iPhone with Exchange 2010 – Business Integration and Deployment available for pre-order now
I am pleased to announce that my forthcoming book, iPhone with Exchange Server 2010 - Business Integration and Deployment is now available for pre-order, after what seems like an endless wait!
Right now, we're finishing off the technical reviewing process, where feedback from Exchange MCMs and MVPs, primarily Henrik Walther and Jeff Guillet has been invaluable (and given me a lot of confidence that it's a great book!) - so once again a massive thanks for their help, as well as Packt Publishing.
Available for pre-order on the Packt website right now, the book is aimed at both IT professionals with little Exchange experience who have been tasked with implementing Exchange 2010 (or Office 365) and iPhones or iPads into their employer's business. With more complex topics such as provisioning and certificate-based authentication, seasoned Exchange admins will also find a lot of in-depth information filling in the large gaps between the Exchange Server and Apple documentation.
Taken from the "What you will learn" overview I put together for Packt, here's a quick bullet-point list of the types of topics covered:
- The roles and features of Exchange Server 2010
- Capacity planning for an Exchange environment and how to plan a new installation
- Certificate and namespace requirements for an external facing Exchange organization
- Install Exchange Server 2010 and build a database availability group
- Why you should consider Office 365 and what's involved in getting it set up
- Use policies to control what users can do with iDevices connected to Exchange
- Why certificate authentication can make your life easier and how to set it up
- Use Apple's iPhone Configuration Utility to create and deploy configuration profiles to mobile devices
- What's involved with sharing mailboxes and calendars with Apple devices
- Troubleshooting and managing devices in use
Read more about the book and pre-order on the Packt website..
Exchange 2010 SP2 released and Exchange Environment Report compatibility
Microsoft have released the latest service pack for Exchange Server 2010, Service Pack 2, which brings a number of improvements including bringing in patches released in subsequent update rollups since SP1 was released, along with some new features including Address Book Policies, Hybrid Configuration Wizard, OWA mini and OWA Cross Site Redirection.
You can download SP2, which can be used for new installs as well as upgrades from the Microsoft Download Site.
Later this week I'll be writing the first of a series of articles on how to make use of some of the more advanced new features and what benefits they bring; in the meantime be sure to read the announcement on the Exchange Team Blog, the Release Notes (once they are available) to understand about new role pre-requisites and schema / AD updates required; and of course ensure you test the features important to you in your lab/test environment before deployment in production.
If you're a user of my Exchange Environment Report, you'll be glad to read that not only is it compatible with Exchange 2010 SP2 - but it was actually developed against it during my time as a TAP participant, so it might even work a little better 
Exporting Exchange 2010 ActiveSync statistics for iOS Devices
When exporting ActiveSync statistics from your Exchange Server 2010 environment, you've got a number of options, including using the Export-ActiveSyncLogs cmdlet to parse IIS log files and produce a number of CSV reports to help understand the way your ActiveSync devices are being used, the use of Device troubleshooting logs to retrieve client-side logs on a user-by-user basis to help diagnose issues, and use of the Get-ActiveSyncDeviceStatistics cmdlet to interrogate the information stored by Exchange and Active Directory about each ActiveSync device partnership.
The final option is what provides the foundation for this script, however when just exporting information on it's own the built in cmdlet doesn't interpret the information encoded in the User Agent string that helps understand what versions of iOS are in use across your business. Therefore as well as exporting the data from Exchange, this script maps the information stored in Exchange to iOS versions.
Usage:
Example Output:
Script (downloadable below)
# Generates a CSV file containing ActiveSync Device Statistics with iOS Specific Information.
#
# .PARAMETER OutputCSVFile
# Filename to save the output CSV file as
#
# .EXAMPLE
# .\Export-MessageTrackingLogsForRecipient.ps1 -OutputCSVFile C:\output.csv
param(
[parameter(Position=1,Mandatory=$true,ValueFromPipeline=$false,HelpMessage="Output CSV File Name")][string]$OutputCSVFile
)
# The following is a Hash Table containing information used to
# map the Apple Device User Agent to it's corresponding iOS version
$iOSVersions=@{"508.11"="2.2.1";
"701.341"="3.0.0";
"701.400"="3.0.1";
"702.367"="3.2";
"702.405"="3.21";
"702.5"="3.3";
"703.144"="3.1";
"704.11"="3.1.2";
"705.18"="3.1.3";
"801.293"="4.0.0";
"801.306"="4.0.1";
"801.400"="4.0.2";
"802.117"="4.1";
"803.148"="4.2.1";
"806.190"="4.3";
"806.191"="4.3";
"807.4"="4.3.1";
"808.7"="4.3.2";
"810.2"="4.3.3";
"811.2"="4.3.4";
"812.1"="4.3.5";
"901.334"="5";
"901.403"="5.0.1";
"901.405"="5.0.1"}
# Retrieve mailboxes of users who have a connected ActiveSync Device
$CASMailboxes = Get-CASMailbox -Filter {hasactivesyncdevicepartnership -eq $true -and -not displayname -like "CAS_{*"} -ResultSize Unlimited;
[array]$Mailboxes = $CASMailboxes | Get-Mailbox;
# Create an array to store the output
$Output=@();
# Perform a set of actions against each mailbox retrieved
foreach ($Mailbox in $Mailboxes)
{
# Retrieve the ActiveSync Device Statistics for the associated user mailbox
[array]$ActiveSyncDeviceStatistics = Get-ActiveSyncDeviceStatistics -Mailbox $Mailbox;
# Use the information retrieved above to store information one by one about each ActiveSync Device
foreach ($Device in $ActiveSyncDeviceStatistics)
{
# Where possible use the information stored in the Device User Agent to understand the iOS device version in use
$iOSVersion = "N/A";
if ($Device.DeviceUserAgent -like "*/*") {
$rawiOSVersion = ($Device.DeviceUserAgent).Substring(($Device.DeviceUserAgent).IndexOf("/")+1);
if ($iOSVersions[$rawiOSVersion])
{
$iOSVersion = $iOSVersions[$rawiOSVersion];
}
}
# Create a new object to store this ActiveSync device information in our CSV file
$OutputItem = New-Object Object;
# Add information to the object
$OutputItem | Add-Member NoteProperty Username $Mailbox.SamAccountName;
$OutputItem | Add-Member NoteProperty "Display Name" $Mailbox.DisplayName;
$OutputItem | Add-Member NoteProperty "Device Type" $Device.DeviceType;
$OutputItem | Add-Member NoteProperty "Device Model" $Device.DeviceModel;
$OutputItem | Add-Member NoteProperty "iOS Version" $iOSVersion;
$OutputItem | Add-Member NoteProperty "Device ID" $Device.DeviceID
$OutputItem | Add-Member NoteProperty "Status" $Device.Status
$OutputItem | Add-Member NoteProperty "ActiveSync Policy" $Device.DevicePolicyApplied
$OutputItem | Add-Member NoteProperty "ActiveSync Policy Status" $Device.DevicePolicyApplicationStatus
$OutputItem | Add-Member NoteProperty "Last Sync" $Device.LastSuccessSync
$OutputItem | Add-Member NoteProperty "Last Sync Attempt" $Device.LastSyncAttemptTime
$OutputItem | Add-Member NoteProperty "Last Policy Update" $Device.LastPolicyUpdateTime
$OutputItem | Add-Member NoteProperty "First Sync" $Device.FirstSyncTime
# Add the object to our array of output objects
$Output += $OutputItem;
}
}
# Print the output object to the screen in a table format with a subset of details for ease of reading
$Output | Format-Table Username,"Device Type","Device ID","Last Sync"
# Export the full set of data to the specified CSV file
$Output | Export-CSV -Path $OutputCSVFile -NoTypeInformation
Version 1.0, 5th December 2011
Download ExportActiveSyncDeviceStatistics.zip
Enabling Windows Live ID creation for On-Premises Mailboxes with Live@EDU
This is an article I’ve been meaning to write for a long time, however actually finding the answer to the problem has always been bottom of my priority list – primarily as no-one had actually asked me if it was possible. So I was quite glad to be challenged by Mike Crowley a couple of weeks ago to come up with a solution.
If you’re reading this and know Office 365, then I’ll take a moment to explain the differences between the way Live@EDU does things and the way Office 365 does it. Exchange Online in both services is pretty much the same – Outlook Live hosted in the same datacentres within the same Exchange Organization. They both synchronize users using the same underlying software, Identity Lifecycle Manager which underpins DirSync and OLSync (the Live@EDU equivalent).
However that’s pretty much where the similarities end. Whilst Office 365 users are synchronised against Microsoft Online Services IDs, Live@EDU users are synchronised against Windows Live IDs.. Yes, the same that are used to login to Messenger, Skydrive etc. Furthermore, unlike Office 365, user passwords are (or usually are, anyway) synchronized from the local Active Directory to the associated Windows Live IDs. That’s very different to Office 365, which relies on ADFS 2.0 to directly use local authentication, preventing passwords needing to be stored outside the local Active Directory.
The Problem
So, what’s the problem I’d been interested in overcoming? Well, OLSync doesn’t create Windows Live IDs (or synchronize passwords) for on-premises mailboxes; it only creates them for mailboxes hosted in Exchange Online.
Instead, it creates Mail Users in Exchange Online that can’t actually be logged on to. In quite a few circumstances, I think that’s a good thing. I don’t like the idea of most users in the organization having their password automatically pushed out to a Windows Live ID.
But (and there is always a but), not everyone has the same security requirements and the convenience of allowing all users – wherever their mailbox is located – access to Live services may be worth the risks. And, if you want to make use of Hybrid Coexistence features in the same way as Office 365 can, like Remote Mailbox moves, automatically creating and synchronizing Windows Live IDs with on-premises Mailboxes makes moving mailboxes back on forth a lot easier.
The Solution
When I was asked how to do this, I was half-convinced it couldn’t be done. I certainly had no intention of re-writing the management agent extension, and from a quick look in the past, didn’t see anything in the configuration and documentation that suggested that it was possible.
So, to cut a long story short, I used the trial of NET Reflector to have a peek inside the DLLs that make up the OLSync management agent and, as it turns out, every time a Mail User is created in Live@EDU for a corresponding On-Premises Mailbox, a flag is checked to see whether it should create a Windows Live ID.
The parameter to set to ensure it does create a Windows Live ID is DisableWLIDOnMailUser, which needs to be set to False in ILM, in the Configure Additional Parameters section of the Exchange Online management agent:
Once that’s set – and the other parameters are correct as per a normal installation, Windows Live IDs will be created for on-premises Mailboxes as they are synchronized.
If this is a new setup, all Mailboxes on-premise that would normally have a Live@EDU Mailuser created will be created with a corresponding Windows Live ID, which should get downlevel password changes the same way normal Live@EDU Mailboxes would from the on-premises Active Directory.
The one caveat is that for existing On-premise Mailboxes / Live@EDU Mailusers that have already been synchronized Windows Live IDs are not created – these need to be manually enabled using the following command:
In the future, this kind of fiddling won’t be neccessary – Office 365 for Education replaces Live@EDU and brings with it the much better ADFS 2.0 integrated Single Sign On and DirSync, which handles rich, hybrid coexistence scenarios a lot better. So I’ll leave you with the full list of optional parameters for you to try out if you are interested in seeing what else OLSync is capable of. Bear in mind though, these are probably unsupported by Microsoft – but could be the solution to something you’ve been trying to do for a while:
public enum ConfigurationParameterName { ClientRetryAttempts, AllowPartialDataImportWithTransientError, DisableWindowsLiveId, FederatedTenant, FederatedIdentitySourceAttribute, FederatedDelegationDomain, FederatedDelegationSourceAttribute, ProvisioningDomain, PasswordFile, FederatedNamespace, ResetPasswordOnNextLogon, NumberOfPages, ClientReportDirectory, DisableWLIDOnMailUser, PreferredDomainController, EnterpriseMode, TargetOU, ForestTrust, EvictLiveIdOnCreate, BypassAdminCountCheck, MVInitialPasswordAttributeName, MVWindowsLiveIdAttributeName, SyncProxyAddressProtocol, SyncGroupAsGroup, NameToDNSuffix, MailboxDeliveryDomain, OutlookLiveX500Sync, ConnectionCleanUpTime }
More from StevieG.org
- About Me
- Car PC
- Exchange 2010 Virtual Load Balancer
- Exchange Environment Report
- Recommended Exchange Reference Material
Find Me On…
Important Notice
Categories
Recent Posts
- iPhone with Exchange 2010 – Business Integration and Deployment available for pre-order now
- A look back at 2011, and a look forward to 2012
- How to use Multi-Valued Custom Attributes in Exchange 2010 SP2
- Updated – Disabling Auto-mailbox mapping in Exchange 2010
- Updated – Recommended Exchange Reference Material
- Guest Post – How to Improve Your Exchange Performance
Top posts
- iPhone with Exchange 2010 - Business Integration and Deployment available for pre-order now
- Using the Exchange 2010 SP1 Mailbox Export features for Mass Exports to PST files
- Generate Exchange Environment Reports using Powershell
- Auto-mapping shared mailboxes in Exchange 2010 SP1 with Outlook 2010 and Outlook 2007
- Managing iCal Calendar Sharing with Exchange 2010 SP1 [Updated]
Blogroll
- Aaron Tiensivu's Blog
- Clint Boessen's Blog
- Devin on Earth
- Dougs Blog…
- Elan Shudnow's Blog
- Exchange Server Pro
- Exchange Team Blog
- Exchange2010.com
- Exchangepedia Blog
- Henrik Walther Blog
- Microsoft Messaging and Mobility User Group UK
- Mike Crowley's Whiteboard
- Mike Pfeiffer's Blog
- Nuttin but Exchange
- VMlover by Daniel Eason