Exchange SSL certificates for IMAP and SMTP

If you’ve got an Exchange Server 2007 implementation, have you installed certificates for SMTP and IMAP (if you’ve enabled IMAP)?  Exchange will generate self-signed certificates (good for one year), but you’d be better off putting your own certificates on to prevent client application errors related to invalid or expired certificates.  Since IMAP is made available through the Client Access Servers, you can easily add an additional Subject Alternative Name (SAN) for IMAP, such as imap.mail.mycompany.com, to the Unified Communications certificate that you’ve already got installed to cover Outlook Web Access and Autodiscover. 

If you’ve got the Hub Transport role on the same server, then you can easily add another SAN to the same certificate…otherwise, you’ll need another certificate for your Hub Transport servers.  I’d recommend using a Unified Communications certificate here as well, so you can include both the individual server names and an alias such as smtp.mail.mycompany.com.

MS KB 929395 details the Unified Communications certificate providers that Microsoft has recognized.  I’ve personally been using Digicert with great results.  You can find some information about how to create the Exchange Server 2007 Unified Communications CSR here and how to install the certificate here.

Scheduled task for EVAPerf

Note:  This information is based on a Gen 1 EVA…things are not necessarily the same with newer generations.  Your mileage may vary.

If you’ve got HP EVAs as your storage platform, you’ve probably heard of EVAPerf at some time or another…

Sure, you can run EVAPerf interactively now and then to gather data on your EVAs, but what about running it as a scheduled task and keeping a month or three or more of daily output files?  You can easily do that using a scheduled task on the server running Command View and the two scripts attached here.  That way you actually have the data when you need it, usually when something goes wrong in your EVA environment.

The first script is a simple VBScript that deletes files older than XX days from directory YY.  You specify both items and it just works.  In fact, both items you need to put are in a single line in the script!  The line below assumes that you’ve created a “Data” folder inside of your “EVA Performance Monitor” folder…why not.  30 days of data will be retained with this entry.

Call CleanDirectory(”C:\Program Files\Hewlett-Packard\EVA Performance Monitor\Data”, 30)

The second script is a batch file that calls the VBScript cleanup script and then actually runs the EVAPerf command.  You’ll need to have done your homework first on setting friendly names and so forth on your EVAs, but your local HP storage support team should be able to assist with that if you don’t already have that done.

The second script does a few nice things for you.  First of all, it automatically generates a new file name daily with date/time in the file name.  Not as easy from the command line as in VBScript or Powershell, but it can be done.  The script also clears the counters on the EVA and then runs the EVAPerf command.  You’ll want to pay attention to make sure you edit the EVA WWN correctly, and you might even want to not clear counters.  Again, up to you and local support.

Put both scripts, once you’ve edited them, in a folder named “Scripts” inside your “EVA Performance Monitor” folder and then create a scheduled task to run the batch file.  The account you use to run the batch file needs to be a local admin on the server where the scripts (and Command View) are running as well as a storage administer.  How you go about setting that up depends on whether or not you have your Command View server in your Active Directory domain (all new installations) or if its in a work group (older SA based installations). 

Configure the scheduled task to run once daily, I’d suggest midnight local time.  Then configure it to only run for 23 hours and 58 minutes.  That makes sure you get a new run daily, with a new file.

Pay attention to the following lines which require editing in the batch file:

• set filename (put your EVA name in here)
• The line where counters are cleared (put your EVA name here)
• The line where the actual EVAPerf command is issued (put your EVA WWN here).  Note that you may want to change what EVAPerf data you are collecting here.

Here’s a whitepaper on EVAPerf (happy reading):  whitepaper

Get the scripts here…

  EVAPerf.zip (1.5 KiB, 1,296 hits)

Disabling Active Directory User Accounts, Part 2

As a followup to the Disabling Active Directory User Accounts, Part 1 post, here’s a Powershell script that will disable multiple accounts for you by using a CSV input file.

Scipt features:

• The username of the the administrator running the script is recorded in the text file that lists all of the groups the account was removed from.
• An email is automatically created and sent to the configured recipients (such as the AD Administrators group and/or Information Security…), which is fantastic from an end-to-end accountability and auditing point of view (who did it, when did they do it and why…)
• Disables the specified AD account
• Hides the mailbox from the Global Address List
• Removes the account from all groups it was a member of
• Creates a text file log of all groups the account was a member of
• Sets the password to be changed at the next login
• Sets the disable date in the “Title” field (an unused field in my organization)

Just find the following variables in the script and change them accordingly:

• $SourceFile = “\\MYSERVERPATH\account_disables_input.csv”
  • This is the full UNC path to the CSV input file
• $EmailReportFile = \\MYSERVERPATH\Account_Disables_Report.txt
  • This is the full UNC path to where you want the report saved (this is what is emailed out)
• $domain = “LDAP://dc=DOMAIN,dc=local”
  • The LDAP bind URL for your domain…
• $To = “someone@mycompany.com”
  • SMTP addresses, comma seperated, of who you want the report emailed to
• $SmtpClient.host = “smtp.mail.mycompany.com”
  • The SMTP host name to handle your email report (your Exchagne 2007 Hub Transport server(s) or Exchange 2003/2000 front-end server(s) typically, make sure you can perform anonymous relay internally though….)

 Download the script here…

  Disable-ADAccountsMultiple.zip (3.2 KiB, 1,315 hits)

• 

• Translator

• Categories

  • Active Directory (13)
  • Certification (2)
  • Data Protection Manager 2007 (7)
  • Exchange Server 2007 (26)
  • Microsoft Office Communications Server 2007 (1)
  • Networking (3)
  • Operations Manager (24)
  • PKI & Certificate Services (2)
  • Powershell (10)
  • Server Hardware (5)
  • Storage (4)
  • Visual Basic Script (3)
  • Windows Server 2003 (6)
  • Windows Server 2008 (4)

• Tag Cloud

  • Active Directory | AD LDS | ADAM | Agents | Alerts | antivirus | bug | C-Class Blades | CCR | Certification | Cisco | Cluster | Clustering | Data Protection Manager 2007 | Data Warehouse | DBCreateWizard | dbdsutil | DHCP | DNS | Doh! | Error 5 | EVA | Event Logs | Exchange | Exchange Server 2007 | Fibre Channel | ForeFront | HBA | Health Service | HP | iLo | IMAP | Management | Management Pack | MOSS | Operations Manager | Overrides | PKI & Certificate Services | Powershell | Printers | Reboot | Recipients | Registry | robocopy | Root Server | SAN | Scripting | SDDL | secedit | Self Tuning Threshold | Servers | Sharepoint | SMTP | SSL | strange | Terminal Services | Tools | Updates | Virtualization | VPN | VSS | Whitepaper | Windows Server 2008 |

• Blogroll

  • Ramblings of the Mad Cow

• Archives

  • September 2009
  • August 2009
  • April 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • July 2008
  • June 2008

• Users Online

  • 5 Users Online