Add Exchange 2010 Powershell Modules with Domain Controller

Similar Messages

• ISA 2006 publish Exchange 2010 Outlook Anywhere with Kerberos Constrained Delegation

  Hi,
  I have two Exchange 2010 Sp1 CAS with Windows Network Loadbalancing. I set up an alternate Serviceaccount and mapped the http,ExchangeMDB,PRF and ExchangeAB SPNs.
  Then i published the Exchange Services via ISA 2006. OWA is working using Internet -> via NTLM -> ISA(webmail.domain.com) -> via KCD -> CAS-Array(ex2010.domain.com)
  I tried the same with Outlook Anywhere (RPC over HTTP) without success.
  Authentication to the ISA via NTLM works fine, but i think the isa server cannot delegate the Credentials successfully to the CAS-Server.
  The ISA Log looks like:
  Allowed Connection ISA 24.11.2011 15:50:40
  Log type: Web Proxy (Reverse)
  Status: 403 Forbidden
  Rule: Exchange 2010 RPC
  Source: Internal (172.16.251.33)
  Destination: (172.18.10.182:443)
  Request: RPC_OUT_DATA
  http://webmail.domain.com/rpc/rpcproxy.dll?ex2010.domain.com:6001
  Filter information: Req ID: 108b89d8; Compression: client=No, server=No, compress rate=0% decompress rate=0%
  Protocol: https
  So i always get a 403 Forbidden from the CAS.
  I the IIS logfile from the cas server i see this entry:
  2011-11-24 15:51:37 172.18.10.182 RPC_OUT_DATA /rpc/rpcproxy.dll ex2010.domain.com:6001 443 - <ISA IP> MSRPC 401 1 2148074254 203
  I use the same Listener for OWA and Outlook Anywhere. Authentication Methods are Basic and Integrated. I forward the request to a webfarm which exists of the two physical CAS. Internal Site Name is set to the NLB name ex2010.domain.com, SPN is set to http/ex2010.domain.com
  Thanks for your support

  Hi, i ran into the same Problem.
  the steps above solved mine too (Creating a custom AppPool which runs under LocalSystem).
  I wonder why they included only the Script: convertoabtovdir.ps1
  http://social.technet.microsoft.com/Forums/en-US/Forefrontedgegeneral/thread/dc24ccd3-378a-47cc-bbbf-48236f8fe5b0
  Ist this a supported configuration (changing AppPool of RPC)?

• Windows Server 2008 R2: Server unable to authenticate with Domain Controller

  Hello, I was wondering what could be the reason for this error if it is certain that there was no other computer on the network using the same name:
  This computer could not authenticate with<Domain-controller>, a Windows domain controller for domain <Domain-name>, and therefore this computer might deny logon requests. This
  inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. 
  What would cause the machine account pw to be 'not recognized'?

  You can track changes in AD by enabling AD Auditing: https://technet.microsoft.com/en-us/library/cc731764%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
  As reading the logs is usually a complicated and time consuming task, it is recommended to use a third party tool for auditing. The one I usually recommend is Lepide Auditor - Active Directory: http://www.lepide.com/lepideauditor/active-directory.html
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Script for synchronizing the clock with Domain Controller

  Hi Everyone,
  In our environment, we have Mac machines which are joined to window's domain. Once in while machine will not log on to domain because the OS clock had a different time than the domain controller and sooner you fix the clock, machine will start communicating with domain controller.
  I was wondering if there is an easier way to do this using script which can run every few hours to force the OS clock to synchronize with the domain controller.
  Thanks,

  You don't need an Applescript to do that.
  Enable the NTP server on the Windows Domain Controller (perhaps start here: http://technet.microsoft.com/en-us/library/cc773013.aspx).
  Then setup the Macs to use NTP (Network Time) to sync to the domain controller.

• ISA 2006 publish Exchange 2010 Outlook Anywhere with KCD/NTLM and IPSEC - Problem

  Hi
  I have setup ISA 2006 to publish Exchange 2010 Outlook Anywhere with Kerberos Constrained Delegation and IPSEC.
  The clients have an IPSEC policy pushed to them via GPO.  The clients are windows 7 laptops and the ISA server is server 2003, so the IPSEC connection is IKE not AuthIP.
  However, it seems that the connection will work for a while, then all of a sudden stop working with zero trace of why.  I cant get the Oakley log to work and I cant see any traffic on the ISA.
  I am wondering if I need to publish the CRL's externally?  Currently we don't, and the Outlook Anywhere uses private certificates (as the whole point of IPSEC is to validate the internal certificate, there is no point in using
  public certificates).
  I have tried using the StrongCRLCheck=0 registry key in the IPsec Policy Agent on the windows 7 machine but it doesn't seem to make a difference.
  Any advice would be appreciated.
  Steven

  Hi,
  Firstly, have you received any related error messages in ISA server or on the clients' side? Besides, as you mentioned IPsec, did you have a VPN connection?
  In addition,
  While ISA 2006 only includes a Client Access Web Publishing Wizard for both Exchange 2003 and Exchange 2007. Which Exchange version you have chosen when publishing Exchange 2010?
  Please also make sure that you have selected the
  External interface for the web listener to listen on.
  Besides, the link below would be helpful to you:
  OWA publishing using Kerberos Constrained Delegation
  method for authentication delegation
  Best regards,
  Susie

• User Migration from Parent Domain to Child Domain..The user is enabled with Exchange 2010 Mailbox in Parent Domain

  We currently have a single Windows 2008 R2 Active Directory domain controller, and an Exchange 2010 server. We are in the process of adding a child domain on a second Active Directory server for an offsite office location for a subdivision of our company.
  The two locations will be connected via VPN.
  Currently users exist on the root domain with Exchange accounts who will be moving to the new offsite company/location. We would like to be able to move these user accounts to the child domain while maintaining their existing Exchange mailboxes and
  email addresses. Is this possible, and if so how would we do it?

  Hi Srinivasa,
  According to your description, I think you have done all the preparation.
  For DL migration, the following article may give your some hints:
  How to Migrate Distribution Groups Across a Forest
  Good Luck!
  Niko Cheng
  TechNet Community Support

• Exchange 2010 - Report NDRs with powershell

  Hi all,
  I would like to analyze all internal NDRs within my exchange environment. For example we have systems which are hard coded with email addresses of internal recipients and people leave the business and their mailbox and associated email address will be removed
  from exchange but not from a third party system that has a list of addresses to send notifications out to or home grown scripts. In order to keep the email pipeline clean and follow best practices I would like to catch these NDRs and remove them from the relevant
  systems.
  Is there anyway I can do this with powershell, my environment Exchange 2010 SP2 and all the roles are on a single server.

  Hi Niko,
  I have just performed the following test:
  sent an email to an internal recipient were the address does not exist, example
  [email protected]
  The NDR does not come from [email protected]
  The headers for the NDR I got as listed below:
  MIME-Version: 1.0
  From: Microsoft Outlook
   <[email protected]>
  To: <[email protected]>
  Date: Thu, 11 Dec 2014 08:55:54 +0000
  Content-Type: multipart/report; report-type=delivery-status;
   boundary="129b7383-6632-4979-ab4a-e5742a33ae6b"
  X-MS-Exchange-Organization-SCL: -1
  Content-Language: en-GB
  Message-ID: <[email protected]>
  In-Reply-To: <[email protected]com>
  References: <[email protected]com>
  Thread-Topic: test
  Thread-Index: AdAVIEZfXlpAxeICRk2Dg71q+Amr/wAAADyf
  Subject: Undeliverable: test
  X-MS-Exchange-Organization-AuthSource: exchangeserver.mydomain.com
  X-MS-Exchange-Organization-AuthAs: Internal
  X-MS-Exchange-Organization-AuthMechanism: 05

• Exchange 2010 logon statistics with powershell

  I am trying to get some logon statistics from a Exchange server 2010, I am using the following command, 
  Get-MailboxServer | Get-LogonStatistics | Select UserName,ClientVersion,LastAccessTime,ServerName, but it returns this, 3587.0.32963.1, as a version
  number.
  I have read that it is af bug in Exchange 2010. Does anyone have a workaround?

  Right, I guess along with IP address Outlook doesn't send version information either back via Get-LogonStatistics...
  The client IP address for an Outlook 2010 client is not logged in Exchange when you use the Get-LogonStatistics command -
  http://support.microsoft.com/kb/2292750
  However you can get Version information from RPC Client Access Logs located in below folder...
  \Program Files\Microsoft\Exchange Server\v14\Logging\RPC Client Access

• DPM 2010 agent installation on Domain Controller

  Hello all, recently I tried to install the agent from my DPM 2010 server onto a Win2K8 Domain controller which failed (used a Domain Admin's credientials for the install, and on trusted domain). I remember in DPM 2007 you needed to install the agent through
  command line. Can someone post up the correct steps to get a DPM 2010 agent installed to a DC?

  Same issue here.
  Pushing a DPM 2010 agent to a Windows 2008 DC fails with the error:
  ============
  You cannot install the protection agent on SV-MGMT-03.xxxxxx.nl because access to the computer has been denied.
  ============
  The DPM 2010 agent software is installed but DPM doesn't add the server. With an attach i can add the server but DPM 2010 cannot communicate with it.
  ===============
  Protection agent version: 3.0.7696.0
  Error: Data Protection Manager Error ID: 270
   The agent operation failed on sv-mgmt-03.xxxxx.nl because DPM could not communicate with the DPM protection agent. The computer may be protected by another DPM server, or the protection agent may have been uninstalled on the protected computer.
  If sv-mgmt-03.xxxxxxx.nl is a workgroup server, the password for the DPM user account could have been changed or may have expired.
  Recommended action: Check the following to troubleshoot this issue:
  1) If the agent is not installed on sv-mgmt-03.xxxxxxxxx.nl, run DpmAgentInstaller.exe with this DPM computer as a parameter. For details, see the DPM Deployment Guide.
  2) To attach the computer correctly to this DPM server, run the SetDpmServer tool on the protected computer.
  3) If the computer is protected by another DPM server, or if the protection agent has been uninstalled, remove the protected data sources on this computer from active protection. Then, remove the entry of this computer from the Agents tab in the Management
  task area.
  4) If sv-mgmt-03.xxxxxxxxx.nl is a workgroup server, run SetDpmServer with the -UpdatePassword flag on the protected computer and Update-NonDomainServerInfo.ps1 on the DPM server to update the password.
  5) If the DPM server and the protected computer are not in the same domain, ensure that there is a two-way trust setup between the two domains.
   If the computer is protected by another DPM server, or if the protection agent has been uninstalled, you can remove the record of the computer from this DPM server.
  ==============
  Anyone a solution for this?

• Exchange 2010 Powershell virtual directory recreation

  Nevermind Fixed.....
  So apparently you have to run those commands in Powershell version 2.0, Exchange 2010 doesn't like powershell 3.0
  to do that type  powershell -version 2.0
  then type the exchange commands. 

  Ok, so I opened up my IIS console today to fix a problem with Exchange and the fix was to change one of the Modules in the Powershell Virtual Directory, but when I clicked on Modules it threw an error.  So I started to try an fix that, all the forums and suggestions I read said to remove the Virtual directory and recreate it...
  My problem is recreating it, I get the following error,  I've googled and searched a lot and can't find how to fix this. 
  This topic first appeared in the Spiceworks Community

• RAC on windows 2000 with domain controller

  Guys,
  I need advise on the following implementation.
  We have 2 IBM Xseries 365 Servers , 1 FastT600 Storage Windows 2000 Advanced Server, Oracle 9i, Oracle RAC
  We have plan of integrating 2 servers in Windows 2000 Cluster, one server would act as Domain Controller and second will act as Additional Domain Controller in the MS Cluster. We would be installing Oracle 9i Enterprise s/w on each one of these server's internal disks and datafiles on shared storage ( FastT600 ).. We would need to install Oracle RAC as well. As per Oracle recommandation, the cluster nodes shouldn't act as Domain controller. We didn't find any logical and techinical answer for this recommandation. Can anyone guide me as why is it so? and any issue may arise if we don't have separate doamin controller?
  Is it really required to have separate Domain controller ?
  Early replies would be appretiated..
  Thanks & Regards,
  Sam

  Hello hanspjacobsen,
  1. According to the subjects System Requrements - Windows 2008 R2 Domain Controllers do support
  Windows 8.1/2012 R2 admx deployment with some limitations regarding down-level server version of course. So yes - you can download and use it. Doubtfully the GPO presence in AD could
  harm Exchange in any way.
  2. With the course of updates for Exchange 2010 and Windows Server - I'm pretty sure we can expect Exchange 2010 supporting W2012 R2 DCs with close upcoming updates. So the full interoperability for those two is just a matter of little time.
  ▲ Vote if Helpful / Mark if Answer
  MCSE: Messaging 2013 Charter / Private Cloud / Server Infrastructure
  MaximumExchange.ru

• Prepare Exchange 2010 Test Environment with Hyper V

  Hi 
  We are preparing a test environment to check the migration from Exchange 2010 to 2013 and to get familiarized with 2013. Created the VMs of existing Domain Controllers using D2V tool, looking for suggestion on  how to prepare the Exchange 2010 servers
  ( 2 X MB servers in 1 DAG and 2 X Hub/CAS servers in WNLB) in VM environment - either by creating VMs of existing physical servers using D2V without DB storage LUNs (Dial tone DBs) or prepare the Exchange 2010 servers from DCs created in test lab.  
  Thanks in advance

  There's got to be a question in here somewhere.  How about a guide to setting up Exchange 2010 that you can then use for a test environment:
  http://technet.microsoft.com/en-us/library/ff709381(v=EXCHG.141).aspx
  Now, if you are asking how to configure your test environment to mimic production, you should probably get directory exports of your users, groups, and contacts (rather than trying to remove a production domain controller to use as the initial domain controller
  in your test environment), since it allows you to connect between the two environments without jumping through huge numbers of hoops - it also allows you to send email between them, which can be useful when testing external connectors.

• Internal outlook client connectivity in exchange 2010 when coexist with exchange 2013

  Hi all ,
  on my side i would like to clarify few queries.
  Say for instance i am coexisting exchange 2010 with exchange 2013 .Unfortunately if all of my exchange 2013 servers goes down .
  Q1 .On that time will the internal outlook users having their mailboxes on exchange 2010 can be able to connect mailboxes without any issues ? In case if they face any issues what kind of issues will they be? Because why i am asking is we should have pointed
  the autodiscover service to exchange 2013 during coexistence.
  When an user closes and reopens the outlook after whole exchange 2013 environment failure ,outlook will first query the autodiscover service for the profile changes to get it updated on users outlook profile.In such case autodiscover service will not be
  reachable and i wanted to know will that affects the internal client connectivity for outlook users having their mailboxes on exchange 2010.
  Q2. Apart from outlook internal users connectivity ,what kind of exchange services(i.e owa,active sync,pop,external OA and imap) will get affected when whole exchange 2013 environment goes down during coexistence ?
  I have read the below mentioned statement on this awesome blog but still i wanted to clarify with you all on my scenario.
  http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx<o:p></o:p>
  Internal Outlook Connectivity
  For internal Outlook clients using RPC/TCP connectivity whose mailboxes exist on Exchange 2010, they will still connect to the Exchange 2010 RPC Client Access array endpoint.
  For internal Outlook clients using RPC/TCP connectivity whose mailboxes exist on Exchange 2007, they will still connect directly to the Exchange 2007 Mailbox server instance hosting the mailbox.
  Please share me your suggestions and that would help me a lot .
  Regards
  S.Nithyanandham

  Hi Winnie Liang ,
  Thanks a lot for your reply.
  Scenario  1 : for internal outlook connectivity 
  We have below settings for exchange 2010 autodiscover.
  mail.domain.com - will be the namespace for internal autodiscover URI for all the exchange 2010 cas serves
  We are going to have below settings for exchange 2013 autodiscover.
  mail.domain.com - will be the namespace for internal autodiscover URI for all the exchange 2013 cas serves
  During coexistence mail.domain.com will be pointed to exchange 2013 cas servers . I mean to say if we try to resolve the mail.domain.com it will get resolved in to the exchange 2013 cas servers.
  So on such case if anything happened wrong to the new environment or else if entire environment goes down .Do we face any issues while outlook users connect to existing mailboxes in exchange 2010 ?
  Because why i am asking is ,on the below mentioned article i have read all the autodiscover request will go via exchange 2013 cas servers during coexistence.That means all the existing mailboxes in exchange 2010 will also have to query exchange 2013 cas
  servers for autodiscover request.During the whole exchange 2013 environemnt failure whenever the user tries to close and open outlook .Outlook will first queries the autodiscover service for any changes happened on that particular mailbox and it will try to
  get it updated on user profile.
  http://blogs.technet.com/b/exchange/archive/2014/03/12/client-connectivity-in-an-exchange-2013-coexistence-environment.aspx
  Would it be possible to make the exchange 2010 mailbox users to query only the scp points which belongs to the exchange 2010 cas servers for autodiscover request ?
  Scenario 2: For exchange services
  mail.domain.com - will be the namespace for all the exchange 2010 services (i.e owa,activesync,external outlook anywhere,pop,imap)
  mail.domain.com - will be the namespace for all the exchange 2013 services (i.e owa,activesync,external outlook anywhere,pop,imap)
  What about the above services will it get affected during whole exchange 2013 environment failure ?
  Note : We are not facing this issue , i hope everything goes well in my environment while doing coexistence i am just asking this question on my own interest?
  Regards
  S.Nithyanandham
  Thanks S.Nithyanandham

• Exchange 2010 Autodiscocer for non-domain computers.

  Hello. I have problems with autodiscover for non -domain computers. Somebody can explain me in turn what i must do for configuration. 

  Hi,
  For your Non-domain joined clients, the Outlook would connect to Exchange mailbox from the Internet. We need to enable Outlook Anywhere for your external users:
  Enable-OutlookAnywhere -Server:Exch10 -ExternalHostname:mail.contoso.com
  -ClientAuthenticationMethod:Ntlm -SSLOffloading:$true
  For autodiscover service, when Outlook is started on a client that is not domain-connected, it first tries to locate the Autodiscover service by looking up the SCP object in Active Directory. Because the client is unable to contact Active
  Directory, it tries to locate the Autodiscover service by using Domain Name System (DNS). In this scenario, the client will determine the right side of the user’s email address, that is, contoso.com, and check DNS by using two predefined URLs. For example,
  if your email address is [email protected], Outlook will try the following two URLs to try to connect to the Autodiscover service:
  https://contoso.com/autodiscover/autodiscover.xml
  https://autodiscover.contoso.com/autodiscover/autodiscover.xml
  For more information about autodiscover service in Exchange 2010, please refer to:
  http://technet.microsoft.com/en-us/library/jj591328(v=exchg.141).aspx
  Therefore, you don’t need to change any configuration for Autodiscover. Just make sure your Exchange certificate which is assigned with IIS service has included aotodiscover.contoso.com name and the certificate is valid and trusted for external
  user using. If not, please create a new SRV record for your autodiscover service and pointed to
  mail.contoso.com. For more information about SRV record of autodiscover, please click:
  http://support.microsoft.com/kb/940881
  Regards,
  Winnie Liang
  TechNet Community Support

• Exchange 2010 RTM Analyzer giving domain prep error but version number is correct?

  I have recently inherited an Exchange 2010 Standard server environment, which appears to be running RTM and unpatched.
  Version: 14.0 (Build 639.21)
  When I run Best Practice Analyzer, it gives an error message, claiming that an unrecognized Exchange signature for the domain.   The signature it detects is 12639, but  MS' list of Exchange Signatures for Exchange 2010 appear to be:
  Exchange Server 2010: 12769
  Exchange Server 2010 SP1: 13040
  So I'm not sure why Exchange Best Practice Analyzer is claiming that the signature is unrecognized?  Is this a known issue?   I am preparing to upgrade the server to Service Pack 3, but I don't want to attempt the upgrade if BPA is still claiming
  a critical issue with the domain prep.

  Hi,
  Based on my knowledge, the above error is a known issue in Exchange 2010 RTM and it won't cause any risk. You can upgrade to Exchange 2010 SP3.
  What's more, here is a thread for your reference.
  2010 ExBPA
  http://social.technet.microsoft.com/Forums/exchange/en-US/0d76559d-946b-4915-a54a-ee3914081f2e/2010-exbpa?forum=exchange2010
  Hope my clarification is helpful.
  Best regards,
  Amy
  Amy Wang
  TechNet Community Support