What’s new in Exchange 2010 SP1

June 7, 2011 at 4:01 pm | Posted in Microsoft, Vendor news | 2 Comments

With the release of Microsoft Exchange Server 2010, SP1 comes a laundry list of the new enhancements that we thought you might find helpful, or at least were worth mentioning here.

We live our lives under the microscope. As an Exchange administrator, you will need to track changes for regulatory compliance. Exchange 2010 SP1 allows enhanced auditing ability. Audit logs are accessed using the Exchange Control Panel (ECP) Auditing Reports page, or with the Search-AdminAuditLog or New-AdminAuditLogSearch PowerShell cmdlets.  You may not find out if somebody from the future is asking about the whereabouts of Sarah Connor, but the new audit abilities of Exchange 2010 SP1 allow you to know who logged into a mailbox and what actions were taken.  You can now track mailbox access by mailbox owners, delegates, administrators, whether a message was moved or deleted, and whether a mailbox folder or message was accessed.

Exchange 2010 SP1 also offers new event log entries, alerts, and performance monitor alerts that can be used to monitor and troubleshoot message tracking. You can get logs of every operation that was executed by a Client Access server processing a delivery report request to ensure detailed tracking.

The permission enhancements with Exchange 2010 SP1 let you limit which databases certain administrators can manage and control via database scopes. Unfortunately, this feature is not backwards compatible to Exchange 2010 RTM.  Database scopes cannot be viewed, modified or deleted from Exchange 2010 RTM servers.

That brings us to a much needed distinction. Exchange administrators and Active Directory administrators have separate duties. Exchange administrators should not have permissions to Active Directory, and Active Directory administrators should not have permissions to Exchange. The default model of Exchange 2010 uses the shared permissions model which does not separate the management of Exchange and Active Directory objects within the Exchange management tools. In Exchange 2010 SP1 you can separate Exchange management and Active Directory management with the split permissions model. You can have RBAC split permissions, where the RBAC controls who can create security principals in the Active Directory domain partition. You can also have Active Directory split permissions which has the creation of security principals in Active Directory, such as mailboxes and distribution groups, done by only using Active Directory management tools not by RBAC.

A few more highlights in Exchange Server 2010, SP1:

  • You can use the Exchange Control Panel (ECP) to manage Exchange ActiveSync devices.  You can use the ECP to allow or block a specific mobile phone or device for a specific user.  You can set up alerts when a mobile device is quarantined.
  • You can use the new Reset Client Access Virtual Directory wizard to reset the Client Access server virtual directory if you have a damaged file on a virtual directory.
  • You can detect and repair mailbox and database corruption issues with the New-MailboxRepairRequest cmdlet.
  • You can troubleshoot excessive mailbox database log growth with a new script named Troubleshoot-DatabaseSpace.ps1.

Exchange 2010 SP1 includes new scripts that help you monitor and manage your Exchange environment.

  • StartDagServerMaintenance.ps1: This script is used to take a DAG member out of service for maintenance. This script moves active databases off of the server and block databases from moving to that server.  It moves all critical DAG support functionality on the DAG  member that is out of service  to another server and blocks the critical DAG support functionality from moving back to the server.
  • StopDagServerMaintenance.ps1: This script puts the out of service DAG member back in service and removes any blocks on moving critical DAG support functionality from moving back to the server.
  • CheckDatabaseRedundancy.ps1: This script checks the redundancy of replicated databases, and generate events if database resiliency is found to be in a compromised state.

For more  information on Exchange 2010 SP1 and other issues with Exchange check out The Exchange Team Blogs: You had me at EHLO on TechNet.

–George Monsalvatge


RSS feed for comments on this post. TrackBack URI

  1. Hi

    Is there any powershell script to get the user mailboxes auditing reports

  2. You have to first make sure that auditing is enabled for the mailbox.

    Set-Mailbox -Identity “Joe Lunchbucket” -AuditEnabled $true

    You can then use Search-MailboxAuditLog to search a single mailbox or New-MailboxAuditLogSearch to search multiple mailboxes.

    This example creates a mailbox audit log search to search Joe Lunchbucket and Penelope Pitstop’s mailboxes for administrator and delegate logons from 1/1/2011 to 06/30/2011. Search results are delivered to Administrators address (AdminGuy@nutex.com) by e-mail.

    New-MailboxAuditLogSearch “Admin and Delegate Access” -Mailboxes “Joe Lunchbucket”,”Penelope Pitstop” -LogonTypes Admin,Delegate -StartDate 1/1/2011 -EndDate 06/30/2011 -StatusMailRecipients “AdminGuy@nutex.com”


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Entries and comments feeds.

%d bloggers like this: