O F F I C I A L

M I C R O S O F T

L E A R N I N G

P R O D U C T

10135A
Configuring, Managing, and Troubleshooting Microsoft® Exchange Server 2010 Companion Content

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission received from any linked site. Microsoft is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement of Microsoft of the site or the products contained therein. © 2010 Microsoft Corporation. All rights reserved. Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/en/us/IntellectualProperty/Trademarks/EN-US.aspx are trademarks of the Microsoft group of companies. All other marks are property of their respective owners.

Product Number: 10135A Released: 01/2010

.

.

Deploying Microsoft® Exchange Server 2010 1-1 Module 1 Deploying Microsoft® Exchange Server 2010 Contents: Lesson 1: Overview of Exchange Server 2010 Requirements Lesson 2: Installing Exchange Server 2010 Server Roles Lesson 3: Completing an Exchange Server 2010 Installation Module Reviews and Takeaways Lab Review Questions and Answers 2 10 12 18 20 .

and Troubleshooting Microsoft® Exchange Server 2010 Lesson 1 Overview of Exchange Server 2010 Requirements Contents: Question and Answers Additional Reading Detailed Demo Steps 3 6 7 . Managing.1-2 Configuring.

There can be only one Exchange Server organization per forest. Question: What type of information do domains in a forest share? Answer: All domains in a forest share the same Active Directory configuration information. or transitive trusts) with all other domains in the forest. you can minimize the amount of replication traffic that is sent across a slow wide area network (WAN) link by deploying separate domains. all domains have trusts (either direct trusts. which enables users in one domain to access resources in another tree. there is an automatic trust relationship between the domains. An Active Directory domain provides access to the centralized user and group accounts that the domain administrator maintains. An Active Directory domain is a replication and administrative boundary. In a forest. When multiple domains exist in a forest. Question: What is the definition of a forest? Answer: A forest is a set of one or more trees that share common configuration and schema information. They want to be able to have one group of administrators with full control of part of the organization. An Active Directory forest is a security boundary. security policies. You can organize computer and user accounts within an Active Directory domain into a hierarchy based on organizational units (OUs). In very large organizations. no security accounts outside of a forest have any access in the forest. Active Directory schema information. Question: Under what circumstances might an organization deploy multiple forests? Answer: The primary reason to deploy multiple forests is to ensure that there is a complete security boundary between different parts of the organization’s IT infrastructure. Question: What is the functionality of a domain controller? . By default. Question: Under what circumstances would an organization deploy multiple domains in the same forest? Answer: Some organizations deploy multiple domains to provide an administrative boundary.Deploying Microsoft® Exchange Server 2010 1-3 Question and Answers Discussion: Reviewing Active Directory Components Question: What is the definition of a domain? Answer: An Active Directory domain is a collection of computers that the administrator of a Windows network defines. A tree is set of domains that share the same DNS namespace. This could happen if an organization has multiple departments or business units that require isolation. and a common global catalog. These computers share a common directory database. and security relationships with other domains. Other organizations deploy additional domains to isolate replication traffic. Question: What are trusts? Answer: Trusts enable users from at trusted domain to authenticate in another trusting domain. or in the event of two organizations merging.

and it is responsible for authenticating users and computers. change replication starts within a few seconds of a change occurring on one domain controller. you can schedule replication. The Active Directory site configuration should be a logical representation of the physical network deployment. which includes user and computer accounts. typically 10 megabytes per second (Mbps) or more between them. Additionally. For example. and Troubleshooting Microsoft® Exchange Server 2010 Answer: A domain controller holds a copy of the local domain database. Managing. it happens every three hours. by default. They can address the permission requirements by adding the group to the Organization Management group. It also replicates configuration data and the schema between all domain controllers in the same forest. Question: What is Active Directory replication? Answer: Active Directory replicates domain information between domain controllers in the same domain and to the forest’s global catalog servers. Question: What is the definition of an Active Directory site? Answer: The definition of an Active Directory site is one or more IP subnets.1-4 Configuring. Question: Which Active Directory partition would you expect to contain the following information? Answer: • User’s e-mail address: Domain partition or global catalog . all replication traffic between sites is sent through a bridgehead server that is located in each site. the first domain controller deployed in a forest is a global catalog server. Between Active Directory sites. a global catalog server has limited information about all users in a forest. If an Active Directory site contains more than one domain controller. all of the IP subnets in a given physical location are part of the same site. each domain controller also has at least two replication partners. Organizations with more complex security requirements might need to use the other groups. A domain controller has directory information only for the domain of which it is a member. domain controllers respond to queries for information in Active Directory. All of the computers within a single site must have a fast network connection. Demonstration: Integration of Active Directory and Exchange Server 2010 Question: How do you assign permissions in your Exchange organization? How will you assign permissions using the Exchange security groups? Answer: Answers will vary. Active Directory sites typically do not encompass more than one physical location. However. Most small organizations might just have one set of administrators who will have full control of the Exchange organization. Question: What is a global catalog server? Answer: A global catalog server is a domain controller that also holds a subset of information from other domains in the forest. but you also can configure other domain controller as a global catalog server. By default. Additionally. or use custom RBAC management roles. You use global catalog servers for authentication. Question: How do Active Directory sites affect replication? Answer: Within an Active Directory site. Typically. and universal group membership lookups. global address list (GAL) lookups.

but the Exchange Server computer object also is also located in the domain partition. .Deploying Microsoft® Exchange Server 2010 1-5 • • Exchange connector for sending e-mail to the Internet: Configuration partition Exchange Server configuration: The configuration partition contains the Exchange Serverspecific configuration information.

and Troubleshooting Microsoft® Exchange Server 2010 Additional Reading Reviewing Active Directory Partitions • Active Directory Logical Structure and Data Storage How Exchange Server 2010 Uses Active Directory • • Planning Active Directory Guidance on Active Directory design for Exchange Server 2007 .1-6 Configuring. Managing.

Double-click the View-Only Organization Management group. Members of this group have the necessary permissions to manage any aspect of the Exchange Server organization. and then click the Microsoft Exchange Security Groups organizational unit. . The members of this group are assigned read permissions to the Exchange Server container in the Active Directory configuration partition. Verify that there are no group members. 6. and point out the attributes and class objects that begin with ms-Exch. and then click Active Directory Users and Computers. open Active Directory Users and Computers. 3. On VAN-DC1. and then click the Members tab. Connect to the configuration partition. Connect to the schema partition. expand the Microsoft Exchange Security Groups organizational unit. Review the information in the configuration partition. Review the information in the schema partition. 2. and connect to the domain partition. Click Cancel. 6. 5. In the Active Directory domain. Click Cancel. 8. Click Cancel. CN=Exchangeorganizationname container. Review the description and membership of the following Active Directory groups: • • • • 4. 4. Double-click Recipient Management. On a domain controller.com. 5. 2. and then click the Members tab. The only default member of this group is the user that installed the first computer running Exchange Server. click Start. 7. point to Administrative Tools. Double-click Organization Management. Organization Management Recipient Management View-Only Organization Management Discovery Management Open ADSI Edit. and read permission to all domains that have Exchange Server recipients. Review the information in the domain partition. and in the CN=Services. expand Adatum. and then click the Members tab. 3.Deploying Microsoft® Exchange Server 2010 1-7 Detailed Demo Steps Demonstration: Integration of Active Directory and Exchange Server 2010 Detailed demonstration steps Demonstration steps 1. Demonstration steps 1. Members of this group are assigned full control permissions to manage the Exchange Server properties of user objects in Active Directory. If necessary. CN=Microsoft Exchange.

com]. such as users. This container holds configuration information for the Autodiscover process. 19. expand CN=Microsoft Exchange. Double-click CN=Partitions. and Troubleshooting Microsoft® Exchange Server 2010 9. In the right pane. Click Cancel. in the Select a well known Naming Context list. Double-click the Discovery Management group. computer accounts. Managing. The domain partition holds user accounts.ADatum. expand CN=Servers.DC=com. This container holds a list of the Active Directory partitions. Objects with names that start with an OU are organizational units. click CN=Sites. applications. In the Connection Settings dialog box. Click Start. Right-click ADSI Edit. and then press ENTER. 11. 21. In the right pane. Double-click CN=Address Lists Container. expand Configuration[VAN-DC1. Close Active Directory Users and Computers. Objects with names that start with CN are containers or other objects.1-8 Configuring. 15. Right-click ADSI Edit.com]. and click Connect to. This connects ADSI Edit to the domain partition. In the left pane. Double-click OU=ITAdmins. This container holds sites and their related configuration objects. and click Connect to. This container holds the Exchange Server objects. and then click CN=Configuration. Click Cancel. 26. In the left pane.msc. and then click OK. 17. and then click Properties. 27. 20. 23. 25.Adatum. and then click DC=Adatum. In the left pane. 14. click OK. The containers contain configuration data used by Active Directory. in the Connection Point section. you can see the containers that hold the various configuration information for Exchange Server. and other domain specific configuration information. and then click CN=AdatumOrg. it does not display any partitions. 16. This shows the attributes and values that are part of the Andreas Herbinger user object.DC=Adatum. 22. type adsiedit. click Configuration. 12. By default. when you open Active Directory Service Interfaces (ADSI) Edit in Windows Server 2008 R2. . Right-click CN=Andreas Herbinger. 24. double-click CN=Users. You can verify the object type by looking at the Class column. and click Connect to. and services. In the Connection Settings dialog box. 10. expand CN=Exchange Administrative Group (FYDIBOHF23SPDLT). Right-click ADSI Edit. and then click the Members tab. Expand CN=Services. 13. 18. This displays the containers in the configuration partition of Active Directory.DC=com. there are users and groups. Notice that in the Users container. expand Default naming context [VAN-DC1. and in the Search box. In the left pane. This container stores configuration information for all address lists. This connects ADSI Edit to the configuration partition. In the left pane. The members of this group have permission to search all mailboxes in the organization for messages or content that meets specific criteria. expand CN=Administrative Groups. click CN=Client Access.

in the Select a well known Naming Context list. This connects ADSI Edit to the schema partition. 30. expand Schema [VAN-DC1. and then click CN=Schema. . click CN=ms-Exch-2003-Url.DC=Adatum.com].DC=com. in the Connection Point section.ADatum. and then click OK. In the left pane. In the Connection Settings dialog box. In the right page. 31. click Schema.CN=Configuration. and then scroll down. 29. Close ADSI Edit.Deploying Microsoft® Exchange Server 2010 1-9 28. The schema container holds a list of classes and attributes that define the objects in Active Directory. Notice that many Exchange-specific attributes and classes have been added to the Active Directory schema.

1-10 Configuring. and Troubleshooting Microsoft® Exchange Server 2010 Lesson 2 Installing Exchange Server 2010 Server Roles Contents: Additional Reading 11 . Managing.

Deploying Microsoft® Exchange Server 2010 1-11 Additional Reading Deployment Options for Exchange Server 2010 • Topologies: Overview Options for Integrating Exchange Server 2010 and Exchange Online Services • • Business Productivity Online Migrate to Microsoft Online Services Considerations for Deploying Exchange Server 2010 as a Virtual Machine • • Microsoft Support Policies and Recommendations for Exchange Servers in Hardware Virtualization Environments Windows Server Virtualization Validation Program .

1-12 Configuring. Managing. and Troubleshooting Microsoft® Exchange Server 2010 Lesson 3 Completing an Exchange Server 2010 Installation Contents: Detailed Demo Steps 13 .

Verify that the message’s delivery. 10. Close Services. 2. and that it starts fully before you start other virtual machines. Log on using the credentials for the new mailbox that you created. Under Server Configuration. so that you can read the service names. Scroll down to the Microsoft Exchange services. and then click Services. and connect to the Outlook Web App site on a Client Access server. 11. 8. verify that the server that you installed is listed. Describe the contents of the folders in this location. 4.Deploying Microsoft® Exchange Server 2010 1-13 Detailed Demo Steps Verifying an Exchange Server 2010 Installation Detailed demonstration steps Demonstration steps 1.log to open it. and expand the name column.log file. This log file contains information about the status of prerequisite and system-readiness checks that Exchange Server performs before the installation 3. If you receive a notification that one or more services failed to start when starting a virtual machine. and then click Open. and ensure that all Microsoft Exchange services that are configured to start automatically are running. 5. Click Start. 4. In the left pane. . 1. These are all of the services that Exchange Server installs. and review the Microsoft Exchange services that were added during the installation. right-click Computer. On VAN-EX1. Double-click ExchangeSetup. Demonstration steps Important: When you start the virtual machines. 7. and browse to C:\ExchangeSetupLogs. Describe some of the other files in this folder: Browse to C:\Program Files\Microsoft\Exchange Server\V14. open the Services management console. On VAN-EX1. 5. Review the contents of the ExchangeSetup. Open Internet Explorer®. open the Services console on the virtual machine. Browse to C:\ExchangeSetupLogs. click Recipient Configuration. ensure that you start 10135A-VAN-DC1 first. point to Administrative Tools. 6. 3. 6. click Start. 2. Click Toolbox and review the installed tools. Create a new mailbox. The services that Exchange Server installs vary depending on the Exchange Server roles that are installed on the server. Send an e-mail to the mailbox that you created. Open Windows Explorer. Open the Exchange Management Console. 9.

. GroupMetrics. which contains the steps that Exchange Server uses to install the Client Access server role.ps1. which contains the steps that Exchange Server uses to install the Hub Transport server role. and database log files for the mailbox databases and public folder databases. Logging. 8. 7. Browse to C:\Program Files\Microsoft\Exchange Server\V14. Configuration files for the Client Access server role. Setup generates this file. Install-MailboxRole-[date and time]. Mailbox. database files. Install-AdminToolsRole-[date and time]. Contains information about distribution groups and distribution-group membership that MailTips uses. Various log files.msilog. Describe the contents of the folders: • • • • • • • • • Bin. which contains the steps that Exchange Server uses to install the Mailbox server role. Describe some of the other files in this folder: • • • • • • • ExchangeSetup. which contains the steps that Exchange Server uses to create the Exchange Server organization. Applications and extensions that you can use to manage Exchange Server. Setup generates this file.xml files. Install-BridegeheadRole-[date and time]. Contains a single script used only by the Exchange Management Console. Scripts. Note: Other . Managing.msilog. and is the most complete log available for troubleshooting installation errors. ClientAccess. Close Notepad. . Install-ExchangeOrganization-[date and time]. This file contains information about the extraction of the Search service that Exchange Server uses. Exchange Management Shell scripts that you can use to retrieve anti-spam statistics and perform other tasks. InstallSearch. ExchangeOAB.ps1. which contains the steps that Exchange Server uses to install the Exchange administration tools. This file contains information about the extraction of the Exchange Server 2010 code from the installer file. Setup generates this file. RemoteScripts. Several . Contains the Exchange Offline Address book files that Exchange Web Services makes available.ps1 files may exist in this folder.ps1.dll and . Schema files. and Troubleshooting Microsoft® Exchange Server 2010 begins.ps1. depending on which roles are installed on this server. Install-ClientAccessRole-[date and time]. Setup generates this file.ps1.msilog or .1-14 Configuring. 9. Public. This log also contains information about every task that occurs during the Exchange Server setup.dll files. Setup generates this file.

During installation. 23. click Toolbox. 22. and then click Exchange Management Console. 12. type Test Message. 25. 24. click Recipient Configuration. type Pa$$w0rd. In the First name box. Create a new message and send it to TestUser: • • • • Click New in the toolbar. 11. Click New to create the new mailbox. 16. 18. Working. Right-click Recipient Configuration. Click OK to acknowledge that the servers are not licensed. the only relevant tool is the Microsoft Exchange Server Best Practices Analyzer Tool. and then click Internet Explorer. 13. In the Password and Confirm password boxes. On the Mailbox Settings page. and then press ENTER. and then click Next. 30. point to All Programs. In the Subject box. type TestUser as the Alias. 15. type Adatum\TestUser. type TestUser. On the Archive Settings page. . In the left pane. click Microsoft Exchange Server 2010. and then click New Mailbox. 29. In the Address bar. expand Microsoft Exchange On-Premises. Click Start. This shows all of the users and groups that are mailbox users or mail-enabled. and click Next to accept the default mailbox settings. 26. Accept the default setting of User Mailbox. The server you just installed should always appear here.Deploying Microsoft® Exchange Server 2010 1-15 • • • Setup. In the User logon name (User Principal Name) box. Accept the default setting of New user. 14. Extensible Markup Language (XML) configuration files and data.adatum. type TestUser. Click Finish. type Pa$$w0rd. TransportRoles. Click Send. In the left pane. 31. In the Domain\User name box. The Toolbox node includes tools that you can use to troubleshoot and repair Exchange Server. Click Start. and then click Server Configuration. 10. type https://VAN-EX1. and then click Next. and then click Next. 19. and then click Sign in. click Next. In the To box. type TestUser. In the Password box. Click OK to accept the default configuration for Outlook Web App. 28. Close the Exchange Management Console. point to All Programs. 17. 27. Contains an empty folder. Close Windows Explorer. 20. Folders and files that the Hub Transport Server role uses.com/owa. 21. as should the list of roles you installed. In the left pane.

click Microsoft Exchange Server 2010. our virtual machines are limited to local network connectivity. in the Active Directory Server box. 3. 4. 3. Notice that this tool can scan a single server or the whole organization. and then click Connect to the Active Directory server.1-16 Configuring. However. open Exchange Management Console. Start the Best Practices Analyzer. Click Do not check for updates on startup. 2. double-click Best Practices Analyzer. Click I don’t want to join the program at this time. The Exchange Server Best Practices Analyzer uses this server for readonly access to Active Directory. Close Internet Explorer. and Troubleshooting Microsoft® Exchange Server 2010 32. 2. view the following tabs and reports: • • • • • • Critical Issues All Issues Recent Changes Informational Items Tree reports Other reports Demonstration steps Demonstrate how the Exchange Server Best Practices Analyzer works by using the following steps. If necessary. and clear the options to check for updates and to join the customer improvement program. 1. check for updates on startup to ensure that you have the latest best practices information from Microsoft. 33. On VAN-EX1. our virtual machines are limited to local network connectivity. Demonstration: Verifying an Exchange Server 2010 Installation Detailed demonstration steps Demonstration steps 1. click Toolbox. Verify the message was received by clicking Check Messages in the toolbar. 7. Go to the Welcome page. As a best practice. In the left pane. Click Go to Welcome Screen. . 8. This allows Microsoft to make future improvements that more accurately reflect the needs of their customers. On VAN-EX1. Start a new scan. By default. 5. type VAN-DC1. and click Toolbox. 6. and then click Exchange Management Console. it authenticates as the user who is logged on. click Start. Managing. join the customer improvement program so that Microsoft can get anonymous feedback about how you use Exchange Server. Click Select options for a new scan. In the middle pane. point to All Programs. Choose to perform a Health Check scan to scan the server that you just installed. When the scan finishes. 4. As a best practice. However.

The first tab displayed is the Critical Issues tab. Close the Exchange Management Console. and other configuration information. This scan checks the health of your Exchange Server organization. • • • 12. In the Enter an identifying label for this scan box. This tab displays configuration information about your Exchange Server organization. 17. you must configure credentials under which the scan runs. Click the Informational Items tab. select Health Check. Click Tree Reports.Deploying Microsoft® Exchange Server 2010 1-17 9. 18. 19. 10. 15. Running this scan will take approximately two minutes. This tab shows any issues that may be a concern. 11. configure baseline values for those properties. click View a report of this Best Practices scan. nondefault configurations. Close the Exchange Server Best Practices Analyzer. This view shows all of the configuration information that the Exchange Server Best Practices Analyzer collects. This setting does not have any influence on test performance. Click Other Reports. Select Fast LAN (100 mbps or more) as the network speed. type VAN-EX1 Scan. This test checks for errors. This scan gathers performance data or performs a weekly health check. a sampling of performance data is taken over a two-hour period Permission Check. Baseline. clear the check box for VAN-EX2 and VAN-EX3. . This test verifies that network connectivity is available to the selected servers. Connectivity Check. 16. After the scan is complete. 20. Click Start scanning. recent changes. and then scan for servers to find deviations from the baseline values. The Exchange Server Best Practices Analyzer can perform four types of scans: • Health Check. The estimated scan time is generated based on the network speed selected. The Run-Time Log displays information generated during the collection and analysis of data by the Exchange Server Best Practices Analyzer. 13. This test verifies that permissions are properly configured on the selected servers. and you can use it for troubleshooting. This scan allows you to select specific properties. In the Specify the scope for this scan box. This tab highlights issues that you should consider addressing immediately. If necessary. to perform a scheduled scan. The credentials are configured in the Connect to Active Directory screen in the advanced logon options. warnings. However. You also can schedule scans for specific times. 14. Click the All Issues tab. When you select the Performance check option.

Troubleshooting tip • Verify that you are logged on to the domain. You run setup with /PrepareAD parameter and receive an error message. Issue You start the Exchange installation and get an error message stating that you do not have sufficient permissions. An organization has a main office and multiple smaller branch offices. you are more likely to install specific server roles if you deploy multiple servers. and there is enough available bandwidth for the users to have a positive experience with e-mail. If the branch office has a large number of . You start the Exchange installation and the prerequisite check fails. For answers. A third option is to review the server-event logs. What factors should you consider while purchasing new servers for your Exchange Server 2010 deployment? Answer: The most important consideration is that you can install Exchange Server 2010 only on 64-bit hardware. and the bandwidth between the branch office and main office. 3. Real-world issues and scenarios 1.1-18 Configuring. The installation of Exchange Server 2010 fails. you might choose not to deploy Exchange servers in the office. 2. these sources of information should indicate clearly why the installation fails. • Verify the account has sufficient permissions. What criteria would you use to decide whether to install an Exchange server in a branch office? What additional factors should you consider if you decide to deploy an Exchange server in the branch office? Answer: The most important criteria are the number of users in the branch office. Managing. • Ensure that you are running setup in the same Active Directory site as the schema master domain controller. and Troubleshooting Microsoft® Exchange Server 2010 Module Reviews and Takeaways Review questions 1. What information sources can you use to troubleshoot the issue? Answer: The two most important sources of information are the setup logs and the error message that displays when the installation fails. Additional considerations include capacity planning and redundancy requirements. refer to relevant lessons in the module. you do not need to be concerned with the Active Directory prerequisites. which means that you must buy this type of hardware. If the number of users is low. How would the deployment of additional Exchange Server 2010 servers vary from the deployment of the first server? Answer: When you deploy the second server. • Verify that the server meets the software requirements. Additionally. as these will already have been configured for the first server installation. In most cases. Common issues related to installing Exchange Server 2010 Identify the causes for the following common issues related to installing Exchange Server 2010 and explain the troubleshooting tips.

Consider deploying at least two Exchange Server 2010 servers. Client Access server. the organization should consider whether to use Hyper-V to provide high availability for the Exchange servers. If the organization deploys multiple forests. it is more feasible to use the Hyper-V failover component. or a single Exchange organization. you must ensure that you deploy a Mailbox server. you can provide complete redundancy for the core Exchange server roles. Client Access server Hub Transport server Mailbox server Unified Messaging server • • You can deploy the Edge Transport server at any time. c. Best practices for deploying Exchange Server 2010 Supplement or modify the following best practices for your own work situations: • Plan the hardware specifications for your Exchange Server 2010 servers to allow for growth. In most organizations. or to use the built-in Exchange high availability options.Deploying Microsoft® Exchange Server 2010 1-19 users. and enable user accounts from one forest to access mailboxes in the other forest. For Mailbox servers. deploy the server roles in the following order: a. they will need to plan for the replication of information such as free/busy information between the forests. What issues will this organization experience when they deploy Exchange Server 2010? Answer: Organizations with multiple forests need to decide whether to deploy two Exchange organizations. An organization has deployed Active Directory directory services within two different forests. b. . Secondly. the amount of e-mail traffic and the size of the user mailboxes are growing rapidly. you may choose to put an Exchange server in the office. What factors should the organization consider in their planning? Answer: Firstly. and Hub Transport server. the organization cannot deploy Unified Messaging servers on virtual machines. For other Exchange server roles. and that you deploy a global catalog server in the office. 2. An organization is planning to deploy Exchange Server 2010 servers as virtual machines running on Hyper-V in Windows Server 2008 R2. When deploying multiple Exchange servers with dedicated server roles for each server. d. or if the client connections to Exchange servers in the main office are slow. but it does not integrate automatically with your organization until you deploy a Hub Transport server. we recommend strongly that you use DAGS. With two servers. If you put an Exchange Server 2010 server in a branch office. 3.

Other organizations regularly run the tool. Recommend to the students that they should run the tool regularly. Managing. Some organizations use the Exchange Server Best Practices Analyzer only once. and Troubleshooting Microsoft® Exchange Server 2010 Lab Review Questions and Answers Question: What issues did you identify in the Exchange Server deployment by using the Exchange Best Practices Analyzer? Question: How will you use the Exchange Best Practices Analyzer in your organization? Answers to this question will vary.1-20 Configuring. . after the initial deployment. and especially when they are troubleshooting an issue with the Exchange deployment.

Configuring Mailbox Servers 2-1 Module 2 Configuring Mailbox Servers Contents: Lesson 1: Overview of Exchange Server 2010 Administrative Tools Lesson 2: Configuring Mailbox Server Roles Lesson 3: Configuring Public Folders Module Reviews and Takeaways Lab Review Questions and Answers 2 7 13 18 20 .

and Troubleshooting Microsoft® Exchange Server 2010 Lesson 1 Overview of Exchange Server 2010 Administrative Tools Contents: Question and Answers Detailed Demo Steps 3 4 . Managing.2-2 Configuring.

the Exchange System Manager is not role-oriented. Question: Does the Exchange Management Console have the same functionality as it did in previous Exchange Server versions? What is different about this version? Answer: In Exchange Server 2010. Therefore. answers will vary. In versions before Exchange Server 2007. you use the Exchange Management Console to configure computers running Exchange Server. all options are available in the properties dialog box of the server or the organization. users could configure Exchange Server with the Exchange System Manager. However. into role-based settings. In Exchange System Manager. . students should see that the management structure correlates to the server roles. Exchange Server organizes all configuration options in the Exchange Management Console logically.Configuring Mailbox Servers 2-3 Question and Answers Demonstration: What Is the Exchange Management Console? Question: Does the Exchange Management Console organization seem logical to you? Why? Answer: Depending on student experience.

and Troubleshooting Microsoft® Exchange Server 2010 Detailed Demo Steps Demonstration: What Is the Exchange Management Console? Detailed demonstration steps Demonstration steps 1. click Mailbox. click Mailbox. 5. 6. 4. and then view the information available in the Content pane.2-4 Configuring. 6. Recipient Configuration. 2. click Mailbox. and the Actions pane on the right. In the Console Tree. click All Programs. expand Server Configuration. Expand each of the nodes to view the available information. expand Server Configuration. 2. Describe the console’s layout: The Console Tree on the left. click Mailbox. Expand each Console Tree section to view the available nodes. In the Console Tree. Server Configuration. expand Organization Configuration. Recipient Configuration. Note the console’s layout: Console Tree on the left. click Exchange Server 2010. In the Console Tree. and then view the available information in the Content pane. Managing. expand Recipient Configuration. On VAN-EX1. 7. and then click Exchange Management Console. In the Console Tree. expand Recipient Configuration. Content pane in the middle. click Start. 3. and then view the available information in the Content pane. Demonstration steps 1. Open the Exchange Management Console. 7. Server Configuration. the Content pane in the middle. click Mailbox. and Actions pane on the right. and Toolbox. In the Console Tree. click Mailbox. expand Organization Configuration. Notice that the Console Tree has four nodes: Organization Configuration. 5. 4. and then view the information in the Content pane. Demonstration: Working with the Exchange Management Shell Detailed demonstration steps Demonstration steps The instructor will run the following cmdlets: • Get-Mailbox . 3. Expand Microsoft Exchange On-Premises. Point out that the Console Tree has four nodes: Organization Configuration. In the Console Tree. and then view the information in the Content pane. and then view the available information in the Content pane. and Toolbox.

6. 2. since fl is an alias for Format-List. and then click Exchange Management Shell. you must specify the Read-Host command with the –AsSecureString switch. Run Get-Help New-Mailbox -detailed to view the detailed help for New-Mailbox. Run Get-Help New-Mailbox -examples to view just the examples that the help provides. Run $Temp to view the variable’s contents . IssueWarningQuota Get-Help New-Mailbox Get-Help New-Mailbox -detailed Get-Help New-Mailbox -examples $Temp = “Text“ $Temp $password = Read-Host “Enter password“ –AsSecureString New-Mailbox -UserPrincipalName chris@contoso. Run Get-Help New-Mailbox to view the basic help for New-Mailbox. Explain that the format is different from the previous output. and then view the output. click Exchange Server 2010. 12. Run New-Mailbox -UserPrincipalName chris@contoso. because you cannot store passwords as simple strings.com -Alias Chris -Database “Mailbox Database 1“ -Name ChrisAshton -OrganizationalUnit Users -Password $password FirstName Chris -LastName Ashton -DisplayName “Chris Ashton“ ResetPasswordOnNextLogon $true Demonstration steps 1. 13. and then verify that it is identical to the previous output. 9. click All Programs. Explain that the table output shows only the fields you specify. Emphasize that to assign a password to a new user. Run Get-Mailbox. 5. Run Get-Mailbox | Format-Table. 8. Run Get-Mailbox | fl. and then view the output. 4. IssueWarningQuota. Run Get-Mailbox | ft Name. 7. 3. click Start. Run $password = Read-Host “Enter password“ –AsSecureString to prompt the user for a password. and then view the output. 10.Configuring Mailbox Servers 2-5 • • • • • • • • • • • Get-Mailbox | Format-List Get-Mailbox | fl Get-Mailbox | Format-Table Get-Mailbox | ft Name. Type Pa$$W0rd and press ENTER. Create a variable by running $Temp = “Text” 11. Database. Database.com -Alias Chris -Database “Mailbox Database 1“ -Name ChrisAshton -OrganizationalUnit Users -Password $password -FirstName Chris -LastName Ashton -DisplayName “Chris Ashton“ - . On VAN-EX1. Run Get-Mailbox | Format-List.

2-6 Configuring. . Note: Assign a password to a new user by specifying the Read-Host cmdlet with the -AsSecureString switch. because passwords cannot be stored as simple strings. and Troubleshooting Microsoft® Exchange Server 2010 ResetPasswordOnNextLogon $true to create a new and secure mailbox for user Chris Ashton. Managing.

Configuring Mailbox Servers 2-7 Lesson 2 Configuring Mailbox Server Roles Contents: Question and Answers Detailed Demo Steps 8 10 .

we never recommend this option in a single-server production environment. and Troubleshooting Microsoft® Exchange Server 2010 Question and Answers Demonstration: How to Configure Mailbox Server Role Configuration Options Question: What additional tasks do you need to perform on the Mailbox server role after the Exchange Server 2010 installation occurs? Answer: You must complete all of the post-installation steps. Question: When might you use circular logging? Answer: Enabling circular logging allows transaction logs to be overwritten after they are committed to the database. depending on the students. Since Exchange Server does not maintain transaction logs. as a best practice. Discussion: Considerations for Implementing Databases Question: What should you consider when naming databases? Answer: Beginning with Exchange Server 2010. securing the server. their size should coincide with the backup and recovery times that you define for the messaging system. yet still have enough room for growth. Managing. Often organizations create databases to separate users in different departments or geographic regions. Maintaining a database at a manageable size also is important. You should size databases to fit on the available storage. Additionally. they are not available for use in recovery. or users that require different service levels. you should not leverage the following in database-naming conventions: • • • • The server name The Active Directory site name (for the site resilience case) The physical data center name (for the site resilience case) The Exchange organization name Question: When would you want or need to create multiple databases? Answer: You may discuss a number of reasons. including creating and configuring databases. Therefore. You would use this option when you do not require the need to recover data between full backups. and configuring recipients and the offline address book.2-8 Configuring. However. Demonstration: Configuring Database Options Question: When would you need to move the path of the transaction logs or databases? Answer: You may need to move the database files during the initial configuration to ensure that the files are on the appropriately configured disks. databases are no longer children of server objects. and a database can replicate to multiple Mailbox servers if you configure them for high availability. Question: Why would you want to reduce the number of databases? .

.Configuring Mailbox Servers 2-9 Answer: You may discuss several reasons. depending on the students. it may be beneficial to limit how many databases you have. each mounted database consumes additional memory on the server. An organization may want to reduce the number of databases it has to reduce licensing needs and the administrative overhead that comes with having multiple databases. Question: What should you consider when planning to build additional Mailbox servers? Answer: You may need to place Mailbox servers in locations closer to the users to improve performance or reduce bandwidth charges. so in some instances. Adding additional Mailbox servers to the same site may be required to handle additional users or to handle increased usage from current users. Additionally.

and then view the properties of a mailbox database. In the Actions pane. click Properties. 5. 3. . and Client Settings tabs. View the Manage Diagnostic Logging options. expand Server Configuration. View the options on the System Settings tab. Enter Product Key. under VAN-EX1. and then close the Properties dialog box. In the Console Tree. 7. 4. and then click Mailbox. Demonstration steps 1. View the properties of the server and review the options on the General. On VAN-EX1. click All Program. and Properties. 5. 4. Maintenance. and Customer Feedback Options tabs. 4. System Settings. Open the Exchange Management Console.2-10 Configuring. 8. 2. Messaging Records Management. click Exchange Server 2010. In the Console Tree. and then click Mailbox. select VAN-EX1. and then click Exchange Management Console. In the Console Tree. and Properties. 2. expand Microsoft Exchange On-Premises. View the properties on the General tab. Switchover Server. 5. In the Mailbox pane. expand Microsoft Exchange On-Premises. expand Organization Configuration. Describe the available options in the Actions pane: Manage Diagnostic Logging Properties. 3. expand Server Configuration. click Start. Select the Database Management tab. View the properties on the General. Run the Move Database Path wizard to move the database files. Note the available options in the Actions pane: Manage Diagnostic Logging Properties. and then click Mailbox. Open the Exchange Management Console. and then select Messaging Records Management. 6. 2. 3. Managing. and Troubleshooting Microsoft® Exchange Server 2010 Detailed Demo Steps Demonstration: How to Configure Mailbox Server Role Configuration Options Detailed demonstration steps Demonstration steps 1. Demonstration: Configuring Database Options Detailed demonstration steps Demonstration steps 1. View the options on the Messaging Records Management tab. Click Manage Diagnostic Logging in the Actions pane. and then view the logging options. Limits. and then select System Settings.

type a new database file path (C:\NewFolder1\DB\Mailbox Database 1. 5. click Exchange Server 2010. 3. if required. click All Programs. and then choose Properties. right-click on Mailbox Database 1. and then click Move Database Path in the Actions pane. Click the Mailbox Settings. tab. Unselect Use mailbox database defaults. 3. 9. In the Console Tree. View the properties on the Limits tab. Confirm and complete the move process. Configure the database limits with the Get-MailboxDatabase cmdlet. 4. and then select the Maintenance tab. If time permits. On VAN-EX1.edb’. View the properties on the General tab. click Start. and then open the Exchange Management Shell. 7. and then select the Limits tab. and modify the value for Prohibit send and receive at (MB). Select the Database Management tab. 8. and then click Move. In the Console Tree. Run Move-DatabasePath -id ’Mailbox Database 1’ -LogFolderPath ’C:\NewFolder2\Logs\’. and then select the Client Settings tab. Select Mailbox Database 1. Close the Properties dialog box. expand Recipient Configuration. expand Organization Configuration. 2. 8. 3. View the properties on the Maintenance tab. and double-click Storage Quotas. . In the Move Database Path wizard. Right-click a user mailbox. and click Mailbox.Configuring Mailbox Servers 2-11 Demonstration steps 1. 5. demonstrate moving the database files using the Exchange Management Shell: 1. 2. 6. Logon to VAN-EX1 with you administrator account. Run Move-DatabasePath -Id ’Mailbox Database 1’ -EdbFilePath ’C:\NewFolder2\DB\Mailbox Database 2. and click Properties. Open Exchange Management Shell. expand Microsoft Exchange On-Premises. 6. 2. Configure just the user mailboxes that are contained in the Marketing department with the GetMailbox. Open the Exchange Management Console. Demonstration: How to Manage Mailbox Size Limits Detailed demonstration steps Demonstration Steps 1. 4. and then click Mailbox. expand Microsoft Exchange On-Premises. 10. 7. and then open Exchange Management Console.edb) and log folder path (C:\NewFolder1\Logs\).

2-12 Configuring. and in the text box. expand Microsoft Exchange On-Premises. 8. 9. click All Program Files. 5. and Troubleshooting Microsoft® Exchange Server 2010 Demonstration steps 1. and then click Mailbox. . 7. if required. To configure the database limits with Exchange Management Shell. 4. click Start. In the Console Tree. and then double-click on Storage Quotas. and then choose Properties. Click OK twice. 6. In the Content pane. type 10. expand Recipient Configuration. Open the Exchange Management Shell. run Get-Mailbox -OrganizationalUnit Marketing | Set-Mailbox -ProhibitSendQuota 75MB. On VAN-EX1. right-click Luca Dellamore. click Exchange Server 2010. 2. To configure just the user mailboxes that are contained in the Marketing organizational unit. 3. Select the Mailbox Settings tab. Managing. run Get-MailboxDatabase Server VAN-EX1 | Set-MailboxDatabase -IssueWarningQuota 50MB. and then click Exchange Management Console. Clear the Use mailbox database defaults check box Select the Prohibit send and receive at (MB) check box.

Configuring Mailbox Servers 2-13 Lesson 3 Configuring Public Folders Contents: Question and Answers Additional Reading Detailed Demo Steps 14 15 16 .

. calendars. document repositories. or discussion groups.2-14 Configuring. Managing. Some companies may choose to use public folders for shared mail queues. and Troubleshooting Microsoft® Exchange Server 2010 Question and Answers When to Use SharePoint Instead of Public Folders Question: For what does your company currently use public folders and SharePoint? Answer: Answers will vary considerably. Other companies may choose to use SharePoint for the same reasons.

Configuring Mailbox Servers 2-15 Additional Reading Configuring Public Folder Replication • Exchange Server 2010 Help Understanding Public Folder Replication .

click Connect to a Server. On VAN-EX1. In the Console Tree. click Exchange Server 2010. and Troubleshooting Microsoft® Exchange Server 2010 Detailed Demo Steps Demonstration: How to Configure Public Folders Detailed demonstration steps Demonstration steps Use the PFMC to add replicas and set permissions on a public folder 1. right-click Sales. In the Content pane. double-click Public Folder Management Console. 4. If not already connected. and then select the Statistics tab. 3. Open the PFMC. View the properties of the Sales public folder. click All Program Files. 2. Demonstration steps Use the PFMC to add replicas and set permissions on a public folder 1. and then in the Connect to Server dialog box. Open the Exchange Management Console. 2. Create a new public folder named Sales. click OK. expand Microsoft Exchange On-Premises. Limits. and Replication tabs. View the permissions for the Sales public folder. In the Content pane. 3. Use the Exchange Management Shell to add permissions to a public folder The instructor will run the following cmdlets: Get-PublicFolderClientPermission \Sales Add-PublicFolderClientPermission \Sales -AccessRights EditAllItems -User Jason Use Outlook to view and edit public folder permissions 1. type Sales.2-16 Configuring. Add a replica to the Sales public folder. and then click Connect. 4. 7. Managing. and then expand Toolbox. select VAN-EX1. . In the New Public Folder Wizard. click Start. 9. 6. In the Select Public Folder Servers dialog box. 3. 5. 8. Open Outlook. and then view the options on the General. and then click New Public Folder in the Actions pane. Statistics. and then connect to a Mailbox server. click New. if required. and then click Finish. 2. Logon to VAN-CL1 as Adatum\Administrator. Select the Default Public Folders node in the Console Tree. click Browse. and then open Exchange Management Console. 5. and then click Properties. view the available options. View the information available on the General tab. in the Actions pane.

and then view the results. open Outlook. Expand Public Folders. 2. and then view the available options. 13. right-click Sales. Run Get-PublicFolderClientPermission \Sales.Configuring Mailbox Servers 2-17 10. Use the Exchange Management Shell to add permissions to a public folder 1. . and then click OK. Run Add-PublicFolderClientPermission \Sales -AccessRights EditAllItems -User Jason. Open the Exchange Management Shell. 4. Click Add. 2. and then select the Limits tab. Click OK. View the information available on the Statistics tab. Click Folder List in the Outlook bar. On VAN-CL1. Select the Permissions tab. and then select the Replication tab. Use Outlook to view and edit public folder permissions 1. select PF2 on VAN-EX2. 11. 12. View the information available on the Limits tab. and then click Properties. expand All Public Folders. 3. 3.

Additionally. 2. to ensure the Mailbox server will perform adequately. Issue Troubleshooting tip Use performance-testing tools. After applying limits on each of the mailbox databases. You are planning to deploy a new Mailbox server on a different server and storage platform. maintenance schedules. default public folder databases. some of the users are exceeding these limits. What customizations can you make on mailbox databases? Mailbox database-configuration options include mailbox limits. Real-world issues and scenarios 1. For answers. and none of the users with Exchange Server 2010 mailboxes can access legacy public folders via Outlook Web App. the Exchange Management Console has several other tools that you can use. such as Exchange Load Generator or Jet Stress. Verify that the mailboxes are set to inherit limit settings from the database. 3. Your organization would like to automate creation of user mailboxes for employees based on their status in your organization’s human-resources system. Common issues related to designing mailbox databases Identify the causes for the following common issues related to designing and implementing Exchange Server mailbox databases and fill in the troubleshooting tips. What information should you consider when selecting the hardware? You should consider many facts when choosing storage. but other products and technologies may better server them. When can you use public folders? Exchange Server 2010 supports public folders fully. 2. refer to relevant lessons in the module. Verify that a replica of the required public folders exists on an Exchange Server 2010 server. and circular logging. What can you use to perform this automation? . There are several solutions that work within public folders. Which tools can you use to manage Exchange Server 2010? The Exchange Management Shell and the Exchange Management Console are the two main tools for managing Exchange Server. Managing. and Troubleshooting Microsoft® Exchange Server 2010 Module Reviews and Takeaways Review questions 1. There are tools that you can use to approximate the requirements and help you make an informed decision. Your organization needs to determine which storage solution to deploy for the new Exchange Server 2010 messaging environment. journaling recipients. so you can use a variety of solutions.2-18 Configuring. Your focus should be on providing enough disk space and throughput that to meet your needs. You are migrating from Exchange Server 2003. rather than having to be set separately.

Determine whether other solutions.Configuring Mailbox Servers 2-19 The Exchange Management Shell provides an interface for scripting administrative tasks. meet user needs better. • Managing recipients Where to find it Exchange Management Console Start menu Exchange Management Shell Start menu Exchange Control Panel Outlook Web App . 3. Best practices related to public folder deployment planning Supplement or modify the following best practices for your own work situations: • • • Determine the public folder features that your organization needs. its servers. its servers. such as user creation and modification. and its recipients. One suggestion is to give department heads and administrative assistants the necessary access to manage departmental and projectbased groups. so that public folder data does not grow uncontrolled and outdated. What can you use to accomplish this task? You can use the ECP and appropriate RBAC permissions to enable nontechnical personnel to manage groups. Tools Tool Use for • Configuring the Exchange Server organization. Your organization wants to reduce administrative costs. and its recipients. such as SharePoint or InfoPath. You also can use Exchange Management Shell programmatically from inside other applications. such as multiple master replications. Define specific age and size limits. • Configuring the Exchange Server organization. • Completing bulk-management tasks.

Managing.2-20 Configuring. and Troubleshooting Microsoft® Exchange Server 2010 Lab Review Questions and Answers Question: What happens to the database’s status when you move the database files? Answer: When you move database files. Question:When you create a public folder. only one replica is created. . to ensure that the data is redundant. This causes the database to be unavailable. which means that end users cannot send and receive e-mail until the database is online again. the database is taken offline. how many replicas does it have? Answer: When you create a public folder with the Public Folder Management Console in Outlook. Therefore. you must add a replica.

Managing Recipient Objects 3-1 Module 3 Managing Recipient Objects Contents: Lesson 1: Managing Mailboxes Lesson 2: Managing Other Recipients Lesson 3: Configuring E-Mail Address Policies Lesson 4: Configuring Address Lists Lesson 5: Performing Bulk Recipient Management Tasks Module Reviews and Takeaways Lab Review Questions and Answers 2 12 17 21 26 30 32 .

3-2 Configuring. Managing. and Troubleshooting Microsoft® Exchange Server 2010 Lesson 1 Managing Mailboxes Contents: Question and Answers Additional Reading Detailed Demo Steps 3 5 6 .

Typically. Question: What is the difference between Send on behalf of permissions and Send As permissions? Answer: Send As permissions allow you to impersonate another user. You use this for people outside your organization that you want to include in the GAL. nonrepetitive tasks. users prefer the graphical user interface (GUI) for small. Demonstration: How to Move Mailboxes Question: What is the benefit of scheduling mailbox moves? Answer: By scheduling mailbox moves. Typically. when necessary. repetitive tasks. Users cannot be logged on when their mailbox moves. you can move mailboxes during off-peak hours when users are not logged on. this enables a specific user to have a higher storage limit than other users. Designing Resource Booking Policies Question: How will you use resource mailboxes in your environment? . Demonstration: How to Manage Mailboxes Question: What tools do you prefer to use for managing mailbox users? Answer: Answers will vary. while specialized Exchange Server administrators perform tasks that pertain to server support. Question: How does your organization delegate Exchange and Active Directory management tasks? Answer: Answers will vary. that is a queue where all users can access and respond to messages. Demonstration: How to Configure Mailbox Permissions Question: When would more than one user need to access the same mailbox? Answer: Providing access to multiple users for the same mailbox is useful for generic mailboxes. Configuring Mailbox Settings Question: Why would you configure mailbox size limits on individual mailboxes? Answer: By configuring mailbox size limits. you can override the mailbox database defaults for specific users. the help desk performs basic recipient-management tasks. such as a help-desk mailbox. and then prefer the Exchange Management Shell for larger. Send on behalf of permissions indicates that you are responding for that person.Managing Recipient Objects 3-3 Question and Answers Discussion: Types of Exchange Server Recipients Question: How is a mail-enabled contact different from a mail-enabled user? Answer: A mail-enabled contact does not have an Active Directory user account. Usually.

Many businesses use resource mailboxes to track conference room usage and equipment. Managing. Demonstration: How to Manage Resource Mailboxes Question: How does your organization use resource mailboxes? Answer: Answers will vary. . such as projectors and video-conference equipment.3-4 Configuring. and Troubleshooting Microsoft® Exchange Server 2010 Answer: Answers will vary by student. Other properties will vary by the equipment type. Question: Which attributes are useful for your resource mailboxes? Answer: You can use resource capacity to specify the maximum number of people a room can hold. Many organizations need resource mailboxes to facilitate room bookings.

Managing Recipient Objects 3-5 Additional Reading Discussion: Types of Exchange Server Recipients Exchange Server 2010 Help: Understanding Recipients Reasons for Moving Mailboxes • Exchange Server 2010 Help: Understanding Mailbox Moves Demonstration: How to Move Mailboxes • Exchange Server 2010 Help: Understanding Mailbox Moves Demonstration: How to Manage Resource Mailboxes Exchange Server 2010 Help: Create a Room Mailbox .

and then select Mailbox.com. Run Enable-MailUser “Daniel Brunner“ –externalemailaddress Daniel@contoso. Close Exchange Management Shell. expand Adatum.com.3-6 Configuring. and then click Exchange Management Shell. Note: Remove-mailbox deletes the specified user account and mailbox. and run the following cmdlets: • • 3. 5. Demonstration steps Use the Exchange Management shell to mail-enable an existing user: 1. Enable-MailUser “Daniel Brunner“ –externalemailaddress Daniel@contoso. click Microsoft Exchange Server 2010. Click Start. Open Exchange Management Console. click Administrative Tools. On VAN-EX1. Use the Exchange Management Console to create a new mail-enabled user: . Type Y. and Troubleshooting Microsoft® Exchange Server 2010 Detailed Demo Steps Demonstration: How to Manage Mailboxes Detailed demonstration steps Demonstration steps Use the Exchange Management shell to mail-enable an existing user: 1. verify Daniel Brunner still is present. 8. 6. then click Users.com Disable-MailUser “Daniel Brunner“ In Active Directory Users and Computers. expand Microsoft Exchange On-Premises. and view the results. and locate Daniel Brunner. Open Exchange Management Shell. click All Programs. 7. 7. Run the New Mailbox wizard. click Start. 4. and create a new user account and mailbox for Kim Akers. and disablemailbox removes the mailbox. 2. Close Active Directory Users and Computers. Create a new mail-enabled user with the Exchange Management Console. Create the mailbox in the Accounting mailbox database. 4. verify that the Daniel Brunner user still exists. and ensure that Daniel Brunner exists in the Users container. expand Recipient Configuration. Managing. Run Disable-MailUser “Daniel Brunner“. In the Console Tree. 5. In Active Directory Users and Computers. In Active Directory Users and Computers. Open Active Directory Users and Computers. 3. 2. but leaves the user account enabled. and then open Active Directory Users and Computers. 6.

In the Select User or Group dialog box. click New Mailbox. 6. and then click Mailbox. Click Accounting. Click Start. Open Exchange Management Console. click Manage Send As Permission. select the Kim Akers mailbox. 2. 3. In the Results pane. Demonstration: How to Manage Mailboxes Detailed demonstration steps Demonstration steps Assign Wei Yu send as permissions on Kim Akers’s mailbox: 1. 5. Choose User Mailbox. Click Manage. 5. Click Finish. . 7.Managing Recipient Objects 3-7 1. and then click OK. 8. and click Browse. 2. Type Kim as the Alias. Click Finish. In the Actions pane. click OK. 6. 4. and then in the Actions pane. click Microsoft Exchange Server 2010. and then select Mailbox. 12. Choose New user. 10. and then click Next. choose Wei Yu. click All Programs. and then click Exchange Management Console. Fill in the following information: • • • • • First Name: Kim Last Name: Akers User logon name (User Principal Name): Kim Password: Pa$$w0rd Confirm password: Pa$$w0rd 7. and then click Next. 3. 4. In the Manage Send As Permission wizard. expand Microsoft Exchange On-Premises. and then click Next. 9. click Add. In the Console Tree. In the Console Tree. expand Recipient Configuration. Click New. expand Recipient Configuration. Select the Specify the mailbox database rather than using a database automatically selected check box. 11. Click Next. Assign Wei Yu full access to Kim Akers’s mailbox. expand Microsoft Exchange On-Premises. Click Next.

click Manage Send As Permission. 7. 4. Click Finish. and then select Mailbox. and then click OK. expand Recipient Configuration. In the Results pane. In the Manage Full Access Permission wizard. In the Select User or Group dialog box. It was assigned. click All Programs.3-8 Configuring. and then click Exchange Management Console. 4. and then click OK. and then in the Actions pane. click Start. 2. and Troubleshooting Microsoft® Exchange Server 2010 1. 5. You will notice that the SELF security principal. click Start. 4. It was assigned. On VAN-EX1. when the mailbox was created. click Add. already is assigned. and then in the Actions pane. Wei Yu now can send e-mail as Kim Akers if he chooses to change the From address 3. In the Select User or Group dialog box. Click Finish. which enables a user to manage his permissions. click Microsoft Exchange Server 2010. In the Manage Send As Permission wizard. by default. Demonstration: How to Move Mailboxes Detailed demonstration steps Demonstration steps Move Kim Akers’s mailbox to Mailbox Database 1: 1. click Manage Full Access Permission. and then in the Actions pane. 6. Demonstration steps Assign Wei Yu Send As permissions on Kim Akers’s mailbox: 1. 3. when composing a new e-mail message. click Manage Full Access Permission. In the Results pane. when the mailbox was created. 5. click Microsoft Exchange Server 2010. select the Kim Akers mailbox. 2. Select the Kim Akers mailbox. and then click Finish. Assign Wei Yu full access to Kim Aker’s mailbox: 1. if required. click All Programs. choose Wei Yu. Managing. You will notice that the SELF security principal. 2. click Add. select the Kim Akers mailbox. which enables a user to manage his permissions. expand Microsoft Exchange On-Premises. In the Console Tree. Click Manage. choose Wei Yu. and then select Mailbox. 3. click Add. Click Manage. already is assigned. . if required. On VAN-EX1. choose Wei Yu. 2. Click Manage. and then click OK. In the Console Tree. expand Microsoft Exchange On-Premises. expand Recipient Configuration. and then click Exchange Management Console. by default. In the Manage Full Access Permission wizard. In the Select User or Group dialog box.

expand Microsoft Exchange On-Premises. Click New. 6. In the Console Tree. In the Console Tree. if required. and then select Mailbox. 6. Verify that Skip the mailbox is selected. and then click OK. 5. click Browse. 8. Click Finish. click New Local Move Request. click All Programs. and then click Exchange Management Console. and then click Exchange Management Console.Managing Recipient Objects 3-9 3. Select the Kim Akers mailbox. click Microsoft Exchange Server 2010. Note: If the mailbox move fails. Click Next. while preserving the valid data. Click Next. start the Microsoft Exchange Mailbox Replication service. 8. 4. In the New Local Move Request wizard. and then in the Actions pane. Verify that Skip the mailbox is selected. You can use this option to move corrupted mailboxes. expand Recipient Configuration. click All Programs. 9. and the error indicates that no MRS service is available. Select the Kim Akers mailbox. 4. and then click Next. and then click Next. and then in the Actions pane. Click Finish. 2. and then select Mailbox. 3. 7. On VAN-EX1. Select Mailbox Database 1. Select Mailbox Database 1. click Browse. In the New Local Move Request wizard. and try the mailbox move again. click Microsoft Exchange Server 2010. . expand Microsoft Exchange On-Premises. expand Recipient Configuration. The Skip the corrupted messages option moves the noncorrupt messages to the new database up to the threshold selected. On VAN-EX1. 7. and then click OK. Click New. click Start. click Start. click New Local Move Request. Demonstration steps Move Kim Akers’s mailbox to Mailbox Database 1: 1. expand Recipient Configuration. 9. In the Console Tree. and then select Move Request to view the status of the move request. if required. 10. Demonstration: How to Manage Mailboxes Detailed demonstration steps Demonstration steps 1. 5. 2.

5. expand Microsoft Exchange On-Premises. Verify New user is selected. click New Mailbox. and then click Next. 10. and then click More. After creating the room mailbox. and in the Actions pane. Create a new room mailbox with the following information: • • • • Name: Conference Room 1 User logon name (User Principal Name): ConferenceRoom1 Password: Pa$$w0rd Alias: ConferenceRoom1 4. Name: Conference Room 1. In the Untitled Meeting window. 9. In the Results pane. Fill in the following information: • • • • 6. and Troubleshooting Microsoft® Exchange Server 2010 3. type Sales Meeting as the subject. Click New. 11. Open Internet Explorer. User logon name (User Principal Name): ConferenceRoom1 Password: Pa$$w0rd Confirm Password: Pa$$w0rd Click Next. Send the meeting request and verify that the resource accepted the invitation. In the Actions pane. In the Address Book window. Verify Create an archive mailbox for this account is not selected. and then click Exchange Management Console. and type Conference Room 1 in the Location field. and then click Next. Select a Start time and an End time. type Administrator in the To field. and then select Mailbox. click All Programs. and log on to Outlook Web App as Adatum\Administrator with the password of Pa$$w0rd. 1. 3. . 6. 8. Demonstration steps On VAN-EX1. click Microsoft Exchange Server 2010. 7. click Properties. Managing. In the New Mailbox wizard. Click the down arrow next to Select Rooms. In Outlook Web App. 11. create a new Meeting Request. and enable the resource booking attendant. 10. In the Console Tree. and then click Next. 9. Click Finish. expand Recipient Configuration. 4. modify the properties. 5. click Start. if required. and then click Next.3-10 Configuring. and then click OK. 2. and then click the Scheduling Assistant tab. select Conference Room 1. 8. Type ConferenceRoom1 as the Alias. double-click Conference Room 1. 7. select Room Mailbox.

type Administrator in the To field. and then click Meeting Request. 18. and type Conference Room 1 in the Location field. 21. Click OK. In the Untitled Meeting window. 14. . Click the down arrow next to Select Rooms. 25. 15. double-click Conference Room 1. click Start. type Sales Meeting as the subject. 22. 20. click All Programs.Managing Recipient Objects 3-11 12. 23. and then click More. even if you configure other settings. On VAN-EX1. 16. Select a Start time and an End time. and then click OK. If you do not enable this option.com/owa in the address bar. 17. click the down arrow next to New. 24. 13.adatum. Click Send. the resource will not process meeting requests. In the Address Book window. 19. In Outlook Web App. Close Internet Explorer 26. and then click Internet Explorer. Log on to Outlook Web App as Adatum\Administrator with the password of Pa$$w0rd. Close Exchange Management Console. Type https://VAN-EX1. Click the Resource General tab. Click the Scheduling Assistant tab. Select the Enable the Resource Booking Attendant check box.

3-12 Configuring. Managing. and Troubleshooting Microsoft® Exchange Server 2010 Lesson 2 Managing Other Recipients Contents: Question and Answers Detailed Demo Steps 13 14 .

Many organizations create distribution groups for each department and for each special project. Creating mail-enabled users would be a security risk because the Active Directory accounts could be used to log on and access some system resources. Options for Configuring Distribution Groups Question: What is the advantage of enforcing a naming convention for distribution groups? Answer: Answers will vary. Demonstration: How to Manage Groups by Using the Exchange Control Panel Question: When would you use public groups? Answer: Answers will vary. What Are Distribution Groups? Question: When would your organization use distribution groups? Answer: Answers will vary. Some organizations may use public groups to allow users to create nonbusiness-critical or project-based groups so that the business owners can manage the groups. Naming conventions allow users to more easily identify distribution groups with their e-mail client. Many organizations may allow department or project managers to create and manage public groups to reduce the IT department administrative overhead in managing these groups. You also can use mail-enabled contacts to forward e-mail from a local mailbox to a remote mail account. Question: When would your organization use public and moderated groups? Answer: Answers will vary.Managing Recipient Objects 3-13 Question and Answers What Are Mail Contacts and Mail Users? Question: When would you use mail-enabled contacts? Answer: You can use mail-enabled contacts to display a trusted partner or contract employee in the company address list or add them to a distribution group. . Question: Why would you use a mail-enabled contact rather than a mail-enabled user? Answer: A mail-enabled contact does not support authentication to Active Directory directory services and is useful as a mechanism to add external users to the GAL.

and select Owner Approval. Log on to Exchange Control Panel as Adatum\Wei with the password of Pa$$w0rd. 4. 7. select Groups. click Approve. In the left pane. 6. Click Close. Log on to Exchange Control Panel as Adatum\Kim with the password of Pa$$w0rd. and Troubleshooting Microsoft® Exchange Server 2010 Detailed Demo Steps Demonstration: How to Manage Groups by Using the Exchange Control Panel Detailed demonstration steps Demonstration steps Add Kim Akers to the Recipient Management role group. 3. Managing. 1. 2. 6. click Join. select Sales. configure the following information: • • • 4. Double-click the Request to Join Distribution Group message in the inbox. add Kim Akers to the Recipient Management role group. . 1. and create a new Sales Group. Sign out of Exchange Control Panel. 2. In the Request to Join Distribution Group message pane.3-14 Configuring. Sign out of Exchange Control Panel. and ask to join the Sales group. Log on to ECP as Wei Yu. Select Public Groups. In the Public Groups I Belong to section. Log on to Outlook Web App as Adatum\Kim with the password of Pa$$w0rd. On VAN-EX1. Expand Membership Approval. 1. Approve Wei Yu’s request to be added to the Sales Group. in Active Directory Users and Computers. 3. Display name: Sales Alias: Sales Description: Sales Department Add the following members: • • • Manoj Syamala Rohinton Wadia Paul West 5. Log on to Exchange Control Panel as Kim Akers. In the New Group window. 5. 3. Click Save. and then click Join. 1. and create a new Public Group. In the All Groups window. 2.

Click OK. click Start. 1. 2. Log on to Exchange Control Panel as Adatum\Wei with the password of Pa$$w0rd. 3. 18. In the Select Members window. and then double-click Recipient Management. and then click Add. Click Owner Approval. and click Internet Explorer. Log on to Exchange Control Panel as Adatum\kim with the password of Pa$$w0rd. 4. 19. In the All Groups window. Demonstration Steps Add Kim Akers to the Recipient Management role group. Type https://van-ex1.com/ecp in the address bar. Click Public Groups. 13. click Join. and close Active Directory Users and Computers. Type Sales as the Alias. 6. in the Display Name box. On VAN-EX1. Type https://van-ex1. 7. In the left pane. 3. 2. 16. Close Outlook Web App.Managing Recipient Objects 3-15 4. Type Sales Department as the Description. This ensures that the group owner approves all requests that are added to the group. Log on to Exchange Control Panel as Kim Akers. Click OK. 14. click All Programs. 20. 12. Click OK. 4. Under Public Groups. On VAN-EX1. In the New Group window. 21. click All Programs. add Kim Akers to the role group. select Sales. 9. Log on to Exchange Control Panel as Wei Yu. 15.com.com/ecp in the address bar. 1. and create a new Sales Group.adatum. 22. select Groups. and send request to join the Sales group. 5. double-click the following mailboxes: • • • Manoj Syamala Rohinton Wadia Paul West 11. 17. Expand the Membership section. Click Start. type Sales. On the Members tab. click Internet Explorer. Click OK. Click Save. and click Microsoft Exchange Security Groups. open Active Directory Users and Computers. and click Join. Expand Adatum. . Sign out of Exchange Control Panel. 8.adatum. 10. Expand Membership Approval. click New. In the Public Groups I Belong to section.

Approve Wei Yu’s request to be added to the Marketing Group.com/owa in the address bar. 1. Sign out of Exchange Control Panel. Close Outlook Web App. click All Programs. click Approve. 4. 2. . 5.3-16 Configuring. Type https://van-ex1. Click Start. Log on to Outlook Web App as Adatum\kim with the password of Pa$$w0rd. and click Internet Explorer. 3. and Troubleshooting Microsoft® Exchange Server 2010 23. 24. Double-click the Request to Join Distribution Group message in the Inbox.adatum. 6. In the Request to Join Distribution Group message pane. Click Close. Managing.

Managing Recipient Objects 3-17 Lesson 3 Configuring E-Mail Address Policies Contents: Additional Reading Detailed Demo Steps 18 19 .

3-18 Configuring. . Managing. and Troubleshooting Microsoft® Exchange Server 2010 Additional Reading What Are E-Mail Address Policies? • • • Exchange Server 2010 Help: Understanding Accepted Domains Exchange Server 2010 Help: Understanding E-mail Address Policies Exchange Server 2010 Help: Upgrading Custom LDAP filters to OPATH filters Demonstration: How to Configure E-Mail Address Policies Exchange Server 2010 Help file: Managing E-mail Address policies.

and then select Hub Transport. 3. click New E-mail Address Policy. click All Programs. and then click Exchange Management Console. expand Microsoft Exchange On-Premises. 1. 2. In the Actions pane. expand Organization Configuration. Name: Fourth Coffee Display Name: Fourth Coffee Recipient container to apply filter: Adatum. and then click Next. click Microsoft Exchange Server 2010. In the Results pane. 4. On VAN-EX1. 6. and then click OK. and then select Hub Transport. 1. expand Organization Configuration. Verify that All Recipient types is selected.Managing Recipient Objects 3-19 Detailed Demo Steps Demonstration: How to Configure E-Mail Address Policies Detailed demonstration steps Demonstration steps Create a new e-mail address policy for Fourth Coffee recipients. Select fourthcoffee. expand Microsoft Exchange On-Premises. type Fourth Coffee as the name of the policy. 2.com Included recipient types: All Recipient types Use the user Alias as the local part of the e-mail address. Change the Company attribute to Fourth Coffee.com as the accepted domain. Demonstration steps Create a new E-mail Address Policy for Fourth Coffee recipients. 5. View the current E-Mail addresses that have been assigned. expand Microsoft Exchange On-Premises. 4. 5. Open the Exchange Management Console. select Adatum. 5. 3. Click Browse. .com. click Start. double-click Jane Dow. 1. In the New E-Mail Address Policy wizard. In the Console Tree. 6. 2. 3. In the Console Tree. if required. In the Console Tree. expand Recipient Configuration. Create a new e-mail address policy named with these attributes: • • • • 4. Apply the e-mail address policy immediately. Verify that the e-mail address policy has been applied. View the current e-mail addresses that have been assigned. In the Select Organizational Unit dialog box. and then select Mailbox.

click Next. The schedule allows you to set the policy to not run. 13. and then click Apply. and then select Mailbox. 18. 14. In the Properties dialog box for Jane Dow. 7. In the Step 2 box. click the E-Mail Addresses tab. and view the current E-Mail addresses assigned. Click New. and then verify that E-mail address local part and Use Alias are selected. check Recipient is in a Company. 17. In the Results pane. Click OK. 9. Click OK. Click Finish. Click Add. 2. 3. select fourthcoffee. 1. In the Console Tree. and Troubleshooting Microsoft® Exchange Server 2010 7. 15. you must add another accepted domain. Close Exchange Management Console. and then click OK. if needed. run immediately. 12.com e-mail address should have been assigned when the company change was made. and then click Next. and then click Add. You can use this option if the policy affects a large number of recipients or if the change must occur during a defined change window. 10. Click Next. . In the New E-Mail Address Policy dialog box. In the Step 1 box. This list of domains comes from the list of accepted domains. 16. You can add multiple names to this list. Click Select the accepted domain for the e-mail address. 8. click the E-Mail Addresses tab. and then view the current E-Mail addresses assigned. Verify Immediately is selected. 8. In the Properties dialog box for Jane Dow. or run at a later time.com. Managing. 5. 6. Notice that the new addresses were added and the old addresses were not removed. The new fourthcoffee. 4. double-click Jane Dow. Type Fourth Coffee for the Company. type Fourth Coffee. Click OK. click specified. expand Recipient Configuration. click Browse. To display a new domain in this list. Click the Organization tab. 11. Verify the E-mail Address Policy is being applied. In the Specify Company dialog box.3-20 Configuring.

Managing Recipient Objects 3-21 Lesson 4 Configuring Address Lists Contents: Question and Answers Additional Reading Detailed Demo Steps 22 23 24 .

You may need recipient filters to create address lists for individual buildings. depending on the organization. city. To make booking meeting rooms easier. or sales. . A large company may want to create separate address lists for departments such as accounting. address lists could be based on country. or building. Question: How do you use address lists in your organization? Answer: Answers will vary. users are organized by department or physical location. If a company has multiple physical locations. The necessary information may not be in Active Directory accounts. marketing. state. you might organize room mailboxes by physical location. Recipient type organization.3-22 Configuring. Departmental organization. Recipient filters are a flexible way to create address lists. Managing. Typically. Question: How do you use a recipient filter and Active Directory attributes to create address lists? Is the necessary information already in Active Directory accounts? Answer: Answers will vary. common reasons are: • • • Geographic organization. and Troubleshooting Microsoft® Exchange Server 2010 Question and Answers Discussion: Reasons for Configuring Address Lists Question: What are the reasons for creating multiple address lists? Answer: Although the answers may vary. but Exchange Server 2010 does not support them through the GUI.

Managing Recipient Objects 3-23 Additional Reading What Are Address Lists? Exchange 2010 Help file: Understanding Address Lists Demonstration: How to Configure Address Lists Exchange Server 2010 Help file: Managing Address Lists Configuring Offline Address Books Exchange Server 2010 Help file: Understanding Offline Address Books Options for Deploying Offline Address Books Exchange Server 2010 help: Understanding Offline Address Books .

Preview the address list. and Troubleshooting Microsoft® Exchange Server 2010 Detailed Demo Steps Demonstration: How to Configure Address Lists Detailed demonstration steps Demonstration steps Create a new E-mail Address list for Fourth Coffee recipients. click Start. In the Actions pane. 3. 3. click All Programs. Open the Address book. click New Address List. 3. expand Organization Configuration. click the Address lists tab. Managing. and then select Mailbox. 1. click Microsoft Exchange Server 2010. Type Fourth Coffee as the Name. Log on to Outlook Web App as Adatum\George with the password of Pa$$w0rd. 5. In the Console Tree. 2. Close Outlook Web App. In the Results pane. 7. 1. Name: Fourth Coffee Display Name: Fourth Coffee Container: \ Recipient container to apply filter: Adatum. 8. Create a new address list with the following attributes. and view the members of the Fourth Coffee address list. Demonstration steps Create a new address list for Fourth Coffee recipients: 1. Verify the container is \. Click Next. expand Organization Configuration. • • • • • 4. expand Microsoft Exchange On-Premises. Type Fourth Coffee as the Display name. and then click Exchange Management Console. Open Exchange Management Console. . Verify the new address list is working. On VAN-EX1. 6. if required. 5. Click Browse.3-24 Configuring. In the Console Tree. 9.com Included recipient types: All Recipient types Use the Recipient is in a Company condition to apply this policy to only recipients that list Fourth Coffee for their company attribute. 4. 2. 6. Apply the e-mail address list immediately. 2. and then select Mailbox.

type Fourth Coffee. Click Next. In the Select Organizational Unit dialog box. 17. and then click Next. and then click OK. This will list the estimated results of using the defined filter. In the Step 2 box. In the Step 1 box. Click New. 1. Click Finish. 15. Verify that All Recipient types is selected. The schedule can allow the policy to not run. 3. Close Outlook Web App. Click OK. 2. Click Preview. 16. run immediately. click the Show other address lists button. 14. You can use this when the policy will affect a large number of recipients or if change window is going to be honored. View the members of the Fourth Coffee address list. or run at a later time.Managing Recipient Objects 3-25 10. In the Specify Company dialog box. 13. 11. 6. Click Fourth Coffee. select Adatum. 4. Click the Address book icon in the Outlook Web App toolbar.com. In the Address Book window. . 21. click specified. Click OK. 18. 20. 5. Verify Immediately is selected. You can add multiple values to this list. and then click Next. 19. 12. Log on to Outlook Web App as Adatum\George with the password of Pa$$w0rd. Close the Address Book window. and then click Add. Verify the new address list is working. check Recipient is in a Company.

and Troubleshooting Microsoft® Exchange Server 2010 Lesson 5 Performing Bulk Recipient Management Tasks Contents: Question and Answers Detailed Demo Steps 27 28 . Managing.3-26 Configuring.

Managing Recipient Objects

3-27

Question and Answers
Discussion: Benefits of Managing Recipients in Bulk
Question: Describe situations where you need to create multiple recipients. Answer: Answers will vary. Some examples include: • • • Schools importing users for the new school year. Importing contacts from a comma separated values (.csv) file. Importing users from a .csv file that you export from another system

Question: Describe situations where multiple recipients need to be modified. Answer: Answers will vary. Some examples include: • • • A department is increasing users’ storage limits A new naming standard is created for the organization’s groups. You need to remove all subsidiary members because the company has been sold.

Demonstration: How to Manage Multiple Recipients
Question: Which tasks will you automate with PowerShell scripts? Answer: Answers will vary by student. Some students may express an interest in creating scripts to report on mailbox sizes, or to create new mailboxes through an automated process.

3-28

Configuring, Managing, and Troubleshooting Microsoft® Exchange Server 2010

Detailed Demo Steps
Demonstration: How to Manage Multiple Recipients Detailed demonstration steps
Demonstration steps
1. The instructor will run the following cmdlets
Get-User –filter {Company –eq "Fourth Coffee"} Disable-mailbox Jane Get-User –filter {Company –eq "Fourth Coffee"} | Enable-Mailbox –database "Mailbox Database 1"

2.

The instructor will run the following script. The script will create mailboxes based on information provided in a .csv file.
## Section 1 ## Define Database for new mailboxes $db="Mailbox Database 1" ## Define User Principal name $upndom="Adatum.com" ## Section 2 ## Import csv file into variable $users $users = import-csv $args[0] ## Section 3 ## Function to convert password string to secure string function SecurePassword([string]$plainPassword) { $secPassword = new-object System.Security.SecureString Foreach($char in $plainPassword.ToCharArray()) { $secPassword.AppendChar($char) } $secPassword } ## Section 4 ## Create new mailboxes and users foreach ($i in $users) { $sp = SecurePassword $i.password $upn = $i.FirstName + "@" + $upndom $display = $i.FirstName + " " + $i.LastName New-Mailbox -Password $sp -Database $db –DisplayName $display – UserPrincipalName $upn -Name $i.FirstName -FirstName $i.FirstName – LastName $i.LastName -OrganizationalUnit $i.OU }

3. In Exchange Management Console, verify that the users listed in the .csv file have been created.

Demonstration steps
Demonstrate how to use pipelining: 1. 2. On VAN-EX1, click Start, click All Programs, click Microsoft Exchange Server 2010, and then click Exchange Management Shell. Run: Get-User –filter {Company –eq “Fourth Coffee”}.

Managing Recipient Objects

3-29

3. 4. 5.

Run Disable-mailbox Jane. Type Y and then press ENTER. Run Get-User –filter {Company –eq “Fourth Coffee”} | Enable-Mailbox –-database “Mailbox Database 1”. Run Notepad D:\ Labfiles\DemoUsers.ps1. Explain each section of the PowerShell script. • • • • Section 1. Creates a variable named $db that stores the name of the database and a variable named $upndom that stores the name of the UPN. Section 2. Imports a CSV file with user information. Section 3. Converts the plain text password into a secure stream. Section 4. Creates the mailboxes.

6. 7. 8. 9.

Run Notepad D:\ Labfiles\DemoUsers.csv. Review the contents of the file. Run: D:\Labfiles\DemoUsers.ps1 D:\Labfiles\Demousers.csv. Click Start, click All Programs, click Microsoft Exchange Server 2010, and then click Exchange Management Console. In the Console Tree, expand Microsoft Exchange On-Premises, expand Recipient Configuration, and then select Mailbox.

10. Verify that the users were created successfully.

3-30

Configuring, Managing, and Troubleshooting Microsoft® Exchange Server 2010

Module Reviews and Takeaways
Review questions
1. How would you ensure that meeting requests to room mailboxes are validated manually before being approved? Assign a delegate for the resource, and allow the delegated user to make the decision to approve or deny meeting requests that do not fall into standard policies. 2. How would you give access to allow a user to send messages from another mailbox, without giving them access to the mailbox contents? Assign the user Send As permissions to the mailbox. 3. What should you consider when configuring offline address book distribution? You should consider the clients that you will use. Outlook 2003 requires that the offline address book be available in a public folder, whereas Outlook 2007 and newer can access the offline address book in a public folder or through Web distribution.

Common issues related to configuring Offline Address Books
Identify the causes for the following common issues related to configuring offline address books, and fill in the troubleshooting tips. For answers, refer to relevant lessons in the module. Issue The offline address book is not up-to-date with changes made during the day. Outlook 2003 clients are not able to download the offline address book. Troubleshooting tip Check to make sure that the offline address book is scheduled to be generated more than one time each day. Check to make sure the offline address book is being distributed in a public folder.

Real-world issues and scenarios
1. A company that has two large divisions and one Exchange Server organization. Employees in each division rarely communicate with each other. What can you do to reduce the number of recipients the employees of each division see when they open the Exchange address list? To make it easier for employees to find recipients who exist only in their division, you can create two new custom address lists. When searching for recipients in their division, these custom address lists allow employees to select only the address list that is specific to their division. 2. An organization has a large number of projects that leverage distribution groups. Managing group members takes considerable time. You need to reduce the time the help desk spends managing groups so that they can work on other issues. Allow end users to manage their own groups using the Exchange Control Panel. End users may require some training up front, but ultimately, this will result in time savings for the help-desk staff. 3. You employ contractors that need an e-mail address from your company. The company needs to enable the contracts to receive these messages in their current third-party mailboxes. Create mail-enabled contacts for each of the contractors, and use the contractors’ third party email address as the destination address.

• . This avoids configuration errors. Test global changes prior to making them in production.Managing Recipient Objects 3-31 Best practices related to managing recipient objects Supplement or modify the following best practices for your own work situations: • Define clear naming conventions and adhere to them. Changes to global settings. and helps both end users and administrators locate recipients easily. like e-mail address policies. Naming conventions help identify location and purpose of recipient objects. should be tested in a lab environment before you make changes in production.

for which activities will you create scripts? Answer: Answers will vary by student. Managing.3-32 Configuring. Some may suggest using scripts to create mailbox size reports or for updating user information based on data exported from a human resources database. Question: Question: In your messaging environment. such as nesting additional address lists below any empty address list. and Troubleshooting Microsoft® Exchange Server 2010 Lab Review Questions and Answers Question: Question: What is the affect of creating an empty address list on the global address list? Answer: An empty address list can be used to organize other address lists. .

Managing Client Access 4-1 Module 4 Managing Client Access Contents: Lesson 1: Configuring the Client Access Server Role Lesson 2: Configuring Client Access Services for Outlook Clients Lesson 3: Configuring Outlook Web Access Lesson 4: Configuring Mobile Messaging Module Reviews and Takeaways Lab Review Questions and Answers 2 9 16 23 31 34 .

4-2 Configuring. and Troubleshooting Microsoft® Exchange Server 2010 Lesson 1 Configuring the Client Access Server Role Contents: Question and Answers Detailed Demo Steps 3 4 . Managing.

In Exchange Server 2010. Question: How would this process change if you were requesting a certificate from an external. and one that is used only for internal access. This name then is added to the subject alternative name attribute on the certificate. and then assigning the policies to users. you would connect to the Web site and upload the certificate request file. if you have an Internet-accessible Client Access server. and make sure that you specify IMAP4.Managing Client Access 4-3 Question and Answers Demonstration: How to Configure a Client Access Server Question: Why would you create multiple Outlook Web App Mailbox policies or Exchange ActiveSync polices.adatum. .com as the server name. the only way you can control the Outlook Web App and Exchange ActiveSync user experience is by creating policies. you might configure the security settings differently. you would need to create additional policies. Demonstration: How to Configure Certificates for Client Access Servers Question: What would you need to change in this procedure if you were also enabling secure access to IMAP4 using a server name of IMAP4? Answer: You would need to add the IMAP4 service while running the New Exchange Certificate Wizard. After receiving the certificate. public CA? Answer: The process would change very little. If the public CA provided a Web site for requesting a certificate. you would import it on your server. rather than just use the default policies? Answer: If you want different users to have different experiences with Outlook Web App or Exchange ActiveSync. For example. you will need to modify the server-specific settings. Many public CAs also support e-mailing the certificate request file. Question: Why would you modify the server settings on one Client Access server to be different from those on another Client Access server? Answer: When you have two Client Access servers with different security or configuration requirements.

and cannot be used to configure the server settings. which it does not assign to any users. and Troubleshooting Microsoft® Exchange Server 2010 Detailed Demo Steps Demonstration: How to Configure a Client Access Server Detailed demonstration steps Demonstration steps 1. click OK. On VAN-EX1. you can configure the OWA settings for this server. and then click Client Access. and then click the Outlook Anywhere tab. you can define Exchange ActiveSync Mailbox policies that will configure the user experience when they connect to the Exchange servers using a mobile device. 6. Managing. 3. ensure that the Outlook Web App tab is selected. Review the default polices on the Outlook Web App Mailbox Policies and Exchange ActiveSync Mailbox Policies tabs. 4. In the results pane. Demonstration steps 1. and cannot be used to configure the server settings. In the Exchange Management Console. In the owa (Default Web Site) Properties dialog box. and then click Client Access. 3. In the Exchange Management Console. In the results pane. point to All Programs. These settings configure the Client Access server settings for the Client Access server virtual directories. and then click Client Access. expand Server Configuration. click Start. 4. Click the System Settings tab. In the left pane. These properties display information only. ensure that VAN-EX1 is selected.com). click OK. These tabs display information only. Notice that Exchange defines a default policy. expand Server Configuration. On this tab.adatum. In the details pane. After you have reviewed these settings. After you have reviewed these settings. and then click Properties. and then click Client Access. On this tab. expand Microsoft Exchange On-Premises (vanex1. click the Exchange ActiveSync Mailbox Policies tab. You apply settings to all Client Access servers and mailboxes while in the Organization Configuration node. you can configure the settings that are specific to each Client Access server. review the settings available on each of the tabs. Open the Exchange Management Console. Notice that Exchange defines a default policy. you can define Outlook Web App Mailbox policies that will configure the user experience with Outlook Web App. In this area. . In the details pane. which it does not assign to any users. expand Organization Configuration. Examine the properties of one of the listed Client Access servers. 7. 5. and then click Exchange Management Console. click Microsoft Exchange Server 2010. expand Organization Configuration. click the Outlook Web App Mailbox Policies tab. 2.4-4 Configuring. In the left pane. 2. You apply client access settings to all Client Access servers and mailboxes while in the Organization Configuration node. and in the Actions pane. expand Microsoft Exchange On Premises. In the details pane. click Properties. right-click owa (Default Web Site). 5. 6.

12. click Finish. To enable the CA to issue these certificates. 3. 7. configure the certificate request to include Outlook Web App on the Internet and Intranet. and then click the POP3 and IMAP4 tab. On the Certificate Completion page.Managing Client Access 4-5 8. On the Introduction page. and then restart the Certificate Services. 9. accept the names that will be added to the certificate request. 9. open the Exchange Management Console. 13. In the Exchange Management Console. click the New button. In the Actions pane. 4. Click the Exchange Control Panel tab. After the certificate has been issued. . Click the Browse button to select a location for the certificate request file. click Assign Services to Certificate. enter information about your Exchange organization. Import the certnew. so you will need to modify the server configuration. and configure the external domain name for Client Access servers in the organization. select Server Configuration. select Server Configuration. 2. and then double click ecp (Default Web Site). This wizard helps you determine what type of certificates you need for your Exchange organization. In the Actions pane. On the Completion page. complete the certificate installation process. click New Exchange Certificate to open the New Exchange Certificate Wizard. In this dialog box. In each of these locations. Run the certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2 command. perform the following steps: 1. In the Actions pane. On the Domain Scope page. Demonstration: How to Configure Certificates for Client Access Servers Detailed demonstration steps Demonstration steps By default. Exchange ActiveSync and Autodiscover. After you have reviewed these settings. Provide the certificate request file to your CA. and then click Client Access. 14. 5. If it is. On the Certificate Domains page. 16. On the Organization and Location page. 6. verify that all the information you have entered is correct. click OK. In the Exchange Server. 10. enter a user-friendly name for your certificate. 8. click the Offline Address Book tab. click Complete Pending Request. and enter the desired file name. On the Exchange Configuration page. do not select the Enable wildcarding for this certificate check box. you can configure the Exchange Control Panel (ECP) virtual directory settings for this server. 11.cer file. Click Configure External Client Access Domain. 15. you can configure the Client Access serverspecific settings. the Windows Server 2008 Certification Authority does not issue certificates with multiple subject alternative names. Click the Exchange ActiveSync tab.

Assign the certificate to Internet Information Services on VAN-EX1. and Autodiscover). click Start. Outlook Anywhere. double-click owa (Default Web Site). 6. 18. click Server Configuration. type net stop certsvc & net start certsvc. You can select the Enable wildcarding for this certificate check box. 7. 16. and then press ENTER. 17. click both VAN-EX1 and VAN-EX2. click Yes.com as the domain name. (Web Services. type cmd. In the Actions pane.Adatum. if required. in the search box. Expand Client Access server.adatum. This wizard helps you determine what type of certificates you need for your Exchange organization. 11. By default.4-6 Configuring. then click OK. and enter a root domain if you would like to apply the certificate automatically to all subdomains by creating a wildcard certificate. and Troubleshooting Microsoft® Exchange Server 2010 17. ensure that VAN-EX1 is selected. and then click OK. On the Domain Scope page. In the left pane. and then click Client Access. type the following command. Demonstration steps 1. and then select the Exchange Active Sync is enabled check box. click Server Configuration. and then click Next. and then press ENTER: certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2 At the command prompt. In the Microsoft Exchange dialog box or boxes. 14. type mail. On VAN-DC1.owa. 2. 8. In the left pane. 12. At the command prompt. Managing. and then select both the Outlook Web App is on the Intranet and Outlook Web App is on the Internet check boxes. click Configure External Client Access Domain.exe.com. so we need to modify the server configuration. . click New Exchange Certificate to open the New Exchange Certificate Wizard. On the Configure External Client Access Domain page. On the Exchange Configuration page. In the Actions pane. 5. open the Exchange Management Console. 10. 3. Click Configure. and then press ENTER.com as the external host name. and then in the results pane. press Ctrl. On VAN-EX1. Expand Client Access server (Exchange ActiveSync). In the Select Client Access Server dialog box. 9. Enter mail. On the General tab.adatum. verify that the External URL field has been changed to https://mail. 15. 13. This dialog box appears when the name that you are configuring as the external client access domain name cannot be resolved in DNS. the Windows Server 2008 CA does not issue certificates with multiple subject alternative names. expand Client Access server (Outlook Web App). click Next. In the results pane. Click Finish. You can use this feature to configure the external domain name for Client Access servers in the organization. On the Introduction page. and then click Add. 4. type ADatum Mail Certificate as the friendly name for the certificate.

Ensure that the Autodiscover used on the Internet check box is selected. 37. click All Programs. click Ctrl-A to select all the text. and then click OK. In the Windows dialog box. and then click Internet Explorer. On the Organization and Location page. In the Open with dialog box. In the Certificate Template list. click Web Server. 35.req. Log on as Adatum\administrator using the password Pa$$w0rd. click advanced certificate request. click Next. 41.com/certsrv. Click Next. click in the Saved Request field. 20. click Notepad. and then click Finish. click Save. and then click Save. In the Certificate dialog box. and then click Next. or submit a renewal request by using a base-64encoded CMC or PKCS#7 file. 24. click Save. 38. 36.req – Notepad window. and then click OK. In the Download complete dialog box. 25. 26. click Subject Alternative Name. Right-click CertRequest. 29. 30. click Select a program from a list of installed programs. and then click OK. click New.Managing Client Access 4-7 19. On the Request a Certificate page. type CertRequest as the File name. Click Start. The process for saving the file may take more than a minute. 27. On the Submit a Certificate Request or Renewal Request page.adatum. Close Notepad. Connect to http://van-dc1. 21. and that the Long URL option is selected. On the Certificate Issued page. 23. . In the Save As dialog box. 31. Click the Folder icon on the task bar. and then press CTRL+V to paste the certificate request information into the field. On the Certificate Domains page. On the Advanced Certificate Request page. and then click Documents. 39. click Submit a certificate request by using a base-64-encoded CMC or PKCS#10 file. 33. In the File Download dialog box. In the CertRequest. 28. 40. and then click Open. on the Details tab. Verify that the certificate includes several subject alternative names. click Download certificate. enter the following information: • • • • • Organization: A Datum Organizational Unit: Messaging Country/region: Canada City/locality: Vancouver State/province: BC 22. click Open. 34. and then click Ctrl-C to save the text to the clipboard. click Request a certificate. On the Welcome page. Click Browse. 32. and then click Submit.

select the Internet Information Services check box. Click certnew. and then click Finish. and in the Actions pane. 51. Managing. and then click Finish. click Adatum Mail Certificate. . click Downloads. 50. On the Select Servers page.4-8 Configuring.cer and click Open. Under Favorites. On the Select Services page. click Adatum Mail Certificate. click Assign Services to Certificate. In the Actions pane. In the results pane. verify that VAN-EX1 is listed. and Troubleshooting Microsoft® Exchange Server 2010 42. click Next. click Complete Pending Request. Under VAN-EX1. On the Complete Pending Request page. 49. 45. 48. 43. and then click Next. click Browse. In the Exchange Management Console. 46. click Server Configuration. 47. click Assign. In the bottom pane. click VAN-EX1. Click Complete. 44.

Managing Client Access 4-9 Lesson 2 Configuring Client Access Services for Outlook Clients Contents: Question and Answers Additional Reading Detailed Demo Steps 10 11 12 .

and Troubleshooting Microsoft® Exchange Server 2010 Question and Answers Demonstration: How to Configure MailTips Question: Will you leave MailTips enabled in your organization? How will you modify the default configuration? Answer: Answers will vary.4-10 Configuring. Some organizations will leave the default configuration. . Managing. or modify one or more of the specific MailTips. Other organizations may choose to disable MailTips.

Managing Client Access 4-11 Additional Reading What Is Autodiscover? • • Automatically configure Office Outlook 2007 user accounts Autodiscover Response .

2. type Set-OrganizationConfig –MailTipsLargeAudienceThreshold 10.adatum. point to Microsoft Exchange Server 2010. click Paul. and then click OK. and then press ENTER. click To. Open Internet Explorer. At the PS prompt. MailTipsAllTipsEnabled. Use the Set-OrganizationConfig –MailTipsLargeAudienceThreshold 10 cmdlet to modify the large distribution group threshold setting. Press CTRL+K. type Set-DistributionGroup Marketing –MailTip ’The marketing team will be at a conference till next week. Indicates that MailTips are enabled for the organization. and then press ENTER. At the PS prompt.‛ cmdlet to configure a custom MailTip. and then click Exchange Management Shell. 7. Type Set-OrganizationConfig. . In Exchange Management Shell. and then press ENTER. Verify that the MailTip appears indicating that Anna does not have permission to send to this user.4-12 Configuring. In the Untitled Message dialog box. MailTipsMailboxSourcedTipsEnabled. On VAN-EX1. click To. Indicates that internal MailTips are enabled. Log on to Outlook Web App. MailTipsExternalRecipientsTipsEnabled. and connect to https://VAN-EX1. At the PS prompt.’. point to All Programs. 9. use the Get-OrganizationConfig cmdlet to review the default configuration for MailTips. 4. type Get-OrganizationConfig. Use the Set-DistributionGroup Marketing –MailTip ’The marketing team will be at a conference till next week. At the PS prompt. 6. 3. type Get-DistributionGroup ’Marketing’ | FL MailTip*. Indicates that external recipient MailTIps are enabled MailTipsLargeAudienceThreshold. Prepare test messages to verify that the default and custom MailTips work as expected. 10. Verify that the custom MailTip has been configured. 8. Click New to create a new message. 2. Log on to Outlook Web App as Adatum\Anna using the password Pa$$w0rd. 5. Defines the minimum size for a distribution group before the MailTip will be triggered. Verify that the large audience threshold has been updated. click Start. and then press ENTER. Demonstration steps 1. and Troubleshooting Microsoft® Exchange Server 2010 Detailed Demo Steps Demonstration: How to Configure MailTips Detailed demonstration steps Demonstration steps 1. Review the settings for the following values: • • • • 3. 4.com/owa. and then press ENTER. Managing.

and then press CTRL+K. Click Connection Status. 6. 4. and then click Server Manager. 7. . 2. 8. point to Administrative Tools. using a host name that is resolvable from the Internet. On VAN-EX1. 9. verify that the RPC over HTTP Proxy feature is installed. complete the following information: • • • • • Use the URL (https://): external host name for the Client Access server. use the following cmdlet to review the Autodiscover configuration: Get-ClientAccessServer –id VAN-EX1 | FL 2. connect using HTTP first. Press and hold the CTRL key. Confirm that the Conn column lists HTTPS as the connection method. 3.Managing Client Access 4-13 11. connect using HTTP first. In the To box. and then press ENTER. On the Client Access server. open Outlook and connect to the server.xml.com/Autodiscover/Autodiscover. In the Exchange Management Shell. in Internet Information Services (IIS) Manager. type Get-ClientAccessServer –id VAN-EX1 | FL. Click Remove Recipient. verify that the RPC virtual directory is configured to use SSL and that it is configured to accept Basic and Windows Authentication. click Enable Outlook Anywhere. From the client. type Marketing. configure the Outlook account properties to Connect to Microsoft Exchange using HTTP. Confirm that the Custom MailTip for the Marketing distribution list appears. click Start. In the Features list. verify that the RPC over HTTP Proxy feature is listed. On the Client Access server. In the Microsoft Exchange Proxy Settings dialog box. open the Exchange Management Shell. On VAN-EX1. Click Features. On the client computer. then connect using TCP/IP: enable (default) Proxy authentication setting: NTLM Authentication (default) 5. Connect using SSL only: enable (default) On fast networks.adatum. and then right-click the Office Outlook icon in the Windows 7 operating system notification area. Click Test E-mail AutoConfiguration. and then click the Outlook icon in the notification area of the Windows task bar. Demonstration: How to Configure Outlook Anywhere Detailed demonstration steps Demonstration steps 1. 12. 10. 3. Click Test. then connect using TCP/IP: enable On slow networks. Demonstration steps 1. View the information displayed on both the Results and Log tabs. 4. Press and hold Ctrl. and then click Exchange Proxy Settings. On the Client Access server. On the Client Access server. in Exchange Management Console. Confirm that the AutodiscoverServiceInternalUri parameter is configured to use https://VAN-EX1.

On the Completion page. In the Mail Setup . Expand VAN-EX1 (ADATUM\administrator).adatum. Under Client authentication method. in the IIS section. complete the following information: • • • • • Use this URL (https://): VAN-EX1. select Connect to Microsoft Exchange using HTTP. In the Microsoft Exchange dialog box. 11. 15. in the External host name field. double-click SSL Settings. Click VAN-EX1. In the Microsoft Exchange Proxy Settings dialog box. and then click Enable. open the Exchange Management Console. then connect using TCP/IP: enable On slow networks. If you receive a warning that Microsoft Exchange is not available.com. 7. and then click Rpc. and then click Client Access. 21. type Mail. and then double-click Authentication. and then click Open. and then click Internet Information Services (IIS) Manager.Outlook dialog box. Close Internet Information Services (IIS) Manager. Note: You can continue with the following steps while VAN-EX1 restarts. on the Connection tab. and then click Exchange Proxy Settings. and in the Actions pane. On the Enable Outlook Anywhere page.com Connect using SSL only: enable (default) On fast networks. Right-click Mail. On VAN-CL1. In the Exchange Management Console. click Finish. click NTLM authentication. 13. 10. 18. and restart VAN-EX1. Close all open windows. 19. ensure that you are logged on as Adatum\Luca. click Enable Outlook Anywhere. Managing. In the E-mail Accounts dialog box. Ensure that Basic Authentication and Windows Authentication are enabled. Click Rpc. connect using HTTP first. 12. 17. 9. 6. click More Settings. click Work Offline 20. Ensure that the Require SSL check box is selected. click Microsoft Exchange. expand Default Web Site. In the Search field. 16. and Troubleshooting Microsoft® Exchange Server 2010 5. expand Sites. connect using HTTP first. 22. and then click Change. and then click Control Panel. click E-mail Accounts. On the Microsoft Exchange Settings page. 14. 8. Click Start. then connect using TCP/IP: enable (default) Proxy authentication setting: NTLM Authentication (default) .4-14 Configuring. Click Start.adatum. On VAN-EX1. point to Administrative Tools. expand Server Configuration. In the center pane. type Mail.

When you use this configuration. On VAN-CL1. and then right-click the Office Outlook icon in the Windows 7 notification area. and it uses HTTP only for external networks. Confirm that the Conn column lists HTTPS as the connection method. click Close. . click Finish. 24. click Next. In the Password field. If a Microsoft Office Outlook dialog box appears. click Microsoft Office. Click the Log tab to view how the client completed Autodiscover. You may need to click the arrow in the Windows 7 notification area to view the Office Outlook icon. 33. On the Microsoft Exchange Settings page. 29. and then click Close. View the information displayed on the Results tab. Wait until VAN-EX1 restarts. Close Microsoft Outlook. 28. 25. 37. Guessmart is used to automate the process of configuring Outlook 2010 as an IMAP4 or POP3 client. Click Test. On the Change E-mail Account page. Press and hold CTRL. click Start. 34. 26. you are configuring the Outlook client to try HTTP first for all connections to the Exchange Server. you typically would select the option to connect first using HTTP on slow networks. Click OK. However. 30. click All Programs. in a production environment. Close the Test E-mail AutoConfiguration dialog box. On the E-mail Accounts page. and then log off VAN-CL1. 31. 35. and then click OK again to close the Microsoft Exchange Server dialog box. 32. Click Test E-mail AutoConfiguration. the client uses RPC connections for the internal network. and then log on as Administrator using the password Pa$$w0rd. Verify that the Office Outlook connection indicator states Online with Microsoft Exchange. Press and hold Ctrl. 39. type Pa$$w0rd.Managing Client Access 4-15 Note: In this demonstration. click No. 38. 23. Clear the Use Guessmart and Secure Guessmart Authentication check boxes. 36. and then click Microsoft Office Outlook 2007. and then click the Outlook icon in the notification area of the Windows task bar. and then again click Close to close the Mail Setup Outlook dialog box. 27. Click Connection Status.

and Troubleshooting Microsoft® Exchange Server 2010 Lesson 3 Configuring Outlook Web Access Contents: Question and Answers Detailed Demo Steps 17 18 .4-16 Configuring. Managing.

. Question: When would you use Outlook Web App instead of Outlook or Windows Mail? Answer: Outlook Web App is primarily targeted at remote users rather than mobile users. including public-access computers at trade shows. hotels. and internet cafes.Managing Client Access 4-17 Question and Answers What Is Outlook Web App? Question: What is Outlook Web App for Exchange Server 2010? Answer: Outlook Web App allows users to access their mailboxes using a Web browser. Question: What are the benefits of Outlook Web App? Answer: Users can access their mailboxes using Outlook Web App from any computer with a Web browser. Mobile users are more likely to need cached messages and offline access to their mailboxes.

Use the Set-OwaVirtualDirectory -identity “Owa (Default Web Site)“ FilterWebBeaconsAndHtmlForms ForceFilter cmdlet to block all Web beacons. Use the set-owavirtualdirectory ’owa (Default Web Site)’ –GzipLevel Off. 11. In the Exchange Management Console. Click Adatum. Click OK. and Troubleshooting Microsoft® Exchange Server 2010 Detailed Demo Steps Demonstration: How to Configure Outlook Web App Detailed demonstration steps Demonstration steps 1. 2. In the console tree. 4. and in the result pane. 10. and then close Internet Information Services (IIS) Manager. 3. and in the Actions pane. type https://van-ex1. expand Sites. click Close. and is using the correct server certificate.xls. and then click Internet Information Services (IIS) Manager. on the owa (Default Web Site) Properties.com/owa. In the Exchange Management Shell. right-click owa (Default Web Site).adatum. and under IIS. Under Sites. Demonstration steps 1. select VAN-EX1. . expand Server Configuration. On VAN-EX1. Verify that the SSL certificate used for the OWA site is the certificate that you obtained in the earlier demonstration. cmdlet to disable Gzip compression for Outlook Web App. and then click Browse. 12. expand Default Web Site. 3. and then click Properties. In the center pane. 4.4-18 Configuring.xls extension to be saved to disk before they can be opened. Notice that SSL is required by default. 6. use the set-owavirtualdirectory ’owa (Default Web Site)’ –ForceSaveFileTypes . click Start. click Bindings. 8. Click the Authentication tab. ensure that the Outlook Web App virtual directory is configured to use SSL.com. click Default Web Site. configure the external URL with the required authentication and segmentation settings. 5. and then click Edit. double-click SSL Settings. Under Logon Format. point to All Programs. and then click OK. and then click Exchange Management Console. and then click owa. In the work pane. point to Administrative Tools. expand Microsoft Exchange On-Premises. 9. click https. Click Start. click User name only. 14. Managing. click Microsoft Exchange Server 2010. 7. and verify that Use forms-based authentication is selected. and then click Client Access. 5. On the General tab. cmdlet to force attachments with an . in the External URL box. In the Site Bindings dialog box. On the Client Access server. Expand VAN-EX1 (ADATUM\Administrator). 13. 2.

if . and then press ENTER. BlockedMIMETypes. rather than view from a Web browser. In the Exchange Management Shell. 21.doc files will be allowed.you configure the doc files as both a blocked file type and an allowed file type. File attachment control settings include: • ActionForUnknownFileAndMIMETypes. Specifies how to handle files that are not included in other file access management lists. ForceSaveMIMETypes. Specifies the file extensions of attachments that the user is forced to save locally. the following precedence applies: Allow overrides Block. and then press ENTER. Specifies the MIME types of attachments that users can save locally. type set-owavirtualdirectory ’owa (Default Web Site)’ – ForceSaveFileTypes .xls. Gzip compression improves performance over slow network connections by compressing content. or view from a Web browser. The default value is Low. or view from a Web browser. 18. AllowedMIMETypes.xls extension to be saved to disk before they can be opened. 20. and Force Save. Additional valid values for the GzipLevel options are High and Low. The possible values for FilterWebBeaconsandHtmlforms are as follows: • UserFilterChoice. this value blocks Web beacons and HTML forms. Specifies the file extensions of attachments that are blocked. click Microsoft Exchange Server 2010. Click the Segmentation tab. and then click Disable. BlockedFileTypes. or force saved. Specifies the MIME types of attachments that the user is forced to save locally. Type set-owavirtualdirectory ’owa (Default Web Site)’ –GzipLevel Off. read the Microsoft Exchange Warning dialog box. blocked. rather than view from a Web browser. The Segmentation tab allows you to enable and disable features for Outlook Web App users. Click OK. ForceSaveFileTypes. Any existing ForceSaveFileTypes are overwritten. AllowedFileTypes. 16.Managing Client Access 4-19 15. Type Set-OwaVirtualDirectory -identity “Owa (Default Web Site)“ FilterWebBeaconsAndHtmlForms ForceFilter. . By default. The attachment control settings for file types and MIME types can be configured by using the Set-OwaVirtualDirectory cmdlet. Specifies the MIME types of attachments that are blocked. This command disables Gzip compression for Outlook Web App. and then click Exchange Management Shell. click All Address Lists. • • • • • • Note: In cases where there is a conflict between management settings for file access. 19. For example. but lets the user allow Web beacons and HTML forms on individual messages. This allows the logon and segmentation changes to take effect. Files can be allowed. 17. Click Start. Specifies the file extensions of attachments that the user is allowed to save locally. and then click OK. Type IISReset /noforce. . point to All Programs. and then press ENTER. Block overrides Force Save. This command forces attachments with a . Implementing Gzip compression may slow server performance due to increased CPU utilization. and then press ENTER.

In the list of features. Click New. double-click Paul West. Click Start. and then click Properties. in the Organization Configuration node. On the Public Computer File Access tab. 2. 22. and then click Internet Explorer. and then press ENTER. On the Mailbox Features tab. Close the Exchange Management Shell. 11. Demonstration Steps 1. and Troubleshooting Microsoft® Exchange Server 2010 • • ForceFilter. 16. 5. type https://VAN-EX1. click Client Access. Select the Outlook Web App mailbox policy check box. click Microsoft Exchange Server 2010. Right-click Marketing Policy. you can configure additional settings by accessing the policy properties. 3. In the address field. Demonstration: How to Configure Outlook Web App Policies Detailed demonstration steps Demonstration steps 1. . click Start. 13. Type IISReset. 4. and then click OK. On VAN-EX1. 14. and then click Client Access. This value blocks all Web beacons and HTML forms. point to All Programs. 17. This value allows Web beacons and HTML forms. clear all check boxes. In the Mailbox list. click New Outlook Web App Mailbox Policy. 7. 2. Expand Organization Configuration. click Mailbox. 5. and test the policy application. type Marketing Policy as the policy name. 4. and configure the policy settings. 10.com/owa. Under Recipient Configuration. and then click OK three times. 23. Click Marketing Policy. 12. click Change Password. DisableFilter. 3. 9. 8. 15. click All Programs. On the Private Computer File Access tab. Managing. click Outlook Web App. After creating the policy. In Exchange Management Console. and then click Finish. Click New Outlook Web App Mailbox Policy. In the New Outlook Web App Mailbox Policy page. Log on to Outlook Web App as the user. and then click Properties.4-20 Configuring. Log on to Outlook Web App as Adatum\Paul using the password Pa$$w0rd. Provide a name for the policy.Adatum. and then click Browse. clear all check boxes. 6. Assign the policy to a user account by accessing the Outlook Web App properties on the Mailbox Features tab. In the Actions pane. and then click Exchange Management Console. and then click Disable. and then press ENTER.

log on as Adatum\Paul using the password Pa$$w0rd. expand Default Web Site. In the center pane. click Settings. expand Sites. Notice that you do not have the option to change the user password. In the address field. On the Account tab. Click OK. Notice that SSL is required by default. and then click Internet Information Services (IIS) Manager. point to All Programs. 3. 15. review the settings for the ecp (Default Web Site) virtual directory on each Client Access server. review the settings for the ecp virtual directory. and in the Work phone field. and then click Client Access. 3. In the work pane. click Contact Numbers. Click Save. and view delivery reports. On the Organize E-Mail tab. 2. and then click ecp. Expand VAN-EX1 (ADATUM\Administrator). and review the settings that can be modified by the user. 20. expand Server Configuration. Close Internet Explorer. and then click Properties. 9. As a user. On the Outlook Web App page. . and in the result pane. 7. click All Programs.com/ecp. and then click Exchange Management Console. In the left pane. click Organize E-Mail. 4. click the Exchange Control Panel tab. 11. 4. type https://van-ex1. 12. Log on to the ECP. click Start. users can configure Inbox Rules. and verify that the updated phone number is listed. access the ECP by opening Internet Explorer. click Options. Click Start. 6. type 5555555. double-click SSL Settings. click Start. type https://VAN-EX1. 14. Click the Authentication tab. 5. In the left pane. point to Administrative Tools. in the External URL box. in IIS Manager. Demonstration steps 1.Adatum. and then press ENTER. This URL should match the URL used on the OWA virtual directory. select VAN-EX1. 2. Log on to the ECP as Adatum\Luca using the password Pa$$w0rd. 19. In the console tree. Right-click ecp (Default Web Site). In the Exchange Management Console. On the Client Access server. If prompted for authentication. 13. Close Internet Information Services (IIS) Manager. Demonstration: How to Configure User Options Using the ECP Detailed demonstration steps Demonstration steps 1. On VAN-EX1. and verify that Use forms-based authentication is selected. and accessing https://servername/ecp. On VAN-EX1.adatum. and then click Internet Explorer. On the General tab.Managing Client Access 4-21 18. 10. and under IIS. click Edit. 8.com/owa. click Microsoft Exchange Server 2010.

click Groups. In the left pane. On the Settings tab. click Block or Allow. Managing. 20. 19. In the left pane. Close Internet Explorer. click Phone. users can view the groups to which they belong and manage any groups that they own. users can configure their Junk e-mail settings as well as edit their safe recipients list. . users can configure several options for sending and managing e-mail and calendaring. On the Phone tab. In the left pane. 18.4-22 Configuring. On the Groups tab. click Settings. users can manage their own mobile devices that have synchronized with Exchange Server 2010. 17. In the left pane. and Troubleshooting Microsoft® Exchange Server 2010 16. On the Block or Allow tab.

Managing Client Access 4-23 Lesson 4 Configuring Mobile Messaging Contents: Question and Answers Additional Reading Detailed Demo Steps 24 25 26 .

Question: How do you use address lists in your organization? Answer: Answers will vary. or sales. and Troubleshooting Microsoft® Exchange Server 2010 Question and Answers Discussion: Reasons for Configuring Address Lists Question: What are the reasons for creating multiple address lists? Answer: Although the answers may vary. Question: How do you use a recipient filter and Active Directory attributes to create address lists? Is the necessary information already in Active Directory accounts? Answer: Answers will vary. you might organize room mailboxes by physical location. You may need recipient filters to create address lists for individual buildings. marketing. address lists could be based on country. Recipient filters are a flexible way to create address lists.4-24 Configuring. A large company may want to create separate address lists for departments such as accounting. city. common reasons are: • • • Geographic organization. depending on the organization. Typically. but Exchange Server 2010 does not support them through the GUI. state. users are organized by department or physical location. Departmental organization. Recipient type organization. Managing. or building. If a company has multiple physical locations. The necessary information may not be in Active Directory accounts. . To make booking meeting rooms easier.

Managing Client Access 4-25 Additional Reading Options for Securing Exchange ActiveSync • • Sample: How to add root certificates to Windows Mobile 2003 and Windows Mobile 2002 Smartphones System Center Mobile Device Manager TechCenter .

6. expand Sites. expand Server Configuration. You are disabling SSL only because the mobile emulator does not trust the server certificate.4-26 Configuring. click Microsoft Exchange Server 2010. Caution: In a production environment. and then click Exchange Management Console. Synchronize the device. and respond to the message. 2. configure authentication and remote file server settings on the Microsoft-Server-ActiveSync virtual directory. On VAN-EX1. Managing. Notice that SSL is required by default. and Troubleshooting Microsoft® Exchange Server 2010 Detailed Demo Steps Demonstration: How to Configure Exchange ActiveSync Detailed demonstration steps Demonstration steps 1. 4. double-click SSL Settings. Test ActiveSync by sending a message from another user to the user logged on to the mobile device. point to Administrative Tools. You are disabling SSL only because the mobile emulator does not trust the server certificate. expand Microsoft Exchange On-Premises. and then click Apply. On the Client Access server. In the console tree. 5. In mobile device emulator. Expand VAN-EX1 (ADATUM\Administrator). 3. In the center pane. . start ActiveSync. in IIS Manager. Clear the Require SSL check box. 5. and then click Internet Information Services (IIS) Manager. expand Default Web Site. In Exchange Management Console. and then click Microsoft-Server-ActiveSync. Close Internet Information Services (IIS) Manager. 4. 3. point to All Programs. Click Start. configure the network settings so that the emulator can communicate with the Client Access server. click Start. and then configure the emulator to connect to the Client Access server using an account that is enabled for Exchange ActiveSync. Demonstration steps 1. you should require SSL for the Exchange ActiveSync virtual directory. Verify that the message arrives. and under IIS. clear the option to require SSL for the Exchange ActiveSync virtual directory. you should require SSL for the Exchange ActiveSync virtual directory. 2. 6. and then click Client Access. On the mobile device emulator. Caution: In a production environment.

type VAN-EX1. click Calendar. Click the Connections tab. 24. click WM 6. In the ActiveSync message window. in the WM 6. 17. On the Name Servers tab. and then click Next.0 default gateway: 10. 26. and then click Properties. click VAN-EX1. 22.0. in the upper-right corner. and then click OK. click OK.10. 23. and are used for synchronizing file attachments. In the result pane.10. In the Choose the data you wish to synchronize box. type 10. type Scott in the User name field.com.adatum. Click the Authentication tab. The options on this tab are the same as the Remote File Servers settings for accessing attachments using Outlook Web App. 21. On the Configure Network Adapters page. 16. 14. Click the Remote File Servers tab. and then click Configure. because SSL would normally be used to secure the credentials in transit. Adatum in the Domain field.0. 9. click Programs. On the User Information page.255. Click Use specific IP address. and then type the following settings: • • • IP address 10. In Windows Mobile 6 Professional.1.0. 15. Review the information on the General tab. click Start.0. . On the Enter Email Address page. 13.4 Professional window. in the Email address box. and then click NE2000 Compatible Ethernet Driver. click File.4 Professional. On the Edit Server Settings page. click Start. 10. and then click ActiveSync. type ScottMacdonald@adatum. click All.com.1.70 subnet mask 255. and then clear the This server requires an encrypted (SSL) connection check box. and then click Next. click Windows Mobile 6 SDK. However. Close the Settings window. While the emulator is booting. Read the ActiveSync information. 20. click Standalone Emulator Images. and then. Click OK. In the Synchronize only the past list. 11. type Pa$$w0rd in the Password field. click The Internet. 12.1 19. and then click OK twice. 25. 18. in the Server Address field.1. On VAN-CL1. and then click the set up your device to sync with it link. Right-click Microsoft-Server-ActiveSync. and then click Settings. The device will attempt to use Autodiscover to configure the user settings. click OK. and in the work pane. This is acceptable. click Start.10 as the DNS server address. and then click Settings. point to All Programs. Notice that Basic authentication is enabled. and then double-click Network Cards.10. On the Network tab. 28. and then click Next. select the Enable NE2000 PCMIA network adapter and bind to check box. 27. click the Exchange ActiveSync tab. and then click Settings. In the Choose the data you wish to synchronize box.Managing Client Access 4-27 7. under My network card connects to. and under US English. In the WM 6. these options are independent of the Remote File Servers settings for accessing attachments using Outlook Web App. click E-mail.4 Professional window. 8.

In the message body. expand Organization Configuration. click Exchange ActiveSync. 41. Assign the appropriate Exchange ActiveSync policy. Open the message from the Inbox. Click New. and then in the upper-right corner. Confirm that the policy is being applied to the user. and then press CTRL+K to resolve the name. view the notification stating that a new message has arrived. Wait until the device finishes synchronizing. 3. 4. and then confirm that the message from Scott was received. Demonstration: How to Configure Exchange ActiveSync Policies Detailed demonstration steps Demonstration steps 1. and then click Properties. in Outlook Web App. on VAN-EX1. Calendar. 32. Demonstration steps 1. open Internet Explorer. Confirm that the Contacts. E-mail. open the Exchange Management Console. 3. In the ActiveSync dialog box. Log on as adatum\Wei using the password Pa$$w0rd. In the console tree. Access a user mailbox’s properties. and then click Finish. if required. click OK. After creating the policy. type Scott. Managing. On VAN-EX1. After synchronization is complete. triggered by the arrival of a message in Scott’s mailbox. 35. 2. 2. 31. In the Exchange Management Console. type Test Reply.adatum. access the Organization Configuration node. At the bottom of the Today screen. In the Subject line.com/owa. 4. 39. 38. 33. On VAN-EX1. In the Download the past list. and then configure the available settings. and connect to https://van-ex1. in the To field. In the Actions pane. 5. 36. click New Exchange ActiveSync Mailbox Policy. and Troubleshooting Microsoft® Exchange Server 2010 29. access the policy properties and configure the additional settings. 34. Close the Programs window. In the Mailbox policy name box. type EAS Policy 1. 37. click OK. Wait for the Windows Mobile device to complete synchronization. 40. type Test Message from Wei. type Testing mobile messaging. click the Check Messages icon or press F5 to refresh the screen. 30. and then click Client Access. and then click Send. Click the notification and click View. and Tasks check boxes are selected. On VAN-CL1. wait for a minute and then notice the animated Synchronization arrows indicating that the device is synchronizing automatically. On the Mailbox Features tab. . and then click Send. and then click Client Access. Create New Exchange ActiveSync Mailbox Policy. In the message body. click the X in the upper-right corner to close ActiveSync.4-28 Configuring. and then. Click Reply at the bottom of the message window. click All. in Windows Mobile 6 Professional.

23. 6. Select the Require password check box. review the configuration options. Notice that there is an additional password option list here—Number of failed attempts allowed— that was not available when creating the mobile mailbox policy. In the result pane. As a user. and then click OK. and click Send/Receive. There also are additional password requirements you can enable. . and then click OK. This option is required for mobile devices to synchronize attachments and store them locally on the device. In the Password and the Confirm Password fields. In the console tree. click Exchange ActiveSync. Click New to create the mobile mailbox policy. 16. Any mailboxes without a password cannot be synchronized to a mobile device when this option is enabled. On VAN-CL1. click Browse. and then click OK. review the configuration options. right-click Scott MacDonald.Managing Client Access 4-29 5. On the Device tab. Notice the Exchange Management Shell command that was used to create the new mobile mailbox policy. 8. 17. Confirm that the Allow attachments to be downloaded to device option is selected. On the Sync Settings tab. type 12345. Log on and access the Phone tab on the user Properties page. 24. and then click Mailbox. This forces all accounts that synchronize. review the configuration options. 10. In the Exchange ActiveSync Properties dialog box. 9. Read the completion summary. Demonstration: How to Manage Mobile Devices Detailed demonstration steps Demonstration steps 1. Select the Enable password recovery check box. Click OK twice to save and apply the changes. Notice that the General tab has additional options: 11. connect to the ECP site on a Client Access server. or click Menu. 2. and then click Properties. and then click Finish. To implement these settings. Right-click EAS Policy 1. This password option wipes the device of all data after the specified number of failed attempts. wait for ActiveSync to synchronize. Select EAS Policy 1. and then click Properties. 19. and then click Properties. This will enable users to recover their Windows Mobile password through the ECP. 18. to have a password. On the Other tab. Click the Mailbox Features tab. 15. Click the Password tab. 20. 21. 7. In the Update Required dialog box. 13. On the Device Applications tab. 12. click OK. you must have an Enterprise Client Access License for each mailbox. 14. 22. expand Recipient Configuration. review the options for allowing or blocking specific applications.

wait for the device to synchronize. On VAN-EX1. On the Manage Mobile Phone page. 3. In the result pane. in the Exchange Management Console. 4. click Yes. including wiping the device. Log on as Adatum\Scott using the password Pa$$w0rd. click Perform a remote wipe to clear mobile phone data. On the Windows Mobile 6 Professional window File menu. 5. and then click OK. Notice the PocketPC listed in the Device list. In the action pane. In the Actions pane. and then click Clear. open Internet Explorer. Demonstration steps 1. On VAN-CL1. view the options available to manage the mobile device. You can also force synchronization by opening Exchange ActiveSync. and connect to https://van-ex1. Click Phone. under Recipient Configuration. access the user in the Exchange Management Console Mailbox container. click Manage Mobile Phone. click Scott MacDonald. 6. On the Manage Mobile Device page. and then click Finish. 4.com/ecp. Confirm that the device is wiped. In the action pane. click Mailbox. click Refresh. 9. click Manage Mobile Device. Managing. 2. 5. 8. If the device goes blank. it is rebooting after performing the remote wipe. 11. 10. and then clicking Sync. In Windows Mobile 6 Professional. . and Troubleshooting Microsoft® Exchange Server 2010 3. As an Exchange administrator.4-30 Configuring. 7. In the Microsoft Exchange warning message. click Exit.adatum.

How will you configure the firewall between the Internet and the Client Access server? Answer: You need to enable port 443 access to the Client Access server. Clients receive certificaterelated errors when they connect to the Client Access server. Real-world issues and scenarios 1. This group requires higher security settings. . Common issues related to client connectivity to the Client Access server Identify the causes for the following common issues related to client connectivity to the Client Access server. The Remote Connectivity Anaylzer tool will check information such as DNS records. You need to ensure that when users access their e-mail using Outlook Web App from the Internet. Many components must be functioning to enable connectivity. authentication. they will always connect to the Client Access server in their home office.Managing Client Access 4-31 Module Reviews and Takeaways Review questions 1. You need to ensure that users from the Internet can connect to a Client Access server by using Outlook Anywhere. As a last resort. and Autodiscover. with the exception of the Executives group. Use a tool such as Microsoft Exchange Server Remote Connectivity Anaylzer to identify the issue. Issue Users using Web browsers other than Internet Explorer may have trouble authenticating. your Web browser may not support forms-based authentication or Windows Integrated Authentication. The best way to do this is to obtain a certificate from a trusted Public CA. 2. Troubleshooting tip Although Exchange Server 2010 supports most Web browsers. For answers. certificate issues. What should you do? Answer: You should configure the default Exchange ActiveSync Mailbox policy with the settings for all users. Your organization has two locations with an Internet connection in each location. you can use Basic Authentication with SSL. How will Exchange Server 2010 obtain free\busy information for user mailboxes on the Exchange Server 2003 servers? Answer: The Client Access server will query the Schedule+ Free\Busy folder on an Exchange Server 2003 server. You have deployed an Exchange Server 2010 server in an organization that includes several Exchange Server 2003 servers. and enable access to the \RPC virtual directory. and fill in the troubleshooting tips. Users from the Internet are not able to connect to the Client Access server. Ensure that the certificate configured on the Client Access server is trusted by all clients. 3. You need to ensure that the same Exchange ActiveSync policies are assigned to all users. You should then create a new policy for the Executive group. and assign the policy to all members of the Executive group. refer to relevant lessons in the module.

as well as the Mailbox servers inside the organization. You are planning on enabling Outlook Web App. You plan on requesting a certificate from a Public CA. Managing. The Client Access server must be deployed on the internal network. When one of the Client Access servers shuts down. Where to find it http://go. 2.com/fwlink/?LinkId=179969 Test E-Mail AutoConfiguration Open Outlook. . You have deployed two Client Access servers in the same Active Directory site.microsoft. What should you do? You should configure the Client Access servers in an array to ensure redundancy. if you are enabling Autodiscover to the Internet. rightclick the Outlook connection object. and Exchange ActiveSync access to your Client Access server. 3. and that none of the clients receives errors when they connect to the Client Access server. When designing the Client Access server configuration. The Client Access server role must be installed on a member server. consider the following recommendations: • The recommended processor configuration for Client Access servers is eight processor cores.4-32 Configuring. What should you include in the certificate request? You should request a certificate with multiple subject alternative names so that all client connections are supported using the protocol specific server name. and then click Test E-Mail AutoConfiguration. and Troubleshooting Microsoft® Exchange Server 2010 First. The recommended memory configuration for Client Access server is 2 gigabytes (GB) per processor core. You should deploy at least two processor cores for Client Access servers—even in small organizations—because of the addition of the RPC Client Access service on the Client Access server. ensure that you have configured a DNS host record for each Client Access server using the external URL. configure an external URL for each Client Access server. with a maximum of 8 GB. and it must have access to a domain controller and global catalog server. You want to ensure that all client connections are secure by using SSL. • • • Tools Tool Microsoft Exchange Server Remote Connectivity Anaylzer Use for • Troubleshooting Internet connectivity for messaging clients. • Troubleshooting Outlook Connectivity to the Client Access server. Best practices related to planning the Client Access server deployment Supplement or modify the following best practices for your own work situations. users can no longer access their e-mail. You should also include the Autodiscover in the subject alternative name. and the maximum recommended number of processor cores is 12. The external URL will be the name that the clients use to connect to the server. Outlook Anywhere. you should deploy three Client Access server processor cores in an Active Directory site for every four Mailbox server processor cores. press and hold CTRL. Deploying Client Access servers on a perimeter network is not a supported scenario. As a general guideline. Next.

Administrative Tools .Managing Client Access 4-33 Internet Information Server (IIS) Manager • Configuring SSL settings for Client Access server virtual directories.

and assign the policy to all members of the Executive group. Managing. and enable access to the \RPC virtual directory.4-34 Configuring. Question: You have deployed an Exchange Server 2010 server in an organization that includes several Exchange Server 2003 servers. This group requires higher security settings. Question: You need to ensure that the same Exchange ActiveSync policies are assigned to all users. with the exception of the Executives group. You should then create a new policy for the Executive group. How will Exchange Server 2010 obtain free\busy information for user mailboxes on the Exchange Server 2003 servers? Answer: The Client Access server will query the Schedule+ Free\Busy folder on an Exchange Server 2003 server. and Troubleshooting Microsoft® Exchange Server 2010 Lab Review Questions and Answers Question: You need to ensure that users from the Internet can connect to a Client Access server by using Outlook Anywhere. . How will you configure the firewall between the Internet and the Client Access server? Answer: You need to enable port 443 access to the Client Access server. What should you do? Answer: You should configure the default Exchange ActiveSync Mailbox policy with the settings for all users.

Managing Message Transport 5-1 Module 5 Managing Message Transport Contents: Lesson 1: Overview of Message Transport Lesson 2: Configuring Message Transport Module Reviews and Takeaways Lab Review Questions and Answers 2 7 12 13 .

Managing. and Troubleshooting Microsoft® Exchange Server 2010 Lesson 1 Overview of Message Transport Contents: Question and Answers Detailed Demo Steps Additional Reading 3 4 6 .5-2 Configuring.

Local mail flow. large companies that have centralized their Mailbox servers in a single data center might not use remote mail flow. Refers to e-mail that a Hub Transport server processes in an Exchange Server 2010 organization and then delivers to a mailbox on the same Active Directory site. • • • Question: What type of message-flow scenarios do most organizations implement? Answer: Most organizations implement inbound.Managing Message Transport 5-3 Question and Answers Discussion: Overview of Message Flow Question: What is SMTP? Answer: SMTP is a TCP/IP-based message transfer protocol that governs the exchange of electronic mail between message transfer agents. Many smaller companies do not use remote mail flow. Refers to e-mail that travels from an Exchange Server 2010 organization to the Internet. the server routes it to the Internet. a gateway server. Remote mail flow. outbound. . either directly or through a gateway server. and routes it to the internal Exchange Server 2010 organization. and local mail flow. Outbound mail flow. accepts mail from the Internet. Also. The gateway server can be an Edge Transport server. An organizations typically use remote mail flow only if it has multiple Active Directory sites with Mailbox servers. After a Hub Transport server processes the mail and identifies it as outbound mail. Question: What are the various message-flow scenarios? Answer: There are four message-flow scenarios: • Inbound mail flow. In this scenario. Refers to e-mail that comes into an Exchange Server 2010 organization from the Internet. Refers to e-mail that a Hub Transport server processes in an Exchange Server 2010 organization and then delivers to a mailbox on a different Active Directory site from the source mailbox. which can be an Edge Transport server or a Hub Transport server.

and then press ENTER. 2. and press ENTER. type helo. 5. At the command prompt. Demonstration steps 1. and then double-click Queue Viewer. In the Toolbox pane. explain to students that the connection is working. click Start. 3. 9. from the Toolbox pane in Exchange Management Console. 4. Explain that here the students see the services that the Exchange Server offers. and that the server does respond to our request. expand Microsoft Exchange On-Premises. Type mail from:admin@contoso. 8. Suspend and resume the Submission queue. the STARTTLS indicates that TLS is available for secure communication. type help. point to Accessories. Close Queue Viewer. and press ENTER. point to All Programs. and then press ENTER. At the command prompt. In Exchange Management Console. scroll down to Mail flow tools. Most likely. For example. point to Microsoft Exchange Server 2010. 6. and then click Command Prompt. this indicates that anonymous users are not enabled for this receive connector. On VAN-DC1. and Troubleshooting Microsoft® Exchange Server 2010 Detailed Demo Steps Demonstration: How to Troubleshoot SMTP Message Delivery Demonstration steps 1. type Telnet VAN-EX1 SMTP. 2. which will use port 25. point to All Programs. at the command prompt. 5.5-4 Configuring. You also can tell the students that if the response does not include the information shown. 7. Therefore. Also. To start the Telnet tool. Here we type in SMTP. the connection will be lost and you will receive a “client not authenticated” message. and press ENTER. . This means that the Exchange Server expects authentication before being able to send messages. Type exit. click Start. 4. In Exchange Management Console. it is a firewall issue or the Microsoft Exchange Transport service is not started on the Exchange server. At the command prompt. Once the Exchange server responds. there is something wrong. Managing. and then click Toolbox. type Telnet VAN-EX1 SMTP. and then click Exchange Management Console. start the Queue Viewer tool. You can use the port number or the service name. After you press ENTER. Open the Command Prompt window. 3. and try to send a mail using Telnet.com. On VAN-EX1. Explain that we now will use Telnet to check if the Exchange Server responds correctly. there is no problem with a firewall. Telnet is a tool to directly communicate with an IP port.

Therefore. Close Queue Viewer. 12. Thus. like retry.Managing Message Transport 5-5 Explain that the Queue Viewer tool looks into the message queues of the local server. it remains in the queue until the administrator decides to resume the queue. 10. This will stop the queue so that it delivers no more messages. you can manually stop specific queues on an Exchange Server using the Queue Viewer. If you write a new mail. Right-click Submission queue. 11. . It would be good to have a mail in the queue so you can show the students the error message and also the properties. and then click Resume. you will see immediately if a message is not correctly delivered. and then click Suspend. Right-click Submission queue.

5-6 Configuring. Managing. and Troubleshooting Microsoft® Exchange Server 2010 Additional Reading Tools for Troubleshooting SMTP Message Delivery • • Microsoft Exchange Analyzers Helpfile: Use Telnet to Test SMTP Communication .

Managing Message Transport 5-7 Lesson 2 Configuring Message Transport Contents: Detailed Demo Steps Additional Reading 8 11 .

In Exchange Management Console. click the Message Delivery tab. Demonstration: How to Configure Accepted and Remote Domains Demonstration steps 1. click Start. type Get-TransportServer -I van-ex1 |fl. Click the Remote Domains tab. On the Global Settings tab. expand Server Configuration. expand Microsoft Exchange On-Premises. Click Start. and then click Properties. Click the Accepted Domains tab. and then click Hub Transport. point to All Programs. double-click Transport Settings and review the options on the Message Delivery tab. and then click Exchange Management Shell. 5. 3. Managing. type Get-TransportServer -I van-ex1 |fl. 8. and then click Hub Transport. and then click Hub Transport. and then press ENTER. Click the Limits tab. point to Microsoft Exchange Server 2010. and then press ENTER. 9. if required. right-click VAN-EX1.com. and then click Exchange Management Console. In Exchange Management Console. 4. 6. point to All Programs. In the Hub Transport pane. 5.local as Internal Relay Domain. Open Hub Transport server properties and review the options on the Log Settings tab and Limits tab. and then click Exchange Management Console. click the Log Settings tab. At the command prompt. 7. and Troubleshooting Microsoft® Exchange Server 2010 Detailed Demo Steps Demonstration: How to Configure Hub Transport Servers Demonstration steps 1. if required. In the Transport Settings Properties dialog box. double-click Transport Settings.5-8 Configuring. expand Organization Configuration. Click New Accepted Domain and create an accepted domain for adatum. expand Microsoft Exchange On-Premises. expand Server Configuration. 2. and then click Hub Transport. and then click Hub Transport. and then double-click Adatum. 2. 4. Click OK. and review the default remote domain settings. In Exchange Management Console. . At the Exchange Management Shell command prompt. On VAN-EX1. 3. click Start. 10. In Exchange Management Console. point to Microsoft Exchange Server 2010. expand Microsoft Exchange On-Premises. expand Organization Configuration. Click OK. 2. On VAN-EX1. In Exchange Management Console. 3. Click OK. Demonstration steps 1. In the VAN-EX1 Properties dialog box. Click OK. expand Organization Configuration. point to Microsoft Exchange Server 2010. point to All Programs. On the Global Settings tab. 4.

then click Finish. 4. point to Microsoft Exchange Server 2010. 6. and then click Hub Transport. 7. point to All Programs. 2. double-click Adatum. Click the Finish button.local. In the Remote Domains pane. if required. In Exchange Management Console. Click New Receive Connector and create a Receive connector that allows the anonymous group to send messages. Demonstration: How to Configure SMTP Send and Receive Connectors Demonstration steps 1.com. Demonstration steps 1. in the Name box. if required.com. 9. . type adatum. Click Internal Relay Domain. 3.com. type adatum. explain what the “*” default settings in remote domains means. expand Microsoft Exchange On-Premises. click Start. expand Organization Configuration. In the New Remote Domain window. Demonstration steps 1. In the Accepted Domains pane. Double-click Default. 15. Explain what is required to create a new internal relay domain. In the Actions pane. 13. and then click Hub Transport. and then click Exchange Management Console. Click New. 4. click New Remote Domain. Click Cancel. Click the Remote Domains tab. First. 3. point to All Programs. expand Server Configuration. 10. 12. 14. Click OK. expand Microsoft Exchange On-Premises. and then click Hub Transport. type contoso.com. and then click Exchange Management Console. 8. Click New Remote Domain. double-click contoso. On VAN-EX1. 11. In the New Accepted Domain window. expand Organization Configuration. and in the Domain name box. Click the Accepted Domains tab.Managing Message Transport 5-9 5. In Exchange Management Console. In the Actions pane.local.com. and create a remote domain for contoso. and review the settings available on the default remote domain. type contoso. 2. and then click New. Click the Send Connectors tab and create a New Send Connector. These settings will apply to all messages sent outside the organization. click New Accepted Domain. click Start. point to Microsoft Exchange Server 2010. In Exchange Management Console. 16. in the Name box. On VAN-EX1. and in the Accepted Domain box. 5. Review the configuration options. Click OK.

In the VAN-EX1 pane. and then click Next. expand Organization Configuration. click Internet. 10. In the Select the intended use for this Send connector list. in the Port box. and then click Finish. click New Send Connector. and then click Next. 12. click OK. 6. In the Source Server pane. 17.5-10 Configuring. 8. 9. In the Send Connectors pane. In the Select the intended use for this Receive connector list. 21. type contoso. In the Actions pane. 5. type 2525. In the SMTP Address Space dialog box. 4. Click Cancel. and then click Hub Transport. 15. in the Name box. In the Address space pane. In the New Connector pane. and click Next. 19. In the Edit Receive Connector Binding window. 7. Managing. In the Local Network settings pane. 18. 11. 3. . click Edit. click Use domain name system (DNS) “MX“ records to route mail automatically. type contoso. 14. click Next. 20. In the Completion pane. and Troubleshooting Microsoft® Exchange Server 2010 2. Click the Send Connectors tab. click New. type Anonymous Receive. 13. Expand Server Configuration. double-click contoso. 16.com. In the New Send Connector window. in the Name box. click Finish. In the New Receive Connector window. in the Address box. click New Receive Connector. expand Microsoft Exchange On-Premises. click Internet.local. In the Network settings pane.com. and then click Next. In Exchange Management Console. and then click Hub Transport. click Add. Click Next. and then click OK.

Managing Message Transport 5-11 Additional Reading What Is a Remote Domain? • Additional Character Sets What Is Back Pressure? • You find additional information how to configure back pressure in the Exchange Server 2010 helpfile. .

Issue You configure a Send Connector to the Internet. and fill in the troubleshooting tips. and Troubleshooting Microsoft® Exchange Server 2010 Module Reviews and Takeaways Common issues related to Managing Message Transport Identify the causes for the following common issues related to Managing Message Transport. For answers. and connect to the target SMTP server in the internet to see what the issue is. Verify that this domain is part of the Accepted Domains in Organization Configuration under Hub Transport.5-12 Configuring. . Many times you cannot reach it because of DNS resolution or firewall settings. Managing. Use Message Tracking or view the header of the message in Outlook Web App. Your Exchange Server does not accept messages for the domain adatuminfo. refer to relevant lessons in the module. You want to understand over what hops the message has been transferred.com. Troubleshooting tip Use Telnet on the Hub Transport server that is trying to send the mail. but messages cannot be transferred over it.

and the message has not arrived. you want to make sure that all e-mail messages are passed through the main site in Vancouver.Managing Message Transport 5-13 Lab Review Questions and Answers Question: Question: What would you need to configure to enable outbound Internet e-mail from each of Adatum‘s location? Answer: You must ensure that local Internet connectivity is available at every location. and then use Queue Viewer to verify that the e-mail is not stuck in any queues.. Datum. How would you do that? Answer: Possible answers include: • • • Configure hub sites to add additional hops to the message delivery Configure Exchange-specific routing costs to override the IP site-link costs Configure expansion servers for distribution groups . Datum bought some new locations. and you then need to configure a SMTP send connector at every site. Question: Question: After A. Question: Question: A user reports that she sent a message to a user in another company two hours ago. How would you troubleshoot this? Answer: Use Message Tracking to see if the e-mail left A.

Implementing Messaging Security 6-1 Module 6 Implementing Messaging Security Contents: Lesson 1: Deploying Edge Transport Servers Lesson 2: Deploying an Antivirus Solution Lesson 3: Deploying an Anti-Spam Solution Lesson 4: Configuring Secure SMTP Messaging Module Reviews and Takeaways Lab Review Questions and Answers 2 7 11 15 20 21 .

and Troubleshooting Microsoft® Exchange Server 2010 Lesson 1 Deploying Edge Transport Servers Contents: Question and Answers Detailed Demo Steps 3 4 .6-2 Configuring. Managing.

This location makes the Edge Transport server role more vulnerable than the other servers on your protected network.Implementing Messaging Security 6-3 Question and Answers Discussion: Securing Edge Transport Servers Question: Why is it important to secure Edge transport servers? Answer: The Edge Transport server role performs a number of functions such as routing messages between the Exchange Server organization and the Internet. from implementing a firewall solution. and providing antivirus and anti-spam protection. However. you can configure secure Transport Layer Security (TLS) for SMTP communication. Therefore. Question: What factors should you consider at the operating system level? Answer: Answers can vary. but also for other products. You typically install this server role in the perimeter network. to enforcing very strong passwords. It provides a user-friendly interface to configure your Windows servers not only for the Edge Transport role. The Windows Server 2008 Administrative Tools includes the SCW. . Question: How do you secure an Edge Transport server? Answer: The Edge Transport server includes certain security settings by default. For example. you must perform certain additional tasks to secure this server role. All these features will be discussed later in this module. SCW is an easy-to-use wizard that allows you to quickly create and apply security templates to servers. implementing restrictive password policies. the best tool around is the Security Configuration Wizard (SCW) that is part of Windows Server 2003 and newer versions.

in the left pane. Review the configuration options on the Anti-spam tab. Review the Edge Transport server role’s default configuration settings including the default antispam settings. This means that you would need to configure an accepted domain before the Edge Transport server will accept any messages. Note that no accepted domains are configured. . click Edge Transport. Send and Receive Connectors and Accepted Domains. Click the Accepted Domains tab. 8. Import the Edge subscription file using the Exchange Management Console on the Hub Transport server. and that there is no organization node. In order to send e-mail. Demonstration: How to Configure Edge Synchronization Demonstration steps • • • • • On the Edge Transport server. 6. If you are using this server as a SMTP gateway server. 2. run the NewEdgeSubscription -FileName “c:\van-edge. You must manage each Edge Transport server individually. point to Microsoft Exchange Server 2010. 5. Managing. On VAN-EDG. Review the changes made to the Edge Transport server after Edge Synchronization. These settings will be covered in detail later in the module. You can use transport rules to apply actions to messages as they pass through the Edge Transport server. Use Start-EdgeSynchronization and Test-EdgeSynchronization to test Edge synchronization. Open the Exchange Management Console. 4. Click the Receive Connectors tab. you do not need to configure any other receive connectors to enable the server to accept messages. and Troubleshooting Microsoft® Exchange Server 2010 Detailed Demo Steps Demonstration: How to Configure Edge Transport Servers Demonstration steps 1. Note that no transport rules are configured by default. Note that the console is focused just on an Edge Transport server.xml” command on the Edge Transport server. Configure address rewriting using the New-addressRewriteEntry command. In Exchange Management Console. This connector will accept SMTP connections from all IP addresses and will accept anonymous connections. 2. point to All Programs. you will need to configure a Send Connector. click Start. 7. Demonstration steps 1. and then double-click Default internal receive connector VAN-EDG. Click the Send Connectors tab. Click Cancel. Review the receive connector properties. Note that no Send Connectors are configured on the server. and then click Exchange Management Console. Click the Transport Rules tab.6-4 Configuring. either to the internal network or to the Internet. in the Exchange Management Shell. 3.

and then press ENTER. at the PS prompt. point to Microsoft Exchange Server 2010.xml” and press ENTER. 4. 4. and click Refresh. On the Network tab. and then press ENTER. 3. 2.xml to the server \\VAN-EX1\c$ Best Practice: Remember that in real-world scenarios. In the Hub Transport pane. and then click Exchange Management Shell. 8. type \\VAN-EX1\c$ and press ENTER. click Start. 10. In Exchange Management Shell. 7. point to Microsoft Exchange Server 2010. and C:\VAN-EDGE. On the Completion page. at the command prompt. at the PS prompt. point to Microsoft Exchange Server 2010. it would be a security violation if you were able to copy the EdgeSubscription file directly from the Edge Transport server to the Hub Transport server. In the Actions pane. Copy c:\van-edg. confirm that no new receive connectors have been added. click Start. On VAN-EDG. . and in the Search box. 3. and then click Hub Transport. Demonstration steps . In the New Edge Subscription window. and then click Exchange Management Console. Verify that the synchronization was successful. and then click New. 8. in the Exchange Management Console.Enable Edge Synchronization 1. Normally. click New Edge Subscription. 5. point to All Programs. Double-click EdgeSync – Default-First-Site-Name to Internet. On the Accepted Domain tab. 9. On VAN-EDG. In Exchange Management Shell. 6.Implementing Messaging Security 6-5 Demonstration steps . expand Organization Configuration. In Exchange Management Console. you should use an USB device or other means to copy the file. Click Start. 9. 6. On the Receive Connectors tab. 5.Test Edge Synchronization 1. confirm that an address space of * is configured. point to All Programs. Click the Send Connectors tab. The default connector is configured to receive e-mail from all source addresses on port 25. confirm that the internal domains are listed as authoritative domains. On the Address Space tab. click the Edge Subscriptions tab. type Start-EdgeSynchronization. select Default-First-Site-Name as Active Directory site. point to All Programs. confirm that the connector will use DNS to route e-mail. enter Y. On VAN-EX1. expand Microsoft Exchange On-Premises.XML as Subscription file. In Exchange Management Shell. 7. Click Start. In the Confirm text dialog box. Click OK. and click Exchange Management Shell. click Edge Transport. type Test-EdgeSynchronization. type New-EdgeSubscription FileName “c:\van-edg. Confirm that a new connector named EdgeSync – Default-First-Site-Name to Internet has been created. 2. click Finish.

confirm that the EdgeSync – DefaultFirst-Site-Name to Internet connector is displayed. in the Organization Configuration work area. click Hub Transport. 11. This feature is useful when an organization requires different mail domain names internally and externally.com when they leave the organization. On VAN EDG. When you configure address rewriting. 2.com. is listed as the source server. Demonstration steps . click Start. confirm that VAN-EDG 12. and then click Exchange Management Shell.com -ExternalAddress bdatum.Configure address rewriting 1. point to All Programs. On the Source Server tab. and then press ENTER. if required. Double-click the connector.com to display a domain name of Bdatum. On the Send Connectors tab. In Exchange Management Shell. at the command prompt. . On VAN-EX1. Exchange rewrites all e-mail messages with the domain name Adatum. in the Exchange Management Console. and Troubleshooting Microsoft® Exchange Server 2010 10. type New-addressRewriteEntry Name “Bdatum. Managing.6-6 Configuring.com” -InternalAddress adatum. point to Microsoft Exchange Server 2010. Click OK.

Implementing Messaging Security 6-7 Lesson 2 Deploying an Antivirus Solution Contents: Detailed Demo Steps Additional Reading 8 10 .

on the License Agreement page. click Next. 3. and then click Forefront Protection for Exchange Server Console. 11. Configure Global Settings.Install Forefront Protection 2010 for Exchange Server 1. click Settings. 5. double-click forefrontexchangesetup. Demonstration steps . in the Search field. In Forefront Protection 2010 for Exchange Server Administrator Console. click OK. click Policy Management. 6. On the Microsoft Update page. 2. click I agree to the terms of the license agreement and privacy statement. click Next. 4. Click Start. click Start. click Next. 9. and then press ENTER. and Troubleshooting Microsoft® Exchange Server 2010 Detailed Demo Steps Demonstration: How to Configure Forefront Protection 2010 for Exchange Server Demonstration steps 1. type D:\. click Next. On the Service Restart page. On the Confirm Settings page. It will take about five minutes.Content Filter settings. On the Proxy Information page. 2. 7. On the Antispam Configuration page. click I don’t want to use Microsoft Update. Close Windows Explorer. and then click Next. 5.Edge Transport settings. click Next. 12. click Enable antispam later. in the left pane. In the Setup Wizard Window. point to Microsoft Forefront Server Protection. Wait for the installation to finish. Click OK. and then click Next. 13. Click DVD Drive. On VAN-EDG. 4. In Windows Explorer. 14. Install Forefront Protection 2010 for Exchange Server. Demonstration steps . and then click Image File.6-8 Configuring.Configure Forefront Protection 2010 for Exchange Server 1. 2. 10. Click Browse. and then click Next. In the 10135A-VAN-EDG on localhost – Virtual Machine Connection window. 3. point to All Programs. Configure Antispam . . and browse to C:\Program Files\Microsoft Learning\10135\Drives. 8. On the Installation Results page. Configure Antimalware .exe. On the Customer Experience Improvement Program page. Managing. 3. Click ForeFrontInstall. In the Evaluation License Notice dialog box. on the File menu. Open the Forefront Protection 2010 administration console. On the Installation Folders page. and click Open.iso. click Finish.

select the Scan with a dynamically chosen subset of engines check box. 5. In the Monitoring pane. Explain that the items that were configured for Quarantine based on the SCL level are found here In the Monitoring pane. you should consider carefully whether to use Engine Update failed. select SCL 5 to 7. under Server Security Views. Demonstration steps . verify that the Optimize for performance by not rescanning messages already virus scanned check box is selected. 2. 9. and then click Scan Options. expand Global Settings. Click Save.Implementing Messaging Security 6-9 4. 10. Under Global Settings. In the Policy Management pane. because it is important for keeping your engines updated to prevent virus attacks. click Monitoring. under Server Security Views. Explain the options that you can configure here. Typically. In the Monitoring pane. 7. click Incidents. In the Monitoring pane. In the Service Restart Required window. 8. 12. a Virus notification would not be useful permanently. in the Engines and Performance section. 3. In the Policy Management pane. expand Antispam. under Server Security Views. For example. Explain the different Monitors available on this page. 11. It just makes sense to control that viruses are found correctly for the first couple of hours. and then click Configure. Explain what kind of incidents you would see here.Manage Forefront Protection 2010 1. In the Additional Options section. under Configuration. 13. 14. Select the Enable content filtering check box. Under Global Settings. Click Save. a message that has a virus detected will appear here. Explain some of the available notifications and their use. in the Suspected spam drop-down list. . In the Policy Management pane. 6. click Dashboard. In the Antispam – Configure pane. For example. click Yes. and then click Edge Transport. click Notifications. Focus mainly on Threshold Levels and Intelligent Engine Management. click Advanced Options. 5. 15. click the Enable Antispam Filtering button. In Forefront Protection 2010 for Exchange Server Administrator Console. In the Antimalware – Edge Transport pane. click Engine Options. Ask the students if they find a Virus found notification useful. Explain the options that you can configure here. Explain the options that you can configure here. Under SCL Thresholds and Actions. Explain the impact of this setting to the students and explain the other options to reject or delete messages above this SCL level. click Quarantine. expand Antimalware. in the left pane. 4. especially in large organizations that detect dozens of viruses every day.

Managing. and Troubleshooting Microsoft® Exchange Server 2010 Additional Reading What Is Forefront Protection 2010 for Exchange Server? • Protecting Your Microsoft Exchange Organization with Microsoft Forefront Protection 2010 for Exchange Server Forefront Protection 2010 Deployment Options • Forefront Protection 2010 for Exchange Server Best Practices .6-10 Configuring.Deployment considerations .

Implementing Messaging Security 6-11 Lesson 3 Deploying an Anti-Spam Solution Contents: Detailed Demo Steps 12 .

CIDR dialog box. point to All Programs. double-click IP Block List Providers. Open Exchange Management Console. if required. After adding this entry. Type Spamhaus in the Provider name box.6-12 Configuring. 8. double-click IP Block List. 2. Adding this entry means that all messages from this IP address will be accepted without any additional content filtering. and then click OK twice. double-click IP Allow List. type zen. point to Microsoft Exchange Server 2010. 4. 2. 3. In the VAN-EDG pane. Managing. and on the Edge Transport server.Configure connection filters 1.11. and then click Add. and then click Exchange Management Console. Demonstration steps .org in the Lookup Domain box.10. click the Providers tab. On the Blocked Addresses tab. click Edge Transport. IP Allow List IP Block List IP Block List Providers Add the zen. click Add. and then click OK twice. In the VAN-EDG pane. the Edge Transport server will query the IP . 6. type 10. In Exchange Management Console. and then click OK twice. In the Add Allowed IP Address. Configure the following filtering features: • • • • • Sender filtering Recipient filtering Sender ID Sender Reputation Content filtering 5.0.0. In the Add Blocked IP Address. In the VAN-EDG pane. 5. Configure the following Connection filters: • • • 3.spamhaus. click Start. and Troubleshooting Microsoft® Exchange Server 2010 Detailed Demo Steps Demonstration: How to Configure Anti-Spam Options Demonstration steps 1.12. 4. Configure the Edge Transport server to quarantine messages with a SCL rating greater than 7. 10. click the Anti-spam tab.org domain to the IP Block List Providers list. In the IP Block List Providers Properties dialog box.spamhaus. On VAN-EDG. Adding this entry means that all SMTP connections from this IP address will be rejected. 9. type 10. In the Edge Transport pane. click Add.10. click the Anti-spam tab.CIDR dialog box. On the Allowed Addresses tab. 7.

com. in the Exchange Management Shell. 6. in the Messages containing these words or phrases box. move the slider two stops to the left. In the Resource Record Type dialog box. In the Block messages containing these words or phrases box. 4. and then click Enable. In the Sender ID Properties dialog box. and then click Properties. click Done. In the Block messages sent to the following recipients text box. On the Custom Words tab. type poker. under Individual e-mail address. 8.com. open the DNS management console. on the Action tab. 9. on the Anti-spam tab.0. In the Resource Record Type dialog box. and then click Properties.Configure sender and recipient filters 1. 4. . click Add. in Exchange Management Console. right-click Sender ID.Implementing Messaging Security 6-13 block list provider whenever a SMTP server attempts to make a connection. Expand Forward Lookup Zones. On the Blocked Recipients tab. On VAN-EDG. and click OK twice. and then click Create Record. type Arlene@Adatum.Configure sender ID and sender reputation filters 1. double-click Sender Reputation. Normally. 2. Demonstration steps . Right-click Adatum.com. and then click OK. and then click Add.10. 10. On the Action tab.10. 5.com. 7. and then click Adatum. This record configures the Sender ID filter to accept connections only from 10. 6. Demonstration steps . On the Blocked Senders tab. and then click Add. and then click Other New Records. and then click Properties. right-click Sender Filtering. 4. you would configure this entry on the DNS server that is responsible for your domain on the Internet. Click OK. double-click Recipient Filtering. type set-contentfilterconfig – quarantinemailbox Jeff@adatum. and then click OK. 5. and then click Add. click Reject Message. type Mortgages. the connection will be dropped. Right-click Content Filtering. On the Anti-spam tab.com. right-click Content Filtering. In the VAN-EDG pane.40 for the Adatum. Demonstration steps . In the New Resource Record dialog box. On VAN-EDG. and then press ENTER. 2. In the Add Blocked Senders dialog box. on the Anti-spam tab. On VAN-DC1. 5.40 –all. type v=spf1 ip4:10. and then click OK. click Text (TXT). in the Exchange Management Console.0.Configure content filtering 1. 2. type Samantha@Contoso. in the Text box.com domain. select the Block messages sent to the following recipients check box. If the SMTP server IP address is on the block list. 3. On VAN-EDG. 3. 3. In the VAN-EDG pane.

and Troubleshooting Microsoft® Exchange Server 2010 6.com. . and set the value to 7. 8. On the Exceptions tab. select the Quarantine messages that have an SCL rating greater than or equal to check box.6-14 Configuring. and then click Add. 7. Click OK. Managing. in the Don’t filter messages sent to the following recipients box. On the Action tab. Set the Reject messages that have an SCL rating greater than or equal to value to 9. type jeff@adatum.

Implementing Messaging Security 6-15 Lesson 4 Configuring Secure SMTP Messaging Contents: Question and Answers Detailed Demo Steps 16 17 .

IPSec.6-16 Configuring. This is called relaying. and this can cause security issues. VPN. SMTP is not encrypted by default. and so on. It is designed to accept any mail and forward it to its destination. Question: How do you currently secure SMTP? Answer: Answers may vary. Additionally. Some organizations may use encryption methods such as TLS. and Troubleshooting Microsoft® Exchange Server 2010 Question and Answers Discussion: SMTP Security Issues Question: What are the security issues with SMTP? Answer: SMTP was primarily designed around the idea of enabling cooperation and trust between servers. Some organizations might also implement authentication and authorization to prevent relaying. . Managing.

Use Telnet to connect to Receive Connector. and then click Exchange Management Console. . Note that you can relay through the server when using the externally trusted connector. Helo Mail from: test@Contoso. On VAN-DC1. b.Implementing Messaging Security 6-17 Detailed Demo Steps Demonstration: How to Configure SMTP Security Demonstration steps 1. Use the Exchange Management Console to create a new Receive Connector. point to Exchange Server 2010.com Quit 12. double-click Externally Secured Connector. c. 5. Configure the Receive Connector to use TLS and authentication. click Next.10 in Address or address range field. select the Externally Secured (for example. 8. enter 10. In the Add IP Addresses of Remote Servers window. point to Accessories.0.com Rcpt to: kim@woodgrovebank. In Exchange Management Console. 11. 3. Demonstration steps . and then press ENTER. 2. in the Name box. Clear the Exchange Server authentication check box. 4. At the command prompt. 5. with IPsec) check box. type Telnet van-ex1 smtp. 2. Enter the following sequence: a. 7. click Start. 3. and then click the Authentication tab. In the Actions pane. expand Server Configuration. and then click Finish. 6. In Exchange Management Console. click Remove. and then click OK.10. You need to ensure that this option is only enabled for connections from highly trusted sources. point to All Programs. In the Remote Network settings pane. 10. click New Receive Connector. click New. type Externally Secured Connector. d. in the Receive Connectors pane. On VAN-EX1. and then click Add. 9. Configure the Receive Connector to be externally secured. and then click on Hub Transport. select VAN-EX1. click Internal in the Select the intended use for this Receive connector list.Configure an externally secured SMTP connector 1. and then click Next. click OK. 4. and then click Command Prompt. In the Hub Transport pane. In the New Receive Connector window. click Start. Use Telnet again to connect to Receive Connector. expand Microsoft Exchange On-Premises. point to All Programs.

5. Enable Domain Security on the Send connector.Verify certificate and check receive connector 1. 7. Click OK. Verify a computer certificate in the certificate store. In the Console window.Configure an SMTP Connector that Requires TLS and Authentication 1. and then click Command Prompt. 3. 5.6-18 Configuring. you would need to obtain a certificate from a public CA or exchange root certificates with other organizations in order to enable domain security.7. This certificate is the self-signed certificate installed on the server when the Edge Transport server role was installed. Demonstration steps . 4. click Start. point to All Programs. and then click OK. and then click Finish. In the Certificates snap-in window.com response: 530 5. and then click Certificates. 2. open Microsoft Management Console. and Troubleshooting Microsoft® Exchange Server 2010 Demonstration Steps . 2. select the Exchange users check box. click OK. Run Set-TransportConfig -TLSSendDomainSecureList and Set-TransportConfig TLSReceiveDomainSecureList to configure Domain Security partnership. Switch to VAN-EX1. point to Accessories. in the Receive Connectors pane. Managing. click Next. type Telnet van-ex1 smtp. In Exchange Management Console. and then click Exchange Management Console. 2. . and then click the Authentication tab. Open the VAN-EDG certificate. In a production environment. point to Exchange Server 2010. On VAN-EDG.1 client was not authenticated Demonstration: How to Configure Domain Security Demonstration steps 1. 5. and then close Console 1 without saving changes. click Computer account. Run Start-EdgeSynchronization to synchronize the changes to the Edge Transport server. and select the following: • • 4. 7. 3. with IPSec) check box. expand Certificates (Local Computer). and then add the Certificates snap-in. Helo Mail from: test@contoso. Enable Domain Security on the Receive connector. Basic Authentication Offer Basic authentication only after starting TLS Click the Permission Groups tab. 6. expand Personal. double-click Externally Secured Connector. At the command prompt. 4. In the Add or Remove Snap-ins window. 6. Clear the Externally Secured (for example. Click Start. 3. b. On VAN-DC1. point to All Programs. Enter the following sequence: a.

9. and then press ENTER.com. and then click Exchange Management Console. 7. On the Authentication tab. Click the Send Connectors tab. and then click OK. at the command prompt. On the Network tab. In Exchange Management Shell. type Set-TransportConfig -TLSReceiveDomainSecureList contoso. point to All Programs. and then double-click EdgeSync . In Exchange Management Console.Configure Domain Security 1. 5. and then click the Receive Connectors tab in the VAN-EDG pane.Implementing Messaging Security 6-19 8. and then press ENTER. At the command prompt. ensure that both the Transport Layer Security (TLS) and Enable Domain Security (Mutual Auth TLS) check boxes are selected. point to All Programs. Demonstration steps . and then click Hub Transport. point to Microsoft Exchange Server 2010. In Exchange Management Console. 6. 2. At the command prompt. type Set-TransportConfig TLSSendDomainSecureList contoso. On VAN-EX1. On the Receive Connectors tab. Click Start. You can mention here that in a real-world implementation of Domain Security. type Start-EdgeSynchronization. and then press ENTER. 8. double-click Default internal receive connector VAN-EDG. . point to Microsoft Exchange Server 2010. and then click OK.Defaut-First-Site-Name to Internet. expand Organization Configuration. 3. 10. and then click Exchange Management Shell. expand Microsoft Exchange On-Premises. 4. type Get-TransportConfig |FL. In the Edge Transport pane.com. ensure that Enable Domain Security (Mutual Auth TLS) is selected. click Start. At the command prompt. 9. click VAN-EDG. and then press ENTER. click Edge Transport. you might want to add one dedicated Receive Connector for Domain Security connections only as a best practice recommendation.

For answers. try to reestablish the Edge Synchronization. you need to use a third-party software such as Forefront Protection 2010 for Exchange or other similar products. 2. Troubleshooting tip Ensure both domains trust each other’s CA. you can use Edge Synchronization to configure the Edge Transport server so you can manage most of the settings from your Exchange Server organization. . Managing. Issue You configured Domain Security with a partner domain. Domain Security must be configured on both the local side and the partner side. ensure that you always start the Exchange Management Shell in Administrator mode. You sometimes need full access to run a cmdlet. Common issues related to Edge Synchronization and domain security Identify the causes for the following common issues related to implementing messaging security. Which Exchange Server versions support the Domain Security feature? You can use Domain Security or mutual TLS only when both the sending and receiving domains have Exchange Server 2007 or Exchange Server 2010 installed. If that does not work. When you run TestEdgeSynchronization. Does the Edge Transport server role in Exchange Server 2010 include virus-scanning capabilities? The Edge Transport server role includes only some basic antivirus features. Is Edge Synchronization a mandatory requirement? No. and Troubleshooting Microsoft® Exchange Server 2010 Module Reviews and Takeaways Review questions 1. you can also have a stand-alone Edge Transport server. Also. Use Test-EdgeSychronization to verify that the connection is established. refer to relevant lessons in the module. Edge Synchronization is not working anymore.6-20 Configuring. However. You’re logged on to your Windows Server 2008 machine using your own account. it shows that the connection is broken. 3. not mutual TLS or Domain Security. but messages only use TLS for message encryption. For virus scanning capabilities. When you use your own account instead of an administrator account to log on to a Windows Server 2008 system.

Sender Filter. Sender ID. Recipient Filter. Question: What are the possible issues in implementing Domain Security for your partner domains? Answer: Domain Security needs to be configured on both sides. . Content Filter. or a valid message. Question: What is the purpose of the SCL threshold? Answer: The SCL threshold is the threshold value that specifies whether a message is seen as spam. Protocol Analysis. and Attachment Filter. on a by-domain basis.Implementing Messaging Security 6-21 Lab Review Questions and Answers Question: What anti-spam agents are available in Exchange Server 2010? Answer: Anti-spam agents include: Connection Filtering.

Implementing High Availability 7-1 Module 7 Implementing High Availability Contents: Lesson 1: Overview of High Availability Options Lesson 2: Configuring Highly Available Mailbox Databases Module Reviews and Takeaways Lab Review Questions and Answers 2 5 9 11 .

and Troubleshooting Microsoft® Exchange Server 2010 Lesson 1 Overview of High Availability Options Contents: Question and Answers Additional Reading 3 4 . Managing.7-2 Configuring.

and environmental factors. . Some of the common failure points are Internet connectivity. such as power and cooling. server hardware failures with hard drives. fans. and power supplies.Implementing High Availability 7-3 Question and Answers Discussion: Components of a High Availability Solution Question: What are some common single points of failure in a messaging solution? Answer: Answers will vary.

Managing. and Troubleshooting Microsoft® Exchange Server 2010 Additional Reading What Is High Availability? • Microsoft High Availability White Paper .7-4 Configuring.

Implementing High Availability 7-5 Lesson 2 Configuring Highly Available Mailbox Databases Contents: Question and Answers Detailed Demo Steps 6 7 .

It is a crucial tool for identifying and reacting to problems quickly and effectively. and Troubleshooting Microsoft® Exchange Server 2010 Question and Answers What Is Continuous Replication? Question: What other technologies use continuous replication? Answer: Exchange Server 2007. Monitoring the statistics can help you do this. Demonstration: How to Monitor Replication Health Question: Why is monitoring these statistics important? Answer: As previously discussed. and perhaps others familiar to the students. Managing. Rotating the preference for the databases through all available servers allows each server to be actively serving client requests. Configuring Databases for High Availability Question: How do you plan to use the preferred list sequence number? Answer: Answers may vary. high availability is more than just redundant software and hardware.7-6 Configuring. the administrator needs to know within which network the DAG will reside and the servers that will participate. Microsoft SQL Server®. Demonstration: How to Create and Configure a DAG Question: What information do you need before you can configure a DAG? Answer: At minimum. However. . many students will prefer to spread out the activity to multiple servers.

and a WitnessDirectory of C:\FSWDAG1. At the Exchange Management Shell prompt. click Add. At the Exchange Management Shell prompt. Demonstration steps 1.10. 8. since it requires a majority of votes at all times to maintain quorum. expand Microsoft Exchange On-Premises. and then press ENTER. Use the Add Mailbox Database Copy wizard to add a copy of Mailbox Database 1 to the second Mailbox server. Click Start.25. click Microsoft Exchange Server 2010.10. In the Results pane. In the Manage Database Availability Group Membership wizard. click All Programs. click Microsoft Exchange Server 2010. Clusters with even numbers of nodes use the file share witness as a tie-breaker vote in establishing quorum. and then press ENTER. 5. when one of the nodes is rebooted. type New-DatabaseAvailabilityGroup –Name DAG1 –WitnessServer VAN-DC1 -WitnessDirectory C:\FSWDAG1 – DatabaseAvailabilityGroupIpAddress 10. right-click DAG1. A two-node DAG configuration requires a file share witness. .0. 2. 5. click All Programs. and then click Exchange Management Shell. In a two-node cluster without a file share witness. In the Work pane on the Database Availability Groups tab. As a best practice. and then click Mailbox.25 Use the Add-DatabaseAvailabilityGroupServer cmdlet to add VAN-EX1 as a member. click the Database Availability Groups tab. click Programs. 6. Click Start. 3. a majority of votes cannot be obtained and the cluster fails. On VAN-EX1. Assign the DAG an IP Address of 10. You can specify the Hub Transport server and the local directory to be configured as the file share witness when you create a DAG. and then click Exchange Management Shell. and then click Manage Database Availability Group Membership from the context menu. We recommend using the local Hub Transport server to act as the file share witness. 4. Click Start. you should add the file share witness to other clusters too. click Start. 4. expand Organization Configuration. click Programs. Use the Manage Database Availability Group Membership wizard to add VAN-EX2 as a member of DAG1. and then click Exchange Management Console.0.Implementing High Availability 7-7 Detailed Demo Steps Demonstration: How to Create and Configure a DAG Demonstration steps 1. Use the New-DatabaseAvailabilityGroup cmdlet to create a Database Availability Group named DAG1 with a WitnessServer on VAN-DC1. 6. 3. and then click Exchange Management Console. click Microsoft Exchange Server 2010. click Microsoft Exchange Server 2010. 7. type Add-DatabaseAvailabilityGroupServer DAG1 –MailboxServer VAN-EX1. 2. In the Console Tree.

and then in the Actions pane. and then click Finish. Failed. and then expand Mailbox. 15. click the Database Management tab. and then expand Mailbox. In the Results pane. click All Programs. Close Exchange Management Console. Note: Once you create a DAG. Click OK to close. click Add to create the copy of Mailbox Database 1. Add additional networks for redundancy or improved throughput. and then click Exchange Management Console. click Microsoft Exchange Server 2010. in the bottom Mailbox Database 1 area. In the Manage Database Availability Group Membership wizard. In the Add Mailbox Database Copy wizard. click the Database Management tab. Initializing. and then click Exchange Management Console. Resynchronizing. click VAN-EX2. On VAN-EX1. click Browse to select the server to which to add the copy. click Mailbox Database 1. click Properties. 12. In the Select Mailbox Server dialog box. Suspended and Failed. and Troubleshooting Microsoft® Exchange Server 2010 9. click Start. expand Microsoft Exchange On-Premises. The database status might be Healthy. expand Organization Configuration. expand Organization Configuration. Review the results. In the Results pane. On VAN-EX1. 10. click All Programs. Demonstration steps 1. . expand Microsoft Exchange On-Premises. Review the status of each of the Mailbox Database 1 database. click Microsoft Exchange Server 2010. 16. 3. click Manage to complete the changes. click Add Mailbox Database Copy. Dismounted. and then click OK. Suspended.7-8 Configuring. In the Console Tree. 4. click Start. 3. you then can create and configure DAG networks for replication or for MAPI traffic. In the Console Tree. and then click Finish to close the wizard. 14. 2. In the Select Mailbox Server dialog box. In the Add Mailbox Database Copy wizard. 5. Seeding Describe Copy queue length (logs) and Replay queue length (logs). Disconnected. click VAN-EX2. click Mailbox Database 1. Demonstration: How to Monitor Replication Health Demonstration steps 1. Mounted. 2. In the Results pane. Managing. In the Results pane. and then in the Actions pane. 13. and then click OK. Review the information on the General tab: • • 6. 11. 4.

Best practices related to designing a high availability solution Supplement or modify the following best practices for your own work situations: . It is important to consider larger issues. An organization has several branch offices with a small number of employees. 2. What configuration can it deploy to meet it business needs? It may be possible to deploy two servers and install the Mailbox. The organization can create a DAG and use a hardware load balancer to load balance client access connectivity. Hub Transport. what other failures should you consider? Exchange Server high availability configurations protect against software and server failures. It wants to minimize the number of mailbox servers it deploys. Besides planning for Exchanger Server failures. it may make more sense to use a hardware load balancer than to create hundreds of DNS MX records. Issue Inbound e-mail is not being delivered evenly across all of the Edge Transport servers. refer to relevant lessons in the module. If the values are not the same. Many servers reject e-mail from servers that do not have a name or an IP address that can be resolved on the Internet. How can it do this? Deploy all Mailbox servers in a single DAG. and then configure each of the business unit’s mailbox databases with the appropriate number of copies to meet the service level. such as local network failures. 2. the organization needs to deploy a high availability solution in the remote offices. Troubleshooting tip Ensure that the DNS MX records have the same value. Verify that your outbound mail servers are configured with a host name that is resolvable on the Internet. and data center power and cooling failures. Real-world issues and scenarios 1. Common issues related to creating high availability Edge Transport solutions Identify the causes for the following common issues related to high availability Edge Transport servers. Doing this also may reduce the number of public IP addresses required. For answers. Internet connectivity issues. and Client Access server roles on both. However. and fill in the troubleshooting tips. outbound e-mail is being returned as possible spam. and database corruption.Implementing High Availability 7-9 Module Reviews and Takeaways Review questions 1. An organization uses a variety of service-level agreements for database availability for different business units. In which scenarios might you use hardware load balancing with Edge Transport servers? In high utilization scenarios requiring hundreds of Edge Transport servers. only the records with the lowest value will be used. After deploying highly available Edge Transport servers.

Document all of the components to the solutions so that everyone involved in the deployment understands the solution’s configuration how the solution is configured. and Troubleshooting Microsoft® Exchange Server 2010 • • • Identify all possible failure points before designing a solution. In some environments. it may be tempting to skip these steps. . Managing. However.7-10 Configuring. Follow change-management procedures. not following proper change-management procedures often leads to extended. unplanned downtime. Even the most elaborate and expensive designs can have a simple and crippling failure point.

Implementing High Availability 7-11 Lab Review Questions and Answers Question: When might you choose to initiate a database switchover? You can initiate database switchovers to move databases off a DAG member for maintenance tasks. you can recover these messages using the transport dumpster functionality. Question: If you deploy only two Hub Transport servers in an Active Directory site. would shadow redundancy protect messages between mailboxes in the same site? Shadow redundancy does not protect messages delivered within the same site. because the messages will not have traversed more than one Hub Transport server. However. such as applying software updates. .

Implementing Backup and Recovery 8-1 Module 8 Implementing Backup and Recovery Contents: Lesson 1: Planning Backup and Recovery Lesson 2: Backing Up Exchange Server 2010 Lesson 3: Restoring Exchange Server 2010 Module Reviews and Takeaways Lab Review Questions and Answers 2 8 12 16 17 .

Managing.8-2 `Configuring. and Troubleshooting Microsoft® Exchange Server 2010 Lesson 1 Planning Backup and Recovery Contents: Question and Answers Detailed Demo Steps 3 4 .

Additionally. and you must resolve issues and recover data quickly. because you do not need to recover the data from the backup device. so that you will be able to perform the tasks should the stressful situation of a corrupt or damaged database occur. Integrating High Availability and Disaster Recovery Question: Why should you back up Exchange Server databases? Answer: Back up Exchange Server databases so that you can recover from a disaster. The key is to practice the database or server-restore process. recover items from mailboxes. . interesting discussion points include how the students teach disaster-recovery processes to new employees or how they ensure the plan remains up-to-date. For these reasons. Demonstration: Recovering Deleted Items Question: What is the benefit of using this feature to recover mailboxes compared to existing bricklevel backup solutions? Answer: This feature is quicker than existing brick-level backup solutions. and conducting drills to increase administrators’ experience with the restore process. Question: What current plan does your organization have for disaster recovery? Answer: Answers may include various options.Implementing Backup and Recovery 8-3 Question and Answers Discussion: The Importance of Planning for Disaster Recovery Question: Why is it important to plan for a disaster? Answer: It is important for the students to know how to plan for a recovery so that a disaster does not cause database issues and data loss. and perform other back-up actions. consider the new high availability features because they might be able to replace the backup software. performing regularly scheduled restores (such as every month). such as maintaining guidelines.

and then press ENTER. . In the Exchange Management Console. point to All Programs. Open the Exchange Management Console. 7. Right-click Discovery Search Mailbox. and then press ENTER. assign the Administrator account full access permissions to the Discovery Search Mailbox. Log on as Adatum\Scott with a password of Pa$$w0rd. 8. and click Manage Full Access Permission. and then press ENTER. 6. 9. populate that folder with messages. Open the Discovery Search Mailbox. 7. 8. click All Programs. Demonstration steps 1. 3. On VAN-EX1. On left pane. and verify that it contains the deleted message. At the Exchange Management Shell prompt. and then press ENTER. click Create New Folder. At the Exchange Management Shell prompt. At the Exchange Management Shell prompt. and click Mailbox. click Start. Use the Export-Mailbox cmdlet to recover the folder to its original mailbox. Login to Microsoft Outlook Web App as Administrator to define a Mailbox Search. 5. and then click Delete. Expand Microsoft Exchange On-Premises. In Scott MacDonald’s mailbox.8-4 `Configuring. expand Recipient Configuration.adatum. Add the Administrator account. and Troubleshooting Microsoft® Exchange Server 2010 Detailed Demo Steps Demonstration: Recovering Deleted Items Demonstration steps 1. Click OK to accept the default Outlook Web App settings. Click Finish Click Start. 5. When the message arrives. Create and send a message to Scott. and then press ENTER. type Set-Mailbox ScottMacDonald SingleItemRecoveryEnabled:$true. type https://VAN-EX1. 11. and then delete the folder. In the Address bar. 12. right-click Scott MacDonald. 6. and click Manage. click Microsoft Exchange Server 2010. Managing. Close Exchange Management Shell. type Set-Mailbox ScottMacDonald SingleItemRecoveryEnabled:$true. At the Exchange Management Shell prompt. 2.com/owa. type New-ManagementRoleAssignment -Role ’Mailbox Import Export’ -User ’adatum\administrator’. and then click Exchange Management Shell. 4. 2. move it to the Personal Items folder. 13. create a new folder. and then click Internet Explorer. 3. 4. Verify that the message was recovered by accessing Scott MacDonald’s mailbox. and then type Personal Items as the folder name. type New-ManagementRoleAssignment -Role ’Mailbox Import Export’ -User ’adatum\administrator’. Right-click the Personal Items folder. 10.

click the Purge Selected Items icon. In New Mailbox Search window. 15. Add Scott MacDonald’s mailbox. click Add. and then click Mailbox Searches. 27. In the Role Group window. In the Recover Deleted Items window. Close Internet Explorer. 40. and then click the Administrator Roles tab. On the Multi-Mailbox Search pane. In the Select what to manage drop-down list. On the upper right corner. 23. and then . click Add. On the Search Name and Storage Location pane. expand Primary Mailbox.Implementing Backup and Recovery 8-5 14. Click OK. and then open it again and connect to https://VANEX1. 18. 33. click Reporting. and then click Save. in the Open Other Mailbox dialog box. and then click Yes. Right-click Deleted Items. 22.com/owa. 29. the folder’s items will now be available in Recover Deleted Items. click My Mail. and then click Recover Deleted Items. Point out that mailbox search is now processed. select My Organization. and then click Browse. click Add. select Discovery Search Mailbox. type Discovery Search Mailbox. and then click OK. On the left pane. 39. 24. In Select Members window. 30. 34. 19.adatum. under Members. select Administrator. Log on as Adatum\Administrator with a password of Pa$$w0rd. and then close the Recover Deleted Items window. 36. expand Recoverable Items. 38. click Empty Deleted Items. and then click OK. click Options. click Administrator. select My Organization.com/owa. expand Mailboxes to Search. In the Select Members window. In the Message from webpage dialog box. expand Scott MacDonald…. 21. type Purged Mailbox Items in the Search name box. In the upper right corner. and then click Open twice. and then. click OK. Right-click Deleted Items. 32. click Yes. On the Role Groups pane.adatum. Close Internet Explorer. in the Mail pane. click Users & Groups. In the Delete dialog box. and then open it again and connect to https://VANEX1. click Options. expand Purged Mailbox Items. In Outlook Web App. select the Send me an e-mail when the search is done check box. double-click Discovery Management. 28. In the Discovery Search Mailbox window. 17. Log on as Adatum\Administrator with a password of Pa$$w0rd. and then click Save. 37. 26. Click OK. 25. In the Select Discovery Mailbox window. click OK. Under Select what to manage. When you delete a folder. click New. On the left pane. Expand Search Name and Storage Location. 16. under Members. click Add. 20. 31. in the Select mailbox field. In Outlook Web App. 35.

44.0. and then add a copy of the Accounting database to VAN-EX2 with a replay lag time of 7 days. Point out that these are the items that were deleted previously. and then press ENTER. Demonstration: How to Create a Point-in-Time Database Snapshot Demonstration steps 1. and then click Exchange Management Shell. add VAN-EX1 and VAN-EX2 to DAG1. open the Exchange Management Console. 47. The full path will be something like: 42. At the Exchange Management Shell prompt. you can place the witness directory on any server. In the Address bar. and then press ENTER. Managing. Mention that the folder name was not preserved. 4. 49. expand Organization Configuration. At the Exchange Management Shell prompt. However. Verify that all messages are restored to the Purges folder. expand Microsoft Exchange On-Premises. 48. click Start. 41. and then click Mailbox. and then press ENTER. On the Exchange Management Console. 2. point to All Programs. type Export-Mailbox -Identity “Discovery Search Mailbox” -TargetMailbox “ScottMacDonald” IncludeFolders “fullMAPIpath” -Targetfolder “Personal Items (restored)”. 43. On VAN-EX1. If required. 46. expand Personal Items (restored).com/owa. click Microsoft Exchange Server 2010.100. and then click Internet Explorer. At the Exchange Management Shell prompt. when using the Exchange Management Shell.10. click All Programs. Close Internet Explorer.0. On the left pane. . and then press ENTER.10.8-6 `Configuring. type https://VAN-EX1. Demonstration steps 1. and then expand the folders beneath until you see the Purges folder. \Purged Mailbox Items\Scott MacDonald-6/26/2009 7:10:19 AM\Primary Mailbox\Recoverable Items\Purges. At the Exchange Management Shell prompt. including a server that is not running the Exchange server role. type New-DatabaseAvailabilityGroup –Name DAG1 –WitnessServer VAN-DC1 -WitnessDirectory C:\FSWDAG1 – DatabaseAvailabilityGroupIPaddresses 10. type Set-MailboxServer VAN-EX2 – DatabaseCopyAutoActivationPolicy Blocked. Write down the full MAPI path so that it is available for the next step. type New-DatabaseAvailabilityGroup –Name DAG1 –WitnessServer VAN-DC1 -WitnessDirectory C:\FSWDAG1 – DatabaseAvailabilityGroupIPaddresses 10. and then press ENTER. 3. Open the Exchange Management Shell. Click Start. In the Console Tree. Click the Purges folder. 45. Note: You can only place the witness directory on a Hub Transport server when you are using the Exchange Management Console. Log on as Adatum\Scott with a password of Pa$$w0rd. 3. if required. and Troubleshooting Microsoft® Exchange Server 2010 click Purges. 2.100.adatum.

Implementing Backup and Recovery

8-7

5. 6. 7. 8. 9.

In the Results pane, on the Database Availability Groups tab, click DAG1. In the Actions pane, click Manage Database Availability Group Membership. In the Manage Database Availability Group Membership wizard, click Add. In the Select Mailbox Server dialog box, hold down CTRL, click VAN-EX1 and VAN-EX2, and then click OK. Click Manage, and then click Finish. In the Results pane, with the Database Management tab showing, right-click Accounting, and then select Add Mailbox Database Copy.

10. In the Add Mailbox Database Copy window, click Browse. 11. In Select Mailbox Server dialog box, click VAN-EX2, and then click OK. Click Add, than then click Finish. 12. In the Exchange Management Shell, type Set-MailboxDatabaseCopy –id Accounting\VANEX2 –replaylagtime 7.0:0:0, and then press ENTER. This command delays the commitment of the transaction logs to the Accounting database on VAN-EX2 for 7 days. 13. At the Exchange Management Shell prompt, type Set-MailboxServer VAN-EX2 – DatabaseCopyAutoActivationPolicy Blocked, and then press ENTER. This cmdlet blocks the automatic activation of the database copy on VAN-EX2.

8-8

`Configuring, Managing, and Troubleshooting Microsoft® Exchange Server 2010

Lesson 2

Backing Up Exchange Server 2010
Contents:
Question and Answers Detailed Demo Steps Additional Reading 9 10 11

Implementing Backup and Recovery

8-9

Question and Answers
Demonstration: How to Back Up Exchange Server 2010
Question: Do you plan to can use Windows Server Backup as your primary Exchange Server backup solution? Answer: Windows Server Backup is a solution for small- to medium-sized businesses that do not have the budget for a third-party backup solution. You can use Windows Server Backup to backup Exchange Server data to a file share.

8-10

`Configuring, Managing, and Troubleshooting Microsoft® Exchange Server 2010

Detailed Demo Steps
Demonstration: How to Back Up Exchange Server 2010
Demonstration steps
1. 2. 3. In Server Manager, add the Windows Server Backup feature. In Windows Server Backup, create a backup set to back up the C: drive and run the backup. In Event Viewer, verify that the Exchange Server databases are part of the backup and that they have been backed up successfully.

Demonstration steps
1. 2. 3. 4. 5. 6. 7. 8. 9. On VAN-EX1, click Start, click All Programs, click Administrative Tools, and then click Server Manager. In Server Manager, click Features, and then on the Features Summary pane, click Add Features. In the Add Features Wizard, expand Windows Server Backup Features, click Windows Server Backup, and then click Next. On the Confirm Installation Selections page, click Install, and then after the installation finishes, click Close. Click Start, click All Programs, click Administrative Tools, and then click Windows Server Backup. In Windows Server Backup, on the Actions pane, click Backup Once. In the Backup Once Wizard, on the Backup Options page, click Different options, and then click Next. On the Select Backup Configuration page, select Custom, and then click Next. On the Select Items for Backup page, click Add items, select Local disk (C:) in the Select Items window, and then click OK.

10. On the Select Items for Backup page, click Advanced Settings, click the VSS Settings tab, select VSS full Backup, click OK, and then click Next. 11. On the Specify Destination Type page, select Local drives, and then click Next. 12. On the Select Backup Destination page, in Backup destination, select Allfiles (D:), and then click Next. 13. On the Confirmation page, click Backup. The backup will take about 20 minutes. When the backup finishes, click Close, and then close Windows Server Backup. 14. Click Start, click Administrative Tools, and then click Event Viewer. 15. In Event Viewer, expand Windows Logs, and then click Application. 16. In Event Viewer, on the Application log, locate the event items labeled Source MSExchangeIS and EventID 9811. 17. Wait until the backup is finished, then in Event Viewer, on the Application pane, locate the event items labeled Source MSExchangeIS and EventID 9780.

Implementing Backup and Recovery 8-11 Additional Reading How Does a VSS Backup Work? • Further information about VSS .

and Troubleshooting Microsoft® Exchange Server 2010 Lesson 3 Restoring Exchange Server 2010 Contents: Question and Answers Detailed Demo Steps 13 14 .8-12 `Configuring. Managing.

Using Single Item Recovery. some administrators may want to use recovery databases.Implementing Backup and Recovery 8-13 Question and Answers Demonstration: How to Recover Data by Using the Recovery Database Question: What is the difference between using Single Item Recovery and performing a restore by using the recovery database? Answer: The Single Item Recovery stores the items in the mailbox database on the Exchange server. A recovery database is stored on a secondary device that provides a cheaper way to store data. you can restore the items or mailboxes more quickly than you can by using a recovery database. because they performed mailbox restorations by using this method in previous Exchange Server versions. like a hard drive or tape drive. . so the data still occupies space in the Exchange Server database. However.

3.edb“ command to repair the recovered database. In the Recovery Wizard. In Windows Server Backup. and then press ENTER. On VAN-EX1. click Start.8-14 `Configuring. 9. 6. click Programs. type New-MailboxDatabase -Name “RecoverDB” -Server VAN-EX1 -EDBFilePath “c:\DBBackup\C_\Program Files\Microsoft\Exchange Server\V14\Mailbox\Accounting\Accounting.edb” -Logfolderpath . At the Exchange Management Shell prompt. click Microsoft Exchange Server 2010. click OK. Use the Get-MailboxStatistics -Database “RecoverDB” command to display the mailboxes in the recovery database.edb” -Logfolderpath “c:\DBBackup\C_\Program Files\Microsoft\Exchange Server\V14\Mailbox\Accounting” Recovery. click Start. This command creates the recovery database using the recovered Accounting database. At the Exchange Management Shell prompt. click Next. and then press ENTER. click Recover to another location. click Recover. click Browse. On the Select Recovery Type page. click Close. 2. On the Specify Recovery Options page. select Applications. on the Getting Started page. Managing. 5. 4. select This Server (VAN-EX1). and then click Next. click Local Disk (C:). At the Exchange Management Shell prompt. 11. enter DBBackup. and then click Next. and then click Windows Server Backup. 2. and Troubleshooting Microsoft® Exchange Server 2010 Detailed Demo Steps Demonstration: How to Recover Data by Using the Recovery Database Demonstration steps 1. type New-MailboxDatabase -Name “RecoverDB” -Server VAN-EX1 -EDBFilePath “c:\DBBackup\C_\Program Files\Microsoft\Exchange Server\V14\Mailbox\Accounting\Accounting. click Make New Folder. click Programs. expand Computer. and then press ENTER. Use Windows Server Backup to restore the Exchange Server databases to C:\DBBackup. 8. and then click Exchange Management Shell. 4. On VAN-EX1. 3. Demonstration steps 1. 10. on the Actions pane. 7. 6. Use the eseutil /p “c:\dbbackup\c_\Program Files\Microsoft\Exchange Server\v14\Mailbox\Accounting\Accounting. click Recover. On the Select Application page. Close Windows Server Backup. and then click Next. On the Select Backup Date page. 5. type Mount-Database “RecoverDB”. On the Confirmation page. select Exchange. At the Exchange Management Shell prompt. On the Recovery Progress page. click Administrative Tools. and then click Next. type Restore-Mailbox -Identity MichiyoSato RecoveryDatabase RecoverDB.

At the Exchange Management Shell prompt. type Y. 18. In the Warning dialog box. type Restore-Mailbox -Identity MichiyoSato RecoveryDatabase RecoverDB. and then press ENTER.Implementing Backup and Recovery 8-15 “c:\DBBackup\C_\Program Files\Microsoft\Exchange Server\V14\Mailbox\Accounting” Recovery. and then press ENTER. At the Exchange Management Shell prompt. 16. type Mount-Database “RecoverDB”. At the Exchange Management Shell prompt. click OK. 12. 14. This cmdlet displays all mailboxes within the recovery database. type the command and press ENTER cd “c:\Program Files\Microsoft\Exchange Server\v14\bin” 13. and then press ENTER. 17. .edb“. 15. At the Confirm prompt. At the Exchange Management Shell prompt. and then press ENTER. and then press ENTER. type the command and press ENTER eseutil /p “c:\dbbackup\c_\Program Files\Microsoft\Exchange Server\v14\Mailbox\Accounting\Accounting. At the Exchange Management Shell prompt. type Get-MailboxStatistics -Database “RecoverDB”.

Try always to perform a full backup of your Exchange Server databases if you use a VSS-aware backup solution. as you are already experienced and familiar with it. . Best practices related to backup and restore Supplement or modify the following best practices for your own work situations: • • • Utilize your existing backup solution for Exchange Server backups. and Troubleshooting Microsoft® Exchange Server 2010 Module Reviews and Takeaways Review questions 1. This guarantees that you have an additional backup of your database available. and then access the mailbox to recover items. from the traditional Windows Server Backup to a backup-less environment that uses multiple database copies and a lagged database. create one more database copy on cheap hard drives at a different site. What options does Exchange Server 2010 include for restoring a single item from a mailbox? You can use hold policy and the Deleted Items folder to restore items from a mailbox. This reduces the time you need to recover the database to its most current state.8-16 `Configuring. Alternatively. 2. What kind of backup options for Exchange Server 2010 do you find suitable for your organization? Exchange Server 2010 provides you with various options for backing up your Exchange Server environment. you can restore the database to a restore database. Common issues related to recovering messages Identify the causes for the following common issues related to recovering messages. You should try to restore a database regularly. as a practice session. For answers. Managing. If you plan to follow the backup-less method. refer to relevant lessons in the module. and fill in the troubleshooting tips. Issue Recover single mailbox items quickly Restore fails when it is urgent Troubleshooting tip Try using Multi-Mailbox Search before you recover a database. and verify that your backups work as you expect.

you need to use a recovery database to restore the mailbox. However. Question: Which Exchange Server 2010 technology would you use to create a database backup at a remote site? You can use DAGs to create a database backup at a remote site. You can recover a deleted mailbox using deleted mailbox retention. Question: What is dial-tone recovery? Dial-tone recovery is the process that enables you to implement access to e-mail without restoring data after a disaster. . if the deleted mailbox is older than your deleted mailbox-retention setting. Question: What is VSS? VSS is a snapshot-based backup system.Implementing Backup and Recovery 8-17 Lab Review Questions and Answers Question: What backup options can you use to recover a single mailbox? You can use hold policy and the Deleted Items folder to restore items from a mailbox.

Configuring Messaging Policy and Compliance 9-1 Module 9 Configuring Messaging Policy and Compliance Contents: Lesson 1: Introducing Messaging Policy and Compliance Lesson 2: Configuring Transport Rules Lesson 3: Configuring Journaling and Multi-Mailbox Search Lesson 4: Configuring Messaging Records Management Lesson 5: Configuring Personal Archives Module Reviews and Takeaways Lab Review Questions and Answers 2 4 12 17 23 27 29 .

9-2 Configuring. and Troubleshooting Microsoft® Exchange Server 2010 Lesson 1 Introducing Messaging Policy and Compliance Contents: Question and Answers 3 . Managing.

Question: How are you currently meeting these compliance requirements? Answer: Answers will vary. but have not been able to enforce the rules except through conducting audits. If organizations have deployed Microsoft Exchange Server 2007. the organization might want to add legal disclaimers to outgoing communications or require that certain messages require an intellectual property disclosure disclaimer. Some examples of legislation restricting how organizations manage information include: • United States: • • • • • Sarbanes-Oxley Act of 2002 (SOX) Gramm-Leach-Bliley Act (Financial Modernization Act) Health Insurance Portability and Accountability Act of 1996 (HIPAA) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA Patriot Act) Canada: • The Personal Information Protection and Electronic Documents Act • Australia: • Federal Privacy Act • Europe: • European Union Data Protection Directive (EUDPD) • Japan: • Japan’s Personal Information Protection Act Question: What additional compliance requirements does your organization have? Answer: Organizations might have additional requirements for managing e-mail. Quite a few organizations have implemented some type of archiving solution. The organization also might have message-retention requirements that mandate that certain messages be retained and others deleted after a specified time. Many organizations have written policies regarding messaging compliance.Configuring Messaging Policy and Compliance 9-3 Question and Answers Discussion: Compliance Requirements Question: What type of business does your organization conduct? What are some legislated compliance requirements for your organization? Answer: Answers will vary depending on the business the organization conducts. For example. . they might have taken advantage of some of its messaging compliance features.

9-4 Configuring. and Troubleshooting Microsoft® Exchange Server 2010 Lesson 2 Configuring Transport Rules Contents: Question and Answers Detailed Demo Steps 5 6 . Managing.

First. In previous versions. many students may not have considered this option. Does your organization have AD RMS deployed? Are you planning to deploy AD RMS? Answers will vary. Secondly. . Not many organizations have deployed AD RMS. the AD RMS Prelicensing Agent will make the AD RMS integration easier to use for mobile clients. The organizations that have deployed it tend to have stringent requirements for managing access to content. and then ask them to consider if moderated transport would be the best option for enabling the restrictions. Demonstration: How to Configure AD RMS Integration Question. the user had to apply the protection. by using transport rules. How will Exchange Server 2010 make it easier to deploy AD RMS? The Exchange Server 2010 features overcome two important limitations of previous AD RMS deployments.Configuring Messaging Policy and Compliance 9-5 Question and Answers Demonstration: How to Configure Transport Rules Question: What transport policies will you need to implement in your organization? Answer: Answers will vary. Because this is a new feature in Exchange Server 2010. Ask them to describe scenarios where they need to restrict who can send to a recipient. Question. Transport rules provide many different options to restrict message flow and modify messages as they pass through the Hub Transport servers. you can apply AD RMS even if users have chosen not to do so. where would you use it? Answer: Answers will vary. Demonstration: How to Configure Moderated Transport Question: Will you deploy moderated transport in your organization? If so.

Under Organization Configuration. 3. Open the Exchange Management Console. Condition: Choose sent to users that are inside the organization. Send a message from one internal user to another with the string 111-111-111 in the message body. 4.</font></b> </body> </html> 3. create a new transport rule with the following configuration: • • • • Name: Type Company Disclaimer HTML. click New Transport Rule. In the Actions pane. Under Organization Configuration. Verify that the HTML disclaimer is attached. open the Exchange Management Console. and Troubleshooting Microsoft® Exchange Server 2010 Detailed Demo Steps Demonstration: How to Configure Transport Rules Demonstration steps 1.9-6 Configuring. . On VAN-EX1. click Hub Transport. the \d pattern string matches any single numeric digit. Demonstration steps 1. Disclaimer text: Type the following: <html> <body> <br>&nbsp</br> <br>&nbsp</br> <b><font color=red>This e-mail and attachments are intended for the individual or group addressed. 5. Managing. For detailed information about configuring regular expressions in a transport rule. Verify that the sender receives a non-delivery report (NDR).7. in the Hub Transport node. You can use a variety of pattern strings to search the message contents for a consistent pattern. 2. see the topic “Regular Expressions in Transport Rules” in Exchange Online Help. or \w to represent any letter or decimal digit. For example. you can use \s to represent a space. Note: In a regular expression. 2. 6. Action: Choose append disclaimer text and fallback to action if unable to apply.1“ -RejectMessageReasonText “This message has been rejected because of content restrictions“ To test the transport rules: • • Send a message from one internal user to another. Type the following cmdlet: New-TransportRule -Name “Social Insurance Number Block Rule“ SubjectOrBodyMatchesPatterns “\d\d\d-\d\d\d-\d\d\d“ RejectMessageEnhancedStatusCode “5. Open the Exchange Management Shell.

Under Step 2. 12.</font></b> </body> </html> 10. click Finish. and then click New to create the new HTML disclaimer.adatum. ensuring that you press ENTER at the end of each line: <html> <body> <br>&nbsp</br> <br>&nbsp</br> <b><font color=red>This e-mail and attachments are intended for the individual or group addressed. On the Actions page. 16. and then click Next. Verify that Enable Rule is selected. 8. Verify that the message from Luca Dellamore includes the HTML disclaimer. and then create a message with the following properties: • • • To: Administrator Subject: Disclaimer Test Content: Testing the HTML disclaimer 17. 14. Log on to Microsoft Outlook Web App as Adatum\Administrator with a password of Pa$$w0rd. 7. 5. On the Introduction page. create a new message with the following properties: • To: Administrator . On VAN-EX1. click the disclaimer text link. Click Next. 6. open the Exchange Management Shell. and then click Next. type the following text. On VAN-CL1. under Step 1. On the Completion page. Click New. in the Name field.1" -RejectMessageReasonText "This message has been rejected because of content restrictions" 15. 18. and then open Office Outlook 2007. select append disclaimer text and fallback to action if unable to apply. type Company Disclaimer HTML. open Windows® Internet Explorer®. and then click Next. In the Specify disclaimer text box. switch to VAN-CL1. type the following cmdlet. At the PS prompt. 9.Configuring Messaging Policy and Compliance 9-7 4. 21. and then press ENTER: New-TransportRule -Name "Social Insurance Number Block Rule" SubjectOrBodyMatchesPatterns "\d\d\d-\d\d\d-\d\d\d" RejectMessageEnhancedStatusCode "5.com/owa. 20. select send to users that are inside or outside the organization. Click OK. and connect to https://VANEX1. On VAN-EX1. 11. Send the message. 13. To test the transport rules. Click OK. under Step 1. 19. On the Conditions page.7. or partners.

Send the message. This cmdlet enables AD RMS encryption on the Hub Transport server: set-irmconfiguration – InternalLicensingEnabled:$true. On VAN-DC1. 23. Restart the IIS. verify that the message now contains the Do Not Forward header. Verify that you do not have permission to forward the message. 11. Managing. In the Exchange Management console. Open Outlook 2007 and create a new message for an internal recipient. click the Permission icon. 7. Verify that the Do Not Forward template is applied to the message. . modify the permissions on the C:\inetpub\wwwroot\_wmcs\certification\servercertification. which applies the Do Not Forward AD RMS template for all messages sent between two specified users. log on as Luca using the password Pa$$w0rd. Send the message Log on as the message recipient. 9. and Troubleshooting Microsoft® Exchange Server 2010 • • Subject: Transport Rule Test Content: Testing the Social insurance number block rule. type the following cmdlet. On an Exchange server. 111-111-111 22.asmx file to grant Read and Execute access to the Exchange Servers group and the anonymous Internet Information Services (IIS) user account. open Outlook 2007. 6. 8. In the Message ribbon. and then log on using the user credentials. Wait while Luca’s credentials are prepared. To: Administrator. Create a new message with the following properties: • • • 1. Use the test-irmconfiguration cmdlet to test the IRM configuration. 12. 10. In the Permission dialog box. and press ENTER. Demonstration steps 1. select the Restrict permission to this document check box. Subject: Testing AD RMS integration Content: This is a protected e-mail. Verify that the user receives a NDR with the rejected message text that you configured. open the restricted message. 5. On VAN-CL1. In the Message ribbon. Send a message from one of the specified users to the other. at the PS prompt. create a new transport rule named AD RMS Test Rule. open Outlook 2007. 4. 2. log on as the mailbox user. Demonstration: How to Configure AD RMS Integration Demonstration steps 1. In the Windows Security dialog box. 2. When the message appears. In the Windows Security dialog box.9-8 Configuring. click the Permission icon. 2. 3.

10. Open Outlook 2007. Service Accounts. verify that the message now contains the Do Not Forward header. Wait for the service to restart. and then click Next. 20. Click Send. click the Security tab. and then click OK. click Luca Dellamore. 7. On VAN-EX1. 11. and then click OK. Close the message. Verify that Enable Rule is selected. 12. On the Introduction page. 22. type test-irmconfiguration –sender LucaDellamore@adatum. and then click OK twice. 23. Computers. Click Add. In the Permissions for Server Certification. 18. On VAN-EX1.Configuring Messaging Policy and Compliance 9-9 3. This cmdlet displays the default AD RMS integration configuration for the Exchange Server organization. On VAN-DC1. in the Exchange Management Console. 19. click the people link. 9. click Administrator. type IISReset. and then press ENTER.asmx dialog box. In the Enter the object names to select field. 8. click Object Types. In the Enter the object names to select field. On VAN-DC1. When the message opens. Click Next. click Add. click Hub Transport. type get-irmconfiguration. In the Actions pane. right-click servercertification. browse to C:\inetpub\wwwroot\_wmcs\certification. In the Select Users. 16. in the Name field. and then click OK twice. In the Server Certification. At the PS prompt. and then press ENTER. or Groups dialog box. Under Step 2. open a command prompt. click New Transport Rule. This cmdlet tests the AD RMS configuration. This cmdlet enables AD RMS encryption on the Hub Transport server. in the Exchange Management Shell. In the Specify recipients dialog box. Under Step 2. select from people. click Add. and then press ENTER. Click OK. and then log off. and then open the message from Luca Dellamore. type set-irmconfiguration –InternalLicensingEnabled:$true. click the people link. 5. When the message appears. Log on to VAN-CL1 as Adatum\Administrator using the password Pa$$w0rd. type Exchange Servers. In the Windows Security dialog box. On the Conditions page. verify that you do not have permission to forward the message. and then click Edit. In the Specify senders dialog box. 14. 4. close Outlook. log on as Administrator using a password of Pa$$w0rd. and then click Properties. 25. select sent to people. and then close the command prompt. 15. under Step 1. click Add. At the PS prompt. 21. under Step 1. type AD RMS Test Rule. On the Conditions page. open Windows Explorer. 26. under Organization Configuration. 17.asmx. and then click OK twice. and then press ENTER. 13. 6. select the Computers check box. type IIS_IUSRS. 24. .com.asmx Properties dialog box.

12. Managing. click Luca Dellamore. 30. 15. Send a message to the distribution group configured for moderation in the transport rule. double-click Message Moderation. Create a new transport rule that forwards any message sent to a distribution list for moderation. and then click New. In the middle pane. In the Message Moderation dialog box. In the Select RMS template dialog box. On VAN-CL1. On the Mail Flow Settings tab. Under Specify group moderators. right-click a distribution list. click Marketing. click Do Not Forward. under Step 1. 11. and then click Properties. You will need to authenticate again to open the message. On the Actions page. Approve both messages. On VAN-EX1. Choose a moderator for the rule. In the Select Recipient dialog box. 9. and then click OK three times. 18. ensure that you are logged on as Administrator. 29. On the Mail Flow Settings tab. Under Specify senders who don’t require message approval. In the middle pane. Click Finish. Open the mailbox of a moderator configured for both the distribution group and transport rule. double-click Message Moderation. In the Exchange Management Console. and then log on as Luca. Under Recipient Configuration. select rights protect message with RMS template. select the Messages sent to this group have to be approved by a moderator check box. 3. Log off VAN-CL1. 7. Demonstration steps 5. 16. Demonstration: How to Configure Moderated Transport Demonstration steps 1. 13. In the Message Moderation dialog box. open the Exchange Management Console. Create a new message with a subject of Transport Rule ADRMS test. Click Next twice. 33.9-10 Configuring. click Add. In the Select Recipient – Entire Forest dialog box. and then click OK. 17. and Troubleshooting Microsoft® Exchange Server 2010 27. 8. Open Outlook and verify that Luca received the message entitled “Transport Rule ADRMS test” and that the Do Not Forward template is protecting the message. click Add. Add the group moderators and add any users who do not require moderation to send to the group. 6. click the RMS Template link. and then click OK. 31. 28. and then click Properties. Under Step 2. and send it to Luca. select the Messages sent to this group have to be approved by a moderator check box. 14. click Distribution Group. 2. 32. 10. and then configure any exceptions that are required. right-click Marketing. Send a message to the distribution group configured for moderation. click Distribution Group. 4. . under Recipient Configuration.

45. 37. select sent to a member of distribution list. select ITAdmins. On VAN-CL1. click Luca Dellamore. type ITAdmins Group Moderation.Configuring Messaging Policy and Compliance 9-11 19. 41. and then click OK. 31. Under Step 2. Type a subject and a short message.Adatum. 21. . On the Completion page. 34. under Step 1. 27. 25. In the Specify sender distribution list window. open Outlook. 32. Under Conditions in Step 1. click Add. On the Introduction page. Click Next. click OK. click Hub Transport. In the To field. 22. and then click OK again. Type a subject and a short message. 35. click OK. 26. click New Transport Rule. select forward the message to addresses for moderation. and then click Next. 40. in the Name field. Close the message. click the distribution list link. 28. click the addresses link. click the distribution list link. In the Inbox. and then click OK again. click New. On the Exceptions page. 30. and then on the Vote menu. In the Select Mail Enabled Group window. Under Step 2. and then connect to https://VAN-EX1. Click Next. and then click Send. click Approve. Verify that Enable Rule is selected. verify that you are logged in as Luca. and then click Send. 23. 47. Click Next. type Marketing.com/owa. click OK. Under Step 2. select except when the message is from a member of distribution list. select ITAdmins. 33. click Add. In the Specify recipients window. Open Internet Explorer. Log on to Outlook Web App as Adatum\Administrator with a password of Pa$$w0rd. In the To field. click Approve. In the Specify recipient distribution group dialog box. Close the message. Double-click the first e-mail message. 42. 46. In the Inbox. In the Actions pane. click New. 20. Under Actions in Step 1. and then verify that there are two messages waiting for Luca’s approval. 38. 43. 48. and then on the Vote menu. Double-click the second e-mail message. click Add. 44. 29. In the Select Mail Enabled Group window. click Finish. type ITAdmins. and then click New. 24. 39. Under Organization Configuration. 36. In the Select Recipient User or Contact window.

and Troubleshooting Microsoft® Exchange Server 2010 Lesson 3 Configuring Journaling and Multi-Mailbox Search Contents: Question and Answers Detailed Demo Steps 13 14 . Managing.9-12 Configuring.

Exchange Server 2010 does not provide any automated tools for managing the journal mailbox. so you will need to implement a manual management process.Configuring Messaging Policy and Compliance 9-13 Question and Answers Demonstration: How to Configure Message Journaling Question: What are the advantages and disadvantages of using the Exchange Server 2010 message journaling feature? Answer: Answers will vary depending on what tool the organization has deployed. and you can filter journaling based on recipients rather than at a database level. Exchange Server 2010 journaling has one advantage--it enables you to specify any archival location for messages. However. .

9-14 Configuring. 16. In the Actions pane. 3. and then reply to the message. Log on to the journal recipient mailbox. 11. Specify a name for the rule. All messages that the recipient sends or receives are journaled. 7. click Executives. Send a test message to a journal recipient. On VAN-EX1. In the Select Recipient dialog box. click Hub Transport. 6. 9. and then connect to https://VANEX1. Confirm that the message from the Administrator arrived. and then click OK. 8. 2. click Browse. Reply to the message. Close Internet Explorer. Important: In this demonstration. Create a new journal rule. and then send it to Scott MacDonald. type Executives Message Journaling. The scope defines whether only internal or only external messages. choose a mailbox that you can dedicate as a journal mailbox. 5. Under Scope. 15. Managing. . Log on to the journal mailbox and confirm that the journal mailbox contains a journal report for both the sent message and the reply message. Beside Send Journal reports to e-mail address. 12. Open a new instance of Internet Explorer. In the Select Recipient dialog box. In a production environment. Scott is a member of the Executives group. Log on as Adatum\Administrator with a password of Pa$$w0rd. click Luca Dellamore. and then connect to https://VAN-EX1. and Troubleshooting Microsoft® Exchange Server 2010 Detailed Demo Steps Demonstration: How to Configure Message Journaling Demonstration steps 1. On the New Journaling Rule page.com/owa.adatum. Select the Journal messages for recipient check box. will be journaled. and a journal mailbox. or both.adatum. in the Rule name field. 14. you are choosing another user’s mailbox as the destination for the journaled messages. and then click Finish. On the New Journal Rule page. Specify the journal rule scope and recipients. Log on as Adatum\Scott with the password Pa$$w0rd. and then close Internet Explorer. 18. 4.com/owa. under Organization Configuration. Demonstration steps On VAN-EX1. click New Journal Rule to start the New Journal Rule wizard. 10. and then click OK. click Internal – internal messages only. A copy of all messages that the rule affects will be sent to the journal mailbox. Create a new message. 19. 17. click Hub Transport. click New. and then click Browse. under Organization Configuration. In Exchange Management Console. 13. in the Exchange Management Console. open Internet Explorer.

click Mailbox.Configuring Messaging Policy and Compliance 9-15 20.Adatum. 4. In Active Directory Users and Computers. In the To field. 10. 9. and then click Finish. On the Reporting tab. open Outlook. 20. 14. On VAN-EX1. In the Select what to manage drop-down list. click Add. ensure that My Organization is listed. click Discovery Search Mailbox. 21. and then click Send. In the Keywords box. In the recipient list. In the message box. add the user or group that will perform Discover searches to the Discovery Management group. 18. 5. type Manoj. 11. . click New. 23. type We’ve received the new ProjectX items in inventory. type New Inventory. and then in the Microsoft Exchange Security Groups organizational unit (OU). click Reporting. Demonstration steps On VAN-DC1. click New. Under Multi-Mailbox Search.com/ecp. 17. Review the messages located by the search. 16. and then click Manage Full Access Permission. 8. On VAN-CL1. Open Internet Explorer. and then press CTRL+K to resolve the names.. Open the e-mail indicating the search is finished. 2. 7. if required. verify that you are logged in as Luca. click OK. type Luca. double-click the Discovery Management group. and then confirm that the journal mailbox contains both a journal report for the message sent to Scott and the reply message. Send a message with a key word or phrase in it. Log on to the ECP as Adatum\Luca with a password of Pa$$w0rd. and then start the search. and then click OK twice. click Add. 6. type ProjectX. under Multi-Mailbox Search. In the Subject field. under Recipient Configuration. click Manage. 15. In the left pane.Wei. open Outlook. 3. 13. On the Manage Full Access Permission page. In the Discovery Management Properties dialog box. In the Inbox. configure the search parameters. Select the Send me an e-mail when the search is done check box. on the Members tab. and then connect to https://VAN-EX1. Demonstration: How to Configure Multi-Mailbox Search Demonstration steps 1. On VAN-CL1. 19. and then click the Discovery Search Mailbox link. 22. click Luca Dellamore. open Active Directory Users and Computers. 12. in Exchange Management Console. Connect to the Exchange Control Panel on a Client Access server using the account that will perform the search. You will be searching on this key word or phrase.

9-16

Configuring, Managing, and Troubleshooting Microsoft® Exchange Server 2010

24. Expand Mailboxes to Search. 25. Under Select the mailboxes to search, click Add. In the Select Mailbox window, click Manoj Syamala, and then click Add. Click Luca Dellamore, and then click Add. Click Wei Yu, click Add, and then click OK. 26. Expand Search Name and Storage Location. 27. In the Search name field, type ProjectX Discovery. 28. Next to Select a mailbox in which to store the search results, click Browse. 29. In the Select Mailbox window, click Discovery Search Mailbox, and then click OK. 30. Click Save. Wait until the search status changes to Succeeded. 31. In the Internet Explorer window, in the top right corner, click My Mail. 32. In the top right corner, click Luca Dellamore, and then in the Select mailbox field, type Discovery. Click Open twice. In the Outlook Web App window, click OK. 33. In the Navigation pane, notice the new discovery folder named ProjectX Discovery. Expand the ProjectX Discovery folder. 34. Note the three folders created that correspond to the mailboxes added to the search criteria. 35. Expand Luca Dellamore, expand Primary Mailbox, and then expand Sent Items. Verify that the e-mail was discovered using the search criteria. 36. Expand Manoj Syamala, expand Primary Mailbox, and then expand Inbox. 37. Close Outlook Web App and Outlook.

Configuring Messaging Policy and Compliance

9-17

Lesson 4

Configuring Messaging Records Management
Contents:
Question and Answers Detailed Demo Steps 18 19

9-18

Configuring, Managing, and Troubleshooting Microsoft® Exchange Server 2010

Question and Answers
Demonstration: How to Configure Retention Tags and Policies
Question: Do you think you will implement retention policies? Answer: Answers will vary. Many organizations do not have specific e-mail retention requirements, so they are unlikely to implement retention policies. Other organizations may choose to use retention policies as a way to help users manage the contents of their mailboxes. Question: Which MRM option are you more likely to implement: managed custom or default folders, or retention policies? Answer: Answers will vary. Organizations that are using MRM to manage project-related messages may be more likely to use managed custom folders. Organizations are more likely to use retention policies if the goal is automating the process of tagging e-mail.

Configuring Messaging Policy and Compliance

9-19

Detailed Demo Steps
Demonstration: How to Configure Retention Tags and Policies
Demonstration steps
Use the following cmdlets to configure Retention Tags and policies: New-RetentionPolicyTag DefaultTag -Type:All -MessageClass AllMailboxContent RetentionEnabled $true -AgeLimitForRetention 365 -RetentionAction PermanentlyDelete – isprimary:$true This cmdlet creates a new default Retention Policy Tag that applies to all folders named DefaultTag. The retention policy content settings will apply to all messages that do not have another Retention Tag assigned to them, and will permanently delete all messages after 365 days. New-RetentionPolicyTag InboxTag -Type:Inbox -MessageClass:* AgeLimitForRetention:30 -RetentionEnable:$True -RetentionAction:MovetoDeletedItems This cmdlet sets a Retention Tag for the Inbox folder and configures a content setting to move all messages to the Deleted Items folder after 30 days. New-RetentionPolicyTag “Business Critical“ -Type:Personal -MessageClass:* AgeLimitForRetention:1100 -RetentionEnable:$True -RetentionAction:MoveToArchive This cmdlet creates a Personal Tag named Business Critical that sets a retention period of about three years and moves the messages to the user archive mailbox when the retention period expires. New-RetentionPolicy AllTagsPolicy RetentionPolicyTagLinks:DefaultTag,InboxTag,“Business Critical This cmdlet creates a new retention policy named AllTagsPolicy, and adds all of the Retention Tags to the policy. Set-Mailbox Luca -RetentionPolicy AllTagsPolicy

Demonstration steps
1. 2. On VAN-EX1, if required, open the Exchange Management Shell. At the PS prompt, type the following, and press ENTER: New-RetentionPolicyTag DefaultTag -Type:All -MessageClass AllMailboxContent RetentionEnabled $true -AgeLimitForRetention 365 -RetentionAction PermanentlyDelete – isprimary:$true 3. At the PS prompt, type the following, and then press ENTER: New-RetentionPolicyTag InboxTag -Type:Inbox -MessageClass:* AgeLimitForRetention:30 -RetentionEnable:$True -RetentionAction:MovetoDeletedItems 4. At the PS prompt, type the following, and then press ENTER: New-RetentionPolicyTag “Business Critical“ -Type:Personal -MessageClass:* AgeLimitForRetention:1100 -RetentionEnable:$True -RetentionAction:MoveToArchive 5. At the PS prompt, type the following, and then press ENTER:

and then press ENTER. 8. In the Actions pane. type the following. and connect to https://van-ex1. Right-click the message and review the options under the Retention Policy and Archive Policy menu items. Demonstration: How to Implement Managed Custom Folders and Content Settings Demonstration steps 1. Restart the Microsoft Exchange Mailbox Assistants service. and Troubleshooting Microsoft® Exchange Server 2010 New-RetentionPolicy AllTagsPolicy RetentionPolicyTagLinks:DefaultTag. and then in the reading pane. 6.9-20 Configuring. 2. In the Exchange Management Console. Create a new managed custom folder using the following configuration: • • 3. 11. 12. Name: Contoso Project Comment: All items related to Contoso Project should be posted here and will be retained for 2 years Right-click the Contoso Project folder. and then create a new managed folder mailbox policy named Accounting Department Policy that includes the Contoso Project folder. On the Mailbox server properties. .“Business Critical“ 6. in the Organization Configuration work area. Log on as Adatum\Andreas using a password of Pa$$w0rd. Read the confirmation statement. point out the expiration time for the message. Open Internet Explorer. Click a message in the Inbox. Managing. At the PS prompt. Assign the Accounting Department Policy to all users in the Accounting OU.com/owa. click Mailbox. 5. 7. and then press ENTER: Set-Mailbox Andreas -RetentionPolicy AllTagsPolicy 7. click New Managed Folder Mailbox Policy.adatum. type the following. schedule the Managed Folder Assistant to run during the current time. and then create a new managed content setting with the following configuration: • • • • • • Name: Contoso Project Content Settings Message type: All Mailbox Content Length of retention period: 731 Retention period starts: When item is moved to the folder Action to take at the end of the retention period: Permanently delete Journaling: Disabled 4.InboxTag. 10. and then press ENTER: Start-ManagedFolderAssistant -Mailbox Andreas 9. At the PS prompt.

5. On the Introduction page. The managed content setting is linked to the managed custom folder. . On the Completion page. click New. On the Introduction page. 9. or a third-party archiving application. In the Message type list. click Mailbox. On the Managed Default Folders tab. in the Name field. In the Actions pane. 6. and then click Finish. 13.Configuring Messaging Policy and Compliance 9-21 8. In the Retention period starts list. You also can configure the retention period to start when the message is delivered to the user mailbox. and then click Next. On the VAN-EX1 computer. Click Cancel. Select the Do not allow users to minimize this comment in Outlook check box. Select the Length of retention period (days) check box. and then click Finish. expand Contoso Project. In the Display the following comment when the folder is viewed in Outlook text box. 10. right-click Inbox. type All items related to Contoso Project should be posted here and will be retained for 2 years. review the summary. 19. On the Journaling page. review the completion report. 8. You can apply the same content settings to any default folders. select the Forward copies to check box. click When item is moved to the folder. and then click Browse. On the New Managed Custom Folder page. Right-click the Contoso Project folder. 16. In the Action to take at the end of the retention period list. You also can assign content settings to any default folders. in the Name of the managed content settings to be displayed in the Exchange Management Console box. type Contoso Project. 17. including a custom recipient with an SMTP address referring to a SharePoint document library. 12. and then click New. 15. Clear the Forward copies to check box. 14. Verify that the Contoso Project folder was created in the user’s mailbox. Use Outlook Web App to check the mailbox of an Accounting department member. in the Organization Configuration work area. 2. On the Managed Custom Folders tab. 4. and then click the New Managed Content Settings option. On the New Managed Content Settings page. and then click Yes. Note: After creating the managed custom folder. 18. 3. and then type 731 in the text box. click Next. 11. click Permanently delete. Notice that you can send a copy of the message to any valid recipient. Demonstration steps 1. you can assign content settings to it. You also can configure the message to move to another managed custom folder or to be deleted with the option to recover the message. ensure that All Mailbox Content is selected. 7. click New Managed Custom Folder to start the New Managed Custom Folder wizard. and then click New Managed Content Settings. in the Exchange Management Console. type Contoso Project Content Settings. Click Cancel.

On the New Mailbox Policy page. and you do not want to delete unread e-mail messages. 32. click Messaging Records Management. In the Specify the managed folders that you want to link to this policy section. 35. Log on as Adatum\Parna with a password of Pa$$w0rd. 28. 29. On the Mailbox Settings tab. 34. and then click Properties. In the Exchange Management Console. Parna is a member of the Accounting department. and then click Properties. Select the Managed folder mailbox policy check box. select the times from Monday 6:00 A. 37. and then connect to https://VAN-EX1. 30. 24. and Troubleshooting Microsoft® Exchange Server 2010 20. Point out the Entire Mailbox item on the Managed Default Folders tab. and then restart the Microsoft Exchange Mailbox Assistants service.M. Open the Services console from the Administrative Tools menu.adatum. right-click. On the Messaging Records Management tab. to Friday 6:00 P. 25. Notice that you can add additional managed folders to the policy. In the Results pane. click the Recipient Configuration node. open Internet Explorer. Expand Managed Folders. and then click Browse. When you apply the retention hold. enable a retention hold for the user mailbox. Close the Services console. click Use Custom Schedule. right-click VAN-EX1. and then click Mailbox. This is useful if a user is on vacation or on extended leave. 23. In the Server Configuration work area. Close Internet Explorer. and then click Yes at the Microsoft Exchange confirmations. and then click OK twice. In the Results pane. In the Actions pane.com/owa.. click the Organization Unit heading to sort the mailbox list by OU. click Add. click Contoso Project. click New Managed Folder Mailbox Policy to start the New Managed Folder Mailbox Policy wizard. in the Managed folder mailbox policy name box. and then click Customize. click OK. On VAN-EX1. click New. If you apply content settings to this item. type Accounting Department Policy. and then click Properties. in the Schedule the Managed Folder Assistant list. click Mailbox. and point out the comment describing the folder that is displayed in the top-right pane. 31. On the Microsoft Office Outlook Web App page. and confirm that the Contoso Project folder has been created in the user mailbox. Click OK three times. and then click OK. and then click Finish. In the Schedule dialog box. Select all of the mailboxes in the Accounting OU.M. 26. . Managing. 21. and then click OK. 36. On the New Mailbox Policy page. 22. In the Messaging Records Management dialog box. In the Select Managed Folder dialog box. 33.9-22 Configuring. Click Accounting Department Policy. Click the folder. Exchange Server does not apply the retention settings for the user mailbox folders during the time you specify. 27. the settings are applied to all default folders in the user mailboxes.

Configuring Messaging Policy and Compliance 9-23 Lesson 5 Configuring Personal Archives Contents: Question and Answers Detailed Demo Steps 24 26 .

If students have implemented a third-party archiving tool.9-24 Configuring. Organizations with limited storage space for the Exchange servers are not likely to implement Personal Archives because of the significant increase in database size that this requires. and these organizations may have an urgent requirement to manage those PST files more effectively. Almost all archive solutions have two other features: • • They enable using cheaper storage for archived messages They retain a stub of the archived message in the user mailbox so that the user can access archived messages. and Troubleshooting Microsoft® Exchange Server 2010 Question and Answers Discussion: Options for Implementing Mailbox Archiving Question: Do you have any archiving or journaling requirements in your organization? Answer: Answers will vary. With this model. Managing. Question: What are the benefits and disadvantages of the Personal Archives feature? Answer: Benefits include: • • You can enable it per mailbox Provides users with easy access and searching of archived content . Some archive messages by using an agent to scan mailbox contents and messages are archived based on predefined criteria. For example. ask them to describe how the archiving tools works and what types of functionality the tool provides. PST files store a great deal of critical information. Previous Exchange Server versions only enabled journaling at the mailbox store level. Demonstration: How to Configure Personal Archives Question: Will you implement Personal Archives in Exchange Server 2010? Answer: Answers will vary. There are three primary architectures for archiving products: • • • Some archive messages immediately as they are sent to or from an Exchange server. where all messages sent and received from that store were archived. you should be prepared to describe how most archiving products work. Some archive solutions integrate with Exchange Server 2007 or Exchange Server 2010 journaling. If none of the students currently uses an archiving product. the archive product monitors the journal mailbox and archives messages from the journal mailbox. In some organizations. an organization may require that messages with business-transaction information be archived for several years. Question: How are you currently meeting these requirements? Answer :Most organizations that have implemented an archiving solution do so using third-party applications. Many organizations have requirements for archiving certain messages.

slower storage .Configuring Messaging Policy and Compliance 9-25 • Requires very little user training because the UI is familiar to the users Disadvantages include: • • Significantly increases the storage requirements for the organization Does not provide the option of moving the archive mailbox to cheaper.

and then click Properties. verify that you are logged on as Luca. Log on as Adatum\Luca with a password of Pa$$w0rd. Demonstration steps 1. Review the ArchiveName and ArchiveQuota settings. in the Exchange Management Console. Open Internet Explorer. type get-mailbox Luca | FL. 5. Click Cancel. In the Exchange Management Shell. Review the ArchiveName and ArchiveQuota settings. Managing. but can see it through Outlook Web App. 6. click Recipient Management. Verify that you cannot view the archive mailbox in Outlook 2007. in the Exchange Management Console. Verify that the archive mailbox is visible through Outlook Web App. and then verify that you do not see the archive mailbox. Use the get-mailbox cmdlet to view the mailbox settings. and then click Mailbox. and then click Yes. On the mailbox properties. review the archive quota settings. .9-26 Configuring.com/owa. and Troubleshooting Microsoft® Exchange Server 2010 Detailed Demo Steps Demonstration: How to Configure Personal Archives Demonstration steps 1. Right-click Luca Dellamore. On VAN-EX1. Notice that you can configure a mailbox quota for the archive mailbox. click Recipient Management. 2. and then connect to https://VAN-EX1. On the Mailbox Settings tab. click Enable Archive. Right-click a mailbox. and then click Properties. 3. On VAN-EX1. and then click Mailbox. and then click Enable Archive. 4. On VAN-CL1. 7. open Outlook. 4. 2. Right-click Luca Dellamore. click Archive Quota. and then press ENTER. 5. 3.adatum.

You only want copies of messages sent to the distribution group. . Ensure that when you implement a transport rule that might affect message delivery. To avoid this. Transport rules that use regular expressions are not applied consistently Message recipients report that they are receiving error messages when they receive digitally signed messages from other users in the organization.Configuring Messaging Policy and Compliance 9-27 Module Reviews and Takeaways Review questions 1. and then create a managed folder mailbox policy for all users who are working on the project. you would do this with a bounce message. Then you need to show the user how to use the ECP to perform mailbox searches. Identify the causes for the following common issues related and fill in the troubleshooting tips. Users in your organization use both Outlook 2007 and Outlook 2010. What should you do? What user training will you need to provide? Add the user to the Discovery Manager security group in AD DS or Active Directory. Issue Troubleshooting tip If you are using a transport rule to check for information such as customer identification numbers or some other regular pattern of characters. You need to ensure that a copy of all messages sent to a particular distribution group is saved. you might also want to add the pattern without dashes to the rule. any digital signature attached to the message will be invalid and users will get an error message when they open the message. refer to relevant lessons in the module. For example. This will give the user the required permissions. You need to ensure that a user can search all Exchange Server organization mailboxes for specific content. If you set up a journaling rule. all messages sent to members of the distribution group also will be saved. as these are not accessible in Outlook 2007. Because users are using Outlook 2007 and Outlook 2010. If you have a transport rule in place that modifies the message content. What should you configure? Configure a transport rule that sends a copy of all messages to a mailbox. 2. ensure that your rule also checks for variations on the regular pattern. Common issues related to implementing messaging policies. configure the content settings for the folder. if the customer identification number usually has dashes. you cannot use Retention Tags. What should you do? Configure a custom managed folder. users report that some of the messages they send to Internet recipients are not delivered and they do not receive notification of why the messages were not delivered. 3. For answers. Normally. not copies of all messages sent to individual members of the group. After you implement a transport rule. consider instructing users to add a disclaimer to all messages as part of their signature. and remove the transport rule. You need to ensure that all messages related to a particular project are retained for three years. you configure an action in the transport rule that informs the user if the message cannot be delivered.

2. users outside the organization cannot read the messages. users outside the organization will not have an account in the organization’s forest. Ltd. and then to delete messages from the mailboxes after they have been backed up. and then provide it to all clients. users report that when they protect e-mail messages. This means that users are unable to send AD RMS-protected e-mail to external users. be sure to test all messaging policies thoroughly. What should A. Because of this. Implement messaging policies only after extensive testing in a lab environment. some messaging policies may have unintended consequences. export the classification file on the server. Datum Corporation has deployed an AD RMS server. If this is a requirement and the other organization also runs AD RMS. and implement the policies in the production environment incrementally. they will need to investigate options to store the messages elsewhere. you can integrate the AD RMS environments. Planning messaging policies always involves discussions with legal and compliance personnel who may not understand how you can use Exchange Server to enforce messaging policies. you could potentially delete messages that should be retained. What should the messaging administrators at Woodgrove Bank do? If the organization does not have the capacity to retain the messages in the journaling mailboxes. The mailboxes used for journaling are growing rapidly. but they notice that the custom classification is not available on the Outlook 2007 clients in the organization. Be prepared to explain what Exchange Server can and cannot do in terms that people who are not messaging experts can understand. These messages need to be available to auditors for seven years. If you configure messaging policies incorrectly. 3. Additionally. Woodgrove Bank has implemented message journaling for all messages sent to and from the legal and compliance teams. and Troubleshooting Microsoft® Exchange Server 2010 Real-world issues and scenarios 1.9-28 Configuring. have implemented a custom message classification on the Exchange servers.. One of the easiest ways to manage this is to ensure that the journal mailboxes are backed up regularly. The Exchange Server administrators at Contoso. What do they need to do? To make the custom message classification available on the client. Datum messaging administrators do? To read AD RMS-protected e-mails. it is critical that you start thinking about this issue now in order to implement the policies and configurations that will meet your organizations legal requirements. and users are using it to protect e-mail. users must have an account in the Active Directory forest. Best practices related to a particular technology area in this module Supplement or modify the following best practices for your own work situations: • Implementing messaging policies in Exchange Server 2010 can be complicated and the optimal configuration will be different in every organization. However. However. Managing. or disrupt message delivery. In most cases. • • . You also need to configure a registry setting on each client that points them to the classification file. The organization could also consider using a SharePoint site as the message journal location.

but you can use Group Policy to prevent users from using PST files with Outlook. Another option would be to use an account with Discovery Management permissions to search an Executive mailbox for all messages sent and received during a specified time. What other option do you have for implementing this type of disclaimer? You could configure the transport rule on an Edge Transport server. Question: How can you ensure that users move their PST files in to their archive mailbox? It is difficult to ensure that users are moving their PST files into the archive mailboxes. If you tell users that you are applying this policy. they are more likely to move the PST file into the archive mailbox.Configuring Messaging Policy and Compliance 9-29 Lab Review Questions and Answers Lab A: Configuring Transport Rules and Journal Rules and Multi-Mailbox Search Question: In this lab. . Lab B: Configuring Messaging Records Management and Personal Archives Question: Which of the following two approaches is better for ensuring that you retain a copy of specific e-mail messages: journaling rules or retention policies? Use journaling rules to ensure that you retain a copy of specific e-mail messages. and configure it to apply the disclaimer to all messages as they are sent from the organization. Users can bypass retention policies easily by deleting the messages. Question: How can you verify that the Executives journal rule that you enabled in this lab is working properly? One option for verifying that the rule is working is to send a message to a group member and verify that the message appears in the journal mailbox. you implemented a transport rule that added a disclaimer to all messages sent to users outside the organization. You then could validate that a copy of each message is in the journal mailbox.

Securing Microsoft® Exchange Server 2010 10-1 Module 10 Securing Microsoft® Exchange Server 2010 Contents: Lesson 1: Configuring Role Based Access Control Lesson 2: Configuring Security for Server Roles in Exchange Server 2010 Lesson 3: Configuring Secure Internet Access Module Reviews and Takeaways Lab Review Questions and Answers 2 7 9 13 15 .

10-2

Configuring, Managing, and Troubleshooting Microsoft® Exchange Server 2010

Lesson 1

Configuring Role Based Access Control
Contents:
Question and Answers Detailed Demo Steps 3 4

Securing Microsoft® Exchange Server 2010

10-3

Question and Answers
What Is Role Based Access Control?
Question: What requirements does your organization have for assigning Exchange Server permissions? Does your organization use a centralized or decentralized administration model? What special permissions will you need to configure? Answer: Answers will vary. In most organizations, a central team of Exchange Server administrators likely will maintain full control of the Exchange Server environment, while another team may need permissions to create mailboxes. Other organizations may have complicated administrative scenarios in which different groups need many different permission levels.

Demonstration: Configuring Custom Role Groups
Question: Will you implement custom management roles in your organization? If so, how will you configure the management roles? Answer: Answers will vary. Most organizations probably do not need custom management roles. Large organizations that have complicated administrative processes may require several custom management roles.

Working with Management Role Assignment Policies
Question: How will you configure role assignment policies in your organization? Answer: Answers will vary, but for most organizations, the default configuration should suffice. Organizations normally change the default configuration only when there is a specific requirement to change how users interact with their mailboxes.

10-4

Configuring, Managing, and Troubleshooting Microsoft® Exchange Server 2010

Detailed Demo Steps
Demonstration: Managing Permissions Using the Built-In Role Groups
Demonstration steps
1. 2. 3. 4. 5. 6. 7. In Active Directory Users and Computers, add a user or security group to the Recipient Management group. Log on to an Exchange server using the delegated user account. Open the Exchange Management Console and the Exchange Management Shell. Verify that the user has read access to the Exchange Server organization configuration. Verify that the user cannot modify the settings on the Mailbox databases. Verify that the user can modify the settings for mailboxes and distribution groups. Verify that the user account has permission to move mailboxes to another server. In the Exchange Management Shell, use the get-exchangeserver | FL cmdlet to verify that the user has Read permission to the Exchange server information. Use the Set-User cmdlet to verify that user has permission to modify the Active Directory account.

Demonstration steps
1. 2. 3. 4. 5. 6. 7. On VAN-EX1, open Active Directory Users and Computers. Expand Adatum.com, click Microsoft Exchange Security Groups, and then double-click Recipient Management. On the Members tab, click Add. In the Enter the object names to select field, type Conor, and then press OK twice. On VAN-EX2, ensure that you are logged on as Conor. Open the Exchange Management Console and the Exchange Management Shell. In the Exchange Management Console, expand Microsoft Exchange On-Premises, expand Organization Configuration. Point out that Conor has Read access to the Exchange Server organization configuration because the Recipient Management group has been granted implicit Read permission to the organization. Click Mailbox, and in the Results pane, verify that you do not have sufficient permissions to view the data. Expand Recipient Configuration, click Mailbox, and then double-click Axel Delgado.

8. 9.

10. In the Axel Delgado Properties dialog box, click the Organization tab, verify that you can modify the user properties, and then click OK. 11. Right-click Axel Delgado, and then click New Local Move Request. 12. On the Introduction page, click Browse. In the Select Mailbox Database dialog box, click Mailbox Database 1, click OK, click Next two times, click New, and then click Finish. Note: If you get an error that no MRS servers are available, verify that the Microsoft

Securing Microsoft® Exchange Server 2010

10-5

Exchange Mailbox Replication service is running on both VAN-EX1 and VAN-EX2. 13. In the Exchange Management Shell, type get-exchangeserver | FL, and then press ENTER. The user account has Read permission to the Exchange server information. 14. At the PS prompt, type Set-User Axel -Title Manager, and then press ENTER. Verify that Conor has permission to modify the Active Directory account. 15. Log off VAN-EX2.

Demonstration: Configuring Custom Role Groups
Demonstration steps
1. 2. 3. 4. 5. 6. 7. 8. 9. On VAN-EX1, open the Exchange Management Shell. Create a new management scope that will limit the tasks that can be performed by using the following command: New-ManagementScope –Name MarketingMailboxes –recipientroot “adatum.com/Marketing“ -RecipientRestrictionFilter {RecipientType -eq “UserMailbox“} Create a new management role group that uses the custom management scope by using the following command: New-RoleGroup –Name MarketingAdmins –roles “Mail Recipients”, “Mail Recipient Creation “ -CustomRecipientWriteScope MarketingMailboxes Add a user to the management role group by using the following command: Add-rolegroupmember –id MarketingAdmins –member Andreas In Active Directory Users and Computers, verify that the group has been created in the Microsoft Exchange Security Groups OU and that the user has been added to the group. Open the Exchange Management Console as the delegated user account. Verify that the user can modify mailboxes and create new mailboxes only in the Marketing OU.

Demonstration steps
1. 2. 3. 4. 5. 6. 7. 8. 9. On VAN-EX1, open the Exchange Management Shell. At the PS prompt, type the following command, and then press ENTER. New-ManagementScope –Name MarketingMailboxes –recipientroot “adatum.com/Marketing“ -RecipientRestrictionFilter {RecipientType -eq “UserMailbox“} Create a new management role group that uses the custom management scope by using the following command: New-RoleGroup –Name MarketingAdmins –roles “Mail Recipients”, “Mail Recipient Creation “ -CustomRecipientWriteScope MarketingMailboxes In the Exchange Management Shell, type the following command, and then press ENTER: Add-rolegroupmember –id MarketingAdmins –member Andreas On VAN-EX1, open Active Directory Users and Computers. Click Microsoft Exchange Security Groups and verify that the MarketingAdmins group was created and that Andreas is a member of the group.

log on as Adatum\Andreas using a password of Pa$$w0rd. Open the Exchange Management Console. Managing. 11. Click New Mailbox. On VAN-EX2. modify one of the properties. expand Microsoft Exchange On-Premises. click the Organization tab. Verify that the change is saved. Click New Mailbox. 13. 12. and Troubleshooting Microsoft® Exchange Server 2010 10. and then double-click Axel Delgado. In the Axel Delgado Properties dialog box. In the Exchange Management Console. modify one of the properties. Create a new mailbox in the default Users container. 18. Verify that the change is not saved. 15. In the Manoj Syamala Properties dialog box. click the Organization tab. 16. and then expand Recipient Configuration. Verify that the user cannot create mailboxes in the Users container. Create a new mailbox in the Marketing OU. .10-6 Configuring. and then click OK. and then click OK. Double-click Manoj Syamala. 17. 14. Click Mailbox. Verify that the user can create mailboxes in the Marketing OU.

Securing Microsoft® Exchange Server 2010 10-7 Lesson 2 Configuring Security for Server Roles in Exchange Server 2010 Contents: Question and Answers 8 .

. or when users access attachments through Microsoft Outlook® Web App from unsecure client computers. Compromised user credential. either when user credentials are submitted in clear text or are captured on an unsecure kiosk. including: • • • • • Malicious e-mail. Question: What risks are the most serious? Answer: The most serious threat to most Exchange Server organizations relates to malicious e-mails. but students should mention threats. new types of malicious software still pose a serious threat. SMTP-based attacks on Simple Mail Transfer Protocol (SMTP) servers that your organization exposes to the Internet. Managing.10-8 Configuring. more-serious threat in most organizations. Compromised data. such as viruses and phishing e-mails. and Troubleshooting Microsoft® Exchange Server 2010 Question and Answers Discussion: What Are the Exchange Server Security Risks? Question: What security risks do you need to protect against when deploying Exchange Server? Answer: Answers will vary. this poses an additional. Web-based attacks on Client Access servers. Additionally. such as when mobile devices are lost or stolen. Although most organizations now use excellent anti-virus and antiphishing applications. such as kiosks. when users access e-mail from unsecure mobile clients or public computers.

Securing Microsoft® Exchange Server 2010 10-9 Lesson 3 Configuring Secure Internet Access Contents: Question and Answers Detailed Demo Steps 10 11 .

. Managing. and Troubleshooting Microsoft® Exchange Server 2010 Question and Answers Demonstration: Configuring Threat Management Gateway for Outlook Web Access Question: Has your company deployed a reverse proxy? If so. Other companies have deployed hardware-based reverse proxies. but the process for configuring the settings may be very different. Most of the reverse proxies provide the same functionality. Many companies have deployed Internet Security and Acceleration (ISA) Server 2006 and are using it to secure messaging client connections.10-10 Configuring. what kind? How does your reverse proxy compare to the TMG? Answer: Answers will vary.

4. Configure the rule with the following settings: • • • • • • 3.Adatum. ensure that Use SSL to connect the published Web server or server farm is configured. create an Exchange Server publishing rule by using the New Exchange Publishing Rule Wizard. select the Outlook Web Access check box. 5. click Basic authentication. finish the wizard. . Expand Forefront TMG. In the Firewall Policy node.com Public Name Details page: mail. On the Authentication Delegation page. When you configure this option. click Exchange Server 2010. click Next. On the Firewall Policy Tasks pane. click Publish Exchange Web Client Access. click Microsoft Forefront TMG.Adatum. Name: OWA Access Rule Exchange version: Exchange Server 2010 Service: Outlook Web App Server Connection Security: Use SSL to connect the published Web server or server farm Internal site name: VAN-EX1. On VAN-TMG. and then click Next. click Start. and then click Next.com Create a new Web Listener with the following settings: • • • • • • Name: HTTP Listener Client Connection Security: Do not require SSL secure connections from clients Web Listener IP Addresses: External Authentication Settings: HTML Form Authentication Single Sign-On (SSO) Settings: Enabled SSO domain name: ADatum. On the Welcome to the New Exchange Publishing Rule Wizard page. 3. the TMG server re-encrypts all network traffic sent to the Client Access server. 6. and then apply the changes. in the Exchange version list. 2. point to All Programs. Accept the default User Sets configuration.Securing Microsoft® Exchange Server 2010 10-11 Detailed Demo Steps Demonstration: Configuring Threat Management Gateway for Outlook Web Access Demonstration steps 1. and then click Forefront TMG Management. 7. on the Tasks tab. On the Server Connection Security page. Demonstration steps 1. 5. type OWA Access Rule. On VAN-TMG. and then click Firewall Policy. On the Select Services page. On the Publishing Type page. open the Forefront TMG Management console. 2.com 4. and then click Next.

the server is not configured with a server certificate. type mail. and then click OK three times. 11. Click Apply twice to apply the changes.com. Click OK. click New. click Do not require SSL secure connections from clients. click Advanced. type HTTP Listener. . 22. 9. 19. and then click Next. On the Welcome to the New Web Listener Wizard page. click Finish. and then click Next. you always should use the option to Require SSL secured connections with clients. 20. in the Internal site name text box. and then click Next. On the Completing the New Exchange Publishing Rule Wizard page. type VANEX1. On the Internal Publishing Details page. select the External check box. 10. Important: In a production environment. 12. accept the default. In the Public name box. accept the default of Basic authentication. and then on the Authentication tab. and then click Next. 21. click Next. accept the default of HTML Form Authentication. In this demonstration.10-12 Configuring. 15. and then click Next. Web listeners are configuration objects on the TMG server that define how the server accepts client connections. and then click OK once the changes are applied. and then click Next.com as the SSO domain name. On the Authentication Settings page.Adatum. 18. so HTTPS connections are not possible. type Adatum. Select the Allow client authentication over HTTP check box. and then click Next. On the Client Connection Security page. On the Authentication Delegation page. On the User Sets page. 16. and Troubleshooting Microsoft® Exchange Server 2010 8. On the Web Listener IP Addresses page. On the Select Web Listener page. Managing. and then click Finish.com. Click Edit. and then click Next. in the Web Listener drop-down list. ensure that This domain name (type below) is configured in the Accept requests for drop-down list. On the Public Name Details page. 13. On the Single Sign On Settings page. 17. 14. click Next.Adatum. On the Select Web Listener page.

Your organization has deployed Forefront TMG. You need to ensure that remote users can access the Client Access server inside the organization by using cellular mobile clients. you may need to create a custom role group. What should you do? In most cases. Clients cannot connect to the published sites. Verify that the reverse proxy can connect to the virtual directories on the Client Access server. You should configure a Hub Transport server Receive Connector. . Users in your organization are using POP3 clients from the Internet. Common issues related to configuring Exchange server publishing rules on a reverse proxy Identify the causes for the following common issues related to configuring Exchange Server publishing rules on a reverse proxy. 2. Clients cannot connect to the published sites. you need to ensure that the configuration is correct for certificates on both the reverse proxy and the Client Access server. and they receive certificate errors. Troubleshooting tip Normally. and they receive internal server errors. Normally. These users report that they can receive. these errors occur when the reverse proxy cannot connect to the internal site. For answers. refer to relevant lessons in the module. What should you do? You will need to configure an Exchange ActiveSync publishing rule in TMG that enables access to the required virtual directories on the Client Access server. you can accomplish this by just adding the members of the Human Resources department to the Recipient Management role group in AD DS or Active Directory. and they receive site-not-found errors. this type is error displays when there is a problem connecting to the reverse proxy from the Internet. When configuring a reverse proxy to use SSL bridging.Securing Microsoft® Exchange Server 2010 10-13 Module Reviews and Takeaways Review questions 1. If the Recipient Management role group has more permissions than necessary. What should you do? You will need to provide the users with a SMTP server that they can use to send e-mail. and fill in the troubleshooting tips. Check information such as whether the certificates are trusted and whether the names the certificates use match the names that the clients use when connecting to the site. Issue Clients cannot connect to the published sites. e-mail. 3. Verify that DNS name resolution is working correctly and that the external firewall is not blocking access to the reverse proxy. You need to enable members of the Human Resources department to configure user mailboxes for the entire organization. but not send.

Best practices related to configuring Exchange server permissions Supplement or modify the following best practices for your own work situations: • When you configure permissions in the Exchange Server organization. you enabled anonymous relaying for all users. ensure that users have the minimal permissions required for them to perform their tasks. and enable authenticated relaying on a Hub Transport server. • • . use the built-in role groups to assign permission in the Exchange Server organization. You will need to disable message relaying on the Edge Transport server. The organization is concerned about the cost of acquiring multiple certificates to enable access. Whenever possible. and Troubleshooting Microsoft® Exchange Server 2010 Real-world issues and scenarios 1. If users are unable to perform required tasks. Add only highly trusted users to the Organization Management role group. What should you do? When you configured the Edge Transport server to relay messages for IMAP4 users. or if they are performing tasks to which they should not have access. Your organization has configured an SMTP Receive connector on an Edge Transport server to enable IMAP4 users to relay messages. you should be able to identify the reason by referring to your documentation. Managing. or too few. What should you do? You need to enable all of the members of the ServerAdmins group to run remote Windows PowerShell™ cmdlets. you discover that your Edge Transport server is being used to relay spam to other organizations. permissions. All the members of the ServerAdmins group report that they receive errors when they start the Exchange Management Console. but also wants to ensure that users do not receive certificate related errors. 2. Your organization is planning to deploy Forefront TMG to enable access to a Client Access server from the Internet. You then can use the same certificate on the Client Access server. as it has full control of the entire organization. or use a certificate from a private CA on the Client Access server. You can request a certificate with multiple SANs or use a wildcard certificate to ensure that the one certificate can be used for all client connections.10-14 Configuring. Creating custom role groups with customized permissions is more complicated and may lead to users having too many. You have added the ServerAdmins group in your organization to the Exchange Server 2010 Server Management group in AD DS or Active Directory. However. 3. Ensure that you document all permissions that you assign in the Exchange Server organization. What should you do? To ensure that users do not receive certificate errors. you will need to purchase a certificate from a public CA.

You also need to configure a server-publishing rule to publish a SMTP server on a Hub Transport server. Question: How would the TMG configuration in the lab change if you were enabling access for an IMAP4 client? You would need to configure a server-publishing rule to publish the IMAP4 protocol on the Client Access server.Securing Microsoft® Exchange Server 2010 10-15 Lab Review Questions and Answers Question: In the lab. How did you limit the types of tasks the delegated administrators could perform and on what objects they could perform the tasks? You limited the types of tasks the delegated administrators could perform by removing some of the management role entries assigned to the OrganizationAdministrators management role. You limited what objects the delegated administrators could manage by limiting the management role scope to only specific Exchange Server cmdlets. . you configured Exchange Server permissions by using a custom role.

Maintaining Microsoft Exchange Server 2010 11-1 Module 11 Maintaining Microsoft Exchange Server 2010 Contents: Lesson 1: Monitoring Exchange Server 2010 Lesson 2: Maintaining Exchange Server 2010 Lesson 3: Troubleshooting Exchange Server 2010 Module Reviews and Takeaways Lab Review Questions and Answers 2 4 7 9 11 .

Managing. and Troubleshooting Microsoft® Exchange Server 2010 Lesson 1 Monitoring Exchange Server 2010 Contents: Question and Answers 3 .11-2 Configuring.

Maintaining Microsoft Exchange Server 2010 11-3 Question and Answers Collecting Performance Data for the Mailbox Server Question: If any of these performance counters measured outside its normal range. Collecting Performance Data for the Client Access Server Question: If any of these performance counters measured outside its normal range. Collecting Performance Data for the Hub Transport and Edge Transport Servers Question: If any of these performance counters measured outside its normal range. whether the client is Microsoft Office Outlook® Live or the full Microsoft Office Outlook client. what is the most likely cause? Answer: Most of the measurements that are outside the normal range result from slow response from Outlook Live. . or the Autodiscover service. what is the most likely cause? Answer: Slow client response will cause most of the mailbox performance-counter data to be outside the normal range. Exchange Web Services. Outlook clients. what is the most likely cause? Answer: Slow e-mail delivery will result in many of the transport counters being outside the normal range. Internet Message Access Protocol (IMAP) Post Office Protocol (POP) clients.

and Troubleshooting Microsoft® Exchange Server 2010 Lesson 2 Maintaining Exchange Server 2010 Contents: Question and Answers 5 . Managing.11-4 Configuring.

you should document and evaluate the changes that you make when you repair the service to ensure that there are no negative effects on other services. Discussion: What Are Software Updates? Question: What is the difference between a hotfix and an update? Answer: A hotfix is a limited-release fix for a specific problem. change management is even more critical. so mistakes are not made. Question: Are there some situations where change management is more important? Answer: Change management is important in all situations. and can gauge the impact on their systems and staff. However. if required. • • Question: Are there situations in which you cannot follow the normal change process? Yes. To receive a hotfix. for those changes that are likely to affect many users or high-profile users. such as software for a backup server. Students from smaller organizations may not have a formal process. it is not realistic to document and approve a detailed plan to solve the problem. Formalizing the change process ensures that it is consistent. such as a messaging system. there are emergencies in which services are broken. and you cannot follow the full change management process. As an IT professional. Changes to mission-critical software. However. For example. Not every alternative is considered. customers must have a support agreement with Microsoft. but these are typically larger organizations. You can improve recovery times from change problems by including a formal back-out plan as part of the change management process. using the change management process can help deflect blame in situations where there are problems during a change. if a critical service is down. Question: What are the benefits of having a formal change management process? Answer: Benefits include: • • • • Other organizational stakeholders are aware of changes. However. also tend to be more critical than changes to noncritical software. Changes without a formal review often are thought out poorly. The first priority is repairing the failed service. there should be an emergency change process in place to handle those situations. Some organizations have a formal change management process.Maintaining Microsoft Exchange Server 2010 11-5 Question and Answers Discussion: What Is Change Management? Question: How does your organization address change management? Answer: Answers will vary. to prevent unintended consequences. and cannot redistribute the hotfix outside of their . and allows time for additional planning. Multiple changes are coordinated to ensure that they do not conflict. Change management provides additional reviews.

11-6 Configuring. Exchange servers often are externally-facing. and can include security fixes. and Troubleshooting Microsoft® Exchange Server 2010 organizations. Managing. that may change functionality. . Question: Why should your organization deploy software updates? Answer: For security updates specifically. These rollups contain numerous changes that have been regression-tested together. but should address common problems. it is essential to apply the latest software updates. Microsoft packages periodic Exchange Server security and nonsecurity updates into “update rollups”. You should test these rollups thoroughly and apply them to ensure the Exchange servers work optimally. An update is a broadly released fix for a specific problem. and are at risk of being compromised by unfixed security problems.

Maintaining Microsoft Exchange Server 2010 11-7 Lesson 3 Troubleshooting Exchange Server 2010 Contents: Question and Answers 8 .

and review possible solutions. Discussion: Troubleshooting Message Transport Servers Question: Users are reporting non-deliverable and slow-to-deliver outbound e-mail. 2. Rank solutions by ease of resolution and impact to complete. . What process can you use to troubleshoot the problem? Answer: Answers may vary. 7. Review logs. Rank causes by probability. 4. Review logs for any involved Client Access servers. Use the Mail Flow Troubleshooter. Rank causes by probability. and review possible solutions. Rank causes by probability. Review the probable causes of the problem. 5. Rank solutions by their ease of resolution and impact to complete. message tracking system. The following is one suggested answer: 1. Discussion: Troubleshooting Client Access Servers Question: Outlook users can no longer connect to the system. Review the probable causes of the problem. Identify which users are experiencing the problem. and run the Database Troubleshooter tool. Rank solutions by ease of resolution and impact to complete. 6. Managing. 3. 3. and when the problem started. What process can you use to troubleshoot the problem? Answer: Answers may vary. The following is one suggested answer: 1. The following is one suggested answer: 1. What process can you use to troubleshoot the problem? Answer: Answers may vary.11-8 Configuring. and Telnet to pinpoint the problem. Try the most probable and easily implemented resolutions until you resolve the problem. Try the most probable and easily implemented resolutions until you resolve the problem. and Troubleshooting Microsoft® Exchange Server 2010 Question and Answers Discussion: Troubleshooting Mailbox Servers Question: A database has gone offline. 5. and when the problem began. Identify those databases that have the problem. 6. Routing Log Viewer. 4. Run the Exchange Best Practices Analyzer. Try the most obvious and easily implemented resolutions until you resolve the problem. 5. 4. 2. Queue Viewer. and review possible solutions. 6. Identify which users are experiencing the problem. 2. 3. Review the probable causes of the problem.

and check for changes in mailbox usage on the servers. 2. Issue Outbound e-mail messages are queuing on the Hub Transport server. What should you do? Use the Mail Flow Troubleshooter and the Queue Viewer to review the queued messages and the status of the queues. What issue should you address first? First. It has caused several memory thresholds to exceed recommended issues. After reviewing the trend information retrieved from the monitoring system. or add additional processing capabilities to the current server. and fill in the troubleshooting tips. Real-world issues and scenarios 1. A company has recently experienced growth because of a popular new product. such as network connectivity and DNS name resolution. A database has gone offline. When there is not enough available memory. it is likely that you will find a connection between the multiple reported problems. To solve the problem. As always. 2. add memory to the server. refer to relevant lessons in the module. What is the best way to address the situation? . What should you do? Determine which processes are using up the additional processor time. Multiple sources are simultaneously reporting different problems. take each report seriously and try to gather as much objective information about the problem as possible. A number of impatient users have mailboxes stored in the offline database. Only then will you reach a suitable and objective solution. Users are reporting issues with sending e-mail to a remote domain. you noticed that the processor usage for one of the four Mailbox servers is higher than average. you may be able to move mailboxes to other Mailbox servers. and the organization needs to troubleshoot the problem. Common issues related to troubleshooting Exchange server problems Identify the causes for the following common issues related to troubleshooting Exchange server problems. Although there might be multiple issues. as well as the average read-latency threshold for the logical disk that stores the page file. Troubleshooting tip Always start with the most common problem causes. What should the company invest in to ensure that it can support continued growth? To control downtime and constant changes that are required to keep the company growing. Users are reporting slowness or other subjective problems.Maintaining Microsoft Exchange Server 2010 11-9 Module Reviews and Takeaways Review questions 1. The company has had numerous Mail server outages and downtime due to undocumented changes. You need to determine the problem and then resolve it. Recent organizational growth has resulted in two issues. 3. the company should adopt a change management process. Gather as much information as possible about each of the reported problems. For answers. which can lead to an increased amount of input/output (I/O) on the disk where the page file is stored. memory is paged out to the page file.

11-10 Configuring. and Troubleshooting Microsoft® Exchange Server 2010 Follow a proven troubleshooting technique. This way you get into a habit of making good decisions and finding the answers quickly. An Exchange Server service pack was recently released. Stressful situations make it even more important to stick to a proven methodology. Ask a lot of questions about the problem before starting to troubleshoot. • . Managing. 3. Testing should include functionality and compatibility testing with the company’s systems. If you have not properly defined the problem. you cannot properly target your troubleshooting steps. Best practices related to troubleshooting Exchange server problems Supplement or modify the following best practices for your own work situations: • • Follow the same steps each time you troubleshoot a problem. What should you do before scheduling the deployment? Thoroughly test and document the deployment and server backup. Be diligent about separating facts about the issue from feelings or other subjective information. and the company has decided to deploy it. A single person’s subjective observation could cause you to troubleshoot the wrong problem and delay resolution of the actual issue.

The Best Practices Analyzer is best used when troubleshooting intermittent errors.Maintaining Microsoft Exchange Server 2010 11-11 Lab Review Questions and Answers Question: Was the Exchange Best Practices Analyzer helpful in troubleshooting the database error? When might using Exchange Best Practices Analyzer be a better fit? Exchange Best Practices Analyzer did not help you identify database errors. the Exchange Management Console instructs you to restart IIS so that the new configuration options can be applied. Question: Why do you need to run IISReset after reconfiguring Outlook Web App? After making the configuration change. . and proactively to ensure best practices are being applied. configuration errors.

and Troubleshooting Microsoft® Exchange Server 2010 R-1 Resources Contents: Microsoft Learning Technet and MSDN Content Communities 2 3 4 . Managing.Configuring.

send e-mail to support@mscourseware. • Microsoft Learning Describes the training options available through Microsoft — face-to-face or self-paced • Microsoft Certification Program Details how to become a Microsoft Certified Professional.R-2 Configuring. and Troubleshooting Microsoft® Exchange Server 2010 Microsoft Learning This section describes various Microsoft Learning programs and offerings. Managing. and more • Microsoft Learning Support • • To provide comments or feedback about the course.com.com . Microsoft Certified Database Administrators. send e-mail to mcphelp@microsoft. To ask about the Microsoft Certification Program (MCP).

and Troubleshooting Microsoft® Exchange Server 2010 R-3 Technet and MSDN Content This section includes content from Microsoft TechNet that provides in-depth discussion on technical topics related to this course. Managing. • • • • • • • • • • • • • • • • • Active Directory Logical Structure and Data Storage Planning Active Directory Topologies: Overview Business Productivity Online Microsoft Support Policies and Recommendations for Exchange Servers in Hardware Virtualization Environments Understanding the Active Directory Logical Model Understanding Active Directory Site Topology Overview Microsoft Exchange Analyzers Microsoft Script Repository Automatically configure Office Outlook 2007 user accounts System Center Mobile Device Manager TechCenter Protecting Your Microsoft Exchange Organization with Microsoft Forefront Protection 2010 for Exchange Server Forefront Protection 2010 for Exchange Server Best Practices .Configuring.Deployment considerations Microsoft’s Antivirus Defense-in-Depth Guide White Paper: Domain Security in Exchange 2007 Further information about VSS This section includes content from MSDN related to this course. • • Autodiscover Response Cmdlet verb names .

R-4 Configuring. SharePoint) Guidance . and Troubleshooting Microsoft® Exchange Server 2010 Communities This section includes content from Communities for this course. • • • • • • • • • • • Guidance on Active Directory design for Exchange Server 2007 Migrate to Microsoft Online Services Windows Server Virtualization Validation Program Recipient Management in Exchange 2007 – Overview How to Create and configure a meeting room mailbox with Exchange Server 2007 Microsoft Exchange Server Remote Connectivity Anaylzer Sample: How to add root certificates to Windows Mobile 2003 and Windows Mobile 2002 Smartphones Additional Character Sets Additional references High availability white paper Updated Exchange Public Folder (vs. Managing.

Unfortunately. Reporting Errors When providing feedback. We review every e-mail received and forward the information on to the appropriate team.Configuring. Managing. When you provide comments or report bugs. Courseware Feedback Send all courseware feedback to support@mscourseware. Note Not all training products will have a Knowledge Base article – if that is the case. and Troubleshooting Microsoft® Exchange Server 2010 R-5 Send Us Your Feedback You can search the Microsoft Knowledge Base for known issues at Microsoft Help and Support before submitting feedback. include the training product name and number in the subject line of your email.com. please include the following: • • • Document or CD part number Page number or location Complete description of the error or suggested change Please provide any details that are necessary to help us verify the issue. . or the course title. but only those that are validated are added to the product Knowledge Base article. Important All errors and suggestions are evaluated. please ask your instructor whether or not there are existing error log entries. We truly appreciate your time and effort. because of volume. Search using either the course number and revision. we are unable to provide a response but we may use your feedback to improve your future experience with Microsoft Learning products.

Sign up to vote on this title
UsefulNot useful