SummaryLearning Exchange Server 2003
Bill Boswell
ˇ
Exchange Server 2003 for working administrators
ˇ
Maximizing performance, reliability, and business value
ˇ
Integrating Exchange into your overall IT infrastructure
ˇ
Contains detailed process analyses and dozens of how-to diagrams
ˇ
Migrating from legacy versions of Exchange
ˇ
Reviewed by Exchange MVPs and approved for technical accuracy by Microsoft
Windows Server System Series
Real-world Exchange 2003 deployment and management for working administrators
This is your start-to-finish guide to getting Microsoft Exchange Server 2003 into production, then maximizing its reliability, performance, and business value. Bill Boswell writes for working administrators whose responsibilities now include Exchange Server 2003. He addresses every facet of Exchange from architecture to address lists, answering three key questions: How does it work? How do I get the most out of it? How do I fix it if it breaks?
Unlike some books, this one recognizes that you're deploying Exchange in the context of a complex IT infrastructure. Boswell thoroughly discusses Exchange's key dependencies and connections, and offers detailed process analyses?complete with diagrams and step-by-step integration guidance. You'll learn exactly what you need to know to make Exchange work seamlessly with Outlook--and with other email clients. Boswell even introduces third-party administration tools that work when Microsoft's don't.
Best of all, you can rely on this book. It was written by one of the world's leading Exchange and Windows Server consultants, then reviewed by Microsoft Exchange MVPs, and approved by Microsoft itself for technical accuracy.
ˇ
Getting up-to-speed on an Exchange system you've inherited
ˇ
Migrating from legacy versions of Exchange
ˇ
Ensuring service continuity in any environment--from small business to FortuneŽ-class enterprise
ˇ
Designing Exchange Server 2003 for maximum performance
ˇ
Deploying distributed Exchange architectures
ˇ
Implementing security best practices to prevent system compromise
ˇ
Managing storage, mailboxes, message routing, public folders, distribution lists, and more
ˇ
Troubleshooting Exchange: isolating and correcting a wide range of Exchange problems
ˇ
Includes step-by-step procedures and lab exercises for testing and production deployment
Author Bio
About the Author
BILL BOSWELL, MCSE, is an independent consultant and trainer and the author of two previous books, InsideWindows Server 2003 and Inside Windows 2000. His firm, Bill Boswell Consulting, Inc., is based in Phoenix, AZ. Boswell is a Contributing Editor for MCP Magazine and a sought-after speaker at TechMentor and other conferences.
Table of Contents
1. Installing an Exchange 2003 Server.
Preparations.
....Major Exchange System Components.
Exchange Store.
E-Mail Clients.
Active Directory.
Global Catalog.
DNS.
....Exchange Test Lab Configuration.
Virtual Machines as Test Servers.
Virtual Machine Vendors.
Precautions When Cloning Test Servers.
Virtual Machine Hardware Requirements.
Installation Prereqisite Checklist.
....Hardware Requirement.
Minimum Requirements.
Production Requirements.
Internet Connectivity.
Firewalls.
Server Hardening.
....Version Selection.
Exchange 2003 Enterprise Edition versus Standard Edition.
Small Business Server 2003.
Exchange 2003 and Windows Server Versions.
....Install and Configure IIS.
....Install Exchange 2003.
....Introducing Exchange System Manager.
Assigning Mailboxes.
Mailbox-Enabling New Users.
Mailbox-Enabling Existing Users.
Mail-Enabling Contacts.
....Mail-Enabling Groups.
Mail-Enable New Groups.
Group Types Interchangeable, to a Point.
Automatic Group Promotion.
Mail-Enable Groups.
For More Information.
....Test Exchange with Outlook 2003.
Outlook 2003 Hotfixes.
Outlook 2003 Installation Procedure.
Outlook 2003 Features.
Send Test Message from Outlook.
....Test Exchange with Outlook Express.
Enable POP3 Service.
Outlook Express 6.0 Installation.
Send Test Message Using Outlook Express.
....Troubleshooting Test E-Mails.
Exchange Services Running.
Exchange Server Available.
DNS Configuration.
SMTP Server Available.
Successful Test E-Mail.
....Advanced Exchange Server 2003 Features.
Exchange 2003 Features Requiring Windows Server 2003.
Exchange 2003 Features Requiring Exchange Native Mode.
....Looking Forward.
2. Understanding and Using Messaging Protocols.
....Client Protocol Overview.
Internet Standard E-mail Client Protocols.
Messaging API (MAPI) Clients.
Network News Transfer Protocol (NNTP).
....Message Formats.
RFC 2822 Message Format.
Message Headers.
Blind Carbon Copy Handling.
Additional Header Options.
Key Points to Remember about Message Headers.
....Formatted Text in Messages.
HTML Formatting.
Rich Text Formatting.
....Disabling Text Formatting.
Configuring Outlook to Send Plain Text Messages.
Configure Outlook to Convert Internet Messages.
Manage Plain Text Settings with Group Policies.
....MIME (Multipart Internet Message Extensions).
MIME Headers.
MIME Body-First Section.
MIME Body-Second Section.
MIME Attachments.
Key Points to Remember about MIME.
....MAPI Message Format.
....Message Retrieval Overview.
Enable POP3 and IMAP4 Services.
....Home Server Identification.
....Protocols and Port Selection.
Well-Known Messaging Ports.
Viewing Active Ports.
Remote Procedure Calls and Port Selection.
Key Points to Remember about Port Selection.
....Initial Client Connections.
Initial POP3 Connection.
Initial IMAP4 Connection.
Initial Outlook Connection.
Changing Banners.
Backing Up the IIS Metabase.
Changing POP3 Banners.
Changing IMAP4 Banners.
....Client Authentication.
POP3 Authentication.
IMAP4 Authentication.
Outlook Authentication.
Client Message Retrieval.
POP3 Message Retreival.
IMAP4 Message Retreival.
MAPI Message Retrieval.
....Looking Forward.
3. Exchange 2003 Service Architecture.
....Exchange Store.
Internet Messaging Protocols.
Messaging Application Programming Interface (MAPI).
OLE DB.
ExIFS.
....Exchange Services.
System Attendant.
Service Diagnostics.
Service Dependencies.
....Looking Forward.
4. Managing Exchange 2003 Servers.
....Exchange System Manager.
Servers.
Tools.
Legacy Exchange Servers.
....Installing ESM on a Workstation.
Prerequisites for Installing ESM.
Installing ESM.
....Exchange Services and Security.
Special Exchange Groups.
Permissions Delegated to Exchange Groups.
Security Implications of Delegated Exchange Permissions.
Bottom Line on Exchange Permissions.
....Management Components.
ADSI and Active Directory.
WMI and Server Status Monitoring.
WebDAV and Public Folder Access.
DS2MB and IIS Metabase.
Summary.
....Assigning Administrative Permissions.
Operations Requiring Administrative Permissions.
Administrative Roles.
Administrators Denied Access to User Mailboxes.
....Role Delegation.
Delegation Wizard.
Local Server Admin Rights.
....Administrative Groups.
Administrative Groups Don't Control Message Routing.
Administrative Groups in Active Directory.
Administrative Groups and Legacy Sites.
....Creating New Administrative Groups.
Delegating Administrative Group Permissions.
Crossing the Line-Moving Mailboxes between Administrative Groups.
Key Points for Administrative Group Permission Delegation.
....Looking Forward.
5. Managing Recipients and Distribution Lists.
....Security Groups and Exchange.
Issues with Mail-enabled Security Groups.
Distribution Group Advantages.
Watch Out for Automatic Promotions.
Delegating Group Membership Management.
Managing Distribution List Membership in Outlook.
....Group Membership Expansion.
Description of Group Expansion Process.
Designating Expansion Servers.
Single Point of Failure.
....Managing Group E-Mail Properties.
General Properties.
Advanced Properties.
Hiding Group Members.
....Query-Based Distribution Groups.
Creating a QDG.
QDG Caveats.
....DSAccess.
Global Catalog Advertising and DSAccess.
DSAccess Selection Criteria.
Viewing DSAccess Selection Results.
Event Log Entries for DSAccess Selection Results.
....DS Proxy.
Name Service Provider Interface (NSPI) Service.
Referral (RFR).
Static DSProxy Port Mappings.
....Managing Recipient Policies.
Default Recipient Policy.
Policy Filter.
Multiple Recipient Policies.
....Recipient Update Service and Proxy Addresses.
RUS Intervals.
RUS and Multiple Domains.
Forcing a Recipient Policy Update.
Key Points for Managing Recipient Policies.
....Restricting Mail Storage.
Putting the Brakes on Storage Expansion.
Storage Policies.
Local Archiving.
....Mailbox Management.
Mailbox Manager Recipient Policies.
Informing Users of Automated Mailbox Actions.
Targeting Mailbox Manager Policies
Applying Mailbox Manager Policies
Configuring the Mailbox Management Service.
Manually Initiating Mailbox Management.
....Blocking a User's E-Mail Access.
Disable the User's Active Directory Account.
Remove the User's Mailbox.
Deny Access Permission to the User's Mailbox.
Remove Selected Access Protocols.
Remove the User's Exchange Configuration.
....Accessing Another User's Mailbox.
Delegating Mailbox Access.
Accessing a Delegated Mailbox.
Granting Access to Another User.
Granting Yourself Access to a User's Mailbox.
....Mail Retention.
Deleted Mailbox Retention.
Deleted Item Retention.
....Managing Recipients with System Policies.
Creating New System Policies.
Targeting a System Policy.
....Managing Recipients with Global Settings.
Internet Message Settings.
Message Delivery Settings.
Mobile Services Settings.
....Looking Forward.
6. Publishing Address Lists.
....Global Address List and Outlook.
....LDAP and Address Lists.
Address List Objects in Active Directory.
Understanding Address List LDAP Queries.
Alternate Address Lists.
....Custom Address Lists.
....Recipient Update Service and Address Lists.
Hiding Users and Groups from Address Lists.
....Offline Address Lists.
Offline Address Book Download Options.
Offline Address Book Local Storage.
Populating the Offline Address Book.
Create New Offline Address List.
Offline Address Book System Folder.
....Looking Forward.
7. Managing Storage and Mailboxes.
....Exchange Store Architecture.
EDB File Layout.
EDB Folders.
User Mailbox Folders.
Single Instance Storage.
STM File Layout.
....Transaction Processing.
Database Support Files.
Transaction Logs and Exchange Backup.
Database File Locations.
Changing Transaction Log File Location.
....Mailbox Stores.
Online Maintenance.
Additional Mailbox Store Configuration Options.
....Storage Groups.
Storage Groups Disadvantages.
Creating New Storage Groups.
....Configuring Physical Storage.
Use RAID 1+0 or RAID 0+1.
Assign Similar Recipients to the Same Mailbox Stores.
....Moving Mailboxes Between Storage Groups.
Moving Multiple Mailboxes.
Moving Mailboxes Results in EDB Promotion.
....Moving Mailboxes with Exmerge.
One-Step and Two-Step Merges.
Exmerge Requires Mailbox Access.
Exmerge Requires Access to Exchange Binaries.
Exmerge Caveats.
Moving a Mailbox with Exmerge.
....Full-Text Indexing.
Indexing Prerequisites.
Indexing and Performance.
Difference between Full-Text Indexing and Standard Text Search.
Enabling Full-Text Indexing.
....Performance Testing.
Install LoadSim Performance Counters.
Configure LoadSim Test Topology.
Initialize and Run LoadSim Test.
....Looking Forward.
8. Message Routing.
....SMTP Message Routing Overview.
....SMTP Configuration Details.
SMTP Virtual Server.
SMTP File Locations.
....SMTP Capabilities.
....Inbound Message Handling.
Advanced Queuing Engine.
Final Delivery.
Delivery Status Notifications.
....Detailed SMTP Transaction.
Use Telnet to Make Initial Connection.
Change the SMTP Connect Banner.
SMTP Authentication.
Simulate an Authenticated SMTP Connection.
....SMTP Authentication and Relaying.
Anonymous SMTP Relaying.
Open SMTP Relaying.
Configuring Relay Settings.
Configuring Internet Clients for Authorized Connections.
....Configuring an SMTP Internet Connector.
DNS Routing.
Smart Hosts.
Creating an Internet Connector with the Internet Mail Wizard.
....Message Routing.
Routing Group Configurations.
Routing Group Connector Features.
....Creating and Configuring Routing Groups.
View Routing Groups in ESM.
Create a Routing Group.
Move a Server to the New Routing Group.
Create a Routing Group Connector.
Configure Routing Group Connector Properties.
....Link State Routing.
Link State Table.
Routing Group Master.
Orphaned Link State Entries.
Example of Link State Routing.
Link State Table Updates.
Link State Oscillations.
Loss of Bridgehead or WAN Link.
WinRoute.
....Looking Forward.
9. Outlook Web Access.
....Outlook Web Access Overview.
....Browser Support.
....OWA Features.
Server-Side Inbox Rules.
Spell Checker.
Keyboard and Mouse Shortcuts.
Recipient Selection.
File Attachment Handling.
Antispam Features.
....OWA Authentication.
Forms-Based OWA Authentication.
....Configuring OWA Options.
....Blocking OWA Options.
OWA Segmentation by Server.
OWA Segmentation by Individual User.
....Configuring OWA to Use SSL.
SSL Overview.
Obtaining a Commercial Certificate.
Obtaining a Certificate via Windows PKI.
Require SSL for Default Web Server.
Verify Secure Connection.
Enable Forms-Based Authentication.
....OWA Password Changes.
Create a Password Reset Virtual Folder.
Modify the Registry to Expose Password Change Option.
Changing Passwords in OWA.
Handling Password Expirations in OWA.
....Looking Forward.
10. Managing Public Folders.
....Public Folder Architecture.
Hierarchies and Content.
System Folders.
Exchange Explorer.
....Public Folder Hierarchy.
Public Folder Hierarchy Replication.
Public Folder Hierarchy and Stores.
....Creating Top-Level Folders.
Creating Subordinate Public Folders.
General Purpose Public Folder Trees.
....Public Folder Replication.
Public Folder Replication Agent.
Item-Level Replication.
Enabling Replication for a Folder.
Replication Intervals.
Manual Replication.
Public Folder Backfill.
....Public Folder Referrals.
Referral Failures.
Transitive Referrals.
Specifying Referral Servers.
Referral Limitations.
....Recovering Deleted Items from Public Folders.
Setting Public Folder Deleted Item Retention Intervals.
Restoring a Deleted Item in a Public Folder.
....Public Folder Permissions.
Client Permissions.
Directory Rights.
Administrative Rights.
....Public Folder Permission Mapping.
Legacy Permission Mapping.
Potential Failure Possibilities.
Slaying Zombies.
DS/IS Consistency.
....Looking Forward.
11. Deploying a Distributed Architecture.
....Advantages of Using Front-End Servers.
Security Advantages.
Performance.
Convenience.
Front-End Server Caveats.
....Authentication and Front-End Servers.
Implicit OWA Authentication.
....Necessary Firewall Ports for Front-End Servers.
SMTP Front-End.
OWA Front End.
....Configuring a Front-End Server.
Set the Front-End Flag for the Server.
Remove Unnecessary Exchange Services.
Configure DSAccess to Avoid Using RPCs.
Verify Operation of Front-End Server.
....RPC over HTTP Front-End Servers.
Remote Procedure Call Fundamentals.
Sample RPC over HTTP Process.
Key Points So Far.
RPC Limitations for Internet Use.
RPC over HTTP Resolves Limitations.
....Deploying RPC over HTTP.
RPC over HTTP Prerequisites.
Installing and Configuring the RPC over HTTP Service.
Configure the RPC Proxy Server.
Configure NSPI at Global Catalog Servers.
Configure Firewalls for SSL Passthrough.
Configure Outlook for RPC over HTTP.
Make RPC over HTTP Connection.
Test Without a Firewall.
Verify Mutual Authentication.
RPC Over HTTP-Final Thoughts.
....Looking Forward.
12. Migrating from Legacy Exchange.
....Pre-Migration Operational Evaluations.
Active Directory Domains.
Current Exchange Organization.
Network Infrastructure.
Costs.
Additional Considerations.
Goals.
....Exchange Migration Roadmap.
Domain Upgrade.
Exchange 2003 Server Deployment.
Legacy Exchange Server Decommissioning.
Special Considerations.
....Prerequisites and Precautions.
....Active Directory Connector Operation.
Connection Agreements.
ADC Mailbox Mapping.
NT Account Migrations.
Invalid User Accounts.
Active Directory Account Cleanup Wizard.
ADC and Distribution Lists.
....Forest and Domain Preparation.
ADC Setup Permissions.
ADC Server Selection.
ADC Service Account Selection.
Domain Prerequisites.
....ADC Installation.
Initial Testing.
ForestPrep.
DomainPrep.
Verification Tests.
ADC Setup.
ADC Tools.
Final Checks.
....Connection Agreement Properties.
Recipient Connection Agreements.
Configuration Connection Agreements.
Public Folder Connection Agreements.
....Initial Exchange 2003 Server Installation.
....Connection Agreement Testing.
....Site Replication Service Configuration.
Managing the SRS Directory.
Configuring New SRS Servers.
Changing Connection Agreement Endpoints.
....Completing the Migration.
Create Routing Groups.
Identify Legacy Exchange Services.
Complete Mailbox Moves.
....Shift to Exchange Native Mode.
Native Mode Prerequisites.
Performing the Shift.
....Looking Forward.
13. Service Continuity.
....Antispam and Antivirus.
How Spammers Find You.
Open SMTP Relays.
Blocking Known Spammers.
Real-Time Block Lists.
Reverse DNS RBL Services.
Configuring a Connection Filter to Use an RDNS RBL Provider.
Challenge-Response Blocking.
Signature-Based Filtering.
Hash-Based Filtering.
Bayesian Filters.
Edge Filters.
Store Filters.
Client Filters.
....Backup and Restore Operations.
Consistency Checking.
Backups and Transaction Logs.
Backup and Restore Process Overview.
Brick-Level Backups.
....Performing Full Exchange Backups.
....Recovering Individual Mailboxes.
Create Recovery Storage Group.
Recovering a Mailbox Store to the Recovery Storage Group.
....Recovering a Mailbox Store.
Direct Restore to Original Location.
Manual Hard Restore.
....Recovering an Exchange Server.
Replace the Hardware and Operating System.
Install Exchange with /disasterrecovery Switch.
Restore Database Files.
....Volume Shadow Copy.
Shadow Copies of Shared Folders.
Backup Snapshot Operation.
Third-Party Backup Product and Shadow Copies.
....Exchange Clusters.
Cluster Prerequisites.
Create Virtual Servers as Cluster Nodes.
Install Operating System in Virtual Machine.
Duplicate the Virtual Machine.
Configure the Cluster.
Install Exchange on Each Node.
Create Exchange Cluster Group.
Create Exchange Virtual Server.
Test the Cluster.
From Lab to Production.
....Looking Forward.
Appendix A. Building a Stable Exchange 2003 Deployment Infrastructure.
....DNS Design and Operation.
Name Formats.
Windows Name Resolution Mechanisms.
Detailed DNS Transaction.
DNS Resolver Cache Content.
DNS Suffixes and Suffix Search Order.
Zone Delegation.
Stub Zones.
Troubleshooting DNS Lookup Errors.
Points to Remember about DNS Name Resolution.
....Windows Authentication and Authorization.
Security ID (SID).
Security Descriptor.
Access Tokens.
Authentication Types.
NTLMv2 Challenge Response Authentication.
....Limitations of Windows Challenge-Response Authentication.
Kerberos Authentication.
....Authorization Data.
....Active Directory Essentials.
Active Directory Uses LDAP.
LDAP Directory Elements.
LDAP Searches.
Naming Contexts and LDAP Searches.
Naming Contexts and Exchange.
Global Catalog.
Partial Attribute Set.
Global Catalogs Listen on TCP Port 3268.
Designating a Global Catalog Server.
Global Catalog and Universal Groups.
Global Catalog Servers and Exchange Address Lists.
Identifying Global Catalog Server Used by Outlook.
....Flexible Single Master Operations.
PDC Emulator.
RID Master.
Infrastructure Master.
Domain Naming Master.
Schema Master.
Determining Role Master Identities.
Appendix B. Legacy Exchange Operation.
....Legacy Exchange Directory Service Structure.
Legacy Directory Partitions.
Graphical View of the Legacy Container Structure.
....Exchange 5.5 and Windows NT 4.0.
Security Account Manager Database.
SIDs and Mailbox Recipients.
SID and Mailbox Access.
Unique SIDs and Exchange 2003 Migration.
Viewing Dir.edb with the LDAP Browser (Ldp).
File Dump of Legacy Exchange Attributes.
....Legacy Exchange Replication Limitations.
Sites as Management Boundaries.
Lack of Global Referrals.
Appendix C. Detailed Deployment Log Contents.
....DSConfigSum.
....DSObjectSum.
....UserCount.
....Vercheck.
Index.
