Interview Question for active directory and exchange
- Exchange 5.5 Server
Is it possible to restrict users of either a mailbox or public folder from
replying or forwarding emails in the mailbox or folder? We have a
department which needs some users to be able to view the contents of mailbox
or public folder without being able to do anything with them. The most
control I can get with the standard permissions is "read" but this still
allows users to reply and forward.
Also, I keep seeing references made to being able to publish the contents of
a public folder to a website. This would probably work, unless they are
just referring to OWA. Anyhow, I can find documentation that this can be
done, but cannot seem to find instructions on doing so.
2. Exchange 5.5 system and an Exchange 2000 system
I've got an Exchange 5.5 system and an Exchange 2000 system connected by
X400 connector. I have added the appropriate X400 address space on each side
of the connector to route mail to/from each system correctly. I am using an
in-house written app to maintain directory information. It creates custom
recipients (Ex5.5) and contacts (Ex2000) in each directory with an X400
target address corresponding to mailboxes in the remote directory.
My problem is how recipient addresses are recognised by the Exchange 5.5
system. For example:
User on Exchange 2000 system chooses my contact from their address list and
sends mail. The target address is the X400 address of my mailbox. The mail
is routed over the X400 connector to my mailbox. When I open the mail and
look at the properties of the sender, it correctly resolves to the custom
recipient that we have in our directory (because the sender X400 address
matches to the custom recipient) When I look at properties of the recipient
however, they just show the "legacyexchangedn" value from the contact on the
exch2000 system. It doesn't resolve to any object from our directoy.
So it appears that the sender field is received as an X400 value, which we
can resolve to our directory, but the recipients field is received as an
X500 value, which we can't.
Can anyone explain the reason for this behaviour to me? Why aren't the
recipients addresses also seen as X400?
This becomes a problem where the the original mail is sent to multiple
recipients on the Exch5.5 system. If any of the recipients chooses to
"reply-all", only the sender address is resolved correctly. The other
original recipients are not then properly addressed.
Apologies for the ramble, but I hope it makes sense. Thanks in advance for
any insight.
3. OWA Login Problem
We have one user that can not logion into OWA. When they login using
domain\user and password they get the 404 page not found. This is a E2K
2000 Front end server. Funny the page that pops up shows the outline of
the two panes for OWA with the error message listed twice. This is the
only user having this issue and it does not matter what desktop she
uses. Other people can login using her PC ok. However if I have her use
the https://webmail.domain.com/exchange/username/ it works fine. I have
looked on the IIS server and didn't see anything. Seems I saw this on
this list before and I do not remember what the problem was.
| 4. Outlook 2000 I have run into a problem with some of my Outlook 2000 clients. I have 5. Xchange 200 on 2000 I am running exchange 200 on 2000 server fully spack'd. 6. One: 7. Two: 8. Windows 2000 Active Directory, Exchange2000, Outlook2003 and OWA I have to hide a common Active Directory attribute (Office) from 9.Has anyone used the Recover Mailbox Data Feature from EX2K3 on SP1 Group where the names of the mailboxes include a comma? Evidently there is a bug in the program so that it fails if there is a comma in the display name. I was wondering if anyone had figured out how to get around this or had heard of a hot I thought maybe I could use the ADSI Viewer (ADSVW.exe) to fix the comma |
10 Automatically start perfmon alerts
I am trying to find a way to automatically start perfmon alerts on Windows
2000 server (if the perfmon service is restarted or if the server is
rebooted, all alerts are stopped and I have to start each one manually)
Is there a way?
11. All inbound
Is there a way to accept all inbound mail to a given domain that doesn't
match another directory entry into one maibox in Exchange 5.5? We've a need
to accept wildcard inbound mail - i know, not a pretty idea, but there's a
'business need'. Is it doable in Exchange or do I need to rewrite the mail
at the gateway?
12. Post Appointments
I can't figure this out. When I post appointments to our
shared calendar the appointment times that display on my
version of the shared calendar are correct, however, on
anyone else's instance of the calendar all the
appointments appear to be one hour later. All machines are running
XPPro With outlook 2003
13. The Checkbox
On a W2K workstation, the checkbox "Manager can update membership list"
is missing. This checkbox should be available for distribution groups
on the Managed By tab.
How can I enable this checkbox?
Solution :-
Install Windows 2000 adminpak on that workstation.
14. Create a single email that contains the addresses for all NDRs
Is there any way to configure Exchange 2003 to create a single email
that contains the addresses for all NDRs to messages? The goal is rather
than receive an individual email for each recipient that is not
reachable to instead have a single email that contains all the addresses
that failed. That single email could then be used with GREP to pull all
the email address and scrub the database or email addresses that are not
valid. Anyone have a way of doing such a thing?
15. NT4 domain (FOO) to Active Directory running on Windows Server 2003
<>
In our organization (say foo.bar.com) we have recently upgraded our single
NT4 domain (FOO) to Active Directory running on Windows Server 2003
Enterprise Edition, with two domain controllers (server names: DC-1, DC-2),
running DNS (AD-integrated).
We also have Ex 5.5 running on NT4SP6 (originally member of the old NT4
domain, now member of the AD domain) that we wish to migrate to Exchange
Server 2003, also running on Windows Server 2003 (server name: ES-1).
We've been using the ExDeploy tool to migrate the Ex5.5 server. After
successfully finishing the required steps for Phase-1, we tried to run setup
/ForestPrep. Having reached to the component selection screen, ForestPrep
does not appear selected in the Action combo (filled with ...) and when we
tried to select it, we got the following error message: " The component
"Microsoft Exchange Forest Preparation" cannot be assigned the action
ForestPrep because:
- Either you do not have permission to update the
Active Directory schema or Active Directory service
is currently too busy.
"
However, the account under which the tool has been run actually has the
required permissions, since it is member of the following groups in the
domain:
Domain Admins
Enterprise Admins
Schema Admins
and the Administrators group of the ES-1 machine.
Any ideas? Are we missing something?
Additional Notes:
- The file LDIF.ERR referenced in the log does not exist.
- NTDS Service Parameter (registry) value "Schema Update
Allowed" is set to '1'.
- All OS hot-fixes up to MS04-25 have been installed on
all new WS2K3 servers.
- All machines mentioned form an isolated lan using a 100Mbps
switch, for testing purposes (not connected to the internet.)
- Test mentioned in Q319944 (DCDIAG /test:KnowsOfRolesHolders /v)
succeeds.
- Potentially interesting excerpts from the Setup Progress log file follow.
16. SMTP Virtual Server
<>
We have our Exchange server connected directly to the
internet. I have specified that the SMTP Virtual Server
resolve DNS names through external servers. But It will not
send mail out. We get the following error:
The e-mail address could not be found. Perhaps the
recipient moved to a different e-mail organization, or there
was a mistake in the address. Check the address and try
again.
michele.cooper@dsst.hs does not exist>
It neither sees the external domain AND gives an error about
the internal domain.
Mail to users internally works fine.
Solution :-
That must be because those users have the @earthlink.com address defined
locally on your Exchange server, so when mail is sent internally, Exchange
server finds a match and puts the message into the appropriate mailbox.
I think you should be able to configure your users' Outlook profiles
differently so that Exchange is not the primary transport, but the ISP's
POP3/SMTP account is. Then mail will shoot out via ISP instead of trying to
get resolved by the Exchange server.
P.S. Are you sure that you really need Exchange if you don't want to use its
biggest component? (sending/receiving mail)
P.S. #2 you know, you can also give your Exchange server's POP3 protocol a
try.
- Disable OWA Access
Is there a way to disable owa access externally for a specific group of
domain users but allow them access internally? I know it can be done by
disabling the http protocol but the users should have access to owa when
logged on to the internal network. Any ideas?
- Over the last couple of days
We have had three or four e-mails that have we have had three or four e-mails that have ,been rejected with the error below. Note that the recipient address is an external address. Also, many, many e-mails are getting out, there are just a
few with this problems.
1. E-mails are bring sent from Outlook 2000 MAPI client.
2. Server is Exchange 2000 SP3 on Win2000 SP4.
Your message did not reach some or all of the intended recipients.
19. Exchange 2003 STD Edition
Any one know the fix for this issue or know of a posted fix?
Exchange 2003 STD Edition, OWA with SSL working fine.
I have enabled the change password option when the system was E2K. I get
the asp form used to change the account information and input all pertinent data for user to change password. When I submit it the following error comes up.
Error: General access denied error.
If I use the wrong domain it will let me know that is does
not exist so that leads me to think it is talking to my
domain when I do have the right information but will not
let me make the change for some reason.
This has been posted on many tech sites...none have a resolution.
Seems to be an issue when upgrading from E2K to E2K3 with an in-place
upgrade.
20. Send Mail command
In Unix, you can use the Send Mail command to automatically forward a TXT
file on a server to an Exchange mailbox. Is there an NT Send Mail command
or something comparable, for forwarding a TXT file to an Exchange 5.5
server?
21. Migrated from GroupWise and Novell to Exchange 2000
I have a customer we migrated from GroupWise and Novell to Exchange 2000 and Windows 2000. We used the MS GroupWise connector for the migration and the Wingra software.
Now that the migration is complete, and all Novell and GroupWise servers are
down we are doing some cleanup. In the GAL, in the Email type field, it
shows "EX" and all email addresses show up in the X.500 format of
/o=DOMAIN/ou=First Administrative Group/cn=Recipients/cn=UserName
Any suggestions on how to change the type so it shows up as SMTP and the
email addresses show up with an SMTP address? TIA
22. MTACHECK
I am having problems running MTACHECK to try and get my MTA back up and
running after an online restore. I am using the following syntax from
the exchsrvr\bin folder -
mtacheck /v /f mtacheck.log and I get the following error message -
Integrety checker was unable to create MTACHECK.OUT directory. This
directory does exist in the MTADATA directory and I have tried deleting
the existing logs in there.
Windows 2K SP4 w/hotfix roll-up Exchange 2k SP3 w/hotfix rollup.
Am I missing something obvious in the syntax or is there another
problem.
23. We are having difficulty when we try to delegate ownership of a mailbox to another user.
IE, user A leaves the organization we disable user A's AD login then
delegate (through AD/Exchange Advanced user rights) Mailbox Owner privileges
to user B. User B then tries to open the user A inbox in their Outlook and
receives "The folder can't be opened...". Is there another step I'm missing
here?
Disabling the user results in the mailbox not having a master account SID.
The mailbox is more or less unusable without one and you won't be able to
open it. What you need to do is go back into the permissions for that
mailbox under Exchange Advanced tab and assign the 'Associated External
Account' permission to SELF.
Probably when you disable User A, the "Self" entity gets wiped out of the
permissions to User A's mailbox. The lack of "Self" is causing the problem
with others not being able to access the mailbox. Re-add "Self" with the
permissions Full Control and Associated External Account.
24. EXmerge
If I have two mailboxes, both with data in them, is it possible to use
exmerge to take the data from one mailbox and "merge" it to the other with
out losing data.
In other words if I take the contents of UserA mailbox, can I put them into
UserB mailbox and when finished UserB has all there original message plus
the messages from UserA
I am assuming this is how it works, but I want to confirm before I try it
ExMerge looks at the name of the PST file during import and matches it with
the mailbox nickname (alias) of the target mailbox - that's where it dumps
the imported data.
You put your email in
You take your email out
You put your email in
And then you PST it out.
You do exmerge and your turn yourself around.
That's what its all about!
25. when using /disasterrecovery
I seem to remember a requirement when using /disasterrecovery that you had
to be using the same type of hardware when rebuilding, i.e. if the original
server was on a Proliant DL580 G2 attached to a SAN the new server also had
to be a DL580 G2 attached to a SAN, but the KB article on using
/disasterrecovery (297289) doesn't mention this. Am I remembering
incorrectly? We're in the process of planning for Hurricane Ivan and the
hardware given to us for a rebuild of the main mailbox server is a DL580 G1
instead of a G2, and I was wondering if this would cause a problem.
I've done plenty of recovery's with /disasterrecovery before but always to
the exact same type of hardware.
Solution :-
I think this is because before doing setup /disasterrecovery you will need
to perform a system state restore to bring the OS to the same level as the
original machine. A system state restore on different hardware will probably
have some strange effects.
From what I understand, a direct move from Exch2000 Enterprise edition to Exch2003 Standard edition upgrade is not possible on the existing machine. Instead could I do the following:
1. Install Exchange 2003 Standard on a second server
2. Do a move mailbox from the Exc2000 to the new Exc2003 server (I think they call it a "swing"?)
3. Remove Exc2000 from the original server
4. Install Exh2003 server on the original machine
5. Swing the data back to the original server
6. Kill the temporary server
26. OWA Front End multiple server
I have a customer with 2 Exchange 2003 servers running on Windows 2003
Server. They don't want to have a front-end server. Is this possible? I
was under the impression it was. The firewall only points to one of the
servers from the outside, when on the other server (the 1 the firewall isn't
pointed to) tries to connect they get a "Cannot find server or DNS Error
Internet Explorer" error. Or do they need to have a front end server or do I
have something setup wrong? They are still in the middle of the 5.5 upgrade
do I need to wait for native for this to work? Thanks!
Solution 1 :-
Yes it is possible. Make sure that both servers are accessible from
outside the firewall. You'll need to enable port 80 (ideally port 443
for HTTPS) access to both servers through the firewall. You'll also need
to make sure that the relevant DNS entries for both servers are visible
to the outside world.
What's happening here is that when your user connects to server 1, but
their mailbox is on server 2, server performs an HTTP redirect to
server 2. However, you are getting those errors because your web client
can't perform a DNS resolution for the object in the HTTP redirect.
Solution 2 :-
Your firewall probably points to the IP address, not the name. Bring up
the second server move everything then after the dust settles swap the
IP addresses.
Doubt your MX record would need to be changed. If it names the server
then there is an A record for that servername/hostname that points to an
IP. If that IP is your firewall you have to change nothing. If it is
your server that has the public IP address then the IP address swap
above takes care of that.
All depends how you are set up at the firewall. If Exchange is sitting
in a DMZ with public addresses or if you are behind NAT.
But either way the name of the server looks to be irrelevant. But like
you said even if you change MX and reconfig the firewall you are far
ahead of the game in time and effort.
Just run both servers for awhile so your users with Outlook start up and
log on and automatically pick up the mailbox move to the new server.
27. Exchange 5.5 to Exchange 2003
A question for those of you that have gone thru the migration from
Exchange 5.5 to Exchange 2003. We are planning to have a win2k3 native
domain and exchange 5.5/EX2k3 mixed mode. From what I've read in doing
my research for our migration is that when we migrate the Exchange 5.5
DL's that we use for permissions on Public Folders that they are
converted to Universal Security Groups.
Are these mail enabled security groups or do I have to created another
Distribution group to replace the ones that we used for permissions and
are converted?
28.1 forest, 1 tree, multiplechilddomains
Some of the childomains are in "windows2000 mixed" some others in
"Windows2000 native mode" some others in "Windows2003 functional mode",
each domain has its own Exchange55 server all the exchange55 servers
belong to the same Exchange Organization.
The forest has been "setup /forestrprep" for exchange2003. I can confirm
the "rangeupper" attribute value is already 6870.
Please can I use the following sequence to install ADC on the
childdomains running windows2000 AD (either mixed or native), notice
Exchange2003 "setup /forestprep" has been already executed at the root.
on the childdomains:
1) install ADC on a member server (using EA credentials) using the
exchange2003 cd, configure two-way CAs. (exchange55 <-->DC)
2) execute "setup /adprep" using the windows2003 cd
3) execute "setup/ domainprep" using the exchange2003 cd.
4) upgrade the dcs to windows2003 and switch to windows2003 functional
mode
5) install exchange2003 by joining the existent exchange55 server in
that childdomain.
Or do you think this sequence *must* be different for any technical
requirement that I am missing. For example --I am just suppossing--
ADC-exchange2003 cannot be installed on a Windows2000AD...unless
windows2003 /adprep has been executed..or some other possible technical
requirement.
29. Exchange 2000 SP3 on a Windows 2000 server
I am running Exchange 2000 SP3 on a Windows 2000 server, 2003 domain. My
problem is that exchange will not deliver mail to domains that do not
list a specific mx record. Is there a setting somewhere to prompt exchange to try connecting to other types of records listed instead?
<>
Thanks for your insights.
30. OWA Problem.
I have several MS small business clients and while sbs2000 was out (it
includes isa2000 and exch2000) I could not connect from one client to
another using OWA. With sbs2003 that is no longer and issue BUT....I have an
out sourced finance group who come to my client and try to connect to their
companies OWA (on a exch 2000 machine) and while passing through my isa 2000
they get "Access Denied" I can connect to any owa 2003 and their companies
techs assure me that they are not locked out. In a nut shell: Is there a
port I have to open in ISA to access a exch 2000 based OWA site?
Solution:- Microsoft Knowledge Base Article – 280823
31. "https//servername/exchange"
I have two domains that I want to service with one front end server, The two
domains are HG and HI. HG and HI are different administrative groups and
different domains, but they all share the harman.com address. The front end
server is located within the HG domain. Anyone in the HG domain can use the
front end server without any issues when they type in "https". When people
in the HI domain attempt to use the front end server (again using https),
they get the normal security warning and the authentication box. They put
in HI\username and password, and then a message comes back "The page must be
viewed over a secure channel". Below that is a message that says "the page
you are trying to view requires the use of https in the address". The funny
thing is you see in the address bar "https//servername/exchange" (I took the
colons out to kill the link in the email)!
Can anyone point me in the right direction?? I looked at Google and TechNet
without any success.
Thanks.
32. HG and HI
I have two domains that I want to service with one front end server; the
two domains are HG and HI. HG and HI are different administrative
groups and different domains, but they all share the harman.com address.
The front end server is located within the HG domain. Anyone in the HG
domain can use the front end server without any issues when they type in
"https". When people in the HI domain attempt to use the front end
server (again using https), they get the normal security warning and the
authentication box. They put in HI\username and password, and then a
message comes back "The page must be viewed over a secure channel".
Below that is a message that says "the page you are trying to view
requires the use of https in the address". The funny thing is you see
in the address bar "https//server name/exchange" (I took the colons out
to kill the link in the email)
Can anyone point me in the right direction?? I looked at Goggle and
TechNet without any success.
Thanks
33. NT 4.0 sp 6
Our PDC is crashing and the Exchange server is supposed to be the BDC. We
have to take the PDC down, can the Exchange server be promoted to PDC? Also,
it does not appear as though the Exchange server has been acting as BDC,
when PDC goes down, no one can log in or access email from exchange server.
I did not set any of this up, so I am not sure why it is acting this way.
34. Kerberos/NTLM Authentication..
I have a problem with a few users that I can not figure out. I am
running Exchange 2003 SP1 in native mode with Windows 2003 AD in native
mode and Outlook 2003.
The problem is that this user can not logon using OWA. She gets an error
saying "Bad Request (Request Header Too Long)". If I turn on Friendly
HTTP errors then the error is "HTTP 400 - Bad Request".
This user also can not open their mailbox from the client when logged on
to a computer on the domain. If I change the profile to use "Password
Authentication (NTLM)" rather than "Kerberos/NTLM Password
Authentication" then she can get into her mailbox. If I give myself full
control of her mailbox and set it to prompt for credentials with
"Kerberos/NTLM..." then I can get into the mailbox with no problem.
I have used LDP to compare attributes with other an account that works
fine but I don't see any major difference other than things that should
be different.
This leads me to believe the problem is related to Kerberos. Any idea
what I can do to resolve this issue?
<>
No comments:
Post a Comment