4.1 All_BestPracticesAnalyzer

Use this Knowledge Script to monitor the Windows event log for errors and warnings whose source is BPA (Exchange Best Practices Analyzer). This script raises an event if the Knowledge Script job fails or the event log contains error and warning messages.

If you are not running the BPA, you can use this script to execute the BPA each time the script runs. If you set the Execute Best Practices Analyzer during job? parameter to Yes, AppManager runs the BPA at each iteration of the Knowledge Script job. AppManager then stops the BPA and analyzes the event log for errors and warnings raised by the BPA.

NOTE:

This script may raise duplicate events on computers where multiple Exchange Server 2007 and 2010 roles are installed. These duplicate events are raised because the BPA populates the event log with errors and warnings for each role when the error or warning is applicable for the entire Exchange Server 2007 or 2010 organization.
This script is not applicable for Exchange Server 2013, 2016, and 2019.
Most BPA events do not indicate which role they are associated with. Therefore, this script raises events that are not associated with a role. However, the AppManager event messages include the text of the BPA event, which should help you determine which role is affected.

This script is a member of the Exchange2007 recommended Knowledge Script Group. For more information, see Section 4.43, Recommended Knowledge Script Group.

4.1.1 Running the ExBPAcmd.exe Tool Manually

The BPA must be running so that it can submit any errors or warnings to the event log. This script will not work if you are not running the BPA and do not enable the Execute Best Practices Analyzer during job? parameter.

If you do not enable this script to launch the BPA, then run the ExBPAcmd.exe tool manually to monitor the Windows Event Log for errors and warnings.

To run the ExBPAcmd.exe tool manually:

Open the Exchange Management Shell.
Run the following command:
```
$exBPAoutput = . "C:\Program Files\Microsoft\Exchange Server\Bin\ExBPAcmd.exe" 
-p Events:Enable -r "5,$role,$scan_type,Server=<ExchangeServerName>"
```
where $role is one of the following values enclosed in quotation marks (“ ”): Mailbox, Gateway, Bridgehead, ClientAccess, ClusterMailbox

where $scan_type is one of the following values enclosed in quotation marks (“ ”): Health, ConnectivityTask, Ex2007Readiness, Perf, Permissions

where <ExchangeServerName> is the name of the Exchange server where you want to run the ExBPAcmd.exe tool.
Run the following command to display the output of the ExBPAcmd.exe tool:

Write-Host $exBPAoutput

These commands enable the event log register.

4.1.2 Prerequisites

Before running this script, ensure that the following permissions and memberships exist.

Component	Required Permissions and Memberships
Account running the AppManager agent service (netiqmc)	Membership in the Builtin\Administrators group on the Active Directory server Membership in the local Administrators group on the local computer Delegation for at least Exchange View-Only permissions
Exchange Best Practice Analyzer tool (for all Exchange Server roles)	Designation as the Domain Administrator, or membership in the Builtin\Administrators group on the Active Directory server, for enumerating the Active Directory information and calling the Microsoft Windows Management Instrumentation (WMI) providers on the domain controller and global catalog servers Membership in the Local Administrators group on each Exchange server for calling the WMI providers and accessing the registry and the metabase Delegation for at least Exchange View-Only Permissions on the Exchange organization

Component

Required Permissions and Memberships

Account running the AppManager agent service (netiqmc)

Membership in the Builtin\Administrators group on the Active Directory server
Membership in the local Administrators group on the local computer
Delegation for at least Exchange View-Only permissions

Exchange Best Practice Analyzer tool (for all Exchange Server roles)

Designation as the Domain Administrator, or membership in the Builtin\Administrators group on the Active Directory server, for enumerating the Active Directory information and calling the Microsoft Windows Management Instrumentation (WMI) providers on the domain controller and global catalog servers
Membership in the Local Administrators group on each Exchange server for calling the WMI providers and accessing the registry and the metabase
Delegation for at least Exchange View-Only Permissions on the Exchange organization

4.1.3 Resource Object

Exchange_Server

4.1.4 Default Schedule

By default, this script runs every one hour.

4.1.5 Setting Parameter Values

Set the following parameters as needed:

Parameter	How to Set It
General Settings
Job failure event notification
Event severity when job fails	Set the severity level, from 1 to 40, to indicate the importance of an event in which the All_BestPracticesAnalyzer job fails. The default is 5.
Analyze Exchange Server 2007/2010 Best Practices
Execute Best Practices Analyzer during job?	Select Yes to allow AppManager to launch the BPA using a command-line execution of ExBPACmd.exe at each iteration of this script. If you are already running the BPA, then clear this option. The BPA must be running so that it can submit any errors or warnings to the event log. The default is Yes.
Type of scan to execute	Select the type of scan the BPA should perform: Connectivity Test. To scan network connections and permissions for the selected Exchange server. Exchange 2007 Readiness Check. To assess your organization's readiness for Exchange Server 2007. Health Check. To perform a full scan, checking for errors, warnings, and configuration information. This option is selected by default. Permission Check. To ensure that your Exchange Server 2007 deployment has the proper credentials as defined by your organization.
Event Notification
Comma-separated list of event IDs to ignore	Provide a list of error and warning ID numbers that this script should ignore when scanning the event log. Separate the numbers with a comma.
Raise event for errors found in Windows Event Log?	Select Yes to raise an event when the event log contains error messages raised by the BPA. The default is Yes.
Event severity when errors found in the Windows Event Log	Set the severity level, from 1 to 40, to indicate the importance of an event in which the event log contains error messages. The default is 5.
Raise event for warnings found in Windows Event Log?	Select Yes to raise an event when the event log contains warning messages raised by the BPA. The default is Yes.
Event severity for warnings found in the Windows Event Log	Set the severity level, from 1 to 40, to indicate the importance of an event in which the event log contains warning messages raised by the BPA. The default is 15.