Microsoft: New User / User's Details take a Long Time to Update in Global Address List

Add these all together and you can have quite a lag in seeing new users in your GAL.
1. GAL generation (should happen at time of user creation but may be delayed by DC replication)
2. Offline address book generation (every 24 hrs)
3. OAB replicated to the CAS (can take up to 8 hours)
4. Outlook download of OAB (24 hours from last download)

<< Things you can do to reduce lag >>
a. Increase the OAB generation schedule (default is once a day @ 5:00 am)
* EMC –> Organization Configuration –> Mail Box –> Offline address Book <tab> –> Properties of OAB –> Click Customize next to Update schedule –> modify to fit your needs (be careful to not make it often)
* Sample script to set it to 4 times a day for every OAB (use caution as this could cause undue load on the server\client)
  * get-offlineaddressbook | set-offlineaddressbook -schedule “Sun.5:00 AM-Sun.6:00 AM, Sun.10:00 AM-Sun.11:00 AM, Sun.3:00 PM-Sun.4:00 PM, Sun.8:00 PM-Sun.9:00 PM, Mon.5:00 AM-Mon.6:00 AM, Mon.10:00 AM-Mon.11:00 AM, Mon.3:00 PM-Mon.4:00 PM, Mon.8:00 PM-Mon.9:00 PM, Tue.5:00 AM-Tue.6:00 AM, Tue.10:00 AM-Tue.11:00 AM, Tue.3:00 PM-Tue.4:00 PM, Tue.8:00 PM-Tue.9:00 PM, Wed.5:00 AM-Wed.6:00 AM, Wed.10:00 AM-Wed.11:00 AM, Wed.3:00 PM-Wed.4:00 PM, Wed.8:00 PM-Wed.9:00 PM”

b. Change OAB download interval in outlook
    1. On the Tools menu, point to Send/Receive, point to Send/Receive Settings, and then click Define Send/Receive Groups.
    2. Click New.
    3. Type a name for the custom group.
    4. Click your Exchange account, and then click to select the Include the selected account in this group check box.
    5. Under Select the options you want for the selected account group, make sure that the only check box that is selected is Download offline address book, and then click OK.
    6. In the Send/Receive Groups dialog box, click your new group.
    7. Under Setting for group Group_name, click to select only the Schedule an automatic send/receive every check box, and then enter the number of minutes.
    8. Under When Outlook is offline, click to clear the check boxes.
    9. Click Close.

<< Forcing update >>
1. Get-GlobalAddressList | Update-GlobalAddressList
2. Get-OfflineAddressBook | Update-OfflineAddressBook
3. Get-ClientAccessServer | Update-FileDistributionService
4. Download Full OAB in outlook
   * On the Tools menu, point to Send/Receive, and then click Download Address Book.
   * In the Offline Address Book dialog box, make sure that the Download changes since last Send/Receive check box is checked.
   * Click OK.

Microsoft: Active Directory Universal Group Membership Caching

In multidomain forests where remote sites do not have a global catalog server, the need to contact a global catalog server over a potentially slow WAN connection can be problematic. On domain controllers that are running Windows Server 2003 or later, the Universal Group Membership Caching feature is available by default (does not require a specific functional level or domain mode), although it must be enabled on a per-site basis.

When enabled, this feature allows a domain controller to cache global group SIDs and universal group SIDs that it retrieves from a global catalog server so that future logons do not require contacting a global catalog server. This storage is referred to as “caching,” but the memberships are actually stored in a non-volatile AD DS value. The memberships that are written to this value are not lost as a result of a restart or power outage. For the purposes of this discussion, the term “cache” refers to this value. Group membership is cached for user accounts and computer accounts.
Caching group memberships in branch site locations has the following potential benefits:
* Faster logon times because authenticating domain controllers no longer need to contact a global catalog server to obtain universal group membership.
* Higher availability because logon is still possible if the WAN link to the site of the global catalog server is unavailable.
* No need to upgrade the hardware of existing domain controllers to handle the extra system requirements necessary for hosting the global catalog.
* Minimized network bandwidth usage because a branch site domain controller does not have to replicate all of the objects located in the global catalog.

<< Enabling Universal Group Membership Caching >>
Universal Group Membership Caching can be enabled for a site by using the Active Directory Sites and Services MMC snap-in to edit the properties of the NTDS Site Settings object (CN=NTDS Site Settings,CN=TargetSiteName,CN=Sites,CN=Configuration,CN=ForestRootDomain). In Active Directory Sites and Services, if you click a site object, the NTDS Site Settings object for the site is visible in the details pane. Right-click the NTDS Site Settings object and then click Properties. In the NTDS Site Settings Properties dialog box, click Enable Universal Group Membership Caching.

* Note:
The options attribute of the NTDS Site Settings object, which controls this feature, has a default value of 0. When only the Universal Group Membership Caching option is enabled, the attribute value is 32. However, this attribute is a bit field, so its full functionality is derived from computing a bitwise AND of all of the bits that are set.

When the feature is enabled for a site, domain controllers in the site cache both universal group membership and global group membership for first-time logons and keep the cache updated thereafter. The feature allows specifying the site from which to retrieve group membership. In the NTDS Site Settings Properties dialog box, you can use the Refresh cache from list to specify the site to use. The msDS-Preferred-GC-Site attribute stores the distinguished name of the specified site and controls this setting.

If no site is specified, the closest-site mechanism uses the cost setting on the site link to determine which site has the least-cost connection to contact a global catalog server.

If the user has not logged on to the domain previously and a global catalog server is not available, the user can log on to only the local computer.

Microsoft: Transport Rules Still Apply After Removed Group Membership

You might wonder why the transport rules still apply after you have removed the group membership of an user.

When you define a transport rule using a predicate that expands membership of a distribution group, the resulting list of recipients is cached by the Hub Transport server that applies the rule. This is known as the Expanded Groups Cache and is also used by the Journaling agent for evaluating group membership for journal rules. By default, the Expanded Groups Cache stores group membership for four hours. Recipients returned by the recipient filter of a dynamic distribution group are also stored. The Expanded Groups Cache makes repeated round-trips to Active Directory and the resulting network traffic from resolving group memberships unnecessary.

In Exchange 2010, this interval and other parameters related to the Expanded Groups Cache are configurable. You can lower the cache expiration interval, or disable caching altogether, to ensure group memberships are refreshed more frequently. You must plan for the corresponding increase in load on your Active Directory domain controllers for distribution group expansion queries. You can also clear the cache on a Hub Transport server by restarting the Microsoft Exchange Transport service on that server. You must do this on each Hub Transport server where you want to clear the cache. When creating, testing, and troubleshooting transport rules that use predicates based on distribution group membership, you must also consider the impact of Expanded Groups Cache.

To modify distribution group cache settings. For example, modify the time for which group membership is stored in the cache, or increase the cache size. To do this, modify the EdgeTransport.exe.config file ( Location: C:\Program Files\Microsoft\Exchange Server\v14\Bin ). The following excerpt from the EdgeTransport.exe.config file shows some of these settings.
<configuration>
 <runtime>
    <gcServer enabled="true" />
 </runtime>
 <appSettings>
  <add key=" Transport_IsMemberOfResolver_ResolvedGroupsCache_ExpirationInterval"  value ="03:00:00"/>
  <add key="Transport_IsMemberOfResolver_ResolvedGroupsCache_CleanupInterval" value = "00:01:00"/>
  <add key="Transport_IsMemberOfResolver_ResolvedGroupsCache_PurgeInterval" value= "00:01:00"/>
  <add key="Transport_IsMemberOfResolver_ResolvedGroupsCache_MaxSize" value = "32MB"/>
  <add key="Transport_IsMemberOfResolver_ExpandedGroupsCache_ExpirationInterval" value = "03:00:00"/>
  <add key="Transport_IsMemberOfResolver_ExpandedGroupsCache_CleanupInterval" value = "01:00:00"/>
  <add key="Transport_IsMemberOfResolver_ExpandedGroupsCache_PurgeInterval" value= "00:05:00"/>
  <add key="Transport_IsMemberOfResolver_ExpandedGroupsCache_MaxSize" value = "512MB"/>
</appSettings>

Apple: iPad Pro

Apple unveiled the long-awaited 12.9-inch iPad Pro at its "Hey Siri" media event in San Francisco on September 9. The massive tablet, which resembles a larger iPad Air 2 in design, has a resolution of 2732 x 2048, which is 5.6 million pixels -- more than any iOS device and higher than the MacBook Pro with Retina display.

The iPad Pro has a 64-bit A9X processor that delivers up to 1.6 times faster performance over the A8X processor in the iPad Air 2, with up graphics that are up to twice as fast. Apple also says the tablet has 80 percent faster performance and 90 percent faster graphics over portable PCs, allowing users to run apps such as iMovie with desktop-class performance.

The iPad Pro measures 6.9mm thick and weighs 1.57 pounds, making it thin and light enough to be taken anywhere. The tablet features a four-speaker audio system -- two speakers on each side -- that balance frequencies and puts out up to three times the audio level of the iPad Air 2.

Apple introduced two accessories for the iPad Pro. The first is a Microsoft Surface-like Smart Keyboard. The Smart Keyboard comes built into a Smart Cover and uses the Smart Dome Switch from the MacBook, which means that the keys click down evenly from wherever you hit them. According to Apple, the keys offer the "accuracy, stability, and satisfying key feel of standard keyboards." The keys are covered by a soft, custom woven fabric and the entire keyboard itself is "easily foldable and can transform into a Smart Cover."

The Keyboard connects to the iPad Pro via a new magnetic port called the Smart Connector, which can transmit both data and power at the same time. Because it connects directly to the iPad Pro, the Smart Keyboard does not require a separate battery, on/off switch, or Bluetooth pairing -- snap it on and it works automatically. The Smart Keyboard works with the QuickType features in iOS 9, for quick access to word predictions and autocorrect.

The second accessory that accompanies the iPad Pro is Apple Pencil, a stylus built using technology that can detect position, tilt and force to enable pressure sensitivity.

Apple Pencil also calculates angle and orientation to produce both broad or shaded strokes. The Pencil also enables precision that allows artists to touch a single pixel. Apple says the Pencil's battery lasts for hours and that it can charge by connecting to the iPad Pro's Lightning charger.

Apple Pencil will retail for $99 while the Smart Keyboard will retail for $169. Both will be available alongside the new iPad Pro. Apple will also sell Smart Covers and Smart Cases designed for the iPad Pro.

The iPad Pro launches in November in Silver, Space Gray and Gold, starting at $799 for a 32GB Wi-Fi only model. A 128GB Wi-Fi only model will cost $949 and a Wi-Fi + LTE 128GB model will cost $1,079.

Apple is planning to expand its iPad lineup with a larger tablet, which the media has taken to referring to as the "iPad Pro." Expected to measure in at 12.9 inches, the iPad Pro will be Apple's largest tablet, dwarfing both the 9.7-inch iPad Air 2 and the 7.9-inch iPad mini 3. At 12.9 inches, the iPad Pro would be closest in size to the 13-inch MacBook Air.

It is unclear what moniker Apple plans to bestow on its larger-screened iPad, but the media has taken to calling it the "iPad Pro. A recent report from Mac Fan suggests it might be called the "iPad Air Plus," after the iPhone 6 Plus and the iPad Air.

While rumors on the larger iPad are somewhat scarce, it's believed the tablet will closely resemble the iPad Air 2 and the iPad mini 3, offering a thin chassis and slim bezels. The iPad Pro may measure in at 7mm, and it will likely include several iPad Air 2 features like 2GB of RAM, Touch ID, and 802.11ac Wi-Fi.

It may also ship with an "ultra" high-resolution display and speakers and microphones at both the top and bottom edges of the device, creating an improved stereo audio experience. It could also feature an optional stylus accessory, an add-on keyboard, and perhaps even USB 3.0 ports.

In iOS 9, Apple's newest operating system, the iPad keyboard is able to scale up to a larger size, hinting that work on a larger tablet is indeed ongoing. Code in iOS 9 and analytics information further suggests that the iPad Pro's resolution is 2732 x 2048, with 264 pixels per inch at a diagonal display size of 12.93 inches.

It is not yet clear when the iPad Pro might launch, but several rumors have suggested Apple is targeting a fall release date for the tablet. The iPad Pro is rumored to be entering production in September or October, which means it will likely launch late October or November, perhaps alongside iOS 9.1.

Apple is holding an iPhone-centric event on Wednesday, September 9, and rumors have suggested the company plans to introduce the 12.9-inch tablet at that time. Though it may be shown off in September, the iPad Pro is not expected to launch until November, with Apple beginning to accept pre-orders for the device in late October.

Apple: iPhone 6s and iPhone 6s Plus

Apple introduced the next-generation iPhone 6s and iPhone 6s Plus at its media event in San Francisco on September 9. The new iPhones feature an A9 chip and M9 motion coprocessor, 3D Touch, 12-megapixel rear-facing camera, 5-megapixel front-facing camera, stronger glass and Series 7000 aluminum, faster Touch ID, Live Photos and a new Rose Gold color option.

iPhone 6s and iPhone 6s Plus are powered by an Apple A9 chip and embedded M9 motion coprocessor that deliver up to 70% faster CPU performance and up to 90% faster graphics compared to the A8 chip inside the iPhone 6 and iPhone 6 Plus.

3D Touch on iPhone is similar to Force Touch on Apple Watch, enabling users to make "peek and pop" gestures on the screen to access actionable shortcuts or preview content, such as text messages, flight information, calendar appointments and more. There's also a new Taptic Engine inside of the iPhone 6s that enables haptic feedback so you get touch-based responses when using 3D Touch.

The smartphones feature an improved 12-megapixel rear-facing iSight camera with 4K video recording and 5-megapixel front-facing FaceTime camera with true tone Retina Flash -- in low light, the front display will flash for a split second instead of using a traditional LED flash.

iPhone 6s and iPhone 6s Plus also have a second-generation Touch ID fingerprint scanner that is up to two times faster compared to Touch ID on previous iPhones.

The iPhones are crafted from Series 7000 aluminum and come in a new Rose Gold color, alongside Silver, Space Gray and Gold. Otherwise, the handsets look virtually the same as the iPhone 6 and iPhone 6 Plus, but they are slightly thicker and heavier.

The iPhone 6s retails for $199/$299/$399 for 16GB/64GB/128GB respectively on a two-year contract. The iPhone 6s Plus retails for $299/$399/$499 for 16GB/64GB/128GB respectively on a two-year contract. Carrier financing and leasing programs are also available through AT&T, Verizon, Sprint, T-Mobile and many other carriers worldwide, and Apple also announced its own iPhone upgrade program that lets users get a new iPhone each year with pricing that starts at $32.41 per month.

iPhone 6s and iPhone 6s Plus pre-orders begin on Saturday, September 12 at 12:01 AM Pacific ahead of a Friday, September 25 launch in the United States, Australia, Canada, China, France, Germany, Hong Kong, Japan, New Zealand, Puerto Rico, Singapore and the United Kingdom. The new iPhones will be available in over 130 countries by the end of the year.

Rumors about the next-generation iPhone have been trickling in for months. It's expected that Apple will continue its 2014 trend, offering the 2015 iPhone in two separate sizes -- one larger and one smaller.

We expect Apple will stick to its long running "S" naming scheme (which has been around since 2009), calling the new phones the iPhone 6s and the iPhone 6s Plus. iPhone 6s Plus is a mouthful though, so it is possible that this might be the year that we get a new naming format. One analyst believes Apple might call its next-generation phone the "iPhone 7" due to the significance of the new changes being implemented, but it's far too early in development to know for sure.

Because it's an "S" year upgrade and because the iPhone was just redesigned, the next-generation version will focus on internal improvements rather than an updated external look. Screen sizes will remain at 4.7 and 5.5 inches, and Apple is not expected to introduce a new 4-inch model.

There may be a few exterior changes, though. There's been a rumor that Apple will add a new color option to its iPhone lineup in 2015 -- pink (which may be rose gold). We've also seen two rumors suggesting Apple might opt to use the same 7000 series aluminum used in the Apple Watch in the next-generation iPhone. The aluminum is 60% stronger than standard aluminum but still lightweight.

In the past, "S" upgrades have brought features like Siri, Touch ID, new processors, and camera improvements, and we can expect to see many of the same updates with the iPhone 6s and iPhone 6s Plus. According to rumors, the new devices will gain a faster A9 processor, 2GB of RAM, a 12-megapixel rear camera with 4K video recording, and a 5-megapixel front-facing camera.

The 2015 iPhones are also expected to gain the Force Touch feature first introduced with the Apple Watch, allowing for new gestures that incorporate pressure sensitivity, and improved Touch ID to make fingerprint recognition faster.

Though the iPhone 6s and 6s Plus are expected to retain the same design as iPhone 6 and 6 Plus, the addition of Force Touch and 7000 series aluminum could slightly change the thickness and the dimensions of the iPhone 6s and the iPhone 6s Plus.

Multiple rumors and leaked schematics, and even what's said to be a fully assembled "prototype" iPhone 6s, have suggested the iPhones could be slightly thicker, by approximately 0.2mm. Renderings of the devices and a video comparison of the iPhone 6 and 6s shell indicate the iPhone 6s may be 7.1mm thick instead of 6.9mm while the iPhone 6s Plus may be 7.3mm thick instead of 7.1mm. At 0.2mm, the difference between the iPhone 6 and 6s will be nearly undetectable and most cases and accessories designed for the iPhone 6 should continue to work with the iPhone 6s.

A materials analysis of the iPhone 6s shell has confirmed that Apple is indeed using a new alloy for the device. With 5 percent zinc, it's in line with many 7000 Series aluminum alloys. A bend test on the shell suggests it's much stronger and more resistant to bending, and in addition to using a new alloy, Apple has also added reinforcement to the areas around the home button and volume buttons of the device.

The iPhone 6s and 6s Plus will continue to offer features that have become integral to the iPhone, including NFC for Apple Pay, 802.11ac Wi-Fi capabilities, and LTE Advanced. The two new phones will continue to be available with the same general storage options as the iPhone 6 and 6 Plus, with storage capacities starting at 16GB.

It's an "S" upgrade year, Apple has asked its suppliers to produce a record-breaking 85 to 90 million units of the iPhone 6s and iPhone 6s Plus combined by the end of the year. The high number of orders suggests Apple is expecting significant demand for the two devices and hoping to avoid supply shortages, but the addition of Force Touch may impact initial production numbers.

Apple plans to unveil the iPhone at a media event in San Francisco scheduled for September 9. Pre-orders, if accepted, will follow on September 11, with an official launch likely happening on September 18.

Microsoft: Intrasite and Intersite Replication of Active Directory

There are two types of Active Directory replication based on site topology. Intrasite and Intersite replication. In intrasite replication, all the domain controllers inside the same site will replicate each other. In Intersite replication, Selected Domain controllers of two different sites will replicate during specified interval. Domain controller which is assigned for replication over the site is called Bridge Head Servers.

<< Interval for Intrasite Replication >>
Intrasite replication occurs automatically on the basis of change notification. Intrasite replication begins when you make a directory update on a domain controller. By default, the source domain controller waits 15 seconds and then sends an update notification to its closest replication partner. If the source domain controller has more than one replication partner, subsequent notifications go out by default at 3 second intervals to each partner. After receiving notification of a change, a partner domain controller sends a directory update request to the source domain controller. The source domain controller responds to the request with a replication operation. The 3 second notification interval prevents the source domain controller from being overwhelmed with simultaneous update requests from its replication partners.

But for some of the directory updates, domain controllers will not wait for 15 seconds for replication. This situation is called Urgent Replication. Some of the directory updates such as assigning of account lockouts and changes in the account lockout policy, the domain password policy, or the password on a domain controller account etc. are example for Urgent Replication.

<< Interval for Intersite Replication >>
Intersite replication occurs between replication partners in two different sites. Active Directory preserves bandwidth between sites by minimizing the frequency of replication and by allowing you to schedule the availability of site links for replication. By default, intersite replication across each site link occurs every 180 minutes that is 3 hours. You can modify this replication interval, and it can be brought down till 15 minutes. But its always recommended to keep the default interval because the intersite replication occurs between low speed WAN links, hence reducing the replication interval could cause high network traffic and latency.

Microsoft: Copy Incoming ( Inbox ) or Outgoing Emails ( Sent Items ) to Another Mailbox in Exchange 2007 or 2010

Occasionally you may have a requirement to copy incoming or outgoing emails for specific users to another mailbox for monitoring or compliance purposes.

To be able to do this you can use an Exchange Transport Rule.

1. First open the Exchange Management Console, expand Organization Configuration, and select Hub Transport.

2. Right click the blank space in the main window and select New Transport Rule.

3. Enter the name for your new transport rule, click Next.

4. Select the conditions you want for the rule. Select from people as a condition, and then click the underlined value people to select from which people you want the rule to apply to. Click Add, and then add the email accounts you want to copy emails from. In our example we want to copy emails from the accounts mailbox. Click OK.

5. Click Next.

6. Now select the Action for the rule, in our scenario we are going to choose Blind carbon copy (Bcc) the message to addresses, once selected, click the underlined addresses value. Click Add, select the user to Bcc the emails to, in our example we are going to Bcc the Administrator email account, click OK, click Next.

7. If you want to add an exception to the rule you can do so next, in our example we want all emails to be copied so we won’t select an exception. Click Next.

8. Then on the Configuration Summary page click New to create the rule.

9. Then on the Completion page click Finish to exit the Wizard.

10. You should now see your new Transport Rule in the Exchange Management Console.