Archive

Archive for January, 2012

Transport Rules-Based Message Interception

January 25, 2012 1 comment

Transport Rules can be employed to satisfy needs for message review and monitoring, while Journaling can be employed to meet the regulatory compliance needs for message archiving. The purpose of this article is to simply demonstrate how to create a transport rule and apply it for existing users.

Transport rules are applied when messages are sent or received in your organization. Transport rule contain 3 criteria as below,

1. Condition

2. Action

3. Exception

First, a criteria is evaluated such as who the sender or receiver of the message is, or the keywords in a message.  If messages meet particular criteria (conditions and exceptions), then an action can be applied like ‘block,’ ‘copy,’ ‘moderate,’ or ‘append a disclaimer to the message’.  Transport Rules are used to enforce message control and protection policies. The Transport Rules agent runs on the Exchange Hub Transport server, evaluating every message against the set of Transport Rules.

The below demonstration show how to create a journal rule to Bcc a copy of a mail to a common or superior email address when someone in the organization try to send an email which contain any sensitive project key word like “confidential”.

1. Go to All Programs à Microsoft Exchange Server 2010 à Exchange Management Console.

2. Once the console open Select Hub Transport under Organization configuration and select new transport Rule as below.

clip_image002

3. Initial screen you can see as below. You can put Transport Rule Name and put a meaningful comment.

clip_image004

4. Select the conditions you want to apply for users.

clip_image008clip_image006

clip_image012

clip_image010

5. Here we come to the Condition screen. You can specify key sensitive words you want filter.

 clip_image018

clip_image016clip_image014

clip_image020

6. It is time to provide the administrator or superior address which you want to send a bcc of the filtered email

clip_image022

clip_image024

clip_image026

7. We are not going to give any Exceptions

clip_image028

8. Click New.

clip_image030

9. Click Finish.

clip_image032

10. Below you can see the created Transport Rule. And it is up to you to change the priority level. If you want to make it as default you have to change the priority to 1.

clip_image034

11. This email is send to Susan Baker (External User) and since it contain confidential and secret word it should send a Bcc silently to peterp@contoso.lk (Administrator).

clip_image036

clip_image038

12. You can see below the email is received by the peterp@contoso.lk

clip_image040

Advertisements
Categories: Exchange

ZIMBRA TO EXCHANGE SERVER 2007 MIGRATION GUIDE

January 19, 2012 33 comments

I struggle to find a better step by step article to migrate mails from ZIMBRA to Exchange server. But I couldn’t find a single one. This article is designed by me for administrators who wants to core exist their ZIMBRA and Exchange server for a while and do the migration batch wise. I advice you, prior to do changes for production environment (If you are new to migrate ZIMBRA to Exchange) it is better if you can form some test labs and do a trial. So I have setup a small lab for your better understanding. This lab environment show you how to core-exist ZIMBRA and Exchange server 2007 servers. Once all user accounts migrated to Exchange 2007 it is your call to perform the next step Smile . Exchange server 2007 to 2010. You may find so many article on the internet.     

LAB VM’s

Ø Active Directory Server

  • VM Name – CONTOSO-AD.
  • IP Address – 172.21.13.197.
  • FQDN – CONTOSO-AD.contoso.lk.

Ø ZIMBRA MAIL SERVER

  • VM Name – CONTOSO-ZIMBRA
  • IP Address – 172.21.13.189
  • FQDN – MAIL.contoso.lk

Ø EXCHANGE 2007 MAIL SERVER

  • VM Name – CONTOSO-E2K7
  • IP Address – 172.21.13.201
  • FQDN – EXCH-2007.contoso.lk

Configurations Done

Ø Primary Domain Controller

  • Create a MAIL EXCHANGER MX record for mail.contoso.lk FQDN.

image

Ø EXCHANGE 2007 MAIL SERVER – Steps to be followed.

  • In the Exchange Management Console, navigate to “Organization Configuration/Hub Transport/Send Connectors”.
  • Add a Send Connector.
  • On the Address Space tab, click “Add” and enter your subdomain (e.g., mail.contoso.lk) for the Address with a cost of 1. Click OK.
  • On the Network tab, select “Route mail through the following smart hosts”. Click Add and enter the IP address of the Zimbra server in brackets such as [172.21.13.189]. Click OK.
  • On the Source Server tab, be sure all your Hub Transport servers are selected. Click OK.

Create send connector for ZIMBRA server.

  • Connector Name -* ZIMBRASEND*
  • Address space – mail.contoso.lk (ZIMBRA Server FQDN).
  • SMART HOST IP – 172.21.13.189 (ZIMBRA Server IP).

image imageimage image

  • Modify the existing Send Connector to have a higher cost(10)

image

Ø Steps to be followed.

  • In the Exchange Management Console, navigate to “Server Configuration/Hub Transport/Receive Connectors”.
  • Click “New Receive Connector”. Enter a name for this connector (“Zimbra”) and click next twice.
  • Under “Remote Network Settings”, click Add. Enter the IP address of your Zimbra MTA Server(s).
  • Highlight the default Remote Network Setting (0.0.0.0-255.255.255.255) and click the red X to delete it. Click Next.
  • Click New and Finish.
  • Highlight the new Receive Connector and click Properties.
  • Select the Authentication Tab and click “Externally Secured”.
  • Select the “Permissions Group” tab. Check the “Anonymous Users” check box and the “Exchange Servers” check box and click OK.

Ø Add new Receive Connector.

  • Connector Name – *ZIMBRAR*
  • Remote network setting IP Address – 172.21.13.189 (ZIMBRA Server IP).
  • Authentication Tab – Externally Secured
  • Permissions Group tab – “Anonymous Users” and “Exchange Servers”.

image imageimage image

Ø Exchange Users (Creating mail contact in Exchange server for ZIMBRA users)

For each user hosted on the Zimbra server, a mail user will need to be associated with the Active Directory account. While the command can be performed from the Exchange Management Console, the Exchange Management Shell command is shown below (test-zimbra is the name of the Active Directory Account):. This has to be done in order to exchange mail between Exchange server and ZIMBRA.

[PS] C:\>Enable-MailUser -Identity ‘test-zimbra@mydomain.com’ -Alias ‘test-zimbra’ -ExternalEmailAddress ‘SMTP:test-zimbra@zimbra-server.mydomain.com’ -PrimarySMTPAddress ‘test-zimbra@mydomain.com’

[PS] C:\>Enable-MailUser -Identity ‘dilshan@contoso.lk’ -Alias ‘dilshan’ -ExternalEmailAddress ‘SMTP:dilshan@mail. contoso.lk’ -PrimarySMTPAddress ‘dilshan@contoso.lk’

image

Ø Zimbra mail server as the primary server – the zimbra server will route all outbound email directly to the internet

Add new domain to ZIMBRA mail.sdb.lk (ZIMBRA Server FQDN)

  • Go to ZIMBRA admin console.
  • Click Domains.
  • Add new.
  • Enter mail and continue the wizard.

 image image

image

Ø Theses commands need to run on the Terminal Console or PUTTY

  • Su – zimbra

image

  • $zmprov md mydomain.com zimbraMailCatchAllAddress @mydomain.com
  • $zmprov md contoso.lk zimbraMailCatchAllAddress @contoso.lk

image

  • $ zmprov md mydomain.com zimbraMailCatchAllForwardingAddress @mydomain.com
  • $ zmprov md sdb.lk zimbraMailCatchAllForwardingAddress @contoso.lk

image

  • $ zmprov md mydomain.com zimbraMailTransport smtp:exch-server.mydomain.com:25
  • $ zmprov md contoso.lk zimbraMailTransport smtp:EXCH-2007.contoso.lk:25

image

  • For each user on Zimbra, create an alias to accept email from Exchange and deliver to users on Zimbra
  • $ zmprov aaa account@mydomain.com account@zimbra-server.mydomain.com
  • $ zmprov aaa dilshan@contoso.lk dilshan@mail.contoso.lk

image

Note: So far we have done things to make mail flow in between zimbra and exchange servers and to internet

Migrate users by using Microsoft Transport Suit

The installation process is straightforward, download Microsoft Transporter, the version should be the newest one.

The tool can be installed in either 32bit or 64bit versions of Windows Server 2003, Windows Vista or Windows XP. The software requirements are .Net Framework 2.0, MMC 3.0, PowerShell 1.0 and Exchange Server 2007 SP1.

To install the Microsoft Transporter tool:

  • On the first screen click on Next.
  • End-User License Agreement. Click I accept the terms in the License Agreement and click next.
  • Select Components and Install Location. In our case we are not going to play with Lotus Domino, then let us install only Transporter for Internet Mail, and then click on Next, as shown in Figure 01

image

  • Ready to install. Just click on Install button to start the Microsoft Transporter installation and Final screen of the wizard, just click on Finish.

Note : The process is totally straightforward and the Microsoft Transporter Suite can be installed in a workstation or on the Exchange Server 2007 box as well.

Ø Configuring Exchange Server 2007 permissions

  • In order to migrate from POP3/IMAP4 the user must have the Exchange Recipient Admin and Exchange Impersonation rights in at least a single CAS Server.
  • To validate if the current user belongs to the Exchange Recipient Admin we can run the following command: Net user <User Name> /domain.
  • To configure Exchange Impersonation we need to figure out first what the Distinguished Name of the CAS Server is. Run the following Get-ClientAccessServer cmdlet Get-ClientAccessServer | select name,distinguishedname | fl

image

  • The Exchange Impersonate permission can be assigned to a single CAS Server or all of them, if we are going to specify the CAS during the mailbox migration wizard. To add the permission use the Add-ADPermission cmdlet

Add-ADPermission – Identity (Get-ExchangeServer).DistinguishedName –User (Get-User –Identity Administrator | Select-Object).Identity –ExtendedRight ms-Exch-EPI-Impersonation

image

Ø Create mailbox for each migrating user.

image

Ø Generating the .CSV file to be used by Microsoft Transporter

We will now move data from a generic POP3 Server to Exchange Server 2007, in order to accomplish this task we have to create a .CSV file with the following columns:

  • SourceIdentity: The e-mail account that the user has in the POP3 Server
  • SourceServer: The name or IP of the POP3 Server
  • SourceLoginID: the account user name used to connect on the POP3 server
  • SourcePassword: the user’s password
  • TargetIdentity: the Exchange Server 2007 identity will receive the data from the previous POP3 Server settings.

Sample .csv file is given below,

image

The TargetIdentity must exist before using the Microsoft Transporter tool, the value of TargetIdentity can be any e-mail address (Primary or secondary). We can use the same CSV file to create the users or mailboxes in case of a new environment.

Ø Migrating from POP3 Server to Exchange Server 2007.

Next, we are going to copy content from a generic POP3 Server to Exchange Server 2007. The user list was created in the previous section and now we are going to import them into the tool and use the migration wizard later on in order to copy the content. Before starting the copy we will see the current information that a user has in the generic server which supports POP3.

Okay, now we know the content that we are going to move, let us use the Microsoft Transport to copy the content:

  1. Open Microsoft Transporter Suite for Internet Mailboxes.
  2. In the main screen click on Add Mailboxes... button.

image

3. Add Mailboxes. Select the CSV file created in the Excel and click on Import. (Figure 07)

image

4. Security Warning. A message informing us that the password information contained in the CSV will be stored in a file called InternetMailbox.tbin. Just click OK.

5. On the main screen we have three different views to work with: All Mailboxes, Mailboxes Ready for Migration and Mailboxes Already Migrated. Let us click on All Mailboxes to see all the mailboxes imported from the CSV file and let us start the migration of a single user, click on a single user and click on Migrated Selected Mailboxes.

image

6. Select Mailbox Type. Select POP and we are not going to use a secure connection to the POP3 Server (995 SSL), we also going to specify which CAS (Client Access Server) and in our case that CAS was the only one that we gave Exchange Impersonate permissions. Click on Next. (Figure 09)

image

7. Select Data Range. We can specify a time range to migrate from the POP3 server to Exchange Server 2007. We will get all the content, click on All e-mail and click on Next.

image

7. Review Selected Mailboxes. A summary is shown. Just click on Migrate.

8. Migration Complete. The final page displaying the migrated data, just click on Finish.

Now, it is time to test if our migration went well. Log in using the user Hasitha (the same user whose mailbox was on the generic POP3 server) and we can validate that the current content in OWA is the same as the POP3 server (Figure 11). Microsoft Transporter preserves the following characteristics:   attachments, rich content, status information (read or unread).

Note : Once the migration completed you should delete or disable the user mail account in ZIMBRA server

image

References:

http://www.msexchange.org/articles_tutorials/exchange-server-2007/migration-deployment/migrating-domino-exchange-2007-part6.html

http://wiki.zimbra.com/index.php?title=Split_Domain#Deployment_Scenario_B:_Zimbra_as_a_Smart_Host_or_Backup_Email_Server

http://wiki.zimbra.com/index.php?title=Split_domain_with_Exchange_2007_as_Primary&oldid=36557

Categories: Exchange

Upload picture in Outlook 2010 using the Exchange Management Shell (Exchange 2010)

January 12, 2012 6 comments

 

This guide will help you to understand how to import bulk pictures to Microsoft Outlook (2010 and 2007) using Exchange shell. You have to follow below simple steps to get it done.

1. Create a .CSV file with user logon names and picture paths you want to add.

clip_image001

2. Run the below shell command,

Import-csv C:\Users.csv | % { Import-RecipientDataProperty –Identity $_.username –Picture –FileData ([Byte[]]$(Get-Content –Path $_.picture –Encoding Byte –ReadCount 0)) }

clip_image003

Before add the outlook profile pictures.

clip_image005

As you can see below thumbnailPhoto attribute is null

clip_image007

After add the outlook profile pictures.

clip_image009

As you can see below thumbnailPhoto attribute filled an image path

clip_image011

You can watch the below video, it covers whole area what I discussed in the above article…..

Categories: Exchange

Migrate User Home Folders to a New File Server with all Security Permissions and Bulk Changes for Home Folder Paths.

January 6, 2012 8 comments

Since Administrators has to put a massive effort to transfer home folder contents and profile paths to a new file server, I have given a quick and easy guidance to achieve it with most effective way. I have done a small LAB environment to present the below steps to you as below. As you can I have created two OU’s name Finance and IT under Test Users. For each user contain in particular OU has the profile path as follow. \\Server1\File_Server\%Department%\%username%

clip_image002

clip_image004

\\Server1\File_Server\IT\Gayanp

Ø In order to achieve this migration very effectively you have to follow below tasks as well

  1. Clearly identify new file server path. (According to my environment user new   home folder profile path is \\Server2\File_Server\%Department%\%username% or \\Server2\File_Server ).
  2. Backup Registry Share files and merges in to new server – Microsoft’s official method of migrating shares from one server to another is documented in KB125996, which requires an export of the registry key
  3. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Shares from server1 and the importing of that resultant .reg file into server2.
  4. Make sure new LUN drive letter is equal to old backup drive letter.

Share permission and ACL permission should be same for the top folder.

clip_image006clip_image008

Ø Use ROBOCOPY Tool to transfer all file contents and share permissions to the new server.

Download ROBOCOPY TOOL from this site and it is freeJ. http://www.mytechguide.org/605/microsoft-robocopy-gui

  1. Once you download it, login to your server as a domain admin and install the ROBOCOPY GUI.
  2. Start ROBOCOPY GUI Tool, Start à All Programs à ROBOCOPY GUI. Once you open it you will see an interface as below.
  3. Enter the source and destination file path of your file server and do the changes for other tabs contents as given below.

clip_image010clip_image012

clip_image014clip_image016

4. Finally hit run then you will see a message as below.

clip_image017

Ø Use ADModify.Net tool to do bulk changes for user home folder paths

  1. Download ADModify.Net tool from this web site http://admodify.codeplex.com/
  2. You do need to do any installation for this tool. Straightaway double click ADModify.NET exe. Then you will see an interface as below and click on Modify Attributes.

clip_image019
3.Then you will transfer to the new configuration interface. Then you have to    select your Domain List and Domain Controller list and remove all the ticks from tick boxes except users.

Select the OU where the user exist and click Add to list.

clip_image021

clip_image023

5. Finally you will get below interface. Then you have simply do the path change as below. Since this is a bulk change instead of entering the user name you have out the %sAmAccountName% then it will get the User Logon Name of the each user and do the necessary changes for the home folder paths.

clip_image025

\\Server2\File_Server\IT\%sAMAccountName%

6. Click Go. Then you will get a message saying how many changes have been done for each user.

clip_image027

7. After that you can go to Active Directory Users and Computers and check the Home folder path, you will see the old home folder path changes to the new path as below.

Hello world!

January 6, 2012 1 comment

Welcome to WordPress.com. After you read this, you should delete and write your own post, with a new title above. Or hit Add New on the left (of the admin dashboard) to start a fresh post.

Here are some suggestions for your first post.

  1. You can find new ideas for what to blog about by reading the Daily Post.
  2. Add PressThis to your browser. It creates a new blog post for you about any interesting  page you read on the web.
  3. Make some changes to this page, and then hit preview on the right. You can always preview any post or edit it before you share it to the world.
Categories: Exchange