Back in October of 2010, I wrote an article here at TechRepublic entitled “Five Exchange 2010 gotchas and how to handle them.” Knowing many people wait to install the service packs, I focused that post on the RTM release, even though SP1 was made available in August 2010. There are a lot of goodies in SP1 that, even if you’ve installed it, you may have missed because they’re a bit buried. Now that I’ve had more time to work with 2010 and SP1 and get familiar with it, there are some features that I’ve grown to know and love. In this post, I want to point out four of them.

#1 EMC-based certificate handling

Personally, I truly hated certificate handling in Exchange 2007. It was confusing, convoluted and error-prone. In addition, everything had to be done from a PowerShell command line. I’m no stranger to the command line but I have grown accustomed to using a GUI to manage Microsoft products. Since certificate management isn’t something I do everyday, keeping the commands and processes straight was an exercise in frustration. Further, just figuring out what to put in the certificate request was kind of a nightmare. Fortunately, Microsoft has eased the pain by making it easier to use a wildcard certificate rather than a subject alternative name (SAN) certificate. However, for those organizations that need to use SAN certificates, the EMC-based wizard that helps you add a certificate walks you through the steps. You simply need to select checkboxes for which services should be included in the certificate (Figure A). You can also choose which domains should be included on the certificate (Figure B).

Figure A

Select which services should be included on the certificate

Figure B

Select the domains that should be included on the certificate

#2 100% virtualization is now possible and supported

For virtualization aficionados everywhere, the most welcome news that came from Exchange 2010 SP1 might be the fact that the Unified Messaging role is now fully supported by Microsoft in a virtualized environment. From Microsoft’s announcement on the topic:

“Due to improvements we made in Exchange Server 2010 SP1, along with more comprehensive testing of Exchange 2010 in a virtualized environment, we are happy to provide this additional deployment flexibility to our customers. The updated support guidance applies to any hardware virtualization vendor participating in the Windows Server Virtualization Validation Program (SVVP).”

The ability to fully virtualize all Exchange 2010 roles now makes it possible for organizations to eliminate all physical Exchange servers and enjoy the benefits that come with virtualization, including new availability mechanisms and the ability to move workloads between host servers to gain the best possible performance.

The key item, though, is to review the SVVP program and make sure that your environment meets the requirements for support. Here’s the skinny:

  • The UM role must run on a dedicated virtual machine – no CAS, Hub Transport or Mailbox services can share the virtual machine.
  • The UM role must be installed on Windows Server 2008 R2.
  • You must assign at least 16 GB of RAM to the virtual machine hosting the UM role.

# 3 Hypervisor availability and DAGs now play nicely together

Also adding to the excitement for virtualization gurus, Microsoft is plugging what was a major hole in the ability to virtualize Exchange – using hypervisor-based high availability mechanisms (VMware DRS, for example) in conjunction with Exchange’s own high availability mechanisms (Database Availability Groups or DAGs). With SP1, hypervisor high availability features and Exchange high availability mechanisms can now coexist very nicely.

#4 Distribution list naming policies

Most organizations make use of distribution lists at some level. Many organizations have gone through different naming conventions for these lists with the result being a slew of different naming styles. With SP1, you can create a distribution group naming policy that enforces the creation of distribution groups with names that match the template you provide. Now, you won’t end up with DL-Staff, DL_Employees, and IT-Staff in your list of lists.

You can’t create this policy using the Exchange Management Console. It’s a PowerShell-only affair. Here’s a look at a sample:

Set-OrganizationConfig -DistributionGroupDefaultOU Users\Groups -DistributionGroupNameBlockedWordsList bad,word,list -DistributionGroupNamingPolicy "DL-<GroupName>"

This command will create a policy that disallows the use of the words “bad”, “word” and “list” in the name of the group. The person creating the list will supply what’s necessary for group name, but all group names will be prepended with DL-.


All in all, Microsoft has made life a lot easier in a number of different ways with Exchange 2010 and with SP1.