Monday, April 10, 2017

How to Enable Password Change feature in Exchange 2010 OWA

How to Enable Password Change feature in Exchange 2010 OWA

Recently I received requests from clients asking is there any option to enable the password change feature in OWA. This topic discusses how to setup configuration to make it.

Before we go-ahead and setup, we need to understand about the password policy settings implied with OWA Password change features.

There are three types of account policies in Windows Active Directory.

  • Account Password Policy.
  • Account Lockout Policy.
  • Kerberos authentication policy.
Account Password and Account Lockout Policy will be applied at default domain policy levels, which applied to OWA users as well.

We also need to understand about the password security policy level and these policy's will be applied once account enabled for Mail.

  • Password Complexity.
  • Password History.
  • Minimum password length.
  • Minimum password age.
  • Maximum password age

Exchange 2010 OWA includes a feature to allow users to change their passwords, but by default it’s disabled. You need to enable it.
  1. Log into your Exchange CAS machine (the OWA server). In a single Exchange environment, this is just your Exchange server. In a more complex setup, you will have a server(s) dedicated for CAS.
    1. Open regedit.
    2. Go to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesMSExchange OWA
    3. Create the DWORD key ChangeExpiredPasswordEnabled
    4. Set ChangeExpiredPasswordEnabled to 1
    5. Reboot the CAS server.

Thanks for Visiting. Keep watch for the further updates!

Tuesday, March 21, 2017

March 2017 Quarterly Exchange Update Released

Today Microsoft Released new/updated patches for Exchange 2007, 2010, 2013 and 2016.

As you know Exchange 2007 End of Life by 11th of April 2017 and read for further update exchange 2007 end of life support

Update Rollup 23 is the last update for Exchange 2007 SP3.
For Exchange 2010 SP3 Rollup 17.
For Exchange 2013 Cumulative Update 16.
For Exchange 2016 Cumulative Update 5.

Exchange 2016 CU 5 and Exchange 2013 CU16 doesn't have any Active Directory Schema update.

Please refer the Microsoft Article for more information.

Thanks for Visiting. Keep watch for the further updates!
Export the Members of Exchange Dynamic Distribution Group

I received the email from one of my friend asking how to extract the Dynamic Distribution Group Membership details from Exchange, as you know we cannot extract the data using Exchange Management console as we do for regular mailbox export list, but we can use Exchange Management Shell to extract the data.

Step 1: - Get details of Dynamic Distribution Group

Ideally, we need to find what attribute entry used to setup the Dynamic Distribution Group and the parameter, in the below example we have LDAPRecipientFilter parameter used the connection with “Location” attribute to setup.

Get-DynamicDistributionGroup -Identity "/" | fl

RunspaceId                             : c3966317-166a-4aa5-8d28-d58eeb6ec871

RecipientContainer                     :

RecipientFilter                        :

LdapRecipientFilter                    : (&(!cn=SystemMailbox{*})(&(&(&(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*))) )))(objectCategory=user)(l=Little Falls))))

IncludedRecipients                     :

ConditionalDepartment                  : {}

ConditionalCompany                     : {}

ConditionalStateOrProvince             : {}

ConditionalCustomAttribute1            : {}

Step 2: - Get details of Mail Recipient

Now, we need to extract the recipient details from above Dynamic Distribution Group so we will use Get-Recipient cmd.

Get-Recipient –Identity | FL

Step 3 Export Dynamic Distribution Group: -

Pick-up the parameter that you want while exporting the member details from Dynamic Distribution Group, like Display Name, PrimarySMTPAddress, Title, Database

$Dy=Get-DynamicDistributionGroup -Identity "/"

Get-Recipient -RecipientPreviewFilter $Dy.LdapRecipientFilter | select DisplayName,primarysmtpaddress | Export-Csv C:\temp\DynamicGroup.csv -NoTypeInformation

Thanks for Visiting. Keep watch for the further updates!

Saturday, March 18, 2017

Type of Exchange Configuration Nodes

In this article, we will go through what are types of configuration we have in Exchange.

  • Organization Configuration
  • Server Configuration
  • Recipient Configuration

Organization Configuration: -

Any changes/update in organization configuration settings that apply to your entire organization You can also create and manage federation configuration with other partner organization including Office 365.

Mailbox –Use this node to manage Mailbox Server role setting that applies to the entire organization such as Creating and Managing Database, DAG, Offline Address Book, Address List, Custom Folders.

Client Access – Use this node to manage Client Access Server Settings that apply to the entire organization such as Exchange Active-Sync Policy (Device Security, Encryption, Email Sync threshold etc), Outlook Web Access Policy (Enabling/Disabling OWA Segmentation, OWA File download, and View settings).

Hub Transport – Use this node to manage Hub Transport Server that applies to entire organization level such as Send connector, Accepted Domain, Remote Domain, Email Address Policy, Journaling Rules, Transport Rules, Global Settings.

Unified Messaging – Use this node to manage Unified Messaging Server settings that apply to the entire organization such as Dial Plan, Exchange Auto Attendant, Exchange UM Gateway and Unified Messaging Mailbox Policy.

Server Configuration: -

Use Server Configuration to view the list of Exchange Servers, Version and Build version.
Similar to Organization Configuration, Server Configuration also have four sub-nodes,

Mailbox Server – Use this node to manage mailbox server settings that apply to specific server level such as activating passive database as active, View list of available Domain Controller, View Logging Configuration details.

Client Access Server – Use this node to manage client access server setting that applies to the specific servers such as Outlook Web Access URL, Active-Sync, ECP, IMAP, POP3, and OAB.

Hub Transport Server – Use this node to manage hub transport server setting that applies to the specific server such as Create and Manage Receive Connector settings that apply to the specific server.

Unified Messaging Server – Use this node to manage to enable and to disable UM settings.

Recipient Configuration: -

Use Recipient Configuration to create and manage recipient related settings.

Similar to Organization and Server configuration, Recipient configuration also have 4 sub-nodes.

Mailbox –Use this node to create, remove, disable mailboxes and manage settings to the existing mailboxes including granting full mailbox access, send-as permission.

Distribution Group – Use this node to create, delete and manage mail-enabled distribution groups, Mail-enabled security groups, Dynamic Distribution Groups.

Contacts – Use this node to create and manage external mail enabled contacts.

Disconnected Mailbox – Use this node to view and connect disconnected mailboxes to the same user or different user/account.

Thanks for Visiting. Keep watch for the further updates!

Exchange 2010 Database Availability Group Setup

The Database Availability Group (DAG) is quietly most important feature in Exchange. In Exchange 2003, 2007 we used to have SCR, CCR, LCR clusters to maintain the high availability. In Exchange 2010 Microsoft combined CCR + SCR = DAG cluster functionalities together to improve the Exchange Database High Availability.

By now, I’m sure that most Exchange professionals have read up on the features of the DAG from the official Exchange product documentation, and the numerous articles that exist on the Internet. However, if you haven’t, you can find out what all the fuss is about within the Exchange 2010 product documentation.

In this article, we will cover mostly what is required and how to setup the Database Availability Group.

First and foremost important to understand is how we are going to setup the environment highly available all the times irrespective of Server OS level outage, VMware/Hyper-V Host Level, Site Level.

In this article, I am using the two-node DAG can be 

considered to be modeling a high availability solution 

within a single data center. However, this DAG 

configuration clearly cannot survive the loss of the 

data center itself, as no copies of the mailbox 
databases exist outside of the single site.

Before we setup DAG we need to understand what are the DAG component and how to setup properly,

DAG Components: -

DAG Name – We can have maximum 16 mailbox servers in a single DAG, Each DAG you create in exchange environment is a unique name, which ultimately used in the failover cluster.

DAG IP address – A DAG must have one or more Static IP address, In my environment, we have single AD site so I am using Single IP address but in your case, if it’s multiple AD sites, you can assign multiple IP addresses.

Witness Directory – If the witness server name has been specified then we must specify the witness directory, witness directory will keep the cluster configuration information.

Witness Server - If a DAG has an even number of mailbox servers contained within it, as is my environment DAG, a witness server will be used to act as an additional vote in the cluster to maintain cluster quorum. A CAS/Hub Transport server is typically chosen as the witness server, as long as that server role is not running on a member of the DAG.

Network Configuration: -
Network configuration playing the major role in Exchange DAG setup, if any misconfiguration on the NIC card setup leads poor behaviors. In exchange DAG setup either we can use dedicated MAPI & Replication Network as long as it is connecting to the backend physical NIC card delicately. Also, you can use single NIC card for MAPI + Replication this is fully supported.

MAPI Network: - This network used by client communication such as outlook and server to server communication.

Replication Network: -This network purely used for replication exchange transaction logs and reseeding the databases.

MAPI Network Setting
Replication Network Setting
Client for Microsoft Networks
QoS Packet Scheduler
Optionally Enabled
Optionally Enabled
File and Printer Sharing for Microsoft Networks
Optionally Enabled
Optionally Enabled
Link-Layer Topology Discovery Mapper I/O Driver
Link-Layer Topology Discovery Responder

DAG Setup Creation: -

Before we begin creating Exchange Database Availability Group, we need some of the prerequisites ready such as,
  • Add CAS/HUB server into Exchange Trusted Subsystem security group
  • Add Exchange Trusted Subsystem into server local administrator groups.
  • Create DAG Name computer object in AD.

Open Exchange Management Console Navigate to Organization Configuration and select Mailbox.
Select Database Availability Group tab, select “New Database Availability Group” option from Action pane.

As we discussed above in the article, specify the DAG Name, Witness Server and Witness Directory, Click Next.

If Witness server were already assigned to Exchange Trusted Subsystem and Local administrator group, you DAG creation will finish successfully.

Now, Right click the DAG Name that you created now, select properties

Select IP Addresses Tab and Update one or more IP address according to your environment, Click OK and Apply the changes.

Right Click DAG Name, Select “Manage Database Availability Group Membership”

Click “Add” and Select Mailbox servers that need to be part of selected DAG Member. This option helps you to add or remove servers from the DAG, when the server added to the DAG it will configure for automatic database recovery from database failures.

Click Manage

Now, we successfully completed DAG setup. Right Click the DAG you created and Select properties validate DAG Name, Witness server, Witness Directory, DAG IP address and Operation servers which are part of the DAG.

Select Database Availability DAG Network settings and ensure Replication and MAPI are enabled and all NIC card is UP.

Now, we validated all configuration settings and it’s time for us to configure the database copies.

Navigate to Organization Configuration, Select Database Management Tab
Select the database that you want to configure for High Availability

Select “Add Mailbox Database Copy

Click Browse and select Mailbox server, which needs to hold the Passive Database Copy. This creates a copy of the mailbox database in specified mailbox server and its enable continues replication from active database copy.

Click Add

Click Finish, Once database copy is created.

Repeat the steps for rest of your mailbox databases to configure HA.

Once you configured the passive database copy, Mailbox Replication service kicks to start replicating the Active Database EDB and Transaction Logs to Passive Database Server.

Once the replication is completed, it’s fully available for HA.

Thanks for Visiting. Keep watch for the further updates!