Two big pieces of news hits the Blackberry administrators and users today:
Read more here:
Are you using Internet Explorer 8? Whelp, you’re now officially running Legacy software! 
IE9 released to the Microsoft Download Center tonight:
Windows Vista / Server 2008:
Windows 7 / Server 2008 R2:
I’ve been using this for a while and after getting over a few bumps and learning curves, I can now say I really like it!
Read more about it here: http://microsoft.com/ie
Exchange Connections is 
an event held twice a year for the purpose of learning about Exchange Server and meeting other professionals working with the technology. It is held alongside several other “Connections” events and has always been a lot of fun!
For a list of sessions checkout this link:
http://www.devconnections.com/conf/sessions.aspx?s=163
If you’re planning on attending, please come say hello. I will be delivering the following sessions:
| EXC13: Forefront TMG Client Access Publication and Edge Transport Integration During this session, Mike will cover two aspects of Exchange and TMG integration. In the beginning, he’ll discuss the installation procedures and configuration requirements of TMG and Edge’s residence on the same server. In the second half, he’ll demonstrate the steps of publishing Exchange client access through TMG. |
| EXC14: Information Rights Management Explored During this session, we will discuss and then demo IRM and S/MIME, the infrastructure requirements for both, the pros and cons, and configuration. |
| EXC15: Office 365 This session will cover capabilities, migration, and administration of the Office 365 and Live@EDU environments. It will include demonstrations and best practices. |
Microsoft has released another great poster; this time for the new Hyper-V architecture within Windows 2008 R2 Service Pack 1.
You can download it by clicking here:
| 1. Navigate to: Computer Configuration\Preferences\Windows Settings\Files |  |
| 2. Right-click the “Files” node and select:
New > File
|
 |
| 3. Select Replace
4. Type in the UNC path for your source file.
•In my example I used:
\\Srv1\Share\CompanyLogo.jpg •Remember this file needs to be <256K
•Also understand the permissions on this share need to allow the workstation’s computer account READ. If you leave the usual “Authenticated Users” you’ll be fine.
5. For the Destination File, type this exact text (without the quotes, and no line breaks):
“%windir%\system32\oobe\info\backgrounds\backgrounddefault.jpg”
|
 |
| 6. Click the “Common” tab
7. Select “Remove this item when it is no longer applied”. This will ensure your file is removed if:
•The GPO is deleted or disabled
•The workstation is moved to another OU where the policy is not linked
•The policy is filtered out
•You update your policy to send a new wallpaper file
|
 |
| 8. Optionally: Select Item-level targeting to specify only Windows 7 computers. This will ensure your file isn’t sent to versions of Windows that wouldn’t make use of it anyway. |  |
Imagine you wanted to run a quick report of all your server’s service pack level in your domain. After all, SP1 just came out! You could get this information quickly by using the Active Directory Module for Windows PowerShell. If you don’t have at least one Windows 2008 R2 (RTM or SP1) Domain Controller, you could also do something similar with the free Quest PowerShell tools, but that’s for another day…
We can find this information using a few different methods. Here I’ll show two:
Method 1
Get-ADComputer -Properties OperatingSystem, OperatingSystemServicePack -Filter * | Where-Object {$_.OperatingSystem -like '*server*'} | Format-Table name, oper* -autosize
|
You can see with Method 1, we’re telling PowerShell to get all the computer accounts from Active Directory. Then we pass those objects over to the “Where-object” cmdlet and ask it to select only those who have an OperatingSystem attribute containing “server”. We then format the results in a table. Give it a try.
Not too shabby; but let’s make it better!
Method2
Get-ADComputer -Properties OperatingSystem, OperatingSystemServicePack -Filter {OperatingSystem -like '*server*'} | Format-Table name, oper* -autosize
|
In Method 2, we’re making smarter use of the –Filter switch. So instead of getting ALL the computer accounts, we do our filtering up-front. This can lead to significant amount of time saved!
How much time, you ask? Well, we can find out with the “Measure-Command” cmdlet. Just put any command string in {} and it will tell you how long it took to run!
Here are the results from a small environment with fast servers. 677 milliseconds isn’t bad, but when you compare it to 73, you can begin to appreciate the potential.
One last thought: You may wish to add this extra code to make your output prettier. It will organize your results first by operating system and then by name:
Get-ADComputer -Properties OperatingSystem, OperatingSystemServicePack -Filter {OperatingSystem -like '*server*'} | Sort-Object operatingsystem, name | Format-Table name, oper* -autosize
|
A while back, I complained about the difficulty in obtaining the necessary hotfixes for Exchange 2010’s Service Pack 1. I just took a peek at the “Hotfixes and Security Updates included in Windows 7 and Windows 2008 R2 Service Pack 1 (http://go.microsoft.com/fwlink/?LinkId=194725)” article and verified all necessary hotfixes are within.
So if you’re planning on Installing Exchange 2010 SP1, it may save you time to install Windows 2008 R2 Service Pack 1 first.
Just a quick note to remind everyone that Service Pack 1 for Windows 7 and Windows 2008 R2 has just now become available for download on TechNet & MSDN.
If you don’t have a TechNet or MSDN subscription you should see it on the Microsoft Download sites next Tuesday. [EDIT: Here is the download Link]
Be sure to check with each product group before installing this. Obviously it is supported with the OS itself (clustering, Hyper-V, RDS, etc) but you should seek a direct support statement like the one the Exchange group published.
You should also validate your 3rd party applications. You’ll note there may be some issues with VMware, for example…
For more information such as release notes or articles on what’s new, visit this page:
Windows Server 2008 R2 Service Pack 1
Finally, here is a screenshot:
Version 6.1.7601 Service Pack 1 Build 7601
I realize I haven’t posted in a while. I hope I haven’t lost my place in anyone’s RSS reader! I’m working on several articles, but it’s been very busy at Planet Technologies, and I’ve struggled to find much “blog time”. 
We’ve actually been so busy, I’m looking for consultants to join our team and help me out! Sadly, in my search for qualified individuals, I have been amazed at how many horrible resumes I have encountered!
I wanted to take a moment to pass along some pointers, for any of you looking for work in the fun and exciting field of Information Technology!!
Note: This is my personal rant opinion and not necessarily the opinions of my employer. 😉
| Do: | Understand a resume is a sales brochure; not a database of all facts about you. |
| Why: | Look up the acronym: TLDNR |
| Don’t: | List old irrelevant technologies (unless you invented them). |
| Why: | It can make you seem out of touch; a horrible designation in the technology business. |
| Examples: | Windows 95, DOS, |
| Don’t: | List old certifications unless you also have the accompanying newish ones. |
| Why: | It may suggest you are no longer motivated. |
| Examples: | NT4 MCSE |
| Don’t: | Try to stretch a single technology into many |
| Why: | We may be proud of the new checkbox we learned about last week, but it by itself doesn’t warrant precious resume real estate. Besides, nobody is doing a resume search for “DHCP Administrator” anyway! |
| Examples: | A simple “Windows Networking” is instead represented as: DNS, DHCP, WINS, Ethernet. |
| Don’t: | List model numbers. |
| Why: | This shows you are desperate to fill the page. Additionally, they are likely to become obsolete quickly. |
| Examples: | PowerEdge 1850, Cisco 2800 |
| Do: | Create multiple resumes for different purposes and understand what terms can be searched in wherever you’re submitting. |
| Why: | You may be happy with a consulting gig or landing a nice comfy admin position. These resumes should not look alike. |
| Do: | Offer to provide a project-based resume upon request. |
| Why: | It shows you’re happy to talk shop with the right audience, but you acknowledge the person reading the resume may not appreciate the extra clutter. |
| Do: | List your resume with multiple websites. |
| Why: | Employers have to pay to use Monster, Career Builder, Dice, etc. and may not have multiple subscriptions. |
| Don’t: | List the names of utilities on your resume. |
| Why: | A constructor doesn’t list each tool on his tool belt and you shouldn’t be either. |
| Examples: | ipconfig, msconfig, ADUC, etc. |
| Do: | Understand there are no rules; despite what you learned in school or heard on TV. |
| Why: | Employers are going to Google you, perhaps your address or school and form opinions based on the information you expose. This could be direct or indirect. Life isn’t fair, but you can be prepared and market yourself accordingly. |
| Do: | Be aware, if submitting resume online, it doesn’t need to be visually striking. Crazy fonts, weird paragraph lines don’t help. |
| Why: | It can make it difficult to read. |
| Do: | List acronyms AND their full meaning. |
| Why: | Employers may search for “System Center” and it’d be a shame if they missed you because you put “SCCM”. The reverse is also true. |
| Examples: | AD, Win2k8, E2k7 |
Below are some screenshots from a popular job search engine. As you can see, there is no leetspeak translation feature! You may wish to consider this “employer view” when trying to optimize your resume for employer’s searches:
Happy New Year everyone!
It looks like a couple weeks ago, RIM updated the Blackberry Desktop Software to support 64-bit versions of Microsoft Outlook!!
This is great news for me, as I have been waiting for a while.
Download for yourself here (version 6.0.1.18).
For various reasons I’ve found myself needing to fix customer sites where the User Principal Name (UPN) was not present for AD user accounts.
Most frequently this is because the environment was once NT4, which did not require this attribute. Whatever the reason, I’ve fixed it using PowerShell.
If you don’t have 2008 R2 domain controllers you can use the free Quest PowerShell add-ins downloaded here.
If you DO have 2008 R2 domain controllers you can use the native Active Directory Module for Windows PowerShell.
Below is a script you can use for either scenario. This will take all users with missing UPNs from the “My Users” OU in the “contoso.local” domain and set their UPN to username@contoso.local
Quest:
Get-QADUser –SearchRoot “contoso.local/My Users” -UserPrincipalName $null -SizeLimit 0 | % {$CompleteUPN = $_.samaccountname +"@contoso.local"; Set-QADUser -Id $_.DN -UserPrincipalName $CompleteUPN}
2008 R2 Native:
Get-ADUser -Filter {-not (UserPrincipalName -like '*')} -SearchBase 'OU=My Users,DC=contoso,DC=local' | % {$CompleteUPN = $_.SamAccountName + "@contoso.local" ; Set-ADUser -Identity $_.DistinguishedName -UserPrincipalName $CompleteUPN}
In a previous post, we took a look at Microsoft’s Forefront product line and saw where the new server management tool: Forefront Protection Server Management Console (FPSMC) fit in. In this article, we will install FPSMC.
Before we start clicking, I’d like to point out a few important notes:
As well as some system requirements:
You’ll also want to create a service account for the encryption of data between primary and backup servers.
Once you’ve got the above prerequisites in place, you’ll run the setup file and complete the product installation. In the below demonstration, I did not deploy a SQL server, so the installer configured SQL 2008 Express on my behalf. Additionally, if you do not have the Chart Control component listed above, you’ll be given a link to go get it.
Here are the installation screenshots:
![clip_image002[4]](https://mikecrowley.us/wp-content/uploads/2010/12/clip_image0024.jpg "clip_image002[4]")
![clip_image006[4]](https://mikecrowley.us/wp-content/uploads/2010/12/clip_image0064.jpg "clip_image006[4]")
![clip_image008[4]](https://mikecrowley.us/wp-content/uploads/2010/12/clip_image0084.jpg "clip_image008[4]")
![clip_image010[4]](https://mikecrowley.us/wp-content/uploads/2010/12/clip_image0104.jpg "clip_image010[4]")
![clip_image012[4]](https://mikecrowley.us/wp-content/uploads/2010/12/clip_image0124.jpg "clip_image012[4]")
![clip_image014[4]](https://mikecrowley.us/wp-content/uploads/2010/12/clip_image0144.jpg "clip_image014[4]")
![clip_image016[4]](https://mikecrowley.us/wp-content/uploads/2010/12/clip_image0164.jpg "clip_image016[4]")
![clip_image018[4]](https://mikecrowley.us/wp-content/uploads/2010/12/clip_image0184.jpg "clip_image018[4]")
Once the installation has completed, a program shortcut will be placed in the Start menu’s program list. You can launch FPSMC from here, or directly via the following hyperlink:
In the next article, we’ll discuss adding and managing servers running Forefront Protection for Exchange 2010.
It’s not often that you’ll need to convert a mailbox to a mail-user, but when you do, you’ll soon realize the steps go like this:
1. Mail-Disable the user (delete the mailbox)
2. Mail-Enable the user
So what’s the problem? The problem is twofold:
As we can see, you are not able to pass mailboxes to the Enable-MailUser (as you are able to do in reverse):
I’ve written a script to solve these problems. Before you run with it, you do need to make one decision:
What do you want the mail-user’s external email address to be?
The below script takes the user’s mailbox alias and then appends @domain.com. You may wish to modify this with whatever their new external address has become.
You’ll also notice I’m using a static domain controller for all configurations. I have found in my testing, that if you do not pick the same DC for all operations, the script could out-run replication.
$DomainController = (Get-ADServerSettings).DefaultConfigurationDomainController.domain
$MailboxList= Get-Mailbox
foreach ($Mailbox in $MailboxList) {
Disable-Mailbox -Id $mailbox.Identity -Confirm:$False -DomainController $DomainController
Enable-MailUser -Id $mailbox.Identity -ExternalEmailAddress ($mailbox.alias +"@domain.com") -DomainController $DomainController
Set-MailUser -Id $mailbox.Identity `
-DomainController $DomainController `
-CustomAttribute1 $Mailbox.CustomAttribute1 `
–CustomAttribute2 $Mailbox.CustomAttribute2 `
–CustomAttribute3 $Mailbox.CustomAttribute3 `
–CustomAttribute4 $Mailbox.CustomAttribute4 `
–CustomAttribute5 $Mailbox.CustomAttribute5 `
–CustomAttribute6 $Mailbox.CustomAttribute6 `
–CustomAttribute7 $Mailbox.CustomAttribute7 `
–CustomAttribute8 $Mailbox.CustomAttribute8 `
–CustomAttribute9 $Mailbox.CustomAttribute9 `
–CustomAttribute10 $Mailbox.CustomAttribute10 `
–CustomAttribute11 $Mailbox.CustomAttribute11 `
–CustomAttribute12 $Mailbox.CustomAttribute12 `
–CustomAttribute13 $Mailbox.CustomAttribute13 `
–CustomAttribute14 $Mailbox.CustomAttribute14 `
–CustomAttribute15 $Mailbox.CustomAttribute15
}
(add more attributes if necessary, but remember that since you aren’t deleting the Active Directory object itself, most attributes remain…)
UPDATE: It looks like this is scheduled to release 12/17.2010 (FEP and FPSMC are due to launch together)
UPDATE2: RTM: http://blogs.technet.com/b/clientsecurity/archive/2010/12/16/announcing-the-release-of-forefront-endpoint-protection-2010.aspx
—————————————————————————————-
Recently I wrote about changes to Microsoft’s file-level antivirus product, FEP. This is just a quick update to inform everyone that Forefront Endpoint Protection 2010 is now in release candidate stage and is due to RTM in December.
Additionally, this will release with the Forefront Endpoint Protection- Security Management Pack, for those of you using SCOM.
Read more here: http://blogs.technet.com/b/clientsecurity
I try to avoid reposting other people’s blog articles, as I am a man of efficiency and do not appreciate the extra clutter on the internet. 
However sometimes I cannot resist!
In a previous post, I claimed Microsoft’s Network Monitor was my favorite protocol analyzer. Recently I learned about a site with several instructional videos on this product; which is good, because using a protocol analyzer is anything but intuitive!
Apparently some of the videos date back to the ancient times of 2008, but there are fresh ones included as well:
To view them, check out this site:
Mike Crowley's Whiteboard 
