Default Policy does not update all mailboxes according to the policy

If you use %g.%s@yourdomain.com as e-mail address policy criteria and you find out that not all your Users get updated with the policy but instead Alias is used, you need to check whether all user objects in Active Directory contain First Name and Last Name properties. The best way to check this in Exchange 2007 Exchange Management Console is to edit User properties under

• Recipient Configuration --> Mailbox -->
• select mailbox and click Properties
• Check User Information...

Default Recipient Policy update error shows legacy MS and CCMAIL address policies

After the transition to Exchange 2007 you might find that the update of objects in Active Directory fails when you try to run Update of Default Recipient Policy. You get an error stating the there are legacy Exchange address policies (CCMAIL and MS) in Default Policy and update is not actually run. If you edit Default Policy in Exchange Management Console you see that there are none of MS and CCMAIL entries in your policy.

To resolve this issue you need to edit your policy in Active Directory using ADSIEdit tool and delete disabledGatewayProxy entries of MS and CCMAIL

• Add ADSIEdit snap-in to MMC console (Support Tools must be installed in order to be able to add ADSIEdit)
• Connect to Configuration Naming Context
• Browse to Services --> Microsoft Exchange --> YOURORGANIZATON --> Recipient Policies
• On the right click Properties of Default Policy
• Click Show only objects with entries
• Find disabledGatewayProxy
• Edit its content
• Remove:
• MS:ORGANIZATIONNAME/ORGANIZATIONNAME
• CCMAIL: at ORGANIZATIONNAME
• Repeat this step for all the policies in your organization that include these two entries

OAB download problems in Outlook 2003 on Exchange 2007

After you install Exchange 2007 in your organization wether it is "clean or transition" install of it, you could get OAB synchronization error 0X8004010F in Outlook 2003.To solve this issue you have to go to:

1. Server Configuration --> Mailbox


2. In Database Management window select Malbox Database or whatever name you use


3. Select Properties


4. Go to Client Settings


5. Under Offline Address Book select you Default OAB


6. OK

Related links:
http://blogs.msdn.com/dgoldman/archive/tags/Offline+Address+Book+Related/default.aspx

How to remove Active Directory Connectors before installing Exchange 2007

"Microsoft® Exchange Server 2007 setup cannot continue because one or more Active Directory Connectors have been found..."

This is the error you get when Exchange 2007 setup tries to run /PrepareLegacyExchangePermissions command and founds out that you have one or more Active Directory Connectors (ADC) installed in your organization. You should remove all Active Directory Connectors from organization prior to installing Exchange 2007. I suggest that you first run Exchange Best Practices Analyzer with Exchange 2007 Prerequisites Check before you start with Exchange 2007 installation.

To remove Active Directory Connector components

1. To disable the ADC service on the server that is running the ADC service, right-click My Computer on the desktop, and then click Manage
2. Expand the Services and Applications node, and then click the Services node.
3. In the right pane, right-click Microsoft Active Directory Connector and then click Properties.
4. Change the Startup Type to Disabled. The next time that the computer starts, the ADC service will not start.
5. Click Apply, and then click OK.
6. To uninstall the ADC service, use the Active Directory Installation Wizard on the Microsoft Exchange 2000 Server or Microsoft Exchange Server 2003 CD. Open the \ADC\I386 folder and double-click the Setup.exe program. Follow the prompts to Remove All ADC service components.

Note:
You must complete step 6 and Remove All ADC components to resolve this issue. It is insufficient to disable the ADC service.

If you somehow removed the server with ADC installed from your organization without completing this steps than there is always possibility that the object still resides in Active Directory. To remove it manually follow the procedure which assumes your Exchange server was not Domain Controller:

Suggestion: Create backup of System State on at least two DC's before this procedure

1. open Active Directory Sites And Services
2. Check if there is an object of removed server under the Site where this server resided
3. Delete this object with all sub-objects
4. Replicate changes to all other DC's

Using ADSIEdit:

1. Install Support Tools from Windows 2003 CD
2. Open Microsoft Management Console (mmc)
3. Add ADSIEdit snap-in
4. Connect to Configuration Container
5. Expand Configuration --> Services --> Microsoft Exchange --> Active Directory Connections
6. Delete ADC under Active Directory Connections
7. Replicate changes to all Domain Controllers

After you complete these steps, rerun the Exchange 2007 setup or setup.com /PrepareLegacyExchangePermissions command, depends on whatever you run first.

Changing the Transport Agent Priority in Exchange 2007

The default Transport Agent priorities on Hub server with anti-spam agents and ForeFront security for Exchange installed look like this:

If you need to change the priority of transport agents in Exchange 2007 you can use following syntax in Exchange Management Shell:

Set-TransportAgent -Identity AgentIdentity -priority Y

So basically if you need SCL stamped on the message before Transport Rule processes message, you can put Content Filter Agent on top of the filters by typing:

Set-TransportAgent -Identity "Content Filter Agent" -priority 1

Update Rollup 1 for Exchange 2007 is out

Microsoft released Update Rollup 1 for Exchange 2007 which includes fixes for:

• The Microsoft Exchange Information Store service stops unexpectedly when the Exchange Server 2007-based server replicates the Public folder
• The DoSnapshotSet method may stop responding in the Exchange store, and a backup application stops responding on an Exchange 2007 server

Update can be downloaded here

This update is NOT Exchange Service Pack 1 which is now in beta and will be out in the second half of the year.

For more information about Update Rollup 1 click here

What is SafeList Aggregation in Exchange 2007 or How to help you administer Safe senders list in Exchange 2007 to fight false-positives?

"safelist aggregation refers to a set of anti-spam functionality that is shared across Microsoft Office Outlook and Exchange" - Microsoft

So let's see what this functionality really is. Presume your Exchange architecture is using Hub Transport and no Edge Transport Exchange server role. You enabled Anti-spam functionality on your Hub Transport server and you created quarantine mailbox for collecting spam mails.To help you reduce instances of false-positives you can enable the SafeList Aggregation which uses Outlook's Safe senders and safe recipients, Safe Domain and External Contacts collections for Exchange's ALLOWED senders list.

First, you need to send this data to Active Directory from where it can be read by Anti-spam agent on Exchange 2007 Hub or Edge Transport Exchange role.This can be done by running the Exchange Management Shell cmdlet Update-SafeList on a user's mailbox.

Syntax: Update-SafeList -Identity <MailboxIdParameter>

Let's say you want to use Safe Senders collection from Dusan Kosaric's mailbox. You would use the following syntax:

Update-SafeList -Identity "Dusan Kosaric"

If you wan to update Safe List from every mailbox in organization on regular basis you can create scheduled task. First create the SafeList.bat file with following entries:

"C:\Program Files\Microsoft Command Shell\v1.0\Powershell.exe" -psconsolefile
"C:\Program Files\Microsoft\Exchange Server\bin\exshell.psc1" -command

"get-mailbox where {$_.RecipientType -eq [Microsoft.Exchange.Data.Directory.Recipient.RecipientType]::UserMailbox } update-safelist"

After you create SafeList.bat file, run this command in Exchange Management Shell:

at 01:00 /every:M,T,W,Th,F,S,Su cmd /c "X:\SafeList.bat"

If your organization is not a large one and you are not dealing with A LOT of spam, you can use SafeList Aggregation only from Quarantine mailbox. You can open your quarantine mailbox in Outlook 2003 or 2007 and search through mails to find false-positives. Add senders to the Outlook Safe Senders list under Actions -> Junk e-mail -> Junk e-mail options -> Safe Senders in Outlook and than run Update-SafeList cmdlet in Exchange Management Shell.

************
Related links:

http://technet.microsoft.com/en-us/library/bb125168.aspx

http://technet.microsoft.com/en-us/library/aa998280.aspx