properties of public folders and also export properties of all objects in a public folder
• Ability to connect to multiple mailbox stores at the same time to run bulk operations against multiple mailboxes across many databases at the same time

All the details and the download link are here : http://gallery.technet.microsoft.com/Exchange-2010-SP1-ExFolders-e6bfd405

To diagnose a problem more indepth, we will use the Exchange Troubleshooting Analyzer (from the Toolbox on the Exchange Management Console) :

- Select a task

- Click on trace control

- Click on set manual trace log

- On components to trace, choose Store.

- On trace tags, choose: tagQueryCi , tagQueryCiDump, and tagSearch

- Click on start tracing

- Then check the application log, once you see the event on the application log,

stop tracing.

- an MS Support Engineer will then analyze the *.etl resulting file

MS Support will then use an internal debugging tool to decrypt or transform the resulting etl file to a readable format, and analyze it and eventually give you the analyzis results.

Bonjour !

Ce blog fait suite à l'ancien blog http://blogs.microsoft.fr/samdrey, "Microsoft Exchange Server pour Tous" !

Sam.

Bonjour à tous !

Afin d’inaugurer la nouvelle adresse de mon Blog, je commence avec un petit post illustré pour présenter (très) rapidement la nouvelle console graphique “ISE” fournie avec la version 2 de PowerShell !

Voici à quoi elle ressemble à première vue, avec un exemple quelconque (ici, une commande permettant l’affichage de quelques caractéristiques de mes cartes réseau, un peu comme avec NetSH - [System.Net.NetworkInformation.NetworkInterface::GetAllNetWorkInterfaces() ) :

On a 3 panneaux, de haut en bas :

• l’éditeur de script PowerShell, avec la coloration des fonctions, chaînes de caractères, variables…, l’Intellisense (ou “autocomplete”, qui permet, en tapant le début d’une commande, de compléter ou faire le tour de toutes les commandes commençant par les mêmes lettres)
• la fenêtre des résultats (ou “Output”, où l’on peut voir le résultat de l’exécution du script du panneau du dessus, mais également le résultat des commandes ou scripts exécutés depuis le panneau d’exécution immédiate (panneau du bas), copier les résultats dans le presse-papier Windows)
• le panneau d’exécution rapide, d’où l’on lance des instructions ou d’autres scripts comme on le fait dans une fenêtre PowerShell classique.

Note : le PowerShell V2 et sa console graphique sont disponibles de base dans Windows 7 et Windows 2008 R2. Il est possible de les récupérer en version “CTP” ( Community Technology Preview – une version bêta) à l’adresse suivante :

Windows PowerShell V2 Community Technology Preview 3 (CTP3)

http://www.microsoft.com/DOWNLOADS/details.aspx?FamilyID=c913aeab-d7b4-4bb1-a958-ee6d7fe307bc&displaylang=en#filelist

Je suis encore loin de connaître toutes les fonctionnalités de la console graphique, mais l’un des avantages méritant d’être souligné, outre l’éditeur de scripts mentionné plus haut, est la possiblilité d’ouvrir plusieurs instances PowerShell dans la même console sous forme d’onglets :

Voilà pour un premier post d’intro pas très technique, mais qui montre le côté sympatique de la nouvelle console graphique PowerShell fournie avec la V2.

En tout cas, n’étant pas d��veloppeur à la base (et la console basique PowerShell ne m’inspirant pas spécialement :-)), ce concept d’UI (User Interface) m’a permis de réaliser pas mal de scripts d’administration Windows et Exchange 2007 de manière fun et rapide !

A plus tard pour d’autres expériences,

Sam.

Il est possible d’installer l’environnement PowerShell V2 CTP3 (pour Community Technology Preview 3 càd la dernière version “pre-beta”) et l’utiliser pour scripter et administrer votre environnement Exchange 2007.

Cette console facilite grandement la création de scripts (via la coloration synthaxique dans l’éditeur et l’intellisense) et est beaucoup plus fun que la console noire et blanche toute simple de PowerShell V1 :-)

I- Les prérequis sont:

• 1- Désinstaller la version PowerShell V1 du poste ou du serveur de test  (Hotfix for Windows Server 2003 (KB926139))
  Note : PowerShell V2 est toujours en cours de développement, il est donc déconseillé de l’installer sur un serveur en production. Préférez une station d’administration par exemple, et/ou un serveur de test.)
• 2- Installer le .NET FrameWork V3
• 3- Télécharger et installer PowerShell V2 CTP3

II- Activation des Cmd-lets Exchange 2007 dans la console graphique ISE:

[Voir la procédure détaillée, expliquée, illustrée…]

Sam.

Hello,

La feuille de calcul Excel permettant de dimensionner vos serveurs Exchange 2007 a été mise à jour le 9 Janvier dernier (v16.3).

Voici le lien direct :

http://msexchangeteam.com/files/12/attachments/entry438481.aspx

(et le mode d'emploi : http://msexchangeteam.com/archive/2007/01/15/432207.aspx)

Bons sizings :-)

Sam

posted @ 10:39 | Feedback (0)

Ayant passé beaucoup de temps à chercher le lien de téléchargement de l'outil (les liens des sites plus ou moins officiels étant obsolètes), voici donc le lien idoine :

http://www.codeplex.com/admodify/

La description de l'outil: http://www.microsoft.com/france/technet/prodtechnol/exchange/2003/insider/admodifynet.mspx

Cheers,
Sam.

posted @ 14:59 | Feedback (0)

Bonjour !

Un outil des "Windows 2003 Support Tools" que vous connaissez peut-être déjà mais que je viens de découvrir et qui m'a été très utile, c'est pourquoi je me permets d'en faire un post : PortQuery ... il permet de tester la connectivité TCP/UDP entre deux machines, et donc de vérifier si les bons ports sont bien ouverts entre deux machines.

La synthaxe minimale que j'ai utilisé un millier de fois est la suivante :

portqry -n nom_du_serveur_cible -p tcp_ou_udp -e numéro_de_port

(on peut omettre le commutateur "-p", tcp sera le port interrogé par défaut)

exemple :

- pour tester la connectivité POP3 - port tcp 110 - sur mon serveur Exchange "srvexch1"

> portqry -n srvexch1 -e 110

De plus, tout est expliqué dans cet article, et en bon Français ! :

http://support.microsoft.com/kb/832919

le lien direct de téléchargement, inclus dans l'article, est le suivant :

http://www.microsoft.com/downloads/details.aspx?familyid=89811747-C74B-4638-A2D5-AC828BDC6983&displaylang=en

Sam

posted @ 10:34 | Feedback (1)

Lorsqu'on crée une liste de distribution, un contact ou même un utilisateur (mail-enabled ou mailbox-enabled), il se peut que l'on ne veuille pas qu'il apparaisse dans le carnet d'adresses Outlook (le carnet d'adresse en-ligne : la GAL ou Global Address List).

- Avant, sous Exchange 2000/2003, on avait la case "Hide from Address Book" dans les propriétés Exchange avancées de l'utilisateur avec la console Utilisateurs et Ordinateurs Active Directory (ADUC pour les intimes).

- Maintenant, sous Exchange 2007, on le fait via PowerShell ... compliqué ? non, simple !

--> TIP ! Penser à mettre à jour la GAL une fois l'utilisateur caché si on veut que l'effet soit immédiat (>Update-GlobalAddressList)

Voici les étapes pour cacher l'utilisateur Francis Drey de la forêt AD "domaine.com", dans l'OU "Utilisateurs" (pourquoi préciser la forêt et l'OU ? Parce que sous PowerShell, une boîte aux lettres s'identifie via le switch -Identity sous la forme domaine.com\OU\nom_utilisateur, dans notre cas ce sera domaine.com\Utilisateurs\Francis Drey)*

Note1 : il est facile de récupérer l'identifiant d'une boîte aux lettres avec la commande powershell get-mailbox partie_du_nom_de_l'utilisateur |fl Identity, exemple : get-mailbox *rancis* |fl Identity - le "|fl" pour "format list" sert à demander un affichage du résultat par ligne, on peut le remplacer par "|list", et même utiliser "|ft" pour "format table" ou même écrire "|table"

1/ Set-mailbox -Identity "domaine.com\Utilisateurs\Francis Drey" -HiddenFromAddressListsEnabled $true

Attention aux guillemets pour l'Identity

2/ Update-GlobalAddressList -Identity "Default Global Address List"

Note2 : de même, pour récupérer l'"identité" (la valeur du champ "Identity" ) de la GlobalAddressList que l'on souhaite mettre à jour, la commande Get-GlobalAddressList |fl Identity permet de l'afficher.

... et le tour est joué !

De même, pour cacher des listes de distribution on utilise la commande set-DistributionGroup -Identity identité_de_la_liste -HiddenFromAddressListsEnabled $true, et pour les contacts set-Contact -Identity identité_du_contact -HiddenFromAddressListsEnabled $true

@ bientôt pour d'autres posts agrémentés de schémas ! (je n'ai pas oublié la théorie des providers - c.f. post précédent - en cours d'élaboration ...)

Sam.

posted @ 15:31 | Feedback (0)

De : http://en.wikipedia.org/wiki/WS-Management

Web Services-Management (WS-Management) is a DMTF open standard defining a SOAP-based protocol for the management of servers, devices, applications and various Web services. The DMTF has published the standards document DSP0226 with version v1.1.0 of 2010-03-03 ….

Windows Management Instrumentation Tutorial

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=720F0CAE-64A7-457F-BB95-E4F33E0CBC55&displaylang=en