This guide about Administrative Audit Logging in Exchange 2010 explains how to enable this new feature, search the audit log, and write to the audit log.

The Administrative Audit Logging feature is one of the great additions to Exchange 2010. A short time ago, I wrote about eDiscovery which utilizes litigation hold. Administrative auditing is in that similar vein of thinking but, in my opinion, is geared more towards a change control mentality. This feature can be equally useful for small, single administrator environments as well as larger environments where several admins have their hands in the cookie jar.

Administrative Audit Logging takes advantage of the fact that all Exchange Management Console (EMC) activities are actually running Exchange Management Shell (EMS) cmdlets in the background for you. Admin audit logging simply keeps a log of any change you perform that creates, modifies, or removes anything in Exchange. Any cmdlet beginning with Get- or Search- is notlogged by default.

(more…)

In my last article, I discussed what to do when you receive errors about exceeding the maximum number of corrupted or bad items. In this article, I want to share how to work through error messages moving messages from or to mailboxes where you do not have the Full Access permission.

In my experience, gathering eDiscovery is not something I do every day. I’m guessing that for most of you, this is also true. The first time I had to do this I was still trying to figure out the correct syntax on the Get-Mailbox, Restore-Mailbox, and Export-Mailbox cmdlets to yield the results that I wanted. That process was quickly hamstrung when I had to troubleshoot confusing error messages regarding the target folder. So what I’ve hoped to do with the eDiscovery series, as well as these troubleshooting articles, is remove some of the frustration by sharing what I’ve learned.

(more…)

This article discusses a typical issue you might encounter during an eDiscovery process that is caused by corrupted (bad) items in your Exchange database.

As a follow up to the five part eDiscoveryinExchange series, I thought it might be helpful to provide some information for a couple of troubleshooting tips that may come in handy while working through the eDiscovery process. An issue you may run into could be due to corrupted items in your Exchange database. The corresponding error message is “This mailbox exceeded the maximum number of corrupted items.” For legal inquiry, you’ll want to do what you can to ensure all possible results are included.

As before I’ll address the Exchange 2007 method of fixing as well as the improved methods in Exchange 2010.

Exchange 2007

In Exchange 2007, the Export-Mailbox cmdlet will fail to execute due to bad items in the mailbox. Isinteg, can help with corrupted Exchange items by logically repairing the database.

(more…)

Exchange Active Policies help you to remotely configure Android, iPhone and Windows Phone smartphones and Exchange Remote Wipe allows you to remotely erase all data on a lost smartphone.

Since the uptake of smartphones has become more widespread, it is more than likely that your end users will require access to their corporate email via their smartphones. Whether or not the smartphone is company supplied . It is certainly a sensible idea to make sure that we have policies in place to protect our data should it end up in the wrong hands.

Exchange ActiveSync Mailbox Policies

Exchange 2010 has a feature called “Exchange ActiveSync Mailbox Policies”. You can find this in the Exchange Management Console, within the “Organization Configuration\Client Access” node from the tree view. You will notice that within the Exchange ActiveSync Mailbox Policies tab, you can create multiple policies – these can then be applied to different groups of users. I just want a common policy throughout my entire organization, so I will just modify the default policy that is already listed.

(more…)

This article describes all the locations where you can change the allowable message size in Exchange 2010.

In Exchange one of the most common changes from the default that is required by business need is to increase the default allowed message size. This seems like a simple task, but in an attempt to make this type of setting as flexible as possible it must be set in at least two locations, with the potential for many more. Below I’ll outline each of the locations to change this setting both in the Exchange Management Console (EMC) and the Shell.

Outbound Send Connector(s)

To begin with Exchange 2010 separates the setting for inbound and outbound mail. In Exchange terminology these are referred to as Send and Receive Connectors. For each of these connector types you can have multiple connectors, each having their own message size restriction. In the case of the Send Connector this is done so you specify different settings depending on the external domain. For example you may want to allow 30 MB message to go out by default but if you have a connector to a well connected partner organization allow up to 50 MB.

(more…)

In the last post I discussed preparation of your environment to collect email for legal inquiry. This post will cover the two very different methods of searching Exchange 2007 SP2 and 2010.

Exchange 2007

Getting results in Exchange 2007 is done using the Get-Mailbox Exchange Management Shell (EMS) cmdlet piped to the Export-Mailbox cmdlet. All messages in the source mailboxes are moved to a destination, searched, and then either filed or removed from target. Dumpster messages are included. There are at least a couple ways the two cmdlets could be used to extract email by keyword.

Export to another mailbox in Exchange 2007

Exporting to another mailbox takes less prep time than exporting directly to a PST file as you don’t need a workstation with a special setup. In another post, I recommended having a separate mailbox database and mailbox to store the results of the search. I feel this allows you as the administrator to take another step to ensure that data related to a case is preserved separately from the production database.

(more…)

In the previous three posts in this series, I discussed how to be proactive and what to do when faced with the possibility of legal inquiry. Part 4 will focus on the steps necessary to restore a mailbox database from Microsoft System Center Data Protection Manager (DPM) and prepare it for search.

If your inquiry will be done on a live database, this step of the process is not necessary. However; there are several scenarios where you’d want to perform the inquiry on a snapshot of the mailbox database from a previous point in time.

Exchange 2007

Create Recovery Storage Group

The first step is to use the Database Recovery Assistant to create a recovery storage group. This will provide a place to restore the database from DPM.

(more…)

In part 2 of this eDiscovery in Exchange series, I covered the topics backups and database deletion settings. Today's post discusses Messaging Records Management (MRM) and the new Mailbox Litigation Hold feature in Exchange 2010.

Where Messaging Records Management (MRM) is applied can be controlled at a couple levels.

MRM at the organization level

Some organizations may have a policy that does not allow employees to keep email for more than a period of time. This would be done when the company wants to establish a standardized practice to protect themselves legally. Others may do so to control storage costs and consumption. Whatever the reason, Messaging Records Management policies that automatically delete email need to be put on hold, modified, or both.

(more…)

In part one of this eDiscovery in Exchange series, I discussed being proactive before the need for legal inquiry arises. Part 2 and 3 will cover email preservation methods. In this post I make some preliminary remarks and discuss backup considerations and database deletion settings.

There are many situations which could trigger the need to assure that email is being preserved. Some events are quite obvious while others may not be.

Before proceeding further, I must point out that prior to an event your company or organization should have an established list of guidelines that you will follow in the event eDiscovery of email may be required. I would recommend also having the procedures reviewed by your legal staff.

As an Exchange Administrator, here’s a scenario that should always trigger the execution of eDiscovery preservation. Your supervisor has notified you that an employee has been using your email system to harass another employee. The offended employee has told the Human Resources department that they are going to file a lawsuit against your company. This scenario is easily recognizable as a trigger to prompt you to preserve email.

(more…)

In this series about eDiscovery (or electronic discovery) you will learn how to preserve and access data in Microsoft Exchange for legal inquiry.

From time to time, Exchange Administrators are called on to preserve and produce information for legal inquiry. Often times, this occurs without any prior warning and action must be taken immediately upon notification. Because a task like this often just piles more work and time on top of an already busy schedule, I’m hoping to trigger some useful discussion. My goal is that this series of articles, along with reader comment, can become a “go to” resource when email legal inquiry is required in your organization.

Background

If you Google “eDiscovery in Exchange”, or other similar phrases, you’ll find a plethora of results. Many will eventually guide you to purchasing software. When you’ve been tasked with producing email related to specific people or keywords, and time is of the essence, the last thing you want to do is purchase new software and learn how to purchase, install, setup, and use.

(more…)

In part 1 of Single Inbox in Cisco Unity Connection 8.5 with Microsoft Exchange, I introduced some reasoning behind an upgrade from version 8.0 to 8.5 to take advantage of Single Inbox. In this post I’ll provide some more detail for each of the three steps and a brief summary.

Upgrade

Upgrading the CUCMBE server, while it may seem daunting on the surface, was actually quite easy. The version 8.5 image file has to be downloaded from Cisco and saved on an FTP server. From the CUCMBE Unified OS Administration web page, click Install/Upgrade and direct the web page to look for images on your FTP server. Select the appropriate image, select option to restart later manually, and click Install. The server will copy the image to the local hard drive, create a new 8.5 installation in a new partition, and then wait for you to switch versions. The beauty of the process is that 8.5 installs on its own partition. This means that should the 8.5 switch not go as well as you might hope, you can still switch back to 8.0. Restart and switch versions either in the web interface or over a Telnet connection.

Cisco Unity Connection – Switch to version 8.5

(more…)

In this first of two posts, I’ll be describing my experience upgrading Cisco Unity Connection to take advantage of the Single Inbox feature in version 8.5.

As an IT professional, it’s very common to wear different specialty hats depending on the needs of each day. Those of you in small IT shops understand what I mean: Monday, you might be configuring routers and switches, Tuesday, you might be setting up an Exchange server. With the arrival of VoIP, the blurred line that once existed between voice and network has almost completely evaporated. I’ll be sharing with you a prime example of how the two worlds have converged into one as I share my experience upgrading my Cisco Unity Connection server. We wanted to add the ability to synchronize voicemail messages directly to the Exchange Inbox. In the Cisco world, this feature is called Single Inbox.

Cisco Unity Connection – Microsoft Exchange

(more…)

GFI MailArchiver is an easy-to use and affordable email archiving software for Microsoft Exchange. 4sysops readers have the chance to win a license worth $1.150 USD

GFI is raffling off three licenses of their email archiving software. Each license can be used to archive 50 mailboxes for one year. The deadline of this contest is September 1, 2011. If you want to take part in this raffle, please send an email with the subject "GFI MailArchiver" to .

(more…)

This step-by-step guide explains how to install the SSL-certificate, create a web listener, a web farm, and an Exchange publishing rule to secure Exchange 2010 with Forefront TMG.

In my last post I introduced Forefront TMG’s functionality to secure Exchange 2010. Today, I will show you how to configure Exchange and Forefront to work together.

Install the SSL-Certificate

1. Open the „Exchange Management Console“ and export under „Server Configuration – > Exchange Certificate“ the Exchange certificate by right clicking „Export Exchange certificate“.
2. Name the certificate, enter a password and save it as a *.pfx file.
3. Copy the file to your Forefront TMG server.
4. Open a „Microsoft Management Console“ on the Forefront TMG Server by typing “mmc” in the Command Shell.
5. Add the Certificate Snap-in by „File -> Add/Remove Snap-In“ and choose the “local Computer” in the „Computer account“ dialog.
6. Open the certificate-tree (Local Computer) and select „Personal“.
7. Right click on the „Personal“-folder and select „All Tasks -> Import…“
8. Import the *.pfx file. You have to choose *.pfx as the file-type instead of the default *.cer. In the next dialogs keep the default settings.

(more…)

In this article, you will learn how to use the advanced features of Forefront TMG to improve security of Exchange 2010.

An essential part of an Exchange 2010 deployment is the availability of e-mail everywhere at any time. For your users, this feature eases work; for you as an administrator, it means more work, because you have to secure the Exchange Server against attacks from outside your corporate network.

I often see that Exchange 2010 is published directly to the internet by allowing access to the various ports from the internet. However, this approach undermines most of the security features of Forefront TMG. Forefront supports Preauthentication, which means the users do not authenticate with the Exchange Server but with Forefront. Forefront then passes the privileges to the Exchange Server.

(more…)