Thursday, July 24, 2008

quick way to check if a mailbox has delegates - exchange 2007 SP1 - powershell

Sometimes you get those calls where a user is getting strange meeting invites and they just don't know why. Your first guess is that they're on another user's delegate list. So you go through the list of people on the meeting invite and try go figure out who the culprit is. Prior to Exch 2k7 SP1, you had to either track each one down or create a bunch of profiles and search. Now you can do it from powershell.

# script to check delegates for a particular mailbox
$UserToCheck = get-mailbox UserName
#check what users have access:
$result = $UserToCheck.GrantSendOnBehalfTo
#display results
$result

Monday, July 21, 2008

GlobalNames Zones - somewhat of a band-aid for phasing out WINS

So I've been reading up in preparation for my Microsoft upgrade exams and I noticed a new DNS feature. Since WINS doesn't support IPv6 they came up with the GlobalNames Zone as an interim solution. Their description is:
"The GlobalNames Zone is a new feature that provides single-label name resolution for large enterprise networks that do not deploy WINS and where using DNS name suffixes to provide single-label name resolution is not practical"

In other words, you don't want or can't use WINS anymore but you've still got these irksome boxes that have to be referenced by simple names like "Webserver1".

To set it up, you first have to be using Windows 2008 DNS servers. (Note that they say that it'll work if not all the AD servers are upgraded). Now from a command prompt run:
dnscmd servername /config /enableglobalnamessupport 1
and repeat on all your authoritative DNS servers. Reboot them for good measure.

Note that if you run dnscmd /? or dnscmd /config /? you won't see this flag listed anywhere. Nothing gives you confidence like running switches that don't appear to be documented.

Once that's done, go into DNS Manager and create a new Forward Lookup Zone. The type will be Primary, and Stored in Active Directory. Name it GlobalNames

Now you should be able to start creating your single name records in the DNS Manager.
Since all the Microsoft examples I've seen so far use the command line to do this, I'll stick with that approach. Basically all we're going to do is attach a CNAME record to redirect requests for "HONEYPOT" to the FQDN "HONEYPOT.DECOY.LOCAL"

dnscmd /RecordAdd GlobalNames HONEYPOT CNAME HONEYPOT.DECOY.LOCAL

Now they don't view this as a complete WINS replacement since it doesn't do auto-registration from clients, etc but if you've got fairly static servers/resources and you're moving to IPv6 or away from WINS this should do the trick. I do recommend some caution as this is a pretty new feature and I'm going to wait awhile before trying this out in our production environment.

For more information:
Microsoft Paper: DNS Server GlobalNames Zone Deployment

Technet forum:
http://forums.technet.microsoft.com/en-US/winserverNIS/thread/8953820a-3f2f-4929-9a3e-2b0731b80e04