Managing Organization-Wide Configuration Parameters


Let's start with a view of the configuration options and parameters that affect the entire Exchange organization (every server and every object). For Exchange 2000/2003 administrators, these are the same types of things you would find under the Global Settings and Recipients containers in Exchange System Manager.

Note 

Parameters and objects found in the Organization Configuration work center affect every server and mail-enabled recipient in the organization.

Setting the Junk E-mail Folder Threshold

You use the Get-OrganizationConfig and Set-OrganizationConfig cmdlets to view the organization configuration and set organization configuration parameters. For the organization configuration, there is one important parameter that will be of use to many administrators; this is the SCLJunkThreshold parameter. This is set to by default to a value of 4. If messages are processed by the Content Filter (formerly known as the Microsoft Exchange Intelligent Message Filter) and are determined to have a value of 4 or higher, they will be placed in the user's Junk E-mail folder.

Setting Message Size and Recipient Count Limit

Message sizes can be set in a lot of places; size limits can be configured for the entire organization, a specific connector, or an individual mailbox. However, to set them globally, you must set them from the EMS. The Get-TransportConfig and the Set-TransportConfig cmdlets have the -MaxReceiveSize, -MaxSendSize, and -MaxRecipientEnvelopeLimit parameters, which control the maximum incoming message size, the maximum outgoing message size, and the maximum number of recipients per message. For more information on these, see Chapter 9, "Imposing Limits."

Configuring Administrative Permissions

When the first Exchange 2007 server is installed in to the Active Directory forest, a container called Microsoft Exchange Security Groups (shown in Figure 8.2) is created in the root domain. For most organizations, making a user a member of one of these groups will suffice when delegating the necessary permissions to manage the Exchange organization, Exchange recipients, or Exchange servers.

image from book
Figure 8.2: Active Directory security groups

In larger organizations, custom permissions may need to be delegated or assigned based on the organization's requirements. Additional or custom permissions can be delegated using the EMC. Figure 8.3 shows the EMC with the Organization Configuration work center selected.

image from book
Figure 8.3: Using the Exchange Management Console to assign permissions

Exchange administrative permissions can also be viewed, assigned, and removed using the EMS cmdlets Get-ExchangeAdministrator, Add-ExchangeAdministrator,and Remove-ExchangeAdministrator.

You can find more information about administrative permissions in Chapter 7, "Administering Exchange 2007."

Configuring Messaging Records Management

Messaging records management is a combination of a new set of features for Exchange Server 2007 and the Exchange 2000/2003 mailbox manager features. Messaging records management allows you to create custom folders in a user's mailbox and manage the content in both the default folders as well as the custom folders. Management and configuration of messaging records management components is performed in the EMC under the Organization Configuration work center and under the Mailbox subcontainer.

The Mailbox subcontainer of the Organization Configuration work center is shown in Figure 8.4. The Managed Custom Folders tab in the results pane allows you to create additional managed custom folders and assign managed content settings to them.

image from book
Figure 8.4: Managing message records management settings

From the Managed Default Folders tab in the results pane, you can assign managed content settings to default folders such as the Inbox, Deleted Items, and Sent Items.

The final component of message records management (at least from the organization's perspective) is the creation of managed folder mailbox policies. These policies specify which folders are assigned to a mailbox. The mailbox is then assigned policies found on the Managed Folder Mailbox Policies tab.

If you are inclined to manage messaging records management components from the command line, here are some of the cmdlets you can use:

Cmdlet

Description

Start-ManagedFolderAssistant

Starts the managed folder assistant on a Mailbox server

Stop-ManagedFolderAssistant

Stops the managed folder assistant on a Mailbox server

New-ManagedFolder

Creates a new managed custom or default folder

New-ManagedFolderMailboxPolicy

Defines a new managed folder mailbox policy

New-ManagedContentSettings

Creates a new managed content settings object in the specified managed folder

Get-ManagedFolder

Retrieves a list of managed folders or the properties of an individual managed folder if it is specified in the command line

Get-ManagedFolderMailboxPolicy

Retrieves a list of managed folder mailbox policies or the properties of an individual managed folder mailbox policy if it is specified in the command line

Get-ManagedContentSettings

Retrieves all of the managed content setting objects or the properties of an individual content settings object if it is specified

Set-ManagedFolder

Sets properties on a managed folder

Set-ManagedFolderMailboxPolicy

Sets the properties on a managed folder mailbox policy

Set-ManagedContentSettings

Sets the properties on a managed content settings object

Remove-ManagedFolder

Removes an existing managed folder

Remove-ManagedFolderMailboxPolicy

Removes a managed folder mailbox policy

Remove-ManagedContentSettings

Removes a managed content settings object

You can find more information about messaging records management in Chapter 12, "Managing Folder Content."

Managing Address Lists

There are a couple of different types of address lists that can be created and managed in Exchange 2007. These include the custom address lists, offline address books, and global address lists.

Address lists were found in the Exchange 2000/2003 Exchange System Manager console under Recipients\All Address Lists and are also called custom address lists. Exchange 2007 includes the default address lists All Users, All Rooms, All Groups, and All Contacts. These address lists, as well as new ones, are managed from the Mailbox subfolder of the Organization Configuration work center. Figure 8.5 shows the Address Lists tab.

image from book
Figure 8.5: Address lists when viewed from the Exchange Management Console

Offline address books are managed from the Offline Address Book tab in the results pane of the Mailbox subfolder. Figure 8.6 shows the Offline Address Book tab.

image from book
Figure 8.6: Offline address book management viewed from the Exchange Management Console

Global address list management is not configured from the Exchange Management Console but instead through the EMS. The following are the EMS cmdlets for managing custom address lists, offline address books, and global address lists:

Cmdlet

Description

New-AddressList

Creates a new custom address list.

New-GlobalAddressList

Creates a new global address list.

New-OfflineAddressBook

Creates a new offline address book.

Get-AddressList

Retrieves a listing of the existing address lists or the properties of a specific address list.

Get-GlobalAddressList

Retrieves a listing of the existing global address lists or the properties of a specific global address list.

Get-OfflineAddressBook

Retrieves a listing of the existing offline address book or the properties of a specific offline address book.

Set-AddressList

Sets the properties of an existing address list.

Set-GlobalAddressList

Sets the properties of an existing global address list.

Set-OfflineAddressBook

Sets the properties of an existing offline address book.

Remove-AddressList

Removes an existing address list.

Remove-GlobalAddressList

Removes an existing global address list.

Remove-OfflineAddressBook

Removes an existing offline address book.

Update-AddressList

Updates the membership of an address list. Anytime address list membership criteria is changed, this should be run.

Update-GlobalAddressList

Updates the membership of a global address list. Anytime global address list membership is changed, this should be run.

Update-OfflineAddressBook

Updates the offline address book information that is distributed to offline clients. This should be run on a regular basis.

Move-AddressList

Moves an address list from one address list container to another.

Move-OfflineAddressBook

Changes the offline address book generation server for an offline address book.

You can learn more information about creating and managing the different types of address lists in Chapter 11.

Setting ActiveSync Policies

Exchange 2007 allows you to support more than one ActiveSync policy for Windows Mobile devices. These are configured globally in the Client Access subcontainer of the Organization Configuration work center of the EMC. The Exchange ActiveSync Mailbox Policies tab is shown in Figure 8.7 with the General property page of one of the policies. In Exchange 2003, you can find these settings under Global Settings\Mobile Services.

image from book
Figure 8.7: Managing ActiveSync Mailbox policies using the Exchange Management Console

From an ActiveSync Mailbox policy, you can define maximum attachment sizes, SharePoint and Windows file share access, password complexity, and device encryption requirements. Once a policy is defined, it must be assigned to the user accounts/mailboxes on which it must be enforced.

Cmdlet

Description

New-ActiveSyncMailboxPolicy

Creates a new ActiveSync mailbox policy

Remove-ActiveSyncMailboxPolicy

Deletes an existing ActiveSync mailbox policy

Set-ActiveSyncMailboxPolicy

Sets the properties of the specified ActiveSync mailbox policy

Get-ActiveSyncMailboxPolicy

Retrieves a list of ActiveSync mailbox policies or properties of an individual mailbox policy if the policy name is specified

You can find more information about Exchange ActiveSync mailbox policies in Chapter 19, "Exchange Anywhere."

Removing or Wiping ActiveSync Devices

ActiveSync devices can be removed or disassociated with Exchange 2007 if the device is no longer used or it needs to be completely reset and rebuilt. You may also need to initiate a remote wipe of a device if the device is lost or stolen. You can use the following EMS cmdlets to manage these features:

Cmdlet

Description

Get-ActiveSyncDeviceStatistics

Lists the statistics of a specific ActiveSync device when you specify the mailbox name that the device is synchronizing with

Clear-ActiveSyncDevice

Initiates a remote wipe-out of the ActiveSync device the next time it connects to a Client Access server to synchronize

Remove-ActiveSyncDevice

Removes an ActiveSync device partnership

Managing Outbound Message Formats

When Exchange delivers a message to the Internet, it uses the format specified in the Remote Domains list. Different domains can use different outbound message formats, too. There is more to remote domain configuration than just message formats, though. A remote domain configuration includes:

  • Out-of-Office message types to be delivered

  • Outbound message character sets

  • Whether or not automatic replies, automatic forwards, delivery reports, and non-delivery reports are generated to the specified domain

The default format is used for all outbound SMTP mail to all external domains and is configured in the Remote Domains tab in the Exchange Management Console under the Hub Transport section of the Organization Configuration work center. The Remote Domains tab is shown in Figure 8.8 as well as the General property page of the default message format. In Exchange 2000/2003, you can find this information in the Global Settings\Internet Message Defaults container.

image from book
Figure 8.8: Managing Internet message formats using the Exchange Management Console

If you are inclined to manage these settings from the EMS, here are the EMS cmdlets for managing remote domain message formats:

Cmdlet

Description

Get-RemoteDomain

Retrieves a list of existing remote domains or the properties of a specific remote domain object

New-RemoteDomain

Creates a new remote domain object

Set-RemoteDomain

Sets the properties of a remote domain object

Remove-RemoteDomain

Deletes an existing remote domain object

Configuring SMTP Accepted Domains

Exchange 2007 (like Exchange 2000/2003) must be configured with a list of SMTP domains that it will accept either as internal domains or to be relayed on to another SMTP system. In Exchange 2000/2003, this function was combined with recipient policies so that e-mail addresses could also be automatically generated if the policy applied to any recipients. This function has been broken out into the accepted domains feature; accepted domains are defined using the EMC by locating the Organization Configuration work center and viewing the Hub Transport subcontainer. The accepted domain list is found on the Accepted Domains tab. Figure 8.9 shows the Accepted Domains tab as well as the properties of one of the accepted domains.

image from book
Figure 8.9: Accepted domains properties in the Exchange Management Console

You can manage accepted domains using the EMS command shell also. The following are some of the relevant cmdlets:

Cmdlet

Description

Get-AcceptedDomain

Retrieves a list of accepted domains or the properties of the specified accepted domain

New-AcceptedDomain

Creates a new accepted domain

Set-AcceptedDomain

Sets the accepted domain properties

Remove-AcceptedDomain

Removes an accepted domain

An accepted domain can be configured so that e-mail is always delivered to the internal Exchange organization (an authoritative domain), a domain in which your Exchange organization has mail-enabled contacts (an internal relay domain), or a domain in which you relay all mail externally (an external relay domain.) You can learn more about configuring and using the accepted domains feature in Chapter 10, "Managing Recipients."

Generating and Assigning E-mail Addresses

E-mail address policies are responsible for generating e-mail addresses for mail-enabled recipients (mailboxes, groups, contacts, etc.). In Exchange 2000/2003, e-mail addresses were defined using a recipient policy so e-mail address policies are somewhat similar to an Exchange 2000/2003 recipient policy. One difference is that in Exchange 2000/2003, the recipient policy defined not only e-mail addresses that were generated for mail-enabled recipients but also which SMTP domains were accepted.

Figure 8.10 shows the E-mail Addresses Policies tab of the Hub Transport results pane and the Edit E-mail Address Policy Wizard. The E-mail Addresses Policy Wizard can be launched to create a new e-mail address policy or edit an existing one.

image from book
Figure 8.10: Editing an e-mail address policy using the Exchange Management Console

Once a policy is created, it must be applied to the mail-enabled objects. The policy is applied based on its conditions; conditions of a policy include including recipients based on department name, company name, state, or a custom attribute. The administrator can apply the policy immediately after creation either by clicking the Apply button on the Actions pane or by running an EMS cmdlet. The following cmdlets apply to e-mail address policies:

Cmdlet

Description

Get-EmailAddressPolicy

Retrieves a list of the e-mail address policies or the properties of a specified e-mail address policy.

Set-EmailAddressPolicy

Sets the properties of an e-mail address policy.

New-EmailAddressPolicy

Creates a new e-mail address policy.

Remove-EmailAddressPolicy

Removes an existing e-mail address policy.

Update-EmailAddressPolicy

Applies the policy based on the conditions specified when the policy was created. The policy must be applied before affected users be assigned e-mail e-mail addresses that the policy specified.

You can learn more about creating and managing e-mail address policies by referring to Chapter 10, "Managing Recipients."

Managing Transport Rules

Transport rules are a new feature of Exchange 2007. They allow you to specify conditions under which a certain action will be applied to a message. An example of this would be applying an "Attorney / Client Privilege" classification label (the action) to any message sent by a member of the legal time group (the condition).

Transport rules are created and managed under the Transport Rules tab of the Hub Transport rules pane (found under the Organization Configuration work center.) Transport rules are edited and created using the Edit Transport Rule Wizard. Figure 8.11 shows the Transport Rules tab as well as the Actions page of the wizard.

image from book
Figure 8.11: Editing a transport rule using the Exchange Management Console

The following are the EMS cmdlets that can be used to create and manage transport rules:

Cmdlet

Description

Get-TransportRule

Retrieves a list of transport rules or the properties of a specific transport rule

Set-TransportRule

Sets the properties of a transport rule

New-TransportRule

Creates a new transport rule

Remove-TransportRule

Deletes a transport rule

Disable-TransportRule

Disables a transport rule so that Hub Transport servers will not process that particular rule

Enable-TransportRule

Enables a transport rule that was previously disabled

Get-TransportRulePredicate

Lists the transport rule conditions

Get-TransportRuleAction

Lists the transport rule actions

We have devoted an entire chapter to creating, managing, and using transport rules. Please see Chapter 13, "Managing Messages in Transit."

Managing Journaling

Journaling is a feature that has been in Exchange since the Exchange 5.5 days. In previous versions of Exchange, though, you could only configure journaling for all mailboxes on an entire mailbox database. This feature still exists, of course, and can be used if that is the way you have configured journaling to work in your organization. You must locate the mailbox database that contains the mailboxes for which you want to keep journaled copies of sent and received e-mail. On the General property page (shown in Figure 8.12) of that mailbox database, you specify the journal recipient.

image from book
Figure 8.12: Configuring journaling for an entire mailbox database

You can read more about properties of mailbox databases in Chapter 6: "Scaling Upward and Outward."

Exchange 2007 introduced a couple of new approaches to journaling. You can now configure journaling with an organization-wide journaling feature found in the Journaling tab of the Organization Configuration work center's Hub Transport subcontainer. Figure 8.13 shows this tab and a journaling rule's General property page.

image from book
Figure 8.13: Creating a journaling rule

If you are so inclined, here are the EMS cmdlets you can use for managing journal rules:

Cmdlet

Description

Get-JournalRule

Retrieves a list of journal rules or just the properties of a specified journal rule

Set-JournalRule

Sets the properties of a journal rule

New-JournalRule

Creates a new journal rule

Remove-JournalRule

Deletes a journal rule

Enable-JournalRule

Enables a journal rule that was disabled

Disable-JournalRule

Disables the specified journal rule

Journaling can also be achieved by creating transport rules that will forward a message to a journaling mailbox if certain conditions are met. Messaging records management introduces an additional way that messages can be journaled, though this feature requires user participation, so this approach can also be thought of as an archival or retention feature. On a managed content setting, you can configure the properties of a folder within a user's mailbox so that when a message is placed there, a copy of it is sent to a separate e-mail address. Figure 8.14 shows the Journaling property page of a managed content setting.

image from book
Figure 8.14: Assigning journaling settings to a managed content setting

Managed content settings and messaging records management are discussed in more detail in Chapter 12, "Managing Folder Content."

Managing Outbound E-mail to External SMTP Domains

The Send connector is the component that you configure to send outbound SMTP mail to external SMTP domains. It is the equivalent of the Exchange 2000/2003 SMTP Connector and is defined under the Organization Configuration work center of the EMC and is found in the Hub Transport results pane under the Send Connectors tab. The Source Server properties of a Send connector as well as the Send Connectors tab is shown in Figure 8.15.

image from book
Figure 8.15: Properties of a Send connector as shown in the Exchange Management Console

The EMS cmdlets necessary to create and manage a Send connector are as follows:

Cmdlet

Description

Get-SendConnector

Retrieve a list of the existing Send connectors or properties of a specified Send connector

Set-SendConnector

Sets Send connector properties

New-SendConnector

Creates a new Send connector

Remove-SendConnector

Deletes a Send connector

For more information on connectivity and Send connectors, see Chapter 18, "Delivering E-mail."

Managing Edge Transport Subscriptions

Another new feature of Exchange Server 2007 is the Edge Transport server role. In order to properly use the Edge Transport server role, you must configure an Edge Subscription. These are created and managed under the Edge Subscription tab of the Hub Transport results pane. The Edge Subscriptions tab and the New Edge Subscription Wizard are shown in Figure 8.16.

image from book
Figure 8.16: Creating a new Edge Subscription using the Exchange Management Console

You might find a number of Edge Transport-related EMS cmdlets useful; these include the following:

Cmdlet

Description

Get-EdgeSubscriptions

Lists the current Edge Subscriptions and their properties

New-EdgeSubscription

Creates a new Edge Subscription

Remove-EdgeSubscription

Deletes an Edge Subscription

Start-EdgeSynchronization

Starts an immediate EdgeSync session

Stop-EdgeSynchronization

Stops an EdgeSync session

Test-EdgeSynchronization

Tests the specified Edge Transport server's subscription to ensure that the Edge Transport servers have current and accurate synchronized data.

To learn more about anti-spam features and the Edge Transport server role, refer to Chapter 18, "Delivering E-mail."

Configuring Exchange Server Anti-spam Features

There are a lot of possible ways to protect your organization from spam. You could have a managed provider than handles your spam services, or you could use a third-party appliance or software. You could use an Edge Transport server, or you could accept mail directly from the Internet to your Hub Transport servers.

If your Hub Transport servers are responsible for accepting mail directly from the Internet, you can install the anti-spam agents on the Hub Transport servers. Figure 8.17 shows the Anti-spam tab for the organization-wide Hub Transport settings.

image from book
Figure 8.17: Anti-spam configuration using the Exchange Management Console

If you have been exploring the Exchange Management Console interface, you may be surprised to see that Anti-spam tab. It is not there by default; you must run the C:\Program Files\Microsoft\exchange server\scripts\Install-AntispamAgents.ps1 PowerShell script in order to install the necessary transport agents and to reveal this tab on the interface. Installing the anti-spam agent enables quite a few additional EMS cmdlets. These cmdlets will work on a Hub Transport server that has had the anti-spam agents installed and they will also work on an Edge Transport server:

Cmdlet

Description

Get-ContentFilterConfig

Views the Content Filter configuration

Set-ConfigFilterConfig

Sets the Content Filter configuration

Get-ContentFilterPhrase

Views the Content Filter's list of phrases and words that are always considered spam or never considered spam

Set-ContentFilterPhrase

Adds words or phrases to the Content Filter phrase list

Get-IPAllowListProvider

Reviews the IP Allow List provider configuration

Set-IPAllowListProvider

Sets the IP Allow List provider configuration

Add-IPAllowListProvider

Adds an IP Allow List provider

Remove-IPAllowListProvider

Removes an IP Allow List provider

Get-IPAllowListConfig

Views the IP Allow List configuration

Set-IPAllowListConfig

Sets the IP Allow List configuration

Get-IPAllowListEntry

Views the entries in the IP Allow List

Add-IPAllowListEntry

Adds entries to the IP Allow List

Remove-IPAllowListEntry

Removes an entry from the IP Allow List

Test-IPAllowListProvider

Tests an IP Allow List provider

Get-IPAllowListProvidersConfig

Views the configuration of the IP Allow List Providers

Set-IPAllowListProvidersConfig

Sets the configuration of the IP Allow List providers

Test-IPBLockListProvider

Tests the specified IP Block List provider

Get-IPBlockListConfig

Views the IP Block List configuration

Set-IPBlockListConfig

Sets the IP Block List configuration

Get-IPBlockListProvider

Views the IP Block List providers currently configured

Set-IPBlockListProvider

Sets the configuration of an IP Block List provider

Add-IPBlockListProvider

Adds a new IP Block List provider

Remove-IPBlockListProvider

Removes an IP Block List provider

Get-IPBlockListProvidersConfig

Views the configuration of an IP Block List provider

Set-IPBlockListProvidersConfig

Sets the configuration of an IP Block List provider

Add-IPBlockListEntry

Adds an IP address to the IP Block List

Remove-IPBlockListEntry

Removes an IP address from the IP Block List

Get-IPBlockListEntry

Views the IP Block List entries

Get-RecipientFilterConfig

Views the Recipient Filter configuration

Set-RecipientFitlerConfig

Sets the Recipient Filter configuration

Get-SenderReputationConfig

Views the Sender Reputation configuration

Set-SenderReputationConfig

Configures the Sender Reputation configuration

Get-SenderIdConfig

Views the Sender ID configuration

Set-SenderIdConfig

Sets the Sender ID configuration

Test-SenderId

Tests the Sender ID configuration

Get-SenderFilterConfig

Views the Sender Filter configuration

Set-SenderFilterConfig

Sets the Sender Filter configuration

Disable-AntispamUpdates

Prevents the servers from downloading anti-spam system updates automatically

Enable-AntispamUpdates

Enables automatic download and installation of anti-spam updates

Get-AntispamUpdates

Views the configuration of the anti-spam updates system and retrieve updates

For more information on using the Exchange 2007 anti-spam features and the Edge Transport server role, see Chapter 18, "Delivering E-mail."




Mastering Microsoft Exchange Server 2007
Mastering Microsoft Exchange Server 2007 SP1
ISBN: 0470417331
EAN: 2147483647
Year: 2004
Pages: 198
Authors: Jim McBee

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net