Microsoft Exchange Server 2010 Management Tools Chris Antonakis
- Slides: 33
Microsoft Exchange Server 2010 Management Tools Chris Antonakis (chant@microsoft. com) Messaging Premier Field Engineer Microsoft South Africa
Exchange 2010 Investments Simplify Administration The annual cost of helpdesk support staff for e-mail systems with 7, 500 mailboxes is approximately $20/mailbox. This cost goes up the smaller the organization. (“Email Support Staff Requirements and Costs: A Survey of 136 Organizations”, Ferris Research, June 2008). Empower Specialist Users to Perform Specific Tasks with Rolebased Administration Compliance Officer - Conduct Mailbox Searches for Legal Discovery HR Officer - Update Employee Info in Company Directory Lower Support Costs Through New User Self-Service Options Track Status of sent messages Create and Manage Distribution Lists
Exchange 2010 Management What's New? New Exchange Management Console (EMC) features Exchange Control Panel (ECP) New and simplified web based management console Targeted for end users, hosted tenants, and specialists Role Based Access Control (RBAC) New authorization model Easy to delegate and customize All Exchange management clients (EMS, EMC, ECP) use RBAC Remote Power. Shell Manage Exchange remotely using Power. Shell v 2. 0 Note: No more local Power. Shell, it's all remote in Exchange 2010 Monitoring
Exchange 2010 Management Supported OS platforms All of Exchange 2010 is 64 -bit only Admin-tools also require 64 bit OS Supported OS platforms for Admin/Management Tools Vista x 64 SP 1 (*may be SP 2) W 2 k 8 x 64 SP 2 Windows 7 x 64 Client and W 2 k 8 R 2 x 64 Remote Power. Shell management Does not require Exchange binaries at the client Supported client OS platforms Vista (x 86 or x 64) W 2 k 8 R 2 (x 86 or x 64) or Win 7 (x 86 or x 64) W 2 k 3 (x 86 or x 64) XP (x 86 or x 64)
Exchange Management Console (EMC) Improvements Built on Remote Power. Shell and RBAC Multiple Forest Support Cross-premises Exchange 2010 Management Including Mailbox Moves Recipient Bulk Edit Power. Shell Command Logging New feature support For example: High Availability
demo The Exchange Management Console
Exchange Control Panel (ECP) What is it? A browser based Management client for end users, administrators, and specialists Accessible directly via URL, OWA & Outlook 2010 Deployed as a part of the Client Access Server role Simplified user experience for common management tasks RBAC aware
Exchange Control Panel Who will use it? Specialists and administrators Administrators can delegate to specialists e. g. Help Desk Operators, Department Administrator, and e. Discovery Administrators End Users Comprehensive self service tools for End Users Hosted Customers Tenant Administrators and Tenant End Users
Exchange Control Panel What It Looks Like UI Scope Control Secondary Navigation Slab Primary Navigation
demo Exchange Control Panel
ECP Architecture Overview High Level View AJAX-based Shares some code with OWA, but two separate applications Deployed on Client Access Server ECP ASP. Net RBAC Power. Shell Authentication Windows Integrated, Basic, Forms Based ECP Client Library AJAX Web Browser HTTP. SYS (IIS) Live. Id/FBA Auth ECP Server Library Browser support - Same as OWA premium IE Firefox Safari RBAC Power. Shell Exchange Cmdlets Client Access Server
ECP Architecture Overview Role Based Access Control Users shouldn't have access to message tracking Message tracking tab doesn't show up in ECP Users can edit mailboxes, but not create new ones "New Mailbox" button hidden Users can edit display name but not Department field visible but read-only
RBAC in Exchange 2010 RBAC has replaced the permission model used in Exchange 2007 Your “role” is defined by “what you do” Define precise or broad roles and assignments based on the tasks that need to be performed Includes self administration Used by EMC, EMS and ECP
Who can do What… and Where? Admins What? End-Users Who? Role. Group/USG Role <Role Entry> Role Entry Cmdlet: Param 1 Role Assignment Cmdlet: Param 1 Cmdlet: Param 2 Param 1 Param 2 Param 3 Configuration Write Scope Role Assignment Policy Where? Configuration Read Scope Recipient Write Scope
Who can do What… and Where? Admins What? End-Users Who? Add-Role. Group. Member Remove-Role. Group. Member Role. Group/USG Role <Role Entry> Cmdlet: Param 1 Param 2 Param 3 Role Assignment New-Management. Role. Assignment Get-Management. Role. Assignment Configuration Set-Management. Role. Assignment Write Scope Remove-Management. Role. Assignment Role Assignment Policy New-Role. Assignment. Policy Remove-Role. Assignment. Policy Where? Configuration Read Scope Recipient Write Scope
Who can do What… and Where? Admins What? Role. Group End-Users Assigned Roles Who? Organization. Management <All Roles> New-Role. Group Set-Role. Group Get-Role. Group Remove-Role. Group Role <Role Entry> Role Entry Cmdlet: Param 1 Role. Group/USG Role Assignment Cmdlet: Param 1 Cmdlet: Param 2 Param 1 Param 2 Param 3 Configuration Write Scope View. Only. Org. Management <All Roles View-Only> Recipient. Management Role Assignment Password. Management Policy Mail. Recipient. Management Distribution. Group. Management … UMManagement Where? Recipient UMServer. Management Read Scope UMRecipient. Management … Recipient Configuration Discovery. Management Write Read Scope Mailbox. Search. Management Scope Legalhold. Management
Who can do What… and Where? Admins End-Users New-Management. Scope –Name VIP-Recipients Who? What? -Recipient. Restriction. Filter ((Title –eq ‘CEO’) –or (Title –eq ‘CIO’) -Exclusive Role. Group/USG Role <Role Entry> Role Assignment Cmdlet: Param 1 Param 2 Param 3 Configuration Write Scope Role Assignment Policy Where? Configuration Read Scope Recipient Write Scope
Custom Management Roles Custom roles can be added to suit specific delegation requirements Roles are hierarchical, with built-in role at the top Role Entries can only be removed from a role Steps to delegate a role: 1. Create the management role 2. Change the new role's management role entries (by removing role entries) 3. Create a management scope (if required) 4. Assign the new management role
Custom Management Roles What does it look like? New-Management. Role -Name “e. Discovery-Sales” – Parent Discovery. Management New-Management. Scope –Name “Sales Mailboxes” – Domain. Restriction. Filter “(Recipient. Type –eq ‘User. Mailbox’)” –Domain. Root “OU=Sales, DC=contoso, DC=Com” New-Management. Role. Assignment –Name “RA-Sales e. Discovery Administrators” –User “USG-Sales e. Discovery Admins” -Role “e. Discovery-Sales” – Domain. Scope. Restriction “Sales Mailboxes”
demo Role Based Access Control
RBAC Role Delegation Role membership is not a right to delegate Role. Assignment Delegation Special kind of Role Assignment Delegation does not grant role permissions Role. Group Delegation Controlled through Role. Group ownership Managed. By parameter similar to DGs (Multi-Valued) Ownership does not grant Role. Group permissons
RBAC Permissions Reporting Get-Management. Role. Assignment Effective Roles for a User Effective Users by Role/Scope/Group Effective permissions to a Writable Object
Remote Power. Shell New management architecture for Power. Shell in Exchange 2010 Allows Role-based Access Control (RBAC) model Restricted PSSession allows RBAC to hide cmdlets and parameters Client / Server separation Remote Power. Shell is always used to connect “remotely” to localhost Enables firewall and cross-forest scenarios “No Binaries” scenarios Exchange-cmdlet management from a client machine which does not have Exchange Management Tools (Exchange binaries) installed
Remote Power. Shell How does it work? > New-PSSession –URI https: //server. fqdn. com/Power. Shell/ > New-Mailbox –Name Bob Evan PSv 2 Client Runspace [Bob Mailbox Object in Pipeline] IIS PSv 2 RBAC Server Runspace WSMan + RBAC stack: Authorization Cmdlets Available in Runspace: New-PSSession Remote Cmdlets Available in Runspace: New-Mailbox -Name Get-Mailbox Set-Mailbox -Name Evan: Role Assignment New-Mailbox -Name Get-Mailbox Set-Mailbox -Name IIS: Authentication Cmdlets Available in Runspace: New-Mailbox -Name Get-Mailbox Set-Mailbox -Name Exchange Server
Remote Power. Shell How Do I Use It? The Beta Way $wso = New-WSMan. Session. Option -Skip. CACheck -Skip. CNCheck – Skip. Revocation. Check $rr = New-PSSession -Configuration. Name Microsoft. Exchange -Connection. Uri https: //<Exchange 2010 fqdn>/powershell –Session. Option $wso –Authentication Negotiate. With. Implicit. Credential Import-PSSession $rr The RTM way $rr = New-PSSession -Configuration. Name Microsoft. Exchange -Connection. Uri http: //<Exchange 2010 fqdn>/powershell –Authentication Kerberos Import-PSSession $rr Or… just run the Exchange Management Shell icon!
demo Remote Power. Shell
Summary Exchange Management Console New Features, Bulk Management, and Power. Shell convergence Role Based Access Control RBAC has replaced the permission model used in Exchange 2007 Enables the definition of broad or precise roles and assignments, based on the actual roles administrators perform Exchange Control Panel Provides a new way to administer a subsets of Exchange features Provides a great self provisioning portal Remote Powershell Uses familiar Exchange cmdlets Allows administration without the Exchange management tools Provides a firewall friendly management access
question & answer
Resources Tech·Ed Africa 2009 sessions will be made available for download the week after the event from: www. tech-ed. co. za www. microsoft. com/teched www. microsoft. com/learning International Content & Community Microsoft Certification & Training Resources http: //microsoft. com/technet http: //microsoft. com/msdn Resources for IT Professionals Resources for Developers
Related Content Breakout Sessions (session codes and titles) Whiteboard Sessions (session codes and titles) Hands-on Labs (session codes and titles)
10 pairs of MP 3 sunglasses to be won Complete a session evaluation and enter to win!
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U. S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Microsoft forefront protection 2010 for exchange server
Exchange server management tools
Exchange 2010 email archiving
Microsoft forefront security for exchange server
Microsoft project server resource management
Sql server 2005 management studio express
Start-dagmaintenancemode
Replay queue length exchange 2010
Sql best practices analyzer
Exchange 2010 sp
Microsoft windows small business server 2011 essentials
Real exchange rate formula
Pearl exchange activity
Gas exchange key events in gas exchange
Chris jackson microsoft
Chris anderson microsoft
Chris anderson model
Microsoft project 2010 tutorial
Visio upgrade
Microsoft outlook 2010 training
Microsoft excel adalah software yang berorientasi pada :
Microsoft excel 2010 training
Microsoft visual basic 2010 express edition
Microsoft project tutorial 2010
Cara mengoperasikan ppt
Visual studio express 2010
Project office tutorial
Microsoft lync attendee
Microsoft power point 2010
Microsoft lync 2010 attendee
Microsoft exchange demo
Exchange virtual server
Gfi fax server
Cb exchange server sync
