Have you ever felt like it takes the Exchange Management Shell, like, FOREVER to get from the point where you click it to the point where you get the blinking cursor so you can actually do something? Yeah, me too.

Here’s a little trick that helps speed things up for me. It should do the trick for you too.

1. Open the EMS
2. Enter the command
   Get-ADServerSettings [enter]
3. You should see, well, basically, not so much. Like this.
   
4. Pick a Global Catalog server in the same domain and site as your Exchange server, and enter this command
   Set-ADServerSettings –PreferredServer fqdnoftheGC [enter]
5. Then repeat the first command, but this time pipe it into format-list.
   

That’s it really. Rather than waiting for the EMS to find and bind to a GC, you are saving time by telling it where to go. “Heh-heh, you told it where to go.” The following video merely affirms that at heart, I am twelve years old.

Direct link for RSS and email subscribers…http://youtu.be/t9laOl7cqR4

My taste in humour notwithstanding, if the little trick above helped you out at all, how about a shout out with a comment below, or maybe even a follow on Twitter? If I get ten comments or five follows as a result of this little tip I promise not to use another Beavis and Butthead video ever again!

No related posts.

As a follow up to my earlier post about the Geek ABC’s, I wanted to share a little story and some humour with you today. I was on the phone with another engineer, using the ITU spelling alphabet but not making a great deal of progress, when my client walked by and said “P as in pterodactyl.”

Well. to be honest, I had to jump for the mute button because I started to bust out laughing. The sheer ridiculousness of the English language, with so many silent letters, started me thinking about creating an alternate, smart-arsed spelling alphabet, but it didn’t take long to find that The Bare Naked Ladies beat me to the punch. I’d only change R, which of course must be for arrrrrgghh!

Enjoy!

Direct link for RSS and email subscribers…http://youtu.be/_dvPhtNZCj0

You might also enjoy:

1. Now you know your ABCs

So you’ve well on your way towards moving your email to the cloud and you’re loving the awesomeness of Office 365. You have DirSync working, and ADFS up and running, and everything looks great until some yahoo tries to use Chrome or Firefox and gets spanked with a big ol’ DENIED. You probably use those browsers too, and at home, going through the ADFS proxies you have no problem, but further investigation shows that no one can use any browser on the internal network except IE. You do some digging around and have already figured out that its Extended Protection for Authentication that is smacking you down.

You’ve probably also found the TechNet article on turning that off with what appears to be a simple PowerShell command. Did you waste an hour trying to debug the error message before you realised you have to import the PowerShell cmdlets for ADFS first? Did you then try to figure out why the article tells you to run it on every server, only to hit an error telling you it only has to be run on the primary? Want to know how to fix it for realz?

So here’s a couple of assumptions you want to make sure you’re square with. If not, YMMV. In my environment, I deployed an

• ADFS WID farm using the O365 version of ADFS
• Installed it on 2008R2
• My FS-Ps are also running 2008R2. Publishing through TMG applies here to.
• ADFS is running with RU1
• I am running several federated namespaces with -SupportMultipleDomain
• Using IE, everything works as expected
• Using Chrome and Firefox, neither of those browsers could authenticate internally. They get the authentication pop up repeatedly until cancelled, then the unauthorized page.
• Externally, Chrome and Firefox work just fine. So too does IE.

First, I tried the instructions here http://technet.microsoft.com/en-us/library/hh237448(WS.10).aspx. That article says to run this PowerShell command

Set-ADFSProperties –ExtendedProtectionTokenCheck None

on each server in the farm. After opening PowerShell and importing the ADFS cmdlets, the cmd appears to work. If I then do a Get-ADFSProperties | fl I can see that the setting for EPA token check is none. When I try to run it on the other servers (per the instructions) they error that it only needs to be run on the primary. Testing, users with FF or Chrome still hit the endless loop of auth prompts…the setting didn’t take effect. Restarting ADFS, performing an iisreset, even rebooting…no effect.

Below is what to do, at least on the O365 version of ADFS running on 2008R2. This is quick, instant, and only needs to be done on the ADFS servers, not on the proxies.

1. Log onto the ADFS server with administrative credentials.
2. Launch the IIS Management Console
3. Browse down to Default Web Site, adfs, ls.
   
4. Select ls, then double-click on Authentication, select Windows Authentication, then click Advanced Settings…

5. From the drop down box for Extended Protection: select Off.

6. Click OK. This setting takes effect immediately. No iisreset, no restarting ADFS, it just works. Yay.

Try out those third party browsers, and squee with delight that they work! Now, in all seriousness, EPA is a good thing, and you really ought to consider requiring it, and telling users internally to use IE for access to O365 services, but if that won’t cut it, this is the next best thing. You might even say it’s the sweetest thing.

Direct link for RSS and email subscribers…http://youtu.be/5WybiA263bw

Did this solve your boggle? Leave a comment to let me know, and if you tweet, how’s about a follow? It costs you nothing, and keeps the voices in my head from yelling at me too much.

You might also enjoy:

1. howto://disable accounts with a script
2. howto://Configure Splunk to use AD groups
3. howto://fix “the interface is misconfigured” with nlb

What do you get when you mix one part dystopian future, three parts vampire, one part kung-fu, a pinch of Catholic school induced guilt, one part Karl Urban, and two parts awesome? Priest. This Korean graphic novel inspired vampire hunter yarn is just simple fun; no moralistic story telling (despite the Catholic Church’s presence throughout,) no attempt at complex dialog or deep character development, just some really bad-ass priests killing some really bad vampires. Tons of fun, lots of great special effects and stunts, and Karl Urban owned every scene he was in.

If you’re looking for a great action film with a lot of fun, and don’t mind some comic book gore and a little bit of fright thrown in, Priest is just the ticket for you.

Best quote: Black Hat: [With an evil smirk] After all, if you’re not committing sin… you’re not having fun.

Direct link for RSS and email subscribers…http://youtu.be/-VNczhWD2ao

You might also enjoy:

1. 42 second movie review:Contagion
2. 42 Second Movie Review: Sherlock Holmes
3. 42 second movie review: 2012

An all star cast, a disaster of epic proportions, a big budget…Contagion had all the hallmarks of a blockbuster. I really expected this to be the next great epidemic movie; the latest in the proud tradition that includes The Andromeda Strain, Outbreak, Twelve Monkeys, and all but the last 30 minutes of The Stand. Instead, I got a flat, disjointed movie that felt like it tried to use big names to make up for a poor script, and a story that jumped all over the place. For example, Gwyneth Paltrow got top billing, and is essentially an under-five, and the normally Oscar worthy Jude Law was not even two dimensional. Matt Damon has been getting progressively better over the years and is one of my current favourites, but he phoned in this performance while half asleep. It’s a shame when I consider how great this movie should have been just how bad it was. Redbox this one…if there’s nothing else to watch. Maybe they blew the budget on the cast, and had to cut screenwriting to a half day on a plane.

Best quote from the movie: Dr. Ian Sussman: Blogging is not writing. It’s just graffiti with punctuation.

Direct link for RSS and email subscribers…http://youtu.be/4sYSyuuLk5g

Did I just save you from dropping $20 on the DVD at Target? Kept you from wasting the bandwidth watching this on Netflix? A follow on Twitter is a nice and free way to say thanks!

You might also enjoy:

1. 42 second movie review:Midnight in Paris
2. 42 second movie review:Priest
3. 42 second movie review: 2012

 

What can I read to get more information?

Try these links:

• Wikipedia’s articles on SOPA and PIPA
• Statement from Wikipedia editors announcing decision to black out
• Wikimedia Foundation press release
• Blog post from Wikimedia Foundation Executive Director Sue Gardner
• Electronic Frontier Foundation blog post on the problems with SOPA/PIPA

As of 6AM PT, January 18, Google has more than 4,600 articles about the blackout. Here are a few:

• Why is Wikipedia staging a blackout and what is SOPA?, from the National Post
• Wikipedia joins blackout protest at US anti-piracy moves, from the British Broadcasting Corporation
• Wikipedia blackout over US anti-piracy bills and FEATURE: Websites blackout over ‘SOPA censorship’, from Al Jazeera
• Wikipedia, Craigslist, other sites go black in SOPA protest, from the Los Angeles Times
• Google Rallies Opposition to Murdoch-Backed Anti-Piracy Bill, from BusinessWeek
• SOPA protest: The Net strikes back, from Politico
• Wikipedia blackout a ‘gimmick’, MPAA boss claims, from the Guardian
• Wikipedia 24-hour blackout: a reader and Why we’re taking Wikipedia down for a day, from the New Statesman
• Internet-wide protests against SOPA/PIPA are kicking up a storm, by the Hindustan Times
• SOPA, PIPA: What you need to know, from CBS News
• Protest on Web Uses Shutdown to Take On Two Piracy Bills, from the New York Times
• Protesting SOPA: how to make your voice heard, from Ars Technica
• Why We’ve Censored Wired.com, from Wired

Am I worried that I have violated someone’s copyright by posting the stuff above? No. Wikipedia content is shared under the Creative Commons Attribution-ShareAlike License, and TheOatmeal told me to pirate the shit out of this animated GIF. Am I worried that SOPA and/or PIPA will ruin the Internet? Most definitely. Have I written my elected officials? You betcha! Why don’t you? hint…click that link, fill out the email to your Senator, then scroll down to do the same for your Congressional Representatives.

You might also enjoy:

1. The eleven best antiheroes on television today
2. Today is International Women’s Day

Well it’s been a long time since I posted a new reference, but having recently been confronted with the need to translate build numbers into human-sensical versions of Exchange for about 85 servers, I felt it was high time to get a chart I could refer to at need. So, here. The hyperlinked versions in the table take you to the product support lifecycle for the version if it is still in mainstream support.

In modern versions of Exchange, you can drop to an EMS and run

Get-ExchangeServer | fl name,edition,admindisplayversion

to determine the version.

Rumour has it that Rollup 1 for Exchange 2010 SP2 will ship soon. I will try to update this table when that hits, and going forward, but it is unbelievably hard to do styled tables without getting the text into Excel, and then pasting it into Word to apply the theme, and then that brings all the formatting garbage over into WLW…oh well. It’s a labour of love. Speaking of rumours…

Direct link for RSS and email subscribers…http://youtu.be/-_uchIyNIvc

Found this post useful? Follow me on Twitter to gain positive karma, show your friends how cool you are, and to encourage me to keep this sort of thing coming! Oh, and I do lurve comments!

You might also enjoy:

1. howto://install Exchange 2010 on a single box-part one
2. howto://configure Exchange 2010 as an SMTP relay
3. howto://use TMG 2010 as the Exchange edge transport server

 Midnight in Paris is one of the best movies I have seen in years. Woody Allen’s movies may be an acquired taste, but even if you have never enjoyed one of his earlier works, you owe it to yourself to see this one. Owen Wilson (who nails the first serious role I have ever seen him attempt) is a disenchanted Hollywood screenwriter who dreams of living the life of an ex-pat writer in Paris. His fiancé, her disingenuous friends, and her family are all suffocating him while driving him further into a life he truly does not want.

He goes for a midnight stroll in Paris, and finds himself in a world that, rather that being beyond his dreams, might just be considered his actual dream.

Like most Woody Allen movies, the ensemble cast is full of stars, and Adrien Brody is a genius…his portrayal of Salvador Dalí should net him another Oscar. Best dialogue exchange from the movie…

Man Ray: A man in love with a woman from a different era. I see a photograph!
Luis Buñuel: I see a film!
Gil: I see insurmountable problem!
Salvador Dalí: I see rhinoceros!

Here’s the trailer…trust me, you’ll love this movie.

Direct link for RSS and email subscribers…http://youtu.be/atLg2wQQxvU

You might also enjoy:

1. 42 second movie review:Contagion
2. 42 second movie review: 2012
3. 42 second movie review:Priest

In this post I explain how email archiving software solves many of the inherent problems that exist with the current email servers and email server setups. As you will see, storage space, the need to use PST files, performance and compliance are big issues for companies that do not invest in email archiving software.

When email was invented, the vision was to be able to instantly transmit simple, plain text messages across the globe. This vision was quickly brought to life and email usage soared. Almost immediately however, email users wanted to do more. They wanted to send emails with rich formatting using fonts, colors and images, and they also wanted to send file attachments along with the message. These rich features turned a simple message from a few bytes in size into a complex package consisting of multiple email bodies in different formats and large attachments.

This caused several problems:

1. Storage space: A lot of new storage capacity was required on both the email servers and the clients that download them.

2. PST files: Email clients, such as Outlook, were storing emails in databases that worked well with small messages, but performed poorly as the PST file grew larger.

3. Performance: Sorting and searching email on the client became very slow and inefficient and did not always yield useful results.

4. Compliance: Compliance laws – such as those that require email retention – further compounded all the problems above because companies had to hold on to emails for much longer, and required a fast and efficient way of accessing those emails.

Email archiving software was designed to address these issues; here’s how:

1. Storage Space

There are two main strategies for holding emails; download and store every email on the client, or keep all emails on the server and let the clients access them from there. Both these strategies are disastrous because neither the client nor the server were designed to hold large volumes of email and so they lack both the robustness and efficiency required to sort and search through the load. Ideally all emails should be saved in a separate database designed with email storage and retrieval in mind. These are the types of databases that email archiving software solutions offer.

1. PST Files

Microsoft Outlook stores emails inside PST files which are typically stored on the email client. Every user is responsible for storing his/her own emails so a central strategy for email is lost. A large email that was sent to multiple users will be stored multiple times on every recipient’s machine and backing up PST files is a nightmare and very rarely successful – especially in large organizations. With email archiving software in place, PST files can be removed whilst still giving users access to all their old or deleted emails

1. Performance and Compliance

By eliminating the storage problem, both on the client and on the server your company will see big gains in performance. Employees will not need to deal with overloaded and sluggish email clients, and administrators will easily handle the burden that email puts on their servers. Achieving email compliance also becomes much easier thanks to email archiving software. To comply with most email retention regulations, email must be stored in a central database and must be retrievable with ease. Email archiving solutions make all this possible, so apart from increasing performance, you are also addressing compliance – hitting two birds with one stone.

At first it is easy to overlook the need for email archiving software, however as your organization grows, acquires more users, and accumulates more emails, the need for an email archiving solution becomes very evident. System administrators should think early and implement email archiving as soon as possible rather than wait for things to deteriorate.

This guest post was provided by Jeremy Pullicino on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read all you need to know about email archiving software.

All product and company names herein may be trademarks of their respective owners.

No related posts.

Direct link for RSS and email subscribers…http://www.youtube.com/playlist?list=PL7217A09A83D56449

A few of my favourite Christmas tunes to run in the background. I hope you all have a wonderful holiday season, and my Best wishes for the New Year!

You might also enjoy:

1. Merry Christmas Everyone!
2. Merry Christmas, everyone!
3. All I want for Christmas is GFI LANguard

I was working with a client today to configure a couple of NLB pairs for ADFS. The design called for a pair of federation servers (FS) on the internal network, and a pair of federation server proxies (FS-P) in the DMZ. Both pairs would need to be load balanced using Windows Network Load Balancing (NLB, or WLBS if you prefer) to provide redundancy. Something like this…

Setting up NLB on the first FS-P server went well, but when we tried to add the second server to the NBL cluster, it would join and then after resetting the network interface, show as misconfigured in the console, with the error message “the interface is misconfigured (double-click for details) in the output screen. Doing the obvious showed and error like this (addresses redacted to protect the innocent.)

Cluster IP address w.x.y.z not added to TCPIP properties
Port rule virtual IP address w.x.y.z not added to TCPIP properties.

That singularly unhelpful error messages turned up a lot of hits on both the major search engines, but none of the links really told me much…the exact error text never even showed up in the text of most of them! We tried a couple of different combinations, using the second server as the first node, driving from the admin console of the other server, etc. and each time we hit the same problem. Finally, I got the inspiration to just go into the properties of the NIC and add the cluster ip.addr as a second address for the NIC. It went in without a problem, a quick F5 on the NLB management console, and NLB was working. Both servers showed green, and repeated testing with stopping and starting each node was successful. For whatever reason, it just needed the cluster ip.addr added manually. So if you see the error

Cluster IP address w.x.y.z not added to TCPIP properties
Port rule virtual IP address w.x.y.z not added to TCPIP properties.

1. Access the properties of the NIC on the problem server.
2. Double-click Internet Protocol Version 4.
3. Click Advanced.
4. In the IP address window, click Add… and enter the cluster ip.addr and subnet mask.
5. OK your way out of that.
6. Hit F5 on the NLB management console.

And you’re done. I hope this helps someone save an hour or so of troubleshooting. Take that time I just saved you, and enjoy this classic from Pink Floyd that was playing as I finished this post. I think there’s some irony in there somewhere, since this is a classic howto post. You be the judge.

Direct link for RSS and email subscribers…http://youtu.be/YR5ApYxkU-U

Did this post hook you up? Leave a comment to let me know and if you tweet, how’s about a follow? It costs you nothing, and keeps me motivated to keep posting this stuff.

You might also enjoy:

1. howto://publish DNS using TMG 2010 or ISA 2006
2. howto://modify your 404 page in WordPress 2.9.1
3. howto://map a drive to sharepoint

Squeee! It’s a Doctor Who Christmas episode tease! I’d hate to be all smithereening.

You might also enjoy:

1. Merry Christmas Everyone!
2. Merry Christmas to all
3. Merry Christmas, everyone!

This is one of the best talks on cloud computing I have ever seen. If you work with cloud computing, are interested in cloud computing, fear cloud computing, or just want to know what cloud computing is, take 30 minutes and watch this. It is as informative as it is entertaining…Simon Wardley is an excellent presenter.

Direct link for RSS and email subscribers…http://youtu.be/5Oyf4vvJyy4

You might also enjoy:

1. Security Compliance in the Cloud: What are the Risks?
2. Hosted, and service, and cloud, oh my!
3. howto://change your 404 page in Thesis 1.8

Hi retrohack readers, we interrupt our usual tech/geek/snark offering to make a statement that I feel needs to be made. I know this blog has global reach, but I hope those of you outside the US both forgive this politically aimed post, and also treat it as a heads up. Some countries do look to the US, and sometimes even seek to emulate our laws. This kind of ridiculous legislation, backed purely by the financial interests of a few, and disregarding fundamental aspects of our legal system like “due process” and that the accused is innocent until proven guilty, must not be passed.

I just emailed Congress to urge them to oppose the Internet Blacklist Legislation, known as the PROTECT-IP Act (external, PDF) in the Senate and the Stop Online Piracy Act (external, PDF)(SOPA) in the House. This legislation seeks to give the executive branch power to conduct slash-and-burn campaigns against websites that allegedly host – or even link to – content that infringes on intellectual property rights. That would “disappear” whole domain names, fundamentally undermining Internet security, and/or choke off their financial support. The Internet Blacklist Legislation puts more sites than ever at risk, effectively upending the DMCA safe harbors that have been crucial to the growth of Internet innovation and creativity.

Sadly, these short-sighted and dangerous bills won’t do much to stop online infringement – but they will jeopardize our ability to speak and read online with the kind of freedom we cherish in the offline world. Deep-pocketed Hollywood lobbyists are aggressively pushing to control and censor the open Internet, willing to sacrifice free speech and our Internet culture in hopes of controlling how people view their movies and products.

We need to stop this bill before it goes any further. Will you contact your representatives in Congress and urge them to oppose the Internet Blacklist Legislation? Visit: https://eff.org/r.C8A

Direct link for RSS and email subscribers…http://youtu.be/hnT3tzD5W6E

I usually don’t mix my politics with my blog, but this is one time that I feel it’s the right thing to do. I may not always agree with the EFF, but I fear any legislation that originates from any big business and is supported by elected officials who barely understand the problem, let alone where the proposed solution could lead.

You might also enjoy:

1. Six tips for a successful patching process

If you are one of the millions, and millions!, of Office 365 users, then you are reveling in the joys of highly available cloud based email with a honking huge mailbox, and all the best features of Exchange 2010. Email is fun again, and without the burden of maintaining email servers, I bet you even get to sleep through most nights.

Everything is probably going along swimmingly well, right up until that user who has two or three (or a dozen) SMTP aliases associated with his name wants to actually send an email and have it appear to be from one of those aliases! Sure, you tested and confirmed that he could receive email to those aliases, but now you are stuck trying to figure out why he cannot send as one. The bad news is that this is by design. The good news is, we can make it work with just a little effort.

And yes, I know, this seems like a pretty stupid thing to me too. I didn’t make that decision; I wasn’t even consulted about it. But rather than dwelling on the why, let’s just jump right into the how.

First, you will want to make sure that the account has the alias(es) associated with it in Active Directory, that those have dirsynced to Office365, and that those domains are all validated in your tenant. You should have done all that before now, so we won’t go over how to do that in this post. See the O365 documentation if you are really that early in your deployment, and not sure how to do it.

This is going to require work on the client side, specifically in Outlook. We are going to set up a kind of shadow account in Outlook to use the SMTP alias. No, sorry, no PowerShell or global way in the portal to make this work. Again, I agree, that kinda sucks, but we’re still just interested in getting this working in this post. We’re going to assume you are configuring your own account, and you have Outlook already configured and working for your primary SMTP address.

1. 
   Log onto the O365 portal https://mail.office365.com and go to your webmail.
2. 
   Click the Options link and choose See All Options.
3. 
   Choose My Account, and click the link for ‘Settings for POP, IMAP, and SMTP access’.
4. 
   Copy the server FQDNs for POP and SMTP. They will probably be the same, but make sure.
5. 
   In Outlook, click File, then Account Settings, and then Account Settings again.
6. 
   On the E-mail tab, click New.
7. 
   Click ‘Manually configure server settings or additional server types’, and then click Next.
8. 
    Select Internet E-mail, and then click Next.
9. 
   Configure the Internet account with the appropriate information
   Your name: Your display name.
   E-mail Address: The alias that you want to send from.
   Account Type: POP3
   Incoming mail server: Use the POP server that you found in step 4, something like pod#####.outlook.com.
   Outgoing mail server (SMTP): Use the SMTP server that you found in step 4.
   Username: Use your UPN
   Password: This will be something like ********
10. 
    Now click More Settings, click the Outgoing Server tab, and click to select the ‘My outgoing server (SMTP) requires authentication’ check box.
11. 
    Click the Advanced tab, and then click This server requires an encrypted connection (SSL).
12. 
    In the Outgoing server (SMTP) box, type 587.
13. 
    In the ‘Use the following type of encrypted connection’ list, click TLS.
14. 
    Click Ok.
15. 
    Click Next, test the account settings, and then click through to Finish.
16. 
    Click File, Options, Advanced.
17. 
    Scroll down to Send and receive and click the Send/Receive button.
18. 
    In the Group Name area, select All Accounts, and then click Edit.
19. 
    In the Accounts list, select your new email alias account.
20. 
    Click to deselect the ‘Include the selected account in this group.’
21. 
    Click OK, click Close, and then click OK.
22. 
    Create a new email message, click the Options tab, find the Show Fields group, and click to show the ‘From: field.’
23. 
    Send a test message.
24. 
    Party like it’s 1999!

If all goes well, you should now be able to send email using that alias, and most recipients will be none the wiser. Gmail will have to rain on the parade just a little bit by showing “via yourprimarydomainname” but most others will just leave the recipient clueless. Yay!

I hope this post helps you out, and that you enjoy the new checkbox approach to howto:// articles. I know I get interrupted every couple of steps and it becomes really easy to lose my place, especially if I have to alt-tab between a good post and the console I am working on, so I added in check boxes so you can tick them off as you go, which may help to save a tree some day too. Let me know what you think of the new approach, right after you finish that partying like it’s 1999. Let’s see how long this video is available before YouTube gets a takedown notice.

Direct link for RSS and email subscribers…http://youtu.be/vGbK_H1O8PI

If you found this post useful, please retweet it to your followers and then follow us on twitter. You could become part of my own special New Power Generation (who were just cooler than the Revolution,) you’ll be the first to learn about new posts, and sometimes I’ll even share a comedic or witty tweet. Of course, you can also leave a comment below to let us know we hooked you up. Thanks!

You might also enjoy:

1. howto://Send email alerts from ISA 2006
2. howto://install Exchange 2010 on a single box-part two
3. Problems using the Out of Office assistant with MSO