Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
  • Post
  • Reply
Nebulis01
Dec 30, 2003
Technical Support Ninny

captkirk posted:

I'm working on replicating our public folder from the 2003 servers to the 2010 servers. My boss does not want to move them all over to 2010 yet, so I can't just use the Move All Replicas... button. Is there something in existence to do this or will I need to just add a replica to every folder by hand (or script it I suppose)?

Add the Exchange 2010 server as a replication partner on the 2003 server (provided they can communicate via SMTP). Wait up to 24hrs (it shouldn't take this long, my largest public folder was like 5GB and took ~20mins) and then remove the 2003 server as a replication partner

Adbot
ADBOT LOVES YOU

Nebulis01
Dec 30, 2003
Technical Support Ninny

SmellsOfFriendship posted:

Oh, one more thing. Does anyone know of a good .edb to .pst recovery tool that will actually let you do a test extract? I'm leery of paying $300-$1000 for something I can't test fully.

http://www.krollontrack.com/software/powercontrols/

Call them and talk to them, powercontrols has saved my rear end multiple times.

Nebulis01
Dec 30, 2003
Technical Support Ninny

SmellsOfFriendship posted:

I tried using the eval version. They won't let you extract, which totally sucks. I get why, they don't want people using it without purchasing it for like one or two mailboxes. But I can't justify the cost without proving the data comes out and is acceptable.

Call them and get a 30day key, they will give you one, they did for us.

Nebulis01
Dec 30, 2003
Technical Support Ninny

SmellsOfFriendship posted:

Total jerks as it turns out. I tried to explain the situation and that I'm on a really tight deadline. They flat out refused.

I'm sorry man

Nebulis01
Dec 30, 2003
Technical Support Ninny

Drighton posted:

Is this our general Exchange question thread, because my google-fu has failed me on the current problem.

edit: Rebooted the offsite DC, no more problems. It never fails, as soon as I post here I find the solution. Maybe I should start posting my problems before I start googling.

I'm pretty sure this is considered the exchange everything thread. What was your issue that you had to reboot a DC for?

Nebulis01
Dec 30, 2003
Technical Support Ninny

Quick question for you guys.

We have a bunch of resource mailboxes on Exchange 2007 SP3. When someone leaves the organization and they've scheduled an appointment on those mailboxes they appointments are not deleted when their exchange/ad account is deleted. Is there a way to go through and prune these now bogus appointments using powershell or something? Currently one of our secretaries does it and I figured their has to be a better way.

Nebulis01
Dec 30, 2003
Technical Support Ninny

Linux Nazi posted:

Cached mode should almost always be deployed and really only disabled short-term in instances where you need to troubleshoot something. If it's causing problems then you got bigger problems to worry about.

You have a whitepaper or best practice for that? We run all our clients with caches mode disabled and I'd like to see the over/under on why turning it on is a good thing.

Nebulis01
Dec 30, 2003
Technical Support Ninny

Appreciate the link and input. We've got the hardware behind it to leave it in online but good to know if we move to to a more mobile workforce it becomes a consideration.

Nebulis01
Dec 30, 2003
Technical Support Ninny

Wonder_Bread posted:

Not specifically limited to Exchange, but I figured this would be the best place to ask.

Does anyone here have a policy about putting personal cell phones on company email? I finally got out Lotus Traveler server working correctly and want to draft up a policy stating IT can and will wipe a phone if it's lost/stolen/employee leaves. Traveler gives me the option to only wipe itself and any associated data but I want them to sign off in case something goes wrong and the entire phone gets wiped.

We have our employees sign the following

My Employer posted:

I, __________________________, acknowledge the following by using my personal device to synchronize Company email:

1. I have demonstrated to IS my personal device meets the Current Personal Device Standards listed in the Current Security Standards

2. I will report a lost or stolen device to IS within 24 hours

3. I will not use my personal device to access, store or send Protected Health Information (PHI)

4. Information Services will not provide support for my personal device

5. The Current Personal Device Standards are subject to change without notice

IS has my explicit permission to remotely wipe my personal device in any of the following events:
1. Device is lost or stolen for more than 24 hours

2. I terminate employment with company for any reason

3. My device no longer meet the Current Personal Device Standards listed in the Current Security Standards

A remote device wipe might include any and all data, including that on removable media (e.g. SD cards) from the device, which may result in loss of personal information. I will hold harmless Company for any damage that may arise as a result of my personal device being wiped.
This agreement is effective as of __________________________________ between __________________________ and Company.

The current personal device standards require that the devices meet specific criteria listed as

Current personal device standards posted:

This document provides a high-level list of current security standards for company. Devices used to connect to company network must comply with the security standards outlined herein. The security standards are subject to change without notice.
CURRENT PERSONAL DEVICE STANDARDS
Type
Security Feature

Smart Phone
Enforce device encryption, including encryption of storage cards
Enforce pin/password of 4 characters or greater
Enforce password history
Enforce password expiration (90 days)
Enforce auto-lock after 10 minutes without user input
Enforce auto-wipe after 10 incorrect password entries

Tablets
Enforce device encryption, including encryption of storage cards
Enforce pin/password of 4 characters or greater
Enforce password history
Enforce password expiration (90 days)
Enforce auto-lock after 10 minutes without user input
Enforce auto-wipe after 10 incorrect password entries


In order to have a personal device synchronize email, it must meet certain standards for security purposes. These standards, as posted above, are industry standards. You can contact your carrier or device manufacturer to see if your device qualifies. If they are unable to tell you, consider using the web as device support can change with software upgrades. One resource you may consider is the Wikipedia Comparison of Exchange ActiveSync Clients. Your device should have a green “Yes” in the Exchange ActiveSync 12.0 or 12.1 tables. Some devices do not meet the standards posted above without installing third party software. You will need to contact the software vendor to ensure their software will meet the security standards posted above. If you are not comfortable doing this on your own, it is recommended you pick a device that supports the standards posted above without third party software.

A copy of the signed document is submitted to IS before active sync is enabled on their exchange account and kept on file with HR for the entirety of their employment. We're anal about the mobile encryption requirement because some of our employees, even though it's against policy, send PHI over email We give them a one time best effort to get active sync setup on their device, after that they're on their own

Nebulis01 fucked around with this message at Mar 19, 2012 around 21:16

Nebulis01
Dec 30, 2003
Technical Support Ninny

Cpt.Wacky posted:

Thanks for sharing this. I have the worst time coming up with these from scratch, so I'll borrow heavy from those.

I'm curious about the rationale behind the quoted point though. Something like that here would make the device useless if it was strictly followed by the user, not to mentioned if they're checking email how could they reasonably prevent other people from sending them PHI. Is it just more of a CYA so that when you get sued you can say you told them not to do it? It seems like all the other security requirements you have in place that PHI would be safe enough on a phone.

Our lawyer made us place it in there, HIPAA also requires we do a 'best effort' to make sure that portable devices with access to PHI are encrypted. I would love to believe PHI is safe on a phone but rooted devices can falsify flags sent to exchange and tell me 'yes i'm encrypted' but in reality aren't I can't stop thinking about being sued

Nebulis01
Dec 30, 2003
Technical Support Ninny

Cpt.Wacky posted:

That policy is for personal devices. Do you have company devices that do allow access to PHI?

It just seems like the only "effort" that policy has is telling people not to do it, and they are probably doing it anyways. It would be just as effective to say it's OK to access PHI and then tell them not to root their phones to bypass the checks on encryption, locking, etc.

Anyways, I understand the difficulties of dealing with non-technicals when it comes to policy.

Thanks HIPAA

We have company issued blackberry devices that we issue to certain users that are allowed to access PHI on internal facing applications since BB users can access the intranet stuff

But yeah, thanks HIPAA and non-technical users

Nebulis01
Dec 30, 2003
Technical Support Ninny

Linux Nazi posted:

Android handsets are poo poo when it comes to compliance with activesync policies. The solution is to narrow down the supported handsets, or license touchdown.

iOS devices ~*~just work~*~

Somebody once posted a PDF report on various handsets specifically relating to this issue and I've never been able to find it again.

https://en.wikipedia.org/wiki/Compa...iveSync_clients


Is what I use, I don't support android devices unless they're running touchdown makes my life much simpler.

Nebulis01
Dec 30, 2003
Technical Support Ninny

ICA posted:

Not sure if this is the best place for this but here goes.

Can anyone tell me an easy / step by step way of forwarding my emails from my two Hotmail accounts (@hotmail.co.uk & @caledonian.ac.uk) to my Gmail acc? Tried myself but Hotmail's Outlook options are unmanageable and I can't see anything in Gmail's settings.

Thanks.

If your Hotmail accounts are old enough they support being checked via POP3, or you can pay for the feature. Gmail supports checking multiple accounts under Settings > Accounts and Import > Check mail from other accounts (POP3). Just have gmail check and download w/ delete.

Nebulis01
Dec 30, 2003
Technical Support Ninny

Lovie Unsmith posted:

Unless I'm looking in the wrong place, I don't have that but I do have "Hide from Exchange address lists" which I just unchecked. Am I on the right track?

That should resolve your issue. So yes you're all aboard the exchange administrator choo-choo


Nebulis01
Dec 30, 2003
Technical Support Ninny

Lovie Unsmith posted:

What that does is enable users to send an email to all 520 contacts in that list. What they need is to be able to pick and choose any of those contacts to send to as needed, just like their own contacts.

Ahh, then what sanchez was telling you do was correct.

http://www.msexchange.org/tutorials/MF018.html

Nebulis01
Dec 30, 2003
Technical Support Ninny

Wicaeed posted:

Does anyone have any guides on how to set up a test Exchange environment?

I have a single instance of ESXi to work with, but would prefer to keep everything on a single vm since I don't have that many resources to work with.

If you have to stick it all on one box download the VHD from MS
https://www.microsoft.com/en-us/dow...ls.aspx?id=5002

It would be worth doing it on multiple boxes to experience the certificate, iis configuration and etc that doesn't occur if you stick all the rolls on one box

Nebulis01
Dec 30, 2003
Technical Support Ninny

Chillbro Swaggins posted:

Like what? Do Exchange online archive and then not back up the archive db? No way that will fly.



Jatheon, GFI Mail Archiver, Metalogix, etc. They make it completely transparent to the user and do dedupe and compression, better indexing, compliance holds, etc on the old emails also since the archived stuff doesn't need to be at best performance you can use lower end hardware and also cut back on the amount of hardware that is needed for exchange.

Nebulis01
Dec 30, 2003
Technical Support Ninny

Envrionment:
Internet > Symantec Brightmail SMTP Gateway > Exchange 2003 SP3 (hosts only one mailbox for a legacy service, as well as the Virtual SMTP server > Exchange 2007 SP3 (hosts all other mailboxes and the CAS, Hub Transport and Mailbox roles)

Account1: User mailbox to which users have ‘Send-As’

Group1: a Mail-Enabled Universal Distribution Group

Account2: User mailbox with ‘Send-As’ permission on Account1, also a member of Group1

The public can successfully send email to Account1, and all members of the Group1 receive that email.

Problem:
Today, Account2 sends a blast email as Account1, according to SMTP server (Symantec) 1,790 emails were sent successfully. The Symantec server also processed 40 receive transactions for Account1, but nobody on Group1 has any record of those emails. Exchange 2007 message tracking with the following settings

get-messagetrackinglog -Sender "Account1 " -Server "EXCHCASHUB" -EventID "RECEIVE" -Start "7/16/2012 12:00:00 AM" -End "7/16/2012 3:14:00 PM"

has a number of emails that have been received but nobody in Group1 ever received a copy of the emails.

I have verified that the ‘require that all senders are authenticated’ check box is not ticked in the Message delivery restrictions for Group1

Any ideas where these emails (bounces, out of office,etc) have ended up?

Nebulis01 fucked around with this message at Jul 16, 2012 around 22:53

Nebulis01
Dec 30, 2003
Technical Support Ninny

Nebulis01 posted:

Some stuff about NDRs and Distribution Groups

Apparently microsoft doesn't support sending NDRs to Distribution Groups or Public Folders. This is by design, my users are going to love this

http://support.microsoft.com/kb/817220/en-us

Nebulis01
Dec 30, 2003
Technical Support Ninny

Linux Nazi posted:

Microsoft is going to tell you do use sharepoint lists or shared mailboxes for multi-user access, traditional public folder databases have been threatened to be phased out since Exchange 2007 beta.

Public folders are back with a vengeance in Exchange 2013. It's even got it's own role. They listened to the community for a change

If you do go sharepoint for this, I believe you also have to stand up UAG/TMG in order to present that to mobile clients (I remember reading this somewhere let me search for a source.)

Edit: i can't find a source for that

Nebulis01 fucked around with this message at Sep 19, 2012 around 23:15

Nebulis01
Dec 30, 2003
Technical Support Ninny

Powdered Toast Man posted:

I will be spearheading an upgrade project from Exchange 2007 to 2013 soon. How hosed am I? (note that it is a relatively small deployment, only two servers and less than 1,000 users)

I've been looking at doing the same thing and there is no strait upgrade path. You have to go 2007 > 2010 > 2013. I'm not sure if you can get away with using the Exchange demo for the upgrade or if you need to license 2010 prior to the upgrade.

Nebulis01
Dec 30, 2003
Technical Support Ninny

LmaoTheKid posted:

Could you copy the database to an external and run a check on another machine while leaving the current one in place?

This is a solid idea, that way no chance eseutil truncates your DB and fucks your exchange up.

Nebulis01
Dec 30, 2003
Technical Support Ninny

Lex Kramer posted:

So if I have this completed ntbackup of the db, should I restore it from the backup to another machine? What's the best way to get the db.

Yes restore it to a workstation, grab eseutil from your version of exchange and go to town.

Nebulis01
Dec 30, 2003
Technical Support Ninny

sanchez posted:

This, I used to get certs that included internal server names etc, but it's really not necessary anymore. Changing the CAS URLs works fine.

As of sometime in 2015 you can't do this any more anyway. All members of the SAN certificate must have a verifiable FQDN

Nebulis01
Dec 30, 2003
Technical Support Ninny

Syano posted:

What's everyone using for an archiving app?

GFI MailArchiver 2012 SR2, 300 mailboxes and with support for 5 years it was $4,500.

Adbot
ADBOT LOVES YOU

Nebulis01
Dec 30, 2003
Technical Support Ninny

Internet Explorer posted:

Does anyone have any experiencing with the GFI Mail Archiver plugin for Outlook? How well does it work and how much of a pain is it to setup? Want to be able to archive emails automatically and then allow users to view them in Outlook without any trouble.

We have it installed, it automatically adds the GFI archive for the user as an additional mailbox inside outlook and lets you search just within the archive or search both your exchange account and the archive for the user.

The downside is you can't view more than one user with the outlook add-on like you can with the web interface


Mierdaan posted:

Last time I tried it, you had to muck with registry keys to make it useful. By default it pulls down headers for a pitifully small window, and polls the MARC server like crazy - but if you adjust those keys, it's okay I guess. I just trained my users to use the web interface since the search it has is better than Outlook's anyway.


You can adjust these settings in a GPO with the provided .adm/admx they provide for the deployment

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply