|
So my colleagues and I have been mulling over an issue and want to get feedback. Our Environment:
Previously, placement in a database was based on what business unit you were in. (By way of explanation, this is a company that grew through mergers and acquisitions, and until recently has been operating as a very loose federation of companies. IT was operated under a sort of feudal system without much integration as the local "IT lords" fought to keep control of "their" data.) We've identified that this is a batshit insane way of doing things at our company, causing some DAGs to be stuffed to the gills with user data, and others to be very under-utilized. We want a way to spread user data across the databases in such a way that each database comes out being relatively equal in size. As a second wrinkle, the director of our group wants to keep one database in each DAG EMPTY with the exception of journaling mailboxes. His explanation is that these databases would "be there in case we need to emergency-move people [to do things like empty another database so we can delete/recreate it if whitespace gets out of control]." Is he crazy for suggesting that we keep 4.8TB of databases empty except for emergencies? What's the best way to organize and categorize users into databases in a large environment like ours? Please help!
|
#
?
Sep 16, 2014 17:51
|
|
|
|
| # ? Apr 16, 2024 10:59 |
|
|
Mierdaan posted:Ugh. This one will be fun.  I'm just glad I don't have to deal with client issues. At least there's a GPO you can use to avoid this (until May 2015) as mentioned in this blog wintermuteCF posted:What's the best way to organize and categorize users into databases in a large environment like ours? Please help! This is a problem I'm trying to tackle in my environment as well. From what I could find online the best way to do this is dump a list of all your users including their mailbox size, throw that into an excel spreadsheet, sort by size, and then assign them to a new database in a serpentine type fashion (largest 45 go to DBs 1 through 45 then the next 45 go to DBs 45 through 1, repeat). The problem I have with this method is that you're likely to move most of the mailboxes in your environment. From your description you may end up needing to do that anyway depending on how out of balance it is now so it may work for you. What I'm trying to find is a way to balance users across databases such that the number of users and size of databases remain relatively uniform while moving a minimal amount of people. I haven't had much luck in this regard  Also I don't really see a need for maintaining an empty database in every DAG. Ideally you would have space on your storage to expand the size of your DB if you were really in a bind, and distributing your disk usage across more DBs and monitoring their usage is a better way to address that concern. But if you have the disk to spare then it really doesn't matter either way. Will Styles fucked around with this message at 18:28 on Sep 16, 2014 |
|
#
?
Sep 16, 2014 18:21
|
|
|
In case anyone is wondering how 'fanatical' Rackspace's Hosted Exchange support is, I put a ticket in over 3 hours ago for some servers that were getting rejected trying to email people at my company. Haven't heard back, which is pretty typical. The best part is using their online chat feature and talking to a script monkey for 45 minutes who makes you perform the stupidest troubleshooting steps. Traceroute to the mail server? I'm not even the one having an issue! Just whitelist the loving server!
|
|
#
?
Sep 16, 2014 18:46
|
|
|
Rackspace's support was better when they were a smaller company. But in my experience, they use spam filtering which uses a global email block list (the usual ones like Spamhaus etc) and pull from there. Getting a few servers that may or may not be set up correctly for secure(ish) email isn't likely going to happen through Rackspace. First thing I usually do is look at the servers who are getting rejected, run SPF and relay tests on their servers, and if they come back positive for spam/issues then I send that info on to the appropriate admin contacts for those servers.
|
|
#
?
Sep 16, 2014 19:28
|
|
|
Finally finished my Exchange 2007 to office 365 migration, for the small business(22 mail boxes) that I work for. Overall it was pretty easy, it took alittle more time then I would have like but I am very happy with the results. My only word of warning is that getting scan to email mfp like bizhubs to connect to office 365 was a giant pain the rear end. Stupid things like dns lookups failing and device email, admin email and sender email our all exactly the same. Bizhubs also requires a office 365 account with global admin rights to work.
|
|
#
?
Sep 17, 2014 16:58
|
|
|
Gyshall posted:Rackspace's support was better when they were a smaller company. We've been emailing with this company for years - it started happening when we moved from Rackspace's 2007 to 2013 Hosted Exchange. Apparently, and understandably they use different spam filters.
|
|
#
?
Sep 17, 2014 19:55
|
|
|
Calidus posted:Bizhubs also requires a office 365 account with global admin rights to work. That doesn't sound right. Is the bizhub impersonating people?
|
|
#
?
Sep 18, 2014 02:53
|
|
|
He thinks he's people!
|
|
#
?
Sep 18, 2014 07:55
|
|
|
NevergirlsOFFICIAL posted:That doesn't sound right. Is the bizhub impersonating people? It is logging into a account via TLS, it was the only way I could get it to work. My printer vendor sent me this: 13.In User ID type the username of your Office 365 account. This will be the complete email address. This account MUST have the Global Administrator permission set in Office 365. (Part of the trial and error I did was trying to use standard Office 365 users accounts – they would never work. Only an account that was a Global Administrator would seem to relay.) I suppose I could remove all that now I have a smtp relay setup for some other devices anyways.
|
|
#
?
Sep 18, 2014 15:20
|
|
|
We have an issue that started recently with mobile devices and Activesync with Exchange 2003. When person A sends a calendar invite to person B from their Android phone, and person B accepts it from their Android phone, it shows up everywhere EXCEPT person B's phone calendar. It will show up in outlook for both people, and it shows on person A's phone calendar. If person B goes into outlook, opens the event, and saves it again, it will then show up on their mobile calendar. If person A sends the invite from Outlook to begin with and person B accepts it on their phone, that will work fine. At first I thought this was a Touchdown problem, so I installed Nine, and the same thing happens. Touchdown has its own calendar, while Nine integrates with the stock Android calendar. Neither of them will put an accepted invite on the calendar if it was sent from another phone. I'm not sure how iOS devices behave. Has anyone ever run into this before? It's kind of a difficult problem to search for. wa27 fucked around with this message at 19:21 on Sep 18, 2014 |
|
#
?
Sep 18, 2014 19:17
|
|
|
Calidus posted:It is logging into a account via TLS, it was the only way I could get it to work. My printer vendor sent me this: The way I've done it is instead of authentication, setting it up to NAT the printer out to a specific external IP address and then set up that external IP address as a connector on O365 side to accept mail flow from that IP. If I recall correctly then you could do that with just pointing to outlook.office365.com without authentication.
|
|
#
?
Sep 18, 2014 20:45
|
|
|
I'm trying to set a global limit on attachment size for an Exchange 2010 install using Set-TransportConfig -MaxSendSize 50MB The behavior I want is for the users to get an NDR if their email exceeds the limit, but instead users are getting a message from Outlook when attaching the file that says "Attachment Exceeds allowable limit", and the attachment is not attached. All the Outlook clients are in cached mode. Am I doing this incorrectly?
|
|
#
?
Sep 24, 2014 01:00
|
|
|
Swink posted:I'm trying to set a global limit on attachment size for an Exchange 2010 install using Set-TransportConfig -MaxSendSize 50MB Why do you want the NDR? This way is better imho. But anyway to get what you want I think put the limit on the send conncetor Set-SendConnector –Identity cocksucker –MaxMessageSize 50MB Dans Macabre fucked around with this message at 01:42 on Sep 24, 2014 |
|
#
?
Sep 24, 2014 01:38
|
|
|
I have a few questions concerning an Exchange 2010 to 2013 migration I'm considering. Sorry for the length. For the record, I'm currently lead infrastructure engineer for a national automotive sales and lending institution. About 3600 mailboxes. I know Exchange through 2010 quite well. I have my MCITP: Enterprise Admin and Enterprise Messaging Admin certs (along with my VCP5 and CCNA) and used to perform scores of migrations and corrections with every version of exchange from 5.5 to 2010 back in my consulting days. I am also a wiz with powershell and know the exchange cmdlet set very well. I used to be pretty active in this thread when I was still consulting. Essentially, I have a few basic planning questions for those of you that have performed these migrations. My environment: - 2 data centers, 99% virtualized on VMWare 5.5, geographically separated by 40 miles. - Metroclustered with EMC VPlex, Cisco Nexus/OTV, and 2x 10gb <1ms roundtrip latency interconnects. - 90% of our VM environment free-floats between datacenters via fully automated DRS all day long. I would have to log in and check to see what zip code my mailbox databases are currently occupying, our environment is just completely geographically agnostic. Our DMZs are the only piece that is specific to each site. My Exchange environment looks like this: - 3 Internal CAS/HT servers. Load balanced behind Cisco ACE. - 4 mailbox servers, each houses a primary and secondary copy of a database. - 4 mailbox databases. About ~350GB each. - 1 Mailbox server that does nothing except our archive database. It's less than 1TB. I keep strict size limits on mailboxes, but no limits for the archive. PST files are prohibited via GPO. gently caress PSTs forever. - No public folders. gently caress public folders forever. - 2 CAS-only servers in the DMZs that only handle webmail and activesync. One at each location. - 2 Exchange unified messaging servers that handle all of our auto-attendant and voicemail functionality. - Office 365 EOP as our inbound and outbound perimeter. - Fully operational Lync 2013 implementation. I'm only so-so with Lync. - No legacy exchange mess in ADSI. AD is completely sane and healthy. - All mobile devices are managed via AirWatch MDM, so I can publish new ActiveSync settings if needed. I designed and instituted the majority of this environment, and have no limits on what I can touch. We aren't siloed on our infrastructure team. There's only 4 of us, so there's no way we could operate if we were. I have the authority and ability to make any change I wish. I am 100% privy to all of the required SSL, DNS, sender and connection validation requirements. I don't need any help there. In my mind, I feel as if I could treat this migration similarly to how an exchange 2007 to 2010 migration might work. I guess my questions are the following, if anybody knows: At a very high level, what is the flow? Is it essentially - - Build new CAS environment. Make all of the SSL and DNS chagnes required for it? - Stand up new mailbox server environment, migrate mailboxes? Is there better interoperability with previous versions of Exchange in the Exchange 2013 CAS server role? Ie. If I stand up some 2013 CAS servers, can they serve mailboxes on 2010 mailbox servers or am I left needing to segregate the front-end environments while I'm still coexisting 2010 and 2013? I never actually touched Unified Messaging prior to working here. They didn't even ask questions about it on the exams for the MCITP. The configuration was balls-simple, but how do I even migrate it? Where does the already-configured autoattendant configurations and such live? Between F5 and the 2012 R2 Web Application Proxy role, which is preferable for a reverse proxy in the DMZs? I currently have CAS servers specifically for external client access, but I hate doing it this way. The only reason I did was because our current load balancers (Cisco ACE) don't actually do reverse proxying and the TMGs we used before were flaky poo poo. I know ADFS is a requirement for the new WAP role, but we already have a fully functional ADFS environment as well, so instituting them would be an hours work tops, but I would love it if anybody knew how well the new WAP role works long-term. I would just configure the application proxy / SSL offloading on the F5s, but we are still mid-migration on those. And last: Should I even bother migrating to 2013? We have absolutely zero complaints about our 2010 environment as it stands, and I'll never move to 365, so I don't care much about the hybrid features of 2013. The only reason I am even considering it is because, as an organization, we tend to keep on top of new technology. Blame Pyrrhus fucked around with this message at 05:09 on Sep 24, 2014 |
|
#
?
Sep 24, 2014 04:36
|
|
|
wintermuteCF posted:So my colleagues and I have been mulling over an issue and want to get feedback. My environment is significantly smaller than yours, but I'm curious, so you have size constraints on your user mailboxes? The way I keep things manageable is by keeping a narrow 300mb limit on the mailbox, but allowing the online archive store to be as large as they want. I don't keep the online archive in a DAG as I don't care too much about its availability. The smaller mailboxes are much more manageable, and the archive data is available via any interface they use sans active sync. Users will see it as a separate hierarchy in outlook and webmail, and on the mobile devices they can configure "delete" to instead just archive the message. Otherwise you can use archive policies to help automate the housekeeping. Smaller mailboxes keep the DAG replicas more manageable, and online archives are an easy sell, especially if you inform the end user it can be some monstrous or unlimited size. This plus automatic mailbox distribution takes care of 90% of my distribution woahs. I also use mimecast for journaling. Keeps it out of my hair, and for the purpose of audits it allows me granular control over custodians. It's cheap as poo poo, works well, and has fantastic auditing and role controls. Blame Pyrrhus fucked around with this message at 05:53 on Sep 24, 2014 |
|
#
?
Sep 24, 2014 05:47
|
|
|
NevergirlsOFFICIAL posted:Why do you want the NDR? This way is better imho. But anyway to get what you want I think put the limit on the send conncetor Set-SendConnector –Identity cocksucker –MaxMessageSize 50MB I want the users to get an ndr that explains how to use a file sharing doodad. My hope we'll get less support calls from a comprehensive ndr than the prompt. How can I apply this to all users for ever?
|
|
#
?
Sep 24, 2014 08:24
|
|
|
Swink posted:I want the users to get an ndr that explains how to use a file sharing doodad. My hope we'll get less support calls from a comprehensive ndr than the prompt. In the example command NevergirlsOFFICIAL gave, 'cocksucker' is the name of the send-connector, not your end user. I could see how this would be confusing. Setting it on the send-connector should apply to everyone, as long as you understand which send-connector your users are utilizing.
|
|
#
?
Sep 24, 2014 15:02
|
|
|
Linux Nazi posted:My environment is significantly smaller than yours, but I'm curious, so you have size constraints on your user mailboxes? Archives are currently handled with Enterprise Vault. Company is actively considering migrating to O365 in the near future. We're just trying to keep everything from falling apart before then.
|
|
#
?
Sep 24, 2014 17:35
|
|
|
Mierdaan posted:In the example command NevergirlsOFFICIAL gave, 'cocksucker' is the name of the send-connector, not your end user. I could see how this would be confusing. haha. Shoulda checked the cmdlet out. Cheers.
|
|
#
?
Sep 25, 2014 00:43
|
|
|
Mierdaan posted:In the example command NevergirlsOFFICIAL gave, 'cocksucker' is the name of the send-connector, not your end user. I could see how this would be confusing. Sorry for being unclear you cocksuckers.
|
|
#
?
Sep 26, 2014 15:48
|
|
|
BTW just to explain why I think the NDR isn't a good way to go, is because then the original message will still get in sent items with attachment. So even though it won't get received it'll still be increasing your mailbox sizes. If they're prevented from attaching the file to begin with that's better. Once they get that popup they'll remember to click the "fileshare.com" add-on button or whatever you're using.
|
|
#
?
Sep 26, 2014 15:50
|
|
|
^^ I agree, sending the NDR is not an elegant solution.Linux Nazi posted:I guess my questions are the following, if anybody knows: The process will go pretty much as you expected, build the CAS, configure, then move DNS to point to it. The 2013 CAS should service 2010 mailboxes however some older clients that are still using MAPI/RPC will not be able to use the 2013 CAS server. You can try and force them to go to the 2010 CAS but in all honesty if someone is still using Outlook 2003 or earlier they need to update their email client. quote:I never actually touched Unified Messaging prior to working here. They didn't even ask questions about it on the exams for the MCITP. The configuration was balls-simple, but how do I even migrate it? Where does the already-configured autoattendant configurations and such live? There is no UM server in 2013, and the responsibilities that server had is now split between CAS/MBX roles. Technet article for migration quote:And last: Should I even bother migrating to 2013? We have absolutely zero complaints about our 2010 environment as it stands, and I'll never move to 365, so I don't care much about the hybrid features of 2013. The only reason I am even considering it is because, as an organization, we tend to keep on top of new technology. If you're happy with what you have, don't want any of the new features of 2013, and have no plans on using office 365 I'm hard pressed to see a reason for you to upgrade. The only thing I can think of is it may be hypothetically easier to go to the next version of Exchange if you're coming from 2013 instead of 2010. Edit: there's a marginal improvement in efficiency, but again if you're happy with your current performance then it may not be worth the upgrade. -- Edit: Why does "Get-MsolUser -License <string>" not work? MSDN indicates it should  I mean I know I can go through and filter locally based on the license parameter but with 300,000+ user objects it's just a pain in the rear end.
Will Styles fucked around with this message at 19:56 on Sep 26, 2014 |
|
#
?
Sep 26, 2014 19:20
|
|
|
Thanks for the answers Will Styles. We are Office 2013 / Office 2011 across the board with no public folders, so there should not be any strange RPC wonkiness to cope with. And yeah, I'm also hard pressed to find a compelling reason to upgrade. Except to be current, which means easier migrations for the 2015 or whatever version that comes out. Will Styles posted:Edit: Why does "Get-MsolUser -License <string>" not work? MSDN indicates it should If it's the licenses property for the user you want, can you not use: get-msoluser | where {$_.licenses -match "LITEPACK"} Or whatever string you are looking for?
|
|
#
?
Sep 28, 2014 04:39
|
|
|
Linux Nazi posted:If it's the licenses property for the user you want, can you not use: get-msoluser | where {$_.licenses -match "LITEPACK"} You can, but I'd rather do server side filtering than client. We've got 300,000+ objects in the azure ad and querying every user can take some time and may fail because of network latency. If the -License parameter worked the filtering would be done on their side and they'd only send me the people I'm concerned with as opposed to every user I have.
|
|
#
?
Sep 28, 2014 05:58
|
|
|
Will Styles posted:You can, but I'd rather do server side filtering than client. We've got 300,000+ objects in the azure ad and querying every user can take some time and may fail because of network latency. If the -License parameter worked the filtering would be done on their side and they'd only send me the people I'm concerned with as opposed to every user I have. Yeah it kind of sucks when there isn't the expected filtering or the cmdlets don't accept piped queries the way you might expect. I find myself cursing out PowerCLI a lot because it's odd about what native cmdlets work via pipes. Though, If it wasn't for PowerCLI's less-than-stellar native cmdlet sets I'd probably never write my own functions. Typically if I'm dealing with a tremendous number of objects like this, I would just store it to a large array and work with that array. So in this instance literally just set it up with: $users = get-msoluser and then do whatever the hell you want with $users (assuming it populates without timing out). I always pre-populate any large AD or Mailbox operations and queries this way, especially while building them out so it's not hammering the live data set every time I modify the query to get it to do what I want. It's always neat to close a powershell window and watch my memory utilization drop by 2gb.
|
|
#
?
Sep 28, 2014 06:17
|
|
|
Any idea how to troubleshoot a mailbox that won't export to a *.pst? I can see the *.pst created but it'll crash outlook and just hang at 2.64MB. I've turned off all indexing and still doesn't work.
|
|
#
?
Oct 1, 2014 17:46
|
|
|
Tab8715 posted:Any idea how to troubleshoot a mailbox that won't export to a *.pst? Can you export from Exchange rather than Outlook? http://blogs.technet.com/b/exchange/archive/2007/04/13/3401913.aspx
|
|
#
?
Oct 1, 2014 18:26
|
|
|
Tab8715 posted:Any idea how to troubleshoot a mailbox that won't export to a *.pst? Try moving it from one database to another. How big is the mailbox? Number of items? Number of folders? What version of Exchange?
|
|
#
?
Oct 1, 2014 18:35
|
|
|
My goal is to figure out how to delegate management duties of individual distribution lists to individual users/groups (including the ability to add external email addresses[contact objects]), and have them able to do so through ECP So I've figured out how to add roles to the Distribution List Managers role, specifically Mail Recipient Creation and Mail Recipients. This allows users with that role the permission to create and modify distribution lists, create and modify external contacts, and all that fun stuff that needs to happen to add an email address to a list. Unfortunately it seems to allow the person with that role the ability to manage ALL distribution lists, not just those that I want to specify. Additionally it allows management of all recipients, not just external contacts. Is there a way to get that fine-tuned with permissions in ecp?
|
|
#
?
Oct 1, 2014 18:41
|
|
|
Spudalicious posted:My goal is to figure out how to delegate management duties of individual distribution lists to individual users/groups (including the ability to add external email addresses[contact objects]), and have them able to do so through ECP What you want is management role assignment scopes. In short, assigning permissions requires three things: a management role (what permissions you want to assign), a role group or assignment policy (who you want to have the permissions), and a management scope (where people should be able to use those permissions). When you create the management role assignment you can scope it to an OU, some filter (department, manager, location, etc.), or a couple other things. More info here. That's a link for 2013 but the concept is the same for 2010 (assuming you're using 2010/2013 since you mentioned ECP).
|
|
#
?
Oct 1, 2014 19:47
|
|
|
Will Styles posted:What you want is management role assignment scopes. In short, assigning permissions requires three things: a management role (what permissions you want to assign), a role group or assignment policy (who you want to have the permissions), and a management scope (where people should be able to use those permissions). When you create the management role assignment you can scope it to an OU, some filter (department, manager, location, etc.), or a couple other things. For the record it's exchange 2010. Well that definitely helps! I was able to limit the scope to an OU, and their permissions are limited. Thanks. I have a followup question. Is it possible to direct where exchange control panel creates mail contacts? Right now they are by default going in to domain/Users, can I make it go into a different OU organization-wide?
|
|
#
?
Oct 1, 2014 21:11
|
|
|
Spudalicious posted:For the record it's exchange 2010. You can set a default ou for distribution groups using "Set-OrganizationConfig -DistributionGroupDefaultOU <OU>" but there is not something that will work for mailboxes/contacts out of the box. You could make use of Commandlet Extension Agents so that whenever someone runs a New-MailContact command if an OU is not specified the extension runs and specifies an OU that you want. It's a little convoluted but if done right will do what you want. More information here but the gist of it is you write an xml config file, deploy that to all the Exchange servers, then run a command to enable the extension.
|
|
#
?
Oct 2, 2014 00:24
|
|
|
The Electronaut posted:Try moving it from one database to another. How big is the mailbox? Number of items? Number of folders? What version of Exchange? It's from Yahoo Mail, we're planning to migrate them to O365 but getting their existing mail is being a pain. My theory was that if I setup outlook to their yahoo account, saved all their email and exported it as a .pst and uploaded this to O365 it'd work but Outlook refuses to save any of the downloaded yahoo mail? It start, I can see the *.pst file size gradually increase but then just get stuck at a certain point. I disabled a bunch of search index, tried safe mode but it always fails. I thought about making a ticket with Office 365 but one of my co-workers got it working on a WinXP machine with Outlook 2007. Google wasn't very helpful with .pst export crashes either.
|
|
#
?
Oct 2, 2014 17:51
|
|
|
sounds like you should go to the yahoo mail megathread  for migration from anything to office 365 use MIGRATIONWIZ or SKYKICK (that someone here recommended but I haven't used)
|
|
#
?
Oct 3, 2014 02:36
|
|
|
Tab8715 posted:It's from Yahoo Mail, we're planning to migrate them to O365 but getting their existing mail is being a pain. Yahoo mail loving sucks rear end, hope that helps.
|
|
#
?
Oct 3, 2014 14:42
|
|
|
Whats the current go-to Spam filtering software for exchange?
|
|
#
?
Oct 15, 2014 21:20
|
|
|
Gozinbulx posted:Whats the current go-to Spam filtering software for exchange? Take that poo poo to the cloud or appliance. IMO not worth the resources and headache to run spam filtering after emails are delivered. By doing it in the cloud/on the MX level, you can only have good emails delivered to your servers. Mimecast is p. nice.
|
|
#
?
Oct 15, 2014 21:24
|
|
|
Gozinbulx posted:Whats the current go-to Spam filtering software for exchange?
|
|
#
?
Oct 15, 2014 21:29
|
|
|
Gyshall posted:Mimecast is p. nice.
|
|
#
?
Oct 15, 2014 21:32
|
|
|
|
| # ? Apr 16, 2024 10:59 |
|
|
We use SpamTitan. It's very effective, great UI, and I haven't had a false positive in years.
|
|
#
?
Oct 15, 2014 23:42
|
|
