Archive for the ‘Microsoft Infrastructure’ Category

« Older Entries

PowerShell – Detect Group Membership Type…

March 7th, 2013 by Jeremy Pavlov | No Comments | Filed in Microsoft Infrastructure, PowerShell, Scripting

It should come as no surprise that adherence to naming conventions and good Active Directory (AD) Organizational Unit (OU) structure are things that can make an Enterprise Administrator’s life much easier. 

Take, for example, the situation of having a naming convention for group objects in AD that dictates a single-letter suffix of either a “C” (to indicate a group of computer objects) or a “U” (for a group of user objects).  In this case, a group might be named something like, “Detroit Application Data U”, or “Chicago Printers Floor2 C”.  And with intentions such as these — and human beings being what they are — it’s inevitable that some users will end up in computer groups, and vice versa.

So how to we check for this messiness?  With PowerShell, of course…

We create a script that will accept an array of our AD OUs (or group-specific OUs if you’re lucky), loop through them, grab all the groups and the memberships, and do a validation to make sure the members are of the correct class (note that I could fill up pages of the lines of code for this, depending on your specifics; so I’ll just stick with the main conceptual points).  Let’s dive into the code snippets!

First, add your OUs into an array, and other variables.  Of course, you might not be able to just scrape a level with PowerShell and grab all your OUs…  Oh, but you *do* have a perfectly-regulated AD hierarchy, don’t you?  Whether it’s perfect or not, AD structure goes a long way here; and my examples show how convenient it is if you have all your groups in a standard ou=GROUPS structure or some predictable way.

$OUs = @("Detroit", "Chicago", "Los Angeles")
$MyDomain = "dc=MyDomain,dc=org"

Then you start to loop and grab all the groups in an OU:

foreach ($OU in $OUs)
{
  #... skipped a few more lines of code here...
  # Here we get the list of our groups for the loop
  $OuGroupNames = Get-ADObject -Filter {(ObjectClass -eq "group") -and ((name -like "* U") -or (name -like "* C"))} -SearchBase "ou=Groups,ou=$OU,$MyDomain"

And, now that you have the groups, you can start to evaluate each group like this:

  foreach ($OuGroup in $OuGroupNames)
  {
    #...skip more code.. What are we skipping here? Oh, validations, error-checking, and stuff...
    # we need the group name and DN
    $OuGroupName = $OuGroup.Name
    $OuGroupDn = $OuGroup.DistinguishedName

Now, we can truly check the object membership type!

    # If it is a user group...
    if ($OuGroupName -like "* U")
    {
      $MemberList = Get-ADGroupMember -Identity "$OuGroupName"
      # ...it had better be a user...
      if ($Member.ObjectClass -like "computer")
      {
        #...or we kick out an error to the report!

And so on.  Of course, you’d do the converse of the snippet above for a user-type object in a “C” group.  By the way, this can lead to all kinds of other error detection too; in fact, the main reason I couldn’t show all my code is that I ended up adding checks for empty groups, groups with members from external OUs, and so on.  Because basically, once you have the group attributes and its membership list in hand, you may as well do some validation while you’re there…

So have fun with it, and see where it leads you…  And make sure to drop me a line if you need any help putting the whole thing together.

:)

 

 

 

 

Did you like this? Share it:

Tags: , , , , ,

AD Attributes – LastLogon vs. LastLogonTimeStamp…

February 28th, 2013 by Matthew Sharland | No Comments | Filed in Microsoft, Microsoft Infrastructure, PowerShell, Scripting

A little while back I was working at an enterprise that has many locations across the United States.  I had a list of 30 usernames (from one specific out-of-state location) and a couple brand-new test accounts that I wanted to report on their “last logon times” from the Active Directory domain.  I put together a quick PowerShell script to loop through each user and report on the “lastLogon” time and I had (what I thought were) my results in no-time.  Here is a snippet of the code:

Get-ADUser $UserNameToSearch | Get-ADObject -Properties lastLogon

First, I opened up an RDP session to a domain workstation that I had access to at the out-of-state location that I was working with at the time and I went ahead and logged in with my test user.  I waited a few minutes for the replication to occur back to my location’s domain controller and then I ran the script from my local workstation.  Surprisingly, there were no results reported for that test account, but there were current up-to-date results for 95% of the users who were on my list that are said to work at that same location.

So I logged out, logged back in, waited, and ran the script again.  Still, no “logon time” results for my test user account.

Very interesting….

I did a few minutes of research on the “lastLogon” attribute and then I discovered I was searching the wrong attribute, per Microsoft’s MSDN Attribute Library which states: “This attribute is not replicated and is maintained separately on each domain controller in the domain. To get an accurate value for the user’s last logon in the domain, the Last-Logon attribute for the user must be retrieved from every domain controller in the domain. The largest value that is retrieved is the true last logon time for that user.  But since the enterprise I was working with had more domain controllers than I could count on one hand so I chose to find a simple alternative.

After a few more minutes of research I then found the attribute that is replicated across all domain controllers, the “lastLogonTimeStamp” attribute.  I updated my script to:

Get-ADUser $UserNameToSearch | Get-ADObject -Properties lastLogonTimeStamp

I then had the results that I expected and I carried on with my day.

Hopefully this experience will save you time and effort!

 

 

 

Did you like this? Share it:

Tags: , , , ,

DFS Replication Validation Script…

December 13th, 2012 by Jeremy Pavlov | No Comments | Filed in Microsoft, Microsoft Infrastructure, Scripting, VMware, VMware ESXi

The other day, while at the enterprise-level customer with whom I’m currently working, I ran into a situation where I needed to validate that certain parts of a DFS hierarchy were properly being replicated across the customer’s AD domain controllers.  As the administrators applied normal, routine DFS changes, the changes sometimes didn’t replicate properly across the enterprise — causing some segments of the DFS structure to not be visible or available. 

Apparently, the DFS problem was a result of using VMware guests as AD DCs.  I understand (from the customer) that a Microsoft hotfix is in the last stages of testing (at the time of this writing) and will be available for release “soon.”   It seemed that even though the DCs in question did not synchronize time with the ESX host upon which they reside, there is a default behavior in VMware Tools that assigns the host time value to the guest — at least up until the “do not sync” routine is processed during startup; after which the guest is then allowed to find its own time.  During this brief time window, the DFS Namespace service sometimes completes assembling its DFS target list and can find itself behind in time, relative to links it has been given by PDCE; which makes no sense to it, and it removes them from its listing.  And as a result, people can’t find their mapped drives or browse some of the DFS Tree.  (Note: I cannot take credit for this timing behavior investigation and results; and while I’d love to credit the folks who are due, I’m not permitted to.)  The customer remedied the situation with a temporary fix, but the real fix is the up-coming aforementioned patch.

Anyway, while the symptoms were being analyzed, I was working on other things and needed to work around the issue as much as possible while the solution was being chased.  So, I whipped up a simple little DOS script to go out and validate the top-levels of the DFS hierarchy across all domain controllers that carry them, in order to find out what would or wouldn’t be properly resolved.

For what it’s worth, I thought I’d pass the script along to you.  Here it is:

 

@SETLOCAL ENABLEDELAYEDEXPANSION
@set AdDomain=MyAdDomain.local
@set DirQuantity=17
@set DestPath=h:\DcList.txt
@REM This requires elevated credentials, otherwise will fail...
@ipconfig /flushdns
@REM First we build the input file...
@nslookup %AdDomain% |findstr [0-9].*.[0-9].*|findstr /V /C:"Address: " > %DestPath%
@ECHO As of 20121212, there should be %DirQuantity% DFS dirs on each server (actual, plus the "." and ".." items).
@REM Now loop through the input file and check the DFS at the destination...
@For /F "tokens=*" %%Q in (%DestPath%) Do @(
@set MYDC=%%Q
@set MYDC=!MYDC:Addresses:  =!
for /f "tokens=* delims=" %%A in ('dir /A:D \\!MYDC!\Corp ^|findstr /C:"Dir(s)"') do @set MYDIR=%%A
for /f "tokens=* delims= " %%G in ("!MYDIR!") do @set MYDIR=%%G
@REM Options A: Use this line if you wish to see all DFS sources:
@ECHO For: !MYDC!  	!MYDIR:~0,9!
@REM Option B: Use this line if you wish to see only those in violation 
@REM (note: there's a space and tab separator for spacing alignment):
@REM @ECHO For: !MYDC!  	!MYDIR:~0,9! |findstr /V /C:"%DirQuantity% Dir(s)"
)

What it does:

The script builds a domain controller list in a static, external file, then iterates through the list, attempting to quantify the available DFS path branches against a numeric count that you supply in another variable.  I provided two different “ends” to the script (one of them commented out), in order to give you a couple different ways to present the results.  Make sure to “set” the variables in the first few lines, to your locally-relevant information; especially the number of *expected* DFS hierarchies.

Of course, I wanted to write it to do more, but I pretty much ran up against the limits of what I *should* do in a DOS script.  I’ll make another version in PowerShell some day that iterates down the hierarchy and validates the entire structure, instead of just the top level… 

…Unless you beat me to it…  ;)

There you go; enjoy!

:)

 

 

Did you like this? Share it:

Tags: , , , , , , ,

Don’t Rename Vendor-Provided .MSI Files…

December 6th, 2012 by Paul Opper | No Comments | Filed in Application Packaging, Microsoft Infrastructure

When packaging an application for deployment in the enterprise, you must also identify it’s dependencies — additional software required for the application to successfully install and function.  Often times these dependencies are redistributable run-times for Microsoft Visual Studio.  These redistributables are so common, they are often packaged separately and “chained” to the dependent application.

This method of installing dependencies usually works pretty well; the deployment tool determines whether to install the package, based on it’s previous installation history.  If, however, the dependency was installed outside the deployment tool’s domain — by an application a user downloaded, for example  — you may encounter errors when the dependency is re-run; this could fail your entire application package chain.

Fortunately, many (but not all — always test!) Microsoft redistributables, like “Visual C++ 2008 SP1 Redistributable Package (x86)“,  are authored so that they can install over an existing install — without actually modifying anything or going into “maintenance mode”.  The screen shot below illustrates that the Windows Installer services runs the .MSI package, and verifies that it’s already installed with the same product code, package code, component IDs, etc., and simply exits without modifying the existing install.  This can be a packager’s saving grace in an unpredictable enterprise environment.

 

Wise Compatibility Key

 

Recently, however, I came across an issue with my philosophy of simply letting the redistributable re-run over an existing install. 

A package I had developed started failing.  After checking the logs, I noticed the failure occurred during the install of the dependent runtime  “Visual C++ 2008 SP1 Redistributable Package (x86)”.  The runtime install was exiting with a Windows Installer general failure code of “1603″. 

A look at the detailed installation log shows a more confusing error: “Error 1316.  A network error occurred while attempting to read from the file: C:\Users\popper1\Desktop\vcredist_x86\vc_red_x86.msi”.

With some help from my co-worker (Windows Installer guru Urb Bernier) we were able to find the issue: the .MSI that originally installed the Visual C++ runtime was extracted from the vendor’s .EXE bootstrap and…RENAMED!  A grievous offense in the application packaging world!  Well, that may be a bit dramatic, but it certainly violates all “best practices”.  When extracted from the vendor provided setup file “vcredist_x86.exe”, the .MSI is named “vc_red.msi”.  Perhaps the packager may have renamed the file in order to distinguish the 32-bit setup file from the 64-bit setup? 

The error “1316.  A network error occurred while attempting to read from the file: C:\Users\popper1\Desktop\vcredist_x86\vc_red_x86.msi” is Windows Installer’s way of saying it can’t access the file in the path; the “cached” path to the .MSI that originally installed the Visual C++ runtime.

You see, the issue is that you can rename the .MSI, install it successfully, re-run it successfully, and uninstall it successfully; provided you do all of these actions using the renamed .MSI.  If, however, the actual vendor install runs on that same machine, whether from the bootstrap .exe or from the extracted .MSI, it will exit with a Windows Installer general error code “1603″.

Packaging applications can sometimes be a frustrating task; because no matter how much forethought and care you put into your package, it can always be thwarted.  To be fair, I guess the same could be said for just about any other job.  

However, I hope this example illustrates why you should not rename vendor provided .MSI files!

 

Did you like this? Share it:

Tags: , , , , , ,

Windows 8 Wireless Connections in the Enterprise

October 11th, 2012 by John Blickensdorf | No Comments | Filed in Microsoft Infrastructure, Windows 8, Wireless
I’ve been having issues attaching to WiFi networks with Windows 8 lately.  Not residential Access Points, but commercial controllers.  I did some searching, and found this:
 
Windows 8 clients may not be able to connect to wireless network
 
Ah…  So Windows 8 natively supports 802.11w, but cannot connect to one of the largest enterprise network footprints in production today.  Hmm.  Apparently, all Cisco controllers need a firmware update before anyone can connect new Windows 8 computers to the wireless network… 
 
Or… 
 
…You can back-rev your driver.  Well, have you dealt with enterprise network people?  Which do you think is more likely to happen? 
;)
 
So, here you go; a little instructional video to help you down-grade your shiney-new Windows 8 Wireless network driver to the Windows 7 version, so that you can play in the corporate sandbox.  In this slideshow, Paul demonstrates the problem (utilizing Windows 8′s great new automatic screen capture feature)…
 
(Note: To easily get to the menu for Device Manager – which is called the “Windows desktop and Administrative tools” menu use “Winkey + X” from the Windows classic desktop.)
 

 
We hope it helps!
 
(…with contributions from Paul Opper and Jeremy Pavlov)

 

Did you like this? Share it:

How to script “Ownership” of NTFS File Systems…

July 26th, 2012 by Matthew Sharland | No Comments | Filed in Microsoft, Microsoft Infrastructure, Scripting, Server Migration, Windows 7

There’s a time in every IT professional’s life where he or she will need to “Take Ownership” of files and folders that reside on an NTFS File Server (or in larger cases with hundreds or thousands of servers) in a Windows Server 2008 R2 or Windows 7 environment.  I’m sure most IT professionals already know how to do this in the Windows Explorer GUI … but what if your task at hand required that you script this process to run during a limited window of time given during a server migration, and you had to minimize the amount of “clicks” as well as the amount of time spent on multiple servers?  

I was recently assigned to a project very similar to the scenario described above; and after a little research, I stumbled upon a little-known Microsoft tool called ‘takeown.exe’ that has been shipping with Microsoft Server products since Windows Server 2003.  Within minutes of discovering ‘takeown.exe’ I had a script written and I was running it in my test environment with positive results.  This shows how simple the tool really is!

Below is the usage example as seen from the command line ‘takeown.exe /?’:

TAKEOWN [/S system [/U username [/P [password]]]] /F filename [/A] [/R [/D prompt]]

Below is my personally recommended example:  

TAKEOWN.exe /F C:\MyFolder /R /A

 

As expressed above, my suggestions are to use the /F (to specify the folder to apply ownership on), the /R switch (as in “recursive” which mean to apply to all child objects, sub-folders and files) and the /A switch (which gives ownership to the “Administrators” group instead of the currently logged in user).  And while I didn’t use the /D switch in the above example, it may be necessary to use the “/D Y” to avoid being prompted in cases where the user ID running the command does not have rights to list the folders.   

You can also reference additional parameters by typing in ‘takeown.exe /?’ from the command prompt on any Windows Server 2008 R2 server or Windows 7 machine.

 

Did you like this? Share it:

Tags: , , ,

The Modify or Alter Column Statements, and MS SQL 2008…

June 14th, 2012 by Renee McCoy | No Comments | Filed in Microsoft, Microsoft Infrastructure, Scripting, SQL

(…with technical guidance from Avi Moskovitz…)

Recently, I needed to change the width of a column in the SQL Server portion of one of our Databases using MS Management Studio 2008.  And while this meant changing data type, you’d think it would be as easy as simply changing the properties within the table in the same manner that you can within Access 2010; normally, less than one minute to get ‘er done.  And in organizations where it is permissible to un-check the “Prevent saving changes that require table re-creation” on production systems, this might well be the case  (as in the graphic below).

 

The "Prevent saving changes that require table re-creation" option

The "Prevent saving changes that require table re-creation" option

 

But, in my situation, I had to find another route; this was going to require scripting…

1 – A Wild Goose Chase

A few quick searches of things like, “How do you change the width of a column in SQL”, and the results put a big grin across my face — I found reference to a MODIFY statement with an example of a column width change:

ALTER TABLE my_table MODIFY this_column VARCHAR2(50);

My problem was solved!  Or, so I thought.  After trying a few times and getting error messages, I almost started to suspect a conspiracy — or at least a concerted effort was in place to confuse and befuddle…

Luckily, Coretek is staffed with experts on a wide variety of software and hardware platforms.  I reached out to our resident SQL guru, Avi Moskovitz, who informed me the “solution” I found referencing the  MODIFY statement WAS accurate – if used in an Oracle environment – but MS SQL 2008 does not support it. 

2 – Drastic, Dangerous, but Legitimate

One possible option is to create a new column and delete the old column; something you should not be in a hurry to do if you have data in the column as you need to think about how the data will be repopulated within the column (will it affect links, relationships, etc., or will it be truncated or corrupted?).  I have found that creating a new column in the SQL backend (with the correct parameters) and then going to the front end (if you happen to have something like an Access front-end) to copy the information from the old column and pasting into the new column will work; but beware of deleting a key or a linked field. 

3 – More Drastic, Less Desirable

Another, more drastic and less desirable option is to re-create the entire table in the SQL backend with the correct parameters.  This is a multi-step process that, depending on the size of the table, can take 5 to 30 minutes (or more, if there are hiccups along the way).  In doing this, you are effectively manually re-creating what SQL does when changing a data type for a field.  Not necessarily recommended, but I am keeping these steps provided by Avi in case I ever need them:

  1. Create a temporary table which will host your data (let’s call it MyTempTable).
  2. Copy the data from the original table (MyFirstTable) to MyTempTable, making sure that you set Identity_Insert “ON” so that it keeps the Key Field intact when the data gets copied in.
  3. Delete MyFirstTable. 
  4. Recreate the original table (a duplicate if you will of MyFirstTable…MySecondTable)
  5. Copy the data from the MyTempTable to the New MySecondTable making sure that you set Identity_Insert “ON” so that it keeps the Key Field intact when the data gets copied in.

4 – There’s a Right Way

But perhaps the best way of all, is to use a variant of the first thing mentioned above, correctly formatted for MS SQL 2008 with ALTER COLUMN instead of MODIFY, as follows:

 ALTER TABLE my_table ALTER COLUMN this_column NVARCHAR(50);

Execute this command into the query analyzer, and in an instant the problem is solved; the data type is changed (as in the graphic below)! 

SQL ALTER COLUMN Command - Successful!

SQL ALTER COLUMN Command - Successful!

Fortunately, the query analyzer will fail to execute if it detect data that does not fit the new type.  So what’s the lesson?  Internet searches are not a fool-proof way to explore scripting options; without the experience to understand the ramifications, the options can sometimes do as much harm as good…

 

Did you like this? Share it:

Tags: , , , , , , , , ,

Finding Rogue KMS Servers in the Enterprise…

February 9th, 2012 by Jeremy Pavlov | No Comments | Filed in Desktop OS, Linux, Microsoft, Microsoft Infrastructure, Windows 7

In larger Enterprises with Microsoft-based infrastructure, it’s highly likely that the licensing for the Windows 7 workstations will be based on the Microsoft KMS model.  If you don’t already know, this means you run servers in-house that register themselves into DNS as license providers, and Windows clients will learn of them (and become affiliated with them) to get a license, rather than contacting Microsoft themselves across the Internet.

Unfortunately, one problem that can occur is that someone who has access to the Microsoft license codes (like an I.T. worker, developer, etc.) might accidentally install a KMS license on a server that is not intended to be a KMS server.  And when a KMS license is installed, the server doesn’t know any better; and dutifully registers its KMS capability with the internal Active Directory based DNS as a VLMCS SRV record. 

Recently, I ran into a situation where I needed to hunt down and eliminate some accidentally rogue KMS servers that had cropped up across a large infrastructure, and be able to re-check at regular intervals.  While I originally wrote the script as a bash shell script for Linux, I re-wrote it into PowerShell recently for someone who asked, and I thought I’d post the new version here.

Mind you, this is a stripped-down version of the script, but it includes all that is needed to run the check manually for a hierarchical DNS infrastructure (although you may wish to strip out components if you just want to check the parent domain). 

Copy the contents below, paste them into a PowerShell script file (*.ps1), change the variables at the top… and have fun!

 

# Change the following 3 variables as needed.
# This script will loop through the subdomains, checking for KMS servers in each
# subdomain, and then at the parent domain.
$subs = @("subdomain1", "subdomain2", "etcetera")
$parentdomain = mydomain.local
$outfile = "checkKMS-Results.txt"
write "KMS check report..." | Out-File $outfile
write " " | Out-File $outfile -append
write "The only valid KMS servers are at the $parentdomain, as follows:" | Out-File $outfile -append
write "KMS1, KMS2, KMS3" | Out-File $outfile -append
write " " | Out-File $outfile -append
write "There should not be a KMS server at any of these locations:" | Out-File $outfile -append
foreach ($item in $subs)
{
  write "Checking subdomain: $item"
  $result = nslookup -type=srv _vlmcs._tcp.$item.$parentdomain. |findstr /C:"_vlmcs" /C:"svr hostname"
  if ("X$result" -eq "X")
  {
    write "No registered KMS server in $item" | Out-File $outfile -append
  }
  else
  {
    write "***KMS FOUND at this location: ***" | Out-File $outfile -append
    write $result | Out-File $outfile -append
  }
}
write " "  | Out-File $outfile -append
write "On the contrary, the following should be valid KMS servers:" | Out-File $outfile -append
$result = nslookup -type=srv _vlmcs._tcp.$parentdomain. |findstr /C:"_vlmcs" /C:"svr hostname"
$result | Out-File $outfile -append
write "...Done!" | Out-File $outfile -append

Enjoy!

:)

 

Did you like this? Share it:

Tags: , , , , ,

SharePoint 2010 – How to move a subsite to a different location

October 20th, 2011 by Chris Shalda | 15 Comments | Filed in Microsoft, Microsoft Infrastructure, SharePoint

I had been tasked to reorganize a Microsoft SharePoint 2010 site recently.  One of the things that I needed to do was to move a couple subsites to be under a different parent site within the same site collection.  I researched and was able to find some options, but they all entailed exporting and then importing — or backing up then restoring — the site via command line.

So, I decided to try the export/import method via the command line right on the SharePoint web front end server.  To export the site, these are the steps I tried:

  1. Fire up the command line
  2. CD \”Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN”
  3. Export the old URL using the following Command:

stsadm -o export -url http://intranet/website -filename c:\test\backup.cmp

However, when I tried this under my domain and SharePoint administrator account, I got this error:

The Web application at http://intranet/website could not be found. Verify that you have typed the URL
correctly.  If the URL should be serving existing content, the system administrator may need to add a
new request URL mapping to the intended application.

After searching a bit on this, it seemed like the problem may have been a permissions issue.  So, I confirmed that the administrator account I used had SharePoint Farm Administrative rights, as well as site collection administrative rights.  I then tried to run this same command with a designated “SharePoint Administrator” account which also had SharePoint Farm Administrative rights and Site Collection Administrative rights, but then got an Access Denied error.

After spending some time adding and removing rights for both of those accounts to see if I could get this working, I table the issue and moved on to other tasks.  One of those tasks was to delete some old subsites from our SharePoint.  I ended up stumbling upon the Content and Structure link under Site Administration:

And to my surprise, I found that it is possible to select any site and copy or move it:

  1. Select the parent site of the subsite you want to move in the left navigation pane
  2. Check the box next to the subsite that you want to move in the right pane, click the Actions drop-down and click Move
  3. Then select the destination of the subsite selected in the next dialog box

This method ended up being a lot more straight forward and quicker than the command line option.

I’m glad I found it!

Did you like this? Share it:

Tags: , ,

What’s New with Microsoft Exchange 2010?

September 1st, 2010 by admin | No Comments | Filed in Microsoft, Microsoft Infrastructure

Microsoft Exchange 2010 helps you achieve new levels of reliability and performance by delivering features that simplify your administration, protect your communications, and delight your users by meeting their demands for greater business mobility.  With new deployment and storage options, enhanced inbox management capabilities and e-mail archiving built-in, Exchange 2010 helps you lower costs and enhance business outcomes.

Flexible and Reliable

With Exchange, choose from on-premises deployment with Exchange Server 2010, a Microsoft hosted service with Exchange Online, or a seamless mix of both.  Microsoft’s commitment to Software plus Services ensures you can decide on your timeline for taking advantage of the flexibility and power of both without interrupting or changing your users’ experience.

Exchange 2010 offers a simplified approach to high availability and disaster recovery coupled with enhanced maintenance tools to help you achieve new levels of reliability to deliver business continuity.  Building on previous investments in Continuous Replication technologies in Exchange 2007, these investments:
  • Remove the need to deploy complex and costly clustering and third-party data replication products for full-scale Exchange redundancy
  • Automate mailbox database replication and failover with as few as two servers or across geographically dispersed datacenters
  • Maintain availability and fast recovery with up to 16 Exchange-managed replicas of each mailbox database
  • Limit user disruption during mailbox moves between e-mail servers, allowing you to perform migration and maintenance activities on your schedule, even during business hours
  • Guard against lost e-mail due to Transport Server upgrades or failures, through new built-in redundancy capabilities designed to intelligently redirect mail flow through another available route

Lowering the burden on your help desk and yourself is a key way in which you can accomplish more and reduce costs. This motivated investments in new self-service capabilities aimed at enabling users to perform common tasks without having to call the help desk. With this functionality you can:

  • Allow users to update their contact information and track delivery receipt information for e-mail messages, for example, without IT assistance
  • Offer an easy-to-use Web-based interface for common help desk tasks
  • Utilize the new Exchange Roles-based Access Control model to empower specialist users to perform specific tasks – like giving compliance officers the ability to conduct multi-mailbox searches – without requiring administrative control

 

Anywhere Access

Enhancements in the latest release of Exchange provide your users access to all of their communications from a single location while making it easier for them to collaborate with each other and their business partners.  These enhancements include the ability to:

  • Offer your users a premium Outlook experience across the desktop, Web, and mobile devices, including OWA support for browsers like Apple Safari and Mozilla Firefox
  • Unify access to e-mail, voice mail, instant messaging, and text messages enabling your users to choose the best way to communicate no matter where they are
  • Add native support for virtually every mobile device, including a premium experience with Windows Mobile, through Exchange ActiveSync
  • Share free/busy information with external business partners for fast and efficient scheduling, choosing the level of detail you wish to share

Exchange 2010 adds new productivity features that help your users easily organize and prioritize the communications in their inboxes. Your users will experience:

  • An enhanced conversation view that streamlines inbox navigation by automatically organizing message threads based on the natural conversation flow between communicating parties
  • MailTips that inform your users, before they click send, about message details that could lead to undeliverable or mis-sent e-mails, like accidentally sending confidential information to external recipients, reducing inbox clutter, extra steps, and help desk calls

With Exchange 2010, you can replace your traditional voice mail system with a unified solution integrated into the core of your communications platform. This new system will enable your users to receive their voice mail messages right in their inboxes, and manage those voice mail messages just as they do e-mail, with familiar tools like Outlook and Outlook Web Access. You will benefit from the cost-savings of voice mail systems consolidation and replacement and provide your users features like:

  • Text transcription of voice mail messages, allowing users to quickly triage messages without having to play the audio file
  • The power of a personalized auto attendant for their voice mail
  • Tools to create call answering and routing rules for individuals or groups of callers based on Caller ID and contact information ensuring that every caller gets the experience your users intend
  • Phone-based access to their whole inbox – including e-mail, calendar, and contacts – in nearly 30 languages with Outlook Voice Access

 

Protection and Compliance

Exchange 2010 delivers new, integrated e-mail archiving functionality–including granular multi-mailbox search, item-level retention policies and instant legal hold–making it easier to address compliance and discovery issues. Administrators get centralized control of all archives while users get direct access to their archived mail, including a familiar archive experience that does not disrupt the way they manage their inboxes every day. With these new features you can:

  • Easily move unwieldy Outlook Data Files (PSTs) from the PC back to Exchange for more efficient control and legal discovery
  • Simplify the classification of e-mail with new centrally definable Retention Policies that can be applied to individual e-mail messages or folders
  • Conduct cross-mailbox searches through an easy-to-use Web-based interface, or through Roles-based access control, empowering your HR or compliance officers to execute targeted searches

Exchange 2010 also expands Information Protection and Control support, making it easier to encrypt, moderate and block sensitive or inappropriate e-mail based on specific sender, receiver and content attributes. Key functionality enables you to:

  • Combine Exchange 2010 and Active Directory Rights Management Services (ADRMS) so that you and your users can apply Information Rights Management protection automatically to restrict access and use of information within a message–wherever it is sent.
  • Enable partners and customers to read and reply to IRM-protected mail–even if they do not have Active Directory Rights Management Services (ADRMS) on premise
  • Enable managers to review mail and either approve or block transmission
For more infromation, please visit Microsoft’s website at  http://www.microsoft.com/exchange/2010/en/us/whats-new.aspx
Did you like this? Share it:

Tags: , , , ,

« Older Entries