Microsoft press MCTS configuring microsoft exchange server 2007 training kit exam 70236 nov 2007 ISBN 0735624100 pdf

It is also possible to install Exchange Server 2007 SP1 on the 64-bit edition of Windows Server 2008 should the 64-bit evaluation edition of Windows Server 2003 R2 becomeunavailable at s

One Microsoft Way

Redmond, Washington 98052-6399

Copyright © 2008 by Ian McLean and Microsoft Corporation

All rights reserved No part of the contents of this book may be reproduced or transmitted in any form

or by any means without the written permission of the publisher.

Library of Congress Control Number: 2007934745

Printed and bound in the United States of America.

1 2 3 4 5 6 7 8 9 QWT 2 1 0 9 8 7

Distributed in Canada by H.B Fenn and Company Ltd.

A CIP catalogue record for this book is available from the British Library.

Microsoft Press books are available through booksellers and distributors worldwide For further mation about international editions, contact your local Microsoft Corporation office or contact Microsoft Press International directly at fax (425) 936-7329 Visit our Web site at www.microsoft.com/mspress Send comments to tkinput@microsoft.com.

infor-Microsoft, Microsoft Press, Active Directory, ActiveSync, ActiveX, Entourage, Excel, ForeFront, Groove, Internet Explorer, Outlook, PowerPoint, SharePoint, SQL Server, Windows, Windows Media, Windows Mobile, Windows NT, Windows PowerShell, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries Other product and company names mentioned herein may be the trademarks of their respective owners The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.

7KLVERRNH[SUHVVHVWKHDXWKRU¶VYLHZVDnd opinions The information contained in this book is provided without any express, statutory, or implied warranties Neither the authors, Microsoft Corporation, nor its resellers, or distributors will be held liable for any damages caused or alleged to be caused either directly

or indirectly by this book.

Acquisitions Editor: Ken Jones

Developmental Editors: Jenny Moss Benson

Project Editor: Maureen Zimmerman

Editorial Production: S4 Carlisle Publishing Services

Technical Reviewer: Bob Dean; Technical Review services provided by Content Master, a member

of CM Group, Ltd.

Body Part No X14-06985

Welcome to the world, Freya.

—Ian McLean

A deep and heartfelt thank you to the amazing team at Microsoft Press.

Your help, support, knowledge, and patience always

make authors come up looking far more

shiny than we are in real life!

—Orin Thomas

Ian McLean

Ian McLean, MCSE, MCITP, MCT, has 40 years’

experience in industry, commerce, and education

He started his career as an electronics engineer

before going into distance learning and then

edu-cation as a university professor Currently he runs

his own consultancy company Ian has written 20

books plus many papers and technical articles He

has been working with Microsoft Exchange Server

since 1999

Orin Thomas

Orin Thomas is a Windows Security MVP, an

author, and a systems administrator He has

authored or co-authored more than a dozen

books for Microsoft Press and is a contributing

editor for Windows IT Pro magazine

Contents at a Glance

1 Preparing for Exchange Installation 1

2 Installing Exchange Server and Configuring Server Roles 47

3 Configuring Recipients, Groups, and Mailboxes 117

4 Configuring Public Folders 183

5 Moving Mailboxes and Implementing Bulk Management 225

6 Spam, Viruses, and Compliance 291

7 Connectors and Connectivity 339

8 Policies and Public Folders 381

9 Monitoring 423

10 Message Tracking and Mailbox Health 505

11 Reporting 585

12 Configuring Disaster Recovery 643

13 Recovering Server Roles and Configuring High Availability 719

Table of Contents

Introduction xxiii

Hardware Requirements xxiii

Software Requirements xxiv

Using the CD and DVD xxiv

How to Install the Practice Tests xxv

How to Use the Practice Tests xxv

How to Uninstall the Practice Tests xxvii

Microsoft Certified Professional Program xxvii

Technical Support xxvii

1 Preparing for Exchange Installation 1

Before You Begin 1

Lesson 1: Preparing the Infrastructure for Exchange Installation 3

Preparing Active Directory 3

Configuring Exchange Administrator Roles .11

Link State and Coexistence with Previous Versions of Exchange 12

Practice: Preparing the Network Infrastructure for the Installation of Exchange Server 2007 13

Lesson Summary .19

Lesson Review 19

Lesson 2: Preparing the Servers for Exchange Installation 22

Exchange 2007 Operating System and Hardware Requirements 22

Exchange Server 2007 on Domain Controllers 26

Networking Configuration 26

Security Configuration Wizard .27

The Exchange Best Practices Analyzer 28

Microsoft is interested in hearing your feedback so we can continually improve our books and learning

resources for you To participate in a brief online survey, please visit:

www.microsoft.com/learning/booksurvey/

What do you think of this book? We want to hear from you!

Multiple Volumes 29

Practice: Preparing the Server for the Installation of Exchange Server 2007 31

Lesson Summary 39

Lesson Review 40

Chapter Review 42

Chapter Summary 42

Key Terms 42

Case Scenarios 43

Case Scenario 1: Preparing the Active Directory Environment and Network Infrastructure at Tailspintoys for Exchange Deployment 43

Case Scenario 2: Preparing a Windows Server 2003 Computer for Exchange Server Installation 43

Suggested Practices 44

Prepare the Infrastructure for Exchange Installation 44

Prepare Servers for Exchange Installation 44

Take a Practice Test 44

2 Installing Exchange Server and Configuring Server Roles 47

Before You Begin 47

Lesson 1: Installing Exchange Server 2007 49

Choosing the Appropriate Role or Roles for the Server 49

Preparing an Exchange Server 2007 Cluster 54

Load Balancing 54

Installing Exchange Server 2007 Using the GUI 55

Command-Line and Unattended Installations of Exchange Server 2007 57

Installing an Edge Transport Server 59

Postinstallation Tasks 60

Enter the Product Key 63

Installing Antivirus and Anti-spam 64

Securing Communication 65

Practice: Exchange Server 2007 Installation and Setup 67

Lesson Summary 79

Lesson Review 79

Lesson 2: Configuring Exchange Server Roles .82

Configuring the Edge Transport Server Role .83

Configuring the Hub Transport Server Role 85

Configuring the Client Access Server Role .87

Configuring the Mailbox Server Role 93

Removing Exchange Server 2007 97

Practice: Exchange Server Role Configuration 101

Lesson Summary 108

Lesson Review 109

Chapter Review 112

Chapter Summary 112

Key Terms 112

Case Scenarios 113

Case Scenario 1: Wingtip Toys Exchange Server 2007 Deployment 113

Case Scenario 2: Contoso Postdeployment Role Configuration 113

Suggested Practices 114

Install Exchange 114

Configure Exchange Server Roles 114

Take a Practice Test 115

3 Configuring Recipients, Groups, and Mailboxes 117

Before You Begin 118

Lesson 1: Configuring Recipients 120

Creating and Configuring Mailbox-Enabled User Accounts 120

Creating and Configuring Mail-Enabled User Accounts 130

Configuring Mail-Enabled Contacts 135

Practice: Configuring Recipient Accounts 138

Lesson Summary 146

Lesson Review 146

Lesson 2: Configuring Mail-Enabled Groups 149

Creating Distribution Groups 149

Creating a Universal Distribution Group 151

Creating a Dynamic Distribution Group 152

Disabling, Enabling, and Removing Distribution Groups 154

Modifying Distribution Group Properties 156

Configuring Mail-Enabled Security Groups 158

Practice: Creating a Dynamic Distribution Group 160

Lesson Summary 164

Lesson Review 165

Lesson 3: Configuring Resource Mailboxes 167

Creating Resource Mailboxes 168

Modifying Resource Mailboxes 169

Practice: Creating and Configuring a Room Mailbox 171

Lesson Summary 175

Lesson Review 175

Chapter Review 177

Chapter Summary 177

Key Terms 177

Case Scenarios 178

Case Scenario 1: Creating Recipients 178

Case Scenario 2: Creating Mail-Enabled Groups and Resource Mailboxes 179

Suggested Practices 179

Add and Configure Recipients 179

Create and Configure Groups and Resource Mailboxes 180

Take a Practice Test 180

4 Configuring Public Folders 183

Before You Begin 183

Lesson 1: Configuring Public Folders 185

Using Public Folders 185

Public Folder Hierarchy 188

Mail-Enabled Public Folders 192

Using the Exchange Management Shell to Manage Public Folders 193

Creating Public Folders 200

Removing Public Folders 203

Modifying Public Folder Properties 203

Practice: Creating and Configuring Public Folders 210

Lesson Summary 217

Lesson Review 217

Chapter Review 220

Chapter Summary 220

Key Terms 220

Case Scenarios 221

Case Scenario 1: Creating and Mounting a Public Folder Database 221

Case Scenario 2: Creating, Configuring, and Mail-Enabling Public Folders 221 Suggested Practices 222

Configure Public Folders 222

Configure Public Folder E-Mail Settings 222

Take a Practice Test 223

5 Moving Mailboxes and Implementing Bulk Management 225

Before You Begin 225

Lesson 1: Moving Mailboxes 227

Investigating Scenarios That Require Mailbox Moves 227

Creating Multiple Mailbox-Enabled Users 231

Moving Mailboxes and Scheduling Mailbox Moves 234

Setting and Verifying Applicable Policies 245

Practice: Creating and Moving Mailboxes in Bulk 251

Lesson Summary 257

Lesson Review 257

Lesson 2: Implementing Bulk Management of Mail-Enabled Objects 260

Configuring Bulk Management 260

Using PowerShell Scripts for Bulk Management 268

Scheduling Bulk Management 274

Practice: Using and Scheduling a PowerShell Script to Create Mailbox-Enabled Users 277

Lesson Summary 282

Lesson Review 282

Chapter Review 286

Chapter Summary 286

Key Terms 286

Case Scenarios 287

Case Scenario 1: Configuring and Moving Mailboxes 287

Case Scenario 2: Implementing Bulk Management 287

Suggested Practices 288

Moving Mailboxes 288

Bulk Management 289

Take a Practice Test 289

6 Spam, Viruses, and Compliance 291

Before You Begin 292

Lesson 1: Configuring the Antivirus and Anti-Spam System 293

Configuring Exchange Server 2007 Anti-Spam Features 293

Forefront Security for Exchange Server 303

Practice: Setting Up the Antivirus and Anti-Spam Features of Exchange Server 2007 306

Lesson Summary 310

Lesson Review 310

Lesson 2: Configuring Transport and Message Compliance 313

Configuring Message Compliance 313

Configuring Transport Rules 320

Message Screening 325

Practice: Setting Up Transport and Message Compliance 328

Lesson Summary 332

Lesson Review 332

Chapter Review 335

Chapter Summary 335

Key Terms 336

Case Scenarios 336

Case Scenario 1: Exchange Server 2007 as an Anti-Spam Solution for Coho Vineyard 336

Case Scenario 2: Configuring Message and Transport Compliance for a Law Firm 337

Suggested Practices 337

Configure the Antivirus and Anti-spam System 337

Transport Rules and Message Compliance 338

Take a Practice Test 338

7 Connectors and Connectivity 339

Before You Begin 339

Lesson 1: Configuring Connectors 341

Receive Connectors 341

Send Connectors 347

Using Telnet to Test SMTP Communication 349

Practice: Connector Configuration 350

Lesson Summary 354

Lesson Review 354

Lesson 2: Configuring Client Connectivity 357

Configuring Mobile Device Policies 357

Configuring Autodiscover 363

Configuring the Availability Service 365

Configuring and Managing IMAP4 and POP3 366

Practice: Managing Client Connectivity 370

Lesson Summary 372

Lesson Review 373

Chapter Review 376

Chapter Summary 376

Key Terms 377

Case Scenarios 377

Case Scenario 1: Contoso Connector Configuration 377

Case Scenario 2: Coho Vineyard Mobile Devices 378

Suggested Practices 378

Adding, Removing, and Modifying Connectors 378

Configuring Client Connectivity 379

Take a Practice Test 379

8 Policies and Public Folders 381

Before You Begin 381

Lesson 1: Configuring Policies 383

E-Mail Address Policies 383

Address Lists 387

Address Books 389

Out-of-Office Policies 392

Managing Mobile Device Policies 394

Content Indexing 397

Practice: Setting Policies 400

Lesson Summary 406

Lesson Review 406

Lesson 2: Configuring Public Folders 409

Public Folder Replication 409

Public Folder Permissions 411

Mail-Enabled Public Folder Settings 412

Practice: Public Folder Management 413

Lesson Summary 415

Lesson Review 416

Chapter Review 418

Chapter Summary 418

Key Terms 418

Case Scenarios 419

Case Scenario 1: Address Lists at Coho Vineyard 419

Case Scenario 2: Public Folder Management at Fabrikam 419

Suggested Practices 420

Configuring Exchange Server 2007 Policies 420

Managing Exchange Server 2007 Public Folders 420

Take a Practice Test 421

9 Monitoring 423

Before You Begin 423

Lesson 1: Monitoring Mail Queues 425

Managing and Monitoring Queues 425

Deleting Messages from Queues 432

Finding Specific Messages in a Queue 435

Forcing Retry Messages in a Queue 443

Monitoring Queue Thresholds 445

Practice: Locating and Monitoring E-Mail Messages 453

Lesson Summary 461

Lesson Review 461

Lesson 2: Monitoring System Performance 464

Monitoring Hardware 465

Monitoring with Event Viewer, HTTPMon, and PowerShell 470

Monitoring Network Activities by Using Network Monitor 478

Using Exchange Troubleshooting Assistant 484

Practice: Installing Exchange Troubleshooting Assistant and Using the Message Tracking Tool 492

Lesson Summary 497

Lesson Review 497

Chapter Review 500

Chapter Summary 500

Key Terms 500

Case Scenarios 501

Case Scenario 1: Checking Message Queues 501

Case Scenario 2: Monitoring Exchange Server 2007 Servers 501

Suggested Practices 502

Monitor Mail Queues 502

Monitor System Performance 503

Take a Practice Test 503

10 Message Tracking and Mailbox Health 505

Before You Begin 506

Lesson 1: Performing Message Tracking 508

Tracking Messages 508

Configuring Message Tracking 519

Reading and Interpreting the Message Tracking Log 530

Practice: Changing the Location of the Message Tracking Log and Tracking Messages 532

Lesson Summary 538

Lesson Review 538

Lesson 2: Monitoring Client Connectivity 540

Viewing Mailbox Statistics 540

Filtering and Analyzing Mailbox Statistics 548

Viewing Perfmon Counters 550

Managing Protocol Logging 557

Configuring Protocol Logs 560

Reading and Interpreting Protocol Logs 563

Testing POP3 and IMAP4 Connectivity 565

Practice: Reading and Filtering Mailbox Statistics 570

Lesson Summary 576

Lesson Review 576

Chapter Review 579

Chapter Summary 579

Key Terms 579

Case Scenarios 580

Case Scenario 1: Tracking Messages 580

Case Scenario 2: Configuring Baseline Counter Logs 581

Suggested Practices 581

Message Tracking 581

Monitoring Client Connectivity 582

Take a Practice Test 583

11 Reporting 585

Before You Begin 586

Lesson 1: Creating Server Reports 588

Creating Server Availability Reports 588

Using the Reports View in Performance Logs and Alerts 591

Creating Reports by Using EXBPA 593

Creating Database Reports 599

Creating Message Queue Reports 601

Practice: Using EXBPA to Generate a Health Report 605

Lesson Summary 608

Lesson Review 609

Lesson 2: Creating Usage Reports 611

Using Microsoft Operations Management to Create Mailbox Usage Reports 612

Creating User Reports 616

Creating Mailbox Reports 618

Creating Top Receivers and Top Senders Reports 621

Creating Number of Virus, Spam, and External Messages Reports 623

Creating Reports on Number of Users of a Particular Protocol 630

Practice: Creating Mailbox Reports 633

Lesson Summary 636

Lesson Review 636

Chapter Review 638

Chapter Summary 638

Key Terms 638

Case Scenarios 639

Case Scenario 1: Creating Server Reports 639

Case Scenario 2: Creating Usage Reports 639

Suggested Practices 640

Creating Server Reports 640

Creating Usage Reports 641

Take a Practice Test 641

12 Configuring Disaster Recovery 643

Before You Begin 644

Lesson 1: Configuring Backups 646

Selecting a Backup Type 647

Creating Backup Jobs 650

Modifying Backup Jobs 660

Performing Restore to Confirm Backup Validity 661

Monitoring Backups for Successful Completion 663

Using Shadow Copy Backup 667

Practice: Performing a Backup and Restore 673

Lesson Summary 677

Lesson Review 678

Lesson 2: Recovering Messaging Data 680

Recovering Messages 681

Recovering Mailboxes 686

Using Recovery Storage Groups 689

Recovering Databases with Dial Tone Recovery 694

Repairing a Damaged Database 699

Practice: Recovering a Hard Deleted Message from Backup 706

Lesson Summary 710

Lesson Review 711

Chapter Review 714

Chapter Summary 714

Key Terms 714

Case Scenarios 715

Case Scenario 1: Designing a Backup Regime 715

Case Scenario 2: Restoring Data 716

Suggested Practices 716

Performing Backups 716

Performing Restores 717

Take a Practice Test 717

13 Recovering Server Roles and Configuring High Availability 719

Before You Begin 719

Lesson 1: Recovering Exchange Server Roles 721

Basic Recovery Procedure 721

Recover a Client Access Server 723

Recover a Hub Transport Server 723

Recover an Edge Transport Server 725

Recovering a Mailbox Server 727

Practice: Exchange Server 2007 Role Recovery 728

Lesson Summary 729

Lesson Review 730

Lesson 2: Exchange Server 2007 High Availability 732

Implementing Local Continuous Replication 732

Implementing Cluster Continuous Replication 734

Single Copy Clustering 737

Implementing Network Load Balancing 740

Implementing DNS Round-Robin 740

High Availability and Exchange Management Shell 741

Practice: Configuring and Managing Local Continuous Replication 743

Lesson Summary 747

Lesson Review 748

Chapter Review 750

Chapter Summary 750

Key Terms 750

Case Scenarios 751

Case Scenario 1: Recovering the Fabrikam Client Access Server 751

Case Scenario 2: A High Availability Solution for Coho Vineyard 751

Suggested Practices 752

Recover Server Roles 752

Configure High Availability 752

Take a Practice Test 753

Answers 755

Glossary 817

Index 825

Microsoft is interested in hearing your feedback so we can continually improve our books and learning

resources for you To participate in a brief online survey, please visit:

www.microsoft.com/learning/booksurvey/

What do you think of this book? We want to hear from you!

Introduction

This training kit is designed for Exchange administrators who support ExchangeServer 2007 in an enterprise environment and who plan to take the Microsoft Certi-fied Technology Specialist (MCTS) exam 70-236 We assume that before you beginusing this kit you have a solid foundation-level understanding of the Windows Server

2003 or Windows Server 2008 operating system and common Internet technologies

By using this training kit, you will learn how to do the following:

■ Install and manage Microsoft Exchange Server 2007

Hardware Requirements

We recommend that you use an isolated network that is not part of your productionnetwork to do the practice exercises in this book The computer that you use to per-form practices requires Internet connectivity It is possible to perform all the practices

in this training kit if you decide to use a single computer that is configured as adomain controller and has Exchange Server 2007 installed Both the Windows Serverand Exchange Server software need to be 64-bit editions This means that the com-puter that you will perform your practices on requires a 64-bit processor A 64-bit eval-uation edition of Windows Server 2003 R2 can be obtained from the following

address: http://technet.microsoft.com/en-us/windowsserver/bb430831.aspx It is also

possible to install Exchange Server 2007 SP1 on the 64-bit edition of Windows Server

2008 should the 64-bit evaluation edition of Windows Server 2003 R2 becomeunavailable at some point in the future

You will find the practices closer to real life if you also have a client computer runningeither Microsoft Windows XP Professional or Windows Vista Business, Enterprise, orUltimate on your network, but this is not essential The client operating system doesnot need to be 64 bit You can implement the client as a separate computer or as a vir-tual machine on the same computer Your computer or computers should meet (at aminimum) the following hardware specification:

■ Personal computer with a 1-GHz or faster 64-bit processor

■ 1.5 GB of RAM (2 GB if you plan to use virtual machine software)

■ 60 GB of available hard disk space (100 GB if you plan to use virtual machinesoftware).

■ The practices in Chapter 12, “Disaster Recovery,” require a second hard disk,either internal or external You can carry out the practices by using a high-capacityUSB flash memory device (4 GB or greater), but the practices are closer to real life

if you use a hard disk

■ Note that while the current edition of Microsoft Virtual PC and Virtual Server donot support 64-bit guest operating systems, third-party virtual machine hostsoftware such as VMware Server does You must ensure that your processor’s vir-tualization extensions are enabled when attempting to run 64-bit guest operat-ing systems

Software Requirements

The following software is required to complete the practice exercises:

■ An evaluation or full edition of Windows Server 2003, Windows Server 2003 R2,

or Windows Server 2008 64-bit Enterprise Edition

■ An evaluation or full edition of Windows Exchange Server 2007

Using the CD and DVD

A companion CD and an evaluation software DVD set are included with this trainingkit The companion CD contains the following:

■ Practice tests You can reinforce your understanding of how to configureExchange Server 2007 by using electronic practice tests you customize to meetyour needs from the pool of Lesson Review questions in this book Or you canpractice for the 70-236 certification exam by using tests created from a pool of

300 realistic exam questions, which give you many practice exams to ensure thatyou are prepared

■ An eBook An electronic version (eBook) of this book is included for when you donot want to carry the printed book with you The eBook is in Portable DocumentFormat (PDF), and you can view it by using Adobe Acrobat or Adobe Reader

An x64 evaluation edition of Exchange Server 2007 Enterprise Edition on two DVDs

is supplied with this book The book and the examination are written to the version

of Exchange Server 2007 that is current at the time of publication

The planned Exchange Server 2007 Service Pack 1 (SP1) release will contain a set ofenhancements to the current version The 70-236 exam might be updated in thefuture to include questions related to Exchange Server 2007 SPI

NOTE More on the changes in Service Pack 1

To find out more about the changes made to Exchange Server 2007 with the release of Service

Pack 1, consult the following TechNet article: http://technet.microsoft.com/en-us/library/

bb676323.aspx When an evaluation version of Exchange Server 2007 SP1 is released, it will be

available for free download on http://www.microsoft.com.

How to Install the Practice Tests

To install the practice test software from the companion CD to your hard disk, do thefollowing:

1 Insert the companion CD into your CD drive and accept the license agreement.

A CD menu appears

NOTE If the CD menu does not appear

If the CD menu or the license agreement does not appear, AutoRun might be disabled on your computer Refer to the Readme.txt f ile on the CD-ROM for alternate installation instructions.

2 Click Practice Tests and follow the instructions on the screen.

How to Use the Practice Tests

To start the practice test software, follow these steps:

1 Click Start/All Programs/Microsoft Press Training Kit Exam Prep A window

appears that shows all the Microsoft Press training kit exam prep suites installed

on your computer

2 Double-click the lesson review or practice test you want to use.

NOTE Lesson reviews vs practice tests

Select the (70-236) Configuring Exchange Server 2007 lesson review to use the questions

from the “Lesson Review” sections of this book Select the (70-236) Configuring Exchange

Server 2007 practice test to use a pool of 300 questions similar to those that appear on the

70-236 certification exam.

Lesson Review Options

When you start a lesson review, the Custom Mode dialog box appears so that you canconfigure your test You can click OK to accept the defaults, or you can customize thenumber of questions you want, how the practice test software works, which examobjectives you want the questions to relate to, and whether you want your lessonreview to be timed If you are retaking a test, you can select whether you want to seeall the questions again or only the questions you missed or did not answer

After you click OK, your lesson review starts

■ To take the test, answer the questions and use the Next, Previous, and Go Tobuttons to move from question to question

■ After you answer an individual question, if you want to see which answers arecorrect—along with an explanation of each correct answer—click Explanation

■ If you prefer to wait until the end of the test to see how you did, answer all thequestions and then click Score Test You will see a summary of the exam objec-tives you chose and the percentage of questions you got right overall and perobjective You can print a copy of your test, review your answers, or retake the test

Practice Test Options

When you start a practice test, you choose whether to take the test in CertificationMode, Study Mode, or Custom Mode:

■ Certification Mode Closely resembles the experience of taking a certificationexam The test has a set number of questions It is timed, and you cannot pauseand restart the timer

■ Study Mode Creates an untimed test in which you can review the correctanswers and the explanations after you answer each question

■ Custom Mode Gives you full control over the test options so that you can tomize them as you like

cus-In all modes, the user interface when you are taking the test is basically the same butwith different options enabled or disabled depending on the mode The main optionsare discussed in the previous section, “Lesson Review Options.”

When you review your answer to an individual practice test question, a “References”section is provided that lists where in the training kit you can find the information thatrelates to that question and provides links to other sources of information After youclick Test Results to score your entire practice test, you can click the Learning Plan tab

to see a list of references for every objective

How to Uninstall the Practice Tests

To uninstall the practice test software for a training kit, use the Add Or Remove grams option (Windows XP or Windows Server 2003) or the Program And Featuresoption (Windows Vista or Windows Server 2008) in Windows Control Panel

Pro-Microsoft Certified Professional Program

The Microsoft certifications provide the best method to prove your command of rent Microsoft products and technologies The exams and corresponding certifica-tions are developed to validate your mastery of critical competencies as you designand develop or implement and support solutions with Microsoft products and tech-nologies Computer professionals who become Microsoft certified are recognized asexperts and are sought after industry-wide Certification brings a variety of benefits tothe individual and to employers and organizations

cur-MORE INFO All the Microsoft certifications

For a full list of Microsoft certifications, go to http://www.microsoft.com/learning/mcp/default.asp.

Technical Support

Every effort has been made to ensure the accuracy of this book and the contents of thecompanion CD If you have comments, questions, or ideas regarding this book or thecompanion CD, please send them to Microsoft Press by using either of the followingmethods:

E-mail: tkinput@microsoft.com

Postal Mail:

Microsoft Press

Attn: MCTS Self-Paced Training Kit (Exam 70-236): Configuring Microsoft Exchange

Press Technical Support Web site at http://www.microsoft.com/learning/support/

books To connect directly to the Microsoft Knowledge Base and enter a query, visit http://support.microsoft.com/search For support information regarding Microsoft

software, connect to http://support.microsoft.com.

net-2007 does not exist on the network in isolation Before it can be utilized to its fullestextent, the network environment must be prepared properly This chapter examinesboth the network infrastructure preparation and the server software preparationtasks that must be completed prior to the installation of Exchange Server 2007.

Exam objectives in this chapter:

■ Prepare the infrastructure for Exchange installation

■ Prepare the servers for Exchange installation

Lessons in this chapter:

■ Lesson 1: Preparing the Infrastructure for Exchange Installation 3

■ Lesson 2: Preparing the Servers for Exchange Installation 22

Before You Begin

To complete the lessons in this chapter, you must have done the following:

SP1 or R2 and access to the Exchange Server 2007 installation media

No additional configuration is required for this chapter

Real World

Orin Thomas

Installing any version of Exchange can be intimidating, though Exchange Server

2007 vastly simplifies the process Exchange has always required an exhaustiveamount of preparation prior to installation, and even when you have performedthe task several times, a little voice at the back of your mind always asks you,

“Have I forgotten something important?” The first Exchange environment Iworked on had been installed by someone who had a “throw it in, run install,and figure it out later” approach to deployment The deployment functionedonly with the assistance of an elaborate series of workarounds Thoseworkarounds could have been avoided if the person who made the originaldeployment had spent some time with the documentation prior to attemptinginstallation Because of my experience having to manage a not-quite-rightdeployment, I was rather nervous when I first fully deployed Exchange in a pro-duction environment I did not want future IT pros taking my name in vain theway I’d muttered in the server room about the guy who’d put together that orig-inal Exchange 5.5 box

The best way to deal with these sorts of concerns is to perform multiple practicedeployments I do not mean running a pilot program at your organization,though you should do that as well I mean using virtual machine software torepeatedly build up and tear down Exchange Server 2007 deployments until theprocess itself becomes second nature Exchange Server 2007 is, if not the heart

of an organization, the circulatory system that keeps everything moving Virtualdeployments give you a chance to learn from your mistakes and work out thekinks in any deployment plan long before any real e-mail gets put through thesystem

Virtual machines also can be used as an excellent study tool If it has enoughRAM and hard disk space, a computer that meets the system requirementsspelled out for this book is capable of running Exchange Server in a virtualmachine rather than natively on the hardware When you use this technique,you will be configuring a 64-bit edition of Windows Server 2003 to run within avirtual environment hosted on a 64-bit edition of Windows Server 2003 Justremember, though, that you can not run a 64-bit virtual machine on a 32-bit hostoperating system!

Lesson 1: Preparing the Infrastructure

for Exchange Installation

Installing Exchange Server 2007 is not just a matter of placing the installation media inthe nearest DVD-ROM drive and clicking through a wizard The network infrastructureinto which you will introduce Exchange needs to be prepared Certain modificationsand extensions need to be made to Active Directory before Exchange can be installedsuccessfully These modifications and extensions are significant As you are likely to beaware from your study of Active Directory, rolling back changes can be difficult Youneed to know what to do and how to do it If you do not, at best you will have a failedExchange installation that you will need to restart from the beginning At worst, youwill have messed up your network infrastructure and might have to pull it all apart andthen put it back together This lesson will also touch on Exchange Administrator rolesand what steps need to be taken to prepare environments that have a previousExchange deployment for the introduction of Exchange Server 2003

After this lesson, you will be able to:

■ Extend Active Directory schema.

■ Prepare Active Directory in all domains where Exchange Server 2007 or

mail-enabled objects will be deployed.

■ Confirm Active Directory preparation, including permissions, groups, and schema.

■ Understand the difference between and configure the four separate Exchange Administrator roles.

■ Prepare an infrastructure utilizing a previous version of Exchange for migration to Exchange Server 2007.

Estimated lesson time: 40 minutes

Preparing Active Directory

Just as Active Directory forms the backbone of a Windows network, it also forms thebackbone of an Exchange Server 2007 deployment Although mailbox data, includinge-mail and calendar appointments, is stored on Exchange Server 2007 computers,Active Directory stores almost all of Exchange Server 2007’s configuration information.Although, as discussed in Lesson 2, “Preparing the Servers for Exchange Installation,”the server that will host the Exchange Server 2007 installation needs to have a 64-bit pro-cessor and a 64-bit edition of Windows Server 2003 or later installed, the network infra-structure servers, such as domain controllers and DNS servers in the environment, can

have 32-bit processors and the 32-bit edition of Windows Server 2003 or later installed.Although as a matter of good practice all servers in your environment should be patchedwith the most recent updates, the installation of Exchange Server 2007 requires that theserver that hosts the Schema Master role be patched with Service Pack 1 or higher if run-ning Windows Server 2003 or be running Windows Server 2003 R2 or later ExchangeServer 2007 requires that there be a global catalog server deployed in each site in whichExchange is deployed These global catalog servers also must be patched with ServicePack 1 or higher if running Windows Server 2003 or be running Windows Server 2003R2 or later.

Setting Domain and Forest Functional Levels

To get the most out of Exchange Server 2007, it is necessary to set the functional levels

of the host Windows Active Directory environment to the highest level possible.There are two different types of functional level in Windows Server 2003: the domainfunctional level and the forest functional level The available domain functional levelsare the following:

■ Windows 2000 mixed This domain functional level supports Windows NT 4.0,

Windows 2000, and Windows Server 2003 domain controllers

■ Windows 2000 native This domain functional level supports Windows 2000

and Windows Server 2003 domain controllers

■ Windows Server 2003 interim This domain functional level supports only

Windows Server 2003 and Windows NT 4.0 domain controllers

■ Windows Server 2003 This domain functional level supports only Windows

Server 2003 domain controllers

Certain forest functional levels can be set only if all the domains in the forest arealready set to a particular functional level The available forest functional levelsare the following:

■ Windows 2000 This forest functional level is available when domains in the

for-est are at any functional level

■ Windows Server 2003 interim This forest functional level is available only

when the minimum level of all domains in the forest is Windows Server 2003interim

■ Windows Server 2003 This forest functional level can be set only if all domains

in the forest are set to the Windows Server 2003 functional level

Raising functional levels is a one-way operation Once the functional level is raised, youcannot return it to a previous level If you raise the domain functional level to WindowsServer 2003 and then discover that you want to add an extra Windows 2000 domaincontroller, you will have to upgrade that computer to Windows Server 2003.

MORE INFO Functional levels

To find out more about domain and forest functional levels, consult the following TechNet article:

http://technet2.microsoft.com/WindowsServer/en/library/4a589ca2-b572-48cd-94d2-7d5b0c817f411033.mspx?mfr=true.

The primary limitation of raising the domain functional level is reducing the types ofdomain controllers that can be used in the domain If a forgotten Windows NT4 orWindows 2000 domain controller exists in some far-flung office of your organization,raising the domain functional level could cause a problem Prior to rolling outExchange Server 2007, you will need to know what servers are located out in thoseremote offices and upgrade them if necessary It makes no sense to have elaborateplans about rolling out Exchange Server 2007 when your existing infrastructure sim-ply will not support it All domains in the forest where you intend to install ExchangeServer 2007 or host recipients must be set to the Windows 2000 Server domain func-tional level or higher Raising domain and forest functional levels is covered by thepractices at the end of this lesson

NOTE Windows Server 2008 functional levels

Windows Server 2008 domains support the Windows 2000 native, Windows Server 2003, and Windows Server 2008 domain functional levels and the Windows 2000, Windows Server 2003, and Windows Server 2008 forest functional levels This means that if you are installing Exchange Server 2007 in a forest with Windows Server 2008 domain controllers, you will not need to modify the functional levels to support the new Exchange organization.

Extending the Active Directory Schema

Active Directory schema is a set of formal definitions for all object classes that canexist within an Active Directory forest As Exchange Server 2007 uses new objects thathave not been formally defined in the existing schema, it is necessary to add the newdefinitions that are relevant to Exchange-specific objects to the existing Active Direc-

tory schema This process is called schema extension and is the first step in all new

Exchange Server 2007 deployments

Setting Legacy Permissions If your environment has an existing Exchange 2000 orExchange Server 2003 organization present, it is necessary to run an extra commandprior to performing the normal schema and domain preparation Running this extracommand will update existing Exchange settings and permissions in preparation forthe modifications made by deploying Exchange Server 2007 The user who executesthis command must be a member of the Enterprise Admins group This commandneeds to be run from the root directory of the Exchange Server 2007 installationmedia The syntax of the command is the following:

Setup /PrepareLegacyExchangePermissions

Running the command as a member of the Enterprise Admins group will prepare alldomains in the forest It is possible to run this command against a single domain ratherthan all domains in the forest If this is done, the user running the command mustspecify the fully qualified domain name of the domain, be a member of the ExchangeOrganization Administrators group, and be a member of the Domain Admins group inthe domain to be prepared For example, if Kim Akers wishes to prepare a childdomain in the Tailspintoys.internal forest called child.tailspintoys.internal and she hasthe requisite group memberships, she would issue the following command:

Setup /PrepareLegacyExchangePermissions:child.tailspintoys.internal

If the entire forest is not prepared and preparation is performed on a domain basis, it will be necessary to run this command in all domains whereExchange 2000 or Exchange Server 2003 has been deployed, prior to performing anyother steps in the Exchange Server 2007 deployment process If this command is notrun in all domains where Exchange 2000 or Exchange Server 2003 has been deployed

domain-by-by executing it either on the forest level or on a domain-domain-by-by-domain basis, it is possiblethat the deployment will fail

NOTE Running commands on 32-Bit computers

The version of setup.exe that comes with the Exchange Server 2007 installation media will run only

on computers with a 64-bit operating system In many environments, existing domain controllers will be running the 32-bit version of Windows Server 2003 This means that you can not run the setup.exe commands necessary to prepare the domain off the Exchange Server 2007 installation media, as it has been compiled for an alternate processor architecture One way to deal with this problem is to obtain the 32-bit evaluation version of Exchange Server 2007 from Microsoft’s Web site You can use the 32-bit evaluation edition to prepare the forest and domains prior to installing the full 64-bit edition of Exchange Server 2007 You can obtain the 32-bit evaluation software by

navigating to http://www.microsoft.com/technet/prodtechnol/eval/exchange/default.mspx and

pro-viding registration details It is also possible to obtain the 64-bit Exchange Server 2007 evaluation from this location.

Preparing the Active Directory Schema from the Command Line The Active

Direc-tory schema is extended by running the Setup /PrepareSchema command This

com-mand must be run in the same site and domain as the computer that holds theschema master Flexible Single Master Operations (FSMO) role Unless the SchemaMaster role has been moved, this server that hosts it will be located in the forest rootdomain on the first domain controller that was installed in the organization You canlocate the Schema Master using the technique detailed in Practice 2, “Extending theActive Directory Schema,” at the end of this lesson Prior to running the command,you must ensure that the NET Framework version 2.0 and Windows PowerShell areinstalled The Active Directory schema is prepared for Exchange Server 2007 by issu-ing the following command:

Setup /PrepareSchema

This command can be successfully executed only by a user account that is a member

of both the Schema Admins and the Enterprise Admins group If there are earlier

ver-sions of Exchange in your environment and the /PrepareLegacyExchangePermisver-sions command has not been executed, Setup /PrepareSchema will automatically execute

this command against the forest prior to extending the schema

MORE INFO PowerShell version

Ensure that the version of PowerShell that you install is appropriate for your operating system Separate versions of PowerShell are available for 32- and 64-bit editions of Windows as well as separate versions for Windows XP, Vista, Windows Server 2003, and Windows Server 2008

The different versions of PowerShell can be obtained by navigating to the following link: http://

www.microsoft.com/windowsserver2003/technologies/management/powershell/download.mspx.

Quick Check

1 What are the minimum domain and forest functional levels required for the

installation of Exchange Server 2007?

2 What components must be installed to run Setup /PrepareSchema?

Quick Check Answers

1 Windows 2000 native.

2 Windows NET Framework version 2.0 and Windows PowerShell.

Domain Preparation

Each domain that will host an Exchange Server 2007 computer or that will host

Exchange recipients needs to be prepared using the Setup /PrepareAD command The

first time this command is run, you also have to include the organization name For

example, after Setup /PrepareSchema is run on the schema master of the

Tailspin-toys.internal forest, Active Directory can be prepared for the deployment of the newTailspintoys Exchange Server 2007 organization by running the following command:

Setup /PrepareAD /OrganizationName:Tailspintoys

In the event that the organization already exists, it is not necessary to append the

/OrganizationName option.

Running this command will do the following:

■ Configure global Exchange objects in Active Directory

■ Create Exchange universal security groups in the root domain

■ Set permissions on Exchange configuration objects

This command can be run only by a member of the Enterprise Administrators group

If there is an existing Exchange Server 2003 organization, the user running the mand needs to be not only a member of the Enterprise Administrators group but also

com-an Exchcom-ange full administrator

Organization Name Limitations

The name that can be assigned to an Exchange organization has several limitations

An Exchange organization name cannot contain whitespaces at the beginning or theend, though it can contain whitespaces between characters Usually, the Exchangeorganization reflects the name of the organization In addition to the limitation on theuse of whitespaces, Exchange organization names cannot contain any of the charac-ters listed in Table 1-1

Verifying Preparation

You can verify that the schema extension and domain preparation tasks have beencompleted correctly by viewing the output of the command-line utilities or by exam-ining Active Directory Users and Computers in the forest root domain If you examineActive Directory Users and Computers in the forest root domain, you will notice a new

container called Microsoft Exchange Security Groups Within that container are fivenew universal security groups with the following names:

MORE INFO Preparing Active Directory and domains

For more information about preparing Active Directory and domains for the installation of

Exchange Server 2007, consult the following article: http://technet.microsoft.com/en-us/library/

bb125224.aspx.

Table 1-1 Symbols That Cannot Be Used in the Name of an Exchange Organization

Figure 1-1 New Exchange objects

If you run the Exchange Server 2007 setup routine with a Windows account that hasall the requisite permissions, the schema and domain preparation steps occur auto-matically Given this, you might wonder why you would want to go manually throughthe command-line preparation steps The answer is that going through the command-line preparation steps gives you a finer degree of control over the Exchange Server

2007 deployment process Diagnosing problems in large, complex environments ismore difficult if you try the “all at once” approach

Local Server Role Requirements

Once you have prepared the schema and the domain, it is time to ensure that the tion where you will place Exchange Server 2007 is suitably readied A site is a set of IPsubnets that are defined in Active Directory Sites are configured using the Active Direc-tory Sites And Services management console and are used to define distinct locations

loca-in an organization’s network For example, you work for a company that has its headoffice in Melbourne, Australia, and regional offices in the outback towns of WaggaWagga, Cootamundra, and Wangaratta Each office would use one or more separate IPsubnets Using the Active Directory Sites And Services console, the subnets used byeach office would be collected into Active Directory sites Sites help facilitate replica-tion between domain controllers

Each site at which you plan to install an Exchange Server 2007 computer needs a dows Server 2003 SP1+ or R2 global catalog server Global catalog servers can beinstalled only on computers that are already domain controllers It is not necessaryfor the domain controllers or global catalog servers to be running a 64-bit version ofWindows Server 2003 Although a global catalog server always existed at each site inWindows 2000 domains, the Windows Server 2003 universal group membershipcaching feature means that there is not always a global catalog server at each site

Win-To make an existing domain controller a global catalog server, you need to openActive Directory Sites And Services, locate the server that you wish to convert underthe Servers node, expand that node, and edit the NTDS Settings On the General tab,ensure that the Global Catalog option is selected, as shown in Figure 1-2.

Figure 1-2 Setting a domain controller to be a global catalog server

Configuring Exchange Administrator Roles

Once the schema and domain preparation commands have been issued, several newgroups will be added to a new organizational unit in the root domain of the forest.These groups are universal in scope, meaning that user accounts from any domain inthe forest can be added to them Adding a user account to one of these groups confersthe group role on that account These roles have the following properties:

■ Exchange Organization Administrator A user who is a member of this group hascomplete access to all Exchange properties and objects within the organization

■ Exchange Recipient Administrator A user assigned the Exchange RecipientAdministrator role can edit Exchange properties on Active Directory objects.This includes user accounts, contacts, groups, dynamic distribution lists, andpublic folders Exchange recipient administrators can also edit client access mail-box settings and unified messaging mailbox settings

■ Exchange View-Only Administrator A user assigned the Exchange View-OnlyAdministrator role has read-only access to the Exchange organization tree andread-only access to those domain controllers that host Exchange recipientobjects This role is used primarily for auditing purposes.

■ Exchange Server Administrator This role is different from other assigned rolesbecause its scope is limited to a particular computer or computers runningExchange Server 2007 A user assigned the Exchange Server Administrator rolefor a specific Exchange Server 2007 computer cannot perform Exchange ServerAdministrator tasks on any other Exchange Server 2007 computer within theorganization

In addition, new security groups apply to computers in the Exchange organization.Computer accounts that are added to these groups have the following properties:

■ Exchange Servers All computers with Exchange Server 2007 installed are bers of this group Members of this group can manage the Exchange informationstore, mail queues, and mail interchange

mem-■ Exchange2003Interop This group is for Exchange 2000 Server and ExchangeServer 2003 bridgehead servers It allows routing group connections betweenExchange Server 2007 and earlier versions of Exchange

■ Exchange Install Domain Servers This security group is located in the MicrosoftExchange System Objects container, which is visible only if the Advanced Fea-tures View option is enabled in Active Directory Users And Computers Thisgroup contains all domain controllers with Exchange installed

Link State and Coexistence with Previous Versions of Exchange

Prior to introducing Exchange Server 2007 to an existing Exchange environment, theexisting Exchange environment must be prepared This preparation involves eithermigrating data off existing servers and retiring them or ensuring that these servershave the most recent service packs and updates applied Exchange Server 2007 can beintroduced to the organization under the following conditions:

■ No Exchange Server 5.5 server is present in the forest If Exchange Server 5.5 ispresent and you wish to deploy Exchange Server 2007, it will be necessary tomigrate users and data off these servers to Exchange 2000 or Exchange Server

2003 prior to attempting to deploy the new version of Exchange It is not possible

to directly upgrade from Exchange 5.5 to Exchange Server 2003, or ExchangeServer 2007