• Exchange 2010 SP1 Hosting – Part 2 “Hosting Description”

    Posted over 3 years ago
    by Maged Ezzat}

    In this series of posts I started with giving an overview about Exchange 2010 SP1 Hosting here, and in this post I will go through Exchange 2010 SP1 Hosting Description,

    Exchange 2010 SP1 Hosting introduces a new multi-tenant model with accompanying PowerShell Cmdlets. In this new design each specific Exchange Object (such as an Address List) associated with an organization is stored in its own Configuration Unit within the Configuration Container is Active Directory. So address lists, for example, are clearly tied to an organization and isolated. There is no need for the extra security settings and complex pointers that we used in HMC to associate Exchange Objects with a tenant organization. User objects are then stored in a tenant specific OU. This is what makes the product "natively" multi-tenant and is an example of why the previous Hosted Messaging and Collaboration (HMC) provisioning engine was no longer needed for Exchange 2010 SP1 Hosting.

    Another significant benefit is that the provisioning performance is much faster, and also more efficient in terms of the amount of code needed to leverage the Cmdlets. This allows a lot of flexibility for ISVs to create solutions on top of this, such as a reseller model and providing an API for Control Panels to leverage.

    Microsoft Exchange Server 2010 SP1 supports hosting deployments and provides Hosting Partners the core feature-set of Exchange Server in a manner that can be deployed to multiple customers in a single installation, and provides ease of management and flexibility of provided features to end-users.

    The hosting solution available for Exchange 2010 SP1 includes most of the features and functionality available in Exchange 2010 SP1 Enterprise deployments, but also includes features and functionality that will allow you to create and manage tenant organizations.

    Microsoft Exchange Server 2010 SP1 will form part of the suite of multi-tenant capable products that will replace the Hosted Messaging and Collaboration 4.5 solution.

    The following features and functionality are unique to hosting deployments:

    • Hosting Installation   When you install Exchange 2010 SP1 for hosting deployments, you will run the installation from the command line and include the /hosting switch. Once installed, your servers will be running in Hosting Mode.
    • Tenant Organization Configuration   Because you will be creating and managing multiple organizations in the hosting deployment, you can use cmdlets and parameters that aren't available to Enterprise deployments.
    • Service Plans   A service plan allows you to enable or disable certain features when deploying tenant organizations. They simplify tenant administration by automatically setting up feature configuration and automatic feature provisioning of mailboxes. In addition, service plans allow you to grant the correct set of RBAC permissions to tenant based on available features.
    • Mailbox Plans   A mailbox plan is a template that automatically populates multiple user properties and assigns default permissions to new or existing user accounts. You use mailbox plans to provision accounts for a particular user population with a common default configuration.

    In the coming post in this series I will go deeply in Exchange 2010 SP1 Hosting Deployment and Installation steps that you will enjoy.

    Related Posts:

  • Exchange 2010 SP1 Hosting – Part 1 “Overview”

    Posted over 3 years ago
    by Maged Ezzat}

    In this series of posts I will go through Exchange 2010 SP1 Hosting details starting from Overview, Deployment, Migration, Multi-Tenant,...etc.

    Microsoft Exchange Server 2010 SP1 supports hosting deployments and provides Hosting Partners the core feature-set of Exchange Server in a manner that can be deployed to multiple customers in a single installation, and provides ease of management and flexibility of provided features to end-users.

    The hosting solution available for Exchange 2010 SP1 includes most of the features and functionality available in Exchange 2010 SP1 Enterprise deployments, but also includes features and functionality that will allow hosters to create and manage tenant organizations; however Exchange 2010 SP1 doesn't support the following features in Hosting mode:

    • Exchange Management Console
    • Public Folders
    • Unified Messaging Server role
    • Federation
    • Business-to-Business features such as cross-premises message tracking and calendar sharing
    • IRM (Information Right Management)
    • Outlook 2003 support (EnableLegacyOutlook)
    • Edge Transport Server role

    The Exchange Server 2010 SP1 Hosting supports the following three separate server roles required to perform the tasks of a carrier-class messaging system

    • Client Access Servers (CAS) - Support the traditional components such as Post Office Protocol 3 (POP3) and Internet Message Access Protocol 4 (IMAP4), Exchange ActiveSync®, Microsoft Outlook Web App, and Outlook Anywhere
    • Hub Transport Servers (Hub) - Perform the internal message transfer, distribution list expansions, and message conversions between Internet mail and Exchange Server message formats
    • Mailbox Servers (MBX) - Maintain mailbox store databases, with high availability provided by Database Access Groups (DAGs)

    Flexible System Scaling Approach

    Although it is technically possible to combine multiple Exchange 2010 server roles onto a single physical or virtual server, one of the goals of this Exchange 2010 SP1 Hosting architecture is to recommend against combining server roles. By implementing a single-role server deployment methodology, service providers can designate server hardware more accurately according to specific tasks, and increase the capacity of the messaging environment selectively, according to specific demands and changing trends. For example, as demand for mobile messaging services continues to grow, service providers can increase the number of Client Access servers without affecting other areas in the messaging environment

    Role-Specific Load Balancing and Fault Tolerance and High Availability

    Different server roles support different techniques and architectures for load balancing and fault tolerance. For example, if multiple Hub Transport servers exist in the same Active Directory® site, Exchange Server 2010 balances the message traffic automatically between these servers, whereas Mailbox servers are not load-balanced in the same way. Redundant copies of mailbox databases can be replicated across multiple servers arranged into Database Availability Groups (DAGs) to achieve fault tolerance.

    Table below shows the load balancing technology per server role that service providers should use in a production environment to implement high availability and fault tolerance.

    Server Role

    Load Balancing Technology

    Mailbox

    Exchange Database Availability Groups (DAGs)

    Hub Transport

    Automatic load balancing through Mail Submission Service

    Hardware load balancing for incoming mail connectivity

    Client Access

    Hardware load balancing

    Exchange 2010 Data Base Availability Group (DAG)

    The new concept of the Database Availability Group (DAG) is exciting Exchange 2010 technology to bring low cost high availability without costly hardware SAN infrastructure.

    clip_image002

    Microsoft Exchange Server 2010 clients will connect to Client Access Servers, which will proxy the requests to the client.  No more LCR, SCR, or CCR…DAG (or Super CCR) uses low cost DAS storage to leverage a “Raid 5” striping of databases to multiple servers.  Client Access Servers (set in load balanced server farms), will provide primary HTTP and a new “distributed RPC endpoint” for Office 2010, Office 2007 emulation of a “standard exchange mailbox server” without needing to upgrade the clients.

    Since clients connect to the CAS servers to proxy requests to the mailbox servers, failover from mailbox server to another in the DAG happen in less than 30 seconds in a failover or move command.

    Some other notable highlights in Exchange 2010 database and HA architecture:

    • Replication between databases will change from being a RPC method, to a TCP socket method which will increase performance on heavily loaded servers.  
    • Replication can be locally or remote (cross-subnet).  You will need CAS servers at the DR site however if you lose the primary datacenter.
    • You can have to 16 mailbox servers in a DAG.
    • There will be no integration with Microsoft Online at the DAG level.   Microsoft Online cannot be used as DR site for a on-premise hosted mailbox.  Either it’s on-premise or hosted, not a mixture of the two.
    • You still Windows Server 2008 Enterprise, as failover clustering feature is required.
    • The concept of Storage Groups is depreciated.
    • Jet is still the storage engine for Exchange 2010 databases.
    • Exchange IO has been reduced 50% from 2007 to 2010 (and already a 70% IO reduction from Exchange 2003 to 2007).
    • Single Instance Storage is going away, as well as the per database table.  A new table is created for each mailbox, creating the scenario for 10,000+ messages in mailboxes due to the sequential read capability. 
    • Server based PST files allows archiving with anywhere access. Helps for e-discovery, OWA searches, and compliance management.

    In the next post I will go through Exchange 2010 SP1 Hosting description.

    Related Posts:

  • Move Mailboxes methods from Exchange 2003/2007 to Exchange 2010

    Posted over 3 years ago
    by Maged Ezzat}

    Typically in the upgrade scenario moving mailboxes will be done from Exchange 2007/2003 mailbox databases (Source) to Exchange 2010 mailbox databases (Target).

    When moving mailboxes from Microsoft Exchange Server 2007 Service Pack 2 (SP2) to Exchange Server 2010, the following should be considered:

    · The move process is performed online, and end-users will be able to access their mailboxes during the move.

    · Mailboxes cannot be moved from Exchange 2007 SP1 or earlier, the source Mailbox server must be running Exchange 2007 SP2 or later.

    · Perform the move from a server running Exchange 2010 by using the Exchange Management Console or the move request cmdlet in the Exchange Management Shell, however Move-Mailbox cmdlet in Exchange 2007 cannot be used to move mailboxes to Exchange 2010 servers.

    Move Mailboxes using Exchange Management Console

    1. In the consoled tree, navigate to Recipient Configuration > Mailbox.

    2. In the result pane, select one or more mailboxes that planned to be moved.

    3. In the action pane, click New Local Move Request.

    4. On the Introduction page, configure the following settings:

    · A new move request will be placed for the following mailboxes this box displays the mailboxes that was selected in the result pane, if you want to add or remove mailboxes, click Cancel, and then make the changes in the result pane.

    · Target mailbox database click Browse to open the Select Mailbox Database dialog box. Use this dialog box to select the target mailbox database to which you want to move the mailboxes. Click OK to return to the wizard.

    5. On the Move Options page, specify how you want to manage corrupted messages if they are found.

    · Skip the mailbox Click this button to specify that mailboxes containing corrupted messages will not be moved.

    · Skip the corrupted messages Click this button to move the mailbox, but not to move any corrupted messages, if you select this option you’ll need to set the Maximum number of messages to skip.

    · Maximum number of messages to skip Use this list to specify a number between -1 and 2,147,483,647, use -1 to skip an unlimited number of corrupted messages.

    6. On the New Local Move Request page, review you configuration settings. Click New to create the move request. Click Back to make changes.

    7. On the Completion page, review the following, and then click Finish to close the wizard:

    · A status of Completed indicates that the wizard completed the task successfully.

    · A status of Failed indicates that task wasn’t completed, if the task fails, review the summary for an explanation, and then click Back to make any configuration changes.

    8. Click Finish to close the wizard.

    Move Mailboxes using PowerShell or MoveMailbox.ps1 script

    In this section we will cover Moving Mailboxes using PowerShell cmdlet and using MoveMailbox.psa1 script.

    · Test Whether a mailbox is ready for move:

    This example uses the WhatIf switch to test whether Tony Smith’s mailbox is ready to move to the new database DB01 and if there are any error within the command, when use WhatIf switch the system performs checks on the mailbox, and if the mailbox isn’t ready to move, the error will be generated:

    New-MoveRequest -Identity 'tony@Contoso.com -TargetDatabase DB01 -WhatIf

    · Create a local move request:

    This example moves Tony Smith’s mailbox to the new database DB01:

    New-MoveRequest -Identity 'tony@alpineskihouse.com' -TargetDatabase DB01

    · Create a batch move request:

    This example create a batch move request for all mailboxes on the database DB01 and moves to the database DB02 with the BatchName parameter valude DB01ToDB02

    Get-Mailbox -Database DB01 | New-MoveRequest -TargetDatabase DB02 -BatchName "DB01toDB02"

    · Create a move request that suspends before completion:

    This example creates a move request that is suspended after all the initial content is moved, but before the mailbox is locked down and switched over to the new location:

    New-MoveRequest -Identity 'tony@alpineskihouse.com' -TargetDatabase DB01 -SuspendWhenReadyToComplete

    · Create a move request that is processed by a specific server:

    This example creates a move request that is processed by the specific Client Access server CAS1.contoso.com, which has the Microsoft Exchange Mailbox Replication service installed:

    New-MoveRequest -Identity 'tony@alpineskihouse.com' -TargetDatabase DB01 -MRSServer CAS1.Contoso.com

    · Create a suspend move request:

    This example creates a batch move request that is suspended for all mailboxes on database DB01, you may want to run this command if want to create the move request now and then resume it in the evening, when e-mail traffic is low:

    Get-Mailbox -Database DB01 | New-MoveRequest -TargetDatabase DB02 -BatchName "26August"

    · Move Mailboxes by using the MoveMailbox.ps1 Script in the Shell:

    Similar to the Move-Mailbox cmdlet in Microsoft Exchange 2007, the MoveMailbox.ps1 script provides a synchronous management experience for moving mailboxes, by default scripts are installed at “C:\Program Files\Microsoft\Exchange Server\V14\Scripts”,

    MoveMailbox.ps1 performs the following tasks:

    a. Creates a local move request.

    b. Waits for the mailbox move to complete.

    c. Clears the move request after it completes.

    MoveMailbox.ps1 include two parameter sets, the 1st parameter set moves a single mailbox, or you can pipeline mailboxes into the command, the 2nd parameter set moves all mailboxes hosted on a specific database, or you can pipeline database objects into the command to move all mailboxes that reside on those mailbox databases, these are different example that we can follow while using MailboxMove.ps1 to move batch of mailboxes as the following:

    · Example 1:

    In this example moves the mailboxes that begin with “ay”, if these mailboxes reside on the mailbox database DB1, this example uses the DatabaseMap parameter to move them to mailbox database DBA, if these mailboxes reside on DB2, the example moves them to mailbox database DBB:

    Get-Mailbox ay* | .\MoveMailbox.ps1 –DatabaseMap @{“DB1”=”DBA”;”DB2”=”DBB”}

    · Example 2:

    This example moves Tony Smith’s mailbox to DB2:

    .\MoveMailbox.ps1 -Identity "Tony@Contoso.com" -TargetDatabase "DB2"

    · Example 3:

    This example moves all mailboxes that reside on mailbox database DB1 to database DB2:

    .\MoveMailbox.ps1 -MailboxDatabase DB1 -TargetDatabase DB2

    · Example 4:

    This example uses the Get-MailboxDatabase cmdlet to retrieve all mailbox database objects whose mailbox database begins with “DB1”, and then pipeline the result to the MoveMailbox.ps1 script:

    Get-MailboxDatabase DB1* | .\MoveMailbox.ps1 -DatabaseMap @{"DB10"=DBA;"DB11"="DBB";"DB12"="DBA"}

  • SharePoint Servers Time-zone

    Posted over 4 years ago
    by Mohamed M Malek}

    This is a small note. Please make sure that all servers belonging to the same farm are actually on the same time-zone.

    I had a very strange issue where performing any actions on a farm server would not be executed (as far as I saw it initially). I was trying to start or stop services on a server and it just hang on starting or stopping state on that specific server forever (it turned out later that it is not forever it’s just two hours). I tried to rebuild the farm three times and every time it is the same issue. So what I done is I created the farm on a server and finalized all configuration on that server and then added the second one just to overcome the fact that I cannot do this once I added the second server.

    Then the real problem surfaced when I started to deploy solutions to this farm, it told me that the solution deployment is scheduled after two hours, strange!!!

    I then checked and BAM the servers are not on the same time zones and the difference between them is two hours. so that’s why it would take 2 hours for a change to be propagated from one server to the other.

     

  • New Windows 2008 / 2008 R2 Group Policy Preferences

    Posted over 4 years ago
    by Maged Ezzat}

    I found that it is very important to know what is new in Windows 2008 and Windows 2008 R2 Group Policy Preferences, that is why I shared this information that I collected from Microsoft Documentation.

    With the release of Windows Server 2008 additional GPO functionality has been included in the operating system for the configuration and management of Group Policy Preferences. These preferences will apply to Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008. If Group Policy Preferences are to be used on an operating system earlier than Windows Vista SP1 or Windows Server 2008, then a download and installation of the Client Side Extension option will be required in order for the preferences to be processed by the client.

    The use of Group Policy Preferences (GPP) allows for settings to be applied to a computer as well as allowing the local user to change the settings at a later date. GPP have also been designed to help replace the more complex tasks of drive mapping and environment variable setups without the need for complex logon scripts. An additional feature also allows for “item-level targeting” which as the name suggests allows you to set very granular filters on individual policy items within a GPO, note this is only for GPP options. There are 27 filter criteria that can be used to control each individual item. An example of this usage might be for the generic GPO to have some tightly controlled settings set within the normal policy, for a given OU, however additional options could then be targeted at specific computers allowing additional configuration to take place.

    The configurable features in GPP are directed at User and Computers, although some apply to both there are instances when the feature only applies to one type:-

    · Environment – The environment extension is per-computer and per-user and lets you configure both system and user environment variables (e.g. %temp%) on a given target system. Note that with all GPP settings, you can choose different actions for this extension. You can create a new environment variable, update or replace an existing one, or delete an existing one.

    · Files – Both on a per-computer and per-user extension that lets you distribute files to your end-user computer or user. For example, you might use this to distribute shortcuts to your user’s desktops or data files required for a local desktop application or even delete temporary files that are created by applications from a specific location

    · Folders – Both on a per-computer and per-user extension that lets you create, update and delete folder structures on target systems or users. For example, you might use this setting to delete temporary folders that get created on computers.

    · INI Files – Both on a per-computer and per-user extension that lets you create, delete or update values within text-based ini files.

    · Registry – Both on a per-computer and per-user extension—this extension is powerful in that you can create, delete and update registry keys and values on target systems. Because this extension provides the ability to easily push registry values to computers and users through a GUI interface, and because it supports all the different value types in the registry, this extension effectively eliminates the need for creating custom ADM files for pushing out registry modifications through Administrative Template policy

    · Network Shares – A per-computer extension only—this extension lets you create shares on target computers—be they desktops or servers. You can create, delete and update shares, in fact, on any target system. In addition, the extension lets you set a user limit on the share.

    · Shortcuts – This is both a per-computer and per-user extension that lets you create and distribute shortcuts to computers and users. You can manage shortcuts to file systems, web URLs and Windows shell objects (e.g. My Computer). This extension does not copy .lnk files around, but rather creates shortcuts on the fly, that meet your specifications. You can specify all of the normal parameters of a shortcut, including the “Start in” field, the icon that appears with the shortcut and any arguments for the target that the shortcut executes.

    · Drive Maps – This is a per-user extension that lets you control drive mappings for end users. You can create, delete and update drive mappings to UNC paths and can control which drive letter is mapped (or use next available). You can also choose to hide or show the particular drive letter to the user. This option could be utilized to help remove the need for logon scripts.

    · Data Sources – This is a per-computer and per-user extension that lets you manage system or user ODBC data sources used by applications that leverage databases. This extension lets you choose the ODBC driver type, and provide credentials for the connection to the database, which are stored encrypted within the GPO.

    · Devices – This is a per-computer and per-user extension that lets you allow or deny use of devices based on the device class. For example, you could use this extension to deny the use of all thumb drives or all CD burners. Better configuration options are available in the Group Policy Object itself when working against Windows Vista clients.

    · Folder Options – This is a per-computer and per-user extension that lets you set file extension associations. For example, you can use this extension to associate all .log files with a particular text reader.

    · Local User and Groups – This is both a per-computer and per-user extension that provides a variety of control around local user and group accounts. You can create, update, replace or delete users and group accounts from local computers. You can also update the password for accounts local to the computer.

    · Network Options – This per-computer and per-user extension lets you manage VPN and Dial-up Networking (DUN) connections on your systems. For example, centrally create a VPN client configuration for all of your corporate users that require VPN-based remote access, and if something changes in your VPN configuration, you can easily update those connections using this feature.

    · Power Options – This per-computer and per-user extension lets you configure power management settings on XP/2003 systems. New to Windows Server 2008 R2 is the additional Power Plans for Windows Vista and later clients. By using this feature, you can create a default configuration that users can later change as necessary.

    · Printers – This per-computer and per-user extension lets you manage printer mappings. You can use it to install Shared, TCP/IP or Local printers. Shared printers are per-user only. This feature can use this extension along with item-level targeting to map printers based on criteria such as user groups or IP address ranges. The Windows Vista GPO provides native support for deploying printers, however, it only support shared printers and requires AD schema extensions. In contrast, using the Printer extension supports shared, local and TCP/IP printers.

    · Services – This is a per-computer extension that lets you control service configuration. While this extension is somewhat redundant to the existing Group Policy security setting that lets you configure service start-up type and security, the GPP version of this feature gives you more control. While you can’t configure service security using this extension, you can configure elements of a service such as the account that it uses to logon to the system (along with password changes to those service accounts) as well as the recovery behavior of the service (e.g. restart after failure or run an external program when the service fails). In addition, this extension supports the ability to perform actions on the service (like stopping and starting it) when the policy is processed.

    · Internet Settings – This per-user extension provides additional control over IE 5, 6, 7 and 8 configurations. Although GP already provides both IE Maintenance policy and Administrative Templates settings for controlling IE security and behavior, this GPP extension provides some additional control that these two earlier policy areas do not, such as the ability to configure all of the options on IE’s Tools, Internet Options, Advanced tab as well as more common aspects such as the Connections tab, home page and the size of Temporary Internet Files and browser history.

    · Regional Options – This per-user extension provides the ability to control the options available in the Control Panel, Regional Settings applet, such as default user locale, how numbers, currency, data and time are displayed, and the user’s default country location.

    · Start Menu – This per-user extension lets you control the configuration of the Start Menu and its various options. From here you can enable or disable items that should appear on the Start Menu, set the size of Start Menu icons and how many programs appear, as well as customizing “Classic Start Menu” behavior. Note that this extension supports Windows XP, Windows Vista and Windows 7.

    · Scheduled Tasks – This per-computer and per-user extension lets you create scheduled tasks to execute applications at particular times. It also supports something called an immediate task, which means that you can set an immediate task to execute as soon as Group Policy processes this setting. New to Windows Server 2008 R2 is the additional options to define Schedule tasks and immediate task for Windows Vista and later.