Microsoft has released the following update rollup for Exchange Server 2007:

• Update Rollup 3 for Exchange Server 2007 SP2 (979784)

If you’re running Exchange Server 2007, you need to apply Update Rollup 3 for Exchange 2007 SP2 to address the issues listed below.

Remember, you only need to download the latest update for the version of Exchange that you’re running.

Here is a list of the fixes included in update rollup 3:

1. 976108 “451 4.4.0 DNS Query Failed” status message in an Exchange Server 2007 Edge Transport server
2. 976460 Later updates do not match a calendar item that an Exchange Server 2007 user updates by using Exchange ActiveSync on a mobile device
3. 977179 You receive an “0x800423f0” error message when you perform system state backups on the passive node of Windows Server 2008-based Exchange Server 2007 CCR clusters
4. 977531 An external recipient misses the last occurrence of a recurring meeting request or a recurring appointment that is sent from an Exchange Server 2007 user
5. 977923 The Edgetransport.exe process crash when it process meeting requests in Exchange Server 2007
6. 978137 The subject of a confirmation message is garbled for certain languages when a remote device wipe operation is performed in Exchange Server 2007
7. 978200 The sender address of a forwarded meeting request does not include “on behalf of” as expected in an Exchange Server 2003 organization and an Exchange Server 2007 organization mixed environment
8. 978253 A SSL certificate validation error is generated on an Exchange Server 2007 server when you run any test commands after you run the Test-SystemHealth command
9. 978469 A mailbox that was moved from an Exchange Server 2007 server to an Exchange Server 2010 server cannot be accessed by using Outlook
10. 978517 The Microsoft Exchange Information Store service stops responding on an Exchange Server 2007 server
11. 978521 The synchronization and the reconciliation between Microsoft Office Outlook and a BlackBerry mobile device fails when a mailbox is moved around between two Exchange Server 2007
12. 978528 The Microsoft Exchange Information Store service crashes on a Microsoft Exchange Server 2007 server when a user tries to access a specific calendar item
13. 978832 Read items are marked incorrectly as unread items in an Exchange Server 2007 public folder
14. 979055 A delegate cannot save three settings of Resource Settings for an Exchange Server 2007 resource mailbox in OWA
15. 979170 You receive an error message when you use ExBPA to schedule a scan on an Exchange Server 2007 SP2 server
16. 979219 The store.exe process hangs on an Exchange Server 2007 server

Download the rollup here.

Installation Notes:

If you haven’t installed Exchange Server yet, you can use the info at Quicker Exchange installs complete with service packs and rollups to save you some time.

Microsoft Update can’t detect rollups for Exchange 2010 servers that are members of a Database Availability Group (DAG). See the post Installing Exchange 2010 Rollups on DAG Servers for info, and a script, for installing update rollups.

Update Rollups should be applied to Internet facing Client Access Servers before being installed on non-Internet facing Client Access Servers.

If you’re installing the update rollup on Exchange servers that don’t have Internet access, see “Installing Exchange 2007 & 2010 rollups on servers that don’t have Internet access” for some additional steps.

This is the changelog page for New-ADPasswordReminder.ps1. You will find a complete list of released versions, their dates, and the features and issues addressed in each. Please refer to the script’s main page for more information including download links, installation details, and more.

v2.9 – 09-13-2013

1. tweaked the filters for retrieving user accounts
2. Preview parameter removed since -PreviewUser automatically sets $Preview

v2.8 – 05-03-2013

1. Tons of updates – unfortunately, I haven’t kept a detailed list
2. OU option added that allows you to target a specific Organizational Unit (OU)
3. NoImages option tweaked. Run script with -NoImages to send a text only message. No longer need to specify $true
4. Changed name of script to New-ADPasswordReminder.ps1 to align with my new naming standard
5. More code optimization
6. Better cleanup of message text if some variables like $HelpDeskPhone and $HelpDeskURL are not defined

v2.7 – 12-26-2012

1. Added NoImages option for those that want less of a visual email. Script still sends an HTML formatted email, but it strips out any images and their related formatting.
2. Cleaned up some code

v2.6 – 09-07-2012

1. Changed email server variable to the preference variable $PSEmailServer
2. changed Send-MailMessage syntax
3. cleaned up Set-ModuleStatus function
4. Cleaned up HTML code
5. fixed issue with missing “)” error in the param list
6. cleaned up the Remove-ScriptVariables function
7. Added some Write-Verbose statements for better troubleshooting.
8. Added a simple check to not include password policy requirements if email is going to FGPP user (until I can resolve detection of the FGPP settings)
9. $PreviewUser specified will now work even if that user is set to PasswordNeverExpires
10. Setting $PreviewUser automatically sets $Preview
11. Removed transcript option
12. Added variable for formatting the date shown in emails (for my non-U.S. people)
13. Leaving some of the URL parameters blank will now remove the related text from the email sent to users

v2.4 – 01-14-2012

1. Fixed bug in detecting domain functional level as pointed out by Michael B. Smith
2. Changed email server parameter to use $PSEmailServer
3. Changed Send-MailMessage syntax
4. Cleaned up Get-ModuleStatus code

v2.2 – 09-29-2011

1. added some missing ‘alt’ tags for some images in email HTML code
2. added code to determine global minimum password length & format message accordingly
3. added code to determine global password complexity requirements & format message accordingly
4. added $HelpDeskURL variable in param block. That resolves the problem of some links that weren’t clickable (whoops!)
5. added some parameter validation
6. added ability to target a single OU, and its children
7. updated the Send-MailMessage line based on user feedback
8. updated links to point to new blog. This includes the one in the event log message.

v2.1 – 08/31/2011

1. added some additional code to the section that installs the RSAT-AD-PowerShell feature
2. corrected code that wouldn’t send mail until a the user was one day into the reminder window
3. cleaned up HTML code indentations to make it a little easier to read
4. variable for image path so that editing the HTML is straightforward
5. added preview mode to see HTML email
6. added install mode to automatically create scheduled task
7. updated and enhanced the comment based help
8. added code for event log logging

v2.0 – 08/15/2011

1. added email code
2. added transcript option
3. added demo parameter & formatted output
4. added param block with some default values
5. moved (Get-AdDomain).DomainMode code to outside of loop to help speed up processing (since it really needs to be called only once)
6. added check for ActiveDirectory module & Exchange snapins
7. added alert for same day expiration
8. auto load or install RSAT-AD-PowerShell feature

v1.0 – 02/26/2010

1. initial version

Microsoft has released the following update rollup for Exchange Server 2007:

• Update Rollup 2 for Exchange Server 2007 SP2 (972076)

If you’re running Exchange Server 2007, you need to apply Update Rollup 2 for Exchange 2007 SP2 to address the issues listed below.

Remember, you only need to download the latest update for the version of Exchange that you’re running.

Helpful notes:

1. If you are installing the update rollup on a CCR, see How to install Update Rollups in a CCR Environment.

Here is a list of the fixes included in rollup 2:

1. 961525 Exchange Server 2003 may generate duplicate journal reports in a mixed Exchange Server 2003 and Exchange Server 2007 environment
2. 969230 The “age limits” function of a public folder do not work as expected in an Exchange Server 2007 environment
3. 969948 A computer that is running Microsoft Exchange Server 2007 that has the Client Access Server (CAS) role installed becomes slow when a user tries to open a folder that contains many items
4. 970817 An appointment is displayed incorrectly as an all-day event if you use a mobile device to synchronize the calendar in Exchange Server 2007
5. 971177 The Auto Attendant ‘Business Hours’ schedule is not updated in Exchange Server 2007 when the DST setting is changed
6. 971349 Exchange Server 2007 users intermittently cannot access an Exchange Server 2003 user’s Free/Busy information in Office Outlook 2007
7. 971889 When Unified Messaging-enabled users call Outlook Voice Access on Exchange Server 2007 to play voice mails messages, there is a delay before the voice mail message is played
8. 972705 The Microsoft Exchange Server 2007 log or database experiences abnormal growth
9. 972744 When a user sends e-mail messages to a remote domain, some e-mail messages are queued on an Exchange Server 2007 Hub Transport server or Edge server
10. 973165 A return address is split into two separate and incomplete addresses when a recipient replies to a specific message in Exchange 2007
11. 973486 Some message parts are not readable when Exchange Server 2007 must convert the message part encoding from binary or from 8 bit to 7 bit
12. 973969 Incorrect exceptions are generated for a recurring iCalendar message when an Exchange Server 2007 server processes an SMTP message that contains the iCalendar message part
13. 974155 OWA does not highlight misspelled words in an Exchange Server 2007 CAS proxy environment
14. 974161 Some attendees cannot receive a meeting cancellation notification when the appointment recurrence pattern is changed by using EWS in Exchange Server 2007
15. 974312 Unread messages are marked as “read” when Exchange Server 2007 processes the EXAMINE command
16. 974344 You still receive an error message when you run the Test-OwaConnectivity command after you apply hotfix KB957485 in Exchange Server 2007
17. 974401 Store sessions are not released when you run the Add-PublicFolderClientPermission cmdlet or the Remove-PublicFolderClientPermission cmdlet in public folders on a computer that is running Exchange Server 2007
18. 974450 A new accepted domain that is added does not work in an Exchange Server 2007 organization
19. 974679 Returned folder names include a question mark when you check the folder names of an Exchange Server 2007 mailbox
20. 974775 The EdgeTransport.exe process crashes intermittently on an Exchange Server 2007 server
21. 974843 Exchange Server 2007 performance counter “Messages queued for submission” shows incorrect value
22. 974897 You receive an NDR you try to send messages through your Microsoft Exchange Server 2007 account
23. 974946 Exchange Server 2007 OWA users receive an error message when the users change the display line for the search results on the address books
24. 974999 The “Task Owner” field is not set when you create a task in Outlook Web Access
25. 975050 A call transfer fails by using key mapping in a mixed Exchange Server 2007 UM server and OCS 2007 environment
26. 975165 EWS proxying requests fail after you run Availability Service requests in a CAS to CAS proxying scenario in Exchange Server 2007
27. 975213 You cannot log on to your mailbox and you receive an error in an Exchange server 2003 and Exchange Server 2007 coexist environment
28. 975255 Event 2104 and event 2147 are continuously logged in an Exchange Server 2007 Cluster Continuous Replication (CCR) environment
29. 975404 An attachment of a meeting request cannot be opened when you use a CDO application to accept a meeting request in Exchange Server 2007
30. 975844 The misspelled word of a message loses its custom format when an Exchange Server 2007 user writes the message in OWA
31. 975903 The RemoveDelegate operation of EWS fails, and then a “500 internal server” error response and event ID 4999 are logged in an Exchange Server 2007 server
32. 975916 The custom form of a meeting request is removed in the recipients’ calendar in an Exchange Server 2007 environment
33. 975918 When an IMAP4 client sends a FETCH (bodystructure) request to a server that is running the Exchange Server 2007 IMAP4 service, a corrupted response is sent as a reply
34. 975946 An S/MIME message is not verified and is rejected when BizTalk Server 2006 uses the Exchange Server 2007 version of ExSMime.dll to parse MIME messages
35. 975990 Messages that have duplicate message IDs are deleted when they are archived to an Exchange 2007 mailbox
36. 976025 The free/busy information of an Exchange Server 2007 user is not displayed
37. 976106 Microsoft Exchange Transport services crashes with StackOverflowException when Message Journaling is enabled on Exchange Server 2007
38. 976107 You receive the warning “Failed to update recipient” when you run the Update-addresslist cmdlet in Exchange Management Shell on Exchange Server 2007
39. 976137 Exchange Server 2007 Unified Messaging incorrectly plays a nonbusiness hours greeting when someone calls during holiday
40. 976195 You cannot edit a transport rule if one or more of the recipient addresses are disabled or removed in an Exchange Server 2007 server
41. 976653 The Cluster Administrator shows that the mount operation fails and error 1003 is logged even though the database is mounted in an Exchange Server 2007 CCR or in a SCC environment
42. 976787 The Calendar Month View displays a numeric date and not an abbreviated month name when you set the Regional Settings to Japanese or to Korean in Outlook Web Access for Exchange Server 2007
43. 976794 When you edit an e-mail message in OWA, the font changes to the default Internet Explorer font
44. 976946 The message delivery time is incorrect when you send e-mail messages by using an IMAP4 client together with the APPEND command in Exchange Server 2007
45. 977085 An incorrect value for DumpsterMessagesDeleted is reported in an Exchange Server 2007 environment
46. 977091 The time for an updated meeting request is incorrectly shown in an exception instance of a recurring meeting request on an Exchange Server 2007 environment
47. 977181 The EXOLEDB component is not initialized successfully when you start Exchange Information Store Service on an Exchange Server 2007 server
48. 977223 A move operation on a folder fails when the “ptagProvisionedFid” attribute is invalid in an Exchange Server 2007 environment
49. 977261 One or more errors occur when you set the Message Access logging level to Expert in an Exchange Server 2007 SP2 server
50. 977355 Non-ASCII characters in a display name of a forwarded message are shown with “?” when the display name of a contact is in East Asia characters in an Exchange Server 2007 environment
51. 977412 Error message when you use the WebDAV protocol to connect to an Exchange Server 2007 server: “Error 1000”
52. 977425 The “Proxy server name” field is incorrectly shown in OWA in an Exchange Server 2007 CAS-to-CAS proxy environment
53. 978593 Windows Server 2008 VSS backup plug-in fails to backup Exchange 2007 Service Pack 2 databases that reside on a volume mount point

Download the rollup here. It is also available on Microsoft Update.

Installation Notes:

If you haven’t installed Exchange Server yet, you can use the info at Quicker Exchange installs complete with service packs and rollups to save you some time.

Microsoft Update can’t detect rollups for Exchange 2010 servers that are members of a Database Availability Group (DAG). See the post Installing Exchange 2010 Rollups on DAG Servers for info, and a script, for installing update rollups.

Update Rollups should be applied to Internet facing Client Access Servers before being installed on non-Internet facing Client Access Servers.

If you’re installing the update rollup on Exchange servers that don’t have Internet access, see “Installing Exchange 2007 & 2010 rollups on servers that don’t have Internet access” for some additional steps.

In today’s security conscious organizations, many internal servers don’t have Internet access. This reduces the attack surface for the servers. However, some tasks require Internet access to some degree, such as Windows Updates. That can be mitigated by WSUS or System Center Configuration Manager. But Exchange rollups also look to the Internet, and not having Internet access can cause the rollup installation to take considerably longer, or even fail.

Exchange rollups use signed code, and IE will check http://crl.microsoft.com/pki/crl/products/CSPCA.crl for certificate revocation to validate the code signing. It’s here we time out if there is no Internet connection to that URL.

We can fix this easily by disabling certification revocation in Internet Explorer. Simply open IE, go to Tools>Internet Options>Advanced>Security. Find the “Check for publisher’s certificate revocation” option and uncheck the box.

Click OK and close everything up. Installing the rollup should go much quicker now, since the server won’t check for cert revocation.

If you’re still having other problems with rollup installation, such as managed services not starting (usually affecting Exchange 2007), you may need to tweak some config files. Microsoft has documented this at http://support.microsoft.com/default.aspx/kb/944752 and http://msexchangeteam.com/archive/2008/07/08/449159.aspx

Microsoft has released the following update rollup for Exchange Server 2007:

• Update Rollup 1 for Exchange Server 2007 SP2 (971534)

If you’re running Exchange Server 2007 SP2, you need to apply Update Rollup 1 for Exchange 2007 SP1 to address the security issues listed below.

Remember, you only need to download the latest update for the version of Exchange that you’re running. RTM updates can’t be installed on SP2 and vice versa.

Here is a list of the fixes included in rollup 1:

1. 941775 An error message occurs when you run the “Isinteg” command on a newly created Exchange 2007 database
2. 958617 E-mail messages are blocked at the local delivery queue in an Exchange Server 2007 Service Pack 2 environment if a user has Outlook client-side rules totaling more than 32 kilobytes (KB)
3. 961856 The logon page does not display the “This is a private computer” option correctly in the Greek version of Outlook Web Access
4. 967174 The User account is not logged in Event ID 566 after the user makes changes to a mailbox
5. 969046 E-mail messages are queued when you use the DNS round robin feature on multiple Exchange Server 2007 hub servers
6. 969487 The Public Folder Hierarchy replication fails and event error 3079 and 9669 occur in Exchange Server 2007
7. 969606 Recurring appointments in the calendar public folder are not replicated correctly in Microsoft Exchange Server 2007
8. 970104 When you install an Exchange Server 2007 update rollup by using a user account that has no Exchange Server Administrator permissions, the installation program fails
9. 970118 The IMAP4 service crashes, and then event error 4999 occurs on a computer that is running Exchange Server 2007
10. 970893 E-mail addresses are created incorrectly if an e-mail address policy in Exchange Server 2007 contains certain symbols, a slash or a backslash, and then another of these symbols
11. 971010 Some databases intermittently do not come back online when a cluster failover occurs in an Exchange Server 2007 CCR environment
12. 971053 The Edgetransport.exe program intermittently crashes on Exchange Server 2007
13. 971431 The IMAP service crashes and event error 4999 occurs on a computer that is running Exchange Server 2007
14. 971641 After you synchronize your mobile device to work with an Exchange Server 2007 server, the synchronization time and the request time are shown in UTC
15. 971857 The storage limit does not affect the managed custom folder if you copy messages into this folder by using Outlook Web Access (OWA)
16. 972009 E-mail messages cannot be retrieved by an Exchange Web Service (EWS)-based application if there are invalid control characters in the text body of the e-mail message
17. 972103 The Microsoft Exchange Information Store service crashes during move-mailbox operations and event error 4999 occurs in Exchange Server 2007
18. 972115 A transport rule is not applied to MDNs in Exchange Server 2007
19. 972172 The “Display sender’s name on messages” option in the Exchange Management Console of Exchange Server 2007 does not work for Message Delivery Notifications (MDNs) that are to remote domains
20. 972269 The Store.exe process hangs intermittently and all clients accessing the server are blocked in an Exchange 2007 environment
21. 972272 A new download method is available for HTTP offline address books on Exchange Server 2007 servers that has the Client Access Server role installed
22. 972278 Update of Private status in a meeting request is not reflected in an Exchange Server 2007 environment
23. 972357 You cannot view a clear-signed e-mail message in Exchange Server 2007 SP2 when you open the message by using a non-MAPI client
24. 972426 Error message when you save a filter as default in the Exchange Management Console (EMC) and then restart the EMC: “The search filter is invalid”
25. 972473 Outlook Web Access (OWA) removes the Calendar items for a recurring meeting when you delete the meeting request from the Deleted items folder in Exchange Server 2007
26. 972514 Event ID 4011 is logged when you query free/busy data for external contacts in Exchange Server 2007
27. 973190 The wrong attendee is removed in Scheduling Assistant when you remove attendees from a meeting request in Outlook Web Access server light version
28. 973253 Message delivery times are stamped with the current date and time when Exchange Server 2007 users submit messages by using an IMAP4 client and the APPEND command
29. 973293 The Edge Transport server’s transport process fails during an e-mail address rewrite on an Exchange Server 2007 server
30. 973307 An application that uses Exchange Web Services returns an exception on an Exchange Server 2007 server
31. 973361 Hidden messages in an Exchange Server 2007 mailbox can be downloaded by any IMAP4 client
32. 973490 Error message in Exchange Management Shell in Microsoft Exchange Server 2007 when you run the “New-DynamicDistributionGroup” command: “You must provide a value expression on the right-hand side of the ‘-and’ operator.”
33. 973761 When an Exchange Server 2007 user sends a meeting request to external recipients with the Reminder turned off, the default 15 minute Reminder pop-up window still appears
34. 973868 A delegate cannot cancel meetings in the organizer’s calendar by using Exchange Web Service (EWS)
35. 973912 Error message when an Exchange 2007 user clicks “Post” or “Send” to submit a new post item or to submit a new calendar item for a moderated public folder in OWA: “The item that you attempted to access no longer exists”
36. 974010 Recipients cannot see the attendee entry for Domino Room resource after an Exchange Server 2007 user sends a meeting request that includes a Domino room resource to the recipient
37. 974242 The abbreviation sequence is incorrect when an Outlook Web Access Light user checks the calendar in Weekly view after the user sets the language to “Basque” in Exchange Server 2007 Service Pack 2
38. 974640 The whole calendar view is broken and an error message is returned when you view an exception occurrence of a private recurring meeting in OWA

Download the rollup here. It is also available on Microsoft Update.

Installation Notes:

If you haven’t installed Exchange Server yet, you can use the info at Quicker Exchange installs complete with service packs and rollups to save you some time.

Microsoft Update can’t detect rollups for Exchange 2010 servers that are members of a Database Availability Group (DAG). See the post Installing Exchange 2010 Rollups on DAG Servers for info, and a script, for installing update rollups.

Update Rollups should be applied to Internet facing Client Access Servers before being installed on non-Internet facing Client Access Servers.

If you’re installing the update rollup on Exchange servers that don’t have Internet access, see “Installing Exchange 2007 & 2010 rollups on servers that don’t have Internet access” for some additional steps.

Description

In some organizations, the Global Address List is used extensively as a phone list and corporate directory. When that’s the case, keeping the information current can be time-consuming. Users don’t always notify you of changes, and Help Desk staff have better things to do than updating stuff like that. There are applications like fellow Jim McBee’s awesome web-based Directory Update, which provides a simple interface for users to update GAL info. But that still requires that the user take the time to update the info. Here, we’ll automate the process of updating the GAL with a new mobile number when a user syncs a new ActiveSync device for the first time.

When a user synchronizes a device, information about the device is stored in Active Directory. The info can be viewed using the Get-ActiveSyncDeviceStatistics.

Get-ActiveSyncDeviceStatistics -mailbox dbingham
FirstSyncTime         : 10/2/2009 5:45:54 PM
LastPolicyUpdateTime  : 10/2/2009 5:46:38 PM
LastSyncAttemptTime   : 10/13/2009 4:46:38 PM
LastSuccessSync       : 10/13/2009 4:46:38 PM
DeviceType            : PocketPC
DeviceID              : AF053AA9D0FE3D37C5A2AC3C77ACB9F8
DeviceUserAgent       :
DeviceWipeSentTime    :
DeviceWipeRequestTime :
DeviceWipeAckTime     :
LastPingHeartbeat     :
RecoveryPassword      : ********
DeviceModel           : RAPH800
DeviceIMEI            : 0x80046B09
DeviceFriendlyName    : Pocket_PC
DeviceOS              : Windows CE 5.2.19965
DeviceOSLanguage      : English
DevicePhoneNumber     : 5865311234
Identity              : Danielle.Bingham@mydomain.org\AirSync-PocketPC-AF053AA9D0FE3D37C5A2AC3C77ACB9F8

We see that the next-to-last field contains the device’s phone number*. So, we’ll use some code that will accomplish the following tasks:

• Get a list of all user mailboxes
• Get ActiveSync data for all devices that:
  • have a phone number
  • have synced for the first time in the last 24 hours
• filter out any old devices still listed (in case a user has had more than one EAS device)
• format the number in a human friendly version (hyphenate)
• Update the user’s AD account with the number

That can be accomplished using the following code:

$mailboxes = @(Get-Mailbox | ? {$_.RecipientType -eq 'UserMailbox'})
ForEach ($mailbox in $mailboxes){
  $devices = @(Get-ActiveSyncDeviceStatistics -mailbox $mailbox.Alias | Where-Object {($_.DevicePhoneNumber -ne '') -and ($_.FirstSyncTime -gt (Get-Date).addhours(-24))}) | Sort-Object LastSuccessSync -descending | Select-Object -first 1
ForEach ($device in $devices){
  if($device.DevicePhoneNumber){
   $NumberLength = $device.DevicePhoneNumber.length
   if ($NumberLength -eq 10) {$DeviceNumber = $device.DevicePhoneNumber.SubString(0,3)+"-"+$device.DevicePhoneNumber.SubString(3,3)+"-"+$device.DevicePhoneNumber.SubString(6,4)}
   if ($NumberLength -eq 11) {$DeviceNumber = $device.DevicePhoneNumber.SubString(1,3)+"-"+$device.DevicePhoneNumber.SubString(4,3)+"-"+$device.DevicePhoneNumber.SubString(7,4)}
   Set-User $mailbox.Alias -MobilePhone $DeviceNumber
  }
 }
}

Copy that code to notepad and save it in your scripts folder as Update-MobileNumber.ps1. Then we just run the script via a scheduled task every 24 hours. If you don’t run it every 24 hours, make sure you adjust the (Get-Date).addhours(-24) line accordingly.

* – Most devices have the number stored there. Some devices, like the Apple iPhone, unfortunately don’t.

Installation

Execution Policy: Third-party PowerShell scripts may require that the PowerShell Execution Policy be set to either AllSigned, RemoteSigned, or Unrestricted. The default is Restricted, which prevents scripts – even code signed scripts – from running. For more information about setting your Execution Policy, see Using the Set-ExecutionPolicy Cmdlet.

Donations

I’ve never been one to really solicit donations for my work. My offerings are created because *I* need to solve a problem, and once I do, it makes sense to offer the results of my work to the public. I mean, let’s face it: I can’t be the only one with that particular issue, right? Quite often, to my surprise, I’m asked why I don’t have a “donate” button so people can donate a few bucks. I’ve never really put much thought into it. But those inquiries are coming more often now, so I’m yielding to them. If you’d like to donate, you can send a few bucks via PayPal at https://www.paypal.me/PatRichard. Money collected from that will go to the costs of my website (hosting and domain names), as well as to my home lab.

Download

Update-MobileNumber.zip.

The robust capabilities of PowerShell and the Exchange Management Shell allow us to streamline and automate many system tasks. By using scheduled tasks, we can now run tasks on a recurring schedule, thus reducing our manual workload, as well as providing capabilities that were not previously available.

Generally, any PowerShell task can be automated, as long as it doesn’t require manual intervention. For this example, we’ll run a script called New-UserWelcome.ps1. This script, as will be documented in a future blog post, sends a ‘welcome’ email to all new mailboxes. This blog post assumes that the script to be scheduled is error free. We’ll plan to run the script every 4 hours.

What the PowerShell script does might dictate what server you run it from. In this example, since the script will send email, we’ll run it from an Exchange 2007 hub transport server.

On a hub transport server running on Windows 2003 server, we go to Control Panel>Scheduled Tasks. Once there, right click and chose New Scheduled Task. Give the task a name and press enter. Now right click on the task and choose Properties.

In the Run field, we include the path to the PowerShell executable, as well as the path to the Exchange console file (which contains the Exchange cmdlets), and the actual script we want to run. An example would be:

c:\windows\system32\windowspowershell\v1.0\powershell.exe -psconsolefile "c:\Program Files\Microsoft\Exchange Server\bin\exshell.psc1" -command "New-UserWelcome.ps1"

We also place the path to our scripts folder in the Start In field. This is because our example script, New-UserWelcome.ps1, is in the scripts folder:

"c:\program files\microsoft\exchange server\scripts"

In the Run As field, enter the name of an Exchange admin account, and click Set Password to enter the password for that account.

On the Schedule tab, set the Schedule Task to be Daily, Every 1 day, and click the Advanced button. Check Repeat Task, and set it for Every 4 hours for a duration of 24 hours. Click Ok twice.

Now we can test the scheduled task by right clicking on it and choosing Run.

In Windows 2008, the GUI is a tad different. Go to Administrative Tools>Task Scheduler. In the Action pane on the far right, click Create Basic Task. Give the task a name, and click next. Click Daily, and Next. Choose Recure every 1 day, and Next. Choose Start a program, and Next. Enter the path to PowerShell, the path to the Exchange console file, and the path to the scipe in the Program/Script field. For this example, we’ll use:

c:\windows\system32\windowspowershell\v1.0\powershell.exe -psconsolefile "c:\Program Files\Microsoft\Exchange Server\bin\exshell.psc1" -command "New-UserWelcome.ps1"

In the Start In field, add the path to the \scripts folder than holds your PowerShell script, such as

"c:\program files\microsoft\exchange server\scripts"

And then click Next. When presented with the popup about arguments in the text box, click Yes. On the Summary page, click the box for Open the Properties dialog for this task when I click Finish. Then click Finish.

When the properties dialog box opens, click the triggers tab, click edit, click the Repeat task every 4 hours (you can type in the pulldown box) for a duration of 1 day. Then click Ok twice.

Once that’s done, click Run in the lower part of the Action pane to test.

As you can see, it’s not terribly complex to run scheduled PowerShell scripts. By doing so, we can automate many mundane tasks, and even add functionality that is not already there.

We will build upon this article in future articles.

Microsoft has included the handy Windows Server 2008 XML files in the Exchange Server 2007 Service Pack 2 distribution. These files, previously available via the product group’s blog site, makes it quick and painless to install all necessary prerequisites for Exchange on Windows 2008 servers.

Found in the \scripts folder, the files include

1. exchange-all.xml (all roles)
2. exchange-base.xml (all prerequisites for any Exchange server)
3. exchange-cas.xml (client access server)
4. exchange-edge (edge transport server)
5. exchange-hub (hub transport server)
6. exchange-mbx (mailbox server)
7. exchange-typical (single box – Hub/CAS/Mbx)
8. exchage-um (unified messaging)

What is not in the files, it appears, are the prerequisites for a clustered mailbox server (which was included in the original zip file) and Network Load Balancing for Client Access Servers. Both files can be created or the options can be added to the existing files.

Recently, a client had a user who received an NDR they had not seen before. The NDR included, among other info, the following text:

#5.0.0 smtp; 5.1.0 – Unknown address error 550-‘Error: ACL header_checks_bogon Message contains a Received: header containing a forbidden “bogon” IP address from an unassigned Class A/B network. See http://www.cymru.com/Documents/bogon-list.html, IP = “[169.254.]”‘ (delivery attempts: 0)> #SMTP#

Note the partial IP address, 169.254.. You’ll no doubt recognize that as the first two octets of the Automatic Private IP Addressing (APIPA) address range. That’s not something we generally see being used in an enterprise messaging environment, and the receiving side was right for wanting to bounce messages with that in the headers. Further testing confirmed that messages coming from any mailbox on any of the CCR implementations did include that address in the message headers. All of the clusters were built on Windows 2008. An example is:

Received: from EMB20.domain.edu ([169.254.1.96]) by EHB02.domain.edu
([230.112.41.38]) with mapi; Thu, 17 Sep 2009 17:53:24 -0700

That’s not good. When we investigated, we checked the network adapters on both nodes of the clusters. Each node had multiple NICs, including those for the public network, those for the private (heartbeat) network, and those for a dedicated log shipping network. All of the IP addresses were as built, and not APIPA addresses. However, from an active node, when we would ping the same box by name, we would get the APIPA address. The plot thickens!

When doing an IPConfig from the active node, we saw this adapter pop up:

Ethernet adapter Local Area Connection* 8:

Connection-specific DNS Suffix  . :
IPv4 Address. . . . . . . . . . . : 169.254.1.96
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :

This is the Microsoft Cluster Virtual Adapter that is present in cluster implementations on Windows Server 2008. Simple enough, we’ll just move it further down the bind list, right? Nope. The Microsoft Cluster Virtual Adapter does not show in the Adapters and Bindings property page – so we can’t adjust that. Time to roll up the sleeves.

The solution? Editing the hosts file. By placing an entry in the hosts file of each CCR node, the problem went away. Only an entry for the local host is required and should point to the address assigned to the public NIC for itself. An example on one we used:

230.112.41.35 emx21.domain.edu emx21

Once this was completed on each node, the problem stopped, and headers indicate the proper address now.

Received: from EMB20.domain.edu ([230.112.41.35]) by EHB02.domain.edu
 ([230.112.41.38]) with mapi; Thu, 1 Oct 2009 09:16:02 -0700

If you’ve deployed Exchange 2007 on CCR, check the message headers coming from mailboxes on those clusters. A 2 minute fix is all you’ll need.

Microsoft has released Service Pack 2 (SP2) for Exchange Server 2007.

The 800+MB download is just like SP1 – a full install package that incorporates the Service Pack. Existing installations can be upgraded, as new installs can be completed with the Service Pack integrated.

Microsoft states: Microsoft Exchange Server 2007 Service Pack 2 (SP2) has been designed specifically to help meet the challenges of any business and the needs of all the different groups with a stake in the messaging system. Exchange Server 2007 SP2 is a mission-critical communications tool that enables employees to be more productive and access their information anywhere and anytime while providing a messaging system that enables rich, efficient access to e-mail, calendar items, voice mail, and contacts. For the administrator, Exchange Server 2007 SP2 provides advanced protection options against e-mail security threats, such as spam and viruses, as well as the tools to help manage internal compliance and high availability needs.

Service Pack 2 also includes the much anticipated backup option that the product group announced in May. It also includes some key components that allow for coexistence with Exchange 2010.

Service Pack 2 requires Windows Installer 4.5, which will require a reboot once installed.

The Service Pack can be downloaded in both x86 and x64 flavors here.