Keeping your Exchange Server 2016 environment humming along smoothly often means diving into the world of cumulative updates (CUs). It's not always the most thrilling part of IT administration, but it's crucial for security, stability, and getting those pesky bugs ironed out. Let's break down what these updates are all about, drawing from what Microsoft has shared.
Think of cumulative updates as a comprehensive package. They bundle up fixes for non-security issues, and importantly, they also include all previously released security and non-security patches. So, when you install a newer CU, you're essentially getting a complete refresh, bringing your server up to date with the latest fixes.
Microsoft's approach to making these available is quite specific. They typically offer downloads for the two most recent cumulative updates (N-2 versions, where 'N' is the latest). This ensures that you can always get the latest fixes, whether you're starting fresh or upgrading from an older CU. The idea is to keep things manageable and ensure that servers running Exchange Server 2016 can be brought back to a supported and stable state.
Over time, various CUs have addressed a range of issues. For instance, earlier updates tackled problems like ExchangeSearch or ExchangeSearch MailboxDatabase not functioning correctly. Others resolved specific scenarios such as Edge transport service crashes when examining malicious email properties, or ActiveSync removing custom SAP ODI URIs from emails. There have also been updates to ensure that Outlook Web App's web.config files are preserved during the update process, and fixes for Cyrillic characters appearing incorrectly when running scripts like Export-PublicFolderStatistics.
More recent updates, like CU12 and CU15, have continued this trend, often including security advisories and addressing specific vulnerabilities (like CVE-2019-0686 and CVE-2019-0724 in CU12). They also incorporate important updates for Daylight Saving Time (DST) changes, which can sometimes cause calendar headaches if not addressed.
Now, when it comes to the actual installation, especially in multi-domain Active Directory environments, there are a few things to keep in mind. For some updates, you might need to run commands like /PrepareAD and /PrepareDomain before or during the installation. This is particularly relevant if you're performing a new Exchange Server installation or upgrading from a much older version, potentially skipping several CUs. The installer will attempt to run /PrepareAD during the first server installation, but it requires the user initiating the process to have the necessary permissions – typically being a member of the Schema Admins and Enterprise Admins groups. If you're upgrading from a recent CU (like CU13 or later to CU15), you often don't need to worry about these preparatory steps.
It's also worth noting that once you install a cumulative update, you generally can't uninstall it to revert to an earlier version. Doing so would effectively remove Exchange Server 2016 from that server. So, it's always a good idea to have a solid backup strategy in place before you begin any update process.
In essence, staying current with Exchange Server 2016 cumulative updates is a vital part of maintaining a healthy and secure messaging environment. While the specifics of each update might vary, the goal remains the same: to provide a more robust, secure, and feature-rich experience for your users.
