Configuring Exchange 2007 Server
Exam 70 – 236
Series Outline
o Introduction to Exchange 2007. o Preparing and Installing Exchange 2007. o Managing Store groups and Databases. o Configure Public Folders. o Managing Recipient Objects: Mailboxes o Managing more recipient Objects. o E-mail policies, Accepted Domains and Address Lists. o Configure you Client Access server (CAS) o Outlook anywhere and POP/IMAP configurations. o Configure Disaster recovery. o Configure High Availability. o Understanding message Transport. o Troubleshooting Message Transport. o Configure your Edge Transport Role. o Finalizing Edge Transport. o Configure Anti-Spam o Analyze and Monitor Exchange 2007 o A look at unified messaging o Troubleshooting for Exchange Environment. o Power-Shell from 0 to 60. o Bonus Exam preparation.
Introduction to Exchange 2007
Lesson ���� 1
- What is Exchange?
Exchange 2007 is the latest that Microsoft has offered in terms of messaging and collaboration services. An Exchange server is used
for messaging and collaboration purposes
History:
• 4.4 Released in 1996
• 5.0
• 5.5 having its own directory services and manages how the data flows from one server to another. After this
version AD is separated and Exchange works jointly with windows AD services.
• 2000 – AD
• 2003
• 2007
Exchange Clients:
• Outlook Current version (2007)
• Outlook Web Access – Outlook Mob, Outlook voice, Outlook Anywhere access.
• Outlook Express Windows (Vista) Mail.
• Other POP/IMAP Clients.
In order to understand exchange complete Concepts of AD should be very strong. AD having the two sides. One is Logical side and
one is Physical side involves the various structures created. The logical side stands for what are the various structures created behind
the AD. Physical side stands for the Placement of Domain controllers the location of different sites and how AD information is
replicated.
AD is a database; it’s a database which holds the information about your organization objects and those objects having various
attributes to them including the user the address of the person you have created and the other information. All of the information is
held in the AD and replicated depending on logical and physical structure.
Logical structure:
In the above diagram Logical structure is the Forest and under the forest there are different Domains and Trees which share the
Schema and common information. There is an automatic Trust relationship between the trees and the Domains within the Forest.
This is pretty important for Exchange because there is only one Exchange organization per Forest.
If we have multiple forests there is no way to setup a single Exchange organization for them. There is only one option to merge the
different forest into one and build an Exchange Organization for them or you have to go with multiple Exchange Organizations.
AD domain is a collection of computers which share a common database, shares common security policies, security relationships.
Within a domain you can make user accounts and computer accounts and which are held in OU’s and the purpose of OU is to
structure the information in a logical way.
Physical Structure:
Active Directory is a huge repository for all sorts of data. It’s a huge database which contains each and everything right from Users
cell phone information, including computers and printers, and all has to be replicated around the Active Directory Domain which
makes information to be accessible
In many cases we have to create multiple sites E.g., we have two different locations, One DC is located in and the second one in North
America, when you have multiple locations and you want to retrieve all the information in the same Domain, all of the information
should be replicated to all of the domain Controllers. By Creating two different sites, which means that those two locations having
different IP Addressing Schemes, By Creating a separate site you can schedule replication in between Site1 and Ste2, It is important in
view of Exchange, In previous versions of Exchange they are creating their own replication structure but it is dictated by AD structure.
In Addition to Exchange we have a DNS Server and is very important for Exchange, Exchange server use DNS server in order to
communicate with AD to retrieve information about various recipients and other Exchange servers out of that. This is because when
an Exchange server is residing there it registers itself in that DNS server, and DNS Server keeps track of that where the other
Exchange servers are and where the other DC are. DNS also tells that where the Global Catalog servers are.
Standard Difference between Normal DC and Global Catalog Server:
Domain controllers replicate the entire object in their domain; this sometimes is quite a bit heavy to be replicated to all of the
Domains in Entire Forest. The Global catalog server retains a Subset of those attributes; it keeps tracks of all of the objects in the
forest with all of their attributes just retains the all the subset of the attributes. Global catalog is important because it keeps the
information of all of the mail enabled and mailbox enabled objects all replicated to the Global catalog servers. So, if you search for
any users in Global Address list that list is generated from the recipients in the AD Forest of Global catalog. In Addition when mail is
sent to various individual into the organization that is Global Catalog server that assist in delivering messages to the proper Mailbox.
DNS Server is also very important because Exchange uses DNS server to find the Global catalog server and other DC.
5 server Roles �
These Roles are new in some cases like Unified Message Roles and Edge Transport server. In theory these roles existing before but
what is new is that now in exchange 2007 having the ability to split up the function of Exchange server using these roles or
combination of Roles using servers in your organization. These things can be performed for performance reasons, like setup servers
for various routing of messages from your mailbox servers themselves. Or you cannot use then as Edge transport server which is not
even a part of domain so you cannot include it on of the other server role, it has to be as it own server or its own role.
So, you can put multiple server roles or you can have one server that handles all of the necessary server roles for your exchange
organization.
1. Mail Box Server Role �
This role holds all of your exchange databases which use your user mailboxes or your public folder databases. Most of the cases you
have more mailbox serves then the server roles. You mail box server has to be a part of the AD Domain, your mailbox server have the
plenty of Hard drive space, it is the server which id going to hold al of the E mail of your organization, you can maximum of 50
storage groups each of the server.
A Storage group is collection of Mail box and Public folder databases, and within that storage group you can have maximum of 50
databases those will be holding either your public folders or either your mailboxes.
One of the most important thing is your backup recovery plan, because the backup is your most important for your Exchange
organization.
2. Hub Transport Server �
The Hub Transport server is responsible for all of your internal Mail flow. This Role is also named as Bridge head server in previous
versions (Exchange 2000 and 2003). It is also installed in you AD as well. When a Mail received from Internet it first goes to Edge
Transport server which provides the Anti-Virus and Anti Spam functionality and then it passes that mail to the other servers. In case
when you are sending mail out, the mailbox server first sends mail to Hub Transport server and then it sends to Edge Transport server
and then it goes out. In case you don’t have edge Transport server, the Hub Transport server can pick up the services of Edge
transport server. You can actually enable Anti Spam and Anti Virus features on Hub Transport server. Then in that case mail can be
sent in and out using Hub transport server only.
3. Edge Transport Server ����
The Edge transport server is installed on the edge of your network; it’s not a part of the domain it has to be a standalone server that
is separate from the domain.
Question: How does it keep in touch with AD?
It uses AD Application mode or called ADAM which is used to synchronize with the Edge Transport server. ADAM along with other
component called Edge Sync to make sure that there is one way synchronization of configuration and recipient from the AD. This
allows the Edge Transport server for recipient lookup and Spam Filtering. The entire purpose of Edge Transport server is protection; it
protects you from the things coming from Internet. In addition you can also apply Edge transport rules which are used to protect your
Exchange organization. These rules are little different from anti virus and anti spam and these are based on SMTP and MIME
addresses inside the message body and SCO ratings.
SCO: IT Stands for Spam confidence level and SCO rating is in between 0-9 that is assigned to E mail according to their likelihood in
SPAM. 0 indicates the low, 9 indicates the near by to SPAM. When a SPAM received on Edge server, Administrator has to look
whether he wants to delete it of or want to allow forward.
4. Client Access ����
Client Access server is required when you are accessing your mails outside the organization, using OWA, exchange active sync or
OMA. When you are using outlook anywhere you have to go through the client access server. It performs the same functionality as
Front End servers which are same as Exchange 2000 or 2003.
5. Unified Messaging ����
This server role allows you to merge your VOIP in your exchange infrastructure. You can access you voice mail through Internet server
through OWA.
Lesson ���� 2
Preparing and Installing Exchange 2007
Hardware:
X64 bit processor
1 GB RAM
1.2 GB Hard Drive Space
NTFS Partition
Permissions:
For Preparing AD
Schema Admin Group
Enterprise Admin Group
Active Directory:
Schema Master= Running on a Machine having Windows 2003 with SP1
1 Global Catalog Server per Site= for performance issues
Preparation Switches
/Prepare Legacy Exchange Permissions � this is required where we have already Exchange 2003 or 2000 for preparing the forest
/Prepare Schema� To run this switch Administrator have to a member of Schema Admin group and for all the other Switches needs
to be Enterprise admin group.
/Prepare AD� It will prepare the entire Domain including take care of Exchange environment.
/Prepare All Domains
/Prepare Domain “Domain Name”� to prepare domain with the specific name.
One of the most important thing is when you have to prepare your AD Forest you have to prepare it in the same Domain, same Site as
the DC holds the Schema master role in order to update the Forest properly.
Exchange Server Software Preparation:
OS� 64 bit server, Windows server 2003 with SP1 or later.
MMC 3.0
Start� Run� MMC� Help� About Microsoft Management Console
.NET FrameWork 2.0
PoweShell + Hotfix
Miscellaneous Preparation:
Raise Domain Functional Level (Native)
Start�Administrative tools� AD Domains and Trusts�Right Click�
Mailbox role: IIS
Client Access (ASP.NET Installed with .NET need to be enabled)
Start� Administrative Tools� IIS (IIS First Need to be installed)� .NET Framework (After Instilling IIS)� If not you will only able to
see the older version of ASP.NET in IIS console the right version is ASP.NET v2.0 50727 � Enable
NO SMTP Hub Transport, EDGE
NO 5.5 with join this and if there is any upgrade it to 2000 or 2003
This above will let you decide which type of server you want to install.
If Selected Custom�
If you select Edge Transport Server role others will be grayed out, because you cannot install this role with other Exchange Roles.
If yes is selected the it will establish public folder database if there is any outlook 2003.
It will check for readiness check.
Click Install
Exchange MMC
The Run Exchange Best Practice analyzer is a very good tool which will give you a report on overall health of Exchange server.
Things need to be discussed on the Deployment of Exchange
We have a Domain named nuggetlab.com on Site1 and the second site is DC15 which is a Schema Master and Exchange server in the
Child Domain for deployment of exchange server the points are �
1. Prepare a Forest (Site Location for the Schema Master).
2. Schema Master is on Site 2 with the following switches
• /Prepare Schema
• /Prepare AD
3. We have to be in Enterprise Admin group and Domain admin group
4. We have to run /prepare Domain on Exchange server Machine if the organization using older version of Exchange use
/prepare legacy exchange permission or /prepare AD Switch which will also take care of that as well.
5. Fulfill all of the Hardware/Software requirements which are required on the Exchange server.
6. MMC 3.0, IIS, .Net Framework, Power Shell, ASP.Net, Hotfix KB926776
Upgrade
We cannot upgrade Exchange 2003 to 2007, this is because 2000 or 2003 run on x32 bit processor and 2007 runs on x64 bit
processor.
Yet we cannot upgrade Exchange to 2007 version but we can do the following:
Transition means organization already having exchange 2003 or 2000 running and we can slowly build 2007 in a mix, slowly move
your mailboxes and other components and slowly change your environment.
Migrate this can be done even from 5.5 which first need to be migrate on 2000 or 2003 and then to 2007 or directly from 2000 to
2003 to 2007 version of exchange.
Lesson ���� 3
Managing Storage Groups and Databases
Managing Storage groups and databases this information focuses on Mailbox server role.
Overview of Storage Groups and Databases
In Exchange 5.5 there were three Databases
(Private Information Store) Priv.edb
(Public Information Store) Pub.edb
(Directory Database) Dir.edb
As we have already discussed that directory is no longer necessary for future after 5.5 and after start of Exchange 2000 we use AD.
So, we have now Mailboxes for your Private information Store and Public Folders for your Public information Store. But the main
drawback of merging these into one database is that if one database crashed other wont be able to function and the restoration
process becomes complicated and take a long time to be recovered.
Storage groups are nothing more than a Folder. The specialty of this new structure is that when you add databases in your Storage
groups it structure out your all of databases.
If you are installing Enterprise Version you have 50 Storage Groups with 5 Databases per storage group. With Standard version 5
Storage groups are allowed 5 databases per storage groups max 5 databases allowed so, 1 database per Storage group.
Process ���� When Message enters to your Mailbox server
When a message arrives to Mailbox server, it first rights the information to transaction log and to the system memory
simultaneously. Now, transaction logs are only 1 Mb in size, if the message is more than 1 MB, after 1 Mb transaction log creates a
new log for that and there should be many transaction logs to equal the size of that message. This information resides in Memory
Cache and the transaction log before going to the database until that is busy and when the database is freed up those messages will
be written into that Database. There are lots of different files involved in this architecture.
.chk ���� Check point File, this keeps the track that which messages are moved from Transaction log to the Database and if there is
any problems in between, check point file writes that information into that.
.log ���� there are two different types of log files the one is current transaction log and that would be smaller in size. Once this log
reached to the size of 1 Mb it is renamed (a longer name E0000001.log).
.jrs ���� there are two logs (res000001.jrs, res000002.jrs) are reserved memory log, which are used in case when there is no space in
hard drive. If these are not available there your database will be dismounted and no more E mails should enter the server.
Tmp.ebd ���� this is used for temporary transaction when message is written from transaction log to your database.
.ebd ���� Exchange Database File this is the larger file (Mailbox Database.edb)
Location of the Above Files �
Good Storage Management Solutions
A good Storage Management can give us best reliability, recoverability and performance. How to do that �
To separate the log files from the folder and from the database file, this is because the simultaneous working of log files and
database files lead to overload on the hard disk, and if these are distribute to different locations will lead to better performance and
better recoverability. If you have both of them on the same disk and that disk gone crashed the only thing you get is the last backup,
and if we keep them on separate locations and if one disk is crashed then you can backup your server from the older backup and
other information can be pulled up from the log files which are existing on the separate hard Drive.
When you take a backup of your databases it will backup your log files as well, which will be the up to date information.
Better Storage Management ����
In the above fig, Log files are mirrored on another drive and the database id also mirrored on two drives. In this case it will give you
the complete fault tolerance. If one disk is down, other with continue working.
Exchange 2003 supports NAS (Network Attached Storage) but 2007 does not support that. You can use DAS (Direct Access Storage),
SAN (Storage area Network) or iSCSI.
Creating Storage Group and Database in Exchange MMC ����
Start � All Programs � Microsoft Exchange Server 2007 � Exchange Management Console
Creating New Storage Group �
We can define here by browsing where our log files and database should be kept, in case you want to keep them on the separate
Hard Drives which are physically attached to the server.
And here is the new Storage group.
Yet the Second Storage group is established but you have to create a database for this group.
You can create New Mailbox Database or New Public Folder Database from the right hand side of the pane under the second storage
group options.
So, Exchange MMC will give you the complete GUI based management which is pretty easy to handle and for complex and simple
task you have to use Exchange Management Shell.
Creating New Storage group using Exchange Management Shell ����
Exchange Management Shell is build upon Power-Shell and that is installed when we have started the Installation. Power-Shell is a
Scripting and command Line Technology, basically anything which we are going in exchange MMS processing in the back ground
from Power-Shell. If you hit crtl + C from Exchange MMC it will copy the commands from the Power-Shell which is working in the
background, you can paste those commands into the notepad if you want to learn the Power shell commands. Power shell works in a
Verb-Noun patter e.g., Get-User where Get is the Verb and User being the Noun In our case we are creating New-Storage Group
where New should be the Verb and Storage Group will be the Noun
The command seems to be like this �
New-Storage Group <name> -Server <Server Name>
To start Power Shell �
Start � All Programs � Microsoft Exchange Server 2007 � Exchange Management Shell �
To Create a New Storage Group �
The Other Option is �
And then you can look in Exchange MMC for new Storage groups.
To Create Database in any Storage Group� Click on that Storage Group � Create New Mail Box Database
Database Management ����
• For managing Databases that User Account must have Exchange Server Admin rights on the server.
• Configuring Quotas- Limits on Storage, Retention Times (Deletion Settings)
To Implement Quotas/Deletion Settings following need to configured �
• Circular Logging� once the transaction log in written on to the database, circular logging allows overwriting
that transaction log. This saves the space on the server, but it destroys the transaction logs which are used for
recovery.
Mounting and Dismounting your Database ����
Lesson ���� 4
Configuring Public Folders
When do we use Public Folders?
We have to use public folders when we are using the older version of outlook Client (Outlook 2003 or prior versions). If you have older
versions of outlook Clients only then public folders are necessary other wise those are not required.
What are Public Folders?
Public Folders are repository of all sorts of Information, and individuals have the permissions to add or delete the postings.
Usage:
- Public Folders can be nested as per your companies’ requirement.
- Public Folders can be used to handle the business requirement.
- You can put the information in public folders also, so that the team members can access that information.
But all the Public folders are De-emphasized in Exchange 2007, which means Microsoft is trying to remove the use of the public
folders, yet there are options to add the public folders but they are not installed automatically as in the previous versions. So, they
are De-emphasized in the event of Share Point Server. If the organization have lot of the information that needs to be collaborated
with others, that organization is recommended to choose Share Point Server.
Microsoft says that in order to access Public folders you must use the MAPI Client or by using outlook Web access.
Installing and Creating Database for Public Folders ����
For better management of database we create a new storage group for Public Folders.
Here the new Storage group for Public folders is created.
And here the new Public folder database is created.
Configuration on Outlook Client �
If the public folder not displayed in the outlook client, you have to stop and restart the information store system
And now you are able to see the public folders into your Outlook. This Process needs to be done if you are installing the Public Folders
after the installation.
Adding New Folders into our Public Folder Structure ����
There are two ways of adding the Public Folders �
1. Using Outlook.
2. Using Exchange Management shell (Power Shell Commands) Syntax: New-PublicFolder –name “ XYZ “
Start� All Programs � Microsoft Exchange Server 2007 � Exchange Management shell �
In Above shell command we have added three new Public Folders = Legal, Marketing, Research. In Vista Client you can now able to
see these Folders �
If Users tries to create a Folder inside the Public Folder without having the permissions
Giving Permissions to the users for making Folders inside the Public Folders for Administrative control on Public Folders.
Permissions to Public folders ����
There are two ways of giving permissions to the users.
• Either we have to give permissions to the individual user (section for permissions above the table).
• Or we have to create a Publishing Role (Section of the Table shown above)
Power Shell Command for permissions is
Add-PublicFolderClientPermission -identity “ \FolderName“ -AccessRights PublishingEditor -User UserName
Now the user is able to create the Folder inside the Public folders �
Replicas ����
Replicas are really important when you have Multiple Site and Multiple servers.
Scenario: We have a Single server in our Organization having four users (U1, U2, U3, and U4)any users out of them needs to see their
mail and their Public Folders. They have to just connect to that only single server and get all the stuff. This scenario works fine when
you have a single location.
Scenario: Now If we have a Multiple Locations we have a New York Office and a Fiji Office and users are spread in both of the
locations, we have established two exchange servers one in NY Location and one in Fiji Location and we have put down the Mailboxes
for U1 and U2 in NY and U3 and U4 in Fiji. If any of the user need to access their mailbox they have to just connect to the local server,
However we have made the Public Folder database in NY Location and users U3 and U4 wants to access Public folders in that case
Replicas play the role. We have to put the Replicas of the Public folder database where the users being located. Means a copy of the
public Folder in Fiji which is also termed as Replica and the data is synchronized within both of the locations regardless of the users
where they are located. They benefit is that the Public folder structure is closer to them which reduce the time for the user to go over
the WAN connection and also the Fault tolerance of the Public Folders because of Duplicate replica on the other servers.
Procedure of making Replicas of our Public Folder Structure ����
There are different parts of replication, in actuality there are parts to the structure like the directory which get replicated with AD and
this allows the Public Folder structure to be searchable through the Global Catalog, but we are really concerned about Public folders
Replication contents.
Scenario: In the Above fig. we have two severs ExNugget-1 and ExNugget-2, where \Sales is the Public folder on ExNugget-1, we want
that Public Folder (Sales) to be replicated to ExNugget-2. This process can be through Exchange Management shell, the commands
involved are:
SET-PublicFolder - Identity “/Sales” Replicas “ExNugget-2\PublicFolder”
By default replication will occur Every 15 Minutes. To change the Schedule for Public Folder Replication�
Scenario: let us take a scenario where user tries to access the Public Folder “Sales”. The user is not aware where this folder is being
located and that doesn’t matter also. They can see the folder sales and they want to see inside of that Folder if they have proper
privilege of viewing that folder. Let us say the Folder is not located on the local Exchange Server, now what is happened that client is
going to be redirected to another Public Folder Database. Now, in this Scenario we have two different sites Site2 and Site3 both
having Replicas of the Sales folder we can redirect that user to any one of that Site. This all depends on the Site Link cost Site2 50 and
Site3 10. In this case the Site Link having the Lower number is the Winner. These site links are established in AD Sites and Services.
The User does not know what is going in the background and the user is going to be redirected to the better site link having the low
cost.
Lesson ���� 5
Managing Recipient Object: Mailbox Management
Recipient Objects ����
They are AD service object with exchange specific attributes define e.g., Mailbox.
• Mailbox Users
Mailbox users involves in AD Account and also in Exchange Accounts and also in E mail address
• Mail Enabled Accounts
These actually only contains only AD Account and E mail
• Resource Mailboxes
This account is used for schedule the things like to book meetings and schedule the things. This is not
associated with a single user.
• Mail Contacts
Mail contact doesn’t have a AD account it is actually a part of Global Address list you can put users inside that,
but it is not the part of AD Domain.
• Distribution Groups
These are collection of groups, users and contacts that have E mail Address assigned, so that you can send an E
mail to that distribution group and it will be received by the users which are inside that group.
• Linked Mailboxes
This is established for the users who are part of separate trusted Forest which allow then to access their
accounts. But they don’t have account in your AD Domain.
Creating Mailboxes ����
Start � All Programs � Microsoft Exchange Server � Exchange MMC �
To configure mailboxes you have to go to recipient configurations
You can see in above fig that there are 4 types of mailboxes where, User Mailbox, Room Mailbox, Equipment Mailbox which are
resource mailboxes. Linked mailbox is for another trusted forest users who are not a part of domain.
The Existing user in above fig is related to the users of AD who don’t have the mailbox after clinking browse you can only see the list
of the users who doesn’t have mailboxes. And for the users who already have the mailboxes assigned wont show there. And with the
new user you can create a user from here just the same in AD.
In this process you are able to create AD User + Exchange Mailbox you can also put that user inside that specific OU by selecting
Browse.
Click New
Power Shell Command �
New-Mailbox –Name “username” –Alias “Aliasname” –OrganizationalUnit ‘Domainname/OU’ –UserPrincipleName
‘username@domainname’ –SamAccount ……….
In this case we have created both the mailbox and the e mail address.
Click Finish.
The above commands can create the mailbox for the existing users, who are already configured in the AD. This shows that we don’t
have to create the new user we have to just enable the user to use his mailbox.
Moving Mailboxes ����
Scenario: We have a mailbox for a username “Randy” and is located on ExNugget server in the first storage group in the Mailbox
database. Now we want to move him on the second storage group with the new mailbox database. There are two ways to move
Randy’s Mailbox.
• One way is to use the Exchange Management Console.
• The Other way is to Use the Exchange Management Shell with Move-Mailbox cmdlet
Cmdlet (Command let): A Command let is a simple command for interaction with Applications or with OS itself.
Option 1 �
In Order to perform this task you have to Exchange recipient administrative roles, and If you are moving an account to one server to
another you have the rights of Exchange server administrative roles for both source and the target servers.
You can see the Mailbox for Randy is now on Second Storage Group in the New Mailbox Database.
Option 2 �
Move-Mailbox NameofOrganization/Username –TargetDatabase “Second Storage Group/New Mailbox Database”
Confirm Yes
If we want to move the user account between forests we are restricted only to use Exchange management shell, we won’t do it
from console.
If you want to get the full list of commands �
Managing Mailboxes ����
You can manage Exchange Mailboxes using Exchange MMC, or using Properties of the users. We are now here going to see mailbox
configuration options�
General Tab:
The name displayed will be getting displayed in the Global Address List. And Alias shows the actual name of the Users mailbox. You
can also check “Hide from Exchange address Lists” that will hide the username from Global Address list.
Mailbox Settings:
In the above fig, Messaging Records management, this complies with organizations legal requirement conserve IT resources.
Storage Quotas:
You can set the Storage Quotas and Delete settings from this option.
Mailbox Features:
You can enable or disable the feature required for that user.
Email addresses:
You Click Edit,
And you can Add Additional E mail Addresses for the user by clicking ADD.
You are able to see that Primary address is bolded and the secondary address is not. So, in this way user can get the E mail from both
of the addresses in his Mailbox
Mail flow settings:
In the properties of Delivery options, you have the settings for send on behalf of. This feature can be configured you want you mail
can be sent on behalf of from other user.
The forwarding addresses allow the mails to be forwarded to another mailbox, you can also check Deliver message to the forwarding
address and the mailbox. This means a copy of the e mail in the existing mailbox.
Maximum Recipient, you can define the number of the recipients that a single user can send message to.
Message Size restriction
Message Delivery restrictions
Lesson ���� 6
Managing more Recipient Objects
• Mailbox Users
Mailbox users involves in AD Account and also in Exchange Accounts and also in E mail address. They can send
and receive messages using the Exchange server inside the organization.
• Mail Enabled Accounts
These actually only contains only AD Account and E mail. They did not use Organization Exchange sever, they
use ISP address to send and receive the E mails.
• Resource Mailboxes
This account is used for schedule the things like to book meetings and schedule the things. This is not
associated with a single user.
• Mail Contacts
Mail contact doesn’t have an AD account it is actually used as Global Address list you can put users inside that,
but it is not the part of AD Domain.
• Distribution Groups
These are collection of groups, users and contacts that have E mail Address assigned, so that you can send an E
mail to that distribution group and it will be received by the users which are inside that group.
• Linked Mailboxes
This is established for the users who are part of separate trusted Forest which allow then to access their
accounts. But they don’t have account in your AD Domain.
Mail Enabled User Accounts ����
These type of User accounts having AD Accounts by do not have Exchange mailboxes hosted accounts of that Organization. Examples
for these types of users are Temporary Project handling team. They can log into your network but do not keep or do not want to keep
their E mails on Organization Exchange server.
To Setup with these mail enabled accounts �
Mail contact� New Mail User
Let us go with the Existing User � Click Browse
Syntax in power shell commands is the same for Mailbox Enabled users and Mail-Enabled users.
Difference in view of outlook for Mailbox enabled and Mail Enabled user.
This is a normal user system, the goal is to look into the Global Address list and differentiate between a mail enabled user and a
mailbox enabled user.
When we click on Global Address book
The user pointed is the Mail Enabled user displaying with different kind of icon.
Resource Mailboxes ����
There are two different types of resource mailboxes; you can create a Room resource Mailbox, and Equipment resource
Mailbox.
A room involve a conference room, auditorium, training room etc., towards the equipment it may be a computer, car, laptop etc.
Question: Why do we want to create a mailbox for these types of things?
Answer: These are used for scheduling the things, like you have a calendar and in that you have scheduled where you are going and
when you are out of office, like this room or equipment are also king of entity things that can be schedule too.
Configurations:
To have a resource mailbox, those mailboxes have to connect to the users. There are two different ways for users. Through AD users
and computers or may be done from Exchange MMC.
We have created some sample users Training room1 and Training room 2 in AD users and computers.
If you see the down fig, Training Room1 is disabled user and Training room2 is enables user. This is point need to notice that for
making Mail enabled account for our resources the users need to be disabled. This is because those user need not to be logging into
your AD domain which is a security breach.
You can only be able to see the objects which are disabled in AD.
If you look on the icon for resource mailbox it is actually different then others.
There is Tab Resource Information.
The Resource capacity means, that if there is a room, how many users are able to go inside that room. But for the equipment let us
say it laptop it will be only 1.
When you click ADD from resource custom properties
Resource Mailboxes: The Power shell side.
Set-ResourceConfig -ResourcePropertySchema
You can use this command as an Administrator which indicated that resource has specific properties. E.g. A laptop will indicate as a
resource or may be a room has certain features to it.
Set-MailboxCalende Settings
This Power shell command is actually used for response messages searching schedules, normally when you schedule anything you can
get a response message. You can use this command to customize the message. You can apply certain policies and you can schedule a
resource for a room or whether it will be a piece of equipment.
There are two Other Recipient Objects �
1. Contacts: In a contact there is an Object inside the AD with E mail Address associated with it, but there is no AD account for
that contact. So an individual can log on there is no Physical Mailbox on the exchange server. These types of accounts are
generated for the persons who are working from outside the organization. They will be a part of global Address list or
distribution group, but they don’t come officially to work.
2. Linked Mailboxes: Scenario: there are two different forest and they are connected with an External trust Relationship a user
from Forest B needs a Mailbox in the Exchange server of Forest A. You can create a External trust relationship between two
forest and create a mailbox for the user associated with Forest A exchange server.
OR
Linked Mailbox:
These types of Mailboxes are really problematic; this is because you have to be your server running always, your internet connection,
your trust relationship.
Distribution Groups ����
There are various types of Distribution groups:
- Mail Enabled Universal Distribution Groups
- Security Distribution Groups
- Dynamic Distribution Groups: you can enable the filters on the users to flow their e mails to the specified
domains.
- Mail-Enabled Non-Universal Groups:
The difference in above is An official Distribution group is a groups that is specifically create for the users that have no extra
permission within the Domain, but they are specifically with in that distribution Group because we want to E mail them.
You can take a Security Group, Group that is used in Administrating Servers and you can Mail Enable it and you can E mail to that
group. So, if you add any user into that group that means you are giving permissions to that user of Administrative Privilege. So, it is
better you can make a Universal Distribution group and add users inside that.
Method to Create a Distribution Group:
Existing Group �
This group is not automatically mail enable.
New Dynamic Distribution Group �
Select the Filters
You are able to see different groups in your outlook Global Address List.
Lesson ���� 7
E mail Policies, accepted Domains and Address Lists
Managing E-Mail Address Policies
How to create accepted Domains
All about Address Lists
GAL/ Other AL’s
E-Mail Address Policies:
Scenario: we need users will get their E mail Address automatically, because no one can get E mails without an E mail Address. There
is a default policy which should use a User Alias (Randy: [email protected]). The Default Policy has very low level of priority, we
can create a new one which should be applied to any OU or any complete Domain. This policy will decide how the local part of the
User will appear to other.
Procedure:
If you can see above the Alias e.g., Lucas Gray
is lgray, you can change this Alias manually one
procedure is to change the Alias user wise and
the Other is to Change the Default E-mail Policy.
You can see there is the Default E mail Policy which
has the lowest priority, is you want to Edit this policy
it cannot allow you to do that.
In this nothing to be changed because
we are dealing with every recipient object.
Here you can see there is default Standard
SMTP Address for the Organization. If you click Edit:
You can see now the E mail Address Local Part and by default Use Alias is chosen. Is you Click
First Name.Last Name (Lucas.Gray)
and Click OK.
You can see the change in Default SMTP Address. You can
also Add the Additional setting with more than one
version of itself.
And you can see not only the policy is edited but also default
policy is applied to all of the Organization.
The Power Shell Commands used are:
Set-EmailAddressPolicy –Instance ‘Default Policy’
update-EmailAddressPolicy –Identity ‘Default Policy’
You can see the change, If you see you Mail boxes:
Now you can see the change
The first name and the last
Name as we have defined in
the Policy for all the users.
Scenario: If you have to
change the E mail Addresses
for some of the users. You
have to add a new Rule for
this process. By choosing the
same procedure in
Hub transport
So, here we have created the new Policy
And you can see that this policy having the higher priority (1). And the Effect you can see into the Mailboxes.
Randy’s Mailbox shows the last name first which is different then others.
Accepted Domains: When we have Installed Exchange in starting we have
setup and One Exchange Organization, but we can have
Multiple SMTP Domain, which means that you can
configure more than one E mail Address Type. Here
we are going to see the change in the actual part of the
E mail. This feature is sometimes required because you
may require different E Mail structure for Internal and
External E mails.
This means you have to Handle different SMTP
domains, or we can say we have two different
companies having different E mail addresses
structure and they collectively need one E mail Server
Now, Whichever domain accepts the E mail is called
authoritative Domain. Example:
Mail ���� Edge Transport Server/Hub Transport Server ���� Exchange Server (Authoritative) which receives the mail.
In Addition to Authoritative Domains there are also Relay Domains, and there are two different forms of Replay domains When an
Edge Transport server accepts the mail and realize that this is not for his Domain, then that specific mail forwarded to the Relay
server. This is considered as External Relay domain. The other kind of relay domain is where the mail actually comes through the
Exchange server which realizes that this mail is not for their domain so it forwards that mail to the Relay server. Which is also called
Internal Relay Domain.
The Above process can be also done using Hub Transport Server, if you don’t have or you don’t need the Edge Transport Server.
Procedure:
Accepted Domains:
In the below fig you can see the Accepted Domain (Nuggetlab.com) which is showing the type Authoritative.
This domain property shows the following options:
Let us take this as a Authoritative Domain considering that there are two SMTP servers here.
And now we can see that there is a secondary SMTP Domain.
If we want to make an external domain
When you have established one or more extra domains you are able to apply policies on these domains. If you want to manage
Domains and its Sub Domain you can use a Wild Card Character to accomplish this.
Now, by using wild card Characters, you can accept messages from this domain also by the sub Domains. But there is one important
thing need to be noticed that is you want to apply E mail Policies, then you done want to use Wild Card Characters.
There is one more important thing that you must have MX records in you DNS for Each SMTP domain which points to IP Address of
this specific organization. Means to say that when a person sends an E mail, it first check in the Public DNS Servers it checks that MX
record from where it comes to know the IP address of the organization and then the mail received into the Organization. If that mail
related to the Authoritative Domain then it remains in that, but if that mail is of any other Domain that forwards that mail to the
related domain via using Internal or External Relay Servers.
Global Address Lists:
Global address lists contains all of the users, Distribution groups, contact and all of them.
There is Difference between a Distribution Group and GAL, Distribution group is a group which is used for Bulk Emailing whereas GAL
can be prepared Site wise or Department wise. GAL users are also easily searchable. How to Create a GAL:
Scenario: There are two companies which are hosted by same Exchange server having separate GAL (Nugget A and Nugget B) needs
separate GAL for each other. This cannot be done using Exchange management Console, only Power Shell will be used to accomplish
this task.
GAL in Exchange MMC:
To Create a New Address List:
When a Users tries to find someone from NY Address List:
To create an Additional GAL using the Power shell
New-globaladdresslist –name “Nugget B” –includerecipients Mailboxusers –ConditionalCompany Nugget B
We can now see that there is the secondary GAL in Exchange MMC.
Lesson ���� 8
Configuring Client Access Server (CAS)
Outlook Web Access:
Outlook Web Access allows the users access E mails through the client access server from a browser. This is Helpful to the users who
are roaming and also pretty beneficial for the user who are using different platform of OS (Linux, MAC). OWA also allows the users to
read access to the document which are located on the Share Point server.
Drawback: Outlook Web Access has a drawback that OWA cannot provide us the Offline Web Access. So, if your Exchange server is
down you are not able to see you e mails which is one of the major positive point with Outlook. To overcome this problem there are
another solutions like Outlook anywhere, IMAP, POP3 etc.
OWA on Client Machine:
https://www.nuggetlab.com/owa
Configurations of OWA on Server:
IIS Manager:
You can use IIS manager to
restrict users to access HTTPS
and also you can simplify your
OWA Web Address.
The owa folder gives users to
access their E mails which is in
collaboration with Exchange
2007, the Public folders are for
Exchange 2003. Exchangeweb
is used to access the previous
OWA virtual directory and the
last Exchange folder which is
used for accessing the E mail for
Exchange 2003 or 2000 mailbox
server.
The internal URL shows the Address which is used by the internal network to use OWA, and External URL will be used when someone
tries to access the E mails via internet.
In this from the above options you can also choose one or more Authentication methods,
Integrated Windows Authentication: In this method, user does not required to put his username and password, the server will
automatically check whether the users is logged into windows 2000 or windows 2003 domain.
Digest Authentication for Windows domain Servers: In this method that will transmit password over the network using the hash
value and will provide the additional security for the authentication, users need to configured on the domain to use this option.
Basic Authentication (Password sent in the clear text): In this method, where the password is sent in clear text, this is the least
secure method in which password is sent to the server in clear text. You can make it more robust via using SSL encryption method
between the client and the server.
Forms Based Authentication: This type of method provide more security for the users for login, while using CAS.
Domain\Username
User Principle name (UPN)
User name only: you have to choose the default domain in which the user is configured and going to log in.
Segmentation: This will show the status of all of the features for OWA; from this you can turn them Enable or Disable Status.
Public Computer File Access: This is directly related to the login Page where you can see the Login options for Public computer or
Private computer.
Direct File Access: Allows the users to open up the files which are available through OWA example: Attachments, Share Point
document library. You can customize them, you can allow which will show you the file extensions, or always restrict the user to open
up the document, Force Save will ask user to save the attached file forcefully. And last Unknown file you can select the options.
Web Ready Document viewing: Supported documents will be converted to HTML and shown in a Web Browser. If you select Force
WebReady document viewing, which will convert you supported documents to be converted for Web Interface.
Access files from the following locations on the remote servers: which will show you the windows file share and windows Share
point services.
Private Computer File Access: The same options as above.
Remote File Access: To access files from the remote locations. Options are: Block List, Allow List, Unknown servers, you can insert
the name of the servers from where you do not want the files will be accessed.
To Disable a user for use of OWA:
Exchange Active sync: for Mobile users to connect with Exchange.
Main Advantage if Active Sync is that you are able to view the outlook Offline and in Online mode, but in OWA you have to be online
always to view your E mails.
Direct Push: if you mobile device is running with windows 5.0 or later with windows messaging and security feature pack installed,
then Active Sync will use Direct Push technology. It means that you have constant HTTPS connection to the CAS Server, which means
that when messages arriving your mail box the CAS server will push those messages out it will check wilt the mailbox it will retrieve
the mail, and will give you the Real Time access to your mail. And if your mobile doesn’t have this feature installed then it will check
the CAS sever and synchronize only that time period when you are connected only.
Policies: With Active Sync you can establish policies. Procedure:
Require Password:
A Provisionable Device is a Windows Mobile
Device that is Capable of applying and enforcing
Policies.
And a Non Provisionable Device is that in which
only Subset of the Policy is Applied only.
Remote Wipes: If your Mobile device will lost, This option allows you to use a Wipe command against the device which will lead to
device reset when it again connects to the server, which results the erasing of all of the device memory. This option is also done
through OWA.
Active Sync Reports: You can ge the Active Sync report using the Command let: Export-Activesync Log.
Lesson ���� 9
Outlook Anywhere and POP/IMAP Configuration
Overview of Outlook Anywhere:
CAS Server helps non MAPI Connectivity, but with Outlook anywhere allows you to connect you via MAPI as well as POP, you will be
able to connect to Exchange 2003 or 2007 from any location outside of the office. If you are using your MAPI Client you are actually
sending your Remote procedure calls over HTTP or HTTPS. This connection is made through the CAS Server which is running the RPC
Proxy service then CAS Servers check whether running Exchange 2003 or 2007 server. This is actually the improvement of exchange
2007 over 2003 server.
In Exchange 2003 you are able top call RPC over HTTP and then directly to the exchange server but you have to go through a VPN
network in order to do this but in Exchange 2007 you do not need VPN.
• In order to Establish RPC Proxy, it is recommended that this is taken care by CAS Server itself.
• Kick off the Wizard for Outlook any where from Exchange MMC.
• Install SSL certificate for HTTPS.
• Configure the Clients.
CAS Access Server:
Running with IIS 6.0.
We have configure RPC over HTTP proxy sub components
Basic Authentication means users; username and password are sent to Exchange server in clear Text, it is not a secure method.
NTLM Authentication: The user credentials are not sent over the network instead the client and server negotiate the hashed values of
the user credentials so this is the more secure way to establishing Outlook anywhere. Microsoft has recommended that if you use ISA
2006 version for NTLM Authentication then it will work fine.
Allow Secure Channel (SSL) offloading: this is required when you have a SSL handled from any other server for encryption and
decryption. This option is recommended only when you have SSL Accelerator present at your place. Other wise your Outlook
Anywhere will not work properly.
You cannot change the option for Outlook Anywhere by using Exchange MMC, this process can be done via using Exchange Power
shell. All Mailboxes on Exchange are able to access their mailboxes through Outlook Anywhere once the client is configured and the
client may be outlook 2007 or 2003.
How to establish a client connection:
POP3 and IMAP4 Connection:
SMTP, POP and IMAP are protocols which allows you to connect to the server and allows you to send and receive E-mails Between
POP and IMAP, POP is more simpler then these two protocols. There are lots of features which are not supported by a POP Client
whereas IMAP4 is more robust protocol. You cannot use Exchange MMC to configure these two as there are no feature in Exchange
MMC to configure them out this needs complete power shell.
Some of the services which are installed by default by not automatically started. We will start these from the power shell.
IMAP4 and POP3 services are not started automatically. They have to start them up manually or we have to change these services to
start Automatically.
To Start the service using Exchange Management shell.
Start-service MSExchangeIMAP4
To set this service to Automatic start:
Set-service MSExchangeIMAP4 –startuptype automatic
Microsoft has also told that after releasing service pack 1 for Exchange 2007 you can also manage POP and IMAP4 using Exchange
MMC.
When you install Exchange 2007 it will automatically generate a self signed certificate which is already assigned to SSL. So, by default
this certificate is already assigned to POP and IMAP services. In order to change the automatically generated certificate with the third
party certificate
Add a certificate Snap-in
User Details for looking the POP and IMAP4 services:
Get-casmailbox lgrey
To disable the services
Set-casmailbox lgrey –imapenabled $false
You can also do grouping of the users at the same time.
Get-distributiongroup “Group Name” | set-casmailbox –imapenabled
To see some of the features of your IMAP Server:
Get-imapsettings- server servername
Set-imapsettings –banner “======”
CAS Server Services:
• Auto Discover: This is new feature with Exchange 2007 and works with Outlook 20070, Outlook anywhere and
Exchange Active sync to provide the configuration information for user profile.
• Calender Attendant: Handles all of the meeting request of the mailboxes.
• Scheduling Assistant: for scheduling the meetings.
• Resource Booking Assistant: handles all of the accepting and declining of meeting request on behalf of
resource mailboxes.
• Availability Service:In previous versions of exchange Public folders are used to store the Free-busy information
but now with this service the Free-Busy information is available through outlook 2007 and outlook web access
clients through a Web service.
• OAB-Offline address Book: The offline address book can be distributed through the Public Folders or we can
use the virtual directory through IIS on the CAS Server to distribute the Offline Address Books.
Lesson ���� 10
Configuring Disaster Recovery
Full Backup: This is an online backup, you don’t have to stop the services and databases and storage groups, this is performed
actually while you are up and running. And this strategy will not work in any other way.
Process: your transaction logs and your Databases are backed up and at the same time when your transaction logs are backed up
they are deleted which leads to the free up some space from the servers, if these transaction logs and databases are created in n
numbers they will lead to dismount the storage groups which will result that you are not able to add any mails, So it is very important
that these transactions logs will be removed or purged from time to time.
Difference between a Full Backup and a Copy Backup: Copy backup is not meant to be a part of day to day operations these can be
performed every end of the week or end of the month for archiving purposes. Copy backup gives you the same copy of the
transaction files and the database files, this is what the full backup does but copy backup wont deletes the transaction logs from the
server.
Scenario: when should a user perform a full and when to go for a copy backup, The copy should be performed either at the end of the
week or end of the month for Archiving purposes. But it is recommended that you will take full backup everyday because if some bad
instance happens you can backup the process in one motion.
Incremental Backup: in this strategy you perform first the Full and then you have to with incremental backup, Incremental backup
will backup the entire file which has been changed for that day.
Scenario: How incremental backup works with exchange transaction logs: with incremental the transaction logs are deleted each
day.
Differential Backup: In the differential backup, each day the transaction logs are not deleted, they are backed up as incremental
backup but not deleted. With incremental and differential backups database is not backed up, only Full back is able to backup your
database.
How do Incremental and Differential backups works in terms of Recovery: with a differential back you have to only restore your full
backup and latest differential, this is because everyday transaction logs are growing bigger and bigger, Incremental backup are
faster but the recovery is slower, Differential backup are slower in process but the recovery is faster.
Circular logging are cannot be used with incremental and differential backups, Circular logging basically allows you a smaller number
if transaction logs, in this transaction logs are not build up once it enters into the database Circular logging allows you to overwrite
them, in this way number if transaction logs are smaller. But it doesn’t helps in backup. In this case Incremental and differential
backups will not work in case of circular logging.
Brick Level Backup: Brick level backup, backs up the mailboxes themselves. As opposed to full, incremental and differential this backs
up the Databases, Brick level backup allows you to backup the message itself and restore right down to the message this feature is
not available in windows 2003 server, this is available by third party solutions. This is basically used to backup the important
mailboxes of the company.
VCC: Y M shadow copies is not available in windows 2003 server or exchange 2007, it is also available through the third party
solution. This provides a point of time Snap shot of what your server is point of time. With this you can perform a quicker backup and
a quicker restore.
Solutions per server Role:
When we back up an Exchange server we back up the following files:
1. System state.
2. File Systems.
3. Information Stores.
These are mostly concerned with the Mailbox server roles. In the mailbox server roles we need to back up the Transaction logs and
the Database Files along with the system state of the mailbox server. There is one more important thing, there is a search index, the
search index in not able to be backed up or restored but we have rebuilt the search catalog. To perform this we have to stop the
Microsoft Start CERT Service, and delete the existing search catalog which is located under the subdirectory of the storage group and
look for the word “Catalog Data” you have to delete the entire folder then restart the service which will result to build up a new
catalog.
Hub Transport Role: This is the server from which mail going through it and actually retains a queue of our mail. The Hub Transport
server uses Circular Logging it keeps the logs low and messages that goes through that queue goes pretty quickly that for the most
part we don’t need the message to back up the queue. There are message tracking logs and the protocol logs we need to back up
from Hub transport server. We can pursue with the file level backup And the folder is Transport Role and then the Log transport
which need to be backed up. One of the benefit of hub transport is that most of the part of it is located in AD and most of the
information will be pulled out for Hub transport server. Even if backup is not available you can restore the Hub transport server to the
functioning state by following commands:
Setup /m: recoverServer through the Power Shell
This command use the information contained in AD rebuilds the server and restores it to the functional state.
CAS: There are some folders in Client Access Server to be backed up.
1. OWA Web Site which is inside the Client Access folder under OWA.
2. IMAP and POP 3 settings
3. Availability service
4. Exchange Active Sync
5. OWA Virtual Directories.
If we perform a file level back up on CAS we are able to backup all of the above. CAS Directory is located in main Exchange Directory.
The command used from the Power Shell is:
Setup /mode:recoverServer
Edge Transport Server: This server is not a part of our Active Directory Domain. There is no important things which needs to be
backed up from Edge Transport Server unless you having some customized settings. You have to go into power shell and export those
settings there is a script you need to run called ExportEdgeConfig.ps1 you have to run the command Import EdgeConfig.ps1 to
restore all the settings. The script is located in the exchange server folder called scripts.
Unified Messaging Server: Most of the part of Unified Messaging server is located in AD The same command is used to recover he
server. Setup /m:RecoverServer it will reconnect with AD and get all the necessary information from it, if you have any custom audio
files you have created that is located under the Unified messaging server under the prompts folder
Yet all of the above servers are important to back up but the most important is ti backup your Active directory which is the key to
your Exchange environment.
Tips to Remember:
+ System State + IIS Metabase
Procedure to Back up the things:
We have three different Storage groups and three different Mailboxes.
Test:
More Recovery Solutions
Recovery Storage Group: You can recover the mail, mailboxes etc from this.
We need to click on Perform manual Analysis of raw data Files which is required when we need to ignore the server credentials and
perform this action manually and want to perform an analysis of our system
Lesson ���� 11
High Availability in Exchange 2007
What is High Availability?
High Availability is the System that is accessible to the users all of the time, which truly means access to the data. This is not the same
as the Disaster Recovery. Disaster Recovery is the case when you have some server down due to lightning effects of major disaster,
then only you have to use this technique and restore a backup from the backup solutions. HA is pre backup solution you may flow
along if still disaster may struck.
HA Comes in different ways:
There are plenty of third party solutions who are offering HA, you can setup clusters for greater levels of HA.
Three Methods of HA which are currently present are:
Local Continuous Replication (LCR)
This is a Single server solution; you are required only one server to start with HA. Essentially it uses asynchronous logs shipping and
place from one disk to the other.
With one single system you are connected to a Storage controller which further connected to Active storage group and one more
Storage controller which further connected to Passive Storage group. When you implement LCR the database from Active Storage
group get copied to the Passive Storage group and after this process logs get updated on the both as they come in. So, Active Storage
group acts as a normal storage group and a copy of that is on passive Storage group. Once the logs get created on the active they get
shipped over to the passive. That’s why it is called asynchronous log shipping because things are not always in sync, this is because
the log generated is not closed it will be not copied to the passive, so, there is potential to loose data.
Scenario: If the Primary disk goes down and we have to move onto secondary: with LCR it will be done manually, you have to
manually switch the things to the passive storage group. This is the major drawback of LCS that it is not automatic but it is an
inexpensive solution, only you have to implement a secondary controller for disk.
You can only implement LCR only on one Storage group.
Cluster Continuous Replication (CCR)
We have make a cluster in order to perform CCR, in this we have two servers Node A which would be the active node and Node B
which will act as a passive node. Each node having their own Storage Controller and own set of disk, this is more robust solution as
compared to LCR. In this not only the disk we have another system in place if we have one system goes down. There is one more
advantage of this that it is Automatic process. If one server goes down another one will automatically pick things up. In Terms of copy
it works same as LCR asynchronous log shipping. One of the problem which comes with this, if the system doesn’t really goes down
means one system cannot contact the secondary passive node and these systems are joined with each other via a Heart beat, heart
Beat Syncs from Node A to Node B. If node B doesn’t receive a Heart Beat then Node B thinks to be active server, whereas node A is
not down this is also called as World Ciaos or Split Brain Syndrome. So there should be a Third party referee which is called a
Quorum which keeps the track of the active and passive. Best Practice is to take a different server and share out a simple folder on
that server (You may take a Hub Transport Server), when you establish a cluster you as both of the node to use that share. With any
form of HA there is some potential of loss of Data. One of the way from which data loss is mitigated with CCR is through the feature
called the Transport Dumpster which is located on the Hub Transport Server. When a mail comes in through the Hub Transport Server
and it is given off to the active server that mail is configured to be retained at Hub Transport Server, In the event that active node
goes down and passive has to act as the Active node, it first check in with the Hub Transport Server, and asks for the complete access
to all mails, it looks in Transport Dumpster on Hub Transport server and checks whether the items are up to dated and checks the
delicacy of the mails, and if passive node don’t have any mail which is already on Hub Transport server, it will retain that mail from
the Hub transport server. So this process leads to less data to be loss in transit. So, CCR is much better then the LCR option.
Some of the points from CCR:
Cluster: For Establishing Cluster you have to use Win server 2003 Enterprise Edition.
Quorum: Acts as a referee with majority node set with file share withness (best Practice to build a file share on Hub Transport Server)
Heart Beat: The procedure in witch active and passive nodes keep in communication, and this is established on a private network.
This needs a second NIS card or any other media so that both of the servers will be settled for HeartBeat. And if you don’t have
Quorum you will encounter a split brain syndrome
Transport Dumpster: Allows you to recover the data as much as possible. It keeps the track of all the mails those are coming in and
complete information, because when active fails the passive becomes the active and take all of the control of the active node,
discarding the duplicate ones
Steps to Setup CCR:
Pre Requisite:
1. 2 servers required which are capable of running 2003 Enterprise edition in order to establish Cluster.
2. 2 network connections (Public for Internet and Private for Heartbeat)
3. 2nd
Hard Disk in each system fro Cluster Server
4. SP2 or KB HOTFIX 921181, for Quorum
5. Shared Folder, to be placed on Hub Transport server which is a best practice.
Points for CCR Install:
1. Create a Cluster Account which is specifically for the cluster service and you place this account in local administrative
account on each node as well as in Exchange server administrative group.
2. When the active node is up and running Add the second Node.
3. Make sure MNS Quorum points to your file share.
4. Install the Mailbox roles on the active server (.Net Framework, MMC Console, Power shell)
5. Install Exchange Mailbox role on the Passive Node.
Settings on Active Node:
1. Enterprise Version of Win 2003 Server
2. Two NIC
3. Installed Hot Fix 921181
IP Address for the Cluster for Cluster Management Tools.
Use the Cluster Account
On the Hub Transport Server we have shared a folder named as MNSQ, which we are using in Majority node set
C:\>cluster res “Majority Node Set” /priv MNSFileShare=\\Exnugget1\MNSQ
In this type your should have a two node cluster that realize on single storage location. We have the active and also we have the
passive Nodes and there is one Shared storage which could be NAS or SAN Device with the RAID Level redundancy, Most of the CCR
Clustering can be applied here with SCC, the quorum is located on the shared storage group. We don’t have to setup the majority
node set. Also, you don’t have to install the hot fix
Drawback: these shared solutions are pretty costly.
Lesson ���� 12
Understanding Message Transport
In this chapter we are going to discuss about the Exchange Mail environment and how it works in Exchange Environment with the
different Sites.
The Function of Hub Transport Server:
Scenario: We have a Hub Transport Server, Client Access Server, and Mailbox configured on all one system, we will expand this out
and figure out how the exchange server works in large organizations. We are not using an Edge transport server in this, which will be
placed especially when we have a larger organization.
In the above Scenario, there are inbound connections and there are outbound connections. Mail which comes through the internet is
flowing through the Hub Transport server first and we are going to discuss the architecture of the Hub Transport server but mail has
to come in but at the same time mail has to go out to the Internet through the Hub Transport Server as well. Again if there is Edge
transport server in between the internet and the Hub Transport server. Mail has to pass tow Hub transport server then to the Edge
Transport server but the functionality will be the same that it will go out using the outbound connection. Now, in order to allow
inbound and outbound connections some connectors are used, those are: SMTP Connectors. These are exchange server components
that allow the connections to receive mails and the connections that send mails. By default SMTP Send connectors are not in place.
And there is no information to hub Transport server that how to send the E mails to the Internet, but there are two SMTP receive
connectors already in place. You can see them:
Both of these connectors are configured but using different ports. Ports are like Channels that are coming to your server e.g., a
Television set using only one cable connection coming in but you can watch different channels from it. Ports allow you to accept
different incoming connections to different SMTP connections but using different ports even using same IP Address.
If we Expand the Client Connector:
You able to see that this is configured on the port 587
And similarly you can see the default is configure on Port 25
Difference between these connectors: The Client connector which is running on port 587 is the default port to receive messages from
all non MAPI Clients from the SMTP relay. Non MAPI Clients includes POP and IMAP the Default connector is designed to receive E
mails from the Edge Transport server, or from Internet, or from other Hub Transport server. And default connector uses port 25. For
receiving mail from Hub Transport server you will have to configure your Public DNS Server. When a person sends you an E mail it
actually comes to this server. If your Public DNS is configured fine you have to configure then SMTP send connector. This is because
there are no SMTP send connector default set up on Hub Transport server. If you have go directly to the Internet you have to
configure SMTP on Hub Transport server, but if you want to setup through a edge Transport server you have to then setup that
connection. When you have to setup a Edge transport server you have to extract a file called “Edge Subscription File” and then on the
Hub Transport server you have to import that Edge Subscription which will automatically setup your SMTP Send connector to work
with you edge Transport Server.
If you are not using an Edge transport server you have to setup manually an SMTP Send connector to relay the connection directly to
the Internet.
The receive connectors are configured through your Server configuration under the Hub transport and Send connectors are (SMTP)
connectors are configure thorough Organization configuration under the Hub Transport.
Scenario: Here is a Site A and Site B Each of the sites having hub Transport server running on each sites, in addition to that we have a
DMZ zone we have a Edge transport server placed there. Edge transport server is configure to allow inbound and out bound
connections and the configurations are imported on Hub transport server from Edge Transport to setup the connectors automatically.
And also both Site A and Site B hub transport servers are configured in a manner that they can send and receive mail to each other
SMTP Send and receive connectors. These connectors are automatically setup when you place a additional Hub Transport server in
your organization. So, if you are adding up n numbers of Hub transport server in single forest you don’t have a problem they will
setup SMTP send and receive connector automatically with each other. But if, you want to setup a mail configuration outside the
forest you have to configure SMTP connectors manually.
How to establish Send connectors:
Each of these connectors are meant for different usage and importance.
1. Internet: Used to configure connectors manually. This is used on Hub Transport server
2. Internal: Used to setup up connector between edge transport server to Hub Transport server. Which is cone automatically
through edge subscription process, or can be created from her manually.
3. Custom: it is used when you want to send mail to third party message agent or from the edge server that want to send
message to third party message agent.
You can add the domain names in this to send you mail to that Domain.
Network Settings
Smart host, when you choose internal as your usage type the connector request to give a Smart Host. The smart Host handles the
next hop to the delivery destination. In our scenario our Smart host is our Edge Transport Server. Means to say smart host the next
hop, which will be either Edge transport server which is in our case or may be hub transport serve, whatever server which we are
sending mail to is the Smart Host.
When you send a mail to the Smart Host server, the server will decide how to authenticate to the Smart Host Server, in some cases
anonymous access is allowed you can use NONE, in other case you to use Basic authentication and you have to use the username and
password. You can also use Exchange server authentication and you can use Externally Secured Authentication with IPSec
Right now we have only one source server, we can also add some more source servers which will give you redundancy and Load
balancing, this is because if one server fails the other will take the responsibility of sending that mail after that Edge transport server
which we are configuring here.
And there we have our send connector. There are some additional properties you want to configure on this send connector. One of
them is the cost if the connector is configured in the same address base, if one connector have the lower cost then the other you can
start the control to route the mail either to you organization or to the internet. The default value is set to “1” if you want to change
the cost you have to use Set-connector command let though the Exchange management shell.
The Transport Pipeline
The Pipeline term meant that how mail comes to your organization and moves around, or how mail within your organization moves
around and finally get piped out to the Internet. The Transport Pipeline is inner network of mail as it flows from one hub transport
server to another, or from edge transport server after your mail server, that is the Transport Pipeline.
How do the messages get into the transport Pipeline?
Generally it comes through an SMTP receive connector then that connector go to hub Transport server which will work good in
smaller environment. The process involved in Both Hub and Edge Transport Server is When the mail comes in it first goes in the
submission Queue, a queue is a line it is almost the mail sitting there. Imagine it is sitting on the Edge Transport server then It goes to
the Categorizer. The categorizer picks up one message at a time from the submission queue it look at it and identifies the mail itself
and also make sure that it has a valid SMTP Address and decide where they want to send it. In case of Edge Transport Server it will
send to the Hub Transport server and if comes from Hub Transport server it will say it is not meant for our organization and it will kick
it out to the Internet. Hub Transport Server can receive mails in any number of different ways as compared to the Edge transport
server which have the smtp receive connectors.
When Hub Transport server receives mail it puts it in the submission queue that queue can be categorize and then the categorizer
picks up the oldest mail message first and then decide whether it will go to edge transport server or the mail server or to any other
hub transport server that’s the work which categorizer do.
How the mail enters the Submission queue, it comes from the Store driver or the pickup directory or through an SMTP Receive
connector, so there are lots of different ways that Hub Transport server gets its mail.
Store Driver: Basically there is a service called the Exchange Mail Submission service, and the process goes behind it is on the Mailbox
servers when a mail is submitted to the outbox, the mailbox server notifies the Hub Transport server, the Store driver is located on the
Hub Transport Server, it picks up the message from the senders outbox, and if there are multiple hub transport server the Exchange
mail submission service tries to distribute the load to different Hub transport servers.
Pickup Directory: Even the Hub Transport server receives most of the mail from SMTP Receive connector or the Store Driver, the
pickup directory allows message to enter the pipeline through another way. Pickup directory is just a location on hub transport server
that allows some application (legacy applications) instead of working with most modern features of exchange pipe line some of these
application put right the pickup directory of hub Transport server so allows the other application to work with Hub Transport
arrangement.
How Transport Pipeline works in Sites and Large Organization
Each site in AD is connected with each other having some cost, and those costs can be manually established and you can change the
cost based upon what is the best.
How to choose the best cost:
Generally Cost is determined by the Speed of the link in between the Sites, or you can also look on the usage of the connection
between the sites. The lower the cost the better is the probability of message going in a certain direction.
Lesson ���� 13
Troubleshooting Message Transport
Troubleshooting message transport is made up of three different things:
1. Knowledge of the message transport system: you should have the understanding how the message transport how the
pipeline works, so that you can really know from where the problem is coming from.
2. Basic Understanding of troubleshooting: Peoples own experience of troubleshooting
3. Tolls necessary to find the problem.
Mail Flow Troubleshooter (Tool):
Mail flow troubleshooter is the part of the Microsoft Exchange analyzer. Mail flow Troubleshooter functionalities:
1. Common mail flow issues
2. Select the symptom� Tool suggests the solution for you
3. This tool handles: Non delivery reports (NDR’s), Queue backups and slow deliveries.
Scenario: Some mails are struck in Exchange server, means to say some mails are sent and some of them are struck. Target: to solve
the problem using exchange tools.
Message Tracking Tool:
This is pretty different tool as compared to Mail flow Troubleshooter which is basically used to see the overall flow of the mail in you
organization. To diagnose NDR, delay in sending and receiving, Message Tracking is enabled on hub Transport Server by default. This
is also used for routing of messages, which means to say that it keeps the track of the messages as they go through the Hub
Transport Server and seize where they are going along the way. If you want to modify the settings of message tracking you can do
that with the Command Set-TrasnportServer cmdlet from the power shell.
Protocol Logging
Protocol Logging records the conversation that occurred between our SMTP Send and receives connectors, there is information that is
sent back and forth that we can use to diagnose various mail flow problem.
We can Enable these on SMTP Send and Receive connectors, by default they are disabled, the Log files are CSV Text files and their
location is in
\Exchange Server\Transport Roles\Logs\Protocol Logs\SMTP Send, SMTP Receive.
Lesson ���� 14
Configuring your Edge Transport Server
Planning Overview:
Purpose of Edge Transport Server:
For greater level of security Edge Transport server plays a great role. It provides Anti Virus, Anti Spam Protection it adds the extra
level of protection in the Internet and Internal network of Organization. Edge transport server is not included in AD Domain. There
are two different options for installation of Edge Transport Server:
1. You can install the Edge Transport Role on a Standalone Server or you can say an member server that’s a part of Domain,
but as earlier told Edge Server will not be a part of Domain. But if you have a DMZ that is a part of domain but is separate
from the production environment, you can have Edge Transport Server Role on the member server of that Domain but not
on a DC. As the Edge Transport server does not have the AD for Storage of configuration and recipient information, the Edge
Transport server has to use another means so it uses ADAM (AD Application Mode), you can install ADAM SP1, you cannot
install Edge Transport server until you have installed ADAM and the other components are: .Net Framework 2.0 which
includes your Power Shell and MMC 3.0. and for the Best practice you have to install two NIC on the server for two different
connections, one for the Internal and one for the External connection to the Internet. There are many protocols which comes
into play:
Protocols are:
Port 25 for TCP must be opened on your External card for mail to and from the Internet. Similarly you need port 25 for TCP to be
opened on your internal NIC that’s for mail flow to and from your internal Exchange Organization. In addition to the internal side
there are few more to be opened:
1. 50389/TCP to be opened on internal NIC for LDAP it use to make a local connection to the ADAM
2. 50636/TCP to be opened on Internal NIC for secure LDAP which is used for Edge Synchronization
3. 3389/TCP which is optional which is used for RDP
Edge Sync:
There is a division between Hub Transport and Edge Transport Server because they are not in the same domain; you need to create a
Subscription which you call Edge Sync. Edge Sync configures one way replication between the hub Transport server to the Edge
Transport Server, as a result recipient and configuration data is replicate from the AD over to ADAM service which is running on you
Edge Transport server. In order to create this subscription you have to first create a subscription file which is an XML file that has all
of the information that is necessary in order to make connection with hub transport Server. Then you need to move that file to Hub
Transport server and then we go to Hub transport server for the subscription.
SMTP Send connector automatically get configure that is required for Hub Transport and Edge Transport Service.
Edge Transport Server
Get-help new-edgesubscription
New-edgesubscription –file “c:\edge.xml”
Hub Transport Server
On Hub Transport server there is Edge Sync service is running
Start-edgesynchronization
The above screen showing could not connect with the reason that LDAP Server is unavailable
Edge Transport Server
Lesson ���� 15
Finalizing Edge Transport Server
Edge Transport Review:
1. Edge transport Server is not required, in small organizations you have the Mailbox, CAS and Hub Transport Server Roles,
those roles are required. The Edge Transport server is an optional role.
2. The Edge Transport Server Role is not a member of the production AD Domain, this is because Edge Transport Server Stands
at the perimeter of your network usually in a DMZ Zone. Edge Transport Server can be installed on a Standalone Server or it
can be installed as a member server that’s part of another domain which is not a part of Production AD Domain.
3. Nothing is Stored in AD, all of the things are controlled from ADAM, this is because you have installed ADAM before
installing Edge Transport Server Role and all the configuration and information is stored in ADAM
4. We use the Edge Sync to connect to the Edge Transport Server Role to the Hub Transport Server Role, we do this by creating
a XML Edge Sync file which is imported in Hub Transport Server so that the connection can be made.
5. The SCW (Security Configuration Wizard) can be used to opening of ports and establishing a greater level of security on that
Edge Transport Server.
Post Master Mailbox:
What is a post master mailbox, it is a requirement based upon to RFC to the AFC822 which receives the Non Delivery reports and
delivery status notifications. You can create a new mailbox for this or you can add an Alias to the existing mail user, the most part of
this is done on Hub Transport Server depends on the organization which doesn’t have the Edge Transport Server Role.
To check the Post Master mailbox is already there run the following command:
Get-TransportServer
The above screen shot shows that message tracking log is enabled but external post master address is Blank
To Establish the Mailbox, run the following command:
Set-transportserver servername –externalpostmateraddress [email protected]
Now you can see that we have the external post master mail account.
Configuring DNS
You have to setup a record for Edge Transport server in your Internal DNS, it need to include a Host Record of Edge Transport Server
with this entry the other servers like Hub Transport server are gong to contact the Edge Transport server. In addition you have to
configure the External DNS Server the Public DNS Server that have the MX Records that points towards your Edge Transport Server
for mail, so need to verify that your MX records are registered in Public DNS Server for every domain that you accept E mail for.
Dummy DNS Server for setting up MX Records:
The Mail Server priority selects the server for the mail flow, lowest the number higher is the priority. This condition is used when you
have the multiple numbers of Exchange servers in your organization.
Additional Edge Transport Settings
1. Anti-Spam/Anti-Virus
2. Connectors/Transport Rules Accepted Domains
3. Address Re-Writing
New Accepted Domains Settings: From the Accepted domain settings you can configure Domain for which you accept the inbound E
mail, and that Email can go through to an Authoritative Domain, or can be sent to another AD Forest which is the part of the
origination, or relayed to the another server that is completely outside of the organization.
Address Re-Writing: The Address Re-Writing agent runs on the Edge Transport Server, it represent the consistent appearance to
external recipient of messages.
Example: We have a organization that have a variety of object, Asia.nuggetlab.com, sameriaca.nuggetlab.com,
nameriaca.nuggetlab.com, and individuals sends e mails using that extension like Robert.nameriaca.nuggetlab.com sends an E mail
to lisa.asia.neggetlab.com which is not a problem sending in that manner when it is send internally in the organization, but if that E
mail needs to be float on Internet you want to show a consistent appearance like [email protected] ,this is main job of Address Re-
writing agent, it re-writes the sender e mail and route it to the Original sender, or the another Scenario will be if you purchased a new
company and that will be merged into your current company and you need to show up your consistent Domain name
There are actually 10 different agents that are running on the Edge Transport Server and they may not be Enabled. To enable these,
The Command involved are:
Get-trasnportagent
To see is there already any Address re-write entry present:
Get-addressrewriteentry
Scenario: Let us say that we have an internal domain, internalnuggetlab.com and E mail we want to flot is only with nuggetlab.com
Command involved is: new-addressrewriteentry –name “InternalNugget to Nugget” –InternalAddress internalnugget.com –
ExternalAddress nugget.com
And if you want to see the entry is existing:
You cannot do this task using the Exchange MMC, your have to use only the Power shell commands.
Lesson ���� 16
Configuring Anti-Spam
Anti-Spam Process
The Anti spam filtering process is not just a one step process, there are levels from which your mails has to go through and you have
to choose the filtering process each of these levels. When mail enters your system it has to go each of these levels here:
1. Connection Filter
2. Sender and Recipient Filter
3. Sender ID Filter
4. Content Filter + Attachment Filtering
After all these filters your mail reach to your mailbox to each user, and even after reaching to the user it once more filtered by
Outlook Junk mail Filters.
Connection Filter
The Connection Filter is an agent that is running on your Edge Transport Server or your Hub Transport server in case you are not using
an Edge transport Server, and it is the first level of protection for the inbound mails coming into your organization. There are four
different Pieces for connection Filtering, you don’t have to configure all of them:
• IP allow List
• IP Block List
• Safe Provider List (White List)
• RBL-Real-time Block list (Black List)
IP Allow list and IP Block list are created by user. And also you can contact to some third party vendor for White list and Black listed
SPAMS.
When the message comes into the Edge Transport server the source IP Address of the SMTP Connection is checked against these lists,
if the source IP Address is on an IP Allow List, the message is sent to its destination without any additional processing no other Anti
spam Agent need to be involved it just get forward. If that IP Address is on the Block list then the connection is dropped. And if the IP
Address is not on allow and neither in Block list it has to run against another Anti Spam Agents.
Sender filtering
You can use this list to block E mail senders completely from individuals, domains and also Block E mails who the sender is means
unknown E mails, there are two options thorough which you can block the e mails are, you can reject the message completely or you
can Stamp the message, and if it is stamped it will continue to move forward through the process with a raise level attached to it.
Recipient Filtering:
It is very good tool to block E mails internally example: you might have the post master E mail Address or even
[email protected] but you don’t want outsider to use standard E mail Accounts to send your company SPAM or use it as a
Spoofing attack, at the same time you don’t want create E mail addresses that makes no sense to your people in your organization So
[email protected] makes sense will help your internal and external users to send E mail. You can use the recipient filter to
filter the E mails and if message comes in from other accounts those are rejected.
Sender ID filtering
This Agent is used to fight against e mail domain Spoofing, it examines the senders purported responsible address the PRA as a word,
and the Edge Transport Server will query the senders DNS Server to ensure that the IP address which the message was received was
authorized to send message to domain. The Domain administrator publish the Standard Policy Framework (SPF), the standard policy
framework on their DNS Service, and these records identify outbound E mail Service. So the Edge Transport server checks in with the
DNS Service checks to make sure that the SPF records indicates that the server that sends this message is an Authorized server. If you
determine that it is not sent by authorized server there are three different steps to be taken; you can reject the message, delete the
message or you can have it stamped and again it continued on the process with a Flag on your message.
Content Filter Agent:
This agent uses Microsoft Smart Screen Technology to access the contents of the message and it gives the message an SCL (Spam
Confidence Level) Rating. It looks the message and result the message as a SPAM or Legitimate message and then it assigns a rating
between 0 which is the lowest means to say no SPAM to 9 which it rates as a SPAM. On Daily basis Content filtering agent is updated
form Microsoft and any new changes to the filter are added. After detecting that message is a SPAM we can delete a message we
reject that message and we can Quarantine a message. When the message is Quarantine that message is put into another mailbox
account, we can establish a Quarantine mailbox account to see which messages are quarantined.
There is another type of filtering called Attachment Filtering. These settings are made through the Exchange management Shell.
Settings and Configurations:
Edge Transport Server:
IP Allow List
IP Block List
IP Allow List Provider
IP Block List Provider
If we do not want messages to be get blocked from the User(s) regardless of the Block list
Sender Filtering
Recipient Filtering
Sender ID
Sender Reputation
If the sender is using Open Proxy then they are most likely a spammer and that will change a sender reputation level
Content Filtering
Attachment Filtering
Get-attachmentfilterlist
Gives all the files entry with the Attachment filter
To add the new entry for file extension
Add-attachmentfilterentry –Name *.vrs –type Filename
To look the configuration
Get-attachmentfilterlistconfig
Anti Spam Settings on Hub Transport Server:
1. we have to run a script
2. open Exchange Management Shell
3. redirect to the Directory cd “c:\program files\Microsoft\exchange server\scripts”
4. run the Command: install-antispamagents.ps1
5. Restart Microsoft Transport Service
And you able to see the Anti Spam Tab in your hub Transport server
Lesson ���� 17
Analyze and Monitor Exchange 2007
Tool Box
Best Practice analyzer:
It scans your Exchange Server, your Configuration Settings, your AD, and you’re DNS Services, this tool is not going to make any
changes. It analyze and checks every piece of infrastructure and return you the results.
Disaster Recovery Tool:
Command Line Tools:
ESEUITL and ISINTEG are very powerful tools to use
ESEUITL working:
1. You can Defragment the Information Store.
2. You can check the Database Integrity with this.
3. You can repair a Damaged Database using that tool.
ISINTEG Tool:
1. Performs Test on Information Store.
2. Can fix some Eorror
Performance Tools:
If you press ctrl+H Button it will highlight the specific counter results
Microsoft Operations Manager (MOM)
Some of the Feature Sets of MOM
Lesson ���� 18
A look at Unified Messaging
What is Unified Messaging?
There is variety of server and services that handles the basic communication of what we want and need in our organization like there
are E mail Servers, Fax Server, Voice Mail Servers and each of these servers can be handled separately. If we merge all of these
services into one Unified messaging server and that server communicates with Hub server or Mailbox Server Role, We require some
things to be placed to establish this server:
1. IP/PBX
2. VOIP Gateway that can connect to Legacy PBX
One Drawback of unified messaging server is that we are not able to send Faxes while we are using a UM server only incoming Faxes
we can get. If you need to send outgoing Faxes you need a Third Party Solution for that.
Exchange 2007 UM Features:
1. Voice Mail: Voicemail Though OWA, Outlook 2007 or through Mobile Devices.
2. Play on Phone to listen to Voicemail, it looks like a regular E mail
3. Fax Receive, they come in Tiff file Extension
4. Configuration Options
5. Auto Attendants: it is a voice prompt which gives internal and external users access to the systems using the keypads and
speech inputs you can move through the Auto Attendant menu Structure.
What Is………………..
Circuit Switch Network: A good Example of public switch network is Public Switch Telephone Network (PSTN), this handles the
multiple call on the same Transmission medium and the medium can be copper or may be Fiber Optic Cable, but the key to a Public
switch network is that there is a dedicated connection between point A and Point B, so that dedicated connection is locked in once
the call is made or established there is circuit or a Channel that is set and that set exist for the duration of the connection until the
connection is cancelled.
Used in Phone System
Packet Switch Network: Packet Switching is basically a technique that divides the data packets into smaller units which are called
packets. Packets are sent to the destination through the best route available and then they reassemble, regardless of the size of the
message broken up into smaller packets and sent into smaller units using the best route to the destination.
Internet
Legacy PBX: It’s a Telephony Device that access a switch, for switching calls the telephony or circuit switch network. PBX takes
connection from the outside, then PBX system monitor who is using incoming and outgoing line and that system will allow all
hundred users to be able to have access to phone system without installing 100 individual lines. These lines are also called as Trunk
Lines.
IP/PBX (iPBX): It has the incoming connection from outside world but it supports the IP Protocol on the internal side or uses Ethernet
or packet switch LAN in order to handle voice conversation through the IP Packet. If you are making a call from one person to another
within the organization that go on your LAN if you making a call outside the IP/PBX handles both the traditional connection outside
or the IP Connection the outside, but internally you use the local network to handle your conversations regardless of what connection
has made outside.
Voice Over IP (VOIP): This is the Technology made up of both hardware and software that allows people to use an IP Based network
to make telephone calls.
IP/VOIP Gateways: This is the Third party hardware Device that lows you to connects you to the legacy PBX to your LAN.
Unified Messaging Server Settings:
UM dial Plan: A Dial Plan is an AD container object and it represents one or more PBX’s with their common user Extension numbers
Example: A user number is 212 5551212 and extension number is 51212 and may be there is one more user having the same
Extension number 51212 but it depends upon what is their there trunk line number. In order to avoid having two different users have
identical telephone extensions you can use Dial Plans and you can put two different users with the same extension numbers into two
different Dial Plans, this comes into play in Larger organization.
At least one dial Plan will be required in order to make UM up and running
.
When a Dial Plan is Created the UM Mailbox Policy is automatically Created
UM IP Gateway:
Hunt Group: Hunt Groups are grouping of Lines, whoever under this Hunt Group, any users that align under this Hunt Group this hunt
group allow you to find the line related to this Hunt group, I case when there is no line available you can establish a new Hunt Group.
UM Mailbox Policies: Properties of Auto configured Policy:
UM Auto Attendant: it will redirect you call from one way or the other way
To enable a user for Unified Messaging:
Lesson ���� 19
Troubleshooting your Exchange Environment
What-if Scenario:
Scenario: an individual call you and says I have a problem, may be a connectivity issue, and may be a network Problem. If a group of
users call and they all have account on same Mailbox server, or we may be group of users from the same Site on the same network
Subnet. It could be a network problem, a DNS issue, or may an AD Issue. May be there is group of user from different Sites.
Solutions:
• Check with the Client, may be MAPI which may be running 2003 or 2007 version if the clients are running 2003 you may
need to look on the Mailbox server roles but if they are running 2007 version you have to check also with CAS Role because
there are some features that the CAS Server plays when connected with 2007 MAPI Clients.
• Problem with OWA, you have check whether you Web Services are up and running, and with CAS Server which will be the
same with the Active Sync
• Another case if some of the Mobile devices are non provision able with Active Sync you have to specify in you policy that you
are using Non- Provision able mobile Devices. So, if you are not going to specify in your policy about non-provision able
Devices you are not able to connect up.
• POP 3/IMAP 4, Outlook Anywhere all setup up have to looked into
• If you feel that there is problem with your Network you have different trouble shooting tools for that. Ping, Telnet, RPC Ping,
IP config, nslookup, dcdiag.
• When there is a problem with your Exchange side
o Diagnostic Logging
o Trouble shooting Assistant
o New PowerShell Cmdlets
There are five different levels of Diagnostic Logging:
- Lowest
- Low
- Medium
- High
- Expert
Configuring Diagnostic Logging levels
To see the levels of the Events:
Get-Eventloglevel
To see the deeper level
Get-eventloglevel msexchangefds( service name)
To change the levels for a single service:
Set-eventloglevel msexchangefds-level high
To set level including the Child services:
Get-eventloglevel msexchangefds( service name) | Set-eventloglevel -level high
Troubleshooting Assistant:
Power Shell Commands for Troubleshooting:
• If there is some problem with Mailbox Server Role
Get-Mailboxserver
To see the Formatted list:
To see the things enabled or not
Get-MailboxServer | fl
Get-Clientaccessserver |fl
Command to test various services running
Get-command *test*
To Test MAPI Connectivity:
Test-mapiconnectivity
To test the Health of the server:
Test-serviceheatlh
To Test System Health:
Test-systemhealth
Lesson ���� 20
Power shell 0 to 60
In Exchange 2007 we use Exchange management shell which is a command line interface. Powershell offers greater connectivity
because is offers easy to understand Syntax.
Power shell with Command.exe commands:
• You see the full list of commandlets : Get-command
• Only Exchange cmdlets: get-excommand
• Cmdlet for specific role: get-help –role *UM* or *Mailbox*
• Get General Help: Help
• Get help for a cmdlet: help <cmdlet-name> or <cmdlet-name>
• Show Quick reference Guide: quickref
• Exchange Team Blog: get-exblog
• Show full output for a cmd: <cmd> | format-list
Same commands used in Command.exe
Ipconfig
Cls
Net stop msexchangeis
Net start msexchangeis
Get Help:
Get-help
Test- if you hit tab key it will automatically change the options for you.
If we want change the Alias for a user
Set-mailbox –alias Lucas Grey “lgrey”
Pipelining: Pipeline allows up to take the output from one command and use it as input for another command. So, it is used in
another commands what we get in one Query.
Let us take an example: we have to get an information of a particular user
Get-mailbox bigboss
if we need more information about that user: like permissions
Get-mailbox bigboss | Get-mailbox permission
To see a bunch of information for all user
Get-mailbox | format-list or fl
Get-mailbox | format-table or ft
What if/Confirm
This command will stop all of the processes
Get-process | stop-process –whatif
It will show you the result that what is going to be dome after this command is going to run. And you can combine this Whatif
command before executing any command to confirm the execution results before doing that.
Get-process | stop-process –confirm
This command will ask us for each and every process you want to execute or not.
Exporting the content:
Get-help get-mailbox > c:\test.txt
Get-mailbox |get-mailboxpermissions > c:\test.csv
Get-mailbox |get-mailboxpermissions | convert to-HTML | Set-content c:\test.html
Default location for Scripts which are installed default when we had installed Exchange Server.
Default extension is x.ps1