exchange server study guide - exscc-10 v2.0_interactive study guide

Exchange Server

EXSCC-10

Exchange Server

EXSCC-10 Compiled by: Brendon Gouws and Jean Henrico

Updated by: Tiyane Maluleke

Edited by: Kim Randleff-Rasmussen and Norman Baines

Version 2.0

April 2014 CTI Education Group

Table of contents

Introduction 1 Required reading material 2 Supplementary material 2 How to approach this module 2 Icons used in this study guide 4

Unit 1 Messaging Basics 5 1.1 Email communication process 5 1.2 Domain Name System (DNS) 7 1.3 Exchange Server features and roles 8 1.4 Setup requirements 9 1.5 Computer setup instructions 10 1.6 Textbook review questions 11

Unit 2 Active Directory for Exchange Server 13 2.1 Active Directory 13 2.2 Installing Active Directory 14 2.3 Raising the domain and forest functional level 15 2.4 Sites and replication 16 2.5 Global catalog servers 16 2.6 FSMO roles 17 2.7 Creating and managing Active Directory objects 18 2.8 Textbook review questions 19

Unit 3 Exchange Server Installation 21 3.1 First Exchange Server setup 21 3.2 Second Exchange Server setup 25 3.3 Third Exchange Server setup 26 3.4 Textbook review questions 30

Unit 4 Exchange Server Configuration 32 4.1 Administrative roles 32 4.2 DNS resource records 33 4.3 Hub Transport server role 37 4.4 Edge Transport server role 38 4.5 Mailbox server role 40 4.6 CAS role 42 4.7 Email flow connectors 43 4.8 Client configuration 44 4.9 Lab challenge 48 4.10 Textbook review questions 48

Unit 5 Recipient Objects 50 5.1 Recipients 50 5.2 Mailbox users 50 5.3 Mailbox user permissions 51 5.4 Mail users 52 5.5 Mail contacts 52 5.6 Mail-enabled groups 53 5.7 Resource mailboxes 54 5.8 Moving mailboxes 56 5.9 Disabling mailboxes and users 57 5.10 Linked mailboxes 57 5.11 Lab challenge 58

5.12 Textbook review questions 58

Unit 6 Address Lists and Policies 60 6.1 Address lists and books 60 6.2 Email address policies 61 6.3 Message records management 62 6.4 Message journaling 63 6.5 Working with multiple recipient objects 63 6.6 Lab challenge 65 6.7 Textbook review questions 65

Unit 7 Public Folders 67 7.1 Public folders 67 7.2 Creating public folders 68 7.3 Public folder home page 70 7.4 Public folder replicas 71 7.5 Lab challenge 71 7.6 Textbook review questions 71

Unit 8 Protocols and Transport Rules 73 8.1 Supporting POP3 and IMAP4 clients 73 8.2 HTTP and OWA 74 8.3 MAPI/RPC and Outlook Anywhere 76 8.4 SMTP 78 8.5 Transport rules 80 8.6 Lab challenge 81 8.7 Textbook review questions 81

Unit 9 Security 83 9.1 Securing email information 83 9.2 Attack surfaces 84 9.3 Viruses and spam 85 9.4 Encryption and authentication 87 9.5 User certificates 90 9.6 Textbook review questions 91

Unit 10 Backup and Recovery 92 10.1 Database backups 92 10.2 Restoring a mailbox database 94 10.3 Restoring mailbox and email items 94 10.4 Recovery storage groups 95 10.5 Managing and repairing Exchange databases 96 10.6 Lab challenge 98 10.7 Textbook review questions 98

Unit 11 Monitoring and Reporting 100 11.1 System performance 100 11.2 Monitoring mail flow and routing 103 11.3 Message tracking 104 11.4 Client connectivity 105 11.5 Server and usage reports 107 11.6 Textbook review questions 108

Unit 12 Mobile Access and Unified Messaging 109 12.1 ActiveSync 109 12.2 Unified messaging 110 12.3 Textbook review questions 111

Unit 13 High Availability 112 13.1 High availability for Mailbox servers 112 13.2 Textbook review questions 114

Addenda 115 Page 124 (Lesson 4) 115 Page 196 (Lesson 5) 115 Page 207 (Lesson 5) 116 Page 247 (Lesson 6) 116 Page 252 (Lesson 6) 116

Unit 14 Theory and Practical Examination 117 14.1 Theory examination 117 14.2 Practical examination 117

Bibliography 118 Websites 118 Books 118

Exchange Server Exercise Checklist 119

Exchange Server Evaluation Form 120

Exchange Server | V2.0 | April 2014 Page 1 of 125

Introduction

The reliance on email over the last few years has led to an increasing number of people sending and receiving email in one form or another. To manage

emails on private networks and across the Internet, one can use a messaging server. A messaging server is an application run on a server operating system

which manages messages for distribution among multiple client applications. Microsofts messaging server application is called Exchange Server. The first version of Exchange Server, version 4.0, was released to the public in 1996 and Exchange Server has gone through a number of design phases and

versions since then. This course focuses on configuring Exchange Server 2007 with Service Pack 1.

This course is based on Microsofts 70-236 Microsoft Certified Technology Specialist (MCTS) examination. The objectives for CTIs and Microsofts 70-236 examination are listed in Table 1. For more information on this and other Microsoft certifications, you can go to www.microsoft.com/learning.

Table 1 Examination objectives

Installing and configuring Exchange Servers

Prepare the infrastructure of Exchange installation

Prepare the servers for Exchange installation

Install Exchange

Configure Exchange Server roles

Configuring recipients and public folders

Configure recipients

Configure mail-enabled groups

Configure resource mailboxes

Configure public folders

Move mailboxes

Implement bulk management of mail-enabled objects

Configuring the Exchange infrastructure

Configure connectors

Configure the antivirus and anti-spam system

Configure transport rules and message compliance

Configure policies

Configure public folders

Configure client connectivity


Monitoring and reporting

Monitor mail queues

Monitor system performance

Perform message tracking

Monitor client connectivity

Create server reports

Create usage reports

Configuring disaster recovery

Configure backups

Recover messaging data

Recover server roles

Configure high availability

Required reading material

You will need the following books to complete the Exchange Server course: Eckert, J. W. Microsoft Official Academic Course Microsoft Exchange Server

2007 Configuration (Exam 70-236). John Wiley & Sons Inc.

Eckert, J. W. Microsoft Official Academic Course Microsoft Exchange Server 2007 Configuration (Exam 70-236) lab manual. John Wiley & Sons Inc.

Supplementary material

www.msexchange.org

How to approach this module

This study guide will prepare you for the CTI Exchange Server theory and practical examination. This study guide is to be used in conjunction with the

self-paced Microsoft MCTS training kit. You are advised to spend as much time

as possible working with the Microsoft Exchange Server 2007 SP1 application, as practical experience will not only improve the skills required to pass the

practical examination, but will also provide the learner with good knowledge of the material for the theory examination. You are required to study this guide and the Microsoft Exchange Server 2007 Configuration textbook in its entirety

before you book for the theory examination.

NOTE The practical examination will be based on the labs/exercises found in the Microsoft Official Academic Course Microsoft Exchange Server 2007 Configuration (Exam 70-236) lab manual.


Table 2 provides a 20-day suggested study schedule for this course.

Table 2 Study schedule

Day Unit

1 1+ 2

2 2

3 3

4 4

5 5

6 5

7 6

8 7

9 8

10 9

11 9

12 10

13 11

14 12 + 13

15 Lab Exercises

16 Lab Exercises

17 Lab Exercises

18 Revision

19 Theory Examination

20 Practical Examination


Icons used in this study guide

This icon indicates the beginning of a unit.

Outcomes at the start of the each section or unit, i.e. the

knowledge and skills you should have acquired after each unit.

This icon indicates the required reading in the prescribed

textbook.

Self-assessment: A knowledge assessment to test the learners understanding of the material.

Labs/work to be done on computer: Hands-on exercises to be done on one or more computers in order to improve your

practical skills.

Labs/exercises refer to those labs/exercises found in prescribed lab manual.


Unit 1 Messaging Basics

At the end of this unit you will be able to:

Identify the purpose and use of Exchange Server.

Describe standard email terminology. Understand email relay and DNS MX record usage.

Identify common email formats and protocols. Identify previous versions of Exchange Server and their

features. List the new features introduced into Exchange Server 2007.

Describe the function and use of Exchange Server 2007 server roles.

Set up the lab computers.

Microsoft Exchange Server 2007 Configuration textbook:

Lesson 1, pages 122.

1.1 Email communication process

Email or electronic mail is the process of sending text messages in electronic form between one or more computers. Today, emails can include images and video clips and a variety of other attachments. Email relaying is the act of a

mail transfer agent (MTA, discussed next) accepting a message from a

persons email client software and forwarding that message on to its final destination or, at least, as close as possible to its final destination sometimes a message has to be relayed in two or more hops (servers). The following

three agents (programs) are involved in the email relaying process:

1.1.1 Mail user agent

Also referred to as the email client program, the mail user agent (MUA) is

the program that allows a user to compose, send and receive email messages. The MUA provides the interface between the user and the mail transfer

agent (MTA). Modern MUAs are capable of retrieving messages via several

protocols, setting up mailboxes to store messages and sending outbound

messages to an MTA. Outgoing mail is handed over to an MTA for delivery

while the incoming messages are picked up from where the MTA left them. An MUA may send a message directly to an MTA that handles mail for the

intended recipient or to the local MTA that will forward the message to another MTA. Microsoft Outlook 2007 (shown in Error! Reference source not found.)

is an example of an MUA.


1.1.2 Mail transfer agent

The mail transfer agent (MTA) is responsible for transferring messages

between machines. MTAs do not deliver the message to the recipient, but rather prepare the message for the next step on its journey. A message may

involve several MTAs as it moves to its intended destination. Upon receiving a message from an MUA or another MTA, the MTA stores it locally, analyses the

recipient, and either sends it to the mail delivery agent (MDA) if addressed locally or forwards it to another MTA.

1.1.3 Mail delivery agent

A mail delivery agent (MDA) is a small program that is responsible for

accepting incoming mail from an MTA and placing that mail in a particular users mailbox.

NOTE A mailbox is a file or a container that is stored on a mail server that

holds both incoming messages until they are ready to be processed by

a particular users MUA and outgoing messages. It is the equivalent of a post box for electronic mail. A public folder is a repository for

information, and can be used to store messages, files (as message attachments), calendars or contacts. The idea behind a public folder is

that if your organisation has information that everyone needs to access, it is sometimes easier to place that information in a public

folder so that it is available through client applications than to put it in a normal file share.

Figure 1 A mail transfer agent


An example of the overall flow for message creation, mail transport and

delivery is illustrated in Figure 2.

Figure 2 Email relay

1.2 Domain Name System (DNS)

If you spend any time on the Internet sending email, then you have probably used one or more DNS servers without even realising it. For Exchange Server

2007 to function correctly, DNS must be used in your organisation. DNS

functions as a distributed database using a client/server relationship between clients that need name resolution (the process of translating host names into

IP addresses) and servers that maintain the DNS data. The whole database is pictured as a hierarchical tree, similar to the Windows file system, and the

database is indexed by domain names. At the top of the tree lies a hidden domain called the root domain, which is represented by a dot (.). Beneath the

root domain lie several top-level domain names such as .co.za and beneath the top-level domain names lie several second-level domain names that are used

by organisations, such as CTI.


When you send an email message, you use a domain name to do it. For

example, the email address [email protected] contains the domain name cti.co.za. Each domain name is a path in the tree, called the domain

namespace. The absolute path of a domain name is called a fully qualified domain name (FQDN). A domain is a subtree of the domain namespace and

contains the actual host computers. The DNS database is made up of resource records, which will be discussed in more detail later on in this study guide

(Section 4.2).

1.3 Exchange Server features and roles

Exchange Server provides a role-based installation model, which increases

functionality, performance and security. This allows an administrator to split the functions of an Exchange server and place each role, or a combination of

roles, on different servers in the organisation. The five exchange server roles are briefly discussed in Table 3.

Table 3 Exchange Server roles

Role Function

Mailbox Server (MB)

This is a mandatory role that holds the user mailbox and public folder databases. Mailbox

servers must be members of an Active Directory domain.

Hub Transport Server (HT)

This is a mandatory role that routes all messages between mailboxes on the same Mailbox server and on different Mailbox servers. This role also

transports rules and allows you to apply policies to messages. This role must be a member of an Active

Directory domain.

Client Access Server (CAS)

This is the server role that users connect to with their email clients, mobile devices and web

browsers. The CAS role handles all connections to the mailboxes and processes client requests

directly. This role must also be a member of an Active Directory domain.


Role Function

Edge Transport Server (ET)

This is an optional role that is designed to be installed on a stand-alone server on the edge of a

network or demilitarised zone (DMZ) and provide a secure SMTP gateway for all incoming and

outgoing messages. The Edge Transport role performs a number of other functions including

anti-spam and antivirus protection. Because this

role is not intended to be a member of an Active Directory domain, a service called Active

Directory Application Mode (ADAM) or Active Directory Lightweight Directory Services (AD

LDS) for Windows Server 2008 computers and a component called EdgeSync are required to

perform a scheduled one-way synchronisation of the configuration and recipient information from

Active Directory to the Edge Transport server.

Unified Messaging Server (UM)

This is an optional role that is responsible for merging your Voice over Internet Protocol/Public

Branch Exchange (VoIP/PBX) infrastructure with your Exchange mailboxes. It allows you to:

Combine voice messaging, fax and email into one inbox, which can be accessed from a

telephone and a computer. Access voice, fax and mail via multiple

interfaces.

1.4 Setup requirements

The practical examination will be based on the labs in the Microsoft Official Academic Course, Microsoft Exchange Server

2007 Configuration lab manual. We will be using the Windows

Server 2003 operating system with Service Pack 2. The labs for

this course will be done on three physical PCs, not virtual machines as suggested in the prescribed lab manual. You will be

given directions throughout this study guide on which exercises to complete.

The minimum hardware requirements for each one of the three PCs are as

follows:

Processor: 1 GHz 64-bit Intel (EM64T) or AMD processor RAM: 2 GB

Disk space: 80 GB hard drive DVD-ROM drive

Keyboard and mouse

10/100 Ethernet network card SVGA monitor

1 switch (required to connect all PCs)


The software requirements for the PCs are as follows:

Drivers for the above-mentioned hardware

Operating system: Windows Server 2003 64-bit with Service Pack 2 (Standard or Enterprise edition)

Exchange Server 2007 Standard or Enterprise Edition with Service Pack 1 Microsoft Office 2007 (Outlook 2007 and Excel 2007)

PowerShell 1.0 Microsoft .NET Framework 2.0 with service pack 1

Windows Media Encoder 9 Series (x64 version) Microsoft Core XML Services 6.0 (MSXML6_x64)

The appropriate updates/hotfixes Storage: a memory stick/flash drive or blank CD/DVD

Your lecturer will provide you with the above software products. Do not install any software just yet. You will be given instructions on when and how to install

the above software in the subsequent units.

1.5 Computer setup instructions

Complete the Installing Windows Server 2003 exercise on

page 583 of the prescribed Microsoft Exchange Server 2007

Configuration textbook to install the Windows Server 2003

operating system on all three of the computers. Install and

configure the operating system using the configuration information below along with the information on page 583 of the prescribed textbook and the information found in Exercise 1.1

(LAB 1) of the prescribed lab manual.

PC1:

Time zone: (GMT+02:00) Harare, Pretoria

Correct date and time IP address: 192.168.1.1

Subnet mask: 255.255.255.0 Preferred DNS server: 127.0.0.1

Default gateway: 192.168.1.1

Computer name: Student01-A (referred to as StudentXX-A in the lab

manual) Password: secret

PC2: Time zone: (GMT+02:00) Harare, Pretoria

Correct date and time IP address: 192.168.1.2 Subnet mask: 255.255.255.0

Default gateway: 192.168.1.1 Preferred DNS server: 192.168.1.1

Computer name: Student01-B (referred to as StudentXX-B in the lab



PC3:

Time zone: (GMT+02:00) Harare, Pretoria

Correct date and time IP address: 192.168.1.3

Subnet mask: 255.255.255.0 Default gateway: 192.168.1.1

Preferred DNS server: 192.168.1.1 Computer name: Student01-C (referred to as StudentXX-C in the lab


Make sure Windows Server 2003 Service Pack 2 is installed on all three

computers.

Ensure that all three PCs are set up correctly and each PC has network access.

The three PCs will be referred to by the above computer names for the rest of the exercises in this study guide and the lab manual. The same administrator

account and password (i.e. secret) will be used to log on to all three PCs and complete the exercises in the lab manual.

NOTE Do not complete exercises 1.21.4 in LAB 1 of the prescribed lab manual.

1.6 Textbook review questions

Complete the Knowledge Assessment section for Lesson 1 on

pages 2022 of the prescribed textbook. Complete the review questions on page 21 and the case scenarios on page 22 in the

spaces provided below.

Question 1:

Question 2:


Scenario 1-1: Creating a Proposal

Scenario 1-2: Designing Server Roles

Signed by lecturer: ________________


Unit 2 Active Directory for Exchange Server


Explain what Active Directory is and its function.

Understand, configure and manage the following Active Directory components:

o Objects including users, groups and computers o Domains

o Organisational units o Forests

o Trusts o Functional levels

o Sites and replication o Global catalog

o FSMOs

o GPOs



2.1 Active Directory

A directory service is a system that stores, organises and provides access to

information in a directory. The directory service in Windows Server 2003 is called Active Directory (AD). Active Directory is a database that stores

information about resources on a Windows Server network and makes it easy

for administrators and users to find and use these resources.

The advantages of using Active Directory as well as the services provided with Active Directory are as follows:

AD is based on the Lightweight Directory Access Protocol (LDAP). LDAP is a

directory service protocol that runs over TCP/IP and is used by network clients to look up information about resources in Active Directory.

Authentication is based on Kerberos, a network authentication protocol that enables hosts on a non-secure network to prove their identity to one

another in a secure way. Active Directory relies on DNS-based naming and other network

information.

AD provides a central location from which to manage the network. Active Directory allows single sign on for user access to networked-based

resources. AD provides the ability to scale up or down easily.

Table 4 provides a brief description of the function of domains, domain trees,

forests, domain controllers and the schema.


Table 4 Domains, domain trees, forests, DCs and schema

Domain

A domain is a group of computers and other resources that are part of the network and share a

common directory database. All objects and OUs exist within a domain.

Domain Tree

A domain tree is a hierarchical grouping of one or more domains that share a common namespace.

DNS domain names are represented as a tree

structure.

Forest

At the top of the Active Directory structure is the

forest. A forest consists of one or more domain trees that do not necessarily form a contiguous

namespace but may share a common schema and global catalog.

Domain Controller

A domain controller (DC) is a computer running Windows Server that validates user network access

and manages Active Directory. A DC stores and manages all Active Directory information for a

particular domain as well as replicating those

changes to other domain controllers in the same domain. Schema and infrastructure configuration

information are replicated between all domain controllers in a forest.

Schema

The schema is created when Active Directory is installed on the first domain controller on the

network; it contains a set of rules that define all the objects and attributes that Active Directory

uses to store data. An administrator can add new definitions to the schema to support new types of

objects in the directory.

2.2 Installing Active Directory

Complete Exercise 2.1 and Exercise 2.2 in LAB 2 of the

prescribed lab manual using the configuration information below. Take note of any addenda/changes listed and which steps you

must and must not complete.


Exercise 2.1

Complete Steps 124. In Step 10, name the new domain StudentAA.com. Remember that

wherever StudentXX.com is referenced in the prescribed lab manual, you must replace this with StudentAA.com.

Do not complete Steps 2527.

Exercise 2.2

Complete all steps. In Step 6, enter StudentAA.com as the domain instead of StudentXX.com.

Remember to use this domain name whenever StudentXX.com is referred to in the prescribed lab manual.

2.3 Raising the domain and forest functional level

In Active Directory, domain controllers can run different versions of Windows

Server operating systems. The functional level of a domain or forest depends on which versions of Windows Server operating systems are running on the

domain controllers that reside in the domain or forest. The functional level of a

domain or forest controls which advanced features are available in the domain or forest.

Active Directory supports a phased implementation of new versions of the

Windows Server operating system and advanced features on domain controllers by providing multiple functional levels, each of which is specific to

the version of Windows Server that is running on the domain controllers in the environment. These functional levels provide configuration support for Active

Directory features and ensure compatibility with domain controllers running earlier versions of Windows Server.

Complete Exercise 2.3 of the prescribed lab manual using the

configuration information below. Take note of any addenda/changes listed and which steps you must and must not

complete.

Exercise 2.3

Complete all steps.


2.4 Sites and replication

A site comprises one or more Internet Protocol (IP) subnets that are tied

together by high-speed, reliable connections. Administrators establish sites to group subnets together into a logical collection to effectively control the

replication (copying) of Active Directory information among domain controllers

across the network and to ensure that updates and policies are applied to all users and computers. Domain controllers that are located in the same site will

replicate their Active Directory database information more often than those located at different sites.

Complete Exercise 2.4 in LAB 2 of the prescribed lab manual

using the configuration information below. Take note of any

addenda/changes listed and which steps you must and must not complete.

Exercise 2.4

Complete all steps.

Step 4 should read: Expand StudentXX-B and then highlight NTDS Settings.

2.5 Global catalog servers

A global catalog (GC) is a catalogue of all objects in a forest (it contains a

subset of attributes for each object). This catalogue enables users and

applications to perform forest-wide searches and quickly find objects or resources in a multiple-domain environment.

Universal Group Membership Caching (UGMC) is used to locally cache a

users membership in universal groups on the domain controller authenticating the user. Unlike global group memberships, which are stored in each domain,

universal group memberships are only stored in the global catalog. For example, when a user who belongs to a universal group logs on to a domain

that is set to the Windows 2000 native domain functional level or higher, the global catalog provides universal group membership information for that users account at the time the user logs on to the domain to the authenticating domain controller.

UGMC can be particularly useful in branch office scenarios where you do not

want to deploy a global catalog server because of the extra WAN traffic that

the GC needs to replicate with other domain controllers in the domain. UGMC is generally a good idea for multiple domain forests when:

Universal group membership does not change frequently. There is low WAN bandwidth between domain controllers at different sites.

It is recommended that you disable UGMC if all domain controllers in a forest are global catalog servers.



using the configuration information below. Take note of any addenda/changes listed and which steps you must and must not

complete.

Exercise 2.5

Complete all steps.

2.6 FSMO roles

Active Directory, in general, uses a multimaster replication scheme for

replicating the directory database between domain controllers, so all domain controllers in a domain are essentially equal. Some tasks are impractical to

perform using the multimaster replication scheme; one domain controller called the operations master accepts requests for such tasks. Active

Directory has five operations master roles, and initially all five exist on the first

domain controller installed in a new forest. You can and should move roles around as additional domain controllers are joined to the forest and as

subsequent domains are created within the forest. The operations master roles are sometimes called flexible single master operations (FSMO) roles.

Every domain in an Active Directory forest contains one of each of the

following FSMO roles:

PDC emulator Relative identifiers (RID) master

Infrastructure master Every Active Directory forest contains one instance of the following FSMO

roles:

Schema master Domain naming master

Read page 37 of the prescribed textbook for a description of the function of the

above FSMO roles.



complete.

Exercise 2.6

Complete all steps.


2.7 Creating and managing Active Directory objects

An object is any user, printer, system, resource, or group tracked within

Active Directory. Each object is identified by its name and represented by a set of properties called attributes. For example, in Exchange, a users attributes would include the first name, last name and email address of the user. Attributes are defined by the schema, which determines the kinds of objects

that can be stored in Active Directory.

Groups are objects that can contain users, computers and other groups.

Groups may be assigned permissions and be part of an email distribution list. An organisational unit (OU) is a container in which you can place objects

and other OUs that belong to the same domain. An OU is the smallest unit to

which you can assign and delegate administrative authority.

Complete Exercise 2.7 and Lab Challenge 2.1: Seizing an FSMO role in LAB 2 of the prescribed lab manual using the

configuration information below. Take note of any addenda/changes listed and which steps you must and must not

complete.

Exercise 2.7

Complete all steps. Step 14 should read:

Use the procedure detailed in the previous two steps to create the Executives and Supervisors groups under your domain.

Step 15 should read: In the left pane, highlight the Sales OU. Next, right-click the Sophia Boren

user account in the right pane and select Properties. Highlight the Member Of tab of the groups properties.

After completing Step 19, enable the Lois Lipshitz user account by right-clicking the account and selecting Enable Account.

Lab Challenge 2.1

Complete lab challenge. Ensure that Student01-A holds all five of the FSMO

roles. See pages 6061 of Lesson 2 in the prescribed textbook for how to seize FSMO roles.

Lab Challenge 2.2

Do not complete this lab challenge.




pages 7678 of the prescribed textbook. Complete the review questions on page 78 and the case scenarios on page 78 in the

spaces provided.

Question 1:

Question 2:

Question 3:

Question 4:

Scenario 2-1: Designing a forest


Scenario 2-2: Planning for Sites, GC and FSMO Roles

Signed by lecturer: ________________


Unit 3 Exchange Server Installation


Determine the Active Directory requirements for Exchange

Server. Determine the hardware and software requirements needed

for the different Exchange Server roles. Install Exchange Server using the graphical user interface.



3.1 First Exchange Server setup

There are three main software installation prerequisites that need to be

installed prior to installing any of the server roles. You will also need to prepare Active Directory for Exchange Server.

The main software requirements are as follows:

Microsoft .NET Framework 2.0 with SP1 or later

Microsoft Management Console (MMC 3.0) Windows PowerShell 1.0

All of the required software packages for each of the three Exchange servers will be provided to you by your lecturer.

The following roles will be installed on Student01-A:

Mailbox server

Hub Transport server Client Access server

Unified Messaging server



addenda/changes listed and which steps you must and must not complete. Please note that the installation will take about an hour

to complete.


Exercise 3.1

Complete Steps 131. Step 2

o Install the Microsoft .NET Framework 2.0 SP1 package before you install PowerShell 1.0.

o You do not need to install MMC version 3.0 because it is included in Windows Server 2003 with Service Pack 2.

o Install the appropriate updates/hotfixes along with the software packages listed in this step.

Complete Step 4 to install the default Application Server services such as

IIS; you will not be able to place a check mark next to ASP.NET. This will not affect the installation because Windows Server 2003 with Service Pack 2

installs ASP.NET 2.0 and the Microsoft .NET Framework package registers it. If in Steps 711 you are not able to run the setup commands from the

media (CD or DVD), you will have to copy all of the Exchange Server 2007 files from the media to the C: drive of the computer. When you open the

command prompt, ensure that you change the default directory to C:\Exchange Server or whichever directory you copied the files to (the

name of the directory) and then run the setup commands from within that directory.

Step 10 should read: Type the following at the command prompt and press :

setup /PrepareAD /OrganizationName:StudentAAOrg

Leave spaces between the commands and name the organisation

StudentAAOrg.

If in Step 13 you are not able to run setup.exe from the media (CD or

DVD), you will have to copy all of the Exchange Server 2007 files from the media to the C: drive of the computer and then run the Exchange Server

installation program from there. In Step 21 you may receive the error message Setup cannot detect an

SMTP Connector or Send Connector with an address space of (*). Mail flow to the Internet may not work properly. For the Hub Transport role prerequisite, ignore this warning and continue with the installation.

In Step 29, run the following command:

get-SetupLog C:\ExchangeSetupLogs\ExchangeSetup.log

error tree


get-SetupLog C:\ExchangeSetupLogs\ExchangeSetup.msilog

error tree



3.1.1 Services

More often than not, when a key service fails, the problem will surface quickly. One of the first places to troubleshoot a specific problem is to visit the Services console. There are several key services that run the Exchange Server

and its infrastructure. Some of the most important ones to check are as

follows:

Microsoft Exchange EdgeSync Microsoft Exchange Transport Microsoft Exchange Information

Store

Microsoft Exchange Transport Log

Search

Microsoft Exchange Mail Submission

Microsoft Exchange System Attendant

Microsoft Exchange Mailbox Assistants

Microsoft Exchange Service Host

Microsoft Exchange Monitoring Microsoft Exchange Replication Service

Microsoft Exchange Search Indexer

It is important that you check that all of these services have been started

whenever an Exchange Server has been switched on or rebooted. Set these services to start automatically by navigating to Start > All Programs >

Administrative Tools > Services. Even when setting a service to start

automatically, you should always double check the status of these services

every time the server boots or reboots.

3.1.2 Exchange folder structure

To examine the Exchange folder structure, navigate to C:\Program Files\Microsoft\Exchange Server. Read page 102 of the prescribed

textbook for information on the function and contents of each folder.

3.1.3 Exchange Management Console

The Exchange Management Console (EMC) is an MMC snap-in that allows an administrator to manage the configuration of the Exchange organisation.

Familiarise yourself with the four main panes of the console as shown in Figure 3.


Figure 3 Exchange Management Console

To refresh the Exchange Management Console, press .

3.1.4 Exchange Management Shell

The Exchange Management Shell (EMS) is a snap-in that is built on the Windows PowerShell scripting language. It provides a command-line

environment in which administrators can perform administrative tasks on both local and remote Exchange servers. Figure 4 illustrates the welcome screen

that is displayed when the EMS is first opened.

Figure 4 Exchange Management Shell

Commands are created though a verb-noun pairing called cmdlets

(pronounced command-lets). The format of the cmdlet is as follows:

Verb-Noun

Actions pane

Result/Detail pane

Console Tree

pane

Work pane


By combining the verb and noun in the name of the cmdlet, each cmdlet

describes the type of operation it performs as well as the object it manipulates.

Consider using simple ones such as get-mailbox, move-mailbox, get-

storagegroup and so forth. Table 5 lists 26 different verbs that can be used at

the EMS prompt to perform a particular task.

Table 5 cmdlet verbs

Add Copy Export Mount Restore Start Uninstall

Clean Disable Get Move Resume Stop Update

Clear Dismount Import New Retry Suspend

Connect Enable Install Remove Set Test

To get a full list of commands, you can type get-command at the EMS prompt.

To see only the Exchange commands, you can type get-excommand. For help

with any of these, you can type help and the cmdlet name. Many of the

commands that you will be performing are long strings of characters and many tasks can only be performed using cmdlets at the EMS, so it is suggested that

you practise over and over again.

The following tips will help you perform tasks through Windows PowerShell:

Use the up arrow key to view the commands that have previously been used and the down arrow key to scroll back through the list.

Use the key while typing a command: PowerShell will attempt to complete the command for you.

Press to cancel a command.

Like Linux, PowerShell can use a pipeline to compose complex commands, allowing the output of one command to be passed as input to another, using

the | operator. To change the properties of PowerShell, right-click the PowerShell icon

displayed in the upper left corner of the title bar and select Properties.

3.2 Second Exchange Server setup

The following roles will be installed on Student01-B:

Mailbox server

Hub Transport server Client Access server

Complete Exercise 3.2 in LAB 3 of the prescribed lab manual using the configuration information below. Take note of any



Exercise 3.2

Complete Steps 125. Step 2:

o Install the Microsoft .NET Framework 2.0 SP1 package before you install

PowerShell 1.0. o You do not need to install MMC version 3.0 because it is included in

Windows Server 2003 with Service Pack 2. o Install the appropriate updates/hotfixes along with the software

packages listed in this step.

Complete Step 4 as it stands to install the default Application Server services such as IIS; you will not be able to place a check mark next to

ASP.NET. This will not affect the installation because Windows Server 2003 with Service Pack 2 installs ASP.NET 2.0 and the Microsoft .NET Framework

package registers it.

If in Step 7 you are not able to run setup.exe from the media (CD or DVD),

you will have to copy all of the Exchange Server 2007 files from the media to the C: drive of the computer and then run the Exchange Server

installation program from there.

If in Step 15 you receive the error message Setup cannot detect an SMTP Connector or Send Connector with an address space of (*). Mail flow to the

Internet may not work properly for the Hub Transport role prerequisite, ignore this warning and continue with the installation.



error tree



error tree


3.3 Third Exchange Server setup

Student01-C must be configured with a DNS suffix and must be able to perform name resolution before the Edge Transport role

can be installed on it:

1. Click Start > Control Panel > System. 2. Navigate to the Computer Name tab and click Change. 3. From the Computer Name Changes dialog box, click More.

4. In the Primary DNS suffix of this computer textbox, type StudentAA.com.


5. Click OK three times.

6. Restart Student01-C. 7. Log on to Studen01-C with the administrator account.

8. Navigate back to the Computer Name tab in the System Properties dialog box.

Notice that the full computer name for Student01-C is student01-c.StudentAA.com and that it belongs to a workgroup, as shown in Figure 5, not

a domain.

9. Close the System Properties dialog box.

Figure 5 A DNS suffix configured for the Edge Transport server

The following role can now be installed on Student01-C:

Edge server




Exercise 3.3

Complete Steps 120. Step 2:

o Install the Microsoft .NET Framework 2.0 SP1 package before you install

PowerShell 1.0. o You do not need to install MMC version 3.0 because it is included in

Windows Server 2003 with Service Pack 2. o Install the appropriate updates/hotfixes along with the software

packages listed in this Step. Skip Step 3.

If in Step 7 you are not able to run setup.exe from the media (CD or DVD), you will have to copy all of the Exchange Server 2007 files from the media

to the C: drive of the computer and then run the Exchange Server installation program from there.



error tree



error tree

Do not complete Steps 3 and 2123.

After successfully installing the Edge Transport server, you can navigate to and open the EMC console as shown in Figure 6.


Figure 6 Edge transport EMC console

To complete Lab Challenge 3.1: Performing an unattended

Exchange Server installation on page 35 of the prescribed lab manual to install the UM role on Student01-B, ensure that the

following additional software packages are installed before installing the UM role:

Microsoft Core XML Services (MSXML) 6.0 Windows Media Encoder

Windows Media Audio Voice codec

Lab Challenge 3.1

1. Open the Windows command prompt and navigate to the root of the

Exchange Server 2007 media.

2. At the command prompt, type:

setup /mode:Install /roles:UM

3. Press (see Figure 7). After the installation has completed, reboot

Student01-B. 4. Log in and open the Exchange Management Console.

5. Highlight Server Configuration and view the roles that are installed on Student01-B in the detail pane.

6. Close the EMC console. 7. Open the Exchange Management Shell.

8. At the shell prompt, type:

get-ExchangeServer | Format-List

9. Press . View the installed roles and then close the EMS.


Figure 7 Performing an unattended installation of the UM role



pages 108111 of the prescribed textbook. Complete the review questions on page 110 and the case scenarios on pages 110111 in the spaces provided.

Question 1:

Question 2:


Scenario 3-1: Planning Exchange Server Roles

Scenario 3-2: Planning Exchange Hardware and Software

Signed by lecturer: _______________


Unit 4 Exchange Server Configuration


Understand and configure Exchange administrative roles.

Understand and configure DNS A and MX resource records. Configure the Hub role and the postmaster account.

Configure the Edge role and an Edge subscription file. Configure the Mailbox role.

Explain, move and create storage groups, mailbox databases and public folder databases.

Set storage limits on a new mailbox database. Configure the CAS role and Outlook Anywhere.

Explain connectors and configure send and receive connectors.

Understand and configure a Microsoft Outlook 2007 and

Windows Mail client account.

Microsoft Exchange Server 2007 Configuration textbook: Lesson 4, pages 112172.

4.1 Administrative roles

In smaller Exchange environments, you might find one person handling all the

Exchange roles and responsibilities. In larger environments, however, an

administrator might need more help managing the Exchange environment. This involves assigning administrative roles to users or other administrators, giving

them the appropriate permission to do only the job they are assigned to do. See Table 6 for a list of Exchange administrator roles.

Table 6 Administrative roles

Exchange administrative role Permissions

Exchange Organisation Administrator

This is the highest role you can assign; it

gives an individual the ability to perform all organisation-wide Exchange-related tasks.

Exchange Recipient

Administrator

This role gives an individual the ability to

create and manage recipient objects such as users, groups and public folders.

Exchange Public Folder Administrator

This role gives a person the ability to create and manage the properties of public

folders as long as they are not related to specific recipient objects.

Exchange View-Only

Administrator

This role gives an individual read-only

access to the Exchange organisation and all recipients.


Exchange Server Administrator

This role gives a user the permission to

administer a specific Exchange Server only. This user must also be a member of the

local administrators group on the specific Exchange Server that will be administered.

You can configure administrative roles from either the Exchange Management

Shell or the Exchange Management Console.



Exercise 4.1

Complete Steps 111.

4.2 DNS resource records

As previously discussed, DNS is a name resolution service. The database on a DNS server is made up of a collection of resource records. Each resource

record specifies information about a particular host. The DNS server uses these

records to answer queries for hosts in its domain. Because an email address is never directly addressed to an email server, such as Student01-A.ctimail.com,

but rather to the target domain, such as ctimail.com, the following resource records must be configured on a DNS server to locate the email server for the

ctimail.com domain:

The mail exchanger record (MX record) specifies the mail server responsible for accepting email messages on behalf of a recipients domain or organisation. When multiple mail servers are available for a particular domain, a priority number is used to prioritise the mail. Other computers

will contact the MX server with the lowest priority number in the list that is returned by DNS. If all MX records have the same priority number, DNS will

reorder the list with a process called round robin and the computer will contact the MX record at the top of the list returned by DNS. A mail

exchanger server must have a corresponding host address (A) record in a

valid domain.

The host (A) resource record is what gives you the IP address for a domain or host computer (it maps an FQDN to an IP address).

A pointer (PTR) record is what gives you the FQDN for a domain or host

computer (it maps an IP address to an FQDN).


4.2.1 Configuring DNS records

Before creating a Host (A) and MX record for the Edge Transport (Student01-C) server, you need to verify that DNS is in good

working order. You will also need to create a reverse lookup zone on the DNS server and create pointer (PTR) records for Student01-

A, Student01-B and Student01-C.

On Student01-A:

1. Click Start > Administrative Tools > DNS.

2. Expand the Forward Lookup Zones folder and highlight StudentAA.com. A host (A) record for Student01-C should already exist

along with host (A) records for Student01-A and Student01-B. 3. Right-click the StudentAA.com domain and select Properties.

4. On the Name Servers tab, ensure that the FQDN and IP address of Student01-A are correct. This is one of the most important records to

check on a DNS server (see Figure 8). If the FQDN or IP address is

incorrect, click the Edit button and enter the correct settings.

5. Click OK.

6. In the left pane of the DNS console, right-click the Reverse Lookup Zones folder and select New zone.

7. Click Next. Ensure that the Primary zone radio button is selected and click Next.

Figure 8 Verifying DNS server settings


8. Select the To all DNS servers in the Active Directory forest

StudentAA.com radio button and click Next. 9. Enter 192.168.1 in the Network ID textbox.

10. Click Next. 11. Select both the Nonsecure and Secure dynamic updates radio buttons

and click Next. 12. Review your configurations and click Finish.

13. The reverse lookup zone (1.168.192.x) appears under the Reverse Lookup Zones folder.

14. Right-click the 1.168.192.x subnet and select New Pointer (PTR) from the context menu.

15. At the New Resource Record window, ensure that the host IP address is 192.168.1.1.

16. Click the Browse button; double-click Student01-A > Forwards Lookup

Zones > StudentAA.com. 17. Scroll down and select the student01-a host (A) record and click OK

twice. Notice that the pointer (PTR) record for Student01-A has been created in the right-hand pane of the DNS console.

18. Using the same procedure outlined in Steps 14 to 17, create two pointer (PTR) records for Student01-B and Student01-C.

4.2.2 Verify DNS resolution

To perform basic name resolution testing, on Student01-A:

1. Right-click Student01-A and select Launch nslookup. 2. At the nslookup prompt, type:

studentaa.com

3. Press .

The nslookup prompt should display the FQDN and IP address of the DNS

server itself as well as the domain name and IP addresses of both Student01-B and Student01-A (see Figure 9).

Figure 9 Verifying name resolution using nslookup


If the nslookup prompt does not display the correct domain name or if it shows

Unknown, then restart the DNS server or restart the net logon service and then try nslookup again.

4. Type exit to exit the nslookup utility.

5. Close the command prompt.

On Student01-C:

6. Open the Windows command prompt. 7. At the prompt, type:

nslookup

8. Press .

9. At the nslookup prompt, type: studentaa.com

10. Press . The same output should be displayed as shown in Figure

9.

11. Type exit. Close the command prompt.



complete.

Exercise 4.2

Complete Steps 18.

To verify that the MX record exists for Student01-C and that it does not point to the FQDN of either of the Exchange servers on the internal network, on

Student01-C:

1. Open the Windows command prompt.

2. At the command prompt, type:

nslookup

3. Press . 4. At the nslookup prompt, type:

set q=mx

5. Press . 6. At the nslookup prompt, type:

studentaa.com


7. Press . Verify that only one MX record exists for

mail.studentaa.com with the IP address of 192.168.1.3 (Student01-C). There should be no other MX records listed.

If the only result returned is the correct A record, name resolution and email

relay should succeed. If there are no records, or if an MX record is returned and points to the wrong FQDN or IP address, other servers may be unable to

send mail to this Exchange server.

8. Type exit. Close the command prompt.

NOTE Another method of configuring name resolution would be to add the IP address and FQDN of the Edge Transport server to the local Hosts

file on each Hub Transport server as well as add the IP address and FQDN of each HT server to the local hosts file on the ET server. This

solution should only be used on small networks where DNS is not used.

4.3 Hub Transport server role

The Hub Transport role is responsible for all message routing and each Exchange organisation must have at least one Hub Transport server up and

running.

Accepted domains are used to specify the domain(s) for which the Exchange organisation will accept and route messages. An accepted domain may or may

not be within your Exchange organisation or Active Directory forest, but it is a domain with which you have an administrative relationship with, such as a

partner domain or a domain within another Active Directory forest in your organisation.

A postmaster is a special email address that is required in every messaging infrastructure and the address that receives non-delivery reports and delivery

status notifications. We have all occasionally run into situations in which we have tried to email someone and received an unexpected non-delivery report.

To an administrator, these reports and notifications are useful as he or she troubleshoots and responds to reports of message delivery problems within the

Exchange organisation.

Complete Exercise 4.3 in LAB 4 of the prescribed lab manual using the configuration information below. Take note of any addenda/changes listed and which steps you must and must not

complete.

Exercise 4.3

Complete Steps 114.


4.4 Edge Transport server role

An organisations demilitarised zone (DMZ) or perimeter network is situated between a firewall on an internal network and another firewall (if implemented) that extends out to the Internet. The Edge Transport (ET) server role is

designed to be deployed in the DMZ so that it can relay incoming and outgoing

mail to a Hub Transport server on the internal network as well as provide anti-spam and antivirus support. See Figure 10 for an illustration on the location

and setup of the Edge Transport server as well as the other Exchange role servers.

Figure 10 An ET server situated in a perimeter network

Source: www.msexchange.org

The process of linking the HT server and ET server together is known as

EdgeSync. This process consists of exporting an XML subscription file from the

ET server and taking that file and importing it on the HT server. This establishes a one-way replication of recipient and configuration information

from Active Directory to ADAM (which is installed on the Edge Transport server).




Exercise 4.4

Complete Steps 117. Before running the Start-EdgeSynchronization cmdlet, test whether there

is a problem between the Hub Transport server and Edge Transport server by running the following cmdlet:

Test-EdgeSynchronization

Press . You should receive an output similar to that shown in

Figure 11. Complete Steps 18 and 19. After completing Step 18, you should receive a

successful synchronisation status as shown in Figure 12.

If you receive an error, you can try restarting the Microsoft Exchange

EdgeSync service in the Services console.

Figure 11 Testing EdgeSynchronization


Figure 12 Successful EdgeSynchronization

4.5 Mailbox server role

The database engine used by Exchange Server 2007 is called the extensible storage engine (ESE). This engine stores all of the databases that contain all

the messages and other email-related items for an organisation. Mailbox

servers can either contain mailbox or public folder databases or both. A storage group is a storage container that contains a group of mailbox or

public folder databases that share a single set of transaction log files and a checkpoint file. When an email message enters a Mailbox server, it goes

through memory and is then written to two locations: the data is firstly written to the transaction logs and then read and written to the actual database file

at a later time, depending on the current load being placed on the server. The reason for this is that it is quicker for the responsible service to write data to

the transaction log first because the write operation is done sequentially (that is, one right after the other) whereas database access is almost always

random.


NOTE To improve the speed, performance and recoverability of a storage

group on a Mailbox server, it is recommended that you have one database per storage group. The transaction logs and databases for

each storage group should also be placed on a separate hard drive or volume. These transaction log files can be used to replay transactions

from the log when rebuilding the Exchange database, thus providing redundancy. It is recommended that storage limits are configured on

mailboxes to prevent users from using up all the available space on

the server and warnings should be issued to users when their limit has been reached.

Each database created contains a single rich-text file with a .edb extension.

The first database file created on Exchange Server 2007 is called Mailbox Database.edb and is stored in the C:\Program Files\Microsoft\Exchange

Server\Mailbox\First Storage Group directory. If a public folder database was created during the installation of Exchange, it would be created by default

in the second storage group under the C:\Program

Files\Microsoft\Exchange Server\Mailbox\Second Storage Group directory and named Public Folder Database.edb. Each log file in the first

storage group has a prefix of E00 (i.e. E00.log) and each log file in the second storage group has a prefix of E01 (i.e. E01.log). When the current log file has

reached a capacity of 1 MB, it is renamed and no longer written to the database and a new file is created and used.

Checkpoint files are used to keep track of transactions that are committed

(written) to the database from a transaction log. This ensures that transactions cannot be committed to the database more than once. If you need to perform

a recovery, this file contains the point at which the replaying of transaction logs must start. Checkpoint files have an E00.chk extension.




Exercise 4.5

Complete Steps 129 on Student01-A. Complete Step 30 on Student01-B. Complete Steps 3141 on Student01-A. Step 38 should read:

At the New Mailbox Database window, type Second Mailbox Database in the Mailbox database name field. Beside the Database file path dialog box, click Browse, select C:\SG3, and click Save.

Do not complete Step 41.

Complete Step 42 on Student01-B. Complete Steps 4350 on Student01-A. After Step 48, click OK and continue with Step 49. Remember that you can

press to refresh the console.

After completing Exercise 4.4, the work pane for Student01-B should display the additional storage groups, mailbox database and public folder database

that you created along with the file paths as shown in Figure 13.


Figure 13 Creating storage groups and databases

4.6 CAS role The Client Access server (CAS) role and the Mailbox server role work hand in

hand with one another. Some of the main features of the CAS role are listed in

Table 7.

Table 7 CAS features

Feature Description

Outlook Web Access (OWA)

This feature provides users with a

connection to their mailboxes from a web browser.

Exchange ActiveSync (EAS) This feature provides users with mobile devices with access their mailboxes.

Outlook Anywhere

This feature has replaced a feature called

RPC over HTTP (Remote Procedure Call over Hypertext Transfer Protocol) found in

Windows Server 2003. Outlook Anywhere enables mailbox users to use their

Microsoft Outlook 2003 or 2007 client applications to work outside their network

and establish a connection to the Exchange Server on the internal network

over the Internet with the same level of security as that configured on the internal

network.

POP3 and IMAP4 These are the most basic email retrieval

protocols in use.


Many of the features of OWA are enabled by default. This is unsecure. You can

provide a customised secure solution for OWA clients and their access to remote file and sharepoint servers that may exist on a companys network. OWA options can be configured via the EMC or EMS console as well as the IIS manager. Read pages 135140 of the prescribed textbook for a better understanding of the various options that can be configured.


complete.

Exercise 4.6

Complete Steps 117. In Step 9, use Student01-A.StudentAA.com and Student01-

B.StudentAA.com respectively.

In Step 12, specify StudentAA.com.

After Step 14, click Apply and then OK.

4.7 Email flow connectors

After Exchange is installed, you need to configure how mail will be sent and

received. This is done through send and receive connectors, which allow end-to-end message routing in and out of the Exchange organisation to occur:

Send connectors These connectors are needed to send messages

between Exchange servers within an organisation or between Exchange servers on the Internet. Send connectors are stored in Active Directory.

Receive connectors These connectors are needed to receive messages

from email clients and other email servers from within the organisation or from the Internet and are stored on the Hub or Edge role server.



Exercise 4.7

Complete Steps 124. In Step 6, specify Student01-A.StudentAA.com.


4.8 Client configuration

4.8.1 Configuring Outlook 2007



Exercise 4.8

Complete Steps 111. In Step 2, install Office 2007 with Outlook 2007 and Excel 2007 at a

minimum. Step 4 should read:

Click Start > Control Panel > View x86 Control Panel Icons, and

double-click Mail.

In Step 8, specify Student01-A.StudentAA.com.

Figure 14 displays the mailbox for the administrator as well as an indication that Microsoft Outlook 2007 is online with Microsoft Exchange.

Figure 14 Connecting Outlook to Exchange


4.8.2 Configuring Outlook Express

By default, you cannot connect to the administrator mailbox on an Exchange Server using POP3 or IMAP4 because Exchange Server 2007 is designed this

way to improve security.

This means that you will have to create a separate user mailbox-enabled account and create an Outlook Express account using that account. You will

also assign AD administrative privileges as well as assign the Exchange organisation administrator role to this user.

To do this, on Student01-A:

1. Open the Exchange Management Console. 2. Expand Recipient Configuration in the Console Tree pane and highlight

Mailbox. 3. From the Actions pane, click the New Mailbox link to open the New

Mailbox wizard. 4. At the Introduction screen, you are presented with several different mailbox

types; select User Mailbox and click Next. 5. You are asked if you want to create a mailbox for a new user or existing

user. Select New User and click Next. 6. At the New Mailbox screen, enter the following information as shown in

Figure 15:

Organisational Unit: StudentAA.com/Users

First Name: Lucas Last Name: Radebe

User logon name (User Principal Name): lucas.radebe Password and Confirm Password: Secret123


Figure 15 Creating a mailbox-enabled user

7. Click Next. Ensure that lucas.radebe is listed in the Alias dialog box.

8. Click Browse next to the Mailbox Database textbox, and select the Mailbox

Database in the first storage group on Student01-A and click OK. 9. Click Next, review a summary of your configuration, and then click New.

10. After the mailbox is created, a Completed screen displays; click Finish. 11. Close the Exchange Management Console.

12. Open the Active Directory Users and Computers console. 13. Expand StudentAA.com and highlight the Users folder.

14. Right-click the Lucas Radebe user account and select Properties. 15. Highlight the Member Of tab; click Add.

16. Add Lucas Radebe to the following administrative groups:

Domain Admins Enterprise Admins

17. Close the Active Directory Users and Computers console.

18. Open the Exchange Management Console.

19. Expand Recipient Configuration and highlight Mailbox. 20. In the Detail pane, highlight Lucas Radebe and select Properties from the

Actions pane. You can also access an objects properties by right-clicking the object and selecting Properties from the context menu.

21. The General tab contains all the basic identifying information about the mailbox.

22. The Mailbox Features tab allows you to enable and disable specific Exchange features. On the Mailbox Features tab, ensure that POP3 and IMAP4 are

enabled. 23. Click OK to close the mailbox users properties dialog box.


24. Highlight Organisation Configuration.

25. Assign Lucas Radebe the Exchange Organisation Administrator role. Refer back to Section 4.1 and Exercise 4.1 in the prescribed lab manual for

how to add administrative roles.


complete.

Exercise 4.9

Complete Steps 113. In Step 2, click Cancel twice after opening Outlook Express and continue

with the step. In Step 5, type Lucas Radebe in the Display Name dialog box.

In Step 6, type [email protected] in the E-mail address dialog box.

In Step 7, type Student01-A.StudentAA.com in both Incoming and Outgoing mail server dialog boxes.

In Step 8, ensure that lucas.radebe is specified in the Account name dialog box and that his password is Secret123. SPA must be selected.

After completing Exercise 4.9, you should have a successfully connected IMAP4

client as shown in Figure 16. Take note of the various folders that exist under Student01-A.StudentAA.com. These folders reside on the IMAP server.

Figure 16 Configuring Outlook Express to obtain email using IMAP4


4.9 Lab challenge

Complete Lab Challenge 4.1: Performing Exchange Server

configuration using the Exchange Management Shell in LAB 4 of the prescribed lab manual. See pages 112168 of Lesson 4 of the prescribed textbook for instructions on how to complete the lab challenge. If you experience problems, ask your lecturer for

help.

Lab Challenge 4.1

Complete the lab challenge.



pages 169172 of the prescribed textbook. Complete the review questions on page 171 and the case scenarios on pages 171172 in the spaces provided.

Question 1:

Question 2:

Scenario 4-1: Configuring an Alternate SMTP Port


Scenario 4-2: Configuring Email Clients

Signed by lecturer: _______________


Unit 5 Recipient Objects


Define the major types of recipient objects.

Create, configure and manage a mailbox user. Create, configure and manage mail users and contacts.

Create, configure and manage mail-enabled universal groups.

Create, configure and manage dynamic distribution groups. Create and configure resource mailboxes.

Understand and configure automatic booking. Understand and configure resource booking policies.

Move mailboxes. Create an Exchange resource forest and linked mailbox

users.



5.1 Recipients

A recipient is an object that has an email address and can receive a message. This object references a resource such as a mailbox, a user or a public folder

that is shared by multiple users that can receive the message. The major types

of recipient objects will be discussed in more detail throughout this unit. You must be a member of the Exchange recipient administrator or Exchange

organisation administrator role to be able to manage all recipient objects. Public folders can be managed by users who are assigned the Exchange public

folder administrator role.

5.2 Mailbox users

A mailbox user is a user account within Active Directory that has an email

address and an associated mailbox in the mailbox database on an Exchange server. This user is able to send, receive and store messages on an Exchange

server. The mailbox is just an extension of the properties and attributes of the user account object.


Complete Exercise 5.1 and Exercise 5.2 in LAB 5 of the prescribed lab manual using the configuration information below.

Take note of any addenda/changes listed and which steps you must and must not complete.

Exercise 5.1

Complete Steps 118. After Step 6, click Next and continue with Step 7.

Exercise 5.2

Complete Steps 114. For Step 5, type [email protected].

5.3 Mailbox user permissions

On some occasions you may need to assign a user the permission necessary to

access another users mailbox. In Exchange Server 2007, there are two main types of permissions:

Send As permission This permission can be assigned to a user or group

that needs to be able to only send a message on behalf of another user. The identity of the original sender is hidden.

Full Access permission This permission allows you to give a user or

group full access to another users mailbox. This permission will grant that user or group the ability to open and view any messages or folders in a

particular users mailbox as well as receive and respond to emails sent to the other users mailbox as the owner of that mailbox (the original senders identity is hidden).

NOTE A third permission called Send On Behalf is similar to the Send As permission with the only difference being that the user cannot hide their identity when sending a message on behalf of another user.



complete.

Exercise 5.3

Complete Steps 125. Step 16 should read:

Highlight Microsoft Exchange under the E-mail tab and click Change.

If in Step 20 you are asked to import Lucas Radebe settings, click No and continue with the step.

Step 21 should read:

Click New to compose a new email. At the new message window, click the Options tab and click Show From button from the Fields section.

Step 22 should read: Click the From button and select Tiger Smith. Click OK. Next, click the To

button and select Administrator. Click the To button and click OK.

5.4 Mail users

A mail user is an Active Directory user who has an email address enabled on

the internal Exchange Server but does not have a mailbox configured.

The mail users email address points to an external email server that holds the mailbox for this user. Messages sent to a mail user are forwarded to the relevant external email server for retrieval by that user.


addenda/changes listed and which steps you must and must not

complete.

Exercise 5.4

Complete Steps 115.

5.5 Mail contacts

A mail contact is an AD contact object that contains information about people

or organisations that exist outside of the Exchange organisation and cannot access internal network resources. Mail contacts have an external email

address and any emails sent to them are forwarded to the external organisations email server.


Both mail contacts and mail users can be shown in the global address list

(GAL) and both recipient types usually involve a user who does not work for the company itself. The GAL is the database of all the recipients in the

Exchange organisation, such as mailboxes, distribution lists and public folders.



Exercise 5.5

Complete Steps 116. Step12 should read:

In the Use MAPI rich text window on the General tab, select Never from

the drop-down box.

5.6 Mail-enabled groups

A group is an AD object that can hold users and other groups. Exchange supports the universal group scope because a universal group allows Exchange

users who are located in any AD domain in the forest to be able to determine the group membership of any group in the forest, regardless of the domain in

which it has been created.

There are two types of groups in Exchange:

Mail-enabled universal security groups These groups are created for

configuring and assigning security settings such as permissions as well as to send email to those user and group objects placed within the group.

Mail-enabled universal distribution groups These groups are formed

so that an email message can be sent to the group and then sent automatically to all members of that group. Distribution groups do not

provide security.

Unlike regular distribution groups that contain a defined set of members, the membership list for dynamic distribution groups is calculated based on the

filters and conditions that you define. When an email message is sent to a dynamic distribution group, it is delivered to all recipients in the organisation

that match the criteria defined for that dynamic distribution group. Dynamic

distribution groups are created through Active Directory queries rather than through the creation of a list of recipients. For example, if you wanted to

create a dynamic distribution group consisting of all recipients who live in Nelspruit, you would create a query on the City attribute. If a user objects City attribute contains the word Nelspruit, then that user is automatically included in the Exchange dynamic distribution group.




Exercise 5.6

Complete Steps 126. Figure 17 displays the groups that were created in this exercise as well as their email information such as the alias and the

primary SMTP address for the group. When composing an email to the various groups, remember to specify

StudentAA.com instead of StudentXX.com.

Figure 17 Distribution groups

5.7 Resource mailboxes

The calendaring and scheduling features in Exchange are often used to keep track of more than just people; they also track resources such as rooms and

equipment.


A resource mailbox is a recipient object that is used for scheduling purposes.

By creating a resource mailbox, you can allow users to schedule resources when they set up meetings.

You can create two different kinds of resource mailboxes: a room mailbox and

an equipment mailbox.

You can assign a room mailbox to a conference or training room, auditorium or any other room that people ordinarily share.

You can assign an equipment mailbox to items that are usually shared among workers such as a projector, laptop, company car or other

equipment. The equipment mailbox is loosely associated with the room mailbox because equipment such as a projector is usually located in a

specific room such as a conference or training room.

When a resource mailbox is created, an account is also created for that

resource in Active Directory. However, the account is disabled by default to prevent a person from logging in to the network with that account.

Read pages 217220 of the prescribed textbook to gain an understanding of resource mailboxes, automatic booking and the various resource booking policies and how to manage and configure them.



complete.

Exercise 5.7

Complete Steps 1 43. In Step 29, do not create another conference room called conference room

1; start from row two and create conference rooms 25. In Steps 3234, see Figure 18 for an illustration on how to enable automatic

booking and how to specify a book-in policy for conference rooms 15. In Step 37, highlight Mailbox-Administrator in the left pane of Outlook;

select the Calendar option at the bottom of the left pane to switch to the

calendar view and then select New to create a new calendar appointment.


Figure 18 Enabling automatic booking and specifying a book-in policy

5.8 Moving mailboxes

Some of the main reasons why an administrator will move a mailbox between Exchange servers, databases and storage groups are as follows:

The addition of new servers and users. The relocation of users between departments or geographical locations.

To provide fault tolerance. To load balance access to mailboxes.

You must be a member of the Exchange Recipient Administrator and Exchange

Server Administrator roles as well as the Local Administrator account on both the server you are moving the mailboxes from and the server where the

mailboxes will be moved to.


complete.

Exercise 5.8

Complete Steps 127. Step 23 should read:

Select Database and Equals from the two drop-down boxes. Click Browse, select the Mailbox Database in the first storage group on

StudentXX-A, and click OK.


5.9 Disabling mailboxes and users

An administrator can disable, remove and reconnect mailbox users. Take note

of the following main points when removing, disabling and reconnecting a mailbox user:

When you delete or disable a mailbox user, by default the mailbox itself is not deleted immediately but disconnected for a default period of 30 days.

After the 30-day period, the mailbox user is permanently deleted. The default 30-day time interval can be changed on the Limits tab of the

mailbox databases properties textbox. Removing a mailbox user deletes its associated AD user account.

Disabling a mailbox user does not remove its associated AD user account.

A mail user and mail contact can be disabled and removed in much the same way that mailbox users are disabled and removed.



Exercise 5.9

Complete Steps 112.

5.10 Linked mailboxes

An Exchange resource forest is an Exchange-based Active Directory forest

that is separate from the Active Directory forest where user and computer

accounts and application servers are installed. The Exchange resource forest is dedicated to running Exchange and hosting mailboxes and other Exchange-

related resources.

exchange server study guide - exscc-10 v2.0_interactive study guide

Documents

textbook review questions

exchange server setup

exchange server configuration

exchange server exscc

exchange server features

exchange server installation

mailbox server role

lab challenge