Professional Documents
Culture Documents
2. In Server Manager, click Tools, and then click Active Directory Users and Computers.
4. In the Adatum.com Properties dialog box, verify that the domain and forest functional levels are
compatible with the Exchange Server 2013 requirements.
5. Click OK, and then close Active Directory Users and Computers.
6. Click to the Start screen and then type adsi edit, and then press Enter.
7. Right-click ADSI Edit, and then click Connect to.
8. In the Connection Settings dialog box, in the Connection Point section, in the Select a well-
known Naming Context list, click Configuration, and then click OK.
9. In the left pane, expand Configuration [LON-DC1.adatum.com], and then click
CN=Configuration,DC=adatum,DC=com.
10. Expand CN=Services, and verify that the CN=Microsoft Exchange has not been created.
11. Close ADSI Edit.
2. In the Windows PowerShell window, type IPConfig /all, and then press Enter. Verify that the Domain
Name System (DNS) server IP address for the Local Area Connection is 172.16.0.10.
3. At the command prompt, type Ping LON-DC1.adatum.com and press Enter. Verify that you have
network connectivity with the domain controller.
5. At the command prompt, type set type=all, and then press Enter.
6. At the command prompt, type _ldap._tcp.dc._msdcs.adatum.com, and then press Enter. Verify that
an SRV record for lon-dc1.adatum.com is returned.
Results: After completing this exercise, students will have AD DS requirements evaluated.
MCT USE ONLY. STUDENT USE PROHIBITED
L1-2 Deploying and Managing Microsoft Exchange Server 2013
3. On LON-EX1, from the task bar, open Server Manager, click Tools and then select Services.
4. Double-click Net.Tcp Port Sharing Service.
13. From the desktop, open Windows Explorer and navigate to D: drive.
15. On the Check for Updates? page, click Don’t check for updates right now, and click next. Wait
until setup copies files, and then initialize the process.
19. On the Server Role Selection page, select Mailbox role and Client Access role, and then click next.
20. On the Installation Space and Location page, accept the default values, and click next.
21. On the Malware Protection Settings make sure No is selected, and then click next.
22. On the Readiness Checks page, ensure that all prerequisites are met, and click install.
23. Wait until the installation completes. It can take 30 to 40 minutes to finish. On the Setup Completed
page click finish.
3. Scroll down the list of services, and click the Microsoft Exchange Active Directory Topology
service. Review the service description.
4. Review the status of the remaining Exchange Server services. Ensure that all services that are set for
Automatic startup are running.
5. Close Services.
11. Sign in as Adatum\Administrator with the password Pa$$w0rd. At the Language and Time zone
page, click save.
12. Click new mail.
Results: After completing this exercise, students will have Exchange Server 2013 deployed.
MCT USE ONLY. STUDENT USE PROHIBITED
L1-4 Deploying and Managing Microsoft Exchange Server 2013
2. In the Domain\user name text box type Adatum\Administrator, and type Pa$$w0rd in the
Password field, and then click sign in.
3. In the Exchange admin center, click recipients in the left pane, and then click mailboxes in the
central pane.
5. In the new user mailbox window, select Existing user and then click browse.
6. In the Select User – Entire Forest window, select Aidan Delaney, and click ok.
14. Scroll down and make sure that Open is selected in last two sections. Click save.
15. In the upper right corner, click the arrow next to Administrator, and select Sign out.
5. Type Get-Mailbox, and press Enter. You will receive all mailboxes on the server in the list.
2. In the Outlook Web App window, sign as Adatum\Aidan with the password Pa$$w0rd.
3. Click save on the next page.
13. In the email signature box, type Aidan Delaney, Adatum Corp., and select Automatically include
my signature on messages I send.
14. Click save.
2. In the Virtual Machines list, right-click 20341A-LON-DC1-B, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
Results: After completing this exercise, students will have explored Exchange management tools.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
L2-7
2. On the task bar, click File Explorer, navigate to C:\Files and double-click on E2010Calc19.9.xlsm.
On the Security warning, click Enable Content.
3. In the Exchange 2010 Mailbox Server Role Requirements Calculator, on the Input sheet, enter
the values in the following sections:
o Total Number of HA Database Copy Instances (Includes Active Copy) within DAG: 3
Backup Configuration
Task 3: Analyze output from the Exchange Mailbox Server Role Requirements
Calculator
1. In the Exchange 2010 Mailbox Server Role Requirements Calculator, click the Role
Requirements tab.
2. Review the calculated requirements provided in this sheet.
4. Click Fail Server for each server. Observe where the databases will be distributed.
5. Click Export DAG Scripts.
7. Click the LUN Requirements sheet. Review the calculated requirements provided in this sheet.
8. Click the Backup Requirements sheet. Review calculated requirements provided in this sheet.
9. Click the Replication Requirements sheet. Review the calculated requirements provided in this
sheet.
10. Click the Storage Design sheet. Review the calculated requirements provided in this sheet.
12. Right-click the CreateMBDatabases.ps1 file, and select Edit. Review the contents of the generated
script.
13. Right-click the CreateMBDatabaseCopies.ps1 file, and select Edit. Review the contents of the
generated script.
14. Right-click the DiskPart.ps1 file, and select Edit. Review the contents of the generated script.
Task 4: Discuss the solution with the instructor and the class
1. Discuss the solution provided by the Exchange Mailbox Server Role Requirements Calculator with
other students and with the instructor.
2. Change the values on the Input tab of the Exchange Mailbox Server Role Requirements Calculator,
and see how that reflects on the results that this tool provides.
Results: After completing this exercise, the students will have created a plan for their mailbox server
configuration.
4. On the Select destination server page, make sure that Select server from the server pool is
selected, and then click Next.
5. On the Select server roles page, expand File And Storage Services (Installed), expand File and
iSCSI Services (Installed), select the iSCSI Target Server check box, and then click Next.
6. On the Select features page, click Next.
11. In the iSCSI VIRTUAL DISKS pane, click TASKS, and then in the TASKS drop-down list, select New
iSCSI Virtual Disk.
12. In the New iSCSI Virtual Disk Wizard, on the Select iSCSI virtual disk location page, under Storage
location, click C:, and then click Next.
13. On the Specify iSCSI virtual disk name page, in the Name box, type iSCSIDisk1, and then click
Next.
14. On the Specify iSCSI virtual disk size page, in the Size box, type 2, make sure GB is selected in the
drop-down list, and then click Next.
15. On the Assign iSCSI target page, click New iSCSI target, and then click Next.
16. On the Specify target name page, in the Name box, type LON-MBX1, and then click Next.
22. On the View results page, wait until the creation is completed, and then click Close.
23. In the iSCSI VIRTUAL DISKS pane, click TASKS, and then in the TASKS drop-down list, select New
iSCSI Virtual Disk.
24. In the New iSCSI Virtual Disk Wizard, on the Select iSCSI virtual disk location page, under Storage
location, click C:, and then click Next.
25. On the Specify iSCSI virtual disk name page, in the Name box, type iSCSIDisk2, and then click
Next.
26. On the Specify iSCSI virtual disk size page, in the Size box, type 2, make sure GB is selected in the
drop-down list, and then click Next.
27. On the Assign iSCSI target page, click lon-mbx1, and then click Next.
29. On the View results page, wait until the creation is completed, and then click Close.
30. In the iSCSI VIRTUAL DISKS pane, click TASKS, and then in the TASKS drop-down list, select New
iSCSI Virtual Disk.
31. In the New iSCSI Virtual Disk Wizard, on the Select iSCSI virtual disk location page, under Storage
location, click C:, and then click Next.
32. On the Specify iSCSI virtual disk name page, in the Name box, type iSCSIDisk3, and then click
Next.
33. On the Specify iSCSI virtual disk size page, in the Size box, type 500, make sure MB is selected in
the drop-down list, and then click Next.
34. On the Assign iSCSI target page, click lon-mbx1, and then click Next.
36. On the View results page, wait until the creation is completed, and then click Close.
7. In the IP address or DNS name box, type 172.16.0.10, and then click OK.
8. Click the Targets tab.
9. Click Refresh.
11. Select Add this connection to the list of Favorite Targets, and then click OK two times.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft® Exchange Server 2013, Core Solutions L2-11
4. Right-click Disk 1, and then click Initialize disk. In the Initialize Disk dialog box, click OK.
5. Right-click the unallocated space next to Disk 1, and then click New Simple Volume.
9. On the Format Partition page, in the Volume Label box, type DB1. Select the Perform a quick
format check box, and then click Next.
10. Click Finish. (Note: If the Microsoft Windows window pops up with prompt to format the disk, click
Cancel.)
11. Repeat steps 3 through 10 for Disk 2 and Disk 3. (Note: Use DB2 and Logs for Volume Labels
respectively.)
Results: After completing this exercise, the students will have iSCSI storage configured for their mailbox
databases and logs.
10. In the Prohibit send and receive at (GB): text box, type 1.3.
11. In the Keep deleted items for (days): text box, type 30.
12. Click save. Minimize the Exchange Administration Center window.
13. On LON-MBX1, click to the Start screen and then click Exchange Management Shell.
14. In the Exchange Management Shell window, type Get-MailboxDatabase and press Enter.
MCT USE ONLY. STUDENT USE PROHIBITED
L2-12 Planning and Configuring Mailbox Servers
16. In the Exchange Management Shell window, type the following command and then press Enter:
20. Open File Explorer and navigate to E:\ and open the DB1 folder. Make sure that the database
DB1.edb file is present.
21. Navigate to G:\, and open the folder Logs\DB1. Ensure that the log files are present.
22. Close File Explorer.
3. Click New.
4. In the Database window, in the Mailbox database text box, type DB2.
5. Click browse.
6. In the Select Server window, select LON-MBX1, and then click ok.
7. Make sure that the status of the request is completed. (If it is not completed, wait for several minutes,
and then repeat step 6.)
8. Switch to LON-DC1. Open File Explorer and then browse to the C:\MailboxExport folder, and make
sure that the aidan.pst file is present.
9. Close File Explorer.
2. In the Virtual Machines list, right-click 20341A-LON-DC1, and then click Revert.
Results: After completing this exercise, the students will have their mailbox databases created and
configured.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
L3-15
2. Click Tools, and then click Active Directory Module for Windows PowerShell.
6. At the Type the Password prompt, type Pa$$w0rd and press Enter.
9. Expand Adatum.com, expand TreyResearch, and verify that the TreyResearch OU contains child OUs
with user accounts and groups.
10. Close Active Directory Users and Computers.
3. At the command prompt, type Mount-Database –id TreyResearchDB, and then press Enter.
4. At the command prompt, type Get-User –OrganizationalUnit TreyResearch | Enable-Mailbox -
Database TreyResearchDB.
o Location: Harrow
o Capacity: 20
11. Click Select delegates who can accept or decline booking requests.
12. Click Add, click Charlotte Weiss, click add, and then click ok.
MCT USE ONLY. STUDENT USE PROHIBITED
L3-16 Managing Recipient Objects
13. Click more options, and under Mailbox database, click browse, click TreyResearchDB, and then
click ok.
4. Click save.
5. On the groups tab, click New, and then click Distribution group.
o Alias: TreyResearchNews
o Organizational unit: TreyResearch
o Members: none
7. Click save.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft® Exchange Server 2013, Core Solutions L3-17
8. On LON-CAS1, in the Exchange Management Shell, type cd E:\Labfiles\Mod03:, and press Enter.
10. Type foreach ($i in $users) {set-mailbox –Identity $i.alias –CustomAttribute1 “TreyResearch
Integration Project Team”}, and press Enter.
11. On LON-CAS1, in the EAC, on the groups tab, click New, and then click Dynamic distribution
group.
o Alias: TreyIntegration
o Organizational unit: TreyResearch
o Owner: Administrator
13. Under Members, click Only the following recipient types, and select the Users with Exchange
mailboxes check-box.
Results: In this exercise, you create AD DS user and group accounts for Trey Research, created a room
mailbox with custom permissions, and configured a shared mailbox. You also configured distribution
groups for the Trey Research users.
3. Click save.
2. In the new email address policy window, type TreyResearch Email as the Policy name.
10. In the Details pane, click Apply, and then click yes.
11. Click close.
6. In the select an organizational unit dialog box, click TreyResearch, and click ok.
2. At the command prompt, type the following command, and press Enter.
3. At the command prompt, type the following command, and press Enter.
4. At the command prompt, type the following command, and press Enter.
5. At the command prompt, type the following command, and type Enter.
6. At the command prompt, type the following command, and press Enter.
Update-AddressList TreyResearchRooms
7. At the command prompt, type the following command, and press Enter.
8. At the command prompt, type the following command, and press Enter.
9. At the command prompt, type the following command, and press Enter.
10. At the command prompt, type the following command, and press Enter.
3. Verify that the ResearchABP has been assigned to Aaron’s mailbox. Click cancel.
9. On the Auto Account Setup page, verify that Aaron’s information is automatically added, and
click Next.
10. Click Finish, and wait for Outlook to open.
11. In the First things first window, click Ask me later, and click Accept.
12. After Outlook opens, click New Email. In the Untitled – Message (HTML) window, click To.
13. Verify that the user can only see users and groups in the TreyResearch OU.
15. Type a subject and short email message and then click Send.
16. Click the Calendar icon.
20. Under Address Book, click TreyResearchRooms. Click TR_Room1 and click Resources. Click OK.
21. In the Untitiled – Meeting window, pick a time tomorrow in the Start time box.
22. Type a subject and short message and click Send.
23. Review the Meeting Response message and close the message.
27. In the Outlook Web App window, click the Settings icon in the top right corner, and click Options.
32. Review the error message stating that the group is closed and click ok. Click close.
35. Close the all groups dialog box, verify that Aaron is now a member of the TreyResearchNews
distribution group. Close Internet Explorer.
40. In the Outlook Web App window, verify that Aidan received the message sent to the treyintegration
dynamic distribution group.
Results: In this exercise, you created an email address policy and address list for Trey Research. You also
created an address book policy for Trey Research and validate the deployment.
3. In the Feature pane, click public folders, and then click OK.
4. Click the public folder mailboxes tab, and then click new public folder mailbox.
5. On the new public folder mailbox page, type PFMBX1 in the Name field.
6. Under Organizational unit, click browse, click TreyResearch, and then click ok.
7. Under Mailbox database, click browse, click TreyResearchDB and then click ok.
8. Click save.
4. In the new Public Folder window, in the Name field, type Research, and then click save.
2. Verify that TreyResearch is listed in the folder list, select the folder, and then under Folder
permissions, click Manage.
5. In the Select Recipient window, click TR_IT, and then click ok.
7. Select the Apply changes to this public folder and all its subfolders check-box.
8. In the TreyResearch window, click Add.
10. In the Select Recipient window, click AllTreyResearch, and then click OK.
11. Under Permission level, click Author, and then click save.
3. Expand the Public Folders and verify that the TreyResearch and Research public folders are visible.
Note: It can take several minutes for the public folders to appear. If the public folders are
not visible, wait a few minutes, close Outlook 2013 and open it again. If the public folders still do
not appear, sign out on LON-CL1, sign in as Cindy using the password Pa$$w0rd, and open
Outlook 2013. Configure the Outlook profile, and verify the public folder are visible.
Results: In this exercise, you will have created public folder mailboxes for Trey Research and verified that
users can access the mailboxes.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
L4-23
3. In the Exchange admin center, in the left navigation pane, click servers.
6. In the Exchange Certificate – Windows Internet Explorer window, in new Exchange certificate
Wizard, select Create a request for a certificate from a certification authority, and then click
next.
7. In the Friendly name for this certificate, type mail.adatum.com, and click next.
8. On the page with the option for using wildcard certificates, do not make any changes, and click next.
9. Click browse.
10. In the Select a Server window, click LON-CAS1, and click ok.
13. In the Specify the domains for the above Access type, enter mail.adatum.com, and click ok.
14. Repeat steps 12 and 13 for items where <not specified> is in the DOMAIN column.
16. On the next page, make sure that you have the following names in the list: mail.adatum.com, lon-
cas1.adatum, autodiscover.adatum.com,LON-CAS1, and Adatum.com, and then click next.
d. City/Locality: Seattle
e. State/Province: WA
4. In the CertReq.req – Notepad window, click Ctrl+A to select all the text, and then click Ctrl+C to
copy and save the text to the clipboard. Close Notepad.
10. On the Advanced Certificate Request page, click Submit a certificate request by using a base-
64-encoded CMC or PKCS#10 file, or submit a renewal request by using a base-64-encoded
CMC or PKCS#7 file.
11. On the Submit a Certificate Request or Renewal Request page, click in the Saved Request field,
and then press CTRL+V to paste the certificate request information into the field.
12. In the Certificate Template drop-down list box, click Web Server, and then click Submit. Click Yes.
13. On the Certificate Issued page, click Download certificate.
14. In the File Download dialog box, click the arrow next to Save. Select Save As.
15. In the Save As dialog box, click Save.
17. In the Certificate dialog box, on the Details tab, click Subject Alternative Name. Verify that the
certificate includes several subject alternative names, and then click OK.
18. On LON-CAS1, open File Explorer and create new folder called cert on the C:\ drive. Share the
folder, and give Read permission to Everyone.
4. Click on mail.adatum.com, and then click … on the toolbar and select import Exchange certificate.
10. Click on mail.adatum.com, and click the pencil icon on the toolbar
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft® Exchange Server 2013, Core Solutions L4-25
Results: After completing this exercise, the students will have a certificate installed on the Exchange
Server Client Access server.
6. Click on LON-CAS1, and click add-> button, and then click ok.
7. In the text box below Enter the domain name, type mail.adatum.com, and click save.
8. Click close after the operation completes.
9. Click on LON-CAS1 again, and then click the pencil icon on the toolbar.
7. Click on ecp virtual directory, and then click the pencil icon on the toolbar.
8. Review the supported and selected options for authentication. Notice that no options are selected.
10. Click on the PowerShell virtual directory, and then click the pencil icon on the toolbar.
11. In the Virtual Directory – Windows Internet Explorer window, click Authentication.
12. Review the supported and selected options for authentication. Notice that no options are selected.
14. Click on the Microsoft-Server-ActiveSync virtual directory, and then click the pencil icon on the
toolbar.
15. In the Virtual Directory – Windows Internet Explorer window, click Authentication.
16. Review the supported and selected options for authentication. Notice that the certificate
authentication options are present in this virtual directory.
19. In the Virtual Directory – Windows Internet Explorer window, notice that there are no
authentication options for this virtual directory.
Results: After completing this exercise, the students will have Client Access server configured.
4. In the text box, type Test e-mail tip for April, and click save.
3. On the Time and language page, select English, and make no changes to time zone, and then
click Save.
5. Type April in the To field, and press Tab. Ensure that the field is populated with April Reagan.
6. Click in the Subject field. Ensure that email tip has appeared.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft® Exchange Server 2013, Core Solutions L4-27
9. Type Aidan in the To field, and press Tab. Ensure that the field is populated with Aidan Delaney.
10. Click in the Subject field. Ensure that E-mail tip has appeared, and that it appears in English.
13. On the Time and language page, select francais (France), and make no changes to time zone, and
then click Save.
16. Click in the Subject field. Ensure that E-mail tip has appeared and that it appears in French.
2. In the Virtual Machines list, right-click 20341A-LON-DC1, and then click Revert.
2. For external clients, you must support Windows 8 and Outlook 2010 for mobile computers, along
with Windows Phone 7.5, Windows Phone 8, iOS5 and Android 4.0 mobile platforms.
3. The biggest concern for internal clients is the fact that there is no unique email client software on
client computers.
4. The biggest concern for external clients is security. You have to support multiple platforms
connecting from various locations while maintaining security requirements.
5. Client connections to the Client Access server will be encrypted by using SSL.
6. Outlook 2010 clients are supported by default. However, clients that are running Outlook 2003
cannot connect to Exchange Server 2013. For these clients, and for clients without Outlook software,
you can propose two solutions:
b. Use the built-in email client in Windows 8 to access their mailboxes by using the ActiveSync
protocol.
7. External clients with mobile computers will be using Outlook Anywhere, while clients without mobile
computers can use the Outlook Web AppApp interface. Clients with smartphones can connect by
using the ActiveSync protocol if the device operating system supports it.
8. Clients that are connecting from public computers will be using Outlook Web App. To prevent them
from downloading and saving attachments, you can implement Outlook Web App Policy.
9. Security requirements for mobile devices can be enforced by implementing ActiveSync policies.
Windows Phone, iOS 5, and Android 4.0 support ActiveSync policies. However, you should check if
Symbian devices can support ActiveSync policies; if they cannot, they not be able to connect.
10. The Root CA certificate is deployed to client computers by using Group Policy. If A. Datum has an
enterprise CA implemented, this is done by default. If it is a standalone CA, you can deploy it
manually in GPO. For mobile devices, you can use configuration utilities to distribute certificates, or
you can send a Root CA certificate file in an email to all users with a smart phone, along with
instructions on how to import it.
11. Exchange Server 2013 does not support policies for hardware control on mobile devices.
MCT USE ONLY. STUDENT USE PROHIBITED
L5-30 Planning and Configuring Messaging Client Connectivity
12. Currently, certificate-based authentication is selectively supported. You should check with mobile
platform vendors to see if this feature is supported.
13. For deleting the content on a lost mobile device, you should train users on how to use the Remote
Wipe functionality available in the Exchange Outlook Web App interface.
Results: After completing this exercise, the students will have created a plan for client connectivity.
4. In the Exchange Admin center window, click permissions in left navigation pane.
5. In the central pane, click Outlook Web App policies.
7. In the new Outlook Web App mailbox policy, in the Policy name text box, type External Users
Policy.
8. In the Communication management section, clear the check marks from options Instant
messaging and Text messaging.
9. Scroll down and click More options.
10. In the Information management section clear the check mark from Recover deleted items option.
11. In the Public or shared computer section, clear the check mark from Direct file access option.
12. Click save.
15. In the Adam Barr window, click mailbox features in the left navigation pane.
16. In the right pane, scroll down to Email Connectivity section, and click View details.
17. In the Outlook Web App mailbox policy window, click browse.
18. Select External Users Policy and click ok, and then click save two times.
19. Click to the Start menu and then click Exchange Management Shell.
24. In the 1: text box type external and click ok, and then click save.
25. Repeat steps 21 to 24 for users Chad Niswonger and Danielle Durrer.
26. Open Exchange Management Shell and type : get-mailbox –filter {CustomAttribute1 –eq
“external”} | Set-CASMailbox -OwaMailboxPolicy: ”External Users Policy”, and press Enter.
30. In the right pane, scroll down to the Email Connectivity section and click View details.
31. Ensure that External Users Policy is applied.
33. Repeat the steps 28 to 32 for users Chad Niswonger and Danielle Durrer.
3. In Outlook Web App window, open the Settings menu next to the user name in the right corner of
the browser, and then click Use mail offline.
6. Click Add.
7. Sign out from Outlook Web App and close Internet Explorer.
10. Click on Legacy Network Adapter, and then in the Network drop-down box, select Not connected.
11. Click OK. By doing this you temporarily disconnect your client from the network.
12. Switch to the LON-CL1 machine.
13. Open Internet Explorer, and from Favorites menu, choose Microsoft Outlook Web App.
MCT USE ONLY. STUDENT USE PROHIBITED
L5-32 Planning and Configuring Messaging Client Connectivity
14. When the Outlook Web App window is opened, verify that you can access mailbox content.
18. Click on Legacy Network Adapter, and then in the Network drop-down box, select Private
Network. Click OK.
19. Wait for a 20 to 30 seconds, and then refresh the Outlook Web App window.
21. Verify that you received the email from Aidan that was sent from the offline Outlook Web App.
Results: After completing this exercise, students will have Outlook Web App and Outlook Anywhere
configured.
• The main concern regarding the different device platforms will be their ability to support Exchange
policies. From security perspective, it is required that you can force the password requirements to
mobile devices.
• You will enforce password requirements to all devices that connect to your Exchange by
implementing appropriate policy.
• Requirements for quarantine can be implemented by configuring mobile device access options in the
Exchange Administration Center.
4. Click the check mark on the This is the default policy option.
5. Do not select the option Allow mobile devices that don’t fully support these policies to
synchronize.
8. Select 2 in the drop-down box called Password must include this many character sets.
9. Select the Minimum password length option, and type 5 in the text box.
10. Select the option Number of sign-in failures before device is wiped, and type 4 in the text box.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft® Exchange Server 2013, Core Solutions L5-33
11. Select the option Require sign-in after device has been inactive for, and type 5 in the text box.
4. In the Quarantine Notification Email Messages section, click the New icon.
5. In the Select Administrators window, select Administrator, click add, and then click ok.
6. In the text box below, type the following text: Your device is temporary in quarantine. The
Administrator will examine your request and will allow or block your connection according to
the policy.
7. Click save.
10. In the Device Family window, click All families, and then click ok.
11. Under the Only this model section, click browse. Select EASProbeDeviceType, and then click ok.
12. In the new device access rule window, click Quarantine – Let me decide to block or allow later.
Results: After completing this exercise, the students will have mobile device options and policies
configured.
2. In the Console1 window, open File menu and then click Add/Remove Snap-in
3. Click Certificates and then click Add. Select Computer account and click Next.
4. Select Local computer, and then click Finish. Click OK.
6. Right-click the certificate Webmail.adatum.com, navigate to All Tasks, and select Export.
7. On the Welcome page, click Next.
8. On the Export Private Key page, select Yes, export the private key and click Next.
11. On the File to Export page, type C:\CAS1.pfx as the file name, and then click Next.
MCT USE ONLY. STUDENT USE PROHIBITED
L5-34 Planning and Configuring Messaging Client Connectivity
12. Click Finish. In the pop window click OK. Close Console1.
14. On LON-TMG, click Start. In the Search box, type MMC, and then press Enter.
16. On the Add or Remove Snap-in page, click Certificates, and then click Add.
17. Click Computer account, click Next, click Finish, and then click OK.
18. Expand Certificates, right-click Personal, point to All Tasks, and then click Import.
20. On the File to Import page, type \\LON-CAS1\C$\CAS1.pfx, and then click Next.
21. On the Password page, type Pa$$w0rd in the Password field, and then click Next.
22. On the Certificate Store page, click Next, and then click Finish.
23. Click OK, and then close Console1 without saving changes.
24. On LON-TMG, click Start, point to All Programs, click Microsoft Forefront TMG, and then click
Forefront TMG Management.
25. Expand Forefront TMG (LON-TMG), and then click Firewall Policy.
26. On the Firewall Policy Tasks pane, on the Tasks tab, click Publish Exchange Web Client Access.
27. On the Welcome to the New Exchange Publishing Rule Wizard page, type OWA Rule, and then
click Next.
28. On the Select Services page, in the Exchange version list, click Exchange Server 2010, select the
Outlook Web Access check box, and then click Next.
30. On the Server Connection Security page, ensure that Use SSL to connect the published Web
server or server farm is configured, and then click Next.
31. On the Internal Publishing Details page, in the Internal site name text box, type
LON-CAS1.Adatum.com, and then click Next.
32. On the Public Name Details page, ensure that This domain name (type below) is configured in the
Accept requests for drop-down list. In the Public name box, type webmail.Adatum.com, and then
click Next.
34. On the Welcome to the New Web Listener Wizard page, type HTTPS Listener, and then click
Next.
35. On the Client Connection Security page, ensure that Require SSL secured connections with
clients is selected, and then click Next.
36. On the Web Listener IP Addresses page, select the External check box, and then click Next.
38. In the Select Certificate dialog box, click Webmail.adatum.com, click Select, and then click Next.
39. On the Authentication Settings page, accept the default of HTML Form Authentication, and then
click Next.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft® Exchange Server 2013, Core Solutions L5-35
40. On the Single Sign On Settings page, type Adatum.com as the single sign-on (SSO) domain name,
click Next, and then click Finish.
43. On the User Sets page, accept the default, and then click Next.
44. On the Completing the New Exchange Publishing Rule Wizard page, click Finish.
45. Click Apply twice to apply the changes, and then click OK when the changes have been applied.
48. On LON-CAS1, in the Exchange admin center, click servers in feature pane.
50. On the virtual directories tab, double-click owa (Default Web Site) – LON-CAS1.
51. In the External URL box, type https://webmail.adatum.com/owa.
52. Click authentication, and then click Use one or more standard authentication methods, and then
select the Basic Authentication check box, and click save. Read the information on the window that
appears, and click ok.
53. On the virtual directories tab, double-click ecp (Default Web Site) – LON-CAS1.
54. In the External URL box, type https://webmail.adatum.com/ecp.
55. Click authentication, and then click Use one or more standard authentication methods, and then
select the Basic Authentication check box, and click save.
56. Click yes on the warning window. Click ok.
57. Open the Windows PowerShell. At the PS prompt, type IISReset /noforce, and then press Enter.
61. In the OWA rule properties windows, click on the Application Settings tab.
62. In the Published server logoff URL type /owa/logoff.owa. (Note: you are doing this because TMG
2010 does not have publishing rule for Exchange 2013 so logoff page still direct users to old location
used by Exchange Server 2010.)
63. Click OK and then click Apply two times.
67. In Web Publishing Rule Test Results window, look for results for
https://webmail.adatum.com:443/ecp and https://webmail.adatum.com:443/owa. You should
have green check marks for these URLs. Click Close and then click OK.
MCT USE ONLY. STUDENT USE PROHIBITED
L5-36 Planning and Configuring Messaging Client Connectivity
2. Click Legacy Network Adapter, and in the Network drop-down list, click Private Network 2, and
then click OK.
3. On LON-CL1, log on as Adatum\Administrator using the password Pa$$w0rd.
4. In the Start screen, type control panel. Click on the Control Panel icon.
5. Open the Control Panel, and then click View network status and tasks.
6. Click Change adapter settings.
11. Click OK, and then click Close. Close the Control Panel.
13. In the command prompt window, type notepad c:\windows\system32\drivers\etc\hosts, and then
press Enter.
14. At the bottom of the hosts file, type 131.107.0.1 webmail.adatum.com, and then save and close the
file.
17. In the Outlook Web App window, click Settings and then click Options. Verify that you can connect
to the options of your mailbox.
18. Close Internet Explorer.
2. In the Virtual Machines list, right-click 20341A-LON-DC1, and then click Revert.
Results: After completing this exercise, students will have Exchange Server 2013 published through TMG
2010.
MCT USE ONLY. STUDENT USE PROHIBITED
L6-37
3. In the Exchange admin center, in the feature pane, click mail flow.
4. Click the send connectors tab.
6. In the new send connector window, type Internet sending in the Name text box.
7. Select Internet (For example, to send internet mail), and click next.
8. On the next wizard page, make sure that MX record associated with recipient domain is selected,
and click next.
3. In the new receive connector window, type AppClient in the Name box, and select Client.
Click next.
4. On the next page, click Remove to remove scope 0.0.0.0 – 255.255.255.255. Click New.
6. Click finish.
7. Click on AppClient, and then click Edit.
8. Click security.
Results: After completing this exercise, the students will have configured message transport.
MCT USE ONLY. STUDENT USE PROHIBITED
L6-38 Planning and Configuring Message Transport
2. At the command prompt, type telnet LON-CAS1 smtp, and then press Enter.
3. Type helo, and press Enter.
13. Reply to the message with the text of your choice, and click Send.
3. In the Queue Viewer window, ensure that the internet.com domain is listed with one message in the
queue.
4. Double-click internet.com
8. In the Outlook 2013 window, ensure that you received non-delivery report for the message you sent
to info@internet.com.
Results: After completing this exercise, the students will have completed SMTP troubleshooting.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft® Exchange Server 2013, Core Solutions L6-39
4. In the new rule window, in the Name text box, type Adatum Disclaimer.
5. In the Apply this rule if drop-down box, select The sender is located option, and then in the select
sender location window, select Inside the organization, and then click ok.
9. Click Select one, and then in the specify fallback action window, select wrap and click ok.
13. Select the check box on the option Activate this rule on the following date.
14. In the last section, select Enforce, and then click save.
15. Switch to LON-CL1 and sign in as Adatum\Aidan.
20. In the message body, type Test, and then click Send.
22. On the Outlook Web App window, sign in as Adatum\Administrator with the password of
Pa$$w0rd.
23. In the Outlook Web App, ensure that you received an email from Aidan, and that the disclaimer text
is appended to the messages.
25. Switch to Outlook 2013, and make sure that you received the message from Administrator, but
without the disclaimer.
5. In the New custom DLP policy window, in the Name text box, type IP address block.
9. Click an arrow next to the + sign, and then select Block messages with sensitive information.
10. In the New Rule window, click Outside the organization. In the select recipient location window,
select Inside the organization, and click ok.
14. In the Do the following drop-down box, select Generate incident report and send it to, and then
click Select one.
15. In the list, select Administrator, and click ok.
16. Click Block the message.
17. In the notify the sender with a Policy Tip, type Your message is blocked in the Enter the
message users will receive text box, and click ok.
18. Select the check box on the option Activate this rule on the following date.
19. In the last section, select Enforce, and then click save.
20. In the IP address block, click save.
7. Wait for a few moments, and see if you receive an email with the message that your previous
message to Arm Zaki is undeliverable. Also ensure that “Your message is blocked” text appears.
Review the message content.
9. On the Outlook Web App window, sign in as Adatum\Administrator with the password of
Pa$$w0rd.
10. In the Outlook Web App, ensure that you received an email from Aidan and that the original
message that Aidan sent to Amr is attached.
Results: After completing this exercise, the students will have configured transport rules and data-loss
prevention policies.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
L7-43
2. In Active Directory Users and Computers, on the menu bar, click View, and then click Advanced
Features.
3. In the left pane, expand Adatum.com, click Computers, then right-click Computers, point to New,
and then click Computer.
4. In the New Object – Computer dialog box, in the Computer name field, type DAG1, and then click
OK.
7. On the Security tab, click Add, and in the Enter the object names to select field, type Exchange
Trusted Subsystem. Click Check Names, and then click OK.
8. On the Security tab, click Add, and then click Object Types.
9. In the Object Types dialog box, click Computers, and then click OK.
10. In the Select Users, Computers, Service Accounts, or Groups window, in the Enter the object
names to select field box, type LON-MBX1$, then click Check Names, and then click OK.
11. On the Security tab, select LON-MBX1 (ADATUM\LON-MBX1$), then in the Allow column in the
Permissions for LON-MBX1 list, click Full control.
12. On the Security tab, select Exchange Trusted Subsystem (ADATUM\Exchange Trusted
Subsystem), then in the Allow column in the Permissions for Exchange Trusted Subsystem list,
click Full control, and then click OK.
13. In the Active Directory Users and Computers window, in the right pane, right-click DAG1, and then
click Disable Account.
14. In the warning window, click Yes, and then on the next information window, click OK.
5. In the New database availability group window, in the Database availability group name field,
type DAG1, then click Witness server, and type LON-CAS1 in the Witness server field. Click
Witness directory, in the Witness directory field, type C:\FSWDAG1, click Enter an IP address, in
Database availability group IP addresses field, and type 172.16.0.33. Then click Add, and then
click save.
MCT USE ONLY. STUDENT USE PROHIBITED
L7-44 Planning and Implementing High Availability
6. In the list view, click DAG1, and on the toolbar, click Manage DAG membership.
8. In the Select Server window, click LON-MBX1, click add, and then click LON-MBX2. Click add, and
then click ok.
3. Make sure that the Status displays Healthy and the Content index state also displays Healthy. Then
click cancel.
2. In the Suspend database window, in the Comments field, type Test Suspend, and then click save.
Now the database copy is suspended and will not receive any updates.
3. In the details pane, under Mailbox Database 1\LON-MBX2, click Resume. If the Resume button is
not available, wait and then click Refresh a few more times.
Results: After completing this exercise, students will have pre-staged a cluster network object in Active
Directory, created a DAG, added two Mailbox servers to the DAG, and made a database highly available.
Students also will have suspended a database copy and resumed it.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft® Exchange Server 2013, Core Solutions L7-45
2. Click the Server Manager icon on the taskbar to open Server Manager.
3. Click Add roles and features.
4. In the Add Roles and Features Wizard, on the Before you begin page, click Next.
8. On the Select features page, click Network Load Balancing, and in the Add Roles and Features
Wizard window, click Add Features, and then click Next.
9. On the Confirm installation selections page, click Install.
10. In the Add Roles and Features Wizard, wait until the feature installation has succeeded, and then
click Close.
11. Switch to the LON-CAS2 virtual machine.
12. Click the Server Manager tile.
14. In the Add Roles and Features Wizard, on the Before you begin page, click Next.
15. On the Select installation type page, click Next.
16. On the Select destination server page, make sure that Select server from the server pool is
selected, and then click Next.
17. On the Select server roles page, click Next.
18. On the Select features page, click Network Load Balancing. In the Add Roles and Features Wizard
window, click Add Features, and then click Next.
20. In the Add Roles and Features Wizard, wait until the feature installation has succeeded, and then
click Close.
2. In the Network Load Balancing Manager, on the menu bar, click Cluster, and then click New.
3. In the New Cluster: Connect dialog box, type LON-CAS1 in the Host field, click Connect, and then
click Next.
6. In the Add IP Address dialog box, type 172.16.0.6 as the IPv4 address, type 255.255.0.0 as the
Subnet mask, and then click OK.
MCT USE ONLY. STUDENT USE PROHIBITED
L7-46 Planning and Implementing High Availability
8. In the New Cluster: Cluster Parameters dialog box, type webmail.adatum.com in the Full Internet
name box, and then click Next.
9. In New Cluster: Port Rules dialog box, click Finish.
10. In Network Load Balancing Manager, wait until the LON-CAS1 icon turns green.
11. In the left pane, right-click Webmail.adatum.com (172.16.0.6), and then click Add Host To
Cluster.
12. In the Add Host to Cluster: Connect dialog box, type LON-CAS2 in Host field, click Connect, and
then click Next.
13. In the Add Host to Cluster: Host Parameters dialog box, click Next.
14. In the Add Host to Cluster: Port Rules dialog box, click Finish.
15. In Network Load Balancing Manager, wait until the LON-CAS2 icon turns green, and the Status says
Converged.
2. In the DNS Manager, in the left pane, expand Forward Lookup Zones, select and then right-click
Adatum.com, and then click New Host (A or AAAA).
3. In the New Host dialog box, in Name field type Webmail, in the IP address field, type 172.16.0.6,
and then click Add Host.
Results: After completing this exercise, students will have installed and configured NLB, and created a
DNS record for their load-balanced virtual IP address.
4. You should now see your Inbox. This indicates that LON-CAS2 is currently serving as the Client Access
server.
2. Switch to the Host machine, in Hyper-V Manager, right-click 20341A-LON-CAS2, and then click
Turn Off.
3. Switch to the LON-DC1 virtual machine. In Internet Explorer, click Refresh (F5).
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft® Exchange Server 2013, Core Solutions L7-47
4. In Outlook Web App, if the sign in page appears, sign in as Adatum\administrator with the
password Pa$$w0rd.
5. In Outlook Web App, in the left pane click Sent Items to make sure Outlook Web Access (OWA) is
still working. This verifies that LON-CAS1 took over the Client Access server role for the client.
4. In list view, click Mailbox Database 1, and in the details pane, verify that Mailbox Database 1
\LON-MBX1 is “Active Mounted” and Mailbox Database 1\LON-MBX2 is “Passive Healthy.”
5. Switch to the Host machine, in Hyper-V Manager, right-click 20341A-LON-MBX1, and then click
Turn Off.
6. Switch to the LON-CAS1 virtual machine. In Internet Explorer, click Refresh (F5).
7. In the Exchange Administration Center, if the sign in page appears, sign in as Adatum\administrator
with the password Pa$$w0rd.
8. In the Exchange Administration Center, in the Feature pane, click Servers.
9. On tabs, click databases, and then in the list view, click Mailbox Database 1.
10. Verify that in the details pane Mailbox Database 1\LON-MBX1 shows as “Passive ServiceDown”, and
Mailbox Database 1\LON-MBX1 shows as “Active Mounted.”
11. Switch to the LON-DC1 virtual machine, and in Internet Explorer and Outlook Web App, in the left
pane, click Inbox. Open a message and reply to the message to make sure the mailbox is available.
2. In the Virtual Machines list, right-click 20341A-LON-DC1, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
Results: After completing this exercise, students will have tested their high-availability configuration.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
L8-49
6. Click Send.
13. Switch to the Start screen, and click the Exchange Management Shell.
14. Type the following command and press Enter:
Notice the name and the GUID of the Mailbox Database. This is needed for the restore.
2. In the Dashboard, click Add roles and features. The Add Roles and Features Wizard opens.
5. On the Server Selection page, select Select a server from the server pool, select the Exchange
server in the Server Pool and click Next.
7. On the Features page, scroll down in the Features list, select Windows Server Backup, and click
Next.
8. On the Confirmation page, do not select the Restart the destination server automatically if
required option, and then click Install.
2. Right-click the Backup folder, select Share with, and select Specific people.
3. Check that the Administrator account has Read/Write permissions, and click Share. Click Done.
6. Scroll down the tools list and double-click Windows Server Backup.
9. In the Backup Once Wizard on the Backup Options page, select Different options, and click Next.
10. On the Select Backup Configuration page, select Full server (recommended), and click Next.
11. On the Specify Destination Type page, select Remote shared folder, and click Next.
12. On the Specify Remote Folder page, under Location type \\LON-CAS1 \Backup, under Access
control, select Do not inherit and click Next.
13. In the Windows Security popup window, enter Administrator as the name and Pa$$w0rd as the
password, and click OK.
14. On the Confirmation page, click Backup.
15. On the Backup Progress page, click Close.
16. When the backup completes, close Windows Server Backup. It may take 10-15 minutes to complete.
6. In the recover deleted items window, select the message received from Michael, and click purge.
Results: After completing this exercise, you have successfully backed up the mailbox databases.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft® Exchange Server 2013, Core Solutions L8-51
5. In the Recovery Wizard on the Getting Started page, select A backup stored on another location,
and click Next.
6. On the Specify Location Type page, select Remote shared folder, and click Next.
7. On the Specify Remote Folder page, type \\LON-CAS1\Backup, and click Next.
8. On the Select Backup Date page, select the date and time of the backup, and click Next.
9. On the Select Recovery Type page, select Applications, and click Next.
12. On the Specify Recovery Options page, select Recover to another location, and click Browse.
13. In the Browse For Folder window, select the C:\Restore folder, and click OK. Click Next.
14. On the Confirmation page, click Recover.
15. On the Recovery Progress page, check that the status of the recovery is Completed, and click Close.
16. Close Windows Server Backup.
2. In the Exchange Management Shell, type the following command to create the Recovery database,
and press Enter. Note that you will need to use the GUID that you verified earlier to replace the
sample GUID listed below.
3. In the Exchange Management Shell, change to the folder that contains the recovery database. Note
that you will need to use the GUID that you verified earlier to replace the sample GUID listed below.
CD “C:\Restore\df7d5fa1-4f77-4f43-85ca-9cbbe8f58d5e\C_\Program
Files\Microsoft\ExchangeServer\V15\Mailbox\Mailbox Database 0825118640”
4. In the Exchange Management Shell, type the following command to bring the restored mailbox
database into a clean shutdown status, and press Enter.
Eseutil /R E00 /i /d
MCT USE ONLY. STUDENT USE PROHIBITED
L8-52 Planning and Implementing Disaster Recovery
5. In the Exchange Management Shell, type the following command to mount the restored mailbox
database, and press Enter.
Mount-Database RecoveryDB
6. In the Exchange Management Shell, type the following command to list all mailboxes available in the
recovery database, and press Enter.
2. In the Exchange Management Shell, type the following command to check the status of the
MailboxRestoreRequest, and press Enter.
Get-MailboxRestoreRequest
2. In the Virtual Machines list, right-click 20341A-LON-DC1, and then click Revert.
Results: After completing this exercise, you will have successfully restored the missing items back into the
users’ mailboxes.
MCT USE ONLY. STUDENT USE PROHIBITED
L9-53
3. In Exchange Management Shell, enable anti-malware scanning by typing following script and then
press Enter.
.\Enable-AntimalwareScanning.ps1
4. Verify that following message appears: Anti-malware engines are updating. This may take a few
minutes. Note that since the lab environment does not have an Internet connection, the engine
update cannot complete. Type CTRL-C to stop the script.
5. In Exchange Management Shell, restart the Microsoft Exchange Transport Service by typing
following cmdlet and then press Enter.
Restart-Service MSExchangeTransport
6. In Exchange Management Shell, list installed transport agents by typing following cmdlet and then
press Enter.
Get-TransportAgent
7. Verify that following anti-malware agent is listed: Malware Agent. Note that the status of Malware
Agent is Enabled True if the script was allowed to complete.
2. Move the mouse pointer to the lower right corner of the window, and then click on Start charm.
3. On the Start screen, click on Internet Explorer tile.
4. In Internet Explorer, type the following address in the address bar and then press Enter:
https://lon-cas1.adatum.com/ecp
5. Sign in to Exchange admin center as Adatum\Administrator with a password of Pa$$w0rd, and
then click on sign in button.
7. In Exchange admin center window, on malware filter tab, click on edit button on the toolbar.
9. Under Malware Detection Response, select Delete all attachments and use custom alert text.
MCT USE ONLY. STUDENT USE PROHIBITED
L9-54 Planning and Configuring Message Hygiene
10. In Custom alert text box, type following text: The attachment has been deleted because it
contained malware. Contact your administrator.
11. Under Notifications, select both Notify internal senders and Notify external senders checkboxes.
12. Under Administrator Notifications, select Notify administrator about undelivered messages
from internal senders checkbox.
14. Under Administrator Notifications, select Notify administrator about undelivered messages
from external senders checkbox.
5. In Exchange Management Shell, install anti-spam agents by typing following script and then press
Enter.
.\Install-AntiSpamAgents.ps1
6. In Exchange Management Shell, restart the Microsoft Exchange Transport Service by typing
following cmdlet and then press Enter.
Restart-Service MSExchangeTransport
7. In Exchange Management Shell, specify the IP addresses of the internal SMTP servers – LON-MBX1
and LON-MBX2 that should be ignored by the Sender ID agent, by typing following cmdlet and then
press Enter.
8. In Exchange Management Shell, list installed transport agents by typing following cmdlet and then
press Enter.
Get-TransportAgent
9. Verify that following anti-spam agents are listed: Content Filter Agent, Sender ID Agent, Sender
Filter Agent, Recipient Filter Agent, Protocol Analysis Agent. Verify that the status of anti-spam
agents is Enabled True.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft® Exchange Server 2013, Core Solutions L9-55
3. In Exchange Management Shell, configure blocked phrase Poker results by typing following cmdlet
and then press Enter.
4. In Exchange Management Shell, configure allowed phrase Report document by typing following
cmdlet and then press Enter.
6. In Exchange Management Shell, configure SCL thresholds and enable quarantine by typing following
cmdlet and then press Enter.
7. In Exchange Management Shell, configure custom rejection response by typing following cmdlet and
then press Enter.
8. In Exchange Management Shell, configure the SCL junk threshold with value 6 for all mailboxes in
your organization by typing following cmdlet and then press Enter.
Set-OrganizationConfig -SCLJunkThreshold 6
2. In the Virtual Machines list, right-click 20341A-LON-DC1, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
2. In the left pane, expand Adatum.com, click Microsoft Exchange Security Groups, and then on
right pane, double-click Server Management.
3. In Server Management Properties, click the Members tab, and then click Add.
4. In the Enter the object names to select field, type IT, and then click OK twice.
5. Close Active Directory Users and Computers.
Task 2: Configure permissions for the Support Desk and HelpDeskAdmins groups
1. On LON-MBX1, click to the Start screen, and then click Exchange Management Shell.
2. In the Exchange Management Shell, at the PS prompt, type the following command, and then press
Enter:
3. At the PS prompt, type the following command, and then press Enter:
4. Click to the Start screen, and then click Internet Explorer, connect to
https://LON-CAS1.adatum.com/ecp. Sign in as Adatum\Administrator using the password
Pa$$w0rd.
6. On tabs, click admin roles, and then double-click SupportDesk in the list view.
8. On the Select Members page, select Ryan Spanton, click add, and then click ok.
12. On the Select Member page, select Carol Troup, click add, and then click ok.
Task 3: Verify the permissions for the three role groups created
1. On LON-MBX1, open Internet Explorer, and connect to https://LON-CAS1.adatum.com/ecp. Sign
in as Adatum\Tony using the password Pa$$w0rd.
5. On the Mailbox database dialog box, in the left pane, click limits, then click the Issue a warning at
(GB) drop-down list, select unlimited, and then click save.
6. In the feature pane, click unified messaging. Verify that you can see the UM dial plans, but not
create or modify them. Remember that Tony is part of the IT group, and therefore is able to modify
server properties but not unified messaging settings.
7. Close Internet Explorer.
11. In the User Mailbox window, in the left pane, click organization.
12. In the Department field, type IT, and then click save.
13. In tabs, click groups.
14. In the list view, double-click Research. Verify that you cannot modify the group properties by typing
a group description and then click save.
15. An error window appears that shows you that you do not have sufficient permissions to modify the
group, click ok, and then in the Security Group window, click cancel.
21. In the feature pane, click recipients. Note that there is no New user button on the toolbar.
23. In the User Mailbox window, in the left pane, click organization.
24. In the Department field, type Customer Service, and then click save.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft® Exchange Server 2013, Core Solutions L10-59
25. Verify that groups is not available in tabs as Carol does not have permission to manage groups.
Results: After completing this exercise, the students will have configured RBAC roles and verified that the
permissions are granted accordingly.
2. Sign in to the Outlook Web Access Application as Adatum\Tony using the password Pa$$w0rd.
3. Click new mail to create a new message, click more options, and then click show from.
4. In the From field, type Info@adatum.com, and in the To field type Tony Smith. In the Subject field
type Testing Send As logging.
5. In the message body, type some text, and then click Send. Verify that the message is sent.
3. In the Exchange Administration Center, in the feature pane, click compliance management.
6. In the Search for access by drop-down box, select All non-owners, and then click Search.
7. In the search results, click Info, and view the report that shows that Tony Smith accessed the Info
mailbox.
Results: After completing this exercise, the students will have configured mailbox audit logging and
verified that audit logging works correctly.
MCT USE ONLY. STUDENT USE PROHIBITED
L10-60 Planning and Configuring Administrative Security and Auditing
2. In the Exchange Management Shell, at the PS prompt, type the following cmdlets, and then press
Enter.
3. In the Exchange Management Shell, at the PS prompt, type the following command, and then press
Enter.
4. Open Server Manager, click Tools, and then click Active Directory Users and Computers.
5. In the left pane, click Microsoft Exchange Security Groups, and then double-click HRAdmins.
6. Click the Managed By tab, click Change and type HRAdmins, and then click OK.
7. Click the Manager can update membership list option, and then click OK.
8. In the right pane, double-click Recipient Management.
9. Click the Members tab, click Add and type HRAdmins, and then click OK. This is required to assign
the HRAdmins group the necessary permissions to be able to create a mailbox.
10. Close the Active Directory Users and Computers console.
Task 2: Remove the permission to create AD DS objects from other Exchange Server
administrator groups
1. On LON-MBX1, open the Exchange Management Shell.
2. In the Exchange Management Shell, at the PS prompt, type the following:
3. After you see which groups have delegated role assignments for this role, run the following cmdlet to
remove all groups except HRAdmins:
4. In the User Mailbox window, type New in the Alias field, and then click New user. Note that all
fields required to create a new user are greyed out. This is because you do not have the permission to
create a new user account in AD DS.
8. In the User Mailbox window, type Test2 in the Alias field, and then click New user.
9. Type Test2 in First name field, and Test2 in Last name field. Type Test2 in the User logon name
field, and Pa$$word in the New password and Confirm password fields, and then click Save. This
confirms that Tony is able to create user accounts for new mailboxes.
10. Close Internet Explorer.
2. In the Virtual Machines list, right-click 20341A-LON-DC1, and then click Revert.
Results: After completing this exercise, students will have created a new role group, configured RBAC split
permissions, and validated that RBAC split permissions are working as expected.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
L11-63
2. In the Server Manager window, click on the Tools menu, and then click Performance Monitor.
3. In the Performance Monitor window, in the navigation pane, expand Data Collector Sets, and then
click User Defined.
4. Click the Action menu, click New, and then click Data Collector Set.
5. In the Create new Data Collector Set Wizard, in the Name box, type Exchange Monitoring, select
Create manually (Advanced), and then click Next.
Task 2: Create a new performance-counter data collector set for monitoring basic
Exchange Server performance
1. In the Performance Monitor, in the navigation pane, expand Data Collector Sets, expand User
Defined, click Exchange Monitoring, click the Action menu, click New, and then click Data
Collector.
2. In the Create New Data Collector Wizard, in the Name box, type Base Exchange Monitoring, select
Performance counter data collector, click Next, and then click Add.
3. In the Available counters object list, expand Processor, and then click % Processor Time. Press and
hold the Ctrl key, click % User Time, click % Privileged Time, and then click Add.
4. In the Available counters object list, expand Memory, and then click Available Mbytes. Press and
hold the CTRL key, click the following items, and then click Add:
o Page Reads/sec
o Pages Input/sec
o Pages/sec
o Pages Output/sec
5. In the Available counters object list, expand MSExchange ADAccess Domain Controllers, and
then click LDAP Read Time. Press and hold the Ctrl key, click the following items, and then click Add:
6. In the Available counters object list, expand System, click Processor Queue Length, click Add, and
then click OK.
7. In the Create New Data Collector Wizard, in the Sample interval box, type 1, in the Units drop-down
list, select Minutes and then click Finish to create the data collector.
Task 3: Create a new performance-counter data collector set for monitoring Mailbox
server role performance
1. In the Performance Monitor, in the navigation pane, click Exchange Monitoring, click the Action
menu, click New, and then click Data Collector.
2. In the Create new Data Collector Wizard, in the Name box, type Mailbox Role Monitoring, select
Performance counter data collector, click Next, and then click Add.
3. In the Available counters object list, expand LogicalDisk, and then click Avg.Disk sec/Read. Press
and hold the Ctrl key, click the following items, and then click Add:
o Avg.Disk sec/Transfer
o Avg.Disk sec/Write
4. In the Available counters object list, expand MSExchangeIS Store, and then click RPC Average
Latency. Press and hold the Ctrl key, click the following items, and then click Add:
o RPC Operations/sec
o RPC Requests
o Messages Delivered/sec
5. Click OK.
6. In the Create New Data Collector Wizard, in the Sample interval box, type 1 in the Units drop-down
list, select Minutes, and then click Finish to create the data collector set.
3. In the navigation pane, expand Reports, expand User Defined, expand Exchange Monitoring, click
LON-MBX1_DateTime-Number, and then review the report.
Results: After this exercise, you should have created a data collector set for monitoring LON-MBX1 that
uses the recommended performance counters.
MCT USE ONLY. STUDENT USE PROHIBITED
Microsoft® Exchange Server 2013, Core Solutions L11-65
3. On LON-MBX1, if the Start screen is not displayed, move the mouse to the lower right corner of the
screen, click Start.
6. On the Outlook Web App web page, in the Username box, type Adatum\Administrator. In the
Password box, type Pa$$w0rd and then click Sign In.
7. On the Exchange admin center, on the feature pane, click on servers, and then click on the
databases tab.
8. In the list view, click on MailboxDB100 database, and then in the details pane, verify that it is
Dismounted.
9. In the toolbar, click More, and then click Mount.
11. Another warning window appears, displaying message that at least one database file is missing. In
the warning window, click cancel.
3. In Event Viewer, in the navigation pane, expand Windows Logs, click Application, and then in the
Content pane, review recent events. Click recent events that have a source from one of the
MSExchange services, and then review the details of the error in the lower half of the Content pane.
4. In the navigation pane, click System, and then in the Content pane, review recent events. Notice that
notable events are present.
Task 3: List the probable causes of the problem, and rank the possible solutions if
multiple options exist
• List the problems and possible solutions:
Disk errors are preventing access to the database. Replace disks and restore from backup.
4. In the navigation pane, click the MailboxDB100 folder, and locate the MailboxDB100.edb database
file. This is the actual location of the database and transaction log files. The configuration is pointing
to the wrong path.
Mount-Database MailboxDB100
5. In the Exchange admin center, on the features pane, click on servers, and then click on the
databases tab.
6. In the list view, click on MailboxDB100 database, and then in the details pane, verify that it is
Mounted.
Results: After this exercise, you should have used a troubleshooting technique to identify and fix a
Mailbox server problem.
3. On LON-MBX1, if the Start screen is not displayed, move the mouse to the lower right corner of the
screen, and click Start.
Test-ServiceHealth
6. Press Enter. Verify that the output does not return any errors.
7. In the Exchange Management Shell, type the following Test cmdlet, and then press Enter:
Task 2: List the probable causes of the problem, and rank the possible solutions if
multiple options exist
• List the problems and possible solutions:
Microsoft Outlook Web App authentication is not Modify Outlook Web App authentication
configured correctly. configuration.
3. In the Internet Explorer window, type https://lon-cas1.adatum.com/ecp, and then press Enter.
4. On the Outlook Web App web page, in the Username box, type Adatum\Administrator, in the
Password box, type Pa$$w0rd and then click the Sign In button.
5. Verify that you cannot sign in to the Exchange Administration Center.
6. In the Exchange Management Shell, type following cmdlet, and then press Enter.
8. In the Exchange Management Shell, type following cmdlet, and then press Enter.
9. In the Exchange Management Shell, type following command, and then press Enter.
iisreset
10. In the Internet Explorer window, type https://lon-cas1.adatum.com/ecp, and then press Enter.
MCT USE ONLY. STUDENT USE PROHIBITED
L11-68 Monitoring and Troubleshooting Microsoft Exchange Server 2013
11. On the Outlook Web App web page, in the Username box, type Adatum\Administrator, and in the
password box, type Pa$$w0rd and then click on the Sign In button.
12. Verify that now you can sign in to Exchange admin center.
Note: If you receive an error indicating that the service did not start, start the World Wide
Web Publishing Service in the Services management console.
Results: After this exercise, you should have used a troubleshooting technique to identify and fix a Client
Access server problem.