Thursday, December 8, 2011

New Scripts in Exchange 2010 SP2

As with most Microsoft Exchange Service Packs and some Update Rollups, Exchange Server SP2 introduces five new scripts that are useful to manage and monitor your Exchange organization. 

All the canned Exchange scripts are located in the %ExchangeInstallPath%\Scripts folder (normally, C:\Program Files\Microsoft\Exchange Server\V14\Scripts).  You can easily change to this folder within the Exchange Management Shell (EMS) using the command cd $exscripts.  It looks dirty, but it's not.  :)

The five new(ish) Exchange Service Pack 2 scripts are:

  • ConvertOABVDir.ps1 - This script will convert the OAB virtual directory to an IIS web application, as well as create a new application pool called MSExchangeOabAppPool. Converting the OAB virtual directory is necessary to support different authentication methods like Kerberos and Certificate authentication.  You need to execute this script on each Client Access Server.  Ross Smith wrote about this script in his article, Recommendation: Enabling Kerberos Authentication for MAPI Clients
  • LargeToken-IIS_EWS.ps1 -- This script and the following script, LargeToken-Kerberos.ps1, were actually released in Update Rollup 4 for Exchange Server SP1.  LargeToken-IIS_EWS.ps1 increases the value of the MaxFieldLength and MaxRequestBytes IIS parameters on all CAS servers in the Active Directory site. In addition, it changes the EWS Web.config bindings on Exchange 2010 SP1 and the CAS servers.  See the article, You cannot view the free/busy information of users in a mixed Exchange Server 2007 and Exchange Server 2010 environment for more info.
  • LargeToken-Kerberos.ps1 -- This script sets HKLM\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters values MaxPacketSize to DWORD 1 and MaxTokenSize to DWORD 65535 on all machines in the domain (or on specified machines).  See New resolution for problems with Kerberos authentication when users belong to many groups for more information on these keys.
  • Reenable-AuditLoggingAgent.ps1 -- On Exchange 2010 RTM, if you run "Setup.com /prepareAD" to upgrade to Exchange 2010 SP1, the "Admin Audit Log Agent" gets disabled.  It will not run again until the SP1 installation has completed, meaning that admin auditing will not be captured.  This script fixes that issue by rolling back msExchVersion of the agent in Active Directory.  Note: The issue goes away once SP1 installation is complete.
It's great to see these new scripts make it into mainstream production rollouts.

2:28 PM