Dynamic lists and mail migration in Exchange 2007

Just a couple of quick tips which have helped me recently. Unlike Exchange 2003, creating dynamic lists based on AD attributes has become a little more complicated. Granted there is a built in wizard which works for some basic queries but doesn’t have the fine grained control that I needed.

For example to create a dynamic mailing list which will contain all users who have been marked as being in say the Perth office. This refers to the office field which you can set through AD users and computers or via the Exchange console. To create this load your Exchange shell as admin and run the following.

New-DynamicDistributionGroup -Name ‘Perth Staff’ -OrganizationalUnit yourdomain.com.au/MyBusiness/Users/Staff’ -Alias ‘PerthStaff’ -RecipientFilter { (Office -eq ‘Perth’) }

To break it down you are limiting your search scope with the –OrganizationalUnit which improves performance by not having to search the entire tree when you don’t need to. The -Alias is self explanitory and the –RecipientFilter is simply what you are filtering on and in this case its the Office field and the fact it equals Perth.

This is just a simple dynamic list, check out the Microsoft page here http://technet.microsoft.com/en-us/library/aa996561(EXCHG.80).aspx for more advanced examples and options.

Mail migration between mailboxes has always been a bit of a pain. In the past Exmerge was the tool of choice however this is no longer needed come Exchange 2007. This could be useful for archiving mail out from one mailbox to another on different storage (Exchange 2010 has archiving built in which is much better) or you can even go to PST for maybe permanent archival to tape or optical media.

Make sure you have the latest service and you can simply run the export-mailbox tool via the Exchange shell.

export-mailbox –identity source.mailbox -includefolders "\Inbox" -MaxThreads 4 –TargetMailbox destination.mailbox -TargetFolder Archive

You can filter this further if needed but it’s relatively straight forward and will pull all the mail you specify out and put directly into the target mailbox without having to go to PST in between or use Outlook.

Good luck and have fun.

Howto generate Exchange 2007 certificates

By default Exchange uses a self signed certificate. If you are allowing external access its best practice to use a CA signed certificate either by your own internal CA or an external 3rd party trusted CA.

So to generate yourself a signing request open an Exchange shell as admin and run the following.

New-ExchangeCertificate -GenerateRequest -SubjectName “cn=remote.domain.com.au” -IncludeAcceptedDomains -DomainName additional.domain.com.au,internal.domain.com.au -IncludeAutoDiscover -Path c:\mycert.req

To break this command down, –GenerateRequest and –SubjectName are pretty straight forward and define the primary subject for the certificate. –IncludeAcceptedDomains tells it to add any other accepted domains to the certificate, useful if you accept mail for multiple domains. –DomainName is for additional domains you wish to specify, sometimes you may have a split internal and external domain so this would be used in that instance. And –IncludeAutoDiscover is one that gets forgotten but adds the autodiscover domain name to the certificate. If you do not include your autodiscover domain or the domain of the server it is on then you may get certificate errors when launching Outlook.

So now you have your certificate request, either plug it into your internal CA to get signed or pass this on to a 3rd party to get it signed by them. You should get a certificate file back and once you do simply run the following from your admin Exchange shell.

Import-ExchangeCertificate -Path C:\certnew.cer

Next step is to tell Exchange to use the certificate. Upon importing you should get the thumbprint of the certificate. With this you can enable the certificate by running the following and substituting the thumbprint.

Enable-ExchangeCertificate -Thumbprint THUMBPRINT -Services SMTP,POP,IMAP,IIS

One gotcha that I have seen a couple of times now is that the IIS/SMTP certs don’t stick. This presents itself after a reboot when suddenly its reverted back to the original certificate. In these cases I have found it necessary to re-run the command with just IIS and SMTP like below.

Enable-ExchangeCertificate -Thumbprint THUMBPRINT -Services SMTP,IIS

And that should be it, your certificate will take affect immediately and you should be good to go.

One last note, its worth keeping in mind that your paths may vary in terms of the OWA, OAB and Autodiscover paths and you should check to ensure that these are all correct. Domain name mismatch is pretty common which can create error messages which have the potential confuse users.

Howto remote restart ARD from SSH

If you have ever been working with an Apple server/desktop you will have come across ARD. It’s Apple Remote Desktop and it’s quite neat. But it’s sadly only for Mac. This means if your on another OS you need some other way to connect. Luckily ARD is really just VNC with some Apple Propriety addons so if enabled we can VNC straight to the machine, however it does have a few issues. One major problem is that ARD falls over quite a lot, especially if you use incorrect settings like the new experimental 2mbit mode within UltraVNC etc. So if you manage to crash ARD what you need to do is restart it and that can be a pain if the server is remote. As OSX shares many traits with other UNIX operating systems you can in most cases SSH in and restart the service, to do this simply run the command below and you should then be good to go.

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -stop

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -privs -all -restart -agent

Bypass SBS 2008 Memory Requirements

For anyone looking to work with SBS 2008 in a dev environment but unable to provision VM’s with 4gb of ram you may be interested in this little reg key..

I see lots of posts around the net asking for ways to bypass the memory requirements but not many with answers. I stumbled upon this one recently which has finally allowed me to get some SBS 2008 dev work done.

When installing SBS 2008 once you are past the initial install and are up to the first page of the configuration if you hit shift+F10 to bring up a command prompt then launch regedit you can edit the following key to allow the install to continue even though your machine doesn’t meet the requirements.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer\Setup]
“SkipReq”=”RamRequirement”

This may also be useful for those of you running on the bare minimum but with an onboard videocard which is consuming some of the ram pushing your usable ram down.

Hope this helps a few people

Cloning VM’s with VirtualBox, LVM and Snapshots!

Recently I wanted to setup a development environment to test some Active Directory setups. Basically I wanted a whole stack of domain controllers and client machines across multiple sites, domains and forests to see how they tick and replicate between each other. Easy enough to do, just create a bunch of virtual machines using your favourite virtualization package, I prefer VirtualBox but you could do the same with VirtualPC or VMWare. But say you want to quickly deploy this and be able to easily tear down machines and bring new ones up, again easy enough just clone the disks and create new VM’s. All pretty straight forward. However there is a much neater and more elegant way of doing this which allows you to quickly snapshot a VM and redeploy in a matter of a seconds rather than minutes to hours copying full disk images around.

So how does one accomplish this task, well it’s really quite simple, LVM snapshots. If you have never heard or used LVM before it is a logical volume manager. It’s job is to take a bunch of physical volumes such as hard disks or raid arrays and combine them into a storage group. From this storage group you can then create multiple logical volumes (similar to luns in the Netapp world) which act like standard disk devices allowing you to easily carve up your storage in a more logical way. Now LVM is really quite a powerful tool and has many extra features which are outside of the scope of this article but see my links at the end to find out more on the specifics.

Anyway the feature we are going to use as I already mentioned is snapshots, what these are is an instantaneous snapshot of a volume which we can then mount separate to the real volume and use as a normal disk. The beauty of this is that your original volume remains completely untouched and any changes that are written to the snapshot are stored as just that changes or differences between that and the original volume. This means for our VM’s that only a few hundred meg or so will change that our disk usage is significantly reduced. You can see now just how useful this can be. The other big advantage is that they are fast, you can create a snapshot in a matter of seconds whereas to copy a vmdk or vdi file it takes a lot longer for it to copy, especially if using a dynamic disk as it locates all the used blocks.

Now lets get down to using it in the real world.

First things first get your VM installed using a raw device mapping.

lvcreate -L20G -nvbox_win2003std_base storage /dev/md2
Logical volume “vbox_win2003_base” created

In this instance I have created a 20gb volume called “vbox_win2003_base” on my storage volume group and forced it to allocate all its extents on /dev/md2. I prefer to do this just to make sure no logical volumes cross over physical volumes unless absolutely needed.

Now you have your volume ready you will need to create a disk for VirtualBox to use.

VBoxManage internalcommands createrawvmdk -filename “win2003_base.vmdk” -rawdisk /dev/storage/vbox_win2003std_base -register
VirtualBox Command Line Management Interface Version 2.2.2
(C) 2005-2009 Sun Microsystems, Inc.
All rights reserved.

RAW host disk access VMDK file win2003_base.vmdk created successfully.

This creates a vmdk file with a raw mapping to the logical volume and automatically registers it for use within VirtualBox.

Now prepare your VM like you would any other Windows machine being cloned. Preinstall all your OS, applications, software, any patches or tweaks and get it configured just the way you like. However try to keep things reasonably simple, this means don’t promote the machine to a DC or any other service which when cloned will break. For my builds I have been testing with Windows 2003 Standard edition. So this means you need to extract the deploy.cab from your Windows 2003 CD to c:\sysprep and run the setupmgr.exe app to generate a sysprep.inf. If you want to avoid problems don’t set a password for the admin account in the sysprep if you have already set one for the machine as it appears to fail when updating it. So you have generated your sysprep.inf, do a quick check to ensure everything is in it’s place and run sysprep.exe –reseal –mini –pnp. The machine will do its bit and then shut down meaning it is ready to be cloned.

Now the fun part, time to make a snapshot of your logical volume.

lvcreate -L5G -s -nvbox_vodka_dc /dev/storage/vbox_win2003std_base
Logical volume “vbox_vodka_dc” created

Now in the blink of an eye it has created a snapshot of your base VM’s logical volume with a maximum growth of 5gb. This means the VM can have a maximum of 5gb of changes before it runs out of space. You will need to fine tune this depending on your VM’s and workload. To keep an eye on it simply use lvdisplay as per normal.

lvdisplay storage/vbox_vodka_dc
— Logical volume —
LV Name                /dev/storage/vbox_vodka_dc
VG Name                storage
LV UUID                IOFUF4-Bxze-Xpij-Qd5b-nH7k-FeEx-k6936B
LV Write Access        read/write
LV snapshot status     active destination for /dev/storage/vbox_win2003std_base
LV Status              available
# open                 0
LV Size                20.00 GB
Current LE             5120
COW-table size         5.00 GB
COW-table LE           1280
Allocated to snapshot  0.00%
Snapshot chunk size    4.00 KB
Segments               1
Allocation             inherit
Read ahead sectors     auto
- currently set to     256
Block device           253:4

Now that we have the snapshot volume all we need to do is create another raw device vmdk.

VBoxManage internalcommands createrawvmdk -filename “Vodka_DC.vmdk” -rawdisk /dev/storage/vbox_vodka_dc
VirtualBox Command Line Management Interface Version 2.2.2
(C) 2005-2009 Sun Microsystems, Inc.
All rights reserved.

RAW host disk access VMDK file Vodka_DC.vmdk created successfully.

And that’s it, you now have a complete clone of that machine ready to load into a new VM within VirtualBox and boot. It will run through the mini-setup as per normal for any cloned machine and that’s it. All done!

With a few batch commands you can quickly automate the creating of a whole fleet of VM’s ready to plug into your dev environment.

Hope this helps a few people out there

Links:

• LVM (wiki)
  
• VirtualBox (wiki)