An Objective by Objective Study Guide For Microsoft Certification Exam 70-081: Implementing and Supporting MicrosoftÒ Exchange Server 5.5

Planning

- Choose an Implementation Strategy for Microsoft Exchange Server. Elements Include:

Server Locations

Performance is a critical factor in any messaging system. When planning the location of Exchange servers, the proper balance between the speed of the segment and the number of Exchange users on that segment is primary.

The number and location of mailboxes is another factor to consider. This can be optimized by placing users who frequently send messages to each other on the same server (Local Delivery is Priority), and by placing servers (containing local segment users) on the same network segment (Local Network Traffic is Priority). Further, fault tolerance can be addressed through "multiple points of failure" (users spread out among multiple servers), or "protecting a single point" (all users on a single server, which is protected heavily).

Hardware factors should also affect server placement. Such factors as number of disks, disk speed, amount of RAM, processor speed, number of processors, and performance of NICs should be considered.

Address Space

Address space is the least amount of information needed to determine the connection to use to reach a recipient. By examining the address space of potential users, you can better determine which connectors need to be installed, where to locate bridgehead severs, which servers will run the IMS, which servers will be target servers and their costs (if using the Site Connector), public folder replication strategies, Directory replication and synchronization strategies, as well as other important factors.

- Develop the Configuration of an Exchange Server Computer

Exchange servers can be configured individually with server specific settings. This is accomplished by configuring the properties of the specific server container, and configuring the objects within that server container. The server configuration objects are:

Private Information Store – Used to configure deleted item recovery, set storage limits for mailboxes, view resources such as NT accounts accessing mailboxes, and configure diagnostic logging for the IS.

Protocols – such as IMAP4, LDAP, NNTP and POP3

Public Information Store – Used to configure deleted item recovery, set storage limits for public folders, age limits for items in public folders, replica locations, replication schedules, and diagnostic logging.

Server Recipients – Contains the recipients homed on this particular server.

Directory Service – Used to manually initiate DS functions such as directory replication. Diagnostic logging can be configured.

Message Transfer Agent – Contains MTA message size limits. Can be used to manually recalculate the routing table. Used to view and change priorities of Queued messages. Diagnostic Logging.

System Attendant – Used to configure automatic deletion of message tracking log files (in days).

Directory Synchronization – ONLY PRESENT IF MS MAIL CONNECTOR IS INSTALLED.

MTA Transport Stack - ONLY PRESENT IF MS MAIL CONNECTOR IS INSTALLED.

Each server object itself has property pages (tabs) which can be used to configure Services, Database Paths, IS Maintenance, Diagnostic Logging, General and Advanced features, Permissions, and Locales (International and Global locales).

- Identify Strategies for Migration from Previous Versions of Exchange Server to Exchange Server 5.5

There are 2 Upgrade Options:

Standard Upgrade – Upgrades your current Exchange databases in their current locations. Failure requires restore from backup.

Fault-Tolerant Upgrade – Backs up each database to a different, temporary location before performing the upgrade. If the upgrade fails, the original databases will still be in their original locations. Requires at least twice the disk space as your IS and cannot be a network drive. NOT POSSIBLE WHEN UPGRADING FROM EXCHANGE 4.0.

Upgrade from 4.0 – Requires installation of Exchange 4.0 SP2 in a multi server environment. Single server environment is straightforward.

Upgrade from 5.0 – Straightforward

- Develop a Long-Term Coexistence Strategy. Protocols Include :

(Both of these are Internet protocols used to access Exchange resources)

IMAP – Internet Message Access Protocol version 4 – is built into the IS. Outlook Express is an example of an IMAP4 application.

Enables Internet e-mail applications using IMAP4 to retrieve data from an Exchange server.

IMAP4 can only retrieve data, and MUST use the SMTP functions of IMS to send data.

In addition to the Inbox, IMAP4 can also access personal and public folders.

Includes advanced features such as search capabilities, selective download (messages OR attachments).

IMAP ALLOWS ANONYMOUS ACCESS, authentication, message format (MIME, Plain Text, and HTML), and idle time-out.

LDAP – Lightweight Directory Access Protocol – Provides client access to a directory service. Supports Querying, Reading, Sorting, Deleting Directory Objects. REQUIRES TCP/IP on BOTH CLIENT AND SERVER.

Integrated directly into DS component and ENABLED BY DEFAULT. However it is configured using objects in the Site and Server Protocols containers.

Supports anonymous access, authentication, idle time-out, and REFERRALS (Exchange LDAP has the ability to forward searches to servers outside it’s Organization).

- Develop an Infrastructure for Exchange Server

Identify Public folders, Including Server-Side Scripting

If your network can benefit from workflow applications, then server-side scripting strategies should be developed. They should address the processes to automate, the people involved in those processes, the developers needed to create the scripts, and the tools needed for development. Public folder replication should be addressed also, including the servers that will contain replicas (if any), the replication schedule, and the age limits of replicas.

Identify Private Information Stores

See topic 1.01

Set policies to control storage such as mailbox and public folder storage limits, age limits for items in public folders, and maximum message sizes.

Plan Internet Connectivity and Access

Which server will run IMS.

What SMTP mail systems will be connected to and what are their address spaces.

How will mail be sent (forward all to a single SMTP host, or use DNS to send to recipient’s host)

What will be the site address used to generate SMTP e-mail addresses for Exchange users.

Which recipient will receive IMS notifications.

- Choose Microsoft Exchange Client Installation and Integration Strategies. Elements Include :

Network Installation – Setup files copied to network share-point. User attaches to share and runs SETUP.EXE

The administrator initiates network installation by calling UCSETUP.EXE from the OUTLOOK CD. A Wizard then starts and prompts the Administrator for answers such as Complete or Custom setup, and the installation directory (the share-point where setup files will be located). The default location is \CLIENT, with the version specific files placed in sub-directories. For DOS = \CLIENT\EXCHANGE.DOC, Win3.x = \CLIENT\OUTLOOK.W16, Win95 and NT = \CLIENT\OUTLOOK.W32

A COMPLETE Setup copies ALL versions of Outlook (MS-DOS, Win3.x, Win95, and WinNT) while CUSTOM allows the Administrator to select which versions to install.

Client Computer Installation

Can be performed Locally, or from the network (see above). Can also be a Local or Shared Installation (loads files to a shared network directory, then user runs from there). Installation to the share-point is similar with the following exceptions:

MS-DOS Clients – On the machine that will hold the shared installation, Administrator executes SETUP and chooses the SHARED option. Administrator is then prompted for the "INSTALL Point for Shared Mail" (the share-point).

Windows Clients – On the machine that will hold the shared installation, Administrator executes SETUP/A. The /A switch dictates a shared installation. If the Clients are also running a shared copy of their OS, Administrator must be running the same shared copy WHEN the shared installation is performed. If there are multiple shared copies of the OS, Administrator must perform installation at each of the shared OS locations.

After creation of the share-points, installation is the same as a network installation with the exception that when clients are installing, they should select "Workstation".

Scripted Client Installation – A standard, pre-determined, scripted installation. Varies for 16 and 32 bit versions

For 16 Bit Versions of Outlook – Both EXCHNG.STF and DEFAULY.PRF MUST be in the Share-Point

Administrator modifies EXCHNG.STF using a text editor or Setup Editor to modify the installation options for SETUP.EXE (installed services, protocols, etc...The file contains MS determined defaults by default).
Administrator modifies DEFAULT.PRF to modify the default profile information. This file is created when Setup Editor is run and configurations to ‘User Options’ are modified. By this process, Administrator can customize a default messaging profile for users.

For 32 bit versions of Outlook – Their is NO 32 bit equivalent to Setup Editor.

Administrator modifies OUTLOOF.STF (32bit equivalent of EXCHANGE.STF) using Network Installation Wizard (NIW), available only on the Office 97 Resource Kit.
Administrator modifies OUTLOOK.PRF using a text editor (there is no other way).

Forms Interoperability –

Forms can be designed using either:

Microsoft Outlook Forms Designer, a 32-bit program that creates 32 bit forms, accessible only by Outlook Clients.

Microsoft Exchange Forms Designer (EFD), a 16-bit program that creates 16 bit forms accessible by any Windows 16 or 32 bit clients.

Schedule+ Interoperability –

Schedule+ 7.5 is included with and can be used as a client to Exchange Server.

Four MAJOR DESSIGN ELEMANTS of Schedule+ 7.5

Integration with MS Exchange Server

Contact List

Time Management Functions

User Permissions

Schedule+ 1.0 was included with MS Mail.

In order for Schedule+7.5 to share schedule and calendar information with Schedule+ 1.0 (and vice versa) you must install:

MS Mail Connector

Directory Synchronization between Exchange and MS Mail

Schedule+ Free/Busy Connector

Some features of Outlook are not available to Schedule+ users such as Outlook nontabular views of calendar information. Alternatives to manage this discrepancy include:

Manage a mixed environment
Configure Outlook to use the Schedule+ option (dummy it down) for group scheduling
Migrate all clients to Outlook

Calendar Interoperability

See Above {1.06 article (e)}

- Develop Long-Term Administration Strategies

Plan a Backup Strategy

Questions to answer:

How frequently will backups be performed?

What type of backup will be performed? (Full, Differential, Incremental)

What time of day should backups be performed?

What device(s) will be used to backup?

How will backup data be stored?

Microsoft Recommended Backup Strategies:

Full Daily – Only one tape is needed but takes the longest time.

Files backed up: PRIV.EDB, PUB.EDB, Transaction Log Files, Checkpoint File (EDB.CHK)

One Full, Four Incremental - Full on day 1, Incrementals all others. Requires up to 5 tapes, but least time.

Files backed up: Transaction Log Files, Checkpoint File (EDB.CHK)

One Full, Four Differential – Full on day 1, Differentials all others. Requires only 2 tapes (1 full, 1 diff) but takes progressively longer each day.

Files backed up: Transaction Files, Checkpoint File (EDB.CHK)

FOR INCREMENTAL OR DIFFERENTIAL BACKUPS, CIRCULAR LOGGING MUST BE TURNED OFF

Placing the database files and transaction log files on separate disks improves performance and fault tolerance.

Standby Servers - Can be CRUCIAL, MUST BE IDENTICAL

To restore the contents of a deleted mailbox, restore a backup of the entire Private Information Store (PRIV.EDB) to an alternate (standby server) then copy data to PST file and copy PST file to the current mailbox.

BACKUP.LOG can also be an invaluable troubleshooting tool.

Plan a Disaster Recovery Strategy

See above {1.07 article(a)}

Standby Servers

ISINTEG –PATCH – After an off-line restore you MUST run this to patch the IS

ISINTEG –FIX – If disk becomes full and IS stops, you MUST run this to roll back to the last checkpoint.

Questions to ask in regard to Disaster Recovery Plan:

What is organization’s definition of a disaster?

Definition of acceptable downtime?

What is the escalation process and who is to be notified and mobilized?

What are the recovery steps? (should be tested and written down)

Is there an inventory of the necessary resources for a recovery, including hardware, software, AND THE EXCHANGE SERVER CD?

Information Store Maintenance

Backup, Backup, Backup

Online Maintenance: Exchange automatically performs these functions on the IS database:

Defragments the Private and Public Information Stores

Removes expired messages based on configured age limits

Deletes indices created to cache folder views

Defrag is a quick fix for dwindling disk space.

Offline Maintenance: Utilities such as ISINTEG, and EDBUTIL (used to recover badly damaged databases, both DS and IS)

Plan Remote Administration

Identify and configure RAS Server in relevant sites

Identify and configure RAS client software on relevant remote computers

Install LOCAL copy of Exchange Administrator

Install LOCAL copy of User Manager for Domains – requires workstation to be running NT

Install LOCAL copy of Server Manager – requires workstation to be running NT

Plan Information Retrieval Strategies

See above 1.07 articles a-c

- Develop Security Strategies

The primary security feature in Exchange 5.5 is the Key Management Server, which enables encryption and digital verification of users. 4 important issues to address with respect to KM are:

Advanced Security Use

Preferred Encryption Algorithm

KM Server Location

KM Server Administration

Other significant security implementations are:

Permission Controls

Message Tracking

Top-Level folder create permissions

Storage warnings schedule

Affinity, and Cost Values (prevent overloading specific resources)

Protocol selection (and denial of users from domains and addresses unauthorized)

Idle time-outs

- Develop Server-Side Scripting Strategies

See article 1.05 (a)

Installation and Configuration

- Install an Exchange Server Computer

Exchange comes in two editions: Standard and Enterprise. The main difference between the two is the connectors that are bundled with each:

Standard Edition: Ships with connectors for IMS, MS Mail, Lotus cc:Mail, and Lotus Notes

Enterprise Edition: adds connectors for IBM OfficeVision/VM, SNADS, and X.400

In addition the Enterprise Edition can work with MS Cluster Server, and increases the storage limit to 16T for each of the Exchange databases (DS, Private IS, and PublicIS).

Minimum Hardware Requirements

P90 Processor, or Digital Alpha 4/275 Recommended P166, or Alpha 5/500

24M RAM/Intel, 32M/RISC Recommended 32M/Intel, 48M/RISC

250M Disk space/Intel, 300M/RISC Recommend 500M for all platforms

Minimum Software Requirements

OS WinNT Server 4.0, Service Pack 3

Page File 50M + RAM, Recommend 100M + RAM

Apple Macintosh (optional) NT Services for Macintosh

Novell NetWare (optional) Gateway Services for NetWare, NWLink (if NetWare clients use IPX/SPX

SMTP/POP/IMAP (optional) TCP/IP

Web Browser Clients (optional) IIS3.0 running Exchange Outlook Web Access components

IBM Messaging or SNADS (optional) SNA Server

Advanced Fault Tolerance (optional) Enterprise CAN work with Cluster Server

To install Exchange, you must be logged on to an account with Administrator privileges, because files will be copied to the \System32 directory, and permissions will be granted to the Site Service Account.

Before installation, you MUST create the Site Service Account. It should be configured with the following properties:

User Cannot Change Password

Password Never Expires

"User Must Change Password at Next Login" is NOT enabled

Exchange Server will grant the Site Service Account the following rights:

Act as part of the Operating System

Log on as a Service

Restore Files and Directories

- Configure Exchange Server for Message Recipients

Configure Mailboxes. Configure Custom Recipients

Mailboxes are configured through:

MS Exchange Administrator

Select File, New Mailbox. You MUST specify an NT User account to associate with the mailbox, or specify "Create New Account"

MS WinNT User Manager for Domains

Exchange adds the MAILUMX.DLL module to User Manager for Domains. Whenever an account is created, an Exchange mailbox is also created. If an account is deleted, the mailbox is deleted also

MS Exchange Extract and Import Tools

Extract Tools are designed for Windows NT Accounts/LanManager, or NetWare Accounts (2.x, 3.x, or 4.x RUNNING IN BINDERY EMULATION MODE). The Extract tools are executed through Exchange Administrator, Tools menu.

The Import Tool is accessed through the Exchange Administrator, Tools menu, and can be used to Import data or modify existing data before import.

Mailbox Properties : General Tab

Display Name – This is the name that will be displayed in the GAL and the Administrator window. By default, it is the first and last name values (ie Joe Smith)

Alias – The name used to generate foreign email addresses for the mailbox. By default, it is the Primary NT Account name. Exchange automatically generates foreign addresses for:

Lotus cc:Mail

MS Mail

SMTP

X.400

Primary Windows NT Account – This is the NT Account associated with this mailbox

Home Server – The Exchange Server on which this mailbox will reside

Organization Tab –

Phone/Notes Tab –

Permissions Tab – Can Specify ROLES here, including:

Admin Role (Modify User Attributes, Modify Admin Attributes)

Permissions Admin (Modify User Attributes, Modify Admin Attributes, Modify Permissions)

Send As

User (Modify User Attributes, Send As, Mailbox Owner)

Distribution Lists Tab –

Email Addresses Tab – displays the foreign addresses for this mailbox

Delivery Restrictions Tab – Default is to accept from all, reject from none

Delivery Options Tab – Specifies a list of Users who can send "on behalf of". Also allows mail sent to this box to be directed to an alternate recipient solely, or in conjunction with this box.

Protocols Tab – Including encoding methods including Multipurpose Internet Mail Extensions (MIME), BINHEX (Apple), UUENCODE, or MS Exchange Rich Text Format (RTF)

Custom Attributes Tab –

Limits Tab – Storage limits, Deletion Retrieval Limits. Message Sizes

Advanced Tab – contains entries for Trust Level (associated with replication), Directory Name, Display Name, On-Line Listings Information (applicable if using MS NetMeeting), Home Server, Hide from Address Book, Downgrade High Priority X.400 Mail, Container Name, and an Administrative Note.

Configure Custom Recipients

The address of a non-Exchange mail recipient. They are part of the GAL.

Created through Exchange Administrator, File menu, Create New Custom Recipient.

The Standard Options for the types of foreign address are:

cc:Mail address

MS Mail address

MacMail address (MS Mail for AppleTalk)

Internet address

X.400 address

Other address

The Properties of a custom recipient are similar to those of a mailbox. However, you MUST ENTER THE ADDRESS IN THE FORMAT OF THE FOREIGN MAIL SYSTEM

Configure Public Folders

Public Folders are sharable containers of information. They can be replicated to other servers. They are created through CLIENT applications such as Outlook and the MS Exchange Client.

They have four main features:

Permissions

Forms – can be associated with a public folder to provide a format for entering information.

Views – Public folders can be organized by various views, such as by sender, recipient, subject, and time frame.

Rules – Pertain to the automatic processing of information sent to the public folder.

Configure Distribution Lists

Created from Exchange Administrator, File menu, New Distribution List.

Distribution List Properties : General Tab

Display Name

Alias Name

Members

Owner

Expansion Server – Designates the Server that will expand the DL

Notes

Advanced Property tab

Display Name

Directory Name

Trust Level

Message Sizes

Container Name

Distribution List Options

Report to DL Owner – default is not checked

Report to Message Originator – default is checked

Allow out of Office Messages to Originator

Hide from Address Book

Hide Membership from Address Book

Configure Site Addressing

Pertains to properties related to Site-wide addressing. Is accessed and configured through the Site, Configuration Objects. Dictates the format of a Site’s Internet address, and properties used for message routing, such as route costs. Administrator can also use this object to disable or enable the foreign addresses that are created by default.

Configure Container-Level Search Controls

The "Find Recipients" function in Exchange Administrator can search for recipients anywhere in an organization. It is found in the Tools menu, Find Recipients option. Search criteria can be inputted such as first name, last name, title, department, and others.

Configure Address Book Views

Used to organize addresses from the GAL into groups. Example of grouping addresses by building number. These views can also be made available to Exchange Clients. To create an address book view: Click the Address Book View Container, found in the Organization Container. Then File, New Other, Address Book View.

- Configure Connectivity to a Mail System Other than Exchange Server. Connector Types Include:

X.400 Connector – based on the CCIT standard, the X.400 Connector includes the use of

Address Space
Connector Cost
Option to Override the Account used to make the connection

Each end of an X.400 connection must be configured with the name of the remote MTA to which it will connect. The LOCAL MTA name is assigned when an MTA TRANSPORT STACK is installed. Typically the local MTA name is the same as the Server name.

Properties of the X.400 Connector:

Low to Medium Bandwidth requirement

Can utilize Dial-up connections

ALL DATA IS TRANSFERRED THROUGH MESSAGES

Different Transport Stacks Used – Supports TCP/IP, TP0/X.25, and TP4/CLNP. Each must be installed and configured through Control Panel/Network, and defined as an MTA Transport Stack in Exchange. Stacks are created in Exchange Administrator, File, New Other, MTA Transport Stack. After a stack is created, the X.400 Connector can be installed and configured

Remote Site Configuration is NOT AUTOMATIC

MUST use Messaging Bridgehead Server

Allows Connections to the Remote Site to be Scheduled (options are Remote Initiated, Never, Always, Selected Times)

Allows Delivery Restrictions (which users can use the connector, maximum message size)

Advantages of the X.400 Connector are its ability to use additional options, ability to connect to large multi-routed networks, and its ability to be used as a messaging backbone. Only real disadvantage is the increased amount of configuration.

The address of the remote host MUST BE ENTERED IN THE FORMAT USED BY THE PROTOCOL STACK. If using TCP/IP, this could be FQDN, NetBios Name, or IP Address.

Microsoft Exchange Connector for Lotus cc:Mail – provides both message exchange and directory synchronization. Is installed using Exchange Server Setup.

Uses 2 Lotus cc:Mail utilities:

IMPORT.EXE –

EXPORT.EXE –

Microsoft Mail Connector

MS Mail is a shared-file mail system. The mail messages are stored as files in a shared directory on a designated computer, called a postoffice. An MS Mail system can have more than one postoffice. If an organization has several postoffices, the MS Mail MTA is responsible for routing mail between those postoffices.

MS Mail postoffices exchange directory information through the Directory Synchronization Protocol. A single postoffice is designated as the DIRSYNC SERVER, and stores the master copy of the network directory information (the GAL) and sends the list to DIRSYNC REQUESTORS. Dirsync Requestors send new, LOCALLY CREATED directory information to the Dirsync server, and receive the GAL FROM the Dirsync server.

Three primary events occur during synchronization:

T1 – The interval used by the dirsync requestors to send their postoffice address list to the dirsync server

T2 – The interval used by the dirsync server to compile a new GAL and send it to the dirsync requestors

T3 – The interval used by the dirsync requestors to rebuild their postoffice address lists

The default setting for each of these events is once every 24 hours

Three Exchange components enable communication between MS Mail and Exchange. They are:

MS Mail Connector – composed of:

1. MS Mail Connector Interchange – translates messages from Exchange format to MS Mail format and vice versa. The translated messages are placed in "shadow postoffices"

2. MS Mail Connector (PC) MTA – transfers messages between an Exchange Server and MS Mail postoffices. MULTIPLE INSTANCES CAN EXIST

Directory Synchronization Agent (DXA) – enables Exchange to automatically exchange directory information with an MS Mail system. The DXA allows users on each system to see directory information of the other system

Schedule+ Free/Busy Connector

MS Mail Connector Installation and Configuration

Installed from Exchange Setup - Add/Remove Programs

Configuration can be organized into four main procedures:

Define and Configure a PHYSICAL Connection to an External Postoffice

Three types are available:

LAN – Requires entering the postoffice path, and connection attempts

Asynchronous Connection – Requires Network Name, Postoffice Name, Sign-on ID, Password, Connection Attempts, Phone Number, Optional Settings

X.25 – the X.25 protocol must be installed and configured on the Exchange server. Properties are the same as Async, however X.25 requires X.121 address of the postoffice (a 16-digit number that identifies the computer on the X.25 network that contains the external postoffice)

Define and Configure Message Transfer – To create a new Connector MTA Instance, click the New button on the Connector MTA’s property page, and configure the following attributes:

Service Name – the name that represents a particular instance of the MTA

Polling Frequency – Set to indicate how long this instance of the MTA will wait before checking the postoffice for new mail. The default is 5 minutes

Connection Parameters – Default is LAN

Configure Destination Address – Four address templates are available:

X.400

MS Mail

Internet

General (can be used to create any type of address).

Addresses can be to specific recipients on a foreign system, or they can be to an entire network of recipients (by using the wildcard *)

Configure Other Settings – Contains the following pages:

General Property Page – Used to set a maximum message size, and include an administrative note

Interchange Property Page – Used to select the Admin mailbox to receive information messages and alert notifications from the connector. Other properties include primary language and Message Tracking. If Tracking is enabled, information will be written to the tracking logs

Local Postoffice Property Page – The MS Mail Connector allows an Exchange server to function as an MS Mail postoffice. By default, the Exchange Organization name is used as the network name and the Exchange Site name is used as the postoffice name. This page is also where you would enter and change any passwords associated with the connector.

- Configure Synchronization of Director Information between Exchange Server and Other Mail Systems. Types of Directory Synchronization Include:

Manual

To manually force a synchronization, Stop then Restart the DXA.

Automatic

You must first determine if the Exchange server is to be a dirsync server or a dirsync requestor.

Exchange Server as a Dirsync Server

Create and Configure a Dirsync Object – In Exchange Administrator, File, New Other, Dirsync Server. Some of this object’s properties are:

Name – the directory name of this object

Dirsync Administrator

Server – The name of the Exchange Server that will function as the dirsync server

Schedule – A schedule can be defined to execute the T2 event

Remote Dirsync Requestors MUST be Created and Configured – the Administrator configures this information by creating a remote dirsync requestor object for each MS Mail postoffice. One of the most important properties of this type of object is the list of recipient containers that are to be exported to the remote requestor. This information is entered on the Export Containers Property Page. Attributes on this page include:

Recipient Containers

Trust Level

Configure the MS Mail Postoffices that are Dirsync Requestors – The requestors must be configured with information about the server

Exchange as a Dirsync Requestor

A Dirsync Requestor Object must be Created and Configured – The Dirsync Requestor Object is created and configured in the same manner as the Dirsync Server Object.

Configure the Mail Dirsync Server – The server must be configured with information about the requestors

Information on Directory Synchronization with the Lotus cc:Mail Connector is briefly covered in the text and has been addressed in article 2.03 (b)

- Configure Directory Replication

Intrasite replication is automatic and performed by direct DS-to-DS communication. There are 2 important criteria when determining a replication schedule, bandwidth, and time-sensitivity.

Two methods can be used to set a replication schedule:

Use the Replication Schedule Property Page of the IS to set a "global" replication schedule

Use the Replication Schedule Property Page on the folder itself. This Overrides the IS setting

Affinity Numbers can be set on each replica to designate an order for usage (much like costs on recipients and backups)

The Directory Replication Connector

Used for Intersite replication and must be manually configured. The Directory Replication Connector uses an existing messaging connector to send directory information to a remote site. There are four primary steps to setting up replication between sites:

Configure the messaging connector to be used for intersite directory replication

All Connectors except he Site Connector (which is used to connect to Exchange sites) need to be "informed" that the remote site is an Exchange Server site. This is specified on the Connected Sites Property Page of the messaging connector.

Install a Directory Replication Connector for BOTH sites

In Exchange Administrator, File, New Other, Directory Replication Connector. You will then need to supply:

Local Bridgehead Server
Remote Site Name
Remote Bridgehead Server
E-Mail Address of the Remote Bridgehead Server

Identify the directory replication BRIDGHEAD at each site

Only one server in a site can be assigned the duty to replicate to a given remote site. One server can, however, replicate to more than one remote site. In Intersite Directory Replication, Bridgehead Servers Must Request Replication Information. Directory information is never pushed to a remote site. This is in contrast to intrasite replication, where servers send a notification of new information to the other servers of the site.

Configure a replication schedule

By Default, Occurs every 3 hours. Can be modified onthe Schedule Property Page of the Directory Replication container object

Connections between sites are TRANSITIVE (If Aà B, and Bà C, then Aà C)

To force replication, on the Sites Property Page, highlite the remote site in the Inbound Sites Listbox and click "Request Now"

The DS Site Configuration Object, Attributes Page allows an Administrator to specify what information will be replicated to other sites

- Import Directory, Message, and Scheduling Data from Existing Mail Systems

There are 2 strategies to Migration, the SINGLE-PHASE, and the MULTI-PHASE.

Three Main Tools are used to perform a migration:

Source Extractors – Extracts information and places it in a format that can be imported into Exchange. Requires Administrative privileges on the foreign mail system. Creates three file types: (The 3 together are commonly referred to as "The Migration Files"

1. Primary files (*.PRI) – Contain mailbox names, custom recipients, personal address book, message headers of messages being extracted. Is in CSV format.

2. Secondary Files (*.SEC) – Contain the message bodies, message attachments, and scheduling data

3. Packing List File (*.PKL) – Contains Filenames and other information pertaining to the information in the primary and secondary files.

Migration Wizard – Executed from the Exchange Program Group. Can automatically extract information from: MS Mail, cc:Mail, Novell GroupWise, and Collabra Share forums.

Migration can be performed in a One-Step, or Two-Step procedure. Use the two-step when changes need to be made before import. The Migration Wizard prompts for the following options:

Select Mailboxes to Import

Create Mailboxes – Existing mailboxes can be used, but the default is to create new Exchange mailboxes. Additional properties pertaining to new mailboxes are:

Recipient Container

Templates

Passwords (Random or Use Alias Name)

Messages and Folders

Shared Folders

Personal Address Books (PABs)

Calendar Files

Directory Import and Export - used when bulk changes need to be made. Copies the properties of a large number of recipients to an editable text file.

Mail sent to a migrated user can be handled by:

Forwarding Feature – If the foreign mail system supports it

Directory Synchronization – enables users in the foreign system to see and use the addresses of the migrated users. This is probably the best option.

Use Both Mailboxes – Lame

Former Email address maintained through a Proxy Address

Edit an alias file on the SMTP relay host to point to the new address

Delete Postoffices once all users are migrated

Migrate ALL Users

- Install and Configure Exchange Server Client Computers

In addition to the information in Article 1.06, Messaging Profiles need to be addressed. It is important to remember that they can be automatically setup using the edited DEFAULT.PRF and OUTLOOK.PRF files.

Messaging Profiles Consist of:

Information Services – Specifies the Information Services (MAPI providers that permit access to back-end messaging systems) to be used. Can include MS Exchange, Personal Folders, MS Mail, MSN, MS Fax, Internet Mail, and CompuServe Mail.

Information Storage – Where to deliver incoming mail, Offline folders, Message handling settings (sounds,etc.), Options for deleting (prompt or not), and Options after moving or deleting open messages (open next, open prev, etc...)

Delegate Access – Send on Behalf of, Send As, etc...

Remote Mail

Roaming Messaging Profiles are setup much the same as Roaming User profiles. The key is that the profile must be on a server, and the local machine must be configured to find the profile on that server. For DOS and Win3.x Clients, this involves editing configuration files (Win.ini) , for win9x and NT clients, the procedure is accomplished by pointing to the profile in the User Environment Tab in Control Panel/Users

- Configure Address Lists and Accounts by Using the Administrator Program

This has been addressed in article 2.02

- Configure the Message Transfer Agent Within a Site

The role of the MTA is to manage the transfer of data. MTA properties are accessed through the MTA Site Configuration Object in the Configuration container. IS handles message transfer within a server, MTA handles all transfers BETWEEN servers.

Message Tracking - An important feature that is enabled from the Tools menu in Exchange Administrator. If enabled, the SA will keep a log of routing information for every message in the MTA process. The Log is stored in ASCII format in the EXCHSRVR\TRACKING.LOG directory. Filenames are formatted as YYYYMMDD.LOG, example 19970201.LOG .

Other MTA properties that can be set through the MTA Site Configuration Object:

RTS Values – Indicate:

1. How often you want to verify information being sent

2. How long to wait after an error before re-sending

3. How often you want verification from another server that it has received a message.

RTS Values Attributes:

a. Checkpoint Size – The amount of data to be sent before a checkpoint is inserted

b. Recovery Timeout – The length of time the MTA waits for a reconnection after an error

c. Window Size – Indicates the number of checkpoints that can be sent before an acknowledgement must be received from the destination.

Connection Retry Values – Indicate:

How many times you want to try to open a connection
How many times to try to send a message
How long to wait after an error to re-open a connection
How long to wait to re-send after an error

Connection Retry Attributes:

a. Max Open Retries

b. Max Transfer Retries

c. Open Interval – The length of time the MTA waits after an error to re-open a connection

d. Transfer Interval

Association Parameters – Indicate:

How long to keep an association (an open pathway to another system) open
How long to wait for a response before closing the association
The number of queued messages that will trigger an additional association

Association Value Attributes:

a. Lifetime – The length of time the MTA keeps an association open after it has finished sending messages

b. Disconnect – The length of time the MTA waits after sending a disconnect message before it will close the connection

c. Threshold – The maximum number of queued messages before the MTA opens another association

Transfer Timeouts – Indicate how long to wait after a transfer failure before sending a Non-Delivery Report (NDR) to the sender

The MTA Check Utility (MTACHECK) scans an MTA queue looking for corrupted messages that could prevent the MTA from sending. MTACHECK will attempt to remedy the situation by rebuilding the MTA queue. This program can only run when the MTA is stopped. It is found in the \EXCHSRVR\BIN directory and can be run from a command prompt.

- Configure the Message Transfer Agent Among Sites

If there are several connectors the MTA will go through a selection process to choose a connector through which to send messages. The basic steps are:

A LOCAL MTA component receives a message destined for another site. The MTA temporarily store the message in a queue until it determines a route for the message

The MTA reads the destination address of the message and queries the GWART (Gateway Address Routing Table) for an entry to that destination. If there is only 1 connection, the MTA passes the message to the MTA on that connector’s server. If there are more than one connection, the MTA goes through a selection process, with COST being a key factor.

After passing he message to the relevant connector, the MTA deletes the message from the queue and notifies the SA of successful delivery. The SA writes that information in the tracking log file.

If the Message cannot be delivered, the local MTA sends the message back to the sending object with an NDR.

The most important factor in configuring MTA between Sites is the COST associated with each entry in the GWART. Th GWART is stored in \EXCHSRVR\MTDATA and is labeled GWART0.MTA. There is also a copy of GWART1.MTA, which is the second most recent GWART.

–Configure Internet Protocols and Services. Protocols and Services Include:

POP3 and IMAP4

POP3 – CANNOT BE USED TO SEND MAIL, RETRIEVAL ONLY. (SMTP is used to send) It is built into the IS

Contains Property Pages for:

General – Enabled and Disabled here.
Authentication
Message Format
Idle Time-Out

The following information MUST be configured on a POP3 Client in order to connect to a POP3 server:

POP3 Server Name

SMTP Server Name

POP3 Account Name

POP3 Account Password – The password of the NT User account

POP3 Client E-Mail Address – The SMTP address of the POP3 client

POP3 can only access messages in the Inbox Folder, and DOES NOT permit access to encrypted messages.

IMAP4 – Internet Message Access Protocol - As with POP3, IMAP4 is built into the IS. It also CANNOT send, only retrieve. Both POP3 and IMAP4 use the SMTP functions of the IMS to send data. IMAP4 can also access personal and public folders (POP3 cannot) and includes advanced features such as search capabilities and selective download.

Contains Property Pages for:

General
Authentication

Anonymous

Message Format
Idle Time-Out

Active Server and HTTP

Active Server – A set of components running on IIS 3.0 that enable web clients to access MS BackOffice applications, such as Exchange.

The main components that implement Active Server are:

Collaboration Data Objects (CDO) – The libraries of functions providing basic messaging functions to Active Server Pages

Active Server Pages – Programs, written in ActiveX and running on an Active Server, that provide access to a specific MS BO application.

Web Browser access to Exchange is accomplished by use of the Microsoft Outlook Web Access ASP (OWA). Active Server and OWA act as a gateway between the Internet protocols and those used in the Exchange environment

OWA REQUIRES IIS3.0 WITH ACTIVE SERVER PAGES, and is installed during the setup process (perhaps through add/remove also?)

HTTP – Handles application-to-application communication. DO NOT CONFUSE WITH HTML, which is used to CREATE hypertext and multimedia documents for the WWW. Configuration of HTTP is done on BOTH the Active Server and the Exchange Server:

Active Server Configurations:

Authentication – Basic or MSCHAP. Set through IIS Internet Service Manager

Encryption – Enabled through IIS Internet Service Manager. Active Server uses SSL encryption protocol. Normally Web Browsers use Port 80 to communicate with a Web server. But when a Web browser and Web server communicate using SSL, Port 995 is used.

Rejecting IP Addresses – Can be used to reject designated IP addresses or Ranges of IP addresses. Can be used to reject clients using POP3, IMAP4, NNTP, and LDAP. Configured through the Exchange Administrator Program

Exchange Server Configurations:

General

Folder Shortcuts – Contains the list of public folders that will be available to anonymous Web users

Advanced – Enables the setting of the maximum number of Address Book entries that will be returned to an authorized Web client. The default is 50.

When an Active Server attempts to establish a connection to a mailbox on an Exchange Server, the Active Server first determines the enable/disable status of the HTTP object at the Site level. If that is enabled (which is the default), then it determines that status at the particular mailbox. If HTTP is enabled at the Site level but not at a particular mailbox, the Web user will receive an error message that the server is down or that HTTP access is denied.

NNTP – used to transfer information across USENET. Also used to transfer newsgroup content between servers (a newsfeed) which can be configured to either PUSH or PULL.

NNTP is incorporated into the IS. Newsfeeds must be setup using the Newsfeed Configuration Wizard, accessed through Exchange Administrator, File, New Other, Newsfeed. When a Newsfeed is configured, this functionality (with Exchange) is referred to as INS (Internet News Service). INS enables an Exchange Server to function as a newsgroup server.

Newsfeed Configuration Wizard Dialog Boxes:

Installed Server – The name of the Exchange Server that will receive the newsfeed

Type of Newsfeed – Inbound, Outbound, or Both

Connection Type – LAN or DUN

Schedule –

Host Computer – The computer that SENDS the newsfeeds

Security

Administrator

Active File – This file contains the list of all available newsgroups on the USENET host. Allows importing or downloading of the Active File

Newsfeed Property Pages:

General

Messages – Controls Inbound and Outbound message size

Hosts

Connection

Security

Schedule

Advanced

Outbound

Inbound

LDAP – See article 1.04 (b) LDAP is incorporated in the DS.

LDAP Property Pages

General

Authentication

Anonymous

Search

Referrals

Idle Time-Out

- Configure Message Tracking

This has been discussed in article 2.09

–Configure Server Locations

This has been discussed in article 1.01 (a)

- Configure Security

The primary advanced security feature in Exchange is the Key Management Server. To deploy KM, ONE server in the organization must be configured as follows:

It must be in the domain used for centralized administration
It must be backed up regularly and physically secure
It must use NTFS

KM is installed from Setup, Complete/Custom, KM Server. It must be started MANUALLY from control Panel/Services.

To upgrade KM Server you must have the original KM Password (startup) floppy.

During client setup, Exchange copies ETEXCH.DLL to Win3.x clients, and ETEXCH32.DLL to Win9x and NT clients. Each user’s mailbox must be configured for advanced security and create certificates (form the Security Page of the mailbox) before security can be enabled. Also, before a client can use advanced security, they must request and receive their keys and certificates from the KM Server.

A KM Administrator must configure the Preferred Encryption Algorithm from the Security Page of the Encryption Object in the Configuration Container. The Options are:

CAST-64

CAST-40

DES

CAST-64 and DES are available in North America Only

Configuring and Managing Resources

- Mange Site Security

Management of Site security is accomplished primarily through management of NT Trust Relationships. By properly planning and using the fewest number of Trusts to achieve the desired result, security is inherently enhanced. Further Security is enhanced by the existence of one, and only one Site Service Account. It is important to remember to NOT use the Administrator account as the Site Service Account. Not only is this a security risk, setup problems will arise.

With the creation of Trusts, Virtual Domains are created, where Exchange servers share the individual Domain SAMs and it appears as one Domain. For Communication between Sites, the Exchange Servers do not have to use the same Site Service Account. The logical boundaries between Sites are called site boundaries.

- Manage Users

Managing Users is accomplished through responsible and efficient creation of mailboxes in Exchange Administrator, and User Accounts in User Manager for Domains. Tools such as templates can be used to facilitate creation of multiple, similar mailboxes. The Find Recipients feature in the Tools menu of Exchange Administrator as well as the ability to move mailboxes between Servers can be of great benefit in managing Users. Moving Mailboxes (and organizing mailbox storage from the start) can be EXTREMELY beneficial in regard to:

Balancing the Load between Servers

Keeping "Common" Users on the same Network Segment

Allowing Users to access their mailboxes while servers are taken down for maintenance

Periodic Cleaning of mailboxes based on age, size, read/unread status, can also aid an administrator in managing Users and resources.

Using Batch Processes to modify multiple recipients can also reduce the amount of time an Administrator must spend on User maintenance and management. Other issues such as address space entries, Trust, Cost, and Affinity levels, and automated, customized installations can further facilitate User Management.

–Manage Distribution Lists

Through proper setup and membership in DLs, an administrator can further reduce the headaches of management. One key factor in the design of the DL is the Expansion Server, which if homed properly can greatly reduce the workload on a particular server. The inherent property of DLs storing one copy of the message for a DL goes a great way in minimizing required maintenance, management, and resources. Features such as Hide from Address Book, Hide Membership from Address Book, Report to DL Owner, Report to Message Originator, and Allow Out of Office Messages also can be very beneficial.

–Manage the Directory

Online Maintenance

Whenever a Directory Object is deleted, a tombstone is created. The purpose of the tombstone is to display the deletion to all of the servers in the organization. Tombstones are automatically replicated to other servers. Tombstones have a default life of 30 days to insure accurate replication

A related setting is the Garbage Collection Interval, which is the time interval at which tombstones are permanently deleted.

The DS/IS Consistency Adjustment ensures that the DS and IS databases are synchronized. It is initiated on the Advanced Property Page of an individual server.

Offline Maintenance

EDBUTIL.EXE (Exchange Database Utility) can only be run when the DS and IS are stopped. It performs the following:

Defragments a database

Consistency Check – Compares related information in a database to make sure it agrees.

Recover a database

The ISINTEG Utility discussed in article 1.07(b) can also be a very useful directory maintenance tool.

- Manage Public Information Stores. Elements Include:

Server Locations

This has been covered in article1.01(a)

Rehoming of Public Folders

This has been covered in article 2.20(b)

The creation and management of dedicated public folder servers should not be overlooked.

- Managing Private Information Stores

This has been covered in articles 1.05(b) and 107(a) and (c)

- Backup and Restore the Exchange Server Organization

This has been covered in articles 107(a), (b) and (e)

- Manage Connectivity

This has been covered in articles 2.03, 2.04, and 2.05.

Be aware of the implications and requirements of RAS and the RAS Connector. See Page 500

Monitoring and Optimization

- Configure a Link Monitor and a Server Monitor

Link Monitor

Used to test the message link between two Exchange servers. Sending a message to a designated remote server or recipient on a remote server tests a link. Created in Exchange Administrator by choosing File, New Other, Link Monitor.

Link Monitor has many of the same attributes as the Server Monitor. One unique attribute of the Link Monitor is BOUNCE, which is the longest acceptable round-trip time for a test message to travel between the monitor’s home server and the target server

Server Monitor

Used to monitor the services running on an Exchange server, send notifications, and perform specified actions. Created in Exchange Administrator by choosing File, New Other, Server Monitor. This brings up thew property pages of the Server Monitor:

General – Directory name, Display Name, LOG FILE, Polling Interval

Servers – Monitored Servers, Services to Monitor

Notification – When, How, Who

Actions – Actions to take when a service has stopped. (None, Restart Service, Restart Computer)

Clock – Synchronization of system clocks on both computers, and actions to take if not within a specified range

These Properties also apply to the Link Monitor

- Optimize Exchange Server. Tasks Include:

Hardware Optimization – previously addressed

Operating System Optimization – previously addressed. Performance Optimizer is a Key Factor

- Optimize Foreign Connections and Site-to-Site Connections

This has been covered previously. In addition see Design Scenarios starting on page 515

- Monitor and Optimize the Messaging Environment

Previously addressed. See page 452

- Monitor Server Performance by Using SNMP and MADMAN MIB

Microsoft Exchange Server 5.5 supports the MADMAN MIB (RFC 1566). This enables third-party SNMP management programs to access the various management statistics of an Exchange Server (version 5.5). MIB stands for Management Information Base, and defines a database structure for management statistics. SNMP stands for Simple Network Management Protocol, and defines a set of management objects and procedures for managing enterprise-wide environments.

Troubleshooting

- Diagnose and Resolve Upgrade Problems

Previously addressed in article 1.03. Also see pages 137-140

- Diagnose and Resolve Server Installation Problems

Previously addressed in article 1.03. Also see pages 136-140

- Diagnose and Resolve Migration Problems

To Troubleshoot a Migration Problem, the primary tools to use are Event Log (Event Viewer) and the Migration Wizard Error Summary.

If problems occur during a migration, some probable causes are:

Account used to perform migration does not have Administrator privileges in the existing system.

Account used to perform migration does not have Administrator privileges in the Exchange system.

The .PKL, .PRI, or .SEC files were edited improperly

The .PKL or .PRI files are missing

The .PKL or .PRI files are renamed

Network Problems occurred during the migration

The Private Information Store ran out of space during the migration

When migrating GroupWise accounts, be sure to have "PROXY ACCESS" granted to the account performing the migration

- Diagnose and Resolve Connectivity Problems. Elements Include:

Foreign Connectivity - See pages 514, 541, 594

Site-to-Site Connectivity - See pages 514, 541, 594

Internet Connectivity - See pages 514, 541, 594

Connectivity within a Site - See pages 514, 541, 594

- Diagnose and Resolve Problems with Client Connectivity

See Pages 247-257

- Diagnose and Resolve Information Store Problems

Previously Covered. See page 444

- Diagnose and Resolve Server Directory Problems

Previously Covered. See page 442

- Diagnose and Resolve Server Resource Problems

Performance Monitor. See Pages 411-413

- Diagnose and Resolve Message Delivery Problems

See Page 450

- Diagnose and Repair Backup Problems and Restore Problems

See Page 450

- Diagnose Organization Security Problems

See Page 342