Open a Socket!

Recently I was doing some testing with a new Exchange 2010 Receive Connector and wanted a method to check how many messages it was processing.  I came up with the following Powershell snippet that seems to work well.

$i = 0
do {
    $now = get-date
    (Get-MessageTrackingLog -ResultSize unlimited -Start "11/10/2012 3:00PM" -End $now -Server MYSERVER `
    | ? {$_.connectorid -eq "MYSERVER\SMTP Relay"}).count
    sleep 30
    $i = $i + 1
    $i
} 
until ($i -eq 100) 

The script uses the “do until” method to query the message tracking logs on a specific server at 30 second intervals for instances of the Receive Connector and displays the count.  It does this a hundred times (or until you stop the script).

Quest Software make it hard to love them sometimes.  When they made Quest Quick Connect Express for Active Directory available at no cost it was a real boon for anyone wanting to synchronise objects from AD to AD (or AD LDS instances).  In particular it offered a great free method of achieving GAL Sync between two Exchange Organisations, the likes of which have not been seen since the days of Microsoft’s Identity Integration Feature Pack (IIFP – a cut down version of MIIS/ILM/FIM). I thought was smart, strategic thinking on Quest’s part: make the sync engine available with basic functionality to get everyone used to the product and then generate revenue through add-on licences for other data sources (generic LDAP, SQL, Oracle, etc.).  Sadly, the strategic approach seems to have been thrown out in the (mistaken) belief that charging for the AD connector will bring in more revenue.  Hopefully Dell (Quest’s new owner) will hear the howls of derision and bring back the free version.

Now that I’ve got that off my chest, what are the options left for (free) GAL Sync?  Well, if you have a copy of the Quest One Quick Connect Sync Engine version 4.7 or 5.0 you can still use these to achieve GAL Sync free of charge.  The current version of the Sync Engine (5.1) has had the AD DS/AD LDS connectors disabled so if you download that you will need to purchase a Quest One Quick Connect Express for Active Directory licence to get the old functionality back.

It doesn’t look like version 5.0 of the Sync Engine is available on the Quest web site, but you can still download version 4.7.  To get there you need to register for the Quest One Quick Connect Express for AD trial version and you will then see the download options for the Sync Engine.  The Step-by-Step Guide that I originally wrote was for version 4.7 and is still available:

http://www.open-a-socket.com/index.php/2011/01/06/quest-activeroles-quick-connect-express-gal-sync-step-by-step-guide/

If you have version 5.0 downloaded somewhere, consider yourself lucky – and hold on to it!

If you are in a cross-forest mailbox migration scenario and use Exchange message classifications, this script might be useful to you.  If you plan to have the same message classifications in the target Exchange Organisation then you will want the classification IDs to match.  Without this, there is potential for the classification on migrated mail items not to be recognised.  For example, if you forward or reply to a migrated message and do not change the classification, then the classification will match the source Exchange Organisation and will not be recognised (even if the names match).  To avoid this scenario it is important to ensure that the classification IDs are the same in the source and target environment.

The first step is to export the message classifications in the source Exchange Organisation using the Export-OutlookClassification.ps1 in the \Scripts folder in the Exchange installation path.  This creates an XML file for you to use for the import.  Once you have the file, copy it to the target Exchange Organisation and run the script below.

#########################################################
#
# Name: Import-MessageClassification.ps1
# Author: Tony Murray
# Version: 0.1
# Date: 17 May 2012
# Comment:
# PowerShell script to import Exchange 2010 message
# classifications created in one forest to another forest.
#
# Uses xml file created from the
# Export-OutlookClassification.ps1 script in the source
# forest
#
# This method preserves the ClassificationID, which can
# be beneficial in cross-forest migration scenarios
#
##########################################################

$classfile = "C:\xml\Classifications_E2010.xml"
[xml]$mcs = Get-Content $classfile

foreach ($mc in $mcs.classifications.classification) {
    $name = $mc.name
    $dname = $mc.description
    $clid = $mc.guid
    New-MessageClassification -Name $name -DisplayName $dname `
    -ClassificationID $clid -SenderDescription $name

    # Tidy up variables used in foreach loop
    Clear-Variable -ErrorAction SilentlyContinue -Name mc
    Clear-Variable -ErrorAction SilentlyContinue -Name name
    Clear-Variable -ErrorAction SilentlyContinue -Name dname
    Clear-Variable -ErrorAction SilentlyContinue -Name clid
} # end foreach

# Tidy up global variables
Clear-Variable -ErrorAction SilentlyContinue -Name classfile
Clear-Variable -ErrorAction SilentlyContinue -Name mcs

The other day I was doing some troubleshooting on a DAG member in a remote site.  I needed to get a picture of the copy and replay queues for the server over a period of time. To do this I wrote a small script to poll the queues at 60 second intervals over a 24 hour period.  The output is in CSV format to allow the results to examined/graphed using Excel.  I thought it might be useful to others.

#########################################################
#
# Name: Get-QueueLength.ps1
# Author: Tony Murray
# Version: 1.0
# Date: 25/01/2012
# Comment: PowerShell script to output DAG database
# queue lengths to file
#
#########################################################

$outfile = "c:\QueueLength.csv"

$server = "MyExchangeServer"

$head = "Date,Time,Database,CopyQLength,ReplayQLength"

if (Test-Path $OutFile) {Remove-Item $outfile}

Add-Content -Value $head -Path $outfile

$i = 0
do {
    $dat = Get-Date -Format d
    $tim = get-date -Format HH:mm
    $stats = Get-MailboxDatabaseCopyStatus -Server $server
    foreach ($stat in $stats) {
        $dba = $stat.databasename
        $clen = $stat.CopyQueueLength
        $rlen = $stat.ReplayQueueLength
        $line = "$dat,$tim,$dba,$clen,$rlen"
        Write-Host $line
        Write-Host $i
        Add-Content -Value $line -Path $Outfile
    } # End foreach
    $i = $i + 1
    Start-Sleep -Seconds 60
    } # End of Do
While ($i -le 1439)

I came across an anomaly with the Exchange 2007 Export-Mailbox cmdlet at a customer site recently.  It created a major inconvenience for some bulk mailbox exports, so I thought I would share it here.  Basically, I was able to generate two different search results depending on whether or not I specified a PST file as target.  I’ve since managed to reproduce the behaviour in my own test lab, so the problem appears to be generic and not limited to the specific customer’s environment.

This is what my test environment looks like:

Mailox Server  = Windows Server 2008 SP2 with Exchange Server 2007 SP2 RU5

Export workstation = Windows 7 SP1 with Outlook 2010 and Exchange Server 2007 SP2 RU5 Management Tools

My goal was to export all items that contain the string [blah] (including the square brackets) to a target.  If I specify a PST file as the target then all items that contain the specified string are exported to the PST file as expected, e.g.

Export-Mailbox -Identity c781e3a3-1e08-40a7-abab-ba71b9dddc0b -AllContentKeywords “[blah]” `
-DeleteContent:$false -DeleteAssociatedMessages:$false -PSTFolderPath $pstpath -Confirm:$false

However if I specify a folder in another mailbox as the target and use the same search string then items matching [blah] are copied to the target as well as all items matching blah (i.e. without the square brackets), e.g.

Export-Mailbox -Identity c781e3a3-1e08-40a7-abab-ba71b9dddc0b -AllContentKeywords “[blah]” `
-TargetFolder “EM” -TargetMailbox d4aa986b-c33c-4a89-9e08-1a3ceb5c796e `
-DeleteContent:$false -DeleteAssociatedMessages:$false -Confirm:$false

As you can see, the string passed to the AllContentKeywords parameter is exactly the same in both examples, but the result is different. 

I haven’t yet found a reasonable explanation for why this is happening, but it seems that the search behaviour is different depepending on whether or not the cmdlet includes the option to export to PST.  For example, a straight delete using export-mailbox (i.e. no target at all) will also match both [blah] and blah:

Export-Mailbox -Identity c781e3a3-1e08-40a7-abab-ba71b9dddc0b -AllContentKeywords “[blah]” `
-DeleteContent:$true -DeleteAssociatedMessages:$true -Confirm:$false

However combining the delete option with an export to PST will just match on [blah].

My guess is that the PST option somehow causes the cmdlet to use a different search method (or index?).  When the PST option isn’t used the cmdlet simply ignores the square brackets (and I guess any other special characters).  I haven’t yet found a way to escape the special characters to ensure they are included in all searches.  If anyone knows how to do this, please let me know.

If you’re looking for a Global Address List synchronisation solution for Exchange that simply uses Powershell, look no further than this excellent script from fellow MVP Carol Wapshere.

http://www.wapshere.com/missmiis/a-galsync-powershell-script

The script doesn’t leverage the DirSync control (and hence doesn’t use deltas), which means that it isn’t perhaps as efficient as some of the full-blown solutions out there, but it has the beauty of simplicity!  Another advantage is that it doesn’t require any expensive infrastructure components – unlike most solutions that need at least one dedicated server and a database.

It also works with a variety of Exchange versions!

The script is likely to be most useful for SMEs during migration scenarios. Larger organisations or those looking for something long-term are more likely to invest in a more comprehensive solution such as FIM, SimpleSync or Quest ActiveRoles QuickConnect.

I encourage you to check it out.

I came across a problem the other day when using version 6.5.8211.0 of Microsoft Exchange MAPI and CDO 1.2.1 on a server running Good Mobile Messaging.  The Good software accesses user mailboxes via the MAPI CDO client.  At first the mailbox access was failing horribly with the following errors:

2011-03-11 13:24:33 12:00  ERROR:-2147219707
2011-03-11 13:24:33 12:00  MSG:Code:IDispatch error #1285 Source:Collaboration Data Objects Description:The attempt to log on to the Microsoft Exchange Server computer has failed. [Microsoft Exchange Server Information Store - [MAPI_E_FAILONEPROVIDER(8004011D)]]

The MAPI_E_FAILONEPROVIDER error appears to be fairly generic and I couldn’t find anything on the Microsoft Knowledge Base that matched my scenario.

In the end the problem turned out to be a by-product of my Exchange 2010 SP1 environment not having any Public Folders.  Apparently the MAPI CDO client will by default look for Public Folders when accessing the mailbox and will throw the error if it can’t find any. 

The fix is to add a registry key to the server running MAPI CDO that sets a flag (CONNECT_IGNORE_NO_PF) that instructs the client to ignore the absence of Public Folders.

1. On the computer running Microsoft Exchange MAPI and CDO 1.2.1, click Start > Run.
2. In the Open field, type regedit.
3. Click OK.
4. Perform one of the following actions:
   • If you are running a 32-bit version of Windows, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Messaging Subsystem\CDO.

   • If you are running a 64-bit version of Windows, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Messaging Subsystem.

5. If the CDO registry key does not exist, create a registry key that you name CDO.
6. In the CDO registry key, if the DWORD value does not exist, create a DWORD value that you name Ignore No PF.
7. Change the DWORD value to 1.
8. Click OK.

Source: Technet

Interestingly, the only references I could find to the “Ignore No PF” key were some MSDN and Technet blogs and the support documentation for Blackberry Enterprise Server.  There is currently nothing available in the Microsoft on-line documentation, including the Knowledge Base (at least nothing I could find). Given that Public Folders are being “de-emphasised” within Exchange I would have thought this workaround would be given much more prominence.

Tony

A couple of weeks ago I blogged about using Quest’s ActiveRoles Quick Connect Express for Exchange 2010 Global Address List synchronisation (GAL Sync).  Since then I’ve written a step-by-step guide which will hopefully help others who want to use this very useful freeware utility.  You can download the guide (pdf format) here:

GAL Sync with ActiveRoles Quick Connect Express – Step-by-Step Guide v1

I have also updated the Powershell script that exposes the provisioned Contact objects in the target GAL.  You can download the script here:

ConfigureContacts.ps1

If you have any feedback on the guide please post a comment here or contact me directly (tony@activedir.org)

Quest has just released a freeware product called Quick Connect Express for Active Directory. If you’re looking for something that fills the gap left by the (now pensionable) Microsoft Identity Integration Feature Pack, then this may well be it.  I’ve spent the last day looking at the product’s capabilities for running Exchange 2010 Global Address List synchronisation and I have to say I’ve very impressed.  Aside from the price tag ($0.00 suits the pocket of most), the best thing about QQCE is that it’s really easy to set up and configure.

At the time of writing the download link points to the wrong version of Quick Connect.  I only worked this out when the installer prompted me for a connection to the ActiveRoles Server Administration Service (something not used with the Express version).  I’m sure Quest will sort this out soon, but in the meantime, you can obtain the correct version by registering with the Quest Support web site and downloading the software and associated documentation from there.  You should end up with the following two files:

• Quest_QuickConnectSyncEngineStandaloneModex64_470.msi (this is the 64-bit version – a 32-bit version is also available)
• QuickConnectStandaloneMode_4.7_AdminGuide.pdf

Optionally, you can also download the Quick Connect Powershell provider:

• Quest_QuickConnectManagementShellStandaloneModex64_470.msi

I chose to install the software on a Windows Server 2008 R2 Standard Edition machine together with SQL Server 2008 R2.  QQCE uses SQL databases to store the synchronisation data, but SQL Server doesn’t need to be on the same machine.

If I have time I’ll work on a step-by-step guide for GAL Sync using QQCE, but in the meantime here are some of the configuration details I used in my lab. ***Update Jan 2011 – step-by-step guide now available***

My first forest (ad.contoso.com) runs Windows Server 2008 R2 functional level and has Exchange 2010 SP1 RU2.  The second forest (ad.fabrikam.com) has the same versions.  I joined the server running QQCE to the CONTOSOE domain, but it could equally have been joined to the FABRIKAM domain.  I then configured GAL Sync in the direction CONTOSO –> FABRIKAM.  In other words, I had users in CONTOSO that I wanted to appears as Contacts in the FABRIKAM Global Address List.  Of course it is also possible to perform two-way GAL sync with the tool – I just didn’t take it that far.

Once you have completed the installation, the first thing to do is select one of the two domains as the “Managed Domain” for QQCE.  For the purposes of GAL sync the selection is arbitrary.  You then configure the second domain as a “Connected System”.

You then need to set up the workflow.  I chose to configure three separate workflow steps for the GAL Sync (Provisioning, Update and Deprovisioning).  This ensures that any creation, modification or deletion of mailbox-enabled users in CONTOSO are reflected in FABRIKAM.

The provisioning aspect of the workflow requires the most work.  The tool can easily be configured to provision Contact objects in the target, but a custom post-sync Powershell script is required to ensure the contacts appear in the GAL.

My script (which you can download here) invokes a remote Powershell session against a FABRIKAM Exchange server and uses the Get-Contact and Set-Contact cmdlets to ensure the attributes required for GAL visibility are stamped on the Contact objects.

When configuring the Source information, I specified the OU containing the mailbox-enabled User objects and identified them using the homeMDB attribute.  If the homeMDB attribute is present on a User object you can assume it is mailbox-enabled.

The Target window in the configuration wizard allows you to specify what object type to create (Contact in my case).  You also specify the rule(s) for generating the object name. I chose the source User object’s Display Name attribute to generate the name (cn) for the corresponding Contact object.

Finally, you specify which attributes on the source object should be populated on the target object during provisioning.  My choices are fairly obvious, but note in particular that I used the mail attribute from the source to create the Contact object’s targetAddress attribute.  The targetAddress attribute is important for Contacts as it is the one Exchange uses for routing purposes.

The Update and Deprovisioning steps are much simpler to configure, so I won’t show them here.

Once the workflow setup is compete you can configure them to run according to a schedule that you specify.  Once per day is probably sufficient in most cases.

The remaining task is to create a mapping rule for the User->Contact relationship.  This is required to allow the Update and Deprovisioning workflow steps to match the correct target object based on changes or deletions in the source domain.

And that’s it really.  You can pretty much have the whole thing up and running in an hour or less!

Much kudos to Quest for pushing this out as a free tool.  Of course GAL Synchronisation is not the sole purpose of the tool, but I suspect it’ll be the major drawcard for many organisations given its usefulness in migration and coexistence scenarios.  The major alternatives for GAL Sync with Exchange 2010 are ILM/FIM and SimplSync, both of which cost money and, in the case of FIM at least, require a great deal more configuration effort.

Tony

If you’ve been working with Exchange 2010 Service Pack 1 you will know that there are several pre-requisites to download and install. Once downloaded you end up with a bunch of *.msu (Windows Update) files.  If, like me, you have to install them on several servers and don’t like the idea of having to double-click to install them via the UI you look for ways to simplify the process.  Powershell struck me as the obvious solution, but I couldn’t find any cmdlets that manage Windows Updates.  There are some examples, such as this from James O’Neill, but which are somewhat too elaborate for what I wanted to do.  In the end I wrote a small script (below) that calls wusa.exe to install the updates.  Not the prettiest method.  Hopefully Microsoft will provide set of cmdlets to manage Windows Updates in the next version of Windows.

#########################################################
#
# Name: InstallWindowsUpdates.ps1
# Author: Tony Murray
# Version: 1.0
# Date: 16/11/2010
# Comment: PowerShell script to install 
# Windows Update files
#
#########################################################

# Specify the location of the *.msu files
$updatedir = "C:\E2010 SP1 Prereqs\"
###

$files = Get-ChildItem $updatedir -Recurse
$msus = $files | ? {$_.extension -eq ".msu"}

foreach ($msu in $msus)
{
    write-host "Installing update $msu ..."
    $fullname = $msu.fullname
    # Need to wrap in quotes as folder path may contain spaces
    $fullname = "`"" + $fullname + "`""
    # Specify the command line parameters for wusa.exe
    $parameters = $fullname + " /quiet /norestart"
    # Start wusa.exe and pass in the parameters
    $install = [System.Diagnostics.Process]::Start( "wusa",$parameters )
    $install.WaitForExit()
    write-host "Finished installing $msu"
}

write-host "Restarting Computer"
#Restart-Computer

If someone has a better method for doing this, please let me know.