Exchange 2007Exchange 2007 的的 Management Management ShellShell 、、 ScriptingScripting 與原則使用與原則使用

謝合宜謝合宜微軟特約技術顧問微軟特約技術顧問MCSE : Security/Messaging MVP/MCTMCSE : Security/Messaging MVP/MCT

BS7799/ISO27001 Lead AuditorBS7799/ISO27001 Lead Auditor

2

Exchange 2007 WebCast系列課程課程名稱 時間Exchange 2007 --- 新一代的訊息系統 11/22

Getting Started with Microsoft Exchange Server 2007 安裝建置的基礎

12/19

Exchange 2007 的 OWA 12/20

前進 64 位元的 Exchange 2007 12/27

Exchange 2007 的用戶端存取 1/10

Exchange 2007 的系統部署與轉移 1/17

Exchange 2007 的系統部署準備 --- 儲存預測與測試 1/24

Exchange 2007 的 Management Shell 、 Scripting 與原則使用 1/31

保護 Exchange 2007 免於垃圾郵件與病毒 2/7

Exchange 2007 的系統備份、高可使用性與災難還原 2/14

3

Level 200

預備知識預備知識

• 熟悉熟悉 Exchange 2000/2003Exchange 2000/2003 或 或 5.55.5 的系的系統管理與使用統管理與使用

4

Agenda

• Exchange 2007 Exchange 2007 系統管理架構系統管理架構– What’s PowerShell ?What’s PowerShell ?– GUI and using PowerShell GUI and using PowerShell

• 訊息原則的使用訊息原則的使用• 各種原則的用途與設定各種原則的用途與設定

5

Exchange Management ConsoleExchange Management Console

Actions paneActions pane

Result paneResult pane

Work paneWork paneConsole treeConsole tree

6

EMCEMC Console TreeConsole Tree

管理整個組織組態管理整個組織組態

管理特定角色伺服器設定管理特定角色伺服器設定

管理收件者物件設定管理收件者物件設定

問題診斷與分析工具問題診斷與分析工具

7

What is PowerShell?What is PowerShell?

• 延伸的延伸的”” scripting”scripting” 技術，提供互動、可程式撰寫以及安全技術，提供互動、可程式撰寫以及安全與個別產品導向的環境與個別產品導向的環境 – Improves the developer experience by making it easier to add Improves the developer experience by making it easier to add

command-line management capabilities using Microsoft .NET command-line management capabilities using Microsoft .NET – Improves the administrative experience by enabling IT Pros to Improves the administrative experience by enabling IT Pros to

write secure automation scripts that can run locally or remotelywrite secure automation scripts that can run locally or remotely

• Components Components – A scripting languageA scripting language– An interactive shell An interactive shell – A way to produce task-oriented commandsA way to produce task-oriented commands– A set of domain-independent utility commandsA set of domain-independent utility commands

Exchange Management ShellExchange Management Shell

Verb Noun Parameters Example

Get User Get-User

Get Users-Identity

-ExternalEmailAddress

Enable-mailuser –Identity

Tom – ExternalEmailAddress

Tom@Contoso.com

Exchange Management Shell commands use the same syntax (verb-noun)Exchange Management Shell commands use the same syntax (verb-noun)

Exchange Server 2003 (VBScript)Exchange Server 2003 (VBScript) Exchange Server 2007 Exchange Server 2007 (Monad Script)(Monad Script)

Mailbox Mailbox StatistiStatisticscs

Set listExchange_Mailboxs = GetObject("winmgmts:{impersonationLevel=impersonate}!\\Set listExchange_Mailboxs = GetObject("winmgmts:{impersonationLevel=impersonate}!\\COMPUTERNAME\ROOT\MicrosoftExchangeV2").InstancesOf("Exchange_Mailbox")COMPUTERNAME\ROOT\MicrosoftExchangeV2").InstancesOf("Exchange_Mailbox")

For Each objExchange_Mailbox in listExchange_MailboxsFor Each objExchange_Mailbox in listExchange_Mailboxs

WScript.echo "AssocContentCount =” + objExchange_Mailbox.AssocContentCountWScript.echo "AssocContentCount =” + objExchange_Mailbox.AssocContentCount

WScript.echo " DateDiscoveredAbsentInDS =” + objExchange_Mailbox.DateDiscoveredAbsentInDSWScript.echo " DateDiscoveredAbsentInDS =” + objExchange_Mailbox.DateDiscoveredAbsentInDS

WScript.echo " DeletedMessageSizeExtended =” + objExchange_Mailbox. DeletedMessageSizeExtendedWScript.echo " DeletedMessageSizeExtended =” + objExchange_Mailbox. DeletedMessageSizeExtended

WScript.echo " LastLoggedOnUserAccount =” + objExchange_Mailbox. LastLoggedOnUserAccountWScript.echo " LastLoggedOnUserAccount =” + objExchange_Mailbox. LastLoggedOnUserAccount

WScript.echo " LastLogoffTime =” + objExchange_Mailbox. LastLogoffTimeWScript.echo " LastLogoffTime =” + objExchange_Mailbox. LastLogoffTime

WScript.echo " LastLogonTime =” + objExchange_Mailbox. LastLogonTime WScript.echo " LastLogonTime =” + objExchange_Mailbox. LastLogonTime

WScript.echo " LegacyDN =” + objExchange_Mailbox. LegacyDNWScript.echo " LegacyDN =” + objExchange_Mailbox. LegacyDN

WScript.echo " MailboxDisplayName =” + objExchange_Mailbox. MailboxDisplayNameWScript.echo " MailboxDisplayName =” + objExchange_Mailbox. MailboxDisplayName

WScript.echo " MailboxGUID =” + objExchange_Mailbox. MailboxGUID WScript.echo " MailboxGUID =” + objExchange_Mailbox. MailboxGUID

WScript.echo " ServerName =” + objExchange_Mailbox. ServerName WScript.echo " ServerName =” + objExchange_Mailbox. ServerName

WScript.echo " Size =” + objExchange_Mailbox. SizeWScript.echo " Size =” + objExchange_Mailbox. Size

WScript.echo " StorageGroupName =” + objExchange_Mailbox. StorageGroupName WScript.echo " StorageGroupName =” + objExchange_Mailbox. StorageGroupName

WScript.echo " StorageLimitInfo =” + objExchange_Mailbox. StorageLimitInfo WScript.echo " StorageLimitInfo =” + objExchange_Mailbox. StorageLimitInfo

WScript.echo " StoreName =” + objExchange_Mailbox. StoreName WScript.echo " StoreName =” + objExchange_Mailbox. StoreName

WScript.echo " TotalItems =” + objExchange_Mailbox. TotalItems WScript.echo " TotalItems =” + objExchange_Mailbox. TotalItems

NextNext

get-mailboxstatistics get-mailboxstatistics

– –server $servernameserver $servername

DatabaDatabase se MgmtMgmt

Dim StorGroup as New CDOEXM.StorageGroupDim StorGroup as New CDOEXM.StorageGroup

StorGroup.DataSource.Open "LDAP://" + DCServer + "/ CN=First Storage StorGroup.DataSource.Open "LDAP://" + DCServer + "/ CN=First Storage Group,CN=InformationStore,CN=" + Server + ",CN=Servers,CN=First Administrative Group,CN=InformationStore,CN=" + Server + ",CN=Servers,CN=First Administrative Group, CN=Administrative Groups,CN=First Organization, CN=Microsoft Group, CN=Administrative Groups,CN=First Organization, CN=Microsoft Exchange,CN=Services, CN=Configuration," + DomainName Exchange,CN=Services, CN=Configuration," + DomainName

StorGroup.MoveLogFiles("C:\newlogPath", 0)StorGroup.MoveLogFiles("C:\newlogPath", 0)

move-storagegrouppath move-storagegrouppath

-identity “First Storage -identity “First Storage

Group“ Group“

– –log "C:\newlogPath”log "C:\newlogPath”RecipieRecipient nt MgmtMgmt

Dim objMailbox As CDOEXM.IMailboxStoreDim objMailbox As CDOEXM.IMailboxStore

Set objMailbox = GetObject("LDAP://" + DCServer + "CN=FOO,CN=users," + DomainName)Set objMailbox = GetObject("LDAP://" + DCServer + "CN=FOO,CN=users," + DomainName)

objMailbox.CreateMailbox "LDAP://" + DCServer + "/CN=Private MDB,CN=First Storage objMailbox.CreateMailbox "LDAP://" + DCServer + "/CN=Private MDB,CN=First Storage Group,CN=InformationStore,CN=" + Server + ",CN=Servers,CN=First Administrative Group,CN=InformationStore,CN=" + Server + ",CN=Servers,CN=First Administrative Group, CN=Administrative Groups,CN=First Organization, CN=Microsoft Group, CN=Administrative Groups,CN=First Organization, CN=Microsoft Exchange,CN=Services, CN=Configuration," + DomainNameExchange,CN=Services, CN=Configuration," + DomainName

enable-mailbox enable-mailbox

-identity domain\FOO -identity domain\FOO

– –database “First Storagedatabase “First Storage

Group\Private MDB”Group\Private MDB”

Exchange Server 2007 - eq “Much Simpler”Exchange Server 2007 - eq “Much Simpler”

Monad EngineMonad Engine

Exchange cmdletsExchange cmdlets

Configuration Data AccessConfiguration Data Access

ADADRegistryRegistry MetaMeta

basebaseMAPIMAPIStoreStore

ProcessProcessboundaryboundary

Early-bound objsEarly-bound objs

WinFormsWinForms

ADO.NetADO.Net

Monad Data ProviderMonad Data Provider

WinFormsWinForms

CLICLI

GUIGUI

SetupSetup

Exchange Server 2007Exchange Server 2007 管理架構管理架構

11

Exchange 2007Exchange 2007 的的““管理命令介面管理命令介面””

• Goal is to simplify an administrator’s viewGoal is to simplify an administrator’s view of Exchange Server 2007 of Exchange Server 2007 • A “task” is defined as an administrative operation A “task” is defined as an administrative operation

(for example, move a mailbox)(for example, move a mailbox)• Tasks are grouped in 4 areas: (Tasks are grouped in 4 areas: ( 約約 350350 個個 cmdlets)cmdlets)

– Recipient management tasksRecipient management tasks

– Organization management tasks Organization management tasks

– Server management tasks Server management tasks

– Diagnostic Tasks Diagnostic Tasks

• Tasks are further broken into categories based on server role Tasks are further broken into categories based on server role and features and features – Roles: Edge/Hub Transport, CAS, Mailbox, UMRoles: Edge/Hub Transport, CAS, Mailbox, UM

– Features: AntiSpam, Managed E-mail, Transport, Rules, etc.Features: AntiSpam, Managed E-mail, Transport, Rules, etc.

http://www.microsoft.com/technet/prodtechnol/exchange/E2k7/ZH-TW/Help/ExchHelp/c05a8c55-fbb3-4eb6-ad02-ea5430f03132.mspx

12

Help! Navigating the ShellHelp! Navigating the Shell

• Use help to find cmdlets and categories Use help to find cmdlets and categories Get-help *User* Get-help *User* Get-help -role *UM*Get-help -role *UM*Get-help –component *recipient*Get-help –component *recipient*

• Use help pages to drill into more detailUse help pages to drill into more detailGet-mailbox -? | more Get-mailbox -? | more Help remove-storagegroupHelp remove-storagegroup

• Explore the properties of output objects using format-list Explore the properties of output objects using format-list Get-Mailbox TestUser | format-list Get-Mailbox TestUser | format-list Get-Mailbox TestUser | fl *quota*Get-Mailbox TestUser | fl *quota*

• Explore the property types of output objects using Explore the property types of output objects using get-memberget-member

Get-storagegroup TestUser | get-memberGet-storagegroup TestUser | get-member

13

Searching (Finding Things)Searching (Finding Things)

• Use client side filtering to narrow results: Use client side filtering to narrow results: Get-TransportServer | Get-TransportServer |

where { $_.MessageTrackingEnabled –eq $false }where { $_.MessageTrackingEnabled –eq $false }

• Wildcards are supported as well Wildcards are supported as well Get-Mailbox *joe*Get-Mailbox *joe*Get-ExchangeServer *North* Get-ExchangeServer *North* Get-SendConnector *.ms.comGet-SendConnector *.ms.com

• Also provide server-side filtering for tasks Also provide server-side filtering for tasks that return large number of objects that return large number of objects Get-Mailbox -filter { DisplayName -like ‘*Test*’ }Get-Mailbox -filter { DisplayName -like ‘*Test*’ }

14

PipeliningPipelining• Bulk management is possible using pipingBulk management is possible using piping

get-StorageGroup | get-StorageGroup | set-StorageGroup -param1 arg1 -param2 arg2set-StorageGroup -param1 arg1 -param2 arg2

• Piping (cmd1 | cmd2) works 100% within Piping (cmd1 | cmd2) works 100% within same noun same noun Get-Mailbox redmond\mihaijal | remove-mailboxGet-Mailbox redmond\mihaijal | remove-mailbox

• AndAnd certain different nouns certain different nouns Get-Mailbox redmond\viveksha | Test-MapiConnectivityGet-Mailbox redmond\viveksha | Test-MapiConnectivity

• Even when you can’t pipe, you can use Even when you can’t pipe, you can use foreachforeach to do what you want to do what you want Get-ExchangeServer | foreach { get-Storagegroup –Get-ExchangeServer | foreach { get-Storagegroup –

server $_.Name }server $_.Name }

15

Agenda

• Exchange 2007 Exchange 2007 系統管理架構系統管理架構– What’s PowerShell ?What’s PowerShell ?– GUI and using PowerShell GUI and using PowerShell

• 訊息原則的使用訊息原則的使用• 各種原則的用途與設定各種原則的用途與設定

Exchange Server 2007Exchange Server 2007Compliance & Messaging Policy OverviewCompliance & Messaging Policy Overview

Hub & Edge Role CapabilitiesHub & Edge Role CapabilitiesManaging Messages In-TransitManaging Messages In-Transit

Mailbox Role CapabilitiesMailbox Role CapabilitiesPolicies for Messaging Records ManagementPolicies for Messaging Records Management

19

What Are Messaging Policies? What Are Messaging Policies?

訊息原則是規則與設定的集合，用來管理訊息的傳輸 (Message Flow) 與儲存訊息原則是規則與設定的集合，用來管理訊息的傳輸 (Message Flow) 與儲存

Transport policies( 傳輸原則 ) can restrict message flow or modify message contents as messages pass through transport components

Journaling policies( 日誌原則 ) enable you to save a copy of all messages that meet specified criteria

Messaging Records Management policies( 郵件記錄管理原則 ) automate and simplify message retention for mailbox contents

Transport policies( 傳輸原則 ) can restrict message flow or modify message contents as messages pass through transport components

Journaling policies( 日誌原則 ) enable you to save a copy of all messages that meet specified criteria

Messaging Records Management policies( 郵件記錄管理原則 ) automate and simplify message retention for mailbox contents

20

Agenda

• Exchange 2007 Exchange 2007 系統管理架構系統管理架構– What’s PowerShell ?What’s PowerShell ?– GUI and using PowerShell GUI and using PowerShell

• 訊息原則的使用訊息原則的使用• 各種原則的用途與設定各種原則的用途與設定

21

What Are Transport Rules?What Are Transport Rules?

Transport rules can restrict message flow or modify message contents for messages in transitTransport rules can restrict message flow or modify message contents for messages in transit

Transport rules on a Hub Transport server are:Transport rules on a Hub Transport server are:

Stored in Active Directory

Applied by all Hub Transport servers

Stored in Active Directory

Applied by all Hub Transport servers

Transport rules on an Edge Transport server are:Transport rules on an Edge Transport server are:

Stored in ADAM

Unique to each Edge Transport server

Stored in ADAM

Unique to each Edge Transport server

22

• Similar to Outlook rules, but run in transport Similar to Outlook rules, but run in transport and managed by the IT Proand managed by the IT Pro

• Use familiar Exchange Management Console Use familiar Exchange Management Console Rules Wizard, or powerful powershell tasksRules Wizard, or powerful powershell tasks

• Wide array of conditions/exceptionsWide array of conditions/exceptions– All e-mail, internal-only, external-onlyAll e-mail, internal-only, external-only– Sender / recipientSender / recipient– Subject and body contentSubject and body content– Header valuesHeader values

Transport RulesTransport RulesConditions, actions, exceptionsConditions, actions, exceptions

23

Transport RulesTransport RulesConditions, actions, exceptionsConditions, actions, exceptions

• 可以進行的動作可以進行的動作– 加上免責聲明加上免責聲明– 加上主旨資訊加上主旨資訊– 進行訊息分類進行訊息分類– 加上標頭資訊加上標頭資訊– 捨棄訊息捨棄訊息– 導向其他位置導向其他位置– 新增新增 To/Cc/Bcc To/Cc/Bcc 收件者收件者

Transport Rules WizardTransport Rules Wizard

Transport Rules WizardTransport Rules Wizard

傳輸規則傳輸規則 (Transport (Transport Rules)Rules)

27

• Journaling runs on the Journaling runs on the Hub Transport roleHub Transport role

• Organization-wide configuration in ADOrganization-wide configuration in AD

• Reduced duplication of journal reportsReduced duplication of journal reports

• Journaling conditions:Journaling conditions:– All e-mail, internal-only, external-onlyAll e-mail, internal-only, external-only– Specific individualsSpecific individuals– DL membershipDL membership

• Deliver journal reports to any Deliver journal reports to any SMTP addressSMTP address

日誌日誌 (Journaling)(Journaling)Say goodbye to per-MDB configuration!(Say goodbye to per-MDB configuration!( 還是有哦還是有哦 ))

詳細的日誌內容詳細的日誌內容

詳細的收件者資訊BccDL-expansionForwarded mailboxes原來信件

日誌的設定與使用日誌的設定與使用

30

What’s Messaging Records What’s Messaging Records Management(Management( 郵件記錄管理郵件記錄管理 )?)?

郵件記錄管理是用來協助企業組織管理儲存在使用者信箱中的訊息的管理設定郵件記錄管理是用來協助企業組織管理儲存在使用者信箱中的訊息的管理設定

透過郵件記錄管理：透過郵件記錄管理：

設定信箱的特定資料夾的內容訊息的保留天數定義過期訊息的處理方式設定信箱的特定資料夾的內容訊息的保留天數定義過期訊息的處理方式

ReceiveReceive DecideDecide ActAct RetainRetain

End-User WorkflowEnd-User WorkflowWith selective journaling + server retention policyWith selective journaling + server retention policy

New Email

Business Need to Keep?

File in Managed Email Folder

Retain in user’s mailbox / Expire automatically later

Legal/ Regulatory Need to Keep?

File in a Managed Email Folder

Retain in user’s mailbox / Expire automatically later

Journal to external archive

Short-term Need to Keep?

File in a user folder or leave in Inbox Expire automatically

after short time

No Need to Keep?

Delete immediately

Place in Dumpster

佈署郵件記錄管理佈署郵件記錄管理Five planning pointsFive planning points

# 記得要啟用伺服器的郵件記錄管理代理器運作排程

計畫提升使用者的信箱配額大小計畫提升使用者的信箱配額大小

• 提升信箱配額提升信箱配額– 可降低風險可降低風險– Access AnywhereAccess Anywhere– 增加生產力增加生產力

• 考量不再使用考量不再使用 PSTsPSTs– PSTsPSTs 有潛藏風險與負擔有潛藏風險與負擔– 依時間而不再重要依時間而不再重要

Disabling PSTs in Outlook:Disabling PSTs in Outlook: (KB 896515)(KB 896515)HKLM\Software\Microsoft\Office\12.0\Outlook\PST\PstDisableGrowHKLM\Software\Microsoft\Office\12.0\Outlook\PST\PstDisableGrowHKLM\Software\Microsoft\Office\12.0\Outlook\DisablePSTHKLM\Software\Microsoft\Office\12.0\Outlook\DisablePST

設定郵件記錄管理設定郵件記錄管理

35

講題總結講題總結• Exchange 管理命令介面提供更方便的管理方式

– 請計畫有關 Scripting 的學習• 原則的使用讓 IT Pros 能對訊息郵件的使用進行更

彈性的管理措施– 請平衡 IT Pros, IW Users 以及企業管理與法律上的需

求• 郵件記錄管理可以方便控管郵件伺服器的資料庫使

用情形與信息保留時限– No one size fits all

• 使用者的教育訓練是重要關鍵 !!

36

For More Information…For More Information…• TechNetTechNet

– www.microsoft.com/taiwan/technet• Exchange Server 2007Exchange Server 2007

– www.microsoft.com/exchangeexchange• TechNet TechNet 技術論壇技術論壇

– www.microsoft.com/taiwan/technet/forum• MVP CommunityMVP Community 社群網站社群網站

– www.microsoft.com/taiwan/community• MS Exchange Team BlogMS Exchange Team Blog

– http://msexchangeteam.com/• Exchange 2007 online HelpExchange 2007 online Help

– http://www.microsoft.com/technet/prodtechnol/http://www.microsoft.com/technet/prodtechnol/exchange/E2k7/ZH-TW/Help/ExchHelp/cb24ddb7-exchange/E2k7/ZH-TW/Help/ExchHelp/cb24ddb7-0659-4d9d-9057-52843f861ba8.mspx?mfr=true0659-4d9d-9057-52843f861ba8.mspx?mfr=true