Tag Archives: Exchange

Active Directory Windows Server Windows XP

Use Syslog on Windows

There are a number of tools available for using Syslog in a Windows environment. I’ll look at Snare as it’s pretty flexible and easy to configure. First download the snare installation executable from http://sourceforge.net/projects/snare. Once downloaded run the installer and simply follow all of the default options, unless you’d like to password protect the admin page, at which point choose that. Note that the admin page is by default only available to localhost.

Once installed, run the “Restore Remote Access to Snare for Windows” script.

Screen Shot 2014-04-10 at 10.56.43 AM

Then open http://127.0.0.1:6161 and click on Network Configuration in the red sidebar. There, we can define the name that will be used in syslog (or leave blank to use the hostname), the port of your syslog server (we used 514 here) and the address of your syslog server (we used logger here but it could be an IP or fqdn).

Screen Shot 2014-04-08 at 10.58.04 AM

 

Once you have the settings you’d like to use, scroll down and save your configuration settings. Then, open Services and restart the Snare service.

Screen Shot 2014-04-08 at 10.56.22 AM

Then run the Disable Remote Access to Snare for Windows option and you’re done. Now, if you’re deploying Snare across a lot of hosts, you might find that scripting the config is faster. You can send the Destination hostname (here listed as meh) and Destination Port (here 514) via regedit commands (Destination and DestPort respectively) and then restart the service.

Screen Shot 2014-04-08 at 10.56.51 AM

I’ll do another article at some point on setting up a logstash server to dump all these logs into. Logstash can also parse the xml so you can search for each attribute in the logs and with elasticsearch/hadoop/Kibana makes for an elegant interface for parsing through these things.

Microsoft Exchange Server Windows Server

Script to Create Exchange Mailboxes for Active Directory Users Based On OU

Here’s a little powershell script to enable mailboxes based on an OU and put their new mailbox into a given database. To customize, change OU=ORGANIZATIONALUNIT,DC=companyname,DC=com to the DN for the OU you are configuring. Also, change DATABASENAME to the name of the information store that you’d like to use for the mailboxes in that OU.

Import-module activedirectory

$OUusers = Get-ADUser -LDAPfilter ‘(name=*)’ -searchBase {OU=ORGANIZATIONALUNIT,DC=companyname,DC=com}
foreach($username in $OUusers)
{
Enable-Mailbox -Identity $username.SamAccountName -database {DATABASENAME}
}

Microsoft Exchange Server Windows Server Windows XP

Check It Ma, Logz For Dayz

On a Mac, I frequently use the tail command to view files as they’re being written to or in use. You can use the Get-EventLog cmdlet to view logs. The Get-EventLog cmdlet has two options I’ll point out in this article. The first is -list and -newest.

The first is used to view a list of event logs, along with retention cycles for logs, log sizes, etc.

Get-EventLog -list

You can then take any of the log types and view information about them. To see System information:

Get-EventLog System

There will be too much information in many of these cases, so use the -newest option to see just the latest:

Get-EventLog system -newest 5

The list will have an Index number and an EventID. The EventID can then be used to research information about each error code. For example, at http://eventid.net.

Microsoft Exchange Server

Selectively Import PST Files Into Outlook

I’ve written plenty about exporting mailboxes from Exchange. But what if you need to perform a selective import into Outlook? This is helpful for importing mail in date ranges, using an import to search for terms (common with litigation holds) and importing contacts and calendars.

To get started, click Open from the File ribbon.

Screen Shot 2014-02-03 at 10.51.01 AM

When prompted, click on Import/Export.

Screen Shot 2014-02-03 at 10.51.11 AM

At the Import and Export Wizard screen, click on “Import from another program or file”

Screen Shot 2014-02-03 at 10.51.27 AM

At the “Import a File” screen, click on “Outlook Data File (pst)”

Screen Shot 2014-02-03 at 10.51.41 AM

 

At the Import Outlook Data File screen, choose the mailbox to import into and then click on the Filter button. Using the filtering options, you can choose to import based on date ranges, using search terms, selecting specific folders or a combination of all of these.

Microsoft Exchange Server

Migrating Symantec Enterprise Vault SQL Tables

If you use Symantec’s Enterprise Vault solution and you need to migrate the SQL tables for Enterprise Vault to another server, you might have noticed that it’s not as simple as dumping tables from one host, restoring tables to another and changing some information on the Enterprise Vault server. This process takes a lot of time and is a relatively painful endeavor.

But now Symantec has made the process much simpler, releasing a migration tool just for the database, available here: http://www.symantec.com/business/support//index?page=content&id=TECH214373

I guess they were listening to customers who complained about the process. Good for them!

Microsoft Exchange Server Network Infrastructure Windows Server

Delete Messages From Exchange Using PowerShell

Before I type anything else, allow me to state that running a search and deleting things with a script from a users (or a loop of all users) is a very dangerous process. However, I’ve often noticed that an outbreak of bad things can cause us to do some pretty awesome things. So, you can use the get-Mailbox cmdlet to pipe a mailbox into the search-mailbox cmdlet and from there use the -SearchQuery option to search for an attachment, following the attachment option with a filename and then delete it using the -DeleteContent option. The example would be as follows:

Get-Mailbox -Identity “cedge” | Search-Mailbox -SearchQuery attachment:ichatsmileys.pkg.zip -DeleteContent

You can also filter search queries based on To, From, CC, Subject, Sent date and of course, policy data. You can also use the -TargetMailbox and -TargetFolder options to move messages into a quarantine mailbox/space.

Microsoft Exchange Server Windows Server

Redirecting Exchange Login Pages

By default, when you require an SSL certificate in IIS on an Exchange server, if users hit the page without providing an https:// in front they will get an error. Rather than require certificates, it’s better in most cases to redirect unsecured traffic to a secured login page. In order to do so, first configure the redirect. To do so, open IIS Manager and click on the Default Web Site.

At the bottom of the pane for the Default Web Site, click Features View if not already selected.
Screen Shot 2013-12-02 at 1.17.09 PM
Then open HTTP Redirect. Here, check the box for “Redirect requests to this destination” and provide the path to the owa virtual directory (e.g. https://krypted.com/owa).

Screen Shot 2013-12-02 at 1.18.03 PMIn the Redirect Behavior section, select the “Only redirect requests to content in this directory (not subdirectories)” check box and set the Status code to “Found (302)”.

In the Actions pane to the right of the screen, click Apply. Then click on Default Web Site again and open the SSL Settings pane. Here, uncheck the box for Require SSL.

Screen Shot 2013-12-02 at 1.17.19 PMOnce done, restart IIS by right-clicking on the service and choosing Restart or by running iisreset:

iisreset /noforce

Next, edit the offline address book web.config file on the CAS, stored by default at (assuming Exchange is installed on the C drive) C:\Program Files\Microsoft\Exchange Server\\ClientAccess\oab. To edit, right-click web.config and click Properties. Then click Security and then Edit. Under Group, click on Authenticated Users. Then click Read & execute for Authenticated Users in Permissions. Then click OK to save your changes.

Finally, if you have any issues with any messages not working, start the IIS Manager. Then browse to the virtual directories and open HTTP Redirect. Then uncheck “Redirect requests to this destination” and click Apply. When you’re done, restart IIS again and test the ability to send and receive emails to make sure that mail flow functions without error from within the web interface.

Microsoft Exchange Server Windows Server

Temporarily Disable Timeout Detection For Exchange 2010 and Up

I’ve seen a number of cases where Exchange Information Stores are located on SANs. If you don’t have enough throughput you’re likely to see RPC request timeouts for the database, mailboxes or even a server. This typically correlates to Event IDs of 10025, 10026 and 10027. If a mailbox is having such problems then it will be quarantined. If you have this happen once or twice then it’s likely not that big of a deal. However, if it happens repeatedly then you’ve likely got a problem. These can be cumbersome to fix. So while you’re working on things, rather than have mailboxes go offline all the time, you can edit the registry to turn off the time-out detection that causes quarantining of assets. To do so, open regedit and backup your registry. Once done, locate the following key (assuming the server name is KRYPTEDEX2010:

\\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\KRYPTEDEX2010

Right-click the name of the server, click on New, and create a “DWORD (32-bit) Value” with a name of DisableTimeoutDetection. Set the value to 1 and save. All done. Good luck fixing your I/O (and don’t treat the symptom without curing the disease or you’ll end up having to isinteg your database eventually).

Microsoft Exchange Server Windows Server

Exchange Server 2010 PowerShell Mailbox Exports

Need to export mailboxes from Exchange? Hate using exmerge to do so. Gone are the days of exmerge. Well, not entirely. But welcome to the days of New-MailboxExportRequest. Much longer and cooler command than exmerge ever thought about being.

C:\>New-MailboxExportRequest -Mailbox cedge -FilePath \\kryptedexchange.krypted.com\pst\cedge.pst

You then receive confirmation that the export has been queued:

Name Mailbox Status
---- ------- ------
MailboxExport krypted.com/Users/cedge... Queued

To view the status, swap New with Get (Get-MailboxExportRequest):

Get-MailboxExportRequest

The output is as follows:

Name Mailbox Status
---- ------- ------
MailboxExport krypted.com/Users/cedge... InProgress

To get even more info, use the -Name option with Get-MailboxExportRequest, identifying the actual process name.

Get-MailboxExportRequest -Name MailboxExport | fl

The output is as follows:

RunspaceId : xxxxxxx-aaaa-bbbb-cccc-zzzzzzzzz
FilePath : \\kryptedexchange.krypted.com\pst\cedge.pst
SourceDatabase : MB-HO-01
Mailbox : krypted.com/Company/Users/krypted
Name : MailboxExport
RequestGuid : aaaaaaaa-bbbb-cccc-dddd-000000000000
RequestQueue : AA-BB-02
Flags : IntraOrg, Push
BatchName :
Status : InProgress
Protect : False
Suspend : False
Direction : Push
RequestStyle : IntraOrg
OrganizationId :
Identity : krypted.com/Users/cedge\MailboxExport
IsValid : True

To check the progress of all mailbox export requests, pipe Get-MailboxExportRequest into Get-MailboxExportRequestStatistics:

C:\>Get-MailboxExportRequest | Get-MailboxExportRequestStatistics

The output shows the completion percentage of each process Name:

Name Status SourceAlias PercentComplete
---- ------ ----------- ---------------
MailboxExport InProgress cedge 20

To clear completed requests:

C:\>Get-MailboxExportRequest | where {$_.status -eq "Completed"} | Remove-MailboxExportRequest

iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment

Using Payload Variables in Profile Manager

Profile Manager allows you to leave certain fields that are user-centric blank and it will prompt at the time that the profile is installed for the blank information. These are usually user-centric fields, such as short name and password. You can also create a profile in Profile Manager for each user you want to setup mail, Exchange, iCal, Address Book and other services that are tied to a specific user. You can enter the username for each and leave the password blank and the user will be prompted for the password but have the username filled in. And then there are payload variables.

Note: Before we get started on Payload Variables, it’s worth noting that many did not work well prior to 10.7.3, most notably %email%.

Profile Manager provides a number of ways to configure accounts and settings on iOS based devices. When a user logs in, the user’s name, email address, title, phone number and both the short name and GUID of the user’s account are able to be substituted using variables. These variables have a % in front of and behind the name of the variable, making them easy to identify when looking at accounts. These can easily be put into a profile’s payload. When a user logs in the contents of the payload variable are replaced with the information for the account that logged in using the /MyDevices page in the web enrollment interface. When the enrollment profile is downloaded to the device, the variable is substituted with the user’s information from directory services (for user payloads) or from the device itself (for device payloads).

Using payload variables is a really straight forward process. First, create a profile by logging into the Profile Manager web interface (the name of the server followed by /ProfileManager. When prompted, provide the username and password for an administrative account.

Click on a group or user who you would like to configure a profile for.

From the profile screen, select the payload that you’d like to configure.

Enter the variable into the field(s) you’d like the substitution to occur in. For example, here I’m using a variable everywhere currently possible.

Note: You can wrap the variable with other text. For example, if you enter krypton.com/%short_name% then for a user of cedge the variable would expand as krypton.com/cedge, useful in doing Exchange configurations.

Variables available for use include user and device variables. These user variables are as follows:

  • %email% – The email address (the EMailAddress attribute)
  • %first_name% – The first name (the FirstName attribute)
  • %full_name% – The full name (the RealName attribute)
  • %guid% The guid (the GeneratedID attribute)
  • %last_name% – The last name (the LastName attribute)
  • %job_title% The job title (the JobTitle attribute)
  • %mobile_phone% The mobile number (the MobileNumber attribute)
  • %short_name% The short name (the RecordName attribute, typically the name of the account )

The device variables are as follow:

  • %BuildVersion% – Full OS version on the device
  • %ICCID% – ICCID (from the SIM card)
  • %IMEI% – IMEI (International Mobile Equipment Identity)
  • %OSVersion% – Common version number of the device’s OS
  • %ProductName% – Product name
  • %SerialNumber% – Serial number
  • %WIFIMAC% – MAC address of the WiFi interface