Tài liệu Microsoft® Exchange Server 2007: Tony Redmond’s Guide to Successful Implementation doc

The second generationarrived with Exchange 2000 in 2000 and Microsoft developed this version ofthe architecture further with Exchange 2003.. Microsoft introduced thefirst version of MAPI

Microsoft Exchange

Server 2007:

Tony Redmond’s Guide to Successful Implementation

Amsterdam • Boston • Heidelberg • London • New York • Oxford

Paris • San Diego• San Francisco • Singapore • Sydney • Tokyo

Digital Press is an imprint of Elsevier

Linacre House, Jordan Hill, Oxford OX2 8DP, UK

Copyright © 2007, Hewlett-Packard Development Company, L.P Published by Elsevier All rights reserved

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher Permissions may be sought directly from Elsevier’s Science & Technology Rights Department in Oxford, UK: phone: (+44) 1865 843830, fax: (+44) 1865 853333,E-mail: permissions@elsevier.com You may also complete your request online via the Elsevier homepage (http://elsevier.com), by selecting “Support & Contact”then “Copyright and Permission” and then “Obtaining Permissions.”

Recognizing the importance of preserving what has been written, Elsevier prints its books on acid-free paper whenever possible

Library of Congress Cataloging-in-Publication Data

Application Submitted

British Library Cataloguing-in-Publication Data

A catalogue record for this book is available from the British Library

Preface xvii

2 Exchange, Windows, and the Active Directory 47

2.2.4 Transforming Domain controllers into Global Catalogs 58

2.2.9 Changes in Active Directory replication in Windows 2003 70

3.1.6 Visual effects 116

3.8.1 Changing filters and conditions for dynamic

4.1.3 Command editing 208

5.2.1 Are 64 bits that important? 307

5.13.2 Changes in public folders administration since

5.13.6 Referrals 405

5.15.1 NTBackup 410

5.15.2 Other commercial backup products 410

6.3.7 Handling Exchange 2003 link state updates

6.6.1 The Queue Viewer 488

6.12.2 Postmarks 573

7 Clients 581

7.8 Internet client access protocols 684

8.3 Customizing display templates 782

8.4.3 Using a rule to add disclaimer text to outgoing messages 794

9.7.3 LCR restrictions 903

10.1.1 SSCP 932

10.2.1 Updates 936

10.3.5 Using the Troubleshooting Assistant to track messages 952

10.7 Conferences 97910.7.1 Magazines 980

By their very nature, every book that seeks to describe how technologyworks face challenges during its creation Dealing with beta software andattempting to resolve the difference between how the software works andhow the developers say it will work in the final version is a problem faced byany author, which is one reason why it is often best to wait to finalize textafter you have a chance to work with released software Looking back at thisproject, in some ways, this has been the hardest book of the seven that Ihave written about Exchange I think that there are four reasons why thismight be so

First, Exchange 2007 marks the boundary for substantial architecturalchange within the product, so it is similar to the degree of change that weexperienced when we moved from Exchange 5.5 to Exchange 2000 Second,the nature of software is that it becomes more complex over time as thedevelopers add new features and this is certainly true of Exchange 2007 Thenew features have to be considered, probed, and documented, all of whichtakes time Third, the Exchange development team has done an excellent jobsince 2004 to document all aspects of Exchange in a more comprehensivemanner than ever before The Exchange 2007 help file, TechNet, MSDN,and the excellent Exchange team blog at http://msexchangeteam.com/default.aspx are interesting and productive hoards of information for authors

to mine Unfortunately, there is often too much material (a good complaint

to have) and the material needs to be interpreted and analyzed in the light ofyour own experience with Exchange Engineers write great blogs, but thescourge of cognitive dissonance often means that they omit some detail thatmakes all the difference to a newcomer in understanding why a componentworks the way that it does

Last but not least, you should not underestimate the degree of culturalchange that Microsoft has incorporated into Exchange 2007 in the transitionfrom a predominantly GUI-centric approach to server management to theuse of the PowerShell scripting language as the basis of many managementoperations The need to understand and appreciate the change has to occur

before you can adequately document and describe the benefits and thisincreases the effort required to write the book I must admit that it took metime to realize the full benefit of interacting with Exchange through the shell,but now I am at the point where I wonder why Microsoft never providedsuch a powerful interface in the past!

The degree of change that exists in Exchange 2007 means that it is cult to cover everything in one book I have therefore elected to cover theparts of Exchange that I think are of most interest to the majority of admin-istrators and have left other components for you to discover through thematerial that Microsoft publishes or perhaps another book, written by me orsomeone else Please accept my apology if I have not covered something thatyou think is important and treat this as a challenge and opportunity for you

diffi-to write about the diffi-topic yourself There are many magazines, blogs, and otherways of spreading information about Exchange

From time to time, I wander back down the path to consider someaspect of Exchange 2003 While this book is firmly focused on Exchange

2007, the vast majority of companies that will deploy Exchange 2007 will do

so by migrating from Exchange 2003 and will therefore run both productsalongside each other for some period For large organizations, the periodmight extend to a year or more as it is unlikely that few will complete theirmigration to a pure Exchange 2007 environment quickly With this in mind,

it is fair and reasonable to document how things work with Exchange 2003,especially when these servers operate with Exchange 2007

So what is in the book? To set the context, Chapter 1 starts with an view of the development of Exchange from 4.0 to 2007 and then describes thethemes that Microsoft employed to focus the development priorities forExchange 2007 and some of the changes that occur in this release All success-ful deployments of Exchange since Exchange 2000 operate on a solid ActiveDirectory foundation, so Chapter 2 reviews some of the critical intersectionpoints between Exchange and the Active Directory including replication, theschema, and Global Catalogs Chapter 3 goes into the basics of managingExchange 2007 through the Exchange Management Console Chapter 4 takesthe management topic further by exploring the ins and outs of the newExchange Management Shell, perhaps the most fundamental change to theproduct that Microsoft has made in Exchange 2007 Chapter 5 goes to theheart of Exchange and reviews how the Store works including topics such asdatabases, storage groups, and transaction logs to content indexing and back-ups Chapter 6 looks at how the new transport system routes messages andincludes topics such as the Edge server and anti-spam protection Chapter 7explains how clients from Outlook to Outlook Web Access to mobile devicesallow users to work with their mailboxes Chapter 8 then moves on to con-sider some elements of user management, including the important topic ofcompliance and records management Chapter 9 addresses one of the more

over-difficult topics in hardware and performance It is over-difficult because hardwarecapabilities change so rapidly that it is hard to give any advice about perfor-mance in anything other than outline detail Finally, Chapter 10 wraps things

up with some miscellaneous items that are important to Exchange, or at leastthat I think are important for Exchange administrators to know I hope thatthe book hangs together as a coherent whole

It is inevitable that I have omitted some topics that you might like me tohave covered There is so much technology in and around Exchange 2007that it would take a 2,000 page book to cover it in any detail

My experience is mostly in the enterprise space, so it should not be asurprise that many of the opinions expressed in the book reflect that bias.One of my reviewers noticed this point, and complained that I did not thinkthat POP3 was an important protocol Using Exchange 2007 as a hostingplatform is a pretty specialized business and I apologize in advance if I offendanyone by my concentration on how to deploy Exchange 2007 most effec-tively for medium to large enterprises

All errors and omissions are mine, especially in the code samples selected

to illustrate the power of the Exchange Management Shell PowerShell ples are indicated in the courier typeface like so:

sam-Get-Mailbox –id Redmond | Select DisplayName

Any output from the commands is shown as follows:

DisplayName: Tony Redmond

While all the code worked on one or more test systems, experience tells

me that errors can creep in the process required to take code from a systemthrough editing and publishing to the final content in a book This is espe-cially so when the underlying code changes from build to build as the engi-neers push to finish the product and generate a knock-on effect of changes tocommands and individual parameters This book does not pretend to be acomprehensive guide to PowerShell programming or to the Exchange Man-agement Shell and the examples are there to give you a taste of what you cannow do to automate management operations, so any errors that do creep inshould be pretty obvious and easily solved—I hope!

Books do not happen overnight and they represent a lot of work I havegained enormously from being able to work alongside some tremendousexperts in enterprise messaging, both inside and outside HP I acknowledgethe contribution of groups such as my own team, who humored me when Iwas writing The Exchange 2007 academy tutors allowed me to ask many

questions as I probed the content that they generated to train HP consultantsand customers I must also acknowledge the huge contribution made by theenterprise messaging team at HP including Kathy Pollert, Mike Ireland, andStan Foster (an honorary member), who let me into the details of howExchange 2007 into the huge Windows infrastructure that HP operates.There are many people at Microsoft who patiently answered questions even

if they didn’t realize that this was happening; the amount of information thatMicrosoft now generates in help files, blogs, MSDN, TechNet, and Knowl-edge Base articles is truly staggering and has become a big challenge for peo-ple to understand and assimilate It is great that the information is there, butjust sometimes… I should also acknowledge and thank the mass of enthusi-asts who attend conferences such as Windows and Exchange Connectionswho asked about an Exchange 2007 book and eventually prompted me tostart writing

On my first day with the Exchange team in 2001, I was handed a copy ofTony Redmond’s Exchange 2000 book, “Here, read this!” It did take me awhile to make my way through that tome, but I still recall thinking that itwas well worth the time, as it laid the foundation for everything that was tocome for me in Exchange.

They were obviously there before me, but I can personally attest thatsince that day, Tony’s team at HP have been outstanding partners with us indesigning Exchange 2003 and 2007, helping us test the software throughoutthe development, and ultimately working with many customers on theirdeployments, migrations, and operations

We designed Exchange 2007 with three audiences in mind:

 The IT executive looking for cost reduction, security, and compliance

 The IT professional looking for operational efficiency

 The end user looking for anywhere access to their email

I hope you will find with your deployment of Exchange 2007 thatwe’ve delighted all three Since 2005, we’ve been testing Exchange 2007with more organizations and more end users than any previous release ofExchange The end result is a product that we are very proud of here inRedmond, Washington We look forward to receiving your feedback aboutExchange 2007 over the coming years

On behalf of the entire Exchange team, thank you for choosingMicrosoft Exchange!

Terry Myerson (terry.myerson@microsoft.com)General Manager, Exchange Server

Microsoft Corporation

Introduction

Microsoft shipped Exchange 4.0 in March 1996 after a gestation period ofsome four years The new messaging server went through many differentdesign phases Microsoft grappled with the challenge of enterprises and smallcompanies, figured out what they had to do to be competitive, understoodhow best to migrate users from other platforms (including their own), andachieved the necessary performance and scalability levels—albeit limited bythe capabilities of Windows NT 3.51 and the available hardware

Exchange replaced Microsoft Mail and went into immediate tion with other messaging systems such as those favored by large corpora-tions (IBM PROFS, Digital Equipment Corporation’s ALL-IN-1 andMailWorks, and HP OpenMail) and the PC LAN-based systems such asLotus cc:Mail, Banyan Vines, Novell GroupWise, and Lotus Notes.Exchange 4.0 was the first version that implemented the initial Exchangearchitecture and this generation subsequently spanned Exchange 5.0 and 5.5,released in March and November 1997 respectively The second generationarrived with Exchange 2000 in 2000 and Microsoft developed this version ofthe architecture further with Exchange 2003 Exchange 2007 advances thestate of the art by implementing the third distinct architecture for Exchange

competi-It is hard to realize just how much progress messaging technology hasmade since 1996 Exchange has improved its capabilities dramatically interms of functionality, robustness, security, and connectivity since 1996 Wehave also seen other important advances in the standards that dictate howsystems connect together, the networks that we use, Windows and associatedtechnology such as IIS, the power and usefulness of the devices that we con-nect to our mailboxes, and the other technology that has established the type

of world we work in.The web is the best and most pervasive example of atechnology that has influenced Exchange The volume and depth of changeover the decade has posed a challenge for administrators to keep up to date

with new developments, and hopefully the articles published about Exchangeand associated technologies in that time have helped to bridge the gap.

1.1.1 The way we were

The messaging market was more fragmented in 1996 than it is in 2007 Theadministrator who set out to deploy Exchange 4.0 had to cope with a pleth-ora of competing standards, connections, and clients Companies such asSoftSwitch (later bought by Lotus), WorldTalk, and LinkAge (later bought

by Microsoft as part of their push to migrate companies from Notes) builthealthy businesses by producing software to connect different email systems

so that companies could communicate together The war between the nents of the international messaging standards (X.400 and X.500) and theInternet standards hadn’t reached a satisfactory conclusion in 1996, so westruggled to communicate in a world where you needed a great deal of magicincantations to send even a plain text message addressed to a single recipient

propo-to a foreign email system

Government and telecommunications bodies led the charge toward acommon standard for directories that eventually resulted in the X.500 stan-dard While X.500 offered the potential that it could eventually result in aglobal directory standard that everyone used to connect directories to, direc-tory synchronization was another black art in 1996 It was common to haveweekly or monthly synchronization runs to merge directory data to provide acommon view of users across multiple systems Email addresses were moreconvoluted (mine was then Tony.Redmond@dbo.mts.dec.com) than today

as most organizations now use the standard SMTP convention of name.last-name@domain Of course, X.500 has long since faded into thebackground and LDAP is now the most widely used standard for directoryaccess and interoperability We can still see the influence of X.500 in someenterprise directories and in the design principles that Microsoft followed tobuild the original Exchange Directory Store and then the Active Directory,but few Exchange administrators bother about X.500 now

first-The ease of connectivity established by SMTP, its extensions (ESMTP),and the easy access that we now enjoy to the Internet has revolutionizedemail This is true for corporate users and personal users Ten years ago itwould have been difficult to predict the success and ease of access that peo-ple around the world enjoy to email systems such as Hotmail, Gmail, andYahoo mail

1.1.2 The protocol wars

MAPI is the great survivor of the protocol wars MAPI is actually an API, butmany people refer to MAPI as a protocol, in the same way as they refer to

IMAP4 or POP3; MAPI is also a message format as used in Exchange, so theemail community uses the term in different ways Microsoft introduced thefirst version of MAPI in Microsoft Mail, but this was a very simple version ofthe API that Outlook clients use today as it only supported twelve functions.Capone, the original Exchange client shipped with Exchange 4.0, was thefirst client to exploit the full range of MAPI capabilities as made available inthe MAPI 1.0 release Microsoft developed the Exchange RPC protocol towrap around MAPI and Exchange 2007 continues to use Exchange RPCs(often called MAPI RPCs or often just MAPI) to connect Outlook clients toservers There’s also server-side MAPI, which is what Exchange servers use forserver applications that need to access the Store, such as the System Atten-dant and the Exchange management console The server variation of MAPI

in Exchange 2003 is tuned to support the kind of multi-threaded tions that you find on servers better, but the difference between the MAPIlibrary distributed with Exchange and the version that came along with Out-look confused administrators in the past For example, you could not installOutlook on an Exchange server because the two versions of the MAPI librarywould cause a conflict when they were loaded into the same process space Exchange 2007 introduces MAPI.Net—a thoroughly modern version ofserver-side MAPI that Exchange uses for communication between servers.For instance, all of the traffic between mailbox and hub transport servers isvia MAPI.Net RPCs A side effect of the new version of MAPI is that youcan now install Outlook quite happily on an Exchange 2007 server becausethe two versions do not clash anymore While it’s still possible (but difficultand time consuming) to write highly efficient and effective MAPI code torun on the server, Microsoft’s strategy is to move programmers away fromMAPI to use Exchange Web services The promise is that code will be easier

applica-to write and debug, will deliver better performance, and should be more portable over the long term Microsoft tuned the server variation of MAPI inExchange 2003 to better support the kind of multi-threaded applicationsthat servers run, but the difference between the MAPI library distributedwith Exchange 2003 and the version that came along with any version ofOutlook confused administrators in the past

sup-Exchange 2007 introduces MAPI.Net—a thoroughly modern version ofserver-side MAPI Back on the client side, Microsoft referred to the Caponeclient as a “viewer.” This seemed to be an odd name to give to a client, but itreflected a software engineering perspective that the client was an applicationthat allowed users to view Exchange data Capone was elegant, simple, andprecise, but the first release of Outlook in 1997 rapidly passed out the origi-nal Exchange client in terms of functionality Today Outlook boasts a range

of features that most users (except Sue Mosher, the guru of Outlook) find allthe features difficult to comprehend, let alone use Despite rumblings overthe years (many from within Microsoft), that Exchange should drop MAPIand use Internet protocols for its clients instead, no Internet client protocol

has emerged that could deliver the same functionality as MAPI, so it ues to be the foundation for Exchange 2007 and Outlook 2007 MAPIremains a mystery to many, so if you’re interested in finding out more, head

contin-over to www.insidemapi.com, the Web site dedicated to Inside MAPI, the

definitive book on the API (out of print for many years)

Of course, Outlook is not the only client that you can connect toExchange Ever since Microsoft realized that they had to support the Inter-net after the famous memo written by Bill Gates galvanized Microsoft’sengineering groups in 1996, Exchange has been able to support other cli-ent protocols Exchange 5.0 (released in early 1997) was the first version tosupport Internet protocols Today, Exchange 2007 supports a broad range

of Internet protocols from POP3 and IMAP4 on the client side to SMTP

as the basis for messaging connectivity and transport, to HTTP for Webaccess, plus extensions that provide better security and functionality, likeESMTP and HTTPS

The Outlook Web Access (OWA) client is a real success story forMicrosoft Like many other projects that come out of Redmond, the initialversion (shipped with Exchange 5.0 and then improved significantly in 5.5)was slow This was due to some aspects of its architecture, its interaction withthe Store, and various implementation details, all of which combined to limitits scalability to be less than the number of MAPI clients that a server couldsupport The version of Outlook Web Access that shipped with Exchange

2000 marked a dramatic step forward in the UI and performance and look Web Access became a client that you could actually use as a replacementfor Outlook Microsoft made further improvements to Outlook Web Access

Out-in Exchange 2003, not least to respond to the needs of the service providerswho wanted to deliver segmented functionality to their users, and furtherimprovements, not least in an upgraded and highly functional user interface,are delivered by Exchange 2007 Some suggest that it is difficult to tell thedifference between Outlook Web Access 2007 and Outlook 2007 The testworks at a distance (of at least five feet), if not when you actually start to usethe two clients where Outlook is still the superior client Nevertheless, thebottom line with Outlook Web Access is that many users who work in officeswith reliable network connections find that they do not need to use Outlook

as all the functionality that they need is in Outlook Web Access

1.1.3 Ever increasing mobility

We were just getting used to having cell phones in 1996 (but cell phonebills were dramatically more expensive than today), so Exchange 4.0 andthe versions that followed really did not have to do much to accommodatemobility Alphanumeric pagers were the most common mobile device thatpeople carried if they needed to keep in touch with the office RIM(www.rim.net) was founded in 1984 and developed its BlackBerry device

as a solution that was initially targeted at executives Today, BlackBerry hasbecome a term that people understand to mean constant connection to theoffice and many of those connections are to Exchange Of course, Black-Berry is not the only mobile device that Exchange supports The GoodLinkserver (www.good.com—now owned by Motorola) connects BlackBerrydevices to Exchange along with its own devices and those running Palm OSand Microsoft-powered PDAs You can choose from a wide range of Smart-Phones as well.

Microsoft continues to focus on mobile access to information as one ofits key development strategies for Exchange They have poured in a hugeamount of effort to improve connectivity for mobile devices from Exchange

2003 onwards, especially for devices that run Windows Mobile 5.0 or laterreleases The good news is that the combination of new devices andExchange 2007 deliver even better functionality and performance, if notquite yet to the standard that BlackBerry delivers

In Chapter 7, we explore how Exchange 2007 delivers even more tionality for mobile users, as long as you are prepared to buy devices that runthe latest version of Windows Mobile Exchange 2007 also includesMicrosoft’s first venture into the unified messaging market to deliver an inte-grated inbox that accommodates voicemail as well as email, plus the abilityfor users to access their mailbox and calendar data through Outlook VoiceAccess Microsoft’s favorite demo for unified messaging is to show how youcan ring Exchange while you are en route to the office and cancel all yourappointments for the day, perhaps because you are feeling ill Having such awide range of connectivity options is very convenient for users, but the sheernumber of connections that an Exchange server now supports has put a hugeload on kernel mode resources that Windows finds hard to satisfy Increasingthe server’s ability to support client connections is one of the primary reasonswhy Microsoft made the decision to make Exchange 2007 available only onthe x86-641 Windows platform It is also fair to say that the increase in thenumber of options available to users to connect to Exchange made server andnetwork administration more complex because of the increased number ofplaces where things can go wrong and disrupt the messaging flow Security ofdata, especially data carried around on mobile devices, is also a concern,largely because of the number of mobile devices that are lost annually It is apersonal disaster to lose your contacts because you mislaid a phone; it is aprofessional and business disaster if your SmartPhone contains the com-pany’s business plan and you have not protected the device

func-1 Exchange 2007 runs only on the 64-bit Intel and AMD platforms It does not run on the IA64 “Itanium” platform.

1.1.4 Third-party products and management

Exchange began with a sparse ecosystem surrounding the product In 1996,the threat horizon was not what it is today, so there was not the same needfor anti-virus and spam-suppression products Management software waslimited to the basic Exchange administration program Developers had noteven begun to think about the range of reporting and analysis software that

we enjoy today In short, the only add-on software that was available forExchange was some messaging connectors and migration products to helpMicrosoft migrate customers from other email systems

The situation today is very different and we now enjoy a huge range ofadd-on software that help administrators to deploy, operate, manage, report,and debug their installations Many software companies have come and goneand a wave of recent mergers and acquisitions has reduced the number ofcompanies who create add-on products, amongst them HP (with its Open-View suite) and Quest Software (www.quest.com), which sells many usefulproducts for an Exchange environment Microsoft has been active in this areatoo and despite some false starts when it comes to APIs, Microsoft has cre-ated a lot of helpful software that it makes available to customers throughWeb downloads from www.microsoft.com/exchange (see Chapter 10) Takenwith the improvements in the base software, the upshot of all the third-partyactivity is that it is easier to manage an Exchange server than ever before

1.1.5 Some interesting projects

Like any technology, Exchange is useless until you deploy it in projects tosolve customer business problems The early projects were all about migra-tion and usually contained some interesting technical problems Forinstance, one European post office wanted to replace PROFS with Exchange,but they only had 2Kbps connections to each post office The link was OKfor “green screen email,” but could not handle the RPCs that Exchange andMAPI clients depend on Later on, we faced the challenge of bringingExchange and Windows together as Exchange 2000 absolutely depended on

a solid implementation of Active Directory before it could function ActiveDirectory posed a huge learning curve for administrators, system designers,and consultants alike, but we have past it now and the combination of Win-dows 2003 and Exchange 2003 is a much more stable platform The newcombination of 64-bit Windows and 64-bit Exchange 2007 will take sometime for administrators to become accustomed to, but it should be at least asstable as Windows 2003/Exchange 2003 in terms of its performance in pro-duction environments

Introducing Exchange to the world of Internet service providers (ISPs)broke a lot of new ground around the turn of the century Microsoft had not

designed the first versions of Exchange to deal with the demands of ISPs, yetthey expected Exchange to replace MCIS, their previous email solution forISPs The world of ISPs is significantly different to enterprise deployments asthe focus is all about short connections for huge numbers of POP3 andIMAP4 clients instead of the leisurely-extended connections enjoyed by cor-porate users Maybe the most interesting project was the system deployed toprovide email to political parties Even within the same party, users did nottrust each other and the politicians were not happy to have their email stored

on the same computer as data owned by other politicians This was not atechnology challenge, except in convincing users that Exchange and Win-dows could provide the necessary security to isolate everyone’s data and keep

it secure, but there were many interesting debates along the way

1.1.6 The not so good points

Not everything has gone well for Exchange since 1996 Public folders areprobably the biggest piece of functionality that has underperformed and dis-appointed across a large number of deployments When Microsoft was stok-ing the market before they shipped Exchange 4.0, they made enormous playabout the capabilities of public folders, especially when you linked them tothe power of the 16-bit Visual Basic–like Electronic Forms Designer (EFD).With EFD, you could quickly put together a form such as a travel request orexpense claim, link it to a public folder, and allow users to create and use theform much more efficiently than paper equivalents With replication, youcould move that information around your organization and collate it cen-trally It all looked promising, but in practice EFD was a disaster as it gener-ated forms that performed well with a couple of users or with a smallnumber of items in a folder, but rapidly ran out of steam after that EFDsank quickly while public folders have lingered on Microsoft has made acouple of runs at improving public folders, most notably when they intro-duced multiple folder hierarchies in Exchange 2000, but no one seemed to

be interested because public folders are difficult to manage and maintainand it did not seem like a good idea to introduce more complexity with theextra folder hierarchies The net result is that many companies have largenumbers of public folders, but no good way to audit, clean up, report on, oreffectively manage their contents We will not mourn the passing of publicfolders when Microsoft eventually puts a bullet through them, as long asmigration utilities exist to allow companies to move their data to a new plat-form Exchange 2007 marks the start of the phase-out process for publicfolders, albeit one that may take several more versions before Microsoft canfinally pull the plug on this functionality Microsoft has promised to sup-port public folders until at least 2016, so you can take that as an indication

of the work that Microsoft and customers have to do to transition the tents of public folders and whatever applications still depend on public fold-

con-ers to new platforms Other technologies, such as SharePoint Portal Server,did not exist in 1996 and do a much better job of categorizing, searching,and managing data, so it will be a relief to move.

Clustering is a disappointment on the hardware side I had great hopesfor Microsoft clustering when the original “Wolfpack” release appearedalongside Exchange 5.5 in late 1997 Part of my optimism arose from myhistory at Digital where OpenVMS clustering set a bar in the mid-1980s thatMicrosoft clustering has still approached today My optimism went alongside

a realization that Exchange was vulnerable to hardware failure, especially inthe disk subsystem where the disks that were available in 1997 were not asreliable or intelligent as they are today and few companies had started to useStorage Area Networks (SANs) as the backbone of their Exchange deploy-ment Vulnerability increased as we increased the user load on servers, whichhad reached a point where even the basic 32-bit Pentium II–based serverscould cheerfully accept the load of several thousand concurrent users.Microsoft’s original implementation of clustering was expensive because youcould only run two servers in a cluster and one of those was passive, waitingfor its twin to fail The passive server had to be licensed and have a similarconfiguration to its partner, so only deployments that absolutely needed thehighest protection against failure stumped up the necessary investment toimplement clustering

Microsoft revamped clustering in Windows 2000 and 2003 andupgraded Exchange 2000 and 2003 to take advantage of active-active clus-ters Active-active means that every node in a cluster can support work anddespite being limited to four Exchange servers in a cluster, it seemed like anadvance However, problems with virtual memory fragmentation led to theinability to transfer storage groups from a failed node and Microsoft revisitedits support of Exchange on clusters to impose an active-passive model whereyou had to keep at least one passive server in the cluster to accept the work-load should a failure occur Obviously, this was a retrograde step because itincreased the cost of clustering again as you could not use all of the hardware

in a cluster as productively as before Another problem was that not all party software was cluster aware, which caused problems for companies whowanted to deploy clusters but also wanted to use a common set of softwarefor purposes such as monitoring, anti-virus, or backup Finally, some of theExchange components did not run on clusters (like messaging gateways), sointroducing a cluster became an expensive business when you counted theextra servers that were required to support the complete environment

third-To their credit, Microsoft made a commitment to use clusters for theirinternal deployment of Exchange and demonstrated that they could support16,000 mailboxes on a seven-node cluster (four active nodes runningExchange, one passive node, two servers performing backup and otheradministrative work) Of course, the cynics pointed out that it would be easy

to deploy and manage such a cluster if you had the Windows and Exchangedevelopment groups on site all the time The net is that clustering began withgreat hopes and has receded to a point where it is useful to those who canafford to deploy the necessary hardware and understand the somewhat spe-cial administrative environment that clusters represent It would have beengreat if clustering had become the de facto standard for Exchange deploy-ments, but the obvious deficiencies in the implementation and the cost pre-mium meant that this could never happen

Exchange 2007 now offers a choice between “traditional” clusters wherethe databases are located on shared storage, and cluster continuous replica-tion (CCR), a feature that allows you to deploy a cluster built from two phys-ical nodes and keep the database used by a virtual Exchange server up to date

on both nodes through asynchronous log shipping CCR lays the foundationfor stretched clusters and allows for a new level of protection against physicaldatacenter outages Exchange 2007 also includes local continuous replication(LCR) to provide an additional level of protection against a disk failure thataffects the Exchange Store to address the most obvious single point of failure

in all previous versions of Exchange Chapter 9 covers these technologies insome detail

Because of the very nature of the beast, disaster recovery is always ficult, but it is the role of software to automate recovery operations toguide administrators and assist them in getting servers back online asquickly as possible while also avoiding mistakes like overwriting transac-tion logs Until the introduction of the Recovery Storage Group inExchange 2003, you had to maintain extra servers to use if a disasteroccurred, and in the early days of virtualization this required physical hard-ware Better hardware and fewer software bugs steadily reduced the numberand impact of database corruptions, but it is surprising that we have had towait until Exchange 2007 for features such as log shipping (as employed inboth CCR and LCR) and the database troubleshooting assistant Eventhough we’ve had to wait, now that we have the ability to deploy CCR andLCR, it will be interesting to see how these technologies are used to build anew level of resistance to database outages

dif-APIs are the other disaster area for Exchange Microsoft neededExchange to have great programming capabilities to help wean companies offLotus Notes Notes is not a great messaging engine, but it has extremelystrong collaborative and programming capabilities that companies exploit toput together mail-enabled applications that take advantage of the Notes rep-lication engine (also better than the replication implemented in Exchangepublic folders) We have endured multiple attempts by Microsoft to deliver

an equivalent development platform for Exchange To give Microsoft credit,they are persistent, and they have been very persistent, but also have a veryawful track record with the APIs that have shipped with Exchange We have

seen CDO2, CDOEXM, Exchange Routing Objects, the infamous EFD,WMI, client-side MAPI and server-side MAPI, WebDAV, and so on Thehighest figure I ever heard was that there have been 32 different ways a pro-grammer can write code to access Exchange data over the years I cannot ver-ify the count, but it does not surprise me.

Microsoft knows that they have a mess on their hands and the advent

of PowerShell (see Chapter 10) support in Exchange 2007 means that we

have a solid and robust interface that we can use to build a new set of agement scripts and other tools Exchange 2007 also delivers a new set ofWeb services that may mark the start of the process of breaking Exchange

man-up into a series of Web services that other applications can consume.Decomposing a mammoth application will take time, but Microsoft hasmade a good start in Exchange 2007 Outside of the limited set of Web ser-vices that can only access a tiny portion of the overall functionality ofExchange, there is still no good way to develop mission-critical client sideapplications that exploit the storage and messaging power of Exchange and

we await developments in this area

1.1.7 Exchange’s connection with the Active Directory

When Microsoft moved Exchange away from its own directory store to port the Active Directory in Exchange 2000, some predicted that the transi-tion would make Exchange harder to manage and deploy To some extent,this assertion is true as the need to deploy Active Directory first slowed downthe migration from Exchange 5.5 to Exchange 2000 Indeed, some compa-nies have not yet migrated away from Exchange 5.5!

sup-Over time, I think that Active Directory has been good for Exchange.After the initial set of hiccups that slowed adoption, the body of knowledgearound the Active Directory grew and some solid deployments ensued.This is not to say that the deployments were perfect and certainly somehave corroded over time in terms of their effectiveness The transition toExchange 2007 is a perfect opportunity to revisit Active Directory deploy-ments to ask the question whether they are as effective as they could be ifthey reflect current best practice, and to consider whether you can consoli-date sites, domains, and servers to reduce complexity and cost from theinfrastructure You realize the worth of Active Directory to Exchange 2007

in the new dependency that exists on the site topology and site links as thebasis for message routing, replacing the routing group structure used byExchange 2000/2003

The only big problem that I now have with the Active Directory is theinflexible way that Exchange uses it Exchange uses a container in the Active

2 CDO 1.2.1 remains supported for use with Exchange 2007, but only on 32-bit platforms.

Directory configuration naming context to store its configuration data.Exchange gains great value from this implementation, not least because theActive Directory replicates all of Exchange’s configuration data automatically

to domain controllers around the forest However, no one has ever been able

to explain to me why the Active Directory can host only a single Exchangeorganization, as it does not seem to be complex to store several containers,one for each organization, in the directory It would be nice to see this restric-tion lifted in the future, if only to remove the requirement to deploy multipleforests (and the hardware to support multiple forests) if you need to supportmultiple Exchange organizations Sometimes it is good to have the separationbetween organizations that different Active Directory forests afford, but itwould be better to have the option to store everything in one place

1.1.8 Reviewing predictions made in 1996

Scary as it seems, I have been writing about Exchange since 1996 The vast

bulk of my scribbling has appeared in Windows IT Pro magazine (and its predecessors—see www.windowsitpro.com) and the Exchange Administrator

newsletter, and I hope that the articles have helped you understand andexploit Exchange to the maximum over the years However, my first article

appeared in a publication called Exchange Manager that did not last very

long I wrote an article called “Scaling Exchange” where I looked at thepractical issues involved in scaling Exchange 4.0 to deal with hundreds ofusers (my advice was not to support more than 300 users on a server) Iwrote: “Lots of people get hung up about the 16GB limit for the Informa-tion Store… I don’t, because it’s a limit that most of us will never encoun-ter.” I was right in one respect because Microsoft only upped the 16GBlimit to 75GB for the standard edition of Exchange in Exchange 2003 SP2(and then removed the limit completely in Exchange 2007), but the sheernumber of messages that we send and the average size of those messages hasexploded since 1996 Then, most messages in corporate email systems werebetween 5KB and 10KB Now, they are bloated through a mixture of userindiscipline (horrible autosignature files, too many replies to replies, etc.)and huge attachments

I went on to ask: “What was the last time you saw a Windows NT systemthat had more than 100GB of disk attached? Or more than 4 CPUs? Or evenmore than 256MB of memory or 512MB on a RISC system?” How timeshave changed In my defense, our first Exchange servers boasted 66MHz 486CPUs, had 64MB of memory, and 4GB of disk Today, the best advice is tobuy powerful 64-bit servers to run Exchange 2007, preferably with multi-core processors, gigabytes of memory, and lots of disk In their justification(see the commentary in http://blogs.technet.com/exchange/archive/2005/12/29/416613.aspx) for the move to an exclusive 64-bit platform forExchange 2007, Microsoft cites the fact that they believe that 500GB disks

will be standard when Exchange 2007 ships and that 1TB disks will beavailable Note that 64-bit means the x64 platform as Exchange 2007 doesnot support the Itanium (IA64) platform Support for a version ofExchange running on IA64 may come in the future as SQL has alreadydemonstrated the huge scalability potential of the IA64 platform

I looked into the future by predicting that: “In the long term, the tion of Windows NT to support 64-bit computing will raise the performancebar even further and allow people to consider even larger systems … systemsthat can support thousands of users on a daily basis.” I went on to askMicrosoft to consider raising the limit on the Information Store from 16GB

evolu-to 16TB (Microsoft did this for the Enterprise version in Exchange 2000);support clustering (Microsoft shipped Wolfpack clustering in 1997 withExchange 5.5, but the Exchange clustering story has been an uneven successsince); support a single mailbox restore (possible with third-party products),since 1997; PSS generated the ExMerge utility in 1998 (a utility thatMicrosoft no longer supports in Exchange 2007); the Mailbox RecoveryCenter arrived in Exchange 2003; provide better support for multiple proces-sors (done in Exchange 5.5 and much improved since); and optimize thecode for non-Intel processors Alas, the multi-platform play for NT andExchange terminated after Windows NT 4.0/Exchange 5.5 when Microsofthalted their support for Windows NT on the Alpha CPU, but the 64-bitAMD and Intel platforms are now a great success for Exchange 2007 Look-ing back, it was not a bad list to ask for

Over the last ten years, the environment surrounding Exchange has evolved

in many dimensions Here are just a few of the most important technologyinfluences that have affected the evolution of Exchange

 The base operating system has moved from Windows NT 3.51 on a32-bit platform to Windows 2003 R2 on a 64-bit platform

 Storage has moved from small and expensive direct attached storage

to a huge range of solutions spanning anything from JBOD (just abunch of inexpensive disks) to very large SANs

 Systems that might have been lucky to operate with 128MB of ory have moved to a point where many email servers are equippedwith 8GB or more, and Microsoft’s recommendations for memoryfor some Exchange 2007 servers will make 32GB or 64GB a com-mon configuration in the near future

mem- Microsoft has poured enormous engineering effort to bring Exchangethrough three distinct generations of software from the original focus

on PC LAN-centric deployments and the need to migrate from peting products such as Lotus cc:Mail to the ability to deal with mas-sive corporate deployments

com- Exchange’s administrative model has moved from a purely graphicalinterface that dealt well with the needs of a few hundred users but strug-gled with large organizations to a point where Exchange 2007 comple-ments an administrative GUI with a sophisticated shell thatadministrators can program to automate many management operations

 The protocols that are important to Exchange have moved from amishmash of messaging and directory protocols, both proprietaryand international, to a point where we deal with a consistent set ofInternet protocols such as SMTP, LDAP, HTTP, and IMAP

 The computing model for Windows has evolved from an approachthat usually focused on a one-server, one-application model to some-thing that more closely resembles the kind of deployments seen onother corporate computing platforms

 The range of clients that Exchange supports has expanded cally from a single Microsoft client that could only run on Windows

dramati-to a variety of clients that accommodate the spectrum of user needsfrom traditional PC workstations to many variations of handhelddevices

When Microsoft began to design the third generation of Exchange, theydecided to use three broad themes as the general thrust for the developmenteffort These are:

Built-in Protection: While Exchange has long had good protection against

viruses and spam through third-party products and Exchange 2003 offersgood filtering capabilities to block incoming messages from undesirable par-ties, Microsoft knew that they had to offer out-of-the-box protection forExchange to remain competitive and to protect customers Some of this workstarted with the release of the Internet Message Filter (IMF) for Exchange

2003 and the SmartScreen junk mail filtering technology that Outlook 2003and 2007 incorporate into their code

After they had released Exchange 2003, Microsoft’s original plan was todeliver a server designed for deployment within the DMZ (the original Edgeproject) Microsoft based the original Edge project on Exchange 2003 tech-nology, but they cancelled the project in late 2005 Microsoft bought mar-ket-leading anti-virus and anti-spam technology in-house through theacquisition of Sybari Software Inc in 2006 They have since refined its capa-

bilities since to produce the ForeFront Security for Exchange product, which

is bundled with the Enterprise edition of Exchange 2007 In addition,Microsoft has dedicated considerable engineering effort to research how best

to defend against email threats and contributed to projects such as the Sender

ID initiative While the result of this work is spread throughout Exchange

2007, much of it is focused in the Edge and hub transport server roles TheEdge server essentially completes the project that Microsoft started out tobuild some years ago with the added advantage that it is built on theExchange 2007 code base The bottom line is that Microsoft intendsExchange 2007 to be the most secure email server available anywhere This is

a laudable goal, but given the evolving nature of network threat, we will notreally know whether Microsoft has succeeded until companies have moved toExchange 2007 and moved away from the previous generation of servers

Anywhere Access: This theme reflects the mobile nature of the world that

we live in today rather than the tethered nature of traditional email access.Exchange has offered Web-based access since 1996 and support for handhelddevices since 1999, first with RIM BlackBerry devices and then later Win-dows Mobile handhelds, but only through add-on products Exchange 2003introduced server-based ActiveSync and Outlook Mobile Access (support forWAP browsers) Neither offering was on par with the leaders in the market.Outlook Web Access was a reasonable Web-based interface, but it needed tomove away from protocols such as WebDAV that had seemed the way for-ward when Microsoft introduced WebDAV support in Exchange 2000 buthad now been bypassed, and create a new user interface based on the latestWeb technologies such as ASP.NET However, while increasing the function-ality and power of Outlook Web Access and ActiveSync reflected someimmediate technical imperatives of this theme, the more interesting aspectwas the desire to incorporate voice technology into the Exchange platformfor the first time This was not a new technical challenge because third partiessuch as Nortel and Avaya had created good voicemail integrations withExchange and Outlook as far back as 1998 The interesting challenge was tocreate a different type of integration than merely playing back received voice-mail through Outlook messages and PC speakers As they set out to createthe Exchange 2007 Unified Messaging server, Microsoft wanted to deliver anintegrated server that used the Exchange Store as the repository for voice anddata and the Exchange messaging infrastructure to move voice messagesaround On the client side, Outlook Voice Access lets users access their mes-saging, calendar, and directory data through a range of telephones from thelatest SmartPhone to a plain old touch-tone phone

Operational Efficiency: Even its best friends would not hold Exchange

2003 up as the best example of an operationally efficient messaging system.Exchange 2003 offers great functionality to end users at the expense of a lot

of hard work by administrators at the back end Issues included:

 Common administrative tasks such as moving mailboxes were hard toautomate.

 The user interface presented by the administrative tools were times confusing; there were too many black boxes in Exchange (think

some-of how the Recipient Update Service stamps email addresses on newlycreated mailboxes)

 There are far too many places where Exchange suddenly enabled tures if an administrator would only update the system registry with amagic key

fea- Performance of some of the tools was acceptable for small to mediumbusinesses but not for large organizations

Sometimes you felt that the developers had simply lost interest when thetime came to write the system management components of Exchangebecause they all wanted to create cool new features that were appreciated byusers This is quite a litany of complaints I have had practice in composingthis list because I have been quite vocal on the point both when speaking atconferences and when talking with the Exchange developers Exchange 2003

is not bad software to have to manage, as long as you know its quirks andtook the time to learn all about how it works The trouble was that manypeople did not make the necessary effort to learn Exchange and the inevitableresult was dissatisfaction, product issues, and system outages

Perhaps the biggest change in attitude and focus that Microsoft hasmade since the release of Exchange 2003 is the effort that the developmentgroup has poured into making Exchange more automated, more manageable,and easier to deploy Microsoft has pumped out a huge increase in wizards,automated management and analysis tools, and documentation since 2005

A new attitude seems to have infused the development group with the desire

to improve the administrative characteristics of Exchange and you can see theresult in Exchange 2007 While the most obvious change is in the ExchangeManagement Console, the real magic is in the introduction of the ExchangeManagement Shell because this is the basis for a new era of automation forcommon and not so common administrative tasks

Figure 1.1 illustrates an example of how Microsoft has made Exchange

2007 more manageable than any previous version Users receive nondeliverymessages all the time, but the content of messages generated by older versions

is often not too helpful to the average user Exchange 2007 generates sages that are easy for users to understand what problem has occurred andinclude some additional information for administrators to figure out why theproblem has occurred For example, the bottom portion of the messageshown in the left-hand screen of Figure 1.1 includes the error text, and then atrace of all of the servers (not illustrated) that the message passed through

mes-before Exchange detected the error You see the same attention to detail inother places too, like the diagnostics information available from OutlookWeb Access (Figure 1.2) to help administrators figure out why things maynot be working as normal, the mailbox quota exceeded messages sent to users(the right-hand screen in Figure 1.1), and so on.

Microsoft has removed two major distinguishing features of theExchange 2000/2003 architecture in Exchange 2007 When Microsoft intro-duced Exchange 2000, they had to provide backwards compatibility with

Outlook Web Access

reveals all to help

administrators

fix problems

Exchange 5.5 in terms of management and routing, so they introduced theconcept of administrative groups (comparable to Exchange 5.5 sites) androuting groups (comparable to Exchange 5.5 sites in terms of the routingtopology) Unfortunately, the original plans to make administrative groupsmore flexible in terms of server management never quite worked out Asimplemented in Exchange 2000 and 2003, administrative groups are anunintelligent container for servers and not much else Experience withadministrative groups has demonstrated that they were far too rigid in opera-tion (you could not move a server between administrative groups) and notgranular enough when it came to server management (delegation applied toall of the servers in the group rather than down to the individual server) Theresult is that many Exchange administrators ignored administrative groupsand kept all the servers in the default administrative group

According to surveys conducted by Microsoft at events like TechEd, theonly administrators who paid much attention to administrative groupsworked in large enterprises where the sheer number of servers and their dis-tribution across multiple physical sites meant that administrative groupsoffered some benefits Administrators of small to medium Exchange organi-zations often did not know about administrative groups because they neverneeded to do anything else but install all their servers into the default admin-istrative group The experience with routing groups was more positivebecause they offered flexibility and a way to control the routing topology butthey required quite a lot of manual intervention to set up and manage Inaddition, the move to a new SMTP routing engine that leveraged the ActiveDirectory and used point-to-point TCP connections to create a full-meshrouting network based on deterministic routing meant that routing groupswere no longer required As we will see later on, a default administrative and

a default routing group still linger on within Exchange 2007, but only as amethod to allow management and routing to continue seamlessly in a mixed-mode organization

Better security was another important focus for Exchange 2007.Microsoft has steadily increased the default level of security in its products

to cope with the increased level of threat that exists within the networktoday You will find that Exchange 2007 components are secure by default.For example, Outlook Web Access connects via HTTPS instead of HTTP

as previously used; POP3 and IMAP4 clients connect over secure portsrather than the insecure default ports for these protocols; Exchange serversauthenticate and connect securely before they transfer messages; and con-nectors are secure out of the box Overall, Exchange 2007 is a much moresecure product than its predecessors are This is not to say that administra-tors are unable to punch holes in Exchange’s security by removing restric-tions, but even if you leave the default security settings, you will find thatyour installation is more secure than before Tools provided by Microsoft toreview and tighten security (such as the Windows 2003 Security Configura-