Awinish's Technical Blog

Lets continue the journey of learning & Share.!!

Archive for the ‘Exchange’ Category

Released Exchange 2013 Role Requirement & Database Calculator

Posted by Awinish on May 15, 2013


Exchange 2013 released long back, but what was missing is Exchange role requirement & database calculators. The calculators helps in sizing the Exchange server role as well as plan the database storage design. People were waiting for the calculator as it helped in sizing and designing of the storage requirements. This was getting delayed and most awaited. The wait is over & Microsoft has released it Exchange 2013 server role as well as database sizing calculator.

http://blogs.technet.com/b/exchange/archive/2013/05/14/released-exchange-2013-server-role-requirements-calculator.aspx

The calculator can be downloaded from the below URL. More information about Exchange 2013 IO performance.

Exchange 2013 Server Role Requirements Calculator

http://gallery.technet.microsoft.com/Exchange-2013-Server-Role-f8a61780

Ask the Perf Guy: Sizing Exchange 2013 Deployments

http://blogs.technet.com/b/exchange/archive/2013/05/06/ask-the-perf-guy-sizing-exchange-2013-deployments.aspx

Microsoft Exchange Server 2013 Management Pack

http://www.microsoft.com/en-us/download/details.aspx?id=39039

 

Advertisements

Posted in Directory Services, Exchange | Tagged: , , | Leave a Comment »

New Exchange Tool Released..PSTCapture and Client N/W Bandwidth Calculator

Posted by Awinish on February 14, 2012


The most awaited tools related with Exchange server.

Exchange Team posted the PST Capture Tool for download.

PST Capture helps you search your network to discover and then import .pst files across your environment – all from a straightforward admin-driven tool. PST Capture will help reduce risk while increasing productivity for your users by importing .pst files into Exchange Online or Exchange Server 2010 – directly into users’ primary mailboxes or archives.

http://blogs.technet.com/b/exchange/archive/2012/01/30/pst-time-to-walk-the-plank.aspx

Microsoft Outlook Configuration Analyzer Tool

The Outlook Configuration Analyzer Tool (OCAT ) provides a quick and easy method to analyze your Microsoft Office Outlook profile for common configurations that may cause problems in Outlook. This can be very useful for busy Help Desk personnel when end-users call for help with Outlook or when you want to identify possible issues with Outlook proactively.

http://www.microsoft.com/download/en/details.aspx?id=28806

Announcing the Exchange Client Network Bandwidth Calculator Beta

Using this tool, you would be able to predict the client network bandwidth requirements for a specific set of users/sites. The calculator needed to deal with Outlook, OWA and Mobile Devices, both on-premises and for Office 365 scenarios.

The following clients are included in this Beta; further clients will be added over time.

  • Outlook 2010
  • Outlook 2007
  • Outlook 2003
  • OWA 2010
  • OWA 2007
  • Windows Mobile
  • Windows Phone

http://blogs.technet.com/b/exchange/archive/2012/02/10/announcing-the-exchange-client-network-bandwidth-calculator-beta.aspx

 

Posted in Exchange | Tagged: | Leave a Comment »

Exchange 2010 SP2 released

Posted by Awinish on December 6, 2011


Exchange 2010 SP2 has been released and available for the download from the below link.

http://www.microsoft.com/download/en/details.aspx?id=28190

More on the Exchange 2010 SP2 improvements.

 http://blogs.technet.com/b/exchange/archive/2011/05/17/announcing-exchange-2010-service-pack-2.aspx

 

Posted in Exchange | Tagged: | Leave a Comment »

Quest and ADMT comparison

Posted by Awinish on October 4, 2011


There are various tools used for migration such as ADMT(Active Directory Migration Tool) from Microsoft, DMM(Domain Migration Manager) from the Quest, Netiq etc.

ADMT is the free tool from the MS and there is no licensing cost involved. Any number of AD objects/servers/computers can be migrated to other domain without need to pay single penny whereas Quest tool is paid and licensing is based on the number of enabled users migrated or mailbox migration for exchange.

Each tool has its own pros and cons, but features and support should be considered in the first place while opting for any migration tool. ADMT has its own advantages like support through MS forum, ability to handle and its working is known to most, getting reference on the internet is easy where as handling/using quest tool requires some kind of skill and learning, quest documents are not easily available, support might be pocket burning here, so both the tool has its own benefits and demerits.

The table below shows the features available with the Quest DMM tool and ADMT tool.

FEATURE

MIGRATION MANAGER

ADMT

COMMENT

Continuous synchronization

Yes

No

Since migration can last for a long time, migrated data might become obsolete and need to be updated. To address this, ADMT performs remigrations throughout the process with different options. This means that it is necessary to repeat the same actions every day, requiring more time and manual effort. Migration Manager greatly simplifies this task, providing real-time directory synchronization and ensuring that critical data is kept up to date. Additionally, Migration Manager  also provides two-way synchronization, making it possible to manage both directories simultaneously. This is especially critical for keeping passwords   and group memberships up to date between the  two environments.

Statistics

Yes

No

Migration Manager Statistics Portal gives you detailed information about the migration project.

Undo

Complete

Limited

Migration Manager allows you to revert any performed changes at any time without restoring data from backup. ADMT cannot roll back resource updating tasks. Directory migration undo is restricted to the last session only; account

Inter-forest migration

Non-destructive

Non-Destructive

ADMT cannot roll back resource updating tasks. Directory migration undo is restricted to the last session only; account merging cannot be undone.

Intra-forest migration

Non-destructive

Destructive

In case of intra-forest migration, ADMT deletes a source account and its tombstone immediately after moving it to the target domain. Functionality to roll back this operation is not provided – it is necessary to re-migrate the account and workstation from the target back to the source.

Migration without trusts

Yes

No

In some organizations, trusts between source and target domains cannot be established due to security reasons. Unlike ADMT, Migration Manager allows migration in this case.

Advanced object selection capabilities

Yes

No

ADMT uses a standard “select users and groups” dialog for object selection. It shows objects in flat list and doesn’t allow filtering of disabled, expired, or system accounts.

Property population rules

Yes

No

Migration Manager lets you modify any object properties before the migration data is actually applied to the target domain, using import file technology. It allows you to populate values from  an HR database or according to some other rules. ADMT does not allow you to modify all object properties, only the Container Name (CN), Relative Distinguished Name (RDN), sAMAccountName and userPrincipalName.

Security descriptor migration

Yes

No

If administrative rights are delegated on the OU level and you plan to preserve the existing delegation model after migration, security descriptors of OUs and accounts should be migrated. ADMT does not migrate security descriptors, and all permissions must be granted manually.

Consolidated resource updating

Yes

No

If you migrate multiple domains, resources should be updated for users from all domains. With ADMT, you have to update the same resources multiple times, separately for each source-target domain pair.

Workstation update

Complete

Limited

Migration Manager provides complete user workstation update. Whereas ADMT requires a reboot of the workstation in order to complete migration, only a logoff/logon is needed with Migration Manager. When migrating the workstation with Migration Manager, you can automatically change the default domain name on the workstations’ logon prompt, making the switch invisible to users. In contrast to ADMT, it also includes update of scheduled tasks and migration   of certificates for encrypted files and mail.

Laptop update

Yes

No

Usually laptops are disconnected from the corporate network and cannot be updated as ordinary workstations. Migration Manager allows you to update laptops via user logon scripts and without additional interaction with users.

Server infrastructure update

• Active Directory

• Exchange 5.5/2000/2003/2007

• SharePoint Services 2.0/3.0, SharePoint Portal Server 2003/2007

• Internet Information Services 5.0/6.0

• SQL Server 7.0/2000/2005

• Systems Management Server 2003/System Center Configuration Manager 2007

• NAS/SAN devices

Exchange 5.5

ADMT has incomplete server resource updating. It requires a great deal of administrator effort because all permissions must be updated manually.

Clean-up SIDHistory

Yes

No

To preserve network security, the SIDHistory attribute of objects should be cleaned up after migration. ADMT does not provide this functionality.

Note:  I’m neither a Quest agent nor MS agent, the above reference posted for reference and informational purpose only during migration tool selection for performing forest/domain migration based on the cost and complexity.

The table posted above is taken from the Quest site.

 

Posted in Directory Services, Exchange, SCCM/SCOM | Tagged: , , | 7 Comments »

New release queued for Exchange 2010 later this year

Posted by Awinish on July 17, 2011


Much awaited PST Capture tool to search & destroy PST files in domain systems due to data theft & misuse is going to be available by the year end. It will also be used for importing the PST into Exchange server as well Exchange online.  You can read more at below links.

http://blogs.technet.com/b/exchange/archive/2011/07/05/coming-soon-pst-capture-tool.aspx

http://exchangepedia.com/2011/07/microsoft-to-release-pst-capture-tool.html

Exchange server 2010 SP2 has been marked for release at the year end with some nice enhancements, more at below link.

http://blogs.technet.com/b/exchange/archive/2011/05/17/announcing-exchange-2010-service-pack-2.aspx

 

Posted in Exchange | Tagged: | 1 Comment »

Updated Exchange 2010 Mailbox Server Role Requirements Calculator

Posted by Awinish on June 1, 2011


I was working for one of the clients on the Exchange 2010 SP1 migration solutions, i realized, there is new version of Exchange 2010 mailbox server role calculator has been released, which i was not aware of & thought of posting for others, if someone is not aware like me,refer the below link with nice explanation of enhancements & improvements over previous versions.

It does give decent details of IO, memory,space etc. and it is targeted for exchange 2010.

http://blogs.technet.com/b/exchange/archive/2010/01/22/3409223.aspx

Download Exchange 2010 Mailbox Server Role Requirements Calculator  v18.2  from the below link.

http://gallery.technet.microsoft.com/v144-of-the-Exchange-2010-1912958d

 

Posted in Exchange | Tagged: , | Leave a Comment »

Configuring DNS in child domain

Posted by Awinish on April 9, 2011


I have seen people through various forums/blogs getting confused : how to configure DNS server in child domain for Parent’s domain name resolutions?  The confusion is, should it point to itself for DNS server address or parent DNS server for name resolution of parent & child domain both? In order to make the life easier & remove the confusion, i thought of coming up with the article on my blog.

Firstly, understand that DNS is the backbone of AD & most of the issues we face in our environment is because of the improper configuration of DNS server.  In few posts, i saw people using Public IP as the DNS address or ISP’s DNS address directly configured into their servers/domain systems NIC for preferred DNS server address, which is absolutely wrong & the reason is, when DNS lookup is performed against the local resource records in the domain, first it queries local host file in your system located in inside “etc” folder, if it can’t locate anything configured there, it looks for preferred DNS server IP in NIC. If NIC’s preferred DNS address is configured with public IP or ISP’s IP, it will forward the query directly to that public IP for local domain name resolution & the query will be performed, before it is says request timed-out. The reason is that, your local domain & its records exists in your local DNS server. How a DNS server hosted outside your domain can even come to know existent of any such private domain without any record in its DNS server? From security perspective, its a big passage for attacker to penetrate your infrastructure & attack your network for access.

Public DNS server’s IP has to be configured into Forwarder Tab of your local DNS server. If you have multiple DNS server running in your domain, configure all of the local DNS server forwarder to have this Public DNS IP address, but make sure you obtain this public DNS server address from your ISP & you are not using anything like 4.2.2.2 or 2.2.2.2/8.8.8.8, since these are not the authoritative DNS server for your domain through which query has to pass for name resolution. The query for external domain name resolution has to pass through your ISP’s DNS server. Using 4.2.2.2 or any other public IP directly in your DC/servers as a preferred DNS or alternate DNS server is going to pose a security threat for the environment.

Question: How do I set up DNS for a child domain?

Answer: To set up DNS for a child domain, create a delegation record on the parent DNS server for the child DNS server. Create a secondary zone on the child DNS server that transfers the parent zone from the parent DNS server.

Note Windows Server 2003 has additional types of zones, such as Stub Zones and forest-level integrated Active Directory zones, that may be a better fit for your environment.

Set the child domain controller to point to itself first. As soon as an additional domain controller is available, set the child domain controller to point to this domain controller in the child domain as its secondary.

http://support.microsoft.com/kb/291382

How To Create a Child Domain in Active Directory and Delegate the DNS Namespace to the Child Domain

http://support.microsoft.com/kb/255248

Note: Ignore the version of OS, its applicable for all the windows OS as concept for DNS has not been changed.

 

Posted in Directory Services, DNS/DHCP, Exchange | Tagged: , | 6 Comments »

Friday Mail Sack Directory Services by NedPyle(Technical Lead in Microsoft)

Posted by Awinish on March 25, 2011


Presuming, many of you know & its for them who don’t know, NedPyle(Technical Lead in Microsoft) shares his knowledge base on DS at every Friday known as Friday Mail sack questions/answer, which gives us best opportunity to learn about DS in depth & clear the doubts/myths related Directory services. It occurs on every Friday(if he is not on leave or any other reason)shares plethora of interesting concepts & facts on Directory services.

If you are eager to know the working, concepts, design, bugs etc. related to Directory services, keep an eye on Friday mail sack as well as NedPyle’s Blog on below link. I can say firmly it cleared lot of my doubts & enhanced my DS concept, if you wish to learn, do take a look or add it to your favorite space or use RSS feed, its worth reading & your time.

Its a great initiative by Ned & DS team. Kudos to Ned & his team for the great work.

Take a look at his latest session on Dcdiag.

http://blogs.technet.com/b/askds/

Friday Mail Sack

http://blogs.technet.com/b/askds/archive/tags/mail+sack/

 

Posted in Directory Services, DNS/DHCP, Exchange, OS/Certificates, SCCM/SCOM | Tagged: , | Leave a Comment »

Windows 2008 R2 SP1 and Directory Services: What’s New

Posted by Awinish on March 13, 2011


There are no of Directory service fixes released with Windows 2008 R2 SP1.

http://blogs.technet.com/b/askds/archive/2011/01/14/sp1-and-directory-services-what-s-new.aspx

Overall 795 public fixes that were rolled into SP1 and they’re all listed here.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=61924cea-83fe-46e9-96d8-027ae59ddc11


So, its time for rolling out windows 2008 R2 SP1 for all windows 2008 R2 running systems, but not before carrying test in your lab environment.

 

Posted in Directory Services, Exchange | Tagged: , | Leave a Comment »

Joe's tool ADFIND & OLDCMP for AD

Posted by Awinish on March 9, 2011


I must say Joe is simply brilliant who had developed a wonderful tool which not only cut down the effort required writing script for searching/modifying/deleting object in AD but added lots of add-on & getting the report in such a easy readable format made me fan of his tool. I was thinking but myself using this tool for my lab as i’m not into support made me feel, if this i would have been known or tried earlier , i would have saved lot of effort & time.

OLDCMP & ADFIND tools usage & reports are better than any other available tool, i said better, this doesn’t mean other tool are usable.

Download OLDCMP tool from Jo’e site & for cmd/usage see the below in the link.

http://joeware.net/freetools/tools/oldcmp/index.htm

Download ADFIND tool from Jo’e site & for cmd/usage see the below in the link.

Few sample cmd like finding deleted user account from AD

http://www.joeware.net/freetools/tools/adfind/index.htm

Joe’s Blog

http://blog.joeware.net/

Posted in Directory Services, Exchange, Scripts/Powershell | Tagged: , | 2 Comments »