The new Puttyq.com

For those of you who did not know, I have been actively involved with the deployment of Outlook Live to UNISA (http://www.unisa.ac.za). I am very proud today to send this out on behalf of everyone involved in the deployment of Live@Edu at UNISA. The largest deployment of Live@Edu in South Africa and indeed amongst the largest deployments in the world.

After more than two years of dedication of the project teams at UNISA, Microsoft and GijimaAst the following showcase provides a look at this amazing triumph. Have a look at the URL attached (check under “Middle East & Africa” for the UNISA – ZAR case study); and feel proud of the South African success story.

http://www.microsoft.com/liveatedu/hosted-email-success-stories.aspx?locale=en-US&country=US

The short case study video will never capture the amount of effort countless people had to invest in making this project an success, while constantly driving the limits of what the solution was design for. For their efforts I would like to thank everyone involved.

The deployment centres around Microsoft Identity Lifecycle Manager 2007 that manages over 450,000 student mailboxes, 1,100,000 student Active Directory credentials and over 500,000 student records. With a lot of tweaking and work from UNISA and Microsoft we manage to run delta operations on these records every 30 minutes making sure that UNISA students get their credentials as soon as humanly possible.

With the launch of Outlook Live (ExchangeLabs R3) the ability to us instant messenger has been added to Outlook Web Access. For schools that do not wish to use this feature, administrators now have the ability to set attributes via PowerShell (requires Vista or WS2008) to disable Instant Messenger in OWA.  To do so, simply use the following cmdlets:

Get-OwaMailboxPolicy -Identity:"OwaMailboxPolicy-DefaultMailboxPlan" | Set-OwaMailboxPolicy -InstantMessagingEnabled:$false

One of the ways to manipulate a group on your tenant on ExchangeLabs is through the use of Powershell. If however you need to update a large amount of members into a specific group this is also quite simple using Powershell (and some built in cmdlets). In future we will look at using ILM to do the same, but we’ll need to check it the GROUP object type can be manipulated 

Have a look at the following:

I have created a file that contains all my members that should be added to my group. In this example I have already created by group called “testGroup”.

Import file format

Name : StudentNumber
Name : 33809771
Name : 7990529
Name : 44940750

Parameters or required fields
Group Identity: the group you want to add the member to
Input file: the members you wish to add to the group

Require components:

Windows PowerShell V2 Community Technology Preview 2 (CTP2)
WinRM 2.0 CTP 

$LiveCred = Get-Credential
$rs = New-Runspace -Shell Microsoft.Exchange
      -ConnectionUri https://ps.exchangelabs.com/powershell/
      -Credential $LiveCred -Authentication Basic

Script to execute command
To read you text file of members into memory and add each member into the specified group (testGroup) execute the following command (all in one line.

Import-Csv C:names.txt -delimiter ":" |
foreach {Invoke-Command -r $rs { param($User)
add-distributiongroupmember -identity testGroup
-member $User.StudentNumber} -Arg $_}

Additional Reading
Remote PowerShell with Exchange Labs
Create Dynamic Distribution Groups in Exchange Labs

In some cases during provisioning of Exchangelabs accounts using the ExchangeLabs Management Agent (ELMA) you will get instances where the MA can not get the password set on the account in question. In this case you will get an exception stating that “The Password could not be set”.

Note that the LiveID and mailbox has been created, but there is just no password set on the account. For small deployment there is no issue just quickly logging onto the Windows Live Admin Centre and resetting the password from there; but when you have hundreds of thousands of email accounts this is not very practical.

In this case the best option is to use the “set-mailbox” powershell command.

set-mailbox -identity user@domain.blah -password PassWord

Note that if you want to set a password with special characters if might be a good idea to enclose the password in single quotes.

Just a quick note. When setting up email forwarding or redirection on the client side (using rules) it is important to note that forwarding is disabled by default on ExchangeLabs tenants. You will be able to create rules, but these will never work until you enable forwarding for your domain.

Log onto your tenant using the normal runspace creation methods and execution the following:

set-remotedomain * -autoforwardenabled $true

The following post continues from Announcing Outlook Live (ExchangeLabs R3) – Part 1

6. PowerShell v2.0 CTP3 is required for Outlook Live R3 – Customer Action Required

In the current beta release of Outlook Live R2, administrators can use Windows PowerShell v2 and connect to an Exchange server remotely to perform some management tasks in their organization.  This requires downloading and installing Windows PowerShell v2 CTP2 and the WinRM 2.0 CTP2, from the connect site. Instructions here.

• With the release of Outlook Live R3, administrators will need to download and install the updated Windows PowerShell v2 CTP3 and WinRM 2.0 CTP3. Instructions here.  This new version has some changes to the syntax used, so review the technical documentation for instructions.  Upgraded domains should begin using the new version of PowerShell by March 16.  Administrators will know they are upgraded, by logging into the primary administrator account, and seeing the new Outlook Live branding in the web interface.

7. Identity Lifecycle Management Agent for Outlook Live

The Outlook Live Management Agent (MA) is being finalized and will be ready to support managed deployments  in Q2 of CY2009. 

8. Introducing exciting new Live@edu support changes

We are happy to inform you of exciting changes in Customer Support now available for the Microsoft Live@edu program.

Highlights of the changes include:

• Support now available 24 hours a day, 7 days a week via phone or web (for IT Administrators and help desk personnel only)
• Simplified web interface now available for submission of support requests via the web (Access IDs are no longer required)
• Today our Live@edu customer support is 24×7, phone based and free for an unlimited number of incidents. We are currently evaluating a paid support offering for our customers. We will continue to offer free support once the paid offering is available. This free model will have boundaries, unlike today.

9. Additional new Organizational service plan, enabling new privacy features for schools, coming post-R3 of Outlook Live

The Outlook Live Organizational Service Plan, including the following Outlook Live features, will be available at the beginning of April.  We are in the process of upgrading our Live@edu Terms of Use, making it possible for us deliver these great features.

10. Schools provisioned on Outlook Live R2 will need to sign a new Outlook Live Organization Terms of Use in order to activate the new privacy features – Customer Action Required

• All current customers will be required to sign a new Terms of Use in order for the privacy features available in Outlook Live R3, to be activated.
• Microsoft will send an e-mail, to the IT Administrator associated with the account, containing information regarding the new terms and links to a website where the new TOU can be accepted online. IT Administrators can expect to see this e-mail at the beginning of April.
• If your school chooses not accept the new  terms of use, the Organizational service plan , including the mentioned above organizational terms of use, the privacy features mentioned above will not be available.
• We are creating a podcast around the new service which will be available prior to the launch of the TOU website in April. 

The changes have been in development for a while now and last week the Exchange team  announced that the ExchangeLabs R3 upgrade will be starting very soon. As part of this upgrade there are many changes. The following post tries to outline and comment on some of these changes.

1. Exchange Labs is now called “Outlook Live”

• Exchange Labs has a new name and it is now Microsoft Outlook Live. Click HERE for our Outlook Live announcement on Presspass.
• New domains will be provisioned on R3 beginning on February 15^th, 2007 .  Upgrade of existing domains will be complete by the end of May.

The Outlook Live rename has been in the pipeline for a while and was hinted at in the Microsoft Live Service and Data centre Gen 4.0 strategy. In these promotional videos various live services was shown; including Outlook Live. Be assured that the Outlook Live rebrand is no accident and expect Outlook Live to be a integral part of the Office 14 Software + Service strategy.

2. Great new features for students and IT Administrator coming in the Outlook Live R3 release

3. Users will now access Outlook Live via Outlook.com – Customer Action Required

As part of the R2->R3 upgrade, the domain name for Exchange Labs is being updated to Outlook.com.  Web access to Outlook Live is now via https://www.outlook.com  (Please note – Students using OWA may still get their mail by going to www. exchangelabs.com)

As part of this switch, we have seen isolated connectivity issues. This does not affect connectivity via Outlook Web Access, but it does for some POP/IMAP clients, some ActiveSync users, and some Outlook users. If your users are having connectivity problems, please have them take the following steps:

• For POP/IMAP clients:  For downloading mail, change the server name used for POP and IMAP to outlook.com.  To find the outgoing SMTP server name, sign in to Outlook Live through a web browser as you normally do.   After logging in, look at the address in the address bar in your browser.
  

  OWA Address Starts with:	Use SMTP server name:
  bl2prd01 or pod51000                        db2prd01 or pod51002                       sinprd01 or pod51003	pod51000.outlook.com pod51002.outlook.com pod51003.outlook.com

• For ActiveSync-based clients (Windows Mobile, iPhone and others):  If you are having connectivity issues, change your server name to m.outlook.com.
• For Outlook, if you are using an Exchange (MAPI) account to connect to Outlook Live, go to Tools->Account Settings and select the "E-mail" tab.  Use the “Repair” button on the account to initiate Outlook’s server discovery process.  During this process, you may prompted to receive server configuration from https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml, which you should accept.  After completing this process, restart Outlook. 

Note

If these steps do not get you or your users reconnected to Outlook Live, please contact support.  Additional information can be found at http://help.outlook.com.

4. Important co-branding changes will impact your Outlook Live environment – Customer Action Required

With the release of Outlook Live R3, there will be changes to the co-branding that users will see in Outlook Live.  The following changes will happen to co-branding in the web interface:

• Instead of co-branding appearing in the top centre of the Outlook Live web UI, as a small image, co-branding will now appear in the top left, as a slightly larger image.
• Colour schemes will be temporarily removed from Outlook Live at the beginning of the R3 upgrade and will return in the 2^nd half of 2009.

Note – Between February 11 and February 26, administrators will be unable to make changes to co-branding in the Windows Live Domains manager (http://domains.live.com).  This is due to the upgrades we are making in the co-branding interface.

The co-branding issue encountered in the R2-R3 upgrade will cause some inconvenience to customers, but Microsoft has introduced changes in the co-branding mechanism to mitigate this issue in the R3-beyond upgrades. This means that as mailboxes move from one POD to another during an upgrade cycle they will be able to present branding for both mailboxes (that are left on the ‘old’ POD and those that already moved to the new one). This co-existent branding does not current exist in R2, thus the issue.

5. Windows Live Custom Domains (WLCD) provisioning API is being retired – Customer Action Required

The Windows Live Custom Domains provisioning API will soon be retired. CSVimport, the bulk command-line import tool for administrators to import/provision large numbers of mailboxes into Outlook Live will be retired as well. (CSVImport uses the WLCD provisioning API)

Note

• Any new domain provisioned on Outlook Live will NOT be able to use WLCD provisioning API (CSVimport). New customers will need to begin using PowerShell for automation scripts or, could begin using Identity Lifecycle Manager agent when available.
• Existing domains provisioned prior to February 15^th will be able to continue using WLCD API until May 15^th, 2009.

Customers that currently use the CSVImport mechanism needs to take action in order to mitigate service disruptions. These customers will need to move to a Powershell or Identity Lifecycle Manager 2007 provisioning mechanism.

This post continues in Part 2

On Saturday the Microsoft Exchange team announced the upgrade of ExchangeLabs R3 which is scheduled to start shortly. As part of this upgrade some significant changes will be introduced to the ExchangeLabs service (now known as Outlook Live).

One of the most significant changes in the inclusion of staff / faulty and alumni in the Outlook Live offering. Up to now the offering was only available to alumni and students.

Additionally there are many other changes. The following few posts looks at the Microsoft press release and comments on the various changes.

Top 10 Things you’ll need to know about Outlook Live R3

1. Exchange Labs is now called “Outlook Live”
2. Introducing exciting new Live@edu support changes
3. Great new features for students and IT Administrators coming in the Outlook Live R3 release
4. Users will now access Outlook Live via Outlook.com Action Required
5. Important co-branding changes will impact your Outlook Live environment Action Required
6. Windows Live Custom Domains (WLCD) provisioning API is being retired Action Required
7. PowerShell v2.0 CTP3 is required for Outlook Live R3 Action Required
8. Identity Lifecycle Management Agent for Outlook Live
9. Additional new Organizational Service Plan enabling privacy features for schools coming post-R3 of Outlook Live
10.   New privacy features require schools to sign new Terms of Use Action Required

Please refer to Part 1 and Part 2 for further information regarding these changes.

Important:

This email provides information about Outlook Live R3, as well as specific actions that IT administrators will need to take.

Please Note – If your IT administrator has questions regarding the actions that are required, please call one of our support telephone lines for assistance.

As part of the new Outlook Live launch (ExchangeLabs R3 upgrade) the following video has been released. This shows a few new features, but probably one of the most anticipated ones is the cross browser experience – that now supports Safari (Mac), Firefox and IE.

Check it out at : http://edge.technet.com/Media/Introducing-Outlook-Live/

The following three posts will explore the press release and new features in greater detail.

When using ILM or Powershell to script the provisioning of ExchangeLabs mailboxes it is really important to remember that the authentication mechanism used to gain access to you mailbox is a Windows Live ID. Even thought an AD account is created on the back-end this is never really accessed by the user; it is only used to support the Exchange feature set.

Since you primary method of authentication is a Live ID, there are certain restrictions that apply to passwords on Windows Live. In order to mitigate any exceptions it is recommended that the following rules are followed when creating a password.

Note that this will cause you some pain when you use password sync from ILM to ExchangeLabs as well so try to educate your users regarding these rules and try to use password complexity on your local AD.

Password rules

• The password is case-sensitive.
• The password can contain uppercase letters and lowercase letters.
• The password can contain numbers.
• The password can contain the following ASCII text characters: ` ~ ! @ # $ % ^ * ( ) _ + - = { } | [ ] : " ; ' > ? , . /
• The minimum password length is six characters.
• The maximum password length is 16 characters.

Password restrictions

The password can’t contain any of the following items:

• Spaces
• Non-English characters
• The character &
• The character <
• The account name part of the e-mail address. For example, if the e-mail address is user@contoso.com, the password can’t contain user. This restriction isn’t case-sensitive. Therefore, USER or User can’t be used in the password for user@contoso.com.
• The answer to the Windows Live ID secret question that helps you reset your password if you forget it. For example, if the Windows Live ID secret question is Mother’s birthplace, and Seattle is the answer, the password can’t contain Seattle. This restriction isn’t case-sensitive. Therefore, SEATTLE or seattle can’t be used in the password.