Professional Documents
Culture Documents
Module 1
Module Overview
Exchange Server 2013 Prerequisites and
Requirements
Exchange Server 2013 Deployment Managing Exchange Server 2013
Integration
DNS Server Requirements for Exchange Server
2013
Software Requirements for Exchange Server 2013 Hardware Requirements for Exchange Server 2013 Infrastructure Requirements for Exchange Server
2013
Preparing AD DS for Exchange Server 2013
Deployment
12/3/2013
Forests
Schema
Exchange recipients Domain Exchange object attributes for mail-enabled and mailbox-enabled objects
Global Catalog
Windows Server 2012 Standard or Datacenter Windows Server 2008 R2 Standard with SP1 Windows Server 2008 R2 Enterprise with SP1 Windows Server 2008 R2 Datacenter RTM or later
Microsoft .NET Framework 4.5 Windows Management Framework 3.0 Remote Server Administration Tools for AD DS Microsoft Unified Communications Managed API 4.0, Core Runtime 64-bit Microsoft Office 2010 Filter Pack SP1 64-bit Microsoft Office 2013 Filter Pack 64-bit
12/3/2013
Requirements
Intel 64-bit architecture AMD64 architecture 8 GB recommended Additional memory required based on server role
File System
Server 2003 (SP2), Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012
At least one global catalog servers must
be running Windows Server 2003 SP2, Windows Server 2008,Windows Server 2008 R2, or Windows Server 2012, in sites where Exchange is installed Active Directory DNS
Domain and forest functional levels must
Description
Prepares the global Exchange objects Creates the Exchange universal security
12/3/2013
2013
Deployment Options for Exchange Server 2013 Exchange Server 2013 Hybrid Deployment with Office 365 Upgrade and Migration Options Deploying Exchange Server 2013 as Virtual Machines Discussion: Implementing Exchange Infrastructure in a
Virtual Environment
How to Install Exchange Server 2013 Using the Setup
Wizard
How to Install Exchange Server 2013 in Unattended Mode Demonstration: Installing Exchange Server 2013 Post-Installation Tasks Troubleshooting Exchange Server Installation
Client authentication Redirection and proxy services Support for client protocols (HTTP, POP, IMAP, SMTP)
12/3/2013
Mail routing with a shared domain namespace Unified GAL Free/busy and calendar sharing Centralized control of mail flow A single Outlook Web App URL Ability to move existing mailboxes to the cloud Centralized mailbox management Cloud-based message archiving
Exchange Version Exchange Server 2003 and earlier versions Exchange 2007 Exchange 2010
12/3/2013
How to Install Exchange Server 2013 Using the Setup Wizard Installation steps in the Exchange Server setup wizard include:
1. 2. 3. 4. 5. 6. 7. 8.
Check for Updates License Agreement Recommended Settings Server Role Selection Installation Space and Location Exchange Organization Malware Protection Settings Readiness Checks
Post-Installation Tasks
Verify services functionality Secure your Exchange Server:
Restrict physical access Restrict communication Reduce the attack surface Restrict permissions
Antivirus software Anti-spam software Backup software Monitoring tools and agents
12/3/2013
Web App
What Is Windows PowerShell? Windows PowerShell Syntax Accessing Help in Windows PowerShell What Is Exchange Management Shell? Exchange Management Shell Administration
Examples
Demonstration: Using Exchange Administration
Managing Exchange Server 2013 Methods for Exchange Server 2013 management:
Exchange Administration Center Outlook Web App options Exchange Management Shell
What Is EAC?
12/3/2013
features:
Provides more than several hundred cmdlets for Exchange Server 2013 administration Offers an extensible scripting engine Applies RBAC permissions
\PSTFileShare\Bart_Mailbox.pst
Get-MailboxStatistics -Database MailboxDatabase New-MailboxDatabase -Name MailboxDatabase -Server LON-Ex1 Get-ExchangeServer -Status | Format-List New-DynamicDistributionGroup -Name DDG -Alias DDGAlias -
12/3/2013
Module 2
Module Overview
Overview of the Mailbox Server Role Planning the Mailbox Server Deployment Configuring the Mailbox Servers
Database
Demonstration: Importing Data to a Users
Mailbox
12/3/2013
Hosting for mailbox databases Hosting for public folders Transport and message routing services:
How the Mailbox Server Role Interacts with Clients and the Client Access Server
The Hub Transport service on the Mailbox server communicates with the Transport service on the Client Access server
following files:
Mailbox database (.edb file) Transaction log (.log file) Checkpoint file (.chk) Temporary file (Tmp.edb) Reserve log files (E##res0001.jrs - E##res000A.log per database, where ## is the log prefix)
10
12/3/2013
Regularly perform Exchange Server backups Move transaction logs to a dedicated drive (does not apply if you are using DAGs) Place transaction log files on a redundant disk array Ensure enough free disk space is available on the log disk Do not use compression on the volume with the logs
Storage Options for the Exchange Server 2013 Mailbox Server Role
Disk storage options: DAS
SAN
RAID 1 Mirroring RAID 5 Striping with parity RAID 0+1 Mirrored striped sets RAID 6 Striping with double parity RAID 1+0 or RAID 10 Mirrored sets in a striped set JBOD
mailbox data to a .pst file or import data to a users mailbox from a .pst file
Use the following cmdlets to import or export data: New-MailboxImportRequest
New-MailboxExportRequest
11
12/3/2013
Requirements Calculator?
Demonstration: Using the Exchange Mailbox
Planning Hardware for the Mailbox Server Role When planning hardware for Exchange Server 2013, consider the following:
CPU: Must be 64-bit
2013 storage:
Replicated database copies increase the amount of storage required Slower disks have a lower cost per GB than faster disks DAS is significantly less expensive than a SAN JBOD can be considered when there are three or more replicas of a database There are typically fewer database copies when a SAN is used Use RAID to increase redundancy Use the Exchange Server Mailbox Server Role Requirements Calculator
12
12/3/2013
Database Design for Mailbox Databases When designing databases, you should consider:
Use split log files and database storage to enhance recoverability when replication is not used Allocate space for indexes Allocate space for single-item recovery Allocate space for personal archives Allocate space for a recovery database
using DAGs
Consider the following when planning DAGs:
Mailbox database names must be unique in the organization Storage paths must be identical for all copies of a database DAGs require the failover clustering feature in Windows Server DAGs can be managed completely with Exchange Server 2013 tools DAGs can also protect public folders
Exchange Server 2010 has the same hardware requirements in a virtualized environment Do not use dynamic memory Limit virtual processor allocation to a ratio of 2:1 Do not dynamically expand virtual disks Do not use differencing or snapshots Test virtual disk performance Use pass-through and iSCSI storage if desired
13
12/3/2013
Backup policies Mailbox database size Database and transaction log locations Storage solutions
free tool from Microsoft that helps you design your Mailbox server deployment
User inputs are made in the following categories:
User profile High-availability architecture Server's CPU platform Storage architecture Backup architecture Network architecture
mailbox servers
Mailbox Server Role Creating and Managing Mailbox Databases Demonstration: Creating and Managing Mailbox Databases
14
12/3/2013
Exchange Administration Center or Exchange Management Shell The Exchange Administration Center is used for basic management The Exchange Management Shell is used for advanced mailbox database management
You cannot use the Exchange Administration Center to move
mailbox databases
Useful Exchange Management Shell cmdlets include:
Servers
Exercise 2: Configure Storage on the Mailbox
Servers
Exercise 3: Creating and Configuring Mailbox
Databases
Logon Information
Virtual Machines 20341B-LON-DC1 20341B-LON-CAS1 20341B-LON-MBX1 20341B-LON-CL1 Adatum\Administrator Pa$$w0rd
15
12/3/2013
Module 3
Module Overview
Managing Exchange Server 2013 Mailboxes Managing Other Exchange Recipients Planning and Implementing Public Folder
Mailboxes
Managing Address Lists and Policies
Mailboxes
Demonstration: Moving Mailboxes What Are Resource Mailboxes? Demonstration: Creating and Managing Resource
Mailboxes
What Are Site Mailboxes? What Is a Shared Mailbox? Demonstration: Creating a Shared Mailbox What Are Linked Mailboxes?
16
12/3/2013
meeting requests
Owners Members
Site Mailbox
Outlook SharePoint
Management
Provisioning Lifecycle
17
12/3/2013
permissions
forests
Mailboxes can be used in: Resource forest scenarios Merger and acquisition scenarios Requirements: The domain where Exchange Server is deployed must trust the user account domain The user account must exist in the user account domain A two-way trust is recommended to simplify
administration
Distribution Groups
Implementing Self-Service Distribution Group
Management
Demonstration: Configuring Self-Service
18
12/3/2013
the GAL
Distribution groups are used to:
Send messages to multiple users at one time Assign permissions to Exchange objects
which the membership list is calculated based on user attributes when a message is sent to the group
Enable open distribution group memberships Enable users to create and manage their own distribution groups
Listed in the GAL Provide email addresses for users or groups that exist outside the Exchange organization
Mail users: Similar to mail contacts, but mail users have AD DS security identifiers
Can access resources in the local domain, but email is sent to external messaging systems
19
12/3/2013
Folders
Migrating Public Folders to Exchange Server 2013 Considerations for Implementing Public Folders
Public folders are stored in public folder mailboxes Public folder mailboxes are stored in regular mailbox databases
Public folder content can be spread across multiple public folder mailboxes Can be added as Favorites in Outlook Web App in Exchange Server 2013 CU1 The primary public folder mailbox contains the only writeable copy of the public folder hierarchy
Configuring public folder permissions Mail-enabling public folders Managing quota and retention settings Monitoring public folders
20
12/3/2013
changed significantly
Place the primary hierarchy public folder mailbox
21
12/3/2013
client so that users can search the GAL when disconnected from Exchange Server
The default offline address book contains the
entire GAL
Can configure custom offline address books that contain smaller address lists
The offline address book: Is generated on the Mailbox server that hosts the Organization mailbox Is distributed through web services using the OAB virtual directory
Div1 Contacts
Div1 OAB Users should see only other users in their division in Default Address List Div1 GAL Room Address List Div1 Room AL
User
Address Lists
Div1 GAL
Div1 Users
Div1 DLs
Div1 Contacts
Div1 OAB
Div1 Room AL
Div2 GAL
Div2 Users
Div2 Room AL
Div2 DLs
Div2 Contacts
Div2 OAB
22
12/3/2013
Demonstration: Configuring Address Book Policies In this demonstration, you will see how to: Configure a GAL Configure an offline address list Configure an address book policy
email address
Can assign SMTP and non-SMTP addresses Can configure both the local and domain components
Trey Research
Exercise 3: Configure Public Folders for Trey
Research
Logon Information
Virtual Machines 20341B-LON-DC1 20341B-LON-CAS1 20341B-LON-MBX1 20341B-LON-CL1 Adatum\Administrator Pa$$w0rd
23
12/3/2013
Module 4
Module Overview
Planning Client Access Server Deployment Configuring the Client Access Server Role Managing Client Access Services
Multiple Sites?
Planning Client Connectivity for Client Access
Server
24
12/3/2013
directly
Connections are routed through Client Access
server
Client Access server does not store any user data Client Access server provides services for
Exchange Server 2013 apply to Client Access server Client Access server needs to have reliable disks Make sure that operating system volume is redundant Provide more than one Client Access server if possible Client Access server requires a fast network connection to Mailbox servers and global catalog servers
25
12/3/2013
EAS
PowerShell EAC
POP/IMAP SMTP
Outlook SIP
POP, IMAP
SMTP
UM
POP, IMAP
SMTP
IIS RPS
IIS
RpcProxy
Mailbox
RPC
MDB
POP, IMAP
Transport
UM
MailQ
Client Access servers or arrays to locate user mailboxes Client Access server uses the GUID that is assigned to the user mailbox The connection point is the string that is a unique identifier of the mailbox Connection point contains the mailbox GUID and domain name
Access server will always proxy the client connection to the right Mailbox server In a mixed Exchange environment, Client Access server 2013 will proxy the connection to the Client Access Server 2007 or 2010 in the destination site POP3 and IMAP4 clients must connect directly to the Client Access server in their destination site
26
12/3/2013
Server
Demonstration: Creating a Certificate Request on
Access
Configuring POP3 and IMAP4 Client Access
27
12/3/2013
28
12/3/2013
What Is Autodiscover? Autodiscover provides information that you can use to configure Outlook 2007 and newer client profiles Autodiscover process:
1. 2. 3. 4. 5. 6. 7.
Client Access Server registers the SCP Client uses LDAP query to AD DS to locate appropriate SCP Based on information in SCP, client locates the Autodiscover service on Client Access Server Client provides its SMTP address to the Autodiscover service and asks for appropriate configuration information The Client Access server responds by returning an XML file Outlook downloads the required configuration information from the Autodiscover service Outlook connects to the Exchange Server
What Is the Availability Service? The availability Service on Client Access server provides following:
Retrieve live free/busy information for mailboxes in local or other Exchange organizations View the working hours of attendees Show meeting time suggestions
default
29
12/3/2013
the client
Access Server
Exercise 2: Configuring Client Access Services
Options
Exercise 3: Configuring Custom MailTips
Logon Information
Virtual Machines 20341B-LON-DC1 20341B-LON-CAS1 20341B-LON-MBX1
Adatum\Administrator Pa$$w0rd
Module 5
30
12/3/2013
Module Overview
Client Connectivity to the Client Access Server Configuring Outlook Web App Planning and Configuring Mobile Messaging Configuring Secure Internet Access for Client
Access Server
Access Server
31
12/3/2013
LDAP
HTTPS
Mailbox Server Client Access Server HTTPS Outlook 2007 or Newer Client
32
12/3/2013
Server by using:
33
12/3/2013
What Is Outlook Web App Policy? Outlook Web App policy allows you to configure a set of Outlook Web App related options and assign them to one or more mailboxes In Outlook Web App policy, you can configure following:
Policy name Communication management options Information management options Security options User experience options Time management Direct file access and web ready document viewing Offline access
from a file
interface
Usage is available to users of Exchange Online or
34
12/3/2013
ability to access data in their mailboxes even when not connected to Exchange Server
Offline Outlook Web App: Works only with selected browsers Caches part of the mailbox content Allows users to perform selected tasks Is enabled on per-computer basis Can be controlled by using OWA policies
Policies
Demonstration: Reviewing Options for Mobile Device
Management in the Exchange Server Administration Center Alternatives for Mobile Device Management
device
You can selectively sync data to the mobile device Synchronized data stay on the mobile device even
when offline
35
12/3/2013
36
12/3/2013
configure:
Device password requirements Encryption requirements Local wipe options Device inactivity settings Password lifecycle settings
Access Securing Client Access Traffic from the Internet Securing SMTP Connections from the Internet Benefits of Using A Reverse Proxy
37
12/3/2013
Firewall Client Edge Transport Server or SMTP Gateway Firewall or Reverse Proxy
Securing Client Access Traffic from the Internet To provide secure CA from the Internet: Create and configure a server certificate Require SSL for all virtual directories Enable only required client access methods Require secure authentication Enforce remote client security Require TLS/SSL for IMAP4 and POP3 access Implement an application layer firewall or reverse proxy
remote SMTP servers, and may be required for IMAP4 or POP3 clients
To secure the SMTP connections: Enable TLS/SSL for SMTP client connections Use the Client Receive Connector (Port 587) Ensure that anonymous relay is disabled Enable IMAP4 and POP3 selectively
38
12/3/2013
Application-layer filtering: Inspect the contents of network traffic SSL bridging: All connections to the reverse proxy and to the Client Access server are encrypted Load balancing: Arrays of reverse proxy servers can distribute network traffic for a single URL SSL offloading: SSL requests can be terminated on the reverse proxy
Lab: Planning and Configuring Messaging Client Connectivity Exercise 1: Planning Client Connectivity Exercise 2: Configuring Outlook Web App and Outlook Anywhere Exercise 3: Configuring Exchange ActiveSync Exercise 4: Publishing Exchange Server 2013 Through TMG 2010
Logon Information
Virtual Machines 20341B-LON-DC1 20341B-LON-CAS1 20341B-LON-MBX1 20341B-LON-TMG 20341B-LON-CL1 Adatum\Administrator Pa$$w0rd
Module 6
39
12/3/2013
Module Overview
High Availability on Exchange Server 2013 Configuring Highly Available Mailbox Databases Configuring Highly Available Client Access Servers
Access Servers
Understanding How Transport High Availability Works Understanding How High Availability Works with Edge
Transport Servers
What Is Site Resilience? Discussion: Virtualization High-Availability Technologies
Data center infrastructure Server hardware Storage Network infrastructure Internet Network services
40
12/3/2013
Require the failover clustering feature, although all installation and configuration is done with the Exchange Server management tools Use Active Manager to control failover Use an enhanced version of the continuous replication technology that Exchange Server 2007 introduced Can be created after the Mailbox server is installed Allow a single database to be activated on another server in the group without affecting other databases Allow up to 16 copies of a single database on separate servers Define the boundary for replication
Understanding How Database Availability Groups Work Continuous replication protects databases across servers in the DAG
MBX1 MBX2 MBX3
DB1
DB2
DB1
DB2
DB3
DB2
DB3
DB3
multiple Client Access servers and by configuring load balancing You can achieve high availability and load balancing by using:
41
12/3/2013
Primary Queue
Transport Service
An alternate data center can be located at another company location that has sufficient capacity A DAG can span Active Directory sites Other roles and services must already exist in the site
42
12/3/2013
Availability Group
Understanding the Failover Process Planning, Monitoring, and Managing a Database
Availability Group
Demonstration: How to Monitor Replication Health
What Is a Quorum?
A quorum uses a consensus of voters to ensure that
DAGs with an even number of Mailbox servers use the witness server DAGs with an odd number of Mailbox servers use node majority
43
12/3/2013
Manages which database copies are active and which are passive Stores database state information Manages database switchover and failover processes Does not require direct administration configuration
Witness Server server used to store witness information Witness Directory directory used on the witness server to store witness information Database availability group IP addresses IP address(es) used by a DAG
implementations:
DAG networks including replication DAG network compression DAG network encryption Third-party replication mode Alternative witness server Alternative Witness Directory
the DAG, and configuring the DAG, you must still complete the following steps:
Create database copies Set activation preference number Set replay lag time Set truncation lag time
44
12/3/2013
delayed replay lag time to commit the log files to the database
You create a lagged database to prevent:
Automatic log play down Simpler activation with Safety Net Lagged copies can now be configured in EAC
database:
Active Manager determines the best copy to activate The replication service on the target server attempts to copy missing log files from the best source:
If successful, the database mounts with zero data loss If unsuccessful (failover), the database mounts based on the AutoDatabaseMountDial setting
The mounted database generates new log files (using the same log generation sequence) Safety Net requests are initiated for the mounted database to recover lost messages When the original server or database recovers, it determines if any logs are missing or corrupt, and fixes them if possible
a DAG
Failure may not be noticed Exchange Server 2013 includes several scripts and
Manager 2012
45
12/3/2013
Client Access Servers Demonstration: Configuring Options for Highly Available Client Access Servers
Planning Software and Hardware Components for Highly Available Client Access Servers
Client Access servers used by all clients Implement load balancing for Client Access
servers
Sites performing a proxy are most important Same SSL certificate is used on all nodes Consider redundant Internet connections for
external users
All Client Access servers should have a certificate to match their address space All Client Access servers should have the same protocols enabled Use a hardware or software network load balancer Use layer 4 versus layer 7 load balancing Deploy servers with similar hardware, memory and performance
46
12/3/2013
Availability Group
Exercise 2: Deploying Highly Available Client Access
Servers
Exercise 3: Testing the High-Availability Configuration
Logon Information
Virtual Machines 20341B-LON-DC1 20341B-LON-CAS1 20341B-LON-CAS2 20341B-LON-MBX1 20341B-LON-MBX2
Adatum\Administrator Pa$$w0rd
Module 7
from backup
Data-loss mitigation features include: Deleted item recovery Single item recovery In-place hold Deleted mailbox retention DAGs Shadow redundancy
47
12/3/2013
High availability that minimizes downtime and data loss Single-item recovery and In-Place hold policies for recovering deleted messages Point-in-time database recovery with lagged copies of mailbox databases Archive mailboxes, retention and archive policies, In-place eDiscovery for managing large mailboxes
2013
48
12/3/2013
Backed-Up Data
System State of server and Active Directory database on domain controllers Databases and transaction logs Message tracking logs Unified Messaging custom audio prompts Server certificates used for SSL Specific Internet IIS configuration
Mailbox server
DPM:
Uses agents on the computer running Exchange Server Typically backs up to disk and then archives to tape Can restore databases or mailboxes Can back up passive DAG copies
Media
Tape Disk SAN-based
Description
Is physically easy to transport and very durable Increases backup performance Backs up the traffic of the main network and keeps it on the SAN
49
12/3/2013
Database
Demonstration: How to Recover Data by Using the
Recovery Database
What Is Dial-Tone Recovery? Process for Implementing Dial-Tone Recovery
Options for Recovering Exchange Server Functionality To replace lost server roles:
Build a new server with equivalent functionality Add roles to an existing Exchange server
DAG recovery
50
12/3/2013
corruption is available:
New-MailboxRepairRequest
isinteg.exe:
No need to take the database offline Runs on Windows PowerShell, enabling you to automate the process
51
12/3/2013
Process for Recovering Data Using the Recovery Database A recovery database allows you to:
Restore the database from backup Mount the database and extract data
Process for Implementing Dial-Tone Recovery Process for implementing dial-tone recovery:
1. 2.
Create the dial-tone database If necessary, configure the mailboxes that were on the database to use the new dial-tone database Restore the database and log files that you want to recover into the Recovery Database Swap the dial-tone database with the database that you have recovered in the step before Export and import the content from the dial-tone database into the recovered original database
3.
4.
5.
52
12/3/2013
Recovery (Optional)
Logon Information
Virtual Machines 20341B-LON-DC1 20341B-LON-CAS1 20341B-LON-MBX1 Adatum\Administrator Pa$$w0rd
Module 8
Module Overview
Overview of Message Transport and Routing Planning and Configuring Message Transport Managing Transport Rules
53
12/3/2013
Runs on the Client Access server role Performs SMTP proxying Runs on the Mailbox Server role Routes messages between the Front End Transport Service and the Mailbox Transport Service Runs on the Mailbox Server role Consists of two components: Mailbox Transport Submission and Mailbox Transport Delivery Is the only service that handles RPC communication with the database
54
12/3/2013
SMTP Traffic
SMTP
delivery groups:
Routable DAG Mailbox delivery group AD DS site
55
12/3/2013
Configuring
Configuring
Groups
agents
56
12/3/2013
SMTP Connectors
What Are Foreign Connections?
57
12/3/2013
Policies
Plan for transport rule priority and order Use regular expressions to check message contents Test the application of transport rules to avoid rule conflicts or duplication Plan for transport rule limitations with encrypted and digitally signed messages Document the transport rule configurations
58
12/3/2013
choose to:
Use the Data Loss Protection templates provided by Microsoft Use policy files created by a third-party vendor Create a custom policy
Adatum\Administrator Pa$$w0rd
Module 9
59
12/3/2013
Module Overview
Planning Messaging Security Implementing an Antivirus Solution for Exchange
Server 2013
Implementing an Anti-Spam Solution for
Partner Organizations
Planning Client-Based Messaging Security Demonstration: Configuring Secure Message
Perimeter network
Internal client
External client
60
12/3/2013
VPN
Network-based
TLS
Session-based
61
12/3/2013
Generate a certificate request for TLS certificates Import and enable the certificate on the Mailbox server Configure outbound Domain Security Configure inbound Domain Security
Type of Security Provided Authentication: The message was sent by the person or organization who claims to have sent it Nonrepudiation: Helps to prevent the sender from disowning the message Data integrity: Any alteration of the message invalidates the signature Only the intended recipient can view the contents
Message encryption
The sender must have a valid certificate installed All target addresses must have a public certificate available either locally or in Active Directory Can use either an internal or public CA
62
12/3/2013
Delete entire message Delete all attachments and use default alert text Delete all attachments and use custom alert text Notify the administrator and the sender
63
12/3/2013
Lesson 3: Implementing an Anti-Spam Solution for Exchange Server 2013 Overview of Anti-Spam Solutions Overview of Spam-Filtering Features Applying Exchange Server 2013 Spam Filters What Is Sender and Recipient Filtering? What Is Sender ID Filtering? What Is Sender Reputation Filtering? Understanding the SCL in Exchange Server 2013 What Is Content Filtering? Best Practices for Deploying an Anti-Spam Solution Demonstration: Configuring Anti-Spam Features on Exchange Server 2013
64
12/3/2013
Internet
Recipient Filtering Outlook Safe Senders List Exceed SCL Threshold Below SCL Threshold
Sender ID Filtering
Content Filtering
Mailbox Server
2 1
Internet
Reject messages and issue an NDR Delete messages without sending an NDR Stamp the messages with the SenderID result, and continue processing
65
12/3/2013
based on:
Sender open proxy test HELO/EHLO analysis Reverse DNS lookup Analysis of SCL ratings on messages from a particular sender
Delete, reject, or quarantine messages that exceed an SCL value Block or allow messages based on a custom word list Allow exceptions so that messages sent to specified recipients are not filtered
mailbox
66
12/3/2013
Server 2013
Exercise 2: Configuring Anti-Spam Options on Exchange
Server
Exercise 3: Validating Antimalware and Anti-Spam
Adatum\Administrator Pa$$w0rd
Module 10
Module Overview
Configuring Role-Based Access Control Configuring Audit Logging
67
12/3/2013
Who: Can modify objects What: Objects and attributes that can be modified Where: Scope or context of objects that can be modified
Management role groups Management role-assignment policies Direct policy assignment (avoid using)
User Options
Role Assignment
Help Desk
Role Holder Mailboxes or universal security groups or users or distribution groups or role groups
68
12/3/2013
Organization Management View-Only Organization Management Recipient Management Unified Messaging Management Discovery Management Records Management Server Management Help Desk Public Folder Management Delegated Setup Compliance Management (new in Exchange Server 2013) Hygiene Management (new in Exchange Server 2013)
AD DS, such as users and security groups, from the subsequent configuration of those objects through Exchange Server 2013 tools
With Exchange Server split permissions you can:
Separate the ability to create or delete security principals from Exchange administration Choose between two models:
69
12/3/2013
Verify that Active Directory split permissions have not been enabled Create a new role group for AD DS administrators Create regular and delegating role assignments for the new role group for appropriate roles Remove regular and delegating management role assignments between the Mail Recipient Creation role, and both the Organization Management and Recipient Management role groups Remove the regular and delegating role assignments between the Security Group Creation and Membership role and the Organization Management role group
5.
70
12/3/2013
Is enabled by default in Exchange Server 2013 Is configured by default with the Set-AdminAuditLogConfigLogs for all cmdlets and parameters except for Test-, Get-, and SearchSupports searches using the Exchange Management Shell and the Exchange Administration Center
Must be enabled on a per-mailbox basis using the Set-Mailbox cmdlet Does not automatically log owner access unless specified to do so Supports non-owner access reports through the Exchange Administration Center
Permissions
Exercise 2: Configuring Audit Logging Exercise 3: Configuring RBAC Split Permissions on
71