Various Permission Considerations in Exchange while planning Active directory:

In my last article I have discussed how to manage storage groups in Exchange 2007.

While creating a new storage group, your exchange account must be delegated Exchange Server for local Administrators group and Administrator role. There are several other permission considerations for the target server, which I am going to discuss in this article.

Organization’s administrative model plays a very important roles while the organization is looking ahead to integrate Exchange 2007 into Active Directory service structure. The administrative model, roles, permissions, flexibility of permissions configuration and attributes etc all must be taken into consideration.

In Exchange 2007 you can assign the desired administrative roles and permissions. An exchange admin has been given the following capabilities:

•    He can work with Microsoft Windows Server 2003 as well as Exchange.

•    He can organize roles and split permissions between Exchange administrators and Windows administrators. The Windows and Exchange Server administrator roles can be isolated by Exchange resource forest.

The Exchange and Active Directory Split Permissions Model:

If there are multiple administrators in your organization then the Exchange Server Split Permissions Model comes into play. Using this, model specific permissions can be granted to various administrators  
 

The security model in Exchange 2007 is different from Exchange 2003.  They vary from each other in below aspects.
 

Property set:  It groups all the attributes of active directory. Access to this property set can be controlled by setting only one access control entry (ACE). You don’t require setting the property value for each property, just set it to the group.  E-mail information is the property set for grouping the Exchange recipient attributes together.

Exchange 2003 Security and Permissions Model:

Using the Exchange 2003 Administrative Delegation Wizard, the permissions and roles can be controlled at organization or the administrative group level. You can simply choose the predefined security roles and permissions from the Delegation Wizard. The delegation wizard offers the following predefined standardized roles: Exchange Full Administrator, Exchange Administrator and Exchange View Only Administrator.

Exchange 2007 Security and Permissions Model:

There were some flaws in the Security and Permissions Model in Exchange 2003.  For example:  the security and permissions cannot be managed at individual server-level n Exchange 2003. High level permissions must be given to the Exchange Admin if he requires performing Exchange recipient related tasks.
 

For a better management of security groups, some improvements have been done to the security model in exchange 2007:
•    New administrator roles have been added
•    You can easily view, add, and remove members from any administrator role using the Exchange Management Shell.

Administrator Roles in Exchange 2007:

Exchange 2007 security model contains various predefined groups such as: Exchange Organization Administrators, Exchange Recipient Administrators, Exchange View-Only Administrators and Exchange Public Folder Administrators. These roles make the user capable of managing Exchange configuration data (.i.e. Global Data, Recipient Data, Server Data).
 

While the organization-preparation phase in Exchange Setup, when /PrepareAD is run, these security roles are created the security group's organizational unit (OU) in the same domain. Whenever an administrator role is added then role permission will automatically het inherited by the user. 
 

These roles are capable of managing following three types of data:

•    Global Data   It the data related to the whole organization and all users within the organization. The access permissions to the global data must be given to only trusted users otherwise a wrong change or data operation will be going to affect the whole organization. The global data also includes the user mailbox policies, address lists, and Exchange Unified Messaging configuration.
•    Recipient Data It contains the data related to the Exchange Recipients (i.e. the Active Directory user objects that can receive or send e-mail messages) such as: mailboxes, contacts, groups etc.
•    Server Data   The server data stores the information and metadata related to mailboxes, storage groups, connectors and virtual directories etc.

Exchange Organization Administrators Role:

This role is used to allow the permissions and roles to the administrators. Using this, he is provided compete access to the Exchange properties and objects.
 

The Exchange Organization Administrators role groups is created when Setup /PrepareAD is run during the Exchange setup. The member of this group can perform various tasks in the exchange organization, these tasks include: connectors creation & deletion, setting server policies and global configuration attributes.
 

When a user is added to the group, he is automatically given the following permissions:
•    He can access the Exchange organization data in the AD and the local Exchange server Administrator group data.
•    He has given the Read permissions to all domain user containers and Write access for all Exchange-specific attributes   in the AD.
•    He has full  access to the local server configuration data
 

Exchange Recipient Administrators Role:

The member with Exchange Recipient Administrators role can perform modifications to the AD objects and attributes and can manage all settings related to the Unified Messaging mailbox and Client Access mailbox. He can make changes to the AD users, dynamic distribution list or public folder object. But he cannot access the domain where Setup /PrepareDomain has not been run. So to grant Exchange administrator roles for any Exchange domain, the Setup /PrepareDomain must be run.
 

Permissions given to member of Exchange Recipient Administrators Role are:
•    He is given Read access to all the Domain User containers and  Write access to all the Exchange specific attributes in the AD
•    Membership in the Exchange View-Only Administrator role.
 

Exchange Server Administrators Role:

The member of Exchange Server Administrators role acts as administer a particular server and can only access the local server Exchange configuration data. They cannot access or modify the global data for the Exchange organization.
 

Following permissions are assigned to member of Exchange Server Administrators role:
•    He can perform operations on the local server configuration data.
•    He is provided all the Administrator rights on the local computer on which Exchange is installed.
 

He has permissions for Members of the Exchange View-Only Administrators role. i.e. he has read only access to the to the whole Exchange organization tree  in the AD and Windows domain containers.
 

Exchange Public Folder Administrators:

The Exchange Public Folder Administrators role is incorporated in Exchange 2007 Service Pack 1 (SP1)
 

A member of the Exchange Public Folder Administrators role has following permissions:
•    He has permissions to access the public folders. He can create and delete public folders.
•    He has proper permissions to manage or modify the public folder settings. With these rights he can easily manage the replicas, quota and age limits etc. He is also capable of managing the public folder administrative and client permissions.
•    A member of the Exchange Public Folder Administrators role has rights to mail-enable public folders. If he requires changing the mail recipient-related (such as proxy addresses) then he must be a member of the Exchange Recipient Administrators role.
 

Address Book Attributes:

There are many Exchange data attributes and other attributes related to the applications that are using exchange data. You need to create a separate property to carry these attributes as these cannot be stored in the Exchange-specific property sets. It’s not always mandatory for these attributes to be added to a property set.
 

These attributes are presented to end users through outlook GAL. If an administrator needs to modify these address book attributes then he must be a member of a domain privileged security group or must be given read/write permissions by the AD admin.
 

Examples of some common address book attributes are:
givenName, initials, sn, info, streetAddress etc which are applied to the’ User, Contact’ object.
telephoneAssistant attribute applies to ‘contact’ object.
managedBy and info attributes are applied to the ‘group’ object.

Read my upcoming article to know more about delegate permissions and Exchange administrative roles.

Read more

How to migrate from Notes to Exchange?

What is Lotus Notes and Exchange server?

Lotus Notes: The IBM Lotus notes client application provides features for integrating messaging, business applications and social collaboration. Notes also provides features for information management, you can easily access the data such as: email, calendars, contacts, activities, instant messaging, collaboration tools, and business applications.

Exchange server:  Exchange Server application has been launched by Microsoft. It provides capabilities for calendaring, E-mailing and contact management.

What makes a user to migrate from Notes to Exchange?

We cannot exactly conclude which one of the two is best either Notes to Exchange. The choice and strategy about these two varies from user to user. So, what I am discussing here is the basic philosophy of the users planning to migrate from Notes to Exchange or those who have already migrated from Notes to Exchange.
 

As compared to Lotus Notes the cost of ownership is lower in Exchange server. It let you easily add-up the server and sites with lower use of manpower and cost factors. Besides that it provides you interactive and useful features like integrated functionality for Mobile apps, leveraged third party solutions and more flexible messaging features. A lot more you can experience with the exchange server: its ease of use & maintenance, lesser learning curves, low costs for current and future collaboration solutions and increased throughput etc.
 

Well, user’s personal choice is always not the leading factor for migrating from one Email platform to another platform. Suppose if the organization is shifting the current Email platform to a new platform then, willingly or unwillingly users have to migrate. They will have to get familiar with the new application and learn about it. Or if a person changes job/ job location and there a different mail application is being used then also he is forced to work with the new app. There are other secondary reasons for migration such as: any new update, technology changes, organization structure changes, changes in business needs, coast and maintenance factors etc. 

How to perform efficient Notes to Exchange migration?

Migrating from one platform to another platform is too costly and time consuming process for an organization, especially in case of large organizations. The cost of hardware, installation, software purchase, licenses required, pre installation and post installation training to the employees, risk mitigation costs that can occur while migration and later on maintenance & other related costs etc.
 

So, for an efficient Notes to Exchange migration the organization must first do and efficient planning. You must significantly check for the system requirements and other pre-migration & post migration needs.
 

The most important thing comes when the organization has to decide which tool to use for “Notes to Exchange migration”?
 

Accuracy, perfection, speed, and risk-free migration these are the prior features that a “Notes to Exchange migrator” should contain. The tool must be efficient enough to perform migration from Notes to Exchange easily and safely. The tool must be reliable and risk free, no loss to the data can be bearable. Other factor that comes next is time. The tool must be able to perform the migration in lesser time as much as possible. Because consuming a long time and lot of resources in the migration would adversely affect the business.

The most significant features that “Notes to Exchange migrator” software must have are:

• The tool allows you to efficiently migrate from the Lotus Notes mailbox to MS Exchange mailboxes
• The tool allows you to migrate from all your Notes mailboxes (email messages, sent items, attachments, notes, reminders, calendars etc.) to Exchange without any data loss or loss of formatting. 
• The tool provides you an easy to use and interactive interface that let you perform the migration without requiring any extra assistance. 
• The tool doesn’t make any changes to the mailbox and its items. The mailbox and Meta data integrity is kept intact after migration. 
• The tool allows you to perform selective migration of the mailbox items. You can choose which mailboxes are to be migrated. The tool also facilitates to extract particular folders and items within the folders. 
• Besides migration of the converted Notes items to Exchange, The tool also allows you to save them to multiple file formats such as .pst files, .msg files, and .eml files.
• The tool allows you to migrate from all versions of Lotus Notes to Exchange server.
• The tool allows you to perform multiple mailbox conversion simultaneously. 
• The tool allows you to preview the scanned mailbox/mailboxes   . Preview indicates that user is all set for migration. Once user is connected to Domino Server, the software displays the list of items so that user could select the desired folders or items that have to be migrated.
• The software must provide wide compatibility and support. It should be compatible with various Exchange, Notes and Outlook versions.  

So, for a smooth migration from Notes to Exchange, choose the Notes to Exchange migrator wisely. Thoroughly go through the information given at the product page.  Checkout the product features to ensure that the software possess all the functionalities what you desired. 

You can find many software that will promise an efficient Notes to Exchange migration but instead of finalizing the one, try out the demo versions of few software. You can easily compare and evaluate the interface, functionalities and output of all the tested software. Among the tested one choose the one that seems best. 

Also check if the company provides some additional services like remote support, help manuals, special offers or discounts, money back guarantee and technical assistance etc. Once you are done with this primarily exploration, you can opt for the software that seems to suit best to you.

Read more

How to resolve Lotus Notes error: “Entry not found in index”?

As you all know, IBM lotus Notes is one of the popular email clients. It includes the following components e-mailing, calendaring and scheduling, address book, database, web server, programming etc. and provides you with the features like integrated messaging, business applications and social collaboration. Lotus Notes stores its mailbox data in NSF file. The NSF files contain all the Notes mailbox data such as: emails, contacts, calendar entries, notes, journals, etc.

If any damage happens to the nsf files, then notes starts prompting various error messages on the screen indicating database corruption.

Here I would like to introduce the Notes error: "Entry not found in index..."

The error can occur in several situations while working with Lotus Notes documents, design, mails or views. 

Cause 1:

Error: "Entry not found in index..." when opening documents


The above errors can occur while opening document within a view or folder.

The cause for the above error can be an incorrect look up formula in the document's form that returns error. Or the error can also be prompted if a refresh is required for the host view or folder.

•    If a refresh is required for the host view or folder:

Resolution:

•    Press F9 key torefresh theNotes view.
•    Press Shift+F9 to Rebuild the Notes view.
•    If the document’s lookup formula is causing the problem

The above error can occur when you are using @DbLookup and @DbColumn within Notes document. If you are using incorrect syntax of the formula,then the above error can be prompted.

Another reason for the above error to occur is if some value not found. If the @Db Function refers to a key andsearches it in Lookup View and ifit’s not found there then a blank or null key value is returned to the function that causes the above error. Also if the Lookup View is not sorted on the first column, the error can occur. Thus we can say of the referred key is not existing then it would lead to the above error. There can be such situation when the key document is exiting but still the error occurs. This can happen if the Reader Names field within the document does not contain the database Replica ID (.i.e. Replica ID of the database which performs the lookup).

Resolution:

Simply check your formula if something is incorrect in it and then correct the mistake or syntax error.

You can use the @IsError function to diagnose such errors.

For example:

temp := @DbLookup("":"NoCache";"":"";"view";"key";2);
@If(@IsError(temp);"Error message";temp)

If there is one error in the formula then the text, "Error message," will be returned. Otherwise the lookup value (contained in temp) is returned.

Cause 2:

“Entry not found in index”

This error can also occur due to corruption in the names.nsf file.

The names.nsf file is located in the Notes\Data directory. It includes your contacts, connections, locations, and Personal Address Book information. If the NSF file gets corrupt or damaged, you can ask your administrator to create a new one and recover the possible amount of data from the corrupted one.

Resolution:

1. Compact the database 

•    Open the Notes workspace.
•    Select the notes mail database
•    Right click  the database
•    Go to application then properties
•    Click the ” i ” tab
•    Finally click compact to compact the selected database

2. Repair the corrupt NSF file.

Lotus Notes provides free inbuilt utilities to repair corrupt NSF files. You can run the Fixup, compact, Updall commands to perform NSF filerecovery.

Load Fixup -i Load compact -c -i Load Updall -r.

To know more about the inbuilt Lotus Notes repair utilities visit: http://recover-email.blogspot.in/2014/01/how-to-perform-lotus-notes-recovery-for.html

Note:You can run “load command name -?” to get help about any of these commands and know about various available switches.

For example:

 

If the above described methods fail to recover your corrupt NSF file then, you need some powerful NSF file recovery software. The tool must be capable of recovering all the contents from the corrupt NSF file.

You can easily find such Notes recovery software with free demo versions available over the web. After going through the product features, software specifications and other product information available on the page, try out the one that seems suitable to your needs. You can evaluate the output of the DEMO to decide if the tool is capable enough to perform an efficient recovery of the corrupt NSF database and provides you the desired results.

Read more

5 Helpful Tips To Perform GroupWise to MS Exchange Server 2010 Migration Proficiently

If your company is planning to jump from Novell GroupWise to MS Exchange 2010, these five tips will assist you to plan and accomplish a smooth changeover.  

There has never been a better time to migrate from GroupWise to Microsoft Exchange Server. MS Exchange Server 2010 has taken a giant jump forward in terms of cost of possession, flexibility of incorporation, and ease of exercise and management. The capability to directly incorporate on-premises and online employments is a significant part of the new functionality of MS Exchange Server 2010, and migrating from Novell GroupWise to Exchange Server can deliver important advantages. Here are some tips to assist you defeat migration challenges and guarantee a flawless move.

1: Carry out a Pre-Migration Review

Attempt to acquire a clear understanding of what will be implicated and what criterion you will use to calculate accomplishment prior to beginning your migration. Be practical. For a variety of reasons, not each message in GroupWise will be unharmed after the migration, so it is difficult to anticipate 100 percent of your data to migrate effectively. Pick a possible threshold -- for example, 95 percent of messages should migrate for 95 percent of mailboxes  and monitor your percentages. Monitoring outcomes is the key to any victorious migration, and that is feasible only if you begin with a pre-migration evaluation.

2: Provision Your Exchange 2010 Mailboxes

When you generate Active Directory items for Exchange 2010 mailboxes, you should keep in mind that the GroupWise directory is separate from eDirectory, and GroupWise resources don't require eDirectory user objects. If you are planning to export user objects to eDirectory, you may require to build them using a method that is dissimilar from what you used to generate typical user objects.

3: Incorporate GroupWise and Exchange 2010

Find out how directory synchronization among GroupWise and MS Exchange 2010 will be accomplished to guarantee that the GroupWise Address Book and Exchange Global Address List replicate the similar users, distribution groups, and assets. Use SMTP routing to way mail among GroupWise and Exchange and amid the joint GroupWise/Exchange hybrid system and the exterior world. Take note of message size restrictions and message set-up.

Mail flow among GroupWise and MS Exchange 2010 can be attained in either of 2 ways:

a. Exchange 2003 Connector for Novell GroupWise

b. SMTP forward domain

Calendar free-busy lookup is accessible only if you set up an Exchange 2003 machine running the appropriate coexistence connectors prior you install Exchange Server 2010.

4: Run a Pilot Migration

The objective of a pilot migration is to recognize challenges which you may have to face once full migration begins and find out how to avoid or resolve them. Thus, you should anticipate, and even welcome, troubles throughout the pilot migration, which must be big enough to detain a representative sample of the problems that could take place during migration. If the number of mailboxes you are going to migrate is in the low thousands, then nearly 5% of the total people should give a good sample. This percentage can be lesser for tremendously big migrations.

Prior to running the pilot migration, identify how swift the data can be moved by performing a proscribed migration of a known amount of production GroupWise data on a sole migration server. This will provide you a migration baseline based on the throughput in a GB / hour. The throughput states how much time will be taken to migrate the total volume of data and, so, how long the project will run.

The pilot migration also will aid you in finding out the amount of disk space needed on the target, which can differ to a great extent from the source, depending on your version of Novell GroupWise and the platform on which it is being run. Occasionally, the volume of data on target will be larger than the data on the source, and the only method to recognize how your data is going to perform is to test it.

5: Migrate the Data and Track Migration Progress

After every group of mailboxes is migrated, find out the total number of messages moved, the total number of messages filtered (missed out), and the total number of errors or notices per mailbox. The software solution which you are going to make use of for this task should offer individual logs for every migrated mailbox that includes the total number of messages and appointments the mailbox enclosed prior to migration. Include the number of filtered objects to the number of moving objects, deduct the number of errors, and divide the outcome by the total message count to estimate a percentage. If that percentage is 98 percent or upper, you can self-assuredly sign off on the mailbox as an accomplishment.

If you are still not able to migrate Groupwise to Exchange 2010 successfully using the above tips due to some problem in the migration process, then it is recommended to make use of any third party migration software which can easily migrate your Groupwise data to Exchange 2010 without causing any data loss during the migration process. You can try out Stellar GroupWise to Exchange Migrator which is the most-widely used migration software by the small to mid-sized to large corporations around the world. 

Read more