Monday, 3 December 2012

After migrating distribution list from exchange 2003 to exchange 2010, Owner of the DL can't have permission to manage the DL

After migrating distribution list from exchange 2003 to exchange 2010, Owner of the DL can't have permission to manage the DL

First of all we should make sure that all the DL should be convert to Universal and upgraded to Exchange Server 2010 and then follow the below steps to resolve the issues.

One question I got in response to my article “Group owners cannot manage distribution groups once migrated from Exchange 2003 to 2010” was the steps required to tweak the default role assignment policy so that the owners can modify the groups, but users cannot create or delete distribution groups.
Let me explain the steps required, which have to be done in the Shell. The permissions to create/modify/delete distribution groups are in the default role named “MyDistributionGroups”. Hence, all we need to do is to take away the role entries which gives users right to create and delete a distribution group (New & Remove-DistributionGroup cmdlets). But, we don’t want to mess with the default roles and hence we will create a new role which is a child of “MyDistributionGroups”. I will name it OwnersCanModifyDistributionGroups.
Run the command below in the Shell to create the role.
New-ManagementRole -Name OwnersCanModifyDistributionGroups -Parent MyDistributionGroups
Create a new management role
Now we need to remove the new & remove-distributiongroup cmdlets from the management role. Run the following in the Shell.
Remove-ManagementRoleEntry OwnersCanModifyDistributionGroupsNew-DistributionGroup
Remove right to create a DG
Remove-ManagementRoleEntry OwnersCanmodifyDistributionGroupsRemove-DistributionGroup
Remove right to delete DG
Now that the custom role is ready, we need to add it to the default role assignment policy. This assumes that you don’t have “MyDistributionGroups” role in the policy. If you have, you need to delete it. Easiest is to use the ECP & remove the check box (follow my article mentioned in the beginning) if you are not comfortable with Shell. Run the command below to add the role to the default policy.
New-ManagementRoleAssignment -Role OwnersCanModifyDistributionGroups -Policy "Default Role Assignment Policy"
Add the new role to default policy
That’s it. Users can now modify the distribution groups they own, but can’t create or remove distribution groups
 

Converting and upgrading distribution groups

Converting and upgrading distribution groups

When migrating to Exchange 2010 from Exchange 2003, you may be carrying over several mail-enabled non-universal groups. These groups will still function, but the administration of these objects within the Exchange tools will be limited. In addition, several distribution group features provided by Exchange 2010 will not be enabled for a group until it has been upgraded. This recipe covers the process of converting and upgrading these groups within the Exchange Management Shell.

How to do it...

  1. To convert all of your non-universal distribution groups to universal, use the following one-liner:
    Get-DistributionGroup -ResultSize Unlimited ` -RecipientTypeDetails MailNonUniversalGroup | Set-Group -Universal
  2. Once all of your distribution groups have been converted to universal, you can upgrade them using the following command:
    Get-DistributionGroup -ResultSize Unlimited | Set-DistributionGroup -ForceUpgrade

 

Daily Exchange Health Checklist

Daily Exchange Health Checklist

 
Here a few daily tasks that I perform each morning after a cup of coffee to ensure that my Exchange environment is running smoothly. This has proven very helpful in preventing many issues with my Exchange servers. I came up with the list while managing Exchange 2000/2003 environments but it still helps me with Exchange 2007 as well. Hope it will help others out there.
  • Check event viewer for warnings/errors on all Exchange Servers
  • Check for database fragmentation
  • Check postmaster mailbox for NDRs
  • Check exchange statistics
  • Check bad mail folder for trends
  • Check OS status on Exchange boxes
  • Check if plenty of disk space is available on all BE & FE servers
  • Check for cluster failover in cluster admin
  • Check message load in the queue viewer
  • Check OS/Exchange Services
  • Check results of real-time performance monitoring for all servers
  • Review event, performance vs. anti-virus logs
  • Track message for security project
  • Verify integrity of Exchange Store