Windows Tips & Tricks UPDATE--January 26, 2004

Windows Tips &amp Tricks UPDATE, January 26, 2004, —brought to you by the Windows &amp .NET Magazine Network and the Windows 2000 FAQ site
http://www.windows2000faq.com


This Issue Sponsored By

Be Proactive with Real-Time Monitoring
http://www.tntsoftware.com/winnettips012604

New Web Seminar: Email Is a Service--Manage It Like One
http://www.winnetmag.com/seminars/emailservice/index.cfm?code=adzt


1. Commentary

2. FAQs

  • Q. How can I change the amount of memory that the Store can use in Microsoft Exchange 2000 Server and later?
  • Q. How can I determine whether the Microsoft Exchange Server 2003 ForestPrep and DomainPrep tasks have run?
  • Q. How can I determine which domain is the forest root domain?
  • Q. How can I use the Active Directory Connector (ADC) tools for Exchange Server 2003?
  • Q. How can I upgrade from Microsoft Exchange Server 5.5 to Exchange Server 2003?

3. Announcements

  • Download a Free eBook--"A Guide to Group Policy"
  • Announcing a New eBook: "Content Security in the Enterprise--Spam and Beyond"

4. Event

  • New--Microsoft Security Strategies Roadshow!

5. Contact Us

  • See this section for a list of ways to contact us.

Sponsor: Be Proactive with Real-Time Monitoring

There are two ways to manage your critical systems: Reactive and Proactive. ELM Enterprise Manager supports the latter. ELM Enterprise Manager is the affordable solution that monitors the health and status of your systems and alerts you in time to take prompt corrective action. Imagine the productivity increases when consolidated event frequencies, performance trends, state changes, and quality of service breaches are clearly displayed and easily accessible. Equally important, be notified while the problems are developing. Be proactive, download your FREE fully featured 30-Day evaluation copy of ELM Enterprise Manager NOW and start experiencing the benefits for real-time monitoring.
http://www.tntsoftware.com/winnettips012604


1. Commentary
by John Savill, FAQ Editor, [email protected]

This week, I explain how to change the amount of memory that the Store in Microsoft Exchange 2000 Server and later can use, how to determine whether the Exchange Server 2003 ForestPrep and DomainPrep tasks have run, and how to determine which domain is the forest root domain. I also tell you how to use the Active Directory Connector (ADC) tools for Exchange 2003 and how to upgrade from Exchange Server 5.5 to Exchange 2003.


Sponsor: New Web Seminar: Email Is a Service--Manage It Like One

True end-to-end management of the messaging infrastructure requires an integrated, service-oriented approach. This free Web seminar introduces service-driven management and best practices for managing and monitoring the key elements crucial to ensuring email health and performance, including Exchange Server, Active Directory, network, and storage. Sign up today!
http://www.winnetmag.com/seminars/emailservice/index.cfm?code=adzt


2. FAQs

Q. How can I change the amount of memory that the Store can use in Microsoft Exchange 2000 Server and later?

A. The Exchange Store is responsible for interfacing with the Exchange database files. Because these files are disk based, the Exchange server caches as much information as possible and the Store uses as much of the machine's memory as possible, up to a default maximum of approximately 858MB of RAM. The Store releases this memory when other processes need to use it. For instance, on a system with 1GB of RAM, you shouldn't be surprised if the Store typically uses more than 700MB. Having hundreds of megabytes of free memory serves no purpose, so the Store simply puts available memory to good use.

You can change the amount of memory that Exchange uses for its cache by carrying out the following steps (although you should fully test any such change because it might effect system performance):

  1. Install the Windows 2000 or later support tools from the server OS installation CD-ROM.
  2. Start the ADSI Edit utility, which is one of the support tools--go to Start, Run, and type
    adsiedit.msc
  3. From the left-hand pane, expand the root and expand the Configuration item.
  4. Expand Services (each item will be prefixed by CN=), Microsoft Exchange, <name of your Exchange Organization>, Administrative Groups, <name of the administrative group>, Servers, <Name of the server for which you want to modify the Store memory information>.
  5. Select the server. In the right-hand pane, you'll see a list of components that you can change.
  6. Right-click CN=InformationStore, then select Properties from the context menu.
  7. Select the Attribute Editor and ensure that the "Show optional attributes" option is selected.
  8. Double-click "msExchESEParamCacheSizeMax," as this figure shows.
  9. Although the value appears blank, Exchange sets this value to default to 219726. The value refers to the number of 4KB sections, otherwise known as pages. The system uses 4KB increments because the Extensible Storage Engine (ESE) database that Exchange uses stores data in 4KB sections. Enter a new value equal to the number of 4KB sections required. For example, to limit the Store to use 50MB of RAM, you'd enter a value of 12500 (you would never set the value this low on a production server--I'm just using it here as an example). Because of virtual address space limitations, Microsoft recommends that you enter a maximum value no larger than 307200, which is approximately 1.2GB of memory. You should typically increase the default value of 219726 only if you have more than 2GB of memory. For maximum efficiency, ensure that the value you enter is a multiple of 8192 (i.e., 2 pages). Click OK.
  10. Click OK to close the InformationStore Properties dialog box, then close the ADSI Edit console window.
  11. Before the change can take effect, the value for the setting you entered in Step 9 needs to replicate across the forest. After the change has replicated, you need to restart the Store on the targeted Exchange server for the change to take effect.

Q. How can I determine whether the Microsoft Exchange Server 2003 ForestPrep and DomainPrep tasks have run?

A. You can use the Exchange Server Deployment Tools to ensure that the ForestPrep and DomainPrep tasks have run by performing the following steps:

  1. Start the deployment tools by inserting the Exchange 2003 CD-ROM and selecting Exchange Deployment Tools from the Exchange 2003 dialog box.
  2. When the Exchange Server Deployment Tools Wizard starts, click "Deploy the first Exchange 2003 server."
  3. Click "Coexistence with Exchange 5.5," then click Next to start Phase 2: Prepare Active Directory (AD).
  4. Step 3 of Phase 2 starts the OrgPrepCheck procedure, which performs checks to ensure that the schema and domains are ready. Enter the Exchange 5.5 Server name, the Global Catalog (GC) server name, and a path to a location for the log files that the process will generate, as this figure shows, then click "Run OrgPrepCheck now."
  5. Close the Exchange Server Deployment Tools window.
  6. Look in the log-file storage location that you specified in Step 4 for a file called exdeploy.log. If you haven't run the ForestPrep or DomainPrep tasks, the content of the file will look similar to
      #*** Exdeploy began: 01/03/2004 03:25:48 ***#
      + Exchange 5.5 Server: vm2000srvexch5:1389
      + Global Catalog Server: vm2000srvexch5
      + Tools run: PolCheck, and OrgCheck.
    
      + Preparing Active Directory for Exchange Server 2003 (OrgPrepCheck)
    
      - Organization Readiness Check (OrgCheck)
      OrgCheck verifies the Exchange extensions to the Active Directory
      schema, checks the existence and membership of the Exchange Domain
      Servers group and Exchange Enterprise servers group, and checks that
      a global catalog server is available in a domain in which DomainPrep
      has been run.
    
      Error: OrgCheck could not find the Exchange Enterprise Servers group
      'cn=Exchange Enterprise Servers,cn=Users,DC=test,DC=local' in Active
      Directory.
      Warning: The Exchange Domain Servers group 'cn=Exchange Domain
      Servers,cn=Users,DC=test,DC=local' does not contain the local
      computer 'CN=VM2000SRVEXCH5,OU=Domain Controllers,DC=test,DC=local'.
      If the local computer is not running Exchange Server 2003, this is
      not a problem.
      Error: OrgCheck detected that either ForestPrep or DomainPrep have
      not been run yet in this domain, or that there is no available global
      catalog server in this domain.
    
      - Policy Check (PolCheck)
      PolCheck verifies that the necessary permissions are configured
      correctly on domain controllers. Details are logged to exdeploy-
      polcheck.log.
    
      Warning: Possible error string 'Abnormal exit from PolicyTest'
      detected in policytest output.
      Error: PolCheck found a problem with permissions given to Exchange
      Server 2003 computers in your Active Directory.
    
      #*** Exdeploy finished: 01/03/2004 03:25:49 ***#

When you have run the ForestPrep and DomainPrep tasks, the file won't contain the error and warning messages but will instead include the messages "OrgCheck completed successfully" and "PolCheck completed successfully."

Note that when you run OrgPrepCheck multiple times, it doesn't delete the existing log file. Instead, OrgPrepCheck appends new log information to the existing file if a file named exdeploy.log exists in the location you specified for the log-file creation. You can start OrgPrepCheck from the command line by using the command

<CD-ROM drive>:\support\exdeploy\exdeploy.exe /gc: /s:<Exchange 5.5 server with optional port if not 389> /t:orgprepcheck

For example, if I type

d:\support\exdeploy\exdeploy /gc:vm2000srvexch5 /s:vm2000srvexch5:1389 /t:orgprepcheck

OrgPrepCheck will create the log files on the system drive in the ExDeploy Logs folder.

Q. How can I determine which domain is the forest root domain?

A. Determining which domain is the forest root domain isn't simple in all cases. In a forest with one tree, the domain at the top of the tree namespace is the tree root. However, if your forest has multiple trees, determining which tree root is the forest root isn't so easy--no simple GUI view can give you this information. However, you can identify the forest root by performing either of the following series of steps on a machine that's a member of the forest:

  1. Start Notepad and copy the following commands into the application:
    Set objSysInfo = CreateObject("ADSystemInfo")
    Wscript.Echo "Forest DNS Name: " & objSysInfo.ForestDNSName 
  2. Save the file as forestroot1.vbs.
  3. Exit Notepad, then double-click forestroot1.vbs in Windows Explorer.
  4. Windows will display the DNS name of the forest root.

Or

  1. Start Notepad and copy the following commands into the application:
    Set objRootDSE = GetObject("LDAP://RootDSE")
    Wscript.Echo "Root Domain: " & objRootDSE.Get("RootDomainNamingContext") 
  2. Save the file as forestroot2.vbs.
  3. Exit Notepad, then double-click forestroot2.vbs in Windows Explorer.
  4. Windows will display the distinguished name (DN) of the forest root.

Because both files are VBScript files, you can also use CScript to run them from the command line. For example, when I type

cscript forestroot1.vbs

my computer returns the following information:

Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

Forest DNS Name: savilltech.com

Likewise, when I type

cscript forestroot2.vbs

my computer returns the following information:

Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

Root Domain: DC=savilltech,DC=com

Q. How can I use the Active Directory Connector (ADC) tools for Microsoft Exchange Server 2003?

A. The ADC is responsible for synchronizing information between an Exchange Server 5.5 directory and Active Directory (AD). Exchange 2003 supplies a third version of ADC (Windows 2000 offered version 1 and Exchange 2000 Server supplied an enhanced version 2). With the release of the Exchange 2003 version of ADC, Microsoft addressed many of the original concerns related to the complexity of using the connector by simplifying the process of creating connection agreements and resolving known problems.

The Exchange 2003 version of ADC is included on the installation CD-ROM in the ADC\I386 folder. You can install ADC by either running setup.exe from this location or by using the Exchange Server Deployment Tools (the latter approach will help ensure that you've completed all the required tasks, such as running ForestPrep and DomainPrep first). When you install ADC, the system will ask you whether you want to install the ADC service, the management components, or both; select both.

Before you start creating connection agreements, the AD domain should be in native mode; otherwise, ADC won't properly handle some security and group aspects. Also, you'll want to apply Service Pack 3 (SP3) or later to the Exchange 5.5 server.

After you install ADC and click Start, you'll notice a new Active Directory Connector entry under the Microsoft Exchange menu group. If you run the Microsoft Management Console (MMC) Active Directory Connector snap-in, you'll notice two main branches in the left-hand pane: Active Directory Connector and a new ADC Tools entry, as this figure shows. If you select ADC Tools, the tools options will appear, including a four-step ADC Wizard to help create your ADC agreements. To create these agreements, perform the following procedure:

  1. The first step is to tell the tools which Exchange server to use. Click Set under Step 1 of the wizard, enter the name of the Exchange 5.5 server and the Lightweight Directory Access Protocol (LDAP) port (you might have changed the port from the default value of 389 if you installed Exchange on a Win2K domain controller--DC). Click OK.
  2. Click Run under Step 2 of the wizard to check whether you have any unreplicated objects or Exchange mailboxes that link to the same Windows NT account. (Under Exchange 5.5, you could have multiple Exchange accounts linked to one NT account. In Exchange 2000 and later, linking multiple Exchange accounts to one user account isn't possible because the Exchange details are part of the user object.) Don't worry if you receive warnings at this point--you haven't created a connection agreement yet, so the system might encounter a few problems to warn you about.
  3. Step 3 of the wizard runs the Resource Mailbox Wizard. The Resource Mailbox Wizard resolves multiple Exchange mailboxes to one NT account by letting you specify one mailbox as the primary mailbox and setting the other mailboxes as resource mailboxes. Click Run under Step 3 of the ADC Wizard to continue.
  4. Click Next on the Resource Mailbox Wizard start page.
  5. If the Resource Mailbox Wizard displays problem users, select the primary mailbox for the user and click "Set as Primary," as this figure shows. Repeat this step for each user displayed, then click Next.
  6. Next, the Resource Mailbox Wizard will display the credentials to use for the site. Click Set Credentials, enter the Exchange administrator account and password and optionally the Exchange 5.5 server name and LDAP port number, then click OK.
  7. Click Next to move past the Site Credentials screen.
  8. When the Resource Mailbox Wizard displays a summary of the actions to be performed, click Next.
  9. After the Resource Mailbox Wizard completes the tasks, click Finish.
  10. You can now click Verify under Step 3 of the ADC Wizard to confirm the resource mailbox changes worked. Then, you can proceed to Step 4 (the wizard will confirm whether you can move on to Step 4 in the Information window).
  11. Under Step 4, click Run to begin the Connection Agreement Wizard.
  12. Click Next to move past the introduction page.
  13. Specify the default container for new objects in AD, which is usually CN=Users. However, if you have a specific organizational unit (OU) that you want to use, click Browse to select the container, then click Next.
  14. The Connection Agreement Wizard will display the recommended connections, as this figure shows. Click Next.
  15. Enter the site credentials for the Exchange site as in Step 6 above, then click Next.
  16. When the Connection Agreement wizard asks you for domain credentials, click Set Credentials, enter a domain administrator and password, then click Next.
  17. The Connection Agreement Wizard will display a list of the agreements to be created. Click Next.
  18. The Connection Agreement Wizard will display a summary of the actions it will perform, as this figure shows. Click Next.
  19. After the Connection Agreement Wizard creates the agreements, click Finish.
  20. If you clicked Verify in Step 4 of the ADC Wizard, you will now be able to continue to the next phase of your Exchange deployment.

To view the agreements that the Connection Agreement Wizard created, as this figure shows, select Active Directory Connector in the left-hand pane of the Active Directory Connector snap-in. You can right-click each agreement, select Properties from the context menu, and modify their properties (e.g., replication interval, whether they're primary). I experienced some problems with the automatically created Users connection agreement (specifically, replication from AD to Exchange using this agreement didn't work). To try to resolve the problem, I selected the automatically created agreement and manually created one with the same information, which for some reason worked. (To manually create the agreement, I opened the Active Directory Connector snap-in Action menu and selected New, Recipient.)

Q. How can I upgrade from Microsoft Exchange Server 5.5 to Exchange Server 2003?

A. You can't upgrade directly to Exchange 2003. To upgrade from Exchange 5.5 to Exchange 2003, you must perform the following steps:

  1. Upgrade Exchange 5.5 to Service Pack 3 (SP3) or later.
  2. Upgrade to Exchange 2000 Server.
  3. Apply Exchange 2000 SP3 or later.
  4. Upgrade to Exchange 2003.

3. Announcements
(from Windows &amp .NET Magazine and its partners)

  • Download a Free eBook--"A Guide to Group Policy"

  • Find essential information for understanding and using Group Policy in Windows Server 2003 and Windows 2000 networks such as rolling out network security settings, controlling client desktops, deploying software, and performing a variety of other vital administrative functions. Download this eBook today!
    http://www.WindowsITlibrary.com/ebooks/grouppolicy/index.cfm

  • Announcing a New eBook: "Content Security in the Enterprise--Spam and Beyond"

  • This eBook explores how to reduce and eliminate the risks from Internet applications such as email, Web browsing, and Instant Messaging by limiting inappropriate use, eliminating spam, protecting corporate information assets, and ensuring that these vital resources are secure and available for authorized business purposes. Download this eBook now free!
    http://www.WindowsITlibrary.com/ebooks/spam/index.cfm

    4. Event
    (brought to you by Windows &amp .NET Magazine)

  • New--Microsoft Security Strategies Roadshow!

  • We've teamed with Microsoft, Avanade, and Network Associates to bring you a full day of training to help you get your organization secure and keep it secure. You'll learn how to implement a patch-management strategy; lock down servers, workstations, and network infrastructure; and implement security policy management. Register now for this free, 20-city tour.
    http://www.winnetmag.com/roadshows/computersecurity2004

    Sponsored Link

  • Argent

  • Comparison Paper: The Argent Guardian Easily Beats Out MOM
    http://ad.doubleclick.net/clk;6480843;8214395;q?http://www.argent.com/products/download_whitepaper.cgi?product=mom&&Source=WNTTextLink

    5. Contact Us
    Here's how to reach us with your comments and questions:

    This weekly email newsletter is brought to you by Windows &amp .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
    http://www.winnetmag.com/sub.cfm?code=wswi201x1z

    Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
    http://www.winnetmag.net/email

    Hide comments

    Comments

    • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

    Plain text

    • No HTML tags allowed.
    • Web page addresses and e-mail addresses turn into links automatically.
    • Lines and paragraphs break automatically.
    Publish