Microsoft Exchange Server and PowerShell: Debate Continues

When Microsoft Exchange Server 2007 was released a little over two years ago, one of the biggest drawbacks in the minds of many admins was its reliance on Windows PowerShell. In fact, some of our readers were quite vocal and angry over this situation. The release of Exchange 2007 SP1 added more functionality to the GUI, Exchange Management Console (EMC), but certain tasks can still only be performed through Exchange Management Shell (EMS).

Last week, KC Lemson posted the first public information about Exchange 14 on the Microsoft Exchange Team Blog and invited people to reply with what features they're most interested in hearing about in the new version. I suppose it should be no surprise that at least part of the reader dialog that followed centered on this issue of PowerShell.

A commenter named Thomas wrote:

"I applaud the efforts to make more management tasks doable via the GUI instead of just in powershell. Exchange 2007 RTM was severely lacking in that respect with even common tasks like Send On Behalf permissions requiring long power shell commands. In small/medium organization's IT depts. we need to be Jack of All Trades (and masters of none) since 2 or 3 man IT depts. don't have the manpower to specialize in Exchange Management and memorize the long powershell commands."

Taking up the other side of the argument, Hal Rottenberg said:

"If you value your time, then you should be learning PowerShell, regardless of whether you work with Exchange or not. As they say, if you repeat it, script it."

I for one am a big fan of automation. I use Word 2007 just about constantly, and while I like the Ribbon interface, I still use macros with keyboard shortcuts for any functions I use frequently. Yes, it takes a few extra minutes to set those things up, but the benefits in the long run are worth it. Likewise, it seems like scripting common Exchange tasks with PowerShell would be well worth the time investment.

With the release of Exchange 14 looming, and its expected continued use of PowerShell through EMS, I'm wondering how Exchange Server admins are feeling about their management options now. I'd love to hear your stories: If you prefer to work through the GUI, what ways have you discovered to work around limitations in Exchange 2007? Or maybe you were resistant at first but have come to embrace the control EMS gives you. If you're using Exchange Server 2007, you can't avoid PowerShell

Source: http://windowsitpro.com/article/articleid/101326/microsoft-exchange-server-and-powershell-the-debate-continues.html

Entourage to Exchange Web Services (EWS) Open to Public

Microsoft Tuesday launched a public beta for software that ties Mac users more closely to Exchange mail servers, making good on a promise the company announced earlier this month.

A beta of the Entourage to Exchange Web Services (EWS) client software is now open to the public, said Mike Tedesco, a senior product manager for the company's Mac development group. Previously, the beta had been tested by a handful of corporations running Exchange server and Office 2008 for Mac.

EWS allows the Exchange server itself do most of the heavy lifting, as opposed to WebDAV, which left the bulk of the work up to the client. This results in as much as a 2x speed increase. Also, the improved compatibility means that tasks, notes, and categories are now synced with the server, names can be resolved from the Global Address List over standard HTTP connections (no more VPN!), and improved Autodiscover keeps account settings synced with your Exchange server.

With the beta, Microsoft is moving away from the WebDAV protocol it's used for the last five years to connect Entourage, the e-mail client included in the Mac version of Office, to Exchange, the popular enterprise mail server software. Rather than rely on Web DAV, the beta supports Exchange's native connectivity protocol through an API, putting Entourage on a more equal footing with Microsoft's Windows-based Outlook e-mailer when it comes to synchronizing with Exchange.

Apple licensed Microsoft's ActiveSync technology last March to give iPhone users a way to grab business e-mail from Exchange servers.

The beta also adds some new functionality to Entourage, said Tedesco, including synchronizing tasks, notes and categories in the e-mail program with Exchange.

Users interested in trying the beta of Entourage to Exchange Web Services can apply on the Microsoft Connect site, said Tedesco, but must be running Office 2008 for Mac as well as Exchange Server 2007 with Service Pack 1 with Update Rollup 4, or later.

Source: http://www.techworld.com.au/article/273747/microsoft_unveils_mac--exchange_sync_beta

Implementing and Configuring Blacklist Support in Exchange Server 2003

Spam filtering software based on keywords, etc. is only one brick in the wall guarding against Spam; another one is to implement black- or block-list support within your messaging and collaboration environment. With the new release of Exchange, Microsoft implemented the functionality to filter every incoming email whether the sender is on a blacklist or not. Within this article you will learn how blacklists work and how you can configure support with Exchange Server 2003.

But Spam filtering software based on keywords, etc. is only one brick in the wall guarding against Spam; another one is to implement black- or block-list support within your messaging and collaboration environment. With the new release of Exchange, Microsoft implemented the functionality to filter every incoming email whether the sender is on a blacklist or not.

Learn how blacklists work and how you can configure Exchange Server 2003.

What are blacklists and how do they work?

f you perform a search with an internet search engine you will find lots of blacklist providers throughout the world. This means, the first thing you have to do is consider what blacklist provider you want to use. Nobody can say this or that blacklist provider is the best, you should make your own experiences but if you have a look at the recommendations of the IT press and testing results published in these magazines one of the following blacklist providers may be a good choice.

* relays.ordb.org
* relays.visi.com
* bl.spamcop.net
* blackholes.wirehub.net
* list.dsbl.org

If you have a look at one of these blacklist provider’s websites you will find an explanation on how blacklists work.

Each blacklist server is a special kind of service that can be compared with DNS services. If the SMTP-domain is on the blacklist it reports return status codes back to the checking messaging system providing special IP addresses.

Here is a list of the codes and what they mean:

127.0.0.2 è Open relay

127.0.0.3 è Dialup spam source

127.0.0.4 è Confirmed spam source

127.0.0.5 è Smarthosts

127.0.0.6 è Spamware software developer or spamvertized site (spamsites.org)

127.0.0.7 è Listserver that automates opts users in without confirmation

127.0.0.8 è Insecure formail.cgi script

127.0.0.9 è Open proxy server

By default, Exchange Server 2003 blocks all mails with one of these codes, but you can also configure the behavior as you want.

Configuring blacklist support with Exchange 2003

In Exchange Server 2003 you can find the feature for blacklist support within the global settings of your organization.



As seen above, you can implement multi-blacklist provider rules and put them in your own sequence. Exchange Server 2003 then checks every configured blacklist before it reroutes the email.

If you choose the button “Add” the following window opens:



In the field “Display Name” you should put in a brief description of the rule, in the second field you have to put in the DNS suffix of the blacklist provider itself. And by default, every return status code means a blocking of that email. If you are having trouble with your blacklist provider, just disable the rule by choosing the appropriate button.

If you want to configure a customized return status code behavior, make your choice and the following window will open and will provide your customized configuration.



“Match Filter Rule to any return code” is the default setting and provides a blocking of every email that has a return status code. If you choose “Match Filter Rule to the Following Mask”, you can implement your own status code mask, provided by the blacklist company. If you need to implement customized return status codes, you have to choose the third radio button and then add your codes as shown below:



No rule without exceptions … Therefore you have a way to put in your exceptions by choosing the appropriate button. If you want to configure global IP accept and/or deny lists, this is possible, too. Just choose the “Accept” or “Deny” button.

The next step is now to check if everything runs. If it does not, in general the reason is not your Exchange Server 2003; check your DNS- and firewall settings. The Event log may be your friend, too.

But which servers in your messaging environment should have blacklist blocking enabled? Well, that is quite easy to say: that ones that receive email directly from the internet or via a smart- or relay host within your DMZ. It should be a server that reroutes every incoming email in your organization, and if there is more than one “front-end” server in your environment, you should configure all of them. In addition, don’t forget to check the filtering directory, if there are mails from companies that are on blacklists by accident. In general their entries will be deleted within 24 hours, but within that time window your users do not receive any email from that company.

Source:http://www.msexchange.org/tutorials/Blacklist_Support_Exchange_2003.html

Microsoft Exchange Server Implementation & configuration

Because of the complexity of Microsoft Exchange Server management and administration, many companies want to consolidate thousands of Exchange users on one server. As a deployment grows, its increasing number of servers can make administrative tasks such as adding, moving, and deleting users extremely time-consuming for Exchange administrators.
Administrators must use a combination of applications to administer and manage the Exchange environment, which makes administration of large implementations more difficult. Future versions of Exchange Server will simplify some of these management and administrative tasks and will enable administrators to perform all Exchange administrative tasks through one application. However, for now, Exchange Server's diversity of tasks and tools leads many companies to want to consolidate as many users as possible on each Exchange Server machine.

Microsoft has been using the Security Development Life cycle (SDL) across its product lines for several years now, and we've seen an across-the-board improvement in product security as a result. As a security practitioner, this situation makes me happy indeed, but as an Exchange Server administrator, I want functional improvements to the product as well. Given that Microsoft is already actively working on the next version of Exchange, I wanted to set down a few things I'd like to see in the Exchange Server of the future.

Keep in mind that for every feature we get, there are other features that don't make the cut. Even with the company's massive resources behind them, Microsoft's developers have constraints that prevent them from adding every desired feature while still meeting their schedules and deadlines. That said, here are a few items from my wish list for the next Exchange release.

Let's start with a relatively easy one: The next version of Exchange should include full support for Outlook Web Access' premium mode in Firefox and Safari. Multiple-browser support is an important check box for the education market (where you're likely to find more people using non-Microsoft Internet Explorer browsers), but it's also something that I would expect to see from the company that pioneered the commercial use of Asynchronous JavaScript and XML (Ajax) in Web applications--not to mention that Microsoft Office Communicator Web Access and all of IBM's Lotus products already fully support these browsers.

How about certificates? Microsoft Exchange Server has a Certificate Wizard that helps you get the right set of machine names and subject alternative names in your certificate requests. Now that the OCS and Exchange product lines are part of the same business unit within Microsoft, perhaps the two teams could collaborate to produce a single certificate tool that collects all the necessary parameters for certificate requests? Network security and Exchange administrators everywhere would greatly appreciate and benefit from such a feature.

I've heard many requests for running Exchange services on Windows Server Core, the bare bones install option with Windows Server 2008; the obstacle here is that the current version of Windows Power Shell won't run on Server Core. The Windows or Power Shell teams might address this problem on their own; personally, I'd rather they spent their engineering efforts on giving us complete support for running Exchange under Hyper-V.

Source:http://www.earticlesonline.com/Article/Microsoft-Exchange-implementation---configuration/363816

Mimosa NearPoint for Microsoft Exchange Server 1.0

With an innovative approach to archiving Exchange data on the fly, Mimosa NearPoint for Microsoft Exchange Server 1.0 offers a robust solution for storing and maintaining corporate message data. Though you need some expertise and server capacity to set it up, once this solution is running, it largely succeeds at simplifying the lives of both administrators and end users.

We've all deleted or misplaced an important message in Exchange. Instead of having IT search through backup files, with NearPoint, users can search past messages (even deleted ones) using keywords and other criteria via the Quick Search option in Outlook. Matching results from the Mimosa archive are displayed, along with a message preview window, so you can find lost e-mails. An advanced search option presents more filter options and mimics Outlook's own search capabilities.

Better yet, NearPoint automatically moves user's e-mail attachments into its archive so that they are stored there instead of in user mailboxes. The admin tool let us define and tweak such rules with ease using criteria such as attachment size and message date. This ingenious approach essentially automates the all-too-common chore of users having to clean out mailboxes. We like the reporting available in the admin console, as well. There are about a half dozen reports here, including a useful size and usage report—a must to keep track of the growth and health of your Mimosa archive.

When it comes to installation, Mimosa ranks as one of the more challenging solutions that we've run up against. Setup requires a capable server (or two) with plenty of disk storage space. (One terabyte of disk space is recommended. RAID support is a virtual must for archiving.) Administrators will need to know their Exchange server infrastructure well and do capacity planning based on the number and size of user mailboxes.

Once Mimosa's MMC console is installed, it's exactly what busy IT administrators need to gain complete control over Exchange archiving. The console lets you perform both large and small tasks—like restoring an entire server, as well as individual mailboxes—with ease, along with support for scheduling jobs.

An additional potentially time-saving option in NearPoint allows designated "auditors" to search across multiple mailboxes to find relevant messages, which may be required for organizations meeting regulatory requirements or facing a legal discovery process. Behind the scenes, NearPoint admins can set policies for saving executive-level messages for a period of years, for example, to meet corporate standards. In accord with these policies, messages will be automatically saved or purged from the archive over time.

Source: http://www.pcmag.com/article2/0,2817,1922263,00.asp