Exchange Server 2010 Service Pack 2 is now released, Microsoft Exchange team promised a year-end SP2 release, and this week it delivered. It is not such a major update as Service Pack 1, but there are a small number of interesting new features that have been added to the product along with all Exchange hotfixes that were released the past year. There are around five hundred Exchange Server 2010 SP1 Update Rollup fixes that have been included into Service Pack 2. This article won’t even attempt to explain them all, but will instead concentrate on the handful of interesting new features; the new service pack has four major features:
In Exchange 2003 a special version of “webmail” was available for WAP enabled mobile devices. Using a WAP-enabled mobile device, such as is popular in Japan, it was possible for users to access their mailbox using a character-based interface. This was called Outlook Mobile Access, or OMA. This feature was removed from the product in Exchange 2007 but, due to large interest in the feature from Asian countries; it has now returned as OWA Mini in Exchange Server 2010 Service Pack 2. Using OWA Mini, it is possible to use a character based interface to access Mailbox data and to thereby send and receive messages. Navigate to the https://webmail.contoso.com/owa/oma URL and logon using the standard credentials.
The reason for the strange-looking URL is that OWA Mini is now implemented as a special view of OWA. In Exchange 2003, it had been a completely separate application.
Figure 1 Outlook Web Access Mini
Address Book Policies
In Exchange 2007 and earlier it was possible to implement a feature called Address List Segregation. This feature made it possible to use several fully-separated address lists in Exchange. The old version used Access Control Lists (ACLs) on the various address lists to achieve this. ACLs are the means by which permissions are assigned in a Windows Operating System. But Exchange 2010 introduced a new technology called the Address Book Service that is running on the Exchange Server 2010 Client Access Server. Therefore the ACL based method didn’t work anymore on Exchange Server 2010.
Service Pack 2 now fixes this lack of functionality by implementing Address Book Policies or ABPs. Let’s suppose that two companies named Contoso and NWTraders are using one Exchange environment and there’s a need for unique Address Lists (this need is also quite common in educational environments). One or more separate Address Lists are created for each company. These will include a company specific Global Address List. These lists are combined in an Address Book Policy and assigned to all mailboxes in the respective companies. The ABP enforces that only these Address Lists are visible to the mailboxes, whereas address lists from other companies are not visible.
Figure 2 Contoso and NWTraders on one Exchange organization using different Address Lists
ABPs only enforce a particular view on the Address Book Service in Exchange Server 2010. Therefore it is possible to include people from one company into Address Lists from another company. In figure 1 for example it is possible to include employees from Contoso in Address Lists from NWTraders. This can be achieved using filtering on properties when creating the Address Lists. Let’s look at a joined development program where employees from Contoso are working in NWTraders projects and a Distribution Group is created in the NWTraders organization. For this Distribution Group a filter can be used on the Active Directory attribute CustomAttribute1, filled with “Exchange Customer Program”. When a user in the Contoso domain has this “Exchange Customer Program” property in the CustomAttribute1 attribute, it automatically shows up in the Address List in the NWTraders organization. This can be a very useful feature, especially in a University environment, but at the same time it can be tricky if you want to host multiple companies that should not be aware of each other in the Exchange organization.
An ABP must contain the following:
- One Global Address List.
- One Offline Address Book.
- One room list. This is required in an ABP. Even if you don’t use these in your company, you still need to add an empty room list.
- One or more address lists.
In larger, geographical dispersed companies it is likely that several locations are used, each hosting their own Exchange 2010 Servers (in the same Active Directory and Exchange organization) and their own Internet connection. OWA users in Europe for example would access their mailbox using a URL like https://emea.mail.contoso.com/owa while American users would use a URL like https://us.mail.contoso.com/owa. Previously when a US based user tried to logon to the EMEA email portal an error message was shown, stating that the user should use the US based email portal. With Service Pack 2 a new cross-site redirection is implemented into the Exchange product. When the US based user logs on to the EMEA email portal, he is automatically silently redirected to the US email portal. The only bad thing is that this only works when the Client Access Server is connected directly to the Internet, without a reverse proxy solution.
Hybrid Configuration Wizard
An Exchange 2010 on-premises environment can be integrated with Office 365. This is called ‘rich coexistence’. In Exchange 2010 Service Pack 2 Microsoft made some significant enhancements to this ‘rich coexistence scenario’, and the Hybrid Configuration Wizard is one of them.
Using the Hybrid Configuration Wizard you can:
- Share free/busy information between an on-premises Exchange 2010 organization and Office 365;
- Move mailboxes between an on-premises Exchange 2010 organization and Office 365, preserving the Outlook profile and the OST file;
- Use message tracking between the on-premises Hub Transport Servers and Office 365 for message forensics, mail flow analysis, reporting and troubleshooting;
- Use mail tips for mailboxes located both in Office 365 and in the on-premises Exchange 2010 environment;
- Use online archiving, i.e. where the personal archive is located in Office 365;
- OWA redirection between Office 365 and the on-premises Exchange 2010 implementation.
To setup a ‘rich coexistence scenario’ with Office 365 a number of servers need to be installed.
- A Directory Synchronization server (dirsync) that synchronizes the local Active Directory with the Office 365 directory. This way one Address List is created where mailboxes can exist both on-premises and in Office 365;
- An ADFS (Active Directory Federation Services) 2.0 server that can provide a true single sign-on solution. Using ADFS it is possible to logon to the local Active Directory domain and at the same time logon to the Office 365 mailbox using the local credentials. A claims based authentication solution is used to achieve this;
- The Exchange 2010 server itself that is used together with Office 365.
Figure 3 Several servers are used in a coexistence scenario with Office 365
Of course it was also possible to setup a coexistence scenario with Exchange 2010 Service Pack 1, but the new Hybrid Configuration Wizard that is included in Service Pack 2 will decrease the number of steps needed to configure this from 49 steps to only 6 steps.
Exchange 2010 SP2 also has a host of smaller enhancements:
- Mailbox replication service: Two new parameters have been added to the new-WebServicesVirtualDirectory and Set-WebServicesVirtualDirectory cmdlets to remove the manual configuration when moving mailboxes to another forest.
- Mailbox auto-mapping: Exchange 2010 SP2 now lets admins turn off the automapping aspect of mailboxes that have full access permissions to others mailboxes through the Add-MailboxPermission cmdlets.
- Multivalue custom attributes: Five new multivalue custom attributes let you store additional information about a mail recipient.
- Litigation hold: Exchange 2010 lets you place a legal hold on mailbox, so users cannot delete anything in their mailbox or their archive. With SP2, an admin can bypass the hold using a new IgnoreLegalHold switch, which is available through several cmdlets relating to the mailbox or mail user.
Several hundred hotfixes
Several hundred hotfixes are also included in Service Pack 2, most of them are included in Exchange 2010 SP1 Rollup Update 1 to Rollup Update 6. One interesting fix I’ve seen (and tested) is with Outlook clients running in Online Mode. With Exchange 2010 the UDP notification mechanism was removed from Exchange, resulting in a decreased Outlook 2003 user experience, especially when running in Online Mode. But there are also issues with Outlook 2007 and Outlook 2010 that suffer from the same behavior (although rare). This is fixed in Service Pack 2 so Outlook 2003 running in Online Mode functions as expected, without any screen update delays.
The new Service Pack 2 for Exchange Server 2010 contains several hundred hotfixes and only a few new features. The Address Book Policies solution is very interesting if you want to setup an Exchange environment where multiple Address Lists that are fully separated are needed. Also the new Hybrid Configuration Wizard is a new cool feature if you want to setup a mixed environment with Office 365.