Script: Remove Orphaned ActiveSync Devices
One of the customers is running cleanup of EAS devices. There goal is to remove all devices those haven’t synced with the server for more than 30 days. Approach is like below:
- Identify the users who’s activesync devices have not synced over last 30 days.
- Notify them about the removal and they should also know what devices are associated with their mailbox those will be removed.
- Remove the device after a notification is sent
- Log what was removed and who’s mailbox was processed
It is little tedious to do it manually since the initial number of users will be more than 1000, and yes that calls for an automated way to do it. Another reason of automating the process it to avoid any miss of schedule. Humans normally get busy with the things and they forget 
. So, I wrote something that will do all mentioned jobs automatically and it goes here
What you just need to do is change following information in the script at each of line number mentioned below:
105 – Company Policy Link
148 – Internal Phone Number
150 – External Phone Number
155 – Helpdesk Email Address
176 – Remove -WhatIf parameter
180 – Change the name of Hub Transport Server
143 – Change the name of Hub Transport Server
An output email that is sent out looks like below.
Hope you find it useful.
May 10, 2012
Posted in: Uncategorized 
6 Comments
GFI MailEssentials Online Reviewed
GFI MailEssentials Online Reviewed
Introduction
GFI MailEssentials Complete Online (MEO) is a cloud-based anti-spam, anti-malware, and anti-phishing service that provides outsourced services for messaging hygiene, as well as additional capabilities. Email admins can add MEO to an existing messaging infrastructure without significant changes or costs, and pay for the service as an annual per-user subscription.
Requirements and Setup
MEO is designed to make implementation quick and easy. Once you have set up an account on the service, you need to perform four additional steps:
1. Provision your users in the system
2. Configure where the service should deliver clean mail
3. Create MX records for your domain(s) that point to the service
4. Optionally, configure your email system to route outbound mail through the service.
With the ability to import users or sync via LDAP or SQL, you can be up and running in a matter of minutes – this is not a service that takes many hours or days to set up. S
Sending your outbound email through an anti-spam service may seem strange, but there are several advantages to doing this. In addition to screening your outbound messages for malware or anything that might look like spam, there are additional benefits we’ll go over below.
For ease of setup, we give this a score of 5/5.
Out of the box configuration
Once mail is flowing through the system, your users are protected from malware, and to a lesser extent, spam. By one configuration, all messages detected as spam will continue to be delivered to users, though the subject line will be prepended with SPAM. You will probably want to change that default to “Redirected to the recipient’s junk mail quarantine” but this lets you get a feel for what MEO will do without actually changing the mail flow to start.
You can also adjust the aggressiveness of the filtering, and choose whether or not to use greylisting, which can reply to unrecognized servers with a deferral message. With greylisting enabled, legitimate mail servers will receive the initial deferral and then retry the message delivery, while most spam systems will simply receive the deferral message and give up.
You can also implement scheduled summary messages (“digests”), which will notify each user of all messages sent to them which were blocked as spam, and enable them to release any false positive messages without having to open a helpdesk ticket, contact an administrator, or even access the control panel.
As an anti-spam service, we’d expect it to quarantine spam by default rather than flag and forward it, so we give this a 4/5.
Management Interface
As you can see from the screen shots above, the management interface is clean and well designed, with an easy-to-follow logic and tab-based approach. The interface works well on practically any browser and operating system we tested, except for mobile devices.
As heavy iPhone users, we’d give higher marks to any service that we can use with our mobile devices, but it’s hard to find fault with such a clean and intuitive setup. 4/5.
Customization
Every customer will want to be able to customize the service, and MEO offers several options to tailor the service to better suit your needs. Whitelists and blacklists can be created based on FROM Address, TO Address, subject and source IP, you can block or allow based on character sets and attachment types, and also completely block things like egregious spam, viruses, and NDRs.
One thing we found missing was keywords. The service lets you white/blacklist by subject, but not by words in the body. It might be nit-picking, but we missed that option. Still, with all the options available, this still earns 4/5.
Performance and Accuracy
MEO performs exceptionally well, with a high degree of accuracy. During our trial we saw no spam get through the filters, and no appreciable delay in either inbound or outbound message flow. With only a couple of false positives, which were easily released, we have to give MEO 5/5 here.
Extras
We mentioned additional benefits above, and here’s what we were talking about. With all your inbound and outbound mail flowing through MEO, you can enable optional archiving to keep a record of all your email. Archiving is becoming a requirement for more and more companies, and being able to deploy it without any additional hardware or software is a great value-add. But that’s not all.
MEO allows users to log in to the portal to check for, and release, their own quarantined messages. Instead of opening countless helpdesk tickets, they can take care of themselves.
Perhaps most importantly, the service includes built-in “email continuity”. This means that any time your mail server is off-line, for maintenance or any other reason, users can simply log on to the MEO console and can use the service to send and receive emails while the production mail system is down. Given how much organizations depend on email these days, this is a very valuable feature.
With all this extra capability, we give this 5/5.
Conclusion
GFI MailEssentials Complete Online is a great service for email hygiene with several valuable bonus features for customers. The ease with which it can be implemented, its effectiveness, and its accuracy make for a very powerful protection for your users. Averaging 4.5/5, we consider this a great product.
April 29, 2012
Posted in: General No Comments
Deleted Items Folder is not visible in OWA or Outlook
One of our teams experienced a weird problem yesterday. One of the users was experiencing issues with him mailbox size. Mailbox Stats on the mailbox server (Exchange 2007) was showing his total mailbox item size as 1.3GB but the items in outlook were definitely not even close to that size as a sum of size of all items. I am sure a lot of us have already experienced similar issues already.
While taking a little closer look the team found that the problem was with the Deleted Items folder of that particular mailbox. The said folder was neither visible in outlook nor in OWA and contained most of the items in it, approximately 1 gig of data :-O. Yes, and that is why the mailbox size was exceeding the quota size limits.
We tried using Outlook.Exe /ResetFolders but that did not help either. The next step was to find out what is wrong with the deleted items folder that it is visible via powershell when Get-MailboxStatistics but not in outlook or OWA. If nothing is visible through conventional clients, the only way to manage/fix the things is to use MFCMAPI. Download latest version of MFCMAPI from http://mfcmapi.codeplex.com
Warning: MFCMAPI can cause severe damages to the mailbox if it is used incorrectly. Use this tool at your own risk.
1. Open MFCMAPI and logon to the problem mailbox.
2. Navigate to Deleted Items folder and simply highlight the Deleted Items Folder in left side pane of the utility.
3. Sort the property names in ascending order in the right hand side pane of MFCMAPI and locate the property named PR_ATTR_HIDDEN
This is a Boolean property which accepts the values as True or False. Objects with this property value set to True become invisible to clients and that is exactly what happened in our case too. For some reasons the value of this prop was set to True. Due to time constraints we could not find out the reason why it got changed.
4. The next step is to change the value to False so that the folder / object becomes visible in the client. To change the value simply double click on the prop PR_ATTR_HIDDEN and a pop up box comes up.
Check the checkbox Boolean and hit Ok button. Checking or un-checking the checkbox on above dialog box toggles the value between True and False.
Well that is it! you should get your lost folder visible back in mailbox using outlook / OWA.
April 5, 2012
Posted in: Exchange 2010, Exchange Server 2007, Outlook 4 Comments
Exchange 2010 Outlook Calendar Duplication – Another Weird Thing
Before I start, I must tell that there are several articles related to this kind of behavior but they do not really elaborate much about how to reach the resolution. I thought I would take few minutes to write up and help people.
Here is the scenario:
CEO of one of our customer companies was facing a long time unresolved issue with calendar item duplication. His secretary observed that she used to see duplication of some random meeting requests. Interestingly, she was not a delegate of his calendar and used his mailbox as an additional mailbox in outlook. This configuration ruled out the possibility of a corrupt rule in the mailbox that might have caused this behavior. In fact there was no corrupt rule in either of the mailboxes.
Here is what we did to investigate it in details:
MFCMAPI is my all-time favorite tool when it comes to troubleshooting complex client side issues. Another tool that was used in the entire troubleshooting is an internal tool to Microsoft so we could not really get hold of it. But, one of the PSS engineers helped us parsing the log files with correct information that was needed.
Using MFCMAPI:
Use MFCMAPI to locate the calendar items which seem to be getting duplicated in target mailbox. Export both messages into an XML file and look for the difference between two messages. Each object stored in Exchange Database gets a unique GUID stamped on it. If you open the XML file that is exported using MFCMAPI, you will see what the ID is stamped as a value of Prop LID_GLOBAL_OBJID value of this prop is unique on each item.
Using Exchange Server Store Trace:
In some complex issues you need to enable Exchange Server store trace. This procedure produces .etl files which are unreadable unless they are parsed. I would suggest you catch hold of someone in Microsoft to take some help to get the logs parsed. Technet Support Forums can be a good help there.
To enable store tracing follow http://support.microsoft.com/default.aspx?scid=kb;EN-US;971878 after parsing the etl files the output looks somewhat like below.
- User A sent a meeting request to CEO on 06:35:41.528 AM 1/19/2012 UTC which seems to have hit the recipient’s mailbox at 06:35:41.528 AM 1/19/2012 (Thursday, 19 January 2012, 12:05:00 [+5:30 GMT])
- Details recorded on the server for above mentioned message ID are as below:
o StartTrace GUID=2F91F24E-E4AB-4F31-B74B-93FC96FDEE17 Time:1/19/2012 6:35:41 AM
o TGuid=2F91F24E-E4AB-4F31-B74B-93FC96FDEE17 ServerBuild=14.01.0218.015
o TGuid=2F91F24E-E4AB-4F31-B74B-93FC96FDEE17 UserDN=/o=Exchange/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=SDG003
o TGuid=2F91F24E-E4AB-4F31-B74B-93FC96FDEE17 WszMailboxOwnerName=CEO
o TGuid=2F91F24E-E4AB-4F31-B74B-93FC96FDEE17 PguidMailbox=BFD0F2A2-1896-48BA-BA0A-E84AA53FA1ED
o TGuid=2F91F24E-E4AB-4F31-B74B-93FC96FDEE17 Connecting host=<NULL>
o TGuid=2F91F24E-E4AB-4F31-B74B-93FC96FDEE17 Connecting protocol=MAPI
o TGuid=2F91F24E-E4AB-4F31-B74B-93FC96FDEE17 SzApplicationId=<NULL>
o TGuid=2F91F24E-E4AB-4F31-B74B-93FC96FDEE17 MapiClient_Type=ctTransport
o TGuid=2F91F24E-E4AB-4F31-B74B-93FC96FDEE17 MapiClient_MachineName=HT-01
o TGuid=2F91F24E-E4AB-4F31-B74B-93FC96FDEE17 MapiClient_ProcessName=edgetransport.exe
o TGuid=2F91F24E-E4AB-4F31-B74B-93FC96FDEE17 MapiClient_UserName=
o TGuid=2F91F24E-E4AB-4F31-B74B-93FC96FDEE17 ClientBuildNumber=3585.0.32986.15
o TGuid=2F91F24E-E4AB-4F31-B74B-93FC96FDEE17 Flags for Notification type=40000005
o TGuid=2F91F24E-E4AB-4F31-B74B-93FC96FDEE17 Dirty Properties Mask=0x95FFFFFF
o TGuid=2F91F24E-E4AB-4F31-B74B-93FC96FDEE17 FolderName=Calendar
- What confirms the duplication of messages at primary look is a property named PR_CONVERSATION_TOPIC_W on both the messages.
- The original message sent by User A show PR_CONVERSATION_TOPIC_W = Meeting with CFO and CIO
- However the duplicated message (calendar entry) shows PR_CONVERSATION_TOPIC_W = Contracts Management – Status Update
- On the other hand an even closer look shows that the PR_NORMALIZED_SUBJECT_W has a similar value showing up on both messages and it appears as Meeting with CFO and CIO
- This makes the viewer believe that both messages are same.
- Trace for the duplicated message shows
o StartTrace GUID=65F2FFE7-5246-43B4-9B82-5BA4DB1256A3 Time:1/19/2012 6:47:10 AM
o TGuid=65F2FFE7-5246-43B4-9B82-5BA4DB1256A3 ServerBuild=14.01.0218.015
o TGuid=65F2FFE7-5246-43B4-9B82-5BA4DB1256A3 UserDN=/o=Exchange/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=SDG003
o TGuid=65F2FFE7-5246-43B4-9B82-5BA4DB1256A3 WszMailboxOwnerName=CEO
o TGuid=65F2FFE7-5246-43B4-9B82-5BA4DB1256A3 PguidMailbox=BFD0F2A2-1896-48BA-BA0A-E84AA53FA1ED
o TGuid=65F2FFE7-5246-43B4-9B82-5BA4DB1256A3 Connecting host=<NULL>
o TGuid=65F2FFE7-5246-43B4-9B82-5BA4DB1256A3 Connecting protocol=MAPI
o TGuid=65F2FFE7-5246-43B4-9B82-5BA4DB1256A3 SzApplicationId=Client=ActiveSync;UserAgent=RoadSync-S60/5.0;Action=/Microsoft-Server-ActiveSync/default.eas?User=00010090&DeviceId=358741022338476&DeviceType=Samsungi8910&Cmd=Sync
o TGuid=65F2FFE7-5246-43B4-9B82-5BA4DB1256A3 MapiClient_Type=ctAirSync
o TGuid=65F2FFE7-5246-43B4-9B82-5BA4DB1256A3 MapiClient_MachineName=BLR-VCAS-02
o TGuid=65F2FFE7-5246-43B4-9B82-5BA4DB1256A3 MapiClient_ProcessName=w3wp.exe
o TGuid=65F2FFE7-5246-43B4-9B82-5BA4DB1256A3 MapiClient_UserName=
o TGuid=65F2FFE7-5246-43B4-9B82-5BA4DB1256A3 ClientBuildNumber=3585.0.32986.15
o TGuid=65F2FFE7-5246-43B4-9B82-5BA4DB1256A3 Flags for Notification type=40000005
o TGuid=65F2FFE7-5246-43B4-9B82-5BA4DB1256A3 Dirty Properties Mask=0x15FFFFFF
o TGuid=65F2FFE7-5246-43B4-9B82-5BA4DB1256A3 FolderName=Recoverable Items
- Digging further down to the duplicated entry shows that the message did exist in the affected mailbox on the date 06:40:52.128 AM 9/15/2011 (Saturday, 15 September 2012, 12:10:00 UTC) and was called the application that exists on the phone Samsung I8910.
- It is a real mystery to identify how phone can really mess up the times but the logs are showing the things clearly. Possibly, the local cache of the phone / handheld still maintains a list of appointments offline.
Conclusion:
Looks like Mr CEO’s handheld device is creating the issues more than anything else at the moment. We may have to request him to stop using the device for some time to see if that resolves this problem. If that is not possible then change his mobile device settings to store only recent and future appointments and not all. The other way is to request him wiping his device to factory defaults if that is possible (but the last option)
At last, this post is a publication out of a technical troubleshooting note so may not be well formed with words used in it. In case you find anything confusing or I can help you understanding please feel free to comment or drop me a note.
March 5, 2012
Posted in: Exchange 2010, Outlook One Comment
Outlook 2010 Nickname Cache – An insider Story
Name cache in Outlook is a great feature, we all know. I personally find it extremely very useful since it saves a lot of time while selecting recipients. It has also helped adding few of those recipients who were likely to get missed on an email.
Outlook 2003 and 2007 both used locally stored .NK2 files to hold these name cache. These NK2 files could be found at %APPDATA%\Microsoft\Outlook. It was easy to backup these files or import them back if there were any issues observed. That was pretty simple business there. But a pain of keeping a bakup of these files was always there. In most the cases when user changed their computer these files were most likely to get skipped and they would lose their nickname cache.
When Outlook 2010 was launched it also changed the way the name cache is used by outlook. Instead of using a local NK2 file, outlook 2010 stores the name cache directly in the mail account’s delivery store (in simple words – “Mailbox”).
This post does not provide any troubleshooting information but a little more insight of this changed method of storing nick name cache directly into mailbox. Although it does not outline any troubleshooting steps, the information in this post should be helpful enough if you are troubleshooting a problem related to nickname cache.
The way nickname cache is stored in one of the portions of extremely complex structure in an exchange server 2010 mailbox is in the form of an attribute on a mailbox rule. To understand and to see the way this thing works; you require the very famous geeky tool, MFCMAPI. I must say Stephen Griffin has done an extra ordinary job by developing this utility and keeping it all the way updated over so many year. Thanks Steve
Let us take a look at how does this thing look like and how to see it.
1. Download MFCMAPI from http://mfcmapi.codeplex.com . Latest the better.
2. If you do not wish to do all configurations for running MFCMAPI without outlook, use it on a computer where outlook is installed. I would prefer outlook 2010 on the computer where I am going to use MFCMAPI.
3. Once you have the utility downloaded, open your mailbox by logging on to the profile you wish to explore.
4. Select the profile that is already configured on the computer.
5. After you select the profile, you would see your mailbox, archives and public folder store in the window. In my case I do not have any PST files and PF store on my exchange server. Now, right click on your mailbox and select Open Store
6. That brings up another window, which is an invisible view of the mailbox using any known MAPI, NON-MAPI client. Expand Root – Mailbox –> IPM_SUBTREE in this newly opened window and you would see the similar folder structure that you see using outlook. If you are connected to exchange server in online mode the structure would look a very little different and IPM_SUBTREE is replaced with another folder named Top of Information Store.
A few more folders are made visible by MFCMAPI. I strongly recommend you do not play around them unless you really understand why they are there.
7. Select your Inbox folder, right click, and select Open associated contents table from the context menu.
8. Above action brings up another window of MFCMAPI, which shows hidden, visible rules in your mailbox.
You may not see the similar screen as above since I have adjusted the columns as per my convenience. Yet, the key bit here is the rule that stores your nickname cache information. By expanding columns and scrolling horizontally in the rules pane; you should be able to figure out a rule that’s message class is IPM.Configuration.Autocomplete. Yes, that is the one which manages your nickname cache.
Question is, where is the actual information? Why is it not visible in above screen shot if the message class IPM.Configuration.Autocomplete holds all my nickname cache data? Well, do you see that red mark in the properties pane?
The nickname cache is stored in a property of the rule IPM.Configuration.Autocomplete named PR_ROAMING_BINARYSTREAM. That is correct. It is a binary stream that is stored in your mailbox as a property of the rule mentioned / highlighted above.
I think the data you are interested in is still not visible to you. This is the real trick. The property PR_ROAMING_BINARYSTREAM is the property of type PT_BINARY. Since it holds a binary stream of information it may not be displayed directly when you are on the screen shown above.
9. To see what is inside the scoop; right click on the property 0x7C09000A and select Smart View.
10. In Structure Picker window, select structure to interpret as Nickname Cache
11. A new window that will show up on your screen is the information you perhaps did not know.
Whoa! What is that information?
Looks weird first time but if you take a closer look at the information that is displayed, it looks like some structured information represented in a plain text format. This binary stream is nothing but a structure that is similar to a database consisting of rows and properties on each row which has further properties again. Lets dive a little deeper into this information
Nickname Cache
Metadata1 = cb: 4 lpb: 0DF0ADBA
Major Version = 12
Minor Version = 0
Row Count = 11
Row Count tells you about how many records are stored in your nickname cache.
Below is a dump of single record that appears in your nickname cache when you start typing a name in outlook To, CC, BCC fields (Names and Email Addresses changed by me)
- A closer analysis of below dump would make you understand that each row is represented by an unique number starting from 0. Each name that appears after you start typing a recipient’s name is equal to a Row in the below information. If you have 100 names stored, the first row would be Row 0 and the last would be Row 99
- Each row represents a unique record itself.
- Each row has few more properties represented by Property[0], Property[1], and so on. These properties have their own properties again. Just like what you see in below dump.
- Each of these properties represent a specific block of information about the cached nickname by outlook.
For Example:
Property[0] – Property Name
Property = 0x6001001F – Property Identifier
Exact Matches: PR_NICK_NAME_W – Property Name
Partial Matches: PR_NICK_NAME, PR_NICK_NAME_A, PR_DOTSTUFF_STATE – Other properties with similar structure to PR_NICK_NAME_W
PropString = Exchange.Geek@GEEKLABS.COM AltPropString = cb: 40 lpb: – Self Explanatory. This is the string value of the property [0] which is PR_NICK_NAME_W
Row 0
cValues = 0×00000017 = 23
Property[0]
Property = 0x6001001F
Exact Matches: PR_NICK_NAME_W
Partial Matches: PR_NICK_NAME, PR_NICK_NAME_A, PR_DOTSTUFF_STATE
PropString = Exchange.Geek@GEEKLABS.COM AltPropString = cb: 40 lpb: 4F004D002E004900540046004D005300400067006D007200670072006F00750070002E0069006E00
Property[1]
Property = 0x39FE001F
Exact Matches: PR_SMTP_ADDRESS_W, PidTagSmtpAddress
Partial Matches: PR_SMTP_ADDRESS, PR_SMTP_ADDRESS_A, ptagPrimarySMTPAddress
PropString = Exchange.Geek@GEEKLABS.COM AltPropString = cb: 40 lpb: 4F004D002E004900540046004D005300400067006D007200670072006F00750070002E0069006E00
Property[2]
Property = 0x3A00000A
Partial Matches: PR_ACCOUNT, PR_ACCOUNT_A, PR_ACCOUNT_W, PidTagAccount
PropString = Err:0x8004010F=MAPI_E_NOT_FOUND AltPropString =
Property[3]
Property = 0x0C150003
Exact Matches: PR_RECIPIENT_TYPE, PidTagRecipientType, ptagRecipientType
PropString = 2 AltPropString = 0×2
Smart View: Flags: MAPI_CC
Property[4]
Property = 0x3001001F
Exact Matches: PR_DISPLAY_NAME_W, PidTagDisplayName
Partial Matches: PR_DISPLAY_NAME, PR_DISPLAY_NAME_A, ptagDisplayName
PropString = Exchange Geek AltPropString = cb: 54 lpb: 530075006E0069006C0020004F007000650072006100740069006F006E0020004D0061006E006100670065007200200042004C005200
Property[5]
Property = 0x3002001F
Exact Matches: PR_ADDRTYPE_W, PidTagAddressType
Partial Matches: PR_ADDRTYPE, PR_ADDRTYPE_A, ptagAddrType
PropString = EX AltPropString = cb: 4 lpb: 45005800
Property[6]
Property = 0x0FFF0102
Exact Matches: PR_ENTRYID, PR_MEMBER_ENTRYID, PidTagEntryId, PidTagMemberEntryId, ptagEntryId
PropString = cb: 116 lpb: 00000000DCA740C8C042101AB4B908002B2FE18201000000000000002F6F3D474D5247726F75702F6F753D45786368616E67652041646D696E6973747261746976652047726F7570202846594449424F484632335350444C54292F636E3D526563697069656E74732F636E3D434E4C5432363300 AltPropString = ….ܧ@ÈÀB..´¹..+/á?……../o=GEEKLABS/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=ExchangeGeek.
Smart View: Exchange Address Entry ID:
abFlags = 0×00000000
Provider GUID = {C840A7DC-42C0-1A10-B4B9-08002B2FE182} = muidEMSAB
Version = 0×00000001 = EMS_VERSION
Type = 0×00000000 = DT_MAILUSER
X500DN = /o=GEEKLABS/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=ExchangeGeek
Property[7]
Property = 0x3003001F
Exact Matches: PR_EMAIL_ADDRESS_W, PidTagEmailAddress
Partial Matches: PR_EMAIL_ADDRESS, PR_EMAIL_ADDRESS_A
PropString = /O=GEEKLABS/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=ExchangeGeek AltPropString = cb: 174 lpb: 2F004F003D0047004D005200470052004F00550050002F004F0055003D00450058004300480041004E00470045002000410044004D0049004E004900530054005200410054004900560045002000470052004F005500500020002800460059004400490042004F0048004600320033005300500044004C00540029002F0043004E003D0052004500430049005000490045004E00540053002F0043004E003D0043004E004C005400320036003300
Property[8]
Property = 0x300B0102
Exact Matches: PR_SEARCH_KEY, PidTagSearchKey, ptagSearchKey
PropString = cb: 91 lpb: 45583A2F4F3D474D5247524F55502F4F553D45584348414E47452041444D494E4953545241544956452047524F5550202846594449424F484632335350444C54292F434E3D524543495049454E54532F434E3D434E4C5432363300 AltPropString = EX:/O=GEEKLABS/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=ExchangeGeek.
Property[9]
Property = 0x3D010102
Exact Matches: PR_AB_PROVIDERS, PidTagAbProviders
PropString = cb: 16 lpb: 64089B1A0053EC4995777ED6B1F7232A AltPropString = d.?..SìI?w~Ö±÷#*
Property[10]
Property = 0x5FFF0003
Exact Matches: PR_RECIPIENT_TRACKSTATUS, PidTagRecipientTrackStatus, ptagRecipientTrackStatus
PropString = 0 AltPropString = 0×0
Smart View: Flags: respNone
Property[11]
Property = 0x5FDE0003
Exact Matches: PR_RECIPIENT_RESOURCESTATE, PidTagRecipientResourceState
PropString = 0 AltPropString = 0×0
Property[12]
Property = 0x5FFD0003
Exact Matches: PR_RECIPIENT_FLAGS, PidTagRecipientFlags
PropString = 1 AltPropString = 0×1
Smart View: Flags: RECIP_SENDABLE
Property[13]
Property = 0x5FF6001F
Exact Matches: PR_RECIPIENT_DISPLAY_NAME_W, PidTagRecipientDisplayName
Partial Matches: PR_RECIPIENT_DISPLAY_NAME
PropString = Exchange Geek AltPropString = cb: 54 lpb: 530075006E0069006C0020004F007000650072006100740069006F006E0020004D0061006E006100670065007200200042004C005200
Property[14]
Property = 0x5FF70102
Exact Matches: PR_RECIPIENT_ENTRYID, PidTagRecipientEntryId, ptagRecipientEntryId
PropString = cb: 116 lpb: 00000000DCA740C8C042101AB4B908002B2FE18201000000000000002F4F3D474D5247524F55502F4F553D45584348414E47452041444D494E4953545241544956452047524F5550202846594449424F484632335350444C54292F434E3D524543495049454E54532F434E3D434E4C5432363300 AltPropString = ….ܧ@ÈÀB..´¹..+/á?……../O=GEEKLABS/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=ExchangeGeek.
Smart View: Exchange Address Entry ID:
abFlags = 0×00000000
Provider GUID = {C840A7DC-42C0-1A10-B4B9-08002B2FE182} = muidEMSAB
Version = 0×00000001 = EMS_VERSION
Type = 0×00000000 = DT_MAILUSER
X500DN = /O=GEEKLABS/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=ExchangeGeek
Property[15]
Property = 0x5FF20003
PropString = 0 AltPropString = 0×0
Property[16]
Property = 0x5FEF0003
PropString = 0 AltPropString = 0×0
Property[17]
Property = 0x5FF50003
PropString = 0 AltPropString = 0×0
Property[18]
Property = 0x5FEB0003
PropString = 0 AltPropString = 0×0
Property[19]
Property = 0x5FDF0003
Exact Matches: PR_RECIPIENT_ORDER, PidTagRecipientOrder, ptagRecipientOrder
PropString = 8 AltPropString = 0×8
Property[20]
Property = 0x6002000B
PropString = False AltPropString =
Property[21]
Property = 0x6003001F
Exact Matches: PR_DROPDOWN_DISPLAY_NAME_W
Partial Matches: PR_DROPDOWN_DISPLAY_NAME, PR_DROPDOWN_DISPLAY_NAME_A
PropString = Exchange Geek <Exchange.Geek@GEEKLABS.COM> AltPropString = cb: 100 lpb: 530075006E0069006C0020004F007000650072006100740069006F006E0020004D0061006E006100670065007200200042004C00520020003C004F004D002E004900540046004D005300400067006D007200670072006F00750070002E0069006E003E00
Property[22]
Property = 0×60040003
Exact Matches: PR_NICK_NAME_WEIGHT
PropString = 16384 AltPropString = 0×4000
Again, another question would start bothering you. Do I mean that outlook queries exchange server over MAPI all the times when someone start typing a name in To, CC or BCC fields?
Answer is No!
Unless your outlook profile is not configured in Online mode; outlook would not really go and ask for the information to the exchange server. Instead, it maintains a local replica of the nickname cache which is stored on the client computer at location %USERPROFILE%\AppData\Local\Microsoft\Outlook\RoamCache in one or more .dat files.
This behavior makes it faster to access the information instead of making a MAPI call to the store every time someone types a name. This locally stored information stays in read only format though. Outlook can read from these files but cannot write back into them. Even if you manage to write something back to these files the updated information would not get written back in your mailbox on the server.
Another aspect of the way nickname cache information is displayed in Exchange 2010 Outlook Web App. Since OWA works as a persistent session to CAS server / CAS Array from the client computer this information should ideally be streamed online every time someone tries to type a name in To, CC or BCC fields. But, interestingly, the way this information is handled by OWA is little different that you can imagine. Exchange 2010 OWA (premium mode only) also caches this binary stream stored in the prop PR_ROAMING_BINARYSTREAM locally to the client computer. That is why you may still see name cache available in OWA new message window, even after losing network connection to the server.
Well, that is all about it. I will keep few more things posted as and when get time. For now, enjoy this post and let me know if you find any documentation bugs . Feel free to leave your feedback in case you like / disliked this post.
.
January 7, 2012
Posted in: Exchange 2010, Outlook 9 Comments
How To Renew Exchange Server 2010 Certificates
Back in April 2009 I wrote something about How to renew a self signed certificate in Exchange Server 2007 and then later Exchange 2010 EMC and Certificates Management Part – 1 and Exchange 2010 EMC and Certificates Management Part – 2
I am sure a lot of you have found these posts helpful. All of these posts however did not talk about the certificates issued by public CAs. I thought it would be even more helpful to put up a separate post that would talk more about the certificate renewal process in Exchange 2010 which indeed would cover few steps for Exchange 2007 certificate renewals as well.
If you run through the Exchange 2010 EMC and Certificate Management posts you would know how it really works when you are preparing, requesting and assigning a new certificate to your Exchange 2010 CAS and HT servers but these posts do not talk about renewal of the certificates once you assign them and they are just about to expire :-O
A little bit of stuff that you may or you may not know:
Whenever you work with certificates on an exchange server role installed on any OS, you are dealing with the local computer certificate stores on the at OS which is easily accessible by using Start—> Run –> MMC –> Add/Remove Snap In –> Certificates –> Local Computer. Just take a look at the local computer’s Personal certificate store and you wouldn’t be surprised to see these certificates in there. The only reason I wanted to bring this point here in this post because you may really need to run through this sometimes if you experience something that was mentioned in one of previous posts Missing Private Key on Exchange Certificate
So let’s have a look at what is it and how to do it!
GUI:
Just like above linked two posts talking about how to manage the exchange certificates using GUI, you need to locate the certificate that you need to renew in EMC. Right click on the certificate and select Renew
Provide the path in the wizard that appears which will save you a .req file. Once you have completed the wizard you are ready to use this .req file to be supplied to any certification authority that supports your request. The reason I said ‘any CA that supports your request’ is because, some CAs do not support SAN extensions supplied in the request.
Once you supply the contents of the file generated above your CA will provide you a certificate that can be imported here. To import a certificate using GUI follow steps mentioned in Exchange 2010 EMC and Certificates Management Part – 2
Powershell:
We have a lot of powershell lovers by now and they feel powershell is much easier than GUI sometimes. For all of those
Find the certificate you need to renew using Get-ExchangeCertificate
Copy the certificate thumbprint and run following command to generate the CSR
Get-ExchangeCertfiicate -Thumbprint <Thumbprint> | Renew-ExchangeCertificate -GenerateRequest:$True -PrivateKeyExportable:$True
The above command displays the CSR that you need to be supplied to the CA. Copy the CSR and paste it to the CA interface.
Once you have downloaded the certificate issued by the CA use below command to import it. You need to make sure that you have not removed the certificate request generated by your last operation using EMC or powershell. This will lead you to another situation where you wouldn’t be able to import the certificate.
Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path C:\Users\Milind\Documents\Certificate.cer -Encoding Byte -ReadCount 0))
If you have recieved your certificate in .pfx format then use
Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path C:\Users\Milind\Documents\Certificate.pfx -Encoding Byte -ReadCount 0)) -Password:(Get-Credential).Password
And the final stage is to enable it for the services
Enable-ExchangeCertificate -Thumprint <Thumbprint> -Services IIS,IMAP,POP
Same procedure applies to Hub Transport Server Role certificate renewal as well but the Edge Transport Server Role. To manage certificates on the Edge Transport Server Role you must be logged on the server and use powershell.
After you have renewed certificate on an edge transport server, you need to resubscribe it to the site since the subscription contains the certificate information in it too. Read more about Edge Transport here
December 20, 2011
Posted in: Uncategorized 2 Comments
Listing Exchange ActiveSync Users and Device Details
As an IT administrator you must have come across a requirement from information security teams that they want to review the number of users who use emails on their mobile phones. Some companies require this data so that they can allow access only for selected users. Although listing users is not a big deal when you can use Get-CASMailbox -ResultSize Unlimited | ? {$_.HasActiveSyncDevicePartnerShip = $True} it is a bit of challenge for a novice powershell user to find out their device information too.
Below scriptlet is quite handy when it comes to finding EAS users and their handheld device details.
$ResultArr =@()
$CASMailboxes = Get-CASMailbox -ResultSize Unlimited | ? {$_.HasActiveSyncDevicePartnership -eq $true}
foreach ($CASMailbox in $CASMailboxes)
{$ResultArr += Get-ActiveSyncDeviceStatistics -Mailbox $CASMailbox.Identity | Select @{Name=”User”;Expression={($CASMailbox.Name).ToString()}},DeviceType,DeviceModel,FirstSyncTime,LastSuccessSync,IsRemoteWipeSupported
}$ResultArr | Export-Csv C:\Reports\EASDeviceStats.csv -NoTypeInformation
If you are lazy like me then you may want to send this information directly to someone using a bit of automation
Send-MailMessage -From “Support@company.com” -To “security@company.com” -Subject “ActiveSync User Stats” -Attachments C:\Reports\EASDeviceStats.csv ” -Body ” This is an autogenerated Email. Please do not respond to this email” -SmtpServer “ServerName”
I hope you find this useful!
December 14, 2011
Posted in: Exchange 2007, Exchange 2010 Comments Closed
Exchange Server 2010 SP2 Installation – Few Must Knows
It is more than a week since Microsoft made the Exchange Server 2010 SP2 installation bits available for public download. Over a week’s time there are a lot of articles explaining the installation procedure of Exchange Server 2010 SP2. In this post, I am highlighting few things that you should know before installing Exchange Server 2010 SP2 in your production.
First things first, Test it in lab environment before installing in production environment.
You must know – SP2 includes schema changes
With certain new features, Exchange 2010 SP2 needs to write to schema partition. A bunch of new attributes / classes are added and a lot of them are modified. To understand what changes happen when you run Exchange 2010 SP2 read the Exchange Server Active Directory Schema Changes Reference, November 2011
Since, the installer will be requiring modifications to Schema, user account used for installation of SP2 must be a member of Schema Admins group in active directory. As a best practice, make sure that this user account is removed from the group once the schema extension is complete.
You must know – New Windows Server Features are required for CAS Role
In Exchange Server 2010 CAS is the primary entry point for clients to any Exchange Server 2010 Environment. With this release, a few more features are added in the CAS server role which makes on premise and Office 365 integration a better experience and also an improvement that makes the silent redirection better within cross site CAS roles. A new feature called Mini Outlook Web App now exists that works on no cookies, no scripts model.
Address Book Policies aka GAL Segmentation is another new and long awaited feature that is now available with SP2. Essentially, ABPs are nothing but a logic provided by CAS server role the clients that will segregate their access to the Address Lists and Offline Address Books. Although I am not very sure yet whether all these new features require any additional Windows Server Features to be installed but logically, all these things together demand installation of the new features those are required to be installed on CAS Servers.
Below are some new Windows Server Role Features that you need to install before installing SP2 on CAS Role.
- IIS 6 WMI Compatibility
- ASP.NET
- ISAPI Filters
- Client Certificate Mapping Authentication
- Directory Browsing
- HTTP Errors
- HTTP Logging
- HTTP Redirection
- Tracing
- Request Monitor
- Static Content
Or Easier way to do the nasty stuff is to just use the setup.com switches simply run
Setup /Mode:Upgrade /InstallWindowsComponents
You must know – Installing Updates on DAG is not a normal exercise
Many of us run DAG because of its proven reliability and ability to make a highly available mailbox database system. Installing updates on a member of a DAG is not a regular installation though. In June last year I posted Installing Exchange 2010 SP1 (beta) on DAG members . Procedure does not really change except some included hotfixes in my previous post. If you are running SP1 then you do not need those hotfixes anymore.
You did not like that procedure? No worries, Mike has another and simpler one posted here Performing Maintenance on DAG Members in Exchange 2010 SP1
Remaining is HT and UM roles. Well, there is nothing specific that you need to take care of there, you can install SP2 in a normal way there.
To summarize,
- Exchange 2010 SP2 installation package modifies schema. You must be a member of Schema Admins with other necessary RBAC permissions
- Exchange 2010 SP2 installation package requires few additional Windows Server Role features to be added on CAS role before you can complete installation.
- DAG members require a special procedure to install any updates.
December 12, 2011
Posted in: Exchange 2010 5 Comments
Exchange Server 2010 Checklist
Few months ago someone in our discussion group had a requierment of an automated way to make sure that exchange servers health state should be checked automatically and a report should be sent to support team.During the discussion, we recieved a lot of ideas and many sample codes to do so. The largest piece of code was written for Exchange 2007. I perosnally used this script at many customers to automate the daily / hourly checklist part of their operations team but since a lot of them have already upgraded to Exchange 2010 the old script become almost useless due to changes in architecture of components of Exchange Server 2010. With said that, quite a considerable number of modifications were needed in the origional code.
I recently posted the latest version of the script that was customized by me to meet some of exclusive requirements. You can download the script from Microsoft Technet Gallery – Exchange Server 2010 Checklist
Yet, I really wanted to thank the person who wrote this entire stuff. That was really so cool.
Features:
- Provides a detailed report of your Exchange Server 2010 Critical components in an HTML email.
- Provides color coded statuses so that faulty components can be identified easily.
- Emails can be sent to multiple people.
- Script can be scheduled to run using scheduled task.
PARAMETERS:
-ServerName (required)
Must be an Exchange 2010 server. This script should be run locally on the mentioned server.
-Path (required)
This is the folder identity where the generated report will be saved.
-CompanyName (required)
Name of your company E.g. “Contoso Inc.”
-SMTPServer (required)
Hub Transport Server name or IP address. Any SMTP relay that can accept the email will also work.
-From (required)
Sender’s email address.
-To (required)
List of recipient(s). You can pass a comma seperated values here. For more than one recipients use {user1@domain.com, user2@domain.com}
-JournalMailbox (optional)
The mailbox identity to get mailbox statistics.
For many mailboxes use user1@domain.com,user2@domain.com
Please do provide your feedback in case you liked / disliked it or you would like to see some new features added into it. Download and Enjoy 
December 7, 2011
Posted in: Exchange 2010 5 Comments
Exchange Server 2010 Service Pack 2 is available for Download
Microsoft has released SP2 for Microsoft Exchange Server 2010 today. The service pack is available for download at http://www.microsoft.com/download/en/details.aspx?id=28190
With release of SP2 a long awaited feature of Address List Segregation will now be available instead of using Exchange in Hosting Mode. A lot of other fixes are included in this release.
Download your copy and Enjoy!
December 5, 2011
Posted in: Exchange 2010 3 Comments