Monday, December 29, 2014

hidden membership Group Exchange

Managing Distribution Groups with hidden membership (when hideDLMembership is true)

There are situations in messaging environments where we want to manage distribution groups through Outlook client and want to ensure that its membership is visible to none but the distribution group owner. In legacy versions of Exchange it was quite straight forward, but Exchange 2010 presents little complexity that can be easily overcome by following a workaround.
To recapitulate, how it’s done and what the final result looks like in legacy versions of Exchange, I am documenting the steps below. Post that we’ll see what’s the change in Exchange 2010 and how to deal with it.
It will be easier to convey and absorb the concept with an example, so let’s consider following scenario.

Exchange Server 2003
There is a team of IT experts with members – Antony Edwards, Brendon Frank, Charles Gomes, Douglas Huston and Sherlock Irwin.
Now, the requirement is that there should be a distribution group for the team, with Sherlock as the owner, and the group membership should be visible to only him.
So, the IT Admin performs the following steps.
  1. Creates a distribution group Subject Matter Experts. [ Group type: (Security), Scope: (Global)]
 

 

  1. On the Managed by tab of the Group properties page, makes the following modification.


The above two steps are performed in Active Directory Users and Computers console on Exchange Server 2003.
Now, we’ll create Outlook 2010 profile in Exchange Online mode for Sherlock and Charles. Just to see how it appears.





Since the objective is to ensure that the membership is visible only to the owner, we set the attribute hideDLMembership through ADSIedit.msc tool to TRUE from - the default.


Now, both Sherlock & Charles close their Outlook client and re-launch it. The distribution group membership page appears as below in their Outlook profiles.



So, we have achieved the desired. The distribution group owner can see the membership information, but distribution group members can’t.
On an existing message, the distribution group owner will be able to expand the distribution group and will be able to see membership, but member will receive following error.


Now, this is all from client perspective.
From the Server end as well, the membership will appear blank.

Now, what if Sherlock wants to add a new member? Will he be able to do so?
The following error pops up.
Changes to the public group membership cannot be saved. You do not have sufficient permission to perform this operation on this object. 


To make it work, we need to set the check box “Manager can update membership list”.

As you’ll notice, it’s grayed out. Reason – the hideDLMembership attribute is set to TRUE.
We need to set it to in ADSIedit, then select the check box here in Active Directory Users & Computers, and again set the value for the hideDLMembership attribute to TRUE.
Now, the distribution group owner can modify membership from Outlook 2010 client.

Exchange Server 2007
The process remains exactly same for users with mailbox on Exchange 2007. Only exception – the mailbox and distribution is group is created through Exchange Management Console.
Exchange Server 2010
With Exchange Server 2010, things change a little bit. Two aspects that need to be considered - RBAC & Address Book Service.
Let's go by an example.
We have mailbox-enabled users Jeff Oscar , Kevin Pascal, Laura Qunitero, Mike Ruth and Noel Swan on Exchange Server 2010.
We have a distribution group - Escalation Services, Noel Swan being the distribution group owner.





If the distribution group owner has mailbox on Exchange 2010, then even he can’t see the membership details, if hideDLMembership attribute is set to TRUE.
It’s something like below.



In addition, if the owner attempts to modify the membership of the distribution group through Outlook, following message pops up (even though the check box “Manager can update membership list” is selected).



So, for both issues the reason(s) there are couple of different workaround(s).
In Exchange 2010, with the introduction of RBAC, we have to perform some additional steps to ensure that the owner can modify the membership (even with the check box “Manager can update membership list” selected.).
The steps are documented in KB 982349Changes to the distribution list membership cannot be saved" error message when you try to remove members from an Exchange Server 2010 distribution list
Solution 1: If you just want to enable the owner to modify the distribution group membership (with membership hidden for owner as well), then just run following commands - (i) to create a new role group, (ii) add Noels as member, (iii) and verify the membership.
[PS] C:\>New-RoleGroup DistributionGroupManagement -Roles "Distribution Groups"
Name
----
DistributionGroupManagement
[PS] C:\>Add-RoleGroupMember DistributionGroupManagement -Member Noels
[PS] C:\>Get-RoleGroupMember DistributionGroupManagement
Name
----
Noel Swan

Now, the distribution group membership can be modified by the owner via Outlook client (obviously only additions, as s/he can't see the membership).
Solution 2: If you want to enable the owner (a) to view distribution group membership (b) to modify distribution group membership through Outlook client, then just hard code the Outlook client to talk to closest GC, by following the KB 319206How to configure Outlook to a specific global catalog server or to the closest global catalog server”.
HKEY_CURRENT_USER\Software\Microsoft\Exchange\Exchange Provider
On the Edit menu, click Add Value, and then add the following registry value:
Value name: DS Server
Data type: REG_SZ (string)
Value data: FQDN of the global catalog server

And, one more interesting aspect that I would like to mention.
If, following conditions are true..
  1. The check box for "Manager can update membership list" in Active Directory Users and Computers is not selected on the Distribution Group property.
  2. Distribution Group owner has been provided appropriate RoleGroupMembership [ RBAC "Distribution Groups"].
[ These will be the most likely situations when the distribution group and distribution group owner are created via Exchange Management Console in Exchange Server 2010 environments.]
Then, the result as observed by Distribution Group owner via Outlook client will be as follows.
  1. Without "DS Server" registry key  --
    a. Will not be able to see membership in Outlook client.
    b. But will be able to add members to the distribution group via Outlook client
  2. With the "DS Server" registry key --
    a. Will be able to see membership in Outlook client.
    b. But will not be able to remove/add members to the distribution group via Outlook client.

    Sumber : http://blogs.technet.com/b/kamleshk/archive/2012/02/01/managing-distribution-groups-with-un-hidden-membership.aspx

Monday, October 13, 2014

Cara Install AD

Install AD


Setting DHCP


cara buat lookup zone ( dns )




Install Exchange




 

How to renew UCC ssl cert for exchange 2010


The mystery has been solved!  Most of all my friends that work with exchange server ssl certificates have asked the question, ” how do we renew our ssl certs?”, given the new feature of renewing your cert with in the gui of emc.  Well Microsoft has given the feature to us but no one knows how to use it.  I will reveal the procedure so it will make life much easier and quicker for those that are trying to renew and not have to go through recreating the cert.  And, for all that are using Exchange 2007 – here is a tool that will help to assist you,.here

Step 1:
Existing ssl cert in the emc – click on the server configuration
how to renew your exchange server SSL certificate
down under exchange certificates you will click on the cert that needs to be renewed.  Once clicked – click on the renew certificate to the right.

Run through the wizard and save the reg file where you can find it…I typically create a dir called ssl_cert and then name the files by date or renewal.  Remember this will create a “reg” file not your typical csr or anything else.  You won’t need to open this file either.  Just upload it to the converter site and it will take care of it for you.
This is were most don’t know what to do with this file as it is encrypted different than what most CA will except.  We have to convert it so that the CA will issue the cert based off the base64 standard.
Go to this website or your favorite base64 converter site. http://www.motobit.com/util/base64-decoder-encoder.asp
You will now upload your file and convert it.
how to renew server ssl cert
now we need to put it in the format that will be accepted
open up notepad and paste this in first

Link to an example csr file
—–BEGIN CERTIFICATE—–
(base64 code goes here – make sure not to have this text in here)
—–END CERTIFICATE—–
once done copy and paste your base64 code in between the the statement above
should look something like this:
—–BEGIN CERTIFICATE—–
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfdsfdsfsfdsfsfsdfdsfsfssahSQxKL
42KXllYadfadfafafafafaafaadfafafasfasfsafsfdsfds
—–END CERTIFICATE—–

You will copy and paste your cert request from notepad and then submit it to your CA for approval.  Most CA will allow you to renew your existing cert but you have to go the request process again, just won’t have to go through the request process on the exchange server again.
After submitting in and approving it CA will send notification about your new ssl cert renewal.  Download the cert and click on the complete appending certificate.  Find your cer or crt file and click next in th wizard.  Once exchange and imported this new cert you will need to remove the old one and assign services to the cert i.e. smtp, imap, POP etc.
That is it.  Have fun configuring exchange and see you on the next cool thing about exchange.

Request in AD

 

 

Finish




sumber : http://www.configureexchange.com/how-to-renew-ucc-ssl-cert-for-exchange-2010/

Download Kalender 2021 Masehi / 1442 Hijriyah

Sumber artikel :  https://pintardesain.com/download-kalender-2021/ Download Kalender 2021 Masehi / 1442 Hijriyah File CorelDraw. Lengkap 12 ...