MCSE Testprep: Exchange Server 5.5

MCSE Testprep: Exchange Server 5.5

Paperback

$24.99

Overview

The MCSE TestPrep series is a unique way of preparing for MCSE exams. Each chapter covers a different exam objective. Each objective is further broken down into manageable sections. The information will be presented in a brief, outline format and will include an abundance of tables, figures, screen shots, and lists. Following each section will be a series of review questions, exercises, and answer explanations. Two complete practice exams and a glossary will be located at the end of the book.
  • Includes only the ESSENTIAL information needed to pass the NEW Exchange Server 5.5 exam #70-81 (one of several electives)
  • PRACTICE, PRACTICE, PRACTICE rather than read pages of text everything written in concise chunks
  • Study HUNDREDS of sample test questions as well as practice taking the exam with two complete exams at the back of the book

Product Details

ISBN-13: 9780789716118
Publisher: Que
Publication date: 07/14/1998
Series: MCSE Testprep Series
Pages: 350
Product dimensions: 8.04(w) x 9.95(h) x 0.86(d)

Read an Excerpt


Chapter 3: Configuring and Managing Resource Access

This chapter helps you prepare for the exam by covering the following test objectives:

  • Managing Public Information Store Databases, including managing server locations and rehoming public folders

Now that you have learned how to install and configure most of the components of Exchange, this chapter shows you how to manage these components. Management is the process of troubleshooting day-to-day problems, reconfiguring the services for higher performance, and foreseeing expansion issues for the servers.

Proper management of Exchange Server is an ongoing process. This chapter demonstrates that although you do have an initial configuration of your Microsoft Exchange Server organization, additional steps must be taken to ensure that the Exchange Servers in your site are running optimally and that the security of your organization is protected.

3.1 Managing Site Security

Exchange Server provides a number of mechanisms to help you secure your installation. These include the following:

Standard Exchange security features are administered through the Exchange Administrator package. Advanced Security is administered through the Key Management Server Administrator package.

A. NT Server Security

For purposes of the exam, it is very helpful to have a good grasp of the Windows NT security model and how it relates to Exchange. Key issues to keep in mind include the following:

1. Authentication

Exchange Server uses the standard Windows NT security model. To gain access to Exchange Server, the users must be authenticated by Windows NT. All Exchange mailboxes are associated with a Windows NT user account or group.

To allow users from a domain other than the domain containing your Exchange Server, it is recommended that you implement a trust between the domain where the accounts reside and the domain where Exchange resides.

2. The Service Account

Exchange Server, like a user, must be authenticated before Windows NT will allow it to operate. Therefore Exchange Server requires an account to log on. This is referred to as the Site Services Account, and will also be used to log on to remote Exchange Server computers in the same site to perform tasks such as directory replication. All servers within the same site should share the same Site Services Account.

By default, the Exchange Setup program will automatically use the user name of the user doing the installation as the Site Service Account. (Typically, this would be Administrator.) It is highly recommended that this be changed and that the password for this account be set to never expire. If the password for the service account changes, each Exchange Server in the site must be reconfigured to use the new password.

It is possible, but not recommended, to change the account that will be used as the service account. The Microsoft Exchange Server assigns the following rights to the Exchange service account:

B. Auditing

Auditing provides the capability to track events related to Windows NT, Exchange Server, or other BackOffice products. Audited events will be placed in the Windows NT security log. Other events (such as errors) are placed in the application log.

Auditing is managed from the Diagnostics Logging tab in an object's property sheet. Several logging levels may be specified: None, Minimum, Medium, and Maximum. Exchange events are assigned a logging level numeric value. At the None level, only critical events (such as errors) and events with logging levels of 0 are logged.

Events with levels of 1 or lower are recorded at the Minimum level. Events with 3 or lower are recorded at the Medium level. At the Maximum level, events with a logging level of 5 or lower are logged. This means nearly every event will be logged. Usually, the Maximum level is useful only for debugging purposes. By default, logging is set to None, meaning only error events will be logged.

C. Exchange Server Permissions and Roles

Exchange Server enables you to set specific permissions (also known as rights in Exchange) to control what users can modify. The following rights are available in Exchange:

To simplify administration, Microsoft has built predefined collections of rights. These are referred to as roles. It is recommended that you use roles if possible to administer permissions. Table 3.1.1 lists the roles that have been defined in Exchange at the site level and the rights that have been assigned to those roles.

Table 3.1.1 Security Role Definitions

You should typically assign roles at the containers level to allow rights to flow down through the Exchange hierarchy. Rights for objects within the container will then be inherited from the container object. This enables you to manage rights from one location. You can view inherited rights from an object's property page. You also have the ability to override inherited rights. This is also done from the object's property page.


NOTE: In some circumstances, you might not see the Permissions tab displayed

When granting the Admin Role to users, remember that Admin grants the ability to make changes to the Exchange Server configuration but not to manage permissions. Permissions Admin can do both. Permissions should be set on the following objects:

Permissions need only be set on the Organization container once, as these settings are global. However, they must be set on each site's Configuration container and each site's Site container separately.

It is recommended that all users who will need to administer Exchange be granted the Permissions Admin role in these locations. To simplify matters, it is recommended that you create a global group for all administrators in each domain and put their accounts in those groups. Create a local group in the Exchange domain, place all the global groups that you created in this local group, and then assign permissions to the local group rather than to the individual users.

D. Exchange Server Advanced Security

Exchange Server Advanced Security provides Exchange with public key cryptography capabilities. It allows messages to be secured so that even if intercepted in transit they cannot be read by anyone but the recipient (not even the sender). It also provides the capability to digitally sign messages so that the identity of the sender can be verified.

The Key Management (KM) Server manages a database filled with security certificates. These security certificates are the credentials that will be exchanged when digital signatures are verified and encrypted messages are opened.

E. Encryption and Key Technology

Encryption ensures that an intercepted message cannot be read by anyone but the recipient. Digital signatures do not modify the content of the message, but add a signature that can be verified against the sender's public key.

Public keys are used to encrypt a message; private keys are used to decrypt. These are the steps that Exchange uses when sending a secure message:

Electronic signatures are used to determine whether a message has been tampered with in transit and the contents changed. Microsoft Exchange uses a method known as hashing to prevent message tampering. Hashing reduces any message to a unique 128-bit result known as the message digest. The process of signing a message varies slightly from the process of encrypting a message:

2. Key Management Server

The Key Management (KM) component is an optional Microsoft Exchange Server component installed on a single Microsoft Exchange Server in the organization. There can be only one KM Server per organization. It provides centralized administration and management of public keys and certificates, and is also used to set up Advanced Security.

The KM Server performs a variety of important tasks, including the following:

a. Installing the Key Management Server The Key Management Server is not installed as part of the normal Microsoft Exchange Server installation process. Before installing the KM Server, you need to prepare the following:

To install the KM Server, select Complete/Custom from Exchange Setup. During setup, the Key Manager service password is copied to a floppy disk. A second copy of the disk is also made. Two objects are created during the installation: Certificate Authority and Encryption.


NOTE: Setup will search for an existing KM Server in the organization. There

b. Managing the Key Management Server After you have installed the KM Server, Advanced Security must be enabled on every mailbox that will be using it. Some of the administrative tasks regarding Advanced Security are as follows:

3. Enabling Advanced Security in the Administrator Program

After you have installed and started the KM Server, you must enable Advanced Security for every user who will require it. These are the steps involved:


NOTE: You can also do a bulk generation of user tokens by running a utility

4. Enabling Advanced Security at the Client

The final step is to enable ADVANCED SECURITY at the client. To do so, follow these steps:

3.1.1 Exercise: Installing Advanced Security

This exercise goes through the steps you need to follow to install Advanced Security. You must have Exchange Server installed and configured and at least one recipient created. Follow these steps:

First Chapter

MCSE TestPrep: Exchange Server 5.5 - CH03 - Configuring and Managing Resource Access

[Figures are not included in this sample chapter]

MCSE TestPrep: Exchange Server 5.5

- 3 -

Configuring and Managing Resource Access

This chapter helps you prepare for the exam by covering the following test objectives:

  • Managing Site Security
  • Managing Users
  • Managing Distribution Lists
  • Managing the Directory
  • Managing Public Information Store Databases, including managing server locations and rehoming public folders
  • Managing Private Information Store Databases
  • Backing Up and Restoring the Exchange Server Organization
  • Managing Connectivity

Now that you have learned how to install and configure most of the components of Exchange, this chapter shows you how to manage these components. Management is the process of troubleshooting day-to-day problems, reconfiguring the services for higher performance, and foreseeing expansion issues for the servers.

Proper management of Exchange Server is an ongoing process. This chapter demonstrates that although you do have an initial configuration of your Microsoft Exchange Server organization, additional steps must be taken to ensure that the Exchange Servers in your site are running optimally and that the security of your organization is protected.

3.1 Managing Site Security

Exchange Server provides a number of mechanisms to help you secure your installation. These include the following:

  • The Windows NT security model. Exchange is tightly integrated with Windows NT's built-in security.

  • Auditing. Exchange Server activity can be tracked using Windows NT's auditing features.

  • Permissions. A method of specifying what level of access users will have to various objects with Exchange.

  • Advanced Security. The capability to encrypt and decrypt mail messages and attach digital signatures to messages.

Standard Exchange security features are administered through the Exchange Administrator package. Advanced Security is administered through the Key Management Server Administrator package.

A. NT Server Security

For purposes of the exam, it is very helpful to have a good grasp of the Windows NT security model and how it relates to Exchange. Key issues to keep in mind include the following:

  • User accounts. Each Exchange mailbox must be associated with a Windows NT user account or group.

  • Domains. A domain is a collection of computers that share a common database containing user accounts, computer accounts, group information, and security policies. A domain contains one or more NT Server computers. An Exchange site could reside in one or more domains. You can also have multiple Exchange sites per domain.

  • Trust relationships. Trust relationships allow one domain to validate users with the security database of another domain. With trust relationships, a user from a single domain may be granted access to all the domains on a network. When a site is spread out across multiple domains, trusts must be implemented between those domains.

1. Authentication

Exchange Server uses the standard Windows NT security model. To gain access to Exchange Server, the users must be authenticated by Windows NT. All Exchange mailboxes are associated with a Windows NT user account or group.

To allow users from a domain other than the domain containing your Exchange Server, it is recommended that you implement a trust between the domain where the accounts reside and the domain where Exchange resides.

2. The Service Account

Exchange Server, like a user, must be authenticated before Windows NT will allow it to operate. Therefore Exchange Server requires an account to log on. This is referred to as the Site Services Account, and will also be used to log on to remote Exchange Server computers in the same site to perform tasks such as directory replication. All servers within the same site should share the same Site Services Account.

By default, the Exchange Setup program will automatically use the user name of the user doing the installation as the Site Service Account. (Typically, this would be Administrator.) It is highly recommended that this be changed and that the password for this account be set to never expire. If the password for the service account changes, each Exchange Server in the site must be reconfigured to use the new password.

It is possible, but not recommended, to change the account that will be used as the service account. The Microsoft Exchange Server assigns the following rights to the Exchange service account:

  • Log on as a service
  • Restore files and directories
  • Act as part of the operating system

B. Auditing

Auditing provides the capability to track events related to Windows NT, Exchange Server, or other BackOffice products. Audited events will be placed in the Windows NT security log. Other events (such as errors) are placed in the application log.

Auditing is managed from the Diagnostics Logging tab in an object's property sheet. Several logging levels may be specified: None, Minimum, Medium, and Maximum. Exchange events are assigned a logging level numeric value. At the None level, only critical events (such as errors) and events with logging levels of 0 are logged.

Events with levels of 1 or lower are recorded at the Minimum level. Events with 3 or lower are recorded at the Medium level. At the Maximum level, events with a logging level of 5 or lower are logged. This means nearly every event will be logged. Usually, the Maximum level is useful only for debugging purposes. By default, logging is set to None, meaning only error events will be logged.

C. Exchange Server Permissions and Roles

Exchange Server enables you to set specific permissions (also known as rights in Exchange) to control what users can modify. The following rights are available in Exchange:

  • Add Child. Allows the assigned user or group to create subordinate (or child) objects to this object.

  • Modify User Attributes. Allows the assigned user or group to modify user-level attributes of the object such as Send On Behalf Of permissions.

  • Modify Admin Attributes. Allows the assigned user or group to modify administrator-level attributes of an object such as storage limits or display name.

  • Delete. Allows the assigned users to delete any object that they have been assigned this permission for.

  • Send As. Allows the assigned user to send a reply to a message appearing to be the intended original recipient.

  • Mailbox Owner. Allows the assigned users and groups to log on to the mailbox and send and receive email.

  • Logon Rights. Allows the assigned users to log on to any server in the site where this permission is assigned using the Exchange Administrator program.

  • Replication. Allows the assigned account to replicate directory information with other servers.

  • Modify Permissions. Allows the assigned user and group to change the permissions assigned to that object.

  • Search. Allows the assigned users and groups to view the contents of the container.

To simplify administration, Microsoft has built predefined collections of rights. These are referred to as roles. It is recommended that you use roles if possible to administer permissions. Table 3.1.1 lists the roles that have been defined in Exchange at the site level and the rights that have been assigned to those roles.

Table 3.1.1 Security Role Definitions

Security Role Associated Rights
Admin Add Child
Modify User Attributes
Modify Admin Attributes
Delete
Logon Rights
Permissions Admin Add Child
Modify User Attributes
Modify Admin Attributes
Delete
Logon Rights
Modify Permissions
Search Search
Send As Send As
Service Account Admin Add Child
Modify User Attributes
Modify Admin Attributes
Delete
Send As
Mailbox Owner
Logon Rights
Replication
Modify Permissions
User Modify User Attributes
Send As
Mailbox Owner
View Only Admin Logon Rights

You should typically assign roles at the containers level to allow rights to flow down through the Exchange hierarchy. Rights for objects within the container will then be inherited from the container object. This enables you to manage rights from one location. You can view inherited rights from an object's property page. You also have the ability to override inherited rights. This is also done from the object's property page.


NOTE: In some circumstances, you might not see the Permissions tab displayed on an object's property page. If this happens, from the Exchange Administrator Options page (Tools, Options, Permissions tab), check Show Permissions Page for All Objects. This will then show the roles that have been assigned. If you would also like to see the permissions, select the check box Display Rights for Roles from the same page.

When granting the Admin Role to users, remember that Admin grants the ability to make changes to the Exchange Server configuration but not to manage permissions. Permissions Admin can do both. Permissions should be set on the following objects:

  • The Organization container
  • The Site container for each site
  • The Configuration container in each site

Permissions need only be set on the Organization container once, as these settings are global. However, they must be set on each site's Configuration container and each site's Site container separately.

It is recommended that all users who will need to administer Exchange be granted the Permissions Admin role in these locations. To simplify matters, it is recommended that you create a global group for all administrators in each domain and put their accounts in those groups. Create a local group in the Exchange domain, place all the global groups that you created in this local group, and then assign permissions to the local group rather than to the individual users.

D. Exchange Server Advanced Security

Exchange Server Advanced Security provides Exchange with public key cryptography capabilities. It allows messages to be secured so that even if intercepted in transit they cannot be read by anyone but the recipient (not even the sender). It also provides the capability to digitally sign messages so that the identity of the sender can be verified.

The Key Management (KM) Server manages a database filled with security certificates. These security certificates are the credentials that will be exchanged when digital signatures are verified and encrypted messages are opened.

1. Encryption and Key Technology

Encryption ensures that an intercepted message cannot be read by anyone but the recipient. Digital signatures do not modify the content of the message, but add a signature that can be verified against the sender's public key.

Public keys are used to encrypt a message; private keys are used to decrypt. These are the steps that Exchange uses when sending a secure message:

1. The recipient's public sealing key is retrieved from the Exchange directory.

2. A bulk encryption key is used to encrypt the contents of the message.

3. A lockbox is created using the public sealing key to encrypt the bulk encryption key. This lockbox contains the key that is actually used to decrypt the message. Only the user for whom the lockbox was generated can open it.

4. The fully encrypted message and lockbox is sent to the information store for regular delivery methods. If there are multiple recipients, there will be a lockbox sent for each recipient.The recipients can decrypt the message by using their private sealing keys to open the sealed lockbox. By unsealing the lockbox, the recipients now have access to the bulk encryption key and can use it to decrypt the message.

Electronic signatures are used to determine whether a message has been tampered with in transit and the contents changed. Microsoft Exchange uses a method known as hashing to prevent message tampering. Hashing reduces any message to a unique 128-bit result known as the message digest. The process of signing a message varies slightly from the process of encrypting a message:

1. Hashing is performed to arrive at a unique 128-bit message digest.

2. The sender receives a prompt to enter the security profile password. The entering of the password allows the user's security file (*.EPF) to be opened to extract the private signing key.

3. The message digest is encrypted using the sender's private signing key. This creates the digital signature.

4. The sender transmits the sender's signing certificate the digital signature and the original message to the information store for delivery.The recipient can verify the signature by recalculating the message digest for the original message upon receipt. If the message has not been tampered with, this 128-bit message digest should be exactly the same as the message digest that was sent to him. It is key to remember that this process is only invoked by the recipient. It is not automatically performed. The actual steps are as follows:

1. The user reads the message.

2. The user clicks the Verify Signature button.

3. The Exchange Client software prompts the user for the security profile password that the user has set.

4. The sender's public signing key is extracted from the signing certificate that was sent with the message. It is used to decrypt the digital signature. The result is the original message digest.

5. The client now performs the hashing algorithm on the original message.

6. The recipient's message digest is compared to the original message digest. The two should be identical.

2. Key Management Server

The Key Management (KM) component is an optional Microsoft Exchange Server component installed on a single Microsoft Exchange Server in the organization. There can be only one KM Server per organization. It provides centralized administration and management of public keys and certificates, and is also used to set up Advanced Security.

The KM Server performs a variety of important tasks, including the following:

  • Generating public and private encryption keys.
  • Creating public X.509 certificates.
  • Maintaining a secure copy of every user's private encryption key in an encrypted database.
  • Maintaining and distributing a Certificate Revocation List (CRL). This list enables an administrator to revoke a user's certificate if a user's keys are compromised and no longer secure.

a. Installing the Key Management Server The Key Management Server is not installed as part of the normal Microsoft Exchange Server installation process. Before installing the KM Server, you need to prepare the following:

  • Have access to a Certificate Authority. The KM Server can be installed only if the Exchange Server has access to a Microsoft Certificate Server or is itself a Certificate Server. The Certificate Server software is installed as part of Microsoft Internet Information Server 4.0. After the Certificate Server is installed, it acts as a Certificate Authority (CA). The CA service can be started and stopped from the Windows NT Control Panel.
  • Key Manager service password. This password is used by the Key Manager service.
  • Administrator password. This password is used by security administrators to perform security-related tasks.

To install the KM Server, select Complete/Custom from Exchange Setup. During setup, the Key Manager service password is copied to a floppy disk. A second copy of the disk is also made. Two objects are created during the installation: Certificate Authority and Encryption.


NOTE: Setup will search for an existing KM Server in the organization. There can only be a single security authority for the Exchange organization for public/private key encryption to be successful.

b. Managing the Key Management Server After you have installed the KM Server, Advanced Security must be enabled on every mailbox that will be using it. Some of the administrative tasks regarding Advanced Security are as follows:

  • Backup and restore. Contained in the KM database are the public encryption key and signing key and the private encryption key for each mailbox. If this information were to be lost due to a re-install of the Exchange Server hardware, a user could not read any mail encrypted using the preceding version of the keys. To back up the KM database, follow these steps:
    1. Stop the Microsoft Exchange Key Manager service to prevent any files that need to be backed up from being open.

    2. Start your backup program.

    3. Include in your backup set the directory \Security\Mgrent. Be sure to include all files and subdirectories.

    4. Run your backup.

    5. Restart the Microsoft Exchange Key Manager service. Be sure to have the floppy disk with the file KMSPWD.INI in the floppy drive of the KM Server.

  • The KM database is restored just by stopping the KM service and restoring all backed up files and subdirectories to the \Security\Mgrent directory and then restarting the KM Server.

  • Moving the KM Server. There can only be one Key Management Server in an Exchange organization. It may be desirable to move the KM Server from its original location. You may move the KM Server to another server within the same site. You cannot move the KM Server to a server in a different site. Here are the steps to follow:
1. Back up the existing KM database as described previously.

2. Stop the Microsoft Exchange Key Manager service.

3. Run kmserver ñu from the \Security\Bin directory to uninstall the Key Management Server.

4. Install the Key Management software on the computer that you want to host the KM Server.

5. Restore the backed up \Security\Mgrent directory.

6. Start the Microsoft Exchange Key Manager service.

  • Designating Exchange Administrators. By default, the person who installs the KM Server is the original administrator. The default password for administration is password and should be changed. New KM administrators can be named by following these steps:
1. Run the Microsoft Exchange Administrator program.

2. In your site's Configuration container, double-click the Encryption leaf object.

3. Click the Key Management Server Administrators Password button. You receive a prompt for the Key Management Server password. Enter it to continue. It is, by default, password.

4. From the ensuing Key Management Server Administrators dialog box, you can change the KM Administration password and add or remove administrators. You can only add user accounts, not groups.

5. Click the Done button to complete your modifications of administrators for the KM Server.

3. Enabling Advanced Security in the Administrator Program

After you have installed and started the KM Server, you must enable Advanced Security for every user who will require it. These are the steps involved:

1. In the Exchange Administrator program, double-click the user's mailbox for whom you want to enable Advanced Security.

2. Select the Security tab of the user's mailbox properties. This tab is available only if the Key Manager service is running in the organization.

3. Select the Enable Security option.

4. A dialog box appears and informs you of the user's security token. You must write this down; the users will need it when they configure their client software to use Advanced Security. If you do forget it, you can always click the Recover Security Key button to have it revealed again onscreen.


NOTE: You can also do a bulk generation of user tokens by running a utility called SIMPORT.EXE. It is installed by default into the \security\bin directory on the KM Server. It enables you to create security tokens for all users and dumps them into a text file called SRESULTS.TXT. That way you do not have to write down all the user's token information.

4. Enabling Advanced Security at the Client

The final step is to enable ADVANCED SECURITY at the client. To do so, follow these steps:

1. Start your client software.

2. From the Tools menu, choose Options.

3. Select the Security tab in the Options dialog box.

4. Click the Set Up Advanced Security button.

5. Enter the security token that was generated in the Exchange Administrator program for the user's mailbox. You are also required to enter a password that will be used to sign and seal all messages in your client software.

6. A message is sent to the Security Authority. The user receives a prompt to enter the security password when opening the message, effectively enabling their client to encrypt mail messages.

7. A final dialog box should confirm that security is enabled. The user can now digitally sign and encrypt messages.

3.1.1 Exercise: Installing Advanced Security

This exercise goes through the steps you need to follow to install Advanced Security. You must have Exchange Server installed and configured and at least one recipient created. Follow these steps:

1. Insert the Exchange Server CD.

2. Run SETUP.EXE from the \setup\<platform>\exchkm directory and click OK.

3. Select Add/Remove Components.

4. Select Exchange Server and click the Options button.

5. Select the check box for the Security Management Server.

6. Enter the password for the Exchange service account and click OK.

7. Select your location and select Make Disk. You will need two blank floppy disks for this exercise.

8. Insert the floppy disks when prompted and click OK. The Setup program will finish at this point.

9. Open the Services applet in the Control Panel.

10. Put the password floppy disk in the disk drive, and then start the Microsoft Exchange Key Manager by clicking it and then clicking Start.

11. Open the Exchange Administrator program.

12. From a user's mailbox properties, select the security tab. You will be prompted for the KM password.

13. Enter the KM password; the default is password. Click Enable Advanced Security.

14. You will be provided with a token. Write this token down; you will need it later.

15. Open the Outlook Client and log on as the user that you just configured for Advanced Security.

16. From the Tools menu, click Options.

17. Click the Security tab.

18. Click Setup Advanced Security.

19. Enter the security token that you wrote down previously. You will be required to set a password that will be used in the future to access the security features.

20. Click OK. You will soon receive a message from the KM Server that states you have been registered to use Advanced Security.

3.1 Practice Problems

1. What Exchange feature enables you to track events such as the creation of user mailboxes within Exchange?

A. Event Logging

B. Diagnostics Logging

C. Auditing

D. Alerts

2. Before users from another domain can access their mailbox, what should be done?

A. Add the user to the trust list for the local domain.

B. Implement a trust between the domains.

C. Set the trust level for the user's mailbox.

D. Exchange Server cannot authenticate users from remote domains.

3. The account used by Exchange Server services to log on to Windows NT is referred to as which of the following?

A. Administrator

B. Permissions Admin

C. Site Admin

D. Site Services Account

4. Your managers are confused about the concept of roles in Exchange Server. What should you tell them?

A. Roles are groups of accounts.

B. Roles are prebuilt sets of rights.

C. Roles are used to associate one user account with multiple mailboxes.

D. Roles are used to simplify administration.

Questions 5-7 present a scenario and its required and optional desired results. They also suggest a solution. You need to determine whether the proposed solution meets the scenario's needs.

5. You have just hired an assistant, Jason, to help you administer Exchange Server. You need to give Jason the ability to administer some Exchange functions.

Required result: Jason must be able to add user mailboxes, modify permissions, and modify distribution list membership.

Optional desired results: Jason should be able to view MTA queues and start and stop Exchange services.

Proposed solution: Grant Jason the Admin role.

A. This solution meets the required results and both optional results.

B.
This solution meets the required results but only one of the optional results.

C. This solution meets the required results but none of the optional results.

D. This solution does not meet the required results.

6. You have just hired an assistant, Sera, to help you administer Exchange Server. You need to give Sera the ability to administer some Exchange functions.

Required results: Sera must be able to add user mailboxes, modify permissions, and modify distribution list membership.

Optional desired results: Sera should be able to view MTA queues and start and stop Exchange services.

Proposed solution: Grant Sera the Permissions Admin role.

A. This solution meets the required results and both optional results.

B. This solution meets the required results but only one of the optional results.

C. This solution meets the required results but none of the optional results.

D. This solution does not meet the required results.

7. You want to implement Advanced Security in your organization.

Required result: All users must be able to use advanced security to encrypt their mail.

Optional desired results: Ensure the highest user response time possible.

Proposed solution: Install a KM Server in each site to allow all users to access them at very high speed.

A. This solution meets the required results and both optional results.

B. This solution meets the required results but only one of the optional results.

C. This solution meets the required results but none of the optional results.

D. This solution does not meet the required results.

8. Permissions should be set on which of the following containers to make administration as simple as possible?

A. The Server container

B. The Site container

C. The Organization container

D. The Configuration container in each site

9. What user rights are assigned through assignment of the user role?

A. Modify User Attributes

B. Logon Rights

C. Mailbox Owner

D. Send As

10. You access a container to set permissions on it, but you do not see a Permissions tab. What is causing the problem?

A. You are not a Permissions Admin.

B. Permissions can only be inherited from a parent folder.

C. You must check Show Permissions Page for All Objects in the Exchange Administrator options.

D. You cannot administer permissions in a remote site.

3.1 Answers and Explanations: Practice Problems

1. A Auditing. Auditing is set through the Diagnostics Logging tab and will place events in the event log.
2. B A trust is a logical link between two domains that allow accounts from one domain to access resources in another domain.
3. D The account is referred to as the Site Services Account.
4. B, D Roles are preset collections of rights that make it easier to manage security in Exchange.
5. D Admins can configure Exchange and add objects, but they cannot administer permissions. To administer permissions, Jason should be given the Permissions Admin role.
6. A As mentioned previously, only Permissions Admins can manage permissions.
7. D There can be only one KM Server per organization.
8. B, C, D If set in these locations, they will be inherited at the server level.
9. A, C, D The Logon Right is only required to use the Exchange Administrator program, and is not required by users.
10. C Permissions tabs are not displayed on most objects by default.

3.1 Keywords

User accounts
User groups
Domain
Trust relationship
Site Services Account
Roles
Encryption
Hashing
Lockbox
Security token

3.2 Managing the Directory

Chapter 2, "Installation and Configuration," deals with adding objects to the Exchange Directory. In this section, you first review how Exchange implements its Directory Services and then take a look at the specific objects contained within the Directory.

A. Understanding X.500 Directory Services

Exchange Directory Services are based on the X.500 standard. The Exchange Directory Service stores all the information about recipients on your system. Think of it as the Exchange phone book. All information in the Directory Service is stored in the Directory Information Base, or DIB.

B. Directory Information Tree

To make the Directory Service more efficient, it has a hierarchical structure known as the Directory Information Tree, or DIT.

The set of properties and rules imposed to govern consistency of the DIT is called the Directory Schema. The Schema is the set of rules that defines the following:

  • Which objects may be created
  • Which attributes objects have
  • How objects may interact with one another
  • Where in the DIT objects may be located

If you were to see a listing of an X.500 address for a recipient, it would look like this:

/o=EXORG0;/ou=EXSITE1;/cn=Recipients;/cn=Joe Smith 

This translates as follows:

  • o= stands for organization, which is EXORG0.
  • ou= stands for organization unit, which is the site EXSITE1.
  • cn= stands for container name, which is the Recipients container.
  • cn= stands for container name, which is the mailbox for user Joe Smith.

This presentation of an X.500 name is known as a distinguished name.

3.2 Practice Problems

1. On which standard are Exchange Directory Services based?

A. X.400

B. X.509

C. X.500

D. X.25

2. What does the cn parameter of an X.500 address specify?

A. The connector used to transmit the message

B. The mailbox name

C. The container name where the mailbox is stored

D. The Site container of the user's home server

3. What does the ou parameter of an X.500 address specify?

A. Organizational unit

B. Originating user

C. Operating unit

D. Originating unit

4. What is the set of rules and properties that define the Exchange directory called?

A. Directory hierarchy

B. Directory Schema

C. Directory Information Tree

D. Directory database

5. What information does the Directory Schema define?

A. A user's rights

B. Which objects can be created in the directory

C. The attributes that can those objects can have

D. How objects can interact with each other

6. The presentation of an X.500 name, which Exchange uses to identify recipients, is known as which of the following?

A. Differentiated name

B. Determined name

C. Distinguished name

D. Directory Information Tree name

3.2 Answers and Explanations: Practice Problems

1. C X.500. X.400 is another email standard. X.509 is a standard for security certificates, and X.25 is a communications protocol.

2. B, C The cn may be used multiple times to designate the container of the recipient.

3. A The ou parameter specifies the organizational unit.

4. B The Directory Schema is the layout and set or rules that govern the structure of the Directory Information Tree.

5. B, C, D The Directory Schema is the set of rules that defines how the directory will be governed.

6. C The presentation of an X.500 name is known as a distinguished name.

3.2 Keywords

Exchange Directory
Directory Information Base
Directory Information Tree
Directory Schema
X.500
Distinguished name

3.3 Managing Users

An email system such as Exchange Server wouldn't be of much use without objects to send and receive messages. This section covers the following objects:

  • Mailboxes
  • Distribution lists
  • Public folders

These are all types of recipients, and in the following sections you read about some of the common management tasks involved with managing them.

A. Managing Mailboxes Through Their Property Pages

The Mailbox object is used as a personal storage area for each native Microsoft Exchange user. To view a mailbox's properties, select the Recipients container in the site that you are managing and then double-click the mailbox you want to configure in the right-side window.

1. The General Tab

The General tab in the properties sheet of a mailbox contains the following information:

  • Directory name. This is the name that Exchange will use to track this mailbox in the Directory Service.

  • Display name. The name that will appear to users.

  • User account. Which Windows NT user or group this mailbox is associated with.

  • Home server and site. Where the mailbox is stored.

  • Various user attributes. Such as a user's department. These can be helpful for searching the directory, but are not required.

2. The Permissions Tab

As mentioned previously, the Permissions tab does not display for all objects by default. To display this tab on a mailbox or any other item where it does not normally appear, remember to check the box Show Permissions Page for All Objects from the Exchange Administrator options. If you also need to see what rights are assigned, select the Display Rights for Roles check box.

Table 3.3.1 shows which rights are typically assigned through the various roles. This has already been discussed, but rest assured that you should be very familiar with it for the exam.

Table 3.3.1  Permission Roles for a User's Mailbox

Role Rights Assigned to Role
User Sets who is the typical day-to-day user of the mailbox. Anyone configured in this role can send mail as the mailbox, configure the user settings for the mailbox, and is the owner of the mailbox.
Send As Allows the holder of this permission to send messages as this mailbox. This is different from Send On Behalf Of permissions that can be set from the Delivery Options tab. The person receiving the message cannot tell that the message has been sent by someone else.
Admin This permission allows a Windows NT user to modify the User attributes and the Administration attributes of a mailbox.
Permissions Admin This role allows modification of the User and Administration attributes. It also allows the assigned user to change permissions for the mailbox.
Permissions are also inherited for each mailbox from the permissions that have been assigned to the recipient container where the mailbox is stored. These permissions are actually set on the Site object where the mailbox is located.

3. The Distribution List Tab

The Distribution List tab enables you to view the distribution lists that the user is a member of and add or remove the user from those lists. This can also be set from the property page of the distribution list itself. For adding a large number of users to a single list, it is recommended that this be done from the list rather than the mailbox. For adding a single user to a large number of distribution lists, it would be more efficient to do it from the mailbox.

4. The Email Addresses Tab

The Email Addresses tab enables you to view the list of all configured email addresses for a mailbox. It is important to remember that by default, the System Attendant generates a cc:Mail, MS Mail, SMTP, and X.400 address for every user, in addition to their Exchange address.

From this page, you can modify, remove, and add addresses to the mailbox. This can be useful if a user needs multiple addresses. For example, firstname@xyzcorp.com as well as firstname.lastname@xyzcorp.com.

5. The Delivery Restrictions Tab

The Delivery Restrictions tab enables you to control from whom the user can receive mail. You can configure a mailbox to accept messages from specific users only or all users. The administrator can also configure a mailbox to reject messages from specific users or all users.

6. The Delivery Options Tab

The Delivery Options tab gives you the ability to grant users Send on Behalf Of permissions for the mailbox. Alternately, you can also redirect messages to another mailbox.

7. The Protocols Tab

In the Protocols tab, you can enable or disable specific protocols for the mailbox. You could allow the user to access his mail through the Outlook Web Client, for example, by allowing the HTTP protocol. The Internet protocols supported for mailboxes in Microsoft Exchange Server are as follows:

  • HTTP--Hypertext Transfer Protocol. Gives support to a client to use a Web browser to check his or her mailbox. Microsoft Exchange Server makes use of Active Server Pages on a Internet Information Server 3.0 or higher to provide access to the user's mailbox.

  • IMAP4--Internet Message Access Protocol, Version 4 rev1. The IMAP4 protocol enables users with any IMAP4 rev1 client (compliant with RFC 2060) to access mail in their Microsoft Exchange Server mailbox or other mailboxes they have been granted access to as well as read and post messages to public folders.

  • LDAP--Lightweight Directory Access Protocol. Supports Directory Services access from the Internet. An Internet user can perform searches for mailboxes using an Internet client using this protocol.

  • NNTP--Network News Transfer Protocol. Enables users to access information in public folders via the Internet. The public folders are presented as Internet newsgroups.

  • POP3--Post Office Protocol 3. Enables users to retrieve their email via the Internet using a WinSock email client such as Outlook Express or Eudora.

Protocols enabled at the server level can be disabled at the mailbox level; protocols disabled at the server level cannot be enabled at the mailbox level.

8. The Custom Attributes Tab

The Custom Attributes tab also enables you to customize the information associated with a user by adding entries into the fields, such as their start date with the company or any other information that you need to specify. These custom attributes must first be set on the Custom Attributes tab of the DS Site Configuration object's properties page in the Configuration container of the site.

9. The Advanced Tab

The Advanced tab is used for modifying advanced settings on mailboxes that are not normally required. Advanced settings that you can configure when managing a user's mailbox are as follows:

  • Simple Display Name. The name to be used by systems that cannot interpret all the characters in the normal display name.

  • Online Listing Information. Specify Microsoft Internet Locator Service server and account information here. Programs such as Netmeeting use ILS Server.

  • Home Server. Specifies the server where the mailbox will reside.

  • Outlook Web Access Server. Specifies the name of the mailbox's Outlook Web Access Server.

  • Downgrade high Priority X.400. Downgrades high-priority X.400 mail sent from this mailbox to normal priority.

  • Hide from Address Book. To suppress the name from being displayed in the Global Address List. This does not prevent email from being sent to the user. If you wanted, you could still send email to the distinguished name for the mailbox, and email would be routed to that mailbox.

  • Trust Level. Sets whether information about this mailbox user is replicated to MS Mail systems during directory synchronization. The directory synchronization process enables you to set a trust level for mailboxes. If the mailbox user's trust level exceeds the trust level that you set for the connector, information about the mailbox user will not be replicated during Directory Synchronization.

10. The Limits Tab

The Limits tab is used to configure deleted item retention, storage limits, and maximum message sizes for a user's mailbox. Limit settings that you can configure when managing a user's mailbox are as follows:

  • Deleted Item Retention Time. This setting overrides the Item Recovery setting for the Private or Public Information Store for items deleted from this particular mailbox.

  • Message Size Limits. To limit the size of incoming and/or outgoing messages. This is especially useful if links for email are slower and are often saturated when messages with large attachments are sent across the links.

  • Information Store Limits. This setting will override the information store defaults. This setting is used if you want to limit the amount of mail that can be stored in a user's mailbox. You can set three levels. The first level is the amount of mail (in KB) that a user can have in the mailbox before a warning is issued to the user about reaching the set limit. The second level, when reached, prohibits the user from sending any more email. The third level, when reached, prohibits the user from sending or receiving additional email.

B. Additional Management Issues of Mailboxes

Additional management functions also affect mailboxes, but are not configured from the mailbox's property pages. These include the following:

  • Configuring a mailbox to be a resource
  • Cleaning out a mailbox from the Exchange Administrator program
  • Repairing a damaged PST file

1. Configuring a Mailbox to Be a Resource

A resource such as a conference room can be configured to behave as a recipient for scheduling purposes. The key issue to remember is that someone will have to act as a delegate for this resource. Typically this would be the user who is normally responsible for the physical resource. If you were creating a resource for a conference room, for example, the delegate might be your office manager.

2. Cleaning Out a Mailbox from the Exchange Administrator

The Exchange Administrator gives you the ability to forcibly remove messages from a user's mailbox. This can be very useful for cleanups on "packrat" users who never delete any mail. The first step is to determine which mailboxes to clean, and then to clean them.

By opening the specific server, Private Information Store, Mailbox Resources container from the Exchange Administrator, you will see a list of all mailboxes on the system, and their respective sizes. You can then determine which mailboxes you will clean out. (The easiest thing to do is sort on the size column; your worst offenders will jump right to the top.). Table 3.3.2 lists the available options.

Table 3.3.2 Clean Mailbox Options

Option Meaning
Age Enables you to delete any message older than a set amount of days and/or greater than a size (in KB).
Sensitivity You can select whether to include messages of a Normal, Personal, Private, or Confidential sensitivity. Each level is exclusive of the other settings for sensitivity.
Read Items You can select whether to delete Read Items, Unread Items, or Both.
Delete Folder Associated Information This setting determines whether folders associated with the deleted data will also be affected by the cleaning operation. If cleared, no folder-associated information will be deleted. If enabled, all information and messages associated with the selected folder will be deleted.
Action Delete the items immediately or place all items into the Deleted Items folder. They will then be removed according to the rules set on the Deleted Items folder.

3. Repairing a Damaged PST File

The final area of managing mailboxes has to do with managing personal folders. With any Exchange client, you can select to store information on the Exchange Server or to store them locally in either PST or OST files. Periodically, these files may need to be repaired. It is recommended that you make a backup before attempting to repair a damaged file in case of problems.

To repair a PST or OST file, perform the following steps on the system where the file is located:

1. From the Start menu, choose Programs, Administrative Tools (Common), Inbox Repair Tool.

2. Enter the full path and file name of the PST or OST file that you want to repair.

3. The Options button enables you to set your logging options. You can replace the existing log, append to the existing log, or perform the operation with no logging.

4. To perform the actual repair, click the Start button.

5. When the repair is complete, a summary screen appears. This summary includes the number of folders found in the PST or OST file and the total number of messages.It is recommended that this utility be run periodically to ensure that potential problems are diagnosed and repaired in a timely manner.

3.3 Practice Problems

1. What does the directory name property of a user mailbox specify?

A. The name that will be displayed to LDAP clients browsing the address list

B. The distinguished name that will be used to build an X.500 address for the user

C. The internal identifier that will be used in the Exchange directory

D. The folder that will be used to store a user's mailbox on an Exchange Server

2. Which of the following protocols can be used to connect to an Exchange mailbox?

A. POP3

B. LDAP

C. NNTP

D. IMAP4

3. If Sera, a user, has been hidden from the address list, how can mail be sent to her?

A. Via Sera's SMTP address.

B. By any user with the Override permission.

C. Any user can send Sera mail by entering the recipient address manually.

D. Only users with a trust level higher than that of the recipient can send Sera mail.

4. Why would you need to clean a user mailbox?

A. To check mailbox information store consistency

B. To repair damaged mailboxes

C. To ensure that the Read/Unread tracking is operating correctly

D. To reduce the size of a mailbox by deleting items

5. What does the Online Listing Information property of a user mailbox specify?

A. The name that will appear in the Global Address List

B. The format that will be used to display the user's name in the Global Address List

C. Account information for the Microsoft Internet Locator Service

D. Account information for the Microsoft Membership System

6. What is the trust level of a user mailbox used for?

A. The rights that a user has been provided

B. Whether the user is allowed to send mail via the X.400 Connector

C. Whether the user's mailbox information should be replicated to the rest of the organization

D. Whether the user's mailbox should be synchronized with MS Mail

7. What information is stored in the user attributes?

A. All information regarding the mailbox

B. A user's home server

C. The user's primary Windows NT user account

D. Information about the users such as their departments and who they report to

8. Message size limits are used for what purpose?

A. To specify the size of messages that a user can send or receive

B. To specify the size of messages that can be stored in the user's mailbox

C. To specify the size of messages that should be automatically deleted when the Clean Mailbox utility is used

D. To specify how much data users can store in their mailboxes

9. When a message is deleted using the Clean Mailbox utility, what happens?

A. It is moved to the Deleted Items folder.

B. A tombstone is placed on that item, and it will be deleted the next time the user logs in.

C. It is deleted.

D. This depends on your configuration.

10. When should you run the Inbox Repair Tool?

A. When users cannot access their mailboxes

B. Periodically

C. Only when there is a problem

D. When you suspect the PST or OST files may be damaged

3.3 Answers and Explanations: Practice Problems

1. C The directory name property of a user mailbox specifies the internal identifier that will be used in the Exchange directory.

2. A, D POP3 or IMAP4 can be used to connect to an Exchange mailbox. There are also other protocols available to connect to a mailbox.

3. C Any user who knows Sera's address can send her mail by entering the address manually.

4. D You might need to clean a user mailbox to reduce the size of the mailbox.

5. C The Online Listing Information property of a user mailbox specifies account information for the Microsoft Internet Locator Service.

6. D The trust level of a user mailbox is used to specify whether this mailbox will be synchronized with MS Mail.

7. D Information stored in the user attributes includes the users' departments and who they report to. Users can modify these attributes themselves.

8. A Message size limits are used to specify the size of messages a user can send or receive.

9. D What happens to the message depends on your configuration. You can have it move the message to the Deleted Items folder or delete it immediately.

10. B, D You should run the Inbox Repair Tool periodically to ensure that there are no problems; you should also run it when you suspect that there is a problem with the PST or OST files.

3.3 Keywords

Home server
Delivery restrictions
Storage limits
Custom attributes
User attributes
Deleted item retention time
Trust level

3.4 Managing Distribution Lists

As seen in Chapter 2, "Installation and Configuration," distribution lists enable you to group users so that sending mail to a large number of users is simplified. This section discusses the following management issues with distribution lists:

  • Modifying the membership of a distribution list
  • Changing where the distribution list is expanded
  • Configuring advanced options for a distribution list

A. Modifying the Membership of a Distribution List

After a distribution list has been created, membership may change. You can change the distribution list's membership from both the Exchange Administrator program and from a Microsoft Exchange Client. The owner of a distribution list has the ability to modify it from the client. Any administrator can modify the membership of a distribution list, provided he or she uses the Exchange Administrator package and has the appropriate permissions.

To change membership of a distribution list from the Exchange Administrator program, you must have at least the Admin Permissions for the distribution list. As mentioned previously, you can modify a distribution list from its properties or from the properties of a mailbox that is a member of the list.

The owner of a distribution list, or the Exchange administrator, can modify the membership using the client software by selecting the list from the address book and clicking the Modify Members button.

B. Changing Where a Distribution List Is Expanded

When Exchange processes a message destined to a distribution list, it needs to expand that list into a list of all the users that will receive the message. For a list with thousands of users on it, this can generate undesired overhead on the server. To offload this work to another server, set the expansion server option from the distribution list's properties page. The list will then be expanded on the server you specify. This can only be set individually on distribution lists and cannot be set globally.

C. Configuring Advanced Options for Distribution Lists

The Advanced Property tab for a distribution list provides many of the same configuration options as the Advanced Property tab for mailboxes. These include setting message size limits for the distribution list and setting trust levels. For more information on these properties, refer to the subsection titled "The Advanced Tab" in the "Managing Mailboxes Through Their Property Pages" section.

Table 3.4.1 outlines the options that you can set for how distribution lists will handle mail events. These include auto-reply generators and how a distribution list will handle message tracking options.

Table 3.4.1 Distribution List Options

Option Explanation
Report To Distribution List Owner Enables a notification report that will be sent to the distribution list owner when any message sent to the distribution list has requested delivery notification or is undeliverable. This enables the owner to inform the person not to do this because the recipient is actually a group of users.
Report to Message Originator When selected, the sender of a message to this distribution list receives a notification report that details the delivery status to each user of the distribution list, not just the list itself. If the Hide Membership from Address Book option is also selected, this option is overridden, because it would reveal the membership of the distribution list.
Allow Out of Office Messages to Originator Passes an Out of Office message from a member of the distribution list to the sender of the message to the distribution list.
Hide From Address Book Prevents the display of the distribution list's display name in the Global Address List.
Hide Membership From Address Book Suppresses information about the membership of a distribution list.

3.4.1 Exercise: Modifying Mailbox Properties

This exercise goes through the steps you need to modify mailbox properties on your system. You must have Exchange Server installed and configured, and you must create at least one recipient before attempting this exercise. Follow these steps:

1. Open the Exchange Administrator program.
2. Go to the Recipients container.
3. Double-click the user called Test.
4. In the General tab, enter user information such as the address and work information.
5. Select the Email Address tab and click New.
6. Select Internet Address and click OK.
7. Set the Email Address to be humanresources@yourorg.com.
8. Start your Microsoft Outlook Client.
9. From the Tools menu, choose Address Book.
10. Double-click the entry for the Test mailbox.
11. On the Email Addresses tab, note that the TEST account now has two SMTP addresses.

3.4.2 Exercise: Modifying Protocols on a Specific Mailbox

This exercise goes through the steps you need to modify mailbox protocols on your system. You must have Exchange Server installed and at least one mailbox created before attempting this exercise. Follow these steps:

1. Start the Exchange Administrator.
2. Go to the Recipients container.
3. Double-click the mailbox you want to modify.
4. Click the Protocols tab.
5. Click the protocol you would like to enable or disable, and click Allow or Disallow.Remember, protocols can be allowed at the mailbox level only if they have been allowed at the server level.

3.4.3 Exercise: Using the Clean Mailbox Utility

This exercise goes through the steps you need to use the Clean Mailbox utility. You must have Exchange Server installed and configured and at least one recipient created. Follow these steps:

1. In the Exchange Administrator program, go to the Recipients container.
2. Select the mailbox you want to clean.
3. From the Tools menu, choose Clean Mailbox.
4. Set the clean options and click OK. All items that meet your criteria will be deleted in all folders in the mailbox, including the Inbox, Outbox, Sent Items, and Deleted Items.

3.4 Practice Problems

1. What purpose does the directory name property of a user's mailbox serve?

A. It is an internal identifier used in the Directory database.

B. It is the distinguished name of the user's mailbox.

C. It is the name that will be displayed in the Global Address List.

D. It is the name that will be displayed to users doing LDAP queries.

2. You need to add a single user to a number of distribution lists. What is the most efficient way of doing this?

A. Select all the Distribution lists from the Exchange Administrator and modify them at the same time from their common properties sheet.

B. Modify each distribution list separately.

C. Select all the Distribution lists from the Exchange Client and modify them at the same time from their common properties sheet.

D. From the user's mailbox properties, add them to each distribution list.

3. Which email address types will Exchange generate by default?

A. cc:Mail

B. MS Mail

C. SMTP

D. IMAP

4. Which of the following are valid options that can be set from the Delivery Restrictions tab of a mailbox properties sheet?

A. Setting whom users can send mail to

B. Setting whom users can receive mail from

C. Setting when users can send mail

D. Setting the maximum message size that can be sent

5. How can you give a user the ability to send mail on behalf of another user?

A. Set the Send As permission on the original user's mailbox for the delegate.

B. Set the Send on Behalf Of permission on the delegate's mailbox.

C. Set the Send on Behalf Of permission on the original user's mailbox for the delegate.

D. Grant the Send As and Send on Behalf Of permissions on the original user's mailbox for the delegate.

6. Jane, a user, requires access to her mailbox to send and receive Internet email. She also needs access to Internet newgroups published as public folders. What protocols must be enabled on Jane's mailbox if she will be using the Outlook Web Client?

A. POP3

B. NNTP

C. IMAP

D. HTTP

7. Before a custom attribute can be set on a mailbox, where must they be configured?

A. The DS Site Configuration container

B. The Recipients container of the server

C. The Organization container

D. The Private Information Store

8. What are mailbox trust levels used for?

A. To specify what domain contains the user's mailbox

B. To specify what permissions the user has within Exchange

C. To specify whether the mailbox information will be replicated to other Exchange Servers

D. To specify whether the information will be synchronized with MS Mail during Directory Synchronization

9. You have recently implemented storage limits on a new user's mailbox. One of your company's executives is very upset with this change and cannot live with it. How can you override the limits for this user's mailbox?

A. By adding the user to the override list in the Private Information Store's properties sheet.

B. From the user's mailbox properties.

C. Grant the user the Override permission.

D. This cannot be done.

10. When cleaning user mailboxes, what criteria can be specified to determine which items Exchange should delete?

A. Size

B. Age

C. Sensitivity

D. Origin

11. What tool is used to check and repair damaged PST or OST files?

A. SCANPST.EXE

B. ISINTEG.EXE

C. The Mailbox Cleanup utility

D. PSTINTEG.EXE

3.4 Answers and Explanations: Practice Problems

1. A The directory name is the name used internally in the directory to identify the mailbox.

2. D It would be easiest to do this from the user's mailbox properties sheet. This enables you to do it from one source. You cannot modify multiple lists simultaneously.

3. A, B, C It will also generate an X.400 address. IMAP is a standard for transmitting messages; it does not have its own address type.

4. B You can specify whom the user can receive mail from.

5. C The Send on Behalf Of permission allows this. It is set on the original mailbox for the delegate.

6. D Only the protocol that is required to connect with the server needs to be enabled--in this case, HTTP.

7. A The DS Site configuration container; they are global throughout the site.

8. D The trust level for the mailbox will be compared to the trust level for the DirSync connector; if it is lower, that mailbox will be synchronized with Microsoft Mail.

9. B This operation is done from the user's mailbox properties.

10. A, B, C You cannot delete items based on their origin.

11. A The SCANPST utility is used to verify and repair offline folders and personal folders.

3.4 Keywords

Distribution list
Expansion server

3.5 Managing the Public Information Store Database

The Public Information Store is where public folders are stored in Exchange. Management of public folders can be categorized as follows:

  • Managing public folder creation
  • Managing client permissions on a public folder
  • Managing public folder strategies
  • Managing replication

A. Managing Public Folder Creation

By default, any user can create a top-level folder. This can lead to a large number of folders with little usefulness. It is recommended that you restrict the ability to create top-level folders to avoid this problem. The steps to do this are as follows:

1. Open Exchange Administrator.
2. From the Configuration container, double-click the Information Store Site Configuration object.
3. Select the Top Level Folder Creation tab.
4. Modify the Allowed to Create Top Level Folders list to include the desired users.After this is done, any user who has been granted permission to do so can create a new top-level folder in the public folders hierarchy using the client software. Public folders cannot be created from the Exchange Administrator program.

B. Managing Client Permissions on Public Folders

To control who has access to the various folders in your systems, you have the ability to set permissions on public folders. Table 3.5.1 shows the Microsoft Exchange Server permissions that can be assigned to public folders.

Table 3.5.1 Public Folder Permissions

Permissions Description
Create Items The assigned user can add items to the folder.
Read Items The assigned user can view any information stored in the folder.
Create Subfolder This permission allows the assigned user to create subfolders. The user will be the owner of these subfolders and will be allowed to assign permissions to these folders (including not allowing the owner of the parent folder access).
Edit Items The assigned user can change the contents of items in the folder.
Delete Items The assigned user can delete the contents of the folder to which he has this permission.
Folder Owner This permission grants the assigned user all the previously mentioned permissions.
Folder Contact The assigned user will receive notifications for replication conflicts, folder design conflicts, and storage warnings for the folder.
You can assign any recipient type these permissions to public folders (including distribution lists). Microsoft has defined various roles for public folders, which as seen previously, are prebuilt combinations of permissions. Table 3.5.2 shows these roles.

Table 3.5.2 Public Folder Permission Roles

Role Assigned Permissions
Owner Read Items, Create Items, Create Subfolders, Folder Owner, Folder Contact, Edit Items(All), Delete Items(All)
Publishing Editor Read Items, Create Items, Create Subfolders, Edit Items(All), Delete Items(All)
Editor Read Items, Create Items, Edit Items(All), Delete Items(All)
Publishing Author Read Items, Create Items, Create Subfolders, Edit Items(Own), Delete Items(Own)
Author Read Items, Create Items, Edit Items(Own), Delete Items(Own
Reviewer Read Items
Contributor Create Items
None (None)
Note that users who do not have the Read Items permissions will not be able to view the folder contents.

Public folder permissions are set via the Exchange Administrator program or the Exchange Client software. To assign client permissions using the Exchange Administrator program, double-click the folder you want to modify from the Public Information Store container, and then click the Client Permissions button on the General tab.

The owner of a distribution list or an Exchange administrator can set permissions by using the Exchange Client software. To do so, right-click the public folder and select Properties, and then click the Permissions tab.

C. Public Folder Management Strategies

There are two key components of public folders: the public folder hierarchy, which is the list of folders; and the public folder contents, which are the posts. The public folder hierarchy is replicated to all servers, whereas the public folder contents are replicated only to specific machines. This ensures that replicas are not created unnecessarily. The advantages of replicating public folder contents are as follows:

  • It provides the capability to load-balance access to the public folder.
  • You can schedule the replication of contents to off-peak hours on the network to conserve bandwidth on WAN links.
  • It provides clients the ability to view the public folder contents from local servers rather than remote servers. This can lead to an increase in performance from the client's view.

The primary benefits of choosing not to replicate public folder contents are as follows:

  • Lower disk space requirements as only one copy of the contents is kept.
  • Users are always accessing the most recent copy of the contents, and they can be guaranteed the material is not out of date.

The primary concerns when designing a replication strategy are as follows: network bandwidth, latency, and disk space.

When users access a public folder that is not stored on the server they are currently connected to, Exchange will first check the other servers in the same site. If this fails, Exchange must check for the contents in another site.

Site Affinity is used to determine which site to check next. This works in much the same way as connector costs. By setting costs associated with remote sites, Exchange can check with a preferred site first instead of searching sites at random. Site Affinity is configured on the Public Folder Affinity tab of the Information Store Site Configuration object's property page.

Exchange will always attempt to connect to the site with the lowest affinity first. In case of two sites with the same affinity, it will try both those sites in random order before moving to the site or sites with the next lowest affinity. A site with an affinity of 0 will always be tried first; a site with an affinity of 100 will always be tried last.

D. Managing Public Folder Replication

Public folder replication will be a major topic on the exam. Make sure that you are very comfortable with it. Public folder replication allows Exchange users the following:

  • Better response time for clients due to load-balancing between servers.
  • The WAN traffic used for accessing public folders is reduced because replicas can be accessed in the local site.
  • Redundancy is provided in case the user's primary public folder server is not available.

1. Configuring Public Folder Replication

Public folder replication involves two separate components: folder content replication, and folder hierarchy replication. An Exchange administrator can only configure folder content replication using the Exchange Administrator program.

Determining which folders to replicate and where to replicate them are some of the most involved tasks facing an Exchange administrator. When content replication is configured, you should consider the following issues:

  • Replication takes place at the message level. If a single message in the public folder is modified, it is replicated to all other instances of the public folder.

  • Configuration takes place at the folder level. You configure a folder to be replicated. You cannot control replication for specific items in the folder.

  • Replication can be scheduled to occur as often or as rarely as required. For items that change constantly and the data that is very time-sensitive, you could set replication to occur every 15 minutes. If it only changes rarely, you could set it to occur every 24 hours.

Public folder replication is configured from the Properties page of a public folder using the Microsoft Exchange Administrator program.

The Replicas tab is used to specify which servers this folder will be replicated to. You can select any server in the local site or any site where a site connector exists.

The Folder Replication Status tab enables the administrator to determine the state that the local public folder is in compared to its configured replicas. Table 3.5.3 shows what the information displayed on this page indicates.

Table 3.5.3 Public Folder Replication Status Information

Status Description
In Synch No changes have been made to the local public replica since changes were last transmitted to other replicas.
Local Modified Changes have been made to the local replica that have not yet been sent to other replicas.
Last Received Time The last time the server received updates from the selected server.
Average Transmission Time The average time that it takes to send updates from the local server to the selected server.
Last Transaction Time(sec) The amount of time in seconds that the last transmission from the local server to the selected server took to complete.
The Replication Schedule tab enables the Exchange administrator to manage the times that replication is going to take place. The Replication Schedule can be set at the site level by setting it on the site's Site Configuration container and then overridden at the folder level if necessary by setting it from the folder's property sheet.

When planning replication, you also have the ability to set age limits. By doing this, items whose age limits expire will automatically be removed. This can be set on the original folder, its replicas, or both. If the age limit for a replica expires, it will only delete that replica; it will not affect other replicas or the original.

This can be set at the folder level or at the information store level, which would then affect all public folders on that server.

2. Rehoming a Public Folder

You may find that a specific folder needs to be moved to another server, perhaps because it is just too busy and is monopolizing the system. This can be done through a process referred to as rehoming. The process is nearly identical to moving a user mailbox from its properties page.

3. Server Locations

A Server location is basically a collection of servers within a site that are checked first when the contents of a folder are not available. After all servers in a location are checked, remaining servers in the site are checked before moving on to remote sites. To configure a server location, go to the Server properties and enter the location name on the General tab.

3.5.1 Exercise: Managing Client Permissions for Public Folders

In this exercise, you follow the steps involved in setting permissions for clients to access public folders. You must have Exchange Server installed and configured, and at least one mailbox and one public folder created before attempting this exercise. Follow these steps:

1. Start the Exchange Administrator program.
2. Double-click the Public Information Store container.
3. Double-click the folder that you would like to manage.
4. From the General tab, click the Client Permissions button.
5. Click Add.
6. Select the user that you would like to add permissions for.
7. Select the role that you would like to assign to the user.
8. Click OK to close the Add Permissions dialog box.
9. Click OK to close the Client Permissions dialog box.
10. Click OK to close the folder properties.
11. Exit the Exchange Administrator.

3.5 Practice Problems

1. On which container do you set the ability to create top-level folders?

A. The Public Information Store container

B. The Information Store Site configuration container

C. The Site Configuration container

D. DS Site Configuration container

2. You would like to be notified of problems with a specific folder. How can this be done?

A. You must be a Folder Owner.

B. You must be an Exchange Admin.

C. You must be a Folder Contact.

D. You must add yourself to the notification list.

3. Stanley, a user, is trying to access the contents of a public folder. He can add items but cannot view any of the items. What is the problem?

A. Stanley does not have the View Items permission.

B. Stanley does not have the View Contents permission.

C. Stanley must be granted the Reviewing Contributor role.

D. Stanley must be granted the Reviewer role.

4. Stella is trying to access a newly created public folder. She sees it listed in the folder list but when she tries to access it, she is told that it does not exist. What is the likely cause of this problem?

A. The folder has been deleted.

B. There is no local replica of the folder.

C. The folder hierarchy is replicated separately from the folder contents and the contents may not have replicated yet.

D. The Private Information Store has errors.

5. What are public folder age limits used for?

A. How long an item will be kept before it is deleted

B. How long an unread item will be kept before it is deleted

C. How long a modified item will be kept before it is deleted

D. How long a public folder will be kept before it is deleted

6. What are some of the advantages of replicating public folders?

A. Faster client access to folders

B. Reducing burden on Public Folder servers

C. Fault-tolerance

D. Ensuring that clients always have the most up to date information

7. What is Site Affinity used for?

A. To determine which server in a remote site will be checked for public folder contents if they are not available in the local site.

B. The Site with the highest affinity will be checked for public folder contents if they are not available in the local site.

C. The Site with the lowest affinity will be checked for public folder contents if they are not available in the local site.

D. To determine which Sites will be checked for public folder contents if they are not available in the local site.

8. What status denotes that replication has occurred and that the local replica is up to date?

A. In Sync

B. Local Current

C. Local Modified

D. No Master

9. What benefit does rehoming a public folder offer?

A. Reduces server overhead

B. Provides fault-tolerance

C. Speeds client access to folders

D. Ensures that clients have access to the most up-to-date information

10. If public folder contents are not available locally, which of the following would be checked first?

A. All other servers in the local site

B. Servers in the server location

C. The site with the highest affinity

D. The site with the lowest affinity

3.5 Answers and Explanations: Practice Problems

1. B You set the ability to create top-level folders on the Information Store Site Configuration container.

2. C Folder contacts are notified when problems occur in a folder, such as conflicts.

3. D Contributors can add items but not view the contents of a folder. If he needs to do both, you should also make Stanley a Reviewer.

4. C Because the public folder contents are replicated separately from the public folder hierarchy, a folder might appear in the folder list before the contents are available.

5. C Public folder age limits are used to specify how long a modified item will be kept before it is deleted. This can be used to automatically delete old items that are not being updated.

6. A, B, C Advantages of replicating public folders include: speed client access to folders, reduce the burden on the folder's home server, and make sure that the folder is always available. Because of the latency involved in replication, however, the contents may not be entirely up to date.

7. C If public folder contents are not available in the local site, the site with the lowest affinity will be checked first.

8. A In Sync states that the replica and the original are synchronized.

9. A Rehoming a folder moves it to another server. This can reduce server overhead by moving a busy folder to a server with more capacity.

10. B If public folder contents are not available locally, servers in the server location are checked first.

3.5 Keywords

Latency
Site Affinity
Folder content replication
Folder hierarchy replication
Rehoming
Replica

3.6 Managing the Private Information Store Database

All user's mailboxes are stored in the Private Information Store of that user's home server. In a busy environment with thousands of users, managing the Private Information Store can be quite time consuming. Some of the tasks involved are as follows:

  • Configuring item recovery
  • Setting default storage maximums
  • Viewing how much disk space is in use by each mailbox
  • Moving mailboxes from one Exchange Server to another
  • Setting diagnostics logging levels to help find problems

A. Item Recovery

Item Recovery was a new feature in Exchange 5.5. It enables a user to recover items from Outlook 97 v8.03, or Outlook 98 that have been deleted from the Deleted Items folder. To configure Item Recovery, use the following steps:

1. Start the Microsoft Exchange Administrator program.

2. In the left-hand pane, select the Exchange Server on which you wish to configure Item Recovery.

3. In the right-hand pane, click the Private Information Store object and choose Properties from the File menu to view its properties.

4. On the General tab, you can now set the Deleted Item Retention Time. Users who have deleted items from their Deleted Items folder in Outlook 97 v8.03 or Outlook 98 can now recover the items using the Recover Deleted Items From utility in Outlook, provided they do it before the retention time runs out.

B. Setting Default Storage Maximums

The size of information stores in Exchange Server 5.5 are limited only by your hardware. This is a vast improvement over Exchange 5.0, which limited each store to 16 GB. Because you are limited by the hardware resources in place, however, it is important that you limit the maximum size of user's mailboxes to ensure that you do not run out of disk space.

You can set three storage limit settings for a mailbox. These are Issue Warning, Prohibit Send, and Prohibit Send and Receive. When the mailbox reaches the storage capacity set in Issue Warning, a warning message is sent to the user stating that his or her mailbox is above acceptable storage levels and that he or she should delete some of the un-needed messages. When the Prohibit Send level is reached, the user associated with the mailbox cannot send out any new mail messages. When the Prohibit Send and Receive level is reached, the user associated with the mailbox cannot send or receive any new mail messages.

Storage limits and deleted item retention time can be set in the same manner for public folders. You also have the ability within the Exchange Administrator to specify when warnings will be issued. The following settings are available:

  • Never. Do not issue any storage warnings.

  • Always. When a user's mailbox or a public folder exceeds a storage warning threshold, immediately inform that user.

  • Selected Times. When a user's mailbox or a public folder exceeds a storage warning threshold, inform that user when the next configured warning time is reached

C. Viewing Disk Space Usage of a Single Mailbox

Remember, you can see the amount of space used by a mailbox from Outlook 97 using the Server Space add-in or in Outlook 98 by clicking the right mouse button on the Outlook Today Mailbox folder, selecting Properties, and then clicking the Folder Size button. You can also view the mailbox size in Exchange Administrator by opening the Private Information Store and looking at the size column for that mailbox. (You can also do this in the Public Information Store to view the size of a public folder.)

D. Moving a Mailbox to a New Home Server

If the need arises, you can move a mailbox to another server within the same site by selecting the mailbox in the Private Information Store and choosing Move Mailbox from the Tools menu in the Exchange Administrator.

E. Performing Diagnostic-Level Logging on the Private Information Store

Exchange Server gives you the ability to log various activities on a server. By default this Diagnostics Logging is disabled. If you are experiencing problems, however, these logs can be of tremendous help in determining the cause. They can also be used for tracking and auditing purposes to monitor what is occurring in your system, such as mailbox deletions.

All information gathered through the logging process is placed in the Windows NT application log. There are four levels of logging that you can set:

  • None. Only critical events, error events, or events with a logging level of zero are logged. This is the default level of logging.

  • Minimum. Events with a logging level of one or lower are logged to the application log in Event Viewer. These are very high-level events such as the major task performed by a service.

  • Medium. Events with a logging level of three or lower are logged to the application log in Event Viewer. The application log stores information about the actual steps taken to run a task.

  • Maximum. Events with a logging level of five or lower are logged to the application log in Event Viewer. This level of logging provides complete information about the operation of the service. This setting is not recommended.

You can enable logging for any service within Exchange. You can also set the logging level for various tasks within those services. Therefore, if you are having problems with a specific service, you can set its logging level to Maximum without being flooded with data. If you set the logging level to Maximum, however, you will generate a lot of data, and may fill your logs. It is recommended that you start at the Minimum logging level and work up to Maximum. You can set the logging level for a component from its properties page.

3.6.1 Exercise: Restricting the Ability to Create Top-Level Public Folders

This exercise goes through the steps you need to restrict the ability to create top-level public folders. You must have Exchange Server installed and configured and at least one recipient created before attempting this exercise. Follow these steps:

1. Start the Microsoft Exchange Administrator program.
2. Select the Configuration container in the site you want to manage.
3. In the right-hand pane, double-click the Information Store Site Configuration object.
4. Select the Top Level Folder Creation tab.
5. You can configure specific recipients who can create top-level folders, identify recipients who cannot create recipients, or both.

3.6.2 Exercise: Setting Information Store Storage Limits

This exercise goes through the steps you need to follow to set Information Store storage limits. You must have Exchange Server installed and configured and at least one recipient created before attempting this exercise. Follow these steps:

1. Start the Microsoft Exchange Administrator program.
2. Double-click the server on which you wish to set storage limits. 3. Click the Private Information Store object and choose Properties from the File menu.
4. On the General tab, set the level to Issue Warnings, Prohibit Send, and Prohibit Send and Receive for mailbox users. If necessary, these settings can be overridden later.

3.6 Practice Problems

1. By default, which users can create top-level public folders?

A. Admins

B. Users with Create Top Level Folder permissions

C. Public folder owners

D. All users

2. One of your assistants, Beth, calls you for help, because she cannot find the option to create a public folder anywhere in the Exchange Administrator. Where can this be found?

A. Public Information Store properties.

B. By choosing New, Other from the File menu and clicking Folder.

C. This is done from the client.

D. This option will appear only if the user has permission to create folders.

3. A user requires the ability to add subfolders to an existing public folder. How can you give the user this right?

A. Grant the Create Items right

B. Grant the Create Top Level Folders right

C. Grant the user the Author role

D. Grant the user the Create Subfolders right

4. An Exchange administrator, Amy, is attempting to modify permissions on a public folder. Amy can do this using the Exchange Administrator package, but not the client. What is causing this problem?

A. Amy is not logged on to the client as an administrator.

B. Amy is not the folder owner.

C. Amy does not have the administrator add-in for the client.

D. Amy must choose the Display Permissions for All Objects option.

5. Your users are complaining of poor performance when accessing a public folder stored in a remote site. How can you alleviate this?

A. Create a replica of the folder in the local site

B. Create a replica of the most used items from this folder in the local site

C. Rehome the folder to the local site

D. Set the Site Affinity to a higher value to increase performance

6. At what level does replication occur?

A. Server

B. Site

C. Folder

D. Message

7. You have a folder that contains data that rarely changes and whose data is not time-sensitive. How often should this folder be replicated?

A. Every hour

B. Every 6 hours

C. Every 12 hours
D. Every 24 hours

8. What the folder replication status Local Modified means?

A. The local copy has recently been modified through replication.
B. The local copy has been modified and replicas have been updated.

C. The local copy has been modified and replicas have not been updated.
D. A replica has been modified and this folder is requesting an update.

9. When the age limit on a public folder replica expires, what happens?

A. The replica is deleted.
B. All replicas in the site are deleted.

C. All replicas are deleted.

D. The original and all replicas are deleted.

 
10. A public folder on one of your servers has gotten very busy and you would like to move it to another server with more capacity. How is this accomplished?

A. Back up the folder and restore it to the new server
B. Replicate the folder, and then delete the original

C. Use the Move Mailbox utility

D. Set the home server from the folder's properties page

11. What are server locations used for?

A. They are a collection of sites within the organization.

B. They allow administrators to define affinity between sites.

C. They are a collection of servers within a site that will be checked first when public folder contents are not available.

D. They are used to generate email addresses for the recipient.

12. What is the purpose of the Deleted Item Retention Time setting?

A. To set the amount of time a message will be stored in the Deleted Items folder

B. To set the amount of time transactions are held in the logs after a checkpoint has been issued

C. To set the amount of time an item will be held after it is removed out of the Deleted Items folder

D. To set the amount of time before old items will automatically be deleted

3.6& nbsp;Answers and Explanations: Practice Problems

1. D All users have the ability to create top-level folders. It is recommended that this be changed.

2. C Public folders can only be created using the Exchange Client software.

3. D You should grant the Create Subfolders right.

4. A Only the Owner can modify permissions from the client, whereas only an Admin can modify permissions for the Exchange Administrator.

5. A To avoid introducing this problem in another site, it would be best to create a replica in the local site.

6. D Although replication is configured at the folder level, it occurs at the message level.

7. D You can schedule replication to occur as rarely as once a day; this would be recommended to prevent extra strain on the system.

8. C The local copy has been changed; replicas will be sent at the next replication interval.

9. A Only the specific replica will be affected.

10. D You should set the home server property for the public folder. This is referred to as rehoming.

11. C They are a collection of servers within a site. This only affects public folders and is not considered a level in the Exchange hierarchy.

12. C This provides a safeguard from user's inadvertently emptying their deleted items folder.

3.6 Keywords

Issue Warning
Prohibit Send
Prohibit Send and Receive
Item Recovery

3.7 Backing Up and Restoring the Exchange Organization

Exchange Server uses the Microsoft JET database engine, which is a fault-tolerant, transactional database system. The key databases within Exchange areas follows:

  • \EXCHSRVR\MDBDATA\PUB.EDB Stores all public folder data.
  • \EXCHSRVR\MDBDATA\PRIV.EDB Stores all user mailboxes.
  • \EXCHSRVR\DSADATA\DIR.EDB Stores the Directory Services information.

These databases, as mentioned previously, are transactional. All data sent to these databases is first placed in a log file and then committed to the database. If Exchange were to fail before this occurred, when it came back online it would just read the uncompleted transaction from the log and then commit the transaction to the database. The transaction logs in Exchange Server have a .LOG extension. It is highly recommended that these be placed on a separate physical drive from the actual databases, to ensure easy recovery in case of a device failure.

All transaction logs in Exchange are exactly 5 MB in size. If they are not 5 MB in size, they are probably corrupt and you should run an integrity check. Every so often, a batch of transactions will be committed to the database and a checkpoint will be issued. Checkpoints are used to determine which transactions have been committed and which have not.

To avoid system crashes due to not having enough disk space to log transactions to, Exchange Server sets aside 10 MB of disk space for its reserved logs, RES1.LOG and RES2.LOG. If there is insufficient disk space to log a transaction, all outstanding transaction are written to these logs and Exchange will shut down.

To avoid this situation, it is recommended that you remove old transaction logs by backing them up, or by backing up Exchange Server frequently, which will remove all old logs that are no longer required.

By default, this will not be an issue because Exchange Server implements circular logging where new transactions will overwrite old transactions as required. However, this is not recommended because the databases will no longer be fault-tolerant.

A. Backup Strategies

You can implement three different backup strategies to back up your Microsoft Exchange data. They are as follows:

  • Full daily. A complete backup of all EDB files is performed (after a checkpoint has been performed to write all information in transaction logs to the databases). This incurs the longest backup time, with the shortest recovery. This is strongly recommended if you have left circular logging enabled.

  • Full with differential. Once a week, Exchange Server will do a full system backup, and then will back up all the transaction logs daily (including all previous days' logs). This provides moderate backup and recovery time.

  • Full with incremental. Once a week, Exchange Server will do a full system backup, and will then do daily backup of the transactions logs for that day only. This provides the shortest backup time, but the longest recovery time.

B. Performing a Backup of an Exchange System

Microsoft Exchange Server ships with an update version of the Windows NT Backup utility that allows for online backup of Exchange Server to a local tape drive. You do not need to worry about problems caused by users accessing the system, because they will be unaffected. Of course, there will be a performance loss while the backup is running; therefore it should be scheduled to run after hours, if possible.

C. Restoring an Exchange Server

The method for restoring an Exchange Server after a failure depends primarily on the type of backup used. Here is how the different backup scenarios relate to restoring:

  • If doing full daily backups, you need only restore the last tape.
  • If doing weekly full backups with daily differential backups, restore the last full backup and the last differential backup after the full backup.
  • If doing weekly full backups with daily incremental backups, restore the last full backup and every day's incremental backup after the full backup.

After you have done the restore and the transaction logs are still available, the transactions that occurred after the last backup will be restored from the logs. If they are not available, all transactions since the last backup are lost. This is why it is vital to keep the logs on a separate device!

Because all mailboxes are stored in one large database file, it is not possible to restore one mailbox without restoring all of them. This is why you should set aside a recovery server so that if you need to recover one mailbox, you can restore the whole information store to that server. Your user can then transfer his mail off that server into a personal folders file and then move it to his mailbox. Alternatively, you could move the mailbox from the restore server to the production server, assuming that the user does not have mail he needs to keep on the production server.

D. Other Maintenance Techniques for the Exchange Databases

Microsoft also provides various tools for checking and repairing the databases in case a restore is not possible. For the exam, it is important that you know their purpose and usage. Unfortunately, you are likely to be asked about the command syntax, so you should be familiar with it.

Unlike a backup, these cannot be run while Exchange is running; you must stop the Information Store and Directory Service services from the NT Control Panel before using them.

1. Using ESEUTIL

ESEUTIL enables you to defragment the information stores to improve performance. It also gives you the ability to attempt to rebuild a database if it becomes corrupt. This process involves scanning the database for recoverable data, moving any recoverable data to a temporary database, and then rebuilding the original database.

This is not recommended for a variety of reasons: It is not guaranteed to work; it is a lengthy process requiring large amounts of disk space; and some information may be lost in the process. It is highly recommended that if you have a backup and the transaction logs, that you restore the data in the usual manner. If you have tried to restore and it fails, ESEUTIL is your last resort. Table 3.7.1 shows its usage.

Table 3.7.1 Running the ESEUTIL.EXE Command

Command Purpose
eseutil /d /ispub Defragments the Public Information Store
eseutil /d /ispriv Defragments the Private Information Store
eseutil /d /ds Defragments the Directory Store
eseutil /p /ispub Repairs the Public Information Store
eseutil /p /ispriv Repairs the Private Information Store
eseutil /p /ds Repairs the Directory Store
eseutil /r Performs recovery bringing all databases to a consistent state
eseutil /u Upgrades a database to the current version of Exchange Server
eseutil /m Generates formatted output of various database file types
eseutil /g /ispub Verifies the integrity of the Public Information Store
eseutil /g /ispriv Verifies the integrity of the Private Information Store
eseutil /g /ds Verifies the integrity of the Directory Store

2. Using ISINTEG

The ISINTEG program is used to check the information store consistency and repair common errors if necessary. It is not a disaster recovery tool like ESEUTIL, and can be used without drastic consequences.

For odd behavior such as a user being unable to access his mailbox, you normally should run ISINTEG before trying to restore from a backup. Table 3.7.2 shows some of the common ways that the ISINTEG command is used.

Table 3.7.2 The ISINTEG.EXE Command

Command Switch Purpose
isinteg -pri Check the integrity of the Private Information Store
isinteg -pri ñfix Check and repair the integrity of the Private Information Store
isinteg -pub Check the integrity of the Public Information Store
isinteg -pub -fix Check and repair the integrity of the Public Information Store

3. Using MTACHECK

The MTACHECK utility is used to verify and repair the MTA database. It is primarily used when the MTA refuses to start or objects are getting repeatedly stuck in the MTA queue.

When you run MTACHECK, it will move any items that are causing problems from the queue and place them in the \EXCHSRVR\MTADATA\MTACHECK.OUT directory for your examination. Before running this utility, make sure the MTA is stopped and the MTACHECK.OUT directory is empty.

  • mtacheck /v Runs MTACHECK in Verbose mode, providing far more detail about what it is doing.
  • mtacheck /f file name Outputs progress messages to the file you specify.

If MTACHECK finds an error, it reports the message ID of the damaged message. The message can then be tracked through the Exchange Administrator program by using the Track Message option of the Tools menu.

3.7.1 Exercise: Using ESEUTIL.EXE to Repair and Defragment the Private Information Store

This exercise goes through the steps you need to repair and defragment the Private Information Store using ESEUTIL.EXE. You must have Exchange Server installed and configured before attempting this exercise. Follow these steps:

1. From the Control Panel Services applet, click the Microsoft Exchange Information Store and click Stop.

2. From a command prompt, run ESEUTIL /p /ispub to run a repair on the Private Information Store. ESEUTIL will report and repair any errors it finds.

3. Run ESEUTIL /d /ispub to ensure the database is not fragmented.

4. Restart the IS from the Control Panel Services applet by clicking Microsoft Exchange Information Store and clicking Start.

3.7.2 Exercise: Using MTACHECK to Verify the MTA Database

This exercise goes through the steps you need to use MTACHECK to verify the MTA database. Follow these steps:

1. From the Control Panel Services applet, click the Microsoft Exchange Message Transfer Agent.

2. From a command prompt, run x:\exchsrvr\bin\MTACHECK /v /f x:\mtacheck.log (where x: is the drive where you have installed Exchange Server). This will run MTACHECK in Verbose mode, which will give us more information about what it finds and log it to a file called MTACHECK.LOG.

3. Using Notepad, view the log file that you generated to look for errors.

4. Restart the MTA from the Control Panel Services applet by clicking Microsoft Exchange Message Transfer Agent and clicking Start.

3.7 Practice Problems

1. In which subdirectory of the Exchange installation are the Exchange Information Stores located?

A. MTADATA

B. MDBDATA

C. DSDATA

D. EDBDATA

2. Where should Exchange transaction logs be stored in relation to the information store databases for maximum fault-tolerance?

A. In a separate folder

B. On a separate logical drive

C. On a separate physical drive

D. On a separate server

3. What should the exact size of an Exchange transaction log file be?

A. 50 MB

B. 5000 KB

C. 5120 KB

D. 512 KB

4. What are some of the consequences of leaving circular logging enabled?

A. Checkpoints will no longer be generated.

B. Less disk space is required.

C. Fault-tolerance is effectively disabled.

D. Performance is increased.

5. What is backed up during a differential or incremental backup of a Microsoft Exchange Server?

A. All database files

B. All log files

C. Both database files and log files

D. All files in the c:\exchsrvr directory structure that have changed their archive bit set

6. What is backed up during a normal or full backup of a Microsoft Exchange Server?

A. All database files

B. All log files

C. Both database files and log files

D. All contents of the c:\exchsrvr directory structure

7. Which of the following backup types provides the best balance between backup speed and restore speed?

A. Online

B. Full daily

C. Weekly full, daily incremental

D. Weekly full, daily differential

8. When backing up Exchange, how are users affected?

A. They cannot send mail.

B. They cannot receive mail.

C. They are not affected.

D. They cannot access public folders.

9. The following question presents a scenario, along with the required results and the optional results. It will also present a solution. Determine whether the solution meets the requirements. Sam cannot access his mailbox. You have tried all the troubleshooting steps you can find, and nothing has solved the problem. You have decided to restore the mailbox from a backup.

Required result: You must restore the Sam's mailbox so that he can access it.
Optional results: Sam would like to avoid losing any messages, and you would like to avoid restoring all the mailboxes.

Proposed solution: Select only Sam's mailbox from the last backup set, restore it to a restore server, and then move the restored mailbox to the production server.

A. This solution meets the required result and both of the desired results.

B. This solution meets the required result and only one of the desired results.

C. This solution meets the required result but none of the desired results.

D. This solution does not meet the required result.

10. How can you defragment the Public Information Store to possibly improve performance?

A. Run isinteg ñpub ñdefrag

B. Run exdefrag ñpub

C. Run eseutil /d /ispub
D. Run eseutil /defrag /public

11. You run the command isinteg ñpri to try to fix a problem in the Private Information Store. It confirms the existence of a problem, but does not fix it. Why?

A. You must be logged in as Administrator.
B. You must run isinteg ñpri ñf.

C. You must run isinteg ñpri ñfix.

D. ISINTEG will report problems but not fix them. Only ESEUTIL will fix problems.

12. When should the MTACHECK utility be run?

A. When the MTA won't start.

B. When messages are getting stuck in the MTA queue.

C. When directory replication fails to other servers in the site.

D. When users cannot access their mailboxes.

3.7 Answers and Explanations: Practice Problems

1. B Information store databases are stored in the MDBDATA directory. The MTADATA directory stores MTA information; the DSDATA directory stores the Exchange directory.

2. C. They should be put on a separate drive in case the drive containing the databases fails; they can rebuilt from the backups and logs.

3. C 5x1024 KB = 5120 KB or 5 MB.

4. B, C The logs will be reused, so less disk space is required, but fault-tolerance is effectively disabled.

5. B Only the log files are backed up. This cannot be done if circular logging is enabled.

6. A Only the databases are backed up. The logs are checkpointed and the logs prior to the checkpoint are deleted.

7. D Backups take longer than incremental backups, but restores take fewer tapes and time.

8. C Because Exchange can do online backups; the only affect on users is performance.

9. D You cannot restore a single mailbox. You must restore the entire information store at once.

10. C Run eseutil /d /ispub.

11. C isinteg ñpri will check the Private Information Store for errors, but will only repair them if you specify the -fix parameter.

12. A, B The MTA is not used for directory replication within the same site.

3.7 Keywords

Full backup
Incremental backup
Differential backup
JET databases
Transactional database
Transaction logs
Circular logging
MTACHECK
ISINTEG
ESEUTIL

3.8 Managing Connectivity

When dealing with a large Exchange Server implementation, it can be difficult to know what is occurring in the system at all times. The following topics discuss ways that you can track connectivity in Exchange:

  • Implementing server monitors
  • Implementing link monitors
  • Inspection of message queues

These can aid in the isolation of faults and help you keep Exchange running smoothly. Server and link monitors are covered in detail in Chapter 4, "Monitoring and Optimization."

A. Using Server Monitors

A server monitor verifies that the specified services are running on the monitored service. If a service on that server fails, action can be taken automatically.

B. Using the Link Monitor

Link monitors are used to verify messaging links between sites. A link monitor basically sends messages at prespecified intervals to ensure that mail is flowing between the sites. Link monitors can be set to trigger alerts if a messaging link is down, or if it is in a problem state. By measuring the bounce time (which is the amount of time it takes for a message to be sent and replied to), for example, the link monitor can trigger an alert if a message takes too long to be delivered.

You can also set up link monitors with foreign email systems that support rules. On the foreign system, a rule would be set up to automatically reply to the link monitor message, thus completing the cycle. Exchange Servers will automatically reply to a link monitor message without additional configuration.

Remember, because link monitors depend on being able to send messages, you can only implement a link monitor for a site where a messaging connector exists.

C. Managing Exchange Server Queues

If messages are not able to be transferred to their destination, queues will fill up as new messages are placed in them to await transfer.

The Exchange MTA and many of the messaging connectors have queues associated with them. These queues can be viewed from the object's properties sheet. Some of the causes of queue blockages are as follows:

  • A failed physical network link
  • A stopped service
  • An improperly configured server or MTA
  • An improperly configured connector
  • A corrupt message

By displaying the queues, you can see a list of all messages in that queue and the time they were submitted. You can delete individual messages as necessary by clicking them and pressing the Delete key. If this still does not solve the problem, try stopping and starting the associated service or connector. If this still does not resolve the problem, verify your links and the configuration.

3.8.1 Exercise: Implementing Server Monitors

This exercise guides you through the process of installing and configuring server monitors. You must have at least one Exchange Server installed and configured before attempting the exercise. If possible, run this exercise with two Exchange Servers. Follow these steps:

1. Open the Microsoft Exchange Administrator program.

2. Open the Configuration container of your site.

3. Select the monitor's Container object in the left-hand pane.

4. From the menu, choose File, New Other, Server Monitor.

5. On the General tab, enter the Directory Name and the Display Name for the new server monitor. You can also configure how frequently the services of the configured server are polled to determine whether they are still running. If a warning or error condition is detected on a server, the polling will switch from the normal interval to the critical interval.

6. On the Servers tab, you can select which server you are monitoring. The server can be in the local site or in a remote site. You can click the Services button to select which services will be monitored.

7. On the Notifications tab, you can configure which notification type to use. You can select from Launching a Process, Mailing a Message, or Sending a Windows NT Alert. The notification will be sent out when a monitored server enters an alert or warning state.

8. On the Actions tab, you can configure what actions to take when a monitored service stops. Actions range from taking no action to restarting the service to restarting the computer.

3.8.2 Exercise: Implementing Link Monitors

This exercise guides you through the steps you need to follow to install and configure a link monitor. Follow these steps:

1. Open the Microsoft Exchange Administrator program.

2. Open the Configuration container of your site.

3. Select the monitor's Container object in the left-hand pane.

4. From the menu, choose File, New Other, Link Monitor.

5. On the General tab, enter the Directory Name and the Display Name for the new link monitor. You can also configure how frequently the link will be tested. If a warning or error condition is detected on a server, the polling switches from the normal interval to the critical interval.

6. On the Servers tab, you can select which server you plan to test the link to.

7. On the Recipients tab, you configure which recipient you are going to send the link message to. Most often you will place the recipients in the left-hand list. You use the right-hand list only if you do not expect the full subject to be returned in the reply message.

8. On the Bounce tab, you set what is the longest acceptable round-trip time for a message to travel between the recipient's email system and the link monitor's email system. You can configure when a connection is considered to be in a Warning State and an Alert State on this page.

3.8 Practice Problems

1. You want to ensure that the Internet Mail Service is running at all times on a remote server. Which Exchange features can be used for this?

A. Link monitors

B. Server monitors

C. Diagnostics Logging

D. Process Tracking

2. What is the function of a link monitor?

A. Verifies that a connector is running

B. Verifies that domains can communicate with each other

C. Verifies RCP connectivity

D. Ensures that messaging links are operational

3. Which of the following could cause messages to get stuck in a queue?

A. A failed network link

B. A stopped service

C. Improper configuration

D. Invalid security information

4. When link monitor messages fail, what action can be taken?

A. Alert the administrator

B. Restart the monitored services

C. Restart the monitored server

D. Run a command

5. Which of the following properly describes the purpose of the server monitor?

A. Monitors a messaging link

B. Monitors specific services on a remote server

C. Monitors performance of a remote server

D. Monitors user activity on a remote server

6. Which of the following accurately defines bounce time?

A. The amount of time before a message will be returned as undeliverable

B. The amount of time it takes to send a message from one recipient to another

C. The amount of time it takes for a link monitor message to be sent and returned to and from a remote server

D. The amount of time a message can wait in the MTA queue before being returned as undeliverable

3.8 Answers and Explanations: Practice Problems

1. B Server monitors are used to ensure that a service is running on a remote server.

2. D Link monitors are used to make sure that messages can be sent between sites.

3. A, B, C Security information is not checked by the MTA.

4. A, D When link monitor messages fail, the administrator can be notified or an external program can be run. This external program might be used to automatically page an administrator if an error occurs.

5. B The server monitor monitors services on a remote server.

6. C Bounce time is the amount of time it takes for link monitor messages to be sent to and returned from a monitored server.

3.8 Keywords

Link monitor
Bounce time
Server monitors
MTA queue

Practice Exam: Configuring and Managing Resource Access

Use this practice exam to test your mastery of "Configuring and Managing Resource Access" after you have reviewed the chapter and completed all the practice problems. This practice exam is 17 questions long. Questions are in multiple-choice format.

1. What do recipients require to decrypt messages addressed to them?

A. The public signing key used to encrypt the message

B. Their private key

C. Their private lockbox

D. Their advanced security password

 
2. What components does Exchange use to verify the identity of the sender and to ensure that the message has not been modified in transit?

A. Digital signatures

B. Security token

C. Message digest

D. Non-repudiation certificates

3. What must be done to enable Advanced Security?

A. A Key Management Server must be present.

B. Advanced security must be enabled at the mailbox.

C. Keys must be generated for the recipient.

D. The users must configure Advanced Security in their client software.

4. By default, who can manage advanced security?

A. Exchange Admins

B. Exchange Permissions Admins

C. Windows NT administrators

D. KM administrators

5. What must you do before running a backup of a KM Server?

A. Stop the Exchange System Attendant service.

B. Stop the Exchange KM Server service.

C. Nothing. The KM server supports online backups.

D. Run KMSERVER ñB to make a backup copy of the KM database.

6. What actions can be completed from the Distribution Lists tab of a user's mailbox properties sheet?

A. Viewing their distribution list membership.

B. Modifying their distribution list membership.

C. Restricting their ability to send messages to specific distribution lists.

D. Restricting their ability to view the membership of distribution lists.

7. By default, what attributes can a user modify for his or her mailbox?

A. Directory name

B. Display name

C. Home server

D. Only the user attributes

8. Using the Clean Mailbox utility, you would like to delete all messages with a sensitivity level of private or lower. How is this done?

A. By selecting the Private sensitivity level, it will automatically affect all lower sensitivity levels.

B. You must select all the sensitivity levels you would like to choose by using your Shift or Ctrl keys.

C. Do nothing; this is the default.

D. This cannot be done; you must run a separate cleaning for each sensitivity level.

9. Which Microsoft Internet Information Server feature powers the Outlook Web Client?

A. ActiveX

B. ActiveDirectory

C. Active Server Pages

D. Mail Applications Programming Interface

10. To reduce the size of the Private Information Store, you would like to automatically clean all mailboxes larger than a specific size. How can this be done?

A. Using the Clean Mailbox tool, have it search for all mailboxes greater than the desired size.

B. Using the Clean Mailbox tool, specify all the mailboxes that you want to clean, after viewing the mailbox sizes manually.

C. Set Information Store storage limits. This will delete messages in mailboxes larger than the size you specify.

D. You must clean each mailbox larger than the desired size manually.

11. Who can modify the membership of a distribution list?

A. Any user

B. Admins

C. Permissions Admins

D. Distribution list owners

12. You have recently noticed a huge increase in the number of members of a distribution list. Lately, whenever a user sends a message to this list, performance is affected on the whole system. What is the recommended way to resolve this issue?

A. Split the distribution list into smaller lists

B. Move the distribution list to another server

C. Set the Expansion Server property for the distribution list to another server with more capacity

D. Specify distribution list expansion to only occur after hours

13. You have recently created a distribution list that you would like users to be able to send to, but do not want your users to view the membership of the list. How can this be done?

A. Set the Hide from Address Book property on the list

B. Set the Hide Membership from Address Book property on the list

C. Remove the View permission from your users

D. Do nothing; this is the default.

14. You want to limit users from sending large messages to distribution lists with many users. What is the best way of doing this?

A. Set a message size limit for the distribution list

B. Set an automatic trigger that will automatically message size limits when a distribution list exceeds a preset number of users

C. Limit who can send to the distribution list

D. Set a message size limit for the Exchange MTA

15. How you can you view the size of a user's mailbox?

A. Using Explorer, view the size of the EDB file of the mailbox

B. Run the isstat.e XE command

C. Look at the mailbox size in the Private Information Store

D. Use the Find Mailbox command and view its size in the results list

16. Martha has recently moved offices and is complaining of poor performance. The office that Martha has moved to has a local Exchange Server that is in the same site as the her mailbox. How can you improve performance for Martha without affecting her existing mail?

A. Create a new mailbox for her, and have her forward all her mail to the new mailbox

B. Move the mailbox by setting the home server to the new server

C. Back up the mailbox and restore it to the new server

D. Replicate Martha's mailbox to the new server

17. You want to limit logging overhead on your system. You would like to be able to log critical errors that occur in the Private Information Store, and nothing else. What logging level should you use?

A. None

B. Minimum

C. Medium

D. Maximum

 

Answers and Explanations: Practice Exam

1. B, D They must have their private key and the password required to access the message.

2. A, C Exchange uses digital signatures to verify the identity of the sender and the message digest that is verified to ensure the message has not been tampered with in transit.

3. A, B, C, D All these conditions must be met before a user can use Advanced Security.

4. D Only Key Management Admins. They are specified separately from standard Admins.

5. B You must stop the KM service before running a backup of a KM Server. Stopping the System Attendant is unnecessary.

6. A, B From the Distribution Lists tab of a user's mailbox properties sheet, you can view or modify a mailbox's distribution list membership.

7. D By default, users can modify only their own user attributes.

8. D You must run a separate cleaning for each sensitivity level.

9. C Active Server Pages powers the Outlook Web Client, and is available in Internet Information Server 3.0 or later.

10. D You must find and clean each mailbox manually.

11. B, C, D List membership is not considered a permission; therefore Admins also have this ability. However, this right is not granted to users.

12. C The expansion server specifies where the list will be processed to determine which users mail will be sent to.

13. B This setting will allow users to see the list in the address book, but not view its membership.

14. A This provides the best solution, ensuring that all users can send and that the size limit will be enforced for all recipients.

15. C This can be seen from the information store.

16. B This will move Martha's mailbox entirely intact to the closer server.

17. A None; Exchange will always log critical errors.

Table of Contents







MCSE TestPrep: Exchange Server 5.5 - Table of Contents


MCSE TestPrep: Exchange Server 5.5



  • Introduction

    • Who Should Read This Book
    • What the Microsoft Exchange Server 5.5 Exam (70-081) Covers
    • Hardware and Software Recommendations




  • Chapter 1 - Planning

    • 1.1 Choosing an Implementation Strategy for Exchange Server
    • 1.2 Developing the Configuration of an Exchange Server Computer
    • 1.3 Identifying Strategies for Migration from Previous Versions of Exchange
      Server to Exchange Server 5.5
    • 1.4 Developing a Long-Term Coexistence Strategy
    • 1.5 Developing an Infrastructure for Exchange Server
    • 1.6 Choosing Installation and Integration Strategies for Exchange Server
      Client Applications
    • 1.7 Developing Long-Term Administration Strategies
    • 1.8 Developing Security Strategies
    • 1.9 Developing Server-Side Scripting Strategies
    • Practice Exam: Planning




  • Chapter 2 - Installation and Configuration

    • 2.1 Installing Microsoft Exchange Server
    • 2.2 Configuring Address Lists and Accounts
    • 2.3 Configuring Exchange Server for Message Recipients
    • 2.4 Configuring Site Properties
    • 2.5 Configuring Connectivity in Various Situations
    • 2.6 Directory Synchronization
    • 2.7 Installing and Configuring the Exchange Server Clients
    • Practice Exam: Installation and Configuration




  • Chapter 3 - Configuring and Managing Resource Access

    • 3.1 Managing Site Security
    • 3.2 Managing the Directory
    • 3.3 Managing Users
    • 3.4 Managing Distribution Lists
    • 3.5 Managing the Public Information Store Database
    • 3.6 Managing the Private Information Store Database
    • 3.7 Backing Up and Restoring the Exchange Organization
    • 3.8 Managing Connectivity
    • Practice Exam: Configuring and Managing Resource Access




  • Chapter 4 - Monitoring and Optimization

    • 4.1 Optimizing Exchange Server
    • 4.2 Configuring Link and Server Monitors
    • 4.3 Monitoring Performance with SNMP and MADMAN MIB
    • 4.4 Optimizing Performance of the Messaging Environment
    • 4.5 Optimizing Foreign and Site-to-Site Connections
    • Practice Exam: Monitoring and Optimization




  • Chapter 5 - Troubleshooting

    • 5.1 Diagnosing and Resolving Upgrade Problems
    • 5.2 Diagnosing and Resolving Server Installation Problems
    • 5.3 Diagnosing and Resolving Migration Problems
    • 5.4 Diagnosing and Resolving Connectivity Problems
    • 5.5 Diagnosing and Resolving Client Connectivity Problems
    • 5.6 Diagnosing and Resolving Information Store Problems
    • 5.7 Diagnosing and Resolving Server Directory Problems
    • 5.8 Diagnosing and Resolving Server Resource Problems
    • 5.9 Diagnosing and Resolving Message Delivery Problems
    • 5.10 Diagnosing and Resolving Backup and Restoration Problems
    • 5.11 Diagnosing Organization Security Problems
    • Practice Exam: Troubleshooting




  • Practice Exam 1
  • Practice Exam 2
  • Appendix A - Glossary
  • Appendix B - About the Exam

    • The Microsoft Certification Process
    • Registering and Taking the Exam




  • Index



Customer Reviews

Most Helpful Customer Reviews

See All Customer Reviews