Ticket: RemoteAPP performance

[PS] C:\>import-csv c:\userlist.csv | foreach { enable-ummailbox -id $_.samaccou
ntname -ummailboxpolicy MSFTPool -extensions $_.extension -pin $_.extension }

[PS] C:\Documents and Settings\Exchadm\Desktop>Import-Csv c:\userlist.csv | fore
ach { enable-ummailbox -id $_.samaccountname -ummailboxpolicy BenQPool -extensio
ns $_.extension -pin $_.extension }

Get-User -Filter "Title -like '*Manager'"

[PS] C:\Documents and Settings\Exchadm\Desktop>Get-Mailbox -Server bqt-mb07 | ft

-Property,SamAccountName,umenabled,extensions

-Property SamAccountName UMEnabled Extensions

——— ————– ——— ———-

exchadm True {postmaster@benq…

Menghsien.Lin True {7257, Menghsien…

Vincent.PO.Lin True {7233, Vincent.P…

Johnny.Yao True {Johnny.Yao@BenQ…

BQY.TestUser1 False {}

test.microsoft True {test.microsoft@…

Abuse False {}

IMSS.Spam True {1112, IMSS.Spam…

IMSS.Spyware False {}

IMSS.ITrap False {}

IMSS.SPAM_Medium False {}

IMSS.SPAM_Low False {}

whitelist.request False {}

IMSS.Quar False {}

Blog Extended Reading

More Information & Reference

1. bulk enabling users for Unified Messaging

2. Enable-UMMailbox – PowerShell

3. How to Enable a User for Unified Messaging

4. Filterable Properties for the -Filter Parameter

Issue: E14 Cannot create new mailbox

November 19, 2009 by johnnyyao

(PID 11000, Thread 13) Task Enable-Mailbox writing error when processing record of index 0. Error: Microsoft.Exchange.Data.Directory.ADOperationException: Active Directory operation failed on DC12.msft.corp.com. This error is not retriable. Additional information: 存取權限不足，無法執行操作。.
Active directory response: 00002098: SecErr: DSID-03150E8A, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
—> System.DirectoryServices.Protocols.DirectoryOperationException: 使用者的存取權限不足。
   於 System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
   於 System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
   於 Microsoft.Exchange.Data.Directory.PooledLdapConnection.SendRequest(DirectoryRequest request, LdapOperation ldapOperation, IAccountingObject budget)
   於 Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException)
   — 內部例外狀況堆疊追蹤的結尾 —
   於 Microsoft.Exchange.Data.Directory.ADSession.AnalyzeDirectoryError(PooledLdapConnection connection, DirectoryRequest request, DirectoryException de, Int32 totalRetries, Int32 retriesOnServer)
   於 Microsoft.Exchange.Data.Directory.ADSession.ExecuteModificationRequest(ADObject entry, DirectoryRequest request, ADObjectId originalId, Boolean emptyObjectSessionOnException)
   於 Microsoft.Exchange.Data.Directory.ADSession.Save(ADObject instanceToSave, IEnumerable`1 properties)
   於 Microsoft.Exchange.Data.Directory.Recipient.ADRecipientSession.Microsoft.Exchange.Data.IConfigDataProvider.Save(IConfigurable instance)
   於 Microsoft.Exchange.Management.RecipientTasks.EnableMailbox.PrepareRecipientObject(ADUser& user)
   於 Microsoft.Exchange.Management.RecipientTasks.EnableRecipientObjectTask`2.PrepareDataObject()
   於 Microsoft.Exchange.Configuration.Tasks.SetTaskBase`1.InternalValidate()
   於 Microsoft.Exchange.Configuration.Tasks.ObjectActionTask`2.InternalValidate()
   於 Microsoft.Exchange.Configuration.Tasks.RecipientObjectActionTask`2.InternalValidate()
   於 Microsoft.Exchange.Configuration.Tasks.Task.ProcessRecord()

Blog Extended Reading

More Information & Reference

1.
2.

LAB: E14 Mailbox Role – Importing and Exporting Mailbox Data

November 19, 2009 by johnnyyao

Blog Extended Reading

More Information & Reference

1. Understanding Importing and Exporting Mailbox Data
2.

REF: E14 Mailbox Role – Part 5 – Importing and Exporting Mailbox Data

November 19, 2009 by johnnyyao

Importing and Exporting Mailbox Data

E2K7 開始提供的功能

Mailboxes can be exported to another target mailbox or to a .pst file. There are a few reasons why you might want to import or export mailbox data:

Remove one or more messages from mailboxes If a sensitive message was inadvertently sent to incorrect recipients, the export mailbox process can be used to remove those messages from the specified mailboxes.
Compliance requirements The export mailbox process can be used to export the contents of mailboxes for legal discovery and import them into a special mailbox used for compliance purposes.
Create a point in time mailbox snapshot You might want to create a snapshot for certain mailboxes without the need to retain the entire backup set for a mailbox database.

By default, Exchange exports and imports all empty folders, special folders, and subfolders to the target location. To specify folders to either include in or exclude from the export, use the IncludeFolders or ExcludeFoldersparameter. The special folders include:

Inbox
Deleted Items
Drafts
Junk E-Mail
Outbox
Sent Items
Journal
Calendar
Contacts
Notes
Tasks

You can’t export the Recoverable Items folder with the Export-Mailbox cmdlet.

Permissions to Import or Export Mailbox Data

You must have the correct permissions to import or export mailboxes. By default, none of the pre-loaded Role Groups have the Mailbox Import Export role. You must add the Mailbox Import Export role to a role group. For more information, see Add the Mailbox Import Export Role to a Role Group.

New-ManagementRoleAssignment -Name "Import Export_Enterprise Support" -SecurityGroup "Enterprise Support" -Role "Mailbox Import Export"

If you try to run the Import-Mailbox or Export-Mailbox cmdlets and you do not have permission, you will get an error stating that the cmdlet doesn’t exist. In addition, You will need to restart the Exchange Management Shell after you add the Mailbox Import Export role to the role group.

待測

Prerequisites to Import or Export mailbox data

Before you can import or export mailboxes, the following prerequisites must be met:

To export data to a PST file, be aware that you can only export one mailbox at a time to a PST file.
To import or export data, you must perform the task against a 64-bit computer that has the following installed:
- Exchange Server 2010 role
- 64-bit Outlook 2010 or later
To use the Export-Mailbox cmdlet, the source mailbox and the target mailbox must be in the same forest. You can’t export data from a mailbox in one forest to a mailbox in a different forest. For more information about moving mailboxes across forests see the following topics:
- Create a Remote Move Request that has Exchange 2010 in Both Forests
- Create a Remote Legacy Move Request Where One of the Forests Doesn’t Have Exchange 2010
You can’t use the Import-Mailbox cmdlet to import data to a mailbox that is on a server running Exchange Server 2003 or Exchange 2007. To import data from a .pst file to a mailbox on a server that is running Exchange 2003, you must use the Microsoft Exchange Server Mailbox Merge wizard (ExMerge.exe). To import data from a .pst file to a mailbox on a server that is running Exchange 2007, you must first move the mailbox to an Exchange 2010 server. For more information, see Create a Local Move Request.
You can’t import data to a public folder or public folder database.
The mailbox that you’re importing the data to must exist. You can’t import data to a user account that does not have a mailbox.

Importing Mailbox Data

Using the Import-Mailbox cmdlet, you can import data into a mailbox. The mailbox that you are importing data into can be different from the one it was exported from. For example, you can export data from john@contoso.com and import it into legaldiscovery@contoso.com.

The Import-Mailbox cmdlet imports all associated folder messages if they exist in the .pst file. Associated messages contain hidden data with information about rules, views, and forms. If they exist is the PST file, all messages from the transport dumpster are imported. The Import-Mailboxcmdlet imports all message types, including messages, calendar items, contacts, distribution lists, journal entries, tasks, notes, and documents. When data is imported from a .pst file, it is merged into the existing mailbox. If a message from the .pst file already exists, it will not be imported as a duplicate message.

Exporting Mailbox Data

Mailboxes can be exported to another target mailbox or to a .pst file by using the Export-Mailbox cmdlet in the Exchange Management Shell. You can only export a single mailbox at a time.

You can use the Export-Mailbox cmdlet to delete associated messages or to include associated messages in the export process. Associated messages contain hidden data with information about rules, views, and forms. If you use the DeleteContent parameter and do not specify the TargetMailboxparameter, you can delete content from the source mailbox without exporting it to another mailbox.

You can filter the messages that are exported based on recipients and senders. To filter on recipients, use the RecipientKeywords parameter. To filter on the sender, use the SenderKeywords parameter.

If you use any keyword parameters, the Export-Mailbox cmdlet will first export all of the messages, including messages in the dumpster, and then search the target mailbox for messages that meet the keyword criteria. Messages that were in the dumpster on the source mailbox are converted to regular messages in the Deleted Items folder on the target mailbox and will also be searched for keywords. The Export-Mailboxcmdlet then deletes messages on the target mailbox that do not match the keyword criteria. If you also use the DeleteContent parameter,Export-Mailbox will then delete the messages that match the keyword criteria from the source mailbox.

Where Data Is Exported

You must specify a destination mailbox by using the TargetMailbox parameter. You must also specify a folder on the destination mailbox where you want to export data by using the TargetFolder parameter. The TargetFolder parameter specifies the top-level mailbox folder that will be created on the destination mailbox. This folder will contain a subfolder called Recovered Data – <source mailbox alias> – <date time stamp>. The subfolder contains the exported folders and messages within those folders.

If the target folder that you specify already exists on the target mailbox, the exported data will be added to the existing folder. If the target folder does not exist, it will be created.

Blog Extended Reading

More Information & Reference

1. Understanding Importing and Exporting Mailbox Data
2. Exchange 2007 – How to Import Mailbox Data

REF: E14 Mailbox Role – Part 4 – Mailbox Store

November 18, 2009 by johnnyyao

這篇比較偏基礎計算機概論的如資料結構, B-Tree 等的內容就略過.

Exchange 2010 Standard Edition supports five databases. Exchange 2010 Enterprise Edition supports 100 databases.

Logical Components of the Exchange Store

略

File Structure of the Exchange Store

略

Understanding Transaction Logging

To view the decimal sequence number for a specific log file, you can examine its header by using the Exchange Server Database Utilities (Eseutil.exe) tool. The first 4-KB page of each log file contains header information that describes and identifies the log file and the databases it belongs to. The command Eseutil /ml [log file name] displays the header information.

If you have to repair a database, some data will be lost. Data loss is frequently minimal; however, it may be catastrophic. After runningEseutil /p on a database, you should completely repair the database with the following two operations: First, run Eseutil/d to defragment the database. This operation discards and rebuilds all database indexes and space trees.

Improvement to Store Health and Resilience

The Exchange Store has been improved to better handle poison mailboxes and thread timeouts. Improvements have also been made on the reporting and alert features to signal an unhealthy Exchange Store state.

Poison 訊息佇列 Poison 訊息佇列是一種特殊的佇列，用來隔離在伺服器故障後偵測到可能對 Exchange 2007 系統有害的訊息。包含可能對 Exchange Server 系統有嚴重損害之錯誤的訊息會傳遞到 Poison 訊息佇列。此佇列平常是空的，並且如果沒有 Poison 的訊息，佇列檢視介面就不會顯示此佇列。Poison 訊息佇列一律處於就緒狀態。預設會擱置此佇列中的所有訊息。如果訊息被視為對系統有害，可將之刪除。如果導致訊息進入 Poison 訊息佇列的事件經判斷後發現與訊息無關，即可繼續傳遞訊息。繼續傳遞時，訊息會進入提交佇列。

Poison Mailbox Detection and Correction

A single mailbox with corrupt data (logical or physical) may in some cases cause the Exchange Store to crash, and deny service to all mailboxes hosted by the server. Similarly, a poison mailbox could also cause the Exchange Store to repeatedly crash. This section describes the actions the Exchange Store will take to detect and cut off poison mailboxes.

Isolating the Poison Mailbox
略

Acting on the Poison Mailbox
略

Resetting the Quarantined Mailbox
略

Reporting and Alerts

You can use the Get-MailboxStatistics cmdlet to report on the quarantined state of a mailbox. The Exchange Store has a performance monitor counter for the number of quarantined mailboxes. The counter name is MSExchangeIS Mailbox\Quarantined Mailbox Count.

Blog Extended Reading

More Information & Reference

1. Understanding the Exchange 2010 Store

REF: E14 Mailbox Role – Part 3 – E-Mail Address Policies

November 17, 2009 by johnnyyao

1. Update-EmailAddressPolicy 環境中不適合直接run 這個command, 除非重新調整過email address policy.

2. 舊版的email address policy 將無法直接編輯

3. 新版(2007 開始) 的好處是透過GUI 直接選定AD object, 取代過往的LDAP query

(&(&(&(&(|(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3))(&(objectCategory=person)(!objectSid=*))(&(objectCategory=group)(groupType:1.2.840.113556.1.4.804:=14)))(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*))) )))(objectCategory=user)(company=msft*))))

只是不知 Mail group 只套用leagacyExchangeDN 的問題是否有解決?

Exchange applies a policy to all recipients that match the recipient filtering criteria:

The recipient policy functionality is divided into two features: e-mail address policies and accepted domains.
A detailed discussion about accepted domains is outside the scope of this topic. For information about accepted domains, seeUnderstanding Accepted Domains.
When you run the Update-EmailAddressPolicy cmdlet in the Exchange Management Shell, the recipient object is updated with the e-mail address policy. For detailed syntax and parameter information, see Update-EmailAddressPolicy.
Each time a recipient object is modified and saved, Exchange enforces the correct application of the e-mail address criteria and settings. When an e-mail address policy is modified and saved, all associated recipients are updated with the change. In addition, if a recipient object is modified, that recipient’s e-mail address policy membership is reevaluated and enforced.

Custom SMTP e-mail address


Variable	Value
%g	Given name (first name)
%i	Middle initial
%s	Surname (last name)
%d	Display name
%m	Exchange alias
%xs	Uses the first x letters of the surname. For example, if x = 2, the first two letters of the surname are used.
%xg	Uses the first x letters of the given name. For example, if x = 2, the first two letters of the given name are used.

Blog Extended Reading

More Information & Reference

1. Understanding E-Mail Address Policies

REF: Exchange 07 & 10 PowerShell for CAS – Get-CASMailbox

November 17, 2009 by johnnyyao

這個覺得蠻重要的, 一般會用get-mailbox –identity 取得user 資訊, 不過CAS 存取的相關資訊就得換個思考及取得方式如下

Get-CASMailbox

[PS] C:\Documents and Settings\Exchadm\Desktop>Get-CASMailbox -Identity johnny.y
ao | fl

EmailAddresses                        : {EUM:Johnny.Yao@msft.com}
LegacyExchangeDN                      : /O=msft/OU=BQY/cn=Recipients/cn=Johnny.Yao
LinkedMasterAccount                   :
PrimarySmtpAddress                    : Johnny.Yao@msft.com
ProtocolSettings                      : {IMAP4§§1§§§§§§§§, HTTP§1§1§§§§§§, OWA§1}
SamAccountName                        : Johnny.Yao
ServerLegacyDN                        : /o=msft/ou=Exchange Administrative Grou
                                        p (FYDIBOHF23SPDLT)/cn=Configuration/cn
                                        =Servers/cn=BQT-MB07
ServerName                            : bqt-mb07
DisplayName                           : Johnny Yao
ActiveSyncAllowedDeviceIDs            : {}
ActiveSyncMailboxPolicy               : Default
ActiveSyncMailboxPolicyIsDefaulted    : True
ActiveSyncDebugLogging                :
ActiveSyncEnabled                     : True
HasActiveSyncDevicePartnership        : True
OWAEnabled                            : True
OWACalendarEnabled                    :
OWAContactsEnabled                    :
OWATasksEnabled                       :
OWAJournalEnabled                     :
OWANotesEnabled                       :
OWARemindersAndNotificationsEnabled   :
OWAPremiumClientEnabled               :
OWASpellCheckerEnabled                :
OWASearchFoldersEnabled               :
OWASignaturesEnabled                  :
OWAThemeSelectionEnabled              :
OWAJunkEmailEnabled                   :
OWAUMIntegrationEnabled               :
OWAWSSAccessOnPublicComputersEnabled :
OWAWSSAccessOnPrivateComputersEnabled :
OWAUNCAccessOnPublicComputersEnabled :
OWAUNCAccessOnPrivateComputersEnabled :
OWAActiveSyncIntegrationEnabled       :
OWAAllAddressListsEnabled             :
OWAChangePasswordEnabled              :
OWARulesEnabled                       :
OWAPublicFoldersEnabled               :
OWASMimeEnabled                       :
OWARecoverDeletedItemsEnabled         :
PopEnabled                            : True
PopUseProtocolDefaults                : True
PopMessagesRetrievalMimeFormat        : BestBodyFormat
PopEnableExactRFC822Size              : False
ImapEnabled                           : True
ImapUseProtocolDefaults               : True
ImapMessagesRetrievalMimeFormat       : BestBodyFormat
ImapEnableExactRFC822Size             : False
MAPIEnabled                           : True
MAPIBlockOutlookNonCachedMode         : False
MAPIBlockOutlookVersions              :
MAPIBlockOutlookRpcHttp               : False
IsValid                               : True
OriginatingServer                     : dc13.msft.corp.com
ExchangeVersion                       : 0.1 (8.0.535.0)
Name                                  : Johnny.Yao
DistinguishedName                     : CN=Johnny.Yao,,DC=msft,DC=corp,DC=com
Identity                              : msft.corp.com/msfter/Johnny.Yao
Guid                                  : a8d0047a-7384-4125-a7f2-ac9e137a74a4
ObjectCategory                        : corp.com/Configuration/Schema/Person
ObjectClass                           : {top, person, organizationalPerson, user}
WhenChanged                           : 11/11/2009 10:07:57 PM
WhenCreated                           : 12/5/2005 11:28:59 AM

[PS] Get-CASMailbox -Identity johnny.yao | fl -Property popenabled

[PS] Get-CASMailbox | fl -Property popenabled

Blog Extended Reading

More Information & Reference

1. 如何啟用或停用使用者的 POP3 存取權

REF: Exchange 2010 Back Pressure

November 17, 2009 by johnnyyao

Back pressure is a system resource monitoring feature of the Microsoft Exchange Transport service that exists on Microsoft Exchange 2010 Hub Transport and Edge Transport servers. Exchange Transport can detect when vital resources, such as available hard disk drive space and available memory, are under pressure, and take action in an attempt to prevent service unavailability.

Back pressure prevents the system resources from being completely overwhelmed and Exchange server tries to deliver the existing messages. When utilization of the system resource returns to a normal level, the Exchange server gradually resumes normal operation.

In Exchange 2007, when a Hub or Edge server is under resource pressure, it rejected incoming connections. In Exchange 2010, incoming connections are accepted, but incoming messages over those connections are either accepted at a slower rate or are rejected. When an SMTP host attempts to make a connection to a Hub or Edge server that is in back pressure, the connection will succeed but when the host issues the MAIL FROM command to submit a message, depending on the resource that is under pressure, Exchange either delays the acknowledgement to the MAIL FROM command or rejects it.

The following system resources are monitored as part of the back pressure feature:

Free space on the hard disk drive that stores the message queue database.
Free space on the hard disk drive that stores the message queue database transaction logs.
The number of uncommitted message queue database transactions that exist in memory.
The memory that is used by the EdgeTransport.exe process.
The memory that is used by all processes.

For each monitored system resource on a Hub Transport server or Edge Transport server, the following three levels of resource utilization are applied:

Normal The resource is not overused. The server accepts new connections and messages.
Medium The resource is slightly overused. Back pressure is applied to the server in a limited manner. Mail from senders in the authoritative domain can flow. However, depending on the specific resource under pressure, the server tar pits or rejects incoming MAIL FROM commands from other sources.
High The resource is severely overused. Full back pressure is applied. All message flow stops, and the server rejects all new incoming MAIL FROM commands.

By default, the message queue database transaction logs are stored at C:\Program Files\Microsoft\ExchangeServer\V14\TransportRoles\data\Queue. Exchange monitors the hard disk space utilization for this location. The EdgeTransport.exe.config file contains a DatabaseCheckPointDepthMax parameter that has a default value of 512 MB. This parameter controls the total allowed size of all uncommitted transaction logs that exist on the hard disk drive. This parameter is used in the formula that calculates hard disk drive utilization.

Blog Extended Reading
1. REF: Exchange 2007 Back Pressure

More Information & Reference

1. Exchange 2007 了解背壓
2. E14 Understanding Back Pressure
3. Understanding the EdgeTransport.exe.Config File

Johnnyyao WorkSpace Backup Site

Smile! You’re at the best WordPress.com site ever

Monthly Archives: November 2009

Ticket: RemoteAPP performance