E14 RBAC: Add MessageTracking Role to child domain

 

 

1. Message Tracking Role

   http://technet.microsoft.com/en-us/library/dd876858.aspx

   

2. Although we’ve assigned “Message Tracking” role on “BQC Recipient Root” but it seems not work when tracking message on local hub servers.

   

3. Now try to assign “Message Tracking” role on local site server scope.

   

4. Get-ManagementRole “Message Tracking”

   

5. [PS] C:\>New-ManagementRoleAssignment -SecurityGroup "BQC E14 Copy of Server Management @BQC_E14_Servers" -Role "Message Tracking"
6. 

7.  

   [PS] C:\>Get-MessageTrackingLog -ResultSize Unlimited -Start "1/31/2013 01:00AM" -Sender "Andrew.Yang@MSFT.com" -Recipients "1637970000@qq.com" | ft ClientIP, ClientHostName, ConnectorID, ServerHostName,RecipientStatus

   

E14 LAB: RBAC – Remove-ManagementRoleAssignment

 

1. [PS] C:\>Get-ManagementRoleAssignment -Identity "Send*" | ft Name

   

2. [PS] C:\>Get-ManagementRoleAssignment "Send Connectors-BQC E14 Copy of Server Management @BQC_E14_Serve" | Remove-ManagementRoleAssignment –Confirm

   

3. 

E14 Ticket: RBAC for Customize Role for Send Connector

 

 

1. Create a role from parent role

   [PS] C:\>New-ManagementRole -Name "BQC-Send Connectors" -Parent "Send Connectors"

Name RoleType
—- ——–
BQC-Send Connectors SendConnectors

2. [PS] C:\>Get-ManagementRole "BQC-Send Connectors" | fl
   

   RunspaceId : c28c8c78-5d9b-4140-9d8e-7983a2c3e5cf RoleEntries : {(Microsoft.Exchange.Management.PowerShell.E2010) Get-DomainController -Credential -Debug -DomainName -ErrorAction -ErrorVariable -Forest -GlobalCatalog -OutBuffer -OutVariable – Verbose -WarningAction -WarningVariable, (Microsoft.Exchange.Management.PowerShell.E2010) Get-ExchangeServer -Debug -Domain -DomainController -ErrorAction -ErrorVariable -Identit y -OutBuffer -OutVariable -Status -Verbose -WarningAction -WarningVariable, (Microsoft.Ex change.Management.PowerShell.E2010) Get-ReceiveConnector -Debug -DomainController -ErrorA ction -ErrorVariable -Identity -OutBuffer -OutVariable -Server -Verbose -WarningAction -W arningVariable, (Microsoft.Exchange.Management.PowerShell.E2010) Get-SendConnector -Debug -DomainController -ErrorAction -ErrorVariable -Identity -OutBuffer -OutVariable -Verbose -WarningAction -WarningVariable, (Microsoft.Exchange.Management.PowerShell.E2010) Get-Tr ansportServer -Debug -DomainController -ErrorAction -ErrorVariable -Identity -OutBuffer – OutVariable -Verbose -WarningAction -WarningVariable, (Microsoft.Exchange.Management.Powe rShell.E2010) Remove-SendConnector -Confirm -Debug -DomainController -ErrorAction -ErrorV ariable -Identity -OutBuffer -OutVariable -Verbose -WarningAction -WarningVariable -WhatI f, (Microsoft.Exchange.Management.PowerShell.E2010) Write-AdminAuditLog -Comment -Confirm -Debug -DomainController -ErrorAction -ErrorVariable -OutBuffer -OutVariable -Verbose -W arningAction -WarningVariable -WhatIf, (Microsoft.Exchange.Management.PowerShell.E2010) S et-SendConnector -AddressSpaces -AuthenticationCredential -Comment -Confirm -ConnectionIn activityTimeOut -Debug -DNSRoutingEnabled -DomainController -DomainSecureEnabled -Enabled -ErrorAction -ErrorPolicies -ErrorVariable -Force -ForceHELO -Fqdn -Identity -IgnoreSTAR TTLS -IsCoexistenceConnector -IsScopedConnector -LinkedReceiveConnector -MaxMessageSize – Name -OutBuffer -OutVariable -Port -ProtocolLoggingLevel -RequireOorg -RequireTLS -SmartH ostAuthMechanism -SmartHosts -SmtpMaxMessagesPerConnection -SourceIPAddress -SourceTransp ortServers -TlsAuthLevel -TlsDomain -UseExternalDNSServersEnabled -Verbose -WarningAction -WarningVariable -WhatIf, (Microsoft.Exchange.Management.PowerShell.E2010) New-SendConne ctor -AddressSpaces -AuthenticationCredential -Comment -Confirm -ConnectionInactivityTime Out -Custom -Debug -DNSRoutingEnabled -DomainController -DomainSecureEnabled -Enabled -Er rorAction -ErrorPolicies -ErrorVariable -Force -ForceHELO -Fqdn -IgnoreSTARTTLS -Internal -Internet -IsCoexistenceConnector -IsScopedConnector -LinkedReceiveConnector -MaxMessage Size -Name -OutBuffer -OutVariable -Partner -Port -ProtocolLoggingLevel -RequireOorg -Req uireTLS -SmartHostAuthMechanism -SmartHosts -SmtpMaxMessagesPerConnection -SourceIPAddres s -SourceTransportServers -TlsAuthLevel -TlsDomain -Usage -UseExternalDNSServersEnabled – Verbose -WarningAction -WarningVariable -WhatIf} RoleType : SendConnectors ImplicitRecipientReadScope : Organization ImplicitRecipientWriteScope : Organization ImplicitConfigReadScope : OrganizationConfig ImplicitConfigWriteScope : OrganizationConfig IsRootRole : False IsEndUserRole : False MailboxPlanIndex : Description : IsDeprecated : False AdminDisplayName : ExchangeVersion : 0.12 (14.0.451.0) Name : BQC-Send Connectors DistinguishedName : CN=BQC-Send Connectors,CN=Send Connectors,CN=Roles,CN=RBAC,CN=MSFT,CN=Microsoft Exchange, CN=Services,CN=Configuration,DC=corp,DC=com Identity : BQC-Send Connectors Guid : d7f1d5bf-e01e-43f0-baba-9885db6aa0c9 ObjectCategory : corp.com/Configuration/Schema/ms-Exch-Role ObjectClass : {top, msExchRole} WhenChanged : 1/31/2013 10:32:59 AM WhenCreated : 1/31/2013 10:32:59 AM WhenChangedUTC : 1/31/2013 2:32:59 AM WhenCreatedUTC : 1/31/2013 2:32:59 AM OrganizationId : OriginatingServer : BQTDC03.MSFT.corp.com IsValid : True

3. [PS] C:\>Get-ManagementRoleEntry "BQC-Send Connectors\*"

   

4. [PS] C:\>Get-ManagementRoleEntry "BQC-Send Connectors\*" | where {($_.Name -like "Remove-SendConnector")}

   

[PS] C:\>Get-ManagementRoleEntry "BQC-Send Connectors\*" | where {($_.Name -like "Remove-SendConnector")} | Remove-ManagementRoleEntry



 

6. Get-ManagementRoleEntry “BQC-Send Connectors\*”
   
   
7. [PS] C:\Windows\system32>New-SendConnector -Name "BQC to Internet" -Verbose -Debug -SourceTransportServers "BQC-HUB01","BQC-HUB02" -AddressSpaces * -Internet

   

8. Remove-SendConnector
   
   [PS] C:\Windows\system32>Get-SendConnector -Identity "BQC to Internet" -DomainController rdc01.corp.com

Identity                                AddressSpaces                           Enabled
——–                                ————-                           ——-
BQC to Internet                         {smtp:*;1}                              True

[PS] C:\Windows\system32>Get-SendConnector -Identity "BQC to Internet" -DomainController rdc01.corp.com | Remove-SendConnector

Confirm
Are you sure you want to perform this action?
Removing Send connector "BQC to Internet".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"): y

E14 Ticket: RBAC – Add role for Create connector at child domain – V1

 

Version 1

1. New-SendConnector is not present in the role definition of the current user.

   

2. About Send-Connector role is
   http://technet.microsoft.com/en-us/library/dd876913.aspx 

   The Send Connectors management role enables administrators to manage transport Send connectors in an organization.

3. Find Send Connectors Role
   [PS] C:\Windows\system32>Get-ManagementRole | Sort-Object Name | ft Name
   
   
4. 
   [PS] C:\Windows\system32>Get-ManagementRole -Identity "Send Connectors" | fl
   
   

   RunspaceId                  : 388383d1-ae70-4f8d-8c00-c07f31dc1594 RoleEntries                 : {(Microsoft.Exchange.Management.PowerShell.E2010) Set-SendConnector -AddressSpaces -Authe                               nticationCredential -Comment -Confirm -ConnectionInactivityTimeOut -Debug -DNSRoutingEnab                               led -DomainController -DomainSecureEnabled -Enabled -ErrorAction -ErrorPolicies -ErrorVar                               iable -Force -ForceHELO -Fqdn -Identity -IgnoreSTARTTLS -IsCoexistenceConnector -IsScoped                               Connector -LinkedReceiveConnector -MaxMessageSize -Name -OutBuffer -OutVariable -Port -Pr                               otocolLoggingLevel -RequireOorg -RequireTLS -SmartHostAuthMechanism -SmartHosts -SmtpMaxM                               essagesPerConnection -SourceIPAddress -SourceTransportServers -TlsAuthLevel -TlsDomain -U                               seExternalDNSServersEnabled -Verbose -WarningAction -WarningVariable -WhatIf, (Microsoft.                               Exchange.Management.PowerShell.E2010) New-SendConnector -AddressSpaces -AuthenticationCre                               dential -Comment -Confirm -ConnectionInactivityTimeOut -Custom -Debug -DNSRoutingEnabled                               -DomainController -DomainSecureEnabled -Enabled -ErrorAction -ErrorPolicies -ErrorVariabl                               e -Force -ForceHELO -Fqdn -IgnoreSTARTTLS -Internal -Internet -IsCoexistenceConnector -Is                               ScopedConnector -LinkedReceiveConnector -MaxMessageSize -Name -OutBuffer -OutVariable -Pa                               rtner -Port -ProtocolLoggingLevel -RequireOorg -RequireTLS -SmartHostAuthMechanism -Smart                               Hosts -SmtpMaxMessagesPerConnection -SourceIPAddress -SourceTransportServers -TlsAuthLeve                               l -TlsDomain -Usage -UseExternalDNSServersEnabled -Verbose -WarningAction -WarningVariabl                               e -WhatIf, (Microsoft.Exchange.Management.PowerShell.E2010) Write-AdminAuditLog -Comment                               -Confirm -Debug -DomainController -ErrorAction -ErrorVariable -OutBuffer -OutVariable -Ve                               rbose -WarningAction -WarningVariable -WhatIf, (Microsoft.Exchange.Management.PowerShell.                               E2010) Remove-SendConnector -Confirm -Debug -DomainController -ErrorAction -ErrorVariable                                -Identity -OutBuffer -OutVariable -Verbose -WarningAction -WarningVariable -WhatIf, (Mic                               rosoft.Exchange.Management.PowerShell.E2010) Get-TransportServer -Debug -DomainController                                -ErrorAction -ErrorVariable -Identity -OutBuffer -OutVariable -Verbose -WarningAction -W                               arningVariable, (Microsoft.Exchange.Management.PowerShell.E2010) Get-SendConnector -Debug                                -DomainController -ErrorAction -ErrorVariable -Identity -OutBuffer -OutVariable -Verbose                                -WarningAction -WarningVariable, (Microsoft.Exchange.Management.PowerShell.E2010) Get-Re                               ceiveConnector -Debug -DomainController -ErrorAction -ErrorVariable -Identity -OutBuffer                               -OutVariable -Server -Verbose -WarningAction -WarningVariable, (Microsoft.Exchange.Manage                               ment.PowerShell.E2010) Get-ExchangeServer -Debug -Domain -DomainController -ErrorAction –                               ErrorVariable -Identity -OutBuffer -OutVariable -Status -Verbose -WarningAction -WarningV                               ariable, (Microsoft.Exchange.Management.PowerShell.E2010) Get-DomainController -Credentia                               l -Debug -DomainName -ErrorAction -ErrorVariable -Forest -GlobalCatalog -OutBuffer -OutVa                               riable -Verbose -WarningAction -WarningVariable} RoleType                    : SendConnectors ImplicitRecipientReadScope  : Organization ImplicitRecipientWriteScope : Organization ImplicitConfigReadScope     : OrganizationConfig ImplicitConfigWriteScope    : OrganizationConfig IsRootRole                  : True IsEndUserRole               : False MailboxPlanIndex            : Description                 : This role enables administrators to manage transport Send connectors in an organization. IsDeprecated                : False AdminDisplayName            : ExchangeVersion             : 0.12 (14.0.451.0) Name                        : Send Connectors DistinguishedName           : CN=Send Connectors,CN=Roles,CN=RBAC,CN=MSFT,CN=Microsoft Exchange,CN=Services,CN=Configur                               ation,DC=corp,DC=com Identity                    : Send Connectors Guid                        : b000eb8b-052e-4cba-9f19-fe0fb2b7aa36 ObjectCategory              : corp.com/Configuration/Schema/ms-Exch-Role ObjectClass                 : {top, msExchRole} WhenChanged                 : 4/30/2012 3:19:02 PM WhenCreated                 : 10/12/2009 3:58:26 PM WhenChangedUTC              : 4/30/2012 7:19:02 AM WhenCreatedUTC              : 10/12/2009 7:58:26 AM OrganizationId              : OriginatingServer           : BQTDC01.MSFT.corp.com IsValid                     : True

5. Add role "Send-Connectors" to Role Group “BQC E14 Copy of Server Management @BQC_E14_Servers”

   [PS] C:\Windows\system32>New-ManagementRoleAssignment -SecurityGroup "BQC E14 Copy of Server Management @BQC_E14_Servers
   " -Role "Send Connectors"

6. After that,

   [PS] C:\>Get-RoleGroup -Identity "BQC E14 Copy of Server Management @BQC_E14_Servers" -DomainController rdc02.corp.com | fl

   

E14 Ticket: Mailbox Audit & log Search

 

 

http://www.msexchange.org/articles-tutorials/exchange-server-2010/compliance-policies-archiving/auditing-mailbox-access.html

Ticket: Messages stuck in Outbox with Outlook Anywhere

msexchange.org/articles-tutorials/exchange-server-2010/management-administration/15-tips-optimize-exchange-2010-infrastructure-part2.html

Messages stuck in Outbox with Outlook Anywhere – Newer network devices have more aggressive timeouts. These timeouts can manifest as problems when using Outlook Anywhere; specifically, messages stuck in the Outbox. To resolve this issue, change the timeout for the RPC Proxy component to 120 seconds:

HKLM\Software\Policies\Microsoft\Windows NT\Rpc\MinimumConnectionTimeout

http://whited0gg.blogspot.tw/2012/08/new-best-practice-for-rpc-timeouts-in.html

http://www.expta.com/2012/06/new-best-practice-for-rpc-timeouts-in.html

http://social.technet.microsoft.com/Forums/en-US/exchangesvrgeneral/thread/3c776c4f-d74d-4dd2-8661-17b2059aad94

[PS] C:\>get-mailbox -database "BQT-DAG2_BenQUser-DB1" | Get-MailboxFolderStatistics -FolderScope outbox | Sort-Object FolderSize -Descending | ft identity, foldersize

---

---

get-mailboxserver | select-object Name,ManagedFolderWorkCycle
(obviously, set-mailboxserver to set it – though I believe it only takes day’s as its input value)
If this isn’t good enough – then you can force this on an individual mailbox (or all if you wanted) using the command;
start-managedfolderassistant USERID

.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, “Courier New”, courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }