GranitePillar

Exchange Best Practices Analyzer Overview

by Lou Gomm

The Exchange Best Practices Analyzer is a very effective tool that is included with Microsoft Exchange Server 2010. It is designed to help verify that your Exchange environment is secure and functioning correctly. The Exchange Best Practices Analyzer (ExBPA) automatically examines your existing Microsoft Exchange deployment and Active Directory, and it provides configuration advice based on Microsoft’s current Exchange best practice rules.

Note: You must have Microsoft .NET Framework 1.1 or later installed before you can successfully run the ExBPA.

For most environments, Microsoft recommends that you run the Exchange Best Practices Analyzer at least once every three months. However, a recommended best practice is to run the ExBPA once per month on all servers where Exchange is installed.

Note: You do not have to install the ExBPA on an Exchange server. This is because Exchange stores its configuration information in Active Directory. Therefore, as long as you can connect to Active Directory services, you can analyze the Exchange configuration.

As a general rule, you should also run the Exchange Best Practices Analyzer when you perform the following tasks:

When you make significant configuration changes to an Exchange server. For example, you add or remove a connector, or you create an EdgeSync connection to an Edge Transport server.
Immediately after you have installed a new Exchange server role or removed an Exchange server role.
After you install a Windows service pack or Exchange Server service pack.
After you install any third-party software on a computer that is running Microsoft Exchange.

When you run the ExBPA, you will receive a detailed report listing the recommendations that can be made to the environment to achieve greater performance, scalability, and uptime.

Using the Exchange Best Practices Analyzer

To successfully run the Exchange Server Best Practices Analyzer, you must have the following permissions:

Domain Administrator or a member of the Builtin\Administrators group on the Active Directory server.
Member of Local Administrators group on each Exchange server.
Delegated at least Exchange View Only Permissions on the Exchange organization.

As an Exchange Administrator, you can access the ExBPA in Exchange 2010 from the Exchange Management Console, under the Tools node. By default, when you start the EXBPA, it will immediately check for updates; this in an important step as both the tool and the Exchange best practice information is updated regularly. Therefore, we recommend that you always keep the ExBPA up to date.

From the Welcome screen, you can select the type of scan that you want to run, and then you are prompted to connect to Active Directory. After you successfully connect to Active Directory, you can select one of the following scan types:

Health Check
Permissions Check
Connectivity Test
Baseline
Exchange Readiness check

Setting the Label for the Scan

To set a label for the scan, on the Start a New Best Practices Scan page, in the Enter an identifying label for the scan box, enter a descriptive label.

Setting the Scope of the Scan

To specify the scope of the scan, on the Start a New Best Practices Scan page, select the servers or administrative groups that you want to scan.

You can choose from the following scopes:

The entire Exchange Server organization.
One or more administrative groups.
One or more servers from any administrative group in the Exchange Server organization.

Choosing the Type of Scan

When you choose the type of scan, you can select one of following scan types:

Health Check - The Health Check scan is the default scan type that checks for errors, warnings, non-default configurations, recent changes, and other configuration information. In most scenarios, you should run a Health Check scan if you want to check the general health of your Exchange Server organization.
Health/Performance Check - The Health/Performance Check scan performs the Health Check scan, then proceeds to sample a range of Exchange Server performance counters over a two hour period of time.
Connectivity Test - The Connectivity Test scan tests both permissions and network connections on the Exchange Servers that are specified in the scope. You should run a Connectivity Test scan if you suspect a problem with permissions access, or if you have connectivity issues. The Connectivity Test scan queries a registry sub-key setting, WMI repository access and performs a WMI query that queries the Active Directory directory service servers that are used by Exchange Server. After scanning all Exchange Servers that are specified in the scope, the Exchange Server Best Practices Analyzer queries network connectivity and Active Directory permissions settings.
Baseline - The Baseline scan checks for any differences from the source baseline values that you have set and the current Exchange server property values. The source properties are the properties that the ExBPA.config.xml file gathers. You can select the properties that you want to compare in the Baseline scan by clearing or setting the desired check boxes.

Setting Network Speed

To set the network speed, select one of the following options:

Fast LAN
LAN
Fast WAN
WAN

During the scan, the Exchange Server Best Practices Analyzer waits for a response from a server for a specified time. If it does not receive a response in the specified time-out, the Exchange Server Best Practices Analyzer moves on to complete the scan. On slower networks, this specified time-out is longer to account for longer network latencies. It is recommended that you select the slowest link in your topology for this parameter so that the Exchange Server Best Practices Analyzer does not time out too early.

Running the Scan

After you have set all the options for a scan, you can choose either Start scanning or Schedule a Scan. If you choose Start scanning, the Exchange Server Best Practices Analyzer starts scanning the Exchange organization immediately.

If you choose Schedule a Scan, you see the Schedule a Scan page. To schedule a scan, you must first enter the required permissions, and then select the Enable scan scheduling box.

The frequency setting is used to schedule how often scans are run. The Exchange Server Best Practices Analyzer does not have to be running for the scheduled scan to run. If you exit the Exchange Server Best Practices Analyzer, the scheduled scan will still run at the scheduled date and time.

Conclusion

So, in this blog post I've told you a bit about the Exchange Best Practices Analyzer and how to use it to make sure your Exchange environment is secure and working properly. I hope you found it helpful!

Link to this post at http://granitepillar.com/en/Blogs/Servers/Servers_ExBPA102209.aspx