Monday, October 25, 2004

Duplicate, duplicates, duplicates

My current project has me consolidating almost 50 Windows NT 4.0 domains and various Exchange 5.5 sites and organizations in to a single Active Directory domain / Exchange 2003 organization.

At the beginning, we were told that all user and Exchange aliases accounts would be renamed to a standard. Right before the migration, we were told that would not happen. We scrambled and sent out lists of potential duplicates of accounts, computer names, groups, distribution lists, and Exchange aliases. Not all of these have been cleaned up.

As a result, during each block of user migrations, we end up with duplicates. We import mailbox information programmatically and we end up with duplicate Exchange aliases and, worse, SMTP addresses. We are having to run daily checks for duplicate SMTP addresses! (Thank goodness for Rich Mathesien's DUPSMTP.VBS checker!)

In highsight (and, as my mother would say, hindsight is ALWAYS 20-20), we should have waited until we had triple validated all potential duplicates before proceeding with the migration.

Always fix your duplicates before migrations!!!!!

Monday, October 18, 2004

Create a directory lookup tarpit

I have always been reluctant to enable the Exchange 2000/2003 feature to "Filter Recipients Who Are Not In the Directory" found under Recipient Filtering in the Global Settings -> Message Delivery options. The reason is that if the recipient is NOT in the directory, the connection is immediately rejected. This functionality is similar to the SMTP verb VRFY which verifies the SMTP recipient's identity. This can allow a spammer to harvest your SMTP addresses by randomly trying SMTP addresses and checking to see if they are valid.

Microsoft has added to the SMTP engine the ability to initiate a delay for lookups of SMTP addresses in the directory. If you set the Registry value TarpitTime in the key
HKLM\SYSTEM\CurrentControlSet\Services\SMTPSVC\Parameters
this causes a delay in seconds based on the time you specified. I think a delay of 5 seconds or less should be sufficiently long to make it impractical for a spammer to try harvesting your SMTP addresses. This only affects anonymous connections.

See Microsoft KB article 842851 for more information.

Thursday, October 14, 2004

Google Desktop Search

Google has released their own desktop/web search engine. I have been using the Lookout extension for Outlook and it has worked pretty well, but it has nasty problems with memory leaks. Google adds some nice features to the capability that Lookout introduced including:
searching Outlook, Word documents, Excel spreadsheets, text files, PowerPoint presentations, and, of course, the Internet.

Most cool. I'm just starting to use it, but I'm pretty stoked about it.


Wednesday, October 13, 2004

Exchange 2003 24seven errata

I am usually very good about testing EVERYTHING that I put in to a book. The only thing that usually sneaks by me is typos. However, in Microsoft Exchange 2003 24seven, I have made an embarassing mistake.

A common question that I am asked is how to registry the Exchange extensions for Active Directory Users and Computers without installing Exchange System Manager. I used to advise people to copy EXCHMEM.DLL, ESCPRINT.DLL, ADDRESS.DLL, and MAILDSMX.DLL in to the %windir%\system32 directory of the machine you need to run them on and then REGSVR32.EXE each one of them.

This no longer works with the Exchange 2003 DLLs. These DLLs require the Exchange WMI extensions and the Microsoft Exchange Management service be installed before they can be registered. I'm trying to find a way to make this work without running a full admin tools installation, but for now, I figured I should post this.

I am sorry about the mistake. I only discovered this when I tried to do it for a client.

Sunday, October 03, 2004

Exchange Best Practices Analyzer - Webcast by Paul Bowden

Thursday, October 7th at 8:00AM Pacific Time, Microsoft is offering a web cast on the Exchange Best Practices Analyzer. The webcast is given by Paul Bowden. If you have not heard Paul speak, well, he is da man!

Unfortunately, that is 5:00AM for me. So unless I'm at work really, really early (which I am sometimes), I'll have to listen to it after they get the recording published.

Thanks to Melissa Travers for this information.