Michael's meanderings...

Microsoft MVP 2009...

michael — Thu, 02 Jul 2009 21:16:00 GMT

Yesterday I was notified that my MVP was renewed for another year (MVPs are awarded for one-year at a time, and there is a quarterly cycle of Jan/Apr/Jul/Oct). This is my sixth MVP award and part of it is due to you, my loyal readers! Officially, my MVP award is for "Windows Server System - Exchange Server", but that's generally shortened to "Exchange MVP".

If you aren't familiar with the MVP program, check out http://mvp.support.microsoft.com and my personal MVP profile at https://mvp.support.microsoft.com/profile/Michael.B..

Thanks for your ongoing support!

Until next time...

If there are things you would like to see written about, please let me know!

PowerScripting PodCast on Exchange Server 2010

michael — Wed, 17 Jun 2009 23:59:00 GMT

I was recently a guest on the "Get-PodCast PowerScripting" podcast, discussing (primarily) Exchange Server 2010.

To listen to the podcast, Episode 73, MVP Michael Smith Talks Exchange.

Until next time...

If there are things you would like to see written about, please let me know!

Getting the Contents of an Active Directory Integrated DNS Zone

michael — Wed, 17 Jun 2009 21:09:00 GMT

Microsoft has long offered (where "long" means "since Windows Server 2003") the "dnscmd.exe" program to control the actions of a DNS server. And, if you installed the adminpack (RSAT-Tools-DNS on Vista/Server 2008 and above) you could perform this control on a remote workstation/server as well.

However, the output of dnscmd leaves....something.... to be desired, especially when you want to format and manipulate that output.

Using a prior blog post of mine (Hex and Decimal Output In PowerShell), I more-or-less reverse-engineered the format of how Active Directory Integrated zones (DNS domains) are stored in Active Directory. For all of my personal testing, the program below was successful at displaying the output and decoding it properly. However, that doesn't mean I decode everything!!! Just those things I could test.

A key desire of mine was to be able to get the contents of an ADI zone into a CSV (comma-separated-value) format; so of course that option is present. I also wanted proper timeout values for aging/scavenging, so of course that happens by default (which dnscmd can't do at all).

If the script below doesn't work for you, I'd be interested in hearing about it, and why it doesn't work. Of course, I make no promises, but I'll probably fix those issues. :-)

Without further ado...

##
## dns-dump.ps1
##
## Michael B. Smith
## michael at smithcons dot com
## http://TheEssentialExchange.com/blogs/michael
## May/June, 2009
##
## Use as you wish, no warranties expressed, implied or explicit.
## Works for me, but it may not for you.
## If you use this, I would appreciate an attribution.
##

Param(
	[string]$zone,
	[string]$dc,
	[switch]$csv,
	[switch]$help
)

function dumpByteArray([System.Byte[]]$array, [int]$width = 9)
{
	## this is only used if we run into a record format
	## we don't understand.

	$hex = ""
	$chr = ""
	$int = ""

	$i = $array.Count
	"Array contains {0} elements" -f $i
	$index = 0
	$count = 0
	while ($i-- -gt 0)
	{
		$val = $array[$index++]

		$hex += ("{0} " -f $val.ToString("x2"))

		if ([char]::IsLetterOrDigit($val) -or 
		    [char]::IsPunctuation($val)   -or 
		   ([char]$val -eq " "))
		{
			$chr += [char]$val
		}
		else
		{
			$chr += "."
		}

		$int += "{0,4:N0}" -f $val

		$count++
		if ($count -ge $width)
		{
			"$hex $chr $int"
			$hex = ""
			$chr = ""
			$int = ""
			$count = 0
		}		
	}

	if ($count -gt 0)
	{
		if ($count -lt $width)
		{
			$hex += (" " * (3 * ($width - $count)))
			$chr += (" " * (1 * ($width - $count)))
			$int += (" " * (4 * ($width - $count)))
		}

		"$hex $chr $int"
	}
}

function dword([System.Byte[]]$arr, [int]$startIndex)
{
	## convert four consecutive bytes in $arr into a
	## 32-bit integer value... if I had bit-manipulation
	## primitives in PowerShell, I'd use them instead
	## of the multiply operator.

	$res = $arr[$startIndex]
	$res = ($res * 256) + $arr[$startIndex + 1]
	$res = ($res * 256) + $arr[$startIndex + 2]
	$res = ($res * 256) + $arr[$startIndex + 3]

	return $res
}

function analyzeArray([System.Byte[]]$arr, [System.Object]$var)
{
	$nameArray = $var.distinguishedname.ToString().Split(",")
	$name = $nameArray[0].SubString(3)

	## AGE is stored backwards. The most-significant-byte comes
	## last, instead of first, unlike all the other 32-bit values.
	$age = $arr[23]
	$age = ($age * 256) + $arr[22]
	$age = ($age * 256) + $arr[21]
	$age = ($age * 256) + $arr[20]
	if ($age -ne 0)
	{
		## hours since January 1, 1601 (start of Windows epoch)
		## there is a long-and-dreary way to do this manually,
		## but get-date makes it trivial to do the conversion.
		$timestamp = (get-date -year 1601 -month 1 -day 1 -hour 0 -minute 0 -second 0).AddHours($age)
	}

	$ttl = dword $arr 12

	if ($arr[0] -eq 4 -and $arr[1] -eq 0)
	{
		# "A" record
		$ip = "{0}.{1}.{2}.{3}" -f $arr[24], $arr[25], $arr[26], $arr[27]

		if ($csv)
		{
			$formatstring = "{0},{1},{2},{3},{4}"
		}
		else
		{
			$formatstring = "{0,-30}`t{1,-24}`t{2}`t{3}`t{4}"
		}

		if ($age -eq 0)
		{
			$formatstring -f $name, "[static]", $ttl, "A", $ip
		}
		else
		{
			$formatstring -f $name, ("[" + $timestamp.ToString() + "]"), $ttl, "A", $ip
		}
	}
	elseif ((($arr[0] -eq 80) -or ($arr[0] -eq 82)) -and $arr[1] -eq 0)
	{
		# "SOA" record
		# "Start-Of-Authority"

		$nslen = $arr[44]
		$segments = $arr[45]
		$index = 46
		$nsname = ""
		while ($segments-- -gt 0)
		{
			$segmentlength = $arr[$index++]
			while ($segmentlength-- -gt 0)
			{
				$nsname += [char]$arr[$index++]
			}
			if ($segments -gt 0) { $nsname += "." }
		}
		$priserver = $nsname
		# "Primary server: $nsname"

		$index += 1
		$nslen = $arr[$index++]
		$segments = $arr[$index++]

		$nsname = ""
		while ($segments-- -gt 0)
		{
			$segmentlength = $arr[$index++]
			while ($segmentlength-- -gt 0)
			{
				$nsname += [char]$arr[$index++]
			}
			if ($segments -gt 0) { $nsname += "." }
		}
		# "Responsible party: $nsname"
		$resparty = $nsname

		#"TTL: $ttl"
		# "Age: $age"

####		$unk1 = dword $arr 16
####		"Unknown1: $unk1"

		$serial = dword $arr 24
		# "Serial: $serial"

		$refresh = dword $arr 28
		# "Refresh: $refresh"

		$retry = dword $arr 32
		# "Retry: $retry"

		$expires = dword $arr 36
		# "Expires: $expires"

		$minttl = dword $arr 40
		# "Minimum TTL: $minttl"

		if ($age -eq 0)
		{
			$agestr = "[static]"
		}
		else
		{
			$agestr = "[" + $timestamp.ToString() + "]"
		}

		if ($csv)
		{
			$formatstring = "{0},{1},{2},{3},{4},{5},{6},{7},{8},{9},{10}"

			$formatstring -f $name, $agestr, $ttl, `
				"SOA", $priserver, $resparty, `
				$serial, $refresh, $retry, `
				$expires, $minttl
		}
		else
		{
			$formatstring = "{0,-30}`t{1,-24}`t{2}`t{3}"

			$formatstring -f $name, $agestr, $ttl, "SOA"
			(" " * 32) + "Primary server: $priserver"
			(" " * 32) + "Responsible party: $resparty"
			(" " * 32) + "Serial: $serial"
			(" " * 32) + "TTL: $ttl"
			(" " * 32) + "Refresh: $refresh"
			(" " * 32) + "Retry: $retry"
			(" " * 32) + "Expires: $expires"
			(" " * 32) + "Minimum TTL (default): $minttl"
		}

		#### dumpByteArray $arr
	}
	elseif ((($arr[0] -eq 32) -or ($arr[0] -eq 30)) -and $arr[1] -eq 0)
	{
		# "NS" record
		$nslen = $arr[24]
		$segments = $arr[25]
		$index = 26
		$nsname = ""
		while ($segments-- -gt 0)
		{
			$segmentlength = $arr[$index++]
			while ($segmentlength-- -gt 0)
			{
				$nsname += [char]$arr[$index++]
			}
			if ($segments -gt 0) { $nsname += "." }
		}

		if ($csv)
		{
			$formatstring = "{0},{1},{2},{3},{4}"
		}
		else
		{
			$formatstring = "{0,-30}`t{1,-24}`t{2}`t{3}`t{4}"
		}

		if ($age -eq 0)
		{
			$formatstring -f $name, "[static]", $ttl, "NS", $nsname
		}
		else
		{
			$formatstring -f $name, ("[" + $timestamp.ToString() + "]"), $ttl, "NS", $nsname
		}
	}
	elseif ((($arr[0] -eq 36) -or ($arr[0] -eq 38)) -and $arr[1] -eq 0)
	{
		# "SRV" record

		$port = $arr[28]
		$port = ($port * 256) + $arr[29]

		$weight = $arr[26]
		$weight = ($weight * 256) + $arr[27]

		$pri = $arr[24]
		$pri = ($pri * 256) + $arr[25]

		$nslen = $arr[30]
		$segments = $arr[31]
		$index = 32
		$nsname = ""
		while ($segments-- -gt 0)
		{
			$segmentlength = $arr[$index++]
			while ($segmentlength-- -gt 0)
			{
				$nsname += [char]$arr[$index++]
			}
			if ($segments -gt 0) { $nsname += "." }
		}

		if ($csv)
		{
			$formatstring = "{0},{1},{2},{3},{4},{5}"
		}
		else
		{
			$formatstring = "{0,-30}`t{1,-24}`t{2}`t{3} {4} {5}"
		}

		if ($age -eq 0)
		{
			$formatstring -f `
				$name, "[static]", `
				$ttl, "SRV", `
				("[" + $pri.ToString() + "][" + $weight.ToString() + "][" + $port.ToString() + "]"), `
				$nsname
		}
		else
		{
			$formatstring -f `
				$name, ("[" + $timestamp.ToString() + "]"), `
				$ttl, "SRV", `
				("[" + $pri.ToString() + "][" + $weight.ToString() + "][" + $port.ToString() + "]"), `
				$nsname
		}

	}
	else
	{
		$name
		$var.distinguishedname.ToString()
		dumpByteArray $arr
	}

}

function processAttribute([string]$attrName, [System.Object]$var)
{
	$array = $var.$attrName.Value
####	"{0} contains {1} rows of type {2} from {3}" -f $attrName, $array.Count, $array.GetType(), $var.distinguishedName.ToString()

	if ($array -is [System.Byte[]])
	{
####		dumpByteArray $array
####		" "
		analyzeArray $array $var
####		" "
	}
	else
	{
		for ($i = 0; $i -lt $array.Count; $i++)
		{
####			dumpByteArray $array[$i]
####			" "
			analyzeArray $array[$i] $var
####			" "
		}
	}
}

function usage
{
"
.\dns-dump -zone  [-dc ] [-csv] |
	   -help

dns-dump will dump, from Active Directory, a particular named zone. 
The zone named must be Active Directory integrated.

Zone contents can vary depending on domain controller (in regards
to replication and the serial number of the SOA record). By using
the -dc parameter, you can specify the desired DC to use. Otherwise,
dns-dump uses the default DC.

Usually, output is formatted for display on a workstation. If you
want CSV (comma-separated-value) output, specify the -csv parameter.
Use out-file in the pipeline to save the output to a file.

Finally, to produce this helpful output, you can specify the -help
parameter.

This command is basically equivalent to (but better than) the:

	dnscmd /zoneprint 
or
	dnscmd /enumrecords  '@'

commands.

Example 1:

	.\dns-dump -zone essential.local -dc win2008-dc-3

Example 2:

	.\dns-dump -help

Example 3:

	.\dns-dump -zone essential.local -csv |
            out-file essential.txt -encoding ascii

	Note: the '-encoding ascii' is important if you want to
	work with the file within the old cmd.exe shell. Otherwise,
	you can usually leave that off.
"
}

	##
	## Main
	##

	if ($help)
	{
		usage
		return
	}

	if ($args.Length -gt 0)
	{
		write-error "Invalid parameter specified"
		usage
		return
	}

	if (!$zone)
	{
		throw "must specify zone name"
		return
	}

	$root = [ADSI]"LDAP://RootDSE"
	$defaultNC = $root.defaultNamingContext

	$dn = "LDAP://"
	if ($dc) { $dn += $dc + "/" }
	$dn += "DC=" + $zone + ",CN=MicrosoftDNS,CN=System," + $defaultNC

	$obj = [ADSI]$dn
	if ($obj.name)
	{
		if ($csv)
		{
			"Name,Timestamp,TTL,RecordType,Param1,Param2"
		}

		#### dNSProperty has a different format than dNSRecord
		#### processAttribute "dNSProperty" $obj

		foreach ($record in $obj.psbase.Children)
		{
			####	if ($record.dNSProperty) { processAttribute "dNSProperty" $record }
			if ($record.dnsRecord)   { processAttribute "dNSRecord"   $record }
		}
	}
	else
	{
		write-error "Can't open $dn"
	}

	$obj = $null

Until next time...

If there are things you would like to see written about, please let me know!

Named Properties, What Lies Ahead...

michael — Wed, 17 Jun 2009 19:52:00 GMT

Microsoft is preparing to make a potentially breaking change that deals with how Exchange Server 2007 handles named properties. This change is scheduled to be a part of Service Pack 2 and of Exchange Server 2010 at RTM.

This change involves the promotion (i.e., the visibility to non-MAPI clients) of X-* headers in incoming e-mail messages. This can potentially affect the operation of e-mail clients that depend on POP-3 and IMAP (and even Outlook, if you are using rules that look at headers).

Unlike certain earlier versions of Exchange, Exchange 2007 and above do not have a STM file - this means that incoming Internet e-mail is ALWAYS translated to MAPI format and that all headers are not necessarily retained - especially if they are X-* headers. This can cause a fidelity issue (i.e., you can't reproduce EXACTLY what you received). For probably 99.999% of customers - this isn't an issue. At least, that's the opinion.

So.... Microsoft is looking for input and they've asked for Exchange MVPs to help get the word out.

To express your opinion, see Named Properties, Round 2: What lies Ahead.

Until next time...

If there are things you would like to see written about, please let me know!

Hex and decimal output in PowerShell

michael — Thu, 07 May 2009 17:47:00 GMT

In UNIX/Linux/whatever there is this little utility called 'od' which makes it trivial to dump the output of a file in multiple formats.

Yesterday, I was working on a project and needed something similar. I could've downloaded Cygwin and installed it, or UnixUtils from Sourceforge, but no - I decided to write a PowerShell routine to give me what I needed.

If you've never had the need to see hexadecimal, alphanumeric, and decimal information on a file all at once, well, move along now!

Otherwise, below is my solution for your benefit. A couple of interesting points are my use of System.Char methods to determine whether a character is printable (viewable) and my use of the format operator (-f) which uses System.Format.

Many attributes in Active Directory (including many Exchange and DNS related attributes) have a raw form that devolves into a System.Byte[] array (or an array of System.Byte[] arrays). You can get an arbitrary file as a byte array by using the Get-Content cmdlet with the "-Encoding Byte" parameter.

Here is example output (with a line of header information that isn't from this routine):

dNSRecord contains 62 rows of type System.Byte[] from DC=_gc._tcp.E14-Site._sites,DC=essential.local,CN=MicrosoftDNS,CN=System,DC=essential,DC=local
Array contains 62 entries
26 00 21 00 05 f0 00 00 d7  &.!..ð...   38   0  33   0   5 240   0   0 215
07 00 00 00 00 02 58 00 00  ......X..    7   0   0   0   0   2  88   0   0
00 00 ac 9a 36 00 00 00 00  ....6....    0   0 172 154  54   0   0   0   0
64 0c c4 1e 03 0c 77 69 6e  d.Ä...win  100  12 196  30   3  12 119 105 110
32 30 30 38 2d 64 63 2d 33  2008-dc-3   50  48  48  56  45 100  99  45  51
09 65 73 73 65 6e 74 69 61  .essentia    9 101 115 115 101 110 116 105  97
6c 05 6c 6f 63 61 6c 00     l.local.   108   5 108 111  99  97 108   0

And without further ado:

function dumpByteArray([System.Byte[]]$array, [int]$width = 9)
{
	$hex = ""
	$chr = ""
	$int = ""

	$i = $array.Count
	"Array contains {0} elements" -f $i
	$index = 0
	$count = 0
	while ($i-- -gt 0)
	{
		$val = $array[$index++]

		$hex += ("{0} " -f $val.ToString("x2"))

		if ([char]::IsLetterOrDigit($val) -or 
		    [char]::IsPunctuation($val)   -or 
		   ([char]$val -eq " "))
		{
			$chr += [char]$val
		}
		else
		{
			$chr += "."
		}

		$int += "{0,4:N0}" -f $val

		$count++
		if ($count -ge $width)
		{
			"$hex $chr $int"
			$hex = ""
			$chr = ""
			$int = ""
			$count = 0
		}		
	}

	if ($count -gt 0)
	{
		if ($count -lt $width)
		{
			$hex += (" " * (3 * ($width - $count)))
			$chr += (" " * (1 * ($width - $count)))
			$int += (" " * (4 * ($width - $count)))
		}

		"$hex $chr $int"
	}
}

Until next time...

If there are things you would like to see written about, please let me know!

Removing the Last Exchange 2003 Server...

michael — Mon, 04 May 2009 17:17:00 GMT

Microsoft has lots of guidance about removing the last Exchange 2003 server from an administrative group (see KB 822931) and I definitely recommend you give that a read. They also have a technet article about removing the last Exchange 2003 server from your organization (after you've upgraded to Exchange 2007, of course). You should give that a read too.

But if you do these things lots of times (and if you are a consultant, you probably do - or if you play in your Exchange lab a lot, you probably do too); you just need a quick list of reminders. Here is the list I take onsite with me, when I'm removing an Exchange 2003 server:

Verify that all mailbox moves are complete (either within the console or "get-mailbox -server <servername>").

Verify that all public folder moves are complete ("get-publicfolderstatistics -server <servername>"). Note: if they aren't this can be tough. Check the scripts in $ExScripts like MoveAllReplicas and RemoveReplicaFromPFRecursive.

If you do NOT have an Edge server, verify that the Default receive connector allows Anonymous connections.

If you DO have an Edge server, verify that Edge synchronization has occurred and is operational ("test-edgesynchronization").

Move all Offline Address Book generation servers to servers that will continue to exist

Move the "Default Public Store" on all Exchange 2003 Mailbox Stores to point to a Exchange 2007 PF

Delete the Public Folder databases from the Exchange 2003 server (note: this is not a required step, but if you can't do this, then de-install of Exchange will fail - so this is a good place to go ahead and figure that out).

Delete both sides of Interop RGCs (and verify that they are the only RGCs still present: "get-routinggroupconnector")

Delete SMTP connectors from ESM on the Exchange 2003 server (you can do this from the EMC on Exchange 2007 later, but you'll get a version warning)

Evaluate Recipient Policies and delete all unused RPs from ESM on the Exchange 2003 server

Verify status of all recipient policies (ensure that Mailbox Manager boxes are unchecked)

Note: you may want to record Mailbox Manager settings to recreate MRM policies on Exchange 2007 to replace the MM policies

Relocate the PF heirarchy (in Exchange 2003 ESM, right-click the Exchange 2007 Administrative Group, select Next -> PF Container, drag PF object from the Exchange 2003 Administrative Group to the Exchange 2007 Administrative Group)

Delete the Domain Recipient Update Service(s) from ESM on Exchange 2003

Point the Enterprise Recipient Update Server to an Exchange 2007 mailbox server (or delete the RUS from Active Directory using adsiedit or LDP)

Uninstall Exchange

.....

Now, this is one of those postings where I have to say "this works for me". I bet it'll work for you too - but I can't guarantee it!

Until next time...

If there are things you would like to see written about, please let me know!

Backing Up Exchange 2007 on Windows 2008

michael — Sat, 11 Apr 2009 22:52:00 GMT

It has been suggested to me that my series on backing up Exchange Server 2007 on Windows Server 2008 was so complicated that the content was truly inaccessible for the novice admin. For that, I apologize. At heart, I am a techie kind of guy and I spend a lot of time trying to make complicated things easy - in my blog articles, my magazines articles, and in the presentations I make at various conferences.

So, to make up for that, without any technical discussion whatsoever, I present my GUI solution (still PowerShell based) for backing up Exchange Server 2007 on Windows Server 2008. With the exception of the forms-based handling, all of the technical infrastructure has been discussed here and in article preceding that article.

The GUI solution requires .NET 2.0, but that's already installed on any Exchange Server 2007 computer.

To use the backup script:

Download the zip file to a directory for PowerShell scripts on the Exchange Server you want to back up
Extract the two files contained in the zip file into that directory
Create (or identify) a directory where you want backups to go
Identify the first free drive letter on the server
Modify the MBS-GUI-Exchange-backup.ps1 script parameter block to insert those two parameters
Execute the script (from PowerShell, move to the directory where you extracted the scripts and type in ./MBS-GUI-Exchange-backup.ps1)

That's it.That's all it takes.

Down the script MBS-GUI-Exchange2007-Backup.zip.

Just one tiny technical comment: if you are on Exchange 2003, it would be relatively easy to modify this script to use BEtest to execute VSS backups for Exchange 2003.

Until next time...

If there are things you would like to see written about, please let me know!

Handling the userPrincipalName in PowerShell

michael — Tue, 07 Apr 2009 22:22:00 GMT

I dealt with the importance of the userPrincipalName in one of my very early blog postings, dated May 26, 2004: The User Principal Name and You.

While my company has changed, the basic information contained within that post has not changed at all.

I would add one fact: the current Active Directory forest domain is an implied userPrincipalName domain and is not reflected in the list of userPrincipalName domains (also called uPNSuffixes) that are presented in such tools as Active Directory Domains and Trusts. The Active Directory Users and Computer tool is aware of this, and will present it as an option when configuring new user objects.

This PowerShell code handles the addition, reporting, and elimination of UPN suffixes:

#
# userPrincipalName processing routines
#
# Michael B. Smith
# michael@smithcons.com
# April 6, 2009
#
[int] $ADS_PROPERTY_CLEAR	= 1
[int] $ADS_PROPERTY_UPDATE	= 2
[int] $ADS_PROPERTY_APPEND	= 3
[int] $ADS_PROPERTY_DELETE	= 4

function get-ConfigurationPartition
{
	$rootdse  = [ADSI]"LDAP://RootDSE"
	$configNC = $rootdse.ConfigurationNamingContext
	$rootdse  = $null

	$partition = [ADSI]("LDAP://CN=Partitions," + $configNC)

	return $partition
}

function get-UPN
{
	$config = get-ConfigurationPartition
	$suffix = $config.uPNSuffixes
	$config = $null

	return $suffix
}

function test-UPN([string]$upn)
{
	$suffixes = get-UPN

	if (!$suffixes)
	{
		return $false
	}

	if (($suffixes -is [System.String]) -and ($suffixes -eq $upn))
	{
		return $true
	}

	foreach ($suffix in $suffixes)
	{
		if ($suffix -eq $upn)
		{
			return $true
		}
	}

	return $false
}

function new-UPN([string]$upn)
{
	if (test-UPN $upn)
	{
		write-error "$upn already exists"
	}
	else
	{
		$config = get-ConfigurationPartition
		$config.PutEx($ADS_PROPERTY_APPEND, "uPNSuffixes", @($upn))
		$config.SetInfo()
		$config = $null
	}
}

function remove-UPN([string]$upn)
{
	if (test-UPN $upn)
	{
		$config = get-ConfigurationPartition
		$config.PutEx($ADS_PROPERTY_DELETE, "uPNSuffixes", @($upn))
		$config.SetInfo()
		$config = $null
	}
	else
	{
		write-error "$upn doesn't exist"
	}
}

Until next time...

If there are things you would like to see written about, please let me know!

More Multi-valued Parameters in PowerShell (SourceTransportServers in Set-SendConnector)

michael — Tue, 07 Apr 2009 21:39:00 GMT

In my first article on Multi-valued Parameters in PowerShell, I discussed a certain class of array parameters that Exchange 2007 uses many times - the [System.Object[]] (i.e., array of arbitrary elements) class for RemoteIpRanges.

Unfortunately, that isn't the only multi-valued type used by PowerShell for Exchange Server 2007. There are actually quite a few of them.

Another type that comes up fairly often is SourceTransportServers. This is used by the Set-SendConnector cmdlet among others. It is a collection of a specific type of objects that Exchange 2007 refers to as ADobjectIDs.

An ADobjectID is actually quite similar to a System.DirectoryServices.DirectoryEntry - however, in comparison, this type has very few populated properties. The fact that the property list for ADobjectID is quite small indicates the reason why Exchange uses this type instead of System.DirectoryServices.DirectoryEntry - the population of a few types is much more efficient than the population of all the types present for a DirectoryEntry.

Populating and updating SourceTransportServers is a common idea, especially when you are using provisioning scripts to completely deploy new servers. Here is an example of PowerShell code that you can use to do this:

$newhub = Get-ExchangeServer "newhubserver"
$adobject = New-Object Microsoft.Exchange.Data.Directory.ADobjectID $newhub.distinguishedName

$a = Get-SendConnector "Internet Email"
$a.SourceTransportServers.Add($adobject)

$a | Set-SendConnector

Until next time...

If there are things you would like to see written about, please let me know!

First Article in Red Gate's Simple-Talk

michael — Mon, 30 Mar 2009 18:06:00 GMT

Red Gate is a company based out of Cambridge in the UK. I ran into some of their team at TechEd last year. They are a great bunch of folks.

I've been doing tech. review for them on a number of articles since then, and I just had my first article published with them.

If you have a minute, take a look-see: Determining MS Exchange Disk Performance. It covers what's important to look at in measuring Exchange disk performance and some tools to use.

My next article with them will be Outlook/Exchange related, and then I hope to do an article on calculating the anticipated performance of a RAID subsystem. Neat techie stuff. :-)

Until next time...

As always, if there are items you would like me to talk about, please drop me a line and let me know!

TEC'09 In Review

michael — Mon, 30 Mar 2009 12:47:00 GMT

Last week I attended and spoke at "The Experts Conference" (www.tec2009.com) in Las Vegas. I spoke on using VSS with Exchange, and on designing highly available solutions and infrastructure.

This was the eighth year for this conference. In earlier years it was known as DEC (Directory Experts Conference), but over the last several years, as the organizers added more tracks, that has become less and less accurate. So they expanded the name. This year was the first year for an Exchange track.

Note: In prior years, this conference was hosted by NetPro. Last year, Quest acquired NetPro, so this conference is now hosted by Quest.

Can I hear a "wow"?! It was great. You should've been there.

TEC is famous for being in-depth. Instead of the 100-200 level presentations you get at most conferences, at TEC you get 300-400 level presentations. In-depth, technical, and very interesting...

Among Exchange MVPs, I and Ilse van Criekinge were speakers, with Lee Mackey also in attendance. But the real stars of the Exchange track were David Espinoza, Brett Shirley and Evan Dodds.

David is the man responsible at Microsoft for getting new releases of Exchange shipped. His title is "Senior Program Manager, Exchange Ship Team". Among other things, he runs the Exchange TAP. David gave a talk on the software development process for Exchange at Microsoft and answered many questions. He indicated that his talk had never been given outside of Microsoft before and I can believe it - it was very in-depth and instructive as to how "things get done" at Microsoft.

Brett Shirley calls himself "Borg #2 of 6". He is one of the six programmers of the ESE database engine. The second in seniority, which is where the #2 comes from. :-) Brett gave two deep-dive presentations. One was about the development of ESE over the last several years and the second about how ESE works. They were both pretty stellar.

Evan Dodds is "PowerShell Guy" for Exchange at Microsoft. He spoke on a panel.

Now, regardless of the presentations, the major cool factor was being able to hang with these guys and talk with them and discuss items. Hearing the inside story. Finally being able to understand why "this" happened instead of "that". That is - the truth before it got scrubbed by marketing!

And I did go to two Active Directory presentations. The Microsoft attendance on that side of the fence was just as stellar, with Nathan Muggli, Stuart Kwan, and Mark Wahl from Microsoft present. There were also many well-known Directory Services MVPs. Somewhat surprisingly, Dmitri Gavrilov, who is now on the Exchange Team, presented sessions on the Directory Services track instead of the Exchange Track.

I recommend that you put this very technical conference on your short list in years to come - if you are a technical guy or gal. Much more of a techie conference than a management conference, you get some very guru-like folks here.

Until next time...

As always, if there are items you would like me to talk about, please drop me a line and let me know!

Monitoring Exchange Server 2007 with System Center Operations Manager 2007

michael — Mon, 02 Mar 2009 20:28:00 GMT

Just a few days ago, my new book (of the subject title!) started shipping from Amazon. If it hasn't already, it should start appearing in your local bookstores this week.

If you want to order from Amazon, you can get it here.

Eight months in the making, this book was a labor of love. Including information on installing and configuring OpsMgr 2007, it also includes much information about operating a reliable Exchange environment. Even if you don't have OpsMgr in your organization, you can learn from this book the key areas of Exchange that need monitoring and how to do so.

A strong PowerShell component is provided in several chapters to assist you in the generation of synthetic transactions for testing your Exchange environment.

While the book is written toward a key audience of Exchange Server 2007 administrators, much material is also provided for the Exchange Server 2003 administrator. The book uses a virtualized environment to describe a test roll-out of an OpsMgr 2007 and Exchange 2003/2007 mixed environment.

Since Exchange Server depends on the health of Windows Server, Active Directory, DNS, and IIS; tracking the health and well-being of these key services is also covered.

Go buy it. You'll like it. :-)

The chapter titles are:

An Evolution of Server Management
Monitoring Exchange Server 2007
Installing and Configuring OpsMgr 2007
Deplying OpsMgr 2007
The First Management Pack: WIndows Server
The Active Directory Management Pack
The Domain Name System (DNS) Management Pack
The Internet Information Services Management Pack
SQL Server: An Ancillary Management Pack
Exchange Server 2003
Exchange Server 2007
Exchange Server 2007 Redundancy
Exchange Server Operations
Tracking Mail Flow

Until next time...

As always, if there are items you would like me to talk about, please drop me a line and let me know!

A Small Patch: Online Exchange Backup

michael — Fri, 30 Jan 2009 21:14:00 GMT

If you only had a single storage group, the script in Exchange 2007 and Windows 2008: Online Exchange Backup (part 6 of 7) would not find any storage groups. The primary reason for that I always have a RSG too! :-) The fix is easy. In getStoragegroups, change the beginning few lines:

function getStorageGroups
{
	$count = 0
	#
	# locate the storage groups and their log files and system files
	#
	$colSG = get-StorageGroup -server $computername
	if ($colSG.Count -lt 1)
	else
	{
		write-host "No storage groups found on server $computername"
		return 1
	}

to look like this:

function getStorageGroups
{
	$count = 0
	#
	# locate the storage groups and their log files and system files
	#
	$colSG = get-StorageGroup -server $computername
###	if ($colSG.Count -lt 1)
	if (($colSG -is [Microsoft.Exchange.Data.Directory.SystemConfiguration.StorageGroup]) -or
	    ($colSG -is [System.Object[]]))
	{
		## everything is good
	}
	else
	{
		write-host "No storage groups found on server $computername"
		return 1
	}

Until next time...

As always, if there are items you would like me to talk about, please drop me a line and let me know!

Single-Label Domains (SLDs) and the Next Version of Exchange

michael — Wed, 28 Jan 2009 16:16:00 GMT

I've written several times about the inadvisability of having an Active Directory domain name that has a single-label. My most recent article was Wrapping Up SLDs and Exchange Server 2007 in April of 2008.

At that time, Ed Beck of Microsoft wanted to assure me that if customers found bugs, they should report them and Microsoft would investigate the issues and address the issues based on the standard engineering review decision process within Microsoft. That is, Microsoft was't closing the door on fixing problems with SLDs in Exchange 2007.

Now, the next version of Exchange, which is code-named E14, is in development. Yesterday, Ed emailed me and told me that Microsoft released a forward-looking statement indicating that they are investigating the SLD policy for E14 (Ed authored the article on the MS Exchange Team Blog: Next version of Exchange and Single Label Domain (SLD) policy under review).

I guess if I were you - and using an SLD - now would be the time to make yourself known! Feedback is accepted on the Exchange Team Blog site for quite a while after a posting. Let them know your opinion!

Until next time...

As always, if there are items you would like me to talk about, please drop me a line and let me know!

Exchange 2007 and Windows 2008: Online Exchange Backup (part 6 of 7)

michael — Mon, 26 Jan 2009 17:56:00 GMT

In the first five parts of this series, I've given you the background to understand how Exchange backup works when using VSS and how to acquire the necessary information from your Exchange server to know what you should back up. Today, I present to you a full-blown working script that will generate a full-backup of your Exchange 2007 Server on Windows Server 2008, verify that the backup is good using ESEUTIL, and flush the transaction logs for the Exchange storage groups if the backup is good.

The first five parts of the series were:

Part 1: Getting a List of Storage Groups in a PowerShell Script

Part 2: Getting a List of Stores in a PowerShell Script

Part 3: Exchange 2007 and Windows 2008: Offline Exchange Backup

Part 4: Volume Shadow Copy Services (VSS) and Exchange - The Basics

Part 5: Exchange 2007 and Windows 2008: Using Diskshadow for Online Exchange Backup

Now, before you ask - is this a supported backup tool? The answer is yes and no. VSS backups are a supported way to back up an Exchange server's databases. Diskshadow is a supported tool on Windows Server 2008. Is my script supported? No. Only so far as I find the time, energy, and effort to provide support for it. I can't warrant that it will work in your environment. It's worked everywhere I've tested it, that's all I can tell you. If you find a problem, let me know and I'll try to help, but there are no guarantees.

You won't find anything new in this script (from the prior postings in this series), except that the Diskshadow script is generated within the PowerShell script. This makes it easier when you run into a situation that you are using multiple volumes in your Exchange environment (which is a best practice for performance reasons).

The script takes three parameters:

$backupLocation - This is the volume and directory (or mountpoint) where the backup should go. It defaults to C:\Backups. You will probably need to change this for your environment.

$startLetter - This is the first letter that should be used by the script for exposing shadow copies as drive letters for the backup scripts. This defaults to g.

$startScript - This is a switch parameter. When set, the PowerShell script will initiate the backup using diskshadow.exe as soon as the script is built. The switch defaults to unset.

The #1 limitation of this script is that it backs up all storage groups on an Exchange server. I have plans to address that in a future revision.

The #2 limitation of this script is that it's "an ugly command line tool". I have plans to address that in a future revision.

This script will create a metadata file named (join-path $backupLocation "online-backup.cab") (That is C:\Backups\online-backup.cab by default). This file is used by diskshadow.exe for storing information required for restores. We will cover basic restores in part 7 of this series.

The cmd.exe script is stored as (join-path %TEMP% "online-backup.cmd"). The Diskshadow.exe script is stored as (join-path %TEMP% "online-backup.dsh").

On my server, I store PowerShell scripts in the c:\scripts folder, and name this particular script MBS-online-backup.ps1. A typical invocation is:

join-path "F:\ExchangeBackups" (get-date -uFormat "%Y-%m-%d-%H-%M-%S") |% { md $_ |% { ./MBS-online-backup.ps1 -backupLocation $_.FullName -startScript } }

This causes a unique directory to be created for each invocation of the backup script and for the script to be automatically run.

Granted, that's a dense for a beginner to understand. You can separate that into multiple lines quite easily:

$backupSubDir = get-date -uFormat "%Y-%m-%d-%H-%M-%S"
## As specified, the uFormat string means: yyyy-mm-dd-hh-mm-ss
## where the first 'mm' is the month number, and
## the second 'mm' is the minute number.
$backupDir = join-path "F:\ExchangeBackups" $backupSubDir
md $backupDir
./MBS-online-backup.ps1 -backupLocation $backupDir -startScript

And that is much easier to understand. Without further ado, here is the script:

##
## MBS-online-backup.ps1
##
## Michael B. Smith
## January, 2009
##
## This program generates an online VSS-based backup of an Exchange server
## (Exchange related files only) to a specified remote disk location.
##
## No warranties, express or implied, are available. It works for me. If
## you find errors or have problems, please feel free to let me know, but
## I can't guarantee that I can fix them.
##
## Feel free to use this in your own scripts. I would appreciate attribution.
##
Param(
	[string]$backupLocation = "C:\Backups",
	[string]$startLetter    = "g",
	[switch]$startScript    = $false
)

## $backupLocation is where the files and metadata go.

## $startLetter will contain the first letter we use to remap
## the volume letters contained in $volumes.

## $nl is the DOS newline character string

$nl = "`r`n"

## $volumes will contain the volume letters used by all named
## files and directories.

$volumes = @{}

## any storage group will contain:
## a] a system file directory
## b] a log file directory
## c] a filename for each database within the SG
##
## $pathPattern contains the dos patterns of files in the storage group

$pathpattern = @{}		### Exx.chk, Exx*.log, *.edb

## $storeList contains the filenames of the Exchange databases that need
## to be checked.

$storeList = @{}

## $letters contains the mapping between the original drive letter
## and the exposed driver letter in the shadow copy.

$letters = @{}

## $computerName contains the local computer's name

$computerName = $env:ComputerName

function buildRobocopyString($collection)
{
	$str = ""

	foreach ($filepath in $collection)
	{
		$file = split-path $filepath -leaf
		$path = split-path $filepath -parent
		#
		# the destination path is the source path appended to
		# the backup folder location.
		#
		$destpath = join-path $backupLocation $path.SubString(3, $path.Length - 3)
		#
		# the source path is the true path modified by the
		# letter of the exposed shadow copy
		#
		$letter = $letters.($path.SubString(0, 1))
		$subpath = $path.SubString(1, $path.Length - 1)
		$srcpath = "$letter$subpath"
		$str += "echo Copying " + $filepath + "..." + $nl
		$str += "robocopy " + '"' + $srcpath + '" "' + $destpath + 
		        '" "' + $file + '" /copyall /ZB >nul' + $nl
		$str += "if not errorlevel 0 goto :abort" + $nl
	}

	return $str
}

function buildESEUTILString($collection)
{
	$str = ""

	foreach ($path in $collection)
	{
		#
		# the destination path is the source path appended to
		# the backup folder location.
		#
		$path = $path.ToString()
		$destpath = join-path $backupLocation $path.SubString(3, $path.Length - 3)

		$str += "echo Checking " + $destpath + "..." + $nl
		$str += "call :checkit " + '"' + $destpath, '"' + $nl
		$str += "if not errorlevel 0 goto :abort" + $nl
	}

	return $str
}

function buildCMD
{
	$script = "@echo off" + $nl

	$script += buildRobocopyString $pathPattern.keys
	$script += $nl
	$script += buildESEUTILString $storeList.keys
	$script += $nl
	$script += "exit 0" + $nl
	$script += ":abort" + $nl
	$script += "exit 1" + $nl
	$script += $nl
	$script += ":checkit" + $nl
##	$script += "echo Checking %1" + $nl
	$script += "eseutil /k %1 >nul" + $nl
	$script += "if not errorlevel 0 exit 1" + $nl
	$script += $nl

	$scriptFile = join-path $env:temp "online-backup.cmd"
	$script | out-file $scriptFile -encoding ascii

	return $scriptFile
}

function writerOptimizationGarbage
{
	$script  = ""

	$script += "# verify presence of Exchange Writer" + $nl
	$script += "writer verify {76fe1ac4-15f7-4bcd-987e-8e1acb462fb7}" + $nl
	$script += "# exclude system writer" + $nl
	$script += "writer exclude {e8132975-6f93-4464-a53e-1050253ae220}" + $nl
	$script += "# exclude IIS config writer" + $nl
	$script += "writer exclude {2a40fd15-dfca-4aa8-a654-1f8c654603f6}" + $nl
	$script += "# exclude ASR writer" + $nl
	$script += "writer exclude {be000cbe-11fe-4426-9c58-531aa6355fc4}" + $nl
	$script += "# exclude BITS writer" + $nl
	$script += "writer exclude {4969d978-be47-48b0-b100-f328f07ac1e0}" + $nl
	$script += "# exclude WMI writer" + $nl
	$script += "writer exclude {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}" + $nl
	$script += "# exclude registry writer" + $nl
	$script += "writer exclude {afbab4a2-367d-4d15-a586-71dbb18f8485}" + $nl
	$script += "# exclude iis metabase writer" + $nl
	$script += "writer exclude {59b1f0cf-90ef-465f-9609-6ca8b2938366}" + $nl
	$script += "# exclude com+ regdb writer" + $nl
	$script += "writer exclude {542da469-d3e1-473c-9f4f-7847f01fc64f}" + $nl
	$script += "# exclude shadow-copy optimization writer (does not apply to exchange)" + $nl
	$script += "writer exclude {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}" + $nl
	$script += $nl

	return $script
}

function buildDSH([string]$cmdfilename)
{
	write-host "Building backup script"

	$script  = ""
	$script += "# Diskshadow backup script." + $nl
##	$script += "set verbose on" + $nl
	$script += "set context persistent" + $nl
	$script += "set metadata " + (join-path $backupLocation "online-backup.cab") + $nl
	$script += $nl
	$script += writerOptimizationGarbage
	$script += "begin backup" + $nl
	$script += $nl

	foreach ($drive in $volumes.keys)
	{
		$script += "add volume " + $drive + ": alias shadow_" + $drive + $nl
	}

	$script += $nl + "create" + $nl + $nl

	foreach ($drive in $volumes.keys)
	{
		$script += "expose %shadow_" + $drive + "% " + $letters.$drive + ":" + $nl
	}

	$script += $nl
	$script += "exec " + $cmdfilename + $nl

	#
	# If the batch file from exec fails, diskshadow terminates without
	# executing any more commands.
	#
	$script += "end backup" + $nl

	foreach ($drive in $volumes.keys)
	{
		## remove the temporary shadow copy and unexpose the letter
		$script += "delete shadows exposed " + $letters.$drive + ":" + $nl
	}

	$script += $nl
	$Script += "exit" + $nl

	$scriptFile = join-path $env:temp "online-backup.dsh"

	$script | out-file $scriptFile -encoding ascii
	write-host "Diskshadow script file $scriptFile"
	return $scriptFile
}

function getStores
{
	## locate the databases, both mailbox and public folder

	$colMB = get-MailboxDatabase -server $computername
	$colPF = get-PublicFolderDatabase -server $computername

	## parse them for volumes too

	foreach ($mdb in $colMB)
	{
		if ($mdb.Recovery)
		{
			write-host ("Skipping RECOVERY MDB " + $mdb.Name)
			continue
		}
		write-host ($mdb.Name + "`t " + $mdb.Guid)
		write-host ("`t" + $mdb.EdbFilePath)
		write-host " "

		$pathPattern.($mdb.EdbFilePath) = 1
		$storeList.($mdb.EdbFilePath)   = 1

		$vol = $mdb.EdbFilePath.ToString().SubString(0, 1)
		$volumes.$vol += 1
	}

	foreach ($mdb in $colPF)
	{
		## a PF db can never be in a recovery storage group
		## which is why the Recovery check isn't done here

		write-host ($mdb.Name + "`t " + $mdb.Guid)
		write-host ("`t" + $mdb.EdbFilePath)
		write-host " "

		$pathPattern.($mdb.EdbFilePath) = 1
		$storeList.($mdb.EdbFilePath)   = 1

		$vol = $mdb.EdbFilePath.ToString().SubString(0, 1)
		$volumes.$vol += 1
	}

	return
}

function getStorageGroups
{
	$count = 0
	#
	# locate the storage groups and their log files and system files
	#
	$colSG = get-StorageGroup -server $computername
	if ($colSG.Count -lt 1)
	{
		write-host "No storage groups found on server $computername"
		return 1
	}

	## parse the pathnames for each SG to determine what
	## volumes it stores data upon and what directories are used

	foreach ($sg in $colSG)
	{
		if ($sg.Recovery)
		{
			write-host ("Skipping RECOVERY STORAGE GROUP " + $sg.Name)
			continue
		}

		$count++

		$prefix  = $sg.LogFilePrefix
		$logpath = $sg.LogFolderPath.ToString()
		$syspath = $sg.SystemFolderPath.ToString()

		write-host $sg.Name.ToString() "`t" $sg.Guid.ToString()
		write-host "`tLog prefix:      $prefix"
		write-host "`tLog file path:   $logpath"
		write-host "`tSystem path:     $syspath"

		## E00*.log
		$pathpattern.(join-path $logpath ($prefix + "*.log")) = 1

		$vol = $logpath.SubString(0, 1)
		$volumes.$vol += 1

		## E00.chk
		$pathpattern.(join-path $syspath ($prefix + ".chk")) = 1

		$vol = $syspath.SubString(0, 1)
		$volumes.$vol += 1

		write-host " "
	}

	if ($count -lt 1)
	{
		write-host "No storage groups found on server $computername"
		return 1
	}

	return 0
}

function validateArrays
{
	$drives = $volumes.keys
	if ($drives.Count -lt 1)
	{
		write-host "No disk volumes were found. Aborting."
		return 1
	}

	write-host ("There were " + $drives.Count.ToString() + " disk volumes for Exchange server $computername. They are:")
	foreach ($drive in $drives)
	{
		write-host "`t$drive"
	}

	write-host " "

	$paths = $pathPattern.keys
	if ($paths.Count -lt 1)
	{
		write-host "No paths were found. Aborting."
		return 1
	}

	write-host ("There are " + $pathPattern.Count.ToString() + " directories to be backed up. They are:")
	foreach ($directory in $pathPattern.keys)
	{
		write-host "`t$directory"
	}
	write-host " "

	$letter = $startLetter.Chars(0)

	foreach ($drive in $volumes.keys)
	{
		$letters.$drive = $letter
		$letter = [char]([int]$letter + 1)
	}

	return 0
}

	##
	## Main
	##

	if ((getStorageGroups) -eq 0)
	{
		getStores
		if ((validateArrays) -eq 0)
		{
			$scriptFile = buildCMD
			$scriptFile = buildDSH $scriptFile
			if ($startScript -and ($scriptFile.Length -gt 0))
			{
				diskshadow.exe -s $scriptFile
			}
		}
	}

Until next time...

As always, if there are items you would like me to talk about, please drop me a line and let me know!