Blog

Granikos Technology Blog

Manage your certificate store with PowerShell

On Januar 9, 2015

Thomas Stensitzki | MVP

0 Kommentar

Certificates, PowerShell

English, Security

10266 Views

You can use PowerShell to manage your local certificate store.

The default PowerShell Get-ChildItem cmdlet allows for accessing the local certificate store. But you should start your PowerShell shell windows as an administrator, as access might be restricted by GPO settings.

List all certificate folder on the local machine

Get-ChildItem -Path Cert:\LocalMachine

Name : TrustedPublisher
Name : ClientAuthIssuer
Name : Remote Desktop
Name : Root
Name : TrustedDevices
Name : SPC
Name : CA
Name : REQUEST
Name : AuthRoot
Name : WebHosting
Name : TrustedPeople
Name : My
Name : SmartCardRoot
Name : Trust
Name : Disallowed

List all available certificates for the computer

Get-ChildItem -Path Cert:\LocalMachine\My

    Directory: Microsoft.PowerShell.Security\Certificate::LocalMachine\My

Thumbprint                                Subject
----------                                -------
EC225A0183DC64D864C8BEA1477822858FCEC767  CN=WMSvc-EXSRV02
E2BC29B1445FD267E5A2823591A5221D67D0D94F  CN=Microsoft Exchange Server Auth Certificate
D8EE794A39A8E04BE32A1E8BED93A3C46D15E0EF  CN=EXSRV02
60246A87C12BEB365E7B4044C926587590A3D7B6  CN=mobile.mcmemail.de, O=mcmemail, C=DE
5F103D6C61BF57D86DB4AAA05597B0D1E8155884  CN=EXSRV02.mcmemail.de, CN=EXSRV02, CN=127.0.0.1, CN=localhost, O=Trend Micro.

Retrieve certificate details

The example shows a self-signed certificate of a Trend Micro ScanMail for Exchange setup.

$cert = Get-ChildItem -Path Cert:\LocalMachine\My\5F103D6C61BF57D86DB4AAA05597B0D1E8155884
$cert | fl

Subject      : CN=EXSRV02.mcmemail.de, CN=EXSRV02, CN=127.0.0.1, CN=localhost, O=Trend Micro ScanMail for Microsoft
               Exchange
Issuer       : CN=EXSRV02.mcmemail.de, CN=EXSRV02, CN=127.0.0.1, CN=localhost, O=Trend Micro ScanMail for Microsoft
               Exchange
Thumbprint   : 5F103D6C61BF57D86DB4AAA05597B0D1E8155884
FriendlyName :
NotBefore    : 17.11.2014 00:00:00
NotAfter     : 16.11.2017 00:00:00
Extensions   : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid}

A certificate issued by an Enterprise CA looks like this

$cert = Get-ChildItem -Path Cert:\LocalMachine\My\60246A87C12BEB365E7B4044C926587590A3D7B6
$cert | fl

Subject      : CN=mobile.mcmemail.de, O=mcmemail, C=DE
Issuer       : CN=mcmemail-DC01-CA, DC=mcmemail, DC=de
Thumbprint   : 60246A87C12BEB365E7B4044C926587590A3D7B6
FriendlyName : mcmemail Exchange Server 2013 Certificate
NotBefore    : 28.08.2014 15:14:04
NotAfter     : 28.08.2015 15:24:04
Extensions   : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid,
               System.Security.Cryptography.Oid...}

Export a single certificate

$cert | Export-Certificate -FilePath C:\tmp\cert1.p7b -Type p7b

    Directory: C:\tmp

Mode                LastWriteTime     Length Name
----                -------------     ------ ----
-a---        23.12.2014     11:56       1380 cert1.p7b

Export multiple certificates as serialized certificates

$certarray = @()
$certarray += $cert
$cert = Get-ChildItem -Path Cert:\LocalMachine\My\D8EE794A39A8E04BE32A1E8BED93A3C46D15E0EF
$certarray += $cert
$certarray

Directory: Microsoft.PowerShell.Security\Certificate::LocalMachine\My

Thumbprint                                Subject
----------                                -------
60246A87C12BEB365E7B4044C926587590A3D7B6  CN=mobile.mcmemail.de, O=mcmemail, C=DE
D8EE794A39A8E04BE32A1E8BED93A3C46D15E0EF  CN=EXSRV02

$certarray | Export-Certificate -FilePath c:\tmp\certs.sst -Type SST

    Directory: C:\tmp

Mode                LastWriteTime     Length Name
----                -------------     ------ ----
-a---        23.12.2014     11:58       3056 certs.sst

Enjoy working with certificates.

Do you plan to upgrade to Exchange Server 2013? Do you wonder what the benefits of Office 365 are? Contact us at info@granikos.eu

Verbundene Einträge

Agile Project Management - Agile on the next Level - Program Management (Part 4)
The Program:

Implementation/migration of round about 25 instances with a Specific Laboratory Software, supporting ~30 laboratories world-wide

Reduce support cost per instance by standardization (for existing and added instances)

Development of a template ("foundation") containing common functionality which can be influenced by configuration. Integration of the foundation into all instances. Provide all instances in operation with the current version of the foundation on a regular basis.

The challenges:

2-3 implementation projects parallel

Full scope not clear in the beginning

Increasing number of instances in operation

Regular update of foundation version necessary to keep them streamlined in order to reduce support cost

Requirements and bugfixes from systems in operation have to be included into foundation development process

Many and changing team members, part-time availability

Round about 12 team members (incl. development and support)

Changes due to boundary conditions triggered by external influences

80% of people only part-time available for the program

High interdependency between ongoing projects and Systems which are already in in operation due to foundation development and shared resources.

Organization of communication process between projects and operation

Balancing individual business needs on one hand versus streamlined standard software on the other hand

Why agile:

Manage individual projects (introduction of new Software)

Decision for projects taken during run-time of the program

Sequence of projects changing

Manage user stories across projects (details not available at start of the program)

Each new project delivers a slightly differentiating list of user stories

Each instance in operation delivers additional stories

Manage process

Change process quite complex, adaptions to the process must be quickly implementable

The agile setup - how did we handle the challenges:

In fact the program has been setup before we got in touch with the standard Scrum process (See our blog: What is Scrum?). So we used other role names, but some of them have exactly - amongst others - the tasks defined for the standard Scrum roles.

Orange = Business, Green = IT

Scrum Master ~ Development Coordinator / Program QA

Product Owner

Program Manager

Overall Product Owner

Project Manager and Application Managers

Product Owner for particular instances -> Prioritization and review / testing of stories

Write User Stories

"Imitate" the end user for sprint releases

Global Change Manager

Scope definition for the foundation

Release management of the foundation

Organization of SME-Board

Prioritization

Product Owner for foundation

Architect

Knowledge of implementation framework

Sets up development guidelines and general implementation approach

Gives first estimation of requirements with a technical view

Better management of the large product backlog, due to technical understanding, prioritization estimation

Program QA

Set up of change management process for the program

Regular overall review of change management process

Additional meetings

Subject Matter Experts Board (SME) (bi-weekly)

Participants: Whole team

Reviews the requirements from a technical and functional point of view

Gives implementation recommendations as decision memo for the CAB (Change Advisory Board)

Discusses additional technical issues

Process Review Meeting (quarterly in the beginning, currently twice a year)

Participants: Whole team

The experiences:

User stories: Definition of user stories dependent on target group, developing a template of user story definition fitting for all team member in different roles, with different views and different backgrounds is a time consuming task

Testing: Developing awareness for testing right after delivering of implemented user story took also lot of time and patience

Definition of project related sprint releases is useful to get quick feedback and reduces the effort for project managers (not every project manager has to test each increment)

A clear definition of product ownership incl. responsibility for successful product delivery is important for a successful project

This was the last part of our small Series about Agile Project Management

The whole Series contains 4 pieces:

Agile Project Management – Basics (Part1)
Agile Project Management – What is SCRUM (Part2)
Agile Project Management – Agile Project Management in real Life (Part3)
Agile Project Management – Agile on the next Level – Program Management (Part4)

If you have any comments on our Articles, your Feedback is highly welcome.
Microsoft 365 - Gute Einstiegspunkte für den Wissensaufbau und die Einführung ins Unternehmen
Letzte Aktualisierung: 25. Juni 2021

Der Start mit Microsoft 365 ist nicht immer so einfach. Im Internet findet man ein Vielzahl an Informationen, weiß jedoch nicht sofort, welche Quellen "gute" Quellen sind und welche eher "nebulösen" Charakter haben.

Die folgenden Links sollen Ihnen den Einstieg in das Thema Microsoft 365 und in die Verwaltung der Clouddienste erleichtern.

Allgemeine Informationen

Microsoft 365 für Großunternehmen (Microsoft 365 Enterprise)

Microsoft 365 für mittelständische Unternehmen (Microsoft 365 Business)

Microsoft 365 für den Bildungsbereich (Microsoft 365 Education)

Office 365 for IT Pros

Office 365 Roadmap Watch

Office 365 Network Onboarding tool

OneDrive for Business Leitfaden für Unternehmen

Power Platform Self-Service Purchase FAQ

The Complete Office 365 and Microsoft 365 Licensing Comparison

Microsoft 365 Data Protection Addendum (https://aka.ms/DPA)

Wo Kundendaten gespeichert werden

Datenschutz-Folgenabschätzung: Leitfaden für Datenverantwortliche, die Microsoft Office 365 verwenden

Workshop-Schulung für Chief Information Security Officer (CISO)

Microsoft 365 - Compliance Informationen

Microsoft Compliance Configuration Analyzer (MCCA)

Microsoft Cloud App Security (MCAS)

Licensing Terms and Documentation - Online Services SLA

Product names and service plan identifiers for licensing

Datenschutz

Microsoft Viva Insights-App in Microsoft Teams

Datenschutzhandbuch für Briefing-E-Mails

Datenschutzhandbuch für MyAnalytics

Datenschutz Workplace Analytics

Differenzieller Datenschutz in Workplace Analytics

Datenschutz und Microsoft Teams

Mitbestimmung beim Einsatz von Cloud-Diensten

Adoption

Übersicht der Adoption Ressourcen

Microsoft 365 Adoption Guide

Microsoft Teams Adoption Guide

OneDrive Adoption Guide

Security & Compliance Adoption Guide

SharePoint Adoption Guide

Teamwork Governance

Outlook Mobile Adoption Guide

Yammer Adoption Guide

Schnellstart-Handbücher

Hybrides Arbeiten

Exploring the Science of Work and Ingenuity

Entwicklung

Erweiterbarkeit von Microsoft 365 - Extensibility Look Book Gallery

Designing your Microsoft Teams app with UI templates (https://aka.ms/teams-ui-kit)

Microsoft Teams Development Samples (https://aka.ms/teams-samples)

Migration

Migrate your content into Microsoft 365

Azure AD

Berechtigungen der Administratorrollen in Azure Active Directory

Microsoft Teams

Speicherort von Daten in Microsoft Teams (https://aka.ms/teams-locations)

Verwalten von Personen, die Office 365-Gruppen erstellen können (https://aka.ms/create-o365-groups)

Microsoft Teams IT-Architektur- und Telefonielösungen Poster

SWOOP Benchmark Report (Video)

PowerShell Module

Folgende PowerShell Module benötigen Sie für die Verwaltung von Microsoft 365.

Azure AD (v2.0)
Wenn Ihnen ein Azure AD PowerShell Cmdlet begegnet, dass nicht im produktiven Release des Azue AD Modules enthalten ist, benötigen Sie eventuell die Azure AD Preview Version des Modules.

# Import des PowerShell-Modules Install-Module -Name AzureAD # Aufbau einer Verbindung zu Azure AD des globalen Office 365 Angebotes Connect-AzureAD # Aufbau einer Verbindung zu Azure AD des globalen Office 365 Angebotes (solange noch verfügbar) Connect-AzureAD -AzureEnvironmentName AzureGermanyCloud

SharePoint Online (PowerShell Gallery), bevorzugte Variante

SharePoint Online (Classic Installer)

# Direkte Installation über die PowerShell Gallery Install-Module -Name Microsoft.Online.SharePoint.PowerShell # Import des SharePoint Online PowerShell-Modules Import-Module -Name Microsoft.Online.SharePoint.PowerShell # Festlegung des UPN-Anmeldenamen des SharePoint-Administrators $UPN = 'user@varunagroup.de' # Beispiel UPN # Festlegung des Office 365 Tenant-Namen $SPOOrgName = 'VARUNAGROUP' # Beispiel Organisation # Festlegung der Anmeldedaten # Bei NUtzung von MFA muss das App-Kennwort verwendet werden $Credential = Get-Credential -UserName $UPN -Message "Geben Sie Ihr Kennwort ein." # Aufbau der Verbindung zu SharePoint Online OHNE MFA Connect-SPOService -Url "https://$($SPOOrgName)-admin.sharepoint.com" -Credential $Credential

# Aufbau der Verbindung zu SharePoint Online MIT MFA Connect-SPOService -Url "https://$($SPOOrgName)-admin.sharepoint.com"

Exchange Online PowerShell V2 (Recommended)

# Installation des PowerShell-Modules Install-Module -Name ExchangeOnlineManagement # Aufbau einer Verbindung zu Exchange Online # Nach der Verbindung können Sie V2-Cmdlets und ältere EXO-Cmdlets nutzen Connect-ExchangeOnline -UserPrincipalName admin@varunagroup.de

Exchange Online PowerShell V2 Dokumentation

Hinweis

Mit dem PowerShell Cmdlet Connect-EXOPSSession können Sie sich auch in der Azure Cloud Shell mit Exchange Online verbinden und wie gewohnt verwalten. (Mehr erfahren)

~~Exchange Online (Click-to-Run, C2R)~~

Nutzen Sie nur noch das neue Exchange Online PowerShell Module v2 für die Verwaltung von Exchange Online.

# Aufbau der Verbindung zu Exchange Online mit dem EXO MFA PowerShell-Modul V1 # zum globalen Office 365 Angebot Connect-EXOPSSession -UserPrincipalName admin@varunagroup.de # Beispiel UPN # zum deutschen Office 365 Angebot, solange verfügbar Connect-EXOPSSession -UserPrincipalName admin@varunagroup.de -ConnectionUri https://outlook.office.de/PowerShell-LiveID -AzureADAuthorizationEndPointUri https://login.microsoftonline.de/common # Beispiel UPN

Microsoft Teams

# Import des PowerShell-Modules Import-Module -Name MicrosoftTeams # Aufbau einer Verbindung zu Microsoft Teams im globalen Office 365 Angebot Connect-MicrosoftTeams

Teams PowerShell Overview

~~Skype for Business~~

Der Skype for Business Connector ist abgekündigt. Nutzen Sie das Microsoft Teams PowerShell Modul für alle Konfiguration rund um Teams und Enterprise Voice.
Weitere Information finden Sie in diesem Artikel: Move from Skype for Business Online Connector to the Teams PowerShell module

# Verbindung zu Skype for Business Online # Dieses PowerShell-Modul wird auch zur Verwaltung von Microsoft Teams Funktionen verwendet # Import des Skype for Business PowerShell-Modules Import-Module -Name SkypeOnlineConnector # Administrator-Anmeldeinformation $Credential = Get-Credential # Erstellung einer neuen Skype for Business Online Session $SfBSession = New-CsOnlineSession -Credential $userCredential # Import der SfBSession in die aktuelle PowerShell-Session Import-PSSession SfBSession

Microsoft Graph

# Import des Graph PowerShell-Modules Import-Module -Name Microsoft.Graph.Intune # Akzeptieren der administrativen Zugriffsberechtigungen (einmalig notwendig) Connect-MSGraph -AdminConsent # Aufbau einer Verbindung zu Microsoft Graph $UPN = 'admin@varunagroup.de' # Beispiel UPN $password = Read-Host -AsSecureString -Prompt "Enter password for $UPN" $Credential = New-Object System.Management.Automation.PSCredential ($UPN, $password) $Connection = Connect-MSGraph -PSCredential $Credential

Für eine vereinfachte administrative Anmeldung empfehle ich Ihnen das PowerShell-Skript Connect-O365.ps1 von Chris Goosen bei GitHub.

Microsoft Commerce (Self-Service Kaufoptionen für Anwender)

# Installation des PowerShell-Modules Install-Module -Name MSCommerce # Import des PowerShell-Modules Import-Module -Name MSCommerce # Aufbau einer Verbindung zu Microsoft Commerce im globalen Office 365 Angebot Connect-MSCommerce

Office 365 Service Communications

# Installation des PowerShell-Modules Install-Module O365ServiceCommunications # Import des installierten PowerShell-Modules Import-Module O365ServiceCommunications # Aufbau einer neuen PowerShell-Session # Funktioniert nur mit Basic Authentication, nicht mit MFA $cred = Get-Credential $session = New-SCSession -Credential $cred -Locale de-de # Beispiel der Serviceinformationen im zugeordneten Office 365-Mandanten Get-SCServiceInfo -SCSession $session

PSServicePrincipal

PowerShell Gallery: https://www.powershellgallery.com/packages/PSServicePrincipal

Projektseite: https://github.com/dgoldman-msft/PSServicePrincipal

PowerShell-Skripte

GitHub

PowerShell Gallery

Meine Community-Skripte für Exchange Online und Office 365

PowerShell GUI zur Anmeldung an mehrere Microsoft 365 Dienste

Export Microsoft 365 Group Report to CSV Using PowerShell

Microsoft Graph

Graph Explorer

Blogs

Nachfolgend finden Sie eine Empfehlungsliste für Blogs, die ich regelmäßig als Informations- und Lernquelle nutze. Ebenso finden Sie Links zu Webseiten von Office 365-Experten, die interessante Informationen, jenseits von Blogartikeln, bereithalten.

Hans Brender aka Mr. OneDrive

Randy Chapman's UC Status – The home of UC News, Reviews & How-to's

The Lonely Administrator - Practical advice for the automating IT Professional

Mr. Tony Redmond - Office 365, technology, and anything else really…

Just Can't Get Enough of IT Blog

Granikos Blog

Jaap Wesselius - UC Specialist Blog

Luise Freese - Sketchnote Artist

Brian Reid - Office 365 Subject Matter Expert

Tim McMichael - Navigating the world of high availability…and occasionally sticking my head in the cloud…

Todd Klindt's Office 365 Admin Blog

Waldek Mastykarz - Innovation Matters | Office Development MVP

Tomislav Karafilov - IT – SharePoint – .NET – Office 365 – Azure – DevOps – Community

Microsoft 365 Blog

Enterprise Mobility + Security

Office 365: Developer Blogs

Microsoft Security

Tools

Mailscape 365
Aktive Überwachung von Office 365 Endpunkten und der Cloud-Anwendererfahrung für Ihre Mitarbeiter

ShareGate Apricot
Reporting und Management Lösung für Microsoft Teams und Office 365-Gruppen

ScriptRunner
Software zur professionellen PowerShell Automatisierung

AdminDroid
Detailliertes Reporting und Controlling Ihres Office 365 Tenants

Feedly
Tool zur Aggregierung von RSS-Feeds

Weitere technische Links finden Sie im Artikel Troubleshooting Links für Exchange, Office 365 und mehr.

Viel Spaß mit Microsoft 365.

Mailscape 365 - Überwachung von Hybrid Exchange und Office 365: Viele Unternehmen verwenden eine lokale Exchange Organisation und Exchange Online in einer Hybrid-Konfiguration, um die Anforderungen ihrer Mitarbeiter zu erfüllen. Der Betrieb einer hybriden Exchange Organisation seine ganz eigenen Herausforderungen für das Monitoring der Dienstverfügbarkeiten. Beginnen Sie noch heute einen unverbindlichen 14-Tage Test von Mailscape 365.

Aktualisierungen

2021-06-25: Link zum Sway Mitbestimmung beim Einsatz von Cloud-Diensten hinzugefügt
2021-05-31: Datenschutz und Microsoft Teams hinzugefügt
2021-05-27: Abschnitt Hybrides Arbeiten hinzugefügt
2021-05-12: Abschnitt Enwicklung hinzugefügt
2021-03-29: Abscnitt Datenschutz hinzugefügt
2021-02-25: Abschnitt Migration hinzugefügt
2021-02-11: Microsoft Cloud App Security (MCAS) hinzugefügt
2021-02-08: Datenschutz-Folgenabschätzung: Leitfaden für Datenverantwortliche, die Microsoft Office 365 verwenden hinzugefügt
2021-01-31: Abschnitt Azure AD hinzugefügt
PowerShell Scripts for the Community
Last updated: 2020-10-25

The following PowerShell scripts have been published by our Exchange and Office 365 experts to the technical community at TechNet Gallery. Please use the GitHub repositories to report issues or to file feature requests.

General

GlobalFunctions Module
A module to provide centralized logging capabilities. This script is a *must have* for other Exchange 2013/2016/2019 modules if mentioned in the notes section of the script.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/210/globalfunctions-shared-powershell-library

PowerShell Gallery: https://www.powershellgallery.com/packages/GlobalFunctions

Office 365

Test Office 365 Domain Availability
Using this script you can test the domain availability in Office 365 and Azure AD.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/296/test-office-365-domain-availability

Github: https://github.com/Apoc70/Test-DomainAvailability

Test thumbnailPhoto for Azure AD guest users
Using this script you can update the default guest user profile photo.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/1708/set-thumbnailphoto-for-azure-ad-guest-users

Github: https://github.com/Apoc70/Set-GuestUserPhoto

Exchange Server 2013 / 2016 / 2019

Exchange Environment Report v2
This script creates an HTML report showing the following information about an Exchange 2019, 2016, 2013, 2010, and, to a lesser extent, 2007 and 2003 environment.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/1718/exchange-environment-report-v2

Github: https://github.com/Apoc70/Get-ExchangeEnvironmentReport

Report for enabled client protocols
This script gathers a list of enabled users for a selected Exchange Server client protocol.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/1815/report-for-enabled-client-protocols

Github: https://github.com/Apoc70/Get-EnabledProtocolReport

Export delegate and SMTP forwarding information for Exchange (Online) mailboxes
PowerShell script to export mailbox delegates, SMTP forwarding inbox rules, and mailbox SMTP forwarding information or compliance auditing.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/1693/export-mailbox-delegates-and-smtp-forwarding-information

Github: https://github.com/Apoc70/Get-DelegatesAndForwardingRules

Manage Master Category List for Shared Mailboxes and Teams
C# solution to export/import/copy the master category list to other users/shared mailboxes or even Microsoft Teams calendar.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/1423/manage-master-category-list-for-shared-mailboxes-and-teams

Github: https://github.com/Apoc70/MailboxCategoryListManager

Create a new Room Mailbox with Security Groups
A script to create a new room mailbox with associated full access and/or send-as security groups.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/337/create-a-new-room-mailbox-with-security-groups

Github: https://github.com/Apoc70/New-RoomMailbox

Export all user mailbox permissions
This script exports all mailbox folder permissions for mailboxes of the type UserMailbox. This is useful for documentation purposes prior to migration.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/219/export-all-user-mailbox-folder-permissions

Github: https://github.com/Apoc70/Get-MailboxPermissionReport

Remove Out-Of-Office rules from user mailbox
This script searches for OOF rules created by users using the Outlook rule-tab in the OOF assistant and deletes existing OOF rules.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/328/remove-out-of-office-rules-from-user-mailbox

Github: https://github.com/Apoc70/Manage-OOF-Settings

Add resized user photos automatically
This script supports resizing of user photos and storing the resized images in Active Directory, Exchange On-Premises, or Exchange Online.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/307/add-resized-user-photos-automatically

Github: https://github.com/Apoc70/Set-UserPictures

Parse email messages content for further processing
This script fetches emails from a given monitoring mailbox by searching email messages for a given subject string.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/322/parse-mailcontent

Github: https://github.com/Apoc70/Parse-MailContent

Update OWA vDir config across multiple servers
This script checks multiple Exchange Server 2013 OWA web.config files for the existence of IMCertificateThumbprint and IMServerName XML nodes required for Skype for Business OWA integration.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/301/update-owa-vdir-webconfig-across-multiple-exchange-servers

Github: https://github.com/Apoc70/Set-OwaIMSettings

Remove Orphaned HealthMailbox and SystemMailbox Accounts from MESO Container
This script removes Active Directory objects for HealthMailboxes or SystemMailboxes in the Microsoft Exchange System Objects (MESO) container that do not have a homeMDB attribute set.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/297/remove-orphaned-healthmailbox-and-systemmailbox-accounts-from-meso-container

Github: https://github.com/Apoc70/Remove-OrphanedMailboxAccounts

Connect to Exchange Server 2013+ using remote PowerShell
This script connects to a dedicated or a randomly selected Exchange Server using remote Powershell.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/293/connect-to-exchange-server

Github: https://github.com/Apoc70/Connect-ToExchange

Create Exchange internal/external Url based certificate requests
This script helps to create certificate requests (CSR) based on hostnames used for internal and external URLs of Exchange Server virtual directories.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/290/create-exchange-internalexternal-url-based-certificate-requests

Github: https://github.com/Apoc70/Create-CertificateRequest

Export Messages from Transport Queue
Script to suspend and export messages from a transport queue.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/282/export-messages-from-message-queue

Github: https://github.com/Apoc70/Export-MessageQueue

Simple import of multiple PST files for a single user
A script to simplify the import of multiple PST files for a single user.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/234/simple-import-of-multiple-pst-files-for-a-single-user

Github: https://github.com/Apoc70/Start-MailboxImport

Create a new Team Mailbox with Security Groups
A script to create a new shared mailbox with associated full access or send-as security groups.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/239/create-a-new-team-mailbox-with-security-groups

Github: https://github.com/Apoc70/New-TeamMailbox

Find and remove corrupt HealthMailboxes
Script to find and remove or disable Exchange Server 2013 HealthMailboxes

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/212/find-and-remove-corrupt-healthmailboxes

Github: https://github.com/Apoc70/Fix-HealthMailboxes

Change IIS Log File Settings
Script to configure IIS log file location and other log file settings, especially for Exchange Server 2013/2016

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/220/change-iis-log-file-settings

Github: https://github.com/Apoc70/Set-Webserver

Purge Exchange Server 2013/2016/2019 and IIS Log Files
Script to purge Exchange Server 2013/2016/2019 and IIS log file remotely from a managing or job server

Blog: https://www.granikos.eu/de/justcantgetenough/PostId/208/purge-exchange-server-and-iis-log-files

Github: https://github.com/Apoc70/Purge-LogFiles

Send emails for Transport Agent and Transport Rule testing
A script for sending a defined number of emails of a certain type having a specific attachment for the testing of Transport Agents and Transport Rules

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/215/send-test-emails-to-validate-transport-rules-or-transport-agents

Github: https://github.com/Apoc70/Send-TestMail

Copy a receive connector from one Exchange 2013 Server to multiple Exchange Servers
Script to copy a configured Exchange Server 2013/2016/2019 receive connector from a source server to additional Exchange 2013/2016/2019 servers.

Github: https://github.com/Apoc70/Copy-ReceiveConnector

Add remote IP-address ranges to an existing receive connector
Add remote IP address ranges to an Exchange Server 2013/2016/2019 receive connector.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/222/add-remote-ip-address-ranges-to-a-receive-connector

Github: https://github.com/Apoc70/Add-ReceiveConnectorIpAddress

Copy anti-virus pattern to Exchange 2010/Exchange 2013 servers
Script to copy anti-virus pattern files from a given source location to multiple Exchange 2010/Exchange 2013 servers

Github: https://github.com/Apoc70/Copy-AntiVirusPattern

Gather Exchange Configuration Data
Script to gather Exchange Org configuration data and export the configuration as text/CSV files

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/287/gather-exchange-configuration-data

Github: https://github.com/Apoc70/Get-ExchangeOrganizationDetails

Create a scheduled task for Exchange Server 2013+
This script adds a new scheduled task for an Exchange Server 2013+ environment in a new task scheduler group "Exchange".

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/218/create-a-scheduled-task-for-exchange-server-2013

Github: https://github.com/Apoc70/New-ScheduledExchangeTask

Fetch all remote SMTP servers from Exchange receive connector logs
This scripts fetches remote SMTP servers by searching the Exchange receive connector logs for the EHLO string.

Blog: -

Github: https://github.com/Apoc70/Get-RemoteSmtpServers

Clear Private Flag on Mailbox Messages
C# Executable to clear an item's private flag after migrating public folder content to a shared mailbox.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/303/clear-private-flag-on-mailbox-messages

Github: https://github.com/Apoc70/RemovePrivateFlag

Set Mailbox Item Private Flag
C# Executable to set an item's private flag after migrating public folder content to a shared mailbox from a legacy mailbox system.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/379/set-mailbox-item-private-flag

Github: https://github.com/Apoc70/SetPrivateFlag

Exchange Server 2007/2010

Fetch recently created public folders
This script gathers all public folders created during the last X days and exports the gathered data to a CSV file

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/304/fetch-recently-created-public-folders

Github: https://github.com/Apoc70/Get-NewPublicFolders

Remove orphaned users and groups from legacy public folder ACLs
Cleanup legacy public folder ACLs by removing orphaned other unproperly configured accounts

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/263/clean-legacy-public-folder-acl

Github: https://github.com/Apoc70/Clean-PublicFolderACL

Exchange 2010 Public Folder Replication Report (UTF8 support)
An updated version of the script originally posted by Mike Walker to support public folder with non-ASCII characters

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/211/exchange-public-folder-replication-report

Github: https://github.com/Apoc70/Get-PublicFolderReplicationReport

Original Post at TechNet Gallery: https://gallery.technet.microsoft.com/office/Exchange-2010-Public-944df6ee

Add multiple legacy public folder replicas recursively
Script to get more control of adding legacy public folder replicas recursively

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/217/add-multiple-legacy-public-folder-replicas-recursively

Github: https://github.com/Apoc70/Add-PFReplica

Other Stuff

Convert Word documents using PowerShell
This script converts Word compatible documents to a selected format utilizing the Word SaveAs function. Each file is converted by a single dedicated Word COM instance.

Blog: https://www.granikos.eu/en/justcantgetenough/PostId/353/convert-word-documents-using-powershell

Github: https://github.com/Apoc70/Convert-WordDocument

Please send comments, wishes, and ideas to support@granikos.eu.

Enjoy!

Need assistance with your Exchange Server Organization? You plan to upgrade your Exchange Server Organization? You plan to migrate to Office 365? Contact us: info@granikos.eu

Updates

Update 2020-10-05: Fetch all remote SMTP servers from Exchange receive connector logs added
Update 2020-05-25: TechNet Gallery links removed due to end of TechNet Gallery in mid-2020
Update 2020-02-07: Report for enabled client protocols, Exchange Environment Report - v2, Set thumbnailPhoto for AzureAD guest users added
Update 2019-05-07: Export mailbox delegates and SMTP forwarding information added
Update 2018-09-04: Add remote IP-address ranges to a receive connector added
Update 2018-06-16: Manage Master Category List for Shared Mailboxes and Teams added
Update 2018-04-29: Convert Word documents using PowerShell and Set Mailbox Item Private Flag added
Update 2018-01-24: Create a new Room Mailbox with Security Groups added
Update 2017-11-11: Export all user mailbox permissions added
Update 2017-09-22: Remove Out-Of-Office rules from user mailbox added
Update 2017-05-20: Parse email messages content for further processing and Update OWA vDir config across multiple servers added
Update 2017-03-18: Fetch recently created public folders and Clear Private Flag on Mailbox Messages added
Update 2017-02-22: Remove Orphaned HealthMailbox and SystemMailbox Accounts from MESO Container added
Update 2017-02-17: Test Office 365 Domain Availability added
Update 2017-02-13: Connect to Exchange Server 2013+ using remote PowerShell added
Update 2017-02-07: Create Exchange internal/external Url based certificate requests, Create a scheduled task for Exchange Server 2013 added
Update 2017-01-24: Gather Exchange Configuration Data added
Update 2017-01-05: Export Messages from Transport Queue added
Update 2016-11-29: Clean legacy public folder ACL added, Scripts categorized
Update 2016-11-28: Add multiple legacy public folder replicas added
Update 2016-08-18: Simple import of multiple PST files for a single user added
Update 2016-07-28: Change IIS Log File settings Github Url added, Create a new Team Mailbox with Security Groups added
Update 2016-06-04: GlobalFunctions added
Update 2015-06-18: Copy-ReceiveConnector updated
Update 2015-06-01: Exchange 2010 Public Folder Replication Report (UTF8 support)
Update 2015-05-21: Copy anti-virus pattern to Exchange 2010/Exchange 2013 servers added
Update 2014-12-10: Copy a receive connector from one Exchange Server to multiple Exchange Servers added
Agile Project Management - Agile Project Management in real Life (Part 3)
Agile Project Management in real Life

The Project:

Development of a new web shop

Bring this web shop to a new platform to enable further enhancements (old platform was outdated)

The challenges:

Very high amount of complex requirements

Dependencies to other projects and an overarching IT Strategy Program

Special regional processes and requirements

New, unknown platform and framework

Why agile:

Manage high amount of requirements (incomplete list at start of the project)

Start by collecting all requirements on a very high level

Refine requirements during the project in order to save time by not writing every detail at the beginning of the project

Able to react to decisions from the IT Strategy program and/or other projects

The Project had to start earlier than the program, so some program decisions were not made at the beginning of the project

No clear "customer" as it was an internal project, but end-users are external customers of the company

The agile setup - how did we handle the challenges:

Besides the standard Scrum roles (See our last blog entry: What is Scrum?), additional roles were part of the project

Orange = Business, Green = IT

Cross Regional Working Team = Group of colleagues from different Departments act as "customers"

Write User Stories

Review product and give feedback

"Imitate" the end user

IT Process Designer as an IT counterpart to the Business Product Owner

More technical knowledge

Understands and communicates technical problems

Also has a very good knowledge about the business processes

Better management of the big product backlog, due to technical understanding, prioritization estimation

Additional Role "Solution Architect"

Knowledge of new implementation framework

Sets up development guidelines and general implementation approach

Gives first estimation of requirements

Better management of the large product backlog, due to technical understanding, prioritization estimation

Additional meetings to manage backlog

Sprint Planning Preparation

Participants: Solution Architect, IT Process Designer and Product Owner

Prepare Sprint Planning, define Sprint goal and set a rough scope for the next Sprint

Backlog Refinement

Participants: Development Team, Solution Architect and IT Process Designer

Review high prioritized stories and refine them to a state where they can be implemented

Add details to stories and split them up into multiple stories if needed

The experiences:

First version of user stories were very unspecific and way too complex to be implemented straight away

It was clear from the beginning that stories have to be refined (see "Challenges of the project" - Point 1) - but the effort to get the stories to a point where they can actually be implemented was underestimated

Project progress became unclear because the team did not work on actual business user stories, because they were too unspecific and complex, but transferred them into technical stories

Stories had to be split up multiple times, overall structure of story clustering and complexity changed multiple times

Tools such as JIRA were great to track and manage the backlog and to document and share knowledge within the project team

Not everyone has had agile experience

Roles were not fully clarified at the beginning, therefore more communication between the roles was needed, to make sure everyone understood his responsibility

During the project each role developed and grew based on the experience

The roles later on took over responsibility and made decisions where needed

Despite the difficulties especially at the beginning of the project, it is still very well in time. This is caused by the fact that the team always kept working and the project was never unable to go on. Due to the agile nature of the project in time communication and transparency were possible!

This was the third part of our small Series about Agile Project Management. Look out for the next part which we are going to publish soon called "Agile Project Management – Agile on the next Level - Program Management"

The whole Series contains 4 pieces:

Agile Project Management – Basics (Part1)
Agile Project Management – What is SCRUM (Part2)
Agile Project Management – Agile Project Management in real Life (Part3)
Agile Project Management – Agile on the next Level – Program Management (Part4)

If you have any comments on our Articles, your Feedback is highly welcome.
Blog Cumulative Update Dezember 2015
Das Exchange Blog Cumulative Update für Dezember 2015 (CU1215) fasst interessante Themen rund um Exchange Server und Office 365 (Exchange Online), Azure und Skype for Business (aka Lync) des Monats Dezember 2015 zusammen.

Exchange Server

Common mailbox recovery scenarios for hybrid environments
http://blogs.technet.com/b/exchange/archive/2015/12/04/common-mailbox-recovery-scenarios-for-hybrid-environments.aspx

Data immutability and Office 365 tenant lifecycle
http://blogs.technet.com/b/exchange/archive/2015/12/18/data-immutability-and-office-365-tenant-lifecycle.aspx

Unable to Delete Exchange 2016 Database
https://exchangemaster.wordpress.com/2015/12/16/unable-to-delete-exchange-2016-database/

Exchange Management Shell and Mailbox Anchoring
http://blogs.technet.com/b/exchange/archive/2015/12/15/exchange-management-shell-and-mailbox-anchoring.aspx

Released: December 2015 Quarterly Exchange Updates
http://blogs.technet.com/b/exchange/archive/2015/12/15/released-december-2015-quarterly-exchange-updates.aspx

Showing the Calendar Configuration of a Mailbox or Meeting Room using EWS
http://gsexdev.blogspot.de/2015/12/showing-calendar-configuration-of.html

How to Remove Mailbox Auto-Mapping in Outlook
http://www.expta.com/2015/12/how-to-remove-mailbox-auto-mapping-in.html

Office 365 & Exchange Online

[STICKY] Office 365-Trust Center
http://bit.ly/Office365TrustCenter

[STICKY] Office 365 URLs and IP address ranges
http://bit.ly/Office365URLsIPaddresses

Closing the loop: Improving Office 365 PowerShell content for administrators
http://blogs.technet.com/b/solutions_advisory_board/archive/2015/12/21/closing-the-loop-improving-office-365-powershell-content-for-administrators.aspx

Skype for Business, Lync Server & Communication

Skype for Business ? Cloud Connector Edition ? Is it right for you?
http://skype4b.uk/2015/11/30/skype-for-business-cloud-connector-edition-is-it-right-for-you/

Skype for Business 2015, Planning Tool
https://www.microsoft.com/en-us/download/details.aspx?id=50357

New eBook Annoucement: Skype for Business Hybrid Handbook
http://blog.get-csjosh.com/2015/12/new-ebook-annoucement-skype-for-business-hybrid-handbook.html

Skype for Business Inplace Upgrade ? Undocumented Disk Space Requirements
http://www.lyncexch.co.uk/skype-for-business-inplace-upgrade-undocumented-disk-space-requirements/

Microsoft Azure

[STICKY] Microsoft Azure Trust Center
http://azure.microsoft.com/en-us/support/trust-center

Step-By-Step: Setting up Azure SMB File Share
http://blogs.technet.com/b/canitpro/archive/2015/12/01/step-by-step-setting-up-azure-smb-file-share.aspx

Intelligent Management: What it is & Why You Need it
http://blogs.technet.com/b/in_the_cloud/archive/2015/12/02/intelligent-management-what-it-is-amp-why-you-need-it.aspx

Announcing Azure Portal general availabilit
https://azure.microsoft.com/en-us/blog/announcing-azure-portal-general-availability/

New Series: The Azure AD Mailbag
http://blogs.technet.com/b/ad/archive/2015/12/04/new-series-the-azure-ad-mailbag.aspx

Azure Resource Manager Explorer with David Ebbo
https://channel9.msdn.com/Shows/Azure-Friday/Azure-Resource-Manager-Explorer-with-David-Ebbo

Hybrid Infrastructure Automation with Azure Resource Manager Templates
https://www.youtube.com/watch?v=DevCgPFbiS8

#AzureAD Mailbag: Self-Service Password Reset
http://blogs.technet.com/b/ad/archive/2015/12/11/azuread-mailbag-self-service-password-reset.aspx

Custom Roles in Azure RBAC is now GA
http://blogs.technet.com/b/ad/archive/2015/12/10/custom-roles-in-azure-rbac-is-now-ga.aspx

Intelligent Management: What?s Changing & How You Capitalize
http://blogs.technet.com/b/in_the_cloud/archive/2015/12/11/intelligent-management-what-s-changing-amp-how-you-capitalize.aspx

Azure AD Mailbag: Syncing with Azure AD Connect
http://blogs.technet.com/b/ad/archive/2015/12/18/azure-ad-mailbag-syncing-with-azure-ad-connect.aspx

Intelligent Management: How You Take Action with What You Already Have
http://blogs.technet.com/b/in_the_cloud/archive/2015/12/17/intelligent-management-how-you-take-action-with-what-you-already-have.aspx

Azure Automation jobs fail with ?The quota for the monthly total job run time have been reached?
http://blogs.technet.com/b/momteam/archive/2015/12/15/azure-automation-jobs-fail-with-the-quota-for-the-monthly-total-job-run-time-have-been-reached.aspx

Azure AD Delegated app access management is now GA
http://blogs.technet.com/b/ad/archive/2015/12/17/azure-ad-delegated-app-access-management-is-now-ga.aspx

Managing Azure Virtual Machines with Server Manager
http://blogs.technet.com/b/canitpro/archive/2015/12/15/managing-azure-virtual-machines-with-server-manager.aspx

Microsoft Azure Stack: Hardware requirements
http://blogs.technet.com/b/server-cloud/archive/2015/12/21/microsoft-azure-stack-hardware-requirements.aspx

Step-By-Step: Using AzCopy to Transfer Files to Azure
http://blogs.technet.com/b/canitpro/archive/2015/12/29/step-by-step-azcopy.aspx

Allgemeine Themen & Sicherheit

[STICKY] Microsoft Security TechCenter
http://technet.microsoft.com/de-DE/security/dd252948

Microsoft Joins RE100 Initiative In Support of Renewable Energy
http://blogs.msdn.com/b/microsoft-green/archive/2015/11/30/microsoft-joins-re100-initiative-in-support-of-renewable-energy.aspx

Step-By-Step: Managing Your Nano Servers
http://blogs.technet.com/b/canitpro/archive/2015/12/03/step-by-step-managing-your-nano-servers.aspx

Network Forensics with Windows DNS Analytical Logging
https://blogs.technet.microsoft.com/teamdhcp/2015/11/23/network-forensics-with-windows-dns-analytical-logging/

How to Deploy Windows DNS Server on Nano Server
https://blogs.technet.microsoft.com/teamdhcp/2015/12/04/how-to-deploy-windows-dns-server-on-nano-server/

Break a CSExport XML file into multiple smaller files
http://www.wapshere.com/missmiis/break-a-csexport-xml-file-into-multiple-smaller-files

Microsoft?s carbon fee highlighted by UNFCCC at Paris climate talks
http://blogs.msdn.com/b/microsoft-green/archive/2015/12/09/microsoft-s-carbon-fee-highlighted-by-unfccc-at-paris-climate-talks.aspx

Chrome Browser Now Warns About Weak SHA-1 Certificates
http://www.expta.com/2015/12/chrome-browser-now-warns-about-weak-sha.html

Step-By-Step: Removing Corrupt Windows 10 Universal Apps via PowerShell
http://blogs.technet.com/b/canitpro/archive/2015/12/22/step-by-step-removing-corrupt-windows-10-universal-apps-via-powershell.aspx

Additional steps to help keep your personal information secure
http://blogs.microsoft.com/on-the-issues/2015/12/30/additional-steps-to-help-keep-your-personal-information-secure/

Knowledge Base

Free/busy lookups between Exchange Online and on-premises users stop working after you set up OAuth authentication
https://support.microsoft.com/en-us/kb/3001281

Replay

April 2013: Troubleshooting Rapid Growth in Databases and Transaction Log Files in Exchange Server 2007 and 2010
http://blogs.technet.com/b/exchange/archive/2013/04/18/troubleshooting-rapid-growth-in-databases-and-transaction-log-files-in-exchange-server-2007-and-2010.aspx

Juli 2014: PowerShell : Exporting multi-valued attributes with Export-Csv ? how to tame the beast (SysAdmins, rejoice!)
http://blog.millersystems.com/powershell-exporting-multi-valued-attributes-via-export-csv-cmdlet/

Februar 2012: Recovering Public Folders After Accidental Deletion (Part 1: Recovery Process)
http://blogs.technet.com/b/exchange/archive/2012/02/06/recovering-public-folders-after-accidental-deletion-part-1-recovery-process.aspx

Mai 2015: Check for MaxTokenSize Problems (Updated)
https://gallery.technet.microsoft.com/scriptcenter/Check-for-MaxTokenSize-520e51e5

September 2014: Exchange 2013 CU6 hybrid Users with O365 unable to query free/busy for on-premises users
http://consulting.risualblogs.com/blog/2014/09/10/exchange-2013-cu6-hybrid-users-with-o365-unable-to-query-freebusy-for-on-premises-users/

Januar 2015: Exchange HCW Error ? Exchange OAuth authentication couldn?t find any accepted domains
https://mymicrosoftexchange.wordpress.com/2015/01/08/exchange-hcw-error-exchange-oauth-authentication-couldnt-find-any-accepted-domains/

Podcast Empfehlungen

Exchange Exposed
http://bit.ly/ExchangeExposedPodcast

Tools

Cloud Security Audit

Mailscape 365 - Exchange Online Monitoring und Reporting

Mailscape - Exchange Monitoring und Reporting

Uniscope - Lync Monitoring und Reporting

Compass - Active Directory Monitoring und Reporting

ForeSite - SharePoint Monitoring und Reporting

Gerne unterstützen wir Sie bei der Planung und Durchführung Ihrer Exchange Server Implementierung oder Migration.

Sie denken über einen vollständigen Wechsel zu Office 365 oder eine Hybrid-Konfiguration mit Office 365 nach? Wir beraten Sie umfassend und ausführlich über die Möglichkeiten der Office 365 Plattform.

Sie möchten mehr über Exchange Server 2016 erfahren? Gerne erläutern wir Ihnen die technischen Änderungen und Möglichkeiten für Ihr Unternehmen in einem persönlichen Workshop.

Weitere Informationen zu unseren Dienstleistungen finden Sie auf unserer Website (https://www.granikos.eu) oder nehmen Sie direkt mit uns Kontakt auf: info@granikos.eu
Was ist Managed Availability und welchen Vorteil bietet sie?
You can read the English version of this post at ENow's ESE blog: What is Managed Availability and how do you take advantage of it?

Bevor ich darauf eingehe, was die Funktionen der Managed Availability von Exchange Server sind, müssen wir uns zuerst die Architektur von Exchange Server in Erinnerung rufen.

Exchange Server ist für eine hochverfügbare und ausfallsichere Bereitstellung von Postfachdiensten und Nachrichtentransport entwickelt worden. Die Basis hierfür sind die Datenbankverfügbarkeitsgruppen (DAG), Shadow Redundancy, SafetyNet und weitere Komponenten. Ebenso spielen ein korrektes Active Directory Site Design und eine Implementierung entsprechend der Exchange Server Preferred Architecture eine wichtige Rolle.

Sie können Exchange Server in einer Einzelserver-Installation betreiben, jedoch ist dies nicht das optimale Betriebsszenario für Exchange. Es ist, als würden Sie einen Sportwagen mit angezogener Handbremse fahren.

Exchange Server ist für den Betrieb einer DAG mit mehreren Servern entworfen worden. Für die Sicherstellung der Ausfallsicherheit und der Hochverfügbarkeit kommt nun die Funktion der Managed Availability ins Spiel.

Was ist Managed Availability

Die Funktion Managed Availability ist Bestandteil der Exchange Server Funktionen zur Hochverfügbarkeit (HA) und ist ein Exchange-internes Überwachungssystem für Exchange Funktionalitäten, das automatisch Aktionen zur Sicherstellung einer positiven Anwendererfahrung auslöst.

Hierbei wird die Erreichbarkeit der einzelnen Verbindungsendpunkte für Anwender getestet. Diese Funktionstests werden kontinuierlich ausgeführt. Um diese Tests durchführen zu können, nutzt Exchange Server spezielle Postfächer, die sog. Health Mailboxen. Diese Postfächer und die dazugehörigen Benutzerkonten sind in vollständiger Kontrolle von Exchange Server. Jede Postfachdatenbank einer modernen Exchange Server Version verfügt über individuelle Health Mailboxen für die Managed Availability. Weitere Endpunkte, die nicht von Exchange bereitgestellt, aber von jedem Exchange Server benötigt werden, sind die Domain Controller und DNS-Server. Auch diese Endpunkte werden durch die Managed Availability getestet.

Ebenso wird die Antwortzeit der einzelnen Endpunkte durch die Managed Availability gemessen. Diese Antwortzeiten (Latenz) sind ein Indikator dafür, ob ein Verbindungsendpunkt die Performance bietet, um Anwendern eine gute Erfahrung zu bieten.

Zusätzlich zur Erreichbarkeit und der Latenz der Client-Endpunkte wird auch die Funktionalität getestet. Als Beispiel sei hier die korrekte Indizierung einer E-Mail-Nachricht, nach dem Empfang im Postfach einer Health Mailbox, genannt. Hierdurch stellt die Managed Availability fest, ob die Suche im Postfach fehlerfrei funktioniert.

Ist nun ein Endpunkt nicht erreichbar, sind die Antwortzeiten eines Endpunktes zu lang oder treten bei einem Funktionstest Fehler auf, löst die Managed Availability automatisch Aktionen aus, um eigenständig wieder einen optimalen Betriebszustand zu erreichen.

Wie funktioniert Managed Availability?

Die Kernkomponenten der Managed Availability sind der Exchange Health Manager Service und der Exchange Health Manager Worker Prozess. Der Health Manager Service hat die Aufgabe, den Health Manager Worker Prozess zu steuern und zu kontrollieren. So wird sichergestellt, dass ein Fehler bei der Ausführung des Worker Prozesses nicht zu einer grundsätzlichen Störung der Managed Availability führt.

Die Managed Availability verwendet Proben, um Informationen über einzelne Komponenten zu sammeln und Messungen durchzuführen. Ein Exchange Server verfügt über hunderte von Proben, die in einzeln definierten Intervallen ausgeführt werden. Den Status der Proben, und damit auch des Servers, können Sie im Rahmen der Health-Cmdlets abfragen.

Die gesammelten Informationen und Messungen werden von der Monitoring-Komponente ausgewertet. In dieser Komponente ist die Business-Logik implementiert, um Informationen und Messungen auszuwerten. Sollte das Monitoring ein Problem feststellen, entscheidet die Responder-Definition darüber, ob eine Administrator-Eskalation oder eine direkte Responder-Aktion ausgelöst wird.

Das folgende Schaubild verdeutlicht den Aufbau der Managed Availability Komponente mit Probe Engine, Monitor und Responder.

Unter einer Administrator-Eskalation dürfen Sie sich nun keine direkte Benachrichtigung der Exchange Administratoren vorstellen. Es wird ein entsprechender Eintrag in der Ereignisprotokollierung vorgenommen, den Sie mit einem System-Monitoring Tool überwachen müssen.

Wesentlich interessanter sind die automatischen Aktionen, die ein Responder ausführt. Kommt es z.B. bei der Prüfung von Outlook on the Web zu einem fehlerhaften Verhalten, durchlaufen die Responder-Aktionen mehrere Stufen, um wieder eine einwandfreie Exchange Funktion herzustellen. Als erste Reaktion wird der OWA-Applikationspool des betroffenen Exchange Servers neu gestartet. Hilft dieser Neustart des Applikationspools nicht, so führt die Managed Availability einen Neustart des W3SVC-Dienstes durch. Verbessert sich das Fehlerbild von Outlook on the Web nicht, führt die Managed Availability einen Neustart des Servers durch. Dieser Neustart des Servers wird allerdings nicht als regulärer Neustart durchgeführt, sondern per Bug-Check als harter Neustart.

Wenn Sie sich auf einem Exchange Server per Remote Desktop anmelden und einen Dialog erhalten, dass der letzte Shutdown unerwartet durchgeführt wurde, sollten Sie auf jeden Fall die Einträge der Managed Availability in den Crimson Channel Ereignisprotokollen prüfen.

Exchange Server unterstützt für einige der Proben die Möglichkeit einer Anpassung der Konfiguration. Diese Anpassung erfolgt als lokale oder globale Managed Availability Overrides. Lokale Overrides gelten für einen Server, während globale Overrides sich auf mehrere Server auswirken.

Welchen Vorteil bietet die Managed Availability?

Der entscheidende Vorteil der Managed Availability ist, dass Exchange Server sich selbst überwacht und so selbständig für eine hochverfügbare Bereitstellung der Exchange Funktionalitäten sorgt. Dies kann die Managed Availability aber nur, wenn Sie eine Exchange DAG Umgebung betreiben und den Implementierungsempfehlungen der Exchange Produktgruppe folgen. Moderne Exchange Server Versionen wurden dazu entwickelt, eigenständig die Hochverfügbarkeit der Applikation sicherzustellen. Exchange Server kennt andere HA-Komponenten Ihrer IT-Infrastruktur nicht und verlässt sich auch nicht auf diese. Moderne Exchange Server Version ab Version 2013 können mit Standard-Hardware und Standard-Speichermedien betrieben werden. Die Managed Availability sorgt im Zusammenspiel mit den HA-Funktionen einer Datenbankverfügbarkeitsgruppe für eine hochverfügbare Bereitstellung von Exchange Funktionen.

Fehler treten nie während der regulären Arbeitszeiten von Exchange Administratoren auf. Probleme und Fehler haben naturgemäß die Eigenart, nachts und an Wochenenden einzutreten. Wenn Sie einen ruhigen Schlaf bevorzugen, ist die Managed Availability genau das Mittel der Wahl.

Links

Exchange Server High Availability

Exchange Server 2019 Preferred Architecture

Manage health sets and server health

Configure managed availability overrides

Crimson channel event logging

Viel Spaß mit Exchange Server.

Mailscape 365 - Überwachung von Hybrid Exchange und Office 365: Viele Unternehmen verwenden eine lokale Exchange Organisation und Exchange Online in einer Hybrid-Konfiguration, um die Anforderungen ihrer Mitarbeiter zu erfüllen. Der Betrieb einer hybriden Exchange Organisation seine ganz eigenen Herausforderungen für das Monitoring der Dienstverfügbarkeiten. Beginnen Sie noch heute einen unverbindlichen 14-Tage Test von Mailscape 365.