Month: January 2014

ganeshg1990

Cross Site DAG / DAC Mode – Scenarios

Cross Site DAG / DAC Mode – Scenarios

Here is a scenario where in we have a cross site DAG and we have the core discussion on how it works during a disaster (WAN down , Primary site down).
So please go though this and post me with your feedback and corrections if any,

If you wish to add more to this please feel free to add to it

Environment:

Two Sites

Primary – 10 database and copies

2 CAS/HUB

5 MBX – 1 witness

DR – Copies

5 MBX and 2nd witness (alternate witness)

2 CAS/HUB

 

Image

1 DAG – 10 Databases

Research:

 

Primary Site:

2 CAS/HUB – Primary Witness

5 MBX – 1 witness

Secondary Site:

5 MBX and 2nd witness (Alternate witness)

2 CAS/HUB

Based on the current deployment where we have 2 sites and identical number of nodes (cluster-wise) on both sides, what would happen if the link goes down while servers are still up?

Scenario 1: You have two sites and the WAN link between the sites goes down,

 Image

One DAG with 10 members and 10 databases,

WAN link between the sites goes down (DAC doesn’t come into picture)

  1. Once when the WAN link goes down, the communication between the sites are disrupted.
  2. As a result the Secondary DR Site will loses its quorum and will not be able to continue,
  3. Primary site still can maintain a quorum as it has 6 votes (5 Nodes + 1 FSW). (Node and File Share Majority)
  4. Also the databases which were active in the DR site will be failed over to Primary site based on the preferences, which will be taken care by PAM (primary active manager) active on the Primary site.

Note: If AD replication between the sites are fine, then the databases will be failed over to the primary site, else database will be dismounted on the DR site and we need to manually use the command to mount them on the Primary site,

Move-ActiveMailboxDatabase <Database Name> -ActivateOnServer <target server>

  1. Now the DAG is completely operational.
  2. If the WAN link comes back online, then a manual interruption is required to restore the services again, like moving the active database copies to the DR site.

Scenario 2:

 a.       Primary Site goes down – DAGONLY (Dac mode is turned on)

 Datacenter Activation Mode is a mode specifically for multisite Data Availability Groups with 3 or more members.

It is there to stop datacenter DAG split brain syndrome with the help of a protocol calledDatacenter Activation Coordination Protocol (DACP)

DAC operates this using literally a bit that it flips 0 or 1. “0” meaning it cannot mount a database and upon talking to other DAG members using DACP and finding another server with 1, will mount the databases as it knows it is allowed to.

 Image

  1. Now the Primary site is down due to some reason, it has lost its quorum.
  2. As the Dag is not operational, hence a datacenter switchover is required
  3. Steps involved in Datacenter switchover,
  4. Stop the primary site,

 Stop-DatabaseAvailabilityGroup -Identity DAG1 -ActiveDirectorySite <Primary Site> –ConfigurationOnly

   5. Stop DAG members,

 Stop-DatabaseAvailabilityGroup -Identity DAG1 -MailboxServer <DAGmembersinPrimarySite> –ConfigurationOnly

 

   6. Restore Dag on the DR site using the following command,

 Restore-DatabaseAvailabilityGroup -Identity DAG1 -ActiveDirectorySite <DR Site> -AlternateWitnessServer <HUBServer> -AlternateWitnessDirectory <WitnessDirectory Path>

 The Restore-DatabaseAvailabilityGroup cmdlet performs several operations that affect the structure and membership of the DAG’s cluster. This task will:

  1. Forcibly evict the servers listed on the StoppedServersList from the DAG’s cluster, thereby reestablishing quorum for the cluster enabling the surviving DAG members to start and provide service.
  2. Configure the DAG to use the alternate witness server if there is an even number of surviving DAG members.

 7. Mount the database on the DR Site,

Move-ActiveMailboxDatabase -Server <DAGMemberinPrimarySite> -ActivateOnServer <DAGMemberinDRSite> -SkipActiveCopyChecks –SkipClientExperienceChecks –SkipHealthChecks -SkipLagChecks

 

Scenario 3:

 

  1. b.      Primary Site goes down –(Dag mode is turned OFF)

 

When the DAG isn’t in DAC mode, the specific actions to terminate any surviving DAG members in the primary datacenter are as follows:

  1. The DAG members in the primary datacenter must be forcibly evicted from the DAG’s underlying cluster by running the following commands on each member:

net stop clussvc

cluster <DAGName> node <DAGMemberName> /forcecleanup

 

  1. The DAG members in the second datacenter must now be restarted and then used to complete the eviction process from the second datacenter.

Stop the Cluster service on each DAG member in the second datacenter by running the following command on each member:

net stop clussvc

 

  1. On a DAG member in the second datacenter, force a quorum start of the Cluster service by running the following command:

 

net start clussvc /forcequorum

 

  1. Open the Failover Cluster Management tool and connect to the DAG’s underlying cluster. Expand the cluster, and then expand Nodes. Right-click each node in the primary datacenter, select More Actions, and then selectEvict. When you’re done evicting the DAG members in the primary datacenter, close the Failover Cluster Management tool.

When the DAG isn’t in DAC mode, the steps to complete activation of the mailbox servers in the second datacenter are as follows:

  1. The quorum must be modified based on the number of DAG members in the second datacenter.

If there’s an odd number of DAG members, change the DAG quorum model from a Node a File Share Majority to a Node Majority quorum by running the following command:

cluster <DAGName> /quorum /nodemajority

  1. If there’s an even number of DAG members, reconfigure the witness server and directory by running the following command in the Exchange Management Shell:

 

Set-DatabaseAvailabilityGroup <DAGName> -WitnessServer <ServerName>

 

  1. Start the Cluster service on any remaining DAG members in the second datacenter by running the following command:

 

net start clussvc

  1. Perform server switchovers to activate the mailbox databases in the DAG by running the following command for each DAG member:

Move-ActiveMailboxDatabase -Server <DAGMemberinPrimarySite> -ActivateOnServer <DAGMemberinSecondSite>

  1. Mount the mailbox databases on each DAG member in the second site by running the following command:

Get-MailboxDatabase <DAGMemberinSecondSite> | Mount-Database

More information on DAC:

How DAC mode works :  http://technet.microsoft.com/en-us/library/dd979790(v=exchg.141).aspx

Understanding DAC      :  http://technet.microsoft.com/en-us/library/dd351049.aspx

Regards,

Ganesh G

ganeshg1990

Script to Get the member counts in all DL which are enabled for receiving external emails

=====================================================================

#Script to Get the member counts in all DL which are enabled for receiving external emails

#Start Script

Start-transcript C:\Results_DLMembercount.txt
$DistGrp = Get-DistributionGroup -resultsize “Unlimited” | where {$_.RequireSenderAuthenticationEnabled -eq “True”}
Foreach ($DistGrp in $DistGrp)
{
$DLName = $DistGrp.DisplayName
$Members = Get-DistributionGroupMember “$DistGrp”
$Count = $Members.count
$Count = “$DLName” + “ = “ + “$Count”
$Count
}
Stop-Transcript

#End of Script

==============================================================

 

ganeshg1990

Solution for Outlook Auto mapping – Exchange 2010 SP2 and above

Solution for Outlook Auto mapping – Exchange 2010 SP2 and above

 For Specific OU Users

  1. Created a OU named “Automap” and added two users to it named “Manisha Tunk ” & “Pramod”.
  2. Administrator is the user who has full access on both the mailbox in this Automap OU.
  3. Now our action plan is to remove auto mapping for the administrator , to avoid those two profiles being added to the administrator’s outlook when its loaded.
  4. The attribute which is working behind automapping is “msExchDelegateListLink”, it has the list of users who have fullaccess on the mailbox.
  5. So we can either set this attribute to null or we can just follow the below steps to remove automapping via exchange powershell (Only applicable for Exchange 2010 SP2 and above), Same is available here – Technet   

Auto1

 

Auto2

 

For all the users in the Org to remove auto mapping for a user named “Administrator”

Below command just gives the user “Administrator” full access to all the mailboxes, Here by default Automapping is set to true,

I.e., msExchDelegateListLink has this value added to the respective mailboxes

Auto3

 

When the administrator opens the Outlook,Now outlook will display all the mailbox on which the administrator has full mailbox access,Most of them doesn’t want this to happen,

Hence we tweak “-automapping” value to be false

Auto4

 

Below command adds full mailbox access to the user “Administrator” and disables the automapping

Get-Mailbox | % {Add-mailboxpermission -user “Administrator” -accessrights “FullAccess” -identity $_ -Automapping $false}

 

Auto5

 

Now find the administrator’s profile below,

Auto6

 

Profiles are not automapped, as we have set the automapping to $false

Post in your feedback/queries/and what ever you want to say about this piece of info 🙂

-Ganesh G

ganeshg1990

Offline Address Book – Understanding

Offline Address Book – Understanding

Let’s first go back to our good old days from where the OAB concepts originated,

The offline address book is a snapshot of the Active Directory service information that is available in the global address list. Therefore, some information is available in the global address list that is not available in the offline address book. The offline address book does not contain the following items that are available in the global address list:

  • Custom properties in Active Directory that an administrator has added (for example, the Employee ID of each employee)
  • Organization hierarchy information
  • Group membership information

Outlook must be able to access the server to obtain this
information. Therefore, if you are in cached mode and if you are working online(that is, your connection status indicates “Connected”), Outlook uses both the offline address book and the global address list to provide a complete listing of user information.  If you are in cached mode and if your connection status shows either “Disconnected” or “Offline,”you can see only the information thatis available in the offline address book.

Exchange 2003 days, Definition as per TechNet (So nothing i need to talk from my perspective 🙂 )

Offline Address Book provides offline access to directory information from the global address list (GAL) and from other address lists, each night, Exchange generates new offline address book files and places them in a special public folder, known as a system folder, for Outlook to download. The offline address book files are compressed before they are added to the offline address book system folders so that the download to Outlook is minimal. Outlook is scheduled to check periodically for new offline address book files in these system folders, and download the required files.

Exchange Server and Active Directory work together to maintain the offline address book, keeping it synchronized with changes that may be made in the directory.

Generated OAB will be stored in the public folders for the users to download. System attendant service was responsible for the generation process.

Components involved in the generation process are,

  1.        Microsoft Exchange System Attendant
  2.        Microsoft Exchange Information Store  
  3.        Directory servers
  4.        Recipient Update Service.

System attendant call the Oabgen.dll

In turn the oabgen (MAPI Application) read the Active directory and creates OAB Version 2, OAB Version 3a, and OAB Version 4 folders.

Image

Exchange 2k3 Offline address lists are stored in two locations

1. The Active Directory

2. The Microsoft Exchange Public Folder Information Store.

Exchange 2k7/E2k10 Offline address lists can be stored in three
locations

1. The Active Directory

2. The Microsoft Exchange Public Folder Information
Store.

3. File Structure \\MBX Server \ExchangeOAB\GUID

Exchange 2013, those are stored in Arbitration mailbox and CAS

As there are numerous articles on the internet which talks about the Distribution part, Below are few for your ref,

This article is from the OAB Guru DGoldman,

http://blogs.msdn.com/b/dgoldman/archive/2006/08/25/how-exchange-2007-oab-files-are-replicated-to-a-client-access-server-for-download.aspx

Post in ur queries, lets learn from each other 🙂

Ganesh G

ganeshg1990

OAB Changes -Exchange 2013

Just a Quick look at the changes made in Exchange 2013 with respect to the Offline address book, 

Older versions of exchange had One Generation server (Mailbox server), But this is discontinued in Exchange 2013, Instead Organization mailbox or Arbitration mailboxes are brought into picture.

  1. Arbitration mailbox are capable of Provisioning the OAB,
  2. Only OAB Version 4 is available,
  3. Outlook 2K7 SP3 RU10 and above are supported client versions to access OAB from Exchange 2013
  4. Mailbox assistance service is responsible for generating the OAB
  5. Offline address book is Stored in Arbitration mailbox
  6. Command to get the list of arbitration mailbox which is capable to be involved in the OAB function,

 

Get-mailbox -arbitration | where {$_.PersistedCapabilities -Like “*oab*”}

 

  1. “OrganizationCapabilityOABGen” marks it as a generation
  2. No FDS – File Distribution service is used in CAS to pull the OAB files
  3. FDS Schedule is not flexible enough
  4. No more generation server

 

Quick work flow,

 

How it works in Exchange 2013 :

 

  • Outlook receives OAB URL from Autodiscover and reaches designated CAS 2013 through OAB URL.
  • Performs initial authentication for OAB.
  • Queries Active Directory and determines the closest Organization Mailbox for the requesting user.
  • Queries Active Directory again to determine the mailbox database hosting the Organization Mailbox.
  • Queries the Active Manager to determine the mailbox server where the mailbox database is active (mounted).
  • Proxies the request to the Mailbox server identified in step 4.
  • Retrieves OAB files and passes them to the client.

 Key points to note:

During the First Request from the client

Arbitration mailbox copies the oab in to the CAS fodler,

Going further all the connections are made to the path where the oab is placed in CAS,

Then in case of rebuild use

 

Update-offlineaddressbook

 

Set-mailbox <Mailbox identifier> -arbitration -oab $true (Create a new arbitration mailbox)

 

Specify a oab for a mailbox

Set-mailbox “mbx name” -Offlineaddressbook <Oab name>

“MSexchangeuSeoab” attribute to be set

 

More detailed information is available in the below links, Feel free to post in your queries here i will try my best to answer your questions, Have a good one !

http://blogs.technet.com/b/exchange/archive/2012/10/26/oab-in-exchange-server-2013.aspx

http://exchangemaster.wordpress.com/2013/04/02/beware-full-oab-downloads-after-installing-1st-exchange-2013-server-in-existing-0710-environment/

ganeshg1990

Delete items from multiple mailboxes in 2010 using EWS

$MailboxName = ‘Name@Mailbox’

$dllpath = “D:\EWS\Microsoft.Exchange.WebServices.dll”
[void][Reflection.Assembly]::LoadFile($dllpath)

$Service = New-Object Microsoft.Exchange.WebServices.Data.ExchangeService([Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2010_SP1)
$Service.AutodiscoverUrl($MailboxName,{$true})

$RootFolderID = new-object Microsoft.Exchange.WebServices.Data.FolderId([Microsoft.Exchange.WebServices.Data.WellKnownFolderName]::Root,$MailboxName)
$RootFolder = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($Service,$RootFolderID)

$FolderView = New-Object Microsoft.Exchange.WebServices.Data.FolderView(1000)
$FolderView.Traversal = [Microsoft.Exchange.WebServices.Data.FolderTraversal]::Deep

$Response = $RootFolder.FindFolders($FolderView)

ForEach ($Folder in $Response.Folders) {
if($folder.DisplayName -eq “AName”) {
$folder.delete([Microsoft.Exchange.WebServices.Data.DeleteMode]::SoftDelete) } }