Archive for January, 2009

« Older Entries
Jan
29
2009

Microsoft Exchange TCP/IP Ports List

Here’s a list of the must used TCP & UDP IP ports that you could possibly need to use (or open in your firewall(s)).

TCP port 25 – SMTP
TCP port 26 – SSL secured SMTP
TCP port 110 – Post Office Protocol (POP3)
TCP port 995 – SSL secured POP3
TCP port 143 – Internet Message Access Protocol v. 4 (IMAP4)
TCP port 993 – SSL secured IMAP4
TCP port 80 – HTTP for Outlook Web Access
TCP port 443 – SSL secured HTTP for Outlook Web Access (HTTPS)
TCP/UDP port 389 – Lightweight Directory Access Protocol (LDAP)
TCP port 3268 – LDAP communications with an Active Directory Global Catalog Server
TCP port 119 – Network News Transfer Protocol (NNTP)
TCP port 563 – SSL secured NNTP
TCP port 135 – Remote Procedure Protocol (RPC) however it will also use ports 1024 and up as needed.
TCP/UDP port 53 – Domain Name System (DNS)
TCP port 102 – Mail Transfer Agent (MTA) *Only used in X.400 connections.
TCP/UDP port 88 – Kerberos

Posted in Microsoft Exchange 2007 Server | No Comments »

Jan
28
2009

How to: Backup Exchange 2007 store with HP Data Protector 6.0

Today I’ve installed HP Data Protector 6.0 in my virtual test environment. So we’re going to create a full Exchange Store backup using HP Data Protector.

First off all i’ve installed a Windows 2003 Server with HP Data Protector 6.0. (Note: if you’re using Exchange 2007, install patch DPWIN_307 or later)

After the installation we’re are going to deploy the HP Client to the Exchange 2007 server, for communicating with the Backup server.

hpdp_01    hpdp_02    hpdp_03

hpdp_04    hpdp_05    hpdp_061

hpdp_07

The next step is configuring the device for the backup destination. In my situation it’s a backup to disk.

hpdp_13    hpdp_15    hpdp_16

hpdp_17    hpdp_18

Now the device is created, we can go further with configuring the Exchange full Store backup.

hpdp_08    hpdp_09    hpdp_10

hpdp_11    hpdp_12    hpdp_12_01

hpdp_12_02    hpdp_12_03    hpdp_12_04

hpdp_12_05    hpdp_12_06    hpdp_12_07

In the next few days i’m going to configure the Exchange 2007 Single Mailbox backup.

Posted in Microsoft Exchange 2007 Server | No Comments »

Jan
25
2009

Exchange 2007 Configuring the Mailbox Information Cache Refresh Interval

Exchange quota information is stored in Active Directory, and by default is cached by Exchange for up to two hours.  This means that it could take up to two hours for a quota change to take effect.  The recommended interval for Exchange to refresh quota information is 20 minutes, which can be set by adding three registry values.
 
- Start the registry editor on your Exchange 2007 Mailbox server
- Locate the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem key.
- Create the “Reread Logon Quotas Interval” value
- Right-click ParametersSystem, select New, and then select DWORD value.
- Name the new DWORD value “Reread Logon Quotas Interval”.
- Right-click Reread Logon Quotas Interval, and then click Modify.
- Enter a decimal value of 1200 seconds (20 minutes)
- Create the “Mailbox Cache Age Limit” value
- Right-click ParametersSystem, select New, and then select DWORD value.
- Name the new DWORD value “Mailbox Cache Age Limit”.
- Right-click Mailbox Cache Age Limit, and then click Modify.
- Enter a decimal value of 20 (20 minutes)

- Locate the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchange ADAccess key.
- Create the “CacheTTLUser” value
- Right-click MSExchange ADAccess, select New, and then select Key.
- Name the new key Instance0.
- Right-click Instance0, select New, and then select DWORD value.
- Name the new DWORD value “CacheTTLUser”.
- Right-click CacheTTLUser, and then click Modify.
- Enter a decimal value of 300 (5 minutes)

Alternately, copy this text file and paste it into a file called MailboxCache.reg, then import it into the registry of each of your Exchange 2007 Mailbox servers

———————————————————————-
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem]
“Reread Logon Quotas Interval”
=dword:000004b0
“Mailbox Cache Age Limit”
=dword:00000014
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchange ADAccess\Instance0]
“CacheTTLUser”
=dword:0000012cc
———————————————————————-

Posted in Microsoft Exchange 2007 Server | No Comments »

Jan
25
2009

Create new users in Active Directory with DSADD

Today I was testing some things in my Exchange 2007 environment. For this test I’ve to create 100 new users in Active Directory. So I’ve created a little script that made all the new users for me.

In this script I use the command line tool dsadd.

dsadd user “CN=Testuser01,OU=Gebruikers,DC=testlab,DC=local” -upn testuser01@testlab.local -fn testuser01 -pwd P@$$W@rd
dsadd user “CN=Testuser02,OU=Gebruikers,DC=testlab,DC=local” -upn testuser02@testlab.local -fn testuser02 -pwd P@$$W@rd
dsadd user “CN=Testuser03,OU=Gebruikers,DC=testlab,DC=local” -upn testuser03@testlab.local -fn testuser03 -pwd P@$$W@rd
dsadd user “CN=Testuser04,OU=Gebruikers,DC=testlab,DC=local” -upn testuser04@testlab.local -fn testuser04 -pwd P@$$W@rd
dsadd user “CN=Testuser05,OU=Gebruikers,DC=testlab,DC=local” -upn testuser05@testlab.local -fn testuser05 -pwd P@$$W@rd

Posted in Active Directory | No Comments »

Jan
10
2009

Windows 2008 R2 first looks

Today i’ve installed the new public release of Windows 2008 R2 x64 server in my virtual testenvironment. This are the first looks…the next days I’ll install some roles en features. The first thing I want to test is the new Hyper-V 2.0 and Powershell 2.0.

 2008r2_01    2008r2_02    2008r2_03

2008r2_04    2008r2_05    2008r2_06

2008r2_07    2008r2_08

To be continued…

Posted in Microsoft Windows 2008 Server | No Comments »

Jan
09
2009

Exchange 2007 view all the full access permissions

To view all the full access permissions on all the mailboxes in your environment, you can use the following command in the Exchange Management Shell.

Get-Mailbox | Get-mailboxpermission | where {-not ($_.User -like “NT AUTHORITY\SELF”)} | Ft -wrap

fullaccess_01

When you want the full access permissions configured on one specific mailbox, you can add the -identity switch. For example:

Get-Mailbox -identity systeembeheer | Get-mailboxpermission | where {-not ($_.User -like “NT AUTHORITY\SELF”)} | Ft -wrap

 fullaccess_02

Posted in Microsoft Exchange 2007 Scripts | No Comments »

Jan
09
2009

Exchange 2007 view all the Send-As permissions

When you want an overview of all the Send-As permissions configured on all the mailboxes in your environment, you can use the following command in the Exchange Management Console.

Get-Mailbox | Get-ADPermission | where {($_.ExtendedRights -like “*Send-As*”) -and -not ($_.User -like “NT AUTHORITY\SELF”)} | Ft -wrap

sendas_01

When you want the Send-As permissions configured on one specific mailbox, you can add the -identity switch. For example:

Get-Mailbox -identity systeembeheer | Get-ADPermission | where {($_.ExtendedRights -like “*Send-As*”) -and -not ($_.User -like “NT AUTHORITY\SELF”)} | Ft -wrap

 sendas_02

Posted in Microsoft Exchange 2007 Scripts | No Comments »

Jan
08
2009

How to: Migrate a domain controller from Windows 2003 to Windows 2008

Today I had to do a upgrade from my existing Domain Controller, a Windows 2003 R2 Server to a Windows 2008 Server. 

   

The Windows 2003 Domain Controller is configured with a domain upgrade.local, forest functional level is Windows Server 2003 and the domain functional level is Windows Server 2003. This server is also the DNS server for this domain. There’s is one forward lookup zone and I’ve created a reverse lookup zone for the 172.16.10.x Subnet. We’re going to migrate to Windows 2008 Server.

First of all, I’ve installed a second virtual server with Windows 2008 Server and give it a static IP address, a subnet mask and a DNS server.

Now you have to prepare the forest and the domain with the new schema extensions.

D:\sources\adprep\adprep/forestprep and D:\sources\adprep\adprep /domainprep.
(Note: if you want to add a RODC, Read Only Domain Controller, you’ve to run also the following command: adprep /rodcprep. There must be already a Windows 2008 Domain Controller present in the domain before you can add a RODC.)

Now you can run a DCPROMO on the Windows 2008 Server.

       

       

       

       

       

The new Windows 2008 Domain Controller is succelfully promoted in the existing domain upgrade.local.

The next step is to move all the FSMO roles to the new Domain Controller. The following settings must be made.

Change the Domain Naming Master Active Directory Domains and Trusts, Operations Master, Change

   

Change the Schema Master run the following command regsvr32 schmmgmt.dll , now you’re able to add the Schema Snap-in in your Management Console.
Active Directory Schema, Operations Master, Change

   

Change the RID Master, PDC Emulator and the Infrastructure Master Active Directory Users and Computer, Your domain, Operations Masters, Change

       

       

Now all the FSMO roles are transfered to the new Server 2008 Domain Controller. Now we can demote the Windows 2003 Domain Controller by running the DCPROMO command.

       

After this steps and a copple of reboots, the migration is done! You now have a Windows 2008 Domain Controller.

Posted in Microsoft Windows 2008 Server | No Comments »

« Older Entries