If you missed out on our meeting the slides can be downloaded here.  Keep in mind there was a lot of demonstration from this presentation.  If you have any follow-up question please feel free to reach out to me.

BinaryTree will be comming on site at our next user group meeting. We will be discussing migration planning as well as their new E2E migration tool. We are planning on having some exciting givaways for this meeting so be sure to signup on the meeting event. 

Looking fordward to seeing everyone there.

Since I no longer keep a personal blog I may as well share my inner thoughts here on PhillyExUG.  Things have been crazy busy at work which has really pulled me away from the things I love; my wife; home improvement projects; and music. Tonight I took some time to myself to finish off something I had been working on for a while now. I have off-and-on toyed with actually selling music under the band name "8 Guys From Naples" where I am the sole member. While I'm a fair ways from finishing a complete album I wanted to share the latest song which i still dont have a name for, I am calling it "test" or "sound check" on the debut album I am planning on titling "Reunion."  Enjoy!

 If you have multiple servers on different platforms that need to use the same SSL certificate, such as in a load-balancer environment or UC SSL certificates, you can export the certificate from the Windows certificate store to .pfx file and then convert the file to individual certificate and private key files and use it on an Apache server or anything else which requires the public and private keys in plain text in separate files.    You should take care to prevent unauthorized access to the private key, since with this file a rogue server could be set up to perform a man-in-the-middle attack or client traffic could be routed to this rogue server via a dns exploit or social engineering.

If you are looking for a good windows port of OpenSSL, I typically use Win32 OpenSSL v1.0.0d Light version from: http://www.slproweb.com/products/Win32OpenSSL.html

Exporting to a PFX file:

Click on the Start menu and click   Run.

Type in   mmc   and click   OK.

Click on the File menu and click Add/Remove Snap-in...

Click on the Add button. Double-click on Certificates.

Click on Computer Account and click Next.

Leave Local Computer selected and click Finish.

Click the Close button. Click OK.

Click the plus sign next to Certificates in the left pane.

Click the plus sign next to the Personal folder and click on the Certificates folder. Right-click on the certificate you would like to export and select All Tasks and then Export...

In the Certificate Export Wizard click Next

Choose "Yes, export the private key" and click Next.

Click the checkbox next to "Include all certificates in the certification path if possible" and click,   Next.

Enter and confirm a password. This password will be needed whenever the certificate is imported to another server. (you will also need this password when processing this file with OpenSSL in a few more steps)

Click Browse and find a location to save the .pfx file to. Type in a name such as "myEncryptedCert.pfx" and then click Next.

Click Finish. The .pfx file containing the certificates and the private key is now saved to the location you specified.

Converting the PFX using OpenSSL:

Run the openssl command from where it was installed to from a command prompt:

openssl pkcs12 -in myEncryptedCert.pfx -out myPlaintextCert.txt –nodes

In the “myPlainTestCert.txt” file will be the public and private key. These can be copied into their own files if the public and private keys need to be in seperate files.

Private key will starts with “-----BEGIN RSA PRIVATE KEY-----“

Public key starts with “-----BEGIN CERTIFICATE-----“

 Like any normal Friday at 4:30pm I received a critical request from Human Resources (HR).  Someone had sent out salary data to a large group of users which shouldn't have received that data. They were requesting that we pull the message out of everyone's mailboxes. After obtaining the proper CYA documentation showing that HR was requesting me to remove email from 500+ mailboxes I set to figuring out how to do this. Exchange 2010 makes this pretty simple, I put all the Exchange 2010 users that received the message in a text file called users.txt. After a few minutes of testing I came up with the following:

Get-Content users.txt| %{Search-Mailbox -Identity $_ -SearchQuery "from:Sender@domain.com Subject:'Sending out salary data to the wrong people'" -DeleteContent -Force}

As per the documentation on Search-Mailbox http://technet.microsoft.com/en-us/library/dd298173.aspx  you could have removed the messages from the mailboxes and created a copy at another location by specifying  -TargetMailbox "Mailbox Name" -TargetFolder "Messages" This would will copy the messages found to the mailbox, in this example "Mailbox Name", into a new folder called Messages.  This is useful incase you remove the wrong messages, this way you can get the data back to the user if needed or needed to collect the results for a Legal Discovery or other reasons. 

The search ran quick since Exchange already has content indexes on the mailboxes and you could run it against the entire org by using get-mailbox and piping that to the command but you may want to break it up by server and dispatch the command as a job.  I am planning on covering PowerShell jobs in detail in a later post.

April is a special month for me in many ways.

Spring is around the corner already and it’s just mid March. I can’t wait for what April brings.

But for good of the community that makes this User Group, we’re doing one better. As we talked about Load Balancing Exchange Server 2010 in March meeting, we saw a lot of interest in KEMP Technologies offerings.

In April meeting, we decided to bring experts directly from KEMP Technologies so they can demonstrate deep technical details of how to load balance your Exchange 2010 servers and how to optimally configure KEMP load balancers to get the most out of it.

Attendees will have chance to ask questions and hear directly from experts who brings the cost effective load balancers to the masses. Enterprise class and full features load balancers are not luxury item anymore!

Come join us on April 12 for a relaxed evening with great food/beverages and giveaways to top off great networking with your peers in the Delaware valley and Philadelphia area and learn from experts.

You can sign up here: http://www.phillyexug.org/2011/03/16/april-monthly-meeting.

The event is open to everyone. We are a no fee, no restriction user group. While registration is not necessary, but highly encourages as it helps us organize meetings better.

We hope to see you there.

These last few weeks have been a bit busy, but after much demand I have posted up the last 2 months presentations to the meeting pages. Please let me know if you have any questions or would like to discuss any previous topics in greater depth, or if you have any future topics you would like to see.

Lastly the 2011 scripting games are almost here.  Everything kicks off April 4th and runs untill April 15th but you can get your prerequisite reading in at http://blogs.technet.com/b/heyscriptingguy/archive/2011/02/19/2011-scripting-games-all-links-on-one-page.aspx Scripters of all skill levels are welcome to compete.

Good luck!

While we are always looking forward to monthly meeting, everyone's safety is important to us and due to anticipated snow storm, we are sorry to announce we are cancelling this month's meeting.

We will hold our meetin on February 8 instead. Look out for upcoming announcement for the same.

Thanks for your understanding.

I don't really want to get in a habit of reposting links to other blogs, but after trying to explain offline address book (OAB) 'stuff' to several people over the last few days I feel it is a good idea to link to an article that explains many of the misconceptions and possible issues with the OAB 

http://www.msexchange.org/articles_tutorials/exchange-server-2010/management-administration/offline-address-book-part1.html 

It is a 3 part series on the OAB a very good read for anyone interested.