Category Archives: Design

Your Exchange DAG and WAN?

helo!

While many of our customers do have their Exchange nodes well connected some are asking: Can we put the second node of our DAG into a location where we have a hughe TCP round trip time?

The answer is: Yes and No. It depends? This was the answer you are searching for, right?

From a supportability perspective 500ms round trip time is the maximum supported value.

So now it is your decision to install the Node or not. BTW: An easy way to figure out the round trip time is to use pathping or ping. But hey – is ICMP only really the right thing to measure the round trip time?

Your EXGuru – aka Peter Forster – aka Satschent Peter

Do you know the Full Access Permissions in your environment? – Be aware if you migrate your Exchange to a newer version!

ehlo!

During Exchange Migrations some ‘new’ features can make your day happy – or not. While migrating from Exchange 2007 a new feature on Exchange/Outlook can have a hughe impact on your access permissions for mailboxes.

Think about the following scenario:

User A – lets call him EXGuru and User B – lets call him User B should get access to the mailbox of User B. Years ago this permission was assigned on Exchange 2007. The permission was assigned but the Helpdesk-Team never added the mailbox into the existing Outlook-Profile from EXGuru. Everyone (EXGuru, UserB and the Helpdesk) did not remember about that permission.

Now the Mailbox will be moved to Exchange 2013/2016 and wohooo – the Mailbox of User B will show up at the EXGuru Outlook Profile. This happens because the existing permissions will be migrated and because of the ‘new’ auto mapping feature from Exchange those mailboxes will show up even if they were not shown in Exchange 2007.

Normally this shouldn’t be a problem but eventually it is. With this script you can check the existing permissions and recap the details if there are still permissions assinged they shouldn’t. Good place to start are Management mailboxes.

Get-Mailbox -Identity <mailbox> | Get-MailboxPermission | where {$_.user.tostring() -ne "NT AUTHORITYSELF" -and $_.IsInherited -eq $false -and $_.AccessRights -match "FullAccess" -and ($_.User -notlike 'S-1-5*')} | Select Identity,User,@{Name='AccessRights';Expression={[string]::join(', ', $_.AccessRights)}}

Your EXGuru – aka Peter Forster – aka Satschent Peter