MCITP Microsoft Exchange Server 2007 Messaging Design and Deployment Study Guide phần 4 pps

You are an Exchange administrator responsible for an Exchange 2007 organization that tains two Exchange 2007 Mailbox servers, one Client Access server, and one Hub Transport server.. You

Trang 1

Finally, we covered some additional tweaking you should do to make your Exchange zation as secure as possible We investigated how you can secure your environment by delegating Exchange Administrator roles and by securing SMTP email To finish we covered Information Rights Management.

organi-Exam Essentials

Legal and company requirements for messaging policies There are both legal and company

requirements that force you to configure messaging policies to control mail flow and mail storage You need to know the difference between transport rules and journaling rules You might also receive a question about client licensing requirements, and about the archiving possibilities trans-port rules offer A lot of questions on the exam ask you about the possible configuration options for messaging records management and about message classifications

Antispam in Exchange Server 2007 The exam focuses very hard on the antispam options

in Exchange Server 2007, and what is added if you introduce Exchange Hosted Services and Microsoft Forefront for Exchange to your Exchange environment Make sure that you know what the different antispam filtering options entail

Exchange Administrative Permissions The exam will check if you know about the new Exchange Administrator roles; make sure that you can list them and that you know what rights users will get when they are delegated an Exchange Administrator role You have to know the advantages and possible disadvantages of securing SMTP email traffic, and what Information Rights Management can offer your Exchange organization

Trang 2

Review Questions 227

Review Questions

1. You are an Exchange administrator, and you have a single Exchange Server 2007 server with

250 mailboxes Your management wants you to implement what is needed to make sure that messages they send cannot be read by anyone other than the intended recipient What should you implement?

or software What are your options?

A. Deploy antispam agents on the Mailbox server

B. Deploy antispam agents on the Hub Transport server

C. Deploy the Edge Transport server role in your environment

D. Use Exchange Hosted Services

3. You are an Exchange administrator, and you have an Exchange Server 2007 organization with one Client Access server/Hub Transport server Exchange Server 2007 instance and one Exchange Server 2007 Mailbox server with 250 mailboxes Your Exchange server receives more spam messages than legitimate mails, and you want to reduce the number of spam mes-sages that reach your users’ mailboxes, but you do not want to invest in new hardware or soft-ware What are your options?

A. Deploy antispam agents on the Mailbox server

B. Deploy antispam agents on the Hub Transport server

C. Deploy the Edge Transport server role in your environment

D. Use Exchange Hosted Services

Trang 3

4. You are an Exchange administrator, and you have a single Exchange Server 2007 server that houses 300 mailboxes You would like to keep track of the emails that are sent and received

by the legal department in your organization You are using a Standard Edition license of Exchange Server 2007, and you currently have five stores in use What should you do? Choose two answers; each part presents part of the solution

A. Create a mail-enabled universal distribution group, U_Legal_Department, and make every user of the legal department a member of that group

B. Create a journaling rule that will journal every email sent and received by members of the mail-enabled universal group U_Legal_Department

C. Move all mailboxes of users in the legal department to a new mailbox store, Store_Legal

D. Enable journaling on the new store, Store_Legal

5. You are an Exchange administrator responsible for an Exchange 2007 organization that tains two Exchange 2007 Mailbox servers, one Client Access server, and one Hub Transport server Your company recently acquired an Exchange 2007 organization You do not intend

con-to merge the two companies, but it is important that you secure all mail flow between the two organizations that have a dedicated T1 Line to link them together What should you do?

A. Create a dedicated SMTP Send connector and require authentication

B. Create a dedicated SMTP Send connector

C. Install and configure MIIS

D. Install and configure the Exchange organization’s connector

6. You are an Exchange administrator responsible for a single Exchange Server 2007 tion You’ve received a request that when other SMTP servers perform Sender ID filtering your domain name cannot be spoofed by nonauthorized users What should you create?

organiza-A. Register an SPF record in DNS

B. Create an SPF record in the registry of your Exchange server

C. Register an MX record in DNS

D. Register an MX record in the registry of your Exchange server record in DNS

7. You are an Exchange administrator responsible for an Exchange 2007 organization that tains two Exchange 2007 Mailbox servers, one Client Access server, and one Hub Transport server Your legal department requests that you include a disclaimer with all messages that are sent out from your Exchange organization How can you accomplish this with the least amount of administrative effort?

con-A. Create and register a transport event sink on your Exchange Hub Transport server

B. Create a transport rule that adds a disclaimer to all messages that are sent outside the organization

C. Create a transport rule that adds a disclaimer to all messages that are sent inside the organization

D. Educate your users to add a signature to all messages they send outside

Trang 4

8. You are an Exchange administrator responsible for an Exchange 2007 organization that tains two Exchange 2007 Mailbox servers, one Client Access server, and one Hub Transport server Your management would like you to investigate if it is possible to prepend the word

con-SPAM to every message that is delivered to a user’s Junk E-Mail folder How can you

accom-plish this with the least amount of administrative effort?

A. Configure a transport rule to prepend the subject of an email with SPAM when a message

reaches a predefined SCL

B. Configure a journaling rule to prepend the subject of an email with SPAM when a message

reaches a predefined SCL

C. Create and register a transport event sink to prepend the subject of a mail with SPAM when

a message reaches a predefined SCL

D. Create and deploy a group policy to prepend the subject of an email with SPAM when a

message reaches a predefined SCL

9. You are an Exchange administrator responsible for an Exchange 2007 organization that tains two Exchange 2007 Mailbox servers, one Client Access server, and one Hub Transport server Your management requests that you keep the size of your database files under control You have reached an agreement with your management to control the size of the mailboxes

con-by managing the amount of time messages are retained in the Deleted Items folder You are required to create two kinds of policies; the first one enables a user to keep items in the Deleted Items folder for 7 days, the second one for 60 days What should you do to successfully con-figure these requirements? Select three; each answer is a part of the solution

A. Create two mailbox stores

B. Create two new managed default folders, type Deleted Items

C. Move users to the mailbox store that is configured with the required deleted item tion time

reten-D. Create two new managed folder policies, each one responsible for a different managed default folder, both called Deleted Items, and attach it to the users needed

E. Create managed content settings that reflect the specified criteria for each new managed default folder, type Deleted Items

F. Configure the required deleted item retention time for the mailbox stores

10. You are an Exchange administrator, and you have a single Exchange Server 2007 that houses

300 mailboxes You have recently deployed an Exchange Server 2007 Edge Transport server, and you need to configure a way to reject any mail that is coming from any known relayers What should you configure?

A. Sender filtering

B. Recipient filtering

C. Content filtering

D. Connection filtering

Trang 5

11. You are an Exchange administrator, and you have a single Exchange Server 2007 server that houses 300 mailboxes You have recently deployed an Exchange Server 2007 Edge Transport server, and you need to configure a way to reject as much mail as possible from domain spoofers What should you configure?

con-A. Exchange Organization Administrator

B. Exchange Recipient Administrator

C. Exchange View-Only Administrator

D. Exchange Server Administrator

13. You are an Exchange administrator responsible for an Exchange 2007 organization that tains two Exchange 2007 Mailbox servers, one Client Access server, and one Hub Transport server You recently hired a new Exchange administrator and added her to the Domain Admins group, but you need to grant her all permissions to the entire Exchange organization What role should you delegate to your new colleague?

con-A. Exchange Organization Administrator

14. You are an Exchange administrator responsible for an Exchange 2007 organization that tains two Exchange 2007 Mailbox servers, one Client Access server, and one Hub Transport server All your users use Microsoft Office Outlook 2007 Your management has decided that

con-it has to be possible for users to mark every email they send to a customer as A/C Confidential What should you do? Select two; each option is part of the solution

A. Deploy a local file (Classifications.xml) on the client computers

B. Create and deploy a registry key on the client computers that enables the use of message classifications

C. Deploy a local file (Classifications.xml) on the Exchange Mailbox servers

D. Create and deploy a registry key on the Exchange Mailbox servers that enables the use of message classifications

Trang 6

15. You are an Exchange administrator, and you have a single Exchange Server 2007 server that houses 300 mailboxes A single user in your organization asks you if there is a way to restrict permissions on an email message he’s sending to a customer He wants to prevent the customer from forwarding or copying the contents of the email message The user in question uses Microsoft Office Outlook 2007 What can you offer him?

A. Digital signatures

B. Message encryption

C. Information Rights Management

D. A secure SMTP connection to that customer’s mail organization

16. You are an Exchange administrator responsible for an Exchange 2007 organization that tains two Exchange 2007 Mailbox servers, one Client Access server, and one Hub Transport server Your users use either Microsoft Office Outlook 2000 or Microsoft Office Outlook XP

con-to open their mailboxes All your clients are running Windows XP Professional SP2 Your management wants you to deploy and configure a Rights Management server What should you do first so that your clients can use the abilities offered by IRM? Select two; each answer

is a complete solution

A. Upgrade to Windows Vista

B. Upgrade Microsoft Office Outlook to Microsoft Office 2003

C. Upgrade Microsoft Office Outlook to Microsoft Office 2007

D. Deploy Windows Rights Management server

17. You are an Exchange administrator, and you have a single Exchange Server 2007 server that houses 300 mailboxes Your management wants customers to be sure that messages they receive from your organization are sent by your organization In addition, your management wants to make sure that in case someone outside your organization altered the message, the recipient knows about this What should you implement?

A. Exchange Organization Administrator

Trang 7

19. You are an Exchange administrator, and you have a single Exchange Server 2007 server that houses 300 mailboxes You recently deployed an Edge Transport server role You would like

to configure your Edge Transport server to block all messages that contain attachments with

an extension XYZ What should you do?

A. Enable and configure attachment filtering on your Exchange Server 2007 server

B. Enable and configure attachment filtering on your Edge Transport server

C. Enable and configure content filtering on your Hub Transport server

D. Enable and configure content filtering on your Edge Transport server

20. You are an Exchange administrator responsible for an Exchange 2007 organization that tains two Exchange 2007 Mailbox servers, one Client Access server, and one Hub Transport server You would like to enable attachment filtering, and you choose to deploy an Edge Trans-port server You would like to have blocked attachments sent to a quarantine mailbox; what should you do?

con-A. Enable and configure attachment filtering

B. Enable and configure content filtering

C. Enable and configure recipient filtering

D. Enable and configure Microsoft Forefront Security for Exchange Server

Trang 8

Answers to Review Questions 233

Answers to Review Questions

1. D Encrypting messages will make sure that only the intended recipient can view the contents Sender filtering, recipient filtering, and content filtering are used to prevent spam from entering the exchange organization Digital signatures will allow the recipient of the message to be sure the sender actually sent the message but the message itself will not be encrypted when sent

2. D You don’t want to invest in new hardware and software, so you cannot go for the Edge Transport server role You want to stop spam before it reaches your messaging environment, thereby eliminating the possibility of deploying the antispam agents on the Hub Transport server It is not possible to deploy antispam agents on the Mailbox server You can only choose

to use Exchange Hosted Services

3. B You don’t want to invest in new hardware and software, so you cannot go for the Edge Transport server role Since you want to reduce the amount of spam that reaches your users’ mailboxes, you should enable the antispam transport agents on your Hub Transport server You don’t want to stop spam from entering your organization, you just want to stop spam from reaching the user’s mailboxes, thereby there is no requirement to go for Exchange Hosted Services

4. A and B Because you are using the Standard Edition version of Exchange Server 2007, you are not able to create an additional store since you already have the maximum number of stores

in use The Standard Edition version of Exchange only supports the creation of five stores You can, however, create a new universal distribution group and use a new feature available in Exchange Server 2007: per-distribution-group journaling

5. A It is best practice to enable authentication to provide additional security for email sent from associated organizations Creating a dedicated SMTP Send Connector does not provide secure mail flow if you don’t require authentication Installing and configuring MIIS would enable directory synchronization which is not asked for in this scenario The Exchange organization’s connector does not exist

6. A Sender ID filtering can provide you with a valid result only if the sender’s domain has a Sender Policy Framework (SPF) record registered in DNS

7. B You can use the Exchange Management Console or Exchange Management Shell to figure disclaimers on computers that have the Hub Transport server role installed Creating and registering a transport event sink is not recommended Educating your users will require more effort than creating a transport rule You shouldn’t apply a transport rule to messages that are sent inside your organization, because you only want messages that go outside the organization to receive a disclaimer

con-8. A You can configure a transport rule to prepend a subject with a string, and you can specify the value of the SCL as a condition A journaling rule is used to journal messages, and therefore not valid for changing a message subject Creating a transport event sink would require admin-istrative effort to create and deploy it Group policies cannot be used to change the subject of

a mail

Trang 9

9. B, C, and E Deleted item retention time is the amount of time that messages that are deleted from the mailbox are available for recovery We are covering the messages that are still in the mailbox, in the Deleted Items folder, so deleted item retention time doesn’t matter here Instead, it is feasible to create two new Deleted Items managed folders and specify for each one different managed content settings, and use managed folder policy to hand them out to the users that need those settings.

10. D You can configure connection filtering to check with real-time Block lists if the connecting SMTP server is a known relaying server

11. C Sender ID filtering will check if the sender (or most probable sender) is sending the mail using the SMTP services of a server that is authorized to send mail from that sender’s domain If there is an SPF record configured for the SMTP mail domain, you can check

if domain spoofing is done Sender filtering only provides the ability to block mail from specific domains, without checking if it’s spoofed or not Recipient filtering is used to filter mail sent to specified recipients, and Connection filtering is used to check if the connection was initiated from a valid IP address

12. B A user needs to have the Exchange Recipient Administrator role in order to be able to give users a mailbox

13. A To be able to fully manage an Exchange organization, a user needs to be delegated the Exchange Organization Administrator role

14. A and B If you want to enable the use of message classifications in Outlook, you need to deploy on the client computer a local file (Classifications.xml) that contains the defini-tions of the message classifications And you also need to create and deploy a registry key that will enable the use of message classification by referencing the Classifications.xml file on the client computer You don’t need to add a registry key on the Exchange Mailbox servers, and you don’t need to deploy a local file on the Exchange Mailbox servers

15. C Information Rights Management can be used in Microsoft Office Outlook 2003 and Microsoft Office Outlook 2007 to prevent email forwarding, copying, editing, or printing Implementing signing and sealing will not prevent a user from forwarding or copying the con-tents of an email message A secure SMTP connection only secures the SMTP mail flow, but does not imply that the email message is not able to be forwarded or copied

16. B and C You need at least Microsoft Office Outlook 2003 to be able to use the services vided by IRM You can use the abilities offered by IRM by running Office Outlook 2003 (or later) on XP Professional You don’t need to have Windows Rights Management server, since you can use the limited-trial version offered by Microsoft

pro-17. E Digital signatures provide authentication, nonrepudiation, and data integrity By digitally signing your email messages, you enable recipients to verify if the email message has been sent

by the person or organization that claims to have sent the message, and you enable recipients

to verify if the message has been altered

18. D You need to delegate the role of Exchange Server Administrator since you want your new colleague to have full control over the specified servers’ configuration data

Trang 10

Answers to Review Questions 235

19. B Attachment filtering allows you to block attachments from entering your Exchange nization, by attachment content type, or by attachment file name You can enable and config-ure attachment filtering only on the edge Transport server Content filtering is set as an SCL value for messages so you can configure your Edge or Hub Transport server to block them, quarantine them, or deliver them to a user’s junk mail folder

orga-20. D Forefront Security for Exchange Server enables you to quarantine blocked attachments Attachment filtering, content filtering, and recipient filtering do not allow you as an adminis-trator to have blocked attachments sent to a quarantine mailbox

Trang 12

II

70-238: Pro:

Deploying Messaging Solutions with

Microsoft Exchange Server 2007

81461.book Page 237 Wednesday, December 12, 2007 4:49 PM

Trang 14

6

Planning an Upgrade to Exchange Server 2007

MICROSOFT EXAM OBJECTIVES COVERED

IN THIS CHAPTER:

Plan the Exchange Server 2007 migration implementation

Plan the Exchange Server 2007 upgrade implementation

Trang 15

Before we start talking about upgrading to Exchange Server

2007, it is important to make the distinction between two types

of upgrades: transitioning and migrating When you decide to upgrade your existing Exchange 2000 Server or Exchange Server 2003 to Exchange Server

2007, you will be transitioning your Exchange organization to 2007 However, when you decide to upgrade your existing Exchange 2000 Server or Exchange Server 2003 to a new Exchange Server 2007 organization you will be migrating to Exchange Server 2007 Upgrad-ing from Exchange 5.5 or any other third-party messaging system to Exchange Server 2007 is also referred to as migrating to Exchange 2007 In this chapter we will cover everything that has to be considered when planning a transition to Exchange 2007 In Chapter 7, “Plan a Migration to Exchange Server 2007,” you will get detailed information about all possible migration scenarios that exist for Exchange Server 2007

It is true that the transition process itself is the same for an Exchange Server 2003 or

an Exchange 2000 Server organization But there are features from Exchange 2000 Server and Exchange Server 2003 that are not supported anymore in Exchange Server 2007 If you decide to transition to Exchange Server 2007, you will need to plan a solution for all features that do not exist anymore in Exchange Server 2007 In this chapter we will dig into all those features, and we will have a look at the best way to transition your Exchange

2000 Server or Exchange Server 2003 organization to Exchange Server 2007

The main subjects in this chapter are as follows:

Exchange 2000 Server features not supported in Exchange Server 2007

Exchange Server 2003 features not supported in Exchange Server 2007

Features that are gone in Exchange Server 2007

De-emphasized features in Exchange Server 2007

Planning the upgrade process from Exchange 2000 Server and Exchange Server 2003

Planning for Migration of Legacy

Exchange Features

In this part of the chapter we will have a look at all features that were available in Exchange

2000 Server and Exchange Server 2003, but are not supported anymore in Exchange Server

2007 We will also highlight the features that are de-emphasized in Exchange Server 2007

Trang 16

Planning for Migration of Legacy Exchange Features 241

Exchange 2000 Server Features Not Supported

Exchange 2000 Conferencing Server

Exchange Chat Service

Exchange Instant Messaging

Microsoft Mobile Information Server

Cc:Mail was discontinued in 2001 The latest version of cc:Mail was released

in 2000, version 8.5 Originally developed by Microsoft in the ‘80s, Lotus Development took over the technology in 1992.

If you want to continue to use a cc:Mail connector, plan to keep at least one Exchange 2000 Server in your organization

If you want to continue to use an MS Mail connector, plan to keep at least one Exchange 2000 Server in your organization

Trang 17

242 Chapter 6 Planning an Upgrade to Exchange Server 2007

Exchange 2000 Conferencing Server

Exchange 2000 Conferencing Server was a separate component that you could install once you had an Exchange 2000 Server organization deployed Exchange 2000 Conferencing Server allowed you to do the following:

Share applications

Transfer files

Host text-based chat sessions

Exchange audio and video signals

Everything was based on four core components/technologies:

Exchange Chat Service

You could deploy the Exchange Chat Service in addition to an Exchange 2000 Server or on any Windows 2000 box in an Active Directory environment where Exchange 2000 Server was deployed Following protocol standards set for Internet Relay Chat (IRC (RFC 1459), and the Internet Relay Chat Extension (IRCX) Implementing Exchange Chat Service allowed you to

do the following:

Use IRC clients such as Microsoft Chat Service

Create channels for one-to-many and many-to-many text conversation

Enable administrators to moderate the use of and access to chat communities with bans and classes

Allow users to host or moderate a chat channel’s content

If you want to continue to use Exchange Chat Service, plan to keep at least one instance of Exchange 2000 Server in your organization

Instant Messaging

Exchange Instant Messaging provided real-time collaboration services in Exchange 2000 Server All Instant Messaging communication used the protocol RVP Installing Instant Mes-saging enabled users to do the following:

Exchange small messages without the overhead of composing and sending email

Exchange small messages when email transfer is interrupted

Trang 18

Propagate and view presence information of other users

Control who can and who cannot contact you

Instant Messaging could be installed as part of an Exchange 2000 Server deployment, or you could deploy Instant Messaging on a non-Exchange server in an Exchange 2000 Server environment

If you need to be able to support Exchange Instant Messaging, plan to keep at least one instance of Exchange 2000 Server in your organization

Microsoft has developed a new product to provide both instant messaging and collaboration functionality to the enterprise Originally launched in 2003

as Live Communications Server 2003, a new version, Live Communications Server 2005, was released in 2005 In August 2007 the latest version, named Office Communications Server 2007, was presented by Microsoft.

Key Management Service

The Key Management Service was one of the least implemented features in an Exchange 2000 Server organization Installing the Key Management Service enabled you as an Exchange administrator to provide users with the option to sign and/or seal their messages

Exchange 2003 and Exchange 2007 leverage the Windows Server 2003 public key infrastructure (PKI) architecture to provide Exchange users the possibility

to sign and seal their messages

If you need to be able to provide the Exchange Key Management Service, plan to keep at least one instance of Exchange 2000 Server in your organization It is, however, best practice

to migrate the Exchange Key Management Service to the Windows Server 2003 PKI ture Figure 6.1 shows an overview of the process of this migration

architec-Microsoft Mobile Information Server

Microsoft Mobile Information Server provided users with the ability to gain access to their Exchange 2000 mailboxes by using a mobile device Using Outlook Mobile Access enabled users to browse through their mail and calendars using a cell phone In addition, users were able to reply to mail and perform real-time searches Using Microsoft Server ActiveSync made

it possible for users to sync their mailboxes with their PDAs

Exchange Server 2003 provided Outlook Mobile Access and Microsoft Server ActiveSync out of the box, without requiring Microsoft Mobile Information Server Outlook Mobile Access which isn’t supported anymore in Exchange Server 2007, as we will cover later in this chapter.

If you need to be able to provide the Microsoft Mobile Information Server services to some users, plan to keep at least one instance of Exchange 2000 Server in your organization 81461.book Page 243 Wednesday, December 12, 2007 4:49 PM

Trang 19

F I G U R E 6 1 Migrating Exchange Key Management Service to the Windows Server 2003 PKI architecture

Exchange 2003 Server Features Not Supported

in Exchange Server 2007

In this part of the chapter, we will look at all discontinued features that were available in Exchange 2003 Server:

Connector for Lotus Notes

Connector for Novell GroupWise

Enable Windows

2003 CA to archive private keys

Allow Windows

2003 CA to import foreign keys

Import the exported KMS Database to Windows 2003 CA

Recover the certificates

Trang 20

Active/Active clustering

Coexistence with Exchange Server 5.5

Public-folder access using Outlook Web Access (OWA)

Connector for Lotus Notes

Out of the box, Exchange Server 2003 provided tools to enable coexistence with a Lotus Notes

messaging environment When you ran the installation of Exchange Server 2003 you would

have the choice to install the following components:

Microsoft Exchange Lotus Notes connector

Microsoft Exchange Calendar connector

The Microsoft Exchange Lotus Notes connector enabled both directory synchronization and

mail flow between a Lotus Notes environment and an Exchange organization The Microsoft

Exchange Calendar connector allowed users to gain access to free/busy information from users

housed on Lotus Notes

In March 2007 Microsoft released an updated version of the Microsoft Exchange Lotus Notes connector, which replaces the built-in connector that ships with Exchange Server 2003 (including SP2) This new Lotus Notes connector includes support for iNotes and Domino Web Access clients, improved Unicode support, and enhanced message routing between Exchange and Domino.

The Microsoft Exchange Lotus Notes connector has been cut from Exchange Server 2007

In its place, Microsoft has chosen to include a brand-new Microsoft Transporter Suite for Lotus

Domino This new suite is an easy-to-use shared management console, and a command-line

envi-ronment, that offers you planning resources, coexistence tools, and migration tools to move

from Lotus Domino to Exchange Server 2007 (For more information about this suite, consult

Chapter 7.) It is possible to enable SMTP mail connectivity from Exchange Server 2007 to a

for-eign Lotus Notes environment You could also deploy Microsoft Identity Integration Server 2003

to perform directory synchronization between Exchange and Lotus Notes

Be careful about versions! If you want to use the Microsoft Transporter Suite for Lotus Domino you need to have at least version 6 to enable coexistence (Lotus Domino 5 is not supported for SMTP mail routing because it does not support native MIME or iCal; therefore, to enable mail flow, you will need

to implement the Lotus Notes connector for Exchange Server 2003 on an Exchange Server 2003 server!) If you just want to move mailboxes from Lotus Domino, you can use the Microsoft Transporter Suite to migrate from Lotus Domino versions 5.x, 6.x, and 7.x.

Trang 21

Connector for Novell GroupWise

Installing and configuring the connector for Novell GroupWise allowed an Exchange

organi-zation to establish connectivity with a Novell GroupWise mail environment If you were to

install just the connector for Novell GroupWise you would be able to establish mail

connec-tivity and directory synchronization between your Exchange organization and your Novell

GroupWise environment By adding the Calendar connector you would also enable users to

gain access to free/busy information of users housed in your Novell GroupWise environment

Exchange Server 2007 does not support the connector for Novell GroupWise anymore If

you need to provide connectivity to a Novell GroupWise environment, plan to keep at least

one Exchange Server 2003 in your organization

If your Exchange organization requires mail connectivity only to a foreign Novell GroupWise environment, you could use SMTP send connectors to set

up mail flow If you want your Exchange users to see Novell GroupWise users

as mail-enabled contacts, you could implement Microsoft Identity Integration Server (MIIS) 2003 But remember: you will not be able to exchange free/busy information using MIIS 2003 If you need this ability, you will have to install and configure the connector for Novell GroupWise and the Calendar connector on an Exchange 2000 Server or Exchange Server 2003 server in your Exchange organization.

NNTP

When you wanted to install Exchange 2000 Server or Exchange Server 2003, you had to have

the Network News Transfer Protocol (NNTP) installed This protocol was necessary for

exchange to be able to create its public folders But after installation you were able to disable

this Internet protocol, or you could configure NNTP services for your Exchange organization

You were able to set up news groups, and you were able to configure news feeds Users could

use an NNTP client like Outlook Express to gain access to those news groups and news feeds

Exchange Server 2007 does not require you to use NNTP! Exchange Server 2007 does not

support NNTP anymore as an Internet protocol, either If your Exchange organization needs

to be able to provide NNTP services, plan to keep at least one Exchange Server 2003 server

in your organization

Outlook Mobile Access

Exchange Server 2003 offered two built-in mobile services: Microsoft Exchange ActiveSync,

and Outlook Mobile Access Outlook Mobile Access enabled users to access their Exchange

Server mailboxes by using a browser-enabled mobile device, using Extensible Hypertext

Markup Language (XHTML), compact HTML (cHTML), or standard HTML browsers

If you have users that require Outlook Mobile Access, plan to keep at least one Exchange

Server 2003 server in your organization

Trang 22

X.400 Connector

Ever since the release of Exchange 2000 Server, Exchange has used SMTP as its default routing

protocol But you were always able to create and configure an X.400 connector to connect your

Exchange organization to a foreign X.400 mail environment, to connect to another Exchange

organization, or to connect two routing groups in the same Exchange organization If you

created a mailbox-enabled user in an Exchange 2000 or Exchange 2003 organization, that user

would receive by default an SMTP address and an X.400 address In Exchange Server 2007,

the X.400 connector is not supported anymore When you create a mailbox-enabled user in

Exchange Server 2007, the user will not get an X.400 address, as can be seen in Figure 6.2

F I G U R E 6 2 Mailbox-enabled users in Exchange Server 2007 do not receive an

X.400 address.

When you are transitioning an Exchange 2000 or 2003 organization to Exchange

2007, all users will still receive an X.400 address in addition to a SMTP address, even if the users are already housed on an Exchange Server 2007 server After the transition is complete, you can change the recipient policies to remove the X.400 address.

If your Exchange organization needs to provide connectivity to a foreign X.400 mail

envi-ronment, plan to keep at least one Exchange 2000 Server or Exchange Server 2003 server in

your organization

Trang 23

Exchange View Only Administrator

In Exchange Server 2007, Microsoft has removed administrative groups For compatibility reasons, every Exchange Server 2007 server that is installed in an existing Exchange 2000 or Exchange 2003 organization will be made a member of a fixed single administrative group, called Exchange Administrative Group (FYDIBOHF23SPDLT) To delegate permissions in an Exchange 2007 organization, Microsoft introduced four new roles, as can be seen in Figure 6.3:

Exchange Organization Administrator

Exchange Recipient Administrator

Exchange Server Administrator

F I G U R E 6 3 Exchange 2007 administrator roles

Trang 24

These new roles allow for more granularity when delegating permissions in your Exchange organization

It is not supported to move an Exchange Server 2007 to an administrative group other than the default Exchange Administrative Group (FYDIBOHF23SPDLT) Furthermore, it is prohibited to move an Exchange 2000 Server or an Exchange Server 2003 server to this special Exchange 2007 administrative group!

Routing Groups

Routing groups were introduced with the release of Exchange 2000 Server Every Exchange 2000 Server or Exchange Server 2003 that you would install would be made a member of a routing group Exchange servers that belonged to the same routing group in an Exchange 2000 or Exchange 2003 environment were expected to have a reliable connection to one another You couldn’t control mail flow between servers in the same routing group, but you could configure mail flow between routing groups by specifying limits, schedules, or permissions To connect routing groups in Exchange 2000 or Exchange 2003 organizations, you could use X.400 connectors, SMTP connectors, or routing group connectors

In Exchange 2007, the routing of messages between servers is based on Active Directory sites To maintain backward compatibility with Exchange 2000 and Exchange 2003, all Exchange 2007 servers will be made members of a predefined routing group, called Exchange Routing Group (DWBGZMFD01QNBJR)

It is not supported to move an Exchange Server 2007 server to a routing group other than the default Exchange Routing Group (DWBGZMFD01QNBJR) Addi- tionally, it is prohibited to move an Exchange 2000 Server or an Exchange Server

2003 server to this special Exchange 2007 routing group!

Active/Active Clustering

You could deploy Exchange 2000 Server and Exchange Server 2003 as an Active/Active cluster Doing so meant that both nodes in the two-node cluster would be active at the same time, and were accessible for clients Even though it was supported in previous versions of Exchange, it was not recommended to deploy an Active/Active cluster, since you had to bear the four-storage-group limit in mind and you had to be sure that both your nodes would be able to support the extra workload of the other active node in case of a failover It is not supported to deploy an Exchange Server 2007 as an Active/Active cluster

Coexistence with Exchange Server 5.5

Exchange Server 2007 does not support coexistence with Exchange Server 5.5 If your Exchange organization still uses Exchange Server 5.5, you will need to transition first to Exchange 2000 Server or Exchange Server 2003, followed by transitioning to Exchange Server 2007

Trang 25

Exchange Server 5.5 can still exist next to an Exchange 2007 environment, but direct interoperability is not possible.

Public-Folder Access Using OWA

As you will see in the following section, Microsoft has decided to include public folders in Exchange Server 2007, but as a de-emphasized feature In Exchange Server 2007 it is not possible to gain access to public folders using Outlook Web Access

Microsoft has announced that public-folder access using Outlook Web Access will be possible with the release of Service Pack 1, scheduled to be released

in late 2007, as seen in Figure 6.4

F I G U R E 6 4 Public-folder access using OWA Exchange 2007 SP1 Beta

De-Emphasized Features in Exchange Server 2007

In this part of the chapter we will look at some features that are still available in Exchange Server 2007 but that are de-emphasized In short, it means that the following features might not be supported in a next version of Exchange:

Public folders

Trang 26

In Exchange Server 2007 RTM, public folders can be managed only by using the Exchange Management Shell, since they are not shown in the Exchange Management Console You can-not gain access to your public folders using Outlook Web Access, as you saw earlier in this chapter Microsoft has, however, decided to include two important features with regards to public folders in Exchange Server 2007 Service Pack 1:

Public Folder Management Console, which is a new configuration-management tool to manage public folders, as seen in Figure 6.5

Public-folder access using OWA

F I G U R E 6 5 Public Folder Management Console in Exchange Server 2007 Service Pack 1 Beta

Trang 27

CDOEx (CDO 3.0), WebDAV, and ExOLEDB

Collaboration Data Objects for Exchange (CDOEx) are used to write applications based on Exchange Server Web Distributed Authoring and Versioning (WebDAV), and Exchange Object Linking and Embedding Databases (ExOLEDBs) are just like the CDOEx APIs that were ini-tially shipped with Exchange 2000 Server to provide capabilities for accessing Exchange Server mailbox data from an application To develop Exchange applications, you should look at the new API released with Exchange Server 2007: Exchange Web Services (EWS) This new API pro-vides a lot of advantages, including these two:

EWS provides better Outlook interoperability for standalone line-of-business and portal applications than in previous versions

EWS APIs work from servers other than the Exchange Servers themselves

Microsoft urges you to migrate any existing Exchange application to EWS

Store Events

Exchange store events are used in Exchange 2000 Server and Exchange Server 2003 to control what happens when a certain event (like an email message that enters or leaves your Exchange store) occurs Even though you can still create and run Exchange store events against an Exchange Server 2007 store, it is highly recommend to replace this de-emphasized feature

by using either transport rules or Exchange Web Services

For more information about transport rules, please refer to Chapter 5, “Defining Policies and Security Procedures.”

Streaming Backup

As you saw in Chapter 3, “Designing Recovery and Messaging Services to Meet Business Demands,” using the Exchange streaming backup API implies that every page in your data-base is read in turn, and that the checksum integrity of each page is verified during the backup process, just like the checksum integrity of transaction log files is checked before they are backed up Microsoft recommends that you implement the Volume Shadow Copy backup since it is faster and more reliable For more information about streaming backup methods and Volume Shadow Copy backup, please refer to Chapter 3

Planning the Exchange Server 2007

Upgrade Implementation

Planning the upgrade process is the same no matter if you are planning a transition from Exchange 2000 Server, Exchange Server 2003, or a mixed Exchange 2000 Server and Exchange Server 2003 organization In this part of the chapter, we will cover all the steps that you have to

Trang 28

Planning the Exchange Server 2007 Upgrade Implementation 253

plan once you have decided to transition your current Exchange organization to Exchange Server 2007 The steps involved are shown in Figure 6.6

F I G U R E 6 6 The process for upgrading to Exchange Server 2007

Documenting Your Existing Infrastructure

Once you have decided to move to Exchange Server 2007, the first step is to assess and ument your existing infrastructure You should not only document your existing Exchange environment, but you should also make sure that you have information about your deployed Active Directory and your existing physical network

doc-Exchange Organization Settings

Table 6.1 shows you the information you need to know from your existing Exchange organization

Document your existing infrastructure

Check the readiness

of your organization for Exchange Server 2007

Prepare Active Directory for Exchange Server 2007

Deploy Exchange Server 2007

Decommission Exchange 2000 Server and/or Exchange Server 2003

Trang 29

Active Directory Settings

As you have already seen in Chapter 3, Exchange Server 2007 stores most of its configuration information in Active Directory just like Exchange 2000 Server and Exchange Server 2003

T A B L E 6 1 Gathering Information about Your Exchange Organization Settings

Exchange Organization Setting What You Need to Know About It

Exchange organization mode Is it mixed or native?

Exchange Server hardware What is your processor (size and type), memory, disk

storage, and network speed?

Exchange Server version What version server are you using, and what is the

latest service pack deployed?

Exchange Server designated role Is it a front-end server, back-end server, Bridgehead

server, Mailbox server, and/or a public-folder server? Administrative groups How many administrative groups do you have in your

organization, and why?

Exchange administrators Who is delegated what permissions?

Storage groups and stores How many storage groups and stores do you have? Routing groups How many routing groups does your organization

have, and how are they connected?

Mail connectivity inbound and

outbound

How is inbound and outbound mail flow configured for your Exchange organization?

Policies What are your recipient policies, mailbox store

poli-cies, public-folder store polipoli-cies, and server policies? Protocol configuration What are your enabled protocols and server settings? Antispam and Antivirus software

and settings

Does your current Exchange organization have pam and antivirus software running, and what kind of filtering rules are defined?

antis-SMTP namespaces For which namespaces is Exchange responsible for

mail delivery?

Exchange-aware products What Exchange-aware products are installed?

(Examples include backup/restore software, fax software, antispam solutions, and antivirus solutions.)

Trang 30

did, with the exception of the Exchange Server 2007 Edge Transport server role that stores its configuration data in Active Directory Application Mode (ADAM) When you decide to tran-sition to Exchange Server 2007 you need to keep track of the following:

Active Directory topology (how many domains are deployed)

Active Directory forest functional level

Active Directory domain functional levels

Active Directory domain controller and global catalog deployed

Active Directory domain controller and global catalog operating system and service pack levelExchange 2007 uses Active Directory sites for routing; therefore it is also important to gather the following information:

Active Directory sites

Active Directory site links

Active Directory site-link costs

Network Settings

Microsoft recommends that you document your network settings to make sure you are prepared to start deploying Exchange Server 2007 The following network settings are worth documenting:

Firewall deployment

Physical network (bandwidth, network backbone)

Checking Your Organization’s Readiness

for Exchange Server 2007

After documenting your current infrastructure, you need to schedule a check to see if your nization is ready for Exchange Server 2007 You can run the check yourself by keeping in mind all features that are not supported in Exchange Server 2007 and by making sure that you know all the prerequisites that have to be met before installing Exchange Server 2007 But you can also use the Exchange 2007 Readiness Check included with the Exchange Best Practices Analyzer v2.7 and later, as seen in Figure 6.7

orga-F I G U R E 6 7 Exchange Readiness Check Exchange Best Practices Analyzer v2.7

Trang 31

The Exchange Best Practices Analyzer (ExBPA) tool was first released in tember 2004 Since the start, it has been a free tool available for download from the Internet In Exchange Server 2007 it is a built configuration-management tool inside the Exchange Management Console The main goals of ExBPA are

Sep-to analyze an existing Exchange environment and Sep-to give you a report on what can and should be changed to make it run more smoothly All recommenda- tions are based on Microsoft’s best practices.

In ExBPA version 2.7 the Exchange 2007 Readiness Check appeared for the first time When you run the Readiness Check, the tool will perform checks to validate if your overall topology is ready for Exchange Server 2007, and it will also check in more depth whether all your deployed Exchange 2000 Server and Exchange Server 2003 servers have received the nec-essary updates and configuration settings to be able to coexist with Exchange Server 2007 The list of checks that are performed when running the Exchange 2007 Readiness Check is contained in a file called ExBPA.Readiness.xml, as seen in Figure 6.8

After running the Exchange Readiness Check, you will get a report that shows you all ical issues and warning issues, as seen in Figure 6.9

crit-It is important to remember that the ExBPA tool does not make any changes to your Exchange environment! It will only help you highlight potential problems

if you were to proceed with the Exchange Server 2007 deployment

F I G U R E 6 8 Checks included in ExBPA.Readiness.xml (ExBPA v.2.8)

Trang 32

F I G U R E 6 9 ExBPA transition documentation

When you run the Exchange Readiness Check, you may come across either

critical issues or warning issues Critical issues are issues that you need to resolve before you can deploy your first Exchange Server 2007 Warning

issues are just warnings and will not prevent you from deploying your first

Exchange Server 2007, but they are issues that you should investigate since they can prevent users from having the best possible experience with the Exchange Server 2007 deployment A typical example of a critical issue is that your Exchange Organization is running in Mixed Mode

Installation of ExBPA

You do not need to install the ExBPA on an Exchange Server; it is even not recommended to

do so You can deploy and run the ExBPA on any computer that is a member of an Active Directory domain and meets the following requirements:

Operating system: Windows 2000 Professional, Windows XP Professional, Windows Vista, Windows 2000 Server, or Windows 2003 Server

Software requirements: NET Framework 1.1, IIS common files, common HTTP features (if using Vista)

Trang 33

The Exchange Best Practices Analyzer can be run to analyze a mixed-mode or native-mode Exchange Server 2003, Exchange 2000 Server, and Exchange Server 5.5 system Pure Exchange Server 5.5 topologies are not supported.

Running the Exchange 2007 Readiness Check

Exercise 6.1 outlines the steps to run the Exchange 2007 Readiness Check

E X E R C I S E 6 1

Running the Exchange 2007 Readiness Check

To run the Readiness Check, follow these steps:

1. Click Start.

2. Click Programs.

3. Click Microsoft Exchange Best Practices Analyzer.

4. Click Go to Welcome Screen.

5. Connect to Active Directory.

6. Specify the scope for this scan, and select the type of scan to be performed: Exchange

2007 Readiness Check, as seen below.

Trang 34

Preparing Active Directory for Exchange Server 2007

After you have confirmed that your infrastructure is ready for Exchange Server 2007, you can plan to prepare Active Directory for Exchange Server 2007 If you want to prepare Active Directory for Exchange Server 2007, you need to make sure of the following:

You have the required permissions

You perform this procedure on a computer on which you have deployed NET work 2.0 and Windows PowerShell

Frame-You can prepare your Active Directory and your domains using the 32-bit version of Exchange Server 2007.

7. When the scanning is complete, you can select View a Report to get a report of the formed Best Practices scan.

per-The Best Practices Report will show all critical issues and warning issues, as seen below.

E X E R C I S E 6 1 ( c o n t i n u e d )

Trang 35

To prepare Active Directory and your domains, run the following:

If you want to use command-line parameters to install or set up Exchange Server 2007, you will need to use Setup.Com If you use Setup.Exe you will get the error message shown

in Figure 6.10

F I G U R E 6 1 0 Setup.exe cannot accept command-line parameters

In this part of the chapter we will look at the reasons why you need to run those steps

to prepare your Active Directory and your domains We will also cover the permissions you require to successfully complete the steps, and we will investigate where you need to run the commands

Setup /PrepareLegacyExchangePermissions

To run Setup /PrepareLegacyExchangePermissions, you need to be a member of the Enterprise Admins group You need to run this command from a domain that is able to con-tact all other domains in the forest

Here’s what Setup /PrepareLegacyExchangePermissions does: In Exchange 2000 and Exchange 2003, the Recipient Update Service is responsible for updating several attributes once you choose to mail-enable a user or group The Recipient Update Service is capable of doing this, since the Exchange Enterprise group was given the necessary permissions to modify the required property sets when the domain was prepped for Exchange In Exchange 2007, the way permissions are set has been completely rewritten, as you have seen before in this chapter

To provide the ability of giving administrators just the permission to manage related attributes, Exchange Server 2007 delegates to the Exchange Recipient Administrators the necessary permissions on a new property set called Exchange-Information Running Setup /PrepareLegacyExchangePermissions will also give the legacy Recipient Update Service the necessary permissions to modify this new property set Every domain that has been prepped for Exchange 2000 or Exchange 2003 has to be modified in this step

Exchange-If you add a new domain after deploying Exchange Server 2007, and you prep that domain for Exchange 2000 or Exchange 2003, make sure that you rerun Setup /PrepareLegacyExchangePermissions If you don’t, then the Exchange 2000 or Exchange 2003 Recipient Update Service will not be able

to function correctly.

Trang 36

It’s not mandatory to run Setup /PrepareLegacyExchangePermissions If you choose not to run it, then it will be run automatically when running Setup /PrepareSchema or Setup /PrepareAD

Exercise 6.2 outlines the steps to run Setup /PrepareLegacyExchangePermissions

After running the Setup /PrepareLegacyExchangePermissions command, you need to wait for the changes to be replicated to all domain controllers in your Active Directory forest before you can continue with the next step.

Running Setup /PrepareLegacyExchangePermissions

Here’s how to run Setup /PrepareLegacyExchangePermissions:

1. Click Start.

2. Open a command prompt.

3. Change the directory to your Exchange Server 2007 installation source and enter the command Setup /PrepareLegacyExchangePermissions.

4. When setup completes successfully, close the command prompt, as shown here.

Trang 37

By running Setup /PrepareSchema, you will extend your Active Directory schema with Exchange 2007–specific attributes.

It is not supported and not possible to install an Exchange 2000 Server or Exchange Server 2003 server in an Active Directory forest that has been prepped for Exchange Server 2007 without an Exchange 2000 Server or Exchange Servers 2003 server available.

It’s not mandatory to run Setup /PrepareSchema If you choose not to run it, then it will be run automatically when running Setup /PrepareAD If you did not run Setup /PrepareLegacyExchangePermissions before running Setup /PrepareSchema, setup will first run Setup /PrepareLegacyExchangePermissions, and then continue with Setup /PrepareSchema

Exercise 6.3 outlines the steps to run Setup /PrepareSchema

E X E R C I S E 6 3

Running Setup /PrepareSchema

There are four steps to run Setup /PrepareSchema.

1. Click Start.

3. Change the directory to your Exchange Server 2007 installation source and enter the command Setup /PrepareSchema.

4. When setup completes successfully, close the command prompt, as seen here.

Trang 38

After running the Setup /PrepareSchema command, you need to wait for the changes to be replicated to all domain controllers in your Active Directory forest before you can continue with the next step.

Setup /PrepareAD

To run Setup /PrepareAD, you need to be a member of the Enterprise Admins group and you need to be delegated Exchange Full Administrator permission on the Exchange 2000 or Exchange 2003 organization You need to run this command on a computer that is in the same domain and the same Active Directory site as the Schema Master

Running Setup /PrepareAD will do the following:

Configure global Exchange objects in Active Directory

Create the universal security groups in the root domain, as seen in Figure 6.11

Prepare the domain it is run in

Exercise 6.4 outlines the steps to run Setup /PrepareAD

F I G U R E 6 1 1 Universal security groups created after running Setup /PrepareAD

Trang 39

After running the Setup /PrepareAD command, you need to wait for the changes to be replicated to all domain controllers in your Active Directory forest before you can continue with the next step.

Setup /PrepareDomain or Setup /PrepareAllDomains

To run Setup /PrepareDomain or Setup /PrepareAllDomains you need to be a member

of the Enterprise Admins group or the Domain Admins group in the domains that you are prepping You’ll need to run this command on a computer that is in the domain you are prep-ping and that is able to contact all domains you are prepping

Running Setup /PrepareDomain will prepare the domain it is run in You can also run Setup /PrepareDomain:<FQDN of domain> if you want to prepare another domain than the one you’re logged on to It will do the following:

Create a new global group in the Microsoft Exchange System Objects container in Active Directory Users and Computers, called Exchange Install Domain Servers, as shown in Figure 6.12

Create a new domain local group called Exchange 12 Domain Servers and make it a ber of the Exchange Servers universal security group in the root domain

mem- Grant the permission to manage auditing and security logs to the Exchange Server versal security group, as shown in Figure 6.13

uni-Setup /PrepareAllDomains does exactly the same thing as uni-Setup / PrepareDomain, but running Setup /PrepareAllDomains will prepare all domains in your Active Directory forest.

E X E R C I S E 6 4

Running Setup /PrepareAD

Again, there are just four steps to follow

1. Click Start.

3. Change the directory to your Exchange Server 2007 installation source and enter the command Setup /PrepareAD.

4. When setup completes, successfully close the command prompt.

Trang 40

F I G U R E 6 1 2 Exchange Install Domain Servers

F I G U R E 6 1 3 Choosing to manage auditing and security logs

Exercise 6.5 outlines the steps to run Setup /PrepareDomain (the steps to prepare Setup /PrepareAllDomains are similar)

Định dạng
Số trang	89
Dung lượng	3,25 MB