Monday, July 23, 2012

How To Use Remote Installation Service to Install Windows Server 2003 on Remote Computers

This step-by-step article describes how to use Remote Installation Service (RIS) to install Windows Server 2003 on remote computers.
You can use RIS to remotely set up new Microsoft Windows Server 2003-based computers by using a RIS network shared folder as the source of the Windows Server 2003 files. You can install operating systems on remote boot-enabled client computers. Client computers are connected to the network, and are then started by using a Pre-Boot eXecution Environment (PXE)-capable network adapter or remote boot disk. The client then logs on with a valid user account.
RIS Hardware Requirements
The following is the minimum hardware that is required for the RIS server:
  • The server must meet the minimum hardware requirements for the version of Windows Server 2003 that is installed.
  • A four gigabyte (GB) drive that is dedicated to the RIS directory tree on the RIS server.
  • A 10 or 100 megabit per second (Mbps) network adapter that supports TCP/IP. 100 Mbps is preferred.

  • NOTE
  • : Dedicate a whole hard disk or partition specifically to the RIS directory tree. SCSI-based disk controllers and disks are preferred.

  • The drive on the server on which you will install RIS must be formatted with the NTFS file system. RIS requires a lot of disk space, and you cannot install it on the same drive or partition on which Windows Server 2003 is installed. Make sure that the chosen drive contains enough free disk space for at least one full set of the installation files for the operating system you plan to remotely install.
Client Hardware Requirements
The following list describes the minimum hardware that is required for RIS client computers:
  • Meet the minimum operating system hardware requirements.
  • PXE DHCP-based boot ROM version 1.00 or later network adapter, or a network adaptor that is supported by the RIS boot disk.

  • NOTE
  • : Always contact the manufacturer of your network adapter to obtain the latest version of the PXE DHCP-based boot ROM.
Software Requirements
Several network services must be active and available for RIS. You can install the following services either on the RIS server or on other servers that are available on the network:
  • Domain Name System (DNS Service)
  • Dynamic Host Configuration Protocol (DHCP)
  • Active Directory "Directory" service
Prerequisites for Client Installations
Make sure that the client computer's network adapter has been set as the primary boot device in the computer BIOS. If the network adapter is configured as the primary boot device, the client requests a network service boot from the RIS server on the network when the client starts. After the client contacts the RIS, the client is prompted to press the F12 key to download the Client Installation Wizard. Do not press F12 unless you need a new operating system installation or access to maintenance and troubleshooting tools.
After the client operating system has been installed by using RIS, you can ignore the prompt to press F12 during future client computer startups. You can also reset the client BIOS so that the primary boot device is the floppy disk drive, the hard disk, or the CD-ROM drive.
To use the remote boot disk to start the installation, insert the boot disk into the floppy disk drive, and then start the client computer. The floppy disk drive must be set as the primary boot device in the client BIOS. After the computer starts from the disk, you are prompted to press F12 to start the network service boot process. You must remove the boot disk after you press F12 and before the text-mode portion of the operating system installation completes.
NOTE: You may have to press F12 on some Compaq computers during startup. In this case, you must press F12 on the Compaq startup screen, and then press F12 again when you are prompted by the RIS server.
Install Windows Server 2003 RIS
  1. Click Start, point to Control Panel, and then click Add or Remove Programs.
  1. Click Add/Remove Windows Components.
  1. Click to select the Remote Installation Services check box, and then click Next.

  1. NOTE
  2. : If you are prompted for the Windows Server 2003 installation files, put the Windows Server 2003 CD-ROM in the CD-ROM drive, and then click OK. After you do so, you may receive a message with options for upgrading the operating system. Click No.
  1. Click Finish, and then click Yes to restart your computer.
Set Up RIS
  1. Log on as a user with administrative privileges.
  1. Click Start, click Run, type risetup.exe, and then click OK to start the RIS Setup Wizard.
  1. When the "Welcome" screen appears, click Next.
  1. Type the drive letter and folder in which the RIS files are stored, and then click Next. For example, you might typeE:\RemoteInstall, and then click Next.
  1. After the RIS Setup Wizard copies the files, you are be prompted to enable or disable the RIS service, and the options are:
  • Respond to client computers requesting service
  • . If you select this option, RIS is enabled, and it will respond to client computers that are requesting service.
  • Do not respond to unknown client computers
  • . If you select this option, RIS only responds to known client computers.
  1. Click Respond to client computers requesting service, and then click Next.
  1. You are then prompted for the location of the client operating system installation files. Put the client operating system CD-ROM in the server CD-ROM drive, and then click Next.

  1. NOTE
  2. : Microsoft only supports the use of Microsoft media when creating a client operating system image. The use of non-Microsoft media is not supported.
  1. Type the folder name for the client operating system installation files on the RIS server, and then click Next.
  1. Type a friendly description for the operating system image. This is displayed to users after they start a remote client and run the Client Installation Wizard.
  1. Click Next, click Finish, and then click Done.
Authorize RIS in Active Directory
After you install RIS, the RIS server must be authorized in Active Directory. Authorization determines control of which RIS servers can serve client computers on the network. If the RIS server is not authorized in Active Directory, client computers that request service cannot contact the RIS server.
NOTE: To authorize a RIS server in Active Directory, you must be logged on as an enterprise administrator or a domain administrator of the root domain.
  1. Click Start, point to Administrative Tools, and then click DHCP.
  1. In the left pane, right-click DHCP, and then click Manage Authorized Servers.
  1. If your server is not listed, click Authorize, type the name or the IP address of the RIS server, and then click OK.

  1. NOTE
  2. : If you are prompted to confirm the RIS server, verify the name and IP address, and then click OK.
  1. Click Close, and then quit the DHCP console.
Set User Permissions
With RIS, clients can install their own client operating system. The users must also be granted permissions for creating computer accounts in the domain. To make it possible for users to create computer accounts anywhere in the domain:
  1. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
  1. In the left pane, right-click your domain name, and then click Delegate Control.
  1. In the Delegation of Control Wizard, click Next.
  1. Click Add.
  1. Type the name of the group that requires permission to add computer accounts to the domain, and then click OK.
  1. Click Next.
  1. Click to select the Join a computer to the domain check box, and then click Next.
  1. Click Finish.
Install Clients By Using RIS
This section describes how to install a client operating system on a computer that contains a network adapter that supports PXE DHCP-based boot ROM. To install a client operating system:
  1. Make sure that the network adapter is set as the primary boot device in the computer BIOS.
  1. Restart the client computer from the network adapter.
  1. When you are prompted to do so, press F12 to start the download of the Client Installation Wizard.
  1. At the "Welcome" screen, press ENTER.
  1. Type a user name that has permissions to add computer accounts to the domain, and then type the domain name and password for this user.
  1. Press ENTER.
  1. When you receive a warning message that states that all data on the client computer hard disk will be deleted, press ENTER.
  1. A computer account and a global unique ID for this workstation are displayed. Press ENTER to start Setup.
  1. If you are prompted to do so, follow the instructions on the screen to complete the client operating system installation.
Remote Installation Boot Disk Option
You can use the remote installation boot disk with computers that do not contain a network adapter that supports PXE DHCP-based boot ROM. The boot disk is designed to simulate the PXE startup process. 
Rbfg.exe is a utility for creating network installation disks, and it is located in the RemoteInstall\Admin folder on every RIS server.
Creating a Boot Disk By Using the Windows Remote Boot Disk Generator
To create a remote installation boot disk:
  1. Locate the drive:\RemoteInstall\Admin\I386 folder on the RIS server, where drive is the drive on which RIS is installed.
  1. Double-click the Rbfg.exe file.
  1. Put a floppy disk in the floppy disk drive, and then click Create Disk.
  1. When you prompted to create another disk, click No, and then click Close.
NOTE: To view a list of supported network adapters, click Adapter List. You cannot add network adapters to this list.

Monday, July 09, 2012

FSMO Roles Explained


The FSMO Roles

Within Active Directory not all Domain Controllers are equal some have certain roles assigned to them, these roles need to be performed by a single Domain Controller. These roles are called the FSMO roles (Flexible Single Master Operations). There are 5 roles 2 of which are forest wide and the other 3 are domain wide roles.
The 5 roles are as follows:

Schema master (forest wide):

The Schema Master controls all updates to the Schema within the forest.

Domain Naming Master (forest wide):

The Domain Naming Master role is responsible for the creation and deletion of domains in the forest.

PDC Emulator (domain wide):

The PDC emulator role provides backwards compatability for Windows NT backup domain controllers (BDCs), the PDC emulator advertises itself as the primary domain controller for the domain. It also acts as the domain master browser and maintains the latest password for all users within the domain.

Infrastructure Master (domain wide):

The Infrastructure Manager role is responsible for updating references from objects within its domain with objects in other domains.

RID Master (domain wide):

The RID Master manages the Security Identifier (SID) for every object within the domain.

Saturday, July 07, 2012

Exchange 2007 Power Shell


This quick reference sheet describes the most commonly used Exchange shell cmdlets and provides examples. More about Exchange shell and all cmdlets in Exchange 2007: Exchange Management Shell.

Contents

Common Cmdlet Actions

Exchange Shell (and Windows PowerShell) cmdlets are made up of Verb-Noun combinations. Most cmdlets support the following easy-to-understand verbs.

GetThe Get verb retrieves:
- a specific object, such as a specific mailbox
- all objects of a specific type, such as mailboxes, distribution groups, or contacts
- a subset of objects of a specific type, such as mailboxes in a particular OU
SetThe Set verb modifies settings of an object, such as the alias of a contact or the deleted item retention of a mailbox database.
NewThe New verb creates a new object such as a new mailbox, a new configuration setting, a new mailbox database, or a new SMTP connector.
RemoveThe Remove verb removes an object, such as a mailbox or transport rule.All Remove cmdlets support the WhatIf and Confirm switches. For more information about these switches, seeImportant Parameters & Switches.
EnableThe Enable verb enables an object, such as a transport rule, or mail-enables a recipient.
DisableThe Disable verb disables an enabled object or mail-disables a recipient.
All Disable tasks also support the WhatIf and Confirm switches. For more information about these switches, seeImportant Parameters.

Important Parameters & Switches

The following parameters and switches help you control how commands run, and indicate exactly what a command will do before it affects data.
IdentityIdentifies the unique object for the task. It is typically used with EnableDisableRemoveSet, and Getcmdlets. Identity is a positional parameter— you don't have to specify the parameter name (-Identity) when you specify the parameter's value in a commad. For example, both of the following commands query the mailbox of user1:
Get-Mailbox -Identity user1
Get-Mailbox user1
WhatIfThe WhatIf switch instructs the cmdlet to simulate the actions that it would take on the object. It allows you to view changes that would occur without actually applying them. The default value is$True.
ConfirmThe Confirm switch causes the cmdlet to pause processing and requires the administrator to acknowledge what the cmdlet will do before processing continues. The default value is $True. To override confirmation for cmdlets that require a confirmation by default, set it to $False
ValidateThe Validate switch causes the cmdlet to check that all prerequisites for running the operation are satisfied and it will complete successfully.

Tips and Tricks

Get-CommandThis cmdlet lists all cmdlets available through the shell— Exchange Server 2007 as well as Windows PowerShell cmdlets.
Get-Command *keyword*This cmdlet lists all cmdlets that have keyword in the cmdlet.
Get-task | Get-MemberThis cmdlet lists all properties and methods of task.
Get-task | Format-ListThis cmdlet displays the output of the query in a formatted list. You can pipe the output of anyGet cmdlet to Format-List (or fl in short) to view all properties of the object returned by that command, or you can specify specific properties to view, separated by commas, as in the following example: Get-Mailbox *john* | Format-List alias,*quota
Help taskThis cmdlet retrieves shell help for a cmdlet, as in the following example: Help Get-Mailbox
Helptask<TAB>Enter a partial name for task, and then press the TAB key to cycle through all cmdlets that contain the specified text. You can also use wildcard characters, as in the following example:Help *UM*
Get-task | Format-List >filename.txtThis cmdlet exports the output of task to a text filefilename.txt

Recipients

Contacts

Enable-Mailcontact -Identity "John Smith” -alias smith -externalEmailAddresssmith@contoso.comThis command mail-enables the contact John Smith by specifying thedistinguishedName (DN) for the contact, and providing the alias smithand an external email address smith@contoso.com.
Disable-MailContact -IdentitysmithThis command mail-disables the contact by specifying the alias of the contact in the Identity parameter.
Set-MailContact -Identity smith -Alias jsmithThis command changes the alias of the mail-enabled contact specified in the Identity parameter from smith to jsmith by using the Aliasparameter.
Set-Contact -Identity jsmith -Manager user1This command modifies the contact jsmith’s manager attribute in Active Directory® to User1.Note: If the contact is not mail-enabled, you can't retrieve it by using an alias. You must use the contact's full name, GUID, or DN.

Distribution Groups

Enable-DistributionGroup -Identity“contoso\Distribution Group” -Alias DGThis command mail-enables the existing universal distribution group namedDistribution Group in the contoso domain. It has the alias DG.
Disable-DistributionGroup -Identity DGThis command mail-disables the mail-enabled universal distribution group named DG.
Set-DistributionGroup -Identity DG -Alias group1This command modifies the settings of the universal distribution group named DG in Exchange by changing its alias to group1.
Add-DistributionGroupMember-Identity DG -Member user1This command adds the recipient user1 as a member of the universal distribution group DG.
Get-DistributionGroupMember-Identity DGThis command retrieves all the members of the distribution group named DG.
Set-Group -Identity DG -DisplayName “Universal DG”This command modifies the Active Directory settings of the group named DGby changing its display name to "Universal DG".
New-DynamicDistributionGroup-Name DDG -Alias DDGAlias -OrganizationalUnit OU -IncludedRecipientsMailboxUsersThis command creates a dynamic distribution group (known as "query-based distribution list" in Exchange 2003) named DDG. The IncludedRecipientsparameter accepts the following values: None | MailboxUsers | Resources | MailContacts | MailGroups | | MailUsers | AppRecipients.
Set-DynamicDistributionGroup-Identity DDG -DisplayNameDDG1This command modifies the display name of the dynamic distribution group named DDG1 by changing the name to DDG1.

Mailbox Management

Enable-Mailbox -Identitycontoso\user1 -DatabaseMailboxDatabaseThis command mailbox-enables an existing Active Directory user with the domain and alias combination contoso\user1 by creating a mailbox in the mailbox database named MailboxDatabase.
Disable-Mailbox -Identityuser1This command mailbox-disables the user with the alias user1 by removing its associated mailbox.
Set-Mailbox -Identity user1-alias user2This command modifies a mailbox by changing the existing alias user1 to user2.
Get-Mailbox | Format-Table alias, *quotaThis command retrieves all mailbox users and formats the output as a table to include the alias of the mailbox and the mailbox quotas.
Get-Mailbox -Database"Mailbox Database"This command retrieves a summary list of all mailboxes in the mailbox database named Mailbox Database.
Get-Mailbox -Server EXCH01This command retrieves a summary list of all mailboxes on the server namedEXCH01.
Get-MailboxStatistics -Database MailboxDatabaseThis command retrieves the mailbox statistics for all mailboxes in the mailbox database named MailboxDatabase.
Get-MailboxStatistics -Server EXCH01This command retrieves the mailbox statistics for all mailboxes on the server named EXCH01.
Move-Mailbox -Identityuser1 -TargetDatabaseServer\MailboxDatabaseThis command moves the mailbox associated with the alias user1 to the server named Server. The mailbox is moved to the mailbox database namedMailboxDatabase.

Custom Mailbox Quota Messages

New-SystemMessage -QuotaMessageTypeProhibitSendMailbox -Text"Prohibit Send Mailbox Quota Message Text" -Language EnThis command creates a new customized quota message for theProhibitSendMailbox quota message type. The text "Prohibit Send Mailbox Quota Message Text" is displayed in English, as specified by the locale code En. The valid values for the QuotaMessageType parameter are WarningMailboxUnlimitedSize and WarningPublicFolder.
Set-SystemMessageEn\ProhibitSendMailbox -Text "New Prohibit Send Mailbox Quota Message Text"This command modifies the existing customized quota message for theProhibitSendMailbox quota message type that is displayed in English, as specified by the locale code En. The new text is "New Prohibit Send Mailbox Quota Message Text".
Get-SystemMessageEn\ProhibitSendMailboxThis command retrieves the existing customized quota message for theProhibitSendMailbox quota message type that is displayed in English, as specified by the locale code En.
Remove-SystemMessageEn\ProhibitSendMailboxThis command removes the existing customized quota message for theProhibitSendMailbox quota message type that is displayed in English, as specified by the locale code En.

Recipient

Get-Recipient-RecipientTypeMailboxUserThis command retrieves a summary list of all recipients that match the RecipientTypeMailboxUser. The RecipientType parameter accepts the following values: User | MailboxUser |MailEnabledUser | Contact | MailEnabledContact | Group |MailEnabledUniversalDistributionGroup | MailEnabledUniversalSecurityGroup |MailEnabledNonUniversalGroup | DynamicDL | PublicFolder | PublicDatabase |SystemAttendantMailbox | SystemMailbox | MicrosoftExchange.
Get-Recipient-Anr “userThis command retrieves a summary list of all recipients that contain the string “user” in the mailbox name. The Anr parameter indicates that the argument will be resolved by using ambiguous name resolution (ANR).
Get-Recipient-ResultSize100This command retrieves a summary list of recipients and returns only the first 100 recipients.

Unified Messaging

Get-UMMailboxThis command retrieves a summary list of all Unified Message (UM)-enabled recipients.
Get-UMMailbox -Identityuser1 | Format-ListThis command retrieves the detailed configuration of the UM mailbox that is associated with the alias user1.
Set-UMMailbox -Identityuser1 -UMEnabled $TrueThis command modifies the UM mailbox associated with the alias user1 by changing the value of the UMEnabled parameter to $True.

User

Enable-MailUser -Identitycontoso\user2 -ExternalEmailAddressuser2@northwindtraders.comThis command mail-enables the Active Directory user contoso\user2with an external address user2@northwindtraders.com. With this cmdlet, a default primary SMTP e-mail address user2@contoso.com is also created.
Disable-MailUser -Identity user2This command mail-disables the Active Directory mail-enabled useruser2.
Set-MailUser -Identity user2 -ExternalEmailAddressuser2@research.northwindtraders.comThis command modifies the Active Directory mail-enabled user user2by changing its external e-mail address touser@research.northwindtraders.com

Storage

Database Management

New-MailboxDatabase -NameMailboxDatabase -StorageGroupStorageGroupThis command creates a new mailbox database namedMailboxDatabase in the storage group StorageGroup.
Set-MailboxDatabase -IdentityMailboxDatabase -IssueWarningQuota500MBThis command modifies the mailbox database MailboxDatabase by changing its mailbox warning quota limit to 500MB.
Get-MailboxDatabase -StorageGroupStorageGroupThis command retrieves a summary list of all mailbox databases in the storage group named StorageGroup.
Get-MailboxDatabase -Server ServerThis command retrieves a summary list of all mailbox databases in the server named Server.
Mount-Database -IdentityMailboxDatabaseThis command mounts the existing mailbox database namedMailboxDatabase.
Dismount-Database -IdentityMailboxDatabaseThis command dismounts the existing mailbox database namedMailboxDatabase.
Enable-DatabaseCopy -IdentityMailboxDatabaseThis command enables local continuous backup for the mailbox database named MailboxDatabase.

Storage Group Management

New-StorageGroup -NameStorageGroup -Server server1This command creates a new storage group named StorageGroup on the server named server1.
Set-StorageGroup -IdentityStorageGroup -Name "Research Storage Group"This command modifies the storage group named StorageGroup by changing its display name to "Research Storage Group".
Enable-StorageGroupCopy -Identity StorageGroupThis command enables local continuous backup on storage group namedStorageGroup.Note: You must first enable local continuous backup by using the Enable-DatabaseCopy cmdlet for each database in the storage group on which you want to enable local continuous backup.
Disable-StorageGroupCopy -Identity StorageGroupThis command disables the continuous backup of storage group namedStorageGroup.

Transport

Connectors and Delivery

New-SendConnector -NameSendConnector -AddressSpacescontoso.comThis command creates a new Internet Send connector named SendConnector. The associated address space for the Send connector is contoso.com.
Set-SendConnector -IdentitySendConnector -AddressSpacesnorthwindtraders.comThis command modifies the Send connector named SendConnector by changing its address spaces to northwindtraders.com.
New-ReceiveConnector -NameReceiveConnector -RemoteIpRanges 10.149.0.1-10.151.0.1 -Bindings 0.0.0.0:25This command creates a new Receive connector named ReceiveConnector. The associated remote IP range is 10.149.0.1 to 10.151.0.1. By setting the Bindingsparameter to 0.0.0.0:25, you instruct the server to listen for connections on all locally configured IP addresses on port 25.
Set-ReceiveConnector -Identity ReceiveConnector -MaxMessageSize 20MBThis command modifies the Receive connector ReceiveConnector by changing the value of the MaxMessageSize parameter to 20MB.

Queues

Suspend-Queue -Identity Server\QueueThis command stops all messages in queue Server\Queue from being delivered.
Resume-Queue -Identity Server\QueueThis command allows the suspended queue Server\Queue to resume delivery of messages.
Get-Message -IdentityServer\Queue\MessageThis command retrieves the specific messageServer\Queue\Message.
Suspend-Message -IdentityServer\Queue\MessageThis command stops the message Server\Queue\Message in a queue from being delivered.
Get-Queue | Freeze-QueueThis command freezes all queues on the local server.
Resume-Message -IdentityServer\Queue\MessageThis command allows the suspended messageServer\Queue\Message in a queue to be delivered.
Delete-Message -IdentityServer\Queue\MessageThis command deletes the specified messageServer\Queue\Message.
Export-Message -IdentityServer\Queue\Message -Path FilePathThis command exports the specified messageServer\Queue\Message to FilePath.Note: Before you can export a message, you must first suspend it by using the Suspend-Message cmdlet.

Address Rewriting

New-AddressRewriteEntry -NameRewriteEntryName -InternalAddressdavid@contoso.com -ExternalAddresssupport@contoso.comThis command creates a new address rewrite entry for the internal e-mail address david@contoso.com. All e-mail messages sent fromdavid@contoso.com are rewritten to support@contoso.com, and all inbound messages to support@contoso.com are rewritten to david@contoso.com.
Set-AddressRewriteEntry -Identity RewriteEntryName -InternalAddresschris@contoso.comThis command modifies the existing address rewrite entryRewriteEntryName by changing the value of the InternalAddress parameter to chris@contoso.com.

Anti-Spam

Set-RecipientFilterConfig -BlockedRecipientsinfo@contoso.com, corp@contoso.comThis command modifies the recipient filtering configuration by adding the blocked recipients info@contoso.com and corp@contoso.com.
Set-SenderFilterConfig -BlockedSendersbadsender@northwindtraders.comThis command modifies the sender filtering configuration for spam by adding a blocked sender badsender@northwindtraders.com.
Add-ContentFilterPhrase -Phrase “spam” -InfluenceBadWordThis command adds the phrase “spam” to the content filter by setting its Influence parameter to BadWord. The Influence parameter accepts the values BadWord and GoodWord.
Add-IPAllowListEntry -IpRange127.1.0.0This command adds the IP address 127.1.0.0 to the IP Allow list. The IP mask defaults to 255.255.255.255 because it is not specified.
Add-IPAllowListEntry -IpRange “127.1.0.0(255.255.0.0)”This command adds the IP address 127.1.0.0 to the IP Allow list, which has a specified IP mask of 255.255.0.0.
Add-IPAllowListEntry -IpRange127.1.0.0-127.1.255.255This command adds an allowed range of IP addresses. In this case, the IP range is between 127.1.0.0 and 127.1.255.255.
Add-IPBlockListEntry -IpRange127.2.0.1This command adds the IP address 127.2.0.1 to the IP Block list. In this case, the IP mask defaults to 255.255.255.255 because it is not specified.
Test-IPAllowListProvider -Identity AllowListProvider -IPAddress 127.1.0.0This command tests a specified IP address 127.1.0.0 to see whether it is listed as an allowed IP address with the IP Allow List providerIPAllowListProvider.
Add-IPAllowListProvider -NameProvider1 -LookupDomainwww.contoso.com -IPAddressesMatch 127.1.0.0This command adds an IP Allow List provider called Provider1, which is used to verify which IP addresses are allowed. The associated lookup domain is www.contoso.com, and the IP address that must match the result returned by the IP Allow List provider is 127.1.0.0.
Add-IPBlockListProvider -NameProvider2 -LookupDomainwww.contoso.com -IPAddressesMatch 127.2.0.1This command adds an IP Block List provider named Provider2, which is used to verify which IP addresses should be blocked. The associated lookup domain is www.contoso.com, and the IP address that must match the result returned by the IP Block List provider is 127.2.0.1.
Get-SenderIdConfigThis command retrieves the Sender ID configuration settings.
Add-AttachmentFilterEntry -Nameimage/jpeg -Type ContentTypeThis command adds an attachment filter entry that is used to block all JPEG attachments, based on the attachment's content type image/jpeg, regardless of the file name.
Add-AttachmentFilterEntry -Name*.EXE -Type FileNameThis command adds an attachment file entry that is used to block all attachments that have the file name extension *.EXE.
Remove-AttachmentFilterEntryContentType:image/jpegThis command removes an attachment filter entry that is used to filter JPEG attachments based on the attachment's content type image/jpeg.
Remove-AttachmentFilterEntryFileName:*.EXEThis command removes an attachment filter entry that is used to filter all attachments that have the file name extension *.EXE.
Set-AttachmentFilterListConfig -RejectResponse "The attachment you included in your e-mail message was not allowed." -Action RejectThis command configures the Attachment Filter agent to reject all messages that contain filtered attachments. Both the attachment and e-mail message are blocked, and the configured text is used in the message body of the non-delivery report (NDR) that is sent to senders whose messages contain an attachment that is blocked. Available actions are RejectStrip andSilentDelete.

Custom Delivery Status Notification (DSN) Messages

New-SystemMessage -DsnCode 5.7.0 -Text"DSN Message Text" -Internal $False -Language EnThis command creates a new customized DSN message for the DSN code 5.7.0. The text of the DSN message is "DSN Message Text", the language the message is displayed in is English, specified by the locale code En, and the DSN message is sent to both internal and external senders.
Set-SystemMessage -IdentityEn\External\5.7.0 -Text"New DSN Message Text"This command modifies the existing customized DSN message for the DSN code 5.7.0. The identity consists of the language, specified by the locale code En, whether the DSN message scope is internal or external, and the DSN code En\External\5.7.0. The text of the DSN message is changed to "New DSN Message Text".
Get-SystemMessage -IdentityEn\External\5.7.0This command retrieves the existing customized DSN message for the DSN code 5.7.0 by using the identity En\External\5.7.0.
Get-SystemMessage -Original $TrueThis command retrieves a list of all built-in DSN messages.
Remove-SystemMessage -IdentityEn\External\5.7.0This command removes the existing customized DSN message for the DSN code 5.7.0 by using the identity En\External\5.7.0.

Messaging Policy and Compliance

Transport Rules

$Condition = Get-TransportRulePredicate BetweenMemberOf
$Condition.Addresses = (Get-DistributionGroup "Group1")
$Condition.Addreses2 = (Get-DistributionGroup "Group2")
$Action = Get-TransportRuleAction RejectMessage
$Action.RejectReason = "RejectText"
New-TransportRule -Name "RuleName" -Condition @($Condition) -Action @($Action)
This command creates the transport rule RuleName on a Hub Transport server. The rule rejects all messages sent between the Group1 and Group2 distribution groups. A NDR is sent to the sender of the messages that have the text RejectText.
Get-TransportRule -IdentityRuleName | Format-ListThis command retrieves the detailed configuration of the transport rule RuleName.
(Get-TransportRule -IdentityRuleName).Conditions | Format-ListThis command retrieves a list of conditions and their values that are configured on the transport rule RuleName.
(Get-TransportRule -IdentityRuleName).Exceptions | Format-ListThis command retrieves a list of exceptions and their values that are configured on the transport rule RuleName.
(Get-TransportRule -Identity RuleName).Actions | Format-ListThis command retrieves a list of actions and their values that are configured on the transport rule RuleName.
Remove-TransportRule -Identity RuleNameThis command removes the transport rule RuleName.

Journal Rules

New-JournalRule -Name "JournalRuleName" -RecipientMailboxToJournal@contoso.com -JournalEmailAddress "Journal Reports" -Scope GlobalThis command creates the journal rule JournalRuleName. For all messages sent to or received by the mailboxMailboxToJournal@contoso.com, a journal report is sent to the mailbox Journal Reports with the original message as an attachment. The journal rule is enabled upon creation. Valid values for the Scope parameter are InternalExternal, andGlobal.
Set-JournalRule -IdentityJournalRuleName -RecipientDistributionGroupToJournal@contoso.comThis command modifies the journal rule JournalRuleName by setting the value of the Recipient parameter toDistributionGroupToJournal@contoso.com.
Set-TransportConfig -JournalingReportNdrToAltJournalReports@contoso.comThis command configures Exchange to redirect journal reports toAltJournalReports@contoso.com if the primary journaling mailbox is temporarily unavailable.

Servers

Get-ExchangeServerThis command retrieves a summary list of all existing servers.
Get-ExchangeServer-Domaincontoso.comThis command retrieves a summary list of all servers in the domain contoso.com.
Get-ExchangeServer-StatusThis command retrieves a summary list of all existing servers and forces a call to update the server's current status. Without the Status parameter, some fields that display real-time information are not populated.

Explaining DNS Concepts - DNS Servers-DNS Queries-DNS Records

3 types of DNS queries— recursive, iterative, and non-recursive 3 types of DNS servers— DNS Resolver, DNS Root Server and Authoritative Name...