Best practices for running ForestPrep and DomainPrep

Exchange 2000 and Exchange 2003 are dependent on Windows Active Directory (AD). Active Directory consists of three separate partitions: the schema partition, the configuration partition, and the domain partition. In a default Windows Server installation, none of these partitions are equipped to handle an Exchange server until ForestPrep and DomainPrep are run.

ForestPrep and DomainPrep can be run either manually before Exchange Server is installed, or automatically during the Setup.exe process. Which option is right for you depends on the size and administrative security parameters of your organization.

ForestPrep

After you install Exchange Server, Active Directory Users and Computers (ADUC) displays some Exchange-related tabs on the users’ properties sheets. These tabs contain information related to Exchange Server’s configuration.

For instance, the Exchange Features tab allows you to control whether or not the currently selected user is allowed to use Outlook Web Access (OWA). To put it another way, the switch that allows or prohibits the use of Outlook Web Access is an attribute of the currently selected user object. This attribute does not exist by default. It can only exist after the Active Directory’s schema and configuration partitions have been extended.

An Active Directory forest can accommodate one Exchange Server organization. ForestPrep’s job is to prepare the forest to accommodate an Exchange organization. This preparatory work only has to happen once though.

Once the forest has been prepared, it is able to accommodate an Exchange organization, regardless of the number of Exchange servers included in it. You do not have to run ForestPrep prior to installing every individual Exchange server.

DomainPrep

Just as ForestPrep prepares the Active Directory forest, DomainPrep prepares the domain Exchange server will be a member of. DomainPrep only has to be run once per domain.

When you run DomainPrep, it will create two security groups within the domain: Exchange Enterprise Servers and Exchange Domain Servers. The first Exchange server to be installed within a domain will automatically get added to both groups.

Like ForestPrep, DomainPrep can be run completely independently of the Exchange installation process. In order to run DomainPrep, the currently logged on user must be a member of the Domain Admins group for the domain being prepared. Once a domain has been prepped, Exchange servers can be installed to that domain without having to run DomainPrep again.

Running ForestPrep and DomainPrep in an enterprise

In an IT department at a large enterprise, it is almost impossible for one person to manage the entire network. As such, you probably have other administrators to whom you’ve delegated administrative authority over smaller portions of the network, such as a domain.

If Exchange Server were not previously installed on your network, and one of your domain administrators installed it, that administrator’s installation would create the Active Directory forest’s one and only Exchange organization.

The choices that administrator made when installing Exchange would set the precedent for any other Exchange servers subsequently installed on your network. For example, when the first Exchange server is installed on the network, Setup asks for an organization name — which cannot be changed and is shared by all of the other Exchange servers in the entire forest.

Needless to say, you probably wouldn’t want one of your domain administrators to be able to make a change that would have such a drastic and long-term impact on your Active Directory.

ForestPrep creates the attributes and classes that define Exchange Server objects, such as mailboxes. It also adds Exchange-related attributes to existing objects. These operations require ForestPrep to update the Active Directory’s Schema and Configuration partitions.

Before someone can make these kinds of modifications though, they must be a member of the Schema Admins group. If you are an administrator over the entire network, then you would probably be a member of the Schema Admins group, but a domain administrator usually wouldn’t be.

What this means is that none of your domain administrators would be able to create an Exchange organization without your permission, because they lack the necessary permissions to run ForestPrep.

Since ForestPrep can be run independently of the Exchange installation process, you could run ForestPrep once you have laid out the ground rules for domain administrators. They would be free to install Exchange Server once you’ve prepared the forest.

So, as you can see, the option to manually run ForestPrep and DomainPrep is more suitable to a large organization, because it gives you greater administrative control and security, and allows you to define who is allowed to install Exchange servers.

Running ForestPrep and DomainPrep in a small business

If you work for a small company with a single domain within a single forest, and you are the only administrator, you are most likely already a member of the Schema Admins and Domain Admins groups.

This means that you don’t even have to worry about running ForestPrep or DomainPrep. Just run Setup.exe, and your Exchange Server installation will automatically run ForestPrep or DomainPrep if necessary.

One thing you do need to know though is that, depending on the size of your Active Directory, ForestPrep and DomainPrep can take a while to run. In a large organization, it’s not uncommon for these utilities to take over an hour to complete.

About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Exchange Server, and has previously received Microsoft’s MVP award for Windows Server and Internet Information Server (IIS). Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies.

PowerShell basics for the Exchange admin

If you’ve done any work with Exchange Management Shell commands, you know that many of them can be lengthy and complex — especially when you pipe multiple commands together. Since certain administrative tasks in Exchange Server 2007 and Exchange 2010 must be performed from the command line, familiarity with EMS cmdlets isn’t optional.

Having to type long and complex commands isn’t always a good use of your time. If, for example, there’s a specific administrative action that you perform regularly, it’s a waste of time to manually issue the same command every time you need to perform the action. Additionally, certain administrative tasks can be destructive if performed incorrectly. Manually coding long commands can greatly increase your chances for making a mistake. In these situations, it’s better to create a PowerShell script.

Historically, scripting has earned a bad reputation among admins. But PowerShell scripts deserve a second chance. Since a PowerShell script is simply a text file that contains one or more PowerShell commands, writing one is as easy as issuing individual PowerShell commands.

For example, let’s create a simple PowerShell script by adapting the following command into a script:

Get-Mailbox | Format-Table Name, ServerName

This command retrieves a list of all Exchange mailboxes in the organization. The results are piped into the Format-Table command, which instructs Exchange to create a table displaying the name of each mailbox and the name of the server hosting each mailbox. To convert this into a script, let’s break it into two separate commands. The break will occur at the pipe symbol:

Get-Mailbox |
Format-Table Name, ServerName

To turn these commands into a script, save them to a file by typing the commands into Microsoft Notepad and then saving the document with a .ps1 extension. For this example, I saved the text file as Sample.ps1.

How you execute the script depends on where it’s launching from. In most cases, you’ll launch scripts from within EMS.

Before you run a script you need to know the name of the script and its location. In my example, I took the Sample.ps1 script and placed it in the C:\scripts folder that I created on my Exchange Server .

Even though we assigned the script with the .ps1 file extension, Windows won’t execute the script automatically. You need to tell Exchange to run the script by typing a period (.), then a slash (/) and the name of the script. For example, if you wanted to run the Sample.ps1 script, you would type:

./Sample.ps1

This example is simple since I haven’t taken the script’s location into account. This method will only work if the script is located in the C:\scripts folder . If it is not the same in your example, you need to switch to the correct folder before calling the script.

To switch to the C:\Scripts folder and run the Sample.ps1 script, open Exchange Management Shell and enter the following commands:

C:
CD \Scripts
./Sample.ps1

If you want to include the script’s location in the call, open Exchange Management Shell and enter this command:

C:\Scripts\Sample.ps1

The command doesn’t include the dot slash (./) because EMS doesn’t require it if you supply the script’s location within the call. In fact, the script won’t run if you use (./).

About the author: Brien M. Posey, MCSE, is a seven-time recipient of Microsoft’s Most Valuable Professional (MVP) award for his work with Exchange Server, Windows Server, Internet Information Services (IIS), and File Systems and Storage. Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies.

Troubleshooting Exchange Server global catalog issues

Exchange Server relies on global catalog servers in a domain to perform user lookups in Active Directory. Normally, GCs (as they’re commonly abbreviated) are detected automatically by Exchange Server when it first starts up, and then about every 10 hours thereafter.

Exchange Server also attempts to redetect GCs and domain controllers (DCs) if a major topology change is detected — for instance, if all available domain controllers and global catalog servers go offline.

If a GC goes offline, it’s flagged as “down.” Exchange Server will ping it every five minutes to see if it’s back online yet. However, if the detection routine is not working correctly due to changes in the network topology, a GC might be flagged as unreachable when it’s not, or vice versa. This can lead to, among other things, an Exchange-specific issue involving one of its message queues.

Exchange Server has a number of queues that are used for message processing, one of them being the pre-categorization queue. Messages held in it are addressed to recipients that haven’t yet been looked up in Active Directory.

If you have a DC/GC server being queried by Exchange Server that can’t be reached, Exchange will expend one of a limited number of threads available to perform lookups. Under high enough loads, the thread count runs out; processing then stalls until a thread times out of its own accord.

In circumstances like this, you may want (at least provisionally) to turn off Exchange’s automatic topology-discovery functions and hardcode the names of the GCs to be used. This will keep Exchange Server from pinging and searching for GCs.

If you use this technique, just remember that you will have to manually update the hardcoded information to match if an old GC goes offline and a new one is brought in.

But keep in mind that, if your global catalog servers seem overloaded, it might be something as simple as needing another GC to satisfy the demand. Large Exchange Server sites (thousands of users or more) typically impose very heavy demands on global catalogs.

As a side note, an easy way to find out if the pre-categorization queue is getting stuck is to look at the SMTP Server\Categorizer Queue Length performance counter. If the queue is consistently nonzero, even during periods of low email activity, messages are probably getting stuck in the queue, and a GC issue could be the culprit.

How continuous replication works in Exchange Server 2007

Exchange Server 2007 features two types of continuous replication: local continuous replication (LCR) and cluster continuous replication (CCR). In this tip, Microsoft Exchange Server expert Brien Posey explains the difference between these two replication methods and a third type — standby continuous replication (SCR) — which was introduced in Exchange Server Service Pack 1 (SP1). Plus, learn the basic process that Exchange Server performs during database transactions.

---

The original RTM release of Exchange Server 2007 offered two different types of continuous replication: local continuous replication and cluster continuous replication. Local continuous replication provides a degree of fault tolerance on a single mailbox server. The basic premise is that LCR creates a secondary copy of an Exchange Server database on a separate volume than the server. In contrast, CCR uses a similar method to create a separate copy of the database and stores it on a separate Exchange server.

When Microsoft released Service Pack 1 for Exchange Server 2007, it introduced a third type of continuous replication known as standby continuous replication (SCR). SCR is similar to CCR; however, CCR can only create one replica of a protected database. SCR can create multiple replicas of a database.

Even though Exchange Server 2007 provides three different types of continuous replication, all three work in basically the same way. Continuous replication is based on a technique called log shipping, which involves copying each log file to the location where the backup database is stored while the log file is built. The log file is then replayed against the replica database, bringing the database into a current state.

Microsoft classifies continuous replication as a storage group-level operation, but I think it’s more accurate to classify it as a database-level operation. Log files reside at the storage group level, but continuous replication, in any form, limits the protected storage group to a single database. Therefore, continuous replication could be considered a database-level operation because it involves a single database.

How Exchange Server database transactions work

The process that database transactions use is the same process used by all mailbox servers, regardless of whether or not continuous replication has been enabled. Database transactions are operations that prompt a database update. These updates can include operations like sending or receiving an email message, updating a calendar item or creating a new task.

Any time a database transaction occurs, the database page that the transaction is being performed against is read from the database file and copied to an area of the server’s memory known as the ESE cache. Any updates to the database resulting from the current transaction are performed within the ESE cache but are not written directly to the database.

Cached database pages that have been updated but not written to disk are referred to as dirty pages. If additional transactions perform operations against dirty pages, then the operation is performed within the ESE cache. In such a case, Exchange uses a mechanism called the version store to make sure the database remains in a consistent state.

Next, the transaction is recorded in a transaction log file. Depending on the size of the transaction, this process may involve closing the current log file and starting another one. Because the log file is only 1 MB, Exchange may consider the excessively large transactions as multiple log files. Each time a log file reaches the 1 MB limit, it is closed and a new log file starts.

When a backup is running against an Exchange server, the contents of the log files are written to the database. At this point, the checkpoint file is advanced so that it references the oldest log file that has not yet been committed to the database.

About the author: Brien M. Posey, MCSE, is a five-time recipient of Microsoft’s Most Valuable Professional award for his work with Exchange Server, Windows Server, Internet Information Services (IIS), and File Systems and Storage. Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies.

Keyboard Tips

Internet Explorer Keyboard Shortcuts

Viewing and exploring Web pages

F1	Display the Internet Explorer Help, or when in a dialog box, display context help on an item
F11	Toggle between Full Screen and regular view of the browser window
TAB	Move forward through the items on a Web page, the Address bar, and the Links bar
SHIFT+TAB	Move back through the items on a Web page, the Address bar, and the Links bar
ALT+HOME	Go to your Home page
ALT+RIGHT ARROW	Go to the next page
ALT+LEFT ARROW or BACKSPACE	Go to the previous page
SHIFT+F10	Display a shortcut menu for a link
CTRL+TAB or F6	Move forward between frames
SHIFT+CTRL+TAB	Move back between frames
UP ARROW	Scroll toward the beginning of a document
DOWN ARROW	Scroll toward the end of a document
PAGE UP	Scroll toward the beginning of a document in larger increments
PAGE DOWN	Scroll toward the end of a document in larger increments
HOME	Move to the beginning of a document
END	Move to the end of a document
CTRL+F	Find on this page
F5 or CTRL+R	Refresh the current Web page only if the time stamp for the Web version and your locally stored version are different
CTRL+F5	Refresh the current Web page, even if the time stamp for the Web version and your locally stored version are the same
ESC	Stop downloading a page
CTRL+O or CTRL+L	Go to a new location
CTRL+N	Open a new window
CTRL+W	Close the current window
CTRL+S	Save the current page
CTRL+P	Print the current page or active frame
ENTER	Activate a selected link
CTRL+E	Open Search in Explorer bar
CTRL+I	Open Favorites in Explorer bar
CTRL+H	Open History in Explorer bar
CTRL+click	In History or Favorites bars, open multiple folders

Using the Address bar

Press this	To do this
ALT+D	Select the text in the Address bar
F4	Display the Address bar history
CTRL+LEFT ARROW	When in the Address bar, move the cursor left to the next logical break (. or /)
CTRL+RIGHT ARROW	When in the Address bar, move the cursor right to the next logical break (. or /)
CTRL+ENTER	Add “www.” to the beginning and “.com” to the end of the text typed in the Address bar
UP ARROW	Move forward through the list of AutoComplete matches
DOWN ARROW	Move back through the list of AutoComplete matches

Working with favorites

Press this	To do this
CTRL+D	Add the current page to your favorites
CTRL+B	Open the Organize Favorites dialog box
ALT+UP ARROW	Move selected item up in the Favorites list in the Organize Favorites dialog box
ALT+DOWN ARROW	Move selected item down in the Favorites list in the Organize Favorites dialog box

Editing

Press this	To do this
CTRL+X	Remove the selected items and copy them to the Clipboard
CTRL+C	Copy the selected items to the Clipboard
CTRL+V	Insert the contents of the Clipboard at the selected location
CTRL+A	Select all items on the current Web page

---

Remap the Right-Alt Key to be the Windows Key

Create a Scancode entry in the Registry as follows:

1. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout
2. Create a new binary entry called Scancode Map with the following values
3. 00 00 00 00 00 00 00 00 02 00 00 00 5B EO 38 EO 00 00 00 00
4. Reboot the computer

---

Disabling the Windows Key with NT or Windows2000

To disable the use of the Windows Key for the two operating Systems,

1. Start Regedit
2. Go to HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Control \ Keyboard Layout
3. Add a Binary Value called Scancode Map
4. Give it a value of 00000000000000000300000000005BE000005CE000000000
5. Reboot the computer

---

Outlook 2000 Shortcut Keys

Go to the Inbox	CTRL+SHIFT+I
Go to the Outbox	CTRL+SHIFT+O
Check for New Mail	F5 or CTRL+M
Start a New E-mail message	CTRL+SHIFT+M
Open the address book	CTRL+SHIFT+B
Start a New appointment	CTRL+SHIFT+A
Start a New contact	CTRL+SHIFT+C
Start a New meeting request	CTRL+SHIFT+Q
Start a New a task	CTRL+SHIFT+K
Make the Find a Contact box active	F11
Open the Advanced Find dialog box	CTRL+SHIFT+F
Mark an e-mail message as read	CTRL+Q
Delete an e-mail message, contact, calendar item, or task	CTRL+D

---

Front Page 2000 Shortcut Keys

Front Page has quite a few shortcut keys. My favorites are:

Center a paragraph	CTRL+E
Left align a paragraph	CTRL+L
Right align a paragraph	CTRL+R
Display HTML tags	CTRL+ /
Apply the Heading 1 style (ect.)	CTRL+ALT+1
Apply the Normal style	CTRL+SHIFT+ N
Not listed in their help is:
Cycle through Normal / HTML / Preview	Ctrl-PgUp/ Down
If you are at the last row in a table, the TAB key will add a new row below the current one.

---

Fast Access to the Desktop

To get an Explorer view of the Desktop

1. Press Ctrl-Esc or click the Start button
2. Press R to go to Run. Note: If you are using a Win keyboard, you can get to this point by pressing Win+R
3. Type in a period

---

Opening Up the Task Manager in NT 4

In Windows NT 4, to quickly bring up the task manager, press Ctrl-Shift-Esc

---

MS-Natural Keyboard Shortcuts

Toggles between minimizing/restoring all windows	Win+D
Open the start menu	Win
Display the pop-up menu for the selected object	Win+F1
Start Explorer	Win+E
Find Files or Folders	Win+F
Find computer	Ctrl+Win+F
Minimizes all windows	Win+M
Undo Minimize All	Shift+Win+M
Display Run Dialog box	Win-R
Cycles through taskbar buttons	Win+Tab
Displays System Properties	Win+Break

---

Getting to My Computer from the Control Panel

If you’re in Control Panel, hitting the Backspace key will switch you into the My Computer folder.

---

Undo

Press CTRL + Z to undo things like renaming a file in Explorer

---

Minimizing All Windows

To minimize all windows:

1. Press Ctrl-ESC to bring up the Task Bar
2. Press Alt-M

This makes it a lot easier to minimize windows when all your open applications are full screen.

Note from Bob: With the Microsoft Keyboard, you can accomplish the same thing by pressing the Window-M key.

---

Shortcut to System Properties

To access the System Properties screen quickly, simply hold down the ALT key while double clicking on the My Computer icon.

While holding the windows key, press the Pause / Break key.
This will open up the System Properties box.
From here you can easily get to the Device Manager

---

Duplicating the Right Mouse Click

Pressing the Shift-F10 key will be the same as clicking the right-mouse button.

---

Accessing Programs from the Start Button

To access your programs more quickly from your start button, with out aid of a mouse, hit ctrl+esc to open your start menu.
Then, type the letter for the directory you are looking for.
For example, to access the ever popular game of solitaire, CTRL+ESC, then “P” for programs, “A” for accessories, “G” for games, then “S” for Solitaire.
If there is more than one entry for the letter, keep hitting the letter until you reach your desired location. Then, hit enter.

---

Quickly Starting Explorer

You can quickly start an explorer session by holding down the Windows key on a Microsoft Keyboard and pressing the E.key

---

Internet Explorer Shortcuts

Here are a few IE keyboard shortcuts:

Go ‘Back’ to the previous page	Alt+Left Arrow
Go ‘Forward’ to the next page	Alt+Right Arrow
Add to Favorites on the current web page	Ctrl+D
Open the History folder	Ctrl+H
Open the Organize Favorites window	Ctrl+B
Lets you open a new web page	Ctrl+L
Open a new browser window	Ctrl+N
Reload the current page	Ctrl+R
Close the active Internet Explorer window	Ctrl+W

---

Bringing up the Properties Window

While holding the ALT key double click on an icon to bring up the properties.

---

Resizing and Moving a Window

To Resize or Move a window:

1. Press Alt-Space
2. Press the S key – To Resize
3. Press the M key – To Move

You can now use the arrow keys to resize or move the window

---

Key stroking is faster than mouse moving

1. In desktop you can press “m”, “My Briefcase is highlighted, press “enter” will open this applet.
2. If you do not press “enter”,
3. The next “m” key stroke will highlight “My Computer”.
4. “Ctrl”-”Esc”, press “P” for Programs, “enter”,”M”"enter”, you get to the first program or folder that starts with “M”
5. Other applets will also be opened the same way.

---

Explorer Shortcut Keys

• F4 – Displays the Combo Box
• F5 – Refresh the display
• Ctrl+Z – Undo last action
• Backspace – Go up one directory

---

Quickly Search for Files

To quickly open up the Find all Files window

1. Press Ctrl+ESC ESC
2. Press F3

---

To copy a file with a Mouse/Keyboard combo

Drag the file while holding down the CTRL key – A + will appear on the icon

To move a file with a Mouse/Keyboard combo

Drag file while holding down SHIFT key – Nothing appears on the icon

If moving a icon with the mouse and an arrow appears, it will create a shortcut.
You can press shift or ctrl at anytime during the drag
and it will change this little part of the icon.

Address Lists in Exchange 2007 (Part 1)

Introduction

An exchange address list is a collection of addressees that can be browsed by multiple types of exchange recipients to retrieve one another. An address list in Exchange 2007 is either a Global Address List, a custom Address List, or an Offline Address Book. In the first part of this article series I will talk about Global Address Lists. In later parts of this article series I will come back to  custom Address Lists and how you can create and manage them. To finish I will cover Offline Address Books in more detail.

Global Address Lists

When you install Exchange 2007, you will have one Global Address List (GAL), called Default Global Address List, which is a collection of all mailbox-enabled users, mail-enabled users, mail-enabled contacts, dynamic distributions groups, mail-enabled groups, mail-enabled public folders, and system mailboxes in your Exchange organization, as can be seen in Figure 1.

Figure 1:Overview Address Lists

Creating new Global Address Lists = New-GlobalAddressList

If you are considering creating additional Global Address Lists (GALs), there are a few things to keep in mind:

• You can only use the Exchange Management Shell (not the Exchange Management Console) to create, modify, update, or remove GALs.
• If you have more than one GAL in your Exchange organization, only one will be displayed in the Outlook Address Book on a client computer. This address list will be listed as Global Address List, and not with the name you used to create it.
• When a user belongs to more than one GAL, a user will get the GAL with most entries, too which he/she belongs, and for which he/she has permission to view its content.

A reason for creating multiple GALs would be if your Exchange organization supports multiple companies, where you want to make sure users can only see other recipients from the same company.

To create a new GAL, you need to use the Exchange Management Shell cmdlet New-GlobalAddressList, and define a name for the GAL using the parameter Name. Any of the following parameters can be added to define who should appear as a member of the GAL:

• ConditionalCompany
• ConditionalCustomAttribute1-ConditionalCustomAttribute15
• ConditionalDepartment
• ConditionalStateOrProvince
• IncludedRecipients, needs to be added when RecipientFilter is not defined (possible values = “None”, “MailboxUsers”, “Resources”, “MailContacts”, “MailGroups”, “MailUsers”, “AllRecipients”)
• RecipientFilter, cannot be used if parameters ConditionalCompany, ConditionalCustomAttribute1-15, ConditionalDepartment, and/or ConditionalStateOrProvince have been specified
• TemplateInstance

In Figure 2 you can see how to use the Exchange Management Shell to create two new Global Address Lists, where the first one, named “Community Day Attendees” is based on the value of CustomAttribute3 and the value of the attribute Title,  and the second one, named “Community Day Organizers” is based on the value of CustomAttribute3 only.

Figure 2:New-GlobalAddressList

The newly created GALs will appear in the Exchange Management Console, as can be seen in Figure 3.

Figure 3:New GAL Exchange Management Console

When you create a new GAL, it will not be populated until you update the GAL using the Exchange Management Shell cmdlet Update-GlobalAddressList.

Update-GlobalAddressList

You will need to update the GAL using the Exchange Management Shell cmdlet Update-GlobalAddressList to:

• populate a newly created GAL;
• remove recipients that no longer meet the filtering criteria;
• include recipients that meet the filtering criteria;
• populate an existing GAL after modifying the filtering criteria.

In the example given before, I have created a new GAL, named “Community Day Organizers“. Using the Exchange Management Shell it is fairly easy to get a list of recipients that are a member of that GAL. Before updating the GAL, you can see in Figure 4 that the GAL is empty. After updating the GAL, you can see that the GAL is populated.

Figure 4:Update-GlobalAddressList

When running the cmdlet Update-GlobalAddressList, Exchange will update every recipient in Active Directory to reflect the fact that it is a member of that GAL by updating the attribute called showInAddressBook. In Figure 5 you can see that User A will only appear in the custom Address List called All Users, and the default GAL. After updating the GAL Community Day Attendees, shown in Figure 6, the attribute is updated to include GAL Community Day Attendees, as can be seen in Figure 7.

Figure 5: showInAddressBook before Update-GlobalAddressList

Figure 6: Update-GlobalAddressList

Figure 7:showInAddressBook after Update-GlobalAddressList

Global Address List Permissions

As already stated in the beginning of this article, even when there are multiple GALs in the Exchange organization, every user will only see one GAL, both using Outlook and using OWA. To make sure a user sees the GAL he or she is supposed to see, you can set permissions on the GAL, using AdsiEdit.msc or using the Exchange Management Shell.

In my Exchange organization, there are currently three GAL. Table 1 lists who needs to get which GAL.

Name GAL	Included Recipients	Not member of Community Day Attendees	Member of Community Day Attendees	Member of Community Day Organizers
Default Global Address List	All Recipients	X
Community Day Attendees	All Attendees		X
Community Day Organizers	All Attendees + All Organizers			X

Table 1: GAL Permissions

You can use AdsiEdit to take away the permission from the group Community Day Attendees to open the GALs Default Global Address List and Community Day Organizers. Open AdsiEdit and connect the Configuration Partition, and drill down to Configuration, Services, Microsoft Exchange, Name of your organization, Address Lists Containers, All Global Address Lists. Right-click the GALs required, and change the permissions as shown in Figure 8.

Figure 8:Deny Open address list permission

Using the Exchange Management Shell to deny the permission to open the GAL, you need to use the Exchange Management Shell cmdlet Set-ADPermission. In Figure 9 you can see how the shell can be used to deny the right to open the GAL named Community Day Organizers  to the universal security group called Community Day Attendees.

Figure 9:Add-ADPermission

When User A logs on to the domain, and opens Microsoft Office Outlook, User A will see the GAL named Community Day Attendees, as can be seen in Figure 10. Where-as a member of the group Community Day Organizers will see the GAL named Community Day Organizers, and a user who doesn’t belong to any of these two groups will get the default GAL. The name of the GAL is not listed!

Figure 10:GAL User A

Outlook Web Access and Multiple GALs

When opening the mailbox of User A using Outlook Web Access, you may notice that User A is able to browse through all Global Address Lists, as in Figure 11.

Figure 11: GALs in OWA

As document in Knowledge Base article 817218, you can view all address lists in Active Directory using Outlook Web Access, regardless of the permissions that are set on the address list. In order to prevent users from being able to see and go through all GALs created in your Exchange organization, you can change the value of the attribute called msExchQueryBaseDN on the user properties using AdsiEdit from the default value of <not set> to the distinguished name of the custom GAL you want the user to see in OWA, as can be seen in Figure 12.

Figure 12:msExchQueryBaseDN

After logging into OWA again, you will see that User A can only see the intended GAL in Figure 13.

Figure 13:Custom GAL in OWA

Remove-GlobalAddressList

You can always remove custom created GALs by using the Exchange Management Shell cmdlet Remove-GlobalAddressList. A few remarks:

• You cannot remove the default GAL, as can be seen in Figure 14.

Figure 14: Remove-GlobalAddressList

• You need to make sure that there is at least one GAL a user is allowed to query in order to be able to configure his or her Outlook profile.

Windows 2003 L2 Training

Creating User and Computer accounts from the Command Line

Description:  create a user by name Jack and Computer name as Comp1 in a OU called Training for the domain Home.com

Steps: Enter into the command line and type the following commands

C:>net user ramesh password /add /domain

C:>dsadd ou “ou=training,dc=home,dc=com”

C:>dsadd user “cn=jack,ou=training,dc=home,dc=com

C:>dsadd computer “cn=comp1,ou=training,dc=home,dc=com

Creating Bulk user accounts using CSVDE and LDIFDE

Description:  Create 5 user accounts in a Training OU of Home.com out of which make 3 users as enabled and remaining 2 users as disabled by default after creation by using CSVDE and LDIFDE methods

Steps: CSVDE Method

Create a file as test.csv in the notepad with the following contents

DN,OBJECTCLASS,DISPLAYNAME,USERPRINCIPLENAME,SAMACCOUNTNAME, USERACCOUNTCONTROL

“cn=user1,ou=training,dc=Home,dc=com”,user,user1,user1@Home.com,user1,512

“cn=user2,ou=training,dc=Home,dc=com”,user,user2,user2@Home.com,user2,512

“cn=user3,ou=training,dc=Home,dc=com”,user,user3,user3@Home.com,user3,512

“cn=user4,ou=training,dc=Home,dc=com”,user,user4,user4@Home.com,user4,514

“cn=user5,ou=training,dc=Home,dc=com”,user,user5,user5@Home.com,user5,514

Run the following command from the command line

C:>csvde –i –v –f test.csv

LDIFDE Method

Create a file as TEST.ldf in the notepad with the following contents

DN:cn=user1,ou=training,dc=Home,dc=com

OBJECTCLASS:user

DISPLAYNAME:user1

USERPRINCIPLENAME:user1@Home.com

SAMACCOUNTNAME:USER1

USERACCOUNTCONTROL:512

DN:cn=user2,ou=training,dc=Home,dc=com

OBJECTCLASS:user

DISPLAYNAME:user2

USERPRINCIPLENAME:user2@Home.com

SAMACCOUNTNAME:user2

USERACCOUNTCONTROL:512

DN:cn=user3,ou=training,dc=Home,dc=com

OBJECTCLASS:user

DISPLAYNAME:user3

USERPRINCIPLENAME:user3@Home.com

SAMACCOUNTNAME:USER3

USERACCOUNTCONTROL:512

DN:cn=user4,ou=training,dc=Home,dc=com

OBJECTCLASS:user

DISPLAYNAME:user4

USERPRINCIPLENAME:user4@Home.com

SAMACCOUNTNAME:USER4

USERACCOUNTCONTROL:512

DN:cn=user5,ou=training,dc=Home,dc=com

OBJECTCLASS:user

DISPLAYNAME:user5

USERPRINCIPLENAME:user5@Home.com

SAMACCOUNTNAME:USER5

USERACCOUNTCONTROL:512

Run the command as C:/>ldifde –i –v –f test.ldf

Joining a computer account to a Domain

Description: Join the computer account Comp1.Home.com to the domain Home.com from the command line

Steps

1. Install the support tools on the Machine which is already joined to the domain Home.com
2. Run the following command from the support tools command prompt

C:/>netdom join comp1 /domain:Home.com /reboot:15

1. Check the computer account in the Computer container of AD

Moving User and Computer Accounts from the command Line

Description: Move user1 and User2 from training OU to sales OU in Home.com from the command line and check up through ADUC

Steps:

1.  dsadd user “cn=user1,ou=training,dc=Home,dc=com”
2. dsadd user “cn=user2,ou=training,dc=Home,dc=com”
3. dsadd ou “ou=sales,dc=Home,dc=com”
4. dsmove “cn=user1,ou=training,dc=Home,dc=com” –newparent “ou=sales,dc=Home,dc=com”
5. dsmove “cn=user2,ou=training,dc=Home,dc=com” –newparent “ou=sales,dc=Home,dc=com”
6. Checkup the user accounts in the new OU Sales using ADUC

Enable/Disable user accounts and deleting the objects

Description: Enable the user account USER1 and disable the user account user2 in the training OU of Home.com. Delete the user1 from the training OU through command Line

Steps:

1. dsmod user “cn=user1,ou=training,dc=Home,dc=com”  –disabled no
2. dsmod user “cn=user2,ou=training,dc=Home,dc=com” –disabled yes
3. dsrm “cn=user1,ou=training,dc=Home,dc=com”
4. Test the results by using ADUC

Searching for a specific object and attribute of an Object

Description:  Search for the home directory path of a user User1 of training OU in the Home.com and search for the user object Jack in the Domain Home.com

Steps:

1. dsget user “cn=user1,ou=training,dc=Home,dc=com” –hmdir
2. dsquery user domainroot –name jack
3. Check the Results

Creating and Managing Groups

Creating Global and Local Groups from the command Line

 Description:  Create a Global group by name sales in a training OU of acme.com and add the users user1,user2 and user3 as members. Create a local group by name finance  on the Member server and add the users user X , User Y and User Z as members.

Steps:

1. log on to the domain Home.com and enter into the command line
2. dsadd group “cn=sales,ou=training,dc=Home,dc=com” –secgrp yes –scope g –members user1 user2 user3 –d Home.com
3. check the global group and its members in the Active directory users and Computers
4. Log on to a domain in a Member server
5. net localgroup sales /add
6. net localgroup sales userX UserY UserZ /add
7. Net localgroup sales

Setting up a group strategy for a given scenario

Description:  Create shared folder software on a file server. userX and UserY  should have read only permission. User1 and User2 should have read write permission. Set the permission using AGDLP concept.

Steps:

1. Create a Shared folder on the file server and share it .
2. create salesG1 and Sales G2 as global scope and salesDL1 and Sales DL2 as domain local scope security groups
3. add users UserX and UserY into SalesG1
4. add user user1 and User2 into salesG2Make SalesG1 as the Member of SalesDL1
5. Makes salesG2 as the member of SalesDL2
6. Set the appropriate permission for the SalesDL1 and SalesDL2 on the share folder
7. check the permissions by logging as User1 and UserX

Managing Access to resources

Configuring NTFS Security

Description:  Create users UserX and UserY in Home.com. create a share test folder and a test file with in it on a Member server. set full control for the userX and Usery on the folder Test. Set Read only permission for userX on the test File.check for NTFS permissions and effective permissions. Configure ofline settings also check effect of moving and copying of folders from one partition to another partition as well as in the same partition                         

Steps:

1. Log on to the domain Home.com
2. Net user userX /add /domain
3. Net user UserY /add /domain
4. c:/>md test
5. c:/>cd test
6. c:/test> copy con test.txt
7. welcome to Home Infotech ^Z
8. net share test=c:\test
9. Set Full control as NTFS permission  for the both the users on test folder
10. set read only permission for the test.txt file for the user UserX
11. Check inherited permissions for both the users
12. Check file security over folder Security
13. Check for effective permission for userX on the file Test.txt
14. Configure Share folder Security
15. Configure Offline Settings

Implementing Printing

Install Printers setting printer location and configuring Network Printer

Description: install a the driver for the printing device Epson fx105 model. Set the location attribute to make the search faster. Configure a printer with network port having an address IP address as 192.168.10.100 . Check the printing after configuration.

Steps

1. Install the printer driver for the printer using Add new printer wizard
2. create a subnet object in the ADSS
3. Configure Location Attribute in the subnet object
4. Configure location Attribute in the printer driver
5. Configure network printer
6. Test the configurations

Managing Printing

create a printer pool ,Availability and priority

Description:  Install a driver for the printer provided and set the available time from 10 AM to 2 PM . define the priority for the managers as highest and for business executives as the least  Also enable printer pooling.

Steps

1. Install the driver for the printing device
2. set the available time period of the printer
3. set the priority as 99 for this printer and disable print option for business executives on this driver
4. Install one more driver for the same printer
5. set the priority as 1 for this printer and disable print option for managers on this printer
6. Enable printer pooling option to print on the available printer

Managing Access to objects in Organizational Units

Create a OU and moving objects between the OU form the command line

Description:  Create  two OU’s Training and  sales in Home.com add user1 and user2 to Training OU and UserX,userY to Sales OU. Set rights for the user1 to join a computer to the doamain only. For UserX set the rights to create user Objects only. For user2 Set the rights to reset the passwords for both OU’s users. Also Move user1 to sales OU and Userx to Training OU.

Steps:

1. dsadd ou “cn=sales,dc=Home,dc=com”
2. dsadd ou “cn=training,dc=Home,dc=com”
3. dsadd user “cn=user1,ou=training,dc=Home,dc=com”
4. dsadd user “cn=user2,ou=training,dc=Home,dc=com”
5. dsadd user “cn=userX,ou=sales,dc=Home,dc=com”
6. dsadd user “cn=userY,ou=sales,dc=Home,dc=com”
7. Open Active directory users and computers
8. run delegation wizard at the domain level set the rigts for the user1 to join a computer to the domain
9. run delegation wizard at sales ou and set the rights to create user objects
10. run delegation wizard at the training OU and set the rights to reset the password
11. dsmove “cn=user1,ou=training,dc=Home,dc=com” –newparent “cn=user1,ou=sales,dc=Home,dc=com”
12. dsmove “cn=userX,ou=sales,dc=Home,dc=com” –newparent “cn=userX,ou=training,dc=Home,dc=com”
13. Check the status of all the users and OU in ADUC

Preparing to Administer a Server

Create a shared folder on a remote computer

Defragment a disk on a remote computer

Connect to a remote console session

Create shortcuts for administrative

Description:  create a share folder on a file server by using manage tab. Defragment the the harddisk of file server from a remote computer. Establish a remote administration session from the client computer. Create a MMC snapshot to create local user accounts on the file server.

Steps:

1. Right click on My computer and click on manage
2. right click on computer and click on connect to another computer
3. Use share folder option to create a share folder on the remote computer
4. use disk management to defrag the hard disk of remote computer
5. create MMC snapshot to create local user accounts on the remote computer

Preparing to monitor server performance

Monitor DHCP server,DNS server and Domain Controller

Description: Monitor the behavior of the DHCP,DNS and Domain controller on various Loads  using System Monitor tool also create Counter and trace logs

Steps :

1. Open the system monitor tool
2. connect to the server to be monitored
3. Add the appropriate counters
4. observe the behavior in the GUI mode
5. Repeat the steps for other servers also

Managing Disks

creating and deleting partitions through Diskpart utility /disk management also to view partition information. Converting FAT into NTFS file system

Description : Create two primary partition on a given HDD and assign a drive letter G and H and volume label as Training. View the partition table information. Delete the partition H drive from the HDD.

Steps:

A. To partition a disk by using Disk Management:

1.  In Computer Management, open Disk Management.

2.  Right-click an unallocated region of a basic disk, and then click New Partition, or right-click free space in an extended partition, and then click New Logical Drive.

3.  In the New Partition Wizard, click Next.

4.  On the Select Partition Type page, click Primary Partition, and then click Next.

5.  On the Specify Partition Size page, type nnn (where nnn is the size in megabytes), and then click Next.

6.  On the Assign Drive Letter or Path page, select the drive letter, and then click Next.

7.  On the Format Partition page:

a. Select the appropriate file system and allocation unit size.

b. Type the appropriate volume label.

c. Select or clear the Perform a quick format and Enable file and folder compression check boxes.

8.  Click Next, and then click Finish.

B.To format a disk by using Disk Management:

1.  In Computer Management, open Disk Management.

2.  Right-click the partition, logical drive, or basic volume that you want to format or reformat, and then click Format.

3      Select the options that you want under:

• Volume Label.name the disk.
• File System.select either NTFS or FAT.
• Allocation Unit Size.select the allocated size of the disk that you want to format.

4.  If you are sure that the disk is undamaged, select the Perform a Quick Format check box.

5.  To compress files and folders on the disk, with NTFS volumes only, select

Enable File and Folder Compression.

C. To delete a partition by using Disk Management:

1.  In Computer Management, open Disk Management.

2.  Right-click the partition that you want to delete, and then click Delete Partition.

D. To partition a disk by using DiskPart:

1.  At the prompt, type diskpart

2.  At the prompt, type list disk and then make a note of the number of the disk on which you want to create a primary or extended partition.

3.  At the DISKPART prompt, type select disk n (where n is the disk number of the disk where you want to create the primary or extended partition).

4.  At the DISKPART prompt, type one of the following (where number is in

megabytes):

• Create partition primary size=number

. Or .

• Create partition extended size=number

. Or .

• Create partition logical size=number

E. To delete a partition by using DiskPart:

1.  Open Command Prompt, and then type diskpart

2.  At the DISKPART prompt, type list disk

Make a note of the disk number of the disk from which you want to delete the partition.

3.  At the DISKPART prompt, type select disk n (where n is the disk that you

want to delete the partition from).

4.  At the DISKPART prompt, type list partition

Make a note of the number of the partition that you want to delete.

5.  At the DISKPART prompt, type select partition n, where n is the partition

number of the partition that you want to delete.

6.  At the DISKPART prompt, type delete partition

F. To assign, change, or remove drive letters by using Disk Management:

 1.  In Computer Management, open Disk Management.

2.  Right-click a partition, logical drive, or volume, and then click Change Drive Letter and Paths.

3.  Do one of the following:

• To assign a drive letter, click Add, and then click the drive letter that

you want to use.

• To modify a drive letter, click it, click Change, and then click the drive

letter that you want to use.

• To remove a drive letter, click it, and then click Remove.

G. To assign, change, or remove a drive letter by using DiskPart:

1.  Open Command prompt, and then type diskpart

2.  At the DISKPART prompt, type list volume. Make note of the number of the volume whose drive letter you want to assign, change, or remove.

3.  At the DISKPART prompt, type select volume n (where n is the number of the volume whose drive letter you want to assign, change, or remove).

4.  At the DISKPART prompt, type one of the following:

a.  assign letter=L (where L is the drive letter that you want to assign or change)

b.  remove letter=L (where L is the drive letter that you want to remove)

 H. To convert a volume from a FAT or FAT32 drive to NTFS:

1.  In a command prompt, type convert d: /fs:ntfs (where d: is the letter of the disk drive).

2.  Press ENTER.

If the partition you are converting is the system or boot partition, you must restart the computer running Windows Server 2003.               

Managing Data storage

Configuring Disk Quota Entries exporting and importing Quota entries

Description: Restrict disk space to 100 MB on the file server for the users Jack and Jill of Home.com Export  quota entries of Jack and Jill Import the the quota entries  for new file server also.

Steps:

1. Open the properties of a partition on the file server
2. Click on Quota and enable quota management
3. Open quota entries
4. add a new entry for the user Jack
5. set limit disk space to 100 MB
6. set the warning level to 80 MB
7. click on quota and export to a file
8. Import this file on the other server by entering into same wizard
9. Repeat the same steps for the other user Jill also
10. Test the limitation by creating a home folder on the file server

Compressing a folder to increase the disk space encrypt a file and recover through recovery agent

Description : You have to compress a data folder of size 1 GB and represent with alternate color. User jack has encrypted a file and has left the organization there is a crucial data in this encrypted file you have to decrypt the file and make it usable.

Steps: compressing a folder and displaying in alternate color

1.      right click on the data folder access the properties
2.      on general tab click on advanced option
3.      click on compress contents to save disk space
4.      close the wizard
5.      click on tools on the main window
6.      click on folder options
7.      click on view
8.      select the “show encrypted and Compressed NTFS files in color”

Steps: Encrypting and recovering a encrypted a file

1.      Log in as user jack
2.      right click on the file to be encrypted and select properties
3.      click on advanced option  in general tab
4.      select encrypt contents to secure data
5.      export the certificate and the private key of the user Jack
6.      login as administrator
7.      import the private key of the user jack
8.      cipher –u test.txt
9.      open the test.txt to view the contents

Windows Server 2008 Clustering

Windows Server 2008 Clustering – Part1

Windows Server 2008 Clustering – Part2

Microsoft supports Red Hat Linux in Hyper-V

PORTLAND, OR — Microsoft will support Red Hat Linux as a guest operating system in Windows Hyper-V but reaction to the news, disclosed at OSCON 2011 today, was muted, perhaps because this crowd remains wary of the Windows giant and its intentions towards open source.

OSCON attendee and software architect Bryan Davis was unimpressed: “Same story, different day. Microsoft defines open as free add-ons to their closed systems and core technology to appropriate and fork.”

Immediate reaction from Twitter looked like this comment from Vancouver, British Columbia software developer Luke Closs: “About the #OSCON #Microsoft keynote: It’s a trap!”

Others said Microsoft’s motivation is pragmatic self interest. “It’s simple. Microsoft is doing it to make money, said Ulf Sandberg, CEO of SkySQL.

A  manager at a large tech company who supports multi-vendor IT deployments was similarly blase.  ”If the shop is really into mixed environments, chances are it’s running VMware anyway. Hyper-V is really more a Microsoft-only product, and IMHO the support for CentOS and RH is more of a sop to say  ’See, we really DO love open-source, so consider us competition for VMware’ than an honest attempt to support someone else’s OS,” he said via email. “I can’t see Microsoft putting a lot of effort into Linux. No one I have spoken to is particularly excited at the prospect. The RHEL KVM seems to be generating more buzz in the circles I live in.”

But, Gianugo Rabellino, Microsoft’s senior director of open source communities, did his best to woo OSCON attendees, stressing that many customers run  a mix of Linux and Windows and that interoperability in this era of “mixed IT” is thus imperative.

Along the same lines, Microsoft also extended its SUSE Linux interoperability agreement (this time with Attachmate instead of Novell)  until January 2016. During that time, Microsoft agreed to invest $100 million in new SUSE Linux Enterprise certificates for customers getting Linux support from SUSE.

The Red Hat Linux-Hyper-V news wasn’t really shocking given Microsoft’s big interoperability push—earlier this year it said it would support CentOS as a guest OS in HyperV.

Rabellino also talked up other examples of Microsoft’s good citizenship including its work to support Drupal and Joomla open source content management systems. Microsoft also announced that Version 4.0 of Windows Azure SDK for PHP and new tools to enable PHP application development in the cloud.

But, Rabellino’s attempts to appeal to the audience by touting his Apache Software foundation membership and his relatively short tenure in Redmond didn’t sway the more cynical attendees.

He invited OSCON participants to visit the Microsoft Redmond campus themselves, joking about the fear that some might feel at the notion.

Microsoft re-releases another Exchange update rollup

For the second time this year, Microsoft had to re-issue a recent service pack rollup update to correct a problem in the original release, further frustrating the Exchange community.

In late March, Microsoft re-released Exchange Server 2007 SP3 update rollup 3 to correct an issue that could have potentially led to database corruption. This time, Exchange Server 2010 SP1 update rollup 4 was removed from the download center three weeks after its June 22 release. The rollup was recalled after customers reported that when using Microsoft Outlook to move or copy a folder, subfolders and content for that folder were deleted.

Kevin Allison, general manager for Exchange Customer Experience, originally stated on the Exchange team blog that this issue would be fixed in Exchange 2010 SP RU 5, scheduled to drop in August. But Exchange 2010 SP1 RU 4 was re-released this week with extensive information as to what caused the problem. The Exchange Team describes the re-release as “functionally the equivalent of Exchange 2010 SP1 RU 4 and the interim update of knowledge base article 2581545.”

As expected, many in the Exchange community were frustrated that Microsoft released another rollup update with code problems.

“Back-to-back recalls of updates may cause companies to wait longer than they should to update their systems. This can be disruptive for business,” said Tom Phillips, consultant at TGPhillips Inc. in Allen, Texas.

Unlike the Exchange 2007 SP3 RU 3 re-release, Microsoft quickly owned up to everything that went wrong with the Exchange Server 2010 SP1 update rollup 4 release. On the Exchange Team blog, Allison explained what triggered the recall and why their initial testing failed. He also shared what the team is doing to prevent mishaps like this from happening in the future.

“For Microsoft to recall, fix and then explain a problem is huge,” Phillips said. “It shows that they’re re-evaluating testing procedures and seriously looking to avoid this kind of problem in the future.”