We firstly query Exchange via the EMS to list all available databases:
Get-MailboxDatabase
Once you have identified the database, we can double check the current mailbox location on the file system:
Get-MailboxDatabase -Identity "Mailbox Database 000001" | Format-List | Select-String -Patern "EdbFilePath" -SimpleMatch
We then dismount the database:
Dismount-Database "Mailbox Database 000001"
Then we use the "Move-DatabasePath" cmdlet to move the location on:
Move-DatabasePath "Mailbox Database 000001" -EdbFilePath "D:\Mailbox Database 000001\Mailbox...
Saturday, 28 February 2015
Friday, 27 February 2015
Enumerating all DNS recource records of a zone
In order to view / enumerate all of the recourse records of a specific domain with DNS you firstly need to setup zone transfers on your DNS serv...
Using RBAC with Exchange 2013
RBAC allows you to categorize users into different groups and then apply specific roles to that group. By nature it is very granular allowing you to assign for example a specific user only very specific available commands in the Exchange Management Shell. For more information on RBAC see he...
Understanding Exchange Workload Management with Exchange 2013
Normal
0
false
false
false
EN-GB
X-NONE
X-NONE
...
Outlook Anywhere vs ActiveSync
To some extent they are used for the same purpose, although on different platforms:
Outlook Anywhere: Service exclusively used with Microsoft Outlook - see here for a guide on how to setup Outlook Anywhere.
ActiveSync: Used for portable devices - goes over HTTP/S, although does not provide as many features as Outlook Anywhe...
Setting up Layer 4 and 7 Load Balancing with Exchange 2013
Typically you would have two layer 3 load balancers that create a virtual IP for external access (client resolves a namespace to a virtual IP) - they are then routed to one of a pool of client access servers within a load balance cluster. From thier the Client Access Server will query AD (by performing a service discovery) for the Exchange Version and where abouts the mailbox exists in the DAG's mailbox servers - it then proxies the request to the appropriate mailbox server (including re-routing the request through another client access server...
Mobile Device Management and ActiveSync with Exchange 2013
Exchange ActiveSync allows mobile devices to connect to an Exchange server over HTTP and XML (avilable over ports 80 and 443) and access your email, calender, contacts etc. It is specifically optimized for high-latency, low bandwidth networks - hence suiting mobile phones and portable devices that rely on a mobile network as a means of data.Within EAC you can setup mobile device policies by going to Mobile > Mobile Device Mailbox Policies and enable / disable Mobile Device access from he...
OWA (Outlook Web App) Policies
OWA Policies allow you to enable and disable functionality to users of OWA. The policy settings can be accessed from the EAC > Permissions > OWA Policies.For example you can prevent users from changing thier passwords, direct access to files.New in 2013 also allows you to have an offline version of the web app, that requires the user to have an HTML5 compliant browser - this can also be enabled / disabl...
Copying files and folders while retaining the security permissions
You can make use of RoboCopy to accomplish this:
robocopy <source-directory> <destination-directory> /W:2 /MIR /SEC /FFT /R:3
/W:2 Specifies the wait time while attempting to access a file./R:3 Specifies how many times to attempt to access a file - for example if the file was locked RoboCopy would retry the copy operation./MIR Creates an exact mirror of the files and folders./SEC Copies the exact NTFS permissions of the files and folde...
Thursday, 26 February 2015
What is Outlook Anywhere?
Outlook Anywhere allows you to access Exchange via RPC over HTTPS - this
enables you to traverse through firewalls easily without having to open
up RPC ports. By default RPC over HTTPS is enabled in Exchange 2013 due
to the fact plain RPC is no longer supported (Hence the removal of the
Client Access RPC Serve...
Changes to the Client Access Server in Exchange 2013
The following in an excerpt from TechNet:
Unlike previous versions of Exchange, Exchange 2013 no longer requires session affinity at the load balancing layer.
To understand this statement better, and see how this impacts your
designs, we need to look at how CAS2013 functions. From a protocol
perspective, the following will happen:
A client resolves the namespace to a load balanced virtual IP address.
The load balancer assigns the session to a CAS member in the load balanced pool.
CAS authenticates the request and performs a service discovery...
Send as and send on behalf of permissions in Exchange 2013
You can manage send as and send as behalf settings though ECP - by going into the user properties and selecting "Mailbox Delegation":
...
Automapping feature in Exchange 2013
The automapping feature allows users who have "Full Access" permissions to another inbox(es) to automatically have those inboxes added to thier Outlook client.In order to setup automapping we can use the Add-MailboxPermission cmdlet:Add-MailboxPermission -Identity jbloggs -User 'Joe Bloggs' -AccessRight FullAccess -InheritanceType All -Automapping $trueAnd to disable automapping we can use the Set-MailboxPermission cmdlet:Remove-MailboxPermission -Identity jbloggs -User 'Joe Bloggs' -AccessRight FullAccess -InheritanceType All -Automapping $falseAdd-MailboxPermission...
Setting mailbox and mailbox folder permissions with Exchange 2013
The end user is able to set thier mailbox permissions via the Outlook client, but as an administrator we can manage the permissions remotely using the Exchange Management Shell.To manage a users mailbox permissions we use:Set-MailboxPermission -Identity "Joe Bloggs" -User jbloggs -AccessRights FullAccess -InheritanceType AllGet-MailboxPermission -Identity "Joe Bloggs" | Format-ListRemove-MailboxPermission -Identity "Joe Bloggs" -User jbloggs -AccessRights FullAccess -InheritanceType AllAdd-MailboxPermission -Identity "Joe Bloggs" -User jbloggs...
Wednesday, 25 February 2015
Enable data deduplication on Server 2012
Data deduplication can be an effective way of saving disk, although if misused can easily choke the disk I/O and CPU time.
We will firstly install the Data Deduplication feature in the "File and Storage Services" role:
We will then identify the volume we wish to enable data-dedeplication on from the Server Manager > right-hand click and select "Configure Data-deduplication":
We will then specify the data de-duplication type - which will...
Installing intermediate certificates for IIS 7.0
In order to import intermediate certificates into IIS we will use the local Windows Certificate store - to do this we will firstly launch mmc and add the "Certificates" snapin - although make sure that it is added as under the "Local Computer" account:
Now we will browse down the tree until we find "Intermediate Certificates" > "Certificates" - right hand click and import - dependent on the format of the certificates you might need to enter...
Tuesday, 24 February 2015
Diagnosing iSCSI connection between Server 2012 inittiaor and a Server 2012 target server
For this lab we will assume that there are two Server 2012 boxes, configured on an isolated network of 192.168.0.0/24. Server 1 will be 192.168.0.1 and server 2 will be 192.168.0.2.We will firstly install Wireshark for this process and then start capturing packets on the appropriate interface. We start by launching the "iSCSI inittiator" on the client and going to:Discovery > Discover Portal > Enter the IP address of the ISCSI target > Advanced...
What does the _msdcs zone do?
This zone is present as a subdomain under each domain and advertises all of the different services available - such as LDAP and kerboros. There is also a several other subdomains:dc: Used by clients to identify which domain contoller(s) it should use.pdc: Used to identify the primary domain controller of the domain.There is also a _msdcs zone in the root forest domain - although there are a few differences:- All DC's in the entire forest register a CNAME record here (required for replication)- There is a GC subdomain that lists all of the global...
Recommended average disk queue length for a RAID Array or LUN
Firstly setup a performance monitor for the RAID array or LUN and add the "Average Disk Queue" counter to the monitor. For example if our average was 10 for the RAID array and there were 6 disks in the array we could do 10 / 6 which is: 1.67 which is below 2 per disk (which is the reccomended averag...
Measuring disk performance using performance monitor on Server 2012
The following counters each offer you vital information when attempting to diagnose disk perfomance issues, with either a LUN, RAID Array or simply a single disk (taken from TechNet):
%Disk Read Time, %Disk Write Time, %Disk Time, %Idle Time: All of these can be important, but keep in mind that they are only reliable when dealing with single disks. Having disks in RAID or a SAN setup can make these numbers inaccurate.
Average Disk Queue Length: A good counter to monitor if requests are backed up on your disk. Any sustained number higher than...
Cluster error: "There was an error cleaning up the cluster nodes."
This could be down to a lot of conditions, but just to help anyone else out there I will outline why I recieved this error message.
There was an error cleaning up the cluster nodes.
It occured because I was trying to setup a two node failover cluster with ADDS installed / one of the members being a domain controller. Although I found contradicting information - the overall stance appears that this setup is not support...
Monday, 23 February 2015
Generate a new SID for Windows Server 2008 / 2012 R2
Quite often if an operating system clone has failed you will be presented with the following message when attempting to join a server using a DC that was cloned improperly:
"The domain join cannot be completed because the SID of the domain you are attempting to join was identical to the sid of this machine."
We can generalize the operating system to resolve this issue by launching sysprep and selecting the "Generalize" option and then restart into OOBE (Out of Box Experience.):
C:\Windows\System32\Sysprep\sysprep.exe
Upon getting back into the...
Deploying Windows 10 with SCCM 2012 R2
Forwarning: This is not officially supported with SCCM 2012 R2 - do not use on a live system!
We will firstly download the Technical Preview iso from Microsoft (Windows10_TechnicalPreview_x64_EN-GB_9926)
We will place this in our sources share for SCCM under a new folder named "OS" and then use a tool like 7zip to extract the ISO's contents to a new folder in there.
We can then proceed by adding a new "Operating System Installer" and upon completion...
Friday, 20 February 2015
Fixing a Content Index Catalog Corruption
This database contains the seeding information for databases inside a DAG - for example if two mailbox servers are part of a DAG and the Content Index Catalog becomes corrupted - it means the logs / transactions exchanged with the other mailserver has caused the database to become corrupted.We can use the following command to resolve the issue:Update-MailboxDatabaseCopy -Identity "<server-name>\<hostname>" -CatalogO...
Repairing a corrupt mailbox database with Exchange 2007/2010/2013
Using the eseutil.exe tool you are able to repair mailbox databases that may have become corrupted.We will firstly identify the mailbox database:Get-MailboxDatabaseCopyStatusIf you are using Exchange 2007 or below you must then make sure it is unmounted before we attempt the repair:Dismount-Database -Identity <database>** During a database being in a unmounted / failed state log files will remain untouched, but the database mail queue will build up. **** Make sure database in unmounted and no file locks are on it! **We can then launch an...
Thursday, 19 February 2015
Domain controller promotion and demotion with powershell in Server 2012
To remove a DC:
Import-Module ADDSDeploymentUninstall-ADDSDomainController
To add a DC:Import-Module ADDSDeploymentInstall-ADDSDomainControl...
Setting up a Hyper-V Replication Cluster with Server 2012 R2
Normal
0
false
false
false
EN-GB
X-NONE
X-NONE
...