Wednesday, March 28, 2012

Auditing Mailbox Access in Exchange 2010


In every organization, there are always mailboxes with sensitive information. These might be the mailboxes of the CEO, directors, users from the HR or Payroll departments, or simply mailboxes for which you have to perform discovery actions to demonstrate compliance with regulatory or legal requirements. Although normally administrators are not concerned with the content of user’s mailboxes, there might be someone less honest that attempts to access someone’s mailbox in order to obtain information of value for their own benefit.

Previous versions of Microsoft Exchange did not provide a full range of compliance capabilities. Managed Folders or Journaling simply were not enough to perform basic audits or to be fully compliant with legislation such as the Sarbanes-Oxley Act. Exchange 2010 introduces some welcomed new features, including Retention and Litigation Hold, Single Item Recovery or Archiving.

In the following article, we will explore yet another new feature introduced in SP1 known as Auditing Mailbox Access, which allows us to record operations on a mailbox such as the deletion or copy of e-mails: Auditing Mailbox Access on MSExchange.org

Sunday, March 25, 2012

Exchange Build Numbers

Ever wondered what all those build numbers like 8.3.083.6 or 14.2.247.5 in your exchange environment are exactly? The following webpage lists all the Exchange Server versions and release dates since Exchange 2003 as well as all the Update Rollup's, release date and their KB since Exchange 2007: Exchange Server and Update Rollups Builds Numbers

Thursday, March 15, 2012

Exclude a Mailbox Database from Provisioning


While with previous versions of Exchange we always had to specify a mailbox database when we created or moved a mailbox, or mail-enabled an existing user, with Exchange 2010 we have the option of letting Exchange choose the database for us by using the new Automatic Mailbox Distribution feature.

Automatic distribution is used when we don't specify the -Database parameter in the New-Mailbox and Enable-Mailbox cmdlets or the -TargetDatabase parameter in the New-MoveRequest cmdlet.

This feature looks at all mailbox databases in the organization and then randomly chooses a database where the mailbox should be located.

By default, all online and healthy databases on Exchange 2010 servers can be chosen by this process. However, because you might have some databases that you don’t want to be selected by this feature (a journaling database, for example), you can manually exclude them. To do this, you can either permanently or temporarily exclude databases from the exclusion process with two properties available in each database:
  • IsExcludedFromProvisioning: used if we want to indicate that the database should be permanently excluded from automatic mailbox distribution;
  • IsSuspendedFromProvisioning: used if we want to indicate that the database should be temporarily excluded from automatic mailbox distribution.

Which one we choose is purely for our information. Setting either one to $True has the same result of excluding the database from the automatic distribution process.

Let’s say we want to permanently exclude database MDB01 from automatic distribution:
Set-MailboxDatabase MDB01 -IsExcludedFromProvisioning $True

To temporarily exclude it, we use the following cmdlet:
Set-MailboxDatabase MDB01 -IsSuspendedFromProvisioning $True

To check which databases are excluded or suspended from provisioning and which ones are not, use the following cmdlet:
Get-MailboxDatabase | FT Name, IsExcludedFromProvisioning, IsSuspendedFromProvisioning

Thursday, March 8, 2012

Exchange 2010 ECP Performance Console


A hidden feature that most Exchange Administrators don't know about is the Exchange Control Panel [ECP] Performance Console.

This console, which is not visible by default, provides numerous counters regarding the performance of the ECP. We can use it to check how long it takes to authenticate a user, how many PowerShell cmdlets have been invoked and even how long the server took to process requests.

To learn more about this console and how to enable it, please check the Exchange 2010 ECPPerformance Console article on MSExchange.org


Log Parser Studio


I have been using Log Parser for some years now and sometimes it is a life saver! It is easy to use and makes parsing logs so simple. However, in order to create some nice graphs you have to either write a more complex query or export all the data to Excel and then do it from there.

Until now! “With Log Parser Studio (LPS) we can house all of our queries in a central location. We can edit and create new queries in the ‘Query Editor’ and save them for later. We can search for queries using free text search as well as export and import both libraries and queries in different formats allowing for easy collaboration as well as storing multiple types of separate libraries for different protocols.

For more information: