Professional Documents
Culture Documents
M I C R O S O F T
10135B
L E A R N I N G
P R O D U C T
Information in this document, including URL and other Internet Web site references, is subject to change
without notice. Unless otherwise noted, the example companies, organizations, products, domain names,
e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with
any real company, organization, product, domain name, e-mail address, logo, person, place or event is
intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the
user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in
or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical,
photocopying, recording, or otherwise), or for any purpose, without the express written permission of
Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property
rights covering subject matter in this document. Except as expressly provided in any written license
agreement from Microsoft, the furnishing of this document does not give you any license to these
patents, trademarks, copyrights, or other intellectual property.
The names of manufacturers, products, or URLs are provided for informational purposes only and
Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding
these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a
manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links
may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not
responsible for the contents of any linked site or any link contained in a linked site, or any changes or
updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission
received from any linked site. Microsoft is providing these links to you only as a convenience, and the
inclusion of any link does not imply endorsement of Microsoft of the site or the products contained
therein.
2012 Microsoft Corporation. All rights reserved.
Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/en/us/IntellectualProperty
/Trademarks/EN-US.aspx are trademarks of the Microsoft group of companies. All other trademarks are
property of their respective owners
Module 1
Lab Instructions: Deploying Microsoft Exchange Server 2010
Contents:
Lab A: Installing Exchange Server 2010
Exercise 1: Evaluating Requirements for an Exchange Server Installation
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1.
On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2.
In Hyper-V Manager, click 10135B--NYC-DC1, and in the Actions pane, click Start.
3.
In the Actions pane, click Connect. Click the CTRL+ALT+DELETE button in the top-left corner of the
Virtual Machine Connection window.
4.
5.
Password: Pa$$w0rd
Domain: Contoso
Repeat these steps to start, and log on to the 10135B-NYC-SVR1 virtual machine.
Lab Scenario
You are working as a messaging administrator in Contoso Ltd. Your organization is preparing to install its
first Exchange Server 2010 server. Contoso Ltd. is a large multinational organization that includes offices
in Seattle, Washington, in the United States, and in Tokyo, Japan.
Contoso Ltd. does not have a previous version of Exchange Server deployed so you do not have to
upgrade a previous messaging system. Before installing Exchange Server 2010, you must verify that the
Active Directory environment is ready for the installation. You also must verify that all computers that will
run Exchange Server 2010 meet the prerequisites for installing Exchange.
Achieved?
Yes or No
Yes or No
DNS requirements
Yes or No
Yes or No
Yes or No
Yes or No
Yes or No
Yes or No
Yes or No
Web Server (IIS) server role along with the following role
services:
ISAPI Extensions
IIS 6 Metabase Compatibility
IIS 6 Management Console
Basic Authentication
Windows Authentication
Digest Authentication
Dynamic Content Compression
.NET Extensibility
Yes or No
Yes or No
2.
3.
2.
Evaluate whether the domain and forest functional level requirements are met.
3.
Use Adsiedit.msc to evaluate whether the Exchange schema changes are applied.
On NYC-SVR1, use Ipconfig, Ping, and NSLookup to evaluate DNS name resolution functionality.
On NYC-SVR1, evaluate whether the required Windows Server 2008 features, including the required
AD DS administration tools, are installed.
2.
Evaluate whether the Microsoft Internet Information Services (IIS) components are installed.
3.
Results: After this exercise, you should have evaluated whether your organization meets the AD DS, DNS,
and server requirements for installing Exchange Server 2010. You should have identified the additional
components that need to be installed or configured to meet the requirements.
2.
X Task 1: Install the Windows Server 2008 server roles and features
1.
On NYC-SVR1, in Server Manager, install the prerequisite server roles and features for Exchange
Server 2010.
2.
2.
From a command prompt, run the Exchange Server setup program with the /PrepareAD parameter.
Configure an Exchange organization name of Contoso.
Results: After this exercise, you should have prepared the AD DS and server configuration for the
Exchange Server 2010 installation.
2.
3.
4.
Results: After this exercise, you should have prepared the AD DS and server configuration for the
Exchange Server 2010 installation.
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1.
On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2.
Ensure that the 10135B-NYC-DC1 and the 10135B-NYC-SVR1 virtual machines are running.
3.
Lab Scenario
You have completed the installation of the first Exchange Server at Contoso Ltd. You now need to verify
that the installation completed successfully. You also should ensure that the installation meets the best
practices that Microsoft suggests.
2.
3.
4.
2.
2.
Under Recipient Configuration, create a new mailbox with a new user account named TestUser and
a password of Pa$$w0rd.
3.
4.
5.
Log on to Outlook Web App as Administrator, and verify that the message was delivered.
2.
Run a Health Check scan with a name of Post-Installation Test. Scan only
NYC-SVR1.
3.
Review the information in the Exchange Server Best Practices Analyzer report.
Results: After this exercise, you should have verified that the Exchange Server 2010 server installation
completed successfully.
2.
Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3.
4.
In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.
5.
To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.
6.
Wait for 10135B-VAN-DC1 to start, and then start 10135B-VAN-EX1. Connect to the virtual machine.
7.
Wait for 10135B-VAN-EX1 to start, and then start 10135B-VAN-EX3. Connect to the virtual machine.
Module 2
Lab Instructions: Configuring Mailbox Servers
Contents:
Exercise 1: Configuring Mailbox Databases
Lab Setup
Important If required, start the 10135B-VAN-DC1 virtual machine first, and ensure that it
is fully started before starting the other virtual machines.
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1.
On the host computer, click Start, point to Administrative Tools, and click Hyper-V Manager.
2.
Ensure that the 10135B-VAN-DC1, 10135B-VAN-EX1, and the 10135B-VAN-EX3 virtual machines are
running.
3.
Lab Scenario
You are a new messaging administrator at A. Datum Corporation, and your manager has left instructions
indicating that you need to create and configure a database for the executive group, and then move the
existing database for the accounting group to a new location. Additionally, you need to add an additional
public folder database, and then replicate data to it.
2.
3.
2.
3.
4.
2.
3.
Results: After this exercise, you should have created a new database, set the specified limits, and moved
the existing Accounting database to a new folder.
2.
3.
4.
On VAN-EX3, open the Exchange Management Console, and in the Toolbox node, open the Public
Folder Management Console.
2.
In the Public Folder Management Console, connect to VAN-EX1, and view the number of items and
size in the Executives public folder on VAN-EX1.
Add PF-VAN-EX3 as a replica for the Executives public folders, and then wait for replication to
complete.
Note It can take up to 15 minutes for replication to complete.
Verify the number and size of items in the Executives public folder on
VAN-EX3.
Results: After this exercise, you should have created a new public folder database on VAN-EX3 and added
replicas for each public folder.
2.
Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3.
4.
5.
In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.
6.
To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.
7.
Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.
8.
Wait for VAN-EX1 to start, and then start VAN-CL1. Connect to the virtual machine.
Module 3
Lab Instructions: Managing Recipient Objects
Contents:
Exercise 1: Managing Recipients
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1.
On the host computer, click Start, point to Administrative Tools, and click Hyper-V Manager.
2.
Ensure that the 10135B-VAN-DC1, 10135B-VAN-EX1, and 10135B-VAN-CL1 virtual machines are
running.
3.
Lab Scenario
You are the messaging administrator for A. Datum Corporation. Your company is purchasing a new
company called Adventure Works. Adventure Works recipients will need to maintain a separate email
domain and address list. You also must create new mailboxes for the new departments employees.
2.
Create a resource mailbox and configure auto-accept settings for the Adventure Works Project Room.
3.
4.
Create and configure a mail-enabled contact for Ian Palangio at Woodgrove Bank.
5.
Create a moderated distribution list for Adventure Works Project, and delegate an administrator.
6.
Create a room list distribution group for the Adventure Works meeting rooms.
7.
2.
Create a new mailbox named Adventure Works Questions in the Mailbox Database 1 database.
Configure a user logon name of AdventureWksQ and a password of Pa$$w0rd.
3.
4.
Assign George Schaller full access to the Adventure Works Questions mailbox.
Task 2: Create a resource mailbox, and configure auto-accept settings for the
ProjectRoom
1.
In Exchange Management Console, create a new room mailbox named ProjectRoom in the Mailbox
Database 1 database. Configure a user logon name of ProjectRoom.
2.
3.
In Exchange Management Console, create a new local move request to move George Schallers
mailbox to VAN-EX1\Mailbox Database 1.
Task 4: Create and configure a mail-enabled contact for Ian Palangio at Woodgrove
Bank
In Exchange Management Console, create a new mail-enabled contact for Ian Palangio, using an
alias of IanPalangioWB and an email address of ian.palangio@woodgrovebank.com.
Task 5: Create a moderated distribution list for the Adventure Works Project, and
delegate an administrator
1.
In Exchange Management Console, create a new Distribution group called Adventure Works Project
with an alias of AdventureWorksProject.
2.
3.
George Schaller
Ian Palangio
Wei Yu
Paul West
Specify George Schaller as the group moderator, and enable moderation of all messages.
Task 6: Create a room list distribution group for the Adventure Works meeting
rooms
1.
2.
3.
2.
Create and send a new meeting request. Invite the Adventure Works Project group, and select the
Adventure Works Conference Rooms room list. Specify ProjectRoom as the room.
3.
On VAN-EX1, open Outlook Web App, log on as Adatum\George, using the password Pa$$w0rd,
and accept the meeting request message. Send the response now.
Results: After this exercise, you should have completed all of the assigned tasks, which include creating a
mailbox, creating a resource mailbox, moving a mailbox, creating a contact, and creating a moderated
distribution group.
2.
2.
Apply to all recipients with a company attribute of Adventure Works the Adatum.com domain.
b.
c.
In the Exchange Management Console, view the properties for George Schaller, and modify his
company description to Adventure Works.
2.
Confirm that George Schaller has an email address that uses the adventure-works.com domain.
Results: After this exercise, you should have created an email address policy for Adventure Works users.
2.
3.
4.
5.
Create a new offline address book for the Adventure Works address list.
6.
7.
Create the address book policy for the Adventure Works users.
2.
In the Mailbox node of the Organization Configuration work center, create a new address list named
Companies with no recipients.
Create a new address list Adventure Works in Companies for all recipients with the Company
Adventure Works.
Create a new address list A Datum in Companies for all recipients with the Company A. Datum.
Task 4: Verify the new address list is available in Microsoft Office Outlook
1.
2.
Verify that the address book contains the address lists for A. Datum and Adventure Works.
3.
Close Outlook.
Task 5: Create a new offline address book for the Adventure Works address list
1.
2.
Create a new offline address book named Adventure Works with the Adventure Works address list,
and enable distributions through Web-based distribution and public folders. Use the OAB folder on
VAN-EX1 for Web-based distribution.
3.
Task 7: Create the address book policy for the Adventure Works users
In the Exchange Management Console, create a new address book policy with the following
configuration:
Results: After this exercise, you should have created an address list for the A. Datum and Adventure
Works users, and an offline address book for each organization.
Add a header line to the .csv file exported from the Human Resources (HR) system.
Modify the CreateUsersLab.ps1 script, and import Adventure Works users from a .csv file.
Define mailbox limits for all users in the Adventure Works company.
Add a header line to the .csv file exported from the Human Resources (HR) system.
2.
Modify the CreateUsersLab.ps1 script to Adventure Works users from a .csv file.
3.
4.
5.
Task 1: Add a header to the .csv file exported from the Human Resources (HR) system
1.
2.
3.
FirstName
LastName
Password
2.
3.
Configure the alias to be the first name and last name, with no space between the names.
Configure the display name to be the first name and last name, with a space between the names.
2.
2.
Run D:\Labfiles\CreateUsersLab.ps1.
Use the Get-User cmdlet to retrieve all users in the AdventureWorks OU, and then pipe the results to
the Set-User cmdlet to set the Company attribute to Adventure Works.
2.
3.
4.
OrganizationalUnit: AdventureWorks
Set mailbox limits by piping the list of mailboxes to the Set-Mailbox cmdlet:
IssueWarningQuota 4GB
ProhibitSendQuota 5GB
Configure the Adventure Works mailboxes to use the Adventure Works ABP address book policy
Results: After this exercise, you should have created all of the additional Adventure Works users with an
Exchange Management Shell script, and then have set the storage quota.
2.
Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3.
4.
In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.
5.
To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Note Start the VAN-DC1 virtual machine first, and ensure that it is fully started before
starting the other virtual machines.
6.
Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.
7.
Wait for VAN-EX2 to start, and then start VAN-CL1. Connect to the virtual machine.
Module 4
Lab Instructions: Managing Client Access
Contents:
Lab A: Configuring Client Access Servers for Outlook Anywhere Access
Exercise 1: Configuring Client Access Servers
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1.
On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2.
3.
If required, connect to the virtual machines. Log on to VAN-DC1, VAN-EX1, and VAN-EX2 as
Adatum\Administrator, using the password Pa$$w0rd. Do not log on to VAN-CL1 at this point.
Lab Scenario
You are working as a messaging administrator in A. Datum Corporation. Your organization has decided to
deploy Client Access servers so that the servers are accessible from the Internet for a variety of messaging
clients. To ensure that the deployment is as secure as possible, you must secure the Client Access server,
and configure a certificate on the server that will support the messaging client connections. You also need
to configure the server to support Outlook Anywhere connections.
2.
3.
4.
Import and assign the IIS Exchange service to the new certificate.
5.
On VAN-EX2, open the Exchange Management Console and configure an External Client Access
Domain named mail.Adatum.com.
2.
3.
Verify that the External Client Access Domain was applied to the owa (Default Web Site) virtual
directory.
2.
On VAN-EX2, run the New Exchange Certificate Wizard using the following configuration options:
Organization: A Datum
Country/region: Canada
City/locality: Vancouver
State/province: BC
2.
3.
4.
View the certificate. Verify that the certificate includes several subject alternative names, and then
click OK.
In the Exchange Management console, use the Complete Pending Request Wizard to import the
Adatum Mail certificate.
2.
In the Exchange Management console, use the Assign Services to Certificate Wizard to assign the
Adatum Mail certificate to the Internet Information Services service.
2.
Open Microsoft Outlook 2010, and verify that a profile is automatically created for Molly.
3.
In Microsoft Outlook, click File, and then click Account Settings. Verify that the Outlook profile is
configured to use VAN-EX2 as the mailbox server.
Results: After this exercise, you should have configured the security settings for VAN-EX2 by using the
Security Configuration Wizard, and installed a server certificate from the internal CA on the server. You
should have also verified Outlook client connectivity to the Exchange server.
2.
3.
4.
On VAN-DC1, create a new host record for Mail.adatum.com using an IP address of 10.10.0.21.
On VAN-EX2, verify that the RPC over HTTP Proxy feature is installed.
2.
3.
4.
Restart VAN-EX2 and log back on as Administrator with the password Pa$$w0rd.
2.
Modify the profile for Molly to connect to Microsoft Exchange using HTTP.
3.
4.
On fast networks, connect using HTTP first, then connect using TCP/IP: enable
On slow networks, connect using HTTP first, then connect using TCP/IP: enable (default)
Close Outlook.
On VAN-CL1, open Outlook and verify that you are connected to the Exchange server.
2.
Press and hold Ctrl, and then right-click the Office Outlook icon in the Windows 7 notification area.
Confirm that the Conn column lists HTTPS as the connection method. You may need to click the up
arrow in the Windows 7 notification area to view the Office Outlook icon.
3.
Use the E-mail AutoConfiguration tool to review the settings Autodiscover provided to the client.
4.
Results: After this exercise, you should have enabled Outlook Anywhere on VAN-EX2, and configured a
client profile to use Outlook Anywhere. You also verified the Outlook Anywhere functionality.
Do not shut down the virtual machines and revert them to their initial state when you finish this lab.
This modules last lab requires the virtual machines for completion.
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1.
On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2.
3.
Lab Scenario
To enable client access to the server, your organization has decided to enable both Outlook Web App and
Exchange ActiveSync for its users. However, the security officer at A. Datum Corporation has defined
security requirements for the Outlook Web App and Exchange ActiveSync deployment. Therefore, you
need to enable the security features for both Outlook Web App and Exchange ActiveSync.
2.
3.
Configure an Outlook Web App Mailbox Policy for the Branch Managers.
4.
On VAN-EX2, in Internet Information Services (IIS) Manager, verify that the owa virtual directory
under the Default Web Site is configured to require SSL.
2.
Verify that the Default Web Site is configured to use the Adatum Mail Certificate.
On VAN-EX2, in Exchange Management Console, verify that the owa virtual directory is configured to
use forms-based authentication. Modify the forms-based authentication to use the user name only
and to use the Adatum.com domain automatically.
2.
3.
Use the set-owavirtualdirectory owa (Default Web Site) ForceSaveFileTypes .doc cmdlet to
force all users to save Word documents before opening them.
4.
Use the set-owavirtualdirectory owa (Default Web Site) GzipLevel Off cmdlet to disable GZip
compression.
5.
Use the Set-OwaVirtualDirectory -identity Owa (Default Web Site) FilterWebBeaconsAndHtmlForms ForceFilter cmdlet to block all Web beacons and HTML forms.
6.
Task 3: Configure an Outlook Web App Mailbox Policy for the branch managers
1.
Create a new Outlook Web App Mailbox policy, and configure the policy with the name Branch
Managers Policy.
2.
Configure the policy to prevent branch managers from changing their password.
3.
Apply the policy to all users in the Branch Managers organization unit (OU).
2.
Log on to Outlook Web App as Adatum\Sharon using the password Pa$$w0rd. Sharon is not in the
Branch Managers OU.
3.
Verify that the Tasks folder is not displayed in the user mailbox, and that Sharon cannot configure a
new Inbox rule in the ECP.
4.
Connect to OWA again, and log on as Adatum\Johnson using the password Pa$$w0rd. Johnson is
in the Branch Managers OU.
5.
Verify that the Tasks folder is listed in the user mailbox, but that Johnson is not able to change his
password.
Results: After this exercise, you should have configured Outlook Web App on VAN-EX2. This
configuration includes assigning the internal CA certificate to the Default Web Site, and configuring
Outlook Web App settings for all users, as well as for specific users. You also should have verified the
Outlook Web App settings.
2.
On VAN-EX2, in Exchange Management Console, review the configuration for the Microsoft Server
ActiveSync virtual directory on VAN-EX2.
On VAN-EX2, in Exchange Management Console, create a new Exchange ActiveSync Mailbox policy
with the following configuration:
Require passwords
2.
3.
Results: After this exercise, you should have configured the Exchange server environment to support
Exchange ActiveSync. You first verified that Exchange ActiveSync worked, and then enhanced the security
configuration by creating a more secure Exchange ActiveSync Mailbox policy, and by enabling SSL for all
Exchange ActiveSync connections.
2.
Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3.
4.
In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.
5.
To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.
6.
Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.
7.
Wait for VAN-EX1 to start, and then start VAN-EX2. Connect to the virtual machine.
Module 5
Lab Instructions: Managing Message Transport
Contents:
Exercise 1: Configuring Internet Message Transport
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1.
On the host computer, click Start, point to Administrative Tools, and click Hyper-V Manager.
2.
Ensure that the 10135B-VAN-DC1, 10135B-VAN-EX1, and the 10135B-VAN-EX2 virtual machines are
running:
3.
If required, connect to the virtual machines. Log on to VAN-DC1, VAN-EX1 and VAN-EX2 as
Adatum\Administrator, using the password Pa$$w0rd.
Lab Scenario
You are a messaging administrator in A Datum Corporation., which is a large multinational organization
that has offices in London, Tokyo, and Vancouver, which is its headquarters. Your organization has
deployed Exchange Server 2010 in two of its sites. However, all Internet messages should flow through the
main site in Vancouver. As part of your job responsibilities, you need to set up the message transport to
and from the Internet and also ensure that the message flow works within and between the various sites.
2.
3.
4.
2.
3.
4.
5.
Change the IP address to 10.10.11.21, and then click OK. Click Close.
6.
Click the Start button, and then click Restart. In the Comment field, type Lab restart, and then
click OK.
7.
After the system is restarted, log on to VAN-EX2 as Adatum\Administrator, using the password
Pa$$w0rd.
Note
2.
Use: Internet
Address space: *
2.
Use: Custom
Change the configuration on the Internet Receive Connector to enable anonymous users to send
email and to enable verbose logging.
2.
3.
4.
Verify that anti-spam configuration options are now available on VAN-EX1 and at the organization
level.
On VAN-EX1, log on to Outlook Web App as Wei, and then send a message to Info@Internet.com.
2.
From the Toolbox node in the Exchange Management Console, open the Queue Viewer. Check the
queues on VAN-EX1 to verify that the message was delivered.
3.
On VAN-DC1, use Telnet to verify that VAN-EX1 accepts anonymous messages. Use Telnet to send a
message as Info@internet.com to WeiYu@adatum.com.
Results: After this exercise, you should have configured message transport to send and receive messages
to and from the Internet using a smart host. You also should have configured anti-spam functionality on a
Hub Transport server.
Check the routing log, and verify that mail delivery works correctly.
2.
Task 1: Check the routing log, and verify that mail delivery works correctly
1.
On VAN-EX1, use the Routing Log Viewer to verify that VAN-EX1 is located in the Default-First-SiteName site, and the VAN-EX2 is located in the Site2 site.
2.
Log on to Outlook Web App as Wei, and send an email to Anna, whose mailbox is on VAN-EX2.
Verify that the mail is received and that Anna can respond to the email.
2.
Send another email from Wei to Anna. Verify that the message is not delivered.
3.
4.
5.
6.
7.
Results: After this exercise, you should have used the Routing Log Viewer to get an overview of your
routing topology. For troubleshooting, you should have used the Queue Viewer and Telnet to investigate
the mail-flow problem.
2.
3.
On VAN-EX2, log on to Outlook Web App as Anna and send a message to Info@Internet.com.
Connect to the Exchange Control Panel as Anna, and use the Delivery Reports page to track the
message she sent. Search for messages sent to Info@Internet.com.
2.
3.
On VAN-EX1, in the Exchange Management Console, in the Toolbox node, access Message
Tracking.
4.
Log on to Exchange Control Panel as Administrator, and track the message that Anna sent. Verify
that the message state is pending.
5.
Use Mail Flow Troubleshooter to troubleshoot mail problems. When starting the Mail Flow
Troubleshooter, choose the option to troubleshoot the Messages are backing up in on one or more
queues on a server. Choose VAN-EX1 as the Exchange Server. Review the information on each wizard
page, and identify the proposed root cause for the issue.
6.
7.
8.
Results: After this exercise, you should have used tools like Mail Flow Troubleshooter, Queue Viewer,
Message Tracking, and nslookup to investigate why messages are not delivered to the Internet.
2.
Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3.
4.
In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.
5.
To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.
6.
Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.
7.
Wait for VAN-EX1 to start, and then start VAN-SVR1. Connect to the virtual machine.
Module 6
Lab Instructions: Implementing Messaging Security
Contents:
Lab A: Configuring Edge Transport Servers and
Forefront Protection 2010 for Exchange Server
Exercise 1: Configuring Edge Transport Servers
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1.
On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2.
Ensure that the 10135B-VAN-DC1, 10135B-VAN-EX1, and the 10135B-VAN-SVR1 virtual machines are
running:
3.
4.
5.
On the host computer, in Hyper-V Manager, click VANSVR1, and in the Actions pane, click Settings.
6.
Click DVD Drive, click Image file, and then click Browse.
7.
8.
Click OK.
9.
Lab Scenario
You are a messaging administrator in A. Datum Corporation, which is a large multinational organization.
Your organization has deployed Exchange Server 2010 internally, and now must extend it so that
everyone within the corporation can send and receive Internet email.
As part of your job responsibilities, you need to set up an Edge Transport server, and then install an
antivirus solution to scan all mail.
2.
3.
Verify that EdgeSync is working and that Active Directory Lightweight Directory Services contains
data.
4.
On VAN-SVR1, install the Edge Transport Server role by using the command d:\Setup /mode:install
/role:EdgeTransport in Command Prompt.
2.
Restart VAN-SRV1, logon as Administrator, using the password Pa$$w0rd, and then open Exchange
Management Console.
Create a new Edge Subscription on the Edge Transport server by using the New-EdgeSubscription FileName c:\VAN-SVR1.xml cmdlet.
2.
3.
On VAN-EX1, in the Exchange Management Console, add the edge subscription to the Hub Transport
server by using the following configuration:
Task 3: Verify that EdgeSync is working and that Active Directory Lightweight
Directory Services contains data
1.
2.
3.
Run the Get-User -Identity Wei | ft Name, GUID cmdlet to obtain the globally unique identifier
(GUID) for Wei Yu.
4.
On VAN-SVR1, open LDP, and then connect to VAN-SVR1 using port 50389.
5.
Open the CN=Recipients,OU=MSExchangeGateway container and verify that Wei Yus GUID is
listed.
On VAN-EX1, use Exchange Management Console to configure EdgeSync - Default-First-SiteName to Internet Send Connector to use 10.10. 0.10 as a smart host for email delivery.
2.
Log on to Microsoft Outlook Web App as Adatum\Wei, and send a test message to the Internet to
verify it is working. If you do not receive a non-delivery report, the message has been sent outside the
organization.
Results: After this exercise, you should have installed an Edge Transport server role, and configured Edge
Synchronization between a Hub Transport and an Edge Transport server.
2.
3.
2.
On VAN-SVR1, install Forefront Protection 2010 for Exchange Server. Accept all defaults, except
choose to enable anti-spam later.
2.
3.
On the Policy Management pane, expand Global Settings, and then click Advanced Options.
4.
Increase the value of Maximum nested depth compressed files to 10 and Maximum nested
attachments to 50.
Change the update schedule for Norman Virus Control to update at 00:30 every day.
Results: After this exercise, you should have installed Forefront Protection 2010 for Exchange Server and
configured it.
Do not shut down the virtual machines and do not revert them to their initial state when you finish
this lab. The virtual machines are required to complete this modules last lab.
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1.
On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2.
Ensure that the 10135B-VAN-DC1, 10135B-VAN-EX1, and the 10135B-VAN-SVR1 virtual machines are
running.
3.
Lab Scenario
You are a messaging administrator in A. Datum Corporation, which is a large multinational organization.
After configuring the Edge Transport server and installing an antivirus solution, you must implement an
anti-spam solution.
2.
3.
4.
5.
Task 1: Configure Domain Name System (DNS) for Internet message delivery
1.
2.
On VAN-SVR1, configure the content filtering settings to not reject any messages based on
SCL values.
2.
3.
On VAN-EX1, in the Exchange Management Shell, run d:\labfiles\Lab6Prep.ps1. This script will send
11 messages from VAN-SVR1 with the following SCL ratings.
Mail Sender
SCL Level
Msg1@contoso.com
Msg2@contoso.com
Msg3@contoso.com
Msg4@contoso.com
Msg5@contoso.com
Msg6@contoso.com
Msg7@contoso.com
Msg8@contoso.com
Msg9@contoso.com
Msg10@contoso.com
Msg11@contoso.com
4.
Log on to Outlook Web App as Wei and verify that three messages were sent to the user mailbox,
and that eight messages were sent to the Junk E-mail folder.
5.
View the message details for one of the messages to verify the SCL value assigned to the message.
On VAN-SVR1, configure content filtering to reject messages that have a SCL rating greater than or
equal to 7.
2.
On VAN-EX1, run the D:\labfiles\Lab6Prep.ps1 script to send the test messages again.
3.
Log on to Outlook Web App on VAN-EX1 as Wei. Verify that three messages are delivered to the
Inbox and no messages are delivered to the - folder in Weis mailbox. Delete the messages in the
Inbox.
2.
3.
Verify that all messages are delivered to the Inbox in Weis mailbox. The SCL rating should be -1.
Configure an IP Block List Provider named Spamhaus that uses zen.spamhaus.org as the lookup
domain.
Results: After this exercise, you should have configured different SCL levels, and verified the behavior of
junk mail in user mailboxes. You should also have configured a Block List Provider.
2.
Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3.
4.
In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.
5.
To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.
6.
Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.
7.
Wait for VAN-EX1 to start, and then start VAN-EX2. Connect to the virtual machine.
8.
Wait for VAN-EX2 to start, and then start VAN-EX3. Connect to the virtual machine.
Module 7
Lab Instructions: Implementing High Availability
Contents:
Exercise 1: Deploying a DAG
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1.
On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2.
3.
Lab Scenario
You are the messaging administrator for A. Datum Corporation. You have completed the basic installation
for three Exchange servers. Now you must complete the configuration so that they are highly available.
2.
3.
4.
Task 1: Create a DAG named DAG1 by using the Exchange Management Shell
1.
2.
Use the New-DatabaseAvailabilityGroup cmdlet to create a DAG with the following information:
Name: DAG1
WitnessServer: \\VAN-DC1\FSWDAG1
WitnessDirectory: C:\FSWDAG1
IP Address: 10.10.0.80
3.
4.
5.
2.
On the Database Management tab, add a mailbox database copy of Accounting to VAN-EX2.
On VAN-EX1, view the properties of the Accounting database, and ensure its status is Healthy.
Results: After this exercise, you should have created a DAG and a mailbox database copy of the
Accounting database. The Accounting database copy on VAN-EX2 should remain in a suspended state.
2.
2.
On VAN-EX1, use the Exchange Management Shell to retrieve a list of all of the databases with the
Get-MailboxDatabase | ft Name, Server, RPC* cmdlet.
2.
3.
At the PS prompt, use the Get-MailboxDatabase | ft Name, Server, RPC* cmdlet to verify the
correct setting.
Results: At the end of this exercise, you should have created a client access array and assigned it to the
databases.
2.
3.
4.
5.
6.
Verify that the messages were removed from the shadow redundancy queue.
7.
Verify the copy status of the Accounting database copy and resume the database copy.
8.
Perform a switchover on the Accounting database to make the VAN-EX2 copy active.
9.
2.
Create an SMTP send connector named Internet Mail, and then configure an address space of * for
the connector.
3.
Add VAN-DC1.adatum.com as the Smart host for the connector, and VAN-EX1 and VAN-EX2 as the
source servers.
On VAN-EX1, log on to Outlook Web App as Adatum\Jason with the password Pa$$w0rd.
2.
2.
Connect to VAN-EX1 and VAN-EX2 to locate which server queues the email sent from Jason.
3.
4.
Task 5: Start SMTP service on VAN-DC1 to allow delivery of the queued message
1.
2.
Task 6: Verify that the messages were removed from the shadow redundancy queue
1.
2.
Connect to VAN-EX3, where the message was queued in the shadow redundancy queue, and then
verify that it is no longer queued.
Task 7: Verify the copy status of the Accounting database, and resume the database
copy
1.
2.
3.
Resume the database copy on VAN-EX2, and wait until the copy status is Healthy.
2.
3.
Select the Accounting database on VAN-EX2, and then activate the copy.
On VAN-EX1, open the Exchange Management Console, and view the status of the Accounting
database.
2.
3.
Results: After this exercise, you should have verified that the mailbox databases could fail over and switch
between DAG servers, and that Hub Transport shadow redundancy is working properly.
2.
Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3.
4.
In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.
5.
To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it starts fully before
starting the other virtual machines.
6.
Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.
7.
Wait for VAN-EX1 to start, and then start VAN-SVR1. Connect to the virtual machine.
Module 8
Lab Instructions: Implementing Backup and Recovery
Contents:
Exercise 1: Backing Up Exchange Server 2010
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1.
On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2.
Ensure that the 10135B-VAN-DC1, 10135B-VAN-EX1, and the 10135B-VAN-SVR1 virtual machines are
running:
3.
4.
5.
In Microsoft Hyper-V Manager, click VANSVR1, and, in the Actions pane, click Settings.
6.
Click DVD Drive, click Image file, and then click Browse.
7.
8.
Click OK.
9.
Lab Scenario
You are a messaging administrator for A. Datum Corporation. Your organization has deployed Exchange
Server 2010. You now want to ensure that all Exchange Server-related data is backed up and that you can
restore not only the full server or database, but also a mailbox or mailbox folder.
Populate a mailbox.
2.
3.
On VAN-EX1, log on to Parnas mailbox by using Outlook Web App. Use the logon name
Adatum\Parna and the password Pa$$w0rd.
2.
3.
Task 2: Perform a backup of the mailbox database by using Windows Server Backup
1.
2.
Perform a custom backup of the C:\ drive by using a VSS full backup. Store the backup files on
\\VAN-DC1\Backup.
Log on to Georges mailbox by using the logon name Adatum\George and the password Pa$$w0rd,
and then delete the message from Parna.
2.
Log on to Parnas mailbox by using the logon name Adatum\Parna and the password Pa$$w0rd,
and then delete all messages from the Sent Items folder.
Results: After this exercise, you should have created a backup of an Exchange Server database, and
deleted messages.
2.
3.
On VAN-EX1, using Windows Server Backup, recover the Exchange Server databases to an alternate
location: C:\DBBackup.
On VAN-EX1, create a recovery database by using the restored database in C:\DBBackup. Use the
following command to create the recover database:
New-MailboxDatabase -Name RecoverDB -Server VAN-EX1 -EDBFilePath
c:\DBBackup\C_\Program Files\Microsoft\Exchange Server\V14
\Mailbox\Accounting\Accounting.edb -Logfolderpath c:\DBBackup
\C_\Program Files\Microsoft\Exchange Server\V14\Mailbox
\Accounting-Recovery
2.
3.
4.
List all mailboxes that are in the recovery database by using the Get-MailboxStatistics -Database
RecoverDB command.
2.
Verify that you restored the message in the Sent Items folder by logging onto Parnas mailbox.
3.
Results: After this exercise, you should have created a recovery database, and restored a complete
mailbox from the recovery database to their original locations.
2.
3.
4.
5.
2.
Using Active Directory Users and Computers, reset the VAN-EX1 computer account.
2.
2.
On the restored VAN-EX1, in the Exchange Management Console, mount the mailbox databases and
public folder database.
2.
Results: After this exercise, you should have recovered a complete Exchange server by using a different
Windows Server, renaming it, installing Exchange Server in /m:RecoverServer mode, and recovering the
Exchange Server database from a backup. You have also tested the recovery.
2.
Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3.
4.
In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.
5.
To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.
6.
Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.
7.
Wait for VAN-EX1 to start, and then start VAN-EX2. Connect to the virtual machine.
8.
Wait for VAN-EX2 to start, and then start VAN-CL1. Connect to the virtual machine.
Module 9
Lab Instructions: Configuring Messaging Policy and
Compliance
Contents:
Lab A: Configuring Transport Rules, Journal Rules, and Multi-Mailbox
Search
Exercise 1: Configuring Transport Rules
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1.
On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2.
3.
If required, connect to the virtual machines. Log on to VAN-DC1, VAN-EX1, and VAN-EX2 as
Adatum\Administrator using the password Pa$$w0rd.
4.
Lab Scenario
You are a messaging administrator in A. Datum Corporation. Your organization has deployed Exchange
Server 2010.
The legal and audit departments at A. Datum provided you with several requirements for implementing
messaging policy and compliance. These requirements include applying rights protection to some
messages sent inside and outside the organization, restricting message flow based on information in
message subjects, and restricting which messages are sent to critical distribution lists. You also must
ensure that you establish a separate and secure mailbox in which to retain all messages that the legal
department sends and receives. Additionally, an auditor must be able to retrieve all messages sent and
received by users with legal hold enabled.
All messages sent to users on the Internet must have a disclaimer that the legal department approves.
External messages with the term customer in the message subject or body must be copied to the
CustomerService distribution group unless a member of the CustomerService group sent the
message.
All messages with the words confidential or private in the subject must have the Do Not Forward
AD RMS template applied.
A member of the Marketing group must approve all messages sent to the All Company distribution
list before the message is delivered.
Create a transport rule that adds a disclaimer to all messages sent to the Internet.
2.
Create a transport rule that for the CustomerService distribution group Enable AD RMS integration
for the organization.
3.
Configure a transport rule that applies the Do Not Forward AD RMS template to all messages with the
words confidential or private in the subject.
4.
5.
On VAN-EX1, click Start, point to All Programs, point to Microsoft Exchange Server 2010, and
then click Exchange Management Console.
2.
Expand Microsoft Exchange On-Premises, expand Organization Configuration, and then click
Hub Transport.
3.
4.
On the Introduction page, type Internet Connector as the connector name. In the Select the
intended use for this Send connector drop-down list, click Internet, and then click Next.
5.
6.
In the Address field, type *, click OK, and then click Next.
7.
On the Network settings page, click Route mail through the following smart hosts, and then
click Add.
8.
In the IP address field, type 10.10.0.10, click OK, and then click Next.
9.
10. On the Source Server page, click Next, click New, and then click Finish.
Task 1: Create a transport rule that adds a disclaimer to all messages sent to the
Internet
Disclaimer text: This e-mail is intended solely for the use of the individual to whom it is
addressed
Use the following settings to create a new transport rule that sends a copy of all messages sent to the
Internet with the term customer in the message body or subject to the CustomerService distribution
group:
Condition: Sent to users outside the organization, and where the subject or message body
contain the word customer
On VAN-DC1, grant the Exchange Servers group and the IIS_IUSRS read and execute permission to
the C:\inetpub\wwwroot\_wmcs\certification\ servercertification.asmx file.
2.
3.
Task 5: Configure a transport rule that applies the Do Not Forward AD RMS template
to all messages with the words confidential or private in the subject
2.
On VAN-CL1, verify that you are logged on as Adatum\Luca, and then open Office Outlook 2007.
2.
Send two messages to Carol@contoso.com. The first message should contain no settings, and the
second message should have the term customer in the subject.
3.
On VAN-DC1, open Windows Explorer. Browse to the C:\inetpub\mailroot\queue folder. Open the
first EML file with Notepad. Scroll to the middle of the message, and verify that the disclaimer has
been added to the message.
4.
On VAN-CL1, connect to the Outlook Web App site on VAN-EX1. Log on as Anna. Verify that the
member of the CustomerService group was copied on the message sent by Luca.
5.
In Outlook, create a new message, and send it to the All Company distribution group.
6.
Connect to the Outlook Web App site on VAN-EX1. Log on as Andreas. Approve the message.
7.
In Outlook, verify that the message to the All Company distribution list has arrived.
8.
In Outlook Web App, logged on as Andreas, create a new message with a subject of Private. Send
the message to Luca.
9.
In Outlook, verify that Luca received the message and that it has the Do Not Forward template
applied. Verify that the Forward option is not available on the message.
Results: After this exercise, you should have configured a transport rule that ensures that all messages
sent to users on the Internet includes a disclaimer of which the legal department approves. Additionally,
you should have configured a transport rule that ensures that messages with a Company Confidential
classification are not sent to the Internet, and you should have configured a transport rule that applies the
Do Not Forward AD RMS template to all messages with the words confidential or private in the
subject. Lastly, you should have configured a moderated group by using the All Company distribution
group.
A copy of all messages sent to and from the Executives group will be saved. The journal mailbox
should be accessible only with a special auditor account.
Implement an auditor account that has permission to search all user mailboxes and access the
journaled Executive messages.
Verify that legal hold can be applied to user mailboxes and that messages deleted from mailboxes on
legal hold can be recovered through a discovery search.
2.
Create a journal rule that saves a copy of all messages sent to and from Executives department
members.
3.
4.
5.
Test the journal rule, Multi-Mailbox Search, and legal hold configuration.
Password: Pa$$w0rd
Task 2: Create a journal rule that saves a copy of all messages sent to and from
Executives department members
Scope: Global
Password: Pa$$w0rd
2.
Grant the Mailbox Auditor account full access to the Executives Journal Mailbox and Discovery
Management Mailbox mailboxes.
3.
Add the Mailbox Auditor account to the Discovery Management Active Directory group.
On VAN-EX1, in the Exchange Management Console, enable legal hold for George Schallers mailbox.
2.
Create a new message, and then send it to Marcel Truempy. Marcel is a member of the Executives
group.
3.
Connect to Outlook Web App as Marcel, and confirm that the message was delivered. Reply to the
message.
4.
Connect to Outlook Web App as MailboxAuditor. Right-click Mailbox Auditor, and then click Open
Other Users Inbox. Open the Executives Journal Mailbox and verify that the two journaled
messages are in the Inbox.
5.
Message body: Here is the order for Carol at Contoso. Her customer number is 1111-1111.
6.
Connect to Outlook Web App as George Schaller and purge the message from Luca.
7.
8.
Create a new search named Customer Number Discovery. Configure the search to look for the
phrase customer number in George Schaller and Luca Dellamores mailboxes.
9.
Wait until the search finishes, and then in the bottom right pane, click the Open link. In Outlook Web
App, verify that the discovery folder named Customer Number Discovery contains two subfolders
and contains the discovered messages, including the messages deleted by George.
Results: After this exercise, you should have created a mailbox for the Executives department journaling
messages, and then created a journal rule that saves a copy of all messages sent to and from Executives
department members. You also should have created and configured the MailboxAuditor account.
Do not shut down the virtual machines and revert them to their initial state when you finish this lab.
The virtual machines are required to complete this modules last lab.
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1.
On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2.
Ensure that the 10135B-VAN-DC1, 10135B-VAN-EX1, and the 10135B-VAN-CL1 virtual machines are
running:
3.
Lab Scenario
You are the messaging administrator for A. Datum Corporation. Your organization has deployed Exchange
Server 2010.
The legal and audit departments at A. Datum provided you with several requirements for implementing
messaging policy and compliance. First, you must enable Personal Archives for all of the users in the
Marketing department. Additional requirements include configuring rules that will ensure that some
messages are retained for an extended period, while other messages are deleted when they expire.
Create an archive mailbox for all members of the Marketing and Executives groups.
2.
Verify that the archive mailbox was created for members of the Marketing group.
Task 1: Create an archive mailbox for all members of the Marketing group
On VAN-EX1, in the Exchange Management Console, under Recipient Management, click Mailbox.
Sort the mailbox list by organizational unit, select all of the users in the Executives and Marketing
OUs, and then create an archive mailbox for them.
Task 2: Verify that the archive mailbox was created for members of the Marketing
group
Log on to Outlook Web App as Manoj, and then verify that the archive mailbox was created.
Results: After this exercise, you should have configured archive mailboxes for all members of the
Marketing group.
Items in a users Deleted Items mailbox folder must be permanently deleted after 30 days.
Items in a users mailbox that have no other retention tag applied must be moved to archive after 365
days.
Users in Executives groups must be able to apply a Business Critical tag to specific items in their
mailboxes. These items should be moved to archive after 3 years.
To test this implementation, the executives have approved a pilot project to use retention policies for the
Marketing and Executives groups.
The main tasks for this exercise are:
1.
2.
3.
10
Use the Exchange Management Console to create a retention tag named Adatum Deleted Items,
that removes items from Deleted Items folder after 30 days.
2.
Use the Exchange Management Console to create a retention tag named Adatum
DefaultMoveToArchive that moves items to Archive after 365 days, if they are not tagged with
another retention tag.
3.
Create a retention tag for Personal folders that can be applied to personal items, and that retains
messages for 3 years before moving to archive. Name the tag Adatum BusinessCritical.
Task 2: Create and configure retention policies for the Marketing group
1.
Create a new retention policy by using the Exchange Management Console. Name the retention
policy Marketing Group Retention.
2.
Add the Adatum Deleted Items and Adatum DefaultMoveToArchive retention tags to the
Marketing Group Retention policy.
3.
Apply the Marketing Group Retention policy to mailboxes in the Marketing OU.
Task 3: Create and configure retention policies for the Executives group
1.
Create a new retention policy by using the Exchange Management Console. Name the retention
policy Executive Group Retention.
2.
Use the Exchange Management Console to add the Adatum Deleted Items, Adatum
BusinessCritical, and Adatum DefaultMoveToArchive retention tags to the retention policy.
3.
Apply the Executive Group Retention policy to mailboxes in the Executives OU.
Results: After this exercise, you should have configured Retention Tags and retention policies for the
Marketing and Executives groups.
2.
Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3.
4.
In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.
5.
To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the 10135B-VAN-DC1 virtual machine first, and ensure that it is fully
started before starting the other virtual machines.
6.
Wait for 10135B-VAN-DC1 to start, and then start 10135B-VAN-EX1. Connect to the virtual machine.
7.
Wait for 10135B-VAN-EX1 to start, and then start 10135B-VAN-EX2. Connect to the virtual machine.
Module 10
Lab Instructions: Securing Microsoft Exchange Server 2010
Contents:
Exercise 1: Configuring Exchange Server Permissions
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1.
On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2.
Ensure that the 10135B-VAN-DC1, 10135B-VAN-EX1, and the 10135B-VAN-EX2 virtual machines are
running:
3.
4.
The 10135B-VAN-TMG and the 10135B-VAN-CL1 virtual machines will be started later in this lab:
Lab Scenario
A. Datum Corporation has deployed Exchange Server 2010. The company security officer has provided
you with a set of requirements to ensure that the Exchange Server deployment is as secure as possible.
The specific concerns included in the requirements include:
Exchange Server administrators should have minimal permissions. This means that, whenever possible,
you should delegate Exchange Server management permissions.
Any configuration changes made to the Exchange server environment should be audited. The audit
logs must be available for inspection by company auditors.
The organization must have the option of auditing all non-owner access to user mailboxes. The audit
logs must be available for inspection by company auditors.
Ensure that client connections to the Client Access servers are as secure as possible by deploying a
TMG server.
Members of the ITAdmins group can administer individual Exchange servers, but they should not be
able to modify any of the Exchange Server organization settings.
Members of the HRAdmins group must be able to manage mail recipients throughout the entire
organization. They should not be able to manage distribution groups and should not be able to
create new mailboxes.
Members of the SupportDesk group should be able to manage mailboxes and distribution groups for
users in the organization. They should also be able to create new mailboxes.
2.
3.
On VAN-EX1, in Active Directory Users and Computers, add the ITAdmins group to the Server
Management group.
On VAN-EX1, open the Exchange Management Shell. Use the following command to create the
HRAdmins role group:
2.
3.
On VAN-EX1, open the Exchange Management Console. Access the Role Based Access Control
(RBAC) User Editor from the Exchange Management Console Toolbox node. Log on as
Adatum\administrator using the password Pa$$w0rd.
4.
5.
On VAN-EX2, log on as Shane. Shane is a member of the ITAdmins group. Open Exchange
Management Console and verify that the account has the following permissions:
Can modify the Issue warning at (KB) setting for the Accounting mailbox database.
Cannot modify Hub Transport settings at the organization level. For example, try to modify the
accepted domain settings.
Cannot modify recipient settings. For example, try modifying any properties on one of the
mailboxes.
2.
3.
Can modify mailbox settings for users by using the Exchange Control Panel. For example, try
modifying the department attribute for Andreas Herbinger.
Can modify distribution lists using the Exchange Control Panel. For example, add a group
description for the Accounting group.
Note You cannot create or delete user accounts and mailboxes in Exchange Control Panel.
If you want to test whether Anna can create user accounts and mailboxes, add Anna to the
local Administrators account on VAN-EX2, and log on to VAN-EX2 as Anna. Then open
Exchange Management Console and verify that you can create a mailbox. In a production
environment, you could install the Exchange Management tools on a Windows 7 client
computer.
4.
Close Internet Explorer, and open it again and connect to https://van-ex1.adatum.com/ecp. Log on
as Adatum\Paul, and verify that the account has the following permissions:
Can modify mailbox settings for users by using the Exchange Control Panel.
2.
3.
4.
5.
6.
7.
1.
2.
Grant all users in the CustomerService OU Full Access and SendAs permission to the Info mailbox.
Open the Exchange Management Shell, and then run the following cmdlet to enable mailbox audit
logging for the support mailbox:
Set-Mailbox -Identity "Info" -AuditDelegate SendAs,SendOnBehalf
-AuditEnabled $true
2.
3.
Create a new message, and then send it from the Info@Adatum.com account to Administrator.
2.
Open Roles&Auditing, click Auditing, and then run a non-owner mailbox access report for the
Info@Adatum.com mailbox. Include a date range from yesterdays date to tomorrows date, and then
select the All non-owners option when running the report.
3.
2.
On VAN-EX1, open the Exchange Management Console, expand Recipient Management, and then
click Mailbox.
2.
Open the Properties dialog box for Michiyo Sato, and change retention period for deleted items
to 20 days. Save changes.
2.
Verify that you see a result for the event logged from Task 6.
Results: After this exercise, you should have configured audit logging.
On the host computer, in Hyper-V Manager, right-click 10135B-VAN-EX2, click Revert, and then
click Revert.
2.
3.
Results: After this exercise, you should have configured and verified permissions in the Exchange Server
deployment.
Request a server certificate with multiple storage area networks (SANs) on the Client Access server.
2.
3.
4.
5.
6.
X Task 1: Request a server certificate with multiple SANs on the Client Access server
1.
On VAN-EX1, run the New Exchange Certificate Wizard using the following configuration options:
Outlook Web App: Outlook Web App is on the intranet and uses a host name of
VAN-EX1.adatum.com
Outlook Web App: Outlook Web App is on the Internet and uses a host name of
mail.adatum.com
Organization: A Datum
Country/region: Canada
City/locality: Vancouver
State/province: BC
2.
3.
4.
5.
6.
In the Exchange Management Console, use the Complete Pending Request Wizard to import the
Adatum Mail certificate.
7.
In the Exchange Management Console, use the Assign Services to Certificate Wizard to assign the
Adatum Mail certificate to Internet Information Services (IIS).
2.
In the Firewall Policy node, use the New Exchange Publishing Rule Wizard to create an Exchange
Server publishing rule. Configure the rule with the following settings.
3.
4.
Server Connection Security: Use SSL to connect the published Web server or server farm
On VAN-EX1, in the Exchange Management Console, configure the owa (Default Web Site) and
ecp (Default Web Site) to use the following configuration
Basic authentication
Note During this task, click OK to dismiss any messages that indicate that VAN-EX2 is not
accessible.
2.
On the host computer, in Hyper-V Manager, modify the 10135B-VAN-CL1 settings to connect the
network adapter to Private Network 2.
2.
On VAN-CL1, log on as Adatum\Administrator and modify the network adapter settings to use an
IP address of 131.107.0.50, and a default gateway of 131.107.0.1.
3.
Open the c:\windows\system32\drivers\etc\hosts file and add the following line to the file:
131.107.1.1 mail.adatum.com
4.
5.
Log on as adatum\administrator using the password Pa$$w0rd. Verify that you access the user
mailbox.
6.
In the Outlook Web App window, click Options. Verify that you can connect to the Exchange Control
Panel.
Results: After this exercise, you should have configured a Forefront Threat Management Gateway server
to enable access to Outlook Web App on the Client Access server. You will also have verified that the
access is configured correctly.
2.
Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3.
4.
In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.
5.
To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.
6.
Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.
Module 11
Lab Instructions: Maintaining Microsoft Exchange Server
2010
Contents:
Exercise 1: Monitoring Exchange Server 2010
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1.
On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2.
Ensure that the 10135B-VAN-DC1 and the 10135B-VAN-EX1 virtual machines are running:
3.
Lab Scenario
You are the messaging administrator at A. Datum Corporation. You need to configure basic monitoring by
using the Performance and Reliability Monitor. You also must troubleshoot issues with a mailbox database
and a Client Access server.
2.
Create a new performance-counter data collector set for monitoring basic Exchange Server
performance.
3.
Create a new performance-counter data collector set for monitoring Mailbox server role performance.
4.
On VAN-EX1, open the Performance Console, and create a data collector set named Exchange
Monitoring.
Task 2: Create a new performance counter data collector set for monitoring basic
Exchange Server performance
1.
2.
Add the following performance counters to monitor basic Exchange Server performance on VAN-EX1:
Object
Counter
Processor
% Processor Time
% User Time
% Privileged Time
Memory
MSExchange ADAccss
Domain Controllers
System
Task 3: Create a new performance counter data collector set for monitoring Mailbox
server role performance
1.
2.
Add the following performance counters to monitor basic Exchange Server performance on VAN-EX1:
Object
Counter
LogicalDisk
Avg.Disk sec/Read
Avg.Disk sec/Transfer
Avg.Disk sec/Write
MSExchangeIS
MSExchangeIS Mailbox
MSExchangeIS Public
Start the Exchange Monitoring data collector set and let it run for five minutes.
2.
Stop the Exchange Monitoring data collector set, and then review the latest report.
Results: After this exercise, you should have created a data collector set for monitoring VAN-EX1 that
uses the performance counters that this module recommends.
2.
3.
4.
List the probable causes of the problem, and rank the possible solutions if multiple options exist.
5.
6.
Preparation
Before you begin this exercise, complete the following steps:
1.
2.
3.
2.
3.
On VAN-EX1, attempt to mount MailboxDB100. Review the warning message, and then click No.
2.
Open the Event Viewer. In the Application Log and System Log, review the events generated, and
make note of any errors.
On VAN-EX1, run Exchange Best Practices Analyzer. Perform a Health Check scan of just VAN-EX1.
2.
Review the ExBPA report, and note issues identified by the scan that may have an impact on the
scenario.
Task 4: List the probable causes of the problem, and rank the possible solutions if
multiple options exist
Possible solution
On VAN-EX1, open Exchange Management Console and review the database configuration.
2.
On VAN-EX1, open Exchange Management Shell and reconfigure the database using the
Move-DatabasePath cmdlet with the ConfigurationOnly parameter.
2.
Results: After this exercise, you should have used a troubleshooting technique to identify and fix a
Mailbox server problem.
2.
3.
4.
List the probable causes of the problem, and rank possible solutions if multiple options exist.
5.
6.
Preparation
Before you begin this exercise, complete the following steps:
1.
On VAN-EX1, open Exchange Management Shell. At the prompt, type d:\ Labfiles\Lab11Prep3.ps1,
and then press Enter.
2.
2.
On VAN-EX1, open Event Viewer, and then review any errors listed in the Application and
System logs.
2.
On VAN-EX1, open the Exchange Management Shell, and run the Test-ServiceHealth cmdlet.
2.
3.
Review the results of the cmdlets, and then make note of any errors.
Task 4: List the probable causes of the problem, and rank the possible solutions if
multiple options exist
Possible solution
Open Exchange Management Console, and then review the Outlook Web App configuration
on VAN-EX1.
Note During this task, click OK to dismiss any messages that indicate that VAN-EX2 is not
accessible.
2.
Take the necessary actions to fix the problem. Run IISReset after fixing the problem.
Results: After this exercise, you should have used a troubleshooting technique to identify and fix a Client
Access server problem.
2.
Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3.
4.
In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.
5.
To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it starts fully before
starting the other virtual machines.
6.
Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.
7.
Wait for VAN-EX1 to start, and then start VAN-EX2. Connect to the virtual machine.
After making the configuration change, the Exchange Management Console instructs you to restart IIS so
that the new configuration options can be applied.
Module 1
Lab Answer Key: Deploying Microsoft Exchange Server 2010
Contents:
Lab A: Installing Exchange Server 2010
Exercise 1: Evaluating Requirements for an Exchange Server Installation
2.
On the System page, in the Windows edition section, verify that the domain controller operating
system is compatible with Exchange Server 2010 requirements.
3.
4.
Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
5.
6.
In the Contoso.com Properties dialog box, verify that the domain and forest functional levels are
compatible with the Exchange Server 2010 requirements.
7.
Click OK, and then close Active Directory Users and Computers.
8.
Click Start, and in the Search box, type adsiedit.msc, and then press Enter.
9.
10. In the Connection Settings dialog box, in the Connection Point section, in the Select a well known
Naming Context list, click Configuration, and then click OK.
11. In the left pane, expand Configuration[NYC-DC1.Contoso.com], and then click
CN=Configuration,DC=Contoso,DC=com.
12. Expand CN=Services, and verify that the CN=Microsoft Exchange has not been created.
13. Close ADSI Edit.
On NYC-SVR1, click Start, and, in the Search box, type cmd, and then press Enter.
2.
At the command prompt, type IPConfig /all, and then press Enter. Verify that the Domain Name
System (DNS) server IP address for the Local Area Connection is 10.10.10.10.
3.
At the command prompt, type Ping NYC-DC1.contoso.com. Verify that you have network
connectivity with the domain controller.
4.
5.
At the command prompt, type set type=all, and then press Enter.
6.
At the command prompt, type _ldap._tcp.dc._msdcs.Contoso.com, and then press Enter. Verify that
a service (SRV) record is returned.
7.
On NYC-SVR1, click Start, point to Administrative Tools, and then click Server Manager.
2.
In the left pane, click Features. Verify that no Windows Server 2008 features are installed, including
the Active Directory Domain Services (AD DS) management tools.
3.
In the left pane, click Roles. Verify that no Windows Server 2008 roles are installed.
4.
5.
6.
Click Start, click All Programs, click Accessories, click Windows PowerShell, and then click
Windows PowerShell.
7.
At the PS prompt, type help about_windows_powershell, and then press Enter. Verify that
about_Windows_PowerShell_2.0 is listed. It is installed with Windows PowerShell v2.
8.
9.
On NYC-SVR1, in Server Manager, click Features, and then click Add Features.
2.
In the Select Features page, expand Remote Server Administration Tools, expand Role
Administration Tools, expand AD DS and AD LDS Tools, expand AD DS Tools, and then select the
AD DS Snap-Ins and Command-Line Tools check box.
3.
Select the .NET Framework 3.5.1 check box, and then click Add Required Role Services.
4.
Select the RPC over HTTP Proxy check box, and then click Add Required Role Services.
5.
Click Next.
6.
7.
On the Select Role Services page, under Security, select the Digest Authentication check box.
8.
9.
Under IIS 6 Management Compatibility, select the IIS 6 Management Console check box.
14. In the Net.TCP Port Sharing Service Properties dialog box, in the Startup type drop-down list,
click Automatic, and then click Apply.
15. Click Start, wait for the service to start, click OK, and then close the Services console.
In the 10135B-NYC-SVR1 on localhost Virtual Machine Connection window, in the File menu, click
Settings.
2.
3.
4.
5.
6.
Type D:\setup.com /PrepareAD /OrganizationName:Contoso, and then press Enter. These tasks
will take about 10 minutes to complete. Make sure that no errors appear.
7.
Close the command prompt window when the tasks are complete.
Results: After this exercise, you should have installed the Windows Server 2008 server roles and features,
and prepared AD DS for an Exchange Server 2010 installation.
Click Start, click Run, type D:\setup.exe, and then click OK.
2.
Steps 1, 2, and 3 are unavailable because they are complete. If the components were not installed,
Exchange Server provides links to download the necessary software.
3.
Click Step 4: Install Microsoft Exchange. The installation begins copying files.
4.
On the Introduction page, click Next to begin Exchange Server 2010 Setup.
5.
On the License Agreement page, click I accept the terms in the license agreement, and then
click Next.
6.
On the Error Reporting page, click No to disable error reporting, and then click Next. You are
disabling error reporting because your virtual machine does not have access to the Internet.
7.
On the Installation Type page, click Typical Exchange Server Installation, select Automatically
install Windows Server roles and features required for Exchange, and then click Next. Note that
this is specific to Exchange Server 2010 SP2.
8.
On the Client Settings page, click Yes to configure Exchange Server for Microsoft Outlook 2003 or
Entourage clients, and then click Next.
9.
On the Configure Client Access server external domain page, click Next.
10. On the Customer Experience Improvement Program page, click I dont wish to join the program
at this time, and then click Next.
11. Click Install. A readiness check takes place to ensure that Exchange is ready to install on the server.
This check takes several minutes to complete.
12. Click Install again. The installation begins, and takes approximately 15 to 20 minutes to complete.
13. Clear the option Finalize this installation using the Exchange Management Console, and then
click Finish.
14. If prompted to reboot server, click OK.
15. Click Close and Yes to exit Exchange Server 2010 Setup. You are not obtaining the critical updates for
Exchange Server 2010 because the virtual machine does not have Internet connectivity.
16. Restart NYC-SVR1 server. After it restarts, log on as Contoso\Administrator with the password
Pa$$w0rd.
Results: After this exercise, you should have installed Exchange Server 2010.
On NYC-SVR1, click Start, point to Administrative Tools, and then click Services.
2.
Scroll down the list of services, and click the Microsoft Exchange Active Directory Topology
service. Review the service description.
3.
Review the status of the remaining Exchange Server services. Ensure that all services that are set for
automatic startup are running.
4.
Close Services.
2.
3.
Open TransportRoles. The Hub Transport server role uses these folders.
4.
If necessary, click Start, point to All Programs, click Microsoft Exchange Server 2010, and then
click Exchange Management Console.
2.
In the left pane, click Microsoft Exchange On-Premises(nyc-svr1.contoso.com). Wait for the
initialization to finish, and then click OK to acknowledge that the server is unlicensed.
3.
Expand Microsoft Exchange On-Premises and click Recipient Configuration. Notice that a
mailbox for the Administrator and a Discovery Search Mailbox are the only mailboxes created by
default.
4.
Right-click Recipient Configuration, and then click New Mailbox. Wait for the New Mailbox Wizard
to start.
5.
6.
7.
8.
9.
2.
3.
Click Do not check for updates on startup. You do this because your virtual machine does not have
Internet access.
4.
5.
6.
7.
8.
In the Enter an identifying label from this scan box, type Post-Installation Test.
9.
10. When the scan is complete, click the View a report of this Best Practices scan link.
11. On the Critical Issues tab, click Offline address book replica not found. This gives you the option
to get information about how to fix the problem or hide the message.
12. Click Tell me more about this issue and how to resolve it. This opens the Microsoft Exchange
Server Best Practices Analyzer Help, and provides specific information about the warning and
troubleshooting it.
13. Close Exchange Server Best Practices Analyzer Help.
14. Close the Exchange Server Best Practices Analyzer Tool.
Results: After this exercise, you should have verified the successful installation of Exchange Server 2010 by
viewing the Exchange Server services and folders. You should also have created a new user and sent a test
message to that user. Finally, you should have used the Exchange Server Best Practices Analyzer tool to
view information about any installation issues.
2.
Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3.
4.
In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.
5.
To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.
6.
Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.
7.
Wait for VAN-EX1 to start, and then start VAN-EX3. Connect to the virtual machine.
Module 2
Lab Answer Key: Configuring Mailbox Servers
Contents:
Exercise 1: Configuring Mailbox Databases
On VAN-EX1, click Start, click All Programs, click Microsoft Exchange Server 2010, and then click
Exchange Management Console.
2.
In the Console Tree, expand Microsoft Exchange, expand Microsoft Exchange On-Premises,
expand Organization Configuration, and then click Mailbox.
3.
4.
5.
In the New Mailbox Database Wizard, type Executive in the Mailbox database name field, and then
click Browse.
6.
In the Select Mailbox Server dialog box, select VAN-EX1, and then click OK.
7.
Click Next.
8.
9.
In the Content pane, select the Database Management tab, right-click on the Executive database,
and then click Properties.
2.
3.
4.
5.
6.
Click OK.
In the Content pane, select the Database Management tab, and then select the Accounting
database.
2.
3.
In the Move Database Path Wizard, in the Database file path field, type
C:\Mailbox\Accounting\Accounting.edb.
4.
5.
Click Move.
6.
Click Yes.
7.
Click Finish.
8.
Results: After this exercise, you should have created a new database, set the specified limits, and moved
the existing Accounting database to a new folder.
On VAN-EX3, click Start, click All Programs, click Microsoft Exchange Server 2010, and then click
Exchange Management Console.
2.
In the Console Tree, expand Microsoft Exchange, expand Microsoft Exchange On-Premises, and
then click Toolbox.
3.
4.
If you are not connected, then in the Actions pane, click Connect to a Server, and then in the
Connect to Server dialog box, click Browse.
5.
In the Select Public Folder dialog box, select VAN-EX1, click OK, and then click Connect.
6.
In the Console Tree, expand Public Folders, and then select Default Public Folders.
7.
8.
On the General tab, note the Total Items and Size of the items in the public folder.
9.
Click OK.
On VAN-EX3, in the Exchange Management Console, expand Organization Configuration, and then
click Mailbox.
2.
3.
4.
On the New Public Folder Database page, type PF-VAN-EX3 in the Public Folder database name
field, and then click Browse.
5.
In the Select Mailbox Server dialog box, select VAN-EX3, and then click OK.
6.
Click Next.
7.
8.
9.
Click Next.
In the Console Tree for the Public Folder Management Console, expand Public Folders, and then
select Default Public Folders.
2.
3.
4.
5.
6.
Click OK to close the Executives Properties dialog box. If an error occurs, wait 5 minutes and try
again.
Note
Click Public Folders, in the Actions pane, click Connect to a Server, and then in the Connect to
Server dialog box, click Browse.
2.
In the Select Public Folder Servers dialog box, select VAN-EX3, click OK, and then click Connect.
3.
In the Console Tree, expand Public Folders, and then select Default Public Folders.
4.
5.
On the General tab, note the Total Items and Size of the items in the public folder.
6.
Click OK.
7.
8.
Results: After this exercise, you should have created a new public folder database on VAN-EX3 and added
replicas for each public folder.
2.
Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3.
4.
In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.
5.
To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.
6.
Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.
7.
Wait for VAN-EX1 to start, and then start VAN-CL1. Connect to the virtual machine.
Module 3
Lab Answer Key: Managing Recipient Objects
Contents:
Exercise 1: Managing Recipients
10
On VAN-EX1, click Start, click All Programs, click Microsoft Exchange Server 2010, and then click
Exchange Management Console.
2.
In the Console Tree, expand Microsoft Exchange On-Premises, expand Recipient Configuration,
and then click Mailbox.
3.
4.
5.
6.
Password: Pa$$w0rd
7.
Click Next.
8.
Type AdventureWksQ as the Alias. Select the Specify the mailbox database rather than using a
database automatically selected check box, and click Browse.
9.
Task 2: Create a resource mailbox, and configure auto-accept settings for the
ProjectRoom
1.
2.
3.
In the New Mailbox Wizard, select Room Mailbox, and then click Next.
4.
5.
Name: ProjectRoom
6.
Click Next.
7.
Type ProjectRoom as the Alias. Select the Specify the mailbox database rather than using a
database automatically selected check box, and then click Browse.
8.
9.
10. In the Results pane, click ProjectRoom, and in the Actions pane, click Properties.
11. Click the Resource General tab.
12. Select the Enable the Resource Booking Attendant check box. If you do not enable this option, the
resource will not process meeting requests, even if you configure other settings.
13. On the Organization tab, configure the Company name as Adventure Works.
14. Click OK.
2.
Click the George Schaller mailbox, and then in the Actions pane, click New Local Move Request.
3.
4.
5.
Click Next.
6.
Verify that Skip the mailbox is selected, and then click Next.
7.
Click New.
8.
Click Finish.
9.
In the console tree, click Move Request to verify the move request is complete.
Note If the mailbox move fails, and the error indicates that no Mailbox Replication Service
is available, start the Microsoft Exchange Mailbox Replication service, and try the mailbox
move again.
2.
3.
4.
Click Next.
5.
Alias: IanPalangioWB
6.
7.
In the E-mail address box, type ian.palangio@woodgrovebank.com, and then click OK.
8.
Click Next.
9.
Click New.
Task 5: Create a moderated distribution list for the Adventure Works Project, and
delegate an administrator
1.
2.
3.
4.
Click Next.
5.
6.
Alias: AdventureWorksProject
7.
Click Next.
8.
Click New.
9.
Click Finish.
10. In the Work pane, select the Adventure Works Project group.
11. In the Actions pane, click Properties.
12. Click the Members tab.
13. Click Add, and then select the following users by holding down CTRL:
George Schaller
Ian Palangio
Wei Yu
Paul West
Task 6: Create a room list distribution group for the Adventure Works
meeting rooms
1.
2.
3.
2.
3.
In the toolbar, click the down arrow next to New Items, and then click Meeting.
4.
5.
6.
Select the Adventure Works Project group, and then click Required. Click OK.
7.
In the Room Finder pane, under Show a room list, click Adventure Works Conference Rooms.
Note If the room list is not available, close the meeting request, and close Outlook. Wait a
few minutes, and then try this task again.
8.
9.
On VAN-EX1, in the Exchange Management Console, expand Organization Configuration, and then
select Hub Transport.
2.
3.
In the New E-Mail Address Policy Wizard, type Adventure Works as the policy name.
4.
Click Browse.
5.
Click Adatum.com in the Select Organizational Unit dialog box, and then click OK.
6.
Verify that All recipient types is selected, and then click Next.
7.
8.
9.
In the Specify Company dialog box, type Adventure Works, and then click Add.
2.
3.
In the Properties dialog box for George Schaller, click the E-Mail Addresses tab, and view the
current email addresses that are assigned.
4.
5.
Type Adventure Works for the Company, and then click Apply.
6.
Click the E-Mail Addresses tab, and view the current email addresses that are assigned. Microsoft
Exchange should have assigned the new adventure-works.com email address when the company
change was made.
7.
Click OK.
Results: At the end of this exercise, you should have created an email address policy for Adventure Works
users.
2.
3.
4.
5.
Click Next.
6.
7.
Click Next.
8.
Click New.
9.
Click Finish.
2.
3.
4.
5.
Click Browse.
6.
In the Select Address List dialog box, select Companies, and then click OK.
7.
Click Next.
8.
Verify that All recipient types is selected, and then click Next.
9.
2.
3.
4.
5.
6.
Click Browse.
7.
In the Select Address dialog box, click Companies, and then click OK.
8.
Click Next.
9.
Verify that All recipient types is selected, and then click Next.
Task 4: Verify the new address list is available in Microsoft Office Outlook
1.
2.
3.
4.
Under Address Book, click the down arrow to display the options. You can see that under All
Address Lists, the Companies container is listed and includes the address lists Adventure Works and
A. Datum.
5.
Task 5: Create a new offline address book for the Adventure Works address list
1.
2.
3.
4.
5.
Clear the Include the default Global Address List check box.
6.
7.
Click Add, expand Companies, click Adventure Works, and then click OK.
8.
Click Next.
9.
10. Click Add, and in the Microsoft Exchange dialog box, click OK.
11. Click OAB (Default Web Site), click OK, and then click Next.
12. Click New, and then click Finish.
2.
Task 7: Create the address book policy for the Adventure Works users
1.
In the Actions pane of the Exchange Management Console, click New Address Book Policy.
2.
3.
Beside Global address list, click Browse, click Adventure Works GAL and click OK.
4.
Beside Offline address book, click Browse, click Adventure Works and click OK.
5.
Beside Room list, click Browse, click Adventure Works and click OK.
6.
7.
8.
Results: At the end of this exercise, you should have created an address list for the A. Datum and
Adventure Works users, and an offline address book for each organization.
10
On VAN-EX1, click Start, point to All Programs, click Accessories, and then click Notepad.
2.
3.
4.
5.
At the top of the file, replace Add Header Here with FirstName,LastName,Password. The
Import-CSV cmdlet uses this header to name each column of imported information. You then can
reference these names to view and manipulate information.
Note Ensure that you replace the entire top line in the file, including the commas. After
your edits, the first line should be FirstName,LastName,Password.
6.
7.
Close Notepad.
Task 2: Modify the CreateUsersLab.ps1 script to import Adventure Works users from
a .csv file
1.
Click Start, point to All Programs, click Accessories, and then click Notepad.
2.
3.
4.
5.
6.
7.
8.
9.
On VAN-EX1, click Start, click All Programs, click Administrative Tools, and then click Active
Directory Users and Computers.
2.
In the Console Tree right-click Adatum.com, expand New and click Organizational Unit.
3.
In the New Object Organizational Unit dialog in the Name box type AdventureWorks.
4.
Click OK.
11
2.
2.
3.
4.
Results: After this exercise, you should have created all of the additional Adventure Works users with an
Exchange Management Shell script and configure the mailbox properties.
2.
Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3.
4.
In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.
5.
To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.
6.
Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.
7.
Wait for VAN-EX1 to start, and then start VAN-EX2. Connect to the virtual machine.
8.
Wait for VAN-EX2 to start, and then start VAN-CL1. Connect to the virtual machine.
Module 4
Lab Answer Key: Managing Client Access
Contents:
Lab A: Configuring Client Access Servers for Outlook Anywhere Access
Exercise 1: Configuring Client Access Servers
2.
Expand Microsoft Exchange On-Premises. In the left pane, expand Server Configuration, and
then click Client Access.
3.
4.
On the Configure External Client Access Domain page, type mail.Adatum.com as the domain
name, and then click Add.
5.
In the Select Client Access Server dialog box, click VAN-EX2, and then click OK.
6.
Click Configure. In the Microsoft Exchange dialog box, click Yes, and then click Finish.
7.
In the results pane, click VAN-EX2, and then in the work pane, double-click owa (Default Web Site).
8.
On the General tab, verify that the External URL field has been changed to
https://mail.adatum.com/owa, and then click OK.
In the left pane, click Server Configuration. In the results pane, click VAN-EX2.
2.
In the Actions pane, click New Exchange Certificate to open the New Exchange Certificate Wizard.
3.
On the Introduction page, type Adatum Mail Certificate as the friendly name for the certificate,
and then click Next.
4.
5.
On the Exchange Configuration page, expand Client Access server (Outlook Web App), and then
select both the Outlook Web App is on the Intranet and Outlook Web App is on the Internet
check boxes. Verify that Mail.adatum.com is displayed in the second text box.
6.
Expand Client Access server (Exchange ActiveSync), and then verify that Exchange Active Sync is
enabled check box is selected.
7.
Expand Client Access server (Web Services, Outlook Anywhere, and Autodiscover). Enter
mail.adatum.com as the external host name.
8.
Ensure that both the Autodiscover used on the Internet check box and the Long URL option are
selected. In the Autodiscover URL to use field, delete all entries except for autodiscover.adatum.com,
and then click Next.
9.
10. On the Organization and Location page, enter the following information:
Organization: A Datum
Country/region: Canada
City/locality: Vancouver
State/province: BC
11. Click Browse, type CertRequest as the File name, and then click Save.
12. Click Next, click New, and then click Finish.
Click the Folder icon in the task bar, and click Documents.
2.
3.
In the Windows dialog box, click Select a program from a list of installed programs, and then
click OK.
4.
In the Open with dialog box, click Notepad, and then click OK.
5.
In the CertRequest.req Notepad window, click Ctrl+A to select all the text, and then click Ctrl+C to
copy and save the text to the clipboard. Close Notepad.
6.
Click Start, click All Programs, and then click Internet Explorer.
7.
Connect to https://van-dc1.adatum.com/certsrv.
8.
9.
Task 4: Import and assign the Internet Information Services (IIS) Exchange Service to
the New Certificate
1.
2.
Click ADatum Mail Certificate, and in the Actions pane, click Complete Pending Request.
3.
4.
5.
6.
7.
8.
In the results pane, click VAN-EX2. In the bottom pane, click Adatum Mail Certificate.
9.
10. On the Select Servers page, verify that VAN-EX2 is listed, and then click Next.
11. On the Select Services page, select the Internet Information Services check box, click Next, click
Assign, and then click Finish.
2.
Click Start, click All Programs, click Microsoft Office, and then click Microsoft Outlook 2010.
3.
4.
5.
6.
7.
8.
On the Help Protect and Improve Microsoft Office page, click Dont make changes, and then
click OK.
9.
On VAN-DC1, click Start, point to Administrative Tools, and then click DNS.
2.
In DNS Manager, in the left pane, expand Forward Lookup Zones, and then expand Adatum.com.
3.
4.
In the New Host dialog box, in the Name box, type mail. In the IP Address box, type 10.10.0.21,
and then click Add Host.
5.
Click OK to close the prompt, and then click Done. Close DNS Manager.
On VAN-EX2, click Start, point to Administrative Tools, and then click Server Manager.
2.
Click Features. In the Features list, verify that the RPC over HTTP Proxy feature is listed.
3.
4.
In the Exchange Management Console, expand Server Configuration, and then click Client Access.
5.
Click VAN-EX2, and in the Actions pane, click Enable Outlook Anywhere.
6.
On the Enable Outlook Anywhere page, in the External host name field, type Mail.adatum.com.
Under Client authentication method, click NTLM authentication, and then click Enable.
7.
8.
2.
Click Start, and then click Control Panel. In the Search field, type Mail. Right-click Mail, and then
click Open.
3.
4.
In the E-mail Accounts dialog box, click Molly@adatum.com, and then click Change.
5.
6.
In the Microsoft Exchange dialog box, on the Connection tab, select Connect to Microsoft
Exchange using HTTP, and then click Exchange Proxy Settings.
7.
In the Microsoft Exchange Proxy Settings dialog box, complete the following information:
8.
On fast networks, connect using HTTP first, then connect using TCP/IP: enable
On slow networks, connect using HTTP first, then connect using TCP/IP: enable (default)
Click OK, and then click OK again to close the Microsoft Exchange dialog box.
9.
Wait until VAN-EX2 finishes restarting, and then log on as Administrator using the password
Pa$$w0rd.
2.
3.
Verify that the Outlook connection indicator states Connected to Microsoft Exchange.
Note If Outlook cannot connect to the server, and you get an error message, first ensure
that all of the Exchange Server services on VAN-EX2 that are set to Automatic start are
started. Start all services that have not started, and then click Retry in Outlook window.
4.
Press and hold Ctrl, and then right-click the Office Outlook icon in the Windows 7 operating
system notification area. You may need to click the up arrow in the Windows 7 notification area to
view the Office Outlook icon.
5.
Click Connection Status. Confirm that the Conn column lists HTTPS as the connection method.
6.
Click Close.
7.
Press and hold Ctrl, and then click the Outlook icon in the Windows task bar notification area. Click
Test E-mail AutoConfiguration.
8.
9.
Clear the Use Guessmart and Secure Guessmart Authentication check boxes.
10. Click Test. View the information displayed on the Results tab.
11. Click the Log tab to view how the client completed Autodiscover.
12. Close the Test E-mail AutoConfiguration dialog box.
13. Close Microsoft Outlook, and then log off VAN-CL1.
Do not shut down the virtual machines or revert them to their initial state when you finish this lab.
The virtual machines are required to complete the last lab in this module.
On VAN-EX2, click Start, point to Administrative Tools, and then click Internet Information
Services (IIS) Manager.
2.
Expand VAN-EX2 (ADATUM\Administrator), expand Sites, expand Default Web Site, and then
click owa.
3.
In the center pane, and under IIS, double-click SSL Settings. Notice that secure sockets layer (SSL) is
required by default.
4.
Under Sites, click Default Web Site, and in the Actions pane, click Bindings.
5.
In the Site Bindings dialog box, click https, and then click Edit.
Note In Site Bindings dialog box you will see two instances of https. You should click on
instance that has asterisk (*) in the IP Address field.
6.
In the SSL Certificate drop-down list, verify that Adatum Mail Certificate is selected
7.
Click OK, click Close, and then close the IIS Manager.
Click Start, point to All Programs, click Microsoft Exchange Server 2010, and then click Exchange
Management Console.
2.
In the console tree, expand Microsoft Exchange On-Premises, expand Server Configuration, and
then click Client Access.
3.
In the work pane, select VAN-EX2, and in the result pane, right-click owa (Default Web Site), and
then click Properties.
4.
Click the Authentication tab, and verify that Use forms-based authentication is selected.
5.
Under Logon Format, click User name only, and then click Browse.
6.
7.
Click the Segmentation tab, click Tasks, and then click Disable. Click Rules, and then click Disable.
Click OK twice.
8.
Open the Exchange Management Shell. At the PS prompt, type set-owavirtualdirectory owa
(Default Web Site) ForceSaveFileTypes .doc, and then press Enter.
9.
Type set-owavirtualdirectory owa (Default Web Site) GzipLevel Off, and then press Enter.
10. Type Set-OwaVirtualDirectory -identity Owa (Default Web Site) FilterWebBeaconsAndHtmlForms ForceFilter, and then press Enter.
11. Type IISReset /noforce, and then press Enter. If you get a message that the service did not start,
open the Services Microsoft Management Console (MMC), and start the World Wide Web Publishing
Service.
12. Close the Exchange Management Shell.
Task 3: Configure an Outlook Web App Mailbox Policy for the Branch Managers
1.
2.
In the Actions pane, click New Outlook Web App Mailbox Policy.
3.
In the New Outlook Web App Mailbox Policy page, type Branch Managers Policy as the policy
name.
4.
In the list of features, click Change Password, and then click Disable.
5.
6.
7.
On the Public Computer File Access tab, clear all check boxes.
8.
On the Private Computer File Access tab, clear all check boxes, and then click OK.
9.
10. Click the Organization Unit column heading to sort the view by organization units (OU).
11. Select all the users in the Branch Managers OU, right-click, and then click Properties.
12. On the Mailbox Features tab, click Outlook Web App, and then click Properties.
13. Select the Outlook Web App mailbox policy check box, and then click Browse.
14. Click Branch Managers Policy, and then click OK four times.
2.
3.
Log on to Outlook Web App as Adatum\Sharon using the password Pa$$w0rd. Sharon is not in the
Branch Managers OU. Click OK.
4.
Verify that the Tasks folder is not displayed in the user mailbox.
5.
On the Outlook Web App page, click Options. Click the See All Options link.
6.
On the Organize E-Mail tab, verify that you cannot create a new Inbox rule. Close Internet Explorer.
7.
8.
9.
Log on to Outlook Web App as Adatum\Johnson using the password Pa$$w0rd. Johnson is in the
Branch Managers OU. Click OK.
10. Verify that the Tasks folder is listed in the user mailbox.
11. On the Outlook Web App page, click Options. Click the See All Options link.
12. In the left pane, click Settings. Notice that you do not have an option to change passwords. Close
Internet Explorer.
On VAN-EX2, in the Exchange Management Console, expand Server Configuration, and then click
Client Access.
2.
In the result pane, click VAN-EX2, and in the work pane, click the Exchange ActiveSync tab.
3.
4.
5.
Click the Authentication tab. Notice that Basic authentication is enabled. This is acceptable, because
you typically would use SSL to secure the credentials in transit.
6.
Click OK.
2.
In the console tree, expand Organization Configuration, and then click Client Access.
3.
4.
5.
Select the Allow non-provisionable devices check box. Confirm that the Allow attachments to be
downloaded to device option is selected.
6.
7.
Select the Enable password recovery check box. This will enable users to recover their Windows
Mobile password through the Exchange Control Panel (ECP).
8.
9.
Read the completion summary, and then click Finish. Notice the Exchange Management Shell
command that was used to create the new mobile mailbox policy.
10. Right-click EAS Policy 1, and then click Properties. Notice that the General tab has additional
options.
11. Click the Password tab. Notice the additional password-option list that was not available when
creating the mobile mailbox policy.
12. On the Sync Settings tab, review the configuration options.
13. On the Device tab, review the configuration options.
14. On the Device Applications tab, review the configuration options. To implement these settings, you
must have an Enterprise Client Access License for each mailbox.
15. On the Other tab, review the options for allowing or blocking specific applications, and then click OK.
10
16. In the console tree, expand Recipient Configuration, and then click Mailbox.
17. In the result pane, right-click Scott MacDonald, and then click Properties.
18. Click the Mailbox Features tab, click Exchange ActiveSync, and then click Properties.
19. In the Exchange ActiveSync Properties dialog box, click Browse.
20. Select EAS Policy 1, and then click OK.
21. Click OK twice to save and apply the changes.
2.
Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3.
4.
In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.
5.
To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important: Start the VAN-DC1 virtual machine first, and ensure that it is fully started before
starting the other virtual machines.
6.
Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.
7.
Wait for VAN-EX1 to start, and then start VAN-EX2. Connect to the virtual machine.
Module 5
Lab Answer Key: Managing Message Transport
Contents:
Exercise 1: Configuring Internet Message Transport
2.
3.
4.
5.
Change the IP address to 10.10.11.21, and then click OK. Click Close.
6.
Click the Start button, and then click Restart. In the Comment field, type Lab restart, and then click
OK.
7.
After the system is restarted, log on to VAN-EX2 as Adatum\Administrator, using the password
Pa$$w0rd.
Note These preparation steps move VAN-EX2 to a second site defined in Active
Directory Domain Services (AD DS).
On VAN-EX1, click Start, point to All Programs, point to Microsoft Exchange Server 2010, and
then click Exchange Management Console.
2.
3.
4.
5.
In the New Send Connector window, in the Name box, type Internet Send Connector.
6.
In the Select the intended use for this Send connector list, click Internet, and then click Next.
7.
8.
In the Address space(for example,contoso.com) field, type *, click OK, and then click Next.
9.
On the Network settings page, click Route mail through the following smart hosts, click Add,
and then click Fully qualified domain name (FQDN).
10. In the Fully qualified domain name (FQDN) box, type van-dc1.adatum.com, click OK, and then
click Next.
11. On the Configure smart host authentication settings page, click Next.
12. On the Source Server page, ensure that VAN-EX1 is listed, and then click Next.
13. On the New Connector page, click New, and then click Finish.
In the Microsoft Exchange Server Exchange Management Console, expand Server Configuration,
click Hub Transport, and then in the Hub Transport pane, click VAN-EX1.
2.
3.
In the New Receive Connector window, in the Name box, type Internet Receive Connector.
4.
In the Select the intended use for this Receive connector list, click Custom, and then click Next.
5.
6.
On the Remote Network settings page, click the red X to delete the entry, and then click Add.
7.
In the Address or address range box, type 10.10.0.10, click OK, and then click Next.
8.
On the New Connector page, click New, and then click Finish.
9.
10. In the Internet Receive Connector window, on the General tab, in the Protocol logging level list,
click Verbose.
11. On the Permission Groups tab, select the Anonymous users check box, and then click OK.
In Exchange Management Console, expand Server Configuration, click Hub Transport, and then
click VAN-EX1 in the Hub Transport pane.
2.
In the VAN-EX1 pane, verify that only the Receive Connectors tab is available.
3.
Click Start, point to All Programs, point to Microsoft Exchange Server 2010, and then click
Exchange Management Shell.
4.
5.
6.
Type Restart-Service MSExchangeTransport, and then press Enter. Wait for the Transport Service to
finish restarting.
7.
In Exchange Management Console, expand Server Configuration, click Hub Transport, click
Refresh in Hub Transport Actions pane, and then click VAN-EX1 in the Hub Transport pane.
8.
9.
Expand Organization Configuration, click Hub Transport, and then click the Anti-spam tab.
2.
3.
4.
Create and send a new email to Info@Internet.com with the subject Test Mail to Internet. Close
Internet Explorer.
5.
6.
On the left pane, expand Microsoft Exchange On-Premises, and then click Toolbox.
7.
8.
On the Queues tab, verify that the VAN-DC1.adatum.com queue has a Message Count of 0.
Note If the VAN-DC1.adatum.com message queue is not empty, verify that the Simple
Mail Transfer Protocol (SMTP) service is running on VAN-DC1.
9.
On VAN-DC1, click Start, point to All Programs, point to Accessories, and then click Command
Prompt.
10. At the command prompt, type telnet van-ex1 smtp, and then press Enter.
11. Type helo, and then press Enter.
12. Type mail from: info@internet.com, and then press Enter.
Response: 250 2.1.0 Sender OK
13. Type rcpt to:Wei@adatum.com, and then press Enter.
Response: 250 2.1.5 Recipient OK
14. Type data, and then press Enter.
Response: 354 Start mail input; end with <CRLF>.<CRLF>
15. Type Subject: Test from Internet, and then press Enter.
16. Press the PERIOD key, and then press Enter.
17. Type Quit, and then press Enter.
18. On VAN-EX1, start Internet Explorer, and connect to https://VAN-EX1.adatum.com/OWA.
19. Log on as Adatum\Wei with the password Pa$$w0rd.
20. Verify that the mail with the subject Test from Internet mail has arrived in the Junk Email folder.
Close Internet Explorer.
Results: After this exercise, you should have configured Internet message transport by configuring Send
and Receive connectors, enabling anti-spam functionality, and verifying Internet message delivery.
2.
In the Toolbox pane, under Mail flow tools, double-click Routing Log Viewer.
3.
In the Routing Log Viewer window, select the File menu, and then click Open log file.
4.
In the Open Routing Table Log File dialog box, click Browse server files.
5.
In the Open dialog box, select the latest RoutingConfig#... file, and then click Open.
6.
On the Active Directory Sites & Routing Groups tab, expand the Active Directory sites until you see
the Exchange Servers in their respective sites.
7.
8.
9.
Create and send a new email to Anna, with the subject Test Mail to VAN-EX2.
2.
On VAN-EX1, in Internet Explorer, create and send a new email to Anna with the subject Another
Test Mail to VAN-EX2. Close Internet Explorer.
3.
Switch to VAN-EX2, and in Outlook Web App, check the Inbox to see if the mail has arrived.
4.
5.
In the Toolbox pane, under Mail flow tools, double-click Queue Viewer.
6.
7.
Verify that the message that Wei sent to Anna is listed in the queue. Then click the Queues tab.
8.
On the Queues tab, click Site2, and scroll to the right to view the Last Error column.
9.
10. Click Start, point to All Programs, point to Accessories, and then click Command Prompt.
11. At the command prompt, type telnet van-ex2 smtp, and then press Enter. Verify that you receive a
Connect failed error.
12. On VAN-EX2, open the Exchange Management Console. Expand Microsoft Exchange On-Premises,
expand Server Configuration, click Hub Transport, and then click VAN-EX2 in the Hub Transport
pane.
13. On the Receive Connectors tab, notice that only the Client VAN-EX2 connector exists. This is the
reason the server does not accept a port 25 connection.
14. In the Actions pane, click New Receive Connector.
15. In the New Receive Connector window, in the Name box, type Internal VAN-EX2.
16. In the Select the intended use for this Receive connector list, click Internal, and then click Next.
17. On the Remote Network settings page, click Next.
18. On the New Connector page, click New, and then click Finish.
19. Switch to VAN-EX1, and in Exchange Management Console, click Toolbox.
20. In the Toolbox pane, under Mail flow tools, double-click Queue Viewer.
21. Right-click site2, and then click Retry to force an immediate retry of the message delivery. Verify that
the queue now has a message count of 0.
22. Switch to VAN-EX2, and check Annas Inbox in Outlook Web App to see that the message is now
delivered.
Results: After this exercise, you should have verified routing logs, and used the other troubleshooting
tools in Exchange Server to troubleshoot message transport.
On VAN-EX2, open Outlook Web App, and from Annas mailbox, create and send a new email to
Info@Internet.com with the subject Test Mail to Internet from VAN-EX2.
On VAN-EX2, in Outlook Web App, click Options, then click See All Options to open the Exchange
Control Panel.
2.
On the left pane, click Organize E-Mail, and then click the Delivery Reports tab.
3.
Click Search.
4.
In the Search Results pane, select the message you sent to Info@Internet.com, and then click Details.
5.
Verify that is the message was sent to a server outside the organization. Close Internet Explorer.
2.
3.
4.
Create and send a new email to Info@Internet.com with the subject Another Mail to Internet
from VAN-EX2.
5.
6.
In the Toolbox pane, under Mail flow tools, double-click Message Tracking. An Internet Explorer
window opens with Outlook Web App running.
7.
Log on as adatum\administrator with the password Pa$$w0rd. If the Choose the language you
want to use page appears, click OK.
8.
In the Select what to manage drop down list, click My Organization. Click Reporting.
9.
On the Delivery Reports tab, in the Mailbox to search field, click Browse, select Anna Lidman in
the Select Mailboxes to Search window, and then click OK.
21. On the Basic Server Information page, review the information, and then click Next.
22. On the Initial Queue Analysis Results page, click the displayed item, review the information, and
then click Next.
23. On the Remote Delivery Queue(s) Initial Analysis Results page, review the information, scroll
down, and then click Next.
24. On the DNS Availability Check Results, review the information, and then click Next.
25. On the DNS Record Analysis Results, review the information, and then click Next.
26. On the Remote Delivery Queue(s) DNS Records Analysis Results, notice that the wizard has
identified a possible root cause, and then click Next.
27. On the Remote Delivery Queue(s) Connectivity Test Results page, review the information, and
then click Next.
28. On the Remote Delivery SMTP Instance Configuration Analysis Results page, click Next.
29. On the Remote SMTP Service Diagnosis Results page, click Next.
30. On the Remote Delivery Queue(s) Message Tracking Log Analysis Results page, click Next.
31. On the Remote Delivery Queue(s) SMTP Commands Analysis Results page, click Next.
32. On the Third-Party Application Analysis Results, click Next.
33. On the View results page, click the Root Causes tab, review the displayed information, and then
close the Troubleshooting Assistant.
34. Switch to VAN-DC1, click Start, point to All Programs, point to Accessories, and then click
Command Prompt.
35. At the command prompt, type nslookup, and then press Enter.
36. Type set querytype=MX, and then press Enter.
37. Type internet.com, and then press Enter. The query will timeout, which indicates that the domain
name cannot be resolved. This means that the host cannot directly resolve a Domain Name System
(DNS) domain and has to use a smart host to send a message to the internet.
38. On VAN-EX1, in Exchange Management Console, expand Organization Configuration, and then
click Hub Transport.
39. On the Send Connectors tab, double-click Internet Send Connector.
40. Click the Network tab, select Route mail through the following smart hosts, and then click Add.
41. In the Add smart host dialog box, in the Fully qualified domain name (FQDN) box, type
van-dc1.adatum.com, click OK, and then click OK again.
42. In Exchange Management Console, click Toolbox.
43. In the Toolbox pane, under Mail flow tools, double-click Queue Viewer.
44. Right-click internet.com, and then click Retry to force message delivery retry. Make sure that
message is not in queue anymore.
Results: After this exercise, you should have identified and resolved issues in Internet message delivery by
using the Exchange Server troubleshooting tools such as Message Tracking and Mail Flow Troubleshooter.
2.
Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3.
4.
In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.
5.
To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.
6.
Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.
7.
Wait for VAN-EX1 to start, and then start VAN-SVR1. Connect to the virtual machine.
Module 6
Lab Answer Key: Implementing Messaging Security
Contents:
Lab A: Configuring Edge Transport Servers and
Forefront Protection 2010 for Exchange Server
Exercise 1: Configuring Edge Transport Servers
On VAN-SVR1, click Start, point to All Programs, point to Accessories, and then click Command
Prompt.
2.
At the command prompt, type d:\Setup /mode:install /role:EdgeTransport, and then press Enter.
Wait for the installation to finish. The installation will take approximately eight to 10 minutes.
3.
4.
5.
Click Start, point to All Programs, point to Microsoft Exchange Server 2010, and then click
Exchange Management Console.
6.
7.
On VAN-SVR1, click Start, point to All Programs, point to Microsoft Exchange Server 2010, and
then click Exchange Management Shell.
2.
3.
Click Start, and in the search box, type \\van-ex1\c$, and then press Enter.
4.
5.
On VAN-EX1, click Start, point to All Programs, point to Microsoft Exchange Server 2010, and
then click Exchange Management Console.
6.
7.
8.
9.
In the New Edge Subscription window, beside Active Directory Site, click Browse. Select DefaultFirst-Site-Name as Active Directory Domain Services site, and then click OK.
10. Beside Subscription file, click Browse. Browse to the C:\ click VAN-SVR1.XML click Open, make
sure Automatically create a Send connector for this Edge Subscription is checked, and then
click New.
11. On the Completion page, click Finish.
Task 3: Verify that EdgeSync is working and that Active Directory Lightweight
Directory Services contains data
1.
On VAN-EX1, click Start, point to All Programs, point to Microsoft Exchange Server 2010, and
then click Exchange Management Shell.
2.
3.
4.
Ensure that the result displayed includes SyncStatus: Normal, otherwise you need to wait for another
minute and run Test-EdgeSynchronization again.
5.
At the command prompt, type Get-User -Identity Wei | ft Name, GUID, and then press Enter.
6.
Write down the first eight characters of the globally unique identifier (GUID) in your notes.
7.
Switch to VAN-SVR1, click Start, point to All Programs, point to Accessories, and then click
Command Prompt.
8.
9.
In the LDP window, click Connection on the menu bar, and then click Connect.
10. In the Connect window, type VAN-SVR1 in the Server box, type 50389 in the Port box, and then
click OK.
11. Click Connection on the menu bar, and then click Bind.
12. In the Bind window, in the Bind type pane, click Bind as currently logged on user, and then
click OK.
13. Click View on the menu bar, and then click Tree.
14. In the Tree View dialog box, clear any entry in the BaseDN field, and then click OK.
15. In the LDP window, in the left pane, double-click OU=MSExchangeGateway to expand it.
16. Double-click CN=Recipients,OU=MSExchangeGateway.
17. By using the GUID you entered in previous steps, you can locate the recipient. It starts with
CN=<GUID>. After you find it, double-click the recipient GUID, and review the data that is available
for this recipient. Close LDP.
2.
3.
4.
Click the Network tab, click Route mail through the following smart hosts, and then click Add.
5.
6.
7.
8.
9.
On the host computer, in the Hyper-V Manager Microsoft Management Console (MMC), right-click
the 10135B-VAN-SVR1 virtual machine, and then click Settings.
2.
In the Settings for 10135B-VAN-SVR1 dialog box, in the Hardware section, expand IDE
Controller 1, and then click DVD Drive.
3.
In the details pane, click Image file, and type C:\Program Files\Microsoft Learning\10135
\Drives\ForeFrontInstall.iso in the field, and then click OK.
4.
On VAN-SVR1, close the Autoplay dialog box. Click Start, in the Search field, type D:\, and then
press Enter.
5.
6.
In the Setup Wizard window, on the License Agreement page, click I agree to the terms of the
license agreement and privacy statement, and then click Next.
7.
8.
9.
10. On the Antispam Configuration page, click Enable antispam later, and then click Next.
11. On the Microsoft Update page, click I dont want to use Microsoft Update, and then click Next.
12. On the Customer Experience Improvement Program page, click Next.
13. On the Confirm Settings page, click Next. Wait for the installation to finish. It will take about five
minutes.
14. On the Installation Results page, click Finish. Close Windows Explorer.
On VAN-SVR1, click Start, point to All Programs, point to Microsoft Forefront Server Protection,
and then click Forefront Protection for Exchange Server Console.
2.
3.
In the Forefront Protection 2010 for Exchange Server Administrator Console window, in the left pane,
click Policy Management.
4.
5.
On the Antimalware - Edge Transport page, in the Engines and Performance pane, select the Scan
with all engines option.
6.
In the Scan Actions pane, in the Action list in the Virus row, select Delete.
7.
8.
In the Policy Management pane, expand Global Settings, and then click Advanced Options.
9.
On the Global Settings - Advanced Options page, in the Threshold Levels pane, increase the value
of Maximum nested depth compressed files to 10 and Maximum nested attachments to 50.
10. Under Intelligent Engine Management, in the Engine management list, select Manual.
11. In the Update scheduling table, click Norman Virus Control, and then click Edit Selected Engines
button.
12. In the Edit Selected Engine dialog box, in the Update frequency pane, verify that the Check for
updates every check box is selected, type 00:30 in the box, and then click Apply and Close.
13. On the Global Settings - Advanced Options page, click Save.
14. In the Policy Management pane, expand Global Settings, and then click Scan Options.
15. On the Global Settings - Scan Options page, in the Scan Targets Transport pane, under Target
types, clear Internal, and then click Save.
16. Close the Microsoft Forefront Protection 2010 for Exchange Server Administrator Console.
Results: After this exercise, you should have installed and configured Forefront Protection 2010 for
Exchange Server on the Edge Transport server.
Do not shut down the virtual machines and revert them to their initial state when you finish this lab.
The virtual machines are required to complete this modules last lab.
On VAN-DC1, click Start, point to All Programs, point to Administrative Tools, and click DNS.
2.
3.
4.
In the New Resource Record dialog box, in the Fully qualified domain name (FQDN) of mail
server box, type VAN-SVR1.Adatum.com.
5.
On VAN-SVR1, click Start, point to All Programs, point to Microsoft Exchange Server 2010, and
then click Exchange Management Console.
2.
3.
In the Edge Transport pane, select VAN-SVR1, and then click the Anti-spam tab.
4.
5.
6.
In the Action tab, clear the Reject messages that have an SCL rating greater than or equal to
check box, and then click OK.
7.
On VAN-EX1, click Start, point to All Programs, point to Microsoft Exchange Server 2010, and
then click Exchange Management Shell.
8.
9.
At the PS prompt, type D:\labfiles\Lab6Prep.ps1, and then press Enter. This will send 11 messages
with the following spam confidence level (SCL) ratings:
Mail sender
SCL level
Msg1@contoso.com
Msg2@contoso.com
Msg3@contoso.com
Msg4@contoso.com
Msg5@contoso.com
Msg6@contoso.com
Msg7@contoso.com
(continued)
Mail sender
SCL level
Msg8@contoso.com
Msg9@contoso.com
Msg10@contoso.com
Msg11@contoso.com
On VAN-SVR1, click Start, point to All Programs, point to Microsoft Exchange Server 2010, and
then click Exchange Management Console.
2.
3.
In the Edge Transport pane, select VAN-SVR1, and then click the Anti-spam tab.
4.
5.
6.
In the Action tab, select the Reject messages that have an SCL rating greater than or equal to
check box, configure it to 7, and then click OK.
7.
On VAN-EX1, in Exchange Management Shell, type: D:\labfiles\Lab6Prep.ps1 and then press Enter.
This will send the 11 messages again, but notice that the Content Filter agent rejects all messages as
spam if they have a SCL level of 7 or more. Thus, only three messages will reach Weis Inbox, and the
other messages should not be delivered to the users Junk E-Mail folder.
8.
9.
10. In the Mail pane, click Inbox. Notice the three new messages in the Inbox.
11. To delete all messages in the Inbox, select them, and then click Delete.
2.
3.
In the IP Allow List Properties window, click the Allowed Addresses tab.
4.
5.
In the Add Allowed IP Address window, type 10.10.0.10 in the Address or address range box, and
then click OK.
6.
7.
On VAN-EX1, in Exchange Management Shell, type: D:\ labfiles\Lab6Prep.ps1, and then press Enter.
8.
9.
10. In the Mail pane, click Inbox. You should see 11 new messages in the Inbox.
11. Double-click one message, and review the Message Detail. The SCL rating should be -1. When the
sending SMTP server is added to the IP Allow List, content filtering is not applied to the messages.
12. To delete all messages in the Inbox, select them, and then click Delete.
2.
3.
4.
5.
In the Add IP Block List Provider window, type Spamhaus in the Provider name box, type
zen.spamhaus.org in the Lookup domain box, and then click OK twice.
Results: After this exercise, you should have configured different SCL levels, and verified the behavior of
junk mail in user mailboxes. You should also have configured a Block List Provider.
2.
Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3.
4.
In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.
5.
To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.
6.
Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.
7.
Wait for VAN-EX1 to start, and then start VAN-EX2. Connect to the virtual machine.
8.
Wait for VAN-EX2 to start, and then start VAN-EX3. Connect to the virtual machine.
Module 7
Lab Answer Key: Implementing High Availability
Contents:
Exercise 1: Deploying a DAG
On VAN-EX1, click Start, click All Programs, click Microsoft Exchange Server 2010, and then click
Exchange Management Shell.
2.
3.
4.
On VAN-EX2, click Start, click All Programs, click Microsoft Exchange Server 2010, and then click
Exchange Management Console.
5.
6.
7.
In the Work pane, on the Database Availability Groups tab, right-click DAG1, and then click
Manage Database Availability Group Membership from the context menu.
8.
9.
In the Select Mailbox Server dialog box, click VAN-EX2, and then click OK.
10. In the Manage Database Availability Group Membership Wizard, click Manage to complete the
changes, wait for the installation to finish, and then click Finish to close the wizard.
On VAN-EX1, click Start, click All Programs, click Microsoft Exchange Server 2010, and then click
Exchange Management Console.
2.
3.
4.
In the Results pane, click Accounting, and then in the Actions pane, click Add Mailbox
Database Copy.
5.
In the Add Mailbox Database Copy Wizard, click Browse to select the server to which to add
the copy.
6.
In the Select Mailbox Server dialog box, click VAN-EX2, and then click OK.
7.
In the Add Mailbox Database Copy Wizard, click Add to create the copy of the Accounting
mailbox database.
8.
In the Results pane, click the Database Management tab, and then click Accounting.
2.
In the bottom Work pane, view the Copy Status column for each database copy.
3.
Click the Accounting entry that has a Healthy copy status, right-click it, and then choose Properties
from the context menu.
4.
View the Status, Copy queue length, and Replay queue length on the General tab, and then click
on the Status tab.
5.
On the Status tab, view the Seeding, Latest available log time, Last inspected log time, Last
copied log time, and Last replayed log time properties, and then click OK.
2.
In the bottom Work pane, view the Copy Status column for each database copy.
3.
Click the Accounting entry that has a Healthy copy status, right-click on it, and then choose
Suspend Database Copy from the context menu.
4.
In the Suspend Mailbox Database Copy dialog box, type Software Updates being applied, and
then click Yes.
5.
In the bottom Work pane, view the Copy Status column for each database copy. The copy status will
turn to Suspended.
Results: After this exercise, you should have created a DAG and a mailbox database copy of the
Accounting database. The Accounting database copy on VAN-EX2 should remain in a suspended state.
At the PS prompt, type Get-MailboxDatabase | ft Name, Server, RPC*, and then press Enter.
2.
3.
At the PS prompt, type Get-MailboxDatabase | ft Name, Server, RPC*, and then press Enter.
Results: At the end of this exercise, you should have created a client access array and assigned it to the
databases.
On VAN-EX2, click Start, click All Programs, click Microsoft Exchange Server 2010, and then click
Exchange Management Console.
2.
3.
Click the Send Connectors tab, and then in the Actions pane, click New Send Connector.
4.
5.
In the Select the intended use for this Send connector drop-down menu, select Internet, and then
click Next.
6.
7.
In the SMTP Address space dialog box, in the Address space box, type *, click OK, and then click
Next on the Address space page.
8.
On the Network Settings page, click Route mail through the following smart hosts, and then
click Add.
9.
In the Add smart host dialog box, click Fully qualified domain name (FQDN).
10. In the Fully qualified domain name (FQDN) box, type van-dc1.adatum.com, and then click OK.
11. On the Network settings page, click Next.
12. On the Configure smart host authentication settings page, ensure None is selected, and then
click Next.
13. On the Source server page, click Add.
14. On the Select Hub Transport or Subscribed Edge Transport Server dialog box, hold the Ctrl key,
click VAN-EX1 and VAN-EX2, and then click OK.
15. On the Source server page, click Next.
16. Click New to create the connector, and then click Finish to close the wizard.
2.
3.
In the Results pane, click Simple Mail Transfer Protocol (SMTP), and then in the Actions pane,
under Simple Mail Transfer Protocol (SMTP) click More Actions, and then click Stop.
2.
3.
On the Microsoft Outlook Web Access (OWA) language and time zone settings page, click OK.
4.
5.
6.
7.
In the message body, type Test email, and then click Send.
8.
2.
3.
On the Queues tab, locate the entry with van-dc1.adatum.com as the next hop domain. If the
message is not visible, then complete the following steps:
a.
b.
c.
On the Select Exchange Server dialog box, click VAN-EX1, click OK, and then click Connect.
d.
On the Queues tab, locate the entry with the van-dc1.adatum.com as the next hop domain.
4.
5.
6.
On the Select Exchange Server dialog box, click VAN-EX3, click OK, and then click Connect.
7.
8.
9.
Task 5: Start SMTP service on VAN-DC1 to allow delivery of the queued message
1.
2.
In the Results pane, click Simple Mail Transport Protocol (SMTP), and then in the Actions pane,
under Simple Mail Transfer Protocol (SMTP), click More Actions, and then click Start.
Task 6: Verify that the messages were removed from the shadow redundancy queue
1.
On VAN-EX2, in the Queue Viewer, verify that you are connected to VAN-EX3.
2.
Click the Queues tab, and verify that the Shadow Redundancy filter is still being applied.
3.
Task 7: Verify the copy status of the Accounting database, and resume the database
copy
1.
On VAN-EX1, in the Exchange Management Console, locate the Console Tree, expand Organization
Configuration, and then click Mailbox.
2.
In the Results pane, click the Database Management tab, and then click Accounting.
3.
In the bottom Work pane, view the Copy Status column for each database copy, click the Accounting
entry that has a Suspended copy status, right-click on it, and then choose Properties from the
context menu.
4.
View the Status, Copy queue length, and Replay queue length on the General tab, and then click
on the Status tab.
5.
On the Status tab, view the Seeding, Latest available log time, Last inspected log time, Last
copied log time, and Last replayed log time properties, and then click OK.
6.
Click the Accounting entry that has a Suspended copy status, right-click on it, and then choose
Resume Database Copy from the context menu.
7.
8.
Wait until the copy status of the Accounting database copy on VAN-EX2 is Healthy. You may need to
refresh the display.
In the bottom Work pane, view the Copy Status column for each database copy, click the Accounting
entry that has a Healthy copy status, right-click on it, and then choose Activate Database Copy
from the context menu.
2.
In the Activate Database Copy dialog box, verify None is selected, and then click OK.
On VAN-EX1, in the Results pane, click the Database Management tab. Wait until the Accounting
database copy status for VAN-EX1 is Healthy.
2.
In Hyper-V Manager, select 10135B-VAN-EX2, and then click Revert in the Actions pane. In the
Revert Virtual Machine dialog box, click Revert.
3.
View the status of the Accounting database in the Results pane. The database copy on VAN-EX1 will
change to a Mounted status, and the database copy on VAN-EX2 will have a ServiceDown status.
Results: After this exercise, you should have verified that the mailbox databases could fail over and switch
between DAG servers, and that Hub Transport shadow redundancy is working properly.
2.
Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3.
4.
In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.
5.
To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it starts fully before
starting the other virtual machines.
6.
Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.
7.
Wait for VAN-EX1 to start, and then start VAN-SVR1. Connect to the virtual machine.
Module 8
Lab Answer Key: Implementing Backup and Recovery
Contents:
Exercise 1: Backing Up Exchange Server 2010
On VAN-EX1, click Start, point to All Programs, and then click Internet Explorer.
2.
3.
4.
5.
6.
7.
In the Subject box, type Message before Backup, and then click Send.
8.
9.
On VAN-EX1, click Start, click All Programs, click Microsoft Exchange Server 2010, and then click
Exchange Management Shell.
10. At the PS prompt, type Restart-Service MSExchangeIS, and then press Enter.
Task 2: Perform a backup of the mailbox database by using Windows Server Backup
1.
On VAN-EX1, click Start, click Administrative Tools, and then click Server Manager.
2.
In Server Manager, click Features, and then on the Features Summary pane, click Add Features.
3.
In the Add Features Wizard, expand Windows Server Backup Features, click Windows Server
Backup, and then click Next.
4.
On the Confirm Installation Selections page, click Install. When the installation finishes, click Close.
5.
Click Start, click Administrative Tools, and then click Windows Server Backup.
6.
7.
In the Backup Once Wizard, on the Backup Options page, select Different options, and then click
Next.
8.
On the Select Backup Configuration page, select Custom, and then click Next.
9.
On the Select Items for Backup page, click Add items, check Local disk (C:) in the Select Items
window, and then click OK.
10. On the Select Items for Backup page, click Advanced Settings, click on the VSS Settings tab, select
VSS full Backup, click OK, and then click Next.
11. On the Specify Destination Type page, select Remote shared folder, and then click Next.
12. On the Specify Remote Folder page, in the Location field, type \\VAN-DC1\Backup, and then click
Next.
13. On the Confirmation page, click Backup. The backup will take approximately 15 to 20 minutes.
14. On the Backup Progress page, click Close.
Click Start, point to All Programs, and then click Internet Explorer.
2.
3.
4.
5.
Right-click the message with the subject Message before Backup, and then click Delete.
6.
In the left pane, right-click Deleted Items, and then click Empty Deleted Items.
7.
8.
9.
Open Internet Explorer and connect to https://VAN-EX1.adatum.com/owa, and then press Enter.
On VAN-EX1, click Start, click Administrative Tools, and then click Windows Server Backup.
2.
3.
In the Recovery Wizard, on the Getting Started page, select This server (VAN-EX1), and then click
Next.
4.
5.
On the Select Recovery Type page, select Applications, and then click Next.
6.
On the Select Application page, select Exchange, and then click Next.
7.
On the Specify Recovery Options page, click Recover to another location, click Browse, expand
Computer, click Local Disk (C:), click Make New Folder, enter DBBackup, click OK, and then click
Next.
8.
9.
On the Recovery Progress page, wait until the restore is completed, and then click Close. Close
Windows Server Backup.
2.
3.
At the Exchange Management Shell prompt, type eseutil /R E02 /i /d, and then press Enter.
4.
At the Exchange Management Shell prompt, type Mount-Database RecoverDB, and then
press Enter.
5.
2.
3.
Click Start, point to All Programs, and then click Internet Explorer.
4.
5.
6.
Verify that the deleted message is available in the Sent Items folder.
7.
8.
Results: After this exercise, you should have created a recovery database, and restored a complete
mailbox from the recovery database to their original locations.
On the host computer, open Microsoft Hyper-V Manager, right-click 10135B-VAN-EX1, and then
click Revert.
2.
3.
On VAN-DC1, click Start, point to Administrative Tools, and then click Active Directory Users and
Computers.
4.
5.
In the right pane, right-click VAN-EX1, click Reset Account, and then in the Active Directory
Domain Services dialog box, click Yes, and then click OK.
6.
2.
In the System window, in the Computer name, domain, and workgroup settings pane, click Change
settings.
3.
4.
In the Computer Name/Domain Changes dialog box, in the Computer name field, type VAN-EX1,
and then click OK.
5.
In the System Properties dialog box, click OK, click Close, and then click Restart Now to restart the
computer.
6.
After the computer restarts, log on as Administrator using the password Pa$$w0rd.
7.
8.
In the System window, in the Computer name, domain, and workgroup settings pane, click Change
settings.
9.
10. Under Member of, click Domain, type Adatum.com, and then click OK.
11. In the Computer Name/Domain Changes dialog box, in the User name field, type Administrator.
12. In the Password field, type Pa$$w0rd, and then click OK.
13. In the Computer Name/Domain Changes dialog box, click OK, and then click OK again.
14. In the System Properties dialog box, click OK, click Close, and then click Restart Now to restart the
computer.
15. After the computer restarts, log on as adatum\Administrator using the password Pa$$w0rd.
On VAN-SRV1, click Start, click Run, and then in the Open box, type d:\setup /m:RecoverServer,
and then press Enter. The installation takes approximately 15 minutes.
2.
Click Start, point to All Programs, point to Microsoft Exchange Server 2010, and then click
Exchange Management Console.
3.
4.
In the Mailbox pane, on the Database Management tab, right-click Accounting, and then click
Properties.
5.
In Accounting Properties, click on the Maintenance tab, click This database can be overwritten by
a restore, and then click OK.
6.
7.
In the Mailbox pane, on the Database Management tab, right-click Public Folder Database 1, and
then click Properties.
8.
In Public Folder Database 1 Properties, on the General tab, click This database can be overwritten
by a restore, and then click OK.
On VAN-SVR1, click Start, click All Programs, click Administrative Tools, and then click Windows
Server Backup.
2.
3.
In the Recovery Wizard, on the Getting Started page, select A backup stored on another location,
and then click Next.
4.
On the Specify Location Type page, click Remote shared folder, and then click Next.
5.
On the Specify Remote Folder page, type \\van-dc1\backup, and then click Next.
6.
7.
On the Select Recovery Type page, select Applications, and then click Next.
8.
On the Select Application page, select Exchange, and then click Next.
9.
On the Specify Recovery Options page, click Recover to original location, and then click Next.
2.
In the Mailbox pane, on the Database Management tab, check if the Accounting database is
mounted. If it is not mounted, right-click Accounting, and then click Mount Database.
3.
4.
On VAN-DC1, click Start, point to All Programs, and then click Internet Explorer.
5.
6.
7.
8.
Results: After this exercise, you should have recovered a complete Exchange server by using a different
Windows Server, renaming it, installing Exchange Server in /m:RecoverServer mode, and recovering the
Exchange Server database from a backup. You have also tested the recovery.
2.
Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3.
4.
In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.
5.
To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it starts fully before
starting the other virtual machines.
6.
Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.
7.
Wait for VAN-EX1 to start, and then start VAN-EX2. Connect to the virtual machine.
8.
Wait for VAN-EX2 to start, and then start VAN-CL1. Connect to the virtual machine.
Module 9
Lab Answer Key: Configuring Messaging Policy and
Compliance
Contents:
Lab A: Configuring Transport Rules, Journal Rules, and Multi-Mailbox
Search
Exercise 1: Configuring Transport Rules
On VAN-EX1, click Start, point to All Programs, point to Microsoft Exchange Server 2010, and
then click Exchange Management Console.
2.
Expand Microsoft Exchange On-Premises, expand Organization Configuration, and then click
Hub Transport.
3.
4.
On the Introduction page, type Internet Connector as the connector name. In the Select the
intended use for this Send connector drop-down list, click Internet, and then click Next.
5.
6.
In the Address field, type *, click OK, and then click Next.
7.
On the Network settings page, click Route mail through the following smart hosts, and then
click Add.
8.
In the IP address field, type 10.10.0.10, click OK, and then click Next.
9.
10. On the Source Server page, click Next, click New, and then click Finish.
Task 1: Create a transport rule that adds a disclaimer to all messages sent to
the Internet
1.
2.
On the Introduction page, in the Name box, type Internet E-Mail Disclaimer, and then click Next.
3.
On the Conditions page, in the Step 1: Select condition(s) area, select the sent to users that are
inside or outside the organization, or partners check box.
4.
In the Step 2: Edit the rule description by clicking an underlined value area, click Inside the
organization.
5.
In the Select scope dialog box, under Scope, click Outside the organization, and then click OK.
6.
7.
On the Actions page, in the Step 1: Select Action(s) area, select append disclaimer text and
fallback to Action if unable to apply.
8.
In the Step 2: Edit the rule description by clicking an underlined value area, click disclaimer text.
9.
In the Specify disclaimer text box, type This e-mail is intended solely for the use of the
individual to whom it is addressed. and then click OK.
On VAN-EX1, in the Exchange Management Console, in the Actions pane, click New Transport Rule.
2.
On the Introduction page, in the Name box, type Customer Service Tracking, and then click Next.
3.
On the Conditions page, in the Step 1: Select condition(s) area, select the sent to users that are
inside or outside the organization, or partners check box.
4.
In the Step 2: Edit the rule description by clicking an underlined value area, click Inside the
organization.
5.
In the Select scope dialog box, under Scope, click Outside the organization, and then click OK.
6.
On the Conditions page, in the Step 1: Select condition(s) area, select the when the Subject field
or message body contains specific words check box.
7.
In the Step 2: Edit the rule description by clicking an underlined value area, click specific words.
8.
In the Specify words dialog box, type Customer, click Add, and then click OK.
9.
10. On the Actions page, in the Step 1: Select Action(s) area, select the copy the message to
addresses check box.
11. In the Step 2: Edit the rule description by clicking an underlined value area, click addresses.
12. In the Specify recipients dialog box, click Add, click CustomerService, and then click OK.
13. On the Exceptions page, select the except when the message is from a member of distribution
list.
14. In the Step 2: Edit the rule description by clicking an underlined value area, click distribution
list.
15. In the Select Mail-Enabled Group dialog box, click CustomerService, and then click OK twice.
16. On the Exceptions page, click Next, review the rule description, click New, and then click Finish.
2.
In the Server Certification.asmx Properties dialog box, on the Security tab, click Edit.
3.
4.
In the Select Users, Computers, Service Accounts, or Groups dialog box, click Object Types, select
the Computers check box, and then click OK.
5.
In the Enter the object names to select field, type Exchange Servers , and then click OK.
6.
Click Add. In the Enter the object names to select field, type IIS_IUSRS, and then click OK three
times.
7.
On VAN-DC1, open a command prompt, type IISReset, and then press Enter. Wait for the service to
restart, and then close the command prompt.
8.
Task 4: Configure a transport rule that applies the Do Not Forward AD RMS template
to all messages with the words confidential or private in the subject
1.
On VAN-EX1, in the Exchange Management Console, under Organization Configuration, click Hub
Transport.
2.
3.
On the Introduction page, in the Name field, type Confidential E-Mail Rule.
4.
5.
On the Conditions page, under Step 1, select the when the Subject field contains specific words
check box.
6.
7.
In the Specify words dialog box, type Confidential, click Add, type Private, click Add, and then
click OK.
8.
Click Next.
9.
On the Actions page, under Step 1, select rights protect message with RMS template.
2.
In the middle pane, right-click All Company, and then click Properties.
3.
4.
In the Message Moderation dialog box, select the Messages sent to this group have to be
approved by a moderator check box.
5.
6.
In the Select Recipient Entire Forest dialog box, click Andreas Herbinger, and then click OK
three times.
2.
3.
Create another message to Carol, with a subject of Customer Information and then send the
message.
4.
5.
In the Windows dialog box, click Select a program from a list of installed programs, and then
click OK. Click Notepad, and then click OK.
6.
Scroll to the middle of the message, and verify that the disclaimer has been added to the message.
7.
8.
Verify that a copy of second message sent by Luca is in the Inbox. Close Internet Explorer.
9.
In Outlook, create a new message, and then send it to the All Company distribution group.
2.
In the Actions pane, click New Mailbox to start the New Mailbox Wizard.
3.
On the Introduction page, ensure that User Mailbox is selected, and then click Next.
4.
5.
Password: Pa$$w0rd
6.
Click Next.
7.
8.
Select the Specify the mailbox database rather than using a database automatically accepted
check box, click Browse, click Mailbox Database 1, click OK, and then click Next.
9.
10. On the New Mailbox page, click New, and then click Finish.
Task 2: Create a journal rule that saves a copy of all messages sent to and from
Executives department members
1.
In the Exchange Management Console, in the Organization Configuration work area, click
Hub Transport.
2.
In the Actions pane, click New Journal Rule to start the New Journal Rule Wizard.
3.
On the New Journal Rule page, in the Rule name box, type Executives Department Message
Journaling.
4.
Beside Send Journal reports to e-mail address, click Browse, click Executives Journal Mailbox,
and then click OK.
5.
6.
Select the Journal messages for recipient check box, and then click Browse.
7.
In the Select Recipient dialog box, click Executives, and then click OK.
8.
On the New Journal Rule page, click New, and then click Finish.
2.
In the Actions pane, click New Mailbox to start the New Mailbox Wizard.
3.
On the Introduction page, ensure that User Mailbox is selected, and then click Next.
4.
5.
Password: Pa$$w0rd
6.
Click Next.
7.
8.
Select the Specify the mailbox database rather than using a database automatically accepted
check box, click Browse, click Mailbox Database 1, click OK, and then click Next.
9.
10. On the New Mailbox page, click New, and then click Finish.
11. In the recipient list, click Executives Journal Mailbox, and then click Manage Full Access
Permission.
12. On the Manage Full Access Permission page, click Add, click Mailbox Auditor, and then click OK.
13. Click Manage, and then click Finish.
14. On VAN-DC1, open Active Directory Users and Computers, and then in the Microsoft Exchange
Security Groups OU, double-click the Discovery Management group.
15. In the Discovery Management Properties dialog box, on the Members tab, click Add.
16. Type Mailbox Auditor, and then click OK twice.
Double-click George Schaller. On the Mailbox Settings tab, double-click Messaging Records
Management.
2.
Select the Enable Litigation Hold check box, and then click OK three times.
2.
Create a new message, and then send it to Marcel Truempy. Marcel is a member of the Executives
group.
3.
4.
5.
In the left pane, right-click Mailbox Auditor, and then click Open Other Users Inbox.
6.
Type Executives Journal Mailbox, and then click OK twice. Under Executives Journal Mailbox,
click Inbox. Verify that the two journaled messages are in the mailbox. Close Internet Explorer.
7.
In Outlook, create and send a new message with the following configuration:
Message body: Here is the order for Carol at Contoso. Her customer number is 1111-1111.
8.
9.
10. Click the Deleted Items folder, and then click Empty.
11. Under George Schaller, right-click the Deleted Items folder, and then click Recover Deleted Items.
12. Click the message, and then click the Delete button. Click OK to permanently delete the message,
and close all Internet Explorer Windows.
13. Open Internet Explorer, and connect to Outlook Web App. Log on as MailboxAuditor. Click
Options, and then click See All Options.
14. In the Select what to manage drop-down list, ensure that My Organization is listed.
15. In the left pane, click Mail Control, and then under Multi-Mailbox Search, click New.
16. In the Keywords box, type Customer Number.
17. Expand Mailboxes to Search.
18. Under Select the mailboxes to search, click Add. In the Select Mailbox window, click Luca
Dellamore, and then click Add. Click George Schaller, click Add, and then click OK.
19. Expand Search Name and Storage Location.
20. In the Search name field, type Customer Number Discovery.
21. Click Copy the search results to the destination mailbox.
22. Next to Select a mailbox in which to store the search results, click Browse.
23. In the Select Mailbox window, click Discovery Search Mailbox, and then click OK.
24. Select the Send me an e-mail when the search is done check box, and then click Save.
25. Wait until the search finishes, and then in the bottom right pane, click the Open link.
26. In the Outlook Web App window, click OK.
27. In the Navigation pane, notice the new discovery folder named Customer Number Discovery.
Expand the folder.
28. Note the two folders created that correspond to the mailboxes added to the search criteria.
29. Expand Luca Dellamore, expand Primary Mailbox, expand Sent Items, and then verify that the
email was discovered using the search criteria.
30. Expand George Schaller, expand Primary Mailbox, expand Inbox, and then verify that the email
was discovered using the search criteria.
31. Close Internet Explorer.
Results: After this exercise, you should have created a mailbox for the Executives department journaling
messages, and then created a journal rule that saves a copy of all messages sent to and from Executives
department members. You also should have created and configured the MailboxAuditor account.
Do not shut down the virtual machines and revert them to their initial state when you finish this lab.
The virtual machines are required to complete this modules last lab.
On VAN-EX1, in the Exchange Management Console, click Recipient Management, and then
click Mailbox.
2.
In the Results pane, click the Organization Unit heading to sort the mailbox list by OU.
3.
Select all of the mailboxes in the Executives and Marketing OUs, right-click, click Enable Archive,
and then click OK.
Task 2: Verify that the archive mailbox was created for members of the Marketing
group
Results: After this exercise, you should have configured archive mailboxes for all members of the
Marketing group.
On VAN-EX1, in the Exchange Management Console, expand Organization Configuration, and then
click Mailbox.
2.
3.
4.
5.
6.
In Action to take when the age limit is reached, select Permanently Delete.
7.
In the Comments field, type Deleted Items are purged after 30 days.
8.
9.
10
Task 2: Create and configure retention policies for the Marketing group
1.
On VAN-EX1, in the Exchange Management Console, expand Organization Configuration, and then
click Mailbox.
2.
3.
In the Name field, type Marketing Group Retention, and then click Add.
4.
Select both the Adatum DefaultMoveToArchive and Adatum - Deleted Items tags, click OK, and
then click Next.
5.
6.
In Select Mailbox Entire Forest, click Scope menu, and then click Modify Recipient Picker
Scope.
7.
Click View all recipients in specified organizational unit, and then click Browse.
8.
9.
After the scope changes, select all users in the list, and then click OK.
Task 3: Create and configure retention policies for the Executives group
1.
On VAN-EX1, in the Exchange Management Console, expand Organization Configuration, and then
click Mailbox.
2.
3.
In the Name field, type Executive Group Retention, and then click Add.
4.
Select the Adatum DefaultMoveToArchive, Adatum Business Critical and Adatum - Deleted
Items tags, click OK, and then click Next.
5.
6.
In Select Mailbox Entire Forest, click Scope menu, and then click Modify Recipient Picker
Scope.
7.
Click View all recipients in specified organizational unit, and then click Browse.
8.
9.
After the scope changes, select all users in the list, and then click OK.
11
2.
Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3.
4.
In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.
5.
To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.
6.
Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.
7.
Wait for VAN-EX1 to start, and then start VAN-EX2. Connect to the virtual machine.
Module 10
Lab Answer Key: Securing Microsoft Exchange Server 2010
Contents:
Exercise 1: Configuring Exchange Server Permissions
2.
Expand Adatum.com, click Microsoft Exchange Security Groups, and then double-click Server
Management.
3.
4.
In the Enter the object names to select field, type ITAdmins, and then click OK twice.
On VAN-EX1, open the Exchange Management Shell. In the Exchange Management Shell, at the PS
prompt, type the following command, and then press Enter:
2.
At the PS prompt, type the following command, and then press Enter:
3.
4.
5.
6.
7.
8.
9.
On the Select Member page, select Anna Lidman, click Add, and then click OK.
2.
3.
4.
On the Limits tab, clear the Issue warning at (MB) check box, and then click OK.
5.
Under Organization Configuration, click Hub Transport. Verify that many of the tabs normally
shown in this view are not available. On the Accepted Domains tab, double-click Adatum.com.
Verify that you cannot modify the settings, and then click Cancel.
6.
Expand Recipient Configuration, click Mailbox, double-click one of the mailboxes, verify that you
cannot modify the mailbox properties, and then click Cancel.
7.
8.
9.
10. On the Mailboxes tab, click Andreas Herbinger, and then click Details.
11. Click Organization, in the Department field, type IT, and then click Save.
12. Click Distribution Groups. Click Accounting, and then click Details. Verify that you can modify the
group properties by typing a group description, and then clicking Save. Close Internet Explorer.
Note You cannot create or delete user accounts and mailboxes in Exchange Control Panel.
If you want to test whether Anna can create user accounts and mailboxes, add Anna to the
local Administrators account on VAN-EX2, and log on to VAN-EX2 as Anna. Then open
Exchange Management Console and verify that you can create a mailbox. In a production
environment, you could install the Exchange Management tools on a Windows 7 client
computer.
13. On VAN-EX1, open Internet Explorer, and connect to https://van-ex1.adatum.com/ecp.
14. Log on as Adatum\Paul using the password Pa$$w0rd, and then click OK.
15. On the Mailboxes tab, click Franz Kohl, and then click Details.
16. Click Organization, in the Department field, type Customer Service, and then click Save.
17. Verify that the Distribution Groups tab is not visible. Close Internet Explorer.
Results: After this exercise, you should have configured and verified permissions in the Exchange Server
deployment.
2.
3.
4.
5.
On the User Information page, fill in the following information, and then click Next.
Select the Specify the organizational unit rather than using the default one, click Browse,
click CustomerService, and then click OK.
Name: Info
6.
7.
8.
9.
Click Add, click Adatum\CustomerService, click OK, and then click Manage, and then click Finish.
10. Repeat the above steps for the Manage Send As Permission.
2.
3.
2.
Log on as Adatum\Anna using the password Pa$$w0rd. If the Regional Settings page appears,
click OK.
3.
Click New, and then in the Untitled Message window, click Options.
4.
5.
In the From field, delete Anna Lidman, and then type Info@Adatum.com.
6.
7.
8.
In the message body, write some text, and then click Send.
9.
2.
3.
Click Auditing.
4.
5.
6.
7.
8.
Find the Info mailbox, click Add, and then click OK.
9.
In the Search for access by drop-down list, select All non-owners, and then click Search.
10. Verify that in the Search Results box, the Info mailbox appears, and that in the Details box, there is a
description of the activity that you performed in Task 3.
11. Click Close
12. Exit the Exchange Control Panel.
On VAN-EX1, restore the Exchange Management Shell, and run the following cmdlet:
Get-AdminAuditLogConfig
2.
In the results list, verify that AdminAuditLogEnabled is set to True. Review the other values in
the list.
3.
On VAN-EX1, click Start, click All Programs, click Microsoft Exchange Server 2010, and then click
Exchange Management Console.
2.
Expand Recipient Configuration, click Mailbox, find Michiyo Sato on the list in the central pane,
right-click Michiyo Sato, and then select Properties.
3.
Click the Mailbox Settings tab, click Storage Quotas, and then click Properties.
4.
In the Deleted Item retention section, clear the Use mailbox database defaults check box, and
then in the Keep deleted items for (days) field, type 20.
5.
Click OK twice.
6.
On VAN-EX1, restore the Exchange Management Shell, and run the following cmdlet:
Search-AdminAuditLog -Cmdlets Set-Mailbox -StartDate 01/01/2011 -EndDate (Tomorrows
date using the mm/dd/yyyy format)
2.
Review the results, and ensure they contain the action performed in Task 6. You might also see logs
about other actions on this account.
Note If no results are returned when you search the administrator audit log, wait a few
minutes and repeat this task. It can take up to five minutes for the change to appear in the
audit log.
2.
3.
4.
Results: After this exercise, you should have configured audit logging.
2.
In the Actions pane, click New Exchange Certificate to open the New Exchange Certificate Wizard.
3.
On the Introduction page, type Adatum Mail Certificate as the friendly name for the certificate,
and then click Next.
4.
5.
On the Exchange Configuration page, expand Client Access server (Outlook Web App), select the
Outlook Web App is on the Intranet check box, and then type VAN-EX1.adatum.com in the
domain name box.
6.
Select the Outlook Web App is on the Internet check box, and then type Mail.adatum.com in the
second text box.
7.
Expand Client Access server (Exchange ActiveSync), and then verify that the Exchange Active
Sync is enabled check box is selected. Type mail.adatum.com as the domain name.
8.
Expand Client Access server, (Web Services, Outlook Anywhere, and Autodiscover), and then
enter mail.adatum.com as the external host name.
9.
Ensure that both the Autodiscover used on the Internet check box and the Long URL options are
selected. In the Autodiscover URL to use field, delete all entries except for
autodiscover.adatum.com, and then click Next.
Organization: A Datum
Country/region: Canada
City/locality: Vancouver
State/province: BC
12. Click Browse, type CertRequest as the File name, and then click Save.
13. Click Next, click New, and then click Finish.
14. Click the Folder icon in the task bar, and then click Documents.
15. Right-click CertRequest.req, and then click Open.
16. In the Windows dialog box, click Select a program from a list of installed programs, and then
click OK.
17. In the Open with dialog box, click Notepad, and then click OK.
18. In the CertRequest.req Notepad window, select Ctrl+A to select all of the text, select Ctrl+C to save
the text to the clipboard, and then close Notepad.
19. Click Start, click All Programs, and then click Internet Explorer.
20. Connect to https://van-dc1.adatum.com/certsrv.
21. Log on as Adatum\administrator using the password Pa$$word.
22. On the Welcome page, click Request a certificate.
23. On the Request a Certificate page, click advanced certificate request.
24. On the Advanced Certificate Request page, click Submit a certificate request by using a base64-encoded CMC or PKCS#10 file, or submit a renewal request by using a base-64-encoded
CMC or PKCS#7 file.
25. On the Submit a Certificate Request or Renewal Request page, click in the Saved Request field,
and then press Ctrl+V to paste the certificate request information into the field.
26. In the Certificate Template drop-down list, click Web Server, and then click Submit.
27. In the Web Access Confirmation dialog box, click Yes.
28. On the Certificate Issued page, click Download certificate.
29. In the File Download dialog box, click Save as.
30. In the Save As dialog box, browse to the C: drive, and then click Save.
31. Close Internet Explorer.
32. In the Exchange Management Console, click Adatum Mail Certificate, and then click Complete
Pending Request.
33. On the Complete Pending Request page, click Browse.
34. Browse to the C: drive, click certnew.cer, click Open, click Complete, and then click Finish.
35. On the Exchange Certificates tab, click Adatum Mail Certificate, and then click Assign Services
to Certificate.
36. On the Select Servers page, click Next.
37. On the Select Services page, select the Internet Information Services check box, click Next, click
Assign, and then click Finish.
On VAN-EX1, right-click Adatum Mail Certificate, and then click Export Exchange Certificate.
2.
3.
4.
In the Password field, type Pa$$w0rd, click Export, and then click Finish.
On VAN-TMG, click Start. In the Search box, type MMC, and then press Enter.
2.
3.
On the Add or Remove Snap-ins page, click Certificates, and then click Add.
4.
Click Computer account, click Next, click Finish, and then click OK.
5.
Expand Certificates, right-click Personal, point to All Tasks, and then click Import.
6.
7.
On the File to Import page, type \\VAN-EX1\C$\CertExport.pfx, and then click Next.
8.
On the Password page, type Pa$$w0rd in the Password field, and then click Next.
9.
On the Certificate Store page, click Next, and then click Finish.
10. Click OK, and then close Console1 without saving changes.
On VAN-TMG, click Start, point to All Programs, click Microsoft Forefront TMG, and then click
Forefront TMG Management.
2.
3.
On the Firewall Policy Tasks pane, on the Tasks tab, click Publish Exchange Web Client Access.
4.
On the Welcome to the New Exchange Publishing Rule Wizard page, type OWA Rule, and then
click Next.
5.
On the Select Services page, in the Exchange version list, click Exchange Server 2010, select the
Outlook Web Access check box, and then click Next.
6.
7.
On the Server Connection Security page, ensure that Use SSL to connect the published Web
server or server farm is configured, and then click Next.
8.
On the Internal Publishing Details page, in the Internal site name text box, type
VAN-EX1.Adatum.com, and then click Next.
9.
On the Public Name Details page, ensure that This domain name (type below) is configured in the
Accept requests for drop-down list. In the Public name box, type mail.Adatum.com, and then click
Next.
On VAN-EX1, in the Exchange Management Console, expand Server Configuration, and then click
Client Access.
Note During this task, click OK to dismiss any messages that indicate that VAN-EX2 is not
accessible.
2.
On the Outlook Web App tab, double-click owa (Default Web Site).
3.
10
4.
On the Authentication tab, click Use one or more standard authentication methods, select the
Basic Authentication (password is sent in clear text) check box, and then click OK twice.
5.
On the Exchange Control Panel tab, double-click ecp (Default Web Site).
6.
7.
On the Authentication tab, click Use one or more standard authentication methods, select the
Basic Authentication (password is sent in clear text) check box, and then click OK twice.
8.
Open the Exchange Management Shell. At the PS prompt, type IISReset, and then press Enter.
Note If you receive a message stating that the service did not start, start the World Wide
Web service in the Services console.
On the host computer, in Hyper-V Manager, right-click 10135B-VAN-CL1, and then click Settings.
2.
Click Legacy Network Adapter, and in the Network drop-down list, click Private Network 2, and
then click OK.
3.
4.
Open the Control Panel, and then click View network status and tasks.
5.
6.
7.
8.
Change the IP address to 131.107.0.50, change the Default Gateway to 131.107.0.1, click OK, and
then click Close. Close the Control Panel.
9.
Click Start, and in the search field, type notepad c:\windows\system32\drivers\etc\hosts, and
then press Enter.
10. At the bottom of the hosts file, type 131.107.1.1 mail.adatum.com, and then save and close the file.
11. Open Internet Explorer, and then connect to https://mail.adatum.com/owa.
12. Log on as adatum\administrator using the password Pa$$w0rd, and then verify that you access the
user mailbox.
13. In the Microsoft Outlook Web App window, click Options. Verify that you can connect to the
Exchange Control Panel.
14. Close Internet Explorer.
Results: After this exercise, you should have configured a Forefront Threat Management Gateway server
to enable access to Outlook Web App on the Client Access server. You also will have verified that the
access is configured correctly.
11
2.
Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3.
4.
In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.
5.
To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it starts fully before
starting the other virtual machines.
6.
Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.
Module 11
Lab Answer Key: Maintaining Microsoft Exchange Server
2010
Contents:
Exercise 1: Monitoring Exchange Server 2010
On VAN-EX1, click Start, click Administrative Tools, and then click Performance Monitor.
2.
In the Navigation pane, expand Data Collector Sets, and then click User Defined.
3.
Click on the Action menu, click New, and then click Data Collector Set.
4.
In the Create new Data Collector Set Wizard, in the Name box, type Exchange Monitoring, select
Create manually (Advanced), and then click Next.
5.
Select the Performance Counter check box, and then click Finish.
Task 2: Create a new performance counter data collector set for monitoring basic
Exchange Server performance
1.
In the Performance Monitor, in the Navigation pane, expand Data Collector Sets, expand User
Defined, click Exchange Monitoring, click the Action menu, click New, and then click Data
Collector.
2.
In the Create New Data Collector Wizard, in the Name box, type Base Exchange Monitoring, select
Performance counter data collector, and then click Next.
3.
Click Add.
4.
In the Available counters object list, expand Processor, and then click % Processor Time. Press and
hold Ctrl, click % User Time, click % Privileged Time, and then click Add.
5.
In the Available counters object list, expand Memory, and then click Available Mbytes. Press and
hold Ctrl, click Page Reads/sec, click Pages Input/sec, click Pages/sec, click Pages Output/sec,
click Pool Paged Bytes, click Transition Pages Repurposed/sec, and then click Add.
6.
In the Available counters object list, expand MSExchange ADAccess Domain Controllers, and
then click LDAP Read Time. Press and hold Ctrl, click LDAP Search Time, click LDAP Searches
timed out per minute, click Long running LDAP operations/Min, and then click Add.
7.
In the Available counters object list, expand System, click Processor Queue Length, and then
click Add.
8.
Click OK.
9.
In the Create New Data Collector Wizard, in the Sample interval box, type 1, and then in the Units
dropdown menu, select Minutes, and then click Finish to create the data collector set.
Task 3: Create a new performance counter data collector set for monitoring Mailbox
server role performance
1.
In the Reliability and Performance Monitor, in the Navigation pane, click Exchange Monitoring, click
the Action menu, click New, and then click Data Collector.
2.
In the Create New Data Collector Wizard, in the Name box, type Mailbox Role Monitoring, select
Performance counter data collector, and then click Next.
3.
Click Add.
4.
In the Available counters object list, expand LogicalDisk, and then click Avg.Disk sec/Read. Press
and hold Ctrl, click Avg.Disk sec/Transfer, click Avg.Disk sec/Write, and then click Add.
5.
In the Available counters object list, expand MSExchangeIS, and then click RPC Averaged Latency.
Press and hold Ctrl, click RPC Num. of Slow Packets, click RPC Operations/sec, click RPC Requests,
and then click Add.
6.
In the Available counters object list, expand MSExchangeIS Mailbox, click Messages Queued for
Submission, and then click Add.
7.
In the Available counters object list, expand MSExchangeIS Public, click Messages Queued for
Submission, and then click Add.
8.
Click OK.
9.
In the Create New Data Collector Wizard, in the Sample interval box, type 1, and in the Units dropdown menu, select Minutes, and then click Finish to create the data collector set.
In the Reliability and Performance Monitor, in the Navigation pane, click Exchange Monitoring, click
the Action menu, and then click Start.
2.
After at least five minutes, click the Action menu, and then click Stop.
3.
In the Navigation pane, expand Reports, expand User Defined, expand Exchange Monitoring, click
VAN-EX1_DateTime, and then review the report.
4.
Results: After this exercise, you should have created a data collector set for monitoring VAN-EX1 that
uses the performance counters that this module recommends.
2.
3.
On VAN-EX1, click Start, click All Programs, click Microsoft Exchange Server 2010, and then click
Exchange Management Console.
2.
3.
In the Work pane, click the Database Management tab, and then view the list of databases, noting
that MailboxDB100 is dismounted.
In the Work pane, right-click MailboxDB100, and then click Mount database. Review the warning
message, and then click No.
2.
On VAN-EX1, click Start, click All Programs, click Administrative Tools, and then click Event
Viewer.
3.
In Event Viewer, in the Navigation pane, expand Windows Logs, click on Application, and then in
the Content pane, review recent events. Click recent events that have a source from one of the
MSExchange services, and then review the details of the error in the lower half of the Content pane.
4.
In the Navigation pane, click on System, and then in the Content pane, review recent events. No
notable events are present.
5.
On VAN-EX1, click Start, click All Programs, click Microsoft Exchange Server 2010, and then click
Exchange Management Console.
2.
In the Console Tree, expand Microsoft Exchange On-Premises, and then expand Toolbox.
3.
4.
In the Microsoft Exchange Best Practice Analyzer, if prompted, select Do not check for updates on
startup, select I dont want to join the program at this time, and then click Go to the Welcome
screen.
5.
On the Welcome to the Exchange Best Practices Analyzer page, click Select options for a new
scan.
6.
On the Connect to Active Directory page, click Connect to the Active Directory server.
7.
On the Start a new Best Practices scan page, in the Enter an indentifying label for this scan box,
type VAN-EX1 Scan, and then click Unselect all.
8.
In the Specify the scope for this scan box, select VAN-EX1, verify that Health Check is selected,
and then click Start scanning to start the best practices scan process.
9.
On the Scanning completed page, click View a report of this Best Practices scan. Verify that there
are no errors listed that may have caused this issue.
Task 4: List the probable causes of the problem, and rank the possible solutions, if
multiple options exist
1.
Possible solution
2.
In the Work pane, click the Database Management tab, and then right-click on MailboxDB100, and
select Properties.
3.
Identify the database file location, by examining value of Database path on General tab. Click
Cancel.
4.
Click Start, click All Programs, click Accessories, and then click Windows Explorer.
5.
In the Navigation pane, expand Computer, expand Local Disk (C:), expand Program Files, expand
Microsoft, expand Exchange Server, expand V14, expand Mailbox. Verify that the MailboxDB100NewPath folder does not exist.
6.
In the Navigation pane, click MailboxDB100 and locate the database files. This is the actual location
of the database files. The configuration is pointing to the wrong path.
7.
On VAN-EX1, click Start, click All Programs, click Microsoft Exchange Server 2010, and then click
Exchange Management Shell.
2.
In the Exchange Management Shell, type the follow cmdlet, and then press Enter.
Move-DatabasePath MailboxDB100 LogFolderPath C:\Program Files\Microsoft\Exchange
Server\V14\Mailbox\MailboxDB100 EdbFilePath C:\Program Files\Microsoft\Exchange
Server\V14\Mailbox\MailboxDB100\MailboxDB100.edb ConfigurationOnly force
3.
4.
In the Exchange Management Shell, type Mount-Database MailboxDB100, and then press Enter.
5.
Results: After this exercise, you should have used a troubleshooting technique to identify and fix a
Mailbox server problem.
On VAN-EX1, open Exchange Management Shell. At the prompt, type d:\ Labfiles\Lab11Prep3.ps1,
and then press Enter.
2.
2.
Note the error displayed in the browser: HTTP Error 401.2 Unauthorized.
On VAN-EX1, click Start, click All Programs, click Administrative Tools, and then click Event
Viewer.
2.
In Event Viewer, in the Navigation pane, expand Windows Logs, click Application, and then in the
Content pane, review recent events. There is nothing substantial to point to the problem.
3.
In the Navigation pane, click System, and then in the Content pane, review recent events.
4.
On VAN-EX1, click Start, click All Programs, click Microsoft Exchange Server 2010, and then click
Exchange Management Shell.
2.
In the Exchange Management Shell, type Test-ServiceHealth, and then press Enter. Verify that the
output does not return any errors.
3.
4.
In the Windows PowerShell Credential Request dialog box, in the User name box, type
Adatum\Administrator, and in the Password box, type Pa$$w0rd, and then click OK.
5.
6.
Task 4: List the probable causes of the problem, and rank the possible solutions if
multiple options exist
1.
Possible solution
On VAN-EX1, click Start, click All Programs, click Microsoft Exchange Server 2010, and then click
Exchange Management Console.
2.
In the Console Tree, expand Microsoft Exchange On-Premises, expand Server Configuration, and
then click Client Access.
Note During this task, click OK to dismiss any messages that indicate that VAN-EX2 is not
accessible.
3.
In the upper portion of the Work pane, click VAN-EX1, and then in the lower portion of the Work
pane, select the Outlook Web App tab. Right-click owa (Default Web Site), and then click
Properties.
4.
In the owa (Default Web Site) Properties dialog box, click the Authentication tab, select Use
forms-based authentication, and then click OK.
5.
6.
Click Start, click All Programs, click Accessories, and then click Command Prompt.
7.
8.
2.
3.
Confirm that Administrator can now access Outlook Web App, and then close Internet Explorer.
Results: After this exercise, you should have used a troubleshooting technique to identify and fix a Client
Access server problem.
2.
Right-click the virtual machine name in the Virtual Machines list, and then click Revert.
3.
4.
In the Virtual Machines pane, click 10135B-VAN-DC1, and then in the Actions pane, click Start.
5.
To connect to the virtual machine for the next modules lab, click 10135B-VAN-DC1, and then in the
Actions pane, click Connect.
Important Start the VAN-DC1 virtual machine first, and ensure that it starts fully before
starting the other virtual machines.
6.
Wait for VAN-DC1 to start, and then start VAN-EX1. Connect to the virtual machine.
7.
Wait for VAN-EX1 to start, and then start VAN-EX2. Connect to the virtual machine.