Monday, November 22, 2010

Active Directory and Exchange Topology Diagrammer

I came across this tool a couple of years ago, demo'd it, thought it looked great but forgot about it and never used it in a live environment.

Last week I started a project which required a full audit of a fairly large Exchange 2007 network that spread throughout 13 sites worldwide. As part of the audit, I set about creating a Visio diagram of the Exchange Organization but soon ran into trouble trying to map out all of the site links and detailed information.

That's when I remembered Microsoft's Active Directory Topology Diagrammer. This is a really handy tool when you want to create Visio diagrams of your networks and it covers Active Directory Site Structure, OU Structure and brilliantly the Exchange Organization structure too!

Download the tool from here and try it out, you will need Visio installed and with the latest Exchange stencils though for the tool to draw the diagrams properly:

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=cb42fc06-50c7-47ed-a65c-862661742764&displaylang=en

Tuesday, November 16, 2010

Increase Exchange 2010 DAG Failover Threshold

One of our clients has a 4 member node Exchange 2010 DAG spread across 4 different countries worldwide.

The client had reported to me that one of the sites that had a slight bandwidth issue was consistently failing it's Active Mailbox Store from the local site over to it's Dublin HQ site. When we manually moved the database back over to the original local site, it would randomly fail back over to the main Dublin HQ site presumably due to the intermittent latency on the Internet connection at that local site.

The customer requested that I find a way to increase the failover threshold or tolerance for the DAG so that it doesn't fail over as frequently without losing the functionality of High Availability.

After searching for quite a while on how to do this using Exchange Power Shell I found some information relating not to Exchange Server but to the Windows Server 2008 Cluster Service (which is essentially what the DAG uses when it is created for the first time) for it's clustering technology.

Using a standard Command Prompt (cmd), I started playing with the 'cluster' command and looking into what switches it used and what they could be applied to.

Here's what I came up with:

Type 'cluster /list' to display the name of the cluster that is present on the Server

When you run a 'cluster /prop' from the cmd line, it returns a number of values relating to the cluster, two of which are the following:

CrossSubnetDelay = 1000 (this is the default 1000 milliseconds which equals 1 second per heartbeat check)

CrossSubnetThreshold = 5 (this is the default number of heartbeats that can be missed before failover)

I changed the CrossSubnetDelay value to make the heartbeat check in every 2 seconds instead of the default 1 second by using the command below:

cluster /cluster:<ClusterName> /prop CrossSubnetDelay=2000

With this new setting along with the default value of 5 seconds for the CrossSubnetThreshold setting, this now allows the Cluster service to wait for 10 seconds before initiating a failover to a different DAG member.

This value can be increased to a maximum of 4000 milliseconds once the cluster is across subnets (it is a maximum of 2000 milliseconds if you are on the same subnet)

The CrossSubnetThreshold value can be modified with a value anywhere from 3 to 10.

This workaround / solution may need some tweaking with values until you reach the desired tolerance on your DAG.

It is also worth making sure you make a note of all changes that you make before and after the above commands and as always - make sure you have a full backup of your Exchange environment before you do anything like this!!!!

Saturday, November 13, 2010

Bulk Create Active Directory User Accounts and Exchange Mailboxes

Although this process is fairly well known at this point, I am continually asked for this PowerShell script to assist with the bulk creation of new Active Directory user accounts with passwords and then the bulk creation of Exchange Mailboxes for these new accounts. It will also allow you to create or specify an OU to place them into.

This script was created by Exchange MVP Andy Grogan.

Here's the link to the downloadable Powershell Script and sample CSV file that creates the user accounts within Active Directory:

http://www.telnetport25.com/component/content/article/15-powershell/321-quick-post-script-to-create-lab-users-powershell-version.html

Once you have modified the CSV file to suit your user structure and run the Powershell script, you should now have all of the users created within AD and all assigned passwords of your choice too.

The next step is to create new Exchange mailboxes for those users using the following process:

 You open the Exchange Management Shell and begin with Get-User.


If we imagine we have an OU we wish to grab all the users from we could just type Get-User –OrganizationalUnit <OU Name>. However, this will return to us all the users in that OU, whereas perhaps some are already mailbox enabled. To narrow down our grab we can use a request for RecipientType which we could say is equal to User (as opposed to UserMailbox, which would mean they already have a mailbox).

So, for example, if we want to locate all users in the Accounts OU that do not have mailboxes already for their accounts we could type:

Get-User –OrganizationalUnit Accounts | Where-Object [$_.RecipientType –eq "User"}

That command would get us part of the way there.

Now if we wanted to mailbox enable those users we would append to the end:

Enable-Mailbox –Database "<Name of Database>"

So, let’s say in our setup here we have the Accounts users in the Accounts OU and we want them all given mailboxes in a database called EX2010Database.

We would type the full command:
Get-User –OrganizationalUnit Accounts | Where-Object [$_.RecipientType –eq "User"} | Enable-Mailbox –Database "EX2010Database"

Now just sit back and let the script do all the hard work!