Sunday, October 30, 2005

How ESM Matches Public Folder Objects to Directory Objects

Jason Dool recently posted this article on how ESM gets the properties of Public Folders.

I recently worked on a few support cases where questions came up on "what exactly happens" when we use the Exchange System Manager (ESM) to pull up properties of public folders. How does the ESM find a matching public folder directory object in Active Directory, to display the public folder email addresses?

In order to understand this we need to first understand how the directory object is created originally. A directory object is created in a mixed mode Exchange environment for every public folder in the organization, but is also hidden from the address book by default. This is due to the requirements for 5.5 public folder objects, where all public folders were mail enabled by default. Also, in mixed mode, the "mail re-enable" option is also available (when right-clicking on public folders in the public folder hierarchy) for disaster recovery situations in which recreation of the Active Directory object would be required. However once a native mode Exchange environment is in place, the directory object in the Microsoft Exchange System Objects Container (OU) get created only when the public folder is mail enabled manually.

When a public folder is mail enabled, the directory object is created inside the Exchange System Objects container inside the domain in which the exchange server resides. If this is a mixed mode organization then the PR_PF_PROXY_REQUIRED MAPI attribute is set to TRUE (1) on the folder. If this is a native mode organization then both PR_PF_PROXY_REQUIRED and PR_PUBLISH_IN_ADDRESS_BOOK are set to TRUE (1). Finally the Active Directory object itself is created using the folder's display name to compose the new objects distinguishedName attribute. As long as another object does not exist in Active Directory with the same distinguishedName then it will be created.

When the properties of a public folder are desired and accessed via Exchange System Manager several steps take place. First the value of PR_PF_PROXY is retrieved. Then we query the Active Directory for the objectGUID using the PR_PF_PROXY attribute. If the GUID is found then we know that this folder is mail enabled and has a directory object. At this point the property pages for the public folder are displayed with the additional tabs needed to display the mail enabled attributes.

Exchange Insider articles are now live on the Exchange TechCenter!

Our friend Nino Bilic has posted this article on the new Exchange Insider articles. This is a good place to get deeper technical information from the Exchange User Experience Team within Microsoft. Their goal is to write tech docs and explain error codes. Good stuff...

I am very happy to announce that Exchange Insider articles are now live on the Exchange Server TechCenter site. There are several articles that have been published, and many more are to come, so keep checking for updates!

Let me also give you a bit of history behind this new content:

Over 3 years ago, I started writing and compiling an internal Microsoft technical “newsletter” of sort with the idea of getting short and digestible Exchange training into people’s Inboxes on a weekly basis. The main goal was to have technical tips that were relatively short, to-the-point, yet really deep technically on the subject being covered. It ultimately turned into one of tools that we now use internally to get the word out about things that are going on with Exchange (common problems, solutions, tips for troubleshooting, and so on).

Over time, the distribution list for the newsletter grew, beyond my wildest expectations, reaching every corner of Microsoft. Many people from Support Services, the Exchange Product Group, and other parts of Microsoft contributed content, ideas, reviews, suggestions and feedback. However, as the content was written for internal audience, it was not suited for customer use.

Well, our Exchange UE team decided to take on the huge task of reviewing all the newsletters and preparing them out to be published to the Exchange Server TechCenter for all to see and use. The Exchange UE team had to figure out how to publish them, where, and in what format, which was no small task considering that there were over 160 separate newsletters that had been sent over the last 3 years. We hope that you like the results of the combined efforts of Support Services and the UE team. Please let us know what you think of this new content! Remember, this content is written by folks in various support roles, so it should have pretty high applicability to real life situations! We are also looking at RSS enabling that page (can’t promise it though).

Again, the articles can be found here:

New rules synch behavior in Exchange 2003

A solution is now available for a problem which might be encountered when moving a large number of mailboxes between Exchange servers (Knowledge Base article 899328).

When you move several mailboxes from one Exchange server to another there may be a delay in synching the rules on the new mailbox and the mailbox rules might not work for some time after the move. During the move the rules are moved in a server-independent format and are eventually converted (synched) to rule messages appropriate for the new target server. The synch takes place in a background process that fires periodically and processes a single mailbox each time the process fires, even though there might be several mailboxes that have been moved successfully and are ready to be synched. The new behavior introduced by the fix aggressively processes (synchs) the rules for all mailboxes that have completed moving since the last time the rule synching event fired.

By default, the rule synching process fires every 1 hour but can be altered by using the Rules Synch Retry Frequency registry value defined below:

HKLM\System\CurrentControlSet\MSExchangeIs\<private store guid>\ Rules Synch Retry Frequency

Value Type: DWORD

Minimum: 60

Maximum: 2592000

Default: 3600

The value is in units of seconds and the minimum value possible is 60 (1 minute) while the maximum is 2592000 (30 days). It may be tempting to set it to 1 minute to get the fastest possible synching but this may actually reduce the throughput because the average sized mailbox takes 2-3 minutes to move and only mailboxes that have completed moving will be synched. In my own tests I found that a 5 minute synching interval during a large migration worked reasonably well. If you find that the new behavior introduced by this fix is too aggressive (perhaps you notice a throughput performance problem) and would like to limit the number of mailboxes synched per rules synch event, you can use the new registry value Rules Synch Batch Limit to set a limit. It is defined as:

HKLM\System\CurrentControlSet\MSExchangeIs\<private store guid>\"Rules Sync Batch Limit"

Value Type: DWORD

Min: 1


Default: All the mailboxes ready to be synched

The values are in units of “mailboxes to synch” where 1 means synch 1 mailbox per rules synch event. 0xFFFFFFFF is a special value which means “sync all” (the default behavior without this registry key).

Another related registry key you may find useful is the Rules Synch Retry Limit used to set the number of times to retry synching a mailbox if the first attempt is unsuccessful. This might be useful if there is something wrong with the mailbox which will keep the rules synch from ever completing successfully. It is defined as:

HKLM\System\CurrentControlSet\MSExchangeIs\<private store guid>\"Rules Sync Retry Limit"

Value Type: DWORD

Minimum: 0

Maximum: 250

Default: 24

If an attempt to synch a mailbox fails, an 1151 event is logged if the diagnostic level is set at medium or greater, except if the reason for failure is that the mailbox move is still in progress. Below is a sample 1151 event:

Event ID: 1151
Source: MSExchangeIS Mailbox
Description: A rule synchronization error (1144) has occurred on Mailbox Store "SG1\MB3 (SJOCA-XMB02)".
The mailbox folder is Top of Information Store\Inbox.
The distinguished name of the owning mailbox is /o=TEST/ou=TEST/cn=Recipients/cn=s140605.
There are 24 of 24 retries remaining.

An 1154 success event is logged for every successful synch if the diagnostic level is set at maximum. Below is a sample 1154 event:

Event ID: 1154
Source: MSExchangeIS Mailbox
Description: Rule synchronization has successfully completed.
The mailbox folder is Top of Information Store\Inbox on database "SG1\MB3 (SJOCA-XMB02)".
The distinguished name of the owning mailbox is /o=TEST/ou=TEST/cn=Recipients/cn=s140605.

The fix containing the solution is only available for Exchange 2003 and would therefore only be applicable for migration scenarios where the target or destination server is Exchange 2003.

Vmware released Virtual Machine Player, it plays Micrsooft VM's too

Ok ok. I know this is not specific to email, but if you still use VMWare for testing environments, this is kinda cool. Of course, PS Virtual Server is the official route to go... wink wink.

VMware Player is free software that enables PC users to easily run any virtual machine on a Windows or Linux PC. VMware Player runs virtual machines created by VMware Workstation, GSX Server or ESX Server and also supports Microsoft virtual machines and Symantec LiveState Recovery disk formats.

VMware Player can be used by anyone to run virtual machines on a Windows or Linux PC. VMware Player makes it quick and easy to take advantage of the security, flexibility, and portability of virtual machines.

VMware Player can be used by anyone to run a virtual machine shared by a colleague or friend. For example, customer support and development teams can share a customer scenario encapsulated within a virtual machine.

VMware Player is ideal for safely evaluating pre-built application environments, beta software, or other software distributed in virtual machines. With VMware Player, anyone can easily experience the benefits of preconfigured products rapidly without any installation or configuration hassles. Pre-built applications from leading software vendors are available from the VMware VMTN Virtual Machine Center

Download VM Player

Saturday, October 29, 2005

Top 11 Hidden Features in Outlook Web Access for Exchange 2003

Here is an interesting post from Jason Henderson on some cool tricks in OWA2003 and Outlook2003... I think the MultiSelect Sort on Columns is my favorite....

Over the years that OWA has been developed we’ve kept our focus on improving user productivity through supporting many of the timesaving features present in Outlook and other Windows applications. Unfortunately many users don’t realize that these features are available in OWA since features like hot-keys aren’t often available in web applications. I think we need to do some work to make some of these features more discoverable, but until we do we’ll need to use postings like this one to spread the word that OWA is not your run-of-the-mill web mail application.

I decided to do this posting after talking with a candidate that was interested in filling our OWA Test team opening (still hiring, e-mail owajobs if you are interested) who said that she very frequently used OWA, but the thing annoyed her the most about OWA was the lack of type-down search. As much as I do love showing type-down search to people who make that comment and watching their jaw drop, I decided to do my part in making some of this “hidden” functionality in OWA more visible by compiling some of my favorite hidden features in this blog post. I started with the top 10 features, but there was just too much useful functionality to share, so I had to make it the top 11 features for now, and I’m sure I’ll be adding more later.

  1. OWA supports hotkeys! Billg made this request himself after typing ctrl-n and seeing a new IE browser pop-up instead of a new mail message like Outlook. Here’s a partial listing of some of the hotkeys I use most frequently that save me hours and hours:
    1. ctrl-n -Open “Compose New Mail” form
    2. ctrl-k -Resolve name typed in recipient well
    3. alt-s -Send mail
    4. escape -Close window
    5. ctrl-r -Reply to a message
    6. ctrl-R -Reply-all to a message
    7. ctrl-shift-f -Forward a message

For the full listing of hotkeys see the OWA Help documentation.

Remember that a message needs to be selected and have focus for many of the hot-keys to work.

  1. Putting an = in front of the e-mail alias that you are trying to resolve when composing a mail will automatically resolve it to any exact matches. Tired of typing johnr in to the To: line and being prompted as to whether you meant johnred or johnr or johnreb? Well no more, simply type in =johnr and the name will automatically resolve to johnr when you use the super nifty hotkey ctrl-k that you leaned about in hidden tip #1. This works in Outlook as well.

  1. Drag n’ drop works between the folder tree view and the message list view in your mailbox. Drag a message from your inbox to the folder where you want to put it just like you would in Outlook. Note: Drag n’ drop doesn’t work between public folders and private mailboxes While you are at it, take a look at the cool right-click context menu’s put in folder view and the folder tree.

  1. The S/MIME control isn’t just for S/MIME! After you install the control you can also drag in-line attachments like pictures or documents in to the message you are composing and they are automatically inserted just like in Outlook. The coolest part of this control is that you can also drag and drop other messages in to your e-mail as attachments. Try it! First make sure the S/MIME control is installed by checking your options page and make sure it says “Reinstall” not “Install”.

Then open the “Compose New Mail” form, switch back to the message list view and drag a message from you inbox to the “Compose New Mail” form and let up on your mouse button. Voila! It’s now in the body of your new mail.

  1. Type-down search works in all your mail folders and makes it VERY easy to find the message you want quickly. To use type-down search order the folder by a column like “From:” then give focus to a message in the view by clicking on it once with your mouse, then quickly start typing the first name of the person. You’ll see an hour glass, and then the view will be updated with the mails from the person whose name you started to type in.

  2. We don’t have a five day view like Outlook, but don’t let that stop you from looking at multiple days in the calendar. See multiple days at the same time in the calendar view by holding down the control key and clicking down on multiple days with your mouse in the month-view date picker. I just happened to pick three contiguous days, but they could be any days in the month and in any order.

  1. Speed up your browsing with OWA Basic! A fact that many people miss is that OWA comes in two flavors that we call Premium and Basic. OWA Premium is the version that you get in IE 5.5 and higher, and OWA Basic is the version that you get in all other browsers. OWA Basic, while it leaves a bit to be desired aesthetically, can be very useful to use on low-bandwidth connections. If you are using OWA over a dial-up connection with high latency I strongly recommend checking “Basic” on the login page, you’ll have a much snappier experience because OWA Basic doesn’t need to download all of the thousands of lines of script that we use to make OWA Premium so “Outlook-like”.

  1. Sort on multiple columns at once by holding down shift and clicking on the column headers you want to sort on. I didn’t know about this hidden feature myself until I asked our Development team for some additional hidden features. This is useful if you want to sort by multiple criteria, like Meeting Requests from John Doe. First click on the “From” column header, and then shift click on the column that has the icon in it designating mail or meeting request. Note: We do assume a secondary sort of date by default, so any time you sort by a column other than date, we sort it by the primary column, and then apply a date sorting.

  1. Spell check every mail before you send it automatically! This option is available from the Options menu in OWA. Select “Spell check mail before sending” and never send a typo again!

  1. Get a nicely formatted agenda view by adding this URL to your favorites: https://<servername>/exchange/<alias>/calendar/?cmd=contents&part=1 This URL is used by our OWA web parts to expose calendaring functionality to SharePoint portals, but you can take advantage of it without SharePoint, just by adding this URL as a favorite to your browser or a shortcut on your desktop.

  1. Double click on any hour marker or yellow calendar open space to create a meeting starting at that time. This is a bonus tip that I realized I take for granted, but others may not know about as I was creating the meetings to populate my calendar for the screenshot in hint #10. Just double-click on the 8 in the gray time strip, or in an empty yellow space to create a meeting starting at 8 a.m.

There you go, that’s 11 tips to improve your productivity using OWA. If any of these are helpful to you, please pass them on to your coworkers so that more people can benefit from the full power of this awesome web application. If you are an Exchange Admin, why not print off this list and send it to your users, or post for them to read on your intranet.

I’ll try to keep updating this list to add new hidden features as I think of them. Also stay tuned to this site, because this will certainly be one of the first places to update you on the new features in our next version of OWA.

Friday, October 28, 2005

Microsoft changes its support for Vmware!

Today Microsoft changed its support towards Microsoft software running on Vmware serveres (and virtual software in general).

Untill yesterday if you had a Microsoft Premier Support contract and you had a problem with a Windows server running in a virtual machine running on Vmware GSX or ESX server, the support engineer would not help you. In those cases you had to re produce the problem on physical hardware, even with Premier Support contract.

Today that has changed, a bit, read carefully:

For Microsoft customers who have a Premier-level support agreement, Microsoft will use commercially reasonable efforts to investigate potential issues with Microsoft software running in conjunction with non-Microsoft hardware virtualization software. As part of that investigation, Microsoft may require the issue to be reproduced independently from the non-Microsoft hardware virtualization software. Where issues are confirmed to be unrelated to the non-Microsoft hardware virtualization software, Microsoft will support its software in a manner that is consistent with support provided when that software is not running in conjunction with non-Microsoft hardware virtualization software.

Well it's better then before,

Non-premier customers don't get this support:

Microsoft does not test or support Microsoft software running in conjunction with non-Microsoft hardware virtualization software. For Microsoft customers who do not have a Premier-level support agreement, Microsoft will require the issue to be reproduced independently from the non-Microsoft hardware virtualization software. Where the issue is confirmed to be unrelated to the non-Microsoft hardware virtualization software, Microsoft will support its software in a manner that is consistent with support provided when that software is not running in conjunction with non-Microsoft hardware virtualization software.

Complete KB:


Tuesday, October 18, 2005

Exchange 2003 Service Pack 2 release Wednesday


Tomorow Micrsoft will release Exchange 2003 Service Pack 2.

SP2 is a cumulative update that enhances your Exchange Server 2003 messaging environment by adding:

Mobile e-mail improvements

Better protection against spam

Advanced mailbox improvements

News Source:

Thursday, October 13, 2005

Sender ID

This is a really cool extension for Outlook if you are working with SenderID

You may already know that Exchange 2003 SP2 includes a new feature for SenderID support.  SenderID ( is the e-mail authentication framework that targets one of the most common security issues in the world of SMTP message transfer, which is spoofing.   In short Sender ID allows administrators of an e-mail domain to protect the identity of this e-mail domain by registering the special DNS record, also called SPF record, that lists the hosts (IP addresses, names, etc) that are authorized to send e-mail from that domain.  For example the SPF record for e-mail domain lists about 20 authorized hosts. You can pre-view the record by doing nslookup –q=TXT” and then “nslookup –q=TXT”.


So Exchange 2003 SP2 allows to query Internet DNS for SenderID/SPF records for the given domain mentioned as the sender domain in an e-mail message and then, depending on the result of that check, take appropriate actions on that message,.  The action could range from blocking the message at the protocol level (for example when SenderID check returns the “Failed” status) or passing the message to the next layer of filtering such as Intelligent Message Filter which takes the SenderID check result into account when making its anti-spam analysis decisions.


To give you the taste what SenderID check can accomplish let’s take a look at the following table of possible SenderID results that can be returned for a given message.


  • Stamp and Continue - means acknowledge message acceptance and use SenderID check result in further filtering (such as IMF anti-spam)
  • Reject – means respond with the 550 SMTP error code.   In this case the generation of the Non-Delivery Report (NDR) becomes the responsibility of the sending server.
  • Delete – means acknowledge message acceptance and then turf the message.


Sender ID check result


Sender ID Actions in E2K3 SP2

Neutral (?)

Domain makes no assertion about the IP address

Stamp and Continue


Pass (+)

Client is authorized to send mail on behalf of the domain from a matching IP address

Stamp and Continue


Fail (-)

- Sender Domain Does not Exist

- Sender is not permitted

- Malformed domain

- No PRA found in the header

Client is explicitly NOT authorized to send mail on behalf of the domain from a matching IP address

Stamp and Continue





Soft Fail (~)

Client might not be authorized to send mail on behalf of the domain from a matching IP address

Stamp and Continue



No Sender ID records are published for this domain

Stamp and Continue



Receiving server encountered a transient error when performing the check

Stamp and Continue



The domain’s published records couldn’t be correctly interpreted

Stamp and Continue



Probably the most interesting is the “Fail” SenderID check result as it has the capability to prevent spoofed messages from ever entering your environment.  Note that “Fail” SenderID result is also generated for messages that have non existent domain as the sender!


Other SenderID check results are also helpful because they can show varying degree of trust that you have for messages entering your environment, depending if they come from an “authorized” or “prohibited” IP’s.


While all the above is interesting, some people (such as e-mail administrators) may want to see the SenderID result for messages sitting in their mailbox.  This can be used for troubleshooting or testing purposes or perhaps for building client side rules that take SenderID check into account.  It turns out with a few simple steps this becomes possible.  When the Exchange 2003 SP2 evaluates the SenderID status of the message, the result is added to the message as a mailmsg property and persists from Exchange Server to Exchange Server inside the X-EXCH50 blob.  When the message arrives to the mailbox server, Sender ID status is converted to a server side MAPI property. 


In the next steps we’ll try to visualize this MAPI property (0x40790003) in our Outlook 2003 client.  While there are multiple ways of doing it, let’s follow the approach that some of you may have used for visualizing the SCL value in Outlook. (

Copy the below text into a new text file as SenderID.CFG (in the same location as the .ICO files, usually Program Files\Microsoft Office\Office11\forms\language ID).

;**********The CFG file**********




DisplayName=SenderID Extension Form



Comment=This forms allows the SenderID to be viewed in a column in Outlook






Owner=Microsoft Corporation













































;**********END CFG

  1. Go into Tools | Options | Other | Advanced Options | Custom Forms | Manage Forms. Hit the Install button, and choose SenderID.CFG …install into your Personal Forms Library
  2. Hit OK several times to return to the main Outlook screen
  3. Right-click on the Column headings in your Inbox (other any other folder) and choose "Field Chooser"
  4. Pull-down the scroll-bar and choose "Forms…"
  5. Set focus to your Personal Forms, choose the SenderID Extension Form, then click Add
  6. Drag and drop the SenderID property into your column headings …and voila, you now should see the SenderID status for messages that come from the Internet through your Exchange 2003 SP2 gateway.


Now you are able to correlate the numeric status code to the SenderID result using the following table:

Sender_ID Result

Numeric Code















As the last step, for those of us who prefer labels instead of numbers, Outlook allows you to create custom fields based on the formula.  To do that, follow the following steps.

  1. Right-click on the Column headings in your folder where you enabled SenderID field and choose "Field Chooser"
  2. In the Field Chooser, click New.  Type SID as the field name, use Formula as the Type.  In the Formula field copy&paste the following (without the quotation marks)
    1. “IIf([SenderID]=1,"NEUTRAL",IIf([SenderID]=2,"PASS",IIf([SenderID]=3,"FAIL",IIf([SenderID]=4,"SFAIL",IIf([SenderID]=5,"NONE",IIf([SenderID]=-2147483641,"PERM_ERR",IIf([SenderID]=-2147483642,"TEMP_ERR",[SenderID])))))))”
  3. Click OK and Drag&Drop the newly created SID field into your column headings.  You can hide the original SenderID field now by dragging it out of the column headings.


Obviously the form makes sense to install if you have Exchange 2003 SP2 in your environment and have SenderID checks configured on your gateway.


- Konstantin Ryvkin

Wednesday, October 12, 2005

Office 2003 Add-in: Outlook Calendar Views

The Microsoft Office Outlook 2003 Calendar Views Add-in makes it easy for you to view your Outlook Calendar appointments through a filter that is based on Outlook labels and categories. For example, you can create a view that shows you only the appointments on your calendar that are labeled Must Attend, or are categorized as Important.

You add filters by using the Calendar Views toolbar, which opens in your Outlook Calendar after you install the add-in.

Tips for using this add-in are available within Work Essentials, a resource that provides free occupation focused expert advice, demos, templates and webcasts.

Note: This add-in is for Microsoft Office Outlook 2003 only.

Download At :

Exchange Server Best Practices Analyzer Update

Microsoft has updated ExBPA!  This download contains the latest ExBPA.Config.xml and ExBPA.chm files. Use this package to update your existing installation of the Exchange Server Best Practices Analyzer. NOTE: If Internet connectivity is available, the Exchange Server Best Practices Analyzer will attempt to automatically update itself from the Internet. Where updates are being applied automatically, there is no need to download the Web Update Pack.

To find out which version of ExBPA.Config.xml is installed on your computer, click the 'About Exchange Server Best Practices Analyzer' link within the tool. The upper version number refers to the core application (e.g. 2.1.7599.4), the lower version is for the configuration XML file.

Download at:

Monday, October 10, 2005

ADModify.NET 2.1 Released

the 2.1 release is finally here. Here is a list of the added functionality:

- Added MAPI user enable/disable (requires Exchange 2003 SP2)
- Fixed bug in variable parser to allow literal /% and /' strings
- Fixed killmail code to include all attributes listed in KB 307350
- Added "Update Email address on General Tab" option for both cmd and gui versions, for
updating the mail attribute when a primary SMTP address is added
- Added wildcard search ability when removing email addresses
- Added "do not remove primary" option when removing addresses
- Added Wireless OMA/UIS/UTD options in GUI

Some of the requested changes did not make it into this build as they would have pushed the release date back even further. Rest assured that these options are still being considered as additions to the tool. Any issues or feedback with the 2.1 release, please email

Download At Source

News Source: