20341a Alllabs PDF

MCT USE ONLY.
STUDENT USE PROHIBITED

L1-1
Module 1: Deploying and Managing Microsoft Exchange

Server 2013
Lab: Deploying and Managing Exchange
Server 2013
Exercise 1: Evaluating Requirements and Prerequisites for an Exchange
Server 2013 Installation
 Task 1: Evaluate the Active Directory Requirements
1. On LON-DC1, on the task bar, click Server Manager.
2. In Server Manager, click Tools, and then click Active Directory Users and Computers.
3. Right-click Adatum.com, and then click Properties.
4. In the Adatum.com Properties dialog box, verify that the domain and forest functional levels are
compatible with the Exchange Server 2013 requirements.
5. Click OK, and then close Active Directory Users and Computers.
6. Click to the Start screen and then type adsi edit, and then press Enter.
7. Right-click ADSI Edit, and then click Connect to.
8. In the Connection Settings dialog box, in the Connection Point section, in the Select a well-
known Naming Context list, click Configuration, and then click OK.
9. In the left pane, expand Configuration [LON-DC1.adatum.com], and then click
CN=Configuration,DC=adatum,DC=com.
10. Expand CN=Services, and verify that the CN=Microsoft Exchange has not been created.
11. Close ADSI Edit.
 Task 2: Evaluate the DNS Requirements

1. On LON-EX1, on the task bar, click Windows PowerShell.
2. In the Windows PowerShell window, type IPConfig /all, and then press Enter. Verify that the Domain
Name System (DNS) server IP address for the Local Area Connection is 172.16.0.10.
3. At the command prompt, type Ping LON-DC1.adatum.com and press Enter. Verify that you have
network connectivity with the domain controller.
4. At the command prompt, type Nslookup, and then press Enter.
5. At the command prompt, type set type=all, and then press Enter.
6. At the command prompt, type _ldap._tcp.dc._msdcs.adatum.com, and then press Enter. Verify that
an SRV record for lon-dc1.adatum.com is returned.
7. Close Windows PowerShell.
Results: After completing this exercise, students will have AD DS requirements evaluated.
MCT USE ONLY. STUDENT USE PROHIBITED
L1-2 Deploying and Managing Microsoft Exchange Server 2013
Exercise 2: Deploying Exchange Server 2013

 Task 1: Preparing AD DS for Exchange Server 2013 deployment
1. On LON-DC1, in the Virtual Machine Connection window click Media menu, select DVD Drive, and
then click Insert Disk.
2. Navigate to C:\Program Files\Microsoft Learning\20341\Drives\ExchangeServer2013.iso and

click Open.
3. On the task bar, click Windows PowerShell.
4. Type D: and press Enter.
5. Type the following command and then press Enter:
.\Setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms /OrganizationName:Adatum
6. Wait until the process completes.

7. Close Windows PowerShell.
 Task 2: Performing Exchange Server 2013 installation on a single server

1. On LON-EX1, in the Virtual Machine Connection window click Media menu, select DVD Drive, and
then click Insert Disk.
2. Navigate to C:\Program Files\Microsoft Learning\20341\Drives\ExchangeServer2013.iso and
click Open.
3. On LON-EX1, from the task bar, open Server Manager, click Tools and then select Services.
4. Double-click Net.Tcp Port Sharing Service.
5. In the Startup type field, ensure that Automatic is selected.

6. Click OK.
7. On LON-EX1, open Windows PowerShell window from the task bar.
8. Type Import-Module ServerManager, and press Enter.

9. Type the following command to install the Exchange Server 2013 Windows components:
Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-

Features, RPC-over-HTTP-proxy, RSAT-Clustering, Web-Mgmt-Console, WAS-Process-Model,
Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing,
Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-
Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-
Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server,
Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-
Identity-Foundation, and press Enter. (If you do not want to type this command you can copy the
content of the file cmdlet.txt from C:\ drive.)
10. Wait until installation of Windows components finishes.
11. Close PowerShell window, and restart the server.

12. Sign in to LON-EX1 as Adatum\Administrator with the password of Pa$$w0rd.
13. From the desktop, open Windows Explorer and navigate to D: drive.
14. Double click setup.exe.

Microsoft® Exchange Server 2013, Core Solutions L1-3
15. On the Check for Updates? page, click Don’t check for updates right now, and click next. Wait
until setup copies files, and then initialize the process.
16. On the Introduction page, click Next.

17. On the License Agreement page, click I accept the terms in the license agreement, and then click
next.
18. On the Recommended Settings page, click next.
19. On the Server Role Selection page, select Mailbox role and Client Access role, and then click next.
20. On the Installation Space and Location page, accept the default values, and click next.
21. On the Malware Protection Settings make sure No is selected, and then click next.
22. On the Readiness Checks page, ensure that all prerequisites are met, and click install.
23. Wait until the installation completes. It can take 30 to 40 minutes to finish. On the Setup Completed
page click finish.
 Task 3: Verifying Exchange Server installation

1. On LON-EX1, open the Server Manager console, and then click Tools.
2. Select Services.
3. Scroll down the list of services, and click the Microsoft Exchange Active Directory Topology
service. Review the service description.
4. Review the status of the remaining Exchange Server services. Ensure that all services that are set for
Automatic startup are running.
5. Close Services.
6. From the task bar, open File Explorer.
7. Browse to C:\Program Files\Microsoft\Exchange Server\V15. This list of folders includes

ClientAccess, Mailbox, and TransportRoles. These roles were installed as part of the typical setup.
8. Close File Explorer.
9. From the Start screen, click Internet Explorer.

10. In the Address bar, type https://lon-ex1.adatum.com/owa and then press Enter.
11. Sign in as Adatum\Administrator with the password Pa$$w0rd. At the Language and Time zone
page, click save.
12. Click new mail.
13. Send an email to administrator.
14. Verify that the email is received in the inbox.

15. Close Outlook Web App.
Results: After completing this exercise, students will have Exchange Server 2013 deployed.
L1-4 Deploying and Managing Microsoft Exchange Server 2013
Exercise 3: Managing Exchange Server 2013

 Task 1: Exploring Exchange Server 2013 Administration Center
1. On LON-EX1, from the Start screen, open Internet Explorer, type
https://lon-ex1.adatum.com/ecp, and then press Enter.
2. In the Domain\user name text box type Adatum\Administrator, and type Pa$$w0rd in the
Password field, and then click sign in.
3. In the Exchange admin center, click recipients in the left pane, and then click mailboxes in the
central pane.
4. Click on the + sign.
5. In the new user mailbox window, select Existing user and then click browse.
6. In the Select User – Entire Forest window, select Aidan Delaney, and click ok.
7. In the Alias text box, type AidanD, and click save.
8. Make sure that Aidan Delaney appears in the list of mailboxes.

9. In the recipients node in the Exchange admin center, click groups.
10. Click the arrow next to the + sign.

11. Select Distribution group.
12. In the new distribution group window, type Adatum News in the Display name text box.
13. In the Alias text box, type AdatumNews.
14. Scroll down and make sure that Open is selected in last two sections. Click save.
15. In the upper right corner, click the arrow next to Administrator, and select Sign out.
 Task 2: Managing Exchange Server with Exchange Management Shell

1. On the LON-EX1, switch to the Start screen and then click Exchange Management Shell.
2. Type get-user and press Enter.
3. All users from Adatum.com domain will be listed.
4. Type enable-mailbox –identity Robert, and press Enter.
5. Type Get-Mailbox, and press Enter. You will receive all mailboxes on the server in the list.
6. Type get-mailbox | set-mailbox –issuewarningquota 209715200 –prohibitsendquota

262144000, and press Enter.
7. Type get-mailbox, and press Enter. Ensure that ProhibitSendQuota is set to 250MB to all users.
8. Type Get-User | Where-Object {$_.distinguishedname

–ilike “*ou=IT,dc=adatum,dc=com”} | Enable-Mailbox, and press Enter.
9. Ensure that mailboxes for the IT organizational unit are created.
10. Close the Exchange Management Shell window.

 Task 3: Exploring Outlook Web App

1. On LON-EX1, from the Start screen open Internet Explorer and type
https://lon-ex1.adatum.com/owa.
2. In the Outlook Web App window, sign as Adatum\Aidan with the password Pa$$w0rd.
3. Click save on the next page.
4. In the Outlook Web App window, click new mail.
5. In the window on the right, send a new email to administrator.

6. Click on the wheel button in the upper right corner. Select Options.
7. In the options window, click on groups in the left pane.
8. In the central pane, click the Join button.

9. In the All Groups window, double-click Adatum News.
10. In the Adatum News window, click Join.
11. Close the all groups window.
12. Click on settings in the left pane
13. In the email signature box, type Aidan Delaney, Adatum Corp., and select Automatically include
my signature on messages I send.
14. Click save.
15. Click the arrow in the upper left corner (back).
16. Click on the wheel icon in the upper right corner.
17. Select Change theme.

18. Click on theme of your choice, and then click OK.
19. Close the Internet Explorer window.
 To prepare for the next module

When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. In the Virtual Machines list, right-click 20341A-LON-DC1-B, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat steps 2 to 3 for 20341A-LON-EX1-B.
Results: After completing this exercise, students will have explored Exchange management tools.
L2-7
Module2: Planning and Configuring Mailbox Servers

Lab: Configuring Mailbox Servers
Exercise 1: Planning Configuration for Mailbox Servers
 Task 1: Analyzing requirements for the A. Datum Exchange Server deployment
• Read the Lab and Exercise scenario. Summarize the requirements from the exercise scenario.
 Task 2: Using the Exchange Mailbox Server Role Requirements Calculator

1. On LON-CL1, click the Desktop tile.
2. On the task bar, click File Explorer, navigate to C:\Files and double-click on E2010Calc19.9.xlsm.
On the Security warning, click Enable Content.
3. In the Exchange 2010 Mailbox Server Role Requirements Calculator, on the Input sheet, enter
the values in the following sections:
Exchange Environment Configuration

o Server Multi-Role Configuration (MBX+CAS+HT): No
o Server Role Virtualization: Yes
o High Availability Deployment: Yes

o Number of Mailbox Servers Hosting Active Mailboxes/DAG: 4
o Number of Database Availability Groups: 2
Mailbox Database Copy Configuration
o Total Number of HA Database Copy Instances (Includes Active Copy) within DAG: 3
o Total number of Lagged Database Copy Instances within DAG: 1
o Exchange Data Configuration

o Mailbox Moves/Week Percentage: 2%
o LUN Free Space Percentage: 25%
Tier-1 User Mailbox Configuration
o Total Number of Tier-1 User Mailboxes/Environment: 1,000
o Projected Mailbox Number Growth Percentage: 5%
o Total Send/Receive Capability/Mailbox/Day: 150 messages

o Average Message Size (KB): 75
o Mailbox Size Limit (MB): 1,024
o Personal Archive Mailbox Size Limit (MB): 2,048

o Deleted Item Recovery Window (Days): 30
o Single Item Recovery: Enabled

o Calendar Version Storage: Enabled
L2-8 Planning and Configuring Mailbox Servers
Backup Configuration
o Backup Methodology: Software VSS Backup/Restore
o Backup Frequency: Weekly Full / Daily incremental
o Database and Log Isolation Configured: Yes
o Backup/Truncation Failure Tolerance: 3
o Network Failure Tolerance (Days): 0
Primary Datacenter Disk Configuration
o Database: 1,000 GB, 7.2K RPM SAS 3.5”
o Log: 500 GB, 7.2K RPM SAS 3.5”
o Restore LUN: 1500 GB, 7.2K RPM SAS 3.5”
 Task 3: Analyze output from the Exchange Mailbox Server Role Requirements
Calculator
1. In the Exchange 2010 Mailbox Server Role Requirements Calculator, click the Role
Requirements tab.
2. Review the calculated requirements provided in this sheet.
3. Click the Distribution sheet.
4. Click Fail Server for each server. Observe where the databases will be distributed.
5. Click Export DAG Scripts.
6. In the Storage Calculator – Export Scripts window, click OK twice.
7. Click the LUN Requirements sheet. Review the calculated requirements provided in this sheet.
8. Click the Backup Requirements sheet. Review calculated requirements provided in this sheet.
9. Click the Replication Requirements sheet. Review the calculated requirements provided in this
sheet.
10. Click the Storage Design sheet. Review the calculated requirements provided in this sheet.
11. Open File Explorer, and navigate to C:\Files.
12. Right-click the CreateMBDatabases.ps1 file, and select Edit. Review the contents of the generated
script.
13. Right-click the CreateMBDatabaseCopies.ps1 file, and select Edit. Review the contents of the
generated script.
14. Right-click the DiskPart.ps1 file, and select Edit. Review the contents of the generated script.
15. Close the Windows PowerShell ISE window.

 Task 4: Discuss the solution with the instructor and the class
1. Discuss the solution provided by the Exchange Mailbox Server Role Requirements Calculator with
other students and with the instructor.
2. Change the values on the Input tab of the Exchange Mailbox Server Role Requirements Calculator,
and see how that reflects on the results that this tool provides.
Results: After completing this exercise, the students will have created a plan for their mailbox server
configuration.
Exercise 2: Configure Storage on the Mailbox Servers

 Task 1: Create and Configure iSCSI target and drives
1. On LON-DC1, open Server Manager, and then click Add roles and features.
2. In the Add Roles and Features Wizard, on the Before you begin page, click Next.
3. On the Select installation type page, click Next.
4. On the Select destination server page, make sure that Select server from the server pool is
selected, and then click Next.
5. On the Select server roles page, expand File And Storage Services (Installed), expand File and
iSCSI Services (Installed), select the iSCSI Target Server check box, and then click Next.
6. On the Select features page, click Next.
7. On the Confirm installation selections page, click Install.
8. When installation is complete, click Close.

9. On LON-DC1, in Server Manager, in the navigation pane, click File and Storage Services.
10. In the File and Storage Services pane, click iSCSI.
11. In the iSCSI VIRTUAL DISKS pane, click TASKS, and then in the TASKS drop-down list, select New
iSCSI Virtual Disk.
12. In the New iSCSI Virtual Disk Wizard, on the Select iSCSI virtual disk location page, under Storage
location, click C:, and then click Next.
13. On the Specify iSCSI virtual disk name page, in the Name box, type iSCSIDisk1, and then click
Next.
14. On the Specify iSCSI virtual disk size page, in the Size box, type 2, make sure GB is selected in the
drop-down list, and then click Next.
15. On the Assign iSCSI target page, click New iSCSI target, and then click Next.
16. On the Specify target name page, in the Name box, type LON-MBX1, and then click Next.
17. On the Specify access servers page, click Add.

18. In the Select a method to identify the initiator dialog box, click Browse. In the Select Computer
window, type LON-MBX1, click Check Names and then click OK, and click OK.
19. On the Specify access servers page, click Next.
20. On the Enable Authentication page, click Next.
21. On the Confirm selections page, click Create.
22. On the View results page, wait until the creation is completed, and then click Close.
iSCSI Virtual Disk.
Next.
26. On the Specify iSCSI virtual disk size page, in the Size box, type 2, make sure GB is selected in the
drop-down list, and then click Next.
27. On the Assign iSCSI target page, click lon-mbx1, and then click Next.
iSCSI Virtual Disk.
Next.
33. On the Specify iSCSI virtual disk size page, in the Size box, type 500, make sure MB is selected in
the drop-down list, and then click Next.
34. On the Assign iSCSI target page, click lon-mbx1, and then click Next.
 Task 2: Connecting Exchange Server to the storage

1. On LON-MBX1, click the Desktop tile.
2. From the task bar, click Server Manager.
3. In Server Manager, click Tools, and then click iSCSI Initiator.
4. In the Microsoft iSCSI dialog box, click Yes.

5. Click the Discovery tab.
6. Click Discover Portal.
7. In the IP address or DNS name box, type 172.16.0.10, and then click OK.
8. Click the Targets tab.
9. Click Refresh.
10. In the Targets list, select iqn.1991-05.com.microsoft:lon-dc1-lon-mbx1-target, and then

click Connect.
11. Select Add this connection to the list of Favorite Targets, and then click OK two times.
 Task 3: Configuring storage

1. On LON-MBX1, in Server Manager, click Tools, and then click Computer Management.
2. Expand Storage, and then click Disk Management.
3. Right-click Disk 1, and then click Online.
4. Right-click Disk 1, and then click Initialize disk. In the Initialize Disk dialog box, click OK.
5. Right-click the unallocated space next to Disk 1, and then click New Simple Volume.
6. On the Welcome page, click Next.
7. On the Specify Volume Size page, click Next.
8. On the Assign Drive Letter or Path page, click Next.
9. On the Format Partition page, in the Volume Label box, type DB1. Select the Perform a quick
format check box, and then click Next.
10. Click Finish. (Note: If the Microsoft Windows window pops up with prompt to format the disk, click
Cancel.)
11. Repeat steps 3 through 10 for Disk 2 and Disk 3. (Note: Use DB2 and Logs for Volume Labels
respectively.)
12. Close the Computer Management window.
Results: After completing this exercise, the students will have iSCSI storage configured for their mailbox
databases and logs.
Exercise 3: Creating and Configuring Mailbox Databases

 Task 1: Configure Mailbox Settings for the Existing Mailbox Database
1. On LON-MBX1, click to the Start screen, and then click Internet Explorer.
2. In Internet Explorer type https://lon-cas1.adatum.com/ecp, and press Enter.

3. Sign in as Adatum\Administrator with the password Pa$$w0rd.
4. In the Exchange Administration Center, in the feature pane, click servers.
5. Click the databases tab.

6. Double-click Mailbox Database 1.
7. In the Mailbox database window, click limits.
8. In the Issue a warning at (GB) text box, type 0.9.

9. In the Prohibit send at (GB): text box, type 1.
10. In the Prohibit send and receive at (GB): text box, type 1.3.
11. In the Keep deleted items for (days): text box, type 30.
12. Click save. Minimize the Exchange Administration Center window.
13. On LON-MBX1, click to the Start screen and then click Exchange Management Shell.
14. In the Exchange Management Shell window, type Get-MailboxDatabase and press Enter.
15. See the list of mailbox databases created.
16. In the Exchange Management Shell window, type the following command and then press Enter:
Move-DatabasePath –Identity “Mailbox Database 1” –EdbFilePath E:\DB1\DB1.edb –

LogFolderPath G:\Logs\DB1
17. Type y, and press Enter.

19. Minimize the Exchange Management Shell window.
20. Open File Explorer and navigate to E:\ and open the DB1 folder. Make sure that the database
DB1.edb file is present.
21. Navigate to G:\, and open the folder Logs\DB1. Ensure that the log files are present.
 Task 2: Create and configure additional mailbox databases

1. Restore the Exchange Administration Center window.
2. Click servers in the feature pane, and then click the databases tab.
3. Click New.
4. In the Database window, in the Mailbox database text box, type DB2.
5. Click browse.
6. In the Select Server window, select LON-MBX1, and then click ok.
7. In the Database file path text box, type: F:\DB2\DB2.edb.

8. In the Log folder path text box, type G:\Logs\DB2.
9. Make sure that the Mount this database is selected, and then click save.
10. Restore the Exchange Management Shell window.
11. In Exchange Management Shell window, type the following:

Set-MailboxDatabase –identity DB2 –DeletedItemRetention 20.00:00:00 –
CircularLoggingEnabled $true –ProhibitSendQuota 2.2GB, and then press Enter.
12. Type Dismount-Database –identity DB2, and press Enter.

14. Type Mount-Database –identity DB2, and press Enter.

15. Leave the Exchange Management Shell window open.
 Task 3: Exporting mailbox data to the .pst file

1. On the LON-MBX1 virtual machine, restore the Exchange Management Shell window.
2. Type New-ManagementRoleAssignment –Role "Mailbox Import Export" –User Administrator,

and then press Enter.
3. Close the Exchange Management Shell.
4. From the Start screen, click Exchange Management Shell.
5. Type the following, and then press Enter:

New-MailboxExportRequest -Mailbox aidan -FilePath \\lon-dc1\MailboxExport\aidan.pst
6. Type Get-MailboxExportrequest, and press Enter.
7. Make sure that the status of the request is completed. (If it is not completed, wait for several minutes,
and then repeat step 6.)
8. Switch to LON-DC1. Open File Explorer and then browse to the C:\MailboxExport folder, and make
sure that the aidan.pst file is present.

following steps:
2. In the Virtual Machines list, right-click 20341A-LON-DC1, and then click Revert.

4. Repeat steps 2 to 3 for 20341A-LON-CAS1, 20341A-LON-MBX1, and 20341A-LON-CL1.
Results: After completing this exercise, the students will have their mailbox databases created and
configured.
L3-15
Module3: Managing Recipient Objects

Lab: Managing Recipient Objects
Exercise 1: Configure Trey Research Recipients
 Task 1: Create the Trey Research AD DS objects
1. On LON-CAS1, from the task bar click Server Manager.
2. Click Tools, and then click Active Directory Module for Windows PowerShell.
3. Type e: and press Enter.
4. Type cd Labfiles\Mod03, and then press Enter.
5. Type .\TreyResearchSetup.ps1, and then press Enter.
6. At the Type the Password prompt, type Pa$$w0rd and press Enter.
7. Close the Active Directory Module for Windows PowerShell window.

8. In Server Manager, click Tools, and then click Active Directory Users and Computers.
9. Expand Adatum.com, expand TreyResearch, and verify that the TreyResearch OU contains child OUs
with user accounts and groups.
10. Close Active Directory Users and Computers.
 Task 2: Create the Trey Research mailboxes

1. On LON-CAS1, click to the Start screen and then click Exchange Management Shell.
2. At the command prompt, type New-MailboxDatabase –Name TreyResearchDB –Server LON-
MBX1, and then press Enter.
3. At the command prompt, type Mount-Database –id TreyResearchDB, and then press Enter.
4. At the command prompt, type Get-User –OrganizationalUnit TreyResearch | Enable-Mailbox -
Database TreyResearchDB.
5. At the command prompt, type Get-Group –OrganizationalUnit TreyResearch | Enable-

DistributionGroup, and then press Enter.
6. On LON-CAS1, open Internet Explorer and connect to https://LON-CAS1.adatum.com/ecp.
7. Sign in as Adatum\administrator using the password Pa$$w0rd.
8. Click the resources tab.
9. Click New, and then click Room mailbox.
10. Fill in the following information:
o Room name: TR_Room1

o Email address: TR_Room1
o Organizational unit: click browse, click TreyResearch, and then click ok
o Location: Harrow
o Capacity: 20
11. Click Select delegates who can accept or decline booking requests.
12. Click Add, click Charlotte Weiss, click add, and then click ok.
L3-16 Managing Recipient Objects
13. Click more options, and under Mailbox database, click browse, click TreyResearchDB, and then
click ok.
14. Click save.

15. In the Exchange Management Shell, type the following command and then press Enter:
Set-CalendarProcessing –id TR_Room1
–BookinPolicy AllTreyResearch.
16. On LON-CAS1, in the EAC, in the Features pane, click recipients.
17. Click the shared tab.
18. Click New.
o Display name: TreyResearch Sales
o Organizational unit: TreyResearch\Sales
o Email address: TreyResearchSales

20. Under Full Access, click Add, click TR_Sales, then click add, and then click ok.
21. Click More options.

22. Under Mailbox database, click browse, click TreyResearchDB and then click ok.
23. Click save.
 Task 3: Create the Trey Research distribution groups

1. On LON-CAS1, in the EAC, click the groups tab.
2. Click New, and then click Distribution group.
o Display name: Trey_SalesMgrs

o Alias: TreySalesMgrs
o Organizational unit: TreyResearch\Sales
o Members: Florence Flipo, Sidney Higa
o Owner approval is required: Closed

o Choose whether the group is open to leave: Closed
4. Click save.
5. On the groups tab, click New, and then click Distribution group.
o Display name: TreyResearchNews
o Alias: TreyResearchNews
o Organizational unit: TreyResearch
o Members: none
o Owner approval is required: Open

o Choose whether the group is open to leave: Open
7. Click save.
8. On LON-CAS1, in the Exchange Management Shell, type cd E:\Labfiles\Mod03:, and press Enter.
9. Type $users=import-csv .\TreyResearchIntegrationTeam.csv, and press Enter.
10. Type foreach ($i in $users) {set-mailbox –Identity $i.alias –CustomAttribute1 “TreyResearch
Integration Project Team”}, and press Enter.
11. On LON-CAS1, in the EAC, on the groups tab, click New, and then click Dynamic distribution
group.

o Display name: TreyIntegration
o Alias: TreyIntegration
o Organizational unit: TreyResearch
o Owner: Administrator
13. Under Members, click Only the following recipient types, and select the Users with Exchange
mailboxes check-box.
14. Click add a rule.
15. From the drop-down list, click Recipient container.

16. Click Adatum.com, and then click ok.
18. From the drop-down list, click Custom Attribute 1.

19. In the specify words or phrases page, type TreyResearch Integration Project Team, click Add and
then click ok.
20. Click save.
Results: In this exercise, you create AD DS user and group accounts for Trey Research, created a room
mailbox with custom permissions, and configured a shared mailbox. You also configured distribution
groups for the Trey Research users.
Exercise 2: Configure Address Lists and Policies for Trey Research

 Task 1: Configure TreyResearch.net as an accepted domain
1. On LON-CAS1, in the EAC, click mail flow in the Features pane, and then on the accepted domains
tab, click New.
2. In the new accepted domain window, type TreyResearch as the Name, and TreyResearch.net as
the Accepted domain.
3. Click save.
 Task 2: Configure an email address policy for Trey Research users

1. On the email address policies tab, click New.
2. In the new email address policy window, type TreyResearch Email as the Policy name.
3. Under Email address format, click Add.

4. From the Select an accepted domain drop-down list, select TreyResearch.net.

5. Click John.Smith@contoso.com, and then click save.
6. In the new email address policy window, click add a rule.
7. Click Select one, and then click Recipient container.

8. Click TreyResearch, and then click ok.
9. Click save, and then click ok.
10. In the Details pane, click Apply, and then click yes.
11. Click close.
 Task 3: Configure an address list for TreyResearch users

1. In the EAC, click organization in the Features pane, and then click address lists.
2. On the address lists tab, click New.

3. In the new address list window, type TreyResearch as the Name.

5. In the select one list, click Recipient container.
6. In the select an organizational unit dialog box, click TreyResearch, and click ok.
7. Click save, click ok, and then click Update.

8. Click yes, and then click close.
 Task 4: Configure an address book policy for Trey Research users

1. On LON-CAS1, if required, open the Exchange Management Shell.
2. At the command prompt, type the following command, and press Enter.
New-GlobalAddressList -Name TreyResearchGAL -RecipientContainer TreyResearch
Update-GlobalAddressList -id TreyResearchGAL
New-OfflineAddressBook -Name TreyResearchOAB -AddressLists TreyResearch
5. At the command prompt, type the following command, and type Enter.
New-AddressList -Name TreyResearchRooms –RecipientContainer TreyResearch –

IncludedRecipients Resources
Update-AddressList TreyResearchRooms
Set-OfflineAddressBook -id "TreyResearchOAB" –VirtualDirectories “LON-CAS1\oab

(Default Web Site)”,”LON-MBX1\oab (Exchange Back End)”
Update-OfflineAddressBook -id "TreyResearchOAB"
New-AddressBookPolicy -Name ResearchABP -AddressLists \TreyResearch -

OfflineAddressBook TreyResearchOAB -GlobalAddressList TreyResearchGAL -RoomList
\TreyResearchRooms
Get-Mailbox -OrganizationalUnit TreyResearch | Set-Mailbox -AddressBookPolicy

ResearchABP
 Task 5: Validate the deployment

1. In the EAC, click recipients in the Features pane.
2. Click mailboxes, and then double-click Aaron Nicholls and click the mailbox features tab.
3. Verify that the ResearchABP has been assigned to Aaron’s mailbox. Click cancel.
4. On LON-CL1, sign in as Adatum\Aaron using the password Pa$$w0rd.

5. Right-click on the Start screen, and click All apps.
6. Open Outlook 2013.
7. On the Welcome to Outlook 2013 page, click Next.

8. On the Add an Email Account page, click Next.
9. On the Auto Account Setup page, verify that Aaron’s information is automatically added, and
click Next.
10. Click Finish, and wait for Outlook to open.
11. In the First things first window, click Ask me later, and click Accept.
12. After Outlook opens, click New Email. In the Untitled – Message (HTML) window, click To.
13. Verify that the user can only see users and groups in the TreyResearch OU.
14. Click Trey_SalesMgrs and click To.
15. Type a subject and short email message and then click Send.
16. Click the Calendar icon.
17. Click New Meeting.

18. In the Untitled – Meeting window, click To.
19. Click Cindy White, and click Required.
20. Under Address Book, click TreyResearchRooms. Click TR_Room1 and click Resources. Click OK.
21. In the Untitiled – Meeting window, pick a time tomorrow in the Start time box.
22. Type a subject and short message and click Send.
23. Review the Meeting Response message and close the message.
24. Open Internet Explorer, and connect to Https://lon-cas1.adatum.com/owa.

25. Sign in as adatum\aaron using the password Pa$$w0rd.
26. In the Outlook Web App window, click save.
27. In the Outlook Web App window, click the Settings icon in the top right corner, and click Options.
28. Under options, click groups.
29. Under distribution groups I belong to, click Join.
30. In the all groups dialog box, double-click Trey_SalesMgrs.
31. In the Trey_SalesMgrs dialog box, click Join.
32. Review the error message stating that the group is closed and click ok. Click close.
33. In the all groups dialog box, double-click TreyResearchNews.
34. In the TreyResearchNews dialog box, click Join.
35. Close the all groups dialog box, verify that Aaron is now a member of the TreyResearchNews
distribution group. Close Internet Explorer.
36. In Outlook 2013, click New Email.

37. In the To box, type treyintegration. Type a subject and short message and click Send.
38. Open Internet Explorer, and connect to Https://lon-cas1.adatum.com/owa.
39. Sign in as adatum\aidan using the password Pa$$w0rd.
40. In the Outlook Web App window, verify that Aidan received the message sent to the treyintegration
dynamic distribution group.
Results: In this exercise, you created an email address policy and address list for Trey Research. You also
created an address book policy for Trey Research and validate the deployment.
Exercise 3: Configure Public Folders for Trey Research

 Task 1: Create the public folder mailbox
1. On LON-CAS1, if required, open Internet Explorer and connect to https://lon-cas1.adatum.com
/ecp.
2. Sign in as Adatum\administrator using the password Pa$$w0rd.
3. In the Feature pane, click public folders, and then click OK.
4. Click the public folder mailboxes tab, and then click new public folder mailbox.
5. On the new public folder mailbox page, type PFMBX1 in the Name field.
6. Under Organizational unit, click browse, click TreyResearch, and then click ok.
7. Under Mailbox database, click browse, click TreyResearchDB and then click ok.
8. Click save.
 Task 2: Create the public folders

1. Click public folders, and then click New public folder.
2. On the new Public Folder page, in the Name field, type TreyResearch, and then click save.
3. Click TreyResearch, and then click New public folder.
4. In the new Public Folder window, in the Name field, type Research, and then click save.
 Task 3: Configure public folder permissions

1. Click Go to the parent folder.
2. Verify that TreyResearch is listed in the folder list, select the folder, and then under Folder
permissions, click Manage.
3. In the TreyResearch window, click Add.
4. In the public folder permissions window, next to User, click browse.
5. In the Select Recipient window, click TR_IT, and then click ok.
6. Under Permission level, click Owner, and then click save.
7. Select the Apply changes to this public folder and all its subfolders check-box.
8. In the TreyResearch window, click Add.
9. In the public folder permissions window, next to User, click browse.
10. In the Select Recipient window, click AllTreyResearch, and then click OK.
11. Under Permission level, click Author, and then click save.
12. Click save and then click close.
 Task 4: Validate the public folder deployment

1. On LON-CL1, in Outlook 2013, open the Folders view.
2. Verify that the Public Folders are listed in the left pane.
3. Expand the Public Folders and verify that the TreyResearch and Research public folders are visible.
Note: It can take several minutes for the public folders to appear. If the public folders are
not visible, wait a few minutes, close Outlook 2013 and open it again. If the public folders still do
not appear, sign out on LON-CL1, sign in as Cindy using the password Pa$$w0rd, and open
Outlook 2013. Configure the Outlook profile, and verify the public folder are visible.

following steps:

4. Repeat steps 2 to 3 for 20341A-LON-CAS1, 20341A-LON-MBX1, and 20341A-LON-CL1.
Results: In this exercise, you will have created public folder mailboxes for Trey Research and verified that
users can access the mailboxes.
L4-23
Module 4: Planning and Deploying Client Access Servers

Lab: Deploying and Configuring a Client
Access Server Role
Exercise 1: Configuring Certificates for the Client Access Server
 Task 1: Make a certificate request on Exchange Server
1. On LON-CAS1, open Internet Explorer, type https://lon-cas1.adatum.com/ecp and press Enter.
2. Sign in as Adatum\administrator with the password Pa$$w0rd.
3. In the Exchange admin center, in the left navigation pane, click servers.
4. In the right pane, click certificates.

5. Click on the + sign.
6. In the Exchange Certificate – Windows Internet Explorer window, in new Exchange certificate
Wizard, select Create a request for a certificate from a certification authority, and then click
next.
7. In the Friendly name for this certificate, type mail.adatum.com, and click next.
8. On the page with the option for using wildcard certificates, do not make any changes, and click next.
9. Click browse.
10. In the Select a Server window, click LON-CAS1, and click ok.
11. Click next.

12. On the next page, click Outlook Web App (when accessed from the Internet), and then click the
Edit icon.
13. In the Specify the domains for the above Access type, enter mail.adatum.com, and click ok.
14. Repeat steps 12 and 13 for items where <not specified> is in the DOMAIN column.
15. Click next.
16. On the next page, make sure that you have the following names in the list: mail.adatum.com, lon-
cas1.adatum, autodiscover.adatum.com,LON-CAS1, and Adatum.com, and then click next.
17. On the next page, fill in the following fields as follows:

a. Organization name: A.Datum
b. Department name: IT
c. Country/Region name: United States
d. City/Locality: Seattle
e. State/Province: WA
18. Click next.

19. On the next page, type \\lon-cas1\C$\windows\temp\certreq.req and click finish.
L4-24 Planning and Deploying Client Access Servers
 Task 2: Issue a certificate from internal CA

1. On LON-CAS1, open File Explorer, and navigate to C:\windows\temp.
2. Right-click CertReq.req, and then click Open with.
3. In the Windows dialog box, click Notepad.
4. In the CertReq.req – Notepad window, click Ctrl+A to select all the text, and then click Ctrl+C to
copy and save the text to the clipboard. Close Notepad.
5. Click to the Start screen, and then click Internet Explorer.

6. Connect to http://lon-dc1.adatum.com/certsrv.
7. Log on as Administrator, using the password Pa$$w0rd.
8. On the Welcome page, click Request a certificate.

9. On the Request a Certificate page, click advanced certificate request.
10. On the Advanced Certificate Request page, click Submit a certificate request by using a base-
64-encoded CMC or PKCS#10 file, or submit a renewal request by using a base-64-encoded
CMC or PKCS#7 file.
11. On the Submit a Certificate Request or Renewal Request page, click in the Saved Request field,
and then press CTRL+V to paste the certificate request information into the field.
12. In the Certificate Template drop-down list box, click Web Server, and then click Submit. Click Yes.
13. On the Certificate Issued page, click Download certificate.
14. In the File Download dialog box, click the arrow next to Save. Select Save As.
15. In the Save As dialog box, click Save.
16. In the Download complete dialog box, click Open.
17. In the Certificate dialog box, on the Details tab, click Subject Alternative Name. Verify that the
certificate includes several subject alternative names, and then click OK.
18. On LON-CAS1, open File Explorer and create new folder called cert on the C:\ drive. Share the
folder, and give Read permission to Everyone.
19. Copy the file certnew.cer from C:\Users\Administrator.ADATUM\Downloads to C:\cert.
 Task 3: Assign certificate to Exchange services

1. On the LON-CAS1, open the Exchange admin center.
2. Click servers, and then click certificates.

3. Next to Select server, click LON-CAS1.Adatum.com.
4. Click on mail.adatum.com, and then click … on the toolbar and select import Exchange certificate.
5. Type \\lon-cas1\cert\certnew.cer and click Next.

6. On the next page, click the + sign.
7. Select LON-CAS1, and click Add and then click ok.

8. Click finish.
9. Make sure that mail.adatum.com appears in the list.
10. Click on mail.adatum.com, and click the pencil icon on the toolbar
11. Click Services.
12. Select IIS, and click save.
Results: After completing this exercise, the students will have a certificate installed on the Exchange
Server Client Access server.
Exercise 2: Configuring Client Access Services Options

 Task 1: Configure Client Access
1. In the Exchange admin center on LON-CAS1, click servers in the left pane.
2. In the central pane, click servers on the toolbar.
3. Select LON-CAS1 in the servers list.
4. Click the mechanical key icon on the toolbar.

5. In the configure external access domain window, click the + sign.
6. Click on LON-CAS1, and click add-> button, and then click ok.
7. In the text box below Enter the domain name, type mail.adatum.com, and click save.
8. Click close after the operation completes.
9. Click on LON-CAS1 again, and then click the pencil icon on the toolbar.
10. Click on POP3 in the left navigation pane.
11. Set the Logon method to Secure TLS connection.
12. Scroll down, and select More options.
o Set Maximum connections to 100.

o Set Maximum connections from a single IP address to 20.
o Set Maximum connections from a single user to 2.
13. Click save.
14. Click ok on the warning window.
 Task 2: Verify authentication options on Client Access server

1. On LON-CAS1, in the Exchange admin center, in the servers node, click virtual directories.
2. Review the list of virtual directories for LON-CAS1.

3. Click on the Autodiscover virtual directory, and then click the pencil icon on the toolbar.
4. In the Virtual Directory – Windows Internet Explorer window, click authentication.

5. Review the supported and selected options for authentication.
6. Make no changes, and click cancel.
7. Click on ecp virtual directory, and then click the pencil icon on the toolbar.
8. Review the supported and selected options for authentication. Notice that no options are selected.
9. Make no changes ,and click Cancel.

L4-26 Planning and Deploying Client Access Servers
10. Click on the PowerShell virtual directory, and then click the pencil icon on the toolbar.
11. In the Virtual Directory – Windows Internet Explorer window, click Authentication.
12. Review the supported and selected options for authentication. Notice that no options are selected.
13. Make no changes, and click Cancel.
14. Click on the Microsoft-Server-ActiveSync virtual directory, and then click the pencil icon on the
toolbar.
15. In the Virtual Directory – Windows Internet Explorer window, click Authentication.
16. Review the supported and selected options for authentication. Notice that the certificate
authentication options are present in this virtual directory.

18. Click on the OAB virtual directory, and then click the pencil icon on the toolbar.
19. In the Virtual Directory – Windows Internet Explorer window, notice that there are no
authentication options for this virtual directory.
Results: After completing this exercise, the students will have Client Access server configured.
Exercise 3: Configuring Custom Mail Tips

 Task 1: Configuring Mail Tips
1. On LON-CAS1, in the Exchange admin center, click recipients, and then click mailboxes.
2. In the list of mailboxes, click on April Reagan, and then click on the Edit icon on the toolbar.
3. In the April Regan window, click MailTip.
4. In the text box, type Test e-mail tip for April, and click save.
5. From the Start screen, click Exchange Management Shell.
6. Type the following and then press Enter:
Set-Mailbox –Identity Aidan –Mailtip “this is english mail tip” –MailtipTranslation

(“FR: C’est la lague francaise”)
7. Close the Windows PowerShell window.
 Task 2: Testing Mail Tips

1. Open Internet Explorer, and type https://lon-cas1.adatum.com/owa.
2. Sign in as Adatum\Don with the password of Pa$$w0rd.
3. On the Time and language page, select English, and make no changes to time zone, and then
click Save.
5. Type April in the To field, and press Tab. Ensure that the field is populated with April Reagan.
6. Click in the Subject field. Ensure that email tip has appeared.
7. Click Discard, and click Discard again.
9. Type Aidan in the To field, and press Tab. Ensure that the field is populated with Aidan Delaney.
10. Click in the Subject field. Ensure that E-mail tip has appeared, and that it appears in English.
11. Sign out.
12. Sign in as Adatum\Amr with the password of Pa$$w0rd.
13. On the Time and language page, select francais (France), and make no changes to time zone, and
then click Save.
14. In the Outlook Web App window, click nouveau message.

15. In A field type Aidan, and press Tab. Ensure that the field is populated with Aidan Delaney.
16. Click in the Subject field. Ensure that E-mail tip has appeared and that it appears in French.
17. Click Ignorer, and click Ignorer again.
18. Sign out.

following steps:

4. Repeat steps 2 to 3 for 20341A-LON-CAS1 and 20341A-LON-MBX1.
L5-29
Module 5: Planning and Configuring Messaging Client

Connectivity
Lab: Planning and Configuring Messaging
Client Connectivity
Exercise 1: Planning Client Connectivity
 Task 1: Read and analyze scenario requirements
• Read the exercise scenario, and analyze the requirements from both a functionality and security
perspective. Identify the technologies that should be used.
 Task 2: Propose a solution for client connectivity

Answers:
1. For internal clients, you must support the Windows 8 operating system, Outlook 2003, and Outlook
2010. However, since Outlook 2003 is not supported by Exchange Server 2013, it cannot be included
in your client connectivity plan.
2. For external clients, you must support Windows 8 and Outlook 2010 for mobile computers, along
with Windows Phone 7.5, Windows Phone 8, iOS5 and Android 4.0 mobile platforms.
3. The biggest concern for internal clients is the fact that there is no unique email client software on
client computers.
4. The biggest concern for external clients is security. You have to support multiple platforms
connecting from various locations while maintaining security requirements.
5. Client connections to the Client Access server will be encrypted by using SSL.
6. Outlook 2010 clients are supported by default. However, clients that are running Outlook 2003
cannot connect to Exchange Server 2013. For these clients, and for clients without Outlook software,
you can propose two solutions:
a. Use the Outlook Web App interface to access their mailboxes.
b. Use the built-in email client in Windows 8 to access their mailboxes by using the ActiveSync
protocol.
7. External clients with mobile computers will be using Outlook Anywhere, while clients without mobile
computers can use the Outlook Web AppApp interface. Clients with smartphones can connect by
using the ActiveSync protocol if the device operating system supports it.
8. Clients that are connecting from public computers will be using Outlook Web App. To prevent them
from downloading and saving attachments, you can implement Outlook Web App Policy.
9. Security requirements for mobile devices can be enforced by implementing ActiveSync policies.
Windows Phone, iOS 5, and Android 4.0 support ActiveSync policies. However, you should check if
Symbian devices can support ActiveSync policies; if they cannot, they not be able to connect.
10. The Root CA certificate is deployed to client computers by using Group Policy. If A. Datum has an
enterprise CA implemented, this is done by default. If it is a standalone CA, you can deploy it
manually in GPO. For mobile devices, you can use configuration utilities to distribute certificates, or
you can send a Root CA certificate file in an email to all users with a smart phone, along with
instructions on how to import it.
11. Exchange Server 2013 does not support policies for hardware control on mobile devices.
L5-30 Planning and Configuring Messaging Client Connectivity
12. Currently, certificate-based authentication is selectively supported. You should check with mobile
platform vendors to see if this feature is supported.
13. For deleting the content on a lost mobile device, you should train users on how to use the Remote
Wipe functionality available in the Exchange Outlook Web App interface.
 Task 3: Discuss your solution with the class

• Present your proposed solution. Discuss alternative solutions with other students and the instructor.
Results: After completing this exercise, the students will have created a plan for client connectivity.
Exercise 2: Configuring Outlook Web App and Outlook Anywhere

 Task 1: Configuring Outlook Web App policies
1. On LON-CAS1, on the Start screen click Internet Explorer.
2. Browse to https://lon-cas1.adatum.com/ecp.
3. Sign in to Exchange admin center as Adatum\Administrator with the password Pa$$w0rd.
4. In the Exchange Admin center window, click permissions in left navigation pane.
5. In the central pane, click Outlook Web App policies.
6. Click the New icon.
7. In the new Outlook Web App mailbox policy, in the Policy name text box, type External Users
Policy.
8. In the Communication management section, clear the check marks from options Instant
messaging and Text messaging.
9. Scroll down and click More options.
10. In the Information management section clear the check mark from Recover deleted items option.
11. In the Public or shared computer section, clear the check mark from Direct file access option.
12. Click save.
13. In Exchange admin center console, click recipients.
14. Double click Adam Barr.
15. In the Adam Barr window, click mailbox features in the left navigation pane.
16. In the right pane, scroll down to Email Connectivity section, and click View details.
17. In the Outlook Web App mailbox policy window, click browse.
18. Select External Users Policy and click ok, and then click save two times.
19. Click to the Start menu and then click Exchange Management Shell.
20. Type following command: Set-CASMailbox –identity Aidan@adatum.com –

OwaMailboxPolicy:”External Users Policy”, and then press Enter.
21. In Exchange admin center, click recipients and then in the central pane double click user
Brad Sutton.
22. In the Brad Sutton window, on general tab, click More options.
23. In the Custom attributes section, click Edit.
24. In the 1: text box type external and click ok, and then click save.
25. Repeat steps 21 to 24 for users Chad Niswonger and Danielle Durrer.
26. Open Exchange Management Shell and type : get-mailbox –filter {CustomAttribute1 –eq
“external”} | Set-CASMailbox -OwaMailboxPolicy: ”External Users Policy”, and press Enter.
27. Switch back to Exchange admin center.

28. Double click on Brad Sutton.
29. In the Brad Sutton window, click mailbox features.
30. In the right pane, scroll down to the Email Connectivity section and click View details.
31. Ensure that External Users Policy is applied.
32. Click cancel two times.
33. Repeat the steps 28 to 32 for users Chad Niswonger and Danielle Durrer.
 Task 2: Configuring Outlook Anywhere

1. On LON-CAS1, in Exchange admin center, click servers in the left navigation pane.
2. In the central pane, double-click LON-CAS1.
3. In the LON-CAS1 window, click Outlook Anywhere.

4. In the first text box type mail.adatum.com.
5. Make sure that second text box has the value lon-cas1.adatum.com, and that the third one has a
value Negotiate.
6. Select NTLM in the third option.

7. Click save.
 Task 3: Enabling and using Offline Outlook Web App

1. On LON-CL1, click to the desktop, open Internet Explorer and type
https://lon-cas1.adatum.com/owa.
2. Sign in as Adatum\Aidan with the password Pa$$w0rd. Click save.
3. In Outlook Web App window, open the Settings menu next to the user name in the right corner of
the browser, and then click Use mail offline.
4. Click yes on the warning window.
5. Click add to favorites.
6. Click Add.
7. Sign out from Outlook Web App and close Internet Explorer.
8. Switch to Hyper-V Manager.
9. Right click the 20341A-LON-CL1 machine, and choose Settings.
10. Click on Legacy Network Adapter, and then in the Network drop-down box, select Not connected.
11. Click OK. By doing this you temporarily disconnect your client from the network.
12. Switch to the LON-CL1 machine.
13. Open Internet Explorer, and from Favorites menu, choose Microsoft Outlook Web App.
14. When the Outlook Web App window is opened, verify that you can access mailbox content.
15. Send a test email to the administrator.
16. Switch to Hyper-V Manager.
17. Right click the 20341A-LON-CL1 machine and choose Settings.
18. Click on Legacy Network Adapter, and then in the Network drop-down box, select Private
Network. Click OK.
19. Wait for a 20 to 30 seconds, and then refresh the Outlook Web App window.
20. On LON-CAS1, open https://lon-cas1.adatum.com/owa and sign in as Administrator.
21. Verify that you received the email from Aidan that was sent from the offline Outlook Web App.
Results: After completing this exercise, students will have Outlook Web App and Outlook Anywhere
configured.
Exercise 3: Configuring Exchange ActiveSync

 Task 1: Plan a mobile device deployment
Answers:
• The main concern regarding the different device platforms will be their ability to support Exchange
policies. From security perspective, it is required that you can force the password requirements to
mobile devices.
• You can implement a mobile-device mailbox policy to achieve consistent settings.
• You will enforce password requirements to all devices that connect to your Exchange by
implementing appropriate policy.
• Requirements for quarantine can be implemented by configuring mobile device access options in the
Exchange Administration Center.
 Task 2: Configure mailbox policies for mobile devices

1. On LON-CAS1, open the Exchange admin center, click mobile and then click mobile device
mailbox policies.
2. Click the New icon.

3. In the new mobile device mailbox policy window, type Adatum Mobiles for the policy name.
4. Click the check mark on the This is the default policy option.
5. Do not select the option Allow mobile devices that don’t fully support these policies to
synchronize.
6. Select the option Require a password.
7. Select Require an alphanumeric password.
8. Select 2 in the drop-down box called Password must include this many character sets.
9. Select the Minimum password length option, and type 5 in the text box.
10. Select the option Number of sign-in failures before device is wiped, and type 4 in the text box.
11. Select the option Require sign-in after device has been inactive for, and type 5 in the text box.
12. Click save.
 Task 3: Configure device access rules

1. On LON-CAS1, in Exchange admin center, click mobile, and then click mobile device access.
2. Click the edit button.

3. In the Exchange ActiveSync access settings window, click Quarantine – Let me decide to block or
allow later.
4. In the Quarantine Notification Email Messages section, click the New icon.
5. In the Select Administrators window, select Administrator, click add, and then click ok.
6. In the text box below, type the following text: Your device is temporary in quarantine. The
Administrator will examine your request and will allow or block your connection according to
the policy.
7. Click save.
8. In the Device Access Rules pane, click the New icon.

9. In the new device access rule, in the Device family section click browse.
10. In the Device Family window, click All families, and then click ok.
11. Under the Only this model section, click browse. Select EASProbeDeviceType, and then click ok.
12. In the new device access rule window, click Quarantine – Let me decide to block or allow later.
13. Click save.
Results: After completing this exercise, the students will have mobile device options and policies
configured.
Exercise 4: Publishing Exchange Server 2013 through TMG 2010

 Task 1: Publish Exchange web-based services through TMG 2010
1. On LON-CAS1, open Windows PowerShell from taskbar and type mmc.exe and press Enter.
2. In the Console1 window, open File menu and then click Add/Remove Snap-in
3. Click Certificates and then click Add. Select Computer account and click Next.
4. Select Local computer, and then click Finish. Click OK.
5. Expand Certificates, expand Personal, and then click on Certificates.
6. Right-click the certificate Webmail.adatum.com, navigate to All Tasks, and select Export.
7. On the Welcome page, click Next.
8. On the Export Private Key page, select Yes, export the private key and click Next.
9. On the Export File Format page, click Next.

10. On the Security page, select Password and type Pa$$w0rd in both fields. Click Next.
11. On the File to Export page, type C:\CAS1.pfx as the file name, and then click Next.
12. Click Finish. In the pop window click OK. Close Console1.
13. Switch to LON-TMG machine.
14. On LON-TMG, click Start. In the Search box, type MMC, and then press Enter.
15. On the File menu, click Add/Remove Snap-in.
16. On the Add or Remove Snap-in page, click Certificates, and then click Add.
17. Click Computer account, click Next, click Finish, and then click OK.
18. Expand Certificates, right-click Personal, point to All Tasks, and then click Import.
19. On the Certificate Import Wizard page, click Next.
20. On the File to Import page, type \\LON-CAS1\C$\CAS1.pfx, and then click Next.
21. On the Password page, type Pa$$w0rd in the Password field, and then click Next.
22. On the Certificate Store page, click Next, and then click Finish.
23. Click OK, and then close Console1 without saving changes.
24. On LON-TMG, click Start, point to All Programs, click Microsoft Forefront TMG, and then click
Forefront TMG Management.
25. Expand Forefront TMG (LON-TMG), and then click Firewall Policy.
26. On the Firewall Policy Tasks pane, on the Tasks tab, click Publish Exchange Web Client Access.
27. On the Welcome to the New Exchange Publishing Rule Wizard page, type OWA Rule, and then
click Next.
28. On the Select Services page, in the Exchange version list, click Exchange Server 2010, select the
Outlook Web Access check box, and then click Next.
29. On the Publishing Type page, click Next.
30. On the Server Connection Security page, ensure that Use SSL to connect the published Web
server or server farm is configured, and then click Next.
31. On the Internal Publishing Details page, in the Internal site name text box, type
LON-CAS1.Adatum.com, and then click Next.
32. On the Public Name Details page, ensure that This domain name (type below) is configured in the
Accept requests for drop-down list. In the Public name box, type webmail.Adatum.com, and then
click Next.
33. On the Select Web Listener page, click New.
34. On the Welcome to the New Web Listener Wizard page, type HTTPS Listener, and then click
Next.
35. On the Client Connection Security page, ensure that Require SSL secured connections with
clients is selected, and then click Next.
36. On the Web Listener IP Addresses page, select the External check box, and then click Next.
37. On the Listener SSL Certificates page, click Select Certificate.
38. In the Select Certificate dialog box, click Webmail.adatum.com, click Select, and then click Next.
39. On the Authentication Settings page, accept the default of HTML Form Authentication, and then
click Next.
40. On the Single Sign On Settings page, type Adatum.com as the single sign-on (SSO) domain name,
click Next, and then click Finish.
41. On the Select Web Listener page, click Next.

42. On the Authentication Delegation page, accept the default of Basic authentication, and then
click Next.
43. On the User Sets page, accept the default, and then click Next.
44. On the Completing the New Exchange Publishing Rule Wizard page, click Finish.
45. Click Apply twice to apply the changes, and then click OK when the changes have been applied.
46. Switch to LON-CAS1 machine.

47. Open Exchange admin center and sign in as Adatum\Administrator.
48. On LON-CAS1, in the Exchange admin center, click servers in feature pane.
49. Click virtual directories tab.
50. On the virtual directories tab, double-click owa (Default Web Site) – LON-CAS1.
51. In the External URL box, type https://webmail.adatum.com/owa.
52. Click authentication, and then click Use one or more standard authentication methods, and then
select the Basic Authentication check box, and click save. Read the information on the window that
appears, and click ok.
53. On the virtual directories tab, double-click ecp (Default Web Site) – LON-CAS1.
54. In the External URL box, type https://webmail.adatum.com/ecp.
55. Click authentication, and then click Use one or more standard authentication methods, and then
select the Basic Authentication check box, and click save.
56. Click yes on the warning window. Click ok.
57. Open the Windows PowerShell. At the PS prompt, type IISReset /noforce, and then press Enter.
58. Wait until IIS service is restarted.

59. Switch back to LON-TMG machine.
60. In the Forefront TMG console, double click OWA rule.
61. In the OWA rule properties windows, click on the Application Settings tab.
62. In the Published server logoff URL type /owa/logoff.owa. (Note: you are doing this because TMG
2010 does not have publishing rule for Exchange 2013 so logoff page still direct users to old location
used by Exchange Server 2010.)
63. Click OK and then click Apply two times.
64. Click OK.
65. Double click OWA rule.
66. On the General tab, click Test Rule.
67. In Web Publishing Rule Test Results window, look for results for
https://webmail.adatum.com:443/ecp and https://webmail.adatum.com:443/owa. You should
have green check marks for these URLs. Click Close and then click OK.
 Task 2: Publishing rule testing

1. On the host computer, in Hyper-V Manager, right-click 20341A-LON-CL1, and then click Settings.
2. Click Legacy Network Adapter, and in the Network drop-down list, click Private Network 2, and
then click OK.
3. On LON-CL1, log on as Adatum\Administrator using the password Pa$$w0rd.
4. In the Start screen, type control panel. Click on the Control Panel icon.
5. Open the Control Panel, and then click View network status and tasks.
6. Click Change adapter settings.
7. Right-click Local Area Connection, and then click Properties.
8. Click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.

9. Change the IP address to 131.107.0.2, change the Default Gateway to 131.107.0.1.
10. Delete the value for DNS server.
11. Click OK, and then click Close. Close the Control Panel.
12. On the Start screen, type cmd and press enter.
13. In the command prompt window, type notepad c:\windows\system32\drivers\etc\hosts, and then
press Enter.
14. At the bottom of the hosts file, type 131.107.0.1 webmail.adatum.com, and then save and close the
file.
15. Open Internet Explorer, and then connect to https://webmail.adatum.com/owa.

16. Log on as adatum\administrator using the password Pa$$w0rd, and then verify that you access the
user mailbox.
17. In the Outlook Web App window, click Settings and then click Options. Verify that you can connect
to the options of your mailbox.
18. Close Internet Explorer.

following steps:

4. Repeat steps 2 to 3 for 20341A-LON-CAS1, 20341A-LON-MBX1, 20341A-LON-TMG, and 20341A-
LON-CL1.
Results: After completing this exercise, students will have Exchange Server 2013 published through TMG
2010.
L6-37
Module 6: Planning and Configuring Message Transport

Lab: Planning and Configuring Message
Transport
Exercise 1: Configuring Message Transport
 Task 1: Configure a Send connector to the Internet
1. On LON-CAS1, open Internet Explorer and type https://lon-cas1.adatum.com/ecp and press Enter.
2. Sign in as Adatum\Administrator with the password Pa$$w0rd.
3. In the Exchange admin center, in the feature pane, click mail flow.
4. Click the send connectors tab.
5. Click the New button.
6. In the new send connector window, type Internet sending in the Name text box.
7. Select Internet (For example, to send internet mail), and click next.
8. On the next wizard page, make sure that MX record associated with recipient domain is selected,
and click next.
9. On the next wizard page, click New.

10. In the add domain window, in the Full Qualified Domain Name (FQDN) text box, type * and click
save, and then click next.
11. On the next wizard page, click New.

12. Select LON-MBX1, and click the add-> button, and click ok.
13. Click finish.
 Task 2: Configure a Receive connector to accept relaying

1. In the Exchange admin center, click on the receive connectors tab.
2. Click New.
3. In the new receive connector window, type AppClient in the Name box, and select Client.
Click next.
4. On the next page, click Remove to remove scope 0.0.0.0 – 255.255.255.255. Click New.
5. In the add IP address window, type 172.16.0.10, and click save.
6. Click finish.
7. Click on AppClient, and then click Edit.
8. Click security.
9. Select Anonymous users, and click save.
Results: After completing this exercise, the students will have configured message transport.
L6-38 Planning and Configuring Message Transport
Exercise 2: Troubleshooting message delivery

 Task 1: Verify that messages from the Internet can be received
1. On LON-DC1, open Windows PowerShell from the task bar.
2. At the command prompt, type telnet LON-CAS1 smtp, and then press Enter.
3. Type helo, and press Enter.
4. Type mail from: info@internet.com, and press Enter.
You should receive response: 250 2.1.0 Sender OK

5. Type rcpt to: Aidan@adatum.com, and press Enter.
Response: 250 2.1.5 Recipient OK
6. Type data, and press Enter.

Response: 354 Start mail input; end with <CRLF>.<CRLF>
7. In Subject, type Test from Internet, and press Enter.
8. Press the period (.) key, and then press Enter.

9. Type Quit, and press Enter.
10. On LON-CL1, log on as Aidan with the password of Pa$$w0rd.

12. Verify that you received a new message from info@internet.com.
13. Reply to the message with the text of your choice, and click Send.
 Task 2: Troubleshoot message transport

1. On LON-MBX1, on the Start screen, click on Exchange Toolbox.
2. In the Exchange Toolbox window, double-click Queue Viewer.
3. In the Queue Viewer window, ensure that the internet.com domain is listed with one message in the
queue.
4. Double-click internet.com
5. Right-click the Aidan@adatum.com message, and select Remove (with NDR).
6. Click OK in the Bulk Action window, and then click Yes.

7. Switch to LON-CL1 machine, and ensure that you are still logged on as Aidan.
8. In the Outlook 2013 window, ensure that you received non-delivery report for the message you sent
to info@internet.com.
Results: After completing this exercise, the students will have completed SMTP troubleshooting.
Exercise 3: Configuring Transport Rules and Data-Loss Prevention Policies

 Task 1: Implementing and testing a disclaimer transport rule
1. On LON-CAS1, in the Exchange admin center, click mail flow in the feature pane.
2. Click the rules tab.

3. Click the New button.
4. In the new rule window, in the Name text box, type Adatum Disclaimer.
5. In the Apply this rule if drop-down box, select The sender is located option, and then in the select
sender location window, select Inside the organization, and then click ok.
6. In the Do the following drop-down box, select Append the disclaimer.
7. Click Enter text.

8. In the specify disclaimer text, type this is the Adatum Disclaimer Text, and click ok.
9. Click Select one, and then in the specify fallback action window, select wrap and click ok.
10. Click More options.

11. Click the add exception button. In the Except if drop-down box, select the option The sender is a
member of this group.
12. In the Select Members window, click Administrator, and click add->. Then click ok.
13. Select the check box on the option Activate this rule on the following date.
14. In the last section, select Enforce, and then click save.
15. Switch to LON-CL1 and sign in as Adatum\Aidan.
17. Click New Email.

18. In the To field, type administrator@adatum.com.
19. In the Subject field, type disclaimer test.
20. In the message body, type Test, and then click Send.
22. On the Outlook Web App window, sign in as Adatum\Administrator with the password of
Pa$$w0rd.
23. In the Outlook Web App, ensure that you received an email from Aidan, and that the disclaimer text
is appended to the messages.
24. Reply to that message with any text.
25. Switch to Outlook 2013, and make sure that you received the message from Administrator, but
without the disclaimer.
 Task 2: Creating a Data-Loss Prevention policy

1. On LON-CAS1, in the Exchange admin center, click compliance management in the feature pane.
2. Click on the data loss prevention tab.

3. Click an arrow next to the + sign.
4. Select new custom DLP policy.

L6-40 Planning and Configuring Message Transport
5. In the New custom DLP policy window, in the Name text box, type IP address block.
6. Click Enforce, and then click save.
7. Select the IP address block policy, and then click Edit.
8. In the IP address block window, click rules.
9. Click an arrow next to the + sign, and then select Block messages with sensitive information.
10. In the New Rule window, click Outside the organization. In the select recipient location window,
select Inside the organization, and click ok.
11. Click Select sensitive information types.
12. In the sensitive information types windows, click New.

13. Scroll down the list and select IP Address, and then click add->. Then click ok two times.
14. In the Do the following drop-down box, select Generate incident report and send it to, and then
click Select one.
15. In the list, select Administrator, and click ok.
16. Click Block the message.
17. In the notify the sender with a Policy Tip, type Your message is blocked in the Enter the
message users will receive text box, and click ok.
18. Select the check box on the option Activate this rule on the following date.
19. In the last section, select Enforce, and then click save.
20. In the IP address block, click save.
 Task 3: Verifying data-loss prevention policy functionality

1. Switch to LON-CL1, and ensure that you are logged on as Aidan Delaney.

3. Click New Email.
4. In the To field, type amr@adatum.com.
5. In the Subject field, type block test.

6. In the message body, type This is my IP address: 192.168.0.100, and then click Send.
7. Wait for a few moments, and see if you receive an email with the message that your previous
message to Arm Zaki is undeliverable. Also ensure that “Your message is blocked” text appears.
Review the message content.
9. On the Outlook Web App window, sign in as Adatum\Administrator with the password of
Pa$$w0rd.
10. In the Outlook Web App, ensure that you received an email from Aidan and that the original
message that Aidan sent to Amr is attached.
11. Sign out from Outlook Web App.


following steps:

4. Repeat steps 2 to 3 for 20341A-LON-CAS1, 20341A-LON-MBX1, 20341A-LON-CAS2, and

20341A-LON-CL1.
Results: After completing this exercise, the students will have configured transport rules and data-loss
prevention policies.
L7-43
Module7: Planning and Implementing High Availability

Lab: Implementing High Availability
Exercise 1: Creating and Configuring a Database Availability Group
 Task 1: Pre-Stage the cluster network object for a DAG
1. On LON-DC1, open Server Manager, click Tools, and then click Active Directory Users and
Computers.
2. In Active Directory Users and Computers, on the menu bar, click View, and then click Advanced
Features.
3. In the left pane, expand Adatum.com, click Computers, then right-click Computers, point to New,
and then click Computer.
4. In the New Object – Computer dialog box, in the Computer name field, type DAG1, and then click
OK.
5. In the right pane, right-click DAG1, and then click Properties.

6. In the DAG1 Properties dialog box, click the Security tab.
7. On the Security tab, click Add, and in the Enter the object names to select field, type Exchange
Trusted Subsystem. Click Check Names, and then click OK.
8. On the Security tab, click Add, and then click Object Types.
9. In the Object Types dialog box, click Computers, and then click OK.
10. In the Select Users, Computers, Service Accounts, or Groups window, in the Enter the object
names to select field box, type LON-MBX1$, then click Check Names, and then click OK.
11. On the Security tab, select LON-MBX1 (ADATUM\LON-MBX1$), then in the Allow column in the
Permissions for LON-MBX1 list, click Full control.
12. On the Security tab, select Exchange Trusted Subsystem (ADATUM\Exchange Trusted
Subsystem), then in the Allow column in the Permissions for Exchange Trusted Subsystem list,
click Full control, and then click OK.
13. In the Active Directory Users and Computers window, in the right pane, right-click DAG1, and then
click Disable Account.
14. In the warning window, click Yes, and then on the next information window, click OK.
 Task 2: Create a DAG and add mailbox servers to the DAG

1. Switch to LON-CAS1. Open Internet Explorer, and type https://lon-cas1.adatum.com/ecp, and then
press Enter.
3. In the Exchange Administration Center, in the Feature pane, click servers.

4. On tabs, click database availability groups, and then on the toolbar, click New.
5. In the New database availability group window, in the Database availability group name field,
type DAG1, then click Witness server, and type LON-CAS1 in the Witness server field. Click
Witness directory, in the Witness directory field, type C:\FSWDAG1, click Enter an IP address, in
Database availability group IP addresses field, and type 172.16.0.33. Then click Add, and then
click save.
L7-44 Planning and Implementing High Availability
6. In the list view, click DAG1, and on the toolbar, click Manage DAG membership.
7. In the manage database availability group membership window, click Add.
8. In the Select Server window, click LON-MBX1, click add, and then click LON-MBX2. Click add, and
then click ok.
9. In the manage database availability group membership window, click save.
10. In the Saving completed successfully window, click close.
 Task 3: Create a mailbox database copy

1. In the Exchange Administration Center, in tabs, click databases, then click Mailbox Database 1 on
the toolbar, click More, and then click Add database copy.
2. In the add mailbox database copy window, click browse.

3. In the Select Server window, click LON-MBX2, and then click ok.
4. In the add mailbox database copy window, click save.
5. Wait until the saving completes successfully, then click close.
 Task 4: Verify successful completion of copying a database

1. In tabs, click Refresh, and wait until the details pane shows Mailbox Database 1\LON-MBX2 as
Passive Healthy. This might take several minutes and up to several hours depending on the size of
the database.
2. In the details pane, under Mailbox Database 1\LON-MBX2, click View details.
3. Make sure that the Status displays Healthy and the Content index state also displays Healthy. Then
click cancel.
 Task 5: Suspend and resume a database copy

1. In the Exchange Administration Center, in the details pane, click Mailbox Database 1, and then
under Mailbox Database 1\LON-MBX2, click Suspend.
2. In the Suspend database window, in the Comments field, type Test Suspend, and then click save.
Now the database copy is suspended and will not receive any updates.
3. In the details pane, under Mailbox Database 1\LON-MBX2, click Resume. If the Resume button is
not available, wait and then click Refresh a few more times.
4. In the warning window, click yes.

5. In tabs, click Refresh, and then wait until the details pane shows Mailbox Database 1\LON-MBX2 as
Copy queue length: 0.
Results: After completing this exercise, students will have pre-staged a cluster network object in Active
Directory, created a DAG, added two Mailbox servers to the DAG, and made a database highly available.
Students also will have suspended a database copy and resumed it.
Exercise 2: Deploying Highly Available Client Access Servers

 Task 1: Install the Network Load Balancing feature on Client Access servers
1. Switch to LON-CAS1.
2. Click the Server Manager icon on the taskbar to open Server Manager.
3. Click Add roles and features.

7. On the Select server roles page, click Next.
8. On the Select features page, click Network Load Balancing, and in the Add Roles and Features
Wizard window, click Add Features, and then click Next.
10. In the Add Roles and Features Wizard, wait until the feature installation has succeeded, and then
click Close.
11. Switch to the LON-CAS2 virtual machine.
12. Click the Server Manager tile.
13. Click Add roles and features.
17. On the Select server roles page, click Next.
18. On the Select features page, click Network Load Balancing. In the Add Roles and Features Wizard
window, click Add Features, and then click Next.
20. In the Add Roles and Features Wizard, wait until the feature installation has succeeded, and then
click Close.
 Task 2: Create a load-balanced Client Access server cluster

1. Switch to LON-CAS1, in Server Manager, on the menu bar, click Tools, and then in the Tools drop-
down list, select Network Load Balancing Manager.
2. In the Network Load Balancing Manager, on the menu bar, click Cluster, and then click New.
3. In the New Cluster: Connect dialog box, type LON-CAS1 in the Host field, click Connect, and then
click Next.
4. In New Cluster: Host Parameters dialog box, click Next.
5. In New Cluster: Cluster IP Address dialog box, click Add.
6. In the Add IP Address dialog box, type 172.16.0.6 as the IPv4 address, type 255.255.0.0 as the
Subnet mask, and then click OK.
L7-46 Planning and Implementing High Availability
7. In the New Cluster: Cluster IP Address dialog box, click Next.
8. In the New Cluster: Cluster Parameters dialog box, type webmail.adatum.com in the Full Internet
name box, and then click Next.
9. In New Cluster: Port Rules dialog box, click Finish.
10. In Network Load Balancing Manager, wait until the LON-CAS1 icon turns green.
11. In the left pane, right-click Webmail.adatum.com (172.16.0.6), and then click Add Host To
Cluster.
12. In the Add Host to Cluster: Connect dialog box, type LON-CAS2 in Host field, click Connect, and
then click Next.
13. In the Add Host to Cluster: Host Parameters dialog box, click Next.
14. In the Add Host to Cluster: Port Rules dialog box, click Finish.
15. In Network Load Balancing Manager, wait until the LON-CAS2 icon turns green, and the Status says
Converged.
 Task 3: Create a DNS record for the virtual IP address

1. Switch to LON-DC1, in Server Manager, click Tools, and then click DNS.
2. In the DNS Manager, in the left pane, expand Forward Lookup Zones, select and then right-click
Adatum.com, and then click New Host (A or AAAA).
3. In the New Host dialog box, in Name field type Webmail, in the IP address field, type 172.16.0.6,
and then click Add Host.
4. Click OK and then click Done.
Results: After completing this exercise, students will have installed and configured NLB, and created a
DNS record for their load-balanced virtual IP address.
Exercise 3: Testing the High-Availability Configuration

 Task 1: Simulate failure on LON-CAS1 and verify Outlook Web Access functionality
1. Switch to LON-CAS1, then in Network Load Balancing Manager, in the left pane, right-click
LON-CAS1(Local Area Connection), click Control Host, and then click Stop.
2. Switch to LON-DC1, open Internet Explorer and type https://webmail.adatum.com/owa, and then
press Enter.
3. In Outlook Web App, sign in as Adatum\administrator with the password Pa$$w0rd.
4. You should now see your Inbox. This indicates that LON-CAS2 is currently serving as the Client Access
server.
 Task 2: Enable LON-CAS1 and simulate a LON-CAS2 failure

1. Switch to the LON-CAS1 virtual server, in Network Load Balancing Manager, in the left pane, right-
click LON-CAS1, click Control Host, and then click Start.
2. Switch to the Host machine, in Hyper-V Manager, right-click 20341A-LON-CAS2, and then click
Turn Off.
3. Switch to the LON-DC1 virtual machine. In Internet Explorer, click Refresh (F5).
4. In Outlook Web App, if the sign in page appears, sign in as Adatum\administrator with the
password Pa$$w0rd.
5. In Outlook Web App, in the left pane click Sent Items to make sure Outlook Web Access (OWA) is
still working. This verifies that LON-CAS1 took over the Client Access server role for the client.
 Task 3: Verify high availability of the database copies

1. Switch to LON-CAS1, open Internet Explorer, and type https://lon-cas1.adatum.com/ecp, and then
press Enter.

3. In Exchange admin console, click servers, and then on tabs, click databases.
4. In list view, click Mailbox Database 1, and in the details pane, verify that Mailbox Database 1
\LON-MBX1 is “Active Mounted” and Mailbox Database 1\LON-MBX2 is “Passive Healthy.”
5. Switch to the Host machine, in Hyper-V Manager, right-click 20341A-LON-MBX1, and then click
Turn Off.
6. Switch to the LON-CAS1 virtual machine. In Internet Explorer, click Refresh (F5).
7. In the Exchange Administration Center, if the sign in page appears, sign in as Adatum\administrator
with the password Pa$$w0rd.
8. In the Exchange Administration Center, in the Feature pane, click Servers.
9. On tabs, click databases, and then in the list view, click Mailbox Database 1.
10. Verify that in the details pane Mailbox Database 1\LON-MBX1 shows as “Passive ServiceDown”, and
Mailbox Database 1\LON-MBX1 shows as “Active Mounted.”
11. Switch to the LON-DC1 virtual machine, and in Internet Explorer and Outlook Web App, in the left
pane, click Inbox. Open a message and reply to the message to make sure the mailbox is available.

following steps:
4. Repeat steps 2 to 3 for 20341A-LON-CAS1, 20341A-LON-CAS2, 20341A-LON-MBX1, and

20341A-LON-MBX2.
Results: After completing this exercise, students will have tested their high-availability configuration.
L8-49
Module 8: Planning and Implementing Disaster Recovery

Lab: Implementing Disaster Recovery for
Exchange Server 2013
Exercise 1: Backing Up Exchange 2013
 Task 1: Populate a mailbox with Outlook Web App
1. On LON-CAS1, open Internet Explorer. Type https://lon-cas1.Adatum.com/owa.
2. Sign in as Adatum\michael with the password Pa$$w0rd.
3. On the language and Time zone page, click save.
4. Click new mail.

5. In the To section, type Mark Bebbington, and type Message before backup into the subject line.
6. Click Send.

8. Sign in again as Adatum\mark with the password Pa$$w0rd.
9. On the language and Time zone page, click save.
10. Check that the message is received.
13. Switch to the Start screen, and click the Exchange Management Shell.
14. Type the following command and press Enter:
Get-Mailbox mark@ADatum.com |fl name,database,guid
Notice the name and the GUID of the Mailbox Database. This is needed for the restore.
 Task 2: Install Windows Server Backup

1. On LON-MBX1, on the Start screen, click Server Manager.
2. In the Dashboard, click Add roles and features. The Add Roles and Features Wizard opens.
3. On the Before You Begin page, click Next.

4. On the Installation Type page, select Role-based or feature-based installation, and click Next.
5. On the Server Selection page, select Select a server from the server pool, select the Exchange
server in the Server Pool and click Next.
6. On the Server Roles page, click Next.
7. On the Features page, scroll down in the Features list, select Windows Server Backup, and click
Next.
8. On the Confirmation page, do not select the Restart the destination server automatically if
required option, and then click Install.
9. On the Results page, click Close.

L8-50 Planning and Implementing Disaster Recovery
 Task 3: Perform a backup of a mailbox database using Windows Server Backup

1. On LON-CAS1, open File Explorer, and create a folder named Backup on drive C:\.
2. Right-click the Backup folder, select Share with, and select Specific people.
3. Check that the Administrator account has Read/Write permissions, and click Share. Click Done.
5. On LON-MBX1, on the Start screen, click Administrative Tools.
6. Scroll down the tools list and double-click Windows Server Backup.
7. In the left navigation pane, select Local Backup.
8. In the Actions pane on the right side, click Backup Once.
9. In the Backup Once Wizard on the Backup Options page, select Different options, and click Next.
10. On the Select Backup Configuration page, select Full server (recommended), and click Next.
11. On the Specify Destination Type page, select Remote shared folder, and click Next.
12. On the Specify Remote Folder page, under Location type \\LON-CAS1 \Backup, under Access
control, select Do not inherit and click Next.
13. In the Windows Security popup window, enter Administrator as the name and Pa$$w0rd as the
password, and click OK.
14. On the Confirmation page, click Backup.
15. On the Backup Progress page, click Close.
16. When the backup completes, close Windows Server Backup. It may take 10-15 minutes to complete.
 Task 4: Delete message in mailbox

1. On LON-CAS1, open Internet Explorer. Type https://lon-cas1.ADatum.com/owa.
2. Sign in as Adatum\Mark with the password Pa$$w0rd.
3. Delete the message received from Michael.

4. Empty the Deleted Items folder.
5. Right-click the Deleted Items folder and select recover deleted items.
6. In the recover deleted items window, select the message received from Michael, and click purge.
7. Click OK to confirm the purge action on the selected item.

8. Close the recover deleted items window.
Results: After completing this exercise, you have successfully backed up the mailbox databases.
Exercise 2: Restoring Exchange Server 2013 Data

 Task 1: Restore the database using Windows Server Database
1. On LON-MBX1, open File Explorer, and create a folder named Restore on drive C:\.
2. On the Start screen, click Administrative Tools.

3. Scroll down the tools list, and double-click Windows Server Backup.
4. In the Actions pane, click Recover.
5. In the Recovery Wizard on the Getting Started page, select A backup stored on another location,
and click Next.
6. On the Specify Location Type page, select Remote shared folder, and click Next.
7. On the Specify Remote Folder page, type \\LON-CAS1\Backup, and click Next.
8. On the Select Backup Date page, select the date and time of the backup, and click Next.
9. On the Select Recovery Type page, select Applications, and click Next.
10. On the Select Applications page, verify that Exchange is selected.

11. Select Do not perform a roll-forward recovery of the application database, and click Next.
12. On the Specify Recovery Options page, select Recover to another location, and click Browse.
13. In the Browse For Folder window, select the C:\Restore folder, and click OK. Click Next.
14. On the Confirmation page, click Recover.
15. On the Recovery Progress page, check that the status of the recovery is Completed, and click Close.
16. Close Windows Server Backup.
 Task 2: Create a recovery database with the Exchange Management Shell

1. On LON-MBX1, on the Start screen, click Exchange Management Shell.
2. In the Exchange Management Shell, type the following command to create the Recovery database,
and press Enter. Note that you will need to use the GUID that you verified earlier to replace the
sample GUID listed below.
New-MailboxDatabase –Recovery –Name RecoveryDB –EdbFilePath “C:\Restore\df7d5fa1-

4f77-4f43-85ca-9cbbe8f58d5e\C_\Program
Files\Microsoft\ExchangeServer\V15\Mailbox\Mailbox Database 0825118640\Mailbox
Database 0825118640.edb” –LogFolderPath “C:\Restore\df7d5fa1-4f77-4f43-85ca-
9cbbe8f58d5e\C_\Program Files\Microsoft\ExchangeServer\V15\Mailbox\Mailbox Database
0825118640” –Server LON-MBX1
3. In the Exchange Management Shell, change to the folder that contains the recovery database. Note
that you will need to use the GUID that you verified earlier to replace the sample GUID listed below.
CD “C:\Restore\df7d5fa1-4f77-4f43-85ca-9cbbe8f58d5e\C_\Program
Files\Microsoft\ExchangeServer\V15\Mailbox\Mailbox Database 0825118640”
4. In the Exchange Management Shell, type the following command to bring the restored mailbox
database into a clean shutdown status, and press Enter.
Eseutil /R E00 /i /d
L8-52 Planning and Implementing Disaster Recovery
5. In the Exchange Management Shell, type the following command to mount the restored mailbox
database, and press Enter.
Mount-Database RecoveryDB
6. In the Exchange Management Shell, type the following command to list all mailboxes available in the
recovery database, and press Enter.
Get-MailboxStatistics –Database RecoveryDB
7. Check that the Mark Bebbington mailbox is listed.
 Task 3: Recover the mailbox from the recovery database

1. In the Exchange Management Shell, type the following command to create a new
MailboxRestoreRequest, and press Enter.
New-MailboxRestoreRequest –SourceDatabase RecoveryDB –SourceStoreMailbox “Mark

Bebbington” –TargetMailbox mark@adatum.com
2. In the Exchange Management Shell, type the following command to check the status of the
MailboxRestoreRequest, and press Enter.
Get-MailboxRestoreRequest
3. Repeat step 2 until the status is shown as Completed.
4. On LON-CAS1, open Internet Explorer.

5. Type https://lon-cas1.adatum.com/owa.
6. Sign in as adatum\mark with the password Pa$$w0rd.
7. Verify that the message has been restored.

 Prepare for the next module

following steps:

4. Repeat steps 2 to 3 for 20341A-LON-CAS1, 20341A-LON-CAS2, and 20341A-LON-MBX1.
Results: After completing this exercise, you will have successfully restored the missing items back into the
users’ mailboxes.
L9-53
Module 9: Planning and Configuring Message Hygiene

Lab: Planning and Configuring Message
Security
Exercise 1: Configure Anti-Malware Options in Exchange Server 2013
 Task 1: Enable anti-malware features in Exchange Server 2013
1. On LON-MBX1, on the Start screen click Exchange Management Shell.
2. In Exchange Management Shell, change current folder to “\Program Files\Microsoft\Exchange

Server\V15\Scripts” by typing following cmdlet and then press Enter.
cd “\Program Files\Microsoft\Exchange Server\V15\Scripts”
3. In Exchange Management Shell, enable anti-malware scanning by typing following script and then
press Enter.
.\Enable-AntimalwareScanning.ps1
4. Verify that following message appears: Anti-malware engines are updating. This may take a few
minutes. Note that since the lab environment does not have an Internet connection, the engine
update cannot complete. Type CTRL-C to stop the script.
5. In Exchange Management Shell, restart the Microsoft Exchange Transport Service by typing
following cmdlet and then press Enter.
Restart-Service MSExchangeTransport
6. In Exchange Management Shell, list installed transport agents by typing following cmdlet and then
press Enter.
Get-TransportAgent
7. Verify that following anti-malware agent is listed: Malware Agent. Note that the status of Malware
Agent is Enabled True if the script was allowed to complete.
 Task 2: Configure the default anti-malware policy in Exchange Server 2013

1. Switch to LON-CAS1.
2. Move the mouse pointer to the lower right corner of the window, and then click on Start charm.
3. On the Start screen, click on Internet Explorer tile.
4. In Internet Explorer, type the following address in the address bar and then press Enter:
https://lon-cas1.adatum.com/ecp
5. Sign in to Exchange admin center as Adatum\Administrator with a password of Pa$$w0rd, and
then click on sign in button.
6. In Exchange admin center, on a feature pane, click on protection.
7. In Exchange admin center window, on malware filter tab, click on edit button on the toolbar.
8. In the Default window, click on settings.
9. Under Malware Detection Response, select Delete all attachments and use custom alert text.
L9-54 Planning and Configuring Message Hygiene
10. In Custom alert text box, type following text: The attachment has been deleted because it
contained malware. Contact your administrator.
11. Under Notifications, select both Notify internal senders and Notify external senders checkboxes.
12. Under Administrator Notifications, select Notify administrator about undelivered messages
from internal senders checkbox.
13. In Administrator email address box, type administrator@adatum.com.
14. Under Administrator Notifications, select Notify administrator about undelivered messages
from external senders checkbox.
15. In Administrator email address box, type administrator@adatum.com.
16. In the Default window, click on save button.
Exercise 2: Configuring Anti-Spam Options on Exchange Server

 Task 1: Enable anti-spam features on LON-MBX1
1. Switch to LON-MBX1.
2. Move the mouse pointer to the lower right corner of the window, and then click on Start charm.
3. On the Start screen, click on the Exchange Management Shell tile.

4. In Exchange Management Shell, change current folder to “\Program Files\Microsoft\Exchange
Server\V15\Scripts” by typing following cmdlet and then press Enter.
cd “\Program Files\Microsoft\Exchange Server\V15\Scripts”
5. In Exchange Management Shell, install anti-spam agents by typing following script and then press
Enter.
.\Install-AntiSpamAgents.ps1
6. In Exchange Management Shell, restart the Microsoft Exchange Transport Service by typing
following cmdlet and then press Enter.
Restart-Service MSExchangeTransport
7. In Exchange Management Shell, specify the IP addresses of the internal SMTP servers – LON-MBX1
and LON-MBX2 that should be ignored by the Sender ID agent, by typing following cmdlet and then
press Enter.
Set-TransportConfig -InternalSMTPServers @{Add="172.16.0.23",”172.16.0.24”}
8. In Exchange Management Shell, list installed transport agents by typing following cmdlet and then
press Enter.
Get-TransportAgent
9. Verify that following anti-spam agents are listed: Content Filter Agent, Sender ID Agent, Sender
Filter Agent, Recipient Filter Agent, Protocol Analysis Agent. Verify that the status of anti-spam
agents is Enabled True.
 Task 2: Configure content filtering on LON-MBX1

1. In Exchange Management Shell, verify that content filtering is enabled by typing following cmdlet
Get-ContentFilterConfig | Format-List Enabled
2. Verify that Enabled:True is displayed.
3. In Exchange Management Shell, configure blocked phrase Poker results by typing following cmdlet
Add-ContentFilterPhrase -Influence BadWord -Phrase "Poker results"
4. In Exchange Management Shell, configure allowed phrase Report document by typing following
cmdlet and then press Enter.
Add-ContentFilterPhrase -Influence GoodWord -Phrase "Report document"
5. In Exchange Management Shell, configure quarantine mailbox quarantine@adatum.com by typing

following cmdlet and then press Enter. Note: In a production environment, you should also create a
user mailbox and configure it to be quarantine mailbox.
Set-ContentFilterConfig -QuarantineMailbox quarntine@adatum.com
6. In Exchange Management Shell, configure SCL thresholds and enable quarantine by typing following
cmdlet and then press Enter.
Set-ContentFilterConfig -SCLDeleteEnabled $true -SCLDeleteThreshold 9 -

SCLRejectEnabled $true -SCLRejectThreshold 8 -SCLQuarantineEnabled $true -
SCLQuarantineThreshold 7
7. In Exchange Management Shell, configure custom rejection response by typing following cmdlet and
then press Enter.
Set-ContentFilterConfig -RejectionResponse "Your message was rejected because by our

spam filter. Contact your administrator."
8. In Exchange Management Shell, configure the SCL junk threshold with value 6 for all mailboxes in
your organization by typing following cmdlet and then press Enter.
Set-OrganizationConfig -SCLJunkThreshold 6
 Task 3: Configure sender and recipient filtering on LON-MBX1.

1. On LON-MBX1, in Exchange Management Shell, configure sender filtering to block messages from
marketing@contoso.com by typing following cmdlet and then press Enter.
Set-SenderFilterConfig -BlockedSenders marketing@contoso.com
2. In Exchange Management Shell, configure recipient filtering to block messages sent to

helpdesk@adatum.com by typing following cmdlet and then press Enter. Note: In this scenario we
assume that email address helpdesk@adatum.com is for internal purposes only, and should not
receive email from external senders.
Set-RecipientFilterConfig -BlockListEnabled $true -BlockedRecipients

helpdesk@adatum.com
L9-56 Planning and Configuring Message Hygiene

When you finish the lab, revert the virtual machines to their initial state by performing the following steps:
1. On the host computer, start Hyper-V® Manager.
4. Repeat steps 2 and 3 for 20341A-LON-CAS1, and 20341A-LON-MBX1.

L10-57
Module10: Planning and Configuring Administrative Security

and Auditing
Lab: Configuring Administrative Security
and Auditing
Exercise 1: Configuring Exchange Server Permissions
 Task 1: Configure Exchange server permissions for the IT administrators group
1. On LON-MBX1, open Server Manager, click Tools, and then click Active Directory Users and
Computers.
2. In the left pane, expand Adatum.com, click Microsoft Exchange Security Groups, and then on
right pane, double-click Server Management.
3. In Server Management Properties, click the Members tab, and then click Add.
4. In the Enter the object names to select field, type IT, and then click OK twice.
5. Close Active Directory Users and Computers.
 Task 2: Configure permissions for the Support Desk and HelpDeskAdmins groups
1. On LON-MBX1, click to the Start screen, and then click Exchange Management Shell.
2. In the Exchange Management Shell, at the PS prompt, type the following command, and then press
Enter:
New-RoleGroup -Name HelpDeskAdmins -roles “Mail Recipients”
3. At the PS prompt, type the following command, and then press Enter:
New-RoleGroup -Name SupportDesk -roles “Mail Recipients”, “Mail Recipient Creation”,

“Distribution Groups”
4. Click to the Start screen, and then click Internet Explorer, connect to
https://LON-CAS1.adatum.com/ecp. Sign in as Adatum\Administrator using the password
Pa$$w0rd.
5. In the Exchange Administration Center, in the feature pane, click permissions.
6. On tabs, click admin roles, and then double-click SupportDesk in the list view.
7. In the Role Group window, under Members, click Add.
8. On the Select Members page, select Ryan Spanton, click add, and then click ok.
9. In the Role Group window, click save.
10. In the list view, double-click HelpDeskAdmins.
11. In the Role Group window, under Members, click Add.
12. On the Select Member page, select Carol Troup, click add, and then click ok.
13. In the Role Group window, click save.

L10-58 Planning and Configuring Administrative Security and Auditing
 Task 3: Verify the permissions for the three role groups created
1. On LON-MBX1, open Internet Explorer, and connect to https://LON-CAS1.adatum.com/ecp. Sign
in as Adatum\Tony using the password Pa$$w0rd.
2. In the feature pane, click servers.

3. In tabs, click databases.
4. In the list view, double-click Research.
5. On the Mailbox database dialog box, in the left pane, click limits, then click the Issue a warning at
(GB) drop-down list, select unlimited, and then click save.
6. In the feature pane, click unified messaging. Verify that you can see the UM dial plans, but not
create or modify them. Remember that Tony is part of the IT group, and therefore is able to modify
server properties but not unified messaging settings.
8. Open Internet Explorer, and connect to https://LON-CAS1.adatum.com/ecp. Sign in as

Adatum\Ryan using the password Pa$$w0rd. Recognize that in the feature pane, there are no
servers. This is because Ryan does not have permissions to manage servers.
9. In the feature pane, click recipients.

10. In the list view, double-click Alan Steiner.
11. In the User Mailbox window, in the left pane, click organization.
12. In the Department field, type IT, and then click save.
13. In tabs, click groups.
14. In the list view, double-click Research. Verify that you cannot modify the group properties by typing
a group description and then click save.
15. An error window appears that shows you that you do not have sufficient permissions to modify the
group, click ok, and then in the Security Group window, click cancel.
16. In tabs, click mailboxes, and then click New in toolbar.

17. In the User Mailbox window, type Test in the Alias field, and then click New user.
18. Type Test in the First name field, and then type Test in Last name field. Type Test in the User
logon name field, and Pa$$word in the New password and Confirm password fields, and then
click save. This confirms that Ryan is able to create new mailboxes.
20. Open Internet Explorer, and connect to https://LON-CAS1.adatum.com/ecp. Sign in as

Adatum\Carol using the password Pa$$w0rd.
21. In the feature pane, click recipients. Note that there is no New user button on the toolbar.
22. In the list view, double-click Alan Steiner.
23. In the User Mailbox window, in the left pane, click organization.
24. In the Department field, type Customer Service, and then click save.
25. Verify that groups is not available in tabs as Carol does not have permission to manage groups.
Results: After completing this exercise, the students will have configured RBAC roles and verified that the
permissions are granted accordingly.
Exercise 2: Configuring Audit Logging

 Task 1: Configure audit logging on the Info@Adatum.com mailbox
2. In the Exchange Management Shell, at the PS prompt, type the following:
Set-Mailbox -Identity "Info" -AuditDelegate SendAs,SendOnBehalf -AuditEnabled $true
3. Minimize the Exchange Management Shell.
 Task 2: Perform SendAs activity on the Info@Adatum.com mailbox

1. Switch to LON-CAS1, open Internet Explorer, type https://LON-CAS1.adatum.com/owa, and then
press Enter.
2. Sign in to the Outlook Web Access Application as Adatum\Tony using the password Pa$$w0rd.
3. Click new mail to create a new message, click more options, and then click show from.
4. In the From field, type Info@adatum.com, and in the To field type Tony Smith. In the Subject field
type Testing Send As logging.
5. In the message body, type some text, and then click Send. Verify that the message is sent.
 Task 3: Verify that the activity is logged

1. On LON-MBX1, open Internet Explorer, and then type https://LON-CAS1.adatum.com/ecp.
2. Sign in as Adatum\Administrator using the password Pa$$w0rd.
3. In the Exchange Administration Center, in the feature pane, click compliance management.
4. On tabs, click auditing.
5. Click Run a non-owner mailbox access report.
6. In the Search for access by drop-down box, select All non-owners, and then click Search.
7. In the search results, click Info, and view the report that shows that Tony Smith accessed the Info
mailbox.
8. Click close, and then close Internet Explorer.
Results: After completing this exercise, the students will have configured mailbox audit logging and
verified that audit logging works correctly.
L10-60 Planning and Configuring Administrative Security and Auditing
Exercise 3: Configuring RBAC split permissions on Exchange Server 2013

 Task 1: Create a new role group called HRAdmins, and assign permissions
2. In the Exchange Management Shell, at the PS prompt, type the following cmdlets, and then press
Enter.
New-RoleGroup "HRAdmins" -Roles "Mail Recipient Creation", "Security Group Creation

and Membership"
New-ManagementRoleAssignment -Role "Mail Recipient Creation" -SecurityGroup
"HRAdmins" -Delegating
New-ManagementRoleAssignment -Role "Security Group Creation and Membership" -
SecurityGroup "HRAdmins" -Delegating
3. In the Exchange Management Shell, at the PS prompt, type the following command, and then press
Enter.
Add-RoleGroupMember "HRAdmins" -Member Tony
4. Open Server Manager, click Tools, and then click Active Directory Users and Computers.
5. In the left pane, click Microsoft Exchange Security Groups, and then double-click HRAdmins.
6. Click the Managed By tab, click Change and type HRAdmins, and then click OK.
7. Click the Manager can update membership list option, and then click OK.
8. In the right pane, double-click Recipient Management.
9. Click the Members tab, click Add and type HRAdmins, and then click OK. This is required to assign
the HRAdmins group the necessary permissions to be able to create a mailbox.
10. Close the Active Directory Users and Computers console.
 Task 2: Remove the permission to create AD DS objects from other Exchange Server
administrator groups
1. On LON-MBX1, open the Exchange Management Shell.
Get-ManagementRoleAssignment -Role "Mail Recipient Creation" | Format-Table Name,

Role, RoleAssigneeName –Auto
3. After you see which groups have delegated role assignments for this role, run the following cmdlet to
remove all groups except HRAdmins:
Get-ManagementRoleAssignment -Role "Mail Recipient Creation" | Where {

$_.RoleAssigneeName -NE "HRAdmins" } | Remove-ManagementRoleAssignment
4. At the prompt, type A, and press Enter.
Get-ManagementRoleAssignment -Role "Security Group Creation and Membership" | Where {

$_.RoleAssigneeName -NE "HRAdmins" } | Remove-ManagementRoleAssignment
6. At the prompt, type A, and press Enter.

 Task 3: Validate RBAC split permissions functionality

1. On LON-MBX1, open Internet Explorer, connect to https://LON-CAS1.adatum.com/ecp. Sign in as
Adatum\Administrator using the password Pa$$w0rd.
2. In the feature pane, click recipients.

3. In tabs, click mailboxes, and then click New in toolbar.
4. In the User Mailbox window, type New in the Alias field, and then click New user. Note that all
fields required to create a new user are greyed out. This is because you do not have the permission to
create a new user account in AD DS.
6. Open Internet Explorer, connect to https://LON-CAS1.adatum.com/ecp. Sign in as Adatum\Tony

using the password Pa$$w0rd.
7. In tabs, click mailboxes, and then click New on the toolbar.
8. In the User Mailbox window, type Test2 in the Alias field, and then click New user.
9. Type Test2 in First name field, and Test2 in Last name field. Type Test2 in the User logon name
field, and Pa$$word in the New password and Confirm password fields, and then click Save. This
confirms that Tony is able to create user accounts for new mailboxes.

following steps:

4. Repeat steps 2 to 3 for 20341A-LON-CAS1, 20341A-LON-MBX1, and 20341A-LON-MBX2.
Results: After completing this exercise, students will have created a new role group, configured RBAC split
permissions, and validated that RBAC split permissions are working as expected.
L11-63
Module 11: Monitoring and Troubleshooting Microsoft

Lab: Monitoring and Troubleshooting
Exercise 1: Monitoring Exchange Server
 Task 1: Create a new data collector set named Exchange Monitoring
1. On LON-MBX1, click on the Server Manager tile.
2. In the Server Manager window, click on the Tools menu, and then click Performance Monitor.
3. In the Performance Monitor window, in the navigation pane, expand Data Collector Sets, and then
click User Defined.
4. Click the Action menu, click New, and then click Data Collector Set.
5. In the Create new Data Collector Set Wizard, in the Name box, type Exchange Monitoring, select
Create manually (Advanced), and then click Next.
6. Select the Performance Counter check-box, and then click Finish.
 Task 2: Create a new performance-counter data collector set for monitoring basic
Exchange Server performance
1. In the Performance Monitor, in the navigation pane, expand Data Collector Sets, expand User
Defined, click Exchange Monitoring, click the Action menu, click New, and then click Data
Collector.
2. In the Create New Data Collector Wizard, in the Name box, type Base Exchange Monitoring, select
Performance counter data collector, click Next, and then click Add.
3. In the Available counters object list, expand Processor, and then click % Processor Time. Press and
hold the Ctrl key, click % User Time, click % Privileged Time, and then click Add.
4. In the Available counters object list, expand Memory, and then click Available Mbytes. Press and
hold the CTRL key, click the following items, and then click Add:
o Page Reads/sec
o Pages Input/sec
o Pages/sec
o Pages Output/sec
o Pool Paged Bytes
o Transition Pages Repurposed/sec
5. In the Available counters object list, expand MSExchange ADAccess Domain Controllers, and
then click LDAP Read Time. Press and hold the Ctrl key, click the following items, and then click Add:
o LDAP Search Time
o LDAP Searches Timed Out per Minute

o Long Running LDAP Operations/min
L11-64 Monitoring and Troubleshooting Microsoft Exchange Server 2013
6. In the Available counters object list, expand System, click Processor Queue Length, click Add, and
then click OK.
7. In the Create New Data Collector Wizard, in the Sample interval box, type 1, in the Units drop-down
list, select Minutes and then click Finish to create the data collector.
 Task 3: Create a new performance-counter data collector set for monitoring Mailbox
server role performance
1. In the Performance Monitor, in the navigation pane, click Exchange Monitoring, click the Action
menu, click New, and then click Data Collector.
2. In the Create new Data Collector Wizard, in the Name box, type Mailbox Role Monitoring, select
Performance counter data collector, click Next, and then click Add.
3. In the Available counters object list, expand LogicalDisk, and then click Avg.Disk sec/Read. Press
and hold the Ctrl key, click the following items, and then click Add:
o Avg.Disk sec/Transfer
o Avg.Disk sec/Write
4. In the Available counters object list, expand MSExchangeIS Store, and then click RPC Average
Latency. Press and hold the Ctrl key, click the following items, and then click Add:
o RPC Operations/sec
o RPC Requests
o Messages Delivered/sec
5. Click OK.
6. In the Create New Data Collector Wizard, in the Sample interval box, type 1 in the Units drop-down
list, select Minutes, and then click Finish to create the data collector set.
 Task 4: Verify that the data collector set works properly

1. In the Performance Monitor, in the navigation pane, click Exchange Monitoring, click the Action
menu, and then click Start.
2. Wait at least five minutes, click the Action menu, and then click Stop.
3. In the navigation pane, expand Reports, expand User Defined, expand Exchange Monitoring, click
LON-MBX1_DateTime-Number, and then review the report.
4. Close the Performance Monitor.
Results: After this exercise, you should have created a data collector set for monitoring LON-MBX1 that
uses the recommended performance counters.
Exercise 2: Troubleshooting Database Availability

 Task 1: Identify the scope of the problem.
Before you begin this exercise, complete the following steps:
1. On LON-MBX1, open the Exchange Management Shell. At the prompt, type

c:\scripts\Lab11Prep1.ps1, and then press Enter. This script will simulate database failure.
3. On LON-MBX1, if the Start screen is not displayed, move the mouse to the lower right corner of the
screen, click Start.
4. On the Start screen, open Internet Explorer.

5. In the Internet Explorer window, type https://lon-cas1.adatum.com/ecp, and then press Enter.
6. On the Outlook Web App web page, in the Username box, type Adatum\Administrator. In the
Password box, type Pa$$w0rd and then click Sign In.
7. On the Exchange admin center, on the feature pane, click on servers, and then click on the
databases tab.
8. In the list view, click on MailboxDB100 database, and then in the details pane, verify that it is
Dismounted.
9. In the toolbar, click More, and then click Mount.
10. In the warning window, click the yes button.
11. Another warning window appears, displaying message that at least one database file is missing. In
the warning window, click cancel.
 Task 2: Review the event logs

1. On LON-MBX1, click on Server Manager.
2. In Server Manager window, click on the Tools menu, and then click Event Viewer.
3. In Event Viewer, in the navigation pane, expand Windows Logs, click Application, and then in the
Content pane, review recent events. Click recent events that have a source from one of the
MSExchange services, and then review the details of the error in the lower half of the Content pane.
4. In the navigation pane, click System, and then in the Content pane, review recent events. Notice that
notable events are present.
5. Close Event Viewer.
 Task 3: List the probable causes of the problem, and rank the possible solutions if
multiple options exist
• List the problems and possible solutions:
Problem Possible solution
Disk errors are preventing access to the database. Replace disks and restore from backup.
Database path is incorrect because of storage Change storage or database configuration.

changes.
 Task 4: Review the database configuration

1. On LON-MBX1, in the Exchange admin center, in the list view, verify that MailboxDB100 database is
selected, and then on the toolbar, click on the Edit button.
2. Take note of the Database path.

3. Click the File Explorer icon on the Taskbar, and then in the navigation pane, expand Computer,
expand Local Disk (C:), expand Program Files, expand Microsoft, expand Exchange Server, expand
V15, expand Mailbox, and then expand MailboxDB100-newpath folder. Verify that database file
MailboxDB100.edb does not exist.
4. In the navigation pane, click the MailboxDB100 folder, and locate the MailboxDB100.edb database
file. This is the actual location of the database and transaction log files. The configuration is pointing
to the wrong path.
5. Close the File Explorer window.
 Task 5: Reconfigure and mount the database

1. On LON-MBX1, in the Exchange Management Shell, type the follow cmdlet, and then press Enter:
Move-DatabasePath MailboxDB100 –LogFolderPath “C:\Program Files\Microsoft\Exchange

Server\V15\Mailbox\MailboxDB100” –EdbFilePath “C:\Program Files\Microsoft\Exchange
Server\V15\Mailbox\MailboxDB100\MailboxDB100.edb” –ConfigurationOnly –force
2. Type Y, and then press Enter.

3. In the Exchange Management Shell, type the following cmdlet:
Mount-Database MailboxDB100
4. Press Enter, and then close the Exchange Management Shell.
5. In the Exchange admin center, on the features pane, click on servers, and then click on the
databases tab.
6. In the list view, click on MailboxDB100 database, and then in the details pane, verify that it is
Mounted.
Results: After this exercise, you should have used a troubleshooting technique to identify and fix a
Mailbox server problem.
Exercise 3: Troubleshooting Client Access Servers

 Task 1: Use the Test cmdlets to verify server health.
Before you begin this exercise, complete the following steps:
1. On LON-MBX1, open the Exchange Management Shell. At the prompt, type

c:\scripts\Lab11Prep2.ps1, and then press Enter.
3. On LON-MBX1, if the Start screen is not displayed, move the mouse to the lower right corner of the
screen, and click Start.
4. On the Start screen, click Exchange Management Shell.

5. In the Exchange Management Shell, type the following Test cmdlet:
Test-ServiceHealth
6. Press Enter. Verify that the output does not return any errors.
7. In the Exchange Management Shell, type the following Test cmdlet, and then press Enter:
Test-OwaConnectivity –URL https://LON-MBX1.adatum.com/OWA -TrustAnySSLCertificate
8. Note the authentication errors.
 Task 2: List the probable causes of the problem, and rank the possible solutions if
multiple options exist
• List the problems and possible solutions:
Problem Possible solution
Internet Information Server (IIS) Configuration is Modify the IIS configuration.

not configured correctly
Microsoft Outlook Web App authentication is not Modify Outlook Web App authentication
configured correctly. configuration.
 Task 3: Check the Outlook Web App configuration

1. On LON-MBX1, if Start screen is not displayed, move the mouse to the lower right corner of the
screen, click on Start.
2. On the Start screen, open the Internet Explorer.
4. On the Outlook Web App web page, in the Username box, type Adatum\Administrator, in the
Password box, type Pa$$w0rd and then click the Sign In button.
5. Verify that you cannot sign in to the Exchange Administration Center.
6. In the Exchange Management Shell, type following cmdlet, and then press Enter.
Get-OwaVirtualDirectory –Identity “lon-cas1\owa (Default Web Site)" | ft name,

*authentication
7. Verify that all authentication methods are set to False.
8. In the Exchange Management Shell, type following cmdlet, and then press Enter.
Set-OwaVirtualDirectory –Identity “lon-cas1\owa (Default Web Site)" –

FormsAuthentication $true
9. In the Exchange Management Shell, type following command, and then press Enter.
iisreset
11. On the Outlook Web App web page, in the Username box, type Adatum\Administrator, and in the
password box, type Pa$$w0rd and then click on the Sign In button.
12. Verify that now you can sign in to Exchange admin center.
Note: If you receive an error indicating that the service did not start, start the World Wide
Web Publishing Service in the Services management console.
 Task 4: Verify that you resolved the problem

1. Open Internet Explorer, and connect to https://LON-CAS1.adatum.com/owa.
2. Log on to Outlook Web App as Adatum\Administrator with the password Pa$$w0rd.

3. Confirm that Administrator can now access Outlook Web App, and then close Internet Explorer.
Results: After this exercise, you should have used a troubleshooting technique to identify and fix a Client
Access server problem.

20341a Alllabs PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

20341a Alllabs PDF

Uploaded by

Copyright:

Available Formats

MCT USE ONLY.

STUDENT USE PROHIBITED

Module 1: Deploying and Managing Microsoft Exchange

3. Right-click Adatum.com, and then click Properties.

 Task 2: Evaluate the DNS Requirements

4. At the command prompt, type Nslookup, and then press Enter.

7. Close Windows PowerShell.

Exercise 2: Deploying Exchange Server 2013

2. Navigate to C:\Program Files\Microsoft Learning\20341\Drives\ExchangeServer2013.iso and

4. Type D: and press Enter.

5. Type the following command and then press Enter:

.\Setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms /OrganizationName:Adatum

6. Wait until the process completes.

 Task 2: Performing Exchange Server 2013 installation on a single server

5. In the Startup type field, ensure that Automatic is selected.

7. On LON-EX1, open Windows PowerShell window from the task bar.

8. Type Import-Module ServerManager, and press Enter.

Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-

10. Wait until installation of Windows components finishes.

11. Close PowerShell window, and restart the server.

14. Double click setup.exe.

16. On the Introduction page, click Next.

18. On the Recommended Settings page, click next.

 Task 3: Verifying Exchange Server installation

6. From the task bar, open File Explorer.

7. Browse to C:\Program Files\Microsoft\Exchange Server\V15. This list of folders includes

9. From the Start screen, click Internet Explorer.

13. Send an email to administrator.

14. Verify that the email is received in the inbox.

Exercise 3: Managing Exchange Server 2013

4. Click on the + sign.

7. In the Alias text box, type AidanD, and click save.

8. Make sure that Aidan Delaney appears in the list of mailboxes.

10. Click the arrow next to the + sign.

13. In the Alias text box, type AdatumNews.

 Task 2: Managing Exchange Server with Exchange Management Shell

3. All users from Adatum.com domain will be listed.

4. Type enable-mailbox –identity Robert, and press Enter.

6. Type get-mailbox | set-mailbox –issuewarningquota 209715200 –prohibitsendquota

8. Type Get-User | Where-Object {$_.distinguishedname

9. Ensure that mailboxes for the IT organizational unit are created.

10. Close the Exchange Management Shell window.

 Task 3: Exploring Outlook Web App

4. In the Outlook Web App window, click new mail.

5. In the window on the right, send a new email to administrator.

7. In the options window, click on groups in the left pane.

8. In the central pane, click the Join button.

10. In the Adatum News window, click Join.

11. Close the all groups window.

12. Click on settings in the left pane

15. Click the arrow in the upper left corner (back).

16. Click on the wheel icon in the upper right corner.

17. Select Change theme.

19. Close the Internet Explorer window.

 To prepare for the next module

1. On the host computer, start Hyper-V Manager.

4. Repeat steps 2 to 3 for 20341A-LON-EX1-B.

Module2: Planning and Configuring Mailbox Servers

 Task 2: Using the Exchange Mailbox Server Role Requirements Calculator

Exchange Environment Configuration

o Server Role Virtualization: Yes

o High Availability Deployment: Yes

o Number of Database Availability Groups: 2