With Exchange Server 2010, the Exchange Management Console
and the Exchange Management Shell are the primary administration tools
you use to manage mailboxes,
distribution groups, and mail contacts. You can use these tools to
create and manage mail-enabled user accounts, mailbox-enabled user
accounts, and mail-enabled contacts as well as any other configurable
aspect of Exchange Server.
Exchange Server 2010 also includes the Exchange Control Panel. The
Exchange Control Panel provides browser-based management of
mailbox-enabled user accounts, mail-enabled contacts, and distribution
groups as well as transport rules and delivery reports. To perform
remote management with the Exchange Control Panel, a user must have
appropriate permissions in the Exchange organization.
The sections that follow examine techniques that you can employ to
manage user accounts and the Exchange features of those accounts.
Note
Domain administrators can create user accounts and contacts using
Active Directory Users And Computers. If any existing user accounts
need to be mail-enabled or mailbox-enabled, you perform these tasks
using the Exchange management tools. If existing contacts need to be
mail-enabled, you also perform this task using the Exchange management
tools.
1. Configuring the Exchange Control Panel
The Exchange Control Panel (ECP) is a Web application running on a
Client Access server providing services for the Exchange organization.
This application is installed automatically when you install a Client
Access server. To perform Exchange management from just about anywhere,
you simply need to enter the Uniform Resource Locator (URL) path for
the application in your browser's Address field. You can then access
the Exchange Control Panel. By default, the Exchange Control Panel URL
is https://yourserver.yourdomain.com/ecp.
The Client Access server to which you connect processes your remote
actions via the ECP application running on the default Web site. The
physical directory for this application is
%ExchangeInstallPath%\ClientAccess\Ecp. This application runs in the
context of an application pool named MSExchangeECPAppPool. In the
%ExchangeInstallPath%\ClientAccess\Ecp directory on your server, you'll
find a web.config file that defines the settings for the ECP application.
When you install an Exchange server, the setup process creates a self-signed security
certificate. Because this default certificate is not issued by a
trusted authority, you see a related error message whenever you use
HTTPS to access services hosted by your Client Access servers,
including the Exchange Control Panel, the PowerShell application, and
Microsoft Outlook Web App.
The best way to eliminate this error message is to install a
certificate from a trusted authority on your Client Access servers. If
you organization has a certification authority (CA), have your security
administrator issue a certificate. Otherwise, you can purchase a
certificate from a trusted third-party authority. Web browsers should
already be configured to trust certificates issued by your
organization's CA or by a trusted third-party authority. Typically,
browsers need additional configuration only when you use your own CA
with non-domain-joined machines.
In Exchange Management Console, you can view, install, and manage
certificates by selecting the Server Configuration node in the left
pane and then clicking the server you want to work with in the main
pane. Certificates available on the server are listed in the lower
pane. If you right-click in the lower pane, you can choose New Exchange
Certificate to create a new certificate request, or choose Import
Exchange Certificate to import a certificate issued by a CA from a
file. After you import or create a certificate, right-click the
certificate, and then select Assign Services To Certificate to permit
the certificate to be used with designated Exchange services.
The services a certificate can be used with include Internet Message
Access Protocol (IMAP), Post Office Protocol (POP), SMTP, Internet
Information Services (IIS), and Unified Messaging (UM). The default
self-signed certificate is assigned services automatically during setup
based on the roles installed on the Exchange server.
2. Accessing and Using the Exchange Control Panel
You access the Exchange Control Panel by following these steps:
-
Open your Web browser, and then enter the secure URL for the Exchange Control Panel, such as https://mailserver48.cpandl.com/ecp.
-
If your browser displays a security alert stating there's a problem
with the site's security certificate, click the Continue To This Web
Site link.
-
You'll see the logon page for Outlook Web App. After you specify
whether you are using a public or a private computer, enter your user
name and password, and then click Sign In.
-
The first time you sign in to OWA, you need to specify the language
you want to use and your time zone. You also can specify that you want
to use the blind or low-vision experience. Click OK to continue to your
mailbox.
In your browser, you use the Select What To Manage list to choose
whether you want to manage the Exchange organization on your mailbox or
another user's
mailbox. If you choose your mailbox, you are redirected to the virtual
directory for Outlook Web App. When you are managing your organization,
you have several management categories available, including Users &
Groups and
Reporting. When you are managing your organization, you can switch
between these management categories by clicking the links provided in
the left pane.
When Users & Groups is selected in the left pane, the Mailboxes view is displayed by default. As shown in Figure 1 the Mailboxes view lists mail-enabled user accounts according to their display name and e-mail address. While working with this view, you can do the following:
-
Double-click an entry in the Mailboxes list to view and manage
mailbox settings. The information you can view and manage is a subset
of the information available in the related Properties dialog box in
the Exchange Management Console.
-
Click Refresh to update the Mailboxes list.
-
Enter a search value, and click the Search button to search the mailboxes by display name or e-mail address.
By clicking Users & Groups and then clicking External Contacts, you can display mail-enabled contacts in the organization, as shown in Figure 2.
The External Contacts view lists mail-enabled contacts according to
their display name and e-mail address. While working with this view,
you can do the following:
-
Click New to create a new mail-enabled contact. The information you
need to provide to create a contact is the same as the information you
must enter on the Contact Information page in the New Mail Contact
Wizard when you are working with the Exchange Management Console.
-
Double-click an entry in the External Contacts list to view and
manage contact settings. The information you can view and manage is a
subset of the information available in the related Properties dialog
box in the Exchange Management Console.
-
Select an entry in the External Contacts list, and then click Delete to remove the contact.
-
Click Refresh to update the External Contacts list.
-
Enter a search value, and then click the Search button to search the contacts by display name or e-mail address.
By clicking Users & Groups and then clicking Groups, you can display distribution groups in the organization, as shown in Figure 3. The Groups view lists distribution groups according to their display name and e-mail address. While working with this view, you can do the following:
-
Click New to create a distribution group. The information you need
to provide to create a distribution group is the same as the
information you must enter on the Group Information page in the New
Distribution Group Wizard when you are working with the Exchange
Management Console. However, you can also configure settings for
ownership, membership, and membership approval. With the New
Distribution Group Wizard, you need to create the group and then edit
the properties to manage these additional settings.
-
Double-click an entry in the Groups list to view and manage group
settings. The information you can view and manage is a subset of the
information available in the related Properties dialog box in the
Exchange Management Console.
-
Select an entry in the Groups list and then click Delete to remove a group.
-
Click Refresh to update the Groups list.
-
Enter a search value, and then click the Search button to search distribution groups by display name or e-mail address.
You can configure the Exchange Control Panel for single-server and multiserver environments.
In a single-server environment, you use one Client Access server for
all your remote management needs. In a multiple-server environment, you
can instruct administrators to use different URLs to access different
Client Access servers, or you can use Client Access arrays with
multiple, load-balanced servers and give all administrators the same access URL.
Note
If you have
multiple Client Access servers in the same Active Directory site, you
put them all in the same single CAS array, and then you point to the
CAS array. Note that the load balancing performed
by the array automatically is for RPC Client Access only. You need to
use some other means to load balance the HTTPS requests against the
array.
Note
You can use the Exchange Control Panel with firewalls. You configure your network to use a perimeter network with firewalls
in front of the designated Client Access servers and then open port 443
to the IP addresses of your Client Access servers. If Secure Sockets
Layer (SSL) is enabled and you want to use SSL exclusively, you only
need port 443, and you don't need to open port 80.
You can manage the Exchange Control Panel application using Internet
Information Services (IIS) Manager or the Exchange Management Shell.
The related commands for the Exchange Management Shell are as follows:
-
Get-ECPVirtualDirectory
Displays information about the ECP application running on the Web server providing services for Exchange.
Get-ECPVirtualDirectory [-Identity AppName
]
[-DomainController DomainControllerName
]
Get-ECPVirtualDirectory -Server ExchangeServerName
[-DomainController DomainControllerName
]
-
New-ECPVirtualDirectory
Creates a new ECP
application running on the Web server providing services for Exchange.
You should use this command only for troubleshooting scenarios where
you are required to remove and re-create the ECP virtual directory.
New-ECPVirtualDirectory [-AppPoolId AppPoolName
]
[-DomainController DomainControllerName
] [-ExternalUrl URL
]
[-InternalUrl URL
] [-WebSiteName SiteName
]
-
Remove-ECPVirtualDirectory
Use the
Remove-ECPVirtualDirectory cmdlet to remove a specified ECP application
running on the CAS server providing services for Exchange.
Remove-ECPVirtualDirectory -Identity AppName
[-DomainController DomainControllerName
]
-
Set-ECPVirtualDirectory
Modifies the configuration settings for a specified ECP application running on the CAS server providing services for Exchange.
Set-ECPVirtualDirectory -Identity AppName
[-BasicAuthentication <$true | $false>] [-DomainController
DomainControllerName
] [-ExternalAuthenticationMethods Methods
]
[-FormsAuthentication <$true | $false>]
[-ExternalUrl URL
] [-GzipLevel <Off | Low | High | Error>]
[-InternalUrl URL
] [-LiveIdAuthentication <$true | $false>]
[-WindowsAuthentication <$true | $false>]
At the Exchange Management Shell prompt, you can confirm the location of the Exchange Control Panel application by typing get-ecpvirtualdirectory
.
Get-ECPVirtualDirectory lists the name of the application, the associated Web site, and the server on which the application is running, as shown in the following example:
Name Server
------- -------
ecp (Default Web Site) CorpServer45
In this example, a standard configuration is being used on
which the application named ECP is running on the Default Web Site on
CorpServer45. You can use Set-ECPVirtualDirectory to specify the
internal and external URL to use as well as the permitted
authentication types. Authentication types you can enable or disable
include basic authentication, Windows authentication, and Live ID basic
authentication. You can use New-ECPVirtualDirectory to create an ECP
application on the Web server providing services for Exchange and
Remove-ECPVirtualDirectory to remove an ECP application.