What is Exchange 2003 Forestprep? Exchange 2003 Forestprep extends the AD schema to include Exchange specific information.

What is Exchange 2003 Domainprep? Exchange 2003 Domainprep creates the groups and permissions necessary for Exchange servers to read and modify user attributes.

What is a DC? A DC is a Windows 2000 or 2003 Domain Controller that holds active directory partitions for a domain (used for things like user authentication).

What is a GC? A GC is a Global Catalog Server. A GC holds a full set of attributes for the domain in which it resides and a subset of attributes for all objects in the Active Directory Forest.

What is DDNS and why do I need it? Dynamic DNS (described in RFC 2136) allows servers to dynamically update and create records in DNS. Dynamic DNS is used by the Exchange server to create server records and other entries used by the Exchange Servers for things like message routing. In a simple Exchange organization, DDNS is not strictly necessary, but makes administration much easier.

What is a border server? A border server is an Exchange server that communicates with external servers. In a single server organization, your server is by default a border server. In a multiserver configuration, you may have one or more dedicated servers that communicate directly or indirectly with foreign servers and then pass the mail to other internal Exchange servers.

What is a mixed mode Exchange environment? An Exchange environment which contains Exchange 2003 or Exchange 2000 and Exchange 5.5 servers.

How does an Exchange 5.5 site compare to an Exchange 2003 Routing Group or Administrative Group? In a mixed mode Exchange environment the Exchange 2003 Administrative Group and Routing Group correspond to the Exchange 5.5 site. In a native Exchange 2000 environment, the Administrative Group is a group of Exchange objects sharing a common set of permissions and routing groups define how those servers

communicate with one another. A single Administrative Group can contain several Routing Groups. Example: Your North American Exchange servers might be grouped in a single Administrative Group, but subdivided into several Routing Groups to optimize interserver communication. An Administrative Group contains zero or more Routing Groups.

Where's the Instant Messaging Server? The Exchange Instant Messaging Service is being replaced by the Microsoft Office Real–Time Communications (RTC) server. It is no longer a component of the Exchange Server. For more information, see

What is OMA? Outlook Mobile Access and Exchange Server ActiveSync features, formerly found in Microsoft Mobile Information Server 2002, are now built-in with all Exchange Server 2003 Standard installations. Complementing the Outlook 2003 and Outlook Web Access mobile improvements, Outlook Mobile Access and Exchange Server ActiveSync help enable secure corporate e-mail on a range of mobile devices including browser-based mobile phones, Microsoft Windows Powered Pocket PC, and Microsoft Windows Powered Smartphone devices. Adding this functionality to the core Exchange Server 2003 product reduces the need to deploy additional mobile server products in the corporate environment, thus lowering the total cost of ownership.

Why should I go to Exchange 2003 now? There are several reasons. A few are:


Opportunity for Server Consolidation from Exchange 5.5 and Exchange 2000 because you can get more mailboxes on an Exchange 2003 Server. 2. Better security features. The server is secure by default and has added things like automatic logoff for an inactive OWA session, Connection filtering, and has more junk mail features like real-time blacklists. 3. Availability enhancements such as End-to-End Outlook Monitoring, Improvements in ESM, Mailbox Recovery Center, and a Recovery Storage Group. 4. Increase in Mobile device support for Pocket PC’s, Pocket PC Phones and Microsoft Windows®–powered Smartphones.


What are the differences between Exchange 2000 and Exchange 2003? Some features that are new in Exchange 2003 are: Volume Shadow Copy Service for Database Backups/Recovery Mailbox Recovery Center Recovery Storage Group Front-end and back-end Kerberos authentication Distribution lists are restricted to authenticated users Real-time Safe and Block lists Inbound recipient filtering Attachment blocking in Microsoft Office Outlook Web Access HTTP access from Outlook 2003 cHTML browser support (i-Mode phones) xHTML (Wireless Application Protocol [WAP] 2.0) browser support Queues are centralized on a per-server basis Move log files and queue data using Exchange System Manager Multiple Mailbox Move tool Dynamic distribution lists 1,700 Exchange-specific events using Microsoft Operations Manager (requires Microsoft Operations Manager) • Deployment and migration tools
• • • • • • • • • • • • • • • •

What is the difference between Exchange 2003 Standard and Exchange 2003 Enterprise editions? Standard Edition
• • • •

16 GB database limit One mailbox store One public folder store NEW: Server can act as a front-end (post-Beta 2)

Enterprise Edition
• • •

Clustering Up to 20 databases per server X.400 Connectors

Both Editions support features such as: Database snapshot OMA and ActiveSync AirMAPI Recovery Storage Group Exchange Management Pack for MOM Note: It is not possible to in-place upgrade Exchange 2000 Enterprise Edition to Exchange 2003 Standard Edition.
• • • • • •

What’s the difference between Exchange 2003 and Windows 2003?

Windows Server 2003 provides significant enhanced functionality that Exchange 2003 takes advantage of: Outlook HTTP access IIS 6.0 and Windows RPC Proxy service in Windows Server 2003 enable communication between Outlook 2003 and Exchange Server 2003 by means of HTTP. Outlook 2003 users can synchronize directly with the server running Exchange Server 2003 over a HTTP or HTTPS connection. Internet protocol support IIS 6.0 provides Exchange with its support for many common Internet access protocols that increase the flexibility of the operating system, such as HTTP, Post Office Protocol version 3 (POP3), Internet Message Access Protocol version 4 (IMAP4), and Simple Mail Transfer Protocol (SMTP). Active Directory Windows provides Active Directory, upon which Exchange depends for user information, mail routing information, user authentication, and LDAP read and write functions. Support for clustering Exchange Server 2003 provides better support for clustering, which enables high availability of a company’s infrastructure. Customers can choose to run up to 8node clusters, with at least one passive node, when running Exchange 2003 on Windows Server 2003, Enterprise Edition. (In Windows 2000 Advanced Server, clustering was limited to two nodes, one active and one passive; if a company chose to run Windows 2000 Datacenter Server, clustering was limited to four nodes.) Volume Shadow Copy service This and Virtual Disk Service are part of a storage framework that provides heterogeneous interoperation of storage hardware, storage software, and applications. Exchange 2003 writes to the Volume Shadow Copy service on Windows Server 2003, reducing dramatically the backup and restore times for Exchange messaging environments. This enables IT departments to support greater numbers of users per server and reduces the total number of servers running Exchange in their environment. SETUP/UPGRADE 01 How can I merge multiple directories to create a unified Exchange organization? Microsoft's Meta-Directory Services (MMS) HP's LDAP Directory Synchronization Utility
• •

CPS Systems' SimpleSync ADSI (code, code code)


Can I upgrade from the evaluation edition of Exchange 2003 Enterprise Server to the RTM standard version of Exchange 2003 Server? No this is technically a downgrade from enterprise to standard. You can only upgrade the evaluation version of Exchange 2003 Enterprise to Exchange 2003 Enterprise RTM. 03 How can you tell how many days remain until the evaluation copy of Exchange 2000 Server expires? The Exchange Server Setup Progress Log includes the date on which the Exchange server was installed. Take the difference between that date and today's date and subtract it from 120 to determine how many days remain in your evaluation. 04 My evaluation version has expired! Are my databases toast? No. Install a full version of Exchange 2000 Enterprise and you can continue to use your existing databases. 05 I plan to run Exchange in a hosted environment, where can I find information on how to configure my Exchange server to host multiple companies 06 What happened to the M: drive? The EXIFS (M: drive) feature has been disabled by default. If the feature is still needed, it can be assigned to an available drive letter with a registry setting. 07 Can Exchange 5.5 or Exchange 2000 run on Windows 2003? NO. Windows 2003 uses IIS 6.0, which has been re-engineered to keep up with best practices and industry standards. Windows 2003 has an IIS 5.0 compatibility mode; however, it is not compatible with Exchange 5.5 or Exchange 2000. Therefore, neither Exchange Systems are compatible with Windows 2003. 08 Can I run Exchange 2000 with an AD infrastructure with Windows 2003 DC's? YES, all exchange versions will run in an AD 2003 environment. Exchange 2000 will benefit from some of the new features in AD 2003 and Exchange 5.5 has an ADC specifically for an Exchange 5.5/ AD 2003 environment. If AD 2000 is upgraded to AD 2003, the ADC will need to be upgraded also.* 09 Can I upgrade Exchange 2003 Beta 2 to RTM? NO. Microsoft will not support any deployment of Beta 2 into a production environment. Their official position is, “Exchange 2003 Beta 2 should not be deployed in a production environment. You can deploy Exchange 2003 Beta 2 in a test environment only. 10

Can I upgrade Exchange 5.5 in place to Exchange 2003? NO. In place upgrades to Exchange 2003 must already be Exchange 2000 SP3 and Windows 2000 SP3 or later. The only upgrade paths from 5.5 to 2003 are; an in place upgrade to Exchange 2000 then an in place upgrade to Exchange 2003 or the leap frog migration which requires another server. 11 How should I upgrade from Exchange 5.5 to Exchange 2003? Since Exchange 5.5 can not be upgraded in place, The Active Directory should be upgraded to AD 2003, setup the new ADC and then install a new Exchange 2003 server. Then move users from 5.5 to 2003. 12 Where's the Instant Messaging Server? The Exchange Instant Messaging Service is being replaced by the Microsoft Office Real–Time Communications (RTC) server. It is no longer a component of the Exchange Server. 13 What are the Supported FE/BE scenarios? (i.e. E2003 FE with E2k BE etc.) It is not sufficient to simply upgrade front-end servers to Exchange 2003 for users to get the new interface. You must upgrade back-end servers to Exchange 2003 as well Interface matrix Ex2000 Ex2003 Ex2000 Ex2003 FE FE FE FE + + + + Ex2000 Ex2000 Ex2003 Ex2003 BE BE BE BE = = = = Ex2000 OWA Ex2000 OWA Not supported (AG protected) Ex2003 OWA

Ability to Reply and Forward to Messages and Posts in Public Folders is only enabled when the client is using a front-end server. Forms-based authentication (FBA) is functional for deployments where the FE is Exchange 2003, but the mailbox is still on Exchange 2000. However, session timeouts are handled much better if the BE are also Exchange 2003 14 What do I need to get RPC over HTTP working? Client Outlook 2003, Windows XP with Service Pack 1 + Q331320 Server-side
• • • • •

Exchange 2003 on Windows 2003 for FE (if FE is deployed) Exchange 2003 on Windows 2003 for BE Exchange 2003 on Windows 2003 for Public Folders Exchange 2003 on Windows 2003 for System Folders Windows 2003 for Global Catalog server

When used with the Microsoft Windows Server 2003 RPC Proxy Service and Exchange 2003, Outlook 2003 clients can connect simply using HTTP or HTTPS,

thereby reducing the need for virtual private networks (VPNs) or dial-up remote access. If remote users only need to gain access to corporate messaging information, your IT department may not need to deploy VPN infrastructure. VPNless access reduces costs and provides for increased security by ensuring that remote Outlook users don’t need access to the entire network. 15 What do I need in order to install Exchange 2003? A partial list includes: DNS (preferably DDNS) Active Directory 2000 or 2003 Permissions to update the Schema Hardware sufficient to run Exchange 2003 Windows 2000 SP3 applied to all DCs, GC, and all (future) E2K2 servers, or Windows 2003.
• • • • •

16 I'm running Exchange 5.5 and would like to upgrade to Exchange 2003. Can I upgrade directly? No. The only supported upgrade in place is from Exchange 2000 SP3 or later. You would need to first upgrade your Exchange 5.5 server to at least Exchange 2000 SP3 and then upgrade in place to Exchange 2003. Another option is to exmerge out your current users and exmerge them into an Exchange 2003 server. And the only other option is called the leap frog migration. You configure the Active Directory Connector (ADC) for Exchange 2003 between the Active Directory and Exchange 5.5 Directory Service. Install a new Exchange 2003 server into the enterprise and move the Exchange 5.5 users to Exchange 2003. 17 Can I install Exchange 2003 on Windows 2000 server? Yes, but Windows 2000 must have SP3 loaded first. 18 Can I rename or move the default groups created by Exchange during domainprep and forestprep? Only if you want to horribly break your Exchange installation. 19 What are the minimum hardware requirements for Exchange 2003? The minimum practical hardware requirements in our experience are 1.25 times the disk space one would allocate under Exchange 2000, 1GB RAM (4GB minimum if the Exchange server also serves any other function) and the fastest processor(s) you can afford. 20 Am I better off with one really fast processor or two somewhat slower processors? You're better off with two really fast processors. But, with all other things being equal, two processors are better than one with Exchange 2003. In most instances, a 2-processor machine would be preferable. 21

Can I have multiple Exchange 2003 organizations in a single forest? No. Only a single E2K3 organization can exist within a single forest. Delegation of administration within the organization can be accomplished using OUs in AD and Administrative/ Routing Groups in the Exchange system manager. 22 Can an Exchange 2003 organization span multiple forests? No. All domains in a forest share a common schema and the Exchange organization exists within this configuration naming context. The GC, which provides the Global Address List is populated only with items within the forest 23 What ports does Exchange use? A partial list of the ports your Exchange server might use is included below 25 SMTP 53 DNS 80 HTTP 88 Kerberos 102 X.400 110 POP3 119 NNTP 135 RPC 137 - NetBIOS Session Service 139 - NetBIOS Name Service 143 IMAP4 379 LDAP (SRS) 389 LDAP 443 HTTP (SSL) 445 - NetBIOS over TCP 465 SMTP (SSL) 563 NNTP (SSL) 636 LDAP (SSL) 691 LSA 993 IMAP4 (SSL) 994 IRC (SSL) 995 POP3 (SSL) 1503 T.120 1720 H.323 6667 IRC/IRCX 1731 Audio conferencing 6891 - 6900 - MSN IM File transfer • 1863 - MSN IM 6901 - MSN IM Voice • 3268 GC 7801 - 7825 - MSN IM Voice • 3269 GC (SSL) • 6001 Rpc/HTTP Exchange Store • 6002 HTTP Exchange Directory Referral service • 6004 Rpc/HTTP NSPI Exchange Directory Proxy service/Global Catalog
• • • • • • • • • • • • • • • • • • • • • • • • •

24 Exchange Group Policy Notes, what should I do? A: Do Not delete the Default Domain Policy or Default Domain Controller Policy in your Active Directory.

The Exchange domain prep operation targets a policy with GUID 6AC1786C-016F11D2-945F-00C04fB984F9 for its operations. If it doesn't find it, domain prep will fail. ADMINISTRATION 01 What happened to the M: drive? The EXIFS (M: drive) feature has been disabled by default. If the feature is still needed, it can be assigned to an available drive letter with a registry setting. 02 Do I need Windows XP to use Outlook RPC over HTTP? Yes. Windows XP with Service Pack 1 + KB331320 03 When will Exchange 2003 SP1 be available? When it is ready 04 How do I configure the Recovery Storage Group?

In Exchange 2003, there is a new feature called the "Recovery Storage Group" (RSG). This is a special instance of ESE (a 5th instance) which can be spun up to provide: a. Item/Folder/Mailbox level restore without the need for a spare server b. "Dial tone" (blank mailbox) support if you lose a database and need to get the users quickly up and running for send/receive To create the RSG, go into Exchange 2003 ESM, right-click on your server object and choose to create a new Recovery Storage Group. Once the RSG exists, you can add a database to it (any MDB from any Storage Group from any server inside the same Admin Group). Then, use NTBackup or similar to restore a backup into the RSG. Now, you can use ExMerge to extract the data from the RSG and merge it into the production database (fig a.), or you can swap the RSGrestored database for the temporary production database (fig b) One of the goals for the RSG.
05 Under Exchange 5.5 I couldn't restore a single mailbox without 3rd party products. With Exchange 2003, is it any easier to restore a single mailbox or back up a single mailbox? Yes and no. Under Exchange 2003, a mailbox is not deleted immediately when a Windows account is deleted. Although restores have been greatly improved with the new Recovery Storage Group (RSG) and the Volume Shadow Copy Service, there is no built in mechanism for backing up a single Exchange mailbox. This would still require a 3rd party brick level backup utility.

06 Can I back up the EXIFS drive using NT Backup or another backup application? You can, but you will be sad. Do NOT back up the EXIFS drive of an Exchange 2003 server. It can result in messages and attachments being inaccessible via the

Outlook client. 07 How can I prevent a user from sending and receiving Internet mail? Follow the steps outlined below: 1. Create a group called InternalOnly. 2. Create a recipient policy that gives them a fake SMTP address. i.e. @fake.domain. Leave the X400 address alone so they can receive internal mail. 3. Drill down through Routing Groups > Group Name > Connectors > SMTP internet connector(s), choose its properties. Choose the Delivery Restrictions tab, and under "reject", add this group. Do this for each connector. 4. Follow the steps in KB277872, regarding Connector Restrictions. [Now they can't use the SMTP connector(s) to send external mail] 08 What tools are used to administer Exchange 2003? Active Directory Users & Computers - Used to create users, distribution groups and contacts. Exchange System Manager - Used to manage the Exchange Server, create address lists, recipient policies, and now does some user level actions... 09 Can I use Exchange 2000 tools to manage Exchange 2003 Servers? No, the property sheets of the 2003 servers will appear as read-only. You should avoid using Exchange 2000 ESM in environments where Exchange 2003 is installed. Not only will you not be able to access new Exchange 2003 features, but there is also the risk of damage to new objects that Exchange 2000 does not understand. If you must continue to use Exchange 2000 ESM, apply the latest Exchange 2000 SP3 roll-up to your Admin workstation(s) - FamilyId=E247C80E-8AFA-4C2A-96B3-F46D1808C790&displaylang=en .The roll-up includes support for the msExchMinAdminVersion attribute (also known as ESM versioning). Essentially, each Exchange object in the AD is stamped with a minimum admin version. If ESM detects that the data value is greater than the version of ESM running, it will not allow edits to that object. 10 Can I use Exchange 2003 tools to manage Exchange 5.5 and Exchange 2000 Servers? Yes, with the exception of the following Exchange 2000 components; Key Management Server, Exchange Instant Messaging, Chat, MS-Mail / Schedule+ / DirSync / cc:Mail Connectors 11 I created a user in AD Users and Computers, but in the Exchange system manager it doesn't appear under Mailbox Store | Mailboxes. What did I do wrong?

Probably nothing. A mailbox will not appear under Mailbox Store | Mailboxes until either someone has logged into the mailbox or the mailbox has received a mail message. Some administrators send a welcome message to a mailbox shortly after it has been created, which would cause it to appear. 12 I created a secondary Public Folder Hierarchy, but only the original public folder hierarchy appears in Outlook. Current versions of Outlook only support a single public folder hierarchy. Secondary Public Folder hierarchies can be accessed with the web. 13 In Exchange 5.5, I could have multiple mailboxes associated with a single user account. How do I do that in Exchange 2003? Exchange 2003 requires a user object for each mailbox. You can create a disabled user object, associate a mailbox with it, and then grant another user object 'receive as' and 'send as' permissions to that mailbox. 14 What is the difference between 'receive as' and 'send as'? 'Receive as' allows a user object to open a mailbox. 'Send as' allows a user to send out a mail message as the mailbox that has been opened. 15 How do I restrict a user or domain from sending mail to my users? First, add the address or domain you wish to filter to the Filtering Tab of the Message Delivery Global Settings. Next, you need to apply the filter to the SMTP virtual server you wish to filter. (Administrative Group | Server | Protocols | SMTP | <SMTP Virtual Server> | Properties | Advanced | <select the IP address for which you wish to enable filtering> | Edit | Apply Filter). Normally, you would only want to apply message filtering to the border SMTP servers (servers that communicate directly with External servers). 16 I've created more than one address list. Which list will users see for their GAL? The following criteria are used when determining what a client will see for the Global Address List.
• • • •

Which Address List do you have permissions to see? Which Address List contains your mailbox object as an entry? If your mailbox appears as an object in more than one address list: Which of the remaining Address Lists contains more entries?

17 What do the event IDs mean in the message tracking log? They are listed in Appendix A 18

Is Single Instance Storage maintained when moving users between servers | storage groups | databases? Yes... 19 In my native E2K3 organization is there any requirement for RPC connectivity between servers? In order to move users between servers, RPC connectivity is required. 20 How can I archive messages sent or received by my users? 1. Messages can be archived on a per store basis by enabling the option on the general properties tab of the Mailbox Store in the Exchange System Manager. 2. Use an event sink (either write your own or use the simple one provided by Microsoft and described in “Archive Sink Readme.txt” 3. Use a 3rd party message archival tool. 21 Why when I try to add an additional mailbox store do I receive the following error? This storage group already contains the maximum number of stores allowed. ID no: c1034a7a You are running the standard version of Exchange 2003 which is limited to a single 16GB private information store. 22 How do I get the Exchange Advanced Tab in Active Directory Users and Computers? Open Active Directory Users and Computers. Click on the View menu item at the top of the application. Select “Advanced Features” on the menu list. When you open a property page for an Active Directory object that has a mailbox associated with it, you will now see the “Exchange Advanced” tab at the top. 23 How do I control the format of the addresses before the @ sign in a recipient policy? You can use the following variables: %g Given Name, %s Surname, %i initials in the recipient policy. Examples: User: Tommy Lee Jones Domain: = = = Less commonly used variables include, %m (alias) and %d (display name). 24 How do I make Exchange automatically send a welcome message to all newly created users? There is nothing in the product that will do this. You can create a WELCOME.MSG that you deploy with Outlook, but that only applies the first time Outlook is opened

after creating a new profile. Otherwise, you could script mailbox creation and send a message at the end of the script. 25 Is there any way to append a text message to all out bound email for Exchange 2003? On a single Exchange server deployment, there is no 100% reliable way to accomplish this with an SMTP Transport Event Sink; even though KB273233 suggests that creating a second SMTP Virtual Server works. However, at startup the Exchange Information Store binds to the SMTP Virtual Server that starts first and you can not rely on the routing of the mail from SMTP VS 1 to SMTP VS 2 as the KB273233 proposes. Also note that under special circumstances the database can become corrupted if you use an SMTP Transport Event Sink to manipulate outgoing (MAPI) message contents. This is currently under investigation by Microsoft and a QFE to prevent the store corruption is under development. **** There are 3rd party products that will do this too. 26 How do I add a disclaimer to outgoing SMTP messages in Visual Basic/Visual Basic Script? You can do it, however, see there are limitations. It reliably works only on a border server, which can be either a Windows 2000 or 2003 SMTP Server with or without Exchange 2000/2003 installed. For more information, see KB317327 and KB317680 27 How can you tell the exact version of Exchange you are running? Here is a list of build numbers for Exchange 2000/2003: Exchange 2000
• • • • • •

4417.5 = Exchange 2000 RTM 4712.7 = Exchange 2000 SP1 5762.4 = Exchange 2000 SP2 6249.4 = Exchange 2000 SP3 6396.1 = Exchange 2000 Post-SP3 Super Roll-up 63xx/64xx = Exchange 2000 Post-SP3 Hotfixes

Exchange 2003
• • • •

6728.12 = Exchange 2003 Beta 1 6803.8 = Exchange 2003 Beta 2 6851.10 = Exchange 2003 Release Candidate 0 6895.5 = Exchange 2003 Release Candidate 1 (Candidate)

28 How do I add a disclaimer to outgoing SMTP messages in Visual Basic?

How To: Add a Disclaimer to Outgoing SMTP Messages in Visual Basic – KB317327 29 Resource / Conference room scheduling Outlook 2003 offers basic resource booking functionality through Direct Booking. For more information refer to “Direct Booking of Resource Without a Delegate Account” There are 3rd party products such as Exchange Resource Manager and AutoAccept Sink for Exchange that will automatically accept/decline meeting requests for conference rooms and other resources. 31 How do I find an SMTP mail address in Active Directory if Active Directory Users and Computers tells me it is in use when I try to create a new user? Either open Outlook to create a new message with that SMTP address and hit “CTRL+K” to resolve it, or use a Windows Scripting Host script to find it. For the latter, see (look for FindUserWithADSI.wsf and FindUserWithCDO.wsf) 32 How do I Enable the Security Tab for the Organization Object? This tab is not enabled by default. For instructions on how to enable it see KB264733 33 How do I restrict users from Creating Top-Level Folders? For Exchange 2000 public folders, you can follow the instructions in this article KB256131. But with Exchange 2000, however, any time a new server is added to the organization, these permissions will be reset. In Exchange 2003 these permission are restricted by default so to install Exchange 2003, you will automatically restrict them. “Allow create top-level public folder access control entry for everyone” permissions and “allow anonymous logon from the organization container” permissions are removed during the installation of Exchange 2003.***** 34 Why do the storage quota settings not take effect immediately? This problem has been fixed in AN Microsoft Exchange 2000 Server Post-Service Pack 3 MDB patch. For more information see KB327378 35 How do I limit which Outlook client versions can access my server? You need to create the Disable MAPI Clients registry value to disable MAPI client access. For more information, see KB288894 37 How do I disable the "Automatically update e-mail addresses based on recipient policy" on all users or contacts?

' Default setting for "msExchPoliciesExcluded" is empty ' Once disabling the automatic e-mail address update it is: ' "{26491CFC-9E50-4857-861B-0CB8DF22B5D7}" ' Default setting for "msExchPoliciesIncluded" is: ' "{26491CFC-9E50-4857-861B-0CB8DF22B5D7}" plus a unique GUID for each applied Recipient Policy separated by a comma ' And after turning off the automatic update "msExchPoliciesIncluded" is only: ' "{26491CFC-9E50-4857-861B-0CB8DF22B5D7}" MIGRATION 01 Can I use Exchange 2003's OWA to access a mailbox on an Exchange 5.5 or Exchange 2000 server? Yes and No. Exchange 2003 can access a 2000 back-end server however; it will remain the same as Exchange 2000 OWA. As for Exchange 5.5, the enhanced OWA is built directly into the store technology and only a mailbox residing on an Exchange 2003 server can be accessed using the enhanced OWA interface. Nice try, though. 02 Can I use Exchange 5.5's OWA to access a mailbox on an Exchange 2003 server? Yes. But you will not get the look and feel or the added features from the 2003 servers. 03 How do I remove the ADC after moving all of my users to an Exchange 2003 server? First, you need to use the Exchange 5.5 Admin program to delete the directory replication connectors (Org | Site | Configuration | Connections). Once you have deleted the connections, you need to be logged on with an account with Schema Admin privileges to delete the ADC connector. 04 How many Global Catalog servers should I deploy? There is no hard and fast rule in this regard. Some potential guidelines include: 1. 2. 3. At least 1 per routing group One for every 4 Exchange servers in a routing group One (or more) for each physical location

TRANSPORT 01 What additional queues have been exposed? All the system queues like the failed message retry queue, DNS messages pending submission, and messages queued for deferred delivery are now exposed to enhance trouble shooting. 02 Is there any way to append a text message to all out bound email for Exchange 2003?

On a single Exchange server deployment, there is no 100% reliable way to accomplish this with an SMTP Transport Event Sink; even though KB273233 suggests that creating a second SMTP Virtual Server works. However, at startup the Exchange Information Store binds to the SMTP Virtual Server that starts first and you can not rely on the routing of the mail from SMTP VS 1 to SMTP VS 2 as the KB273233 proposes. Also note that under special circumstances the database can become corrupted if you use an SMTP Transport Event Sink to manipulate outgoing (MAPI) message contents. This is currently under investigation by Microsoft and a QFE to prevent the store corruption is under development. **** There are 3rd party products that will do this too. 03 How do I add a disclaimer to outgoing SMTP messages in Visual Basic/Visual Basic Script? You can do it, however, see there are limitations. It reliably works only on a border server, which can be either a Windows 2000 or 2003 SMTP Server with or without Exchange 2000/2003 installed. For more information, see KB317327 and KB317680 04 Can I view the queues on a per server basis? Yes, in the new Queue Viewer in the Exchange 2003 System Manager. 05 How do I move SMTP queues and badmail directories? Exchange 2003 allows you to change the location of queue directories for SMTP virtual servers and X.400. The Directions are in the document entitled “Exchange Titanium Getting Started Guide” 06 What do the various queue names mean? DNS messages pending submission - Contains delivery status notifications (DSN), also known as non-delivery reports that are ready to be delivered by Exchange. The Delete All Messages (no NDR) and Delete All Messages (NDR) functions are unavailable for this queue. Messages queued for deferred delivery – Contains the messages marked by the client for deferred delivery or messages simply awaiting delivery at a different time. Failed message retry - Contains messages that have been marked as retry due to a delivery failure. This queue also does not have the NDR functions mention in the DNS messages pending submission queue. 07 How do I activate the real time safe block list? Enabling connection filter involves two steps: 1. Create the recipient filter using the Connection Filtering tab on the Message Delivery Properties under Global Settings. 2. Apply the filter at the SMTP virtual server level. 08 How do I filter incoming mail by subject or attachment?

Exchange 2003 does not have any built-in function to accomplish that. Either look for a third party tool or develop your own Windows SMTP Transport Event Sink. 09 How do I limit the maximum amount of messages the SMTP queue can hold? You have to use the MaxMessageObjects registry key. 10 How do I strip the attachment from an NDR? You can do this through a registry entry. But there are two drawbacks. Once this is done, the details that are necessary to display the notification in the preview pane are stripped, and the originator of the message cannot use the Send Again option. 11 How do you restrict Distribution Lists? Submissions can be restricted to a limited number of security principles though the standard Windows Discretionary Access Control List (DACL). This feature prevents non-trusted senders, such as unauthorized Internet users, from sending mail to an internal only distribution list. An example of this would be an “All Employees” distribution list which should not be available to anyone outside the company (by spoofing or otherwise). Note Restricted distribution lists will only work on the bridgehead servers or SMTP gateway servers running Exchange 2003. To set restrictions on a distribution list


Click Start, point to All Programs, point to Microsoft Exchange, and then click Active Directory Users and Computers. 2. Expand your organizational unit container, and double-click Users. 3. Right-click the distribution list for which you want to restrict submissions, and then click Properties. 4. Click the Exchange General tab. 5. Under Message Restrictions, under Accept messages, select one of the following options: Click From everyone to allow anyone to send to this distribution list. This includes anonymous users from the Internet. • Click From authenticated users only to allow only authenticated users to send mail to this distribution list. • Click Only from to specify a select set of users or groups that can send to this group and then click Add to specify the users or groups that you want to permit to send mail to this distribution list. • Click From everyone except to allow everyone but a select set of users or groups to send to this distribution group and then click Add to specify the list of users or groups that you want to restrict from sending to this distribution list.

STORE 01 What happened to the M: drive? The EXIFS (M: drive) feature has been disabled by default. If the feature is still needed, it can be assigned to an available drive letter with a registry setting. 02 What is the STM file?

the .stm file is part of the information store database that contains the native internet formatted items. It is used to improve the performance of the database. 03 Why does the size of the EDB file not change when I move users out of that store? The .edb file will only decrease in size once a database defrag is performed. 04 How do I move the log files? The new ESM allows the administrator to move the log files through the GUI. 05 Is there an easier way to move mailboxes grouped by Yes, you can now move mailboxes through ESM grouped by mailbox store. 06 Will an in place upgrade from Exchange 2000 remove the M: drive? Yes, In both the clean install and upgrade from Exchange 2000 scenarios, Exchange 2003 does not present EXIFS as drive letter M: 07 If there is still an M: drive mapped, why does the free space number look funny? The free space number shown on the M: drive is based on the main install drive for Exchange. It is not related to the drive space on the drives where the stores actually exist. CLUSTERING 01 Which cluster configuration is preferred? Microsoft recommends Active/Passive clustering because it:
• • • •

Scales better sizes the same way as a stand alone Exchange server can have up to 8 nodes in the cluster always fails over to a fresh node

02 What happened to Active/Active Clustering? Active/Active clustering is only supported with a 2-node cluster limited to 1900 concurrent connections. 03 Do I still have to cycle the services on fail back like in 2000 Active/Passive mode?

The Exchange services are automatically shutdown on failover so when fail back happens the services are automatically brought back online for a clean address space. 04 How many cluster nodes are supported by each version of Exchange? Exchange 2003 and Windows 2003, Standard Edition will run up to a 4-node cluster. Exchange 2003 and Windows 2003 Enterprise will run an 8-node cluster with at least one passive node. 05 Are there any other differences between Win2k and Win2k3 clustering? Win2k3 Enterprise and Datacenter both support 8-node clusters. MSCS (Microsoft Clustering Services) is now available for high availability. NLB Manager allows the administrator to configure the NLB service in a central location thus avoiding mistakes from repetitive actions. For more information see the “Technical Overview of Clustering in Windows Server 2003” and “Windows Server 2003 Server Cluster Architecture” documents. 06 Why am I getting the 9582’s and what is VM Fragmentation? VM fragmentation is when the virtual memory becomes fragmented and can prevent stores form mounting. The 9582 event is the event that warns about this condition. For more information refer to “The Extensible Storage Engine Database Engine Contributes to Virtual Memory Fragmentation (324118)” ADC 01 What are the new ADC Tools? The Active Directory Connector management console now contains an ADC Tools option. ADC Tools is a collection of wizards and tools that help you set up connection agreements by scanning your current Active Directory and Exchange 5.5 Directory and organization, and automatically creating the recommended connection agreements. The following wizards are included in the ADC Tools: Resource Mailbox Wizard This wizard identifies Active Directory accounts that match more than one Exchange 5.5 mailbox. Using this wizard, you can match the appropriate primary mailbox to the Active Directory account and stamp other mailboxes with the NTDSNoMatch attribute, which designates the mailboxes as resource mailboxes. You can either make these changes online or export a commaseparated value (.csv) file that you can update and import into the Exchange 5.5 directory. Connection Agreement Wizard This wizard recommends connection agreements based on your Exchange 5.5 directory and Active Directory configuration. You can review the list of recommended connection agreements and select those you want the wizard to create. The Exchange Server Deployment Tools lead you through the process of installing Active Directory Connector and running ADC Tools.

02 Can I use the Windows 2003 Active Directory connector with Exchange 2003? No, you need to install the Exchange 2003 ADC. 03 How can I get a list of connection agreements in Exchange 2003 ADC? Run the ExchDump utility with the /CA switch. OWA 01 How do I disable OWA for a single user in Exchange 2000/2003? In Active Directory Users and Computers (Advanced Features view) open the properties for the user object and choose Exchange Advanced | Protocol Settings | HTTP | Settings | and uncheck the 'Enable for mailbox' check box. 02 How do I make OWA work properly with Extended Characters? Beginning in Exchange 2000, messages with extended characters are encoded with UTF-8, by default. For more information see KB273615 and KB281745 03 How do I stop users from going to a bookmarked /LOGON.ASP page after conversion to 2003 OWA? After converting from Exchange 5.5 OWA to 2000 OWA, all the users had book marked the URL of, since in 5.5 OWA it automatically would pull the user from the root URL into a logon page (since it used ASP) but now the user only sees the same base URL of So once the users used the book mark or in some cases the "autocomplete" feature in IE they would be pulled to a dead address. Go into the front-end server that is hosting your OWA. Start up IIS admin and locate the /Exchange virtual directory Right click on the /Exchange directory and using the "wizard" create a new virtual directory called logon.asp. When it prompts where the content is located just put something like c:\inetpub\wwwroot • Once the virtual root has been created, right click it, select properties then select the tab labeled "Virtual Directory" • Select the "A redirection to a URL" and then in the "Redirect to" URL enter /exchange/
• •

What happens is when the user hits the virtual root of /exchange/logon.asp it pulls the user back to only /exchange*


How do I activate session timeouts for OWA users? Outlook Web Access user credentials are now stored in a cookie. When the user logs out of Outlook Web Access, the cookie is cleared and is no longer valid for authentication. Additionally, by default the cookie is set to expire automatically after 20 minutes of user inactivity. See Logon Modifications for OWA Users for the instructions. 05 How do I disable potions of the OWA interface? Exchange 2000 SP2 introduced the concept of OWA segmentation. This is where you can selectively enable/disable certain features in the web client. Exchange 2003 extends the segmentation options found in Exchange 2000. You can either set global (per server) segmentation via a registry parameter, or set the msExchMailboxFolderSet attribute on user objects. A bit mask determines the functionality available to the user. 06 What are the new OWA Hot Keys? Ctrl+N: New Mail (or Post, if in public folders) Ctrl+R: Reply to currently selected mail in view Ctrl+Shift+R: Reply all to currently selected mail in view Ctrl+Shift+F: Forward currently selected mail Ctrl+U: Mark currently selected message(s) as unread Ctrl+Q: Mark currently selected message(s) as read . OMA 01 Can I deploy OMA in a mixed environment? In a mixed Exchange environment, you must use Exchange 2003 for both the frontend and back-end servers to gain access to mailboxes through Outlook Mobile Access (OMA) and Exchange ActiveSync. For mailboxes on Exchange 5.5 and 2000, you need to deploy Microsoft Mobile Information Server. 02 What is OMA? Outlook Mobile Access and Exchange Server ActiveSync features, formerly found in Microsoft Mobile Information Server 2002, are now built-in with all Exchange Server 2003 Standard installations. Complementing the Outlook 2003 and Outlook Web Access mobile improvements, Outlook Mobile Access and Exchange Server ActiveSync help enable secure corporate e-mail on a range of mobile devices including browser-based mobile phones, Microsoft Windows Powered Pocket PC, and Microsoft Windows Powered Smartphone devices. Adding this functionality to the core Exchange Server 2003 product reduces the need to deploy additional mobile server products in the corporate environment, thus lowering the total cost of ownership. 03 Which devices are supported by Microsoft to be used with OMA?

Device support for Outlook Mobile Access (OMA) Browse is dictated by the Device Update package installed on the Exchange 2003 server. When you run Exchange 2003 Setup today, the DU2 package is silently installed as part of the installation. Approximately, every 6 months, new Device Update packages are released. This will add support for more devices to your Exchange server. The current Device Update package is DU4. The full list of devices and which DU package they are included in is available here. 04 I have just upgraded and I can’t use OMA, why? The setting to enable/disable OMA Browse is actually set during ForestPrep. Exchange 2003 ForestPrep will no longer enable OMA Browse by default. Exchange 2003 ForestPrep/Reinstall will keep it enabled if it was already enabled. This means that OMA Browse WON’T be enabled when running ForestPrep to upgrade from Exchange 2000. You can find OMA Browse settings in ESM, under Global Settings -> Mobile Services -> Properties Note: ActiveSync and AUTD remain unchanged. 05 I have an Exchange 2003 server on a member server that I promoted to a DC, what happened to my OMA, it no longer works? Amongst other problems, the ASP.NET account changes which causes OMA to cease functioning. 06 How do I verify OMA is functioning? You can verify Outlook Mobile Access (OMA) is functioning from a desktop machine running IE 6.0 Assuming that SERVER1 is running Exchange 2003: 1. From a desktop PC running IE6.0, navigate to http://server1/oma 2. Enter the logon credentials for an existing mailbox which resides on server1 3. Click the OK hyperlink when you receive the warning about your device being unsupported 4. Welcome to OMA!

OUTLOOK 2003 01 What do I need to get RPC over HTTP working?


Outlook 2003, Windows XP with Service Pack 1 + Q331320

• • • • •

Exchange 2003 on Windows 2003 for FE (if FE is deployed) Exchange 2003 on Windows 2003 for BE Exchange 2003 on Windows 2003 for Public Folders Exchange 2003 on Windows 2003 for System Folders Windows 2003 for Global Catalog server

When used with the Microsoft Windows Server 2003 RPC Proxy Service and Exchange 2003, Outlook 2003 clients can connect simply using HTTP or HTTPS, thereby reducing the need for virtual private networks (VPNs) or dial-up remote access. If remote users only need to gain access to corporate messaging information, your IT department may not need to deploy VPN infrastructure. VPNless access reduces costs and provides for increased security by ensuring that remote Outlook users don’t need access to the entire network. 02 Do I need Windows XP to use Outlook RPC over HTTP? Yes. Windows XP with Service Pack 1 + Q331320 03 How can I enable/disable an attribute used by the Outlook client for ambiguous name resolution "Registry Modification Required to Allow Write Operations to Schema" KB216060 • "Setting an Attribute's searchFlags Property to Be Indexed for ANR" KB243311.

04 What are the differences in compression between Outlook 2002/2003 and Exchange 2002/2003? The following tables illustrate how RPC compression and buffer packing works on the wire between the Outlook client and Exchange Server. Outlook 2002 against Exchange 2000 / 2003 Network Client Buffer Size on Data Buffer Compress Siz Wir Size ed e e 32Kb 4Kb/8Kb 32Kb 4Kb/8Kb 32Kb 32Kb 4Kb/8Kb 32Kb No No No

Mode Data Flow

Onlin Download/Uploa LAN e d Onlin Download/Uploa WAN e d

Offlin Download/Uploa All 32Kb e d Outlook 2003 against Exchange 2003

Data Mode

Network Flo Client w All

Buffer Data Buffer Siz Size e 32Kb 32Kb 96Kb 32Kb 32Kb 32Kb 32Kb 32Kb >96Kb 32Kb >32Kb 32Kb

Size on Compress Wire ed <32Kb <32Kb 96Kb <32Kb 32Kb <32Kb Yes Yes Yes Yes Yes Yes

Online Download All Online Upload Cache Download All d Cache Upload d Offline Upload All

Offline Download All All

The compression technology used between Outlook 2003 and Exchange 2003 is called XPRESS(tm) and is based on the Lempel-Ziv (LZ-77) algorithm. This is the same technology that Active Directory uses to perform compression of its’ RPC data when replicating between servers. All data over the size of 1 KB is compressed, and the technology is built into both client and server; therefore the compression is full duplex. The compression gain is dictated by the message format and attachment(s) type. Because the compression is performed at the RPC level, all message data is compressed. Plain text and HTML messages usually compress between 60% and 80% (on the wire saving) • Rich-text (RTF) messages usually compress up to 20% (on the wire saving) • Word documents compress down better than PowerPoint files

Logon Modifications for OWA Users You can enable a new logon page for Outlook Web Access that will store the user's user name and password in a cookie instead of in the browser. When a user closes their browser, the cookie will be cleared. Additionally, after a period of inactivity, the cookie will be cleared automatically. The new logon page requires users to enter either their domain name\alias and password or their full UPN e-mail address and password to access their e-mail.

Figure 2.8 Outlook Web Access logon page This logon page represents more than a cosmetic change; it offers several new features. To enable forms-based authentication 1. In Exchange System Manager, expand the Servers node. 2. Expand the Protocols node under the Exchange server for which you wish to enable forms-based authentication. 3. Expand HTTP, and then right-click the Exchange Virtual Server. 4. On the Exchange Virtual Server properties page, select the check box next to Enable Forms Based Authentication for Outlook Web Access. 5. Click Apply, and then click OK. Cookie Authentication Timeout Outlook Web Access user credentials are now stored in a cookie. When the user logs out of Outlook Web Access, the cookie is cleared and is no longer valid for authentication. Additionally, by default the cookie is set to expire automatically after 20 minutes of user inactivity. The automatic timeout is valuable for keeping a user’s account secure from unauthorized access. Although this timeout does not completely eliminate the possibility that an unauthorized user might access an account if an Outlook Web Access session is accidentally left running on a public computer, it greatly reduces this risk. Note: Cookie Authentication Timeout is available for the rich experience version of Outlook Web Access only.

The inactivity timeout value can be configured by an administrator to match the security needs of your organization. Note: The default value for the cookie timeout is 10 minutes. If you want to set this value to something other than 10 minutes, you must modify the registry settings on the server. Warning This section contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it if a problem occurs. For information about restoring the registry, see the “Restore the Registry” Help topic in Regedit.exe or Regedt32.exe To set the Outlook Web Access cookie timeout value 1. Click Start, click Run, and type Regedit in the box next to Open. Click OK. Navigate to the following registry key: HKey_local_machine\system\ CurrentControlSet\Services\MSExchangeWeb\OWA\ 3. Create a new Dword value and name it KeyInterval. 4. Right-click the KeyInterval Dword value and click Modify. 5. In the Base window, click the button next to Decimal. 6. In the Value Data field, enter a value (in minutes) between 1 and 1440. 7. Click OK.


The highest public folder in a hierarchy is called a top-level public folder. By default, all users in an Exchange organization can create top-level public folders. However, you can change this default setting with the Active Directory Service Interfaces (ADSI) editing tool, which is part of the Windows 2000/2003 support tools. Here's how: 1. Start the ADSI Edit utility (Start -> Programs -> Windows 2000 support tools -> Tools -> ADSI Edit). 2. Double click the Configuration container. 3. Expand CN=Configuration, CN=Services, CN=Microsoft Exchange. 4. Right click your organizational name's container and select Properties. 5. Select the Security tab. 6. Click Advanced. 7. On the Permissions tab, find the entry with the name "Everyone" and a permission of "Create top-level public folder." 8. Select the Deny checkbox. 9. Click OK to exit all the dialog boxes. 10.Close the ADSI Edit utility.

We are running Exchange 2000 and using public folders for forms. I have created about 10 different folders -- each has a form that I created. We post equipment trouble tickets, human resource requests, etc. We are working on upgrading to Office 2003, but we keep losing the forms on different workers throughout the day. I can correct this by going into Properties, managing the forms and then copying them back in. I have to

do this periodically throughout the day. This problem did not start until we started upgrading to Office 2003. Do you have any suggestions? Without knowing specifics about your environment, I'll make an educated guess. Do you by any chance have more than one replica of the public folders hosting the forms? If so, then have a look at (a) which public folder replica your Outlook clients are hitting (i.e., affected by affinity) and (b) public folder replication. At first glance, it sounds like some of your Outlook clients are hitting replicas that contain the forms in the folder form library, while other clients are hitting replicas that for some reason don't contain the forms. If that doesn't apply, have a good look through the application event logs on the Exchange server(s) hosting your problematic public folders and check for any suspicious errors (or warnings), specifically any from the MSExchangeIS Public source. I have a user who is prompted for a password when attempting to view a replicated public folder, even though the permissions appear to be OK. Do you have any suggestions? The version of Microsoft Exchange you are running, and the particular client the user is using to access public folders (Outlook 2000/2003, Outlook Web Access, IMAP4, etc.), have an impact on these problems. I'm going to assume you are running Exchange Server 2003 and Outlook 2003. Public folder permissions are complex. Since you verified that the folder permissions are correct, I think it could be an information store permission problem, rather than a directory or client permissions (a.k.a. folder rights) problem. Compare the permissions on the two servers where the public folder replicas are homed at the file system level. By default, authenticated users should have permissions to the actual database files. If the permission has been removed or changed, that could create an access problem for your user if he/she is not a member of a security group that has access. The public folder store is in %systemroot%\program files\exchsrvr\mdbdata\pub1.edb and pub1.stm by default. Speaking of defaults, also check the default public store setting on the user's mailbox store. This setting is actually what dictates which public folder server the Outlook client will connect to first. In the event that the replica is not on that server, Outlook will receive a referral list of replicas from that server. Connector costs, blocked referrals and manual referral lists can all affect how a user gets to a replica and could be related to your user's problem.

We have purchased a company and are migrating all of their e-mail to our Exchange 2003 servers. ExMerge works well for this, but does not migrate public folders. How do we migrate public folder content from one Microsoft Exchange organization to another?

Microsoft Product Support Services provides a utility called pubmerge. I found a copy on the Internet here. This should provide you with a mechanism to export and import your public folders from source to target. The last time I used this utility, it was data and hierarchy only. There is no way to preserve or map the permissions from source to target environment. So, any information that is permissions on the source side will need re-permissioning on the target I have Exchange public folders working. I had contacts and calendar working on it. The only problem is the reminder on the calendar. How can I put the calendar to notify each user, or selected users, when any task or calendar is expired? Is there a way to set the public folder on the calendar as my default calendar in Outlook? Change the startup folder under the general settings. Go to Tools -> Options -> Other -> Advanced, and browse for the calendar that you want to display. When you open Outlook, the calendar will open by default and remind users of their tasks. Only the default calendar will send automatic reminders An Exchange server has gone down. Is it possible to re-make the public files and mail with just the MDBDATA folder with a fresh install? If so, how? I'm assuming that you are referring to recovering data in Exchange 2000. There are two primary ways to recover mailbox data, and one for public folder data. Mailbox data can be restored back to the recovery storage group (RSG). It can also be recovered on a hot spare server To recover the public folder data, you would need to mount the database on a hot spare server that is isolated from production. Once you have the data back online, you can use EXMERGE or PUBMERGE to extract the data into .PST files -- then you can import that back into your production mail environment. You should also consider looking into this webcast I did with David Sengupta on this topic of recovery. Within the standard recovery context, you will lose the public folder data if you try to recover it through the Mailbox Recovery Center in Exchange System Manager, because it only allows you to mount mailbox stores Until a couple of weeks ago, when a mail message came in for a public folder, it would come in as ipm.note. But now, for some reason, it is converting to How can I stop this? Great question! While I can't answer what the root cause was behind the change in your environment (possibly a service pack?), I can provide a way to resolve this -assuming you're running Exchange 2000 or Exchange 2003. If you're on Exchange 2000, you'll need to get a copy of the April 2004 Exchange 2000 Server post-Service Pack 3 update rollup (Microsoft Knowledge Base Article: 836488, April 2004 Exchange 2000 Server post-Service Pack 3 update rollup) and install it on your Exchange server(s). If you're on Exchange Server 2003, you'll need to call Microsoft Product Support Services (PSS) and ask for fix 817809 Once hotfixed, you'll want to a DWORD registry key named "incoming defaults to IPM.Note" under the following registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\<servern ame> \Public-<GUID> and set it to "1" to retain the IPM.Note message class. We are running an Exchange 2003 server using Panda Antivirus. Panda needs to have access to the public folders for monitoring and scanning

purposes. Both Exchange and Panda were installed by using the Administrator account and password. However, Panda is now telling us that Panda and Administrator have no rights to the public folders. This keeps Exchange from allowing e-mail into the mail server. Here is what has likely happened to you: Recently the password for Administrator was changed. The Panda software uses a service account to run the Panda services. During the install, you probably specified the Administrator account as the service account. Now the service will not work until you update the password on the Panda service To update the password, open the services.msc snap-in, locate the Panda service(s) and view the properties of the service by clicking on the Log On tab. Change the password and click OK We are using an Exchange 2000 server and Outlook 2003. We have some public folders (Contacts, etc). When we were using Outlook XP, it worked fine. But now, we can't see public folders with Outlook 2003. What can we do to use and synchronize it again? In Outlook 2003, public folders are not at the bottom of the tree where they used to be. Click on the folder button at the bottom of the navigation pane. The folder list will appear, and then click Public Folders. You may want to add public folder to your favorite folder list. Unpredictable things can happen if a Microsoft Exchange public folder's objects are moved out of the Exchange System Objects organizational unit (OU). For one, you may get the following error when you try to view the properties of a mail-enabled folder affected by such a change: The format of the specified domain name is invalid Facility: Win32 ID no: c00704bc Exchange System Manager You'd think that the solution would be to just move the affected objects back into the right OU using Exchange System Manager -- but it isn't that easy. One of the odder bits of asymmetry in Exchange System Manager is that an object can be moved out of the Exchange System Objects OU, but cannot be moved into it. That's right -- not even if it originally belonged there in the first place. (From what I have been able to tell, this is to prevent the OU from getting "contaminated" by things that aren't supposed to be there, which makes sense, but doesn't help us fix the problem!) The only way to move objects into the Microsoft Exchange System Objects OU is through the ADSI Edit tool, which is included with Windows 2000/2003 on the \Support\Tools folder on the installation CD. To restore the public folders to their original OU: 1. Run the ADSI Edit tool. 2. Open the Domain NC container, inside which you'll see a tree structure similar to the Active Directory Users and Computers hierarchy. 3. Open the OU that the public folder directory objects were moved into. 4. Locate the directory object in that OU and right-click on it. 5. Select Move, and then the Microsoft Exchange System Objects OU.

Public folders vs. SharePoint -- which is better?

There are some major differences in the way that public folders and SharePoint manage and retain documents. In this article, I compare and contrast Exchange public folders with SharePoint Portal Server and explain when it is appropriate to use one over the other.

Public folders
Public folders are generally better suited for documents that are static in nature -typically a document or collection of documents commonly used throughout the organization. For example, one of the companies I used to work for used an Exchange public folder to store all of the various forms used by the Human Resources department -e.g., forms for requesting time off or for hiring additional staff. The public folders were set up so that only authorized personnel within the Human Resources department could post to them, but anyone in the company could access those folders to view or print forms.

SharePoint Portal Server is better suited to environments where documents frequently change. Rather than using a hierarchical collection of folders, SharePoint relies on a document library that's accompanied by a rather elaborate search engine. Users access the document library through a Web interface. Once users locate a document, they must decide whether they want to just view it, or if they want to modify it. If they want to modify the document, they must check it out of the library, and then check it back in when they're done. Nobody else can modify a document while it is checked out. Another unique SharePoint feature is versioning. When a user modifies a document, the previous version is retained within the library. If someone happens to make an undesirable change to a document, other users can backtrack through the document's history to retrieve a version that existed prior to the change

User interfaces
Public folders exist on an Exchange server and can be replicated across multiple servers for optimal performance. Users access the folder contents directly through Outlook. Using Outlook to access public folders has its good and bad points. A good point is that public folders can be mail enabled. This means that an e-mail address can be assigned directly to a public folder and users can make posts to the folder by simply sending an e-mail message to the folder's address. On the flip side, you must be careful to apply the appropriate permissions to the folders and train employees to use your public folders properly. I have seen users do some pretty bizarre things because they didn't completely understand how public folders work.

For example, once I saw a user send an e-mail to everyone in the company. The problem was that he had a couple of public folder addresses in his address book, so his message was also posted to those public folders. I once saw another person treat public folder content in the same manner he treated his personal Inbox. Once he read a post, he deleted it, not realizing that doing so would impact other users. SharePoint's document versioning helps to prevent users from accidentally deleting documents from the library. Unfortunately, it doesn't offer the convenience of being able to access the document library through Outlook. SharePoint is also unable to replicate data across multiple servers, and the document library is not mail enabled (although you can configure SharePoint to notify you through e-mail when a document has changed).

Public folders and SharePoint document libraries both have their places. I have heard of large organizations effectively using public folders to host static files and ongoing discussions, while using a SharePoint document library to host files that are more dynamic in nature. If you want, you can even configure SharePoint so the search engine indexes the contents of your Exchange public folders in addition to its own document library. That way, users can use a single interface to locate data regardless of where it exists within the organization.

About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as the CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at
I need a simple way to copy about 13,000 contacts to a public folder. I'm a network administrator for an insurance company. We have contact information for about 11,000 independent agents and 2,000 various other contacts. We just implemented a 'fax from desktop' solution. The cool thing about it is that, if you have a contact and a number in the 'Business Fax' field, all you have to do is find that contact, send a message and it goes out as a fax. The problem is that I have to update this list about once a week because information changes that often. Basically, I import an Excel spreadsheet into a contact list in a personal folder on my computer and then copy to the Exchange Server 2003 public folder. This takes forever and a day even when breaking it up into 2,000 piece increments. It also eats about 6070% of CPU during the copying procedure.

Is there any easier/simpler way of doing this? First of all, check whether the public folder that you're importing to is replicated to (or located on) a server that is close to you. Secondly, you'll want to check the raw processing power on the Exchange server hosting that public folder. It's quite likely that boosting server performance will speed up your imports, if that's an option. Finally, you may want to consider creating an address list in Active Directory containing the contacts, instead of placing the contacts in a public folder. You'll need to learn how to use a tool called LDIFDE for export and import to Active Directory. This is described in Microsoft's Step-by-Step guide to bulk import and export to Active Directory. If this meets all your requirements, then this will speed up the process dramatically. Since LDIFDE import files are a bit unwieldy to manipulate, you will want to search your favorite Internet search engine for "convert ldif to csv free" to locate some of the free tools available to facilitate making your weekly changes using Excel. Obviously, test this in a lab first to ensure this meets your performance needs. How do I configure public folders in Exchange 2003, and what are the advantages of public folders? Good question. Public folders provide a way of sharing Exchange data across your Exchange organization inside of Exchange. You configure public folders from within Exchange System Manager. Navigate to the appropriate Administrative Group and expand the public folders container. You can create and configure public folders from here. Once top-level public folders are created, users with adequate permissions will be able to create subfolders and store content Strongly recommend that you keep public folder usage under tight control. Microsoft has suggested that public folders will be fazed out of Exchange gradually, with the logical replacement being SharePoint Portal Server. We have public folders running on Exchange 2003. A user has deleted a subfolder within public folders. Although deleted item retention is enabled, the folder cannot be recovered -- even with full control permissions through the public folder hierarchy. We receive the error, "Outlook was unable to recover some or all of the items in this folder. Make sure you have the required permissions to recover items in this folder and try again. If the problem persists contact your administrator." I have full owner rights right through the tree and still cannot recover this folder. Any advice would be appreciated. One thing you may want to look into is whether there were nested public folders beneath this public folder, and what permissions were set on the public folders nested inside of the folder you are trying to recover. From what I understand, you need rights for the public folder that you are trying to recover, and all nested public folders beneath that public folder. For example, if you had the following public folder hierarchy: Top Level Public Folder #1 L Public Folder A L Public Folder B L Public Folder C

Let's say you had permissions on Public Folder A and Public Folder B -- but no permissions on Public Folder C. If Public Folder A was deleted, attempting to recover it by viewing the dumpster contents, while highlighting Top Level Public Folder #1, will fail with the message you refer to. This is because you don't have rights on Public Folder C. I suspect this is what you're experiencing, in which case you will need to resort to a backup. The two ways of recovering the folder from backup are (a) building a recovery server or (b) using a third-party solution to recover the public folder from backup to your production environment.

We utilize these basic procedures with Outlook Web Access to recover public folders that have been deleted, but we could not recover through Outlook. Our work environment consists of a Windows 2000 domain in native mode and Exchange in mixed mode. Some of our users accidentally deleted public folders that they then needed back. I used the Recover Deleted Items Wizard to recover these folders (How to use Exchange Server 5.5 or Exchange 2000 Server to recover items that are not first transferred to the Deleted Items folder in Outlook). This has been a very useful tool -however, it doesn't always work. 20% is used in places where the folder name has a space. I then used the syntax to try to open up the public folder where the person deleted the folder: (http://servername/public/toplevel/subfolder/?cmd=showdeleted&btnClose=1). I saw the folder that the user wanted to recover, highlighted it, clicked Recover and that was it. It didn't give me an error like I received through the Outlook client. This is actually better than recovering it through the Outlook client, because if you recover it from the Outlook client, it adds (Recovered) to the end of the name of the folder, and also adds "Recovered" to all the e-mail addresses you have assigned to the folder. Recovering the folder through Outlook Web Access does not.

—Dave K.
The end user used her Outlook calendar as the division calendar instead of making a public folder calendar. How do I export the information from her Outlook calendar to the newly created public folder calendar? Here are some steps for you to follow: 1. Log onto the end user's account via Outlook. 2. Navigate to the Outlook folder where the user has saved all the division appointments. 3. Now you will want to define a new view. Call it whatever you want (i.e., "everything"). 4. In the new view dialog, select the "table" type and make sure all defaults are accepted (i.e., don't select a filter). 5. Click apply. 6. You will now see a list of all appointments in this Calendar. 7. From here on in things get simple. Just select Edit -> Select All (or simply click CTRL-A) and then copy all items to the newly created public folder calendar. That's all you need to do. You should now have all the appointments in the shared public folder for all to see.

What is the difference between a .STM file and a .EDB file? On the surface, storage groups and databases seem to be the most fundamental Exchange Server components. You use storage groups as containers for mailbox and public folder stores. You create mailbox and public folder stores within storage groups and each storage group can have multiple data stores. An Exchange database is associated with each data store. You use Exchange databases to ease the administration burden that comes with managing large installations. For example, instead of having a single 100-GB database for the entire organization, you can create five 20-GB databases that you can manage more easily. When you install a new Exchange server in an organization, two data stores are created automatically: a default mailbox store and default public folder store. Two database files are associated with the default mailbox store:
• •
Priv1.edb: A rich-text database file containing message headers, message text, and standard attachments. Priv1.stm: A streaming internet content file containing audio, video and other media that are formatted as streams of Multipurpose Internet Mail Extensions (MIME) data.

The default public folder store has two key files associated with it as well:
Pub1.edb: A rich-text file database file containing message headers, message text, and standard attachments. Pub1.stm: A streaming internet content file containing audio, video, and other media that are formatted as streams of MIME data.

In other words, all Exchange databases have .edb and .stm files associated with them. When you create a mailbox or public folder store, you can specify the names for these files. By default, the .edb and .stm file names are the same as the name of the data store. For example, if you create a mailbox store called Administration and don't change the default .edb and .stm file names, these files are called Administration.edb and Administration.stm, respectively. Source:

Eseutil - A Quick and Easy Tutorial
Eseutil some feel comfortable with this tool others don't; Eseutil should not be taken lightly, some modes of Eseutil that can reak havock if not used in the correct situation or with the correct procedure, which is why I am outlining some simple rules and steps, so that you can use Eseutil without fear and know exactly how it use it in a certain situation. Eseutil is used in the majority of situations when you experience issues with your Exchange Information Store not starting or misbehaving but there are some senarios were this migh not be the case as you will see in the first example of the switch Eseutil /d below: Firstly let's look at the what this tool does, Eseutil.exe can be used to analyze/verify and then modify/repair your exchange Information Store database files, these files in a default setup are named priv1.edb priv1.stm pub1.edb pub1.stm. It should be noted now with the release of Exchange 2007 (only with the Exchange 2007 version of the tool) eseutil can be used to perform these tasks against the ESE database files on the Exchange 2007 Edge Transport and Hub Transport servers along with the mailbox and public folder stores. So now that you know what eseutil does I am

now going to outline the switches that Eseutil uses and then give an overview of the defragment mode (eseutil /d), I will save the rest of the switches for another article.

Eseutil Defragment Recovery Integrity Checksum Repair File Dump Copy File Restore /d <database name> [options] /r <logfile base name> [options] /g <Database name> [options] /k <file name> [options] /p <database name> [options] /m[mode-modifier] <filename> /y <Source file> [options] /c [mode-modifier] <path name> [options]

So as you can see there are a few commands/modes to this tool; before using Eseutil I along with Microsoft recommend follow these simple rules and you cannot go wrong:
• • •

When using Eseutil the information store must be offline You can only run eseutil on one ESE database at a time If using Eseutil on a production database you should first make a copy of any files that you might touch, this includes all .edb .stm as well as transaction log files .log and .chk, put these aside and don't touch them unless you need to get back to the original state, and in this case copy the backup files don't move, so you always have this safety net. If you have a test lap virtual or physical use it, practice and write down each of the steps before performing on a production system.

Eseutil /d Defragment (Offline Defragmentation)
This switch is equivalent to your disk defragment, but a little different, what eseutil /d does is removes empty pages in the database file and rebuilds its indices. This procedure is commonly known as the offline defragmentation because the information store database is offline when the defragmentation occurs, as opposed to the regular nightly online defragmentation (maintenance) that occurs when the information store is online. The additional options for Eseutil /d are as follows: Note None of these additional options are required /s<file> /t<db> /f<file> /i /p /b<db> /8 /o - set streaming file name (default: NONE) - set temp. database name (default: TEMPDFRG*.EDB) - set temp. streaming file name (default: TEMPDFRG*.STM) - do not defragment streaming file - preserve temporary database (ie. don't instate) - make backup copy under the specified name - set 8k database page size (default: auto-detect) - suppress logo

In general the eseutil.exe /d is used with the default options as below:

eseutil.exe /d "C:\Program Files\Exchsrvr\MDBDATA\priv1.edb" /s "C:\Program Files\Exchsrvr\MDBDATA\priv1.stm"

Figure 1: Running the eseutil /d command
Unless you wanted the temp database created in a different location, with a different name or did not want the original database to be overwritten by the defragmented version of the database. In general you would not use the eseutil /d switch unless, you have removed/moved a lot of mailboxes from an Exchange database file or there are -1018 errors in your event logs, or you have just performed an Eseutil /p or there has recently been a mail storm. Personally if I have say moved X% of the mailbox from one database to another database or server, or deleted a significant amount of mailboxes I prefer defragment using the mailbox move method. All you need to do this create a new blank database and move the mailboxes to the new Information store, this has the advantage of giving you a free defragmented database, and users are not impacted as much, because you are moving a single mailbox at a time and only that user is impacted during the mailbox move process, whereas with an offline defragmentation, all mailboxes on that information store are offline until, the entire Eseutil /d process completes. To see how much free space you have in an Exchange Database file/s just check in the event logs and look for recent occurrences of event 1221 or you can run eseutil /ms (with database offline)

When you run eseutil /d you should ensure you have at least 110% of the database files size available in free disk space on volume that the defragmented copy of the database file is being created. Microsoft does not recommend running Eseutil /d as a regular maintenance practice, as the online maintenance takes care of this. In addition if your Exchange database is not in a consistent state you should not use eseutil /d.
In the next few days I will outline and give tips on each of the other switches or modes of Eseutil.

How did you like this article? Please add any comments or suggestions, I am always willing to answer any questions and love feedback, you might have a great idea that can be added. Just a quick addition: I have posted the following addition/follow up to this article, please see them here:

Eseutil /P – A Quick and Easy Tutorial Eseutil /p - This article is the second part of my original article titled Eseutil – A quick and easy tutorial, in which I gave readers an overview of the Eseutil tool, some basic guidelines along with a look at Eseutil /d (defrag). In this article I will talk about Eseutil /p, the mode that can get you in the most trouble if correct procedures are not followed. So if you have not already please read my previous article where I outline some basic safety steps.
The Eseutil /p command is known as the repair mode and is used to repairs a database at the page and ese table level of the database. It should be noted that this repair process may leave your database incomplete, as to repair it may be required for Eseutil to delete rows and tables to repair the database.

Eseutil /p should be used as a last resort, so if you cannot restore and replay or fully replay your transaction log files, and if possible the database should be restored from backup to the most recent date then the corrupt database repaired and merged into the restored database using a recovery storage group. If possible never put only a repaired database back into production.
When using Eseutil /p you should always follow up the use of this tool with the use of the following two commands Eseutil /d to rebuild the indices and defrag the database ISInteg to repair the database at the application level.

If the database that you want to run Eseutil /p against is in a dirty shutdown state the Eseutil /p cannot be performed, and the database must be shutdown cleanly if this is not possible then the Eseutil /r switch (recovery) must be ran to perform a soft recovery and put the database back into a clean shutdown state. Now for the syntax of Eseutil /p
ESEUTIL /p <database name> [options] /s<file> Streaming file location (Optional default is not to use) /t<db> Temporary Database Location and name default is: TEMPREPAIR*.EDB /f<name> Prefix for database report files, the default is: <database>.integ.raw) /i bypasses the mismatch error check on database and streaming file /g To run the integrity check before repairing database /createstm Creates and empty stm streaming file if this is missing /8 To set the 8k database page size (default: auto-detect) /o suppress logo Running the eseutil /p command with only the basic default options looks like this:

eseutil /p "C:\Program Files\Exchsrvr\MDBDATA\priv1.edb"

Figure 1 below shows the command running and the warning says that this command should only be ran against a corrupt database and may cause data (pages and tables) to be deleted.

Figure 1: The Eseutil /p command (Repair) warning A screenshot of the completed output of the tool is shown in figure 2 below:

Figure 2:The output of the completed Eseutil /p command As stated above Eseutil /D should be ran followed by Isinteg, the database should now be backed up.

I hope this article enlightened you to the use of Eseutil /p, if you have any questions, comments or suggestions about this tool please post a comment. You could even start a new post in the forums above.
My next post will be on the /r mode of this tool the recovery mode.

Eseutil /R (Soft Recovery) – A Quick and Simple Tutorial Eseutil /R what does this mode do and when would you use Eseutil /R ? The Eseutil /R mode is used when you need to perform a soft recovery of your Exchange Database/s ( Information Store ). This mode of the tool should not be confused with the hard recovery mode Eseutil /C

What is the Difference between Hard and Soft recovery with Eseutil?
As mentioned above there are two recovery modes hard and soft recovery, the Hard recovery mode Eseutil /c is only used after performing an online restore (restore database because of corruption, or system failure; basically an online restore from media) and is used to playback to transaction log files so that you have a current database. Normally Soft Recovery happens automatically after the Exchange Information store service starts and manual soft recovery using Eseutil /r is rarely required as it is run automatically, in fact manual soft recovery is not recommended at all with Exchange 5.5, yet there are some instances when you will need to perform a soft recovery manually, below are the scenarios where you would perform a soft recovery manually with Eseutil /r

· Database drive that contains one of a storage groups Information Store fails
This causes the storage group and other Exchange Information stores (on other drives) to go offline (Dirty shutdown)

o In this scenario if you intend on later restoring your missing database your can,

still recover (soft recovery) the remaining Information stores with the use of the /r mode along with the /I (Ignore) switch.


To perform an Out of Place Restore of an Information Store

Using the recovery mode together with the /D switch will allow you to recover an information store out of place, either to a Recovery Storage Group and would be particularly useful when you are ready to restore the missing database from the previous scenario above. The D switch basically allows you to specify an alternate locate (Other than the original) for the Exchange Database files


After a restore you see Event ID 494, 454, 101, 904, 903 the following description: Information Store (1352) ….. as outlined in the following Microsoft Kb Article: The valid options and syntax for use with Eseutil /R is as follows: Eseutil This is normally E00 but /R in different scenarios may <E00> be different Path to the log file location /L<Path> Location of the System files (Checkpoint file, /s<Path> etc) Ignore errors missing/mismatched database files (Exchange /I 2003 and above only) /D [Path] Path to the location of the database files, if switch is not specified path will use the original local of database files, if switch is specified without a path the current working

Now that you have seen the options that can be used with Eseutil /R let’s look at it in action: Suppose we had a scenario as one above where a drive failed that contained one of your storage groups databases, and this failure caused the storage group and remaining databases (located on another drive)to go offline. Now you want to get these remaining information stores back online ASAP and worry about restoring the missing database later. Figure 1 below show the Eseutil /R command and its output.

/8 /o

directory is used, if switch and path is specified the path specified is used. Set 8k database page size (the default is 4k) Suppress logo

Figure 1: Eseutil Soft Recovery
The inclusion of the /D switch makes it possible to run this command against your database/s file in just about any location, it no longer needs to be in the original location. You can see how this switch can make Out of Place Restores and restores/recoveries of Recovery Storage groups possible. This feature however is only available in Exchange 2003 and above.

Before running Eseutil /R with the /I option is highly recommended that you make a backup copy of your transaction log files, especially in a scenario when you are recovering databases but you plan to use these log files in the future after you have restored the missing database file, as the use of Eseutil /r makes changes to your Transaction log files and may change them so that future recovery of your missing database files is impossible.
I highly recommend looking at the Microsoft document on running Eseutil /R: Eseutil /D Defragmentation Mode Eseutil /P Repair Mode Eseutil /C Restore Mode Eseutil /G Integrity Mode Eseutil /M File Dump Mode = /mh /ml /mk Eseutil /K Checksum Mode

Eseutil /Y Copy File Mode Database Recovery Strategies Reference for Common Eseutil Errors HOW TO INCREASE DATABASE SIZE IN EXCHANGE 2003

New functionality has been included with Microsoft Exchange Server 2003 Service Pack 2 (SP2). You can now configure database size limits. The database size limits for Microsoft Exchange Server 2003 Standard Edition have been increased from 16 GB to 18 GB. The limit can be increased to as much as 75 GB by using a registry key. Microsoft Exchange Server 2003 Enterprise Edition does not have a maximum database size limit. For more information about how to set the database size limit, see the Exchange Server 2003 Help topic. The Help topic was updated during the installation of Exchange Server 2003 SP2. MORE INFORMATION Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk. To increase the Exchange Server 2003 SP2 database size, follow these steps. Important Before you increase the maximum size of an Exchange database, verify that sufficient hard disk space is available for the larger database. 1. On the computer that is running Exchange 2003 SP2, click Start, click Run, type regedit, and then click OK. 2. Click one of the following registry subkeys, as appropriate for the store that you want to increase: • For a mailbox store, click the following registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\ Server name\Private-Mailbox Store GUID • For a public folder store, click the following registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\ Server name\Public-Public Store GUID 3. On the Edit menu, point to New, and then click DWORD Value. 4. In the New Value #1 box, type Database Size Limit in Gb, and then press ENTER. 5. Right-click Database Size Limit in Gb, and then click Modify. 6. Click Decimal, and then type an integer from 1 to 75 in the Value data box. Note These integer values represent the maximum size of the database in

gigabytes (GB). For example, a value of 75 represents a database that has a maximum size of 75 GB. 7. Click OK, and then exit Registry Editor. 8. Restart the Microsoft Exchange Information Store service. To do this, follow these steps: a. Click Start, click Run, type cmd, and then click OK. b. At the command prompt, type the following command, and then press ENTER: net stop msexchangeis c. After the Microsoft Exchange Information Store service has stopped successfully, type the following command, and then press ENTER: net start msexchangeis 9. Examine the Application log to verify that the database size has been set successfully. To do this, follow these steps: a. Click Start, click Run, type eventvwr, and then click OK. b. In the Event Viewer tool, click Application. c. Double-click event ID 1216 to verify that the database size has been set successfully.

Windows Server 2003 interview questions

1. How do you double-boot a Win 2003 server box? The Boot.ini file is set
as read-only, system, and hidden to prevent unwanted editing. To change the Boot.ini timeout and default settings, use the System option in Control Panel from the Advanced tab and select Startup.

2. What do you do if earlier application doesn’t run on Windows Server
2003? When an application that ran on an earlier legacy version of Windows cannot be loaded during the setup function or if it later malfunctions, you must run the compatibility mode function. This is accomplished by rightclicking the application or setup program and selecting Properties –> Compatibility –> selecting the previously supported operating system.


If you uninstall Windows Server 2003, which operating systems can you revert to? Win ME and Win 98. Network and Internet Connections –> Network Connections.

4. How do you get to Internet Firewall settings? Start –> Control Panel –> 5. What are the Windows Server 2003 keyboard shortcuts? Winkey opens
or closes the Start menu. Winkey + BREAK displays the System Properties dialog box. Winkey + TAB moves the focus to the next application in the taskbar. Winkey + SHIFT + TAB moves the focus to the previous application in the taskbar. Winkey + B moves the focus to the notification area. Winkey + D shows the desktop. Winkey + E opens Windows Explorer showing My Computer. Winkey + F opens the Search panel. Winkey + CTRL + F opens the Search panel with Search for Computers module selected. Winkey + F1 opens Help. Winkey + M minimizes all. Winkey + SHIFT+ M undoes

minimization. Winkey + R opens Run dialog. Winkey + U opens the Utility Manager. Winkey + L locks the computer.

6. What is Active Directory? Active Directory is a network-based object store
and service that locates and manages resources, and makes these resources available to authorized users and groups. An underlying principle of the Active Directory is that everything is considered an object—people, servers, workstations, printers, documents, and devices. Each object has certain attributes and its own security access control list (ACL).

7. Where are the Windows NT Primary Domain Controller (PDC) and its
Backup Domain Controller (BDC) in Server 2003? The Active Directory replaces them. Now all domain controllers share a multimaster peer-to-peer read and write relationship that hosts copies of the Active Directory.

8. How long does it take for security changes to be replicated among
the domain controllers? Security-related modifications are replicated within a site immediately. These changes include account and individual user lockout policies, changes to password policies, changes to computer account passwords, and modifications to the Local Security Authority (LSA).

9. What’s new in Windows Server 2003 regarding the DNS
management? When DC promotion occurs with an existing forest, the Active Directory Installation Wizard contacts an existing DC to update the directory and replicate from the DC the required portions of the directory. If the wizard fails to locate a DC, it performs debugging and reports what caused the failure and how to fix the problem. In order to be located on a network, every DC must register in DNS DC locator DNS records. The Active Directory Installation Wizard verifies a proper configuration of the DNS infrastructure. All DNS configuration debugging and reporting activity is done with the Active Directory Installation Wizard.

10. When should you create a forest? Organizations that operate on radically

different bases may require separate trees with distinct namespaces. Unique trade or brand names often give rise to separate DNS identities. Organizations merge or are acquired and naming continuity is desired. Organizations form partnerships and joint ventures. While access to common resources is desired, a separately defined tree can enforce more direct administrative and security restrictions. are used across forests: (1) Kerberos and NTLM network logon for remote access to a server in another forest; (2) Kerberos and NTLM interactive logon for physical logon outside the user’s home forest; (3) Kerberos delegation to N-tier application in another forest; and (4) user principal name (UPN) credentials.

11. How can you authenticate between forests? Four types of authentication

12. What snap-in administrative tools are available for Active Directory?
Active Directory Domains and Trusts Manager, Active Directory Sites and Services Manager, Active Directory Users and Group Manager, Active Directory Replication (optional, available from the Resource Kit), Active Directory Schema Manager (optional, available from adminpak)

13. What types of classes exist in Windows Server 2003 Active

Directory? o Structural class. The structural class is important to the system administrator in that it is the only type from which new Active Directory objects are created. Structural classes are developed from either the modification of an existing structural type or the use of one or more abstract classes. o Abstract class. Abstract classes are so named because they take the form of templates that actually create other templates (abstracts) and structural and auxiliary classes. Think of abstract classes as frameworks for the defining objects. o Auxiliary class. The auxiliary class is a list of attributes. Rather than apply numerous attributes when creating a structural class, it provides a streamlined alternative by applying a combination of attributes with a single include action. o 88 class. The 88 class includes object classes defined prior to 1993, when the 1988 X.500 specification was adopted. This type does not use the structural, abstract, and auxiliary definitions, nor is it in common use for the development of objects in Windows Server 2003 environments. command called Repadmin that provides the ability to delete lingering objects in the Active Directory.

14. How do you delete a lingering object? Windows Server 2003 provides a

15. What is Global Catalog? The Global Catalog authenticates network user
logons and fields inquiries about objects across a forest or tree. Every domain has at least one GC that is hosted on a domain controller. In Windows 2000, there was typically one GC on every site in order to prevent user logon failures across the network.

16. How is user account security established in Windows Server 2003?
When an account is created, it is given a unique access number known as a security identifier (SID). Every group to which the user belongs has an associated SID. The user and related group SIDs together form the user account’s security token, which determines access levels to objects throughout the system and network. SIDs from the security token are mapped to the access control list (ACL) of any object the user attempts to access.

17. If I delete a user and then create a new account with the same

username and password, would the SID and permissions stay the same? No. If you delete a user account and attempt to recreate it with the same user name and password, the SID will be different.

18. What do you do with secure sign-ons in an organization with many
roaming users? Credential Management feature of Windows Server 2003 provides a consistent single sign-on experience for users. This can be useful for roaming users who move between computer systems. The Credential Management feature provides a secure store of user credentials that includes passwords and X.509 certificates.

19. Anything special you should do when adding a user that has a Mac?

"Save password as encrypted clear text" must be selected on User Properties Account Tab Options, since the Macs only store their passwords that way. Dial-in, VPN, dial-in with callback.

20. What remote access options does Windows Server 2003 support? 21. Where are the documents and settings for the roaming profile
stored? All the documents and environmental settings for the roaming user are stored locally on the system, and, when the user logs off, all changes to the locally stored profile are copied to the shared server folder. Therefore, the first time a roaming user logs on to a new system the logon process may take some time, depending on how large his profile folder is.

22. Where are the settings for all the users stored on a given
machine? \Document and Settings\All Users Windows 2000 administration questions 1. Explain hidden shares. Hidden or administrative shares are share names with a dollar sign ($) appended to their names. Administrative shares are usually created automatically for the root of each drive letter. They do not display in the network browse list.

2. How do the permissions work in Windows 2000? What permissions
does folder inherit from the parent? When you combine NTFS permissions based on users and their group memberships, the least restrictive permissions take precedence. However, explicit Deny entries always override Allow entries. either compress it or encrypt it, but not both.

3. Why can’t I encrypt a compressed file on Windows 2000? You can 4. If I rename an account, what must I do to make sure the renamed
account has the same permissions as the original one? Nothing, it’s all maintained automatically.

5. What’s the most powerful group on a Windows system?

6. What are the accessibility features in Windows 2000? StickyKeys,
FilterKeys Narrator, Magnifier, and On-Screen Keyboard. see it if a fax had been installed.

7. Why can’t I get to the Fax Service Management console? You can only

8. What do I need to ensure before deploying an application via a Group
Policy? Make sure it’s either an MSI file, or contains a ZAP file for Group Policy.

9. How do you configure mandatory profiles? Rename ntuser.dat to

10. I can’t get multiple displays to work in Windows 2000. Multiple

displays have to use peripheral connection interface (PCI) or Accelerated Graphics Port (AGP) port devices to work properly with Windows 2000.

11. What’s a maximum number of processors Win2k supports? 2 12. I had some NTFS volumes under my Windows NT installation. What 13. How do you convert a drive from FAT/FAT32 to NTFS from the
command line? convert c: /fs:ntfs happened to NTFS after Win 2k installation? It got upgraded to NTFS 5.

14. Explain APIPA. Auto Private IP Addressing (APIPA) takes effect on Windows
2000 Professional computers if no DHCP server can be contacted. APIPA assigns the computer an IP address within the range of through with a subnet mask of

15. How does Internet Connection Sharing work on Windows 2000?
Internet Connection Sharing (ICS) uses the DHCP Allocator service to assign dynamic IP addresses to clients on the LAN within the range of through In addition, the DNS Proxy service becomes enabled when you implement ICS. Windows admin interview questions 1. Describe how the DHCP lease is obtained. It’s a four-step process consisting of (a) IP request, (b) IP offer, © IP selection and (d) acknowledgement.

2. I can’t seem to access the Internet, don’t have any access to the
corporate network and on ipconfig my address is 169.254.*.*. What happened? The 169.254.*.* netmask is assigned to Windows machines running 98/2000/XP if the DHCP server is not available. The name for the technology is APIPA (Automatic Private Internet Protocol Addressing).

3. We’ve installed a new Windows-based DHCP server, however, the users
do not seem to be getting DHCP leases off of it. The server must be authorized first with the Active Directory.

4. How can you force the client to give up the dhcp lease if you have
access to the client PC? ipconfig /release

5. What authentication options do Windows 2000 Servers have for remote
clients? PAP, SPAP, CHAP, MS-CHAP and EAP.

6. What are the networking protocol options for the Windows clients if for
some reason you do not want to use TCP/IP? NWLink (Novell), NetBEUI, AppleTalk (Apple).

7. What is data link layer in the OSI reference model responsible for? Data
link layer is located above the physical layer, but below the network layer. Taking raw data bits and packaging them into frames. The network layer will be responsible for addressing the frames, while the physical layer is responsible for retrieving and sending raw data bits.

8. What is binding order? The order by which the network protocols are used for
client-server communications. The most frequently used protocols should be at the top.

9. How do cryptography-based keys ensure the validity of data transferred
across the network? Each IP packet is assigned a checksum, so if the checksums do not match on both receiving and transmitting ends, the data was modified or corrupted.

10. Should we deploy IPSEC-based security or certificate-based security?
They are really two different technologies. IPSec secures the TCP/IP communication and protects the integrity of the packets. Certificate-based security ensures the validity of authenticated clients and servers. resolve NetBIOS to specific IP addresses.

11. What is LMHOSTS file? It’s a file stored on a host machine that is used to 12. What’s the difference between forward lookup and reverse lookup in
DNS? Forward lookup is name-to-address, the reverse lookup is address-toname. agent.

13. How can you recover a file encrypted using EFS? Use the domain recovery
14.What is a Firewall? Firewalls are of two types: -Hardware Firewall -Software Firewall. Firewall in simple manner is bascially the utility to provide the security over the network. These are the security measures that prevents the network’s in and out traffic to pass through the specific Security filters so that the unwanted and unsecure data can be stopped from entering into the network.. further… as a security measure it also depends on the network designer and implementer that how to use a Firewall mean to say the security measures like how to present the content filtering and Url filtering which type of firewall should be used and where to put it.. 15.What a protocol actually means: A Protocol is bascially set of rules designed and developed for the internetwork or can say intranetwork Communications. the need of Tcp had been rised in early years when like.. IBM Mainframe were not able to Communicate with the Burroughs mainframe.. means if you wish to connect 2 or more computers they should be

same with everything from manufacturer to designer and implementer…then TCP imerged as a solution-for-ever.. EARLIER it was NCP( Network Control Protocal) but later it refined into TCP( Transmission Control Protocol) and IP(Internet Protocol)on jan.1,1983.. Some General roles of TCP/IP are: 1. Independence from particular vendor or network. 2. very low data overhead 3. good failure recovery. and if the thinghs are taken seprately.. then TCP is bascially responsible for proper data transmission by assuring data integrity it is a connection oriented protocol that follows the under scenerio 1. Handshaking. 2. Packect Sequencing 3. Flow Control. 4. Error handling. IP : Since the data to be sent must be put somewhere the IP works here .. the required data is packaged in an IP packet. 16.Ip Address Ranges:

Class A: 0-126. 127 is a Broadcast Class B: 128-191 Class C: 192-223 Class D: 224-239 Class E: 240-255.
17.What is the difference between TCP and UDP TCP is a connection oriented protocol, which means that everytime a packet is sent say from host A to B, we will get an acknowledgement. Whereas UDP on the other hand, is a connection less protocol. Where will it be used : TCP -> Say you have a file transfer and you need to ensure that the file reaches intact, and time is not a factor, in such a case we can use TCP. UDP-> Media Streaming, question is say you are watching a movie…would you prefer that your movie comes..perfectly….but u need to wait a long time before you see the next frame ?..or would you prefer the movie to keep streaming…Yes…The second option is definely better….This is when we need UDP 18.Main differences between Exchange 2000 and 2003. Improved security, including all those of IIS v 6.0. HTTP over RPC means you do not need to configure a VPN for OWA. Up to 8 node Active / Passive clustering. Volume Shadow Copy for backup. Super upgrade tools like ExDeploy. pfMigrate utility to move public folders from legacy systems. An attempt to control Junk email both on the client and the server. FSMO ? ===== Flexible Single Master Operations

The Five FSMO Roles

There are just five operations where the usual multiple master model breaks down, and the Active Directory task must only be carried out on one Domain Controller. PDC Emulator - Most famous for backwards compatibility with NT 4.0 BDC's. However, there are two other roles which operate even in Windows 2003


Native Domains, synchronizing the W32Time service and creating group policies. I admit that it is confusing that these two jobs have little to do with PDCs and BDCs. RID Master - Each object must have a globally unique number (GUID). The RID master makes sure each domain controller issues unique numbers when you create objects such as users or computers. For example DC one is given RIDs 14999 and DC two is given RIDs 5000 - 9999.


Infrastructure Master - Responsible for checking objects in other other domains. Universal group membership is the most important example. To me, it seems as though the operating system is paranoid that, a) You are a member of a Universal Group in another domain and b) that group has been assigned Deny permissions. So if the Infrastructure master could not check your Universal Groups there could be a security breach.


Domain Naming Master - Ensures that each child domain has a unique name. How often do child domains get added to the forest? Not very often I suggest, so the fact that this is a FSMO does not impact on normal domain activity. My point is it's worth the price to confine joining and leaving the domain operations to one machine, and save the tiny risk of getting duplicate names or orphaned domains.


Schema Master - Operations that involve expanding user properties e.g. Exchange 2003 / forestprep which adds mailbox properties to users. Rather like the Domain naming master, changing the schema is a rare event. However if you have a team of Schema Administrators all experimenting with object properties, you would not want there to be a mistake which crippled your forest. So its a case of Microsoft know best, the Schema Master should be a Single Master Operation.


DNS (Domain Name System)
Active Directory absolutely relies on DNS, this is why you must become an expert on configuring DNS. Once DNS is setup, it runs itself thanks to the new dynamic component hence DDNS. TCP/IP knowledge plus understanding of how DNS works is essential when troubleshooting connectivity problems. What DNS does is enable client machines to resolve servers IP addresses. Once the client finds the server, Active Directory uses LDAP to locate services like Kerberos, Global Catalog that clients request. Your first domain controller can be tricky to setup. To begin with plan then check the Computer Name found in the System Icon. Before you run DCPROMO make sure you have the correct Primary DNS Suffix, drill down through the More.. button. My tactic is to do as little configuring of the forward lookup zone as possible and leave it all to the DCPROMO wizard. Once Active Directory creates the forward lookup zone, I configure Active Directory integration to to replicate DNS records to the other servers. Then I manually create the reverse lookup zone, add PTR records and check with NSLOOKUP.

DHCP (Dynamic Host Control Protocol)
I used to think you needed a DHCP server on every Subnet, but now I recommend just two DHCP servers to share each scope, with a DHCP relay agent on each subnet.

DHCP fits in well with DNS and domain controllers, so I would install DHCP on selected domain controllers. Once you have installed DHCP, there is much configuration work. But before you do anything else, you must Authorize the DHCP servers in Active Directory. I believe this authorization is a device to make you stop and think 'do I need another DHCP server?' Officially the authorization is to prevent rogue techies installing an extra DHCP server when it takes their fancy.

Microsoft Exchange Server interview questions
1. Distribution List? Ans: Distribution list is a term sometimes used for a function of email clients where lists of email addresses are used to email everyone on the list at once. This can be referred to as an electronic mailshot. It differs from a mailing list, electronic mailing list or the email option found in an Internet forum as it is usually for one way traffic and not for coordinating a discussion. In effect, only members of a distribution list can send mails to the list. 2. GAL, Routing Group, Stm files, Eseutil & ininteg - what are they used for? GAL: The Global Address List (GAL) also known as Microsoft Exchange Global Address Book is a directory service within the Microsoft Exchange email system. The GAL contains information for all email users, distribution groups, and Exchange resources. Digital IDs certificates generated by Microsoft Exchange Server Advanced Security or by Microsoft Exchange Key Management Server (KMS) are automatically published in the Global Address Book. Users of Microsoft Outlook can publish to GAL their externally generated PKI certificates that are used for secure e-mail. Routing Group: A routing group connector is used to send and receive messages between Exchange 2007 Hub Transport servers and Exchange Server 2003 or Exchange 2000 Server bridgehead servers. To create the routing group connector, you must specify the source servers from the originating routing group and the target servers in the destination routing group. The routing group connector is created in the routing group of which the source server is a member. By using the Bidirectional parameter, you can specify whether the connector is used for one-way or two-way mail flow. If you specify a two-way connector, a reciprocal connector is created in the target routing group. The source and target servers must be Exchange 2007 Hub Transport servers or Exchange Server 2003 or Exchange 2000 Server bridgehead servers. STM Files: STM files store streamed native Internet content; new messages are saved to the STM file on the mail server until they are accessed by a user's mail client; when messages are accessed by a MAPI client, they are transferred to the EDB file and converted to the native Exchange format.

ESEUTIL: When a database is corrupt or damaged, data can be restored from backup or repaired using Eseutil. ESEUTIL works at the database level. It deals with database pages, forward and backward links between the pages, free pages, cleaning up unuses indexes, etc. ISINTEG deals with the contents of the database, the links (relationships) between items (messages, message bodies, attachaments), updating item counts and folder sizes, etc. In a (very bad) anaology, if you think of the database as a bucket, and the data as sand in the bucket, you'd use ESEUTIL when there was a problem with the bucket. You'd use ININTEG when you wanted to count the grains of sand.

3. What is MIME & MAPI? MIME: A .mim or .mme file is a file in the Multipurpose Internet Mail Extension (MIME) format. MIME is a specification for the format of non-text e-mail attachments that allows the attachment to be sent over the Internet. MIME allows your mail client or Web browser to send and receive things like spreadsheets and audio, video and graphics files via Internet mail. MIME was defined in 1992 by the Internet Engineering Task Force (IETF). The distinguishing characteristic of a MIME message is the presence of the MIME headers. As long as your mail recipients also have e-mail software that is MIME-compliant (and most e-mail software is), you can swap files containing attachments automatically. MAPI: Short for Messaging Application Programming Interface, a system built into Microsoft Windows that enables different e-mail applications to work together to distribute mail. As long as both applications are MAPI-enabled, they can share mail messages with each other. 4. List the services of Exchange Server 2000? 5. How would you recover Exchange server when the log file is corrupted? 6. What are the required components of Windows Server 2003 for installing Exchange 2003? - ASP.NET, SMTP, NNTP, W3SVC 7. What must be done to an AD forest before Exchange can be deployed? - Setup /forestprep 8. What Exchange process is responsible for communication with AD? - DSACCESS 9. What 3 types of domain controller does Exchange access? - Normal Domain Controller, Global Catalog, Configuration Domain Controller 10. What connector type would you use to connect to the Internet, and what are the two methods of sending mail over that connector? - SMTP Connector: Forward to smart host or use DNS to route to each address 11. How would you optimise Exchange 2003 memory usage on a Windows Server 2003 server with more than 1Gb of memory? - Add /3Gb switch to boot.ini 12. What would a rise in remote queue length generally indicate? - This means mail is not being sent to other servers. This can be explained by outages or performance issues with the network or remote servers. 13. What would a rise in the Local Delivery queue generally mean? - This indicates a performance issue or outage on the local server. Reasons could be slowness in consulting

AD, slowness in handing messages off to local delivery or SMTP delivery. It could also be databases being dismounted or a lack of disk space. 14. What are the standard port numbers for SMTP, POP3, IMAP4, RPC, LDAP and Global Catalog? - SMTP – 25, POP3 – 110, IMAP4 – 143, RPC – 135, LDAP – 389, Global Catalog - 3268 15. Name the process names for the following: System Attendant? – MAD.EXE, Information Store – STORE.EXE, SMTP/POP/IMAP/OWA – INETINFO.EXE 16. What is the maximum amount of databases that can be hosted on Exchange 2003 Enterprise? - 20 databases. 4 SGs x 5 DBs. 17. What are the disadvantages of circular logging? - In the event of a corrupt database, data can only be restored to the last backup. 18. Where to configure the Smart Host information to configure it in the Virtual Server and others state to configure in the SMTP Connector.

19: What is the function of the Site Replication Service? The Site Replication Service (SRS) was designed to provide directory interoperability between Exchange 5.5 and Exchange 2000. SRS runs on Exchange 2000 and serves as a modified Exchange 5.5 directory. SRS uses Lightweight Directory Access Protocol (LDAP) to communicate to both the Active Directory and the Exchange 5.5 directory. To Exchange 5.5, the SRS looks like another Exchange 5.5 configuration/recipients replication partner. 20: What are Storage Groups, and what is the relationship between them and multiple databases? Ans:- A Storage Group is a virtual container for multiple databases, of which you can have up to five 21: Does Exchange 2000 support Single-Mailbox Restore? Ans: Exchange 2000 does not support Single-Mailbox Restore with tools and products from Microsoft. You can find several third-party backup programs that support Single-Mailbox Restore, but the Ntbackup.exe tool cannot perform this function. Exchange 2000 does provide Mailbox Retention, a feature that enables you to retain a deleted mailbox for a specified period of time before permanently deleting it. 22: What is Instant Messaging? Ans: Instant Messaging (IM) is a fundamentally unique medium of communication. This technology gives Exchange 2000 users the ability to communicate with other Instant Messaging users in an immediate, interactive environment that conveys "presence" and "status" information. 23: How many recipients can be on an SMTP message? Ans: The maximum number of recipients is 5,000 by default. When you send a message from one server to another with 5,000 recipients, you want that message body to be carried across the wire only once. The Windows 2000 SMTP server enables the administrator to specify the maximum number of recipients per message. The intention of having a low number is to make it harder for people to send junk mail to many recipients at once. The SMTP standard specifies that messages with more than 100 recipients should be broken into multiple messages. Note: SMTP standards specify that servers must be able to handle at least 100 recipients. 24: Is there any authentication performed when one server running Exchange talks to another through SMTP?

Ans: In Exchange 5.5, server-to-server communication is authenticated and encrypted using system-level Remote Procedure Call (RPC). With Exchange 2000, each server uses SMTP authentication with Kerberos. Encryption is not done by default. There are two options for encryption—Internet Protocol Security (IPsec), which is built into Windows 2000, and Transport Layer Security (TLS), built into the SMTP service and used by Exchange 2000. TLS is also known as secure sockets layer (SSL). 25: Isn't SMTP less secure than the X.400-based RPC that Exchange 5.5 had? Ans: Many people think that SMTP is not secure because it has a clear-text submission protocol. Exchange 2000 does several things to increase the security of data over SMTP: •Server-to-server communication is always authenticated. The default state of each server will not accept unauthenticated SMTP traffic. Each message is checked to see that the From: field in the submitted message is really the person who authenticated. •With IPsec or TLS, encryption of data between servers is as good or better than the encrypted RPC of Exchange 5.5. •Much of the intra-organization server-to-server mail traffic is actually somewhat obscured. Messages that originated from MAPI clients or the Web client are a set of MAPI properties that need to be carried from server-to-server. MAPI properties are carried in a Transport-Neutral Encapsulation Format (TNEF) binary large object (BLOB). This is encoded using a publicly available, unencrypted format, but it is not readable. There will be no useful information available from a message in transit. Even if a tool is used to parse a BLOB, data could be decoded. However, it would be extremely difficult to easily look at mail traffic. 26: What is the definition of site, administrative group, and routing group in a mixed organization? Ans: An Exchange site is a server grouping for both administrative and topological purposes. In a mixed organization, the servers running Exchange 5.5 recognize sites, while the servers running Exchange 2000 recognize both administrative and routing groups. The Active Directory Connector automatically replicates each Exchange 5.5 site to Exchange 2000 as both an administrative group with a routing group of the same name. 27: How does an Exchange 5.5 site relate to an Exchange 2000 administrative group? Ans: In a mixed or native Exchange 2000/Exchange 5.5 topology, these are mapped 1:1. The administrative group is mainly for permissions mapping, although the administrative group is used to create the legacy-distinguished name (DN). 28: How do messages get from an Exchange 2000 server to an Exchange 5.5 server in the same site/routing group? Ans: An Exchange 2000 server evaluates whether the server is in the same routing group or not. If it is, then the server sends the message through the Message Transfer Agent (MTA), which creates a direct local area network (LAN), MTA, RPC connection. If it is not, the server routes the message to the routing group of the destination server through connectors. 29: How do messages get from an Exchange 2000 server to another Exchange 2000 server in a mixed routing group? Ans: Exchange 2000 servers, whether in a mixed or pure routing group, always use SMTP to send messages from one server to another. The SMTP Service will open a direct connection to the destination server. However, Exchange 2000 servers will route based on routing groups, not administrative groups.

30: How does a Windows 2000 domain relate to an Exchange 2000 organization? Ans: There is no relationship. All configuration information for Exchange 2000 is stored in the Active Directory configuration naming context. This is replicated to every domain controller to each domain in the forest. Therefore, Exchange Organization information is available for read/write in every domain. 31: How does a Windows 2000 site relate to an Exchange 2000 routing group? Ans: An Exchange routing group is a collection of Exchange 2000 servers with high-availability to one another, but not necessarily high bandwidth. Although the concept of the Windows 2000 site and the Exchange routing group are quite similar, there are no alignment prerequisites for deployment. Routing groups are defined in the configuration naming context of the Active Directory.

32: How does a Windows 2000 domain relate to an Exchange 2000 routing group? Ans; There is no relationship. An Active Directory domain contains users and computer information for those that reside in that domain. An Exchange routing group contains information about Exchange 2000 servers that have high-availability to one another. 33: How does a Windows 2000 forest relate to an Exchange organization? Ans: In Exchange 2000, there is a limitation of exactly one Exchange organization per Windows 2000 Active Directory forest. Conversely, every server within a given Exchange organization must be in the same Active Directory forest. 34: What is the purpose of a routing group? Ans; The routing group is the smallest unit of servers likely to be connected to one another at all times. The routing group is one node on the graph of connector paths with multiple possible connectors between routing groups. Within a routing group, or before routing has been configured by the creation of a routing group, mail from one server to another goes point-to-point using SMTP. If you wish to have direct point-to-point routing between a collection of Exchange 2000 servers, you can place them into the same routing group. In general, you design your routing group boundaries based upon connectivity and availability of the network. Between routing groups, you can define connectors that route messages between these routing group collections. It is common practice to use a routing group connector (RGC) to accomplish this. 35: What does it mean for a connector to go down? Ans: If the source bridgehead cannot contact the destination bridgehead, then the system, by default, retries for 10 minutes. After 10 minutes, the bridgehead is marked unavailable. If there are other target bridgeheads on the connector, those are tried instead. Once all target bridgeheads on the connector are tagged as unavailable, then the whole connector is marked down and other routes are evaluated. If there are other available routes, message(s) are rerouted. If there are no other routes available, the message will sit in the local queue until the connector comes back up. 36: What does the routing service do when a local connector is down? Ans: When the SMTP Service or X.400 Service notices that a connector is down, it notifies the routing service of this. The routing service marks the connection as down in its routing state graph.

37: What exactly does a routing master do? Ans: The routing master coordinates changes to link state that are learned by servers within its routing group. When one single server coordinates changes, it is possible to treat a routing group as a single entity and to compute a least-cost path between routing groups. All servers in the routing group advertise and act upon the same information. 38: What happens when it goes down? Ans: All servers in the routing group continue to operate on the same information that they had at the time they lost contact with the master. This cannot cause mail to loop, because all servers continue to operate on loop-free information. When the master comes back up, it starts with all servers and connectors marked up. As it learns about down servers, it reconstructs the link state information and passes it around. 39: How do SMTP and X.400 servers communicate link state information within a routing group? Ans: Each server communicates with the master through a TCP-based Link State Algorithm (LSA) protocol developed in the transport core development team. Each server, including the master, is on TCP listening port 691 and registered with Internet Assigned Numbers Authority (IANA) for this purpose. The master broadcasts changes only to all servers in its routing group. 40: What are the file names for the essential exchange database? Ans: Priv1.EDB, Priv1.STM 41: What are the core exchange serives? Are they the same on exchange 5.5 and 2000? Ans: Information Store Service, System Attendant Service, Routing Engine 42: What ports do LDAP and GC use? Ans: LDAP=389 GC=3268 43: What is DNS port & protocol Ans: 53 44: Zenith infotech have 1 exchange server & ABC is one other company. How zenith infotech get mail from Abc (RUS) 45: Which contain in SYSVOL? Ans: Logon script & Group policy. In a nutshell, Sysvol is where group policy data is stored. Every policy stores the templates (adm files) and config settings in a folder under sysvol which is the guid of the policy data in AD. Sysvol is replicated independently of AD by the NTFRS service. NTFRS uses site topology data from AD to generate a replication topology, though. 46: DHCP are Unicast, Multicast or Broadcast Ans: DHCP are Broadcast 47: How to restore one particular mail box in exchange 2003 48: Which contain have in system state backup Ans: Active directory,Boot file,COM+Registary

49: How much zone in DNS Ans: Reverers Lookup & Forword lookup Zone 50: How much zone in Forword & Reveres lookup zone 51: How do you administer the new remote wipe feature in SP2? A. The new remote wipe capability requires the Microsoft Exchange ActiveSync Mobile Web Administration tool, one of a collection of Web tools that will be available in late 2005. The Exchange ActiveSync Mobile Administration Web tool was created as a separate Web tool so that Help desk staff or non–Exchange Server administrators can be delegated the right to manage devices. 52: What is Outlook Web Access? A. Outlook Web Access is a service of Exchange Server that enables users to access their Exchange Server mailboxes through a Web browser. By using Outlook Web Access, a server that is running Exchange Server can also function as a Web site that enables authorized users to read or send e-mail messages, manage their calendar, or perform other e-mail functions over the Internet. Outlook Web Access can be deployed in an Exchange Server front-end/back-end server deployment. 53: What are front-end and back-end Exchange servers? A. Exchange Server can be deployed in a front-end and back-end server configuration where the front-end component that serves to authenticate and proxy HTTP requests is deployed on an Exchange front-end server separate from an Exchange back-end server holding the Exchange Server Outlook Web Access functionality and information store, meaning the users' mailboxes and public folders, among other things. 54: What are Kerberos and NTLM? A. Kerberos and NTLM are two different authentication protocols. Kerberos is the preferred Windows authentication protocol used whenever possible and is the default protocol used by Exchange Server 2003 between front-end and back-end Exchange servers for Outlook Web Access. If for some reason Kerberos authentication would fail or is disabled, Outlook Web Access would fall back to using NTLM between the front-end and back-end Exchange servers. Note that Kerberos is called "Negotiate" when used over HTTP. 55: What is the difference between a primary and a non-primary connection agreement? A. A primary connection agreement replicates existing directory objects. It also creates and replicates new directory objects in the destination directory. A non-primary connection agreement only replicates information in pre-existing objects. A connection agreement type has two check boxes selected by default, even if a connection agreement already exists. These are "This is a primary connection agreement for the connected Exchange organization" and "This is a primary connection agreement for the connected Windows domain." If you are using more than one connection agreement to replicate Microsoft Windows 2000 user accounts for a single Exchange Server 5.5 organization, there should be only one primary connection agreement. Using multiple primary connection agreements to replicate the same Exchange 5.5 organization will result in creating duplicate objects.

56: Q. What is the name-matching rule, and how do I set it? A. You can customize directory object–matching rules on the From Exchange tab and the From Windows tab. The name-matching rule should be set to its default setting. You should change this only when the Active Directory directory service and the Exchange 5.5 directory have several common objects, for example, when inter-forest replication is in place. Matching rules should be changed so that object attributes in each of the directories have different values, for example, a Simple Mail Transfer Protocol (SMTP) address or a security identifier (SID). Note: Attributes you select affect all connection agreements. If you clear the attributes for Exchange 5.5, you clear the same attributes for Windows 2000. 57: Is there any way to compress data with Exchange 2000 before sending it to another server? A. At this time, SMTP servers do not have compression for mail. The specification for mail servers, however, includes a standard for implementing compression. The TLS extension helps maintain message security through both compression and encryption. Encryption is usually more secure if the data is not plain text, and to make compression unpredictable, you should compress before encryption. Exchange Server supports the TLS extension. Our transport events technology also makes it very easy for Microsoft or a third-party software vendor to release an extension to Exchange 2000 that would automatically compress and decompress messages as they come into or go out of Exchange. In most cases, compression overhead taxes the CPU of the Exchange server. This reduces performance, often offsetting any network bandwidth you gained through compression. Thus, it's probably better to build more functionality into the client, where you may have idle CPU cycles to spare, than to tax the server with compression. Note: Current TLS implementations do not use any compression algorithms. 58: Can Exchange 2000 run on top of a different Microsoft Windows SMTP Server from Microsoft Internet Information Server (IIS) 5.0? A. No, Exchange 2000 requires and works in concert with the server events extensibility that are built into the SMTP server. This ships as part of IIS 5.0 in Windows 2000. 59: How is the host name of an internal or external server resolved? A. The SMTP Service takes a name, call it "REMOTE," which might be a server's internal fully qualified domain name (FQDN) or an external FQDN of an e-mail domain. For example, looks up "" and resolves it. The following steps should be taken to accomplish this: • Check the domain name system (DNS) for the mail exchanger (MX) record for REMOTE. • If DNS returns >0 entries, connect to port 25 on each one, in lowest priority order first. • If DNS returns "Authoritative Host Not Found [1]," non-delivery report (NDR) the message immediately. This is returned if the name server accesses the root (.) node of DNS and does not find a record for the domain name. • If DNS returns any other error, or returns no MX entries, then fall through to step 2 and call gethostbyname() for REMOTE. This results in both an A record search as well as WINS lookup. Note: By default, Windows 2000 DNS ships with the IP addresses of the InterNIC root name servers pre-populated in its configuration. This means that a request for a domain that is not defined in a zone on the DNS server will be forwarded to one of those servers. If your server is

behind a firewall and cannot reach these servers, you will not get "Authoritative Host Not Found," but rather "Server Failed." 60: How do legacy servers interact with Exchange 2000 connectors? A. Within a pure Exchange 5.5 site, one server is designated as the routing calculation server that is responsible for keeping the gateway address resolution table (GWART) up to date and consistent across all servers within the site. When a server running Exchange 2000 is installed into an Exchange 5.5 site, the original server running Exchange 5.5 resumes its routing role. Although Exchange 2000 uses a very different routing mechanism to Exchange 5.5, it creates an Exchange 5.5–compatible GWART that will be replicated into the Exchange 5.5 environment through the Active Directory Connector. This information will then be merged with the GWART that the routing calculation server generates. The net result is that users on Exchange 5.5 servers will be able to take advantage of connectors installed on Exchange 2000 servers. 61: How does an Exchange 5.5 site relate to an Exchange 2000 routing group? A. In a mixed Exchange 2000/Exchange 5.5 topology, a site is represented as an administrative group and a routing group. An Exchange 2000 routing group, contained within the administrative group, is more analogous to a sub-site than to a site because it is for purely topological groupings. However, it is advisable that servers belonging to sites in Exchange 5.5 also be applied in this case. Members belonging to the same routing group are expected to have very high bandwidth and availability. 62: How does a Windows 2000 site relate to an Exchange 2000 organization? A. There is no relationship. A Windows 2000 site is defined as a group of resources (computers, servers, etc.) that have high-connectivity to one another. An Exchange organization encompasses the entire forest and bears no relationship to the topological site structure that the Active Directory administrator defines. 63: How does the connector get designated as up again? A. The SMTP Service creates a special connection that has zero messages, but tries the remote side of the connector according to the retry interval for the virtual server. When the connection succeeds, the service updates routing with the new information that the connector is back up. 64: Q. Does having a single routing master introduce a single point of failure? A. No. Exchange 2000 may send mail to a server whose link is down, but mail will continue to flow, since Exchange will automatically switch to sub-optimal routing if a routing master fails. Exchange 2000 enables the administrator to manually change the routing master role from one server to another. 65: How do servers (both SMTP and X.400) communicate link state information between routing groups? A. When two servers communicate through SMTP, Exchange 2000 uses a version of LSA protocol that works as an extension to SMTP through the SMTP Service Extensions (ESMTP) framework. Exchange 2000 servers advertise X-LINK2STATE support during the EHLO. When one Exchange 2000 server sees another advertising that, it attempts to trade routing information. Routing information will only be traded if the two servers are in the same organization (a DIGEST string is compared). This only occurs in the event of per-routing-group differences in transferred information. Between routing groups, when servers communicate through X.400, Exchange 2000 uses a version of LSA. The MTA constructs a "dummy" X.400 message to transfer this information.

66: How often do servers that connect between routing groups communicate link state updates? Are messages used? A. In the case of link state updates tunneled through SMTP, messages are not used. Instead, when there is an update, a connection is created to the neighboring routing group. During the course of that connection, the link state information is transferred. In fact, even if there is no new information on the source side, during each SMTP transmission between two Exchange 2000 servers in the same organization, they will exchange link state information. In the case of link state updates through X.400 between two Exchange 2000 servers, a "dummy message" is created that includes the link state update information.

67: Why have all of this routing? A. Network routers use the Open Shortest Path First (OSPF) protocol to route packets optimally between servers. The single-source, shortest-path algorithm, used by the Exchange routing service, is very similar to the OSPF internal routing protocol used by many enterprise networks, except that Exchange provides more information than simply IP source and destination. Exchange can route messages according to destination, message size sender, and message priority. Note: The similarity between OSPF, and the routing algorithm used by Exchange 2000, is that they are both derived from Dijkstra's algorithm. Using the same type of algorithms is where this similarity ends. You do not have to deploy OSPF before deploying Exchange 2000. Another reason to route messages through logical connectors is to optimize message bandwidth. If a single message is destined for recipients on five different servers in a remote location, pointto-point communication causes the message body to be sent five times. By funneling that through a messaging bridgehead, the message body is only sent once, which makes a significant difference with large messages. Note: Certain connectors may be limited as to what size messages they will take. This is not referring to the IP address of the sender, but rather the actual e-mail address of the sender. Certain connectors may be limited by who may use them. 68: Does Exchange ActiveSync require SSL authentication? A. It depends on the device. Windows Mobile 2002 powered devices connect over Secure Sockets Layer (SSL). Windows Mobile 2003 powered devices do not require SSL. However, it is strongly recommended that you use SSL to protect your data and credentials. To enable SSL authentication on Windows Mobile 2003 powered devices, in the ActiveSync Server Synchronization settings, select the This server uses an SSL connection option. 69: How can I control which users have access to Exchange ActiveSync? A. By default, all users are enabled for Exchange ActiveSync. An Exchange Server administrator can globally disable Exchange ActiveSync for all users in Exchange System Manager by using the Mobile Settings option under Global Settings. You can also enable or disable individual users by using Active Directory Users and Computers. 70: What types of data can be synchronized by using Exchange ActiveSync? A. Exchange ActiveSync enables you to synchronize your e-mail messages, calendar, and contacts lists in your Exchange Server 2003 mailbox with a Microsoft Windows Mobile powered device.

71: What are the core services in Exchange 5.5? Exlplain the order of starting the services? Ans: 1. Directory service(DS): “net start msexchangeds” 2. Information Store(IS): “net start msexchangeis” 3. Message Transfer Agent(MTA): “net start msexchangemta” 4. Internet Mail Connector(IMC): “net start msexchangeimc” 5. “net start msexchangees”

72: IMC service in Exchange 5.5 does not start. Explain the necessary steps you would take to check and resolve the problem? Ans: 1. Incorrectly configured Address Space. 2. Use a blank space in the Address Space field which will lets the Internet Mail Connector send mail to all recipients and provides a basic configuration on which to build after you know your service works. If you have entered anything in this box, try removing it and see if the IMC starts. 73: Q10. What are the core services in Exchange 2000? Explain the process of starting the services? Ans: The core services are Microsoft Exchange MTA Stack (msexchangemta). Microsoft Exchange Information store (msexchangeis). Microsoft Exchange Routing Engine (reSvc). Microsoft Exchange System Attendant (msexchangesa). Network News Transfer Protocol (NNTPSvc) Simple Mail Transfer Protocol (SMTPSvc). 74: What is RUS? Which service is responsible for the RUS? Ans: The Recipient Update Service(RUS) is a component in the Exchange 2000 System Attendant service. The RUS creates and maintains Exchange 2000-specific attribute values in the Active Directory. If you create a mailbox for a user, the RUS is responsible for the automatic generation of the user’s Simple Mail Transfer Protocol(SMTP) address and any other proxy addresses that you have defined for your recipients. However, in Active Directory Users and Computers tool, the proxy addresses are not displayed immediately because a short latency period occurs before the Recipient Update Service produces the new e-mail addresses. This latency occurs even if you have configured the RUS to run continuously. After you install Exchange 2000, two instances of RUS are created: 1. The enterprise configuration RUS, 2. The domain RUS There is only one instance of the enterprise RUS in the organization. You must have a RUS for each domain that contains mailbox-enabled users. Each instance of the Domain RUS associates one Exchange 2003 computer(where the RUS runs) with one Windows 2000 or Windows 2003 Server Domain controller(where AD objects are updated). Only one RUS can be associated with any Active Directory domain controller.

If you have multiple sites, you can also add multiple instances of the RUS for each domain. In this scenario, an instance of the RUS is hosted on a DC in each site, and mailbox creation does not depend on the inter-site replication schedule of the AD. If you create a new mailbox-enabled user, that user cannot log on to their mailbox until the RUS has generated the new proxy e-mail addresses. If you set the RUS to run on a schedule, that user may have to wait a short period before they can use Exchange 2003. To update addresses immediately, you can force the RUS to run manually.

75: What is a recipient policy, e-mail policy and mailbox manager policy? Ans: Recipient policies are used in Exchange 2000 server to automatically control the generation of e-mail addresses for recipient objects The following are recipient objects, 1. Mail-enables users 2. Contacts 3. Groups 4. Public Folders Recipient policies are similar to the “Site-Addressing” feature in Exchange 5.5, but are more flexible. For e.g. recipient policies allow you to create multiple addresses for a given address type. They provide a set of LDAP-based filter rules. These rules allow you to select the set of recipients to which the recipient policy will apply. Mailbox manager policy is the policy in which the Exchange Administrator has the ability to control the content of user’s mailbox. Recipient policies are a set of configurable rules that run on a schedule and evaluate all the messaging-enabled objects in your Active Directory forest. The policy uses the rules to filter all of the objects and to selectively apply e-mail addresses of specific types to those instances that fit the predefined rules. 76: What is edb.chk file used for? Ans: The checkpoint files are used to keep a track of transactions that are committed to the database after backup. 77: What is the temp.edb file? Ans: The file TEMP.EDB is used to store transactions that are in progress. TEMP.EDB is also used for some transient storage during online compaction. 78:

Mail Flow within organizations: 1. User sends mail to another user by using an exchange client. 2. By using SMTP, the sender’s client submit this mail to the SMTP virtual server of home mailbox server. 3. Then Exchange server looks up the recipient of the mail message to determine which server the recipients mailbox resides on. 4. Now if the recipient is on same server, exchange delivers the message to recipient’s mailbox – But if the mailbox is on another server, the sender’s mailbox server sends that mail to recipeint’s mailbox server, and then it is the recipient’s mailbox server who delivers the mail to recipient mailbox. Where all servers are running Exchange 2000 or higher. Where Exchange 5.5 servers still exist. 1. Microsoft Exchange Information Store: This service manages the Microsoft Exchange Information Store, and makes mailbox stores and public folder stores available. 2. Microsoft Exchange System Attendant: This service provides monitoring, maintenance, and Active Directory lookup services, for example (RUS, Recipient policy, Building offline Address book etc, , monitoring of services and connectors, defragmenting the Exchange store, and forwarding Active Directory lookups to a Global Catalog server. 3. Microsoft Exchange Routing Engine: Provides topology and routing information to Exchange Server 2003 servers. If this service is stopped, optimal routing of messages will not be available. 4. Microsoft Exchange MTA Stacks: Provides Microsoft Exchange X.400 services. Exchange X.400 services are used for connecting to Exchange 5.5 servers, and by other connectors (custom gateways). 5. Microsoft Exchange Management: Provides Exchange management information using Windows Management Instrumentation (WMI). If this service is stopped, Exchange management information is unavailable using WMI Priv1.edb: A rich-text database file containing message headers, message text, and standard attachments. Priv1.stm: A streaming internet content file containing audio, video and other media that are formatted as streams of Multipurpose Internet Mail Extensions (MIME) data Log Files (E0001.log – 5 MB files) – These are the log files which Microsoft Exchange Server uses for transaction and as a disaster recovery method that can bring a Exchange database back to a consistent state after a crash. Before anything is written to the EDB file, it is first written to a transaction log. Once the transaction has been logged, the data is written to the database when convenient Until a transaction is committed to the database, it is available from memory and recorded in the transaction logs. This is why you will see store.exe use up to 1GB of memory after the Exchange server has been in use for a while. After an Exchange server is brought back up after a crash, the checkpoint file points to the last committed transaction in the transaction logs which are then replayed from that point on. This form of write-ahead logging is important for you to know.

Native Mode: Mixed Mode: Exchange Services:

Exchange Database files

Sign up to vote on this title
UsefulNot useful