Wednesday, June 10, 2015

Quickly Retrieving AD Domains Within the Multi-Domain Forest

Hi folks,

If you are working in a multi-domain forest and you need to retrieve a list of domains there are coule ways to achieve, either using  ADSI as in this post or write function as this blog post. Both are work.

However there's a simple way to achieve it if you are running Windows 2008 R2 and later and AD PowerShell module. You can achieve this simply by running:

Get-ADForest |select -ExpandProperty Domains

An you will get list of all domain FQDNs within your forest.


Friday, June 5, 2015

EMS and Exchange Server Installation Path

Hi folks,

Just wanted to share with you the recent adventure that I had. Sometimes there're situations when you will need to re-install Exchange Server binaries on the same server but into the different directory. Sometimes after successful re-installation you may run into the following error when starting Exchange Management Shell or Exchange Management Console (obviously because it runs on top of EMS):

Connecting to remote server failed with the following error message : The WinRM client cannot complete the operation within the time specified. Check if the machine name is valid and is reachable over the network
 and firewall exception for Windows Remote Management service is enabled. For more information, see the about_Remote_Troubleshooting Help topic.

This article is a good starting point for troubleshooting. So first make sure that ExchangeInstallPath environment variable exists and points to the right directory. You will need to reconfigure it pointing to the new installation folder.

However there's one more point which was not considered there. This is where this blog post came to my help. Apparently when Exchange binaries IIS cofiguration file (C:\Windows\System32\inetsrv\config\applicationHost.config) file remains unchanged. As the result kerbauth parameter is pointing to the old location of kerbauth.dll

It's quite easy to fix it. You will need to run the following steps:

1. Run command line as admin and execute:

notepad C:\Windows\System32\inetsrv\config\applicationHost.config

2. In the applicationHost.config locate the following entry:

<add name="kerbauth" image="C:\Program Files\Microsoft\Exchange Server\v14\Bin\kerbauth.dll" />

3. Modify path to the kerbauth.dll to point to the correct location and save applicationHost.config

4. Run iisreset /noforce

After this your EMS will be able to start successfully and connect to remote PowerShell without problem.


Thursday, June 4, 2015

Creating Identical Receive And Send Connectors

Hi folks,

I would love to share with you about an easy way to create receive connectors for multiple transport servers (Mailbox servers in Exchange 2013). As you know receive connectors are maintained on per server basis. At the other hand to have consistent mail receive experience you will need to have identical configuration of receive connectors in your organization, This task will be hard if you have many Exchange servers.

But fortunately, PowerShell is indeed powershell and allows to automate this task. All you need to do is to create one receive connector on first transport (mailbox) server and then you can easily deploy them across.

I won't share how to create receive connector as you can read about it in this TechNet article.

After receive connector is created you create a variable and dump all the information about the connector there. Then you run New-Receive connector on the rest of the server using New-receiveConnector cmdlet (or lately tweaking them using Set-ReceiveConnector cmdlet) and get all the necessary values for the parameters from the respective parameters dumped into the variable. The code will be as follows.

$RC = Get-ReceiveConnector -Identity "SERVER001\MyConnector"

For Exchange 2010:

New-ReceiveConnector -Name "MyConnector" -Server SERVER002 -AuthMechanism $RC.AuthMechanism -Bindings $RC.Bindings -Enabled $RC.Enabled -ConnectionInactivityTimeout $RC.ConnectionInactivityTimeout -ConnectionTimeout $RC.ConnectionTimeout -MessageRateSource $RC.MessageRateSource -MaxInboundConnection $RC.MaxInboundConnection -MaxInboundConnectionPerSource $RC.MaxInboundConnectionPerSource -MaxInboundConnectionPercentagePerSource $RC.MaxInboundConnectionPercentagePerSource -MaxRecipientsPerMessage $RC.MaxRecipientsPerMessage -PermissionGroups $RC.PermissionGroups -ProtocolLoggingLevel $RC.ProtocolLoggingLevel -RemoteIPRanges $RC.RemoteIPRanges -MaxMessageSize $RC.MaxMessageSize -MaxHopCount $RC.MaxHopCount -MaxLocalHopCount $RC.MaxLocalHopCount

For Exchange 2013:

New-ReceiveConnector -Name "My Connector" -Server SERVER002 -AuthMechanism $RC.AuthMechanism -Bindings $RC.Bindings -Enabled $RC.Enabled -ConnectionInactivityTimeout $RC.ConnectionInactivityTimeout -ConnectionTimeout $RC.ConnectionTimeout -MessageRateSource $RC.MessageRateSource -MaxInboundConnection $RC.MaxInboundConnection -MaxInboundConnectionPerSource $RC.MaxInboundConnectionPerSource -MaxInboundConnectionPercentagePerSource $RC.MaxInboundConnectionPercentagePerSource -MaxRecipientsPerMessage $RC.MaxRecipientsPerMessage -PermissionGroups $RC.PermissionGroups -ProtocolLoggingLevel $RC.ProtocolLoggingLevel -RemoteIPRanges $RC.RemoteIPRanges -MaxMessageSize $RC.MaxMessageSize -MaxHopCount $RC.MaxHopCount -MaxLocalHopCount $RC.MaxLocalHopCount -TransportRole $RC.TransportRole

Even more automation can be achieved if you create another variable for transport servers and then run New-ReceiveConnector cmdlet against every transport server in this variable, like below:

$TS = Get-TransportServer (for Exchange 2010)
$TS = Get-MailboxServer (for Exchange 2013 and later)

and then

$TS | foreach {New-ReceiveConnector -Name "MyConnector" -Server $_.Name -AuthMechanism $RC.AuthMechanism -Bindings $RC.Bindings -Enabled $RC.Enabled -ConnectionInactivityTimeout $RC.ConnectionInactivityTimeout -ConnectionTimeout $RC.ConnectionTimeout -MessageRateSource $RC.MessageRateSource -MaxInboundConnection $RC.MaxInboundConnection -MaxInboundConnectionPerSource $RC.MaxInboundConnectionPerSource -MaxInboundConnectionPercentagePerSource $RC.MaxInboundConnectionPercentagePerSource -MaxRecipientsPerMessage $RC.MaxRecipientsPerMessage -PermissionGroups $RC.PermissionGroups -ProtocolLoggingLevel $RC.ProtocolLoggingLevel -RemoteIPRanges $RC.RemoteIPRanges -MaxMessageSize $RC.MaxMessageSize -MaxHopCount $RC.MaxHopCount -MaxLocalHopCount $RC.MaxLocalHopCount}

Similar approach can be used for cloning send connectors in case you want to create scoped send connector or create send connector that use different source hub or mailbox servers in different sites.
The code for this will be as below:

$SC = Get-SendConnector "Send Connector Russia"

New-SendConnector "Send Connector Poland" -AddressSpaces $SC.AddressSpaces  -ConnectionInactivityTimeOut $SC.ConnectionInactivityTimeOut -DNSRoutingEnabled $SC.DNSRoutingEnabled -Enabled $SC.Enabled -ForceHELO $SC.ForceHELO -IgnoreSTARTTLS $SC.IgnoreSTARTTLS -MaxMessageSize $SC.MaxMessageSize -SourceTransportServers SERVER001,SERVER002 -SmartHosts $SC.SmartHosts -SmartHostAuthMechanism $SC.SmartHostAuthMechanism