Wednesday, February 9, 2011

Exchange Server 2007 Email Routing

Exchange Server 2007contains a completely new implementation of email routing. Each of the Active Directory service sites where Exchange mailboxes are hosted must have a Hub Transport server role to control messaging between sites, even within a single site. Within this article we will dive a little bit deeper into this new technology and I will explain how it works. Part I explains the vocabulary and the architecture to help you understand how Exchange is designed and how it works, Part II will show how to configure it on Exchange Server 2007 using the GUI administration tools and Powershell.

Message Flow Architecture

The Hub Transport server role is essential for each Exchange Server 2007 to route internal and external emails. The service running on these servers is the Exchange Transport Service (MSExchangeTransport.exe).
Inbound Email
Inbound email is email that is delivered from outside Exchange Server 2007, for example, from the Internet. We should have a gateway server implemented which can be an Edge Transport server role or Hub Transport server role. This depends on what internet connectivity and firewall structure is implemented. Best practice should be installing an Exchange Server 2007 Edge Transport server role residing in the perimeter network (also known as DMZ) without the need of Active Directory. This server then routes incoming messages into your Exchange Server 2007 organization.
Outbound Email
Outbound email means messages that are being sent from internal mailbox users to external recipients residing on the Internet. After a Hub Transport server has processed the mail and identified it as outbound mail, the server routes it to the Internet, either directly or again by passing a gateway server. This gateway server can be an Edge Server Transport server.
Local Email
Local mail flow refers to messages that are processed by a Hub Transport server in an Exchange Server 2007 organization and delivered to a mailbox on the same Active Directory Site.
Remote Email
Remote Email flow refers to messages that are processed by a Hub Transport server in an Exchange Server 2007 organization and delivered to a mailbox on a different Active Directory site from the source mailbox.

SMTP Connectors

SMTP connectors are Exchange Server 2007 components that support one-way SMTP connections. Due to this new restriction (based on earlier versions of Exchange Server) we need two connectors:
  • SMTP Receive Connectors
  • SMTP Send Connectors
An SMTP Receive connector is required for an Exchange Server 2007 server system to accept any SMTP connection. It is used to enable an Exchange Server Hub Transport role or Edge Transport server role to receive email from any other SMTP server on the Internet, other Exchange Server 2007 Hub Transport server roles, Edge Transport server roles or other Exchange Server 2007 environments. You can configure multiple SMTP Receive connectors with different parameters on a single Exchange Server due to implementation or high availability reasons. You do not have to create SMTP Receive connectors to route mail between Hub Transport server roles within the same forest.
An SMTP Send connector is required for an Exchange Server 2007 system to send any SMTP email. It is required to send email to any SMTP server on the internet or to any SMTP server within the same Exchange Server organization.
You can manage each of them using the Exchange Management Console or Exchange Management Shell. To manage connectors using the shell use the Set-ReceiveConnector and Set-SendConnector cmdlets.

Message Transport Components

To work with Exchange Server and troubleshoot message transport problems you should know the internal workings of Exchange message routing.
Messaging Components are:
  • Submission Queue
  • Store Driver
  • Microsoft Exchange Mail Submission Service
  • Pickup Directory
  • Categorizer
Messages from outside your Exchange organization enter the transport pipeline through an SMTP Receive Connector. Messages inside enter the pipeline through the Hub Transport server role.

Submission Queue

Each Transport server role (Hub or Edge Transport) has one submission queue that is created by the categorizer when Exchange Transport Service starts. It stores all messages on the local hard disk until they are processed by the categorizer for delivery. They are then finally removed from this queue.

Store Driver

Messages sent by a mailbox user enter the transport pipeline when they reach the sender’s outbox. The store driver on the Hub Transport retrieves it from the user’s Outbox and then transfers it to the submission queue. After the message has been successfully added to the submission queue, it is moved from the sender’s Outbox to the sender’s Sent Items. Messages are stored in MAPI format and must be converted to Summary Transport Neutral Encapsulation Format (S/TNEF) before being placed in the Submission Queue. This conversion is the job of the store driver, too. If this conversion is unsuccessful, a non-delivery report (NDR) is generated.

Microsoft Exchange Mail Submission Service

The Microsoft Exchange Mail Submission Service is a notification service that runs on Mailbox server roles. It notifies the Hub Transport server role to pick up the message from the sender’s Outbox. If there are multiple Hub Transport server roles on one Active Directory site, the Message Exchange Mail Submission service attempts to evenly distribute notifications between each transport role using static load balancing.

Pickup Directory

Each message that is transferred to the pickup directory has been successfully submitted to the submission queue via the categorizer. Messages placed in the Pickup Directory must be in the appropriate format and have read/write permissions configured. It allows you to take a properly formatted text file and have the Hub Transport server role process and deliver it. This can be very helpful when mail flow is being validated in the organization or relaying specific messages or returning to the transport pipeline. Even 3rd party applications may place messages in the Pickup directory rather than communicating directly with the Exchange Server.

Categorizer

The categorizer always picks the oldest message from the Submission queue and checks whether this message has to be routed internally in the Exchange organization or externally.
On each Hub Transport server the categorizer performs the following tasks:
  • Identification and verification of recipients
  • Expansion of distribution lists
  • Determination of routing paths
  • Conversion of content formats
  • Application of message policies

Implementation of Message Transports

Every time you install Hub Transport server roles in Exchange Server 2007 environments, message routing is enabled by default, but you may need to configure additional options on the Hub Transport server role. This process can look like this:
  • Configure server-specific settings
  • Configure authoritative domains and email address policies
  • Configure a postmaster mailbox
  • Configure Internet message flow
  • Configure messaging policies
  • Configure administrative permissions:
    • Exchange Organization Administrators
    • Exchange Server Administrators
    • Exchange View-Only Administrators
Each of these configuration settings are unique and need to be defined in a design document before the configuration for each company.
Posted by at No comments:

Sunday, February 6, 2011

Managing Exchange 2010 with Remote PowerShell


by Mukesh Kumar Singh on February 6, 2011
One of the major changes in Exchange 2010 is that all of the Exchange Management Shell administration is done through PowerShell remoting. Even when you run the Exchange Management Shell from an Exchange Server, or a workstation with the Exchange tools installed, you are establishing a remote PowerShell session to Exchange.
When you double click the Exchange Management Shell icon on an Exchange 2010 server or workstation with the management tools installed, the following takes place:
  • The Microsoft.Exchange.Management.PowerShell.E2010 snap-in gets loaded.
  • The RemoteExchange.ps1 script get's dot sourced into the PowerShell session - this initializes some variables and imports several Exchange specific functions.
  • The Connect-ExchangeServer function gets executed - this will attempt to create a remote PowerShell session on the local server, if a connection cannot be made locally it will attempt to connect to a another server in the same site, starting with servers running the CAS role, then on to servers running the mailbox, hub transport and UM roles.
  • Once you are connected to an Exchange server, all of the Exchange cmdlets are imported into the PowerShell session using implicit remoting.
You can run the Connect-ExchangeServer function manually. Use the -auto parameter to connect using autodiscover:
Connect-ExchangeServer -auto

You can use the Connect-ExchangeServer function with the -ServerFQDN parameter to manually connect to a specific server:
Connect-ExchangeServer -ServerFqdn phx-ex01.exchangelab.com

Manually Configuring Implicit Remoting

We can manually configure implicit remoting to import commands into our local PowerShell session. This means that we do not need to have the Exchange tools installed in order to work with Exchange Management Shell commands.
The first step is to create a session using the New-PSSession cmdlet:
$s = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://phx-ex01.exchangelab.com/PowerShell/ -Authentication Kerberos

If you need to connect with alternate credentials, you can use the credential parameter with New-PSSession. For example, you can pass the Get-Credential cmdlet to the credential parameter, this would prompt you for your credentials when creating your PSSession.
$s = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://phx-ex01.exchangelab.com/PowerShell/ -Authentication Kerberos -Credential (Get-Credential)
Once you have a PSSession object created, import the session using the Import-PSSession cmdlet:
Import-PSSession $s

As you can see here, the Exchange Management Shell commands are imported into our local PowerShell session and listed in under the exported commands column.

Managing Exchange Servers using Fan-Out Remoting

Fan-out remoting is used to issue PowerShell commands to many systems at once. For example, say you need to reboot several servers for maintenance, you could use the Invoke-Command cmdlet to invoke the Restart-Computer cmdlet on each server at the same time:
$srv = "EX01","EX02","EX03"
Invoke-Command -ScriptBlock {Restart-Computer -Force} -ComputerName $srv

Fan-out remoting is useful for mass server management, when the Exchange cmdlets are not required. For example, restarting services or making a registry change on many servers at once, or rebooting multiple servers at the same time as we saw in this example.

Adding Exchange Management Shell to your Standard PowerShell Profile

I like to have all my tools loaded in my standard PowerShell profile. For example, I have several snap-ins and other tools loading when I start PowerShell. I use a single PowerShell instance to manage AD with the RSAT AD PowerShell module, PowerCLI for VMware, and also the Exchange Management Shell tools.
If you do not have a profile setup, you can create one using the following command:
New-Item -Itemtype file -path $profile -force

Once your profile is created, you can edit it in notepad by typing notepad $profile and hitting enter.
There are two ways to add the Exchange Management Shell tools to your standard PowerShell profile.

1. Using Implicit Remoting

We already looked at the commands for performing implicit remoting with Exchange. You can simply add that code to your PowerShell profile. Every time you start PowerShell, you will have the Exchange Management Shell commands imported into your session.

2. Using the Exchange Snap-in

Technically, you'd want to use implicit remoting even if the tools are installed, since that's the supported way and what makes RBAC possible. But, you can also setup a PowerShell profile using the Exchange snap-in if you so choose; add the following code to your profile:
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
. $env:ExchangeInstallPath\bin\RemoteExchange.ps1
Connect-ExchangeServer -auto

This will add the snap-in, dot source the RemoteExchange.ps1 to load the helper functions and gloabal variables, and then connect to an Exchange server using autodiscover. Keep in mind that adding the snap-in like this isn't actually supported. It will work but you'll need the appropriate AD permissions since you are essentially bypassing RBAC by not using remoting.
There are a lot of changes in Exchange 2010, and as you can see the PowerShell management is no exception. I hope this information has been helpful.
Posted by at No comments:

Tuesday, February 1, 2011

WHAT'S NEW IN EXCHANGE 2010


NEW FEATURES IN EXCHANGE 2010    





Microsoft Exchange Server 2010 brings a new and rich set of technologies, features, and services to the Exchange Server product line. New features and functionality in Exchange 2010 support several key concepts:
  • Flexible and reliable
  • Anywhere access
  • Protection and compliance
The following sections provide you with an overview of some of the important new features and functionality, which you can use when you're planning, deploying, and administering your Exchange 2010 organization.
(For information about features that have been discontinued or de-emphasized from Microsoft Exchange Server 2003 or Exchange Server 2007 to Exchange 2010, see Discontinued Features [ http://technet.microsoft.com/en-us/library/aa998911.aspx ] .)
For information about the features and changes that have been added in Exchange 2010 SP1, see What's New in Exchange 2010 SP1 [ http://technet.microsoft.com/en-us/library/ff459257.aspx ] .
 Flexible and Reliable
The pressure to optimize your IT infrastructure to respond to changing business conditions demands agility and that means investing in solutions that provide you and your organization choice. Exchange 2010 gives you the flexibility to tailor your deployment based on your organization's unique needs and a simplified way to help keep e-mail continuously available for your users.
 High Availability Functionality
Exchange 2010 integrates high availability into the core architecture of Exchange to enable customers of all sizes and in all segments to economically deploy a messaging continuity service in their organization.
Exchange 2010 includes many changes to its core architecture. In Exchange 2010, new features such as incremental deployment, mailbox database copies, and database availability groups work with other features such as shadow redundancy and transport dumpster to provide a new, unified platform for high availability and site resilience.
For more information about high availability features, see New High Availability and Site Resilience Functionality [ http://technet.microsoft.com/en-us/library/dd335211.aspx ] .
 Exchange Store and Mailbox Database Functionality
The following is a list of core store functionality that's included or has been changed in Exchange 2010:
  • Deprecated storage groups
  • Mailbox databases no longer connected to the server object
  • Improvements in Extensible Storage Engine (ESE) for high availability, performance, and database mobility
  • Flattened Outlook store schema
  • Enhanced reporting with public folders
For more information about Exchange store and mailbox database features, see New Exchange Core Store Functionality [ http://technet.microsoft.com/en-us/library/bb125040.aspx ] .
 Permissions Functionality
In Exchange 2010, Role Based Access Control (RBAC) replaces the permissions model used in Exchange 2007. Using RBAC, you can define extremely broad or extremely precise permissions models based on the roles of your administrators and users.
For administrators and specialist users, management role groups define what these users can manage in the organization. Role groups associate role group members to a set of management roles that define what the members can do. By adding or removing users as members of role groups, and adding or removing role assignments to or from a role group, you can control what aspects of the organization the members can manage.
For end users, management role assignment policies define what users can configure on their own mailbox. Assignment policies are applied to every mailbox either by default or manually, and enable you to control whether users can change their personal information, contact information, distribution group membership, and so on.
Both role groups and role assignment policies are assigned management roles. Management roles control access to the cmdlets and parameters required to perform a task. For example, if a cmdlet exists on a management role, and that role is assigned to a role group, the members of that role group can then use that cmdlet.
For more information about RBAC features, see Understanding Permissions [ http://technet.microsoft.com/en-us/library/dd297943.aspx ] .
 Transport and Routing Functionality
The following is a list of new transport and routing functionality included in Exchange 2010:
  • Shadow redundancy
  • MailTips
  • Moderated transport
  • Federated delivery
  • Latency service level agreement (SLA) management
  • End-to-end message tracking
  • Incremental EdgeSync
  • Transport rules integration with AD RMS
  • Transport dumpster improvements
  • Transport database improvements
For more information about transport features, see New Transport Functionality [ http://technet.microsoft.com/en-us/library/ee633463.aspx ] .
 Exchange Server 2010 Deployment Assistant
Exchange Server 2010 introduces the Exchange Server Deployment Assistant, or ExDeploy, a new Web-based tool that can help you with your Exchange deployment. ExDeploy asks you a few questions about your current environment and then generates a custom checklist and procedures that help simplify your deployment.
For more information, see Exchange 2010 Deployment Assistant [ http://technet.microsoft.com/en-us/library/ee681665.aspx ] .
 Administration Functionality in the Exchange Management Console
The following is a list of the new core Exchange Management Console (EMC) features included in Exchange 2010. The core EMC refers to new functionality that affects how you use the EMC, and not how you use specific features:
  • Ability to add Exchange forests to the console tree
  • Customer Feedback start tab
  • Community and Resources
  • EMC command logging
  • Property dialog box command exposure
  • RBAC permissions aware for the EMC
  • Online Exchange Help
For more information about EMC features, see New Administrative Functionality in the Exchange Management Console [ http://technet.microsoft.com/en-us/library/dd335120.aspx ] .
 Administration Functionality in the Exchange Management Shell
The following is a list of features available in the new Exchange Management Shell:
  • Remote administration   With the new Shell, you can connect to remote servers running Exchange 2010 across the network with only Windows Management Framework installed, which includes Windows PowerShell. For more information, see Overview of Exchange Management Shell [ http://technet.microsoft.com/en-us/library/dd297939.aspx ] .
  • RBAC integration   The Shell works with RBAC to give you and your users access only to the cmdlets and parameters you and they are allowed to use. If your permissions don't allow you to configure a certain feature, you aren't given access to the cmdlets, parameters, or both, that manage that feature. For more information, see Understanding Role Based Access Control [ http://technet.microsoft.com/en-us/library/dd298183.aspx ] .
  • Administrator audit logging   Actions that result in the modification of Exchange organization configuration and other object properties in the EMC, the Web management interface, and the Shell can now be logged for later review. For more information, see Overview of Administrator Audit Logging [ http://technet.microsoft.com/en-us/library/dd335052.aspx ] .
  • Improved multiple-valued property syntax   Instead of running multiple commands to add and remove values from a single property, you can now add and remove values with a single command. For more information, see Modifying Multivalued Properties [ http://technet.microsoft.com/en-us/library/bb684908.aspx ] .
 Exchange Control Panel
Administrators can use the Exchange Control Panel for Outlook Web App to manage some on-premises tasks. The following is a list of the administrative features available:
  • Text messaging integration
  • Voice messaging integration
  • Multiple mailbox search
  • Additional proxy addresses for mailboxes
  • Moderation and approval for distribution list submission
In addition, users have self-service capabilities in that they can perform administrative tasks via the Exchange Control Panel. The ECP enables users to perform common tasks without having to call the help desk. This allows your users to be more productive and allows IT staff to deliver more, while reducing support costs.
For more information, see Configure ECP Virtual Directory Properties [ http://technet.microsoft.com/en-us/library/dd876904.aspx ] .
 Mailbox and Recipient Functionality
The following is a list of the new mailbox and recipient functionality that's included or has been changed in Exchange 2010:
  • Ability for users to share information, such as calendar free/busy information and contacts with users who reside in a different organization
  • Improved scheduling and configuring for resource mailbox calendar processing
  • Ability to move a mailbox while the end user is still accessing it
  • Additional parameters added to distribution group cmdlets to allow users to create and manage their own distribution groups in Outlook Web App and Exchange 2010
  • Ability to appoint a moderator to regulate the flow of messages sent to a distribution group
  • Ability to manage folder-level permissions for all folders within a user's mailbox
  • Expanded bulk recipient management to allow you to bulk manage recipient properties
  • Ability to send mail to recipients from the EMC
For more information about mailbox and recipient features, see New Mailbox and Recipient Functionality [ http://technet.microsoft.com/en-us/library/dd298027.aspx ] .
 Exchange Web Services Managed API 1.0
The Microsoft Exchange Web Services (EWS) Managed API 1.0 provides a managed interface for developing client applications that use Exchange Web Services. Beginning with Exchange 2007 Service Pack 1 (SP1), the EWS Managed API simplifies the implementation of applications that communicate with Exchange. Built on the Exchange Web Services SOAP protocol and Autodiscover, the EWS Managed API provides a .NET interface to Exchange Web Services that's designed to be easy to learn, use, and maintain.
For more information, see Introducing the Exchange Web Services Managed API 1.0 [ http://go.microsoft.com/fwlink/?LinkId=168445 ] and Microsoft Exchange Web Services Managed API 1.0 [ http://go.microsoft.com/fwlink/?LinkId=168443 ] .
 Client Throttling Functionality to Manage System Performance
Exchange 2010 uses client throttling policies to manage the performance of your Exchange organization. To do this, Exchange tracks the resources that each user consumes and enforces connection bandwidth limits as necessary.
Some of the benefits of client throttling include making sure that:
  • Users aren't intentionally or unintentionally taxing the system.
  • Users of various connectivity methods are proportionally sharing resources.
You manage client throttling policies with Shell cmdlets. For more information about client throttling policies, see Understanding Client Throttling Policies [ http://technet.microsoft.com/en-us/library/dd297964.aspx ] .
 Anywhere Access
Enhancements in Exchange 2010 helps users get more done by helping them to access all of their communications—e-mail, voice mail, instant messaging—from virtually any platform, Web-browser, or device through industry standard protocols. Managing the flow of information into and out of an individual’s inbox daily can create overload and affect productivity and profitability. In response to this challenge, Exchange 2010 adds new productivity features that can help users more easily organize and effectively prioritize their communications.
 Unified Messaging Features
The following is a list of new Unified Messaging features included in Exchange 2010:
  • Call answering rules
  • Additional language support included in Outlook Voice Access
  • Enhancements to name lookup from caller ID
  • Voice Mail Preview
  • Message Waiting Indicator
  • Missed call and voice mail notifications using text messaging
  • Protected Voice Mail
  • Incoming fax support
  • Addressing to groups (personal distribution lists) support
  • Built-in Unified Messaging administrative roles
For more information about Unified Messaging and voice mail features, see New Unified Messaging Functionality and Voice Mail Features [ http://technet.microsoft.com/en-us/library/dd351281.aspx ] .
 Outlook Web App Features
The following is a list of new features in Outlook Web App included in Exchange 2010:
  • Favorites in the navigation pane
  • Search folders
  • Message filtering
  • Ability to set categories in the message list
  • Options in the Web management interface for Outlook Web App
  • Side-by-side view for calendars
  • Multiple client language support
  • Ability to attach messages to messages
  • Expanded right-click capabilities
  • Integration with Office Communicator, including presence, chat, and a contact list
  • Conversation view
  • Ability to send and receive text messages from Outlook Web App
  • Outlook Web App mailbox policies
For more information about Outlook Web App features, see Understanding Outlook Web App [ http://technet.microsoft.com/en-us/library/aa998629.aspx ] .
 Exchange ActiveSync Features
The following is a list of new Exchange ActiveSync features included in Exchange 2010:
  • Conversation grouping of e-mail messages
  • Ability to synchronize or not synchronize an entire conversation
  • Synchronization of SMS messages with a user's Exchange mailbox
  • Support for viewing of message reply status
  • Support for availability information for contacts
 Text Messaging Features
The following is a list of new text messaging features included in Exchange 2010:
  • Missed call and voice mail notifications
  • Calendar and agenda updates
  • Text messages sent and received through Outlook Web App and Outlook 2010
  • Text message synchronization with a mobile phone
 POP3 and IMAP4 Cross-Site Connectivity Support
Cross-site POP3 and IMAP4 client connectivity is supported by default in Exchange 2010. For more information about POP3 and IMAP4 client connectivity features, see Understanding POP3 and IMAP4 [ http://technet.microsoft.com/en-us/library/bb124107.aspx ] .
 Protection and Compliance
Exchange 2010 delivers new, integrated e-mail archiving and retention functionality, including granular multi-mailbox search and immediate legal hold. Exchange 2010 also helps you to better protect your company’s communications and e-mail through centrally managed information control capabilities. This includes the ability to more effectively intercept, moderate, encrypt, and block e-mail messages. Together, this functionality provides you with a flexible range of protection and control options, whether you want to automatically enforce controls or empower users to implement their own data protection.
 Messaging Policy and Compliance Features
Exchange 2010 compliance features make retention independent of users' mailbox management and filing habits, and ensure retention policies are applied continuously. The following is a list of new messaging and compliance features included in Exchange 2010:
  • Additional messaging records management (MRM) functionality to apply message retention policies
  • Personal Archive feature to provide users with online archive mailboxes and help eliminate .pst files
  • Mailbox search features for cross-mailbox search with Advanced Query Syntax (AQS) support
  • Additional transport rules predicates and actions
For more information about messaging policy and compliance features, see New Messaging Policy and Compliance Functionality [ http://technet.microsoft.com/en-us/library/dd351165.aspx ] .
 IRM-Protected E-Mail Functionality with Active Directory Rights Management Services
The following is a list of new Information Rights Management (IRM)-protected e-mail functionality with Active Directory Rights Management Services (AD RMS) included in Exchange 2010:
  • Microsoft Outlook protection rules, to apply IRM-protection to messages in Outlook 2010
  • Transport protection rules, to apply IRM protection to messages based on rule conditions
  • Persistent protection of attachments in IRM-protected messages
  • Support for AD RMS templates
  • Support for IRM in Microsoft Office Outlook Web App
  • Transport decryption, to decrypt IRM-protected messages to apply messaging policies
  • Journal report decryption, to attach a decrypted copy of IRM-protected messages to journal reports
  • AD RMS protection for Unified Messaging voice mail messages
For more information about IRM features, see Information Rights Management [ http://technet.microsoft.com/en-us/library/dd351035.aspx ] .
Posted by at No comments:
Subscribe to: Posts (Atom)