In a change of pace today, I thought I'd blog about a recent work experience as it took me some time to collect all the nuggets of information together to be able to do what I needed to do.
Over the last several months, I've been slowly deploying a new Microsoft infrastructure. We're using Windows Server 2008 R2 as our Active Directory platform and have decided to deploy Exchange 2010 to replace our venerable Exchange 2003 messaging platform.
We will also install BlackBerry Enterprise Server 5.0. In preparation for that, we had to create a service account and grant it all the required permissions in Active Directory and Exchange 2010. While the overall procedure for doing this is nearly identical to how it is usually done with Exchange 2003, there were some slight differences for Exchange 2010.
If your organization is looking to deploy BlackBerry Enterprise Server 5.0 into an Exchange 2010 environment, it is my hope that this post will help those responsible for making it happen in their organization.
So, without further ado, here is the procedure I ended up having to use to configure the service account. I will use the standard BESAdmin account name in these steps.
Account Creation and Configuration
Create a new mailbox-enabled user named BESAdmin.
On an Exchange 2010 Server, open the Exchange Management Shell and execute the following set of commands:
Get-Mailbox Add-ADPermission -User "BESAdmin" -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin
Set-ADServerSettings -ViewEntireForest $true
Add-RoleGroupMember "View-Only Organization Management" -Member "BESAdmin"
Open Active Directory for Users and Computers.
From the View menu, ensure Advanced Features is checked.
Right-click the Domain Name or Organizational Unit where Send As permissions are needed and select Properties.
Click the Security tab.
Click the Advanced button at the bottom of the Security tab.
Click the Add button, enter BESAdmin, and click OK.
Select Descendant User Objects from the Apply onto: drop down box.
Check the Allow box for the Send As permission in the permissions list.
Click OK.
Click Apply.
Click OK.
A couple of notes here before continuing.
First, I think that the Set-ADServerSettings cmdlet is only required if you are running Exchange 2010 in a non-root domain of a multi-domain forest; the Exchange 2010 RBAC AD groups are created in the root domain.
Second, if you follow the installation guide from RIM for setting up the permissions in AD from Exchange 2010, they will instruct you to execute a command similar to the following:
Add-ADPermission - InheritedObjectType User -InheritanceType Descendents -ExtendedRights Send-As -User "BESAdmin" -Identity "DC=example,DC=com"
The big problem with this is that by default the command will result in an error. When authorization is performed, not only is the user account executing the command checked for authorization, but so is the computer account for the Exchange 2010 server from which the command is executed. The group to which the server's computer account belongs does not have the required permissions. RIM's first recommendation, of course, is to grant the Exchange Servers Group full control permissions on all objects in AD. This is completely counter to the concept of least privilege, however, and why I provided the procedure for doing it through Active Directory for Users and Computers.
It's also important to note that the -Identity switch specifies the distinguished name of the domain or organizational unit to which you want to apply the Send As permission. I found forum and newsgroup threads where the administrator specified the distinguished name of the BESAdmin account with this switch and assumed it worked correctly because no error was returned.
Now that the service account is created and permissions have been configured, there are two final activities.
Account Throttling Policy Creation and Configuration
Execute the following commands in the Exchange Management Shell:
New-ThrottlingPolicy BESPolicy
Set-ThrottlingPolicy BESPolicy -RCAMaxConcurrency $null
Set-Mailbox "BESAdmin" -ThrottlingPolicy BESPolicy
RIM says this policy is necessary because Exchange 2010 uses throtlling policies to track the bandwidth each user consumes and enforces limits as necessary. That behavior, RIM states, can affect the performance of BES negatively, and so they want it turned off for the BES service account. I find incredible mirth in the apparent contradiction here as I assume Microsoft implemented throttling to protect the performance and availability of Exchange. :)
Address Book Service Configuration
Download the Set-ThrottlingLimit.ps1 script from here.
In an elevated Exchange Management Shell, execute the following commands:
Set-ExecutionPolicy Unrestricted
.\Set-ThrottlingLimit.ps1 -Server [CAS Server] -MaxSessionsPerUser "100000"
Set-ExecutionPolicy RemoteSigned
In place of [CAS Server] use the name of a CAS Server in your Exchange 2010 environment (i.e., -Server MYCASSERVER). You'll have to execute this command for each.
As an alternative to modifying the execution policy of the server, you should also be able to right-click the downloaded script file and Unblock it.
Once again, though, RIM needs to circumvent Exchange performance and availability protection by increasing the default number of sessions opened with the Address Book service on each CAS Server by the BlackBerry Enterprise Server from 50 to 100,000.
And that's it. :)
Resources
BlackBerry Enterprise Server for Microsoft Exchange Installation and Configuration Guide
Unable to assign "Send As" rights to Organization Units in Microsoft Exchange Server 2010
Friday, September 3, 2010
Wednesday, July 14, 2010
Be Like Brazil - Tax More!
First Pelosi and now Clinton.
I don't get it. I really don't.
During a recent event, Hillary Clinton went on record lamenting the "fact" that the rich are not paying their "fair share" in taxes. She then went on to make what I think is an incredibly silly comparison to Brazil.
Here are the two statements she made.
The first statement:
"The rich are not paying their fair share in any nation that is facing the kind of employment issues (the United States is), whether it's individual, corporate, whatever the taxation forms are."
Seriously? The "rich" here in the US pay 40% of the entire US tax burden. As it stands now, after all is said and done, only 51% of wage earners in the US pay (net) taxes. The remaining 49% either have no tax burden at all or are refunded all taxes paid. And the "rich" here are the top 1% (one percent!!!!) of wage earners.
So, you got 1% of a population paying 40% of the total tax burden for that population. How much more of a percentage would be considered "fair"?
The second statement:
"Brazil has the highest tax-to-GDP rate in the Western Hemisphere and guess what -- it's growing like crazy."
Why do I think that is an incredibly silly statement?
Consider the following points:
The highest tax rate in Brazil is 27.5%.
The highest tax rate in the US is 35% (soon to increase to 43%).
The GDP of Brazil is around $1.58 trillion.
The GDP of the US is around $14.6 trillion.
The Tax:GDP ratio of Brazil is around 38.8%.
The Tax:GDP ratio of the US is around 28.2%.
The Debt:GDP ratio of Brazil is around 14%.
The Debt:GDP ratio of the US is around 94%.
Then consider that the tax code in Brazil places a greater burden on salaried workers and a significantly lesser burden on wealthy business owners.
Finally, this statement implies that higher taxation equates to greater economic growth.
Ask any economist that knows their craft. Higher taxation equates to lower economic growth, not greater. Not to mention that with higher taxation, you also get greater tax avoidance and unemployment.
Why do our elected leaders seem so completely obtuse to something that makes this much common sense?
I don't get it. I really don't.
Friday, July 2, 2010
Unemployment Benefits Creates Jobs - Huh?!?
Even if you accept the idea that unemployment helps the economy by providing those without work money to spend, and thus inject it into the economy, how can it possibly help create jobs?
Well, Nancy Pelosi seems to think it does.
Personally, I think she's either lying or not seeing straight. In any case, she's definitely drinking some kind of fancy-shmangled koolaid that only our politicians seem to have access to.
First, umemployment is paid from federal taxes collected. Those paying the taxes are employed, and thus being "productive" (I know not all workers can be described as productive, thus the quotation marks). Those who are unemployed (through no fault of their own and I really hope the large majority want to get back to work) are "unproductive", since they aren't working. So, in this case, the money taken from the "productive" (those employed) is being given to the "unproductive" (those unemployed). Of course, an added insult here is that those receiving unemployment have to pay taxes on that money!
Ultimately, though, unemployment is a symptom. Focusing so much time, energy, and money on a symptom just doesn't make a lot of common sense to me. While I can accept temporary relief as the real problem is addressed (which is why companies aren't hiring or are reducing headcount, and there are a large number of reasons for that, thanks to our government), I find unacceptable this apparent effort to make it a mainstay by saying it *creates* jobs. My common sense tells me that's a pipe dream and I shouldn't buy into it.
Then, there is the moral hazard associated with unemployment. If one accepts the meager living they can make on unemployment, why look for real work?
Albert Einstein was indeed a genius, and not only in physics. With proposed solutions like this from our leaders, his sage advice of "never look to those who cause a problem to solve it" seems more common sensical than ever.
Well, Nancy Pelosi seems to think it does.
Personally, I think she's either lying or not seeing straight. In any case, she's definitely drinking some kind of fancy-shmangled koolaid that only our politicians seem to have access to.
First, umemployment is paid from federal taxes collected. Those paying the taxes are employed, and thus being "productive" (I know not all workers can be described as productive, thus the quotation marks). Those who are unemployed (through no fault of their own and I really hope the large majority want to get back to work) are "unproductive", since they aren't working. So, in this case, the money taken from the "productive" (those employed) is being given to the "unproductive" (those unemployed). Of course, an added insult here is that those receiving unemployment have to pay taxes on that money!
Ultimately, though, unemployment is a symptom. Focusing so much time, energy, and money on a symptom just doesn't make a lot of common sense to me. While I can accept temporary relief as the real problem is addressed (which is why companies aren't hiring or are reducing headcount, and there are a large number of reasons for that, thanks to our government), I find unacceptable this apparent effort to make it a mainstay by saying it *creates* jobs. My common sense tells me that's a pipe dream and I shouldn't buy into it.
Then, there is the moral hazard associated with unemployment. If one accepts the meager living they can make on unemployment, why look for real work?
Albert Einstein was indeed a genius, and not only in physics. With proposed solutions like this from our leaders, his sage advice of "never look to those who cause a problem to solve it" seems more common sensical than ever.
Wednesday, June 30, 2010
Obamanomics
The article linked below provides a great argument as to why the current Administration's effort to improve the economy has failed.
Why Obamanomics has Failed
Before I am accused of being an Obama Basher, please understand I'm completely Administration-agnostic. My focus is more on what our government in general is doing, regardless of whether the incumbant President is a Republican or Democrat. As I've begun to understand more about the state of our political environment, I've come to realize that my views cross the aisle; if I can be termed anything, the most accurate would probably be that of a Libertarian.
I did, however, vote for Obama during the Presedential election, and am now regretting that decision; the Change Obama has brought to Washington is not what I had in mind. I think it's considerably more of everything with which I have been dissatisfied and I had hoped he would change in the first place.
Why Obamanomics has Failed
Before I am accused of being an Obama Basher, please understand I'm completely Administration-agnostic. My focus is more on what our government in general is doing, regardless of whether the incumbant President is a Republican or Democrat. As I've begun to understand more about the state of our political environment, I've come to realize that my views cross the aisle; if I can be termed anything, the most accurate would probably be that of a Libertarian.
I did, however, vote for Obama during the Presedential election, and am now regretting that decision; the Change Obama has brought to Washington is not what I had in mind. I think it's considerably more of everything with which I have been dissatisfied and I had hoped he would change in the first place.
Tuesday, June 29, 2010
State of the Global Economy Spoof
Every now and again, we need a bit of comic relief to help us through some of our most troubling times. In the following video, two people discuss the State of the Global Economy, and while sad, the interchange is indeed comical.
Wednesday, June 23, 2010
No 2010 US Budget
I don't know about others but this just seems wrong. The House Majority Leader said that Congress will not pass a budget for 2010.
Washington Times Article
We're facing record deficits ($13 trillion!), reeling from fallout over austerity efforts in Europe, and our elected officials don't think now is a good time to try to put our finances in order?
Does anyone see any wisdom in this approach? I certainly don't but surely there has to be some here?
I voted for Change but this was not what I had in mind.
Washington Times Article
We're facing record deficits ($13 trillion!), reeling from fallout over austerity efforts in Europe, and our elected officials don't think now is a good time to try to put our finances in order?
Does anyone see any wisdom in this approach? I certainly don't but surely there has to be some here?
I voted for Change but this was not what I had in mind.
Monday, June 21, 2010
Housing Double Dip
I found this interesting. In the embedded video, Meredith Whitney says that a double dip in housing is a certainty.
Given the catalyst of the last dip was related to housing, wouldn't this be the same a second time around, presenting us with an economic double dip?
Or, have Fannie and Freddie gobbled up enough mortgages to get them off of corporate books, which might help shield the wider economy from a double dip?
In either case, when pressed by CNBC, Whitney would only commit to saying that there was a chance greater than 1% that we'd see an economic double dip.
Given the catalyst of the last dip was related to housing, wouldn't this be the same a second time around, presenting us with an economic double dip?
Or, have Fannie and Freddie gobbled up enough mortgages to get them off of corporate books, which might help shield the wider economy from a double dip?
In either case, when pressed by CNBC, Whitney would only commit to saying that there was a chance greater than 1% that we'd see an economic double dip.
Subscribe to:
Posts (Atom)