Exchange Throttlling Policy Part 2 Google Apps Migrations

Exchange 2007 introduced a feature called RPC Client Throttling to allow administrators to manage end-user performance by preventing client applications, such as Outlook for example, from sending too many Remote Procedure Call [RPC] requests per second to Exchange, causing the server to suffer in terms of performance. When Exchange determines that a client is having a negative effect on the server, it will send a “back-off” request to the client telling it to delay sending any additional requests for a specified time (maximum of 2000 milliseconds) in order to reduce the performance effect on the server.

In Exchange 2010, Client Throttling has been much improved, monitoring and controlling much more than just RPC requests. Its purpose is still to ensure that users are not intentionally or unintentionally straining Exchange and that users share resources proportionally.

There is also Message Throttling in Exchange that restricts the number of messages and the number of connections that can be processed by an Exchange Transport server. In this article we will be talking only about Client Throttling.

Skärmavbild 2013-08-17 kl. 20.24.10

Exchange 2010 server supports client request throttling. This can limit the performance of
GAMME migrations when performing a large number of user migrations. To mitigate this, you
can configure a specific policy to the GAMME Administrator account that exempts it from
throttling.
Follow these steps to create and apply a custom throttling policy.
On the Microsoft Exchange Server, click Start > Microsoft Exchange Server 2010 > Exchange
Management Shell.
In the shell, enter the following:
New-ThrottlingPolicy GAMME -RCAMaxConcurrency $null -RCAPercentTimeInAD $null –RCAPercentTimeInCAS $null -RCAPercentTimeInMailboxRPC $null

Set-Mailbox “GAMME_Admin” -ThrottlingPolicy GAMME

Migrating from Exchange 2010 to Google Apps Throttling settings

Exchange 2010 server supports client request throttling. This can limit the performance of
GAMME migrations when performing a large number of user migrations.

To mitigate this, you
can configure a specific policy to the GAMME Administrator account that exempts it from
throttling.

THROETE
Follow these steps to create and apply a custom throttling policy.
On the Microsoft Exchange Server, click Start > Microsoft Exchange Server 2010 > Exchange
Management Shell.
In the shell, enter the following:

New-ThrottlingPolicy GAMME -RCAMaxConcurrency $null -RCAPercentTimeInAD $null –
RCAPercentTimeInCAS $null -RCAPercentTimeInMailboxRPC $null
Type Set-Mailbox “GAMME_Admin” -ThrottlingPolicy GAMME

Set-ThrottlingPolicy –identity “name of your policy” –EWSFindCountLimit 1500

Powershell for Google Apps Migration, good scripts to use

Ok it’s been a long time since i posted something, recently i have been working with migrating from Windows to Google Apps, but that dosen’t mean you won’t be able to use your MS skills 😉

Here is a couple of good powershell script’s i have been forced to use:

Create mailadresses on AD users,

To be able to sync and migrate users to Google Apps you need to provide them with a emailaddress, since that will be their uniqe user ID in GA:

Get-ADUser -LdapFilter '(!mail=*)' -Properties givenName,sn | group {"{0}.{1}@Acme.com" -f $_.givenName,$_.sn} | Foreach { $i = 1 foreach($user in $_.Group) { if($i -eq 1) { $mail = "{0}.{1}@Acme.com" -f $user.givenName,$user.sn } else { $mail = "{0}.{1}{2}@Acme.com" -f $user.givenName,$user.sn,("$i".PadLeft(3,"0")) } $i++ Set-ADUser -Identity $user -EmailAddress $mail.replace(" ","") }
}

Create mailadresses on AD users (but on a certain group):

This is usefull if you are going to migrae a few users to GA and not the whole AD… This script takes the FIrstname and Secondame and fixes if it’s a dobulename, and also if their are more than one user called the same name, it adds 001,002,003 🙂

Get-ADGroupMember -Identity "grupp" | get-aduser -Properties givenname,sn,mail | ?{$_.mail -match '^$'} | group {"{0}.{1}@Acme.com" -f $_.givenName,$_.sn} | Foreach { $i = 1 foreach($user in $_.Group) { if($i -eq 1) { $mail = "{0}.{1}@Acme.com" -f $user.givenName,$user.sn } else { $mail = "{0}.{1}{2}@Acme.com" -f $user.givenName,$user.sn,("$i".PadLeft(3,"0")) } $i++ Set-ADUser -Identity $user -EmailAddress $mail.replace(" ","") } }

Create Mailadresses by the Samaccountname

Some users, you migt wan’t to use theier samaccountname and not their firstname,SN so here is what you type then, and remember this applys to a group aswell:

Get-ADGroupMember -Identity "grupp" | Get-ADUser -Properties samaccountname | Foreach { Set-ADUser -Identity $_ -EmailAddress ("{0}@Acme.com" -f $_.samaccountname}

Find users that do not have a mailadress

This could be good to use, it tells you if any user in your AD does not have anything in the Mail attribute:

Get-ADUser -Filter *  -Properties EmailAddress  | where { $_.EmailAddress -eq  $null }  | sort  | Select Name,EmailAddress

Find users that DO have mailadress attribute

And here is one that tells you the users that do have something in the mail attribute, could be good to use, so you see that no users have a bad mailadress:

Get-ADUser -Filter *  -Properties EmailAddress  | where { $_.EmailAddress -ne  $null }  | sort  | Select Name,EmailAddress

Set random password on AD user 

In many cases when migrating to GA, you will bump in to organisations that have more than 1 AD/domain. If so you should use LDFIDE to export and import users to 1 AD since GADS (google apps directory sync) do only sync from 1 AD. And when you use LDFIDE it does not migrate the users password so here is a good PS script to generate a random password and print it to a CSV file:

Import-Module ActiveDirectory

# Set vars
$WorkingOU = "OU=USERS,OU=MyLAB4,DC=demo,DC=local"
$WorkingFile = "C:\Temp\UserPasswords.txt"
$PassordLength = "12"

# Cleaning up
Clear-Content $WorkingFile -ErrorAction SilentlyContinue

$Users = (Get-ADUser -SearchBase $WorkingOU -Filter *).SamAccountName
ForEach ($User in $Users){
function RandomPassword
{
param (
         [int]$length,
         [string]$pattern # optional
)
$pattern_class = @("T", "O", "F", "S")
$charpool = @{
         "T" = "abcdefghjkmnopqrstuvwxyz";
         "O" = "ABCDEFGHJKLMNOPQRSTUVWXYZ";
         "F" = "123456789";
         "S" = "!@#%&"
}
$rnd = New-Object System.Random
Start-Sleep -milliseconds $rnd.Next(500)
if (!$pattern -or $pattern.length -lt $length) {

         if (!$pattern)
         {
                 $pattern = ""
                 $start = 0
         } else {
                 $start = $pattern.length - 1
         }
         for ($i=$start; $i -lt $length; $i++)
         {
                 $pattern += $pattern_class[$rnd.Next($pattern_class.length)]
         }
         }
         $password = ""
         for ($i=0; $i -lt $length; $i++)
                 {
         $wpool = $charpool[[string]$pattern[$i]]       
         $password += $wpool[$rnd.Next($wpool.length)]
         }                      
         return $password
}
do {
$UserPasswordPlainText = RandomPassword -length $PassordLength
} until ( $UserPasswordPlainText -match '\d' -and
                         $UserPasswordPlainText -match '[a-z]' -and
                         $UserPasswordPlainText -match '[A-Z]' -and
                         $UserPasswordPlainText -match '\W' )

$NewUserPassword = ConvertTo-SecureString $UserPasswordPlainText -AsPlainText –Force
Set-ADAccountPassword -Identity $User -NewPassword $NewUserPassword -Reset
Add-Content -Path $WorkingFile -Value "$User;$UserPasswordPlainText" -Force
# Debug
#Write-Host "User $User password was set to $UserPasswordPlainText"
}