Migrationwiz – Exchange migration in the cloud

When migrating one Exchange organization to another organization you have to do quite some work. The traditional methods include a lot of scripting, or a 3rd party tool like Quest or BinaryTree to migrate one Exchange environment to another.

Migrationwiz is a product that can perform the migration from the cloud, they offer E-mail migrations as a service. This migration can be from any messaging platform to any messaging platform, but for this blog I’ll focus on a migration from one Exchange platform to another Exchange platform (in different datacenters).


Continue reading Migrationwiz – Exchange migration in the cloud

Insufficient Access Rights

During an Exchange 2003 to Exchange 2010 migration I ran into an issue where the mailbox could not be moved to Exchange 2010 because of an “Insufficient Access Rights” error:

[PS] C:\Windows\system32>get-mailbox -Identity “Joe Sixpack” | New-MoveRequest -TargetDatabase dB01 -BadItemLimit:25 -AcceptLargeDataLoss:$true

Continue reading Insufficient Access Rights

msExchQueryBaseDN and Exchange 2010

In the old days when using Exchange 2007 for hosting scenarios you would use the Configuring virtual organizations and address list segregation in Exchange 2007 whitepaper. In Exchange 2007 the msExchQueryBaseDN property on a mailbox was used to limit the search scope of users in OWA. The typical setting of this property is the OU where the users would reside in Active Directory.

The msExchUseOAB property on a mailbox is used to select an Offline Address Book in a hosting environment (where multiple OAB exist of course). This way the user would receive the OAB of his particular organization.

Continue reading msExchQueryBaseDN and Exchange 2010

Change OWA Logon Page in TMG

Normally when you use OWA you see the initial logon page where the credentials are asked like Domain\User name:


When you want to use the UPN (in most cases identical to the e-mail address) you can set this on the OWA Virtual Directory in the Exchange Management Console:


When you select “Use forms-based authentication” and select “User principal name (UPN)” the initial login page changes accordingly:


When using TMG2010 in front of Exchange 2010 things are different. The logon form is now generated by TMG, and the Exchange server itself is set to basic authentication. By default the TMG logon page for Exchange is set to show the Domain\Username format and unfortunately there’s no easy way to change the logon page to show something different.

Please note that although the default page shows Domain\Username you still can use the UPN to logon!

To change the logon page to show a different text (or change the layout completely) you have to change the HTML pages. These pages can be found on the TMG server in directory C:\Program Files\Microsoft Forefront Threat Management Gateway\Templates\CookieAuthTemplates\Exchange\HTML. The various languages files can be found in subdirectories here, for example the Dutch language component can be found in subdirectory nls\nl. Open the strings.txt file, search for the L_UserName_Text string and change its value.


Restart the TMG Firewall service and open Outlook Web App. You’ll see that the logon page has now changed:


SSL offloading with Powershell

When you’re using a (hardware) load balancer in combination with Exchange Server 2010 you might want to offload SSL from the Exchange servers to the load balancers. This way you get more options available for persistence in the load balancer.

Enabling SSL offloading in Exchange 2010 is not that difficult but it consists of several steps which can be prone to error if you have to configure this on multiple servers (which is most likely the case of course with a load balancer).

Continue reading SSL offloading with Powershell

Microsoft UC Specialist