Let's start with a view of the configuration options and parameters that affect the entire Exchange organization (every server and every object). For Exchange 2000/2003 administrators, these are the same types of things you would find under the Global Settings and Recipients containers in Exchange System Manager.
Note | Parameters and objects found in the Organization Configuration work center affect every server and mail-enabled recipient in the organization. |
You use the Get-OrganizationConfig and Set-OrganizationConfig cmdlets to view the organization configuration and set organization configuration parameters. For the organization configuration, there is one important parameter that will be of use to many administrators; this is the SCLJunkThreshold parameter. This is set to by default to a value of 4. If messages are processed by the Content Filter (formerly known as the Microsoft Exchange Intelligent Message Filter) and are determined to have a value of 4 or higher, they will be placed in the user's Junk E-mail folder.
Message sizes can be set in a lot of places; size limits can be configured for the entire organization, a specific connector, or an individual mailbox. However, to set them globally, you must set them from the EMS. The Get-TransportConfig and the Set-TransportConfig cmdlets have the -MaxReceiveSize, -MaxSendSize, and -MaxRecipientEnvelopeLimit parameters, which control the maximum incoming message size, the maximum outgoing message size, and the maximum number of recipients per message. For more information on these, see Chapter 9, "Imposing Limits."
When the first Exchange 2007 server is installed in to the Active Directory forest, a container called Microsoft Exchange Security Groups (shown in Figure 8.2) is created in the root domain. For most organizations, making a user a member of one of these groups will suffice when delegating the necessary permissions to manage the Exchange organization, Exchange recipients, or Exchange servers.
Figure 8.2: Active Directory security groups
In larger organizations, custom permissions may need to be delegated or assigned based on the organization's requirements. Additional or custom permissions can be delegated using the EMC. Figure 8.3 shows the EMC with the Organization Configuration work center selected.
Figure 8.3: Using the Exchange Management Console to assign permissions
Exchange administrative permissions can also be viewed, assigned, and removed using the EMS cmdlets Get-ExchangeAdministrator, Add-ExchangeAdministrator,and Remove-ExchangeAdministrator.
You can find more information about administrative permissions in Chapter 7, "Administering Exchange 2007."
Messaging records management is a combination of a new set of features for Exchange Server 2007 and the Exchange 2000/2003 mailbox manager features. Messaging records management allows you to create custom folders in a user's mailbox and manage the content in both the default folders as well as the custom folders. Management and configuration of messaging records management components is performed in the EMC under the Organization Configuration work center and under the Mailbox subcontainer.
The Mailbox subcontainer of the Organization Configuration work center is shown in Figure 8.4. The Managed Custom Folders tab in the results pane allows you to create additional managed custom folders and assign managed content settings to them.
Figure 8.4: Managing message records management settings
From the Managed Default Folders tab in the results pane, you can assign managed content settings to default folders such as the Inbox, Deleted Items, and Sent Items.
The final component of message records management (at least from the organization's perspective) is the creation of managed folder mailbox policies. These policies specify which folders are assigned to a mailbox. The mailbox is then assigned policies found on the Managed Folder Mailbox Policies tab.
If you are inclined to manage messaging records management components from the command line, here are some of the cmdlets you can use:
Cmdlet | Description |
---|---|
Start-ManagedFolderAssistant | Starts the managed folder assistant on a Mailbox server |
Stop-ManagedFolderAssistant | Stops the managed folder assistant on a Mailbox server |
New-ManagedFolder | Creates a new managed custom or default folder |
New-ManagedFolderMailboxPolicy | Defines a new managed folder mailbox policy |
New-ManagedContentSettings | Creates a new managed content settings object in the specified managed folder |
Get-ManagedFolder | Retrieves a list of managed folders or the properties of an individual managed folder if it is specified in the command line |
Get-ManagedFolderMailboxPolicy | Retrieves a list of managed folder mailbox policies or the properties of an individual managed folder mailbox policy if it is specified in the command line |
Get-ManagedContentSettings | Retrieves all of the managed content setting objects or the properties of an individual content settings object if it is specified |
Set-ManagedFolder | Sets properties on a managed folder |
Set-ManagedFolderMailboxPolicy | Sets the properties on a managed folder mailbox policy |
Set-ManagedContentSettings | Sets the properties on a managed content settings object |
Remove-ManagedFolder | Removes an existing managed folder |
Remove-ManagedFolderMailboxPolicy | Removes a managed folder mailbox policy |
Remove-ManagedContentSettings | Removes a managed content settings object |
You can find more information about messaging records management in Chapter 12, "Managing Folder Content."
There are a couple of different types of address lists that can be created and managed in Exchange 2007. These include the custom address lists, offline address books, and global address lists.
Address lists were found in the Exchange 2000/2003 Exchange System Manager console under Recipients\All Address Lists and are also called custom address lists. Exchange 2007 includes the default address lists All Users, All Rooms, All Groups, and All Contacts. These address lists, as well as new ones, are managed from the Mailbox subfolder of the Organization Configuration work center. Figure 8.5 shows the Address Lists tab.
Figure 8.5: Address lists when viewed from the Exchange Management Console
Offline address books are managed from the Offline Address Book tab in the results pane of the Mailbox subfolder. Figure 8.6 shows the Offline Address Book tab.
Figure 8.6: Offline address book management viewed from the Exchange Management Console
Global address list management is not configured from the Exchange Management Console but instead through the EMS. The following are the EMS cmdlets for managing custom address lists, offline address books, and global address lists:
Cmdlet | Description |
---|---|
New-AddressList | Creates a new custom address list. |
New-GlobalAddressList | Creates a new global address list. |
New-OfflineAddressBook | Creates a new offline address book. |
Get-AddressList | Retrieves a listing of the existing address lists or the properties of a specific address list. |
Get-GlobalAddressList | Retrieves a listing of the existing global address lists or the properties of a specific global address list. |
Get-OfflineAddressBook | Retrieves a listing of the existing offline address book or the properties of a specific offline address book. |
Set-AddressList | Sets the properties of an existing address list. |
Set-GlobalAddressList | Sets the properties of an existing global address list. |
Set-OfflineAddressBook | Sets the properties of an existing offline address book. |
Remove-AddressList | Removes an existing address list. |
Remove-GlobalAddressList | Removes an existing global address list. |
Remove-OfflineAddressBook | Removes an existing offline address book. |
Update-AddressList | Updates the membership of an address list. Anytime address list membership criteria is changed, this should be run. |
Update-GlobalAddressList | Updates the membership of a global address list. Anytime global address list membership is changed, this should be run. |
Update-OfflineAddressBook | Updates the offline address book information that is distributed to offline clients. This should be run on a regular basis. |
Move-AddressList | Moves an address list from one address list container to another. |
Move-OfflineAddressBook | Changes the offline address book generation server for an offline address book. |
You can learn more information about creating and managing the different types of address lists in Chapter 11.
Exchange 2007 allows you to support more than one ActiveSync policy for Windows Mobile devices. These are configured globally in the Client Access subcontainer of the Organization Configuration work center of the EMC. The Exchange ActiveSync Mailbox Policies tab is shown in Figure 8.7 with the General property page of one of the policies. In Exchange 2003, you can find these settings under Global Settings\Mobile Services.
Figure 8.7: Managing ActiveSync Mailbox policies using the Exchange Management Console
From an ActiveSync Mailbox policy, you can define maximum attachment sizes, SharePoint and Windows file share access, password complexity, and device encryption requirements. Once a policy is defined, it must be assigned to the user accounts/mailboxes on which it must be enforced.
Cmdlet | Description |
---|---|
New-ActiveSyncMailboxPolicy | Creates a new ActiveSync mailbox policy |
Remove-ActiveSyncMailboxPolicy | Deletes an existing ActiveSync mailbox policy |
Set-ActiveSyncMailboxPolicy | Sets the properties of the specified ActiveSync mailbox policy |
Get-ActiveSyncMailboxPolicy | Retrieves a list of ActiveSync mailbox policies or properties of an individual mailbox policy if the policy name is specified |
You can find more information about Exchange ActiveSync mailbox policies in Chapter 19, "Exchange Anywhere."
ActiveSync devices can be removed or disassociated with Exchange 2007 if the device is no longer used or it needs to be completely reset and rebuilt. You may also need to initiate a remote wipe of a device if the device is lost or stolen. You can use the following EMS cmdlets to manage these features:
Cmdlet | Description |
---|---|
Get-ActiveSyncDeviceStatistics | Lists the statistics of a specific ActiveSync device when you specify the mailbox name that the device is synchronizing with |
Clear-ActiveSyncDevice | Initiates a remote wipe-out of the ActiveSync device the next time it connects to a Client Access server to synchronize |
Remove-ActiveSyncDevice | Removes an ActiveSync device partnership |
When Exchange delivers a message to the Internet, it uses the format specified in the Remote Domains list. Different domains can use different outbound message formats, too. There is more to remote domain configuration than just message formats, though. A remote domain configuration includes:
Out-of-Office message types to be delivered
Outbound message character sets
Whether or not automatic replies, automatic forwards, delivery reports, and non-delivery reports are generated to the specified domain
The default format is used for all outbound SMTP mail to all external domains and is configured in the Remote Domains tab in the Exchange Management Console under the Hub Transport section of the Organization Configuration work center. The Remote Domains tab is shown in Figure 8.8 as well as the General property page of the default message format. In Exchange 2000/2003, you can find this information in the Global Settings\Internet Message Defaults container.
Figure 8.8: Managing Internet message formats using the Exchange Management Console
If you are inclined to manage these settings from the EMS, here are the EMS cmdlets for managing remote domain message formats:
Cmdlet | Description |
---|---|
Get-RemoteDomain | Retrieves a list of existing remote domains or the properties of a specific remote domain object |
New-RemoteDomain | Creates a new remote domain object |
Set-RemoteDomain | Sets the properties of a remote domain object |
Remove-RemoteDomain | Deletes an existing remote domain object |
Exchange 2007 (like Exchange 2000/2003) must be configured with a list of SMTP domains that it will accept either as internal domains or to be relayed on to another SMTP system. In Exchange 2000/2003, this function was combined with recipient policies so that e-mail addresses could also be automatically generated if the policy applied to any recipients. This function has been broken out into the accepted domains feature; accepted domains are defined using the EMC by locating the Organization Configuration work center and viewing the Hub Transport subcontainer. The accepted domain list is found on the Accepted Domains tab. Figure 8.9 shows the Accepted Domains tab as well as the properties of one of the accepted domains.
Figure 8.9: Accepted domains properties in the Exchange Management Console
You can manage accepted domains using the EMS command shell also. The following are some of the relevant cmdlets:
Cmdlet | Description |
---|---|
Get-AcceptedDomain | Retrieves a list of accepted domains or the properties of the specified accepted domain |
New-AcceptedDomain | Creates a new accepted domain |
Set-AcceptedDomain | Sets the accepted domain properties |
Remove-AcceptedDomain | Removes an accepted domain |
An accepted domain can be configured so that e-mail is always delivered to the internal Exchange organization (an authoritative domain), a domain in which your Exchange organization has mail-enabled contacts (an internal relay domain), or a domain in which you relay all mail externally (an external relay domain.) You can learn more about configuring and using the accepted domains feature in Chapter 10, "Managing Recipients."
E-mail address policies are responsible for generating e-mail addresses for mail-enabled recipients (mailboxes, groups, contacts, etc.). In Exchange 2000/2003, e-mail addresses were defined using a recipient policy so e-mail address policies are somewhat similar to an Exchange 2000/2003 recipient policy. One difference is that in Exchange 2000/2003, the recipient policy defined not only e-mail addresses that were generated for mail-enabled recipients but also which SMTP domains were accepted.
Figure 8.10 shows the E-mail Addresses Policies tab of the Hub Transport results pane and the Edit E-mail Address Policy Wizard. The E-mail Addresses Policy Wizard can be launched to create a new e-mail address policy or edit an existing one.
Figure 8.10: Editing an e-mail address policy using the Exchange Management Console
Once a policy is created, it must be applied to the mail-enabled objects. The policy is applied based on its conditions; conditions of a policy include including recipients based on department name, company name, state, or a custom attribute. The administrator can apply the policy immediately after creation either by clicking the Apply button on the Actions pane or by running an EMS cmdlet. The following cmdlets apply to e-mail address policies:
Cmdlet | Description |
---|---|
Get-EmailAddressPolicy | Retrieves a list of the e-mail address policies or the properties of a specified e-mail address policy. |
Set-EmailAddressPolicy | Sets the properties of an e-mail address policy. |
New-EmailAddressPolicy | Creates a new e-mail address policy. |
Remove-EmailAddressPolicy | Removes an existing e-mail address policy. |
Update-EmailAddressPolicy | Applies the policy based on the conditions specified when the policy was created. The policy must be applied before affected users be assigned e-mail e-mail addresses that the policy specified. |
You can learn more about creating and managing e-mail address policies by referring to Chapter 10, "Managing Recipients."
Transport rules are a new feature of Exchange 2007. They allow you to specify conditions under which a certain action will be applied to a message. An example of this would be applying an "Attorney / Client Privilege" classification label (the action) to any message sent by a member of the legal time group (the condition).
Transport rules are created and managed under the Transport Rules tab of the Hub Transport rules pane (found under the Organization Configuration work center.) Transport rules are edited and created using the Edit Transport Rule Wizard. Figure 8.11 shows the Transport Rules tab as well as the Actions page of the wizard.
Figure 8.11: Editing a transport rule using the Exchange Management Console
The following are the EMS cmdlets that can be used to create and manage transport rules:
Cmdlet | Description |
---|---|
Get-TransportRule | Retrieves a list of transport rules or the properties of a specific transport rule |
Set-TransportRule | Sets the properties of a transport rule |
New-TransportRule | Creates a new transport rule |
Remove-TransportRule | Deletes a transport rule |
Disable-TransportRule | Disables a transport rule so that Hub Transport servers will not process that particular rule |
Enable-TransportRule | Enables a transport rule that was previously disabled |
Get-TransportRulePredicate | Lists the transport rule conditions |
Get-TransportRuleAction | Lists the transport rule actions |
We have devoted an entire chapter to creating, managing, and using transport rules. Please see Chapter 13, "Managing Messages in Transit."
Journaling is a feature that has been in Exchange since the Exchange 5.5 days. In previous versions of Exchange, though, you could only configure journaling for all mailboxes on an entire mailbox database. This feature still exists, of course, and can be used if that is the way you have configured journaling to work in your organization. You must locate the mailbox database that contains the mailboxes for which you want to keep journaled copies of sent and received e-mail. On the General property page (shown in Figure 8.12) of that mailbox database, you specify the journal recipient.
Figure 8.12: Configuring journaling for an entire mailbox database
You can read more about properties of mailbox databases in Chapter 6: "Scaling Upward and Outward."
Exchange 2007 introduced a couple of new approaches to journaling. You can now configure journaling with an organization-wide journaling feature found in the Journaling tab of the Organization Configuration work center's Hub Transport subcontainer. Figure 8.13 shows this tab and a journaling rule's General property page.
Figure 8.13: Creating a journaling rule
If you are so inclined, here are the EMS cmdlets you can use for managing journal rules:
Cmdlet | Description |
---|---|
Get-JournalRule | Retrieves a list of journal rules or just the properties of a specified journal rule |
Set-JournalRule | Sets the properties of a journal rule |
New-JournalRule | Creates a new journal rule |
Remove-JournalRule | Deletes a journal rule |
Enable-JournalRule | Enables a journal rule that was disabled |
Disable-JournalRule | Disables the specified journal rule |
Journaling can also be achieved by creating transport rules that will forward a message to a journaling mailbox if certain conditions are met. Messaging records management introduces an additional way that messages can be journaled, though this feature requires user participation, so this approach can also be thought of as an archival or retention feature. On a managed content setting, you can configure the properties of a folder within a user's mailbox so that when a message is placed there, a copy of it is sent to a separate e-mail address. Figure 8.14 shows the Journaling property page of a managed content setting.
Figure 8.14: Assigning journaling settings to a managed content setting
Managed content settings and messaging records management are discussed in more detail in Chapter 12, "Managing Folder Content."
The Send connector is the component that you configure to send outbound SMTP mail to external SMTP domains. It is the equivalent of the Exchange 2000/2003 SMTP Connector and is defined under the Organization Configuration work center of the EMC and is found in the Hub Transport results pane under the Send Connectors tab. The Source Server properties of a Send connector as well as the Send Connectors tab is shown in Figure 8.15.
Figure 8.15: Properties of a Send connector as shown in the Exchange Management Console
The EMS cmdlets necessary to create and manage a Send connector are as follows:
Cmdlet | Description |
---|---|
Get-SendConnector | Retrieve a list of the existing Send connectors or properties of a specified Send connector |
Set-SendConnector | Sets Send connector properties |
New-SendConnector | Creates a new Send connector |
Remove-SendConnector | Deletes a Send connector |
For more information on connectivity and Send connectors, see Chapter 18, "Delivering E-mail."
Another new feature of Exchange Server 2007 is the Edge Transport server role. In order to properly use the Edge Transport server role, you must configure an Edge Subscription. These are created and managed under the Edge Subscription tab of the Hub Transport results pane. The Edge Subscriptions tab and the New Edge Subscription Wizard are shown in Figure 8.16.
Figure 8.16: Creating a new Edge Subscription using the Exchange Management Console
You might find a number of Edge Transport-related EMS cmdlets useful; these include the following:
Cmdlet | Description |
---|---|
Get-EdgeSubscriptions | Lists the current Edge Subscriptions and their properties |
New-EdgeSubscription | Creates a new Edge Subscription |
Remove-EdgeSubscription | Deletes an Edge Subscription |
Start-EdgeSynchronization | Starts an immediate EdgeSync session |
Stop-EdgeSynchronization | Stops an EdgeSync session |
Test-EdgeSynchronization | Tests the specified Edge Transport server's subscription to ensure that the Edge Transport servers have current and accurate synchronized data. |
To learn more about anti-spam features and the Edge Transport server role, refer to Chapter 18, "Delivering E-mail."
There are a lot of possible ways to protect your organization from spam. You could have a managed provider than handles your spam services, or you could use a third-party appliance or software. You could use an Edge Transport server, or you could accept mail directly from the Internet to your Hub Transport servers.
If your Hub Transport servers are responsible for accepting mail directly from the Internet, you can install the anti-spam agents on the Hub Transport servers. Figure 8.17 shows the Anti-spam tab for the organization-wide Hub Transport settings.
Figure 8.17: Anti-spam configuration using the Exchange Management Console
If you have been exploring the Exchange Management Console interface, you may be surprised to see that Anti-spam tab. It is not there by default; you must run the C:\Program Files\Microsoft\exchange server\scripts\Install-AntispamAgents.ps1 PowerShell script in order to install the necessary transport agents and to reveal this tab on the interface. Installing the anti-spam agent enables quite a few additional EMS cmdlets. These cmdlets will work on a Hub Transport server that has had the anti-spam agents installed and they will also work on an Edge Transport server:
Cmdlet | Description |
---|---|
Get-ContentFilterConfig | Views the Content Filter configuration |
Set-ConfigFilterConfig | Sets the Content Filter configuration |
Get-ContentFilterPhrase | Views the Content Filter's list of phrases and words that are always considered spam or never considered spam |
Set-ContentFilterPhrase | Adds words or phrases to the Content Filter phrase list |
Get-IPAllowListProvider | Reviews the IP Allow List provider configuration |
Set-IPAllowListProvider | Sets the IP Allow List provider configuration |
Add-IPAllowListProvider | Adds an IP Allow List provider |
Remove-IPAllowListProvider | Removes an IP Allow List provider |
Get-IPAllowListConfig | Views the IP Allow List configuration |
Set-IPAllowListConfig | Sets the IP Allow List configuration |
Get-IPAllowListEntry | Views the entries in the IP Allow List |
Add-IPAllowListEntry | Adds entries to the IP Allow List |
Remove-IPAllowListEntry | Removes an entry from the IP Allow List |
Test-IPAllowListProvider | Tests an IP Allow List provider |
Get-IPAllowListProvidersConfig | Views the configuration of the IP Allow List Providers |
Set-IPAllowListProvidersConfig | Sets the configuration of the IP Allow List providers |
Test-IPBLockListProvider | Tests the specified IP Block List provider |
Get-IPBlockListConfig | Views the IP Block List configuration |
Set-IPBlockListConfig | Sets the IP Block List configuration |
Get-IPBlockListProvider | Views the IP Block List providers currently configured |
Set-IPBlockListProvider | Sets the configuration of an IP Block List provider |
Add-IPBlockListProvider | Adds a new IP Block List provider |
Remove-IPBlockListProvider | Removes an IP Block List provider |
Get-IPBlockListProvidersConfig | Views the configuration of an IP Block List provider |
Set-IPBlockListProvidersConfig | Sets the configuration of an IP Block List provider |
Add-IPBlockListEntry | Adds an IP address to the IP Block List |
Remove-IPBlockListEntry | Removes an IP address from the IP Block List |
Get-IPBlockListEntry | Views the IP Block List entries |
Get-RecipientFilterConfig | Views the Recipient Filter configuration |
Set-RecipientFitlerConfig | Sets the Recipient Filter configuration |
Get-SenderReputationConfig | Views the Sender Reputation configuration |
Set-SenderReputationConfig | Configures the Sender Reputation configuration |
Get-SenderIdConfig | Views the Sender ID configuration |
Set-SenderIdConfig | Sets the Sender ID configuration |
Test-SenderId | Tests the Sender ID configuration |
Get-SenderFilterConfig | Views the Sender Filter configuration |
Set-SenderFilterConfig | Sets the Sender Filter configuration |
Disable-AntispamUpdates | Prevents the servers from downloading anti-spam system updates automatically |
Enable-AntispamUpdates | Enables automatic download and installation of anti-spam updates |
Get-AntispamUpdates | Views the configuration of the anti-spam updates system and retrieve updates |
For more information on using the Exchange 2007 anti-spam features and the Edge Transport server role, see Chapter 18, "Delivering E-mail."