If you had to change the legacyExchangeDN for your users as part of a migration or other manual process, or even an error in your automated user provisioning software, there are certain things that you need to be aware of.

For one thing, cached Outlook 'autocomplete' entries will stop working. If a sender uses his Outlook autocomplete to select a user whose legacyExchangeDN has been recently changedand sends an email to a user, chances are that the mail will bounce with the following NDR:

Jack Rabbit
The recipient's e-mail address was not found in the recipient's e-mail system. Microsoft Exchange will not try to redeliver this message for you. Please check the e-mail address and try resending this message, or provide the following diagnostic text to your system administrator.

The first thing you need to do after changing the legacyExchangeDN is to initiate an Offline Address Book rebuild. The way out of this problem is to instruct the sender to first download the Address Book by doing a full Send/Receive. Then ask the sender to manually select the affected recipient from the Address book instead of using the cached Autocomplete.

This is because, in an Exchange organization, Outlook client autocomplete caches do not save the SMTP email address. Instead, it saves the X.500 address using the legacyExchangeDN attribute from Active Directory. And that's exactly what you have changed!

Workaround:

There is another workaround to prevent the NDRs. This would be to enter the old value of the legacyExchangeDN attribute as an X.500 address for the user account. This is done by opening the user object's Email Address properties --> Add a Custom Address --> Enter the old value of legacyExchangeDN as the address and the address type as "X500" without the quotes. The drawback of this method is that you are populating the user's email address field with garbage, which you don't need after a while but can't remove because you are unsure if traces of the old entries in Outlook caches are gone!

Starting with Windows Vista, Volume License Keys (VLKs) have been replaced by the Key Management Service (KMS). A KMS Server is deployed in the organization, which will respond to activation requests from client machines. Hosts activated via a KMS have to report back to that KMS key server once every 180 days.

At the place where I work, a Key Management Server was already in place and it was used for activating Windows Vista. With release of Windows Server 2008 earlier this year, we started deploying/migrating some of the workloads to the new server OS.

Windows Server 2008 also uses the KMS activation system. However, the KMS server refused to activate Windows Server 2008 computers, while Vista was OK. Upon closer examination and long discussions with Microsoft, it was discovered that the KMS key installed on our KMS server was only for Windows Vista. Microsoft calls this a "Class A" key.

In order for the KMS server to be able to activate BOTH Windows Server 2008 AND Windows Vista, we should remove the "Class A" key, replace it with a "Class B" key and then activate the KMS server. Here, the "Class B" key is nothing but the Windows Server 2008 Std/Ent - KMS key on the MVLS website. This key can not only activate WS08, it can also activate Vista!

This is how its done (from the Command Prompt):

slmgr -upk
uninstalls our "Class A" KMS key.

slmgr -ipk <insert Windows 2008 KMS key here>
installs the "Class B" KMS key.

slmgr -ato
activates the KMS server

While using slmgr, it is important to wait 5-10 seconds after each command to get the confirmation popup box, even though command prompt will return as though nothing happened.

Once the server has successfully activated, type the following command to verify that you have a "Class B" KMS key.

slmgr -dlv

Notice that it says KMS_B channel, indicating a "Class B" KMS key that will activate both Windows Server 2008 and Windows Vista.

I happened to see this funny ad on Microsoft's Unified Messaging platform. It's themed "VOIP as you are".



The way the cable roll smashed thru the glass doors is amazing. But when I saw the next two videos of the same cable roll smashing through the same glass door, I was amazed by the ingenuity of the person who planned the whole ad in three different angles, three different ways to depict the same thing.

One, through a security cam:


The other, through a handycam held by a lady


LOL!

If you have heavily customized Outlook Web Access logon pages and are planning to install Exchange Server 2007 SP1 Rollup Update 3 (released last week) on your Client Access Servers, this post is a must-read.

I had modified the logo and some of the background images on my Outlook login/logoff pages. To make things a bit more fancy, I had included two hyperlinks on my OWA login page (\ClientAccess\Owa\auth\logon.asp) -- "Terms of Use" and "Login Help", which pointed to separate independent HTML files on the same server. Everything was happy n' kicking till I installed Rollup Update 3 for Exchange Server 2007 SP1.

After the upgrade, the OWA login page refused to show. The URL redirected to https://webmail.company.com/exchweb/bin/auth/owalogon.asp?url=https://webmail.company.com/exchange&reason=0&replaceCurrent=1 and all I got was a blank browser window.

So I pulled my wits together and started stripping any customization that's not in the book. Once I removed the hyperlinked text that I had added on the logon screen, things started working again.

If you are running Exchange 2003 and Exchange 2007 in co-existence and you have users on both systems, you will notice that, while Exchange 2007's new OWA interface has a brand new Change Password option, the Change Password functionality for the users on Exchange 2003 has stopped working and you receive a 404 - File Not Found error.

This is because the IISADMPWD virtual directory, which was previously available on your Exchange 2003 Front-End server is no longer present on your Client Access Server. So here's the solution:

1. If you are running Exchange Server 2007 on Windows Server 2003:

Simply enable the IISADMPWD virtual directory by following this article.

2. If you are running Exchange Server 2007 SP1 on Windows Server 2008

Things can get a little tricky here. Especially when you've noticed that there is no IISADMPWD folder inside the \Windows\System32\Inetsrv folder! Now what are we gonna do?! Here's something that I've tried and it works:

a. Simply copy the \Windows\System32\InetSrv\IISADMPWD folder from your Exchange 2003 Front End server and copy it to \Windows\System32\InetSrv\ folder on your Windows 2008 Exchange Client Access Server.

b. Open IIS Manager. Right click on Default Web site and choose Add Virtual Directory. Specify the alias as IISADMPWD and browse to the path of the \Windows\System32\InetSrv\IISADMPWD folder.

c. Right click on the IISADMPWD virtual directory, and select the option Convert to Application.

d. Click on IISADMPWD application to select it. On the right pane, open the Authentication icon. Disable Anonymous authentication and enable Basic Authentication. Make sure only Basic Authentication is enabled.

e. Restart IIS service by using the command iisreset /noforce

Your Exchange 2003 users should now be able to change their passwords.

This is more a Microsoft Word tip rather than an Active Directory tip. In essence, it shows one of the many methods to compare values of all attributes of two different objects in Active Directory, or of the same object in a "before-after" comparison scenario - to track changes.

In this example, we will try to do a before-after analysis of a single user object to track changes that have happened to the attributes of the same user object.

First, I dump the LDF file for the user that I want to track changes for, before I make the changes using the LDIFDE tool.

LDIFDE -f user_before.ldf -d "CN=User Jones,OU=Test Users,DC=Domain,DC=local

Then, I make the changes to the attributes. In this case, I am moving the user's mailbox from an Exchange 2003 server to an Exchange 2007 mailbox server.

Once again, I dump the LDF for the same user after I've done the operation.

LDIFDE -f user_after.ldf -d "CN=User Jones,OU=Test Users,DC=Domain,DC=local

Now I have two LDF files, which I want to compare. Microsoft Word has a pretty cool compare feature that shows you what exactly has changed in red. Also, you get to see both the files in two small windows and the changes in a separate window, and they all scroll together!

Simply open (or paste) the two files in Microsoft Word as separate documents. Then, open up the Review toolbar tab, and choose the Compare option.

Here's a screenshot.

Microsoft recently announced a brand new certification called the Microsoft Certified Master.

It is currently offered for Exchange Server 2007, SQL Server 2008 and Windows Server 2008.

The MCM credential is given to highly experienced professionals after undergoing intensive training and passing the in-class lab and written exams.

The prerequisites are demanding and it may not be everybody's cup of tea. For instance, to be considered for the MCM training on Exchange Server 2007, the candidate must have 5 or more years of hands-on experience on Exchange 2003, 1 or more years on Exchange 2007, fluency in English, MCTS on Exchange Server 2007, MCITP on Exchange Server 2007 and an MCSE on Windows Server 2003 (or an MCTS on Windows Server 2008 AD)!

Even though the new certification makes it easier to identify well-experienced professionals, it may be viewed by some customers as a Microsoft scheme to make more money from Learning solutions and certification.

Bottom line - as the number of under-qualified MCSE's flood/pollute the job market, Microsoft is taking steps to help experienced and highly skilled professionals to stand out from the crowd.

ISA Server 2006 Service Pack 1 will be released tomorrow (Wed, July 2, 2008)on the Microsoft Download Center. From July 22, the service pack will be available through the Microsoft Update channel.

This is a massive service pack with over 200 bug fixes and tons of new, visible features.

One of the most notable features is the change tracking feature, which is a much-awaited and highly requested feature from customers. ISA 2006 now keeps track of all changes done to the configuration and helps you track your actions all the way back. The ISA admin's life just got better.

Here's a preview of all the new features included in the service pack:

• Configuration Change Tracking - explained above.
• The "Test" button for Web publishing
• Traffic Simulator - Simulates network traffic on the ISA rules engine and helps you visualize how your rules will be processed for the simulated traffic
• Query on Diagnostic logging - For those who remember the ISA 2006 supportability pack - there was a diagnostic logging feature included. Now, SP1 adds a query feature on the diagnostic logging tool that helps you see only the log data relevant to the problem you are troubleshooting.
• PLUS tons of improvements to existing features like support for certificates with multiple SAN (Subject Alternative Names), Multicast support for integrated NLB, etc.

I think this is really an exciting update as it contains much of the enhancements requested by customers. Microsoft is listening!

Update: Here is the download link.

I was trying to create a protection group in System Center Data Protection Manager 2007 to protect SharePoint Server 2007.

I followed the protected computer prerequisites documentation and made sure the following were done:

1. Installed KB940349 on the SharePoint front end server.
2. Installed KB941422 - Update for WSUS 3.0. After installing this KB, I had to run the SharePoint Configuration Wizard.
3. Start the VSS Writer service on the WSS server as per this article.
4. Make sure the back end SQL Servers are running SQL Server 2005 with Service Pack 2.

I followed all these steps as per the prerequisites document. However, I still got the following error:

This item cannot be protected because some prerequisite software is missing. Ensure that all prerequisite software is installed and then protect this item (ID: 31008). Click Help to view the list of prerequisite software for the selected item.

The problem was solved when KB940349 was installed on the backend SQL Server as well. All servers were restarted after installing this update. Then I went to the Management tab on the DPM 2007 console and selected Refresh Information from the Actions pane.

On returning to the Create Protection Group wizard, the error was gone.