13 May 2012

Synchronize Project Server 2010 with Exchange 2010

A. Enable Exchange synchronization for the PWA

1. In Server Settings page in PWA, goto Operational Policies - Additional Server Settings - Exchange Server details then check on
2. Synchronize Tasks check box

B. Create a PWA user account for each CAS server
1. From Server Setting page in PWA create new user
2. Clear "User can be assigned as a resource" check box and type the name of CAS server in the Display Name field. For eg CAS_Server

3. In the User Authentication section, enter the Windows account for CAS server computer account in the User logon account field. In my case DOMAIN\CAS_Server$

4. Check on Prevent AD synchronize this account

5. In the Security group section, add the user to the Administrator group

6. Click Save button


C. Configure Project Server users for Exchange synchronization
In Server Settings page in PWA double click on each existing user and check on Synchronize Tasks check box

D. Configure impersonation permissions for the Project Server Queue Service account
1. Discover account that is running Project Server Queue service

2. Log on to Exchange server, launch Exchange Management Shell as Administrator

3. Type the below command, replace the string queuingserviceaccount with the account in step 1

Add-ADPermission -Identity (Get-ExchangeServer).DistinguishedName -User (Get-User -Identity queuingservice_account | Select-Object).identity -extendedRights ms-Exch-EPI-Impersonation

 If you get the below error that means you have more than one CAS server. Please follow step 3.1

Cannot bind argument to parameter 'Identity' because it is null.
    + CategoryInfo          : InvalidData: (:) [Add-ADPermission], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Add-ADPermission

3.1 Enter the below command in Exchange Power Shell

[PS]$CAS_Server = get-exchangeserver | where { $_.ServerRole -match "ClientAccess" }
[PS]$CAS_Server | foreach-object {Add-ADPermission -Identity $_.DistinguishedName -User (Get-User -Identity queuingservice_account | select-object).identity -extendedRights ms-Exch-EPI-Impersonation}

You will get

Identity             User                                          Deny  Inherited
--------                ----                                       ----  ---------
CAS_Server           DOMAIN\queuingservice_account                  False False

Repeat step 3.1 on every CAS server in your Exchange farm

E. Configure impersonation persmissions for all Exchange users
Execute this command in CAS server
[PS] New-ManagementRoleAssignment -Name PRJEXCHIntegration -Role applicationImpersonation -user DOMAIN\queuingservice_account

You will get

Name                           Role              RoleAssigneeName  RoleAssigneeType  AssignmentMethod  EffectiveUserName
----                           ----              ----------------  ----------------  ----------------  ----------------
PRJEXCHIntegration             ApplicationImp... queuingservice_account         User              Direct



References:
http://go.microsoft.com/fwlink/p/?LinkId=202797  (video)
http://blogs.msdn.com/b/mohits/archive/2010/05/29/integration-of-project-server-2010-and-exchange-2010-2007.aspx
http://technet.microsoft.com/en-us/library/ff468700.aspx

16 Jan 2012

Windows Server 2008 : Domain Name System and IPv6 - Performing Zone Transfers




Copying the DNS database from one server to another is accomplished through a process known as a zone transfer. Zone transfers are required for any non-Active Directory-integrated zone that has more than one name server responsible for the contents of that zone. The mechanism for zone transfers varies, however, depending on the version of DNS. Zone transfers are always pulled by the secondary servers from the primary servers.
Primary DNS servers can be configured to notify secondary DNS servers of changes to a zone and to begin a zone transfer. They can also be configured to perform a zone transfer on a scheduled basis. To set up a secondary server to pull zone transfers from a forward lookup zone, follow this procedure:

1.
Launch Server Manager on the DNS server with the primary zone.
2.
Expand the Roles, DNS Server, DNS nodes, and then select the server name.
3.
Select the Forward Lookup Zones node.
4.
Right-click the name of the zone and choose Properties.
5.
Choose the Zone Transfers tab.
6.
Check Allow Zone Transfers and select Only to the Following Servers.
7.
Click Edit, type in the IP address of the server that will receive the update, and press Enter. The server will be validated, as shown in Figure 1. Because the server is not yet an authoritative server for the zone, the error message “The server with this IP address is not authoritative for the required zone” appears. This will be done in the next section. The error can be safely ignored. Click OK to save.

Figure 1. Setting up zone transfer servers.

8.
To ensure that updates will be processed correctly, click the Notify button, enter the name of the secondary server, and press Enter. Click OK to save changes.
9.
Click OK to save the changes.
Note
In addition to specifically defining recipients of zone transfer notifications by IP address, you can select the Only to Servers Listed on the Name Servers Tab option button as well, assuming that the recipient server or servers are listed on the Name Servers tab.

Now that the primary zone on the primary DNS server has been configured to allow transfers, the secondary zone has to be configured on the secondary DNS server. To create the secondary zone and begin zone transfers, execute the following steps:
1.
Launch Server Manager.
2.
Expand the Roles, DNS Server, DNS nodes, and then select the server name.
3.
Select the Forward Lookup Zones node.
4.
Select Action, New Zone.
5.
Click Next on the Welcome page.
6.
Select Secondary Zone from the list of zone types. Secondary zones cannot be AD-integrated and the options will be grayed out. Click Next to continue.
7.
Type in the name of the zone that will be created (this should match the primary zone name), and click Next to continue.
8.
Type in the IP address of the server or servers from which the zone records will be transferred. Press Enter for each server entered, and they will be validated. Click Next to continue.
9.
Click Finish on the Summary page to create the zone.
After the last step, the zone will automatically transfer from the primary DNS server to the secondary DNS server.

Performing Full Zone Transfers

The standard method for zone transfers, which transfers the entire contents of a DNS zone from the primary server to the secondary server, is known as asynchronous zone transfer (AXFR), or full zone transfer. This type of zone transfer copies every item in the DNS database to the secondary server, regardless of whether the server already has some of the items in the database. Older implementations of DNS utilized AXFR exclusively, and it is still utilized for specific purposes today.

Initiating Incremental Zone Transfers

An incremental zone transfer (IXFR) is a process by which all incremental changes to a DNS database are replicated to the secondary DNS server. This saves bandwidth over AXFR replication changes because only the deltas, or changes made to the database since the last zone transfer, are replicated.
IXFR zone transfers are accomplished by referencing a serial number that is stored on the SOA of the DNS server that holds the primary zone. This number is incremented upon each change to a zone. If the server requesting the zone transfer has a serial number of 45, for example, and the primary zone server has a serial number of 55, only those changes made during the period of time between 45 and 55 will be incrementally sent to the requesting server via an IXFR transfer. However, if the difference in index numbers is too great, the information on the requesting server is assumed to be stale, and a full AXFR transfer will be initiated. For example, if a requesting server has an index of 25, and the primary zone server’s index is 55, an AXFR zone transfer will be initiated, as illustrated in Figure 2.
Figure 2. IXFR zone transfers.

Total Pageviews