Monday, July 13, 2009

Exchange 2010 - Signature generation using Custom Attributes

Following on my signature post here, I decided to take the signature to the next level a little, and update the "how to" some. First off, Custom Attributes are supported for signature fields. I tested successfully seen here:

And, after some poking, I think all of the macro's are based on the Powershell attributes on the get-mailbox cmdlet. So run a get-mailbox USER fl and you can work from there. If you have a binary image attached in AD, I wonder if you could add that to a signature.

Thursday, July 09, 2009

Exchange 2010 Hub Transport - building an automated signature

Update - 5/14/2012 - Per popular demand in the comments, I am highlighting up front that this method does not work as expected.  It attaches a signature at the bottom of every EMAIL, and not at the bottom of every new message.  So the bottom of a reply/all email will have everyone's signatures in a non-desirable manner.  I had hoped that in service packs MSFT might have updated this to deliver a more desirable result, but this has not yet occurred.  Thanks to my readers and commenters for asking me to update this!

This article is something I wish I could have done in 2007. You can now not only do disclaimers appended to an email, but you can customize the appended data using macros surrounded by two percent signs… for example %%displayName%% would display your Active Directory AD Display Name.
Do note that for these rules to fire, your outbound SMTP must be Exchange 2010. I haven't gotten that far into our migration yet, but created a new send connector to another domain to explicitly route out the 2010 server.
Reasons why you want to do this:
  1. Rich text sigs currently attach as images to each sent item and each reply. At 5-10k per message, that adds up a LOT under volume. With transport based signatures, these are applied on sending, and not saved in sent items. Since we use an IMG tag to support the image, it can go on an externally hosted web server.
  2. Corporate control of signature content based on Active Directory gives a LOT more centralized control. If we allowed marketing the ability to update this transport rule via the new Exchange control panel - they could add/update the marketing line in one place instead of asking employees to comply to a policy.
Below are the steps to create the Transport Rule (note that these all say edit - I didn't take initial screenshots, but the steps are identical)

So now, let's see what that looks like on the receiving end:

Ick. Not exactly pretty. And it missed the newline I entered. Let's see what we can do with this. Trying HTML:

This results in:

I obviously skipped the tough part here just to proof of concept the formatting.
Let's see if some insane winword formatted HTML makes this break - Best practice here would be to have your web development company trim this down a LOT. This text block is 5k!

This got me here - can you tell which is from Outlook and which is generated? ( I fixed the </ there after!)

To make the HTML more navigable, I got it down to about 1kb!

OK, so we now KNOW we can duplicate a rich text signature - let's see what I can make work from AD. This is far from a complete list, just what I found with some gentle poking. I expect that Microsoft will eventually list a complete mapping of Macros to fields. If that doesn't happen for a long time, I will update this post or make a new one to list more.
Display Name%%displayName%%
First Name%%FirstName%%
Last Name%%LastName%%
Business Phone%%Phone%%

Unfortunately, I have not yet been able to find a slick way to pull Manager's email address out of this to REALLY complete the same effect.

That transport sig cost zero kb in the sent items, but if someone replies will add the 1k of html to the replied to email. Still a decent reduction if you multiply over many users and many emails.
Not too shabby, right? Now - other things like the certifications or the second phone number can be applied by either different transport rules based on departments, or by inserting additional desired fields into other attributes. If a marketing department wants to cross sell services more, they can put the top ten technologies on one transport rule, and the Exchange 2010 seminars on another transport rule, and modify the rules to apply by distribution group membership.

Tuesday, July 07, 2009

Exchange 2010 New Exchange Certificate GUI Wizard

In Exchange 2007, certificates were a thing for powershell. I personally relied on's CSR generator to build MOST of my certificates for customers to ease the pain of this. Apparently this hit Microsoft's radar and in 2010, this has been addressed with the certificate wizard. In the EMC, this is located at the root of the Server Organization (since a valid certificate can be applied to both HT and CAS activity, this makes the most sense.

Clicking on New Exchange Certificate, we are presented with a series of questions.

  1. Friendly Name - this can be anything you want "Chris Lehr cert" to the same as common name to "Exchange 2010 test cert" - whatever helps you recognize it.
  2. Domain Scope - One option here, do you want a wildcard certificate? If you do, you skip the next step.
  3. Exchange Configuration - I will screenshot this because it is pretty impressive. You get to run through the different certificate needs, what you will use, and what names (internally and externally) will be used. This then builds the certificate request for you.

    You can pick and choose the names as you select items you decide to use.

  4. Organization and Location - be sure to use information matching your domain registration for any externally facing domains. Also, you can specify the certificate request file path here.
  5. Review Settings and complete.

We utilized for a SAN cert again, and when I imported the certificate request on their website, I noticed the cert request included several domain names for autodiscover of other domains we host (that we did not need autodiscover for) - this particular certificate vendor allowed us to remove names from the certificate before issuing to keep our cost down. Some other vendors add names NOT in your request. Some will only issue exactly what you ask for (and that your registrar administrators approve)