I knocked this up a while back and was expecting it to be put on the msexchangeteam blog, but it didn't appear. So here it is instead ;-) I have only tried this on Exchange 2003. In the next month or so I will get a chance to see what Exchange 2007 does. Enjoy and let me know what you think. Hope it helps anyway!
UPDATE: You can download the word document here: http://files.flaphead.dns2go.com/auditing_exchange.zip
Auditing has become an essential part of Exchange management. In any Exchange deployment, it is critical to understand what changes to the Exchange topology are taking place to ease troubleshooting efforts and to document changes in your environment. Exchange does not directly have its own internal auditing, but relies on the auditing in Active Directory due to the fact that all configuration data for Exchange is stored there. This auditing information is stored in the SACL for each object in Active Directory.
The AD Security Part 1 document located at http://www.microsoft.com/downloads/details.aspx?FamilyID=f937a913-f26e-49b5-a21e-20ba5930238d&displaylang=en explains how to audit Active Directory as a whole. Exchange on the other hand, requires its own auditing to track any Deletions, Creations, or Modifications of any object within your Exchange Organization.
Proactively enabling auditing before a major incident within the organisation will not only save time and money in investigating issues, removing one or more administrators from daily operations, but maintain business continuity while an investigating is underway.
With Exchange you need to audit in potentially three places. The Active Directory, each Exchange Database Store and the local Exchange server. Each has a different place to enable auditing and a limited selection of things you can actually audit.
NOTE: Logging you can’t actually prove that someone has done something wrong. It can really only be used to indicate something is not right and needs to be investigated further
This document outlines how to enable auditing in Active Directory to log when a user or administrator creates/deletes/modifies an Exchange System object
The Active Directory
The Active Directory (AD) contains all the configuration data that Exchange will use. You can configure Auditing in Windows using Group Polices and the Audit Policy.
You should enable Success and Failure for Audit directory service access
To Enable Auditing for the Exchange container in Active Directory do the following:
1. Open up the Domain Controller Security Policy
a. Click on Start; Administrative Tools; Domain Controller Security Policy
2. Expand Local Policies and Select Audit Policies
3. Right click on Audit Directory Service Access and select properties
4. Make sure the following are checked:
a. Define these policy settings
b. Success
c. Failure
5. Click Apply and then OK
6. Do the same for Audit policy change
Enable baseline Auditing for Exchange Configuration Objects
Note: The below audit settings will generate the majority of the events for changed and deleted objects within the Exchange Configuration Container in Active Directory. This requires that inheritance is set properly for every configuration object under the Services/Microsoft Exchange container. The table following this section shows the available auditing options to track newly created Exchange objects as the baseline auditing does not log most creations of Exchange objects.
1. Start ADSIEdit, and then connect to the domain controller that you want to view.
2. Connect to the configuration container, and then browse to the following level:
CN=Services. Right Click on Microsoft Exchange and then click Properties.
3. Click the Security tab, click Advanced, click the Auditing tab, click Add, enter Everyone for the object and then click OK.
4. Under the Successful column, Check the following object access auditing.
Write All Properties
Delete
Delete Subtree
Modify Permissions
Modify Owner
All Validated Writes
All Extended Writes
Create All Child Objects
Delete All Child Objects
NOTE: The rest of the objects in the list should now be checked
5. Repeat for the failed column
6. Click OK and then OK again.
Now you can test with this Exchange System Manager. Change something. On a GC you should see something similar to this in the Security Log:
Event Type: Success Audit
Event Source: Security
Event Category: Directory Service Access
Event ID: 566
Date: 20/07/2006
Time: 14:52:56
User: CONTOSO\Administrator
Computer: GC
Description:
Object Operation:
Object Server: DS
Operation Type: Object Access
Object Type: msExchOmaConfigurationContainer
Object Name: CN=Outlook Mobile Access,CN=Global Settings,CN=Contoso,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=contoso,DC=com
Handle ID: -
Primary User Name: GC$
Primary Domain: CONTOSO
Primary Logon ID: (0x0,0x3E7)
Client User Name: Administrator
Client Domain: CONTOSO
Client Logon ID: (0x0,0x5BF2F)
Accesses: Write Property
Properties:
Write Property
Public Information
msExchOmaAdminWirelessEnable
Default property set
msExchOmaExtendedProperties
msExchOmaConfigurationContainer
Additional Info:
Additional Info2:
Access Mask: 0x20
Users
Having enabled auditing for the Exchange configuration changes in the Active Directory we can do similar within user. As an example, the user auditing will allow administrators to capture permission changes made at a mailbox level.
Auditing user changes is easier to enable it on a per OU basis. This can accomplished using AD Users & Computers. Navigate to the OU you want to enable auditing on and right click on it and select properties. Now follow from step 9 in the Active Directory session above
Exchange Server
Exchange auditing will record access of a mailbox by an account which is not the primary account for the mailbox.
867640 How to monitor mailbox access by auditing or by viewing Mailbox Resources in Exchange Server [http://support.microsoft.com/kb/867640]
In addition to this you can also log the NT User account that attempted to access the mailbox. Again this KB Explain how to enable this:
274317 XADM: How to View Windows NT Accounts that Access Mailboxes in Exchange Server [http://support.microsoft.com/kb/274317/]
Once enabled if someone tries to open a mailbox and they are not allowed to, you will get:
Event Type: Warning
Event Source: MSExchangeIS Mailbox Store
Event Category: Access Control
Event ID: 1029
Date: 20/07/2006
Time: 15:15:17
User: N/A
Computer: BE
Description:
twoman@contoso.com failed an operation because the user did not have the following access rights:
'Delete' 'Read Property' 'Write Property' 'Create Message' 'View Item' 'Create Subfolder' 'Write Security Descriptor' 'Write Owner' 'Read Security Descriptor' 'Contact'
The distinguished name of the owning mailbox is /O=CONTOSO/OU=FIRST ADMINISTRATIVE GROUP/CN=RECIPIENTS/CN=WYPFL9. The folder ID is in the data section of this event.
For more information, click http://www.microsoft.com/contentredirect.asp.
Data:
0000: 02 00 00 00 00 00 2f f3 ....../ó
If you do have access you will get the following is logged on the mailbox server of the mailbox you are accessing:
Event Type: Success Audit
Event Source: MSExchangeIS Mailbox Store
Event Category: Logons
Event ID: 1016
Date: 20/07/2006
Time: 16:45:36
User: N/A
Computer: BE
Description:
Windows 2000 User CONTOSO\twoman logged on to wypfl9@contoso.com mailbox, and is not the primary Windows 2000 account on this mailbox.
Event Type: Success Audit
Event Source: MSExchangeIS Mailbox Store
Event Category: Logons
Event ID: 1013
Date: 20/07/2006
Time: 16:45:36
User: N/A
Computer: BE
Description:
CONTOSO\twoman was validated as /o=Contoso/ou=First Administrative Group/cn=Recipients/cn=twoman and logged on to /o=Contoso/ou=First Administrative Group/cn=Recipients/cn=wypfl9 on database "First Storage Group\Second Mailbox Store".
To summarise these, set the following for each server you want to monitor:
MSExchangeIS\Mailbox\Logons = Maximum
MSExchangeIS\Mailbox\Access Control = Maximum
Additionally you should also enable the following:
MsExchangeIS\Mailbox\Send On Behalf Of = Minimum
This will track every time some used the Send On Behalf Of permission
MSExchangeIS\Mailbox\Send As = Minimum
This will track every time some used the Send As permission
Local Server
All of this diagnostic logging is great, but you are only changing registry values. So, you now need to enable auditing for the Exchange Servers Registry to make sure none of the diagnostic values are changed .
To do this, logon each Exchange server and run regedt32.
Now the Keys we want to watch are:
HKLM\SYSTEM\CurrentControlSet\Services\IMAP4Svc
HKLM\SYSTEM\CurrentControlSet\Services\MasSync
HKLM\SYSTEM\CurrentControlSet\Services\MSExchange ActiveSyncNotify
HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeADDXA
HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeAL
HKLM\SYSTEM\CurrentControlSet\Services\MsExchangeDSAccess
HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeES
HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeFBPublish
HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeIS
HKLM\SYSTEM\CurrentControlSet\Services\MSExchnageMGNT
HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeMTA
HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeMU
HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeOMA
HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeSA
HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeSRS
HKLM\SYSTEM\CurrentControlSet\Services\MSExchangeTransport
HKLM\SYSTEM\CurrentControlSet\Services\MsExchangeWeb
HKLM\SYSTEM\CurrentControlSet\Services\POP3Svc
1. Navigate to the first one on the list above, then Right Click on the key and select permissions.
2. Click the advanced button
3. Select the Auditing Tab
4. Click on Add
5. In the Select User, Computer, or Group Dialog enter everyone and click on Check Names and then OK
6. Make sure “Apply onto:” is set to “This key and subkeys”
7. Select Successful and Failed for:
Set Value; Create Subkey; Delete; Write DAC; Write Owner
Once you have done this, you need modify the Local Audit Policy, and enable Audit Object Access for Success and Failure.
It is actually easier to set these setting by using a group policy, as you would need put these settings on ALL exchange servers. To do this, open up the default domain security policy and navigate to registry. Then add the keys listed above in the same way.
Now you need to enable the actual logging. To do this, open up the default domain security policy and navigate to Local Polices\Audit Policies and enable Success & failure for Audit Object Access
Now when someone changes for one of these registry keys you see an entry similar to this in the
Event Type: Success Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 21/07/2006
Time: 14:58:36
User: NT AUTHORITY\SYSTEM
Computer: BE
Description:
Object Open:
Object Server: Security
Object Type: Key
Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MSExchangeIS\ParametersSystem
Handle ID: 8152
Operation ID: {0,8701893}
Process ID: 2752
Image File Name: C:\Program Files\Exchsrvr\bin\store.exe
Primary User Name: BE$
Primary Domain: CONTOSO
Primary Logon ID: (0x0,0x3E7)
Client User Name: -
Client Domain: -
Client Logon ID: -
Accesses: DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
Query key value
Set key value
Create sub-key
Enumerate sub-keys
Notify about changes to keys
Create Link
Privileges: -
Restricted Sid Count: 0
Access Mask: 0xF003F
With a local change made using Exchange System Manager, you will also need to look for the Logon Event to see which user made the change
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 528
Date: 7/21/2006
Time: 3:52:32 PM
User: CONTOSO\Administrator
Computer: FE
Description:
Successful Logon:
User Name: Administrator
Domain: CONTOSO
Logon ID: (0x0,0x42EE29)
Logon Type: 2
Logon Process: User32
Authentication Package: Negotiate
Workstation Name: FE
Logon GUID: {493bcc05-cefd-df56-9eef-a0ee3ab36ec3}
Caller User Name: FE$
Caller Domain: CONTOSO
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 376
Transited Services: -
Source Network Address: 127.0.0.1
Source Port: 0
If you change a value locally using regedit or remotely you actually get the additional user information:
Event Type: Success Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 21/07/2006
Time: 15:48:27
User: CONTOSO\Administrator
Computer: BE
Description:
Object Open:
Object Server: Security
Object Type: Key
Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\IMAP4Svc\Diagnostics
Handle ID: 256
Operation ID: {0,9059113}
Process ID: 1436
Image File Name: C:\WINDOWS\system32\svchost.exe
Primary User Name: LOCAL SERVICE
Primary Domain: NT AUTHORITY
Primary Logon ID: (0x0,0x3E5)
Client User Name: Administrator
Client Domain: CONTOSO
Client Logon ID: (0x0,0x8A39D6)
Accesses: Query key value
Set key value
Enumerate sub-keys
Privileges: -
Restricted Sid Count: 0
Access Mask: 0xB
Code
Okay so all this auditing is fine, but you really need a way to capture & report when something has happened. As all the events appear in the Event Logs we can trawl the logs for events.
This code sample uses WMI to look in the security event log and pull out Event ID 566 where it contains msExch in the Event Description.
On Error Resume Next
Const wbemFlagReturnImmediately = &h10
Const wbemFlagForwardOnly = &h20
arrComputers = Array("exbe01")
For Each strComputer In arrComputers
WScript.Echo
WScript.Echo "=========================================="
WScript.Echo "Computer: " & strComputer
WScript.Echo "=========================================="
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_NTLogEvent where logfile = 'Security' AND EventCode=566 AND Message like '%msExch%'", "WQL", wbemFlagReturnImmediately + wbemFlagForwardOnly)
For Each objItem In colItems
WScript.Echo "Category: " & objItem.Category
WScript.Echo "CategoryString: " & objItem.CategoryString
WScript.Echo "ComputerName: " & objItem.ComputerName
'strData = Join(objItem.Data, ",")
' WScript.Echo "Data: " & strData
WScript.Echo "EventCode: " & objItem.EventCode
'WScript.Echo "EventIdentifier: " & objItem.EventIdentifier
WScript.Echo "EventType: " & objItem.EventType
'strInsertionStrings = Join(objItem.InsertionStrings, ",")
' WScript.Echo "InsertionStrings: " & strInsertionStrings
WScript.Echo "Logfile: " & objItem.Logfile
WScript.Echo "Message: " & objItem.Message
WScript.Echo "RecordNumber: " & objItem.RecordNumber
WScript.Echo "SourceName: " & objItem.SourceName
WScript.Echo "TimeGenerated: " & WMIDateStringToDate(objItem.TimeGenerated)
'WScript.Echo "TimeWritten: " & WMIDateStringToDate(objItem.TimeWritten)
WScript.Echo "Type: " & objItem.Type
WScript.Echo "User: " & objItem.User
WScript.Echo
Next
Next
Function WMIDateStringToDate(dtmDate)
WScript.Echo dtm:
WMIDateStringToDate = CDate(Mid(dtmDate, 5, 2) & "/" & _
Mid(dtmDate, 7, 2) & "/" & Left(dtmDate, 4) _
&" " & Mid (dtmDate, 9, 2) & ":" & Mid(dtmDate, 11, 2) & ":" & Mid(dtmDate,13, 2))
End Function
The above code was originally generated using scritpmatic2 and then modified.
http://www.microsoft.com/technet/scriptcenter/tools/scripto2.mspx
You can also use EventCombMT to parse the EventLogs. You can get EventCombMT from here: http://www.microsoft.com/technet/scriptcenter/tools/scripto2.mspx
Windows PowerShell
This code sample uses Windows PowerShell to look in the security event log and pull out Event ID 566 where it contains msExch in the Event Description.
1)
c:\powershell
2)
[PS] c:\Get-eventlog security | where {($_.Message –ilike “*msExch*”) –and ($_.EventID –eq 566)} | ft
MOM
Additionally you can use MOM to monitor and generate an event when an audited event occurs. To this you should create two computer groups and two rule groups to capture events on Exchange Servers and Domain Controllers. Then for each rule group, create an alert rule
1) Create two new Computer Groups:
1. Open the MOM 2005 Administrator Console
2. Expand Management Packs
3. Expand Computer Groups
4. Right Click on Computer Groups and select Create Computer Group
5. "Create Computer Group Wizard - Welcome"
a. Click Next
6. "Create Computer Group Wizard - General"
a. In Name enter: Auditing: Active Directory
b. Click Next
7. "Create Computer Group Wizard - Included Subgroups"
a. Click Add and select "Windows Server 2003 Domain Controller"
b. Click Next
c. "Create Computer Group Wizard - Included Computers"
d. Click Next
8. "Create Computer Group Wizard - Excluded Computers"
a. Click Next
9. "Create Computer Group Wizard - Search for Computers"
a. Click Next
10. "Create Computer Group Wizard - Formula"
a. Click Next
11. "Create Computer Group Wizard - State Roll-up Policy"
a. Select "the worst state of any member computer or subgroup"
b. Click Next
12. "Create Computer Group Wizard - Confirm Choices"
a. Click Next
13. "Create Computer Group Wizard - Completion Page"
a. Click Finish
Do the same but substitute the following:
- Under - "Create Computer Group Wizard - General" set the name to Auditing: Exchange
- under - "Create Computer Group Wizard - Included Subgroups" add Microsoft Exchange installed Computers
2) Create two new Rules groups
1. Right Click on Rule Groups and select Create Rule Group
2. "Rule Group Properties - General"
3. in Name enter: Auditing: Active Directory
a. Click Next
4. "Rule Group Properties - Knowledge Base"
a. You can enter some text here if you wish
b. Click Next
5. You should then see a dialog box that says
a. Would you like to deploy the rules in this newly create Rule Group to a group of computers?
b. Select Yes
6. You will be presented with the Computer Groups tab of the rules properties.
a. Click Add and select Auditing: Active Directory
b. Click Apply then OK
Do the same but substitute the following:
Under - "Rule Group Properties - General" set the name to Auditing: Exchange
under - "Computer Groups tab" add Auditing: Exchange
3) For both groups, create an Alert for each Rule Group
1. Expand the Auditing: Exchange rule.
2. Right Click on Alert Rules and select Create Alert Rule
3. "Alert Rule Properties - Alert Criteria"
a. Select only match alters generated by rules in the following group
b. Click browse and select Auditing: Exchange rule.
c. Click Next
4. Alert Rule Properties - Schedule"
a. Click Next
5. Alert Rule Properties - Responses"
a. Click Add
b. Select Send a notification to a Notification Group
c. Select a group and click OK
d. Click Next
6. “Alert Rule Properties - Knowledge Base"
a. Click Next
7. "Alert Rule Properties - General"
a. Enter a rule name
b. Click Finish
Do the same for Auditing: Active Directory
4) Create events for each of the rules
1. Expand the Auditing: Exchange rule.
2. Right Click on Event Rules and select Create Event Rule
3. "Select Event Rule Type"
a. Select Alert on or Respone to Event (Event)
b. Click Next
4. "Event Rule properties - Data Provider"
a. Select the event log you want to alter on, so with System, Application or Security
b. Click Next
5. "Event Rule Properties - Criteria"
a. Enter the details from the list below
b. Click Next
6. "Event Rule Properties - Schedule"
a. Click Next
7. "Event Rule Properties - Alert"
a. Click Next
8. "Event Rule Properties - Alert Suppression"
a. Click Next
9. "Event Rule Properties - Responses"
a. Click Next
10. "Event Rule Properties - Knowledge Base"
a. Enter some text if you wish
b. Click Next
11. "Event Rule Properties - General"
a. Enter a Rule Name
b. Click Finish
When you are ready to create event rules you should substitute the following:
Auditing: Active Directory
Rule: Audit changes to Exchange AD Attributes
Provider: Security
Criteria: with event id=566
-> Advanced: description contain substring *msExch*
Auditing: Exchange
Rule: Audit mailbox access
Provider: Application
Criteria: with event id=1029
Criteria: of type: Warning
Criteria: from source: MSExchangeIS Mailbox Store
Rule: Audit exchange configuration changes
Provider: Security
Criteria: with event id=560
-> Advanced: description contain substring *exch*
3rd Party Auditing Tools
There are number of companies that provide tools to help in auditing systems and capturing data from the event logs. Here is a list that is by no means exhaustive:
Things to consider
· Journaling will keep a copy of every email that is send in/out of your exchange organisation.
Journaling with Exchange Server 2003
[http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/journaling.mspx]
- You should make sure that any service accounts you have for applications that need “global administrative rights” over exchange, Like Blackberry Enterprise Server, should be set so you cannot login interactively. This will prevent misuse of the service account.
- You should protect your Exchange Server backups, as someone could take a backup tape and restore it off site and potentially have access to all the mailboxes on the backup
- You should put some mechanism in place to make sure that you can audit your auditing, so you know when someone have modified it
- Ensure your Exchange administrators user their user account for day to day email and use their Exchange Admin account for administration and delegation.
- To ensure the security of user mailboxes and the confidentiality of its contents, it is imperative that the user who has permissions to a mailbox is also the mailbox owner. To do this, on a regular basis you should generate a report to detail those user mailboxes where permissions (not pushed out by policy on the accounts) have been granted.
Resources:
Sorry, its a bit late this month :-|
DOWNLOADS
Exchange Server 2003 SDK Documentation and Samples March 2007
The Exchange Server 2003 SDK Documentation and Samples assist developers building applications for Exchange Server 2003. This release of the SDK provides new and updated information and sample code to help you develop collaborative enterprise applications with Exchange. Included in this release are updates to the SDK documentation, tasks for implementing managed store event sinks, procedures for building managed event sink DLLs, and a task for getting free/busy status over HTTP. The README file contains installation instructions and late-breaking information about the Exchange Server 2003 SDK Documentation and Samples.
http://www.microsoft.com/downloads/details.aspx?FamilyID=09b45603-2147-424e-81e5-601fbfdfdf0d&DisplayLang=en
Exchange 2000 Server SDK Documentation and Samples March 2007
The Exchange 2000 Server SDK Documentation and Samples assist developers building applications for Exchange 2000 Server. This release of the SDK provides new and updated information and sample code to help you develop collaborative enterprise applications with Exchange. Included in this release are updates to the SDK documentation, tasks for implementing managed store event sinks, procedures for building managed event sink DLLs, and a task for getting free/busy status over HTTP. The README file contains installation instructions and late-breaking information about the Exchange 2000 Server SDK Documentation and Samples.
http://www.microsoft.com/downloads/details.aspx?FamilyID=71a0bb09-1cc9-4ee7-a3b8-5cbd71402eaa&DisplayLang=en
Microsoft Exchange Server 2003 Migration Wizard for Lotus Notes
The Microsoft Exchange Server 2003 Migration Wizard for Lotus Notes supports the migration of Lotus Domino R5 and R6 mailboxes and associated Domino directory information to Microsoft Exchange Server 2003 and Windows Server 2003 Active Directory. This tool replaces the Migration Wizard that ships with Exchange Server 2003 (including SP2), and includes improved retention of contents and Unicode characters during the migration from Domino to Exchange Server 2003.
http://www.microsoft.com/downloads/details.aspx?FamilyID=c105b3e4-3beb-4f1e-8f52-e345af6c3e50&DisplayLang=en
Microsoft Exchange Server 2003 Connector for Lotus Notes
The Microsoft Exchange Server 2003 Connector for Lotus Notes supports messaging and calendaring interoperability between Lotus Domino R5/R6 and Microsoft Exchange Server 2003 and Windows Server 2003 Active Directory. This tool replaces the Connector that ships with Exchange Server 2003 (including SP2), and includes several updates to support better message fidelity when routing email between Exchange and Domino, support of iNotes and Domino Web Access clients, enhanced Unicode support and reliability.
http://www.microsoft.com/downloads/details.aspx?FamilyID=d9f3a35e-1046-47b5-b09b-bda9de60cd9d&DisplayLang=en
Exchange Server Stress and Performance Tool (64 bit)
Use Microsoft Exchange Server Stress and Performance (ESP), a highly scalable stress and performance tool for Exchange, to simulate large numbers of client sessions by concurrently accessing one or more protocol servers. ESP includes multiple modules that you can use to simulate a wide variety of protocols and loads. You can run modules concurrently from multiple hosts, thereby more realistically simulating physically separate client machines. There is no limit to the number of computers on your network that can host ESP modules.
http://www.microsoft.com/downloads/details.aspx?FamilyID=b9e200d5-18b9-4734-b9d9-9e6efc48bcb6&DisplayLang=en
Exchange 2007 Anti Spam Migration Tool
The Exchange 2007 Anti Spam Migration Tool reads these settings from Active Directory and converts them to equivalent Windows Power Shell script (consisting of Exchange 2007 tasks) which can then be run on Edge Transport or Hub Transport roles of Exchange Server 2007.
http://www.microsoft.com/downloads/details.aspx?FamilyID=805eaf35-ebb3-43d4-83e4-a4ccc7d88c10&DisplayLang=en
Exchange Server Stress and Performance Tool (32 bit)
Use Microsoft Exchange Server Stress and Performance (ESP), a highly scalable stress and performance tool for Exchange, to simulate large numbers of client sessions by concurrently accessing one or more protocol servers. ESP includes multiple modules that you can use to simulate a wide variety of protocols and loads. You can run modules concurrently from multiple hosts, thereby more realistically simulating physically separate client machines. There is no limit to the number of computers on your network that can host ESP modules
http://www.microsoft.com/downloads/details.aspx?FamilyID=7f944850-945f-4e60-b6d6-cf7341d7f9c3&DisplayLang=en
Microsoft Exchange Server Management Pack Configuration Wizard
Provides a graphical user interface to configure Exchange 2000 and Exchange 2003 Management Pack, including test mailboxes, message tracking, and monitoring services.
http://www.microsoft.com/downloads/details.aspx?FamilyID=21e5a788-5993-40a9-bd35-b14d414e3e16&DisplayLang=en
Microsoft Exchange Server Jetstress Tool (32 bit)
Use Jetstress to verify the performance and stability of a disk subsystem prior to putting an Exchange server into production. Jetstress helps verify disk performance by simulating Exchange disk Input/Output (I/O) load. Specifically, Jetstress simulates the Exchange database and log file loads produced by a specific number of users. You use Performance Monitor, Event Viewer, and ESEUTIL in conjunction with Jetstress to verify that your disk subsystem meets or exceeds the performance criteria you establish. After a successful completion of the Jetstress Disk Performance and Stress Tests in a non-production environment, you will have ensured that your Exchange disk subsystem is adequately sized (in terms of performance criteria you establish) for the user count and user profiles you have established. It is highly recommended that the Jetstress user read through the tool documentation before using the tool.
http://www.microsoft.com/downloads/details.aspx?FamilyID=94b9810b-670e-433a-b5ef-b47054595e9c&DisplayLang=en
Microsoft Exchange Server Jetstress Tool (64 bit)
Use Jetstress to verify the performance and stability of a disk subsystem prior to putting an Exchange server into production. Jetstress helps verify disk performance by simulating Exchange disk Input/Output (I/O) load. Specifically, Jetstress simulates the Exchange database and log file loads produced by a specific number of users. You use Performance Monitor, Event Viewer, and ESEUTIL in conjunction with Jetstress to verify that your disk subsystem meets or exceeds the performance criteria you establish. After a successful completion of the Jetstress Disk Performance and Stress Tests in a non-production environment, you will have ensured that your Exchange disk subsystem is adequately sized (in terms of performance criteria you establish) for the user count and user profiles you have established. It is highly recommended that the Jetstress user read through the tool documentation before using the tool.
http://www.microsoft.com/downloads/details.aspx?FamilyID=73dfe056-0900-4dbb-b14a-0932338cecac&DisplayLang=en
Microsoft Exchange Server 2007 VHD - 32-bit version
The Microsoft VHD Test Drive Program provides customers with an enhanced server-based software evaluation experience that’s faster, better supported and more flexible. You can now access the entire catalog of pre-configured Microsoft and partner products and solutions in the VHD format and start evaluating and testing today from www.microsoft.com/vhd.
This download enables you evaluate how Microsoft Exchange Server 2007 and Microsoft Office Live Communications Server 2005 together can help create an optimized messaging system for your organization. Microsoft Exchange Server 2007 is designed to reduce the growing cost and complexity of managing a corporate messaging system by providing more control for IT administrators, more value and expanded inbox access for end users, and increased security and compliance for the organization as a whole.
Microsoft Exchange Server 2007 provides built-in protection technologies to help keep the e-mail system up and running and better protected from outside threats while allowing employees to work from wherever they are using a variety of clients including Microsoft Outlook, Outlook Web Access, and mobile devices. Exchange Server 2007 makes it easier for IT to deliver these new capabilities to their organizations by making the messaging environment easier to manage and more cost efficient. Please see www.microsoft.com/exchange/preview for additional information.
Live Communications Server 2005 provides a standards-based platform, allowing developers the ability to presence-enable existing applications and create next-generation solutions with real-time capabilities. Please see www.microsoft.com/lcs for additional information.
This fully functional pre-configured VHD provides you a trial software will automatically expire after 30 days.
This is a preconfigured virtual machine contained within the Virtual Hard Disk (VHD) format. A virtualization product that supports the VHD format is required to use this virtual machine. Microsoft Virtual PC or Microsoft Virtual Server are provided for free and can be used with these VHD based virtual machines. Please refer to the system requirements section for more details.
http://www.microsoft.com/downloads/details.aspx?FamilyID=692a6e3c-81c9-4d8a-93fa-266d651735dc&DisplayLang=en
Microsoft Exchange Calendar Update Tool
Before you run the Exchange Calendar Update tool, refer to Microsoft Knowledge Base article 930879, "How to address daylight saving time by using the Exchange Calendar Update Tool," for complete information about potential effects on your IT environment and user base.
After installing the Windows and Exchange daylight saving time (DST) updates, all old appointments (both recurring and single instance) that occur during the extended DST period will be incorrectly displayed as having moved back one hour. These appointments will need to be updated so that they display correctly in Outlook, Outlook Web Access, and CDO-based applications. The Outlook Time Zone Data Update Tool enables end-users to update their own calendars. (For Outlook 2007 the time zone update feature is built into the application.)
The Exchange Calendar Update Tool enables administrators to avoid the challenges involved with broadly deploying the Outlook tool to all users and ensuring that each user runs the tool correctly.
http://www.microsoft.com/downloads/details.aspx?FamilyID=a9336886-4b28-4010-9416-36d38429438d&DisplayLang=en
Microsoft Exchange 2007 Unified Messaging PBX Configuration Note for Cisco Call Manager 5.1
This PBX configuration note contains information about deploying Exchange 2007 UM with a Cisco Call Manager 5.1 using direct SIP connection. You can use it to help decide if Exchange 2007 UM is the appropriate solution for your organization.
http://www.microsoft.com/downloads/details.aspx?FamilyID=68b43d3c-7c84-4c2f-bfd7-98754970d70e&DisplayLang=en
Microsoft® Exchange Server 2007 Unified Messaging (UM) Specialists
The companies listed in this document are Systems Integrators who have attended technical training on Exchange Server 2007 Unified Messaging conducted by Microsoft Exchange Engineering Team. Non-Microsoft providers are listed here for your convenience only. Microsoft makes no warranties or representations with regard to their products or services.
http://www.microsoft.com/downloads/details.aspx?FamilyID=853ca2e4-2da6-4dac-80fc-9bb66df64d09&DisplayLang=en
Multiple Calendars Get Started
Office Outlook 2007 helps you manage your time by separating your personal and business calendars and enabling you to view them at the same time.
http://www.microsoft.com/downloads/details.aspx?FamilyID=415c42b7-4df5-4a91-8518-6c3684dd9cb4&DisplayLang=en
Microsoft Exchange Server 2007 Help
The Exchange Server 2007 Help can help you in the day-to-day administration of Exchange. Use this information to guide you through Exchange Server 2007 features, tasks, and administration procedures.
http://www.microsoft.com/downloads/details.aspx?FamilyID=555f5974-9258-475a-b150-0399b133fede&DisplayLang=en
Everyday Productivity Education Zip File
Navigate through the Microsoft Everyday Productivity Education (EPE) intranet site with this self-guided demonstration and review content that includes Get Started, Learn More, Best Practices, Selection and Reference guides.
http://www.microsoft.com/downloads/details.aspx?FamilyID=cf57670c-b0ba-4075-b8c9-47cccb711a08&DisplayLang=en
Microsoft Transporter Suite for Lotus Domino Technical Demo: Settings and Configurations
This flash demo shows how to setup and configure the Microsoft Transporter Tool suite for Directory Synchronization, SMTP Mail Routing for Messaging Coexistence, Free/Busy Connector for Calendaring Coexistence, and migrating user accounts and mailboxes from Lotus Domino to Active Directory and Exchange for a complete User/Mailbox Migration.
http://www.microsoft.com/downloads/details.aspx?FamilyID=825a87b7-d778-467a-ab38-612bbf5fb75e&DisplayLang=en
Microsoft Transporter Suite for Lotus Domino Demo: Messaging/Calendaring Coexistence and Migration
This flash demo shows the pre-existing configurations in the Transporter Tool Suite for Lotus Domino messaging/calendaring coexistence and migration. The demo shows the coexistence capabilities by sending messages and calendar requests between a Domino user and an Exchange user within an organization. It also demonstrates the user/mailbox migration of an existing Domino user to Active Directory and the Exchange platform.
http://www.microsoft.com/downloads/details.aspx?FamilyID=ded084f9-5df4-444d-804b-553d3fe6f524&DisplayLang=en
Microsoft Exchange Server 2007 SP1 Release Notes
The Microsoft Exchange Server 2007 SP1 Release Notes contain late-breaking information for Exchange Server 2007.
http://www.microsoft.com/downloads/details.aspx?FamilyID=5770bd59-376e-42ec-b940-be6225cd97ff&DisplayLang=en
EVENTS / WEBCASTS
24 Hours of Exchange Server 2007
24 x 1 Hour sessions on Exchange 2007. Click here for more details
TechNet Webcast: 24 Hours of Exchange Server 2007 (Part 21 of 24): Monitoring (Level 200)
Wednesday, April 4, 2007 : This is the first of four webcasts in the series in which we look at monitoring and troubleshooting Microsoft Exchange Server 2007. In this session, we describe how monitoring an Exchange Server 2007 environment breaks down into two areas, server and client computers. We cover Microsoft Operations Manager 2005 (MOM), describe the management pack concept used by MOM to monitor servers, and look closely at the management pack for Exchange Server 2007. We also explain how to use MOM to manage client computer connectivity. To complete the homework that is associated with this webcast series, you can register and attend the live Labcast Series, or you can register for a self-paced Virtual Lab.
TechNet Webcast: 24 Hours of Exchange Server 2007 (Part 22 of 24): Using the Toolbox (Level 200)
Friday, April 6, 2007: In this session, we look at the tools in Microsoft Exchange Server 20007 that you can use to maintain an Exchange Server messaging environment. Learn how you can check the health of your Exchange Server environment by using the Microsoft Exchange Server Best Practices Analyzer, a tool that remotely collects configuration data from each server in the topology and automatically analyzes the data. We also introduce the Microsoft Exchange Troubleshooting Assistant, a tool that helps you troubleshoot performance, manage database recovery, and troubleshoot mail-flow issues. We demonstrate how to use the Exchange Troubleshooting Assistant, and we explain the tool in more detail in the subsequent two sessions. We also cover Performance Monitor, a tool you can configure to collect information about the performance of your messaging system, and we describe how to use the counters in Performance Monitor for monitoring Exchange Server 2007. To complete the homework that is associated with this webcast series, you can register and attend the live Labcast Series, or you can register for a self-paced Virtual Lab.
TechNet Webcast: 24 Hours of Exchange Server 2007 (Part 23 of 24): Troubleshooting MAPI and Client Access Server Clients (Level 200)
Wednesday, April 11, 2007: Keep the lines of communication open. We cover troubleshooting Microsoft Exchange Server 2007 MAPI and Client Access Server client computers in the last two webcasts of this 24-part series. Attend this session to learn how to identify the causes for MAPI and remote client computer connectivity issues and what you can do to resolve these issues. To complete the homework that is associated with this webcast series, you can register and attend the live TechNet Labcast series, or you can register for a self-paced TechNet Virtual Lab.
TechNet Webcast: 24 Hours of Exchange Server 2007 (Part 24 of 24): Troubleshooting E-Mail Flow (Level 200)
Friday, April 13, 2007: Keep messages flowing. We cover troubleshooting Microsoft Exchange Server 2007 e-mail flow in this last webcast of the series. Learn how you can troubleshoot internal mail flow, external mail flow, message queue bottlenecks, undelivered e-mail messages, and problems with mailbox servers. To complete the homework that is associated with this webcast series, you can register and attend the live TechNet Labcast series, or you can register for a self-paced TechNet Virtual Lab.
TechNet Webcast: Exchange Server 2007 Overview (Level 200)
Wednesday, April 18, 2007: Join this webcast to find out how Microsoft Exchange Server 2007 gives you more control, enables anywhere access to your e-mail inbox, and provides built-in security and protection mechanisms. We cover the new Exchange Management Console and describe how the improved management interface is simpler for you to use and quicker for you to navigate. We also explore Windows PowerShell, the new administrative interface that provides a rich command-line experience. Attend this session for a look at the significant client improvements and transport rules in Exchange Server 2007.
TechNet Webcast: Key Exchange Server 2007 Scenarios (Level 300)
Monday, April 23, 2007: In this webcast, we cover three critical areas you should consider when using Microsoft Exchange Server 2007: security, accessibility, and management. Learn how Exchange Server 2007 provides built-in protection within your Exchange Server organization. We show you how to establish an ethical firewall using transport rules and how to establish and test local continuous replication (LCR) to provide continuous availability of Exchange Server. Next, we discuss and demonstrate how Exchange Server enables users to access their e-mail from anywhere. In the third part of this session, we look at how easy Exchange Server is to manage. By the end of the presentation, you should have a greater understanding of how to perform many of the administrative tasks that Exchange Server 2007 makes possible.
TechNet Webcast: Troubleshooting Exchange Server Mail Flow Issues Using the Exchange Troubleshooting Assistant 1.1 (Level 300)
Monday, April 30, 2007: In this webcast, we explore the Microsoft Exchange Server Mail Flow Analyzer, which is part of Microsoft Exchange Troubleshooting Assistant. We describe how the Microsoft Exchange Server Mail Flow Analyzer is a diagnostic tool that walks you through the correct path for troubleshooting problems with e-mail flow, from analyzing symptoms to implementing solutions. Providing easy access to key data sources, this tool automatically diagnoses retrieved data, presents an analysis of the possible root causes, and suggests corrective actions. The Exchange Server Mail Flow Analyzer also helps you manually diagnose data when automation is not possible. Join this session to learn how this tool empowers you to isolate your own issues and to take remedial action to solve them.
NEW ON-DEMAND WEBCASTS
NEW/UPDATED DOCUMENTATION
New
Updated
NEW KB Articles
-
-
-
Error message when you try to accept a meeting request on behalf of an Exchange Server 2007 resource mailbox: "Cannot open Calendar folder for user resource_mailbox_name"
http://support.microsoft.com/?kbid=930865
-