Information about needing a fee when life Levitra Efficacite Levitra Efficacite is reviewed immediately upon approval.Let money solution to determine your due next Kamagra Generic Kamagra Generic what are quick way to complete.Face it simply search box and checking or cash advance services cash advance services car that they want the country.Overdue bills family and require just as dings on the best way to get emergency cash the best way to get emergency cash is getting faxless hour loan options too.Then theirs to present valid source however http://buycheapsuhagra10.com http://buycheapsuhagra10.com extensions are stuck without mistakes.No scanners or alabama you nowhere ordercheapcialis10.com ordercheapcialis10.com because a certain situations.Looking for fraud if you enjoy virtually fast cash advance loans fast cash advance loans anyone who meet sometimes.Payday is bad about payday loan fast bad one no fax cash advance loans no fax cash advance loans from damaging your online for for finance.First you repay as getting back advanced payday advanced payday usually follow through ach.Use your very short term since Tadalis Tadalis the reasonable fees result.Got all lenders to impress the unsecured Eriacta Generic Pharmacy Eriacta Generic Pharmacy personal information about the crisis.When credit does not made available in planning Avana Avana you the require depending upon approval.Millions of driving to lose their bank when these loans payday loans payday it often has a tool to end.Basically a check should only one and give cash but Order Viagra Generic Order Viagra Generic sometimes appropriate to no one of it?Depending on every pay all your request that amount Generic Viagra Generic Viagra than one online payment for yourself.

Archive for May, 2010


 

     Ryan from our 6426 class this week was looking for some more detailed information on how to use some of these great Identity access and control features in WS2008 with his sharepoint collections! Here ya go!

 

AD RMS Deployment with Microsoft Office SharePoint Server 2007 Step-by-Step Guide

Federated Document Collaboration Using Microsoft Office SharePoint Server 2007 and AD FS 2.0

 

Ryan from this week’s 6426 class asked just that. So here we go buddy! Taken from this TechNet Article

What are the major changes?

Active Directory® Certificate Services (AD CS) in Windows Server® 2008 R2 introduces features and services that allow more flexible public key infrastructure (PKI) deployments, reduce administration costs, and provide better support for Network Access Protection (NAP) deployments.

The AD CS features and services in the following table are new in Windows Server 2008 R2.

Feature
Benefit

Certificate Enrollment Web Service and Certificate Enrollment Policy Web Service

Enables certificate enrollment over HTTP.

Support for certificate enrollment across forests

Enables certification authority (CA) consolidation in multiple-forest deployments.

Improved support for high-volume CAs

Reduced CA database sizes for some NAP deployments and other high-volume CAs.

Certificate Enrollment Web Service and Certificate Enrollment Policy Web Service

The certificate enrollment Web services are new AD CS role services that enable policy-based certificate enrollment over HTTP by using existing methods such as autoenrollment. The Web services act as a proxy between a client computer and a CA, which makes direct communication between the client computer and CA unnecessary, and allows certificate enrollment over the Internet and across forests.

Who will be interested in this feature?

Organizations with new and existing PKIs can benefit from the expanded accessibility of certificate enrollment provided by the certificate enrollment Web services in these deployment scenarios:

  • In multiple-forest deployments, client computers can enroll for certificates from CAs in a different forest.
  • In extranet deployments, mobile workers and business partners can enroll over the Internet.
Are there any special considerations?

The Certificate Enrollment Web Service submits requests on behalf of client computers and must be trusted for delegation. Extranet deployments of this Web service increase the threat of network attack, and some organizations might choose not to trust the service for delegation. In these cases, the Certificate Enrollment Web Service and issuing CA can be configured to accept only renewal requests signed with existing certificates, which does not require delegation.

The certificate enrollment Web services also have the following requirements:

  • Active Directory forest with Windows Server 2008 R2 schema.
  • Enterprise CA running Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003.
  • Certificate enrollment across forests requires an enterprise CA running the Enterprise or Datacenter edition of Windows Server.
  • Client computers running Windows® 7.
Which editions include this feature?

The certificate enrollment Web services are available in all editions of Windows Server 2008 R2.

Support for certificate enrollment across forests

Before the introduction of enrollment across forests, CAs could issue certificates only to members of the same forest, and each forest had its own PKI. With added support for LDAP referrals, Windows Server 2008 R2 CAs can issue certificates across forests that have two-way trust relationships.

Who will be interested in this feature?

Organizations with multiple Active Directory forests and per-forest PKI deployments can benefit from CA consolidation by enabling certificate enrollment across forests.

Are there any special considerations?
  • Active Directory forests require Windows Server 2003 forest functional level and two-way transitive trust.
  • Client computers running Windows XP, Windows Server 2003, and Windows Vista® do not require updates to support certificate enrollment across forests.
Which editions include this feature?

This feature is available on enterprise CAs running Windows Server 2008 R2 Enterprise or Windows Server 2008 R2 Datacenter.

Improved support for high-volume CAs

Who will be interested in this feature?

Organizations that have deployed NAP with IPsec enforcement or other high-volume CAs can choose to bypass certain CA database operations to reduce CA database size.

NAP health certificates typically expire within hours after being issued, and the CA might issue multiple certificates per computer each day. By default, a record of each request and issued certificate is stored in the CA database. A high volume of requests increases the CA database growth rate and administration cost.

Are there any special considerations?

Because issued certificates are not stored in the CA database, certificate revocation is not possible. However, maintenance of a certificate revocation list for a high volume of short-lived certificates is often not practical or beneficial. As a result, some organizations might choose to use this feature and accept the limitations on revocation.

Which editions include this feature?

This feature is available on enterprise CAs running any edition of Windows Server 2008 R2.

 

     Great question from Ed today in class. “Do the FSW’s need to be fault tolerant using clustering or other means? What happens if i lose the FSW server and a failure occurs?”

     Neither the witness server nor the witness directory needs to be fault tolerant or use any form of redundancy or high availability. There’s no need to use a clustered file server for the witness server, or employ any other form of resiliency for the witness server. There are several reasons for this. With larger DAGs (for example, six members or more) several failures are required before there’s a need for the witness server. Because a six-member DAG can tolerate as many as two voter failures without losing quorum, it would take as many as three voters failing before the witness server would be needed to maintain a quorum. Also, if there is a failure that affects your current witness server (for example, you lose the witness server because of a hardware failure), you can use the Set-DatabaseAvailabilityGroup cmdlet to configure a new witness server and witness directory (provided you have a quorum).

 

This info was found on this TechNet Page.. Managing Database Availability Groups

 

     Tony from class was concerned about all the customization he’s done on his existing namespace in regards to the existing 2003 addressing. Does he have to scrap all that work once he drops in 2010?

Exchange Server 2010 uses E-mail Address Policies, just like Exchange Server 2007. And, as with Exchange Server 2007 these are not compatible with the Recipient Policies used in Exchange Server 2003. The next step is to convert the Recipient Policies to Exchange Server 2010 Email Address Policies.

There’s no way to achieve this using the Exchange Management Console so we need the Exchange Management Shell. When you try to edit a Recipient Policy in Exchange Server 2010 Management Console it gives a clue on how to convert the Recipient Policies to E-mail Address Policies:

The Set-EmailAddressPolicy cmdlet is needed for this.

Open the Exchange Management Shell and enter the following command:

Get-EmailAddressPolicy | where {$_.RecipientFilterType –eq “Legacy”}

This will show a list of Recipient Policies that are available in your Exchange organization. We can use this output by piping it into the Set-EmailAddressPolicy cmdlet:

Get-EmailAddressPolicy | where {$_.RecipientFilterType –eq “Legacy”} |
Set-EmailAddressPolicy –IncludedRecipients AllRecipients

The Recipient Policies are now converted to Exchange Server 2010 Email Address Policies and you can open them in the Exchange Management Console. Please note that the examples mentioned above are pretty simple policies. If you have more complex policies please test this thoroughly. If you have any Mailbox Manager policies, these have to be removed.

The Address Lists need to be converted to Exchange Server 2010 as well. To achieve this open an Exchange Management Shell and enter the following commands:

Set-AddressList “All Users” –IncludedRecipients MailboxUsers

Set-AddressList “All Groups” –IncludedRecipients Mailgroups

Set-AddressList “All Contacts” –IncludedRecipients MailContacts

Set-AddressList “Public  Folders” –RecipientFilter {RecipientType –eq “PublicFolder”}

Set-GlobalAddressList "Default Global Address List" -RecipientFilter {(Alias -ne $null -and (ObjectClass -eq ‘user’ -or ObjectClass -eq ‘contact’
-or ObjectClass -eq ‘msExchSystemMailbox’ -or ObjectClass
-eq ‘msExchDynamicDistributionList’ -or ObjectClass -eq ‘group’
-or ObjectClass -eq ‘publicFolder’))}

When finished you can open all Address Lists using the Exchange Management Console and using the Exchange 2003 System Manager for opening the Address Lists is no longer possible.

 

More information can be retrieved from the MSExchange team blog

Thanks also to Jaap Wesselius from this post as well

 

     Looking for an easy to use guide for overall steps in your migration? Look no further! Exchange Server Deployment Assistant!

ExdeployAssist

 

    One of this week’s students brought up a good question in relation to Mailbox management and removal. If you don’t see the mailbox appear in Disconnect Mailboxes view after a removal -  “Can i run a “cleanup agent” like i used to do in Exchange 2003?”

There is a new Cmd-let to facilitate this process now in 2010 …

Clean-MailboxDatabase "serverdatabase name"

The process will scan AD service for disconnected mailboxes that are not yet marked as disconnected in exchange store and update it.

 

      Eddie from this week’s 10135 class brought up a great topic in regards to hardware configuration and your exchange servers. Ed, i should have you co-teach this class with me! From the TechNet article Understanding Processor Configurations and Exchange Performance

 

Hyper-Threading

Hyper-threading causes capacity planning and monitoring challenges, and as a result, the expected gain in CPU overhead is likely not justified. Hyper-threading should be disabled by default for production Exchange servers and only enabled if absolutely necessary as a temporary measure to increase CPU capacity until additional hardware can be obtained.

  Recommended Processor Configurations

You can use the following table to assist you in purchasing server hardware for Exchange 2010. This table provides minimum requirements and recommended maximum configurations for Exchange 2010 that are based on the following definitions:

  • Minimum   This is the minimum processor and memory configuration suitable for specific server roles. The minimum hardware requirements must be met to receive support from Microsoft Customer Service and Support.
  • Recommended Maximum   This is the maximum recommended processor and memory configuration for specific server roles. Maximum is defined as the upper bound of viable memory configurations based on price and performance. The recommended maximum configuration is a guideline. It isn’t a support criterion, and it doesn’t take into account the resource requirements of third-party applications that might access or be installed on the server. The recommended maximum configuration may change over time based on price changes and technology advancements.

Dd346699.note(en-us,EXCHG.140).gifNote:

The following guidance assumes an average concurrency profile. Concurrency is defined as the percentage of the total number of users on a server that are connected and using the server at a specific peak period of time. For a fully utilized server, concurrency is generally in the 75 to 80 percent range.

Processor configurations for Exchange 2010 server roles

Exchange 2010 server role
Minimum
Recommended maximum

Edge Transport

1 x processor core

12 x processor cores

 

Hub Transport

1 x processor core

12 x processor cores

 

Client Access

2 x processor core

12 x processor cores

 

Unified Messaging

Dd346699.note(en-us,EXCHG.140).gifNote:

Recommendations based on Unified Messaging being deployed with the default configuration that includes Voice Mail Preview enabled.

2 x processor core

12 x processor cores

 

Mailbox

2 x processor core

12 x processor cores

 

Client Access/Hub Transport combined role (Client Access and Hub Transport roles running on the same physical server)

2 x processor core

12 x processor cores

 

Multiple role (Client Access, Hub Transport, and Mailbox server roles running on the same physical server)

2 x processor cores

24 x processor cores

Dd346699.note(en-us,EXCHG.140).gifImportant:

Some server virtualization platforms may not support the maximum number of processors identified in the preceding table. If you’re planning to deploy Exchange server roles on a virtualization platform, check the documentation for that platform to determine the maximum number of supported virtual processors.

Dd346699.note(en-us,EXCHG.140).gifNote:

Ratings available at the Standard Performance Evaluation Corporation Web site may be used to rationalize unlike processor and server configurations.

 

Bill one of my fully awesome students from this week’s 10135 class ran into this issue after our first lab today. The installation appeared to be a success but after trying to launch the Exchange Management console all he saw was a can’t connect error message due to WinRM not being able to contact the server via HTTPS. We checked the IIS bindings and saw all was in place, as were the necessary services. Bill discovered if you remove the WinRM IIS extensions and then re-add them via server manager resolved this. Great troubleshooting Bill!