Gal Sync between exchange 2003 and Exchange 2007 – Part 1

This document is to provide step by step instruction to GAL Sync between Red.com (Exchange 2003) and Blue.com (Exchange 2007 ) organization using IIFP SP2

This document is majorly divided into 4 parts

1. Installing and configuration IIFP

2. Preparing and configuring Active Directory on both Red.com and Blue.com

3. Creating and configuration MA Agents to create mail enabled contacts in both Active directory forest

4. Executing and scheduling MA profiles

Lets talk each of the parts in detail

1. Installing and Configuration IIFP

Follow these steps in order to build and setup IIFP on a Windows Server on any of the domain, either red.com or blue.com

1. Install Windows 2003 R2 enterprise edition and configure server as per best practice

2. Join the server to the domain

3. Install IIS, ASP.net 2.0

4. Install Microsoft SQL Server 2005 with SP1

5. Install Identity Integration Feature Pack SP2

6. Run Microsoft Updates to bring system up to latest patch levels.

2. Creating and Configuring Blue.com – GAL MA

2.1 Configuring Red.com Active Director

1. Login to Red.com domain controller

2. From Start, click Administrative Tools; click Active Directory Users and Computers.

3. Select View from the top drop down menu and select Advanced Features.

4. Create new user “RedGalsync” with password and ensure that password is set not to expire and not to change the password for next logon

5. Select RED.COM and right-click, select Delegate Control

6. On the Welcome to the Delegation of Control Wizard page click Next.

7. On the Users or Groups page click Add.

8. On the Select Users, Computers, or Groups dialog box type “RedGalsync” and click OK.

9. On the Users or Groups page click Next.

10. On the Tasks to Delegate page select create a custom task to delegate, and click Next.

11. On the Active Directory Object Type page except the defaults and click Next.

12. On the Permissions page select General, Property-specific, and Creation/deletion of specific child objects, under permissions select Replicate Directory Changes and Replication Synchronization, and click Next.

13. On the Completing to the Delegation of Control Wizard page click Finish.

14. Create new OU with the name “Blue” under root and create sub OU “Contacts”

15. Right-click the Contacts OU and select Properties.

16. On the Contacts Properties dialog box click Security.

17. On the Contacts Properties dialog box click Add.

18. On the Select Users, Computers, or Groups dialog box type “REDGalsync” and click OK.

19. On the Contacts Properties dialog box select Read, Write, Create All Child Objects, and Delete All Child Objects, and then click OK. Make sure to Apply to this child and all objects.

20. Open ADSIEdit and navigate to the container “Blue”

21. Right-click on OU “Contacts” and select Properties.

22. Click on the Security tab, and click Advanced.

23. Choose to Add an ACE.

24. Specify REDGalsync to apply the permissions to. This will display the permissions dialog.

25. Click on Properties.

26. Drop down the Apply Onto dropdown box and select Child Objects Only.

27. Scroll down and mark Write proxyAddresses – Allow.

28. Choose to save the properties. This permission will be applied to every child object whose Allow inheritable permissions from the parent to propagate to this object and all child objects option is selected. This is located in the user’s Advanced Security property sheet. Any user that does not have this selected will not have the permissions granted to it

 

2.2 Configuring Blue.com Active Director

1. Login to Blue.com domain controller

2. From Start, click Administrative Tools; click Active Directory Users and Computers.

3. Select View from the top drop down menu and select Advanced Features.

4. Create new user “BlueGalsync” with password and ensure that password is set not to expire and not to change the password for next logon

5. Select Blue.com and right-click, select Delegate Control

6. On the Welcome to the Delegation of Control Wizard page click Next.

7. On the Users or Groups page click Add.

8. On the Select Users, Computers, or Groups dialog box type “BlueGalsync” and click OK.

9. On the Users or Groups page click Next.

10. On the Tasks to Delegate page select create a custom task to delegate, and click Next.

11. On the Active Directory Object Type page except the defaults and click Next.

12. On the Permissions page select General, Property-specific, and Creation/deletion of specific child objects, under permissions select Replicate Directory Changes and Replication Synchronization, and click Next.

13. On the Completing to the Delegation of Control Wizard page click Finish.

14. Create new OU with the name “Red” under root and create sub OU “Contacts”

15. Right-click the Contacts OU and select Properties.

16. On the Contacts Properties dialog box click Security.

17. On the Contacts Properties dialog box click Add.

18. On the Select Users, Computers, or Groups dialog box type BlueGalsync and click OK.

19. On the Contacts Properties dialog box select Read, Write, Create All Child Objects, and Delete All Child Objects, and then click OK. Make sure to Apply to this child and all objects.

20. Open ADSIEdit and navigate to the container name “Red”

21. Right-click on OU “Contacts” and select Properties.

22. Click on the Security tab, and click Advanced.

23. Choose to Add an ACE.

24. Specify BlueGalsync to apply the permissions to. This will display the permissions dialog.

25. Click on Properties.

26. Drop down the Apply Onto dropdown box and select Child Objects Only.

27. Scroll down and mark Write proxyAddresses – Allow.

28. Choose to save the properties. This permission will be applied to every child object whose Allow inheritable permissions from the parent to propagate to this object and all child objects option is selected. This is located in the user’s Advanced Security property sheet. Any user that does not have this selected will not have the permissions granted to it

Exchange tools for Every Exchange Engineers

I found a nice link which has all the necessary tool for exchange available. I am sure i will be using this in the futur

http://messagingschool.wordpress.com/2011/04/27/tools-for-exchange-server-200320072010/

Regards,

Krishna

TaskKill.exe to Kill the process on the remote computer

Taskkill.exe is very great tool which come in handy when you wanted to kill or terminate a process on the remote computer or local computer. You would do easily in the local computer and if you wanted to so the same in remote computer then you would wanted some easy option. you dont have to know the exact process Id or the Process name. Even you can use Wild card to find the process and kill it.

Below is the example to kill process running on the remote computer and you also force to terminate it.

taskkill /s <servername> /f /im Processname*

Below link has detail instruciton on how to use Taskkill.exe with various options

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/taskkill.mspx

Exchange Database – Dirty Shutdown

As Exchange Administrator it would be bad day if you have exchagne database in Dirty Shutdown State and you dont have required log files to perform soft recovery. Below link has a steps on how to perform soft recovery if you have al the require log file.

http://smtpport25.wordpress.com/2009/07/13/disaster-recovery-of-exchange-2007-mailbox-server/

If you dont have the required log files then you have to follow below steps to recover the database

1. Run ESEUTIL /P database_filename.edb (from the BIN folder and repair the edb files)
2. Delete the log and chk files.
3. Run eseutil /d database_filename.edb (Defrag the Database)
4. Run isinteg (isinteg -s servername -fix -test alltests) from the bin folder.
5. Mount the stores

Eseutil and Isinteg would be really long time , depending on the size of the database. Microsoft always recommends to keep the database size less then 100 GB. If you are using CCR environment then it can grow more then 100 GB as you will be multipe copies of the log files for recovery purpose

Uninstalling Exchange 2003 cluster Server

Make sure that  Following is not residing on Exchange 2003 which you wanted to decomission

1. No mailbox
2. Configure public Folder replica to other servers
3. Configure Free busy and OAB information to replication to other public folder
4. Move Offline Address book to other Exchange Server
5. Move RUS to other Exchange Server
6. Make sure Decomission server is not Bridge Head Server or Routing Group Master Server

Login to Active Node of Exchange Server
1. Open Cluster Admin
2. Open Exchange Cluster resource and take offline all the resources Except Exchange name and Exchange IP address
3. Right click on Exchange System Attendent Cluster Resource -> Click on Remove Exchange Virtual Server and click on OK to confirm the same
4. Once you remove System Attendent Cluster resource loging to passive node and Add remove programs to remove Exchagne 2003
5. Once passive node is done then login to Active node and uninstall Exchange Server
6. If you could not uninstall Exchange 2003 Gracefully then
7. Stop All the Exchange resources and change to startup type to Disabled
8. Open Registery Editor and remove all the exchange related information
9. Delete Exchange Setup folders in the path C:\program files\Exchsrvr
10. Open Adsiedit then Access configuration Container and browse to the below path and right click on the Exchange 2003 server object and delete
Configuration Container
CN=Configuration, DC=Domain_Name,DC=com
CN=Services
CN=Microsoft Exchange
CN=Your_Organization_Name
CN=Administrative Groups
CN=Your_Administrative_Group_Name
CN=Servers
11. Link http://support.microsoft.com/kb/833396 has some details information on the details on the services that needs to be stopped,registery that needs to be deleted for step 7 and 8 above
12. Reinstall IIS on both the server

LogParsing with Exchange SMTP Protocol Logs

SMTP Protocol logs are not enabled by default.  In Both Exchange 2003 and Exchange 2007 SMTP Protocol logs need to be manually enabled.

In Exchange 2003 SMTP protocol logging is enabled on the SMTP Virtual Servers

Please download log parser from following link

http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en

Below log parser command help you to get list of servers connecting to Exchange 2003 server through SMTP

logparser “Select cs-username,count (*) as Hits from N:\ex0910.log GROUP BY cs-username ORDER BY Hits Desc” -o:DATAGRID

Below is the output it provides the list of server name and number of hits from that specific servers

Below mentioned article describes on how to enabled smtp protocol logging on Exchange 2007 and log files path

http://smtpport25.wordpress.com/2009/10/

Below command helps you to get the list of servers connect to the exchange server for sending emails

logparser “select REVERSEDNS(EXTRACT_PREFIX(remote-endpoint,0,’:')) as RemoteSendingHost, count(*) as Hits from RECV*.log group by RemoteSending Host order by Hits DESC” -i:CSV -nSkipLines:4  -o:DATAGRID

related articles

http://msexchangeteam.com/archive/2007/09/12/446982.aspx

http://msexchangeteam.com/archive/2007/11/12/447515.aspx

http://msexchangeteam.com/archive/2007/11/28/447598.aspx

http://linuxlore.blogspot.com/2006/11/howto-use-microsofts-logparser-to.html

Exchange Database and Transactions log Reset

Chances that some times Database has grow too big or some time database is corrupted , then you may have to move all the user to the different store and reset the Database

Reset Database – Care full while doing this task. Make sure that you select the right DB

1. Select the require Exchagne database from Exchange system manager or Exchange management console
2. Right click on the database and click on Dismount
3. Find the path of the database. Select Edb and Stm file and rename the file(Can be deleted later)
4. Right click on the database and click on Mount
5. This will create a new database with the same old Database name.
6. You can start moving users

 

Reset Transaction Logs – Careful while doing this task. Make sure that you select the right Storage Group

1. Transaction Logs are for each Storage group. In exchange 2007 it’s recommended to have one database on each storage group. Managing would be easy when you have one database in each storage group. We can always have multiple databases
2. Stop Information store service
3. Run Eseutil /mh “Database Path” on each of the database which you wanted to transaction log reset. Make sure that you get “Clean Shutdown” status.

 4. Once you have clean shutdown on all the databases then you can go to the log folders and move all the files to the temp location
5. Start the Information store service again

Adding Mail enabled public folder as the member of Distribution list

Some times you may wanted to add mail enabled public folder as the member of Distrubution list and you wanted to send copy of mail to PF which is sent to distrubution list.  For this you may need to add mail enabled public folder as the member of the DL

Its not possible add public folder as members of DL in Exchange 2003. This can be only done from Exchagne 2007.
Throught Exchange 2007 you can add both throught Exchange management console and Powershell command

Powershell command
Add-DistributionGroupMember  -Identity “DLName”  -Member “Email address”

Exchange Management console
Expand Recipient Configuration -> Distibution Group -> find the requied DL -> Add the same

Finding all the email address used in public folders and their path

Right click on Active directory users and computers -> Find -> Select the option as Exchange Recipients -> Make sure that you select only “Mail Enabled public folders” and uncheck others -> Click on Find now to get the list of all the email address used in public folders with their respective mail enabled public folder name.  Below is the snap of the same

You can use PFDAVAdmin tool to find the path of all the public folders in the orginization.  You can download the tool from the microsoft site. Open PFDAVAdmin.exe -> File connect  -> Input exchagne server name which has public store, GC name, authentication and select public folder. This will get Public fodler and System folder list. Select public folder-> Tools -> Export Properties -> Enter the file path in the output file and click ok to export the complete details of the public folder to the output file.

Open the output file to get the details

Automating Exmerge 2003 and Exmerge 2000

First need to download Exmerge.exe from the below mentioned link and extract the files to c:\Program Files\Exchsrvr\bin of Exchagne 2003 Machine

http://www.microsoft.com/downloads/details.aspx?familyid=429163ec-dcdf-47dc-96da-1c12d67327d5&displaylang=en

• *************************************************************************

Then you need to list of list of users you wanted to exmerge at a time. Use the below given VBscript to get the legacyDN name for the list of users given the text file as input.  It creates a file called Legacyaddresses.txt

Dim filesys,filetxt
const ForReading = 1, ForWriting = 2, ForAppending = 8
InputFile = Inputbox(“Enter Path of the txt file”)
InputFile = trim (InputFile)
if InputFile = “” then
wscript.echo “You did not enter the user name. Script Quits!! “
wscript.quit(0)
end if

set objShell = Createobject(“Wscript.Shell”)
drivepath = objShell.CurrentDirectory
set rootDSE = GetObject(“LDAP://RootDSE“)
DomainContainer = rootDSE.Get(“defaultNamingContext”)

set conn = CreateObject(“ADODB.Connection”)
conn.provider = “ADSDSOObject”
conn.Open “ADs Provider”

Set filesys = CreateObject(“Scripting.FileSystemObject”)
set filetxt1 = filesys.OpenTextFile(InputFile,ForReading)

fulname = drivepath & “\” & “Legacyaddresses.txt”
set filetxt = filesys.OpenTextFile(fulname,ForAppending,True)

do Until filetxt1.AtEndOfStream
 name = filetxt1.Readline
 name = trim(name)
 strLDAP=”<LDAP://” & DomainContainer &”>;(&(mailnickname=”& name &”)(objectCategory=person)(objectclass=user));adspath;subtree”
 set ocomm = createObject(“ADODB.Command”)
 ocomm.ActiveConnection = conn
 ocomm.CommandText = strLDAP
 set rs = ocomm.Execute
 if rs.EOF then
  wscript.Echo name & ” did not found!”
 
 else
  set FoundObject = GetObject(rs.Fields(0).Value)
  filetxt.Writeline(Foundobject.legacyExchangeDN)
 
 end if
loop

                                        ****************************************************************************

You Extracted 2  files Exmerge.exe , ExMerge.ini c:\Program Files\Exchsrvr\bin. 

Exmerge.ini contatin detail descrition on export and import from and to PST of the mailbox. Find the below mentioned lines the Exmerge.ini and edit as given below

1. MergeAction = Set value to 0

2. SourceServerName = Give any one server name in the Exchange Administrative group

3. DataDirectoryName = Give the path details where you wanted to export the pst (Ex. D:\ExmergeData)

4. FileContainingListOfMailboxes = Give the  path of the Txt file which has list of legacyDN addres of the users which u exported from the above script (Eg. D:\ExmegeData\Mailboxes.txt)

5. Go command prompt and type c:\Program Files\Exchsrvr\bin\exmerge.exe  -F c:\Program Files\Exchsrvr\bin\exmerge.ini -B -D

6. This will Export all the mailbox specified in list to PST to the given location which is mentinoed in DataDirectoryName, You can add the above line in the batch file and schedule it. Need to make sure that you have sufficient rights on the mailbox for the export.

7. Limit the mailbox you export at a time, depending on the performance of the machine. You can limit the mailbox export by limiting the number of mailboxes in mailboxes.txt which is refered by  FileContainingListOfMailboxes