We want criticism!


I recently (hopefully recently, my last post took two years to get published so I'm not sure when this one will go out, LOL) posted one of my typical light-hearted looks into life at Microsoft (it was about how office space is allocated, read it here).  Although it was irrelevant to virtually everything, it elicited many interesting responses, including people complaining (I think) about us having it too good here.  No argument there.  Actually, I was intentionally portraying the situation in a negative light so as not to upset everyone too much.  In reality, we all have 1000 square foot corner window offices (our office buildings were designed by MC Escher) that overlook a lake or mountains (our choice), with a private bathroom, a fold out bed for nap time,  and a full service kitchen. 

But never mind that.  There were also many comments on the feature set of Exchange 2007 (rather irrelevant to the pointless topic, but important nevertheless).  They were mostly not liking certain feature take-backs in the release, particularly around the administrative GUI.  I just want everyone to know that despite the light tone here, we do take these comments seriously.  Let me assure you that the discussion that my post prompted generated many a transaction log on our corporate Exchange servers!!

Some of you that have been reading our blog for a long time may have noticed that we have taken a very open position regarding the comments that we get on our blog posts. I believe that there were only 2 or 3 cases when we deleted a comment and that was because of some really inappropriate language. We want to keep your comments there, both positive and negative. We read every single one of them and respond to many. We do want to encourage you to post your opinions and ideas, but we do have ask something: if there is an area that is very upsetting to you or where you think we made a mistake, we ask that you would offer criticism about the product, and not the people who work on it. Also, since we actively look to these comments as evidence to make potential changes in our products, we again ask that you would provide specific, actionable feedback on our product. In other words, please explain what it is that bothers you and why it bothers you. What are you trying to accomplish that you can't? Sometimes the comments are obvious (we totally and completely get it that you need more GUI and it's unfortunate we weren't able to get as much of it in to E2K7 RTM as we'd hoped, but we hope that SP1 works better for you there), but sometimes they are not, so the more you explain your user scenario, the better a chance we'll be able to eventually do something about it.

In closing, I'd just like to point out the obvious that every product that has ever shipped anywhere has had to make trade-offs between shipping on time, shipping with quality, and shipping with the right features.  For Exchange 2007, we debated long and hard about features that we would ship. We had to balance investments that we wanted to make into the Exchange code base to allow for future innovation (would people be interested in a description of those architectural bets? Or if we posted it, would we just get more "you should have done <my feature foo>" instead? :), feature cuts we felt we had to make to get the quality we wanted to ship with and the timeline we felt it needed to ship in.  We knew some of the cuts would be painful, and we have addressed many of the larger issues in SP1 (some posts on this coming your way, by the way!).   Judging from the early success of Exchange 2007 sales, the many positive reviews we've garnered, and most customer feedback, we seem to have made some pretty good choices here. But obviously - not perfect. We always need to try to do better.

I look forward to the responses this post may receive, and rest assured there are lots of people in Exchange who will be paying attention to them, as with all our posts on this blog.  Thank you for coming back and caring enough to comment!

- Jon Avner, Nino Bilic


Share this post :

Comments (60)
  1. Tom Shinder says:

    I think the last remaining piece that needs to be fixed for Exchange is Certificate request and Certificate management. Isn’t there a way to request a certificate without having to go through the CLI? It was so much easier using the IIS Certificate Request Wizard. Also, how about bind certificates to services? It’s easy to mess up using the CLI, but I never made a mistake bind certificates to the SMTP, POP3, IMAP4 and Web services using the IIS console in previous versions. Can you do something to make it as easy (or even easier) than it used to be?

    Thanks!

    Tom

  2. Miltek says:

    I really like what I have seen with most of the features of Exchange 2007, but the feature change that bothers me most:

    No longer readily use LDAP queries for dynamic distribution groups or address books.  With Exchange Server 2007: Opath does not seem to take into account the extensibility of Active Directory or all of the attributes that are already there.  Example of the issue: with Exchange Server 2003 we have many address books and distribution lists that are based on what the division attribute of a recipient starts with.

    Additionally in the UI, could you add other operators like "starts with"?  i.e. company starts with, instead of just having company equals.

  3. Mike Crowley says:

    So did you choose the lake or mountain?

  4. Mike Crowley says:

    You mentioned that you read every comment posted to this blog.  Is this also true of the technet forums?  I am very involved there, and wonder if I’m more likley to be heard here or there.  (when I have a comment or something, not a technical question)

  5. Exchange says:

    Mike,

    Can’t comment on forums, sorry… different people run those two. I DO know that every comment to this blog gets read though.

    If you have ideas for blog posts, you can go here: http://msexchangeteam.com/archive/2004/12/10/279655.aspx

    Comments to our blog posts are always welcome!

  6. Maverick says:

    I have been running Exchange 2007 since Feb 07 and just upgraded all of our servers to Exchange SP1.  Love the new features and the extra GUI management.

    My problem is that we set address lists via the msexchquerybaseDN attribute on every managed user in our AD.  We have been doing this since March 2007.  Since the upgrade to SP1, any user who has the attribute set cannot recieve autodiscover settings.  When I remove the attribute and do an Outlook 2007 Autoconfiguration test, it works fine. So essentially, we have no free/busy, oof or autodiscover for any managed user running Outlook 2007.  If I run a test-outlookwebservices on a cas server, everything comes back as a success regardless of the msexchangequerybaseDN attibute being set or not.

    Have you heard of this before? Is there a planned hotfix for this issue and if so, when is the expected release?  If you are interested in error messages in Outlook, please let me know.

  7. Jason Hollenberg says:

    I find it *VERY* annoying that I can no longer specify different delivery times for oversized messages like we could do in Exchange 2003. When users send large attachments to multiple recipients it kills our office DSL bandwidth. In Exchange 2003 we used to be able to specify that oversized attachments should be sent at, say, 3AM when bandwitdh isn’t so critical.

    Also, it would be nice to be able to specify custom actions (like scripts) in transport rules.

    Other than that, we absolutely love Exchange 2007, especially with the release of SP1.

  8. Steve G4 says:

    Great product, CCR and 64 bit has definately saved us money!

    Hard as it is to find fault ;-) here’s what we have…

    * S/MIME needs IE, fair enough. But if it’s a signed message on OWA light can’t there be an option to allow the user to download the attachments anyway? Our customers treat this as a bug, not a feature.

    * Why isn’t iCal an OWA/WebDev server feature. Our Mac users would love direct iCal integration – Entourage 2008 hasn’t been a big improvement (we won’t be rushing to roll it out).

    * Why can’t a user make their calender truly public (Anonymous users).

    * Pine / Alpine users complain that Ex IMAP still isn’t truly RFC compliant, the author says he wrote IMAP and won’t make allowances for servers that don’t meet the client’s standards.

    * Can we make OWA premium work with Firefox and Safari. Many of our customers just assume OWA light is what OWA is, as they never use IE.

    * A powershell commandlet to set a user’s Out of office would be useful

  9. Steve G4 says:

    Great product, CCR and 64 bit has definately saved us money!

    Hard as it is to find fault ;-) here’s what we have…

    * S/MIME needs IE, fair enough. But if it’s a signed message on OWA light can’t there be an option to allow the user to download the attachments anyway? Our customers treat this as a bug, not a feature.

    * Why isn’t iCal an OWA/WebDev server feature. Our Mac users would love direct iCal integration – Entourage 2008 hasn’t been a big improvement (we won’t be rushing to roll it out).

    * Why can’t a user make their calender truly public (Anonymous users).

    * Pine / Alpine users complain that Ex IMAP still isn’t truly RFC compliant, the author says he wrote IMAP and won’t make allowances for servers that don’t meet the client’s standards.

    * Can we make OWA premium work with Firefox and Safari. Many of our customers just assume OWA light is what OWA is, as they never use IE.

    * A powershell commandlet to set a user’s Out of office would be useful

  10. lee says:

    I do like it better than before overall, but here are a couple.

    *  Add the ability to manage Exchange functions back into ADUC.  It’s hard to tell support that they have to go back to two utilities to do their jobs.

    *  The ability to see mailbox sizes in the GUI view of recipients, or store database sizes would be good too.  Anything to help me balance several CCR clusters is helpful.

    *  An easier to learn message tracking system.  Oh how I long for Ex2k3 message tracking.  I know, I’m just not use to it yet.

    Lee

  11. Egon says:

    The Store.exe on my Exchange 2007 uses to much Memory. On a System with 16 GB RAM and no Pagefile i have Out of Memory Errors…

  12. Exchange says:

    Egon,

    Please see the following page for page file requirements on Exchange 2007 servers:

    http://technet.microsoft.com/en-us/library/aa996719.aspx

    On related note – Store.exe will use as much memory as possible on the Exchange 2007 server to keep as much in the cache, which is much faster than going to the disk (paging).

  13. Jordan W says:

    How about OWA calendar printing options?  The current method of printing calendars in OWA 2007 is quite limited and lacking in functionality.

  14. Lee Meyrick says:

    It would be great to customise the OWA login page text (I know we can customise the colours/pictures).

    In OWA 2003 we could directly edit the text in the ASP file to customise the text whereas it they are now embeded within a strings.dll file

    Cheers Guys

  15. lorennerol says:

    Agree with these comments:

    *  Add the ability to manage Exchange functions back into ADUC.  It’s hard to tell support that they have to go back to two utilities to do their jobs. <note: I understand why you made a separate tool, to separate admin functions, but why does a separate tool have to preclude the use of an integrated too, too?>

    *  The ability to see mailbox sizes in the GUI view of recipients, or store database sizes would be good too.  Anything to help me balance several CCR clusters is helpful.

    *  An easier to learn message tracking system.  Oh how I long for Ex2k3 message tracking.  I know, I’m just not use to it yet.

    * The cert process is ridiculous- even the example you posted had syntax errors. If you can’t get it right, how in the world can a jack-of-all-trades, overworked admin?

    My two biggest frustrations are:

    1. That you opted to build out Powershell/EMS completely while also choosing to remove critical parts of the GUI. It’s fine to add features (like EMS), but doing so at the expense of features that we’ve used for years is a BAD idea. Many admins are now collecting EMS commands in notepad files. Is this really a step forward? Imagine of the Office team decided it was too complicted to code the Print function into Word 2007 and just had users enter a Powershell command to print documents…

    2. Even with SP1 installed, there seems to be a massive memory leak, at least in a single-server environment. I’m waiting on hold with PSS to get this sorted out right now (and yes, I have the aforementioned hotfix installed).

    3. The install scripts were not prepared well at all. For example, the single label domain issue should have been caught at install, and the hoops I had to go through to get SP1 installed were nothing short of atrocious: Every time the install failed a complete reboot was required and once when it failed it left many services set to disabled.

    I’ve been using Exchange since 5.5 and this version isBY FAR the most unstable, difficult to admin, buggy version, and we’re over a year out from RTM now. Are the problems and feature gaps ever going to get fixed, or will this be like Vista: The version everyone tries to avoid while waiting for the next one?

  16. bday says:

    First of all there is a hell of a lot that is great with Exchange 2007 when you include SP1. My hats off to you for making a great product.

    If you’re looking for crtiticism, then I’ll keep it to only that. Powershell is awesome and I didn’t understand its strength until attending the Exchange Customer IT Fellowship program here in Redmond last week and this. But (there is always one isn’t there?)… your typical every day Small-Mid sized business Windows admin is not going to have time to learn a lot of these cmdlets not available through the GUI.

    I think the GUI should retain at least the same command set the E2K3 tools had and then if you want to split it off from there so be it.

    Personally I work in a highly decentralized environment with centralized Exchange services. We have hundreds of site-level OU admins across our org who I can tell right now will never be able to learn powershell. They either lack the skill or the will to learn something new. I can hear it now "then why were they hired?"… well, why were most people in gov’t hired? They probably know someone or have been there for years and are union boys and gals. These are folks who simplly need to be able to create mailboxes, check the current size of their users’ mailboxes, add secondary SMTP addresses, provision users through ADUC, and other low level (or high I guess, depends on your definition) functions.

    A lot of these tasks are now only doable through Powershell or the separate Exchange Management Console. I’m going to have to write scripts for them to run or spend a lot of time training them. Giving them scripts isn’t too bad, but I’m afraid there is far more possibility for them to play around and instead of mucking up a couple user mailboxes, they’ll affect hundreds instead.

    AD and Exchange were joined so nicely before and to me it is a shame to see them becoming separate again. Please do not assume all organizations have seperate AD and Exchange departments. Give us the ability to keep it the way it was if we so choose it.

    If it is of any kind of help, our profile is a 34k+ mailbox org growing on pace to be over 40k very soon. We have a small centralized Exchang/AD team (8 people including managers) and then a bajillion site level admins out in the field doing front-line user and file/print/db support and whatever else their agencies need.

  17. Jeff25 says:

    Honestly, I am going to stick with my Exchange 2003 servers (I have 48 of them) until all of this nonsense gets sorted out. All benefits of 64-bit computing aside, I have to throw out the baby with the bathwater to get Exchange 2007 rolled out in my enterprise. Not worth the expense, hardware-wise or labour-wise if you ask me.

    my criticisms:

    – crappy upgrade path (see above), I have complained ad nauseum about it so I will leave it at that.

    – de-integration of ADUC. You had a wonderful thing going and then you change it. *meh*

    – de-guification of major features. (see above)

    It is almost like you intentionally obfuscated the administration of Exchange to foster and protect the jobs of the "Exchange administrator". Not that I am against a competent product managed by competent people,  but our jobs are being crammed into ever-so-tighter schedules and I for one would like to see EASIER and QUICKER to use products rather than ones with some sort of "paradigm shift" to command-line interactivity.

    With my bevy of Unix (and Linux) servers, I have an intrinsic LOVE of the command-line. That is the  beauty and simplicity of Unix and Unix-like operating systems. Windows, however, is NOT Unix and is NOT a command-line operating system. It is a graphical user interface with a very large and complex engine running underneath. Windows users expect (and indeed sometimes REQUIRE) a GUI interface to interact with it. By shoehorning in all of this command-line interactivity, regardless of merit, you are needlessly complicating things for the people I am, in the end, going to have train to support it.

    So, like I said…I’ll be sticking with Exchange 2003 for now. Thank you very much.

  18. John says:

    Thanks for the opportunity to speak on this topic.

    I agree with many of the comments here.

    We have a highly distributed Admin model with central Exchange Servers. We look after the servers and users are managed by their own admins.

    Our biggest issue is a perception of a step backwards with many of the features of Exchange 2007. I understand there are probably extremely good technical reasons for these changes but they don’t look good to us.

    Examples are:

    * Attributes no longer visible in ADUC. In Exchange 2003 all the admins in our org can use ADUC to look at (and manage) user properties. Now simple things like secondary SMTP addresses can’t be seen in ADUC. A new GUI or powershell (not appropriate!) is required.

    * Delegated control. Another tool? Powershell? Assigning mailbox rights requires God level access to Exchange.

    * Active Directory OU based functions/features. one exmaple being our use of many dynamic DLs built around areas of the org that are split in the directory into different OUs. Eg. All Finance Staff are under OU=Finance … All other user properties can be different between users, such as office title, phone, building, department even. Now in ex2007 that type of DL looks like it only accepts address book property attributes being equal to something. We also have dynamic dls for "all users on server xyz" …. how to now?

    * Public Folders. gone then back again, partly. Can you access them from OWA? manage them from a GUI. propagate permissions? Even with SP1 management isn’t back in the Exchange GUI it is a separate one right?

    * ADUC. Has to be mentioned twice sorry. Moving away from it looks like a step backwards. If it is a property display issue with the dialog boxes and the schema will Win 2008 AD bring it back?

    cheers

  19. Cam says:

    Hi guys,

    I too, have been reading this for a long time and your openness and the way you conduct this site is a testament to the team.  Your products are great.  Haven’t taken the step to 2007 yet but will soon.

    One thing I’d like to ask, even though this is probably the wrong place is what the heck is going on with the IMF Updates lately?  There is no way they are being released on a 2 week schedule as originally stated.  We are drowning in spam but without the updates it’s impossible.  

    Cheers from Oz….

  20. David R. says:

    I work with a lot of different customers, ranging from 20 to 5000+ employees, and they all react strongly to having to use two different admin consoles for Exchange and AD.

    One of Exchange’s strongest point is it’s tight AD integration, and therefore it’s just wrong that you can’t manage mailboxes directly from ADUC.

    Another thing I miss is the ability to limit connections to POP and IMAP based on IP’s. Lots of customers have older applikations that don’t support secure POP or IMAP, so I’ve limited POP/IMAP access to specific IP’s.

    Thanks for a great blog! :)

  21. aaron says:

    I would like to see a post detailing those "architectural bets". I would like to better understand those decisions. In fact I would like to more of those posts from all of the product teams.

  22. Chad says:

    * Even with SP1 installed, there seems to be a massive memory leak, at least in a single-server environment. I’m waiting on hold with PSS to get this sorted out right now (and yes, I have the aforementioned hotfix installed).

    I’m seeing this, too.  Server with Hub, Cas, and Mailbox role.  Commited RAM will rise, rise, rise, but there is no indication what is taking the RAM.  Did PSS give you any info?

    Anyway, a couple of points of feedback:

    1.  Cluster support is too clunky.  You do some things in Cluster administrator, some things in Powershell/Exchange GUI.  Couldn’t you find a way to consolidate?

    2.  Attributes that were in E2k3 GUI that are missing in E2k7 GUI.  Most notably, mailbox size and number of items in mailbox.

    3.  I’ll also second the certificate management confusion.  Perhaps it’s just because it’s new, but it seems much more difficult to know what certs are where and how/where to apply new certs.

  23. cv says:

    Criticism?

    Yo mama sooooo fat….

    Just kidding…  :)

    CV

  24. lorennerol says:

    Quote:

    <* Even with SP1 installed, there seems to be a massive memory leak, at least in a single-server environment. I’m waiting on hold with PSS to get this sorted out right now (and yes, I have the aforementioned hotfix installed).

    I’m seeing this, too.  Server with Hub, Cas, and Mailbox role.  Commited RAM will rise, rise, rise, but there is no indication what is taking the RAM.  Did PSS give you any info?>

    I spent five hours on the phone with the Windows Server support group last night. I’m not 100% sure it is an Exchange issue, so I decided it was better to start with the Windows group and move over if my hunch is verified. Some background:

    – This is a single-server environment. Technically there is still an Exchange 2003 server, but all the roles are installed on the Exch2007 box.

    – The box is a dual-proc, dual core 3.0 Xeon with 8GB of RAM hosting about 30 mailboxes. It’s also a DC and runs SQL 2005 Standard (the production DB is small- <200MB).

    – When it’s ‘freshly’ started it runs as expected.

    Over a period of a week or two it gradually slows down. If I ignore the calls from the users that the accounting apps (uses SQL) is slow, the box will eventually bugcheck/bluescreen. I got this call yesterday and when I got there the task manager process list show store.exe using less than 400MB RAM and sqlserv.exe using only 115MB. Nothing else was over 100MB. It showed only 1GB RAM available, but the total RAM in use on the process list was no where near 7GB, so RAM is getting ‘lost’ somewhere.

    What is happening is that the page file fills up, the server slows, and eventually, if I don’t manually reboot, becomes unresponsive and then bluescreens.

    PSS had me bump up the page file (to 1.5xRAM), setup a couple very granular counters in perfmon, and change the registry to get a full memory dump, rather than just a kernel dump. I uploaded the last kernel dump and the result of the reporting tool they had me run. They are analyzing the data and I am monitoring the server to see if the larger page file fixes the problem or just prolongs the period during which the server runs ‘normally’.

    So there is a small chance it is fixed, but most likely it’s not and we’re gathering a better set of data from which to make a diagnosis the next time it happens. I’ll post back if/when I get more info.

    L

    PS- Rereading my previous post I see that I said my two biggest issues were actually three :)

  25. Chad says:

    Thanks lorennerol,

    That sounds a lot like what I’m seeing.  My machine is a VM and a test environment, but the symptoms seem identical.  I’ve never let mine get to the point of blue screening, perhaps I’ll try that.

    The frustrating thing it trying to figure out what is taking all the RAM.  Like you, no single process shows much memory usage, but the system itself thinks it’s completely out of memory.

    Look forward to hearing from you.

    Oh, and I didn’t say it in my first post, but thanks to the Exchange folks for the blog in general and this thread in particular and for all their hard work!

  26. zardoz says:

    Newbie to Exch2007 so please forgive this question. Can I configure the send/receive times for users? (Ex. no emails received until 4:00pm.) Thanks

  27. DJ says:

    I would like to see a vast improvement of migration tools.  We deploy several Exchange servers each year and have been reluctant to deploy many Exchange 2007 servers due to a lack of GUI tools like Exmerge or any tools that could allow you to move mailboxes from separate domains (we deal with smaller networks where forklifting out an old Exchange server / domain is something we do from time to time).  The amount of work it takes to get the cli Exmerge going (installation of management tools – 32bit – on another workstations + all the patches / apps needed) is just ridiculous.  We want to widely adopt Exchange 2007, we really do!  Make it easier for us.

  28. bday says:

    Another comment… outbound Faxing please! We’d love to reduce our complexity and get rid of our current 3rd party solution for faxing. I’ve been told before MSFT doesn’t want to push its own partners out of the fax market, but we’d much prefer it was integrated. Thanks! :)

  29. lee says:

    I thought of another one.  This is a long shot, but bundle all the prereq’s together to get a basic console install.  When I try to setup the console only on a PC, I have to install powershell, mmc, .Net2, .Net2sp1, usually some hotfixes, then EMC.

    Just bundle the basics and ask to look for updates when I’m done.

  30. MF says:

    I’d like to second the OWA comment.  OWA should be OWA on all reasonably current browsers (something like IE6/7+, Safari 3+, Firefox 2+) *not* OWA light

    From the client perspective this is the most glaring issue — it’s an AJAX world and this ought to be an achievable goal.  If it was a timing issue I can understand; if it was something else, then get on it right away! :-)

    // mf

  31. Exchange says:

    Thanks to everyone that commented! Keep it up! :)

  32. DReller says:

    I’d like a documented way to get a count of messages into/out of a mailbox, either thru the Message Tracking GUI or thru PowerShell.

  33. bday says:

    Automatic failover of send connectors on the HUB Transport boxes please. No longer having link-state status seems to kill this unless you use round robin DNS to a SMTP host.

  34. Dafo says:

    I would like to see a full article on troubleshooting the uninstall process of Exchange 2007. Uninstalling seems far from straight forward.

    I’d also like to see an article explaining what changes are made in Active Directory on an install of Exchange and how to fix corrupted configuration.

  35. TC says:

    1) The ability to set calendar read permissions via GPO. Our company policy is that all calendars are visible to all employees, however there is no easy way to enforce this.

    2) Support in virtual environments. This means VMware as well as Microsoft. If I can take a "whitebox" server and run tests on it to have it logo’d for Windows, why can’t I do the same for a virtual server? Play nice with your competition, for the sake of your mutual customers.

    3) I’ll second (third? fourth?) the comments already posted on the SSL Cert thing. Too complex!

  36. Mike Lagase says:

    lorennerol,

    It appears that the issue you may be running in to is a possible trimming of working sets making task manager show that the overall memory for that process is only a certain amount of memory.

    I talked about this in http://blogs.technet.com/mikelag/archive/2007/12/19/working-set-trimming.aspx. Have you installed the ntoskrnl.exe fix in http://support.microsoft.com/kb/938486 as this working set trimming issue will affect SQL servers as well.

    Perfmon data should help show you what might be going on here with memory mgmt.

  37. pesospesos says:

    As I posted back when 2007 hit RTM, the split off from ADUC is killer for us.  What we used to achieve with a Copy User in Ex2003-aware-ADUC now requires us to use ADUC, EMC/EMS, and AdisEdit.  It really is inefficient and kills us as we are only a two man team.

    I sympathize with those filling notepads and notecards with scripting syntax – we just don’t use these commands enough to memorize them; but more than enough that it is very annoying not to have certain things in the gui.

  38. lorennerol says:

    Quote:

    <Mike Lagase said:

    lorennerol,

    It appears that the issue you may be running in to is a possible trimming of working sets making task manager show that the overall memory for that process is only a certain amount of memory. >

    Yes, I installed it immediately after that article was posted here (with great expectations). The problem persists.

  39. John says:

    I just wanted to add my sincere appreciation for the work you do with this blog. It is one of the few sites with frequent and topical updates, that allow anonymous comments to be posted.

    We all use Exchange and know the huge gains you have made with the product.

    Thanks again for the opportunity to make these comments and have some input. It is refreshing to be able to explain our hurts to the actual developers.

  40. Jürgen says:

    Hi there,

    it really would be good to see that full multi-language-testing is done everywhere. I saw problems with german umlauts (üöäÜÖÄß)in passwords in POP3 authentication. The testing group should have found that – reminds me of the early times of software.

    Can you please state on this blog what’s the right way for power users to administer public folders? The addpublicfolderpermissionrecursive.ps1 together with Outlook? EMS?

    Also I’d like to know more about the fact, that sb. who has PF permission level 8 and EMS/EMC can mailenable the folder.

    Some of my customers wanted to deploy Exchange UM to get rid of their variety of fax solutions that they "inherited" in decentralized Exchange 5.5 times. As soon as they figured out that Exchange is not able to send faxes, this thought was totally out of mind forever. So please implemet this with SP2 before more customers have been burnt.

    About the help: can you please provide some examples for the CMDlets that are not the easiest imaginable? Some documentation about Exchange data types in Powershell would also be useful.

    For future versions: Would it be possible to provide a managable way handle hosts that relay through Exchange? My customers are normally 20k seats and above and in such organizations there are normally hundreds of hosts that are not able to send authenticated SMTP emails. Some of them have Excel lists to keep track on who needs to send what for (or using CSVs and the set-receiveconnector, if admins are mature with EMS). Others are using dedicated internal sendmail relay machines just for that. Maybe that’s an opportunity?

    Last but not least I’d like to thank you guys for the great documentation. Without that, it would have been impossible to plan and deploy.

  41. Jeff25 says:

    Where is the MS Press Resource Kit book for Exchange 2007? Your product has been out for over a year, yet you have not released an Exchange 2007 Resource Kit book.

  42. bday says:

    Archiving…. please for all that is holy try to work a real archiving, secondary storage, legal discover piece into the product. Many of us are forced to spend ungodly amounts of money on Symantec & EMC products which can be nightmares to install and administer becuase there is no built in way to do legal discoveries across multiple mailboxes, enforce compliance in a meaningful way, nor a way to shove old data off onto another disk media type for long-term storage.

    Do it for Santa Clause!

    Thank you! :)

  43. Elan Shudnow says:

    1. Outbound Faxing

    2. Certificate Generator for SANs that will place certificate names in the proper order depending on needs

    3. Better/more migration tools that will assist in making it easier for us to migrate to Exchange 2007.

    4. Mailbox Items and Size in GUI.

    5. Better Message Tracking System

    6. Better support for configuring Autodiscover service in the EMC.  Both for InternalURL and ExternalURL for ALL services including the ability to enable SSL for these services and their authentication settings.

    7. Owa premium for Firefox

    8. Don’t release an incomplete product.  Almost everybody I talk to agrees RTM was released too early.  Functions that were used in Exchange 2003 should not have been postponed to 2007 SP1.  If needed, push back the RTM date.

    9.  AND PLEASE…. allow us to set calendar permissions via a GPO or via some other method.  For instance, in our organization, we have Default – Reviewer so everybody can view each other’s calendar.  And when I said better migration tools, that means the functionality to be able to share this cross-forest as well, and not just free/busy.

    10. Better functionality for sharing free/busy and calendar data with newer versions of Exchange.  I’m assuming this will be better in Exchange 14 due to it most likely using Availability service.

  44. Kevin Purcell says:

    Here is a suggestion that I feel would benefit everyone.

    I would like to be able to use group permissions to control access to auto attendants.

    I would also like a standalone GUI based tool so that users can manage the recordings on their auto attendants. With the amount of auto attendants we need to create, managing them will be an administrative nightmare because people are always updating their recordings.

  45. lorennerol says:

    I agree- removing the mailbox items and sizes from the GUI was a poor choice. Now instead of a few clicks to get the list of mailboxes sorted by size, I run a long cmdlet (212 characters), that pipes to a CSV, then import the CSV into Excel and sort. For a quick report I struggle sto see how this is any sort of improvement, as it takes significantly longer.

    In case anyone is interested, here is the cmdlet I use (careful of wrap):

    Get-MailboxStatistics -Database "mailbox database" | Sort @{expression="totalitemsize";descending=$true} | select DisplayName, @{expression={$_.totalitemsize.value.ToMB()}}, itemcount | Export-csv c:mbreport.csv

    L

  46. Michael Dragone says:

    E12 has great new features – SCR/LCR/CCR are alone worth the price of admission. But I’ll chime in here with a few gripes as well. :)

    1. As others have mentioned, the SSL certificate "procedure" is torture. I installed a 3rd party certificate in my test environment and when it came time to renew it I put it off for over a month because I remembered how painful it was the first time around and I knew I’d have to spend at least 30 minutes just refreshing myself on the steps. Even though this was only about a month ago if I were to do it again tomorrow I’d spend the same 30 minutes doing another mental reboot.

    2. I like PowerShell and learn more about it every day. I think using it as the basis for Exchange management was a great idea, but I feel like I have to drop into it far too often to perform mudane tasks. I don’t like being able to set some SCL levels in the GUI, for example, but to set the Store Junk SCL threshold on a mailbox, I have to drop into PowerShell. Why? If 100% of Exchange tasks are available in PowerShell, 99.9% of those tasks should be present in the GUI. The remaining 0.1% should be so esoteric that I only have to do them once in a blue moon.

    (Before I go on, a slight diatribe on PowerShell in general. I think the main problem with the adoption of PowerShell, or the resistance to it if you will, is a simple matter of history. As Windows administrators we’re all used to doing everything in a GUI. Cisco administrators would say the same thing as they’ve been configuring their gear via telnet/SSH for years. If someone gave them a GUI it would feel foreign. For most Windows administrators, the opposite is true.)

    3. As others have mentioned, the separation of AD and Exchange tasks as well as the removal of the functionality from ADUC makes sense from a delegation of management perspective, but for a good majority of SMBs the AD folks are also the Exchange folks. Actually, I’d like to see MORE integration of MS and 3rd-party utilities into AD; it would be so nice to tell the HelpDesk folks to "go to ADUC, click on <USER> and go to <TAB> for <TASK>" instead of "go to <THIS TOOL>, then click this, etc."

    4. Public Folders. These poor things are the "middle child" of Microsoft collaboration tools – better than a file share but not as good as SharePoint. In our organization they’re very handy, however. We don’t have the internal knowledge or (frankly) the need for a SharePoint installation. Our users have a strong grasp of Outlook so Public Folders come naturally to them. We also use them as group fax inboxes and group "mailboxes." They might not be as sophisticated as SharePoint but I for one will be sorry to see them go. Utill that day comes I hope that they don’t become an afterthought in the Exchange management tools.

    5. Now that the Exchange and RTC Groups are under the "Unified Communications" umbrella, I fear that the next versions of OCS and Exchange will be merged into one product with several roles as E12 is now. While I like the Exchange-OCS-AD integration, many SMBs will likely not be able to go "full OCS" for several years due to the complexity of OCS deployment. I’d hate to see Exchange become more complex then necessary.

    6. Any additional improvements to make clustering failover/failback as painless as possible for DR/BC scenarios are always welcome.

    7. Regarding the EHLO Blog, I’d love to see more "internal/how Exchange works under-the-hood" posts. Actually, you folks should write an "Exchange Internals" book – it would look great next to my copies of "Inside SQL Server" and "Windows Internals." Please? :)

    A sincere "THANK YOU!" to all the members of the Exchange Team for a great blog and for listening to us customers!

  47. lee says:

    Here’s one I just ran across that I can’t believe is true.  You can only generate the OAB on one specific server in a CCR cluster.  If you fail over, OAB generation fails until you fail back or alter registry settings

    Is this really true?!?!

    See here..

    http://technet.microsoft.com/en-us/library/bb266910(EXCHG.80).aspx

    please make this redundant…soon, or allow me to run it on another server type, such as Hub.

  48. bday says:

    Can we please get mailbox list (per mail store) and last logon back in the GUI without having to go through making a bunch of filters? We use it for troublehooting rather often in 2003 and having to resort to powershell in this case isn’t optimal (for us at least…).

    Thank you.

  49. Elan Shudnow says:

    Just thought of another thing.  Integrate Message Classifications into IIS and give it a URL field in Autodiscover and work with the ISA team to create a /path/* for this URL.  It’s pretty ridiculous having to distribute the XML file to every single client and modifying the registry settings for this.  We should be able to enable message classifications through some GPO (even though we can manually add that into a GPO, but still…).  Outlook should then be able to connect to Autodiscover and get the URL for the message classification XML file.

  50. Jeff25 says:

    After having my perfectly accurate and legitimate criticisms being redacted from this website, I am crystal clear about this whole process.

    Dear Exchange developers…meh.

  51. Martin Sperrin says:

    I’d like some clarity on the shared mailbox solution. We’re a company that trades under a few different brand names and when communicating with the customer we must always present ourseleves as that brand.

    I’ve yet to see any best pratices for this. In exchange 2000 we setup a bunch of mail enabled public folders (sales, customer services and order processing) for our first client for e-mails to be sent into/from and have replicated this structure ever since. I think I’ve currently got around 200+ mail enabled pf’s now!

    An ideal solution for me would be the ability to setup a shared mailbox* that I could then assign users/groups to, with that mailbox then being accessible by said user with no action on their part.

    Another thing is that I get asked all the time if someone can send an e-mail from their.name@aspecificclient.whatever, to which the answer is no you must send as one of the pf’s for that company. Is it going to be possible to give the ability to users to send from any of their defined e-mail addresses?

    Oh and while I’m on pf’s can we have the ability to manage the client permissions from the pf management tool? Or are we destined to keep a copy of the old system management console around for this purpose?

    *Intrestingly, when I was trying to get a disabled users mailbox to shift from the Exchange 2000 server to the Exchange 2007 mailbox store it came up as a ‘shared mailbox’ in the EMC once transfered. Can anyone enlighten me on why this happened? I was messing with the mailbox security in ADUC before I moved it so maybe I did something I wasn’t supposed to do…

  52. lee says:

    Thanks for the response on the OAB generation and dgoldman’s blog, but I’d already seen that.  That is a manual fix for a process that I would think would be autocorrecting in a redundant scenario.  We did use that to get things working, but I’d consider it a workaround, not a solution.  In a highly available scenarion, that should fix itself.

    Another suggestion, probably a bug.  We’ve noticed that if someone creates a new appointment and unchecks the reminder box (so no 15 minute reminder should be given to recipients), the box is re-checked when the recipients get the meeting (regardless of their default settings).

    Not sure if there’s already a fix in the owrks for this, but it’s generating some support calls from those who hate reminders.  FYI, we are still running OL2003 clients.

  53. Donavin69 says:

    Exmon was a great tool for determining who was using Outlook in Online mode versus Cached mode.  Everything says that Exmon was incorporated into the troubleshooting assistant, however this piece of information still alludes me.  Is there another place I should look for this information, or is it another thing that cannot be found in Exchange 2007?

  54. bday says:

    For those of us trying to do geo-clustering, how about a way to restrict cross-physical-site communication?

    I’d rather not have a MBX server use a HUB server in the remote datacenter if possible since the message it just sent over the WAN may just be going right back to the MBX server it came from over the WAN again. I know we can configure a static list of HUBs to use on each MBX server, but this has issues too; 1) We lose automatic failover to the other HUBs if the ones in the first site go down. 2) You’d have to reconfigure the list every time your MBX server failed over to the other datacenter.

    How about weighting them in some way so we can say … "Use HUB1, HUB2, HUB3 with a cost of 10, then HUB4, HUB5, HUB6 with a weight of 20." Some way of doing this will help us cut down on unnecessary WAN traffic between sites.

    With SP1 installed is it ok to use CNAMEs for MBX–> HUB now in a static list? I could then do something like put the local HUBs by name in the list, then put a round robin CNAME as the last entry. If I had 8 HUB servers (4 physical per site, same AD site) then I’d have 5 entries, 4 real and one CNAME which round robins to the 4 IPs in the remote phsyical site. In theory I could drop the unneeded WAN traffic by 75% this way. At least I think so…

    Thank you.

  55. 1) ADUC integration

    2) An e-mail archiving solution. For example: archive all mail to a dedicated archive database or file structure with search possibilities.

    3) Some level of SLA management on serversdatabases.

    4) An Exchange administrator should be able to force mailbox quotas on database level so that exceptions on mailbox level are not possible anymore.

  56. Elan Shudnow says:

    I agree with Martijn with #2, #3, and #4.  I’d love to see some type of archiving integrated with a management interface through the EMC alongside the other roles or through the toolbox.  I’d also love to be able to somehow force quotas so user quotas are overridden depending on the mailbox they belong to.

  57. johncee53 says:

    Who in Microsoft thinks that we want to go to a Unix-like command window to do our work? We use Microsoft because of "Windows" and GUIs, not for the command line extreme basics. If I wanted to use a command line to do my work, I’d install Unix, or Linux. Get it together, Microsoft!! You broke a lot of fine 3rd party tools, such as Hyena, that allowed me to do most of my work under a single interface. Now I have to learn a new scripting language, a new command shell, and satisfy upper management at how well Exchange 2007 works, and hope they don’t throw a request at me that is going to require spending a week or more burrowed into the bowels of Microsoft support trying to dig up answers!

    (Whining mode = Off)

  58. sailorlena says:

    First off, I agree with JohnCee53.  Powershell is not exactly my cup of tea, although once you get the hang of it, it’s pretty powerful.

    On another note, has anyone found a way to remove conference room bookings from a user that is no longer with the company (account disabled and deleted)?  We use direct booking from resource mailboxes which is working great except when the organizer is terminated.  Then their booking just hangs out in the conference room……..over time, you can see how this would cause an issue.  We’ve been able to use Powershell to remove canceled meetings, so there is less clutter.  But how do we programaticaly remove entries from organizers that are gone?

    Thanks.

  59. Dan Sheehan says:

    I am an IT consultant that has been upgrading Exchange 200X customers to Exchange 2007 customers for some time. So the feed back below is what I am hearing from mulitple sources.

    – Obivously the seperation of Exchange and ADUC is counter intuitive for customers and they aren’t happy about having to switch between two consoles to fully manage their users. While there may have been techinical limitations that forced you to split back out into two consoles, we at the very least woudl like to hear it is a design goal to re-unite them when Windows 2008 ADUC supports powershell (asuming it ever does).

    – The lack of server and mailbox store policies makes if VERY hard for large enviornments to set and enforce consistent management of the systems. Currently yes we can run a powersheel script to set the mailbox size limits and maintenance periods, but that leaves the door open for make a change and take the system "out of spec". The policies kept people from making accidental mistakes.

    I personally see this a step backwards in regards to automating new database and server deployments (drag and drop onto a policy was awesome).

    – The loss of the ability to see what mailboxes, their sizes, recent access methods (including client versions), and the LATENCY was a huge pain for 2 seperate customers who leaned on that quote often.

    – The message tracking system has take a step backwards. I just tracked a message from one server to another, and I couldn’t make heads or tails of the CSV style lines of text being output on teh screen (after being forced to run a wizard?). In 2003 I could simply say "see customer, right there the email was handed off", now I can simply say the system processed the message somehow.

    – Being able to see the Recovery Storage Group object, and make post creation directory changes was a hugh PITA for one customer who had a large number of databases and seemed to be constantly doing restores, and not being able to visually manipulate the RSG, and eing forced to take a wizard’s word for it really slowed them down.

    There are other comments customers have been made, but the overall resounding frustration is that there was a lot of functionality in the 2003 console that is missing in the 2007 SP1 console. They understand that Powershell can help them get some of the data they were looking for (like mailbox information for users in a specific database), but as one admin put it recenlty "Why did Microsoft decide I needed to become a Powershell user to be able to do the things I could do just fine in the 2003 GUI?

    And I would offer if doing some of these tasks is just an easy powershell script, then please by all means add the functionality to the GUI for your less savy end user admins as you already have the backend.

    Dan Sheehan

    MCSE 2003 + Messaging

Comments are closed.

Skip to main content