Category Archives: Exchange 2013

AD attributes the Azure AD FIM Connector rules extension requires in order to synch users to Office 365

by

logo_office_365CoffeeFilter

 

The O365 connector for FIM 2010 comes with a C# rules extension that contains the checks below, most likely the same code is present in both DirSync and AADSync (I mean why break stuff that works).

If any of the checks fail the user being checked won’t be added to the Azure AD Management Agent and will not synch to the cloud.

From \AADConnectorMFSample\AADRulesExtensions on http://www.microsoft.com/en-us/download/details.aspx?id=41165:

// Only provision to Office365 if:
// all the REQUIRED attributes are present,
// even though we flow them out on EAF rules
// we should block here so we do not create
// a new connector if the ingredients are missing
//

trace.TraceWarning(“Object Filtered because AccountEnabled != True”);

trace.TraceWarning(“Object Filtered because msExchHideFromAddressLists == TRUE and a connected object’s RDN contains ‘MSOL'”);

trace.TraceWarning(“Object Filtered because MailNickname or SamAccountName Starts With ‘CAS_'”);

trace.TraceWarning(“Object Filtered because iscriticalSystemObject == TRUE”);

trace.TraceWarning(“Object Filtered because MV Object is NOT a Mail Enabled Group AND SamAccountName is NULL.”);

trace.TraceWarning(“Object Filtered because MailNickname contains ‘{‘ OR SamAccountName contains ‘}'”);

trace.TraceWarning(“Object Filtered because MV.SamAccountName is not present”);

trace.TraceWarning(“Object Filtered because mailNickname starts with ‘SystemMailbox{‘”);

trace.TraceWarning(“Object Filtered because samAccountName equals ‘SUPPORT_388945a0′”);

trace.TraceWarning(“Object Filtered because samAccountName equals ‘MSOL_AD_Sync'”);

trace.TraceWarning(“Object Filtered because displayname is not present on mail enabled group”);

trace.TraceWarning(“Object filtered because its source object is CNF mangled. DN”, mvEntry.ObjectID.ToS tring());

 

See also http://blogs.technet.com/b/juanand/archive/2011/07/06/office-365-directory-synchronization-tidbits-part-1.aspx

 

Predicting the future with Powershell and Mathemagic

by

Have you ever had the pleasure of being awoken in the middle of the night by a low disk space alert on one of your business-critical LOB systems?

Did you ever wish for a more proactive method for catching this than waiting for the yellow/red alerts to go “ping!”?

I know I did, so I sat down and played math for a couple of hours and then applied the result using Powershell and a scheduled task.  The result is a configurable script that sends you an email alert when the sustained disk consumption on the system is estimated to consume all freespace on one of the disks within the set amount of time you specify (by default 30 Days).

Download ChkBurn 0.8 – modify all references to Contoso to fit your domain.

Sample output:

ChkBurn

Frequent MSExchangeTransport 15004 events on Ex2k13 Sp1

by

Exchange 2013 Sp1 comes with built-in overload failsafe functionality that will either temporarily slow down mail flow (implement “tar pits”) or temporarily halt inbound and outbound mail delivery when certain key performance indicators get above the “Normal” levels (i.e. reach “Medium” or “High” levels).  This is to avoid an outage scenario (or DOS attacks) where the server is overrun by a sudden massive spike of delivery requests (f.x. mass mailing a large attachment to several hundred users).

Exchange will then proceed to process the items it already has in the queue and remove the tarpitting or resume the halted mailflow once the performance counters drop down to “Normal” or “Medium” levels.
At “Medium” you will mostly be seeing external delivery and reception being affected – at “High” both internal and external delivery and reception will be affected.

If you’re seeing multiple MSExchangeTransport 15004 and 15005 events on your Exchange 2013 Sp1 system with the component reporting an increase above “Normal” being Version Buckets then you should consider running the Fixit tool from KB2938053 (which essentially contains a Powershell script that makes format changes rather than being a hotfix binary) and monitor the I/O levels of the disk(s) that host the transport queues and logs.

Note: the formatting change that running the Fixit tool implements has a scope beyond what is indicated in the KB – Exchange itself uses the same formatting functionality in .NET that third-party transport agents use (which is presumably also why this KB is listed at the top of the Exchange 2013 SP1 download link on http://support.microsoft.com/kb/2926248)

 Ex2k13Sp1-postfix

Download Fixit tool on http://support.microsoft.com/kb/2938053/en-gb

 

Back Pressure

 

Back Pressure [and Tarpitting explained]
http://technet.microsoft.com/en-us/library/bb201658(v=exchg.150).aspx

Version Buckets Explained
http://blogs.technet.com/b/exchange/archive/2006/04/19/425722.aspx

Troubleshooting MSExchangeTransport Service Events
http://technet.microsoft.com/en-us/library/bb397220(v=EXCHG.80).aspx

 

Symptoms:

15004 – Exchange automatically halts mail transport when performance indicators increase to “High”:

TimeCreated  : 5/8/2014 3:50:34 PM
ProviderName : MSExchangeTransport
Id           : 15004
Message      : The resource pressure increased from Normal to High.

The following resources are under pressure:
Version buckets = 205 [High] [Normal=80 Medium=120 High=200]

               The following components are disabled due to back pressure:
               Inbound mail submission from Hub Transport servers
               Inbound mail submission from the Internet
               Mail submission from Pickup directory
               Mail submission from Replay directory
               Mail submission from Mailbox server
               Mail delivery to remote domains
               Content aggregation
               Mail resubmission from the Message Resubmission component.
               Mail resubmission from the Shadow Redundancy Component

The following resources are in normal state:
Queue database and disk space (“C:\Program Files\Microsoft\Exchange
Server\V15\TransportRoles\data\Queue\mail.que”) = 45% [Normal] [Normal=95% Medium=97% High=99%]
Queue database logging disk space (“C:\Program Files\Microsoft\Exchange
Server\V15\TransportRoles\data\Queue\”) = 45% [Normal] [Normal=95% Medium=97% High=99%]
Private bytes = 4% [Normal] [Normal=71% Medium=73% High=75%]
Physical memory load = 65% [limit is 94% to start dehydrating messages.]
Submission Queue = 0 [Normal] [Normal=2000 Medium=4000 High=10000]
Temporary Storage disk space (“C:\Program Files\Microsoft\Exchange
Server\V15\TransportRoles\data\Temp”) = 45% [Normal] [Normal=95% Medium=97% High=99%]

15005 – Exchange automatically resumes mail transport after performance indicators drop down to “Normal” ~4 minutes after increasing to “High”:

TimeCreated  : 5/8/2014 3:54:05 PM
ProviderName : MSExchangeTransport
Id           : 15005
Message      : The resource pressure decreased from High to Normal.

No components disabled due to back pressure.
The following resources are in normal state:
Queue database and disk space (“C:\Program Files\Microsoft\Exchange
Server\V15\TransportRoles\data\Queue\mail.que”) = 45% [Normal] [Normal=95% Medium=97% High=99%]
Queue database logging disk space (“C:\Program Files\Microsoft\Exchange
Server\V15\TransportRoles\data\Queue\”) = 45% [Normal] [Normal=95% Medium=97% High=99%]
Version buckets = 2 [Normal] [Normal=80 Medium=120 High=200]
Private bytes = 4% [Normal] [Normal=71% Medium=73% High=75%]
Physical memory load = 63% [limit is 94% to start dehydrating messages.]
Submission Queue = 0 [Normal] [Normal=2000 Medium=4000 High=10000]
Temporary Storage disk space (“C:\Program Files\Microsoft\Exchange
Server\V15\TransportRoles\data\Temp”) = 45% [Normal] [Normal=95% Medium=97% High=99%]