tag:blogger.com,1999:blog-67677349113021908592024-03-05T07:04:41.150-08:00Security & Technology BlogInformation on technologies that I have worked on.Jessiehttp://www.blogger.com/profile/01819259273657542315noreply@blogger.comBlogger17125tag:blogger.com,1999:blog-6767734911302190859.post-8259512836170613572015-11-10T12:48:00.000-08:002015-11-10T12:48:40.551-08:00<div class="MsoNormal" style="text-align: center;">
Security tunnel vision – Mobile devices and VPN<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Over the last few years of my career, like so many people I
have experienced “Security tunnel vision”.
Security tunnel vision is when we as security professionals get fixated
on only one aspect of security and forgot the overall landscape of the
organization.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
An example of this would be mobile devices, such has smart
phones and tablets accessing corporate resources. There is a certain fear among some security
professionals that these devices are not secure enough to access corporate resources
using technology’s such as VPN etc. These professionals are fixated on the point
that these devices can be jailbroken, users can download malicious apps; they
have entered the state of security tunnel vision. <o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
They have lost sight that users were already using mobile
devices such as laptops to access corporate networks using approved methods. The solution is not to ban mobile devices
from using proven technologies such as VPN, but to put mitigation controls in
place. Banning mobile devices from
corporate access will not drastically improve the security landscape for their organizations
if VPN is already being leveraged for a mobile workforce using laptops, it will
only inconvenience the business and stop productivity. <o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
As security professionals it is important to create policies
and standards that protect a company holistically. If the corporate policy approves technologies
like VPN, then devices should be allowed to use that technology as long as criteria
security has indicated are met. <o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<br />
<div class="MsoNormal">
In this case, a mobile device management solution, mature
governance on which applications are to be allowed, a policy on BYOD, and polices
and standards on mobile devices should be leveraged and established. <o:p></o:p></div>
Jessiehttp://www.blogger.com/profile/01819259273657542315noreply@blogger.com0tag:blogger.com,1999:blog-6767734911302190859.post-23713690612231327512014-12-29T16:07:00.000-08:002014-12-29T16:07:15.840-08:00CISSP Lessons learned
<br />
When I was getting ready to start studying for the CISSP exam, I was told by
others the exam is a mile long and an inch deep. Now after taking and passing
the exam, I can verify the assumption personally. Initially I was overwhelmed
with how much information one was expected to learn "remember", but
as I began to study I realized one important element; understand concepts and the
rest will work out, which held true for me during the exam. <o:p></o:p><br />
<br />
In today's age one can’t be required to remember everything; there is so
much information that most of us can’t physically do it, other then what we do
on a regular basis as it is reinforced by repetition. What are easier to
remember and comprehend are concepts, for example how PKI works, or what’s the
purpose of a DMZ, or how a firewall works.<span style="mso-spacerun: yes;">
</span>Understanding the concept of public key cryptology is more beneficial then
knowing that RSA has so many bits; a person can just do a quick look up for the
bit size of RSA.<span style="mso-spacerun: yes;"> </span>The reason is that on the
CISSP exam they don’t go into great detail but ask questions at a bird’s eye
view.<span style="mso-spacerun: yes;"> </span>In my opinion CISSP is not a
technical certification, but a certification that has a broad body of knowledge
that helps pull everything together.<o:p></o:p><br />
<br />
So what do you need to pass the Exam?<o:p></o:p><br />
<br />
<div style="margin-left: 0.5in; mso-list: l0 level1 lfo1; text-indent: -0.25in;">
<span style="mso-list: Ignore;">1.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span>Experience, The CISSP exam really does leverage a person’s
experience and being exposed to multiple technologies and methodologies
etc.<span style="mso-spacerun: yes;"> </span>This will be your greatest asset.<span style="mso-spacerun: yes;"> </span><o:p></o:p></div>
<br />
<div style="margin-left: 0.5in; mso-list: l0 level1 lfo1; text-indent: -0.25in;">
<span style="mso-list: Ignore;">2.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span>A good study guide, Experience is good, but not all
people have worked in all the domains for the CISSP exam.<span style="mso-spacerun: yes;"> </span>I used the CISSP for Dummies and Shon Harris
Book; it provided information on areas I was weak in and helped reinforce
sections that I was already strong in.<o:p></o:p></div>
<br />
<div style="margin-left: 0.5in; mso-list: l0 level1 lfo1; text-indent: -0.25in;">
<span style="mso-list: Ignore;">3.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span>A testing tool, ISC2 has a testing engine as well as
others like CCCURE.<span style="mso-spacerun: yes;"> </span>This was immensely helpful,
as it helped identify areas where I was weak and needed more work.<o:p></o:p></div>
<br />
<div style="margin-left: 0.5in; mso-list: l0 level1 lfo1; text-indent: -0.25in;">
<span style="mso-list: Ignore;">4.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";">
</span></span>Stamina, the CISSP exam is an endurance tests, read all
the questions very carefully, don’t rush you have 6 hours, and most likely you won’t
use all 6 hours.<o:p></o:p></div>
<br />
In closing writing the CISSP exam was an overall positive experience for me,
I have joined an amazing security community, I have been able to put my
technical experience to the test, and I have found out I really do love the
security field in IT.<o:p></o:p><br />
Jessiehttp://www.blogger.com/profile/01819259273657542315noreply@blogger.com0tag:blogger.com,1999:blog-6767734911302190859.post-59649780383301010342014-12-29T12:19:00.003-08:002014-12-29T12:19:15.196-08:00Received my CISSP
On December 23rd, 2014 I received my official notification that I am now
CISSP certified. In light of this fact, I will now be changing this blog to focus
more on Security.<o:p></o:p><br />
Jessiehttp://www.blogger.com/profile/01819259273657542315noreply@blogger.com0tag:blogger.com,1999:blog-6767734911302190859.post-50237421753582780102012-07-19T11:03:00.002-07:002012-07-19T11:03:22.044-07:00Import users form a CSV file to Distribution GroupI have been getting asked lately on how to due bulk user imports into Exchange for various tasks.<br />
<br />
The below example will use the user Alias field to add users to a Distribution group. You can use this method to do other things like make new mailboxes and such. All you need to do is change the command. the CSV file should be comma delineated and the first line should say alias since that is what I am using.<br />
<br />
Also note I used the alias field you can also use email addresses etc. <br />
<br />
Import-CSV <b><span style="color: red;">c:\users.csv</span></b> | ForEach {Add-DistributionGroupMember -Identity "<b><span style="color: red;">DL Name</span></b>" -Member $_.<b><span style="color: red;">alias</span></b>}Jessiehttp://www.blogger.com/profile/01819259273657542315noreply@blogger.com1tag:blogger.com,1999:blog-6767734911302190859.post-60176555952782677502012-07-16T09:41:00.000-07:002012-07-16T09:41:17.779-07:00How to get members of a Dynamic Distribution Group in Exchange 2010Sometimes, we are asked to send a report off which members are in a DL. If the DL is Dynamic this can be tricky.<br />
<br />
<br />
$<span style="color: red;">1</span> = Get-DynamicDistributionGroup "<span style="color: red;">groupname</span>"<br />
Get-Recipient -resultsize unlimited -RecipientPreviewFilter $<span style="color: red;">1</span>.recipientfilter -OrganizationalUnit $<span style="color: red;">1</span>.organizatunit<br />
<br />
The above commands will get the list of members. What I did was make a variable of $1 for the dynamic DL. This saved me typing time when I ran the command to get the members.Jessiehttp://www.blogger.com/profile/01819259273657542315noreply@blogger.com0tag:blogger.com,1999:blog-6767734911302190859.post-30006000586399342092012-05-18T08:38:00.000-07:002012-05-18T08:38:01.610-07:00Test SMTP through TelnetSometimes you need a tool to verify if SMTP is enabled and if it is able to relay messages. Telnet is great for that. Also Putty is a great Telnet client.<br />
<br />
Below are the steps to send a mail using telnet or Putty.<br />
<br />
<table border="1">
<tbody>
<tr>
<td align="left"><b>You do/type this</b></td>
<td align="left"><b>Server responds with</b></td></tr>
<tr>
<td>Telnet to hostname on port 25 </td>
<td>220 (then identifies itself - possibly with several lines of 220 + text)
</td></tr>
<tr>
<td>HELO your_domain_name or whatever </td>
<td>250 (followed by human readable message) </td></tr>
<tr>
<td>MAIL FROM:you@hostname.com (ie, your email address) </td>
<td>250 <you@hostname.com>is syntactically correct (or similar) </you@hostname.com></td></tr>
<tr>
<td>RCPT TO:them@someplace_else.com (email address you want to send to) </td>
<td>250 <them@someplace_else.com>is syntactically correct </them@someplace_else.com></td></tr>
<tr>
<td>DATA </td>
<td>Tells you to send data then CRLF period CRLF at end </td></tr>
<tr>
<td>You type your message then CRLF period CRLF (ie, type a period on a line by
itself then hit ENTER) </td>
<td>250 </td></tr>
<tr>
<td>QUIT </td>
<td>Signoff message </td></tr>
</tbody>
</table>Jessiehttp://www.blogger.com/profile/01819259273657542315noreply@blogger.com0tag:blogger.com,1999:blog-6767734911302190859.post-53608501615866386452012-05-17T08:33:00.004-07:002012-05-17T08:33:55.272-07:00Installing a SSL Certificate in Exchange 2010To import a SSL Certificate use the below command<br />
<br />
Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\<span style="color: blue;">CERTNAME.pfx</span> -Encoding byte -ReadCount 0)) -Password:(Get-Credential).password<br />
<br />
To enable a service on the cert, make sure you get the thumbprint of the cert which you can get by using the following command Get-exchangecertificate |fl and then use the below command to assign a certificate.<br />
<br />
Enable-ExchangeCertificate -Thumbprint <span style="color: blue;">E8C1BB735FA57C4E70988420CE247263AD92DC65</span> -Services "<span style="color: blue;">iis,imap,pop</span>" <br />
<br />
If you do SSL offloading then make sure you use the DoNotRequireSSL tag after the command look below for example<br />
<br />
Enable-ExchangeCertificate -Thumbprint E8C1BB735FA57C4E70988420CE247263AD92DC65 -Services "iis,imap,pop" <span style="color: red;">-DoNotRequireSsl</span>Jessiehttp://www.blogger.com/profile/01819259273657542315noreply@blogger.com1tag:blogger.com,1999:blog-6767734911302190859.post-70204260521705016912012-05-07T14:57:00.000-07:002015-01-13T07:12:24.968-08:00Manually Update the Global Address List in Exchange 2010Here is the command to update the GAL in exchange. If your address list is not the default add the name in.<br />
<br />
<strong>update-globaladdresslist -identity "<span style="color: blue;">default global list</span>"</strong><br />
<br />
To update the users cache copy faster also make sure you sync your CAS server's also.<br />
<br />
<strong>Update-FileDistributionService -Identity <span style="color: blue;">Server1</span> -Type "OAB"</strong><br />
<br />
Now if the user manually updates their address book using outlook they will download the latest copy.Jessiehttp://www.blogger.com/profile/01819259273657542315noreply@blogger.com0tag:blogger.com,1999:blog-6767734911302190859.post-1035418742273587182012-02-06T12:14:00.000-08:002012-02-06T12:14:58.259-08:00How to install and configure Remote Apps in Remote Desktop Services for Server 2008 R2<span class="no"></span><div class="component viewArticleContent stlco ctContentView li" id="viewArticleContent" sizcache="20" sizset="2"><div class="body layout2" sizcache="20" sizset="2"><div class="section first" sizcache="20" sizset="2"> <div class="content btf-content" sizcache="22" sizset="0"> <div sizcache="22" sizset="0"> Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications. The user can either have a desktop shortcut installed or go through the web portal to launch applications. The reason why IT administrator would apply this approach for running applications is end user experience.<br />
<br />
The end users now have to simply click a shortcut on his/her desktop and the application begins to run. To the user it looks as if the application is installed locally. Also any printers that the user has get redirected. If they have dual screens they can move the application around between screens just like if it was locally installed. The bonus for IT administrators is that they can control who has access to an application.<br />
<br />
Below are the steps to install Remote Desktop Services on one server with Remote App functionality. These are the basic steps to get the server going so you can play with the features. <br />
<br />
1. Install server 2008 R2 <br />
<br />
2. From Server Manager install the role Remote Desktop Services <br />
<br />
<div class="attachment embedded first" sizcache="19" sizset="1"> <div class="description" sizcache="18" sizset="1"><br />
</div><div class="image" sizcache="18" sizset="1"><a href="http://filedb.experts-exchange.com/incoming/2012/02_w06/547666/1.png" rel="nofollow" sizcache="18" sizset="1" title="1.png"><img alt="Roles required for RDS" src="http://filedb.experts-exchange.com/incoming/2012/02_w06/art547666/1.png" style="height: auto; width: 100%;" /> </a></div></div><br />
<br />
3. Install the Remote Desktop Session Host and the Remote Desktop Web Access Services for the role. (IIS will be required for this but it will install for you)<br />
<br />
<div class="attachment embedded" sizcache="19" sizset="2"> <div class="description" sizcache="18" sizset="2"><br />
</div><div class="image" sizcache="18" sizset="2"><a href="http://filedb.experts-exchange.com/incoming/2012/02_w06/547667/2.png" rel="nofollow" sizcache="18" sizset="2" title="2.png"><img alt="Services Required" src="http://filedb.experts-exchange.com/incoming/2012/02_w06/art547667/2.png" style="height: auto; width: 100%;" /> </a></div></div><br />
<br />
4. Now at this point you have all the core services and roles installed to get going. We did not install services such as gateway, or licencing as those are not required to get remote app working. But if you are planning to do a production implementation of Remote Apps, you will need a licence server and the various other services to support it. As we stand now, we have roughly 120 days before we have to input a licencing server, which is more than enough time to test Remote Apps to see how they work, before you design your production environment.<br />
<br />
5. Now that we have installed the roles it’s time to configure Remote Apps. This process is very easy on one server.<br />
<br />
6. Open Remote App manger and it should look like below<br />
<a href="http://filedb.experts-exchange.com/incoming/2012/02_w06/547674/3.png" rel="nofollow" sizcache="18" sizset="3" title="3.png"><img alt="Remote App Manager" src="http://filedb.experts-exchange.com/incoming/2012/02_w06/art547674/3.png" style="height: auto; width: 100%;" /> </a> <br />
<br />
7. First Setting to look at is the RD Session Host Server Settings. Here is where you will define a farm name, RDP port number, Digital Signatures and Common RDP Settings such as allow printer redirecting etc. For our purpose we can leave these all default as we only have one server and do not need a farm name and the local server name is fine for this.<br />
<div class="attachment embedded" sizcache="19" sizset="4"> <div class="description" sizcache="18" sizset="4"><br />
</div><div class="image" sizcache="18" sizset="4"><a href="http://filedb.experts-exchange.com/incoming/2012/02_w06/547678/4.png" rel="nofollow" sizcache="18" sizset="4" title="4.png"><img alt="RD Session Host Server Settings" src="http://filedb.experts-exchange.com/incoming/2012/02_w06/art547678/4.png" style="height: auto; width: 100%;" /> </a></div></div><div sizcache="6" sizset="43"><br />
<br />
8. The next setting to look at is Distribution with RD Web Access. This is needed if you would like users to launch applications from the web interface. The web interface will use the name specified in the RD Session Host Server Settings. So if you have the local server set in the field it would be <a href="https://servername/rdweb" target="_blank">https://servername/rdweb</a> if you had a farm name it would be <a href="https://farmname/rdweb" target="_blank">https://farmname/rdweb</a>. Below is the login page the user will see and the applications the user is able to run. What you need to do is add the RDS server to the local security group named TS Web Access Computers</div><div class="attachment embedded" sizcache="19" sizset="5"> <div class="description" sizcache="18" sizset="5"><br />
</div><div class="image" sizcache="18" sizset="5"><a href="http://filedb.experts-exchange.com/incoming/2012/02_w06/547686/5.png" rel="nofollow" sizcache="18" sizset="5" title="5.png"><img alt="RD Web Portal" src="http://filedb.experts-exchange.com/incoming/2012/02_w06/art547686/5.png" style="height: auto; width: 100%;" /> </a></div></div><div class="empty"><br />
</div><div class="attachment embedded" sizcache="19" sizset="6"> <div class="description" sizcache="18" sizset="6"><br />
</div><div class="image" sizcache="18" sizset="6"><a href="http://filedb.experts-exchange.com/incoming/2012/02_w06/547687/6.png" rel="nofollow" sizcache="18" sizset="6" title="6.png"><img alt="RD Web Portal Application page" src="http://filedb.experts-exchange.com/incoming/2012/02_w06/art547687/6.png" style="height: auto; width: 100%;" /> </a></div></div><br />
<br />
9. Now we need to actually add a Remote App. As you can see I already added calculator, but let’s add another one.<br />
<br />
<div class="bullet" sizcache="15" sizset="14"> <ul><li>Go to the Actions Pane on the right of Remote App Manger and click Add RemoteApps Program.</li>
</ul></div><br />
<div class="bullet" sizcache="15" sizset="15"> <ul><li>Select from the list of programs or select a different program by finding its .exe by using the browse button.</li>
</ul></div><br />
<div class="empty"><br />
</div><a href="http://filedb.experts-exchange.com/incoming/2012/02_w06/547690/7.png" rel="nofollow" sizcache="18" sizset="7" title="7.png"><img alt="Add a Remote App" src="http://filedb.experts-exchange.com/incoming/2012/02_w06/art547690/7.png" style="height: auto; width: 100%;" /> </a> <div class="empty"><br />
</div><div class="bullet" sizcache="15" sizset="17"> <ul><li>You can also assign command line arguments if needed for greater flexibility By clicking properties of the application</li>
</ul></div><br />
<div class="empty"><br />
</div><div class="image" sizcache="18" sizset="8"><a href="http://filedb.experts-exchange.com/incoming/2012/02_w06/547691/8.png" rel="nofollow" sizcache="18" sizset="8" title="8.png"><img alt="Command Line arguments" src="http://filedb.experts-exchange.com/incoming/2012/02_w06/art547691/8.png" style="height: auto; width: 100%;" /> </a></div><div class="empty"><br />
<br />
</div><div class="bullet" sizcache="15" sizset="19"> <ul><li>After you have chosen the application hit apply, now you should see the app in the RemoteApp Programs section at the bottom. Now if you want to web publish this you will need to select the app and in the action pane and click Show in RD Web Access </li>
</ul></div><br />
<div class="empty"><br />
</div><div class="image" sizcache="18" sizset="9"><a href="http://filedb.experts-exchange.com/incoming/2012/02_w06/547695/9.png" rel="nofollow" sizcache="18" sizset="9" title="9.png"><img alt="Publish Remote App to web Portal" src="http://filedb.experts-exchange.com/incoming/2012/02_w06/art547695/9.png" style="height: auto; width: 100%;" /> </a></div><br />
<br />
10. Now at this point you have a Remote Desktop Server running and a Remote App published. If you want users to access it through the web portal simply give the URL to the user. Also if you want to limit who can run an application or not click properties on the remote app in Remote App Manager and go to user assignment this is where you can specify who can access an application or not.<br />
<div class="attachment embedded" sizcache="19" sizset="10"> <div class="description" sizcache="18" sizset="10"><br />
</div><div class="image" sizcache="18" sizset="10"><a href="http://filedb.experts-exchange.com/incoming/2012/02_w06/547701/10.png" rel="nofollow" sizcache="18" sizset="10" title="10.png"><img alt="User Assignment for Remote Apps" src="http://filedb.experts-exchange.com/incoming/2012/02_w06/art547701/10.png" style="height: auto; width: 100%;" /> </a></div></div><br />
<br />
11. If you want the remote app to be accessed by a desktop shortcut then you should either create an .rdp file or better yet create an MSI so you can deploy it by GPO. These actions can be found on the Actions Pane for the App<br />
<div class="attachment embedded last" sizcache="19" sizset="11"> <div class="description" sizcache="18" sizset="11"><br />
</div><div class="image" sizcache="18" sizset="11"><a href="http://filedb.experts-exchange.com/incoming/2012/02_w06/547702/11.png" rel="nofollow" sizcache="18" sizset="11" title="11.png"><img alt="Other Distribution Options" src="http://filedb.experts-exchange.com/incoming/2012/02_w06/art547702/11.png" style="height: auto; width: 100%;" /> </a></div></div><br />
<br />
12. That is really it, now you should be able to setup a Remote Apps Server and test some Remote Apps</div></div></div></div></div>Jessiehttp://www.blogger.com/profile/01819259273657542315noreply@blogger.com0tag:blogger.com,1999:blog-6767734911302190859.post-38839895323231195692012-01-05T09:31:00.000-08:002012-01-05T09:32:21.101-08:00Discovery mailbox can't be found<em><strong><span style="color: black;">"The discovery mailbox, a hidden default mailbox that is required to search mailboxes, can’t be found. It may have been inadvertently deleted. This mailbox must be re-created before you can search mailboxes.”</span></strong></em><br />
<br />
If you are getting the above error when trying to run Audit reports from ECP such as Run a non-owner mailbox report try the following suggestions.<br />
<br />
1. If the mailbox <span style="color: red;"><strong>SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9} </strong></span><span style="color: black;">has not been deleted and is still in the users OU try enabling it by running the powershell command. This is all I had to do to get it working. After I did my Exchagne 2007 to Exchange 2010 Migration.</span><br />
<br />
<span style="color: red;">Enable-Mailbox -Identity "SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}" -Arbitration</span><br />
<br />
<span style="color: black;">2. If Discovery System Mailbox has been deleted then you will need to recreate it (Will not stop mail flow and will require no downtime)</span><br />
<ul><li>Make sure the Mailbox <span style="color: red;">SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9} </span><span style="color: black;">is not present if it is you can delete it.</span></li>
<li>Install the Exchange media into a Domain Controller and run <strong><span style="color: red;">Setup /PrepareAD</span></strong></li>
<li><span style="color: black;">Enable the mailbox using EMC -</span><span style="color: black;"> </span><span style="color: red;">Enable-Mailbox -Identity "SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}" -Arbitration</span></li>
</ul><span style="color: black;">This should solve your issue.</span><br />
<br />
<a href="http://technet.microsoft.com/en-us/library/gg588318.aspx">http://technet.microsoft.com/en-us/library/gg588318.aspx</a>Jessiehttp://www.blogger.com/profile/01819259273657542315noreply@blogger.com3tag:blogger.com,1999:blog-6767734911302190859.post-85359044066234056032011-12-28T14:08:00.000-08:002011-12-28T14:08:13.354-08:00Configuring Public folder replication Using powershellIf you want to configure Public folder replication the easy way then use powershell and the AddReplicaToPFRecursive.ps1 script supplied by Microsoft.<br />
<br />
Make sure you run the command from the Program Files\Microsoft\Exchange Server\V14 directory or where ever you installed exchange. Note this also works for Public folder replication between Exchange 2007 and Exchange 2010 if you are doing a migration, just make sure you run the script from Exchange 2010.<br />
<br />
<br />
To replicate the System Public Folders<br />
<br />
.\AddReplicaToPFRecursive.ps1 -TopPublicFolder "\NON_IPM_Subtree" -ServerToAdd "ServerName"<br />
<br />
To replicate the Default Public Folders<br />
<br />
.\AddReplicaToPFRecursive.ps1 -TopPublicFolder "\" -ServerToAdd "ServerName"Jessiehttp://www.blogger.com/profile/01819259273657542315noreply@blogger.com0tag:blogger.com,1999:blog-6767734911302190859.post-89765859556401998352011-12-12T12:16:00.000-08:002011-12-28T14:16:41.208-08:00Steps to Configure a DAG array in Exchange 2010<div class="MsoListParagraphCxSpFirst" style="margin-left: 32.2pt; mso-add-space: auto; mso-list: l0 level1 lfo1; text-align: left; text-indent: -18pt;">Here is the steps in Powershell to create a DAG, configure the DAG networks and assign the DAG to a CAS array. Make sure all mailbox servers are on the same subnet. Also in my example I have 2 network cards per mailbox server one for MAPI traffic and another for Replication. Everything in <span class="Apple-style-span" style="color: blue;">BLUE</span> is what needs to be changed for your environement</div><div class="MsoListParagraphCxSpFirst" style="margin-left: 32.2pt; mso-add-space: auto; mso-list: l0 level1 lfo1; text-indent: -18pt;"><br />
</div><div class="MsoListParagraphCxSpFirst" style="margin-left: 32.2pt; mso-add-space: auto; mso-list: l0 level1 lfo1; text-indent: -18pt;"><br />
</div><div class="MsoListParagraphCxSpFirst" style="margin-left: 32.2pt; mso-add-space: auto; mso-list: l0 level1 lfo1; text-indent: -18pt;">Create DAG (Using a Hub Transport for a Witness server is pretty standard practice)</div><div class="MsoListParagraphCxSpMiddle" style="margin-left: 57.6pt; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -21.6pt;">1.1.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";"> </span>From Powershell <span style="color: red;">New-DatabaseAvailabilityGroup –Name "</span><span class="Apple-style-span" style="color: blue;">DAG</span><span style="color: red;">" –WitnessServer</span> <span style="color: red;">“</span><span class="Apple-style-span" style="color: blue;">server</span><span style="color: red;">” –WitnessDirectory </span><span class="Apple-style-span" style="color: blue;">c:\DagWitness\Dag</span><span style="color: red;"> –DatabaseAvailabilityGroupIPAdresses </span><span class="Apple-style-span" style="color: blue;">x.x.x.x</span><o:p></o:p></div><div class="MsoListParagraphCxSpMiddle" style="margin-left: 32.2pt; mso-add-space: auto; mso-list: l0 level1 lfo1; text-indent: -18pt;">2.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";"> </span>Add Mailbox Servers to DAG<o:p></o:p></div><div class="MsoListParagraphCxSpMiddle" style="margin-left: 57.6pt; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -21.6pt;">2.1.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";"> </span>From Powershell <span style="color: red; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: "Times New Roman";">Add-DatabaseAvailabilityGroupServer –Identity </span><span class="Apple-style-span" style="color: blue;">Dag</span><span style="color: red; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-fareast-font-family: "Times New Roman";"> –MailboxServer <span style="color: blue;">Servername</span></span><o:p></o:p></div><div class="MsoListParagraphCxSpMiddle" style="margin-left: 32.2pt; mso-add-space: auto; mso-list: l0 level1 lfo1; text-indent: -18pt;">3.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";"> </span>Configure DAG Network Settings<o:p></o:p></div><div class="MsoListParagraphCxSpMiddle" style="margin-left: 57.6pt; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -21.6pt;">3.1.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";"> </span>From PowerShell <span style="color: red;">Set-DatabaseAvailabilityGroupNetwork –Identity</span> <span class="Apple-style-span" style="color: blue;">Dag\DAGNetwork01</span><span style="color: red;"> –Name “MAPI” –Subnets </span><span class="Apple-style-span" style="color: blue;">X.X.X.X</span><span style="color: red;">/24 –ReplicationEnabled $false</span><o:p></o:p></div><div class="MsoListParagraphCxSpMiddle" style="margin-left: 57.6pt; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -21.6pt;">3.2.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";"> </span>From Powershell <span style="color: red;">Set-DatabaseAvailabilityGroupNetwork –Identity</span> <span class="Apple-style-span" style="color: blue;">Dag\DAGNetwork02</span><span style="color: red;"> –Name “Replication” –Subnets </span><span class="Apple-style-span" style="color: blue;">X.X.X.X/24</span><span style="color: red;"> –ReplicationEnabled $True</span><o:p></o:p></div><div class="MsoListParagraphCxSpMiddle" style="margin-left: 32.2pt; mso-add-space: auto; mso-list: l0 level1 lfo1; text-indent: -18pt;">4.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";"> </span>Configure MailBox serves with CAS Array<o:p></o:p></div><div class="MsoListParagraphCxSpLast" style="margin-left: 57.6pt; mso-add-space: auto; mso-list: l0 level2 lfo1; text-indent: -21.6pt;">4.1.<span style="font-size-adjust: none; font-stretch: normal; font: 7pt/normal "Times New Roman";"> </span>From Powershell <span style="color: red;">Get-MailboxDatabase –server “</span><span class="Apple-style-span" style="color: blue;">Servername</span><span style="color: red;">” | Set-MailboxDatabase –RpcClientAccessServer </span><span style="color: blue;">"</span><span style="color: blue;">CAS ARRAY NAME"</span><br />
<br />
<span style="color: black;">By doing the above steps you will have a DAG configured and all mailboxes you created will automatically be assigned to the CAS Aray.</span></div>Jessiehttp://www.blogger.com/profile/01819259273657542315noreply@blogger.com0tag:blogger.com,1999:blog-6767734911302190859.post-83157904000456421242011-12-09T08:14:00.000-08:002011-12-09T08:14:03.970-08:00Disabled Mailbox not showing in Disconnected mailbox sectionSome times when you disable a mailbox it does not show right away in the disconnected mailbox area. That usually means Exchange has not run maintenance yet. If you need to it done pronto and wan't to see the disabled mailbox then run the below powershell command, as it will preform maintenance on the DB.<br />
<div class="MsoNormal"><o:p></o:p></div><br />
<br />
<span class="Apple-style-span" style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 11px;"><span class="Apple-style-span" style="color: red;">Clean-MailboxDatabase "MailboxDatabaseName"</span></span>Jessiehttp://www.blogger.com/profile/01819259273657542315noreply@blogger.com0tag:blogger.com,1999:blog-6767734911302190859.post-89560000143005026012011-12-08T11:35:00.000-08:002011-12-08T11:35:42.287-08:00Disable MailTips in Exchagne 2010If you want to disable MailTips in Exchange 2010 run the below command.<br />
<br />
<span style="color: red;">Set-OrganizationConfig -MailTipsAllTipsEnabled $false</span>Jessiehttp://www.blogger.com/profile/01819259273657542315noreply@blogger.com0tag:blogger.com,1999:blog-6767734911302190859.post-69506233081616447352011-12-07T13:53:00.000-08:002011-12-07T13:53:29.700-08:00How to Enable end users to manage Distribution List memberships in Exchange 2010Well I migrated from exchange 2007 to 2010 and was hit with a little problem. Users who where able to manage their Distribution Groups lists were no longer able to mange them. They could no longer add or remove members and got an insufficient premissions message. I confirmed they were set to owner but that did not seem to matter. After a bit of research I realized that I needed to enable a management role in exchange 2010. The management role was MyDistributionGroups. I also realized that this group had way to much power as the end users would be able to create and delete Distribution groups if I enabled it. So what I did was copy it and modify it. Below are the steps needed to enable Users to manage Distribution groups that they are set to owner.<br />
<br />
1. In the EMS create a new Management Role<br />
<span class="Apple-style-span" style="color: red;">New-ManagementRole -Name MyDistributionGroupsCopy -Parent MyDistributionGroups –Description “This role enables end users to view distribution groups and add or remove members to distribution groups they own.”</span><br />
<br />
2. Now since this role copied the management role MyDistributionGroups we need to modify it and remove some rights.<br />
<span class="Apple-style-span" style="color: red;">Remove-ManagementRoleEntry MyDistributionGroupsCopy\Set-Group -Confirm:$false<br />
Remove-ManagementRoleEntry MyDistributionGroupsCopy\Remove-DistributionGroup -Confirm:$false<br />
Remove-ManagementRoleEntry MyDistributionGroupsCopy\New-DistributionGroup -Confirm:$false</span><br />
<span class="Apple-style-span" style="color: red;"><br />
</span><br />
3. Now we need to set the Distribution Group Parameters<br />
<span class="Apple-style-span" style="color: red;">set-ManagementRoleEntry MyDistributionGroupsCopy\Set-DistributionGroup -parameter Confirm ,ErrorAction ,ErrorVariable ,Identity ,MailTip ,MailTipTranslations , OutBuffer ,OutVariable ,WarningAction ,WarningVariable ,WhatIf</span><br />
<br />
4. Now the final step is to assigned this role to the default role policy so it gets pushed to all users<br />
<span class="Apple-style-span" style="color: red;">New-ManagementRoleAssignment -Role MyDistributionGroupsCopy -Policy “Default Role Assignment Policy”</span><br />
<span class="Apple-style-span" style="color: red;"><br />
</span><br />
Just double check this policy is enabled, you can do that by using ECPJessiehttp://www.blogger.com/profile/01819259273657542315noreply@blogger.com0tag:blogger.com,1999:blog-6767734911302190859.post-41389162335864134882011-12-01T13:28:00.000-08:002011-12-01T13:28:08.616-08:00Exchange 2010 Console Initialization failed<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoTiiVjG1vAOxEy9AoK9NpaTMvUQJqCkwHgBK-9Qs3OsKmg1sQ3nxTkJwr1uvpDQdGEMKA9Yoq52tysKHwfhgljWZPzEpXl3Vx7Jo_rdOinNkDqyGY_N6r_ebVGyGOBwLFDoVfivvXMuw/s1600/Untitled.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="106" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoTiiVjG1vAOxEy9AoK9NpaTMvUQJqCkwHgBK-9Qs3OsKmg1sQ3nxTkJwr1uvpDQdGEMKA9Yoq52tysKHwfhgljWZPzEpXl3Vx7Jo_rdOinNkDqyGY_N6r_ebVGyGOBwLFDoVfivvXMuw/s400/Untitled.png" width="400" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Initialization failed</td></tr>
</tbody></table><br />
Getting the above error when you installed the management console for exchange 2010 on your workstation or member server. The reason could be that you just recently applied a service pack or Rollup update to your exchange system. If you did make sure you run the same update on your workstation or server witch has the console and then it will connect. The reason it does not connect is that the console is a different version from the exchange server.<o:p></o:p>Jessiehttp://www.blogger.com/profile/01819259273657542315noreply@blogger.com0tag:blogger.com,1999:blog-6767734911302190859.post-91773658580372661582011-12-01T11:20:00.000-08:002011-12-01T11:21:16.981-08:00Powershell command to move a storage group to a database from exchange 2007 to exchange 2010Need to move all mailboxes in a storage group on exchange 2007 to a database on exchange 2010. Below are a few ways to do it through powershell<br />
<br />
<span style="color: red;">get-mailbox -databse "Source Datbase" | New-MoveRequest -TargetDatabase 'target database' -BadItemLimit '25'</span><br />
<br />
The above command creates a move request for all mailboxes in the source database to the target database.<br />
<br />
You can also do the same thing by writing the powershell command differently below.<br />
<br />
<span style="color: red;">get-mailbox -resultsize unlimited|? {$_.Database -eq "source datbase "} | New-MoveRequest -TargetDatabase 'target datbase' -BadItemLimit '25'</span><br />
<br />
the above command is pretty much saying get mailboxes where the database is set to source and then move it to database that has a name of target.<br />
The one thing about powershell is their are multiple ways to do the same thing.Jessiehttp://www.blogger.com/profile/01819259273657542315noreply@blogger.com0