Category: Users


Exchange comes with some default limits on attachment size and file types. this is for security as well as stability- without limits a user could send a 1 Gb movie to a distribution list, which would seriously hamper your server. I am typically good with defaults, but I am having an issue with Sharepoint. I can not seem to upload a 500Mb PowerPoint presentation. I tried upload from the site, I tried file copy in windows explorer. I then broke the file in half, and still can’t get it over. So I thought I would email it to my list- I do have several libraries mail enabled.

Exceed File Size

Exceed File Size

The file is 117 Mb. That is not too big for Outlook or Exchange, though it is for my Sharepoint. And yes, I changed the connection timeout and the file size limit in CentralAdmin- still got nothing.

To change the max attachment size in Exchange 2007, open up Exchange Management console. Expand Organization configuration and click on Hub Transport. Click on the Global Settings tab, and double-click Transport Settings. Change the first two values to what fits your needs. I changed mine to 1 Gb each- I will be changing them back after I send this file.

Transport Settings

Transport Settings

this can also be done in the Active directory.

Click Start>Run and type mmc.exe

Click file, add or remove snap-in.

Click ADSI Edit, and Add. Click Ok.

In the console that opens, right-click ADSI Edit, and click Connect to.

Select the radial button that says A Well Known Naming Context, and select Configuration.

Connect Configuration

Connect Configuration

Click Ok.

Expand Configuration>CN…>Services>Microsoft Exchange>first Organization>Global Settings>

Right click Message Delivery and select properties.

Change these attributes to manipulate the size values:

delivContLength – incoming message size limit (default is 10240)

submissionContLength – receiving message limit (default is 10240)

Message Delivery Properties

Message Delivery Properties

Close out everything you did, and go back to Outlook… Oh no! You STILL cant attach the file. Well if Exchange is not stopping you anymore, what is? Outlook itself?

Outlook 2010 restricts message size to 20 Mb. Lets change this as well.

Start>Run.

Type regedit and click open.

Navigate to HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Preferences

Right click the folder and select new DWord Value. Name the new key MaximumAttachmentSize.

Right click the new key, select decimal, and enter the size you want to increase it to. I used the same value I used in Exchange 2007, or 1024000.

Restart Outlook, attach away.

Remember, messing with the registry can brick your system. Backup first, and write down what you did so that if errors occur, you can reverse them easily.

There is one more setting that supposedly changes the way your site handles attachment size, which is done wy adding some code to the web.config file for one of your site’s pages. I will not get into it, as I did not do it. Google search for it and you will come up with a few sites.

Advertisements

The company I work for has several “program” divisions under the main company. Each of these programs has a slew of employees, some more than others. Inside each of these programs are also further divisions by team name. Now keeping track of a manually created distribution group can become a nightmare when employees change programs and teams often. I have been keeping up with this manually in the past for several reasons:

  • Manual groups are easy to work with using the SBS Console
  • They are easy to see and well-defined under Groups
  • They are easy to add extra people to (All of program A in this group plus 2 people in program B)

I finally decided to take the plunge and do this dynamically; in other words Exchange will actually populate the recipients at the time of sending and email to that group. There are a few drawbacks to this method:

  • You can’t easily view the recipients of the group
  • You can’t easily test if the group is working
  • You need to be very organized when it comes to the AD
  • Forgetting to correct an AD attribute means the user wont get group mail

To start this process off, I created a list of all programs, employees, and which groups they belonged too. I also used this time to correctly configure AD Properties, Managers and Direct Reports- you can do this or not as you see fit.

I went to Active Directory Users and Computers Console, and opened up MyBusiness/Users/SBSUsers.

Active Directory Users and Computers

Active Directory Users and Computers

I then double clicked each employee and changed several features about their properties. I clicked the Organization tab and specified the properties for each user. Job title is the employee’s job title. the company are all the same.

NOTE: To change the same property value for multiple users, hold ctrl and click each user’s name in ADUC. Once you have them selected, right-click and say properties. Enable the field you are editing, and change the value. This is a quick way to say apply the company name to all users.

User Account

User Account

I then changed the manager for each employee, etc. Now the department is the field that I used for my distinction, and it is also the attribute I will use to create my dynamic lists. I start off labelling every user by department on the program level. Let’s say my programs are named Sales, and Administration. I add either program to each users properties. Then the Sales program is further broken down into groups, we will call them A, B, and C. User1 might be Administration, User2 might be Sales – A, while User3 is Sales – C.

Notice how I formatted the groups: space then dash then space then group. You do not have to do it like this- but whatever you do it must be consistent across the board.

Now we will go ahead and create the Dynamic Distribution Group. Open up Exchange Management Console from Start>Microsoft Exchange Server. Right-click on Recipient configuration, and select New Dynamic Distribution Group.

New Dynamic Distribution Group

New Dynamic Distribution Group

A wizard appears. For Organization Unit, this is where the distribution group is created. You might want to browse and create these groups under the Distribution Groups object in MyBusiness. I left mine to be created in SBSUsers. You need to assign a name for the group. this will be used to identify the group in AD. The alias will be what users send mail to. For this demonstration I will use a group name of Sales Group A, with an alias of SalesA.

New Group

New Group

This means for users to send email to this group they will compose a mail to SalesA@company.com.

Click Next.

Now select the container where you will apply the filter. This is the container that contains the items to which you will pull addresses from. In this case, it is our Users folder in MyBusiness/Users/SBSUsers. You can further customize the filter by using the provided check boxes. For this example, we will leave All Recipient Types selected. Click Next.

Now we select which item defines which addresses will be included in the group. Select Department (if you remember, this is the defining attribute we used to split our company up into programs and subgroups).

Select Department

Select Department

Now in the bottom window, click on specified. Now in the text box enter the EXACT matching text from the department of the users AD properties that you wish to capture. In this instance, we wish to put everyone in Sales Group A into this distribution list, so we enter:

Sales – A

And click Add, then Ok.

Specify Department

Specify Department

At the bottom of the window is a Preview button. Click this and the members that match the filter will display. Make sure you typed everything correctly and you should be seeing all members of Sales Group A. this is the only way to easily check the group membership, so make sure it is right.

Click Next, Click New.

The Wizard should complete with a Green Checkmark, and you can finish it out.

You can test the group by sending out an email to that group with return receipts on it. You can also change your own AD Properties to match the filter, so that you receive an email when you mail that group. There is one more way to check membership, which is documented here. Make sure to read the comments.

This informational item appears under the non-default settings tab of the Exchange BPA. This happens when you customize the generation of SMTP addresses. The alert is not dangerous, and you can safely ignore it.

BPA

BPA

Let’s see what setting is causing this alert, make sure it is configured correctly, and describe what the setting is doing.

Open up Exchange Management Console and then drill down to organization Config>Hub Transport>E-Mail Address Policies. In my Exchange, I have 2 policies. In a default setup, there will only be one policy (Default Policy), and you will not get this BPA error.

Policies

Policies

Let’s explore my added setting,and what it does. I double-click my added policy which is called Windows SBS Email Address Policy. Alternately, if you are creating an additional policy you would click New Email Address Policy in the right menu.

The first page is the name of your policy. This is merely for tracking- name it whatever you want. Under that is the scope of the policy. You can set up policies to apply to only certain aspects of your AD. Mine is set to All Recipient Types (Including user account, room, contact, and equipment addresses).

Introduction

Introduction

You can further apply conditions. I do not use any but here is a scenario. You have two departments in your company: Sales and Shipping. You have two-handled email domains and they are user@salescompany.com and user@shippingcompany.com. Now when you add a new user to Exchange, you would set the conditions to identify the user’s department. If the user was in Shipping, it would automatically generate the address of username@shippingcompany.com.

Conditions

Conditions

This would be a waste of time for a small company such as mine that uses one AD container for all departments, but in larger companies this can be valuable- imagine managing email addresses manually when working with 10,000 users over the span of several companies, locations, and departments.

The next page is Email Address Policies- this is where you tell Exchange how to formulate the email addresses. I have mine set to %g.%s@company.org. The %g and %s are variables that the AD uses to identify item characteristics, in this case first and last name. When I add a user John Doe, it generates an email address John.Doe@company.com.

Policy

Policy

I could have edited the default policy which would have given me no warning, but I try to never edit defaults. In this case, if there was an error with this portion of Exchange I could delete or disable the policy without affecting email generation.

Another default setting in Exchange is under the email address tab of a users properties. Near the bottom there is a box ticked that says Automatically update email address based on recipient email address policy. If this box is ticked, changes here will affect email addresses. So get this setting right, and the addresses will be right as well.

User Properties

User Properties

Half way down this page is a table of variables and what they mean. If you are an AD guru, I am certain you can also use custom AD attributes in generation.

On the next page, set your time frame- I set mine to immediately. Let Exchange process the command and apply this to your selected recipients, and you are done.

Schedule

Schedule

You will notice the rule having a priority of 1, while the default has a priority of Lowest: This means that the new or other policy is applied before/instead of  default.

If you have problems with this policy, simply remove it.

You run the Exchange 2007 BPA and see the following information (warning) items:

Junk Store threshold is currently configured to move messages to recipient’s Junk folder when they have a Spam Confidence Level (SCL) value of 8. This is the default value for the Junk Store threshold. However, the recommended value is 4. You can configure SCL thresholds by using the Set-OrganizationConfig cmdlet in the Exchange Management Shell.

SCL Warning

SCL Warning

Following the link on the BPA, which takes you here, tells us the correct setting for the SCL Junk Threshold is 4. Im good with Microsoft recommendations, more so if it stops errors. You can change this number depending upon your organization and your desire to block out spam. The lower the value, the more “spam” is blocked, including what Exchange thinks is spam and may be good mail. I have had issues with spam in the past, 4 sounds way better than 8.

This is done by the Exchange Management Shell. Open it up from the start menu, the navigate to the scripts folder by typing in the command:

cd “C:\Program Files\Microsoft\Exchange Server\Scripts” including quotes.

Simply type in:

set-organizationconfig -scljunkthreshold 4

 

 

SCL Junk Threshold

SCL Junk Threshold

 

If you get no error, the issue is solved. If too much good mail is being trapped in spam folders, change this to 5 or 6. If you want more mail captured- spam is getting through- change this to 3. Personally I would not go higher than 3, and if you go that high make sure you enable a transport rule to give mail sent from your users a rating that will allow it through.

So, you use OWA a lot, like me. I use it in and out of the office as my main email. It is so convenient, and much faster than running the program MS Outlook. Now if you are an admin, you know how to VPN and Remote Desktop to get access to files on the server. You can also use Sharepoints external access to get at Companyweb files. But why do all of this if you can have it all in OWA?

I will add file browsing capabilities to the entire Exchange Organization. Open up Exchange Management Console (EMC) and expand Server Configuration>Client Access. Click the OWA tab.

OWA Access

OWA Access

 

Right click it, and select Properties. Click Remote File Servers. You see several buttons. Block allows you to restrict locations from being accessed through OWA. Allow let’s you specify trusted locations to host file access. Unknown Servers should be left on Block.

Click Allow.

Now add your locations. for Sharepoint, I added http://companyweb

For the server, I added solaceserver.solace.local.

For my Workstation, I added C5.solace.local.

Make sure your resources are secured before adding them. I use least access rules, and only share out folders that are needed.

When you are done, click ok.

Remote File Server Allow List

Remote File Server Allow List

 
 
 
 
Now, log in to OWA.
 
In the bottom left hand corner, click Documents.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Documents Click Open Location. Type in http://companyweb.
Click add to favorites.
Click open location again.
Type in  the name of your workstation or file server.
Companyweb Favorite

Companyweb Favorite

 
 You now have access to companyweb files and computer files from within OWA anywhere. It adds some functionality such as right clicking on a file and sending to email, or displaying documents in a web page- useful for a computer without a word processor.
 
As a warning, I would suggest only enabling remote file serving if it is necessary. Do not enable server or computer access for convenience when VPN or Remote Desktop will work.
 
%d bloggers like this: