Exchange 2010 Coexistence

An Exchange 2007 CAS Server/Exchange 2003 Front End Server can’t proxy requests to Exchange 2010 mailboxes. Nor can an Exchange 2010 CAS Server proxy requests to Exchange 2003/2007 mailboxes (the one exception is Exchange ActiveSync). While an Exchange 2010 CAS Server can’t proxy, it can transparently redirect clients to an Exchange 2007 CAS Server / Exchange 2003 Front End Server though. Typically we would do this as follows.

The current configuration looks like this…

clip_image002

We would then stand the new Exchange 2010 environment in parallel to the Exchange 2007 environment. Note that I drew the ASA and ISA Server as two icons for clarity but in both cases we’re just talking about a second IP address on the same device.

clip_image004

At this point everything would be published and testable but no redirection would be occurring. Here comes the first step were we actually impact users. We would change the External URL values for OWA, EWS and Offline Address book on the Exchange 2007 CAS Server to point to legacy.domain.com (for Exchange 2003 we would add the Exchange2003URL value to the Exchange 2010 CAS Server) so Exchange 2010 would know where to redirect traffic. We would then swap IP addresses between the Exchange 2007 and Exchange 2010 Servers…

clip_image006

Now, when clients type owa.domain.com they would hit the Exchange 2010 server. If their mailbox is here they would stay put however if their mailbox is still on Exchange 2007/2003 their browser would be redirected to legacy.domain.com which would send them into the Exchange 2007 Server. We can now move mailboxes at our leisure. Once they are all moved we can tear out the temporary legacy stuff and we’re left with this…

clip_image008

Advertisements

Office 365 PowerShell–The Two-Headed Monster

One of the best features in Office 365 is the ability to manage it via PowerShell.  However, currently there are two separate PowerShell interfaces into Office 365 depending on what you’re trying to do.  If you want to manage settings under the main Portal (think AD stuff) you connect via a PowerShell 1.0 interface requiring you to load tools on your local workstation.  If you want to manage things under Exchange Online you utilize PowerShell remoting which requires you to have nothing installed on your local system other than PowerShell 2.0.  Here’s the specifics for each method…

 

Portal PowerShell Administration

Prerequisites

  • Windows 7 or Windows Server 2008 R2
  • Windows PowerShell and the .NET Framework 3.5.1 enabled

Software to Install

  • Microsoft Online Services Sign-In Assistant – 32bit  64bit
  • Microsoft Online Services Module for PowerShell – 32bit  64bit

Connecting to the Microsoft Online Services Portal

  1. Click on Start > All Programs > Microsoft Online Services > Microsoft Online Services Module for PowerShell
  2. Run “Connect-MsolService”
  3. When prompted enter the credentials of an administrator account
  4. To get a list of all available commands run “Get-Command –Module MSOnline”

For a complete list of all commands and usage click on the following link…

http://onlinehelp.microsoft.com/en-us/office365-enterprises/hh125002.aspx

 

Exchange Online PowerShell Administration

Prerequisites

  • Windows 7 or Windows Server 2008 R2 – No Additional Software Necessary
  • Windows XP SP3, Vista SP1, Server 2003 SP2, Server 2008 SP1 – See Below

Software to Install

Connecting to Exchange Online

  1. Click on Start > All Programs > Accessories > Windows PowerShell > Windows PowerShell
  2. The first time run “Set-ExecutionPolicy RemoteSigned”
  3. Run “$LiveCred = Get-Credential”
  4. When prompted enter the credentials of an administrator account
  5. Run “$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic –AllowRedirection”
  6. Run “Import-PSSession $Session”
  7. To get a list of all commands run “Get-Command –Module tmp*”

For a complete list of all commands and usage click on the following link…

http://help.outlook.com/en-us/140/dd575549.aspx

Create Whitelists and Blacklists in FOPE

 

Creating a Whitelist

1. Click on the Administration tab

clip_image002

2. Click on the Policy Rules tab

clip_image004

3. Click New Policy Rule in the Tasks box on the right-hand side

clip_image006

4. Choose the appropriate Domain Scope. Set the Action to Allow. Enter the appropriate IP Addresses, Domains and/or Email Addresses you wish to whitelist. Items should be separated with a comma.

clip_image008

 

Creating a Blacklist

1. Click on the Administration tab

clip_image009

2. Click on the Policy Rules tab

clip_image010

3. Click New Policy Rule in the Tasks box on the right-hand side

clip_image006[1]

4. Choose the appropriate Domain Scope. Set the Action to Reject. Enter the appropriate IP Addresses, Domains and/or Email Addresses you wish to whitelist. Items should be separated with a comma.

clip_image012

Enabling Per-User Quarantines in Office 365

 

Enable Quarantining on Each Domain

 

1. Click on the Administration tab

clip_image002

2. Click on the Domains tab

clip_image004

3. Click on the Domain you wish to configure.

clip_image006

4. In the right-hand column click on Edit in the Quarantine box

clip_image008

5. Configure the settings as shown in the picture below and choose Save

clip_image010

6. Repeat the process for each Domain that you wish to setup

 

Create Quarantine for Each User

 

1. Click on the Administration tab

clip_image002[1]

2. Click on the Users tab

clip_image012

3. In the right-hand column click on Add User under Tasks

clip_image014

4. Type in the name of the user you wish to setup and click Save

clip_image015

5. Repeat this process for each User that you wish to setup

6. Note if you receive an error message stating that “The e-mail address already exists” when attempting to add a User and the User has administrator permissions in Office 365 follow the instructions at the link below.

http://support.microsoft.com/kb/2587698

 

Accessing User Quarantine

 

1. Log into Forefront Online Protection at https://quarantine.messaging.microsoft.com

a. Note: If you have trouble logging in, click on the Change Password link

clip_image017

b. Follow the link on the email you receive to reset your password

2. Once logged in you’ll see a window similar to this

clip_image019

3. Any message quarantined by the spam or virus filter will show up under “Junk E-mail”. Items quarantined by a Policy Rule

How to Login to Forefront Online Protection

 

Method 1

 

1. Browse to https://portal.microsoftonline.com and login with administrator credentials

2. Click on Manage under Exchange Online.

clip_image002[4]

3. This will open the Exchange Control Pane. Click on the Mail Control link on the left.

clip_image004[4]

4. Click on the “Configure IP safelisting…” link on the right.

clip_image006[4]

5. This will launch the Forefront Online Protection

 

Method 2

 

1. Browse to https://admin.messaging.microsoft.com and login with administrator credentials.

2. Note that while the administrator accounts are synchronized to FOPE the passwords are not the same. So, if you can’t login, click on the Change Password link.

clip_image008[4]

3. Follow the link on the email you receive to reset your password