Jim McBee's Mostly Exchange Web Log
Jim's Web Log: Ramblings related mostly to Microsoft Exchange 2000 or 2003, bug notices, workarounds, tips, and stuff. Sometimes network, security, Active Directory, social commentary, politics, events, religion, or humor, but, well, mostly Exchange.
Wednesday, November 28, 2007
Tuesday, November 27, 2007
Exchange 2007 certificate command generator
Labels: Exchange 2007
Exchange 2007 Components and Windows 2008 Active Directory posters
If you get Technet Magazine, you have probably already seen these. Microsoft has put together some nice posters of the components of Exchange Server 2007 and Windows Server 2008 directory services. You can download the PDF versions for free. Hopefully these links will remain active for a while. Now all you need is a really big printer.
Sunday, November 11, 2007
Xerox site for sending cards to troops overseas
Xerox has put together a site that allows you to send a thank you card to U.S. military personnel overseas. I have known a number of men and women that have been in Iraq and Afghanistan and I can tell you that this type of gesture is greatly appreciated. Even if you don't agree with the troops being there, keep in mind that these men and women are following orders. Most of the military men and women I know don't agree with "the war" now, but they follow the orders they have been given; they do believe that our politicians have made a mess and that we should try and fix it if possible. Send your anti-war cards and letters to your congressional reps and the president and tell your elected officials what a mess they have made. But let the uniformed men and women know you support them. I checked this out on Snopes, by the way, it is for real.
Saturday, November 10, 2007
Adding attributes to the Exchange details templates (revisited)
I am updating this post. Microsoft Escalation Engineer Dave Goldman has posted some suggestions on his blog about this topic and emphasizes that the types of changes I am telling you about here are NOT within the boundaries of Microsoft's support obligations.
On a number of occasions, I have had to add and modify the Exchange details template to change attribute names or to their label names in the template. Any Exchange administrator with Exchange Admins rights to the Exchange organization can modify these templates. I discussed modifying these templates in Exchange Server 2003 24seven.
However, sometimes when you need to add new "Edit" fields to the template, not all Active Directory attributes are available when you list the available attributes. Microsoft Knowledge Base article 313962 "How to modify Exchange 2000 or Exchange 2003 details templates" shows how to customize the msExchCustomAttributes object so that additional attributes will show up when you edit the details templates.
In article 313962, step 7 shows the following text:
Note For the attributes to appear correctly in the details templates, you must add attributes that have an associated MAPI identifier (ID). To verify that an Active Directory attribute has an associated MAPI ID, you can use the ADSI Edit utility to view the optional mAPIID property for an attribute.
But, the article does not tell you what to do if the object does not have a mAPIID property. I have a client that has done extensive attribute customization to their Active Directory and they wanted to have an additional property page show up on the User details template with their attributes.
The mAPIID property must be edited with the ADSIEDIT console, not the Active Directory Schema console.
But if you pick an attribute that you have extended in to the Active Directory and try to give it a mAPIID, you may get an error telling you: "The attribute cannot be modified because it is owned by the system."
I had to spend some time on the phone with both Exchange and Active Directory PSS engineers, but we finally figured out how to modify the mAPII propery of new attributes added to the Active Directory. This requires the use of LDP.EXE in addition to ADSIEDIT.MSC.
- Login as a member of Schema Admins (preferably on the Schema Master FSMO)
- Launch LDP.EXE
- Connect to the Schema Master FSMO using LDP.EXE
- Bind to the Schema Master using an account with Schema Admin permissions.
- From the Browse menu, choose Modify
- In the Modify dialog box, leave the DN field blank, and type schemaUpgradeInProgress in the Attribute field. In the Value field, enter the number 1. Click the Enter button, then click the Run button.
- Close the Modify dialog box.
- Launch ADSIEDIT.MSC and modify the mAPIID values for the necessary attributes. (You may need to wait for the Active Directory to replicate.)
- Run LDP again, and change the value of schemaUpgradeInProgress from 1 to 0.
- From the Active Directory Schema console, right click on the console and choose "Reload the Schema"
I know you are probably saying, okay, I have got these new attributes I have extended, what value should I use for the mAPIID. I have been unable to find any (but I still have a few queries out about this), so I have just been using unique numbers above 50000 in hopes of avoiding a conflict with an existing attribute.
As always, take EXTREME care when modifying the schema. Many changes to the schema cannot be un-done!!!!
Friday, November 09, 2007
Reading secure input from PowerShell
This past week at Exchange Connections, I attended a PowerShell session with Devin Ganger. During the session, both Devin (and later myself) tried to remember what the PowerShell cmdlet was to read input from the command line (rather than the Get-Credentials cmdlet).
The cmdlet we were both grappling for was Read-Host. Here is an example of using this cmdlet to set a password variable AND not showing the password on the screen.
$Password = Read-Host "Please enter a password for the users" -AsSecureString
Sunday, November 04, 2007
What to do with all that junk mail (snail mail, that is)
I have posted this before, but I just cleared out a stack of junk mail and sent back nearly a mailbox full of pre-paid envelopes.
I get 3 or 4 credit card offers a week in the mail. One of my housemates gets 2 or 3 A DAY! Sometimes the same companies over and over again. I have started taking all of this unsolicited junk, opening it, looking for the postage paid envelope, stuffing it full of the things they sent me (less, of course, anything that can identify me) and putting it back in the mail to the sender. Those companies then have to pay the return postage and pay for someone to open up the returned "junk mail".