What’s new in Exchange 2010 with the latest Service Packs?

January 20, 2012 at 4:26 pm | Posted in Microsoft, Technical Tips | Leave a comment
Tags: , ,

Although it hasn’t been too long since Exchange 2010 SP1 was rolled out, Exchange 2010 SP2 was recently released. When reviewing the changes between service packs, you need to remember that changes are cumulative, and features introduced in SP1 will be rolled into SP2. I’ve prepared an overview of the enhancements featured in both service packs that you might find the most helpful in your daily work or in preparing for an exam.

We live our lives under the microscope. As an Exchange administrator, you will need to track changes made for regulatory compliance. Exchange 2010 SP1 allowed enhanced auditing ability. Audit logs are accessed using the Exchange Control Panel (ECP) Auditing Reports page or the Search-AdminAuditLog or New-AdminAuditLogSearch cmdlets. The new audit abilities of the Exchange service packs allow you to discover who logged into a mailbox and what actions were taken there. You can now track mailbox access by mailbox owners, delegates, and administrators, check whether a message was moved or deleted, and discover whether, when, and how a mailbox folder or message was accessed.

If you had to place a litigation hold on a mailbox, you could not remove the mailbox or disable the mailbox while the mailbox has a litigation hold. However, SP2 now allows you to bypass this restriction by using the IgnoreLegalHold switch parameter when removing or disabling the mailbox with the Disable-Mailbox or Remove-Mailbox cmdlets.

There are several enhancements to your ability to track messages with the latest Exchange 2010 service pack. There are new event log entries, alerts, and performance monitor alerts that can be used to monitor and troubleshoot message tracking. You can get logs of every operation that was executed by a Client Access server processing a delivery report request to ensure detailed tracking.

You can use the Exchange Control Panel (ECP) to manage Exchange ActiveSync devices. You can use the ECP to allow or block a specific mobile phone or device for a specific user. You can set up alerts when a mobile device is quarantined.

With SP2, a mini version of Outlook Web App has been rolled into the interface. It was designed to work with a mobile operating system so that users can perform most e-mail actions from a mobile device, and relies on Basic authentication. To access the mini version of Outlook Web App, append /oma to your Outlook Web App URL. For example, if your Outlook Web App URL is https://mail.nutex.com, the URL for the mini version of Outlook Web App would be something like https://mail.nutex.com/owa/oma.

You now have wizards to help streamline the process of configuring a hybrid deployment between an on-premises organization and Office 365 Exchange organization. The new Hybrid Configuration Wizard creates the foundation for the hybrid deployment. The Manage Hybrid Configuration wizard configures your Exchange organization for the hybrid deployment.

You should review the permission enhancements rolled out with Exchange 2010 SP1. With the new enhancements, you can limit which databases certain administrators can manage and control via database scopes. Unfortunately, this feature is not backwards compatible to Exchange 2010 RTM. Database scopes cannot be viewed, modified or deleted from Exchange 2010 RTM servers.

Exchange administrators and Active Directory administrators have separate duties. Exchange administrators should not have permissions for Active Directory, and Active Directory administrators should not have permissions for Exchange. The default model of Exchange 2010 uses the shared permissions model, which does not separate the management of Exchange and Active Directory objects within the Exchange management tools. Starting with Exchange 2010 SP1 you can separate Exchange management and Active Directory management with the split permissions model. There are two ways to configure split permissions. You can have RBAC split permissions, which has the RBAC controlling who can create security principals in the Active Directory domain partition. You can also have Active Directory split permissions, which limits the creation of security principals in Active Directory (such as mailboxes and distribution groups) to Active Directory management tools; it cannot be performed using RBAC.

With Exchange SP1, Outlook 2007 and above clients could automatically map to any mailbox which the user had Full Access permissions. This was great, but if the user has Full Access permissions to a lot of mailboxes, performance issues could occur. Oops! With Exchange SP2, you can turn of the auto-mapping feature with the Automapping=False parameter of the Add-MailboxPermission cmdlet

If you had a damaged file on a virtual directory that caused an issue, you can now use the Reset Client Access Virtual Directory wizard in SP1 to reset the Client Access server virtual directory.

Several features added in SP1 and above address troubleshooting of mailbox issues. One of these is the New-MailboxRepairRequest cmdlet, which  detects and repairs mailbox and database corruption issues.

SP1 added some new scripts that can help you monitor and manage your Exchange environment. The Troubleshoot-DatabaseSpace.ps1 script is used to monitor mailbox database log size, and head off performance issues due to excessive growth. The StartDagServerMaintenance.ps1 script is used to take a DAG member out of service for maintenance. This script moves active databases off of the server and block databases from moving to that server. It moves all critical DAG support functionality on the DAG member that is out of service to another server and blocks the critical DAG support functionality from moving back to the server. The StopDagServerMaintenance.ps1 script reverses this action and restores DAG support functionality. CheckDatabaseRedundancy.ps1 checks the redundancy of replicated databases, and generate events if database resiliency is found to be in a compromised state.

For one-stop shopping on the Exchange 2010 Service Packs and other issues with Exchange, here are top-level resources:

The Exchange Team Blog’s: You had me at EHLO

What’s New in Exchange 2010 SP1

What’s New in Exchange 2010 SP2

Discontinued Features

Until next time,

—George Monsalvatge, who is not auditing your mailbox… yet

Leave a Comment »

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: