Monday, March 30, 2015

Running ExFolders in Exchange 2010 server generates following errors.The Active Directory User wasn't found.

Running ExFolders in Exchange 2010 server generates following errors.

An error occurred while trying to establish a connection to the Exchange Server. Exception The Active Directory Use wasn't found. The reason for this error is “empty Servers container” present within the “old admin groups” within the Exchange organization. To be clear what needs to be deleted is “Empty Servers Container” and leaving old administrator group alone. The issue described is also most likely is causing PF replication issues in your organization and most common reason of this issue is completing Exchange 2003 migration by taking out last Exchange 2003 server from environment.



The fix is fairly simple , open ADSI Edit  Connect to Configuration Partition and delete the empty Servers container ONLY!!!!

  • CN=Configuration,DC=ZtekCorp,DC=org
  • CN=Services
  • CN=Microsoft Exchange
  • CN=ZtekZone
  • CN=Administrative Groups
  • CN=Messaging Servers
  • CN=Servers


save the changes and verify the ExFolders works as expected and the issue with PF replication is no longer exist. It is pretty safe to delete the empty server container as long as you wont mess with Old administrator group alone.

Oz Casey, Dedeal  ( MVP North America)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server + (Blog) (Blog)

Twitter @Message_Talk

Thursday, March 26, 2015

Running MAP Toolkit for SQL and Exchange Server related reporting.


MAP toolkit is pretty impressive tool set from Microsoft and it is free. You can perform real simple application related queries ( SQL,Exchange Server ,Oracle ,Desktop,Virtualization etc.) and produce powerful and useful information for the given environment. The MAP toolkit helps increase the agility and cost effectiveness of deploying the latest Microsoft technologies and it provides pretty comprehensive reports. It is worth it to have MAP toolkit  in the environment and it can be pretty valuable tool.


Installation MAP is pretty straight forward , I will list the steps and some of the tweaks to save some time.

  • Install MAP tool
  • Create repository database by clicking on file and selecting Create/Select Database


  • Provide name to your database and click on the bottom


  • Verify the database has been created


  • Click Database and under SQL Server Discovery , we will run our fist query


  • Click Collect Data


  • Select SQL servers ( the information pane is very useful it provides detailed information about what has been selected)


  • We will first run SQL server query and come back to run SQL server with Database Details query


  • We will use pre defines text file to import the servers we would like to use for the scan m click next, the text file will have SQL server names in a simple fashion.


  • Click next


  • Click Save and next


  • Click next again, on the import files click "Create"


  • Click "Add"


  • Locate the text file
  • Select "Use All Computers credentials list"


  • And click save


  • Click next on the summary page my sure you have captured all you need to run the query


  • Now the query will run against the server provide by the list


  • You will see the numbers will go up as the MAP toolkit discovers and adds the SQL server into inventory


  • You can click on details to see more information


  • Once it is complete , click close
  • Now click on SQL discovery and under options you will have reports you need




  • Now export the SQL data by clicking on it



  • You can copy and paste these reports onto your workstation.


If you open exported Excel spreadsheet you will find very useful and comprehensive data  for your environment.


Location of Local MAP inventory databases

  • C:\Users\UserName \Documents\MAP\Database Backups
  • You can export and import the databases to be used and shared among administrators.

Diagnostic Logging for MAP (Troubleshooting)

  • Location of Map Toolkit.log file C:\Users\UserName\AppData\Local\Microsoft\MAP
  • Each time the MAP tool runs it creates section similar below, this will help for troubleshooting issues to see what is going on.


Firewall Ports for MAP to run properly

  • Will need to open ports 135 and 1024-65535, ( source to destination) the reason for this has to do with the way RPC works. WMI uses DCOM to communicate with remote machines, and DCOM uses RPC extensively.
  • Use Port scanner to determine the ports on the destination and ask assistance firewall team


Oz Casey, Dedeal  ( MVP North America)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server + (Blog) (Blog)

Twitter @Message_Talk


Wednesday, February 25, 2015

File Share Witness & Exchange 2013

In a DAG ( Exchange 2013) to have ability to perform automatic failover requires three separate physical network locations.In the scenario below two redundant datacenters for DAG and third datacenter is used (Azure Network.) for Witness server for DAG1. If you look carefully you will realize we used two different Active Directory Site for DC1 and DC2 and stretched the DAG1 on both datacenters. We placed Domain controller on the Azure network and created AD site. ( Enabling FSW on the DC  while possible it is not recommended configuration)

Organizations with only two physical locations now can also take advantage of automatic datacenter failover by using a Microsoft Azure file server virtual machine to act as the DAG’s witness server.

This configuration requires a multi-site VPN. It has always been possible to connect your organization's network to Microsoft Azure using a site-to-site VPN connection. However, in the past, Azure supported only a single site-to-site VPN. Since configuring a DAG and its witness across three datacenters required multiple site-to-site VPNs, placement of the DAG witness on an Azure VM wasn't initially possible

How to configure Azure network for FSW is documented here

In this configuration several things to be considered.

  • Make sure your operational  requirements meets the usage of the Azure Network
  • Initials configuration extending Azure network to your data centers will require addition network configuration and the work is  documented on the link provided above.
  • You will need to pay as you go within the Azure Network. ( remember Cloud is not cheap)
  • Having Domain Controller AND extending your network to Cloud could help you if your plans to move into Cloud at some point.
  • Configure Multi Site VPN documented here





Oz Casey, Daedal  ( MVP North America)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server + (Blog) (Blog

Sunday, February 22, 2015

Outlook Connectivity With Exchange 2013


There are major changes within Exchange 2013 compared to Exchange 2010. The way Outlook Client connect to Mailbox Server to get its mail data is  “simplified” there is no need for middle tier with Exchange 2013. The way I see,  as long as Exchange Server and its architecture requires less IOPS to operate, there will be more room for improvements and simplicity.


  • User Logs into workstation, it authenticates to active directory with a valid user name and password.
  • User opens Outlook at the first time, outlook performs AutoDiscover Lookup to figure out logged in user mailbox GUID.
  • Outlook connects to CAS Server, and CAS Authenticates the request (Exchange 2013) using HTTP, it provides mailbox GUID as its endpoint to CAS array.
  • CAS takes this information and performs Active Directory lookup
  • AD will provide the user information back to CAS Server
  • CAS server will make a query to Active Manager Instance, which runs inside the “Microsoft Exchange Replication Service” on all Mailbox Servers
  • Active Manager Instance will pull information about requested user mailbox, the name of the mounted database (Active DB) and the Mailbox server name.
  • CAS proxies the request to Mailbox Server hosting the active copy of database.
  • The data rendering happens on the backed Mailbox Server
  • The affinity for user connection is no longer needed on the CAS level.



Oz Casey, Dedeal  ( MVP North America)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server + (Blog) (Blog