Just ran a few thousand users from Oracle Calendar into Exchange (at a very security conscious site so we were not able to look at their mappings beforehand), and they had some problems with ampersands in email names.
Yep. Bad karma all around.
In fact, you should not be using most special characters for object names, as Microsoft documents here for Exchange 2003 and here for Exchange 2007.
Monday, April 26, 2010
Friday, April 16, 2010
Exchange Calendar Issues fixed with Rollups
Microsoft released rollups for its Exchange Servers on April 13, 2010:
- Update Rollup 10 for Exchange Server 2007 SP1 (KB981407),
- Update Rollup 4 for Exchange 2007 SP2 (KB981383), and
- Update Rollup 3 for Exchange 2010 (KB981401).
I want to report the calendar-related issues that these rollups fix:
Exchange 2007 (SP1 and SP2) - No calendar-related fixes in this rollup
Exchange 2010
Note: Microsoft recommends that you Clear the 'Check for publisher’s certificate revocation' for Outlook users. For OWA users, this rollup overwrites any customizations made to your "logon.aspx" pages.Thursday, April 15, 2010
New one-step mapping method OCS to Exchange
Mapping OCS Users & Resources to Exchange Accounts
First, we assume that you have already imported the "users.txt", "resources.txt", and "foreign.txt" into the database using the xCalReader.
There is really only ONE step: Run the query Q_Build_MM_Exchange_User_Map_From_Users
THAT'S IT!
We urge you to review the mapping table "MM_Exchange_User_Map" to ensure all accounts have been mapped, and that all accounts have an email address.
What happens if I want to change the email address for a few users in the Users table?
Edit the table User_Adjusted_Maps. You must copy the userid, UserNum, and mmLogin from the Users table, although we recommend you copy ALL fields. This makes review easier because you know who the accounts belong to! Add the exchange alias (exch_alias) and exchange SMTP address (exch_email). In the following example, we changed Peter W's email to peterw@nl.th....
What happens if users do not have email in the Users table?
Look in the "Exchange_email_Src" tab for "***Missing Email***", or look for unusual email in the exchange_email tab.
Is there a "query" to copy all users with blank emails in the Users table to the User_Adjusted_Maps table?
Yes. It's called "Q_Add_Users_with_Missing_Emails_to_User_Adjusted_Maps"
You will have to add the Exchange Alias and Exchange email address, AND the Exchange type. The choices are "Individual" for a user or group calendar account, and "Resource" for a conference room.
I do not see that query in my database?
You must have database version Blank_Conversion_DB_v8.13.0.0413.mdb or greater
Meeting Maker sites migrating to Exchange
You can use the exact same queries and methods above, but make sure the email you want to have in Exchange is associated with the MM account you are migrating using MM Admin.
Tuesday, April 13, 2010
Web-Based Meeting Schedulers via Mashable
I'm posting this up here for those of you who are interested.
Mashable has a review of four web-based meeting schedulers.
4 Web-Based Meeting Schedulers Reviewed
I actually tried Tungle and found it more trouble than it was worth (but that was at least a year ago). And why on earth would anyone name an app Doodle?
Since we deal with corporations I do not think this any of these are going to be high on the agenda among our loyal readers -- but you should see what the twenty-somethings in your organization are going to be trying to integrate with Exchange.
Mashable has a review of four web-based meeting schedulers.
4 Web-Based Meeting Schedulers Reviewed
I actually tried Tungle and found it more trouble than it was worth (but that was at least a year ago). And why on earth would anyone name an app Doodle?
Since we deal with corporations I do not think this any of these are going to be high on the agenda among our loyal readers -- but you should see what the twenty-somethings in your organization are going to be trying to integrate with Exchange.
Saturday, April 10, 2010
Migrating Large Oracle Calendar installations to Exchange by Subsets
Migrating Subsets of Larger Oracle Calendar Server Installations
April 9, 2010
Background: In re-creating meetings as live meetings from OCS, Sumatra uses the calendar of the meeting ORGANIZER as the definitive source for guest status. Since Exchange is a message-based system, it is crucial that in re-creating the calendar state calendar invitation come from the meeting owner. However, in the case where migrations must be done in phases, it is desirable to maintain as much as possible information from users external to the subset being migrated. This process deals with that.
As an example, let's say that we have an OCS installation in Europe that consists of about 2000 users in the Local users (NL) and 20,000 FOREIGN users (FR). Let's say the NL server is the first to migrate.
We have two issues, NL users as guests of meetings originated by FR users, and FR users as guests of meetings originated by NL users, as per the following table.
As Owner | |||
NL | FR | ||
As Guest | NL | OK | Case FR OWNER => insert as appointment in NL calendar? |
FR | Mail Contact | NOT YET MIGRATED | |
Process Change xCalReader Phase
- Create an additional Users export file of the FOREIGN users and name it FOREIGN.TXT
- Use the following command to generate this file from the FOREIGN OCS server:
uniuser -ls -format "%s%:%g%:%uid%:%id%:%node-id%:%email%:" -n 1 -p jimmorrison >foreign.txt |
NOTE the additional %email% which will give us the email of that user as defined in OCS. We will need this information for the foreign users.
- Place this file in the same directory as your USERS.TXT and UNICPOUTU export files. This means both of these files will be read and populated into the database at the same time before any calendar data.
- You will have a new option in xCalReader to ANNOTATE calendar items from Foreign (FR) users.
- Server NODE numbers MUST be different between the USERS.TXT and the FOREIGN.TXT files (see below – we want to assure that our created User ID numbers are unique – and NODE is one of the concatenated elements in this)
Notes In converting the users, invitations to NL users from FR users will be appointments in calendars. When the FR users who are OWNERS migrate, these will be overlayed with LIVE meeting data in Exchange. The user can then delete (or keep as they will) the appointment knowing that the meeting data will be updated with changes. |
Using a mail contact has the following requirements and repercussions:
We do not (*think*) French users must be on NL server as MailContacts. Valid regular email addresses should be enough to generate invitation from NL owners to FR guests– but we want to encourage you to try it. French users will then receive Outlook calendar invitations to their mail accounts. |
French users can accept/decline/ignore, Sumatra process does not create state for these users. |
NOTE: this means there will be the original OCS meeting and the new meeting in their calendars, but the new Exchange/Outlook one will be the one updated when a NL user makes changes. |
Code changes in xCalReader will act so as to
- Automatically read FOREIGN users
- Convert meetings from foreign users into appointments in guest calendars
- Allow for an administrator defined "Tag" for foreign user originated meetings.
Process Change User Mapping Phase
User mapping proceeds as documented, except the FOREIGN users will need to be mapped as well. We're documenting this and will forward ASAP.
Process Change SuExchange2007
Code changes in SuExchange2007 will act so as to
- Automatically validate foreign users
- Not generate error messages for foreign user validation
- Create FOREIGN users as guests
This will be transparent to current operation but will require testing.
Things we want you to be aware of
We already know we are not going to get access to any of your data – so we need you to be looking at it for us.
- Once both USERS.TXT and FOREIGN.TXT are in – we need you to make sure there are no duplicated USER IDs in the USER table. We can tell you how to do this if need be.
- We need you to test this first in miniature and then in full-scale as quickly as possible.
- We could really use sample data from you "users.txt" and "foreign.txt", plus a user's export file that has foreign user meetings (both as an owner, and as a guest)
Monday, March 22, 2010
Resource Forest Redux
We just re-wrote the sections on our migration manual dealing with Resource Forests in Exchange 2007/2010 -- here's the early version
- The "User Forest" - I started with an existing AD 2003 Domain - ad03.herring.sumatra.local (windows server 2003)
- Create a user account "Blarney Stone", alias = bstone in the herring.sumatra.local domain
- Create a user account "Blarney Stone", alias = bstone in the herring.sumatra.local domain
- The "Resource Forest" - a new VM: "Resource" forest domain called Sherwood: ex07res.sherwood.sumatra.local. The CAS server is "ex07res"
- In AD Domains & Trusts:
- Ensure DOMAIN AND FOREST levels are windows 2003
- Created a TWO-way: forest trust between the Resource & User forests (Sherwood to Herring) Note: A resource forest trust is a configured ONE-way trust between the Resource & User domains. If you do this, the service account won't be able to see AD, and thus won't be allowed to access anyone's mailbox.
- Ensure DOMAIN AND FOREST levels are windows 2003
Example of the TWO-WAY forest trust between the resource (Sherwood) and the user forest (Herring) (Shown from Active Directory Domains and Trusts)
- In AD Users & Computer on the RESOURCE FOREST ("sherwood"):
- Added the computer ex07res to built-in group windows authorization access group
- Create a service account deleg8 in the resource forest (A new USER account).
- Added the computer ex07res to built-in group windows authorization access group
- Use Exchange Management Console to:
- Create LINKED mailboxes "Blarney Stone" alias = bstone (in sherwood.sumatra.local) Linked to bstone (in herring.sumatra.local)
- Remember to reconfigure IIS to use SSL and have OWA default site property (in the server configuration) to use forms-based authentication
- Create LINKED mailboxes "Blarney Stone" alias = bstone (in sherwood.sumatra.local) Linked to bstone (in herring.sumatra.local)
- In AD Users & Computer on BOTH the RESOURCE FOREST ("sherwood") AND on the USER FOREST (herring):
- Right-hand click on the domain, get properties, and in the security tab Grant Deleg8 FULL ACCESS to AD. You'll have to go into advanced and set these permissions "for this object & all child objects". If you don't see the security tab, turn on Advanced Features under the View menu.
- Right-hand click on the domain, get properties, and in the security tab Grant Deleg8 FULL ACCESS to AD. You'll have to go into advanced and set these permissions "for this object & all child objects". If you don't see the security tab, turn on Advanced Features under the View menu.
Example of granting FULL Control to this object & all child objects (Deleg8 on Sherwood
(Shown from Active Directory Users & Computers)
- In Exchange Management Shell, on the Resource Forest (sherwood), run this against your CAS server, "ex07res"
- Add impersonation between the (resource forest) service account AND the user account:
- Add-AdPermission -Identity (Get-ExchangeServer -Identity "ex07res").Identity -User sherwood\deleg8 -ExtendedRights ms-Exch-EPI-May-Impersonate, ms-Exch-EPI-Impersonation, send-as, receive-as -accessrights genericall -inheritanceType All
- Add-AdPermission -Identity "Blarney Stone" -User sherwood\deleg8 -ExtendedRights ms-Exch-EPI-May-Impersonate, ms-Exch-EPI-Impersonation, send-as, receive-as -accessrights genericall -inheritanceType All
- Add-AdPermission -Identity (Get-ExchangeServer -Identity "ex07res").Identity -User sherwood\deleg8 -ExtendedRights ms-Exch-EPI-May-Impersonate, ms-Exch-EPI-Impersonation, send-as, receive-as -accessrights genericall -inheritanceType All
- Grant Full access to the (resource forest) service account AND the user account:
- Add-MailboxPermission -Identity "Blarney Stone" -User sherwood\deleg8 -ExtendedRights fullAccess -InheritanceType All
- In the Sumatra UI on a 32-bit machine:
- Run the code as the resource service account (sherwood\deleg8)
- I assume you've already granted that account local login rights, and made it a local administrator so you can read/write from the disk)
- I assume you've already granted that account local login rights, and made it a local administrator so you can read/write from the disk)
- The forest: "herring.sumatra.local"; the SMTP domain: "sherwood.sumatra.local"
- CAS server: ex07res (https://ex07res/ews/exchange.asmx)
- Access calendar using: IMPERSONATE
- Test user: bstone (SMTP address: bstone@sherwood.sumatra.local)
- Other Notes and Deviations from the Sumatra documentation:
- Something changed between Exchange 2007 RTM and SP1/SP2. we've had to change our process.
- Microsoft's David Sterling said that EWS expects there to be some sort of AD object in the resource forest to represent the cross forest account, and unfortunately, a foreign security principal is not enough. He wrote out instructions here: http://msexchangeteam.com/archive/2008/04/18/448727.aspx. BUT it doesn't work because he recommends duplicating a SID between the User and Resource forests. That generates lots of AD errors for that service account, and breaks OWA access (as that service account).
- The tool to set permissions on the RESOURCE forest (Sherwood) MIGHT cause you problems because it does not explicitly set permission inheritance. So the permissions might allow you to validate against the mailbox, but NOT insert calendar data. Here was the tool: http://msexchangeteam.com/files/12/attachments/entry447730.aspx
- Something changed between Exchange 2007 RTM and SP1/SP2. we've had to change our process.
- Use the Get-Mailbox -resultsize unlimited add-mailboxpermission to set permissions for all accounts, e.g., Get-Mailbox -resultsize unlimited Add-AdPermission -User sherwood\deleg8 -ExtendedRights ms-Exch-EPI-May-Impersonate, ms-Exch-EPI-Impersonation, send-as, receive-as -accessrights genericall -inheritanceType All
PowerShell example of using get-mailbox (you might see warnings if you've already applied the ExtendedRights to some mailboxes.
- We set AD access on both the RESOURCE and the USER forests
- We were able to add a test item using impersonation. Delegation was not working.
- After the migration:
- Remove the service account's full access permissions in AD
- Set the trust back to a one-way trust
- Remove the service account
- Remove the service account's full access permissions in AD
- Other fun facts about resource forests:
- Full Disclosure: I am not a fan of Resource Forests. Yes, they offer additional security. At the cost of 4x the complexity. I apologize to you who have implemented them successfully and are happy Exchange Admins. I'm not alone in that opinion. How a resource forest can make you cry is Vermyndax's rant.
- It's easy to implement the Resource Forest in a way that causes the end user's lots of pain. For example:
- Every time the user logs in to Exchange, they have to enter their resource forest credentials. That's almost as bad as my car: it automatically locking the doors once the car starts moving. Great for safety. But, every time I want to exit the car, I either have to either unlock the door before I can open it, OR pull the door handle twice – the first time UNLOCKS the door, the second time OPENS the door. Great security design. Miserable user experience. But I digress. The way around this, by the way: You have to assign the account in the USER forest these additional rights:
- "Read Permissions",
- "Full Mailbox Access", and
- "Associated External Account"
- "Read Permissions",
- We had problems when some DELEGATES tried to access their boss' calendars and could not. We discovered those delegate mailboxes did not reside on the same server as their boss's mailbox. The solution: move the delegates mailbox!
- There were access problems for customers who have public folders (you need them if you have Outlook 2003, or if your organization uses public folders). I couldn't figure out how to solve the access problem. Thankfully Jim McBee "Mostly Exchange Web Log" AND Jesper Bernle's Exchange Server blog wrote about how to solve it. Jim McBee found and fixed issues with permissions and delegate mailboxes.
- Full Disclosure: I am not a fan of Resource Forests. Yes, they offer additional security. At the cost of 4x the complexity. I apologize to you who have implemented them successfully and are happy Exchange Admins. I'm not alone in that opinion. How a resource forest can make you cry is Vermyndax's rant.
Friday, March 19, 2010
Migrating by department. BION, somoene's doing it.
In the several hundred migrations we've done over the last decade we've adopted as an article of faith that the right way to move meetings is as a Big Bang. It preserves the connections among all the users you migrate and it's not hard to explain to end users. A win-win for the community, an intense time for the administrators, but they get the win-win for the community.
We've always told you though that if your user community mainly consisted of "islands" who tend to only meet internally you could get away with migrating a department (or island) at a time.
But nobody took us up on it.
UNTIL a university in upstate New York said "OK -- we'll try that."
Russ and Zyg sucked in their breath and said "All right then. But if things are not going well after the first few we're going to re-evaluate this, right?"
THREE separate group migrations into it, they seem to be going all right.
There's a few more to go and we're still looking at it, but the results so far are good and we want to give you a preliminary read on how they did it and what's making it work. We're also giving them the opportunity to add anything they want to share in this post.
We've always told you though that if your user community mainly consisted of "islands" who tend to only meet internally you could get away with migrating a department (or island) at a time.
But nobody took us up on it.
UNTIL a university in upstate New York said "OK -- we'll try that."
Russ and Zyg sucked in their breath and said "All right then. But if things are not going well after the first few we're going to re-evaluate this, right?"
THREE separate group migrations into it, they seem to be going all right.
There's a few more to go and we're still looking at it, but the results so far are good and we want to give you a preliminary read on how they did it and what's making it work. We're also giving them the opportunity to add anything they want to share in this post.
- It's relatively small (about 500 users).
- They are able to identify very specific groups that meet together. The MM / Exchange administration team are doing this on their own without intense database analysis from us (which has helped keep their costs down).
- Once the island is migrated those users are removed from the Meeting Maker user list. Since they're islands, this isn't usually a problem. As Russ put it, "They burned their bridges after they crossed over."
- The migration team at the university gained experience early on in mapping users and after a proof of concept migrating their internal team they then proceeded to two other islands. Again, their motivation and competence here was key in keeping costs in control.
- After three separate island migrations things are looking good to complete the rest on a staggered schedule.
- The university adds that advance testing and end-user expectation communication made things go better.
- We at Sumatra are happy to give credit whenever our clients are more clever than we are.
So our moral: It is possible, but start small and keep an eye on it as you move forward.
What's this look like from an end-user's perspective? The same as it would in a full migration. They walk in one morning and user Meeting Maker. They walk in the next morning and they're on Exchange. BUT: Any MM users not in the migrated group are now not on their guest lists. That's the price you pay for this staggered approach. In the immortal acronym of Robert Heinlein as morphed by Milton Friedman, TANSTAAFL.
Monday, March 15, 2010
Blast from the past
Look what Zyg found in the basement.Meeting Maker 1.5 diskettes (DISKETTES!), back when it was Macintosh only. The video comes from a few years later after a bunch of est-heads (no joke) bought the company and decided to align themselves to the up-and-coming software powerhouse -- Novell.
Thursday, February 25, 2010
Meeting Maker / Oracle to Google Calendar
The calendar elves have been working on a few things to move data from Meeting Maker into Google Calendar, and we thought we'd update you. It's not perfect yet, but it's well within striking distance. This will work for Oracle as well of course.
First let's take a look at a typical Meeting Maker 7 calendar (sorry, the company really won't sell us version 8 anytime soon so we're left with the trial version we've been using since 2001).
And here, using our current zinsert to create ICS files is what this looks like via an import in Google Calendar. 
On MAJOR ICS datafiles (in this case 2.5 Mb), we've been getting this warning:
But all the data seems to go in. Our test was simple: is the last object in the file inserted? If so, we're fine, and it was.
First let's take a look at a typical Meeting Maker 7 calendar (sorry, the company really won't sell us version 8 anytime soon so we're left with the trial version we've been using since 2001).
And here, using our current zinsert to create ICS files is what this looks like via an import in Google Calendar. First thing to notice: the old MM DST code causes a shift (which if you update your server or get us to rebase your data will not happen), and banners are a little off (we can fix this).
But the good news is that it involves WAY less work than our previous versions.
This does work client-side (we're working on the XML for server-side, but we've gotten no pressure for it yet so it's just simmering away).
On MAJOR ICS datafiles (in this case 2.5 Mb), we've been getting this warning:
But all the data seems to go in. Our test was simple: is the last object in the file inserted? If so, we're fine, and it was.
Tuesday, February 02, 2010
Removing Outlook Holidays Server-Side
We get all kinds of requests on the Holiday insertion application.
One of the more recent ones is interesting enough to blog about.
The subject is the holidays Outlook client can insert for you and how to remove them SERVER-SIDE.
Turns out that the old Exchange 2003 Utilities could handle this as a matter of course, but our new version did not until last week.
Here's the slightly longer technical story about what's happening: The Outlook holiday capability inserts client-side and helpfully includes the Category "Holiday"
That's good - because I have no idea what corporate or university user needs to know when Groundhog Day is (who put this list together, a grade school teacher?).
Looking at it in OutlookSpy you can also see why the terminology "Keyword" got applied to this early on and stuck.
One of the more recent ones is interesting enough to blog about.
The subject is the holidays Outlook client can insert for you and how to remove them SERVER-SIDE.
Turns out that the old Exchange 2003 Utilities could handle this as a matter of course, but our new version did not until last week.
Here's the slightly longer technical story about what's happening: The Outlook holiday capability inserts client-side and helpfully includes the Category "Holiday"
That's good - because I have no idea what corporate or university user needs to know when Groundhog Day is (who put this list together, a grade school teacher?).
Looking at it in OutlookSpy you can also see why the terminology "Keyword" got applied to this early on and stuck.
Anyway, in Exchange 2003 the Sumatra Utilities used only the Keyword field, but to be safer in Exchange 2007 when we moved to EWS we also used a couple of hidden fields including Mileage (not as uncommon a technique among calendar applications as you might imagine).
So we expanded the concept of UNDO to be both for Category only or Category AND Mileage.
The good news, we fixed it so if you want to remove data server-side you can.
AND REMEMBER: We require keywords so that you do not accidentally remove everything in a calendar. But you WILL remove everything tagged with "Holiday." So be careful! You have been warned.
Wednesday, January 27, 2010
Exchange 2007 Calendar Issues fixed with Rollup2
On 1.22.2010, Microsoft released Rollup2 For Exchange 2007 SP2.
Here are the calendar-related issues that Rollup2 addresses:
970817 An appointment is displayed incorrectly as an all-day event if you use a mobile device to synchronize the calendar in Exchange Server 2007
971177 The Auto Attendant 'Business Hours' schedule is not updated in Exchange Server 2007 when the DST setting is changed
971349 Exchange Server 2007 users intermittently cannot access an Exchange Server 2003 user's Free/Busy information in Office Outlook 2007
973969 Incorrect exceptions are generated for a recurring iCalendar message when an Exchange Server 2007 server processes an SMTP message that contains the iCalendar message part
974161 Some attendees cannot receive a meeting cancellation notification when the appointment recurrence pattern is changed by using EWS in Exchange Server 2007
974999 The "Task Owner" field is not set when you create a task in Outlook Web Access
975165 EWS proxying requests fail after you run Availability Service requests in a CAS to CAS proxying scenario in Exchange Server 2007
975404 An attachment of a meeting request cannot be opened when you use a CDO application to accept a meeting request in Exchange Server 2007:
975903 The RemoveDelegate operation of EWS fails, and then a "500 internal server" error response and event ID 4999 are logged in an Exchange Server 2007 server
976025 The free/busy information of an Exchange Server 2007 user is not displayed
977091 The time for an updated meeting request is incorrectly shown in an exception instance of a recurring meeting request on an Exchange Server 2007 environment
Here are the calendar-related issues that Rollup2 addresses:
970817 An appointment is displayed incorrectly as an all-day event if you use a mobile device to synchronize the calendar in Exchange Server 2007
971177 The Auto Attendant 'Business Hours' schedule is not updated in Exchange Server 2007 when the DST setting is changed
971349 Exchange Server 2007 users intermittently cannot access an Exchange Server 2003 user's Free/Busy information in Office Outlook 2007
973969 Incorrect exceptions are generated for a recurring iCalendar message when an Exchange Server 2007 server processes an SMTP message that contains the iCalendar message part
974161 Some attendees cannot receive a meeting cancellation notification when the appointment recurrence pattern is changed by using EWS in Exchange Server 2007
974999 The "Task Owner" field is not set when you create a task in Outlook Web Access
975165 EWS proxying requests fail after you run Availability Service requests in a CAS to CAS proxying scenario in Exchange Server 2007
975404 An attachment of a meeting request cannot be opened when you use a CDO application to accept a meeting request in Exchange Server 2007:
975903 The RemoveDelegate operation of EWS fails, and then a "500 internal server" error response and event ID 4999 are logged in an Exchange Server 2007 server
976025 The free/busy information of an Exchange Server 2007 user is not displayed
977091 The time for an updated meeting request is incorrectly shown in an exception instance of a recurring meeting request on an Exchange Server 2007 environment
Thursday, January 14, 2010
Zimbra Calendar / Tasks / Contacts to Exchange 2007/2010 Migrations
Update November, 2011. If you're interested in Zimbra to Exchange calendar migration, see our newer posts on a faster, simpler method. http://calendarservermigration.blogspot.com/2011/11/faster-easier-zimbra-ics-to-exchange.html
December was a busy time at the Sumatra HQ.
December was a busy time at the Sumatra HQ.
We averaged two migrations a week and got three inquiries about migrating calendars from Zimbra to Exchange -- one of which we consider credible in that they kept a dialog going.
So, after a few weeks of skunk works development (which is an oxymoron here), we've got Zimbra calendaring, tasks, and contacts migrating into Exchange 2007/2010, with full state information intact.
Of course, if you want to take calendar data INTO Zimbra we can still do that. But we are kind of psyched that this is the first calendar we'll take you into or out of.
Keep in mind, you could export your ICS files and import them into Exchange (try it and see if that preserves your guest responses) or you could just move PSTs (again, try it). Our process re-creates the guest lists and responses of the calendar data on the Exchange side and it does it server-side with no end user interaction.
Wednesday, November 25, 2009
Oracle Calendar Server Designate to Microsoft Exchange Delegate Migration
Trying to get Outlook Delegate Permissions:
from Oracle Calendar Server Designate Access Rights
can be tough.
We just made the Oracle Calendar DESIGNATE to Microsoft Exchange DELEGATE migration simpler (and removed PFDAVAdmin from the equation, while it worked it was a complicated pain in the neck).
Now under the processing stage check box in our insertion code is an option called "Set Delegates"
It takes a converted designates export file, as we've previously told you how to build, and will set those according to these rules:
- Users must be VALIDATED
- NO delegates are set to see PRIVATE items on Exchange
- NO delegates are set to receive Meeting Invitations
- There is no UNDO for Delegates
Here is the “get-mailbox fl” command that shows Russ has been set as Zyg's delegate
In the database:
If Delegate is true then the user is assigned as an EDITOR
If ReadONLY is set to true, then the user is assigned as a REVIEWER
If ReadONLY is set to FALSE, then the user is assigned to AUTHOR
Here is the commandlet to WIPE OUT ALL DELEGATES, regardless of who set them:
get-mailbox -ResultSize unlimited where {$_.Servername -like "Server" -and $_.GrantSendOnBehalfTo -ne {}} Set-Mailbox -GrantSendOnBehalfTo $null
(Remember to change “SERVER” to your server name!)
We suggest you use this in your TEST environment for verification purposes.
Tuesday, November 10, 2009
Insert Holidays Server-Side into Exchange 2007
Done.
Ship it.
The Sumatra Utilities for Exchange 2007 are now available for download.
Keep in mind, they won't just insert holidays for the 2010 calendar year, they'll also let you:
Ship it.
The Sumatra Utilities for Exchange 2007 are now available for download.
Keep in mind, they won't just insert holidays for the 2010 calendar year, they'll also let you:
- Check for broken meetings in your conference rooms
- Gracefully remove terminated user meetings
- Extract resource use data you can then analyze in a spreadsheet (not full ResourceWatch but it gives you easy access to data that was hard to get before)
- And if you want to start using them to develop your own applications (we've got one business school that's done that and another evaluating), we can do that as well.
Saturday, November 07, 2009
Sumatra Utilities documentation is out
A quick update on the Sumatra Utilities for Exchange 2007: we've field proven them in an East Coast medical school with over 8000 users.
Insertion of 10 holidays for these users took about three hours.
We consider that a success.
We're running our final regression testing on them now but we can give you the link to the documentation (Word format).
http://www.sumatra.com/Sumatra%20Utilities%20Manual.doc
Stay tuned.
Insertion of 10 holidays for these users took about three hours.
We consider that a success.
We're running our final regression testing on them now but we can give you the link to the documentation (Word format).
http://www.sumatra.com/Sumatra%20Utilities%20Manual.doc
Stay tuned.
Friday, October 30, 2009
Impersonation in Exchange 2010
Quick tip: Impersonation in Exchange 2010 has morphed from setting ACLs to Role Based Access Control (RBAC). It could not be easier to impersonate users in the entire domain:
new-ManagementRoleAssignment -Name:_suImpersonateRole
-Role:ApplicationImpersonation -User:'xxx@xxx.xxx'
Here is a link to a Microsoft TechNet article: Understanding Role Based Access Control
new-ManagementRoleAssignment -Name:_suImpersonateRole
-Role:ApplicationImpersonation -User:'xxx@xxx.xxx'
Here is a link to a Microsoft TechNet article: Understanding Role Based Access Control
Thursday, October 29, 2009
Sumatra Utilities for E2K7 available next week
We're not trying to drive you crazy -- just trying to make sure everything works and getting our legalese squared away.
The Sumatra Utilities for Exchange 2007 (including holiday server-side insertion capability) will be available next week.
Keep checking here for updates.
The Sumatra Utilities for Exchange 2007 (including holiday server-side insertion capability) will be available next week.
Keep checking here for updates.
Monday, October 26, 2009
FullAccess fails with the error: The specified folder could not be found in the store.
I have been banging my head against the Exchange 2007 brick wall for the last month over the error: "The specified folder could not be found in the store."
Sumatra's conference room analysis tool's Exchange Web Service calendar folder "FindItem" request failed for about 5% of the rooms at one client. Other clients do not have this problem! The service account had FullAccess to all rooms. All conference rooms were on the same Exchange mailbox server, in the same OU, configured to autoaccept. Some had delegates, some did not.
The client could use the service account credentials to access the calendars via OWA. Was it a corrupted meeting? We changed FindItem's interval. No luck. Was EWS timing out over a large mailbox? Increased the HTTP timeout. No luck. Our FindItem requet uses the DistinguishedFolderID. We called GetFolder to find the FolderID. It failed on the inbox with the message "The specified object was not found in the store", and for the calendar folder with the message "The specified folder could not be found in the store".
Ahha! The permissions were not inherited. We added "InheritanceType: All" and it worked. Here is the syntax:
Get-Mailbox -filter {isResource -eq $True} -Resultsize unlimited
Add-MailboxPermission -User: xxxx -AccessRights: FullAccess
-InheritanceType: All
Sumatra's conference room analysis tool's Exchange Web Service calendar folder "FindItem" request failed for about 5% of the rooms at one client. Other clients do not have this problem! The service account had FullAccess to all rooms. All conference rooms were on the same Exchange mailbox server, in the same OU, configured to autoaccept. Some had delegates, some did not.
The client could use the service account credentials to access the calendars via OWA. Was it a corrupted meeting? We changed FindItem's interval. No luck. Was EWS timing out over a large mailbox? Increased the HTTP timeout. No luck. Our FindItem requet uses the DistinguishedFolderID. We called GetFolder to find the FolderID. It failed on the inbox with the message "The specified object was not found in the store", and for the calendar folder with the message "The specified folder could not be found in the store".
Ahha! The permissions were not inherited. We added "InheritanceType: All" and it worked. Here is the syntax:
Get-Mailbox -filter {isResource -eq $True} -Resultsize unlimited
Add-MailboxPermission -User: xxxx -AccessRights: FullAccess
-InheritanceType: All
Tuesday, October 06, 2009
Holiday insertion server-side in Exchange 2007
Remember the Sumatra Utilities for Exchange 2003 and their beloved server-side holiday insertion capability?
And you remember how every year you ask us if we've done it for Exchange 2007?
Well, we (finally) rebuilt it for Exchange Web Services. Check out this example.
Friends of Sumatra can use this at no charge (you all know who you are) so just ask us and we'll send it out.
For everyone else we're actually going to charge for the capability this time.
Which brings me to the purpose of this posting: If you have any preferences on how we should do this -- drop us a line. If you do not know our emails you can use our contact form.
Oh yeah -- this is also going to include the broken meeting check, the terminated user utility, and the interface for managing conference room statistics (the full application for the last one will be a separate follow-on offering).
And you remember how every year you ask us if we've done it for Exchange 2007?
Well, we (finally) rebuilt it for Exchange Web Services. Check out this example.
Friends of Sumatra can use this at no charge (you all know who you are) so just ask us and we'll send it out.
For everyone else we're actually going to charge for the capability this time.
Which brings me to the purpose of this posting: If you have any preferences on how we should do this -- drop us a line. If you do not know our emails you can use our contact form.
Oh yeah -- this is also going to include the broken meeting check, the terminated user utility, and the interface for managing conference room statistics (the full application for the last one will be a separate follow-on offering).
Monday, September 28, 2009
500 errors on test insertion into Exchange 2007?
When you get a "500" error on validation or a test insertion, please verify your:
- CAS/MBX boxes are members of Windows Authorization Access Group
- Impersonation permissions stuck (and are not denied) through Active Directory Sites & Services
- Service Account is NOT a member of any Exchange Admin Group/Domain Admin group
Subscribe to:
Posts (Atom)