Exchange 2007 create new Storage Groups with Mailbox Database

After a default Exchange 2007 SP1 installation, there is one Storage Group with one Mailbox Database available and mounted. You have to change the logfile path and database path manually. If you use the following script, you can create one, two, three, four (or more) Storage Groups and Databases fully automatic. Let’s say you’ve installed a new Exchagne 2007 server with three partitions.

————————————————
# This script creates two storage groups named SG1 and SG2, with mailbox stores MB1 and MB2, and finally mounts them.
# C: – Operating System
# D: – Exchange Logfiles/Systemfiles
# E: – Exchange Databases

# Environment variables
$server = “srv-ex01″
$logfilepath = “D:\Log”
$mbxfilepath = “E:\Database”

# Creating the Storage Groups and Mailbox Stores
foreach (
$i in (1,2,3,4)
){
new-storagegroup -name SG$i -server $server -logfolderpath “$logfilepath\SG$i” -systemfolderpath “$logfilepath\SG$i”
}
foreach (
$i in (1,2,3,4)
){
new-mailboxdatabase -storagegroup $server\SG$i -name MB$i -edbfilepath “$mbxfilepath\MB$i\MB$i.edb”
mount-database MB$i
}
————————————————

Continue Reading »

How to: Hide Address Lists in Exchange 2010

When you have a Exchange 2010 (or 2007) environment and you have multiple Address Lists in your Exchange environment, there are maybe some users who don’t have to see all the available Address Lists.

You can fix this issueu to put some permissions on this Address Lists. Let’s have a look on that.

1.) Open the Exchange Management Console
2.) Create a new Address List
3.) Give up the filter settings (in this example it is based on the Active Directory field “Department“)
4.) Open ADSI Edit, adsiedit.msc
5.) Open Configuration,CN=Configuration,DC=E2K10.local,CN=Services,CN=E2K10,CN=Address Lists Container,CN=All Address Lists,<your Address Lists>
6.) Open the Properties, and click the Security tab, Advanced
7.) Disable “Include inheritable permissions from this object’s parent”
8.) Click Copy
9.) Remove the Authenticated Users
10.) Make a new Security Group in your Active Directory called for example “AL_ICT_Department”
11.) Place all the users of the ICT department in this Security Group
12.) Open the security settings again and at the group AL_ICT_Department
13.) Give this group the following permissions Read, Open Address List
14.) Login with a user that is member of the AL_ICT_Department. Make sure you see the Address List
15.) Login with a user that is not a member of the AL_ICT_Department. You didn’t see the Address List now.

Continue Reading »

How To Configure Exchange 2010 Disaster Recovery Site Using DAG

Exchange 2010 feature called Database Availability Group (DAG) is the new High Availability feature of Exchange 2010.

DRP Design

In both the production site and the Disaster Recovery site we need a server with Windows Enterprise edition since DAG relies on Microsoft Failover Clustering which is only available in the Enterprise edition. Both sites need a Domain Controller and a GC role. The DR site will be in a different Active directory Site so that users want log in to it

Installing

Installing Standart installation of Exchange  2010 edition on Windws 2008 R2 Enterprise  that includs HAB,CAS,Mailbox - Roles. configuring all the basic configuration simillar on both servers and testing sending and reciving mail.

Creating a DAG.
In the Exchange Management Console

1. Expand Organization Configuration.
2. Click Mailbox.
3. In the middle pane, click the Database Availability Group tab.
4. In the right control pane click "New Database Availability Group".

The Create a DAG wizard starts.

Enter a name for your DAG. If you have a server with a HUB role but no mailbox role, then the wizard will select the HUB server and create the witness directory for you. If you don't have an available HUB server, then you must manually specify the ‘Witness Server' and a ‘Witness Directory'.

For macking sure that we want have permission problams with the Witness share directory add the ‘Exchange Trusted subsystem' group to the witness server local administrators group. This is also necessary becasue in order to create a DAG you must also create a computer account in Active Directory. You might need to delegate ‘Exchange Trusted subsystem' group to create and manage the computer account in Active Directory.

EMS Command for creating the DAG

We can also create the DAG with a Power Shall command instead of the GUI process -

New-DatabaseAvailabilityGroup -Name E10DAG -WitnessDirectory C:\DAG1 -WitnessServer FQDNofaServerinPrimarySite -DatabaseAvailabilityGroupIpAddresses 192.168.15.233,192.168.25.233 -Verbose

with the Wizard you cannot set a fixed IP on your DAG. Instead, it will use DHCP to assign an IP. This is important to consider since it is recommended that you have an IP in every subnet that contains DAG members.

The next step is to add your Exchange mailbox servers to your DAG

Right Click ‘Manage Database Availability Group Membership' and then add the mailbox servers to it.

the Failover Cluster role will be installed on the servers you added to your DAG.

EMS Command For adding an Exchange server to DAG

Add-DatabaseAvailabilityGroupServer -Identity E10DAG -MailboxServer FQDNofMailboxServer -Verbose

The next step is to add databases to your DAG members in order to enable replication.

• Return to Exchange Management Console and expand Organization Configuration.
• Click Mailbox. In the middle pane, click the Database Management tab.

• In the lower pane, right-click the database you wish to replicate within the DAG.
• Choose Add Mailbox Database Copy.
• When the wizard launches, browse for the server in the DAG to which you want to replicate the mailbox database. Pick a Replay lag time and a truncation lag time.

EMS Command For adding a Database to replication

Add-MailboxDatabaseCopy -Identity 'Mailbox Database 2010A' -MailboxServer FQDNofServerInDRSite -ActivationPreference 2

This step can potentially take a long time since the database is seeded to the DR site,the amount of time  it takes depends on the database size and available bandwidth.

Set the ActivationPreference on all the Databases to 1 on the server in the production site; then, set the database copy on the server in the Disaster Recovery site to ‘suspended' for activation.

Now we must set some parameters on the mailbox database so that it is not automatically activated.

EMS Command

Suspend-MailboxDatabaseCopy -Identity 'Mailbox Database 2010A\FQDNofServerInDRSite' -ActivationOnly -Verbose

Configuring Replay Lag Time

Configuring Replay Lag time is something that you should seriously consider doing. Lag time is how long the passive copy will wait until the transaction log is replayed into the database. Replication is still happening as fast as possible.

EMS command

Set-MailboxDatabaseCopy -Identity 'mailbox database 2010A\FQDNofServerInDRSite' -ReplayLagTime 0.1:0:0 -Verbose

There is also another paratemeter that you might want to use--the Truncation Lag Time.

EMS command

Set-MailboxDatabaseCopy -Identity 'mailbox database 1976375852\FQDNofServerInDRSite' -TruncationLagTime 0.1:0:0

Please note: 0.1:0:0 means 1 hour

How long you set the ReplayLagTime and TruncationLogTime for depends on two things

• How long it takes you to notice a corruption on the production site.
• How long it takes to replay all transaction log files if you activate the DR site.

Creating the CASArray

New-ClientAccessArray -Name CASArray-HQ -Fqdn FQDNofYourDesiredEndpoint -Site ADsiteInPrimaryDatacenter

Now configure all your databases to have the CASArray-HQ object as the RPCClientAccessServer. This will ensure that Outlook conencts to CASArray FQDN instead of the actual server name.

Get-MailboxDatabase | Set-MailboxDatabase -RpcClientAccessServer CASArray-HQ

You must also create a record in DNS with FQDNofYourDesiredEndpoint with an IP of your Exchange server in the primary datacenter. Set the TTL to a low value, such as 5 minutes, to make the switchover go faster to the Disaster Recover site.

Continue Reading »