An Overview of Exchange 2007 SP1

Exchange 2007 Features

• AD Integration
• Exchange Management Console
• Exchange Management Shell
• Server Roles
• Transport Features
• Unified Messaging
• High Availability

Understanding the Purpose of Server Roles

What are Server Roles?

In previous versions (Exchange 2000/2003) Exchange Servers were deployed with all code installed.  This creates a larger attack surface.

In Exchange 2007 SP1 that surface is reduced and the functionality of Exchange is expanded through 5 server roles.  They are:

• Mailbox Server
• Client Access Server
• Hub Transport Server
• Unified Messaging Server
• Edge Transport Server

A Review of the Five Server Roles

Mailbox Server:  Hosts user mailboxes and public folders

Client Access Server:  Provides client access to OWA, Exchange ActiveSync, Outlook Anywhere and POP/IMAP.  Provides OAB, Availability Services and AutoDiscover services.

Hub Transport Server:  Routes mail within the Exchange Organization.  All mail is sent (both incoming and going) through a Hub Transport server at some point.  It uses site and site link information from Active Directory to route internal messages.

Edge Transport Server:  Sits within your perimeter network (the DMZ) and routes mail in and out of your Organization to Hub Transport servers.  It applies messaging hygiene (anti-virus and anti-spam).

Unified Messaging Server:  Provides a Universal Inbox for email, voicemail and incoming faxes.  Also provides Outlook Voice Access (OVA) and Auto Attendant services.  Requires advanced telephony experience to understand configuration of PBX and VoIP Gateway devices.

Server 2003 or Server 2008? 

Which Server OS Should You Install

If you want to install Exchange 2007 SP1 you can use either Server 2003 or Server 2008.

If you want to use Server 2008, however, keep in mind that you cannot install the RTM version.  You also cannot perform upgrades from 2003 to 2008 and expect, regardless of the method, to upgrade your RTM to SP1.  The best practice approach is a clean install of Server 2008 with SP1.

To move to Server 2008, you need to migrate, not upgrade.  This can be done in a variety of different ways.

Understanding Upgrade Terminology

• Upgrades:  You cannot perform an in-place upgrade.
• Migrations:  Move over mailboxes but not configuration data.  Used for moving from Exchange 5.5, Lotus Domino or Novell Groupwise to Exchange 2007
• Transitioning:  To move both mailbox and configuration data from Exchange 2000/2003 over to 2007.  During the period of transition you are in a state of co-existence.

Prepare Your Environment To Transition from Exchange 2003 to 2007

Transition Methodology

• Determine which servers to replace first.
• Prepare Active Directory
• Eliminate Exchange 5.5 Servers from your environment if you have any.
• Make sure your Exchange Servers and the necessary Domain Controllers have their Service Packs up to date.
• Raise both your Exchange and your Domain functional levels to Native 

(Demo Included)

The Exchange Best Practices Analyzer Readiness Check

The Exchange Best Practices Analyzer (ExBPA) was designed to troubleshoot your Exchange configuration.  It is useful for a variety of different tests to your Exchange environment but this clip focuses on the ability it has to determine if your legacy Exchange environment is ready for you to install your first Exchange 2007 server into the organization.

(Demo Included)

Preparing Active Directory for Exchange 2007

Active Directory Switches

• Prepare Legacy Exchange Permissions
• Prepare Schema
• Prepare AD
• Prepare Domains or /Prepare All Domains

(Demo Included)

Moving Mailboxes To Your Exchange 2007 Server

This walks through the steps of using the Exchange Management Console with the Move Mailbox wizard to show you how to move your mailboxes from legacy Exchange servers over to your Exchange 2007 mailbox database.

You begin the wizard by selecting the Recipients and choosing Move Mailbox from the actions pane. 

Or you can also try the Move-Mailbox cmdlet from the EMS.

(Demo Included)

Required Features and Roles for Installing Exchange 2007

The following are required for all Exchange 2007 Servers:

• MMC 3.0

• .NET Framework 2.0 or higher

• PowerShell

 In addition, there are requirements for some server roles that you install the IIS role and a variety of necessary services.

You can install these features, roles and role services through the Server Manager console or the CLI.

(Demo Included)

Using the CLI to Install Roles and Features

You can use the ServerManagerCmd command to install any role or feature you need.

For example, to install PowerShell you would type ServerManagerCmd -i PowerShell

You can include all of these commands into a simple batch file that can be run to automate the process.

(Demo Included)

Exchange Installation: Performing a Typical Installation

Performing a Typical installation will install the Hub Transport, Client Access Server and Mailbox Server roles.

Note:  If you want to also install the Unified Messaging Server you have to perform a Custom installation and select all four roles.  If you wish to install the Edge Transport, this role cannot be combined with others.

(Demo Included)

Edge Transport Role Preparation and Installation

Preparing for the Edge Transport Role

• If installing on Server 2003, you need to install the Active Directory Application Mode (ADAM)
• If installing on Server 2008 you need to install the AD Lightweight Directory Services (ADLDS)

Installing the  Edge Transport Role

Must be done on a server that is in the perimeter network, is not part of Active Directory.

(Demo Included)

The Edge Transport Role EdgeSync Process

There are three steps to the EdgeSync Process:

1.  Create the EdgeSync xml file on the Edge Transport server.
2.  Move the xml file over to the Hub Transport server.
3.  Perform an Edge Subscription either through the EMS or the EMC.

(Demo Included)

Getting Started with the Exchange Management Console (EMC)

Learn how to navigate through the EMC. 

Work with the Navigation Pane, the 4 work centers (Organization Configuration, Server Configuration, Recipient Configuration and the Toolbox.)

Understand the difference between the work pane, the results pane and the actions pane.

(Demo Included)

Getting Started with the Exchange Management Shell (EMS)

Learn how to create basic PowerShell commands with cmdlets.  A cmdlet is a verb-noun combination that can perform powerful tasks in the EMS.

Use the Get-Command or Get-Excommand to see a list of commands.

Use Help <type cmdlet here> to get help with cmdlet syntax.

Type the verb and hit the Tab key to see automatic cmdlet completion.

(Demo Included)

Understanding Storage Architecture

Looking under the hood of Exchange 2007's storage architecture we see a database file with an .edb extension and we see transaction logs that are 1 MB in size.

Ultimately the goal is to keep the database and logs on separate disks (and both off of the disk with the OS and Exchange application files).

If possible, place the database on a RAID 5 disk set and the logs on a RAID 1 disk set.

(Demo Included)

Create a New Storage Group

To create a new Storage Group you can use the wizard from the EMC.

1. Open the EMC, expand out the Server Configuration work center, and select Mailbox.

2. Choose the server you wish to create the SG on in the results pane.

3. From the actions pane select New Storage Group to begin the wizard.

4. Follow the prompts.

(Demo Included)

Move a Storage Group Path

There are times when you may want to move the location of the Storage Group logs and system files either due to performance or fault tolerance.

For example, the First Storage Group is typically on the same drive as the OS.  To make use of that Storage Group and adhere to best practices you would need to move the location of the SG path.

To do this you can use the Move Storage Group Path wizard from the actions pane.

(Demo Included)

Enable Circular Logging

Circular Logging is a solution that preserves disk space by removing transaction logs that have already been written to the database.  The negative aspect is it prevents using transaction logs in a restore situation.

Circular Logging is enabled by going into the Properties of the Storage Group and selecting the checkbox on the General tab.

(Demo Included)

Storage Group Properties from the EMC and EMS

To view Storage Group Properties from the EMC you select the storage group and select Properties from the actions pane.

To view Storage Group Properties from the EMS, you type:

Get-StorageGroup "name of storage group" | fl

(Demo Included)

Create a New Mailbox Database

Creating a new mailbox database from within the EMC is done through the wizard, which is found by performing the following:

1. Open the EMC, expand out the Server Configuration work center, and select Mailbox.
2. Choose the server you wish to create the mailbox database on in the results pane.
3. Select the Storage Group where you wish to place the mailbox database.
4. From the actions pane select New Mailbox Database to begin the wizard.
5. Follow the prompts.

(Demo Included)

Mount/Dismount Mailbox Database

To mount or dismount a mailbox database you select the mailbox database and locate the option to mount or dismount it from the actions pane.  Or you can right click the database and choose to mount or dismount from the options that appear.

(Demo Included)

A Quick Overview of Mailbox Database Properties

To view the Properties of a mailbox database you simple select the database and choose Properties from the actions pane.

There are three tabs to work with.  The General, Limits and Client Settings tabs.

Some of the options you can configure on the database level include:

• Journaling
• Storage limitations
• Deleted item retention time
• Default Public Folder
• Offline Address Book

 (Demo Included)

Mailbox Database Properties: The General Tab

From the General tab of a mailbox database you can see some basic information about the database.

You can also configure journaling by configuring a journal recipient.

You can configure the maintenance schedule for the system to purge deleted items and mailboxes and verifies the database is in good order while online.

(Demo Included)

Create a Journal Copy of Mail Going through Database

Before you can establish a journal copy for your database you need to create a recipient that will receive that mail.  Make sure the recipient is not a member of the database you are journaling.

From the General tab of the database properties you select Browse next to the Journal Recipient and select the mailbox.  Now mail going through the database will be copied to that recipient mailbox.

(Demo Included)

Mailbox Database Properties: The Limits Tab (Storage Limits and Deleted Item Retention Times)

Storage Limits

• Issue warning
• Prohibit send
• Prohibit send and receive

Deletion Settings

• Keep deleted items for (days): Default is 14
• Keep deleted mailboxes for (days): Default is 30

(Demo Included)

Mailbox Database Properties: The Clients Settings Tab

Configure the following:

• Default public folder database

• Offline address book

(Demo Included)

Create a New Public Folder Database

To create a new public folder database you perform the following:

1. Open the EMC, expand out the Server Configuration work center, and select Mailbox.

2. Choose the server you wish to create the PF database on in the results pane.

3. Select the Storage Group where you wish to place the PF database.

4. From the actions pane select New Public Folder Database to begin the wizard.

5. Follow the prompts.

(Demo Included)

Creating Public Folders Using the Public Folder Management Console

With the proper permissions you can create public folders from within the Outlook or Outlook Web Access client.

However, as an administrator you should plan out your Public Folder structure ahead of time.  Create the top level structure before turning it over to others to expand.

To do this you open the EMC and use the Toolbox work center.  Open the 'Public Folder Management Console' and create new public folders from there.

(Demo Included)

Mail Enabling Public Folders

Public folders can be posted to by users from within Outlook or Outlook Web Access, however, unless you mail enable them, you cannot email a public folder.  So you will not see public folders in the Global Address List (GAL) unless it is mail enabled.

To enable the public folder for mail you simply select it in the Public Folder Management Console and select Mail Enable.

(Demo Included)

Configure Public Folder Database Properties

From within the EMC you can look into the Properties of the Public Folder database which can be similar to the mailbox database properties but with a few different options.

The tabs you will see include the following:

• General

• Replication

• Limits

• Public Folder Referral

(Demo Included)

Configure Individual Public Folder Settings

Through the Public Folder Management Console you can choose existing public folders and go into the Properties to configure storage quotas and such.  But the most important feature is the ability to configure replicas of the public folder.

Keep in mind that mail enabled public folders will include additional configuration tabs to work with.

(Demo Included)

Recipient Configuration: The Scope and Number of Recipients to Display

Sometimes you want to expand the scope of what the EMC shows you by extending the number of recipients to display from the default (1000) to the needs for your environment.

Other times you might want to narrow the scope down to an OU.

(Demo Included)

Create a User Mailbox for an Existing User Account

If you have a user account already created within Active Directory Users and Computers, you only need to create a mailbox that is connected to that preexisting account.

To do this through the EMC you use the New Mailbox wizard and indicate that you are going to use an existing account.

(Demo Included)

Create a New User with a Mailbox

When creating a new mailbox, if there is no existing user for that mailbox you must create one at the time you create the mailbox itself. 

To do this you can use Active Directory Users and Computers and create the account.  Or you can use the EMC and create the account with the mailbox.

(Demo Included)

Disable or Remove a User Mailbox

Disabling a mailbox is slightly different from removing a mailbox.  It's important that you know the difference.

Disabling allows you to reconnect it to the user account that still exists.  Removing will remove the user account too, so its a bit more tricky to restore.

(Demo Included)

Create a Linked Mailbox

Under certain circumstances (for example, with the use of a resource forest) you may have your recipient accounts in a separate forest from your Exchange organization.  You can use the trust relationship that exists to create linked mailboxes.

(Demo Included)

What is a Resource Mailbox?

A resource mailbox is not used to send mail to, but to schedule items like Rooms or Equipment.

Rooms may include:

• Conference Rooms

• Training Rooms

Equipment may include:

• Laptops

• Projectors

Create a Room Resource Mailbox

To create a room resource mailbox from the EMC we go to the Recipient Configuration work center and use the New Mailbox wizard.  This time we select Room Mailbox and follow the prompts to completion.

(Demo Included)

Create an Equipment Resource Mailbox

To create an equipment resource mailbox from the EMC we go to the Recipient Configuration work center and use the New Mailbox wizard.  This time we select Equipment Mailbox and follow the prompts to completion.

(Demo Included)

Configure Resource Mailbox Properties

Working with the Resource Information tab when accessing the properties of the resource mailbox.

To configure custom resource properties you need to use the EMS with the Set-ResourceConfig cmdlet.

(Demo Included)

Delegate Resource Mailbox Responsibilities

To delegate a resource mailbox you need to simply select the mailbox in the EMC and then choose "Manage Full Access Permission" to delegate the responsibility.

(Demo Included)

Accessing Resource Mailbox Settings

Opening another mailbox and accessing settings for that mailbox so that you can change how the resource mailbox functions.

(Demo Included)

Resource Mailbox Settings

Configuring options for a mailbox from the Outlook client from the Resource Settings provides you with a few options to configure:

• Resource Scheduling Options
• Resource Scheduling Permissions
• Resource Privacy Options
• Response Message

(Demo Included)

Creating Mail-Enabled Contacts

A mail enabled contact has an object created in Active Directory but doesn't have the ability to login or access resources.  The purpose of the contact is to be available in the Global Address List for persons to email.  The email goes to an external account (typically because the user works offsite).

To create the contact you use the EMC and select New Mail Contact from the actions pane while working under the Recipient Configuration work center.

(Demo Included)

Creating a New Mail User

A new mail user is simply a user account that has an external email account connected to their account rather than an internal mailbox on the Exchange server.  They appear in the GAL and so persons can be emailed.

To create the new mail user you simply select that link from the actions pane when working in the Recipient Configuration work center.

(Demo Included)

An Overview of Distribution Groups

There are two different types of distribution groups:

• Distribution Group:  A group that is mail enabled and has its own email address.  (Mail enabling the group puts it in the GAL).
• Dynamic Distribution Group:  Users are added to or removed from the group based upon user attributes defined by filters that have conditions that we supply.

Create a New Distribution Group

To create a new distribution group you start in the EMC in the Recipient Configuration work center and select New Distribution Group and follow the wizard.

(Demo Included)

Creating a Dynamic Distribution Group

To create a dynamic distribution group you start in the EMC in the Recipient Configuration work center and select New Dynamic Distribution Group and follow the wizard.

You need to provide conditions and then use the Preview option to see that users match those conditions for your group.

(Demo Included)

Changing Expansion Servers for Distribution Groups

The server that expands the distribution group may take a performance hit.  So, it's recommended that you put this workload off to a Hub transport server.

(Demo Included)

An Overview of Administrative Roles

Before you can assign roles to individuals, you need to know what roles are available.  They include the following:

• Organization Administrators
• Public Folder Administrators
• Recipient Administrators
• Servers
• View-Only Administrators
• ExchangeLegacyInterop

(Demo Included)

Assigning Administrative Roles

You can assign an administrative role to an individual or group through the Organization Configuration work center.  You select the Add Exchange Administrator link from the actions pane and follow the prompts.

(Demo Included)

An Overview of Address Lists

The primary goal of this lesson is to show you the structure of default address lists and how they work for a user in sending emails.  The Global Address List (GAL) can become quite large over time.  Having smaller address lists can help users to find the email address they need a bit easier.

Create an Address List

This lesson walks you through the New Address List wizard and shows how creating these lists with the proper set of Conditions can assist your users when the time comes to send and email.

When determining when an address list should be applied you might apply it immediately during the creation process or you might schedule it for a future time.

(Demo Included)

Updating Address List Criteria and Applying Changes

You may make changes to an address list, but until those changes are applied your users will not be able to see that they've taken place.  So, in addition to changing a list you need to either apply it immediately, set a schedule for application or select the Apply option from the actions pane to have the list updated.

(Demo Included)

Working with Offline Address Books

An offline address book (OAB) assist users in locating email addresses when they are not directly connected to the network (hence, the word 'offline').  You can use the default OAB or create additional ones depending on your needs or the needs of the users.

There are two different deployment method types to decide upon.  One is through IIS with a virtual directory (for clients that are using Outlook 2007, or Outlook 2003 with the latest SP).  The other method is through a public folder distribution, which is for legacy clients.

(Demo Included)

Moving the OAB Generation Server, Changing the Default OAB and OAB Properties

The generation server handles the creation and update process of the OAB before places the files on a share.  To change or move that serve you use the Move link from the actions pane after selecting the offline address book from the EMC.

You can also select the Set as Default link to change the default OAB list.  And you can select Properties and make changes on one of three tabs:

• General
• Address Lists
• Distribution

(Demo Included)

Require SSL for OAB Distribution

If you wish to require SSL for a virtual directory distribution of your OAB then you need to do this from the Internet Information Services manager tool.  Locate the OAB virtual directory and enable SSL (and/or enable 128-bit encryption as well).

(Demo Included)

Assign OAB to Clients at the Database Level

You can assign an Offline Address Book to users through the database properties on the Client Settings tab.

You can assign the OAB to users through the Exchange Management Shell by using the Set-Mailbox cmdlet and the following syntax:

Set-Mailbox -Identity <MailboxIDParameter> -OfflineAddressBook <OfflineAddressBookIdParameter>

(Demo Included)

What Are Managed Content Settings?

• They create ways to help users with their default folders (ie.... Inbox, Deleted Items, etc...)
• Create ways to Journal (or copy) content within specified default or custom folders.
• In the case of Custom Folders, they give your users additional folders to work with beyond the default... and apply content settings to those folders.

Create a New Managed Default Folder and Add New Managed Content Settings

This lesson walks you through the process of creating an additional instance of a default folder.  Keep in mind that this doesn't mean you can have multiple Inbox's.  The purpose of additional instances of a default folder is so that you can apply a variety of managed content settings over that folder and than add the folder instance into a policy that will eventually be applied to a user.

(Demo Included)

Create a New Managed Custom Folder and Add Managed Content Settings

This lesson is quite involved.  It starts off by showing you how to create a new custom folder that is called Old Faxes.  Then you go back to the default folders and establish a setting over the Inbox that says all faxes past 30 days will be transferred to the custom folder automatically.  Then, you go back to the custom folders and establish a setting that says 30 days after a fax was moved to this folder it should be deleted permanently.

(Demo Included)

Create a New Managed Folder Mailbox Policy

Walks through the steps of adding the default folder and custom folder instances to a policy.  Because those folders most likely have content settings applied, when they are rolled up into one policy and that policy is applied to a user... the results should be what you, as an administrator, require to keep users mailboxes organized.

Keep in mind that you can only apply one mailbox policy to a user at a time.  So, the policies you create have to be well thought out.

(Demo Included)

Apply the Managed Policy to Users and Enable the Managed Folder Assistant

To apply the policy you created you need to either go into the Mailbox Properties and apply the policy on the Mailbox Settings tab or you can use the Exchange Management Shell and the command:

Set-Mailbox   –ManagedFolderMailboxPolicy “name of policy here”

You can pipeline the recipients you gather through an initial cmdlet (perhaps a distribution group) and apply a policy in bulk.

You also need to enable the Managed Folder Assistant on the servers.

(Demo Included)

Mailbox Properties: The Mailbox Settings Tab

Offers two settings you can work with:

• Messaging Records Management (to apply a mailbox policy)

• Storage Quotas (for the Storage and Deleted Item Retention settings)

(Demo Included)

Mailbox Properties: The Mail Flow Settings Tab

There are three settings to work with:

• Delivery Options

• Message Size Restrictions

• Message Delivery Restrictions

(Demo Included)

Mailbox Properties: The Mailbox Features Tabs

In this case you can enable or disable specific features for a mailbox including:

• Outlook Web Access

• Exchange ActiveSync

• Unified Messaging

• MAPI

• POP3

• IMAP4

(Demo Included)

An Overview of Outlook Web Access Management Tabs

From within the Server Configuration work center, through the Client Access node there are properties you can locate over the Outlook Web Access settings.  The six tabs you can configure include:

• General

• Authentication

• Segmentation

• Public Computer File Access

• Private Computer File Access

• Remote File Servers

(Demo Included)

OWA Management: The General Tab

This tab is informational with very little you can configure with the exception of the Internal and External URL portions that you can include for informational purposes.

(Demo Included)

OWA Management: The Authentication Tab

On this tab you can provide information regarding the following:

• Standard Authentication Methods:  Including Integrated Windows authentication, Digest authentication for Windows domain servers and/or Basic authentication (password is sent in clear text)

• Forms-based Authentication:  With Logon Formatting

(Demo Included)

OWA Management: The Segmentation Tab

This tab allows you to quickly see all of the features enabled within your OWA for users.  You can enable or disable them with the click of a button.

If you establish these settings on all users, you can still use the Set-CASMailbox cmdlet to provide different settings for individual users if you like.

(Demo Included)

OWA Management: Public and Private Computer File Access Tabs

These tabs allow you to configure the different access settings for users with OWA that log in from either a public or private computer.  You can establish the same settings but for different access methods.  The settings relate to the following:

• Direct File Access
• WebReady Document Viewing
• Two checkboxes for remote file servers with the options ‘Windows File Shares’ and ‘Windows SharePoint Services’

(Demo Included)

OWA Management: WebReady Document Viewing

WebReady Document Viewing allows known document types (Word, Excel and so forth) to be displayed within the client without the application installed on the local machine.

WebReady Document Viewing has a limit of 5MB for files that it will display in HTML. There is a way to override the 5MB limit however.  You can enter the registry and go to the HKEY_Local_Machine\System\
CurrentControlSet\Services\MSExchange OWA and create a new key called WebReadyDocumentViewing and create a DWORD setting called MaxDocumentInputSize and then place the limit in KB and restart the World Wide Web Publishing Service.  Don’t make the setting too high or you will cause the CAS server to suffer performance loss.

(Demo Included)

OWA Management: Remote File Servers Tab

This tab configures servers for file access settings.  You can allow or block specific servers.  If a server is unknown you can determine if you want to block or allow those servers (the default is blocked for security purposes.  And you can configure the domain suffix's that should be treated as internal by adding the FQDN names for internal systems.

(Demo Included)

Working with Certificates

Upon installation of the CAS role, a self-signed SSL certificate is created using the NetBIOS name of the server.  What this does is allow you the ability to use SSL (which is enabled by default on your OWA connections) but you would not consider using that as a real-world certificate so you will need to purchase one from a 3rd party agent.

There are different solutions you might consider to ensure your OWA, ActiveSync and Autodiscover needs are met by the certificate(s) you purchase, including:

• Subject Alternative Certificates
• Two Single-Name Certificates
• Single-Name Certificate with HTTP Redirection
• Unified Communications Certificate

Remember to use the Import-ExchangeCertificate and Enable-ExchangeCertificate cmdlets to utilize the certificate(s) you purchase.

(Demo Included)

ActiveSync Properties

This clip walks you through the properties of your ActiveSync configuration on the CAS Server.  There are three tabs you can work with:

• General
• Authentication
• Remote File Servers

(Demo Included)

ActiveSync Policies from A to Z

This clip begins with an overview of ActiveSync Policies in the RTM version of Exchange.; Then it shows you the changes and advancements that have been made for the SP1 release.  There are five tabs you can configure, including:

• General
• Password
• Sync Settings
• Device
• Advanced

We walk through the creation process of an ActiveSync policy which is performed on the Organization Configuration work center, CAS node.  And then we discuss the application of a policy to an individual.

The Exchange cmdlet to assign a policy (which can be pipelined for mass application) is: Set-CASMailbox ‘UserName’ –ActiveSyncMailboxPolicy (Get-ActiveSyncMailboxPolicy “Policy Name”).Identity

(Demo Included)

Manage Your Mobile Device From Outlook Web Access

If a users mobile device is lost or stolen, or they forget their password, they can manage the device from within their Outlook Web Access.

You open your mailbox in OWA.  You select Options and then Mobile Devices.  From here you can 'Wipe All Data From the Device' which will wipe the memory from the device once it is turned on and connects.  And an email is sent to the users letting you know this took place.  You can also select 'Display recovery password'.

(Demo Included)

Enabling Outlook Anywhere

Before enabling Outlook Anywhere on your CAS Exchange Server you should first install the RPC over HTTP feature through Server Manager.  Once that is installed you can enable Outlook Anywhere from the EMC.

You will need to provide an external host name and determine the client authentication method (Basic or NTLM).

(Demo Included)

Configure Clients To Use Outlook Anywhere

This lesson takes you through setting up Outlook 2007 on a Vista machine to use Outlook Anywhere.  You will configure a profile from the Mail applet in Control Panel.  The options you configure have to match the settings you provided for Outlook Anywhere on your Exchange server for the external name and the authentication method.

(Demo Included)

Enable POP3 and IMAP4

With Exchange 2007 RTM, you could not configure POP or IMAP settings through the Exchange Management Console.  You had to use the PowerShell cmdlets.  But with SP1 we have some new GUI ability through the EMC.

The services for POP and IMAP are not set to start automatically.  So, you have to start the services and remember to configure the service to start in the future automatically.  Once that has been done you can select the POP and IMAP settings tab from the Server Configuration work center for the CAS settings and you can configure the POP or IMAP properties.

(Demo Included)

Understanding Domain Types

There is quite a bit of flexibility in sending email by the configuration of domain types.  His lesson discusses the following:

• Accepted Domains
• Authoritative Domains
• Relay Domains (External and Internal)

Confirming the Domain Type

To quickly see or alter the type of domain you have configured on your transport server you would go to the Organization Configuration work center, click Hub Transport, and from the Accepted Domains tab you can go into the properties of the existing domain and see the different types.

You will note that an Edge Transport server doesn't have an existing accepted domain and so you have to create one.

(Demo Included)

Create a New Accepted Domain

To create a new accepted domain you would select the 'New Accepted Domain' link.  (Note:  For this to work on an Edge Transport server you will need to make sure you have completed a successful EdgeSync process with a Hub Transport server.)

When creating the domain you will need to provide a Name, an SMTP address and a domain type (Authoritative, Internal Relay, External Relay)

(Demo Included)

Email Address Policies: The Default Policy

When you create a new recipient (user, mail-enabled group, contact, and so forth) they all receive an email address and email is configured by default thanks to the Email Address Policy.

There is a default policy created under the Organization Configuration work center, under the Hub Transport node, there is an Email Address Policies tab with a default policy that you can Edit.  With the default policy you cannot make many changes (with the exception of the Email Address options for the way the address is configured).

(Demo Included)

Email Address Policies: Creating Additional Policies

With the default policy you cannot delete or edits extensively the policy in place.  However, the priority level of the policy is lowest.  We can create additional policies that will take precedence over the default policy.

To do this, from the Organization Configuration work center, under the Hub Transport node, Email Address Policies tab select the link 'New Email Address Policy' and follow the prompts.  You can apply the policy immediately upon creation or at a later time.  Once you have more than one additional policy (beyond the default policy) you can determine priority levels.

(Demo Included)

Understanding Transport Rules

Because all email goes through Hub Transport and/or Edge Transport servers, you can create email rules that apply to your mail while in transit!

The structure of a transport rule is: Condition, Action, Exception (optional)

Possible uses include legal disclaimers, communication control, filtering of harmful content and much, much more.

Creating a Transport Rule: Adding a Legal Disclaimer

This lesson takes you through the steps of creating a transport rule that will append a legal disclaimer to the end of all messages that leave a company.  From this example you can see possibilities for applying your own rules by using the conditions, actions, exceptions method.

(Demo Included)

Configure Journaling

Government regulations, such as Sarbanes-Oxley Act and SEC Rule 17A-4 are designed to ensure we keep a record of email going to and from our company for any number of legal reasons.  The process is called journaling and we can configure it on our transport servers.

A message that is journaled is wrapped in a 'journaling envelope' and contains information regarding the sender, recipient, subjects and so forth.  There are two different types: Standard and Premium.  The standard version is something you can configure over a mailbox database.  The premium version can be configured for your entire organization or a single recipient (depending on your needs).

(Demo Included)

Understanding Send and Receive Connectors

To default receive connectors are automatically created on your Hub Transport servers (and can be found under the Server Configuration work center).  But Send connectors are not configured, you have to create them for the sending of mail to the Internet.  (Note:  Hub Transport servers do not need send connectors created manually for internal mail, only for external mail).  Edge Transport servers need to have both Send and Receive connectors configured (although the EdgeSync process will create a connector to the Hub Transport server you sync with).

In this lesson we walk through the creation of new Send connector.

(Demo Included)

Creating New Receive Connectors

This lesson walks you through the creation of a receive connector on a Hub Transport server.  Once the connector is created you can enter the properties of the connector and you will see that you have more control over the connector's security features on the Authentication and Permission Groups tab.

(Demo Included)

Installing Anti-Spam Features on the Hub Transport Server

By default the Edge Transport server role has anti-spam features included.  The Hub Transport server role does not.  However, in the event you are not going to be using an Edge Transport server you can enable the anti-spam settings by using the Exchange Management Shell and typing in:

./install-AntiSpamAgents.ps1

(Demo Included)

A Review of the Nine Anti-Spam Features

This lessons explains the use of each of the nine anti-spam features that are included with Exchange 2007.  Those features include:

• Content Filtering
• IP Allow List
• IP Allow List Providers
• IP Block List
• IP Block List Providers
• Recipient Filtering
• Sender Filtering
• Sender ID
• Sender Reputation

(Demo Included)

Updating Anti-Spam Agents

To update the Edge Transport servers anti-spam agents you can disable and re-enable the anti-spam updates from the actions pane.  This will bring up the anti-spam updates wizard.

(Demo Included)

Planning for Disaster

Design a disaster recovery solution for your mailbox servers, as well as your other Exchange server roles.  Make sure you document everything you have configured.  And know your options:

• Fault Tolerance
• Backup/Recovery
• Dial-tone Recovery
• Recovery Storage Groups
• High Availability Solutions
• 3rd Party Solutions

Recover Deleted Items from the Outlook Client

Configuring deleted item retention times is a wonderful feature but only helpful to your users if they know how to pull back a deleted messsage.  This lesson helps walk you, the administrator, through the steps.

(Demo Included)

Backup and Recover Data (Server 2003 and 2008)

This lesson helps to review the differences in backup options between Server 2003 (which has NTBackup) and Server 2008 (which has an included backup solutions, but currently it cannot backup Exchange storage groups.

Typical Backup Types (Normal/Full, Incremental and Differential) are discussed.

With Server 2008 you have the support for third party solutions to hook into the services for VSS backups if you wish to use those.  Or you can look into Microsoft's System Center Data Protection Manager (DPM)

What is VSS?

Volume Snapshot Service or Volume Shadow Copies allow your backup solution software to create point in time copies of the data.  Overall the backups are shorter and require less disk space.

Keep in mind that VSS for Exchange is supported on Server 2003/2008 systems with 3rd party software, not by default.  So Windows Server has the internal components in place for VSS backups, but the existing backup solution that comes with Server does not perform them for Exchange.

What is Database Portability?

Restore any database to any server within the same organization.  Previously this could only restore to a Recovery Storage Group or to a server with the same name.

Possible uses include: You want to move a storage group (for performance, maintenance, disk space).  System crashes and you want to get the database up and running before the original server is repaired.

This lesson also reviews important considerations.

What is a Recovery Storage Group?

An RSG allows you to restore from a backup of an existing storage group to a non-production storage group for the purpose of recovering databases, mailboxes or messages.

You can use an RSG to assist with a dial-tone swap as well, after you restore the backup of the dial-tone configuration.

Create a Recovery Storage Group

Before you can restore from backup to an RSG you have to create it.  This is done by going to the Toolbox and selecting Database Recovery Management from the 'Disaster recovery tools' section.  It's only after you create the RSG that you can perform restoration.

(Demo Included)

Working with Recovery Storage Group Options

Once you have the RSG created you will see new options from the Database Recovery Management tool, such as:

• Merge or copy mailbox contents
• Mount or dismount databases in the recovery storage group
• Remove the recovery storage group
• Set up 'Database can be overwritten by restore' flag
• Swap databases for 'dial-tone' scenario

(Demo Included)

What is a Dial-tone Recovery?

Provides an empty database to replace the failed database.  This allows users to continue to send and receive email through the time-period you need to restore their mailbox.

This can be done:

• On the server with the failed database.
• On an alternate server JUST for the dial-tone database
• On an alternate server that stays the database server

Once the data is recovered to a Recovery Storage Group you need to swap the data with the dial-tone data and then merge the two together.

(Demo Included)

Restoring a Non-Mailbox Role

You restore internal Exchange server roles by using the following installation command:  setup /m:RecoverServer

With the Edge Transport server you need to (in advance of a crash) use the ./ExportEdgeConfig.ps1 script and then, on the new server, the ./ImportEdgeConfig.ps1 script.

An Overview of High Availability

High Availability (HA) goes beyond the concept of uptime.  It involves preparation for a predefined set of failures (i.e.. a disk fails, a power supply burns out, the network connection goes down) to ensure more than uptime, but availability between users and their services.  HA even accounts for periods of maintenance that are needed on systems.

High Availability in Exchange 2007 SP1

Exchange 2007 RTM offered the following HA solutions:

• Local Continuous Replication (LCR)

• Cluster Continuous Replication (CCR)

• Single Copy Cluster (SCC)

And with SP1 we now have:

• Standby Continuous Replication (SCR)

What is Asynchronous Log Shipping and Replay

Transaction Logs are shipped from one disk to another (or a disk on one server over to a disk on another server) and replayed into a copy of the database.

The reason it is called asynchronous is because there is a lag time between when the primary location closes out the log and ships it over.  A log cannot be shipped to the secondary location until it is completed on the primary.  That mild lag is why the logs are not synchronously shipped but asynchronously shipped.

An Overview of Local Continuous Replication (LCR)

With LCR, the database is copied over to a secondary disk during the initial setup of LCR and then the transaction logs are replayed as they come in.  One benefit is that you have redundancy in the event of a disk failure or database corruption.  You can also take VSS backups of the passive side to the LCR process.  On the negative side you have to manually perform the switch from one disk to the other in the event of a problem.  And... you only have disk HA, not server HA.

Enable Local Continuous Replication (LCR): On an Existing Storage Group

When you already have a storage group that you want to enable LCR on you select the storage group and from the actions pane you choose 'Enable Local Continuous Replication' and that starts the wizard.

Remember, the key is to have a secondary disk for the solution to be of real value.

(Demo Included)

Enable Local Continuous Replication (LCR): When Creating a Storage Group

When you create a new storage group you can choose to enable LCR at the same time.  During the process you can provide information about where you want to put the logs and system files.  Then when you create the database you can indicate the location of the LCR database too.

(Demo Included)

Confirm LCR is Working

There are a variety of ways to know if your LCR is working.  You can look at the properties of the storage group and check the 'Local Continuous Replication' tab and see if the Copy Status is 'Healthy'.

You can also manually check to see if logs are being shipped from the primary to the passive locations.  Or you can use the Exchange Management Shell with the Test-ReplicationHealth cmdlet.

(Demo Included)

How To Recover With LCR

To manually switch over to the passive copy of the LCR storage group you have to open the EMS and type the Restore-StorageGroupCopy cmdlet with the appropriate parameters.

(Demo Included)

An Overview of Cluster Continuous Replication (CCR)

Cluster Continuous Replication performs asynchronous log shipping and replay but utilizes cluster services to provide for an automatic failover in the event the active node is unresponsive.  The positive side is that you have automatic failover and can backup the passive side of the cluster.  The negative is that this type of solution requires more hardware and software expenses and more knowledge on the part of your people in configuring cluster services.

Cluster Continuous Replication (CCR):
What do you need to get started?

To begin, you need three servers.  One is your CAS/HT server and the other two will be your active and passive MB server nodes.  On the MB servers you will need Server 2003 or 2008 Enterprise Editions.  You need for each MB server to have 2 network connections (a public and a private connection).  On the Hub Transport server you want to share out a folder to be the file share witness for the quorum.

CCR: Configure the Public and Private Connection

Usually the network connections are named 'Local Area Connection' with a number.  But you want to configure the two network connections to be on a private and public IP network and also have proper names for locating the connection faster in the event of a problem (or for the configuration process). 

You also want to adjust the binding order so that the public network is first.

(Demo Included)

CCR: Create Cluster Services Account and the File Share Witness

On the Hub Transport server (preferably) you want to create a folder and share it out to the Cluster Services account (which is an account you want to create in Active Directory).

The cluster services account needs to have the appropriate permissions both in the Exchange organization and on the servers that will be be the MB active and passive roles.

(Demo Included)

CCR: Installing the Failover Cluster Feature
(Server 2008 Enterprise Edition)

Before you can configure the CCR cluster, you have to first install the Failover Cluster feature on the Server 2008 Enterprise Edition server.

(Demo Included)

CCR: Configuring the Cluster

Once you have the Failover Cluster feature installed, you can configure the cluster through the Failover Cluster Management Console.  Under the Management section you begin the process by selecting the 'Create a Cluster' link and then following the wizard.

(Demo Included)

CCR: Configure Cluster Networks and Select Quorum Configuration

In this lesson we will use the Failover Cluster Management Console to indicate to the cluster which network connection is public and which one is private.  Here you can see the value in providing the proper name of a connection when we configure our network connections.

From 'More Actions' you can choose the option 'Configure Cluster Quorum Settings' to begin the wizard where you want to choose the Node and File Share Majority Cluster for our CCR cluster.  The wizard will ask you where the Shared Folder Path is and we need to provide the location of the folder we created on the Hub Transport server.

(Demo Included)

CCR: Installing the Active and Passive Mailbox Server Roles

The installation is relatively straightforward.  It is a Custom installation  and you will need to choose active or passive Mailbox role and then follow the wizard through for settings.

(Demo Included)

CCR: Configure Transport Dumpster Settings

Under the Organization Configuration settings, through the Hub Transport node, on the Global Settings tab you can into the properties of the Transport Settings and configure Transport Dumpster settings for the following:

• Maximum size per storage group: (default is 18)
• Maximum retention time (in days): (default is 7)

(Demo Included)

An Overview of Standby Continuous Replication (SCR)

Offers a similar structure to LCR in that the HA solution is manually configured and maintained but rather than going from disk to disk, it goes from server to server.  It's best used in conjunction with another solution.  For example, you can use SCR with an existing CCR or SCC replication.  Keep in mind that you can only manage SCR from the Exchange Management Shell.

A Discussion of SCR Implementation

SCR doesn't require cluster services or any of the hardware and/or software that go along with cluster services.  However, certain requirements are still in place such as:

• 1 database per Storage Group (with the same paths for the source and target)
• Source and Target in the same AD domain
• Source and Target have to use the same OS (Enterprise or Standard)

To enable through the Exchange Management Shell type: 
 Enable-StorageGroupCopy

An Overview of Single Copy Clusters (SCC)

Single Copy Clusters are similar to the type of HA solution from Exchange 2003.  You cluster two services (which provides for a redundancy of servers with automatic failover ability) with a shared storage solution between the two servers.

Non-Mailbox Server High Availability

To provide HA and load balancing for non-mailbox servers keep in mind the following:

CAS Servers:  Use Network Load Balancing (with 2 CAS servers)

Hub Transport Servers: Automat HA and Load Balancing when you implement additional servers.

Edge Transport Servers:  Use multiple servers with DNS MX records and round robin for load balancing.

Unified Message Servers: Use multiple servers and configure VoIP Gateways to round robin calls.

Unified Messaging Features

• Provides voicemail, email and incoming faxes all within a single universal Inbox.
• Outlook Voice Access
• Multiple Language Speech-to-Text
• Calendar Management through OVA
• Play on Phone
• AutoAttendant

Hardware Requirements for Unified Messaging

If you have a legacy PBX you will need a VoIP Gateway (so long as your legacy PBX is supported in conjunction with the UM hardware requirements).  If you do not have an existing PBX you will want to purchase an approved IP-PBX. 

You can locate a list of devices that are approved by Microsoft  called the Telephony Advisor you can locate here:  http://technet.microsoft.com/en-us/library/cc164342.aspx

If you have limited or no experience with telephony equipment and such... call in an expert.

The Steps to Configure Your UM Server

There is an actual patter you should use for the proper configuration of your UM Server.  This includes:

• Create a Dial Plan
• Create a UM IP Gateway
• Configure the UM Mailbox Policy
• Configure the Auto Attendant
• Enable UM and Assign a UM Policy to users.

Creating a UM Dial Plan

A dial plan is an AD object that represents the dial plan structure of your telephony environment so that unique extensions can be created.  When you create your first dial plan, a UM Mailbox Policy is also created.  One the of important aspects of a dial plan is to indicate the number of extension numbers that can be used. 

A URI type is a Uniform Resource Identifier and you need to ensure that the option you choose matches the device you have.

(Demo Included)

Working with a UM IP Gateway

A UM IP Gateway represents the actual physical connection between the physical gateway (be it an IP-PBX or an IP-VoIP Gateway) and the Unified Messaging server.

Beneath the Gateway is a Hunt Group.  This associates the dial plan with a pilot identifier.  This is an ID that is configured on the device.  From a physical perspective a hunt group is a grouping of lines.

(Demo Included)

UM Mailbox Policies

These policies will be applied to users and so the configuration includes items like greetings, message text (for administrators to configure text to coincide with events), PIN policies, and dialing restrictions.

(Demo Included)

The UM Auto Attendant

The Auto Attendant is like a computerized operator.  It can assist with persons calling in by providing options to leave voice mail.  It can assist persons within the company by providing options to access their Inbox, voicemail, calendar and so forth.

(Demo Included)

Enabling UM and Assigning a UM Policy to Users

Once the hardware aspects of UM are configured (don't forget to hire a telephony expert) and the UM Server is up and running properly... you need to now enable UM and assign a UM policy to users.

(Demo Included)

UM From A to Z: Really Understanding the Process

The purpose of this lesson is to try and walk you through the physical aspects of UM a little better and help to connect those up with the objects you create to make UM function.

(Demo Included)

An Overview of Toolbox Tools and The TechNet Exchange Tools Website

The Toolbox work center is your one-stop-shop for most of your Exchange tools.  However, there are more tools available on the Exchange Team website, as well as on Microsoft's TechNet site.  In fact, there is a link to the TechNet site right from within the EMC under the Toolbox node.

(Demo Included)

Looking into Performance Monitor and Configuring an Alert

The Reliability and Performance Monitor tool can be utilized to monitor objects and counters you feel are important to your servers.  However, there is a preconfigured one that you can find within the Toolbox.  From here you can also configure alerts for things like hard disk space and more.

(Demo Included)

Using Event Viewer to Help You Monitor and Troubleshoot Exchange

Within the Application logs of your Event Viewer you can find all the Exchange logged events.  You can filter these events or you can configure alerts to be based off of these events to help you monitor and troubleshoot your Exchange environment a bit better.

(Demo Included)

Working with the Performance Troubleshooter

Within the Toolbox, directly beneath the Performance Monitor is a tool called the Performance Troubleshooter.   This can be used when you face one of the following problems:

• Multiple users are complaining of delays while using Outlook, or are seeing the Outlook cancelable RPC dialog frequently.
• The number of RPC operations per second is higher than expected
• The number of outstanding RPC requests is high

(Demo Included)

The Best Practices Analyzer : Health Check

The Exchange Best Practices Analyzer (ExBPA) can be used to perform monitoring and troubleshooting by analyzing your Exchange and Directory configuration and ensuring best practices are being met.  There are several different types of scans you can perform including a Health Check .  You can also perform a baseline that can take up to two hours.

(Demo Included)

The Toolbox: Disaster Recovery Tools

Within the Toolbox we have two disaster recovery tools:

• Database Recovery Management: Use this tool when a disaster strikes your database  (or the disk it is on).  You can use the recovery tools here to perform many important tasks, like creating a Recovery Storage Group.
• Database Troubleshooter: Use this tool in situations where the database wont mount, there are inconsistencies in the log file, perhaps you have run out of disk space or the log files have run out of numbers for the log file naming.

(Demo Included)

The Toolbox | Mail Flow Tools: The Mail Flow Troubleshooter

This tool allows you to choose from a set of symptoms that your environment is exhibiting.  These include:

• Users are receiving unexpected non-delivery reports when sending messages

• Expected messages from senders are delayed or are not received by some recipients

• Messages destined to recipients are delayed or are not received by some recipients

• Messages are backing up in one or more queues on a server.

• Messages sent by user(s) are pending submission on their mailbox server(s) (for Exchange Server 2007 only)

• Problems with Edge Server synchronization with Active Directory (for Exchange Server 2007 only).

(Demo Included)

The Toolbox | Mail Flow Tools: Message Tracking

Message Tracking is enabled by default on the Hub and Edge Transport servers and the Mailbox servers.  You can use this tool to see exactly where messages are going.

(Demo Included)

The Toolbox | Mail Flow Tools: Queue Viewer

This tool shows SMTP messages that have not completed their journey.  You can see different views of the queues, all queues on the server, all messages in all queues on the server, and all messaged filtered for a specific queue.

(Demo Included)

Using the Routing Log Viewer

This is a new tool in Exchange 2007 that is located in the Toolbox under Mail Flow Tools.  It is designed to work on the Hub and/or Edge Transport servers and can help to analyze the routing topology and see if the way mail is moving is according to the best possible method.

(Demo Included)

Exchange Management Shell: Test-MAPIConnectivity

Test-MAPIConnectivity:  Determines if there is MAPI functionality on the server.  You can indicate a specific server or, if you do not indicate a server, it will use the System Mailbox.

(Demo Included)

Exchange Management Shell: Test-ServiceHealth

Test-ServiceHealth:  Checks to see if all the required Exchange services that are set to start automatically have started.

(Demo Included)

Exchange Management Shell: Test-SystemHealth

Test-SystemHealth:  Has been described as a mini-ExBPA because it checks the system and analyzes it according to best practices.

(Demo Included)

How To Improve Your Understanding of Exchange

Exchange is ever evolving and so the best place to learn more is from the Exchange Team itself.  http://msexchangeteam.com

You might also consider certifications for Exchange:

• 70-236 Configuration
• 70-237 Design
• 70-238 Deployment