Find out which security group members are in one or more Exchange 2010 databases

Tech, Uncategorized No Responses »
Feb 092012

First, run this command on a domain controller to extract the members of a security group:

net group "Security group name" >c:\groupmembership.csv

Then run this in an Exchange 2010 shell to extract the mailbox names from the database:

Get-Recipient -PropertySet ConsoleLargeSet  -ResultSize '9000' -SortBy DisplayName -RecipientType 'UserMailbox' -Filter '((Database -eq ''CN=DATABASENAME,CN=Databases,CN=Exchange Administrative Group (YOURADMINGROUP),CN=Administrative Groups,))' | Export-csv C:\userslist.csv

Then paste your names lists into excel in two columns, one named group membership, and one database users. Use the below formula in the third column to find the names that occur in both columns of data.

=VLOOKUP([first column entry,[Range E.G. A:A],1,FALSE)

 

 

Posted by tom_geraghty at 5:00 pm Tagged with: , , ,

Why you should be using Open DNS

Tech No Responses »
Nov 192011

 

What is OpenDNS?

Open DNS is a free DNS lookup service, provided as an alternative to using your ISP’s DNS service. It provides additional features for filtering, web security, statistics, and speed improvements. The business collects revenue from adverts served from search pages, and from the enterprise products they offer, which provide more detailed reporting and more granular features. It’s suitable for use by home users and businesses.

  1. Features
    1. Web content filtering by category
    2. Malware url blocking by default
    3. Phishing website protection
    4. Statistics of DNS resolution
    5. Blocking of malware infected devices “phoning home”
    6. Notification of above devices attempting to phone home
    7. Typo correction (e.g. yaho.co.uk will resolve to yahoo.co.uk)
    8. Custom URL whitelists and blacklists
    9. DNS caching – if authoritative DNS fails, requests will resolve to the last good IP address.
    10. Multiple networks on one account
    11. Potential speed improvements
    12. Zero cost
  1. Benefits
    1. An extra layer of web access filtering can block access to websites by category, such as pornography, malware, adware, and others.
    2. Where your web filtering application or server may fail, Open DNS will pick up the slack, and block inappropriate sites, malware, or phishing attacks. This should result in significantly fewer virus infections.
    3. Where a machine is infected, it will not be able to contact malware servers to update itself or spread further (assuming the malware uses DNS to lookup the home servers). Statistics will show you when devices do attempt to contact malware servers, highlighting potential problems with infection.
    4. Staff will be further protected from online scams and phishing attempts, protecting both them and the business.
    5. Easy-to-read and access statistics will show us which domain names are requested most frequently, and at what times of day. It also highlights where local addresses are being incorrectly forwarded, and may aid fault resolution or identification of previously unknown faults.
    6. Typo correction improves the safety of online activity for users, and improves the user experience, potentially resulting in fewer helpdesk calls.
    7. Where an authoritative DNS server fails to resolve a request, Open DNS will use the last known good IP address. This should also protect against malicious DNS attacks, such as that against NetNames earlier this month.
    8. OpenDNS is usually faster than ISP DNS servers, resulting in an improved user experience.
Posted by tom_geraghty at 1:25 pm Tagged with: , , ,

Opening multiple calendars with Outlook 2003 and Exchange 2010

Tech No Responses »
Aug 082011

Due to the way Outlook 2003 interacts with Exchange 2010, if a user on outlook 2003 tries to open multiple shared calendars, they may receive an error:

The action could not be completed. The connection to the Microsoft Exchange Server is unavailable. Outlook must be online or connected to complete this action.

This is because outlook 2003 has to open multiple mapi connections to exchange 2010 for each calendar, and in doing so, hits the default limit of concurrent connections set in the default throttling policy (20). This problem occurs due to Outlook 2003 dependencies on reference Mailbox Database support, which is not supported in Exchange Server 2010. Outlook 2003 clients must now reference the Exchange Server 2010 Address Book service when they open shared calendars.

Usually, restarting outlook provides a temporary fix, but as more mapi connections are created, the limit is reached again.

Using Exchange Shell, I created a new throttling policy with a maximum of 40 concurrent connections.

To create a new policy:

  • New-ThrottlingPolicy <policyname> -RCAMaxConcurrency 40

Check the details of the policy:

  • get-throttlingpolicy <policyname>

Check the user has the default policy applied already:

  • Get-Mailbox -Identity <username> | fl

To apply it to a user:

  • set-mailbox -identity <username> -throttlingpolicy <policyname>

Then test opening multiple calendars.

There is actually a registry key that sets a limit on the Exchange Information store, at 32 connections, so without changing this, clients will still be limited in the number of calendars they can open, but it looks like 32 connections is enough to open 5-6 calendars.

If you were to change these registry keys, they are:

  • Maximum Allowed Sessions Per User
  • Maximum Allowed Service Sessions Per User
Posted by tom_geraghty at 10:51 am Tagged with: , ,
Older Entries
© 2012 Tom Geraghty Suffusion theme by Sayontan Sinha