Going Google

Advertisements

Exchange Throttlling Policy Part 2 Google Apps Migrations

Exchange 2007 introduced a feature called RPC Client Throttling to allow administrators to manage end-user performance by preventing client applications, such as Outlook for example, from sending too many Remote Procedure Call [RPC] requests per second to Exchange, causing the server to suffer in terms of performance. When Exchange determines that a client is having a negative effect on the server, it will send a “back-off” request to the client telling it to delay sending any additional requests for a specified time (maximum of 2000 milliseconds) in order to reduce the performance effect on the server.

In Exchange 2010, Client Throttling has been much improved, monitoring and controlling much more than just RPC requests. Its purpose is still to ensure that users are not intentionally or unintentionally straining Exchange and that users share resources proportionally.

There is also Message Throttling in Exchange that restricts the number of messages and the number of connections that can be processed by an Exchange Transport server. In this article we will be talking only about Client Throttling.

Skärmavbild 2013-08-17 kl. 20.24.10

Exchange 2010 server supports client request throttling. This can limit the performance of
GAMME migrations when performing a large number of user migrations. To mitigate this, you
can configure a specific policy to the GAMME Administrator account that exempts it from
throttling.
Follow these steps to create and apply a custom throttling policy.
On the Microsoft Exchange Server, click Start > Microsoft Exchange Server 2010 > Exchange
Management Shell.
In the shell, enter the following:
New-ThrottlingPolicy GAMME -RCAMaxConcurrency $null -RCAPercentTimeInAD $null –RCAPercentTimeInCAS $null -RCAPercentTimeInMailboxRPC $null

Set-Mailbox “GAMME_Admin” -ThrottlingPolicy GAMME

Google Apps Deployment Specialist – Passed the Exam!

Today i passed my Certification Exam. The Google Apps Certified Deployment Specialist exam certifies IT professionals who demonstrate the fundamental skills and knowledge required to deploy, configure, and migrate to Google Apps for Business and Education. It feels great and i must say it was tough, i studied hard. But i made it and i’m very glad that i put in those hours of studying, it was worth the effort!CERT GOOGLE
Happy guy  in colocation
Karl Wirén

Karl Wirén Google Apps Deployment Specialist in SWEDENsverige-flagga-ikon-72

Migrating from Exchange 2010 to Google Apps Throttling settings

Exchange 2010 server supports client request throttling. This can limit the performance of
GAMME migrations when performing a large number of user migrations.

To mitigate this, you
can configure a specific policy to the GAMME Administrator account that exempts it from
throttling.

THROETE
Follow these steps to create and apply a custom throttling policy.
On the Microsoft Exchange Server, click Start > Microsoft Exchange Server 2010 > Exchange
Management Shell.
In the shell, enter the following:

New-ThrottlingPolicy GAMME -RCAMaxConcurrency $null -RCAPercentTimeInAD $null –
RCAPercentTimeInCAS $null -RCAPercentTimeInMailboxRPC $null
Type Set-Mailbox “GAMME_Admin” -ThrottlingPolicy GAMME

Set-ThrottlingPolicy –identity “name of your policy” –EWSFindCountLimit 1500

Powershell for Google Apps Migration, good scripts to use

Ok it’s been a long time since i posted something, recently i have been working with migrating from Windows to Google Apps, but that dosen’t mean you won’t be able to use your MS skills 😉

Here is a couple of good powershell script’s i have been forced to use:

Create mailadresses on AD users,

To be able to sync and migrate users to Google Apps you need to provide them with a emailaddress, since that will be their uniqe user ID in GA:

Get-ADUser -LdapFilter '(!mail=*)' -Properties givenName,sn | group {"{0}.{1}@Acme.com" -f $_.givenName,$_.sn} | Foreach { $i = 1 foreach($user in $_.Group) { if($i -eq 1) { $mail = "{0}.{1}@Acme.com" -f $user.givenName,$user.sn } else { $mail = "{0}.{1}{2}@Acme.com" -f $user.givenName,$user.sn,("$i".PadLeft(3,"0")) } $i++ Set-ADUser -Identity $user -EmailAddress $mail.replace(" ","") }
}

Create mailadresses on AD users (but on a certain group):

This is usefull if you are going to migrae a few users to GA and not the whole AD… This script takes the FIrstname and Secondame and fixes if it’s a dobulename, and also if their are more than one user called the same name, it adds 001,002,003 🙂

Get-ADGroupMember -Identity "grupp" | get-aduser -Properties givenname,sn,mail | ?{$_.mail -match '^$'} | group {"{0}.{1}@Acme.com" -f $_.givenName,$_.sn} | Foreach { $i = 1 foreach($user in $_.Group) { if($i -eq 1) { $mail = "{0}.{1}@Acme.com" -f $user.givenName,$user.sn } else { $mail = "{0}.{1}{2}@Acme.com" -f $user.givenName,$user.sn,("$i".PadLeft(3,"0")) } $i++ Set-ADUser -Identity $user -EmailAddress $mail.replace(" ","") } }

Create Mailadresses by the Samaccountname

Some users, you migt wan’t to use theier samaccountname and not their firstname,SN so here is what you type then, and remember this applys to a group aswell:

Get-ADGroupMember -Identity "grupp" | Get-ADUser -Properties samaccountname | Foreach { Set-ADUser -Identity $_ -EmailAddress ("{0}@Acme.com" -f $_.samaccountname}

Find users that do not have a mailadress

This could be good to use, it tells you if any user in your AD does not have anything in the Mail attribute:

Get-ADUser -Filter *  -Properties EmailAddress  | where { $_.EmailAddress -eq  $null }  | sort  | Select Name,EmailAddress

Find users that DO have mailadress attribute

And here is one that tells you the users that do have something in the mail attribute, could be good to use, so you see that no users have a bad mailadress:

Get-ADUser -Filter *  -Properties EmailAddress  | where { $_.EmailAddress -ne  $null }  | sort  | Select Name,EmailAddress

Set random password on AD user 

In many cases when migrating to GA, you will bump in to organisations that have more than 1 AD/domain. If so you should use LDFIDE to export and import users to 1 AD since GADS (google apps directory sync) do only sync from 1 AD. And when you use LDFIDE it does not migrate the users password so here is a good PS script to generate a random password and print it to a CSV file:

Import-Module ActiveDirectory

# Set vars
$WorkingOU = "OU=USERS,OU=MyLAB4,DC=demo,DC=local"
$WorkingFile = "C:\Temp\UserPasswords.txt"
$PassordLength = "12"

# Cleaning up
Clear-Content $WorkingFile -ErrorAction SilentlyContinue

$Users = (Get-ADUser -SearchBase $WorkingOU -Filter *).SamAccountName
ForEach ($User in $Users){
function RandomPassword
{
param (
         [int]$length,
         [string]$pattern # optional
)
$pattern_class = @("T", "O", "F", "S")
$charpool = @{
         "T" = "abcdefghjkmnopqrstuvwxyz";
         "O" = "ABCDEFGHJKLMNOPQRSTUVWXYZ";
         "F" = "123456789";
         "S" = "!@#%&"
}
$rnd = New-Object System.Random
Start-Sleep -milliseconds $rnd.Next(500)
if (!$pattern -or $pattern.length -lt $length) {

         if (!$pattern)
         {
                 $pattern = ""
                 $start = 0
         } else {
                 $start = $pattern.length - 1
         }
         for ($i=$start; $i -lt $length; $i++)
         {
                 $pattern += $pattern_class[$rnd.Next($pattern_class.length)]
         }
         }
         $password = ""
         for ($i=0; $i -lt $length; $i++)
                 {
         $wpool = $charpool[[string]$pattern[$i]]       
         $password += $wpool[$rnd.Next($wpool.length)]
         }                      
         return $password
}
do {
$UserPasswordPlainText = RandomPassword -length $PassordLength
} until ( $UserPasswordPlainText -match '\d' -and
                         $UserPasswordPlainText -match '[a-z]' -and
                         $UserPasswordPlainText -match '[A-Z]' -and
                         $UserPasswordPlainText -match '\W' )

$NewUserPassword = ConvertTo-SecureString $UserPasswordPlainText -AsPlainText –Force
Set-ADAccountPassword -Identity $User -NewPassword $NewUserPassword -Reset
Add-Content -Path $WorkingFile -Value "$User;$UserPasswordPlainText" -Force
# Debug
#Write-Host "User $User password was set to $UserPasswordPlainText"
}

 

Protection agent cannot be installed on machine where dpm is installed DPM 2012 SP1 Agent Error

When you install/update your DPM 2012 protection agent from pre SP1 or SP1 to SP1 RU1 through DPM console it’s fairly easy. You just have to click on Update available in Management/Agent tab and the job is done. 

Sometimes (Firewall, incompatible version, etc.) DPM agent cannot be updated from DPM console and you need to proceed manually.
When you try to do manual install/update, it’s a little bit more tricky 🙂 Because there are two DPM “agent” folders in DPM directory structure:
..\DPM\ProtectionAgents\RA\4.1.3313.0\… => Which contains agent SP1 RTM
..\DPM\agents\RA\4.1.3322.0\… => Which contains agent upgrade for SP1 RU1
To manually install/Update DPM agent to DPM 2012 SP1 RU1 you have to: 

  1. Uninstall old agent from control panel
  2. Manually install agent SP1 RTM – 4.1.3313.0
  3. Manually apply upgrade SP1 RU1 – 4.1.3322.0

# Install/upgrade process could be done with a sample Dos script:

Net use U: \\DPMName\c$
Cd /d “U:\Program Files\Microsoft System Center 2012\DPM\DPM\ProtectionAgents\RA\4.1.3313.0\amd64″
DPMAgentInstaller_x64 /q /IAcceptEULA
:: Let enough time for install 
ping 127.0.0.1 -n 240
Cd /d “U:\Program Files\Microsoft System Center 2012\DPM\DPM\agents\RA\4.1.3322.0\amd64\1033″
DPMAgentInstaller_KB2791508_AMD64 /q
:: Let enough time for install
ping 127.0.0.1 -n 240

:: in case of new installation, just remember to attach your new protected server to your DPM Server.
cd /d “C:\Program Files\Microsoft Data Protection Manager\DPM\bin”
setdpmserver.exe -dpmservername DPMName
Net use U: /delete

 

 

http://yetanotherdpmblog.blogspot.fr/

SCOM2012: OpsMgr 2012 fails to launch due to SDK service not running

I bumped in to this error today when i was about to launch my new OpsMgr12 Installation:

 

So what could be the reasons for this kind of error?

1. Check firewall settings so that nothing is preventing the connection betwen the target machine.

2. If that’s not the problem, then check if these to services are running  “System Center Data Access (OMSDK)” if not try to start it manual. Also check if OpsMgr VSS Writer” Service is running. If not, start it.

3. Check SQL account’s so that everything is ok.

 

Error: the data access service is either not running or not yet initialized