Windows Folder Redirection

KB ID 0000467 

Problem

Q: What is Folder Redirection?

A: Essentially you can take folders that hold things like your “My documents” or your “Favorites” folder, and put them out on a network server, which is great if you want to back that sort of information up for disaster recovery.

Q: What’s the difference between this and a roaming / roving profile?

A: Folder redirection keeps information on a server and you access it remotely, Roaming profiles are designed to sync that information (and your WHOLE user profile) backwards and forwards to a network share as your users logon and log off.

Q: What folders can be redirected?

A: From Server 2008 onwards, and with Windows 7 clients and above, the following can be redirected.

  • AppData(Roaming)
  • Desktop
  • Start Menu
  • Documents
  • Pictures
  • Music
  • Videos
  • Favorites
  • Contacts
  • Downloads
  • Links
  • Searches
  • Saved Games

Solution

1. On a server create a folder to hold the redirected data, In this case you will notice I’ve called my share Redir$ (The dollar sign just means it’s a hidden share, and can’t be seen if people are network browsing).

Folder Redirection: Permissions for the Root Folder

2. Set the share permissions to Everyone: Full Control (Don’t worry we will secure it with NTFS permissions).

3. On the security tab of the folder click advanced.

4. For Server 2012 / 2016 you should see something like this;

For Server 2008 and older it should look more like this;

5. For server 2012 / 2016 Disable Inheritance and select ‘Convert’.

For 2008 and older, untick “Include Inheritable permissions from this objects parent” > At the warning click “Add”.

6. Select each User in turn (You will need to add the Everyone group) > Then Edit the permissions so that they are as follows.

  • CREATOR OWNER – Full Control (Apply onto: Subfolders and Files Only).
  • System – Full Control (Apply onto: This Folder, Subfolders and Files).
  • Domain Admins – Full Control (Apply onto: This Folder, Subfolders and Files).
  • Everyone – Traverse Folder/Execute File (Apply onto: This Folder Only).
  • Everyone – List Folder/Read Data (Apply onto: This Folder Only).
  • Everyone – Read Attributes (Apply onto: This Folder Only).
  • Everyone – Create Folder/Append Data (Apply onto: This Folder Only).

2012 / 2016

‘Show Advanced Permissions’

2008 and older.

7. Now REMOVE BOTH the entries for USERS > Apply  > OK.

7. On your domain controller open the Group Policy Management Console, (Under Administrative Tools) and either create a new USER policy of edit one that already linked to the users you want to enforce this policy upon.

8. I prefer to create a new policy and call it something sensible so if there’s a problem it’s easy to find in the future.

9. Navigate to:

[box]User Configuration > Policies > Windows Settings > Folder Redirection[/box]

Locate the folder you want to redirect (In this case its just the documents folder) > Right click > Properties.

10. I’m going to redirect all my users documents to the one folder I created earlier, so I will choose basic.

Note: You can choose “Advanced” and redirect different groups folders to different locations.

Enter the path to the root folder AS A UNC PATH, DONT click the browse button and browse to it.

11. I’m going to accept the defaults on the settings tab, the option I’ve highlighted creates the folders with exclusive rights on the folders for the user in question and SYSTEM, so the domain admin had no access (this is OK, it’s the same way user profiles work, you can still back them up).

12. Now as your users log on their folders will be redirected to the share you setup.

Backing up Redirected Folders

13. Even with exclusive rights you can still back this data up:

Related Articles, References, Credits, or External Links

Original Article written 22/06/11

Arcserve – Backup a ‘Mapped Drive / UNC Path”

KB ID 0001165 

Problem

It’s been such a long time since I touched any backup software, I setup Arcserve UDP this week for a  client to backup their servers to a NAS drive, then they wanted to back that data off to tape for an offsite backup.

I installed Arcserve no problem, it looks much the same as it did last time I used it. When I expanded the server-name only the local drives were shown, as I only had a basic licence adding the NAS drive was not an option.

Solution

A quick call to the boys in the data center who look after all our backups pointed me in the right direction. Instead of adding the mapped drive letter, you simply add the UNC path to the share as a “Preferred Shared/Machines” source.

Related Articles, References, Credits, or External Links

NA

Deploy the Trend Worry Free Business Client via Group Policy

KB ID 0000491

Problem

Trend Worry Free is a nice product, though to deploy the client software out to your machines, you need them to be switched on, have the firewalls off, and the remote registry service running. You can of course connect the clients to the web portal and install the client on a machine by machine basis, (default https://servername:4343), but if you are rolling out a lot of machines this can get tedious.

So you can either script the install or use Group Policies.

Solution

1. Firstly you need to create the install file, on the server that Worry Free is installed navigate to;

[box]

Worry Free Version 7

C:\Program Files (x86)\Trend Micro\Security Server\Admin Utility Client Packager

Worry Free Version 8

C:\Program Files (x86)\Trend Micro\Security Server\PCCSRV\Admin Utility ClientPackager\

[/box]

Locate the ClnPack.exe file and run it.

2. We want a setup package, select your platform, I want it to install silently and NOT to do a prescan. Save the output file somewhere you can find it and click “Create”.

3. Note: If have x64 bit clients that you are also going to deploy software to, you will need to repeat the process and create another package for x64 bit installations as well.

How to Tell if Windows is 32 or 64 bit

You can use a WMI filter to make sure the right policies apply to the right clients;

Using 32 and 64 Bit WMI Filters For Group Policy

4. After a while it should say it was successful, close down the client packager.

5. Create a network share and allow the “Everyone Group” read access to it, then copy the setup file you created above into this share.

6. On a domain controller, Start > Administrative tools > Group Policy Editor > Either edit an existing policy or create a new one. (Remember it’s a computer policy you need to link it to something with computers in it, if you link it to a users OU nothing will happen).

Navigate to:

[box] Computer Configuration > Policies > Software installation [/box]

And create a new package.

7. Browse to the UNC path of the setup file DO NOT browse to the local drive letter!

8. Set as “Assigned” > OK.

9. Make Sure: That if you have x64 bit clients, you open the advanced properties of this package, and remove the option to deploy this software to x64 bit clients.

10. Repeat the process for the x64 bit client if you also have x64 bit machines.

11. Close the policy and group policy editor window.

12.  Then either reboot the clients, wait a couple of hours, or manually run “gpupdate /force” on them.

Related Articles, References, Credits, or External Links

Original article written 11/08/11

Migrate Exchange 2010 to Exchange 2016 (& 2013)

Part 3

Migrating Certificates and Decommissioning Exchange 2010

KB ID 0000816

Problem

Continued from Migration From Exchange 2010 to Exchange 2016 Part 2

Solution

Exchange 2013/2016 Migration Step 8 Migrating Certificates from 2010 to 2016

Only consider doing this if you have a purchased (i.e. NOT using a self signed) certificate on your Exchange 2010 server. Bear in mind if you have the internal FQDN of your Exchange 2010 server as a SAN (Subject Alternative Name), then you cannot renew the certificate if it lasts longer than November 2013, so you might want to purchase a new one anyway.

Also make sure the public name of the server resolves to the public IP of the new server (or you change the port forwarding for HTTPS traffic to point to the new server).

1. On the Exchange 2010 Server > Launch the Exchange Management Console > Server Configuration > Select the certificate > Export Exchange Certificate.

2. Select a location to save the exported cert > supply a password > Next.

3. Finish.

4. On the Exchange 2013/2016 Server > Launch the Exchange Admin Center > Servers > Certificates > Select the ‘more options’ icon > Import Exchange Certificate.

5. Put in the path to where you saved the exported cert, and the password you used > Next.

6. Add in the Exchange 2016 Server > Finish.

7. Select the new certificate > Edit > Services > Select the service for which you want to use the certificate. Note: I don’t have Unified Messaging so I’m selecting all the other options > Save.

8. Answer ‘Yes’ to replace the self signed certificate that Exchange 2016 installs by default.

9. You can then open Outlook Web Access and give it a test (Remember to change the DNS records so that the Common Name on the certificate points to the new Exchange 2016 server).

Exchange 2013/2016 Migration Step 9 Decommissioning Exchange 2010

Before doing this: Have a quick common sense check!

  • Do you need to migrate any Transport rules? (For Exchange Disclaimers etc).
  • Do you need to change any Journaling settings for your third party Email Archive solutions etc.
  • Do you need to replicate ant receive connectors from the old email server to  the new one? (For Scanners, Photocopiers, SharePoint, SQL Mail, SAP, etc).

1. Before we can retire the old server we need to remove its databases, even though we have moved all the user mailboxes, If you try and delete the database it will complain that’s its not empty. This is because it will have either Archive or Arbitration mailboxes in it. To see, execute the following commands;

[box]

Get-Mailbox -Archive
Get-Mailbox -Arbitration

OR, If you have multiple source databases use the following syntax,

Get-Mailbox -Archive  | fl name,database
Get-Mailbox -Arbitration  | fl name,database

[/box]

As you can see (in the diagram below) I have Arbitration mailboxes left in the old Exchange 2010 database, to move them use the following command, Note: Execute this command from the Exchange 2013 Server!

[box] Get-Mailbox -Database “Mailbox-Database” -Arbitration | New-MoveRequest -TargetDatabase “Mailbox-Database-2016“[/box]

Obviously if you have archive mailboxes use the same command, but substitute archive for arbitration.

Note: Update 04/11/13 (Credit to Jeroen Bonenberg)

You may also have a Discovery Search Mailbox that will need migrating. To do so, use the following syntax.

[box]New-MoveRequest DiscoverySearchMailbox* -TargetDatabase “Mailbox-Database-2013[/box]

2. Wait a while and then check that they have moved. Note: You can check status with ‘Get-MoveRequest’.

3. In the Exchange Management Console > Organization Configuration > Mailbox > Database Management > Select the mailbox database > right click > Dismount Database.

4. Now Remove the database > Yes.

5. OK.

6. Offline Address Book Tab > Default Offline Address Book > Remove > Yes.

Note: If this OAB is still in use you will NOT be able to remove it, Go to the Address Book Policies tab > Change the default OAB from the 2010 one to the 2013 one.

7. If you try and remove the public folder database it will complain that it contains replicas, which you cant remove. The easiest way I’ve found to remove it is as follows. Dismount the public folder database.

8. Then delete (or move if you are paranoid) the database file (.edb file) and the logs for this database.

9. Then mount the database > Yes to all > It will mount a blank empty database.

10. You can now delete the database without error.

11. OK.

12. Close Exchange System Manager > Start > In the search/run box >appwiz.cpl {Enter} > Locate Microsoft Exchange Server 2010 > Uninstall.

13. Next.

14. Untick all the installed roles > Untick Management tools > Next.

15. Uninstall.

16. Finish.

Exchange 2013/2016 Migration Step 9 ‘Finish Up’

Remember if you are keeping this server, you might want to delete all the database files which get left behind. You will also want to change your backup software so that it is pointing to the new mailboxes/databases.

Related Articles, References, Credits, or External Links

Thanks to Shawn Welker for the Arbitration/Archive feedback
Thanks to leandro.chiesa for the OAB feedback

 

Exchange: Importing Mail From PST Files (including Bulk Importing)

KB ID 0000443

Problem

If you have mail in .PST file format that you would like to import, either exported via ExMerge from an older Exchange server, or Exported via Outlook, or even exported via PowerShell, then the process for importing that mail into Exchange has been the same since Exchange 2010 (SP1).

Before SP1 you would have to install a copy of Outlook on the Exchange server and use a PowerShell command that looks like this (once you had granted Import/Export rights);

[box]

BEFORE Exchange 2010 SP1

Get-Mailbox | Import-Mailbox –PSTFolderPath C:Folder_Containing_PST_Files

[/box]

 

However try that after SP1 and you will get an error message, saying that Import-Mailbox is not a commandlet. That’s because now you no longer use this command you use “New-MailboxImportRequest”, and you also no longer need Outlook installing on the server.

How To Import PST Files

Note: To Bulk Import (See Below)

Firstly make sure the folder you are importing from is shared and the ‘Exchange Trusted Subsystem’ has read permissions, and SYSTEM has full control.

Grant the user you you want to Import the PST file with the appropriate permissions;

[box]New-ManagementRoleAssignment –Role “Mailbox Import Export” –User {username}[/box]

Note: This grants import and export rights, if you want to grant these permissions to a ‘group’ then see instructions below.

To submit the import request;

[box]New-MailboxImportRequest-FilePath \\{server-name}\{folder-name}\{filename}.pst -Mailbox “{mailbox-user}”[/box]

To check progress;

[box]Get-MailboxImportRequest
OR
Get-MailboxImportRequest | Get-MailboxImportRequestStatistics[/box]

If Mailbox Importing Fails

To troubleshoot failures, try using the following command and analysing the output;

[box]Get-MailboxImportRequest | Get-MailboxImportRequestStatistics -IncludeReport | fl [/box]

i.e. below you can see the problem was;

“This mailbox exceeded the maximum number of large items that were specified for this request. (Fatal error TooManyLargeItemsPermanentException has occurred.)”

To fix that error you can use the ‘-LargeItemLimit 200 -AcceptLargeDataLoss’ flags (which sounds alarming, but I have not seen it break anything in the last ten years).

Importing PST Files From the Exchange Admin Center

You can import PST files directly in the management GUI > Recipients > Mailboxes > Select the target mailbox > {Ellipses} > Import PST.

Enter the path to the .PST file > Next.

Select the target mailbox > Next.

Optional: Select a user to be emailed an export report.

Note: To view progress and troubleshoot failures, you will have to revert to PowerShell.

How To BULK Import .PST Files

Note: To BULK Import successfully, the .PST file MUST have the same name as the alias of the target mailbox.

Commands Required

1. Once you have created a “Universal Security Group” in this example called “Mailbox_Import” then assign the mailbox import/export roles with the following command;

[box] New-ManagementRoleAssignment –Name “MailboxImportExport” –SecurityGroup “Mailbox_Import” –Role “Mailbox Import Export” [/box]

Note: If you create a ‘global security group’ you will see an error when you try to import.

2. Remember to log off and back on as the user in question before proceeding.

3. To Start the bulk import use the following command, (all you should need to change is the UNC path to the folder with the .pst files in);

[box] Dir DC2APST_To_Import*.pst | %{ New-MailboxImportRequest -Name BulkPSTImport -BatchName Recovered -Mailbox $_.BaseName -FilePath $_.FullName} [/box]

4. Check on progress with the following four commands;

[box]

Get-MailboxImportRequest -Status Completed
Get-MailboxImportRequest -Status Queued
Get-MailboxImportRequest -Status InProgress
Get-MailboxImportRequest -Status Failed

[/box]

5. When finished, flush the requests with;

[box]

Get-MailboxImportRequest -Status Completed | Remove-MailboxImportRequest
Get-MailboxImportRequest -Status Failed | Remove-MailboxImportRequest

[/box]

Note: Enter “A” To accept multiple removes at once.

If New-MailboxImportRequest Fails

Firstly you need to find out why it failed, to do that you need to generate an error log.

[box] Get-MailboxImportRequest | Get-MailboxImportRequestStatistics -IncludeReport | fl >errorlog.txt[/box]

Then open that log file, to see what it says.

Common Errors

FailureType : TooManyBadItemsPermanentException Message : Error: This mailbox exceeded the maximum number of corrupted items that were specified for this move request.

This happens when it sees items in the mailbox it does not like, or considers corrupt. To get round this problem, import the .pst file on its own with the following command;

[box] New-MailboxImportRequest -Mailbox joe.soap -FilePath “DC2APST_TO_IMPORTjoe.soap.PST” -BadItemLimit 200 -AcceptLargeDataLoss[/box]

FailureType : MapiExceptionShutoffQuotaExceeded Message : Error: MapiExceptionShutoffQuotaExceeded: Unable to save changes. (hr=0x80004005, ec=12 45)

This happens if you have a limit on the mailbox size, and to import from this PST file would break that restriction.

FailureType : MailboxReplicationPermanentException Message : Error: serverfolderfilename.pst –> Page map offset {number} is greater than buffer length {number}.

This happens because you exported a PST file either using ExMerge or an older version of Outlook and it’s too big. Make sure it’s well under 2GB.

Additionally

If you want to import the “Old” mail into a folder within the target users mailbox, you can use the following command instead of the one in step 3;

[box] Dir DC2APST_To_Import*.pst | %{ New-MailboxImportRequest -Name RecoveredPST -BatchName Recovered -Mailbox $_.BaseName -FilePath $_.FullName -TargetRootFolder Imported_Mail} [/box]

Related Articles, References, Credits, or External Links

Exchange Exporting Mailboxes to PST Files

Exchange 2000/2003 Exporting mailbox’s with ExMerge

Exchange 2007 – Export Mailbox’s to PST files