Daily Archives: March 11, 2005

Managing Exchange and Active Directory with MOM 2005

Ian delivered a really good TechNet session last night – managing Exchange and AD with MOM.  Here are some of the resources he referred to during the session:


Cluster nodes are referred to as managed nodes

How to configure Event log replication in Windows 2000 Cluster Servers

MOM 2005 product Documentation

MOM Workgroup Edition

MOM Management packs

Operations manager performance and sizing White Paper

MOM 2005 service continuity solution accelerator

Management Pack for Terminal server

Management pack for Windows security from NetIQ

MOM 2005 Security guide

Retaining data in the MOM 2005 database

MOM 2005 SDK

MOM 2005 agents and bandwidth used

MOM Notification Workflow solution accelerator

Optimising BizTalk using MOM – Webcast


If there is anything I missed let me know and I’ll amend this post…


MSN Messenger – lost or stolen password (or secret question)


I get quite a few emails on this after my posts about MSN Messenger 7.0 beta (or 7.o betta as some people call it J )

Usually the mail consists of either the password being lost or stolen, maybe forgetting or losing the secret question, or an inability to access their MSN or Hotmail account.  Some people think that their account has been stolen or otherwise compromised.  So here’s what you can do to get it back…
What to do if somebody has stolen your MSN account

If somebody has stolen or “hacked” your account and changed all the login details, you will need to get in touch with a support team to get it back.

Getting your account back on MSN

Have you tried to reset your Password?

       Show me the three different ways to reset my Password

If all access details have been changed with your password:

       Go to the Passport member centre

       Answer ALL the profile questions

       In the Error Message box Type ACCOUNT STOLEN

       In the Additional Comments box tell them:
The time you last signed in successfully
A list of ALL your previous passwords

It is not possible to have your password reset if you supply incorrect information. The Passport team will take any attempt to steal passwords by this route very seriously.

Hopefully this will help you get your account back…

Active Directory and Exchange 2003 – Separate Administrators

Pete mailed me after attending a couple of my evening Exchange sessions at Reading and also the event in Birmingham.  Last year, he migrated his internal systems from GroupWise to Exchange 2003.  However, his Technical director was concerned that anyone who has admin rights on the domain can, in theory, give themselves rights to anyone else’s mailbox.   He wondered if there was any way to restrict this right. 


The administrative model prescribed by the default configuration of Microsoft Exchange and Active Directory, may not fit with the security and administrative roles defined by an organisation. For some organisations, the helpdesk-level administrators that create user accounts are not the same administrators that administer mailboxes.  However, the default configuration of Exchange and Active Directory requires that mailbox administrators belong to the “Account Operators” security group, and that members of the “Account Operators” group have read-read access to Exchange objects.

You can configure permissions in Active Directory to correspond to your administrative model.  This granular level of permissioning is referred to as a split permissions model. Chapter 4 of the Working with AD permissions with Exchange guide which explains how to set a split permissions model to your AD organisation and segregate your AD administrators from your Exchange Administrators.

Modifying users information in the GAL

I was sent this question recently and I’m stumped for the answer – so I thought I’d turn to the blogging world for assistance.  It’s about modifying information in the GAL.  GALMOD allows users to modify their “own” information in the GAL.

But is there a way to set permissions in Exchange or AD for a certain security group to change other’s info as well?  Like being able to access the GAL from the Outlook Client instead of having to go into AD?

If there was a company with hundreds of external contacts in the GAL who do not have access to our global address list to change their own information  as they do not log on to the system.   Could some of the HR Admins be given permission to change general employee information in the GAL from the Outlook Client.


The only thing I could think of was a solution based on an auto provisioning tool like the hosted solution for an ISP and described here.


Has anyone got any other ideas??