SP1 whets the appetite of administrators who want to use Exchange Management Console (EMC) and Exchange Control Panel (ECP) to administer various features. More and more features are exposed in the EMC and ECP, helping Exchange Administrators to manage their Exchange 2010 infrastructure.
Exchange 2010 SP1 brings a long list of improvements. This blog focuses mostly on the GUI enhancements both in EMC and ECP.
Deployment switch for roles and features
Deployment is the gateway after which everything else occurs. There has been a lot of work done to improve the setup experience. SP1 brings new options such as the ability for Exchange to install the OS roles and prerequisites. The prerequisite Windows features that are installed by setup are determined by the Exchange server roles selected for installation. Setup uses the appropriate XML Answer files for each server role to install the prerequisites. Only the prerequisites required for the selected server roles are installed by setup as part of the prerequisite check portion of setup before roles are installed.
If you are doing an RTM to SP1 upgrade, the CMD line command to run is “setup.com /m:upgrade /installwindowscomponents” and any of the components that the setup needs from Windows to get you to SP1 will automatically get installed by the system. The GUI equivalent of this is to check the “Automatically install Windows Server roles and features required for Exchange Server” check box. This option also appears on the Server Role Selection page when the Custom Exchange Server Installation type has been selected from the Installation Type page.
Note: If any of the components require a reboot, the system will reboot and at the end of the reboot, you will have to restart setup manually. When setup is launched after the system restart, it picks back up at the point where the restart was required
Choosing your permissions model in Setup
We now have the ability to go back to the AD split permissions model when creating a brand new Exchange organization. By default, Exchange 2010 uses a “shared” permissions model where the recipient administrators have the access rights to create recipient objects in the Active Directory. When deploying a new org, setup will now ask you if you want to go with default Exchange permissions (the RBAC model) or if you want to go with split permissions model where there are separate permissions for AD administrators and separate permissions for Exchange administrators. By selecting the option Apply strict split permissions security model to the Exchange Organization, this behavior changes such that only administrators with explicit rights are able to create recipient objects.
Note: You will only see this when you are doing a brand new organization. To learn a lot more about different permissions models, please see Understanding Split Permissions.
Exchange Control Panel UI improvements
A lot of new functionality has been added in ECP. Administrators don’t necessarily need to bring the full console anymore or if you are not completely comfortable with PowerShell, you now have more management features incorporated into the ECP web interface. You can now do the following under Mail > Options> Manage My Organization or Manage Myself:
- Create and manage mail enabled security groups (Manage My Organization > Users and Groups tab)
- Manage RBAC Roles Groups and User Roles (Manage My Organization > Roles and Auditing tab)
- Create and configure transport rules (Manage My Organization > Mail Control tab)
- Create and configure journaling rules (Manage My Organization > Mail Control tab)
- Manage Exchange ActiveSync policies (Manage My Organization > Mail Control tab)
- Create and manage Allow/Block/Quarantine policies (Manage Myself > Block or Allow)
- Litigation Hold (Manage My Organization > Users and Groups tab | Mailboxes)
Note: In SP1, Administrators no longer need to have a mailbox to be able to access ECP.
The ECP also provides the primary graphical interface for MRM Self-Management (this is located at Options | Manage Myself | Organize E-mail | Retention Policies), Multi-mailbox search (this feature has been improved with more options in SP1), MailTips amongst others.
Manage RBAC Roles Groups and User Roles
Exchange 2010 RTM relied on management tasks in the Exchange Management Shell for managing RBAC, although there was limited management of Role Groups and User Role Assignment available through from the ECP. Exchange 2010 SP1 improves the management experience through ECP although there are limitations to RBAC management that can be accomplished through the ECP. To manage RBAC from the ECP the administrator must have the level of access control granted to the Organization Management role group, or by assignment of the Role Management management role.
The RBAC management interfaces available from the ECP are located on the Roles and Auditing tab as shown below:
From the Roles and Auditing tab there are two secondary navigation tabs, Administrator Roles and User Roles Tab.
The Administrator Role Groups slab includes links to tasks that make it possible to manage Role groups. This is divided into two main sections; the Result pane on the left, and the Detail pane on the right. You can create a new Role Group while simultaneously assigning Management Roles and adding group members, copy an existing Role Group to make an identical new Role Group, remove a Role Group that is no longer needed, add or remove Management Role Assignments to a Role Group, add or remove members of a Role Group, change the Write Scope for all Management Role Assignments made to a Role Group, create a new Role Assignment Policy and simultaneously assign user management roles, add or remove user management role assignments to a Role Assignment Policy and remove a Role Assignment Policy that is no longer needed.
The User Roles tab is used to manage Role Assignment Policies
Admin Audit Log
The ECP provides the primary graphical interface for quickly accessing Exchange 2010 SP1 auditing reports. Using the ECP you can search the admin audit logs to discover who made configuration changes in an organization. The Auditing Reports page in ECP has several reports that you can run to review various types of compliance and administrative configuration changes. You have the ability to run reports on non-owner mailbox access, litigation hold settings, role group changes, and also mailbox and administrator audit logs. Admin Audit Logging must be enabled for audit log entries to be stored in the audit log.
MRM Tasks in EMC
In Exchange 2010 SP1, the MRM tasks which were a part of the 2010 RTM console have been taken out and can only be configured using the Shell. Managed Default Folders, Managed Custom Folders and Managed Folder Mailbox Policies are part of Message Records Management (MRM 1.0), whereas Retention Policies and Retention Policy Tags are part of MRM 2.0. Both MRM 1.0 and 2.0 are available in 2010 RTM, but Managed Default Folders, Managed Custom Folders and Managed Folders Mailbox Policies are exposed in the console. Exchange 2010 SP1 provides management tools and workflows for migrating users from managed folders to retention tags. The features exposed in the 2010 SP1 console are Retention Policies and Retention Policy Tags.
When focused on the Mailbox node, there are two tabs for managing MRM that appear in the Result pane (center): Retention Policy Tags and Retention Policies.
The EMC also includes a wizard to aid administrators in creating a new retention tag that applies the retention functionality of a specified managed folder.
Public Folder Management Console
The Manage Public Folder Settings wizard is a new feature available from the Exchange 2010 SP1 Public Folder Management Console that makes it possible to accomplish updating client permissions on a selected folder and optionally update the permissions on all subfolders to match. There is also an option to propagate public folder settings from a parent folder to all subfolders.
The wizard is started by selecting the public folder to manage from the public folder tree, and then by clicking the Manage Setting link from the Actions pane, or by right-clicking the public folder and selecting the link from the contextual menu. This opens the Introduction page as shown below. These options are mutually exclusive, meaning you can only select one or the other, and contextual, meaning the options change depending on the public folder that has been selected.
The purpose of this is that you can, like you could in Exchange 2003 ESM, modify permissions on let’s say a parent folder, and then use the wizard to propagate the changes down the Public Folder tree.
The Specify Action page allows you to select two options:
Lastly, the Assign Permissions page allows you to grant access to public folders.
Additionally, similarly to functionality in Exchange 2003 ESM, if you pull up properties of any public folder now, the permissions tab is exposed there too.
SP1 includes EMC enhancements for managing DAGs. New fields and controls have been added to DAG properties. To access the properties for a DAG, from the EMC, navigate to the Mailbox node in the console tree. From the Result pane, select the Database Availability Group tab. From the list of DAGs displayed in the result, select the DAG to manage. From the Actions pane, select the Properties link or right-click the DAG and select the link from the contextual menu. The “General” tab exposes the option to specify an Alternate Witness Server and directory. The IP Addresses tab makes it possible to manage IP Addresses for the underlying DAG cluster as shown below. The “Operational Servers” tab gives us the list of servers that are operational in the DAG. It’s a read-only tab.
Many of the new features and functionality for Exchange 2010 SP1 centers on changes required to support Exchange service offerings through Microsoft Online Services. The EMC includes several wizards and controls for managing archive mailboxes
- New Mailbox Wizard – includes a page to specify archive mailbox and the location of the mailbox
- Enable Archive control – makes it possible to archive mailbox enabled an existing mailbox enabled account
- Disable Archive control – makes it possible to disable the archive mailbox for a mailbox enabled account
- Disconnected Mailboxes – makes it possible to reconnect an archive mailbox to the owning mailbox enabled account
- Mailbox properties – used to manage the related properties of an archive mailbox enabled account
- New Move Request wizard – makes it possible to move the primary and archive mailboxes together or independently
These wizards and tasks are available from the Mailbox node under Recipient Configuration in the console tree (except for Disconnected Mailboxes which is a separate node under Recipient Configuration). They appear in the Actions pane on the right, or are available by selecting and right-clicking the object to manage.
Many archive mailbox properties can be managed from the property pages of the associated primary mailbox. To open the property pages, select the mailbox to manage and the select Properties from the Actions menu, or right-click the mailbox and select Properties from the contextual menu. This opens the property pages starting on the General tab.
From the Mailbox Features tab you can access the Archive feature as well as see its current status. From the Mailbox Settings tab you can access the Archive Quota settings.
The Exchange 2010 SP1 version of the New Local Move Request wizard makes it possible to move the archive mailbox independently of the primary mailbox. Exchange 2010 SP1 supports:
- Primary and Archive On-Premises (Same DB)
- Primary and Archive On-Premises (Different DBs)
- Primary and Archive in the Cloud
- Primary On-Premises and Archive in the Cloud
Start the wizard by selecting the mailbox object that owns the archive mailbox to move and then select New Local Move Request from the Actions menu. You can also right-click the mailbox and select New Local Move Request from the contextual menu.
Resetting Client Access Virtual Directory
In Exchange 2010 SP1, you can use the new Reset Client Access Virtual Directory wizard to reset one or more Client Access server virtual directories. The wizard is available from the Client Access node under Server Configuration in the console tree. In addition to resetting virtual directories, the wizard creates a log file that includes the settings for each virtual directory that you choose to reset.
You can launch the UM Reporting features via EMC Toolbox. Call Statistics and User Call Logs are the 2 features that have been added.
Below is a screenshot of the Call Statistics report:
The below screenshot depicts a User Call logs report:
In SP1, we have made a change to allow the admin to set the UM server for the dial plan during the creation of the dial plan (wizard).
There are a ton of additional features in Exchange 2010 SP1 that are worth reviewing, some of which may jump out as being more important in your environment than many of the ones that are listed here.
Hope you found this overview useful,