Sharepoint2010 Session 2

O F F I C I A L
M I C R O S O F T
L E A R N I N G
P R O D U C T
10233B
Lab Instructions and Lab Answer Key:
Designing and Deploying Messaging
Solutions with Microsoft Exchange
Server 2010 SP2
Information in this document, including URL and other Internet Web site references, is subject to change
without notice. Unless otherwise noted, the example companies, organizations, products, domain names,
e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with
any real company, organization, product, domain name, e-mail address, logo, person, place or event is
intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the
user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in
or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical,
photocopying, recording, or otherwise), or for any purpose, without the express written permission of
Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property
rights covering subject matter in this document. Except as expressly provided in any written license
agreement from Microsoft, the furnishing of this document does not give you any license to these
patents, trademarks, copyrights, or other intellectual property.
The names of manufacturers, products, or URLs are provided for informational purposes only and
Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding
these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a
manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links
may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not
responsible for the contents of any linked site or any link contained in a linked site, or any changes or
updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission
received from any linked site. Microsoft is providing these links to you only as a convenience, and the
inclusion of any link does not imply endorsement of Microsoft of the site or the products contained
therein.
2012 Microsoft Corporation. All rights reserved.
Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/en/us/IntellectualProperty
/Trademarks/EN-US.aspx are trademarks of the Microsoft group of companies. All other trademarks are
property of their respective owners
Product Number: 10233B

Released: 03/2012
Lab Instructions: Introduction to Designing a Microsoft Exchange Server 2010 Deployment
Module 1
Lab Instructions: Introduction to Designing a Microsoft
Exchange Server 2010 Deployment
Contents
Exercise 1: Evaluating an Existing Messaging Infrastructure
Exercise 2: Creating a Requirements Document
8
12
Exercise 3: Discussion: Real-World Best Practices for Setting

Budget Expectations
14
Exercise 4: Discussion: Refining the Scope of SLA Requirements
15
Lab: Introduction to Designing an Exchange Server 2010

Deployment
Lab Setup
For this lab, you do not require any virtual machines.
Lab Scenario
You are a messaging engineer for A. Datum Corporation, an enterprise-level organization with multiple
locations. A. Datum is an international corporation involved in technology research and investment, and is
planning to upgrade from Exchange Server 2003 to Exchange Server 2010. A. Datum currently has three
remote sites, and their headquarters. The company is pursuing an aggressive expansion plan, and will be
adding two new office locations during the upgrade project.
Location
London
Corporate
Headquarters
Internal users
12,000 currently
10,000 after the new
London office is ready
Mobile users
1,000 Outlook Web Access users

500 Outlook Anywhere and mobile client users
800 Office Outlook users connecting through a virtual
private network (VPN)
London (new
office)
4,000 (anticipated)
200 Outlook Web Access users

San Diego
Former head
office of
Trey Research
500
50 POP3 client users
Vancouver
6,000

(continued)
Location
Internal users
Mobile users
Tokyo
5,000

200 Office Outlook users connecting through a VPN
Chennai (new
office)
800 (anticipated)

A. Datum has deployed a single Active Directory forest with a dedicated root domain named
Adatum.com, and three child domains in the same tree. These domains are:
EU.Adatum.com
NA.Adatum.com
AS.Adatum.com
Additionally, the organization has deployed a domain named TreyResearch.net in the San Diego location.
This domain is configured as a separate tree in the Adatum.com forest.
Adatum_Info.vsd
Domains:
Domain Controller Locations:
London Messaging Detail:
Tokyo Messaging Detail:
Vancouver Messaging Details:
Requirements Interview Notes Document

Madeleine Kelly, CEO
The Board of Directors has just initiated a three-year plan that will result in A. Datum doubling in size.
Some of this growth is going to come from internal growth by expanding our current businesses, but the
plan also calls for a very aggressive acquisitions strategy. Much of my time for the next three years will be
spent identifying potential acquisitions anywhere in the world, and negotiating partnerships or takeovers.
Whatever messaging solution you create has to be very flexible and easily expanded.
Karen Toh, Vice President Europe

My biggest complaint with the current email system is that it is technically obsolete. One of the groups I
manage is our International Sales Team. There are only 50 people on the team, but they are constantly
traveling throughout the world researching business opportunities. This team makes more money for this
company than any other group of people. They are also very knowledgeable about technology, and they
tell me that our current system is archaic compared to what other companies are using. This team wants
the latest and greatest in technology. This team needs to be able to access their email from anywhere in
the world at any time.
Marcel Truempy, CIO

In the last 5 years since I became CIO, our email system has changed from being a useful tool for business
to being a critical part of our business processes, and everybody notices when email is not available. To
give you an example, a couple of months ago all of the email servers in London were unavailable for 6
hours due to a virus outbreak. A couple of months before, one of the servers in Vancouver failed, and we
couldnt send any email to and from Vancouver for 8 hours while the hardware vendors came in to fix the
hardware. This happened right in the middle of some critical business negotiations where we had to be
able to exchange documents rapidly. In both cases, the CEO and every other member of the executive
staff called me on my cell phone while I was at home. The most important requirement I have for this
email system is availability this system has to be available always.
Scott MacDonald, Vice President North America

The Security and Compliance Department for the organization is based in Vancouver, so they report to
me. The head of that department tells me that the rules for how we do business and, especially, how we
handle confidential or private information are changing all the time. Just about every country has laws
regulating what we can do with private customer information, but the rules are often not the same. This
gets very complicated for an international organization like ours, where some of that information is
crossing country borders. We need a messaging solution that we can use to enforce some of the
compliance requirements.
Gareth Chan, Vice President - Asia

A. Datum is establishing a very important partner relationship with Contoso, Ltd. Contoso, Ltd is a hightech research organization, and we are working on some very confidential projects with them. We need to
make sure that all of the email that we are sending between our company and Contoso, Ltd cannot be
viewed by anyone else on the Internet.
Carole Poland, IT Manager

My biggest concern with this project is the budget. This company has a history of setting very high
expectations for a project, and then not providing the budget to do the job right. So whatever design you
come up with, we are going to have to be very conscious of the budget.
Shane DeSeranno, Network Operations Manager

The Network Operations department is responsible for managing all of the wide area networks (WAN)
links, the local area networks (LANs), and the firewalls. One of the restrictions that the Security department
placed on us recently is that we cannot allow any unencrypted traffic through our internal firewalls. We
can accept unencrypted traffic into our perimeter network, but not to the internal network.
Jason Carlson, Network Specialist

I can provide you with a Visio diagram that has all of our WAN connections and our connections to the
Internet. Our network right now is quiet reliable, but we dont have much available bandwidth between
company locations.
Tzipi Butnaru, Directory Services Manager

The company just finished upgrading all of the Active Directory domain controllers to Windows Server
2008, Service Pack 1. As part of the upgrade, we did a thorough review of our whole Active Directory
design. We dont anticipate making any more changes to the Active Directory configuration for a while.
Conor Cunnigham, Messaging Services Manager

One of our biggest problems right now is all of the mobile users that we have to support. We have quite a
few users using Outlook Web Access, and that seems to be working pretty well, although I do have some
security concerns with using Outlook Web App. A lot of our users work at home, and most of them are
using POP3 clients. I also have security concerns with these clients, but a bigger problem for them is
functionality. Users complain that they cant easily access their calendar information or send meeting
requests. And we have more and more people asking for access to their email through cell phone devices.
Andreas Herbinger, Messaging Specialist

We currently have a mailbox size limit of 50 megabytes (MB) for all users. However, this limit is much too
small, and a lot of people have been able to convince their managers to approve an increase is size for
their mailboxes. At this point, almost half of the people in the company have an exception on their
mailbox limits, and most of these limits are at 100 megabytes (MB).
Luca Dellamore, Messaging Specialist

We currently have four administrative groups in our Exchange organization. We have an administrative
group for North America, one for Europe, and one for Asia (LondonAG, VancouverAG, and TokyoAG). The
extra administrative group contains all of the routing groups (RoutingGroupAG). In each location, we have
a group of Exchange administrators that have full administrative permissions for their administrative
group, but do not have any permission in the other administrative groups (LondonExAdmins,
VancouverExAdmins, and TokyoExAdmins). In London, we have a group of senior messaging specialists
who have full control over all administrative groups (EnterpriseExAdmins). This group is also the only
group that has administrative permissions over the routing administrative group.
We also have a routing group for each of the big company locations: the routing group in Vancouver is
called VancouverRG, and then we have LondonRG, and TokyoRG. I can send you the Visio with all of the
Exchange Servers in each location. We have a routing group connector between VancouverRG and
LondonRG, and between LondonRG and TokyoRG.
We use two SMTP namespaces: adatum.com and TreyResearch.net.
Note Your instructor may choose to perform this lab as a group discussion rather than an
individual activity.

Scenario
In this exercise, you will complete two sections of a messaging infrastructure checklist.
To complete this exercise, review the existing A. Datum documentation:
Diagrams describing the A. Datum environment
Interview notes from meetings with various personnel at A. Datum
The main tasks for this exercise are as follows:

1.
Review A. Datum documentation.
2.
Complete the appropriate sections in the Current Network Infrastructure Analysis document.
3.
Complete the appropriate sections in the Current Messaging Infrastructure Analysis document.
Note
You may not be able to fill in all of the information in the documents.
Task 1: Review A. Datum documentation
Review the following information:
Adatum_Info.vsd
Requirements interview notes document
Task 2: Complete the appropriate sections in the Current Network Infrastructure

Analysis document
Complete the Current Network Infrastructure Analysis document.
A. Datum Current Network Infrastructure Analysis

Document Reference Number: JC310110/1
Document Author
Date
Jason Carlson
31st January 2010
Active Directory Infrastructure - Sites

Active Directory site name
Directory servers in each site
LondonSite
RD-LON-DC1
RD-LON-DC1
EU-LON-DC1
EU-LON-DC2
Additional notes
Active Directory Infrastructure Forest and domain topology

Forest
Additional notes
Domains in each forest
10
Task 3: Complete the appropriate sections in the Current Messaging Infrastructure

Analysis document
Complete the relevant sections of the following document.

A. Datum Current Messaging Infrastructure Analysis
Document Author
Date
Jason Carlson
31st January 2010
Exchange Server Configuration

Server name
Exchange
version and
SP level
Server
role
Location
LON-MSG-FE1
Exchange
Server 2003
Frontend
server
London
11
(continued)
A. Datum Current Messaging Infrastructure Analysis
Additional notes
Exchange Organization information

Configuration
Settings
Administrative
groups
Administrator
groups
Routing
groups
SMTP
namespaces
Additional notes
Results: After this exercise, you should have completed the appropriate sections in the Current Messaging
Infrastructure Analysis document.
12

Scenario
In this exercise, you will complete a requirements document for A. Datum Corporation.
1.
Discuss the questions.
2.
Complete the appropriate sections in the Project Requirements Analysis document.
3.
Discuss the components that you will need to include in the Exchange Server design to meet the
company requirements.
Note
You may not be able to fill in all of the information in the documents.
Task 1: Discuss the questions

Discuss as a group. You will incorporate your answers in to the requirements documentation.
1.
What are A. Datum Corporations requirements and pain points?
2.
How can Exchange Server 2010 help address the requirements?
Task 2: Complete the appropriate sections in the Project Requirements Analysis

document
You will complete these sections as a group.
Complete the relevant section of the following document.

A. Datum Project Requirements Analysis
Document Author
Date
Jason Carlson
31st January 2010
Summary of business requirements

This section provides a summary of the information collected during the business requirements
analysis task. It is important to clearly define the needs that must be addressed so that the
organization can perform its business tasks more effectively and efficiently:
Summary of functional requirements

This section lists the functional requirements identified during the requirements analysis task. The
functional requirements define how the proposed technology will address the projects business
requirements. This section may be quite extensive, as it relates to many areas such as: performance,
security, manageability, usability, availability, and scalability:
13
(continued)
A. Datum Project Requirements Analysis
Summary of additional requirements
This section lists the additional requirements identified during the requirements analysis task.
Additional requirements may include data related to additional stakeholders, required technology,
and user requirements:
Project priorities and constraints

This section outlines the identified project priorities and constraints. During the requirements
analysis task, specific priorities should have been identified related to the schedule, resources, or
features that must, or must not, be included in the project:
Task 3: Discuss the components that you will need to include in the Exchange Server
design to meet the company requirements
Discuss the following questions:

1.
What components will you need to include in the Exchange Server 2010 deployment to meet the
business requirements?
2.
technical and additional requirements?
Results: After this exercise, you should have completed the A. Datum Project Requirements documents.
14
Exercise 3: Discussion: Real-World Best Practices for Setting Budget

Expectations
Scenario
In this exercise, you will discuss guidelines for setting budget expectations for projects.
The first of several budget reviews should happen early. The team needs to determine whether the project
is feasible. If the costs are very high, the team needs to start thinking about how much each of the
requirements will cost, and how cutting certain requirements will affect the budget.
The main task for this exercise is to answer the following questions.
Task: Answer the following questions

Question: What information is required to set the preliminary budget?
Question: How do you resolve scenarios where addressing all of the requirements will cost
significantly more than the proposed budget?
Results: After this exercise, you should have answered the preceding questions.
15

Scenario
Humongous Insurance is a large provider of life, disability, and health insurance. There are three locations
in the United States that perform administrative functions: New York, Los Angeles, and Dallas. Each office
has approximately 400 people. All users in these locations access their email internally by using the full
Office Outlook client, but occasionally also need to remotely access to their mail.
The Active Directory forest consists of a single domain (humongousinsurance.com) with each physical
location configured as a site. Each site has a single domain controller, a file server, and several application
servers that are used for specialized insurance software. Each domain controller is configured as a global
catalog server.
New York serves as a central hub for network communication. There is a 10-megabits per second (Mbps)
link from New York to Los Angeles, and another 10-Mbps link from New York to Dallas. Finally, there is a
10-Mbps Internet connection in New York. Other locations do not have direct Internet connectivity.
There are 85 independently owned sales offices throughout the United States. The sales offices are not
part of the humongousinsurance.com Active Directory forest. The software that the sales offices use to fill
out policy information sends applications as an encrypted attachment in email. As part of the Exchange
Server 2010 rollout, users in these offices will be given Humongous Insurance email accounts.
The initial plan for Exchange Server 2010 implementation includes configuring a single Exchange Server in
each physical location to service that locations users. The Exchange Server in New York will also service
the sales offices. Each Exchange server will perform the roles of Mailbox server, Hub Transport server, and
Client Access server. An additional Exchange server in New York will perform the Edge Transport server
role.
The chief information officer (CIO) and chief operating officer (COO) created the first draft of high
availability requirements for the new Exchange Server 2010 system. These requirements are the starting
point for SLA development. In the role of the projects technical lead, review this information and
determine what additional information is necessary to create a useful SLA.
In this exercise, you will refine the scope of SLA requirements.
High Availability Information Requirements document

Authors: Marcel Truempy (CIO) and Gregory Weber (IT Steering Committee Chairman)
The availability requirements for Exchange Server 2010 are:
All users must be able to access their mailboxes at all times.
Messages must be delivered inside the organization within minutes.
Users must be able to send and receive email from the Internet at all times.
If an Exchange Server fails, users should experience very little disruption in service, and no mail
messages should be lost.
Requests for restored mailboxes and messages must be processed as soon as possible.
16

1.
Review the high availability requirements document that the CIO and COO have created.
2.
Create a list of additional information necessary to create the SLA.
3.
Discuss your solution with the class.
Task 1: Review the high availability requirements document that the CIO and COO
have created
Review the requirements documentation.
Task 2: Create a list of additional information needed to create the SLA

1.
Working with group members, brainstorm a list of other information that is required to create the
SLA.
2.

A. Datum Refining the Scope of SLA Requirements
Document Author
Date
Jason Carlson
31st January 2010
Questions
Task 3: Discuss your solution with the class
Participate in the discussion led by your instructor.
Results: After this exercise, you should have completed the High Availability Information document.
17
To prepare for the next module

When you finish the lab, start the virtual machines that will be required for the next lab. To do this,
complete the following steps:
1.
On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2.
In Hyper-V Manager, click 10233B-NYC-DC1, and in the Actions pane, click Start.
3.
In the Actions pane, click Connect. Wait until the virtual machine starts.
4.
Log on using the following credentials:
5.
User name: Administrator
Password: Pa$$w0rd
Domain: Contoso
Repeat steps 2 to 4 for virtual machines 10233B-NYC-SVR1.
Lab Instructions: Designing Microsoft Exchange Server 2010 Integration with the Current Infrastructure
Module 2
Lab Instructions: Designing Microsoft Exchange Server
2010 Integration with the Current Infrastructure
Contents
Exercise 1: Evaluating the Current Network Infrastructure at Contoso
Exercise 2: Determining Suitability for Exchange Server 2010
Exercise 3: Preparing the AD DS Forest for Exchange Server 2010
Exercise 4: Configuring Exchange Server Delegation
Lab: Designing Exchange Server Integration with the

Current Infrastructure
Lab Setup
For this lab, you will use the available virtual machine environment. Before beginning the lab, you must
1.
2.
Ensure that the 10233B-NYC-DC1 and 10233B-NYC-SVR1 virtual machines are running.
3.
If required, connect to the virtual machines. Log on to the virtual machines as

Contoso\Administrator using the password Pa$$w0rd.
Lab Scenario
Contoso, Ltd is planning to deploy Exchange Server 2010. You are a messaging consultant from A. Datum
Corporation, and have been tasked with verifying that the existing network infrastructure is suitable to
support Exchange Server 2010.
Once you have determined that the prerequisites are met, you will prepare the AD DS forest so that the
server deployment team can begin the Exchange Server 2010 deployment.

Scenario
In this exercise, you will examine the current network infrastructure. You will determine whether it is
suitable to support Exchange Server 2010, and make recommendations about any necessary changes.
1.
Review the supplied documentation.
2.
Answer questions relating to the documentation.
3.
Complete a report that provides information about necessary changes required to the network and
AD DS infrastructure, to enable support for Exchange Server 2010.
Task 1: Review the supplied documentation
Review the diagram and read the supporting documentation.
Sites
Supporting Documentation
Email thread of correspondence with Ed Meadows:
Ed Meadows
From:
Jason Carlson [Jason@adatum.com]
Sent:
1 February 2010 14:00
To:
Ed@Contoso.com
Subject: Re: Contoso Exchange Server 2010 project
Thanks; thats really helpful.
Yes, we can delegate tasks to specified individuals. Well discuss what you need when I get there. See you
next week.
Jason.
----- Original Message ----From:
Ed Meadows [Ed@Contoso.com]
Sent:
31 January 2010 13:30
To:
Jason@adatum.com
Subject: Contoso Exchange Server 2010 project
Attachments:
Contoso.vsd
Jason,
Please find attached the Visio diagram of our three AD DS sites. All three sites are connected, logically,
with the DefaultIPSiteLink site link, and with default values.
The New York City office is our head office, and supports around 500 users. Branch Office 1 has 100 users,
while the other branch has only 30 users hence the RODC. Our only Internet connection is from the NYC
offices. We have a couple of DCs there.
Our namespace is pretty straightforward; Contoso.com is the only domain.
Wed like to be able to delegate administration of specified Exchange administration tasks to couple of
individuals out at Branch Office 1. Is that easy to do? I hope all this helps, and see you here in New York
next week.
Ed
Task 2: Answer questions relating to the documentation

Question: Based on the supplied information, is there anything you might need to
reconfigure before deploying Exchange Server?
Question: What else do you need to know before you can begin deploying Exchange Server
2010?
Task 3: Complete a report that provides information about necessary changes required
to the network and AD DS infrastructure to enable support for Exchange Server 2010
Complete the following proposal document by answering the questions.

Contoso Exchange Server network infrastructure
Document Author
Date
Jason Carlson
11th February 2010
Requirement Overview
To determine what changes, if any, are required to the existing network and AD DS infrastructure to
Proposals
Question: The internal and external DNS zone names are the same for Contosoi.e. Contoso.com.
What issue does this raise for clients connecting to their mailboxes using Outlook Web App from
their home computers?
Question: What DNS records must you configure in the external Contoso.com DNS zone?
Question: How do you propose to support the messaging needs of users in Branch Office 2?
Question: What messaging client will you deploy to Branch Office 2?
Question: What server role must you consider deploying in the head office to facilitate inbound
and outbound messaging to and from the Internet?
Question: How many Client Access servers do you envisage needing?
Question: How many Hub Transport servers are required?
Question: Ed Meadows has explained that the administrators at the Branch Office 1 site needs to
be able to perform limited recipient management tasks. To which built-in role group should you
assign these branch administrators?
Note
Be prepared to discuss your proposed design with the class.
Results: After this exercise, you should have completed the Contoso Exchange Server network
infrastructure report.

You must verify that the AD DS environment and the server meet all prerequisites for installing Exchange
Server 2010. Use the following checklist to verify that the prerequisites are met.
Prerequisite
Achieved?
AD DS domain controllers: Windows Server 2003 SP1 or later
Yes or No
AD DS domain and forest functional level: Windows Server

2003 or higher
Yes or No
DNS requirements
Yes or No
Exchange Server 2010 schema changes
Yes or No
AD DS management tools
Yes or No
Microsoft .NET Framework 3.5 or later
Yes or No
Windows Remote Management
Yes or No
Windows PowerShell 2.0
Yes or No
2010 Office System Converter: Microsoft Filter Pack
Yes or No
Web Server Internet Information Services (IIS) server role along

with the following role services:
ISAPI Extensions
IIS 6 Metabase Compatibility
IIS 6 Management Console
Basic Authentication
Windows Authentication
Digest Authentication
Dynamic Content Compression
.NET Framework Extensibility
Yes or No
Windows Server 2008 features:

WCF Hypertext Transfer Protocol (HTTP) Activation
RPC over HTTP Proxy
Yes or No

1.
Evaluate the AD DS requirements.
2.
Evaluate the DNS requirements.
3.
Evaluate the server requirements.
Task 1: Evaluate the AD DS requirements

1.
On NYC-DC1, evaluate whether the domain controller requirements are met.
2.
Evaluate whether the domain and forest functional level requirements are met.
3.
Use Adsiedit.msc to evaluate whether the Exchange schema changes are applied.
Task 2: Evaluate the DNS requirements
On NYC-SVR1, use Ipconfig, Ping, and NSLookup to evaluate DNS name resolution functionality.
Task 3: Evaluate the server requirements

1.
On NYC-SVR1, evaluate whether the required Windows Server 2008 featuresincluding the required
AD DS administration toolsare installed.
2.
Evaluate whether the IIS components are installed.
3.
Evaluate whether the prerequisite software is installed.
Results: After this exercise, you should have evaluated whether your organization meets the AD DS, DNS,
and server requirements for installing Exchange Server 2010. You should have identified the additional
components that need to be installed or configured to meet the requirements.

Scenario
Now that you have identified which prerequisites are not met in the current AD DS and server
configuration, you need to update the environment to meet them.
1.
Install the Windows Server 2008 server roles and features.
2.
Prepare AD DS for the Exchange Server 2010 installation.
Task 1: Install the Windows Server 2008 server roles and features
1.
2.
On NYC-SVR1, in Server Manager, install the prerequisite server roles and features for Exchange
Server 2010:
AD DS Snap-Ins and Command-Line Tools
.NET Framework 3.5.1
RPC over HTTP Proxy
For IIS:
Digest Authentication
Dynamic Content Compression
IIS 6 Management Console
Configure the Net.Tcp Port Sharing Service to start Automatically.
Task 2: Prepare AD DS for the Exchange Server 2010 installation

1.
In the 10233B-NYC-SVR1 on localhost Virtual Machine Connection window, on the File menu,
click Settings.
2.
Click DVD Drive, and then click Image File.
3.
Click Browse, and browse to C:\Program Files\Microsoft Learning\10233\Drives.
4.
Click EXCH2010SP2.iso, click Open, and then click OK.
5.
On NYC-SVR1, from a command prompt, run the Exchange Server setup program with the
setup /PrepareAD parameter. Configure an Exchange organization name of Contoso.
Results: After this exercise, you should have prepared the AD DS and server configuration for the
Exchange Server 2010 installation.

Scenario
You must help Ed Meadows achieve his objective of delegating various management tasks to branch
administrators. To meet the management requirements, you need to ensure that Adam Carter is added to
the Help Desk group.
The main task for this exercise is as follows:
Configure permissions for Adam Carter, the branch administrator.
Task: Configure permissions for Adam Carter, the branch administrator

1.
2.
Create a new user in the Users folder in Active Directory Users and Computers:
Full name: Adam Carter
User logon name: Adam
Password: Pa$$w0rd
On NYC-SVR1, in AD DS Users and Computers, add Adam Carter to the Help Desk group.
Results: After this exercise, you should have delegated administration.

When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:
1.
On the host computer, start Hyper-V Manager.
2.
Right-click 10233B-NYC-DC1 in the Virtual Machines list, and then click Revert.
3.
In the Revert Virtual Machine dialog box, click Revert.
4.
Repeat these steps for virtual machines 10233B-NYC-SVR1.
5.
In the Virtual Machines pane, click 10233B-VAN-DC1, and then in the Actions pane, click Start.
Note Start the 10233B-VAN-DC1 virtual machine first, and ensure that it is fully started
before starting the other virtual machines.
6.
Wait for 10233B-VAN-DC1 to start, and then start 10233B-VAN-EX1. Connect to the virtual machine.
7.
Wait for 10233B-VAN-EX1 to start, and then start 10233B-VAN-EX2. Connect to the virtual machine.
8.
Wait for 10233B-VAN-EX2 to start, and then start 10233B-VAN-CL1. Connect to the virtual machine.
Lab Instructions: Planning and Deploying Mailbox Services
Module 3
Contents:
Exercise 1: Designing the Mailbox Server Deployment
Exercise 2: Designing Recipient Management
10
Exercise 3: Designing a Public Folder Deployment
12
Exercise 4: Implementing Mailbox Services
14
Lab: Planning and Deploying Mailbox Services
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, do the
following:
1.
2.
Ensure that the 10233B-VAN-DC1, 10233B-VAN-EX1, 10233B-VAN-EX2, and 10233B-VAN-CL1 virtual

machines are running.
3.

Adatum\Administrator using the password Pa$$w0rd.
Lab Scenario
You are a messaging engineer for the A. Datum Corporation, an enterprise-level organization with
multiple locations. A. Datum Corporation is an international organization involved in technology research
and investment, and it is planning to upgrade from Exchange Server 2003 to Exchange Server 2010.
You have been tasked with reviewing the current messaging infrastructure and network topology, with a
goal of planning the deployment and configuration of mailbox services. You need to make proposals
about how best to address the needs of the various stakeholders in the organization.
Finally, you need to implement part of your proposed mailbox services design.
Note Your instructor may choose to perform this lab as a group discussion rather than as
an individual activity.

Scenario
In this exercise, you will examine the current topology and messaging infrastructure. You will determine
the appropriate Mailbox server deployment based on the information supplied in the A. Datum Exchange
Server 2010 project documentation.
1.
Review the A. Datum Corporation documentation.
2.
Answer questions related to the documentation.
3.
Perform high level planning for Mailbox server storage in London.
4.
Use the Exchange 2010 Mailbox Server Role Requirements Calculator spreadsheet to determine the
configuration.
5.
Update the A. Datum Large Mailbox server design document.
Server Design Interviews

Marcel Truempy, CIO
For me, high availability is the most important part of your server design. You need to ensure that if a
single server fails, or if a single component on a server fails, the failure affects as few people as possible.
Ideally, a server failure should affect no one. I know that is a bit unrealistic in some cases, but it is a goal
toward which we can aim.
We also need to ensure that your design can be scaled easily to a larger size. I think it is realistic that all of
our office locations will grow by 30 percent over the next three years. We will be buying more companies,
so prepare for that, as well.

We have deployed a very good SAN at London, Tokyo, and Vancouver. This SAN has fully redundant
systems and provides a very high level of availability. For the Mailbox servers we are deploying in these
offices, the SAN needs to store the data. As far as I am concerned, the SAN provides enough availability so
that we do not have to do anything additional for these servers. We plan to install one of these SANs at
the new London office, as well.
For the mailbox servers in the other offices, we are going to need to provide redundancy for the mailbox
databases. These servers all use DAS. Like I said before, I am worried about the budget, so do whatever
you can to provide high availability without deploying too many additional servers.
Many of our organizations users are using Office Outlook 2003, but we have started a project to deploy
the Windows 7 operating system with the 2007 Microsoft Office system; however, it will take at least 18
months to complete. Additionally, we will be deploying new client computers in our future London and
Chennai offices.

I understand that Carole wants to use the SAN for mailbox storage, but I think she is underestimating the
amount of storage space we require for Exchange Server servers. The SANs that we have in place right
now have only about 10 terabytes of free disk. Unless we keep our mailboxes very small, it simply wont
be sufficient.
Her plan to use the SAN will also not result in high availability for Mailbox servers. The server itself will be
a single point of failure. Exchange Server 2010 does not support the use of single copy clusters like
Exchange Server 2007. A DAG will be required for high availability, and each server in the DAG maintains
a copy of the database. It would be incredibly inefficient to store multiple copies of the same data on the
same SAN.
For initial planning purposes, we need to assume that well use a DAG with at least three database copies.
Two copies will be located in the location with users, and one copy will be offsite for disaster recovery.
We currently have a mailbox size limit of 50 MB for all users. However, this limit is much too small, and
many people have been able to convince their managers to approve a size increase. Almost half of the
people in the company currently have an exception on their mailbox limits, with the limit at 200 MB or
more. During a meeting last week, the CIO mentioned that when we get to Exchange Server 2010, we
would set up a mailbox size limit of 500 MB for all users and a 1 GB limit for executives or other
exceptional cases. About 25 percent of the users will fall into the exceptional category. In addition, we
want to create personal archives for the users that are double the size of the mailbox to eliminate the use
of PST files.
I have some concerns with increasing the mailbox size to this limit. The back-up system in all of our offices
doesnt have as much capacity as we would like. In some offices, we are still backing up to tape. Some of
the tape backup systems can restore at only 50 GB per hour. According to the SLA that we have in place,
we are supposed to restore any failed database within an hour of failure.
Server Design Statistics

This is a standard profile that can be used for all mailbox servers. Based on the number of users in each
location, we can vary the amount of RAM and the size of the storage.
Server Hardware Characteristics
Processor: 2 x six core processor, total SPECint Rate of 400
Disks: 2000 GB, 7.2K revolutions per minute (RPM) SAS 3.5
Tier 1: User Messaging Statistics
Number of mailboxes: 25 percent of total on each Mailbox server
Messages sent/received per day: 20 sent/80 received
Average message size: 50 KB
Tier 2: User Messaging Statistics
Number of mailboxes: 75 percent of total on each Mailbox server
Messages sent/received per day: 10 sent/40 received
Average message size: 25 KB
Task 1: Review the A. Datum Corporation documentation
Task 2: Answer questions related to the documentation

Question: In the Server Design Interviews, what points are raised that impact your Mailbox server
deployment plan, and how do they impact it?
Question: In the Server Design Statistics, what information is relevant to determining server
design, and why?
Task 3: Perform high level planning for Mailbox server storage in London

A. Datum high level planning for mailbox servers in London
Document Author
Date
Jason Carlson
2nd April 2010
Create a high level plan for Mailbox server storage in London.
Additional Information
N/A
Question: Assuming that there are 12,000 users in London, how much disk space is required for
mailbox databases?
Question: Should the disk space for Mailbox servers be SAN or DAS?
Question: If DAS is used, will the disk space use RAID or JBOD?
Question: What size and speed of disk do you think is appropriate?
Question: Should transaction logs be stored on a separate LUN from database files?
Task 4: Use the Exchange 2010 Mailbox Server Role Requirements Calculator
spreadsheet to determine the configuration
1.
On VAN-CL1, open the \\VAN-EX1\E$\Labfiles\LabResources\E2010Calc18.2.xlsm spreadsheet.

Click Enable Content and then click Yes.
2.
Enter the following data on the Input tab:
Exchange Environment Configuration
Global Catalog Architecture: 64-bit
Server Multi-Role Configuration: No
Server Role Virtualization: No
High Availability Deployment: YES
Number of Mailbox Servers Hosting Active Mailboxes/DAG (Primary Datacenter): 2
Number of Database Availability Groups: 1
Mailbox Database Copy Configuration
Total Number of HA Database Copy Instances (Includes Active Copy) within DAG: 3
Total Number of Lagged Database Copy Instances within DAG: 0
Number of HA Database Copy Instances Deployed in Secondary Datacenter: 1
Exchange Data Configuration
Data Overhead Factor: 20%
Mailbox Moves / Week Percentage: 1%
Dedicated Maintenance / Restore LUN: Yes
LUN Free Space Percentage: 20%
Exchange I/O Configuration
I/O Overhead Factor: 20%
Additional I/O Requirement / Server: 0
Site Resilience Configuration
Site Resilient Deployment: Yes
Site Resilience User Distribution Model: Active/Passive
Site Resilience Recovery Point Objective (Hours): 24
Activation Block Secondary Datacenter Mailbox Servers: Yes
Database Configuration
Maximum Database Size Configuration: Default
Automatically Calculate Number of Unique Databases / DAG: Yes
Calculate Number of Unique Databases / DAG for Symmetrical Distribution: No
Tier 1 User Mailbox Configuration
Total Number of Tier 1 User Mailboxes: Use the data from Task 2
Projected Mailbox Number Growth Percentage: Use the data from Task 2
Total Send/Receive Capability / Mailbox / Day: Use the data from Task 2
Average Message Size (KB): Use the data from Task 2
Mailbox Size Limit (MB): Use the data from Task 2
Personal Archive Mailbox Size Limit (MB): Use the data from Task 2
Deleted Item Recovery Window (Days): 14
Single Item Recovery: Enabled
Calendar Version Storage: Enabled
IOPS Multiplication Factor: 1.00
Megacycles Multiplication Factor: 1.00
Desktop Search Engines Enabled (for Online Mode Clients): No
Predict IOPS Value: Yes
Total Number of Tier 2 User Mailboxes: Use the data from Task 2
Projected Mailbox Number Growth Percentage: Use the data from Task 2
Total Send/Receive Capability / Mailbox / Day: Use the data from Task 2
Average Message Size (KB): Use the data from Task 2
Mailbox Size Limit (MB): Use the data from Task 2
Personal Archive Mailbox Size Limit (MB): Use the data from Task 2
Backup Configuration
Backup Methodology: Exchange Native Data Protection
Database and Log Isolation Configured: No
Backup/Truncation Failure Tolerance: 3
Network Failure Tolerance (Days): 0
Storage Options
3.
Consider Storage Designs Utilizing JBOD (if applicable): Yes
Primary Datacenter Disk Configuration
Database + Log: Use the data from Task 2
Restore LUN: Use the data from Task 2
Secondary Datacenter Disk Configuration
Database + Log: Use the data from Task 2
Restore LUN: Use the data from Task 2
Server Configuration
Primary Datacenter Mailbox Servers: Use the data from Task 2
Primary Datacenter Mailbox Servers: Use the data from Task 2
Log Replication Configuration
For Hours 1-5,20-24: 1%
For Hours: 6-7,18-19: 5%
For Hours 8-17, 7%
Network Configuration:
Network Link Type: Fast Ethernet
Network Link Latency: 50.00
Log off of VAN-CL1.
Task 5: Update the A. Datum Large Mailbox server design document

A. Datum Large Mailbox server design
Document Author
Date
Jason Carlson
2nd April 2010
Determine the hardware configuration for large Mailbox servers that use DAS.
N/A
Proposals
Question: What is the processor configuration for each server?
Question: What type of disks are being used?
(continued)
Question: How many databases are recommended?
Question: How many mailboxes are recommended for each database?
Question: What is the recommended RAM for this server?
Question: What is the expected CPU utilization for this server?
Question: What is the recommended number of LUNs on the server?
Question: How many databases are recommended per LUN?
Question: What is the total disk space required per server?
Question: What type of RAID is recommended?
Question: How many database disks are recommended for the primary datacenter servers?
Question: How many database disks are recommended for the secondary datacenter server?
Results: After this exercise, you should have determined the configuration for London mailbox servers.
10

Scenario
In this exercise, you will determine the appropriate recipient management design based on the
information supplied in the A. Datum Exchange Server 2010 project documentation.
1.
2.
3.
Document the required configuration
Recipient Management Interviews

Conor Cunningham, Messaging Services Manager
We have two distinct business units right now. A. Datum is using the adatum.com domain, and Trey
Research is using the TreyResearch.net domain. All users in each business unit should be using their
assigned email address. However, sometimes, external users send messages to the wrong domain. All
incoming messages should correctly resolve for both domains.
Ive been also been asked whether it is possible for Trey Research to have a separate GAL and other
address books from A. Datum. Since most communication is with a business unit wed like to simplify the
address books for them.
Lori Penor, IT Client Services Manager

Client Services is the first point of contact when users in our organization have computer problems. They
also create and manage the user accounts. In our existing system, they are also responsible for creating
mailboxes. Id like this to continue.
The Client Services staff at each location should be able to create and manage users and mailboxes only in
that physical location. The exceptions to that are Client Services team leaders in each location.
Occasionally, there is a need for Client Services staff to manage users in another location, but that should
be restricted to only the team leaders.
Sidney Higa, IT Client Services Team Lead in Toronto

Were quite excited about the implementation of Exchange Server 2010. We have some ongoing concerns
that were hoping the new implementation can help us out with.
Our first concern is booking meeting rooms. The current system is working, but is difficult to configure.
Wed like to have an automated system where most bookings are automatically accepted and only
conflicts or other problems need to be manually approved.
Our second concern is group management. Right now, we are responsible for managing the membership
of distribution groups. If there is some way we can easily delegate that down to department
representatives, it would significantly reduce our workload.

Question: In the Recipient Management Interviews, what points are raised that impact your
Mailbox server deployment plan, and how do they impact it?
Task 3: Document the required configuration

A. Datum recipient management configuration
Document Author
Date
Jason Carlson
2nd April 2010
Determine the configuration required to meet recipient management needs.
Proposals
Question: How will you ensure that recipients are assigned the correct email addresses?
Question: How will you enable the IT Client Services staff to perform recipient management?
Question: How will you meet the needs for meeting room bookings?
Question: How will you address the needs for distribution group management?
Question: How will you address the need for separating the address books for A. Datum and Trey
Research?
Results: After this exercise, you should have designed the appropriate configuration for recipient
management.
11
12

Scenario
In this exercise, you will determine the appropriate recipient management design based on the
information supplied in the A. Datum Exchange Server 2010 project documentation.
1.
2.
3.
Document the required configuration
Public Folder Interviews

The executives have a wide variety of information that wed like to share. We were thinking that a
discussion forum would be useful. Ive been talking with Sabine and he has been recommending Windows
SharePoint Services for this type of collaboration. Hes told me that there are several SharePoint sites
being successfully used by other groups in the organization. However, we are very comfortable using
Outlook for this and dont want to use learn yet another tool.
It is important that we can access this data quickly from any location. I also want to make sure that a
single server failure will not cause data to be lost.

There are a number of groups using SharePoint sites collaboratively and very successfully. We are actively
encouraging anyone that is looking to use public folders to consider SharePoint instead. SharePoint is
capable of a much wider variety of functionality that public folders just cannot do. It has features like
document libraries, shared calendars, blogs, and discussion groups.
That said, I dont see eliminating public folders anytime soon. So many users are just comfortable with
them.
Lori Penor, IT Client Services Manager

We are looking for a way to share information within the IT Client Services team. I was thinking that a
public folder might be the best way to do this. That way we can have a shared calendar for department
events and discussions.
Server Design Interview

Question: In the Public Folder Interviews, what points are raised that impact your public folder
Question: In the Server Design Interview, what points are raised that impact your public folder

A. Datum public folder configuration
Document Author
Date
Jason Carlson
2nd April 2010
Determine the configuration required to meet public folder needs.
Proposals
Question: How will you address the executives desire for public folders?
Question: How will you address the IT Client Services request for a public folder?
Question: Other than the public folder for executives, which other public folders are required?
Results: After this exercise, you should have designed the appropriate configuration for public folders.
13
14

Scenario
1.
Replicate and configure the Executives public folder.
2.
Create and configure a resource mailbox.
3.
Test the delegation of a resource mailbox.
4.
Configure a distribution group for delegated management and moderation.
5.
Test moderation of a distribution group.
Task 1: Configure an address book policy for Trey Research.

1.
On VAN-EX1, use the Active Directory Users and Computers administrative tool to create a new
organizational unit in the root of adatum.com.
Name: Trey
2.
Open the Exchange Management Console and browse to the Mailbox node under Organization.
3.
Create a new address list for Trey Research users:
4.
Name: Trey Users
Display Name: Trey Users
Container: \
Recipient container: Adatum.com/Trey
Recipient types: Users with Exchange mailboxes
Conditions: None
Schedule: Immediately
Create a new address list for Trey Research rooms:
Name: Trey Rooms
Display Name: Trey Rooms
Container: \
Recipient container: Adatum.com/Trey
Recipient types: Resource mailboxes
Conditions: None
Schedule: Immediately
5.
Open the Exchange Management Shell.
6.
Create a new GAL for Trey Research by using the following command:
New-GlobalAddressList TreyGAL RecipientContainer ou=Trey,dc=adatum,dc=com
7.
15
Create a new OAB for Trey Research by using the following command:
New-OfflineAddressBook TreyOAB AddressLists TreyGAL
8.
9.
In the Exchange Management Console, create a new address book policy with the following settings:
Name: TreyABP
Global address list: TreyGAL
Offline address list: TreyOAB
Room list: Trey Rooms
Address lists: Trey Users
In the Exchange Management Shell, assign TreyABP to all users in the Trey organizational unit by
using the following command:
Get-Mailbox OrganizationalUnit Trey | Set-Mailbox AddressBookPolicy TreyABP
10. On VAN-CL1, log on as Adatum\Wei with the password Pa$$w0rd.

11. Open Outlook 2010, configure an Outlook profile as needed and then view the list of address books.
12. Verify that the Global Address List is empty because the OAB containing TreyGAL has not been
generated yet.
13. Verify that Wei is the only user listed in the Trey Users address book.
14. Log off of VAN-CL1.
Task 2: Create and configure a resource mailbox

1.
2.
On VAN-EX1, open the Exchange Management Console and create a new resource mailbox with the
following options:
First name: Room 100
User logon name: Room100
Alias: Room100
In the properties of Room 100, perform the following:
Enable the Resource Booking Attendant.
Specify Andreas Herbinger as a delegate.
Allow Luca Dellamore to submit out-of-policy requests.
Task 3: Test the delegation of a resource mailbox

1.
On VAN-CL1, log on as Adatum\Luca using the password Pa$$w0rd.
2.
Open Microsoft Outlook 2010.
3.
Create and send a new meeting request with the following settings:
To: Luca; Conor
Subject: Exchange Planning
Start time: Tomorrow 1pm
16
End Time: Tomorrow 2pm
Room: Room 100
4.
Notice that an automatic response is received indicating that the booking was accepted by Room
100, because the request is in-policy. The response may take a minute or so to appear.
5.
Create and send a new meeting request with the following settings:
To: Luca; Conor
Subject: Exchange Project Review
Start time: 9 months from today at 1pm
End Time: 9 months from today at 2pm
Room: Room 100
6.
Open the Microsoft Internet Explorer browser, and then connect to https://vanex1.adatum.com/owa.
7.
Log on to Outlook Web App as Adatum\Andreas using the password Pa$$w0rd.
8.
Read and approve the meeting request from Luca.
9.
In Outlook, verify that Room 100 has accepted the meeting request.
Task 4: Configure a distribution group for delegated management and moderation

1.
On VAN-EX1, use the Exchange Management Console to open the Properties of the Executives
distribution group.
2.
On the Group Information tab, add Conor Cunningham as group manager.
3.
On the Membership approval tab, verify that group membership is Closed.
4.
On the Mailflow Settings tab:
Enable moderation.
Add Luca Dellamore as the moderator.
Add the Executives distribution group as a sender that does not require approval.
Task 5: Test moderation of a distribution group

1.
On VAN-CL1, send a message in Outlook Web App from Andreas with the following settings:
To: Executives
Subject: New Public Folder
Body: The Executives public folder has been created for you.
2.
View the delivery report for the New Public Folder sent item.
3.
In Office Outlook, approve the message for the Executives group.
4.
In Outlook Web App, view the delivery report for the New Public Folder sent item, and then verify its
delivery.
Results: After this exercise, you should have created and tested a public folder, a resource mailbox, and a
distribution group.
17

When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:
1.
2.
Right-click 10233B-VAN-DC1 in the Virtual Machines list, and then click Revert.
3.
4.
Repeat these steps for 10233B-VAN-EX1, 10233B-VAN-EX2, and 10233B-VAN-CL1. Close the virtual
machine connection windows
5.
6.
To connect to the virtual machine for the next modules lab, click 10233B-VAN-DC1, and then in the
Actions pane, click Connect.
Important: Start the 10233B-VAN-DC1 virtual machine first, and ensure that it is fully
started before starting the other virtual machines.
7.
8.
Lab Instructions: Planning and Deploying Client Access Services in Microsoft Exchange Server 2010
Module 4
Lab Instructions: Planning and Deploying Client Access
Services in Microsoft Exchange Server 2010
Contents
Exercise 1: Designing the Client Access Server Deployment
12
Exercise 2: Designing Client Access
14
Exercise 3: Implementing Client Access
16
Lab: Planning and Deploying Client Access Services in

Exchange Server 2010
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must:
1.
2.
Ensure that the 10233B-VAN-DC1, 10233B-VAN-EX1, and 10233B-VAN-EX2 virtual machines are
running.
3.

Lab Scenario
multiple locations. A. Datum Corporation is an international corporation involved in technology research
and investment, and is planning to upgrade from Exchange Server 2003 to Exchange Server 2010.
You have been tasked with reviewing the current messaging infrastructure and network topology, and
planning the deployment and configuration of Client Access servers. You are required to make proposals
about how best to address the needs of the various stakeholders in the organization.
Finally, you are required to implement part of your proposed Client Access design.
Note Your instructor may choose to perform parts of this lab as a group discussion, rather
than an individual activity.
Server Design Interview Notes.doc

Marcel Truempy, CIO
For me, high availability is the most important part of your server design. You need to ensure that if a
single server fails, or if a single component on a server fails, the failure affects as few people as possible.
Ideally, a server failure should affect no one. I know that is a bit unrealistic in some cases, but it is a goal
toward which we can aim.
We also need to ensure that your design can be scaled easily to a larger size. I think it is realistic that all of
our office locations will grow by 30 percent over the next three years. We will be buying more companies,
so prepare for that, as well.

We have deployed a very good storage area network (SAN) at London, Tokyo, and Vancouver. This SAN
has fully redundant systems, and provides a very high level of availability. For the Mailbox servers we are
deploying in these offices, the SAN needs to store the data. As far as I am concerned, the SAN provides
enough availability so that we do not have to do anything additional for these servers. We plan to install
one of these SANs at the new London office, as well.
For the Mailbox servers in the other offices, we are going to need to provide redundancy for the mailbox
databases. These servers all use Directly Attached Storage. Like I said before, I am worried about the
budget, so do whatever you can to provide high availability without deploying too many additional
servers.
Many of our organizations users are using Microsoft Office Outlook 2003, but we have started a project
to deploy the Windows 7 operating system with the 2007 Microsoft Office system; however, it will take at
least 18 months to complete. Additionally, we will be deploying new client computers in our future
London and Chennai offices.

I understand that Carole wants to use the SAN for mailbox storage, but I think she is underestimating the
amount of storage space we require for Exchange servers. The SANs that we have in place right now have
only about 10 terabytes of free disk. Unless we keep our mailboxes very small, that simply will not be
sufficient.
Her plan to use the SAN will also not result in high availability for Mailbox servers. The server itself will be
a single point of failure. Exchange Server 2010 does not support the use of single copy clusters like
Exchange Server 2007. A DAG will be required for high availability, and each server in the DAG maintains
a copy of the database. It would be incredibly inefficient to store multiple copies of the same data on the
same SAN.
We currently have a mailbox size limit of 50 megabyte (MB) for all users. However, this limit is too small
and many people have been able to convince their managers to approve a size increase. Almost half of
the people in the company currently have an exception on their mailbox limits, with the limit at 200 MB
or more. During a meeting last week, the CIO mentioned that when we get to Exchange Server 2010, we
would set up a mailbox size limit of 250 MB for all users, with a 500 MB limit for executives or other
exceptional cases. About 25 percent of the users will fall into the exceptional category. In addition, we
want to create archive mailboxes for the users that are double the size of the mailbox to eliminate the use
of .pst files.
I have some concerns with increasing the mailbox size to this limit. The back-up system in all of our offices
does not have as much capacity as we would like. In some offices, we are still backing up to tape. Some of
the tape backup systems can restore at only 50 GB per hour. According to the service level agreement
that we have in place, we are supposed to restore any failed database within an hour of failure.
Requirements Interview Notes.doc

Madeleine Kelly, CEO
The Board of Directors has just initiated a three-year plan that will result in A. Datum doubling in size.
Some of this growth is going to come from internal growth by expanding our current businesses, but the
plan also calls for a very aggressive acquisitions strategy. Much of my time for the next three years will be
spent identifying potential acquisitions anywhere in the world, and negotiating partnerships or takeovers.
Whatever messaging solution you create has to be very flexible and easily expanded.
Karen Toh, Vice President Europe

My biggest complaint with the current email system is that it is technically obsolete. One of the groups I
manage is our International Sales Team. There are only 50 people on the team, but they are constantly
traveling throughout the world researching business opportunities. This team makes more money for this
company than any other group of people. They are also very knowledgeable about technology, and they
tell me that our current system is archaic compared to what other companies are using. This team wants
the latest and greatest in technology. This team needs to be able to access their email from anywhere in
the world at any time.
Marcel Truempy, CIO

In the last five years since I became CIO, our email system has changed from being a useful tool for
business to being a critical part of our business processes, and everybody notices when email is not
available. To give you an example, a couple of months ago all of the email servers in London were
unavailable for six hours due to a virus outbreak. A couple of months before, one of the servers in
Vancouver failed, and we could not send email to and from Vancouver for eight hours while the hardware
vendors came in to fix the hardware. This happened right in the middle of some critical business
negotiations where we had to be able to exchange documents rapidly. In both cases, the CEO and every
other member of the executive staff called me on my cell phone while I was at home. The most important
requirement I have for this email system is availability. This system must always be available.

Our Security and Compliance Department is based in Vancouver, so it reports to me. The head of that
department tells me that the rules for how we do business and, especially, how we handle confidential or
private information are changing all the time. Just about every country has laws regulating what we can
do with private customer information, but the rules are often not the same. This gets very complicated for
an international organization like ours where some of that information is crossing country borders. We
need a messaging solution that we can use to enforce some of the compliance requirements.
Gareth Chan, Vice President - Asia

A. Datum is establishing an important partner relationship with Contoso, Ltd. Contoso, Ltd is a high-tech
research organization, and we are working on some confidential projects with them. We need to ensure
that all of the email that we are sending between our company and Contoso, Ltd cannot be viewed by
anyone else on the Internet.

My biggest concern with this project is the budget. This company has a history of setting high
expectations for a project, and then not providing the budget to do the job right. So whatever design you
come up with, we are going to have to be conscious of the budget.

The Network Operations department is responsible for managing all of the WAN links, the local area
networks (LANs), and the firewalls. One of the restrictions that the Security department placed on us
recently is that we cannot allow any unencrypted traffic through our internal firewalls. We can accept
unencrypted traffic into our perimeter network, but not to the internal network.

I can provide you with a Microsoft Office Visio diagram that has all of our WAN connections and our
connections to the Internet. Our network right now is quiet reliable, but we do not have much available
bandwidth between company locations.

The company just finished upgrading all of the AD DS domain controllers to Windows Server 2008,
Service Pack 1 (SP1). As part of the upgrade, we did a thorough review of our whole AD DS design. We do
not anticipate making any more changes to the AD DS configuration for a while.
Conor Cunnigham, Messaging Services Manager

One of our biggest problems right now is all of the mobile users that we have to support. We have quite a
few users using Outlook Web Access, and that seems to be working pretty well, although I do have some
security concerns with using Outlook Web App. Many of our users work at home, and most of them use
POP3 clients. I also have security concerns with these clients, but a bigger problem for them is
functionality. Users complain that they cannot easily access their calendar information or send meeting
requests. And we have more and more people asking for access to their email through cell phone devices.

We currently have a mailbox size limit of 50 MB for all users. However, this limit is much too small, and a
lot of people have convinced their managers to approve size increases for their mailboxes. At this point,
almost half of the people in the company have an exception on their mailbox limits, most of these limits
are at 100 MB.
Luca Dellamore, Messaging Specialist

We currently have four administrative groups in our Exchange Server organization. We have an
administrative group for North America, one for Europe, and one for Asia (LondonAG, VancouverAG, and
TokyoAG). The extra administrative group contains all of the routing groups (RoutingGroupAG). In each
location, we have a group of Exchange Server administrators that have full administrative permissions for
their administrative group, but do not have any permission in the other administrative groups
(LondonExAdmins, VancouverExAdmins, and TokyoExAdmins). In London, we have a group of senior
messaging specialists who have full control over all administrative groups (EnterpriseExAdmins). This
group is also the only group that has administrative permissions over the routing administrative group.
We also have a routing group for each of the big company locations. The routing group in Vancouver is
called VancouverRG, and then we have LondonRG and TokyoRG. I can send you the Office Visio with all of
the Exchange servers in each location. We have a routing group connector between VancouverRG and
LondonRG, and between LondonRG and TokyoRG.
We use two SMTP namespaces: adatum.com, and TreyResearch.net.
AD DS and Routing Interview Notes.doc

The company just finished upgrading all of the AD DS domain controllers to Windows Server 2008 SP1.
The company has indicated that there is no budget for any further AD DS changes, so any modifications
we make as part of this project must have no budget implications.
One change that we have been considering is removing the Chennai domain controller. The office
currently does not have a secure server room. There was a project in place to build the server room, but
that projects budget is in jeopardy. Any input you could provide to this decision would be appreciated
greatly.

We currently have some messaging problems at the London location. Quite often, when I look at the
server queues on the Exchange servers, I see that there are many messages in the categorizer queue. Users
also complain that when they try to view the global address list, it can take more than 10 seconds for it to
appear. All of the other network locations seem to be fine.
We have had some past problems with the bridgehead servers in London, Vancouver, and Tokyo. The
problems appear when there is a network outage to one of the other offices. If the outage lasts for more
than a few minutes, it seems like we get hundreds of messages in the bridgehead server queues, and then
it can take a long time for the server to deliver the messages once we restore the network connection.
Compounding this problem in London is the fact that this is the only location where we accept inbound
SMTP email for Trey Research. We need to ensure that messages get sent out of these sites even if the
final destination site is not available.
As you have already heard, we have many employees using Outlook Web Access. We would really like to
make sure that the experience for the Outlook Web App users is as positive as possible.

We have been monitoring network traffic by protocol for the last year, and have noticed a significant
increase in the network bandwidth that SMTP traffic uses. In your design, you need to ensure that email
messages always are sent to the network connections with the highest bandwidth. Also, make sure that
you take advantage of any other way that you can save bandwidth that email uses.
We are just taking over managing the network in San Diego, so we are not sure what network changes we
will need to make there. From what I understand, we may need to wait on some firewall changes until
after we get rid of the current messaging system.

Our department is responsible for the companys firewall configurations. With every company location
having its own Internet connection, this can be a real challenge. Right now, we are allowing HTTPS access
to some Exchange servers in London, Vancouver, and Tokyo. This configuration is working okay, but we
do not want to open up any more messaging ports in any location. Additionally, we currently are allowing
incoming and outgoing SMTP traffic through our firewalls only in London, because that is the only
location where we have a spam-filtering solution in place. We would be open to changing this, but would
need to know that the email messages are being scanned for viruses and spam in all locations where we
allow SMTP traffic.
Adatum_CurrentPerimeterDesign.vsd
Adatum_CurrentADSiteDesign.vsd
Policy Requirements.doc
As part of the Exchange Server 2010 design process, the analysts assigned to the project have identified
the following policy requirements.
Mailbox and Message Policies
The available network bandwidth between company locations is limited. The largest message sent by
most users in the organization is 5 MB.
The graphics department regularly sent messages with 10 MB attachments. The graphics personnel
are located in London, Vancouver, and Tokyo. These messages must be delivered within the
organization.
The current limit for sending and receiving email to the Internet is 2 MB. Many users in the
organization have concerns about this limit, and would like to at least double this limit. With the
changes made to the delivery of messages to and from the Internet, the organization has agreed to
meet this expectation.
As a general rule, the design should allow for 20 percent buffer when designing message size policies.
All users must have a maximum mailbox size of 250 MB. Executives and managers must have a
maximum mailbox size of 500 MB. Each user will also have an archive mailbox that is twice the size of
the mailbox.
All users should receive a warning when their mailbox reaches 80 percent of the maximum mailbox
size, and should be prevented from sending email when their mailbox reaches 90 percent of the
maximum size.
Users should be able to recover items in their mailboxes for 7 days after the message has been
deleted from the deleted items folders. Executives should be able to recover these types of messages
for 21 days.
All users in the entire organization should be able to book meetings using any resource mailboxes,
such as meeting rooms and equipment mailboxes. When users book a meeting, they should get an
email back saying that the meeting has been accepted. No duplicate meetings should be accepted by
a meeting room. The only exceptions to this policy are two meeting rooms in London that are used
for video conferences. Any member of the Sales team in the entire organization should be able to
book the meeting room, but the meeting requests much be accepted by a member of the Sales
Support team in London.
Mobile Messaging Requirements
All executives and many managers would like to use mobile devices to access the Exchange
mailboxes. Up to this point, users have not been able to access their email using mobile devices.
There is a very strong demand to make this feature available. Many executives see this as the primary
benefit of implementing the new email system.
As access to email from mobile devices becomes available, the business departments are expecting
many users will want to have the same level of access. Providing this access is a high priority for most
business departments.
10
The security officer is concerned about making mobile device access available for all users. He has
specified the following security requirements:
All users who will be accessing email on the Exchange server must be required to have an
alphanumeric password that is at least 6 characters long.
Users who want to download attachments to the device must have encryption enabled on the
device, and the device must be configured to lock after five failed logon attempts.
Exchange administrators must be able to remotely wipe any mobile devices.
All executives and managers must be able to download attachments to their mobile devices.
Other users do not require this functionality.
The Exchange administrators do not want to be involved every time a user gets a new mobile
device, but they also do not want users to have many mobile devices associated with their
mailbox.
Compliance Requirements
The corporation reviews its sales and marketing approach every six months. All members of the Sales
and Marketing teams are involved in the reviews. During the review process, a significant amount of
email is sent between team members. Retaining this email for historical data is important, but these
emails should not be retained in user mailboxes for more than nine months. When the messages are
removed from the user mailboxes, they should easily be accessible to all members of the Sales and
Marketing teams, but should not be accessible to other users in the organization.
All messages sent to and from the Legal team must be retained in a secure location.
In order to decrease the size of user mailboxes, all messages in user mailboxes that are more than 12
months old should be deleted and placed in the deleted items folder. All messages more than six
months old in the Deleted Items folder and Sent Items folder should be deleted. This policy should
apply to all users.
Members of the Executive group should have the option of saving messages in their mailbox
indefinitely.
11
A. Datum User Distribution Summary.doc

Location
Internal users
Mobile users
London
Corporate
Headquarters
12,000 currently

800 Office Outlook users connecting through a virtual
London (new
office)
4,000 (anticipated)

San Diego
Former head
office of
Trey Research
500
Vancouver
6,000

Tokyo
5,000

Chennai (new
office)
800 (anticipated)

A. Datum has deployed a single AD DS forest with a dedicated root domain named Adatum.com, and
three child domains in the same tree. These domains are:
EU.Adatum.com
NA.Adatum.com
AS.Adatum.com
12

Scenario
the appropriate Client Access server deployment based on the information supplied in the A. Datum
Exchange Server 2010 project documentation.
1.
Review the A. Datum documentation.
2.
3.
Update the A. Datum Client Access server deployment plan document.
Task 1: Review the A. Datum documentation

Question: In the Server Design Interview Notes document, what points are raised that impact
your Client Access server deployment plan, and why do they impact the plan?
Question: In the Requirements Interview Notes document, what points are raised that impact
your Client Access server deployment plan, and why do they impact the plan?
Question: In the AD DS and Routing Interview Notes document, what points are raised that
impact your Client Access server deployment plan, and why do they impact the plan?
Question: Is there anything in the Adatum_CurrentPerimeterDesign.vsd diagram that raises

Client Access server deployment issues? If so, what?
Question: Is there anything in the Adatum_CurrentADSiteDesign.vsd diagram that raises Client

Access server deployment issues? If so, what?
Task 3: Update the A. Datum Client Access server deployment plan document

A. Datum Client Access Server Deployment Plan
Document Author
Date
Jason Carlson
4th April 2010
Determine the number and placement of Client Access servers within the existing network
infrastructure.
Identify infrastructure changes that may be required due to the proposed deployment.
Proposals
Question: With reference to the Adatum_CurrentADSiteDesign diagram, how many Client Access
servers do you propose to deploy in each site?
Question: Do you have sufficient information from the documents reviewed so far, to determine
whether some sites require additional Client Access servers?
Question: Based on the documentation you have reviewed, what client types must you support?
Question: Is it clear from the documentation that you have reviewed which sites support which
client types?
Question: While maintaining compliance with the requirements mentioned in the documentation,
can you propose changes to the client types that will simplify the configuration?
Question: Which Client Access servers do you propose to make Internet-facing?
Question: How will you configure Autodiscover to support your Client Access server model?
Note
Results: After this exercise, you should have completed the A. Datum Client Access server deployment
plan document.
13
14

Scenario
In this exercise, you will determine which Client Access server features and services are required, and you
will plan how to configure them to support the defined requirements.
1.
2.
3.
Update the A. Datum Client Access server configuration document.
Review the contents of the following documents:

Question: In the Policy Requirements document, what points are raised that impact your Client
Access server deployment plan, and why?
Question: In the A. Datum User Distribution Summary document, what points are raised that
impact your Client Access server deployment plan and why?
Task 3: Update the A. Datum Client Access server configuration document

A. Datum Client Access Server Configuration
Document Author
Date
Jason Carlson
4th April 2010
Determine the feature configuration for Client Access servers in the A. Datum Exchange Server 2010
upgrade.
Proposals
Question: Based on the information in the A. Datum User Distribution Summary document, do you
envisage deploying additional Client Access servers in any sites?
Question: Which features must you enable on the Client Access servers to support the current
client-types?
Question: Which client protocols must you enable through the firewalls?

Question: What would you do to address the security concerns raised regarding mobile clients?
Question: To support the other client types, what other configuration changes must you make?
Note
Results: After this exercise, you should have completed the A. Datum Client Access server configuration
document.
15
16

Scenario
In this exercise, you will implement Exchange ActiveSync according to your proposals.
1.
Verify the Exchange ActiveSync virtual directory configuration.
2.
Create a new Exchange ActiveSync mailbox policy.
3.
Configure Exchange ActiveSync settings from the ECP.
Task 1: Verify the Exchange ActiveSync virtual directory configuration
In the Exchange Management Console, review the configuration for the Microsoft-Server-ActiveSync
virtual directory. The virtual directory configuration can be viewed for each Client Access server in the
Client Access node.
Task 2: Create a new Exchange ActiveSync mailbox policy

1.
On VAN-EX2, in the Exchange Management Console, create a new Exchange ActiveSync Mailbox
policy with the following configuration:
Name: Executive Policy
Enable non-provisionable devices
Enable attachments to be downloaded to the device
Require passwords
Disable simple passwords
Enable password recovery
Minimum password length: 6
Require encryption on device
Note
You must create and then modify the policy to configure the following two settings.
Configure the number of failed logon attempts at 5
Require encryption on storage card
2.
Review the other Exchange ActiveSync Mailbox policy settings.
3.
Apply the Exchange ActiveSync Mailbox policy to users in the Executives OU. Open Exchange
Management Shell, and then execute the following command:
Get-Mailbox -OrganizationalUnit Executives | Set-CASMailbox
-activesyncmailboxpolicy "Executive Policy"
Task 3: Configure Exchange ActiveSync settings from the ECP

1.
Open Internet Explorer and navigate to https://van-ex2.adatum.com/ecp.
2.
Logon as adatum\administrator using the password of Pa$$w0rd.
3.
From Phone & Voice, from within the ActiveSync Device Policy, review the Executive Policy.
Notice that text messages can be synchronized by default.
4.
From within ActiveSync Access, create a New Device Access Rule:
All families
Quarantine Let me decide to block or allow later.
You will not be able to save the settings as there are no devices currently in use within the
Adatum organization. Cancel the policy creation and close all open windows.
17
Results: After this exercise, you should have deployed and configured Exchange ActiveSync for members
of the Executives group.

When you finish the lab, revert the machines back to their initial state. To do this, complete the following
steps:
1.
2.
3.
4.
Repeat these steps for 10233B-VAN-EX1, 10233B-VAN-EX2. Close the virtual machine connection
windows.
5.
6.
Important Start the 10233B-VAN-DC1 virtual machine first, and ensure that it is fully
7.
Wait for 10233B-VAN-DC1 to start, and then start 10223A-VAN-EX1. Connect to the virtual
machine.
8.
Wait for 10233B-VAN-EX1 to start, and then start 10223A-VAN-EX2. Connect to the virtual machine.
9.
Wait for 10233B-VAN-EX2 to start, and then start 10223A-VAN-EDG. Connect to the virtual
machine.
Lab Instructions: Planning and Deploying Message Transport in Microsoft Exchange Server 2010
Module 5
Lab Instructions: Planning and Deploying Message Transport
in Microsoft Exchange Server 2010
Contents
Exercise 1: Designing a Message Routing Topology
Exercise 2: Designing a Messaging Perimeter
Exercise 3: Discussion: Improving an AD DS and Message Routing Design
Exercise 4: Modifying the Routing Topology
Lab: Planning and Deploying Message Transport in

Lab Setup
1.
2.
Ensure that the 10233B-VAN-DC1, 10233B-VAN-EX1, 10233B-VAN-EX2, and the 10233B-VAN-EDG

virtual machines are running.
3.

4.
Log on to 10233B-VAN-EDG as Administrator using the password Pa$$w0rd
Lab Scenario
locations.
You have been tasked with designing the new routing infrastructure for your organization. You must
examine the documentation that details the existing infrastructure, and then make proposals regarding
any changes you might need to make to address the organizations needs. You must also document your
proposals.
Finally, use various Exchange Server management tools to investigate the current routing topology, and
make some changes.

The company just finished upgrading all of the AD DS domain controllers to Windows Server 2008,
Service Pack 1 (SP1). The company has indicated that there is not enough budget for any further AD DS
changes, so any modifications we make as part of this project must have no budget implications.
One change that we have been considering is removing the Chennai domain controller. The office
currently does not have a secure server room. There was a project in place to build the server room, but
that projects budget is in jeopardy. Any input you could provide to this decision would be appreciated
greatly.

We currently are having some messaging problems at the London location. Quite often, when I look at
the server queues on the Exchange Servers, I see that there are many messages in the categorizer queue.
Users also complain that when they try to view the global address list (GAL), it can take more than 10
seconds for it to appear. All of the other network locations seem to be fine.
We have had some past problems with the bridgehead servers in London, Vancouver, and Tokyo. The
problem shows up when there is a network outage to one of the other offices. If the outage lasts for more
than a few minutes, it seems like we get hundreds of messages in the bridgehead server queues, and then
it can take a long time for the server to deliver the messages once we restore the network connection.
Compounding this problem in London is the fact that this is the only location where we are accepting
inbound SMTP email for Trey Research. We need to make sure that messages get sent out of these sites
even if the final destination site is not available.
As you have already heard, we have many employees using Office Outlook Web Access. We would really
like to make sure that the experience for the Outlook Web App users is as positive as possible.

We have been monitoring network traffic by protocol for the last year, and have noticed a very big
increase in the network bandwidth that SMTP traffic uses. In your design, you need to make sure that
email messages always are sent through the network connections that have the highest bandwidth. Also,
make sure that you take advantage of any other way that you can save bandwidth that email uses.
We are just taking over managing the network in San Diego, so we are not sure what network changes we
will need to make there. From what I understand, we may need to wait on some firewall changes until
after we get rid of the current messaging system.

Our department is responsible for the companys firewall configurations. With every company location
having its own Internet connection, this can be a real challenge. Right now, we are allowing Hypertext
Transfer Protocol Secure (HTTPS) access to some Exchange Servers in London, Vancouver, and Tokyo. This
configuration is working okay, but we do not want to open up any more messaging ports in any location.
Additionally, we are currently allowing incoming and outgoing SMTP traffic through our firewalls only in
London, because that is the only location where we have a spam-filtering solution in place. We would be
open to changing this, but we would need to know that the email messages are being scanned for viruses
and spam in all locations where we allow SMTP traffic.
Adatum_Info.vsd (WAN Links)

Scenario
In this exercise, you will design a message routing topology for the A. Datum Exchange organization.
To complete this exercise, review the existing A. Datum Corporation documentation:
Interview notes from meetings with various A. Datum Corporation personnel.
Microsoft Office Visio diagrams describing the A. Datum Corporation site topology.

1.
2.
Modify the A. Datum Current AD DS Site Design diagram with proposed changes to the site design.
Review the contents of the following files:
Adatum_Info.vsd
Task 2: Modify the A. Datum current AD DS site design diagram with proposed
changes to the site design
1.
Use callouts in the following diagram to document proposed changes to the site design. For each
proposed change, provide:
The proposed change.
A rationale for the proposed change.
2.
Indicate which server roles need to be deployed in each AD DS site.
3.
Document message flow within the organization. Document the changes that you will need to make
to the AD DS configuration to enable optimal message flow.
Note
Results: After this exercise, you should have successfully modified the A. Datum AD DS site design.

Scenario
In this exercise, you will design a message perimeter for the A. Datum Exchange organization.
To complete this exercise, review the following A. Datum Corporation documentation:
Interview notes from meetings with various A. Datum personnel
Office Visio diagrams describing the A. Datum network perimeter configuration

1.
2.
Modify the A. Datum Current Perimeter Design diagram with proposed changes to the site design.
Adatum_Info.vsd
Task 2: Modify the A. Datum current perimeter design diagram with proposed
1.
Use callouts in the following diagram to document proposed changes to the perimeter design. For
each proposed change, provide:
2.
Indicate whether you need to deploy any additional server roles in each AD DS site.
3.
Indicate the required firewall changes to meet your design requirements.
4.
Indicate any other infrastructure changes that you must implement to meet your design
requirements.
5.
For each company location, document how messages are delivered to the Internet, and how inbound
messages are delivered to internal recipients.
Note
Results: After this exercise, you should have successfully designed the A. Datum messaging perimeter.

Scenario
In this exercise, you will present your design decisions from the previous two exercises, and discuss your
recommendations.
Task: Discuss as a class, and then answer the following questions

Question: What changes did you make to the AD DS site configuration and the
organizations message routing?
Question: If your recommended changes are implemented, how will messages flow between
the AD DS sites? Where will messages be queued in the event of a server or network
connection failure?
Question: How did you design message routing to the Internet?
Question: What conflicting requirements were presented in the scenario? How did you
resolve conflicting requirements?
Question: What additional information should you consider when designing message
routing in this scenario?
Results: After this exercise, you should have successfully improved the A. Datum AD DS and message
routing design.

Scenario
A. Datum Corporation has a partner organization, Contoso, Ltd based in New York. You must make some
configuration changes to the routing infrastructure to support messaging to the partner organization. In
this exercise, you will investigate the current routing topology, and then make some configuration
changes.
1.
Determine the current organizational settings.
2.
Examine the current routing topology.
3.
Add a new accepted domain.
4.
Configure a send connector to support the new accepted domain.
5.
Update the default site configuration with Exchange Server-specific values.
6.
Add an Edge Subscription.
7.
Review the updated topology.
Task 1: Determine the current organizational settings

1.
On VAN-EX1, open the Exchange Management Console.
2.
Browse to the Organization Configuration, and view the Send Connectors tab in the Hub
Transport node.
Question: Have any connectors been configured?
Question: Has an Edge Subscription been defined?
Task 2: Examine the current routing topology

1.
From the Toolbox, open Routing Log Viewer.
2.
Use the File menu to open the most recent routing table file.
3.
Use the various tabs to answer the following questions:

Question: Is Default-First-Site-Name a hub site?
Question: What is the AD DS cost of the link to VAN-EX1.Adatum.com?
Question: What Send Connectors are listed?
Question: What Address Spaces are listed?
4.
Close Routing Log Viewer.
10
Task 3: Add a new accepted domain
From Organization Configuration, in the Hub Transport node, create a new Accepted Domain with
the following properties:
Name: Contoso
Domain name: Contoso.com
Type: External Relay Domain
Task 4: Configure a Send connector to support the new accepted domain
From Organization Configuration, in the Hub Transport node, create a new Send Connector with the
following properties:
Name: Contoso Connector
Intended use: Partner
Address: Contoso.com
Include all subdomains: Yes
Cost: 10
All other settings: default values
Task 5: Update the default site configuration with Exchange Server-specific values
1.
2.
At the Shell, type the following command, and then press Enter.
set-AdSite id Default-First-Site-Name HubSiteEnabled $true
3.
At the Shell, type the following command, and then press Enter.
set-AdSiteLink id DEFAULTIPSITELINK ExchangeCost 25
4.
Close the shell.
Task 6: Add an Edge subscription

1.
Switch to VAN-EDG.
2.
3.
At the Exchange Management Shell, type the following command, and then press Enter
new-edgesubscription filename C:\EdgeSubscriptionExport.xml.
4.
When prompted, type Y, and then press Enter.
5.
At the Exchange Management Shell, type the following command, and then press Enter.
copy c:\EdgeSubscriptionExport.xml \\VAN-EX1\c$
6.
Switch to VAN-EX1.
7.
Create a new Edge Subscription with the following properties:
Site: Default-First-Site-Name
Subscription file: C:\EdgeSubscriptionExport.xml
Other settings: default values
Note
You may receive a warning. This is expected.
Task 7: Review the updated topology

1.
Open Routing Log Viewer from the Toolbox.
2.
Use the File menu to open the most recent routing table file.
3.
Use the various tabs to answer the following questions:

Question: What SMTP Send Connectors are listed?
Question: What SMTP Address Spaces are listed?
Question: What is the connector cost for the Contoso Connector?
4.
Close the Routing Log Viewer.
Results: After this exercise, you should have modified the message routing topology.

following steps:
1.
2.
3.
4.
Repeat these steps for 10233B-VAN-EX1, 10233B-VAN-EX2, and 10233B-VAN-EDG. Close the virtual
machine connection windows.
5.
11
12
6.
7.
8.
Lab Instructions: Planning and Deploying Messaging Security
Module 6
Lab Instructions: Planning and Deploying Messaging
Security
Contents
Exercise 1: Designing Message Security
Exercise 2: Designing Antivirus and Anti-Spam Solutions
Exercise 3: Implementing Message Security
Lab: Planning and Deploying Messaging Security
Lab Setup
1.
On the host computer, click Start, point to Administrative Tools, and then click Hyper-V
Manager.
2.
Ensure that the 10233B-VAN-DC1, 10233B-VAN-EX1, and the 10233B-VAN-CL1 virtual machines are
running.
3.

Lab Scenario
multiple locations. You have been tasked with undertaking an analysis of the organizations message
security requirements. After you complete the analysis, you must update the necessary documentation.
After you have completed the message security analysis, you will investigate the organizations antivirus
and anti-spam requirements, and update the necessary documentation with your planned changes.
Finally, you will implement some of your proposals.
Security Requirements.doc
Message Security Requirements
Before any message is sent to a recipient on the Internet, a disclaimer that has been approved by the
Legal department must be added to the message.
Messages sent to Internet recipients from members of the Sales team must have a different disclaimer
added to the message.
Messages with a Company Internal classification must be blocked from being sent to the Internet. If a
user tries to send a message with this classification to the Internet, they should receive a response
indicating that they are not allowed to send messages with this classification to the Internet.
A small group of senior executives and a few board members make up a Strategic Acquisitions team.
These users should be able to send each other messages that are clearly marked as Acquisitions
Confidential, and the messages should not ever be sent to users who are not on this team.
A. Datum has formed a strategic partnership with Contoso, Ltd. The central office for Contoso, Ltd is
located in New York. Because much of the email send between A. Datum and Contoso contains
confidential email, all messages sent between the organizations must be as secure as possible. When
viewing an email sent between the companies, users should be able to determine that the message
has been secured while in transit.
A. Datum uses a law firm based in Brussels to deal with international regulations related to their
business. All network traffic between the two firms is sent through a VPN. A. Datum needs to ensure
that all messages sent to the law firm in Brussels are sent through the VPN, and that all messages
coming from the law firm through the VPN are accepted without spam filtering.
All users in the A. Datum organization should have the option of sending secure email to any
recipients on the Internet. However, the network administrators at A. Datum do not want to manually
deploy the certificates required to enable and manage secure email. At the same time, it is important
that the users can implement and use secure email with as few problems as possible.
Virus and Spam Filtering Requirements
All messages that are sent to A. Datum must be scanned for viruses and filtered for spam before the
messages enter the network.
The messaging administrators at A. Datum have identified two third-party organizations on the
Internet that provide lists of SMTP servers on the Internet that are known to send spam messages.
The messaging administrators have also identified one organization that provides a list of SMTP
servers that are known not to be spammers. The messaging administrators would like to use the lists
provided by these organizations when configuring their anti-spam filters.
Messages sent from partner organizations such as Contoso, Ltd and the law firm in Brussels should
never be identified as spam.
The messaging administrators are planning on using content filters to block spam messages, but are
concerned that too many false positives will be filtered if they enable content filtering.
A. Datum has several distribution lists that include over 200 recipients. Users from the Internet should
not be able to send email to any of these distribution lists.
The messaging administrators at A. Datum are concerned about the number of messages coming into
the organization with spoofed SMTP domain names. They want to reduce the quantity of these sorts
of messages.
Many users are using the Safe Senders list in Office Outlook to ensure that messages from the users
on the Safe Senders list are not identified as spam. The Exchange Servers should be able to use this
information to ensure that messages from these users are not blocked before they get to the user
mailboxes.
All messages sent between users in the Exchange organization or sent to the Internet should be
scanned for viruses when the message is sent. Messages should be scanned only once for viruses
inside the organization.
All messages being sent to the Internet should be scanned for viruses as the message leaves the
organization.
If users receive a virus from an external messaging system or by downloading the virus from a
website, the virus should be detected as soon as possible in order to avoid infecting other systems.
At a minimum, antivirus files on all systems should be updated daily, and the antivirus files on all
systems that receive email directly from the Internet should be updated four times per day. If the
antivirus files on any messaging server are more than two update cycles out of date, the messaging
administrators should receive an alert.

Scenario
In this exercise, you will design a messaging security implementation for the A. Datum Corporation.

1.
2.
Modify the A. Datum Proposed Security Policies document with a proposed message security plan.
3.
Message Security Requirements section in the Security Requirements.doc
Task 2: Modify the A. Datum Proposed Security Policies document with a proposed
message security plan
Complete the relevant sections of the following document. In the document, provide:
The type of component you will need to configure.
The configuration details for each component.
A. Datum Proposed Security Policies

Document Author
Date
Jason Carlson
12th March 2010
Message Security Components

Component
type
Configuration details
(continued)
Component
type
Additional notes
Note

Note
Your instructor may perform this task as a discussion.
Question: How did you address the need to exchange secure email between the A. Datum
Corporation and Contoso, Ltd?
Question: Does your organization have a requirement for the Domain Security solution?
What barriers will there be to adopting this solution?
Results: After this exercise, you should have successfully designed message security for A Datum.

Scenario
In this exercise, you will design an antivirus and anti-spam implementation for A. Datum Corporation.

1.
2.
Modify the A Datum security Proposed Policies Document with a proposed antivirus and anti-spam
solution.
3.
Virus and Spam Filtering Requirements in the Security Requirements.doc
antivirus and anti-spam solution
Complete both the Anti-Spam and Antivirus Solution Components sections of the following
document. In the document, provide:

Document Author
Date
Jason Carlson
12th March 2010
Anti-Spam Solution Components

Component type Configuration details
Anti-spam
software
IP Allow List
provider
IP Block List
provider
SMTP connectors
Content filter and
quarantine
mailbox
(continued)
Sender ID
filtering
Safelist
aggregation
Blocked recipient
lists
Antivirus Solution Components
Antivirus software
Antivirus software
Antivirus
stamping
Antivirus update
Additional notes
Note

Note
Question: How did you design the antivirus and anti-spam solution for A. Datum
Corporation? How does this compare to the solution you would implement for your
organization?
Results: After this exercise, you should have successfully designed an antivirus and anti-spam strategy for
A Datum.

Scenario
In this exercise, you will implement some of your proposed changes. You must implement S/MIME within
the A. Datum Corporation organization.
1.
Create a new certificate template.
2.
Import the certificate template.
3.
Configure user certificate auto-enrollment.
4.
Update the group policy on VAN-CL1.
5.
Verify the presence of the certificate for Scott.
6.
Configure Outlook for Scott.
7.
Verify the presence of the certificate for Marcel.
8.
Configure Outlook for Marcel.
9.
Send a signed and sealed message to Scott.
10. Verify receipt of the secured message.
Task 1: Create a new certificate template

1.
On VAN-DC1, open a new MMC, and add the Certificate Templates snap-in.
2.
Duplicate the User template.
3.
Configure the following properties for the duplicate template, and then close the Exchange
Management Console:
a.
Template display name: S/MIME Certificate
b.
Domain Users granted the allow Enroll and Autoenroll permissions.
Task 2: Import the certificate template

1.
Open Certification Authority.
2.
Import the S/MIME certificate.
3.
Close Certification Authority.
Task 3: Configure user certificate auto-enrollment

1.
Open the Group Policy Management console.
2.
Locate and open the Default Domain Policy for editing.
3.
In Group Policy Management Editor, expand User Configuration, expand Policies, expand Windows
Settings, expand Security Settings, and then click Public Key Policies.
4.
Configure the Certificate Services Client Auto-Enrollment with the following options:
a.
Configuration Model: Enabled
b.
Renew expired certificates, update pending certificates, and remove revoked certificates:
Selected
10
c.
5.
Update certificates that use certificate templates: Selected
Close the Group Policy Management Editor, and then close the Group Policy Management console.
Task 4: Update the group policy on VAN-CL1

1.
Switch to VAN-CL1.
2.
Open a command prompt, and at the command prompt, type gpupdate /force, and then press
Enter.
3.
Log off VAN-CL1.
Task 5: Verify the presence of the certificate for Scott

1.
Log on to VAN-CL1 using the following credentials:
User name: Scott
Password: Pa$$w0rd
Domain: Adatum
2.
Open a new MMC, and add the Certificates snap-in.
3.
Verify the presence of a certificate based on the S/MIME Certificate template in the Current
User\Personal certificate store.
4.
Close Console1 without saving changes.
Task 6: Configure Outlook for Scott

1.
2.
Accept all defaultsEXCEPT in the Welcome to the Microsoft Office 2010 wizard, click Dont make
changes and then click OK.
3.
Close Microsoft Outlook and log off.
Task 7: Verify the presence of the certificate for Marcel

1.
User name: Marcel
Password: Pa$$w0rd
Domain: Adatum
2.
Open a new MMC and add the Certificates snap-in.
3.
Verify the presence of a certificate based on the S/MIME Certificate template in the Current
User\Personal certificate store.
4.
Close Console1 without saving changes.
Task 8: Configure Outlook for Marcel

1.
Open Office Outlook 2010.
2.
Accept all defaultsEXCEPT in the Welcome to the Microsoft Office 2010 wizard, click Dont make
changes and then click OK.
11
Task 9: Send a signed and sealed message to Scott

1.
Create a new message entitled S/MIME Test.
2.
Click the Options tab.
3.
On the Office Outlook ribbon, expand More Options.
4.
In the Properties dialog box, click Security Settings.
5.
In the Security Properties dialog box, select the following check boxes, and then click OK:
Encrypt message contents and attachments
Add a digital signature to this message
Request S/MIME receipt for this message
6.
In the Properties dialog box, click Close, and then click Send.
7.
Close Microsoft Outlook, and log off.
Task 10: Verify receipt of the secured message

1.
User name: Scott
Password: Pa$$w0rd
Domain: Adatum
2.
3.
Open the new message entitled S/MIME Test.
4.
In the message, click the padlock symbol. Read the information, and then click Close.
5.
In the message, click the symbol next to the padlock symbol. Read the information, and then click
Close.
Results: After this exercise, you should have successfully implemented some aspects of the messaging
security design for A Datum.

following steps:
1.
2.
3.
4.
Repeat these steps for 10233B-VAN-EX1 and 10233B-VAN-CL1. Close the virtual machine connection
windows.
5.
12
6.
7.
Lab Instructions: Planning and Deploying Messaging Compliance
Module 7
Lab Instructions: Planning and Deploying Messaging
Compliance
Contents:
Exercise 1: Planning a Message Transport Implementation
Exercise 2: Planning a Message Journaling and Archiving Solution
Exercise 3: Planning a Messaging Records Management Implementation
Exercise 4: Implementing a Message Compliance Plan
Lab: Planning and Deploying Messaging Compliance
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must do
the following:
1.
2.
Ensure that the 10233B-VAN-DC1 and 10233B-VAN-EX1 virtual machines are running.
3.

Lab Scenario
locations. A. Datum is an international corporation involved in technology research and investment, and it
is planning to upgrade from Exchange Server 2003 to Exchange Server 2010.
You are aware of the new messaging compliance features in Exchange Server 2010, and need to
determine how you will implement them to meet the needs of your organization.

Scenario
As part of the project planning for the Exchange Server 2010 implementation, the business units have
been interviewed to find any requirements that may impact the planning process. You think that the
security requirements document is most likely to have content that relates to message transport.
After reviewing the security requirements document, you find the following points that relate to the
configuration of message transport:
Before Exchange Server 2010 sends messages to recipients on the Internet, it must add a disclaimer
that was approved by the Legal department.
Messages sent to Internet recipients from members of the Sales team must include a different
disclaimer with the messages.
Messages with a Company Internal classification must be blocked from being sent to the Internet.
When users try to send messages with this classification to the Internet, they should receive a
response stating that they are not allowed to send messages with this classification to the Internet.
A small group of senior executives and a few board members make up a Strategic Acquisitions team.
These users should be able to send each other messages that are clearly marked as Acquisitions
Confidential, and the messages should never be sent to users who are not on this team.

1.
2.
Document the required configuration for message transport.
Review the points related to message transport in the Exercise 1 scenario.
Task 2: Document the required configuration for message transport

A. Datum Message Transport Plan
Document Author
Date
Jason Carlson
15th Apr 2010
Determine how you will manage message transport.
Proposals
Question: Are transport rules required? If so, how should you configure them?
Question: Is message moderation required? If so, how should you configure it?
Question: Are message classifications required? If so, how should you configure them?
Note
Be prepared to discuss your proposed plan with the class.
Results: After this exercise, you should have created a message transport plan.

Scenario
The next stage in implementation planning is creating a plan for message journaling and archiving. As you
search through the A. Datum documentation for the project, you find the Message Compliance Interviews
document, with content that looks relevant for this plan.
You need to determine the configuration for message journaling and archiving.
Message Compliance Interview

As part of our Mailbox server planning, we decided that users would be assigned personal archives as a
replacement for PST files. The PST files were simply too difficult to manage. We can use the personal
archives as part of our retention strategy.
As we move mailboxes to Exchange Server 2010, Id like to implement our new archiving scheme. What Id
like to do is this:
Archive all messages after 1 year.
Remove deleted items after 30 days.
Allow users to mark individual items not to be archived.
I have also been speaking with our auditors. They need to be able to monitor and track some
communication in the organization. One item is that all messages sent to the Executives group need to be
monitored. Auditors will review these messages from time to time. In addition, auditors need to be able to
monitor communication for specific users when legal proceedings are initiated. The auditors need the
ability to initiate this process and review all messages. It is important that no messages are deleted for the
specified users.
1.
2.
3.
Document the required configuration for journaling and archiving.

Note
Question: In the Message Compliance Interview, what points are raised that impact your
journaling and archiving plan?
Task 3: Document the required configuration for journaling and archiving

A. Datum Journaling and Archiving Plan
Document Author
Date
Jason Carlson
15th Apr 2010
Determine how you will configure journaling and archiving.
Proposals
Question: Are personal archives required?
Question: Should you remove PST files?
Question: How can users access personal archives? Does this affect which users will receive
personal archives usage?
Question: Is journaling required? If so, how should you configure it?
Question: How can you prevent users from deleting messages?
Question: Can auditors prevent users from deleting messages?
Note
Results: After this exercise, you should have created a journaling and archiving plan.

Scenario
Finally, you need to determine what type of MRM you need to implement. You are familiar with both
managed folder policies and retention policies. You need to determine if either is required to meet your
business objectives.
1.
2.
3.
Document the required MRM configuration.

Note
Question: In the Message Compliance Interview, what points are raised that impact your MRM
plan?
Task 3: Document the required MRM configuration

A. Datum Messaging Records Management Plan
Document Author
Date
Jason Carlson
15th Apr 2010
Determine how you will implement MRM.
Proposals
Question: Will you use managed folder policies for MRM? If so, how should you configure them?
Question: Will you use retention policies for MRM? If so, how should you configure them?
Note
Results: After this exercise, you should have created an MRM plan.

Scenario
In this exercise, you will implement a message compliance plan. These steps are part of the configuration
that you planned in the previous exercises.
1.
Prevent Company Internal classification messages from being sent to the Internet.
2.
Test the classification rules.
3.
Enable personal archives for all mailboxes in Mailbox Database 1.
4.
Review the default policy tags and retention policies.
5.
Create the Standard Mailbox Retention Policy.
6.
Apply the retention policy to the mailboxes in Mailbox Database 1.
Task 1: Prevent Company Internal classification messages from being sent to the
Internet
1.
On VAN-EX1, open the Exchange Management Shell.
2.
At the shell, type the following command, and then press ENTER:
New-MessageClassification -name Company Internal Displayname Company Internal
-DisplayPrecedence Highest -RetainClassificationEnabled $true
-senderdescription This message is for internal distribution only; it will not be
forwarded on to the Internet
3.
new-systemmessage dsncode 5.7.999 text Internal recipients only
Internal $True language En
4.
In the Exchange Management Console, on the Hub Transport node under Organization
Configuration, create a new transport rule with the following properties:
Name: Company Internal Rule
Condition 1: sent to users that are inside or outside the organization, or partners = Outside
the organization
Condition 2: marked with classification = Company Internal
Action: send rejection message to sender with enhanced status code
Bounce message: Messages classified as Company Internal cannot be sent to the

Internet
enhanced status code: 5.7.999
Exceptions: None
Task 2: Test the classification rules

1.
On VAN-EX1, open the Microsoft Internet Explorer browser, and then navigate to
https://van-ex1.adatum.com/owa.
2.
Click This is a private computer.
3.
In the Domain\user name box, type adatum\paul.
4.
In the Password box, type Pa$$w0rd, and then click Sign in.
5.
On the Language page, click OK.
6.
Send a new message with the following properties:
7.
To: bill@contoso.com
Subject: Company financial results
Permission: Company Internal
Wait a moment, and then open the returned message.

Question: Was the delivery successful?
Question: What error do you see?
Task 3: Enable personal archives for all mailboxes in Mailbox Database 1

1.
On VAN-EX1, in the Exchange Management Console, filter the Mailboxes view to list only those in
Mailbox Database 1.
2.
Select all of the mailboxes, and then enable archives in Mailbox Database 1.
Task 4: Review the default policy tags and retention policies

1.
On VAN-EX1, in the Exchange Management Console, under Organization Configuration, on the

Retention Policy Tags tab, read the list of retention policy tags.
2.
On the Retention Policy tab, view the properties of the Default Archive and Retention Policy.
Task 5: Create the Standard Mailbox Retention Policy

1.
2.
On VAN-EX1, in the Exchange Management Console, create a new retention policy tag with the
following settings:
Tag Name: Default 1 year archive
Tag Type: All other folders in the mailbox
Age Limit for retention (days): 365
Action to take when the age limit is reached: Move To Archive
Comment: Archive messages after 1 year
Create another retention policy tag with the following settings:
Tag Name: Deleted Items 30 day removal
Tag Type: Deleted Items
Action to take when the age limit is reached: Delete and Allow Recovery
Comment: Remove deleted items after 30 days
10
3.
Create a new retention policy with the following settings:
Name: Standard Mailbox Retention Policy
Retention policy tags: Default 1 year archive, Deleted Items 30 day removal
Mailboxes: none
Task 6: Apply the retention policy to the mailboxes in Mailbox Database 1

1.
On VAN-EX1, in the Exchange Management Console, browse to the Mailbox node.
2.
Add a the following expression to the existing filter that prevents the Discovery Mailbox from being
displayed:
Recipient Details Does Not Equal Discovery Mailbox
3.
After applying the filter, select all of the mailboxes, and then open Properties.
4.
On the Mailbox Settings tab, apply the Standard Mailbox Retention Policy to all of the mailboxes.
5.
Verify that the Standard Mailbox Retention Policy is applied to Paul West by viewing the Messaging
Records Management properties for his mailbox.
Results: After this exercise, you should have prevented messages classified as Company Internal from
being sent to the Internet, created a retention policy, and applied it to all of the mailboxes in Mailbox
Database 1.

When you finish the lab, revert the machines to their initial state. To do this, complete the following steps:
1.
On the host computer, start the Microsoft Hyper-V Manager.
2.
3.
4.
Repeat these steps for 10233B-VAN-EX1, 10233B-VAN-EX2, and 10233B-VAN-EX3. Close the virtual
5.
In the Virtual Machines pane, click 10233B-VAN-DC1, and then, in the Actions pane, click Start.
6.
To connect to the virtual machine for the next modules lab, click 10233B-VAN-DC1, and then, in the
7.
8.
9.
Lab Instructions: Planning and Deploying High Availability
Module 8
Contents:
Exercise 1: Designing High Availability for Exchange Servers
Exercise 2: Implementing High Availability for Exchange Servers
Lab: Planning and Deploying High Availability
Lab Setup
1.
2.
Ensure that the 10233B-VAN-DC1, 10233B-VAN-EX1, 10233B-VAN-EX2, and 10233B-VAN-EX3 virtual

machines are running.
3.

Lab Scenario
Concerns have been raised about the availability of Exchange Server 2010. Messaging has been
designated as a critical service in the organization. The existing Exchange Server 2003 organization
experienced several outages, and you want to avoid these outages in the future. You need to create a
high availability design for Exchange Server 2010.
Finally, you are required to implement part of your proposed high availability design.
Note Your instructor may choose to do this lab as a group discussion rather than an

Scenario
the appropriate high availability deployment based on the information supplied in the A. Datum
Exchange Server 2010 project documentation.
High Availability Interviews

Marcel Truempy, CIO
In the last five years since I became CIO, our email system has changed from being a useful tool for
business to being a critical part of our business processes, and everybody notices when email is not
available. To give you an example, a couple of months ago, all of the email servers in London were
unavailable for six hours due to a virus outbreak. A couple of months before that, one of the servers in
Vancouver failed, and we couldnt send any email to and from Vancouver for eight hours while the
hardware vendors came in to fix the hardware. This happened right in the middle of some critical business
negotiations where we had to be able to exchange documents rapidly. In both cases, the CEO and every
other member of the executive staff called me on my cell phone while I was at home. The most important
requirement I have for this email system is availabilitythis system has to be available always.

I can provide you with a Microsoft Office Visio diagram that has all of our WAN connections, and our
connections to the Internet. Our network right now is quite reliable, but we dont have much available
bandwidth between company locations.

If you want to replicate a lot of messaging information over the WAN, then we need to consider the cost
of the links to these locations. Within a given continent, WAN links are relatively cheap when compared to
those that cross oceans. I guess that it costs a lot of money to run fiber optic cable on the bottom of the
ocean. Did you know that some WAN links between continents even use satellites? No wonder it costs so
much.
So, ultimately, if possible, from a cost perspective, were better off keeping traffic within a continent.

Weve gone through a negotiation process for new SLAs that coincides with our Exchange Server 2010
implementation. Any site that has more than 3,000 users must have off-site disaster recovery of
messaging. We dont need to fail over within minutes, but within four hours. That gives us time to decide
whether we can recover a data center, or need to activate the disaster recovery site.
I still havent decided whether we need dedicated disaster recovery sites, or whether we should use some
of our own data centers as disaster recovery sites for each other. The initial setup cost for using our own
data centers is much less, and they have the capacity. I guess it comes down to the cost of network
connectivity with the disaster recovery sites, which would be an ongoing cost that could add up over time.
Smaller sites with less than 3,000 users must be highly available, but we dont need off-site disaster
recovery.

The larger sites with more than 3,000 users have servers dedicated to specific server roles. The Vancouver
site has two Mailbox servers, a Hub transport server, and a Client Access server in the current plan.
The smaller sites combine all server roles on a single physical server. The San Diego site has just one
Exchange server with all server roles in the current plan.
One other issue Im concerned about is logical corruption of database copies in a DAG. I know that this is
a very rare occurrence, but I think it makes sense to protect ourselves against the possibility. As I
understand it, we can configure a delay on a database copy so that a logical corruption in the transaction
logs wont be passed on to the database copy for a period of time. I think a delay of six hours would be
sufficient.
User Distribution Summary

Location
Internal users
Mobile users
London
Corporate Headquarters
12,000 currently
10,000 after the
new London
office is ready

800 Outlook users connecting through a virtual
London (new office)
4,000
(anticipated)

San Diego
500
Former head office
of Trey Research Corporation
Vancouver
6,000

Tokyo
5,000

200 Outlook users connecting through a VPN
Chennai (new office)
800 (anticipated)

50 Outlook users connecting through a VPN
Network Configuration

1.
2.
3.
Document the required configuration for the San Diego site.
4.
Document the required configuration for the Vancouver site.

Note
Question: In the High Availability Interviews, what points are raised that impact your high
availability design, and how do they impact it?
Question: Is there anything in the User Distribution Summary that raises high availability issues?
If so, what is it?
Question: Is there anything in the Network Configuration that raises high availability issues? If so,
what is it?
Task 3: Document the required configuration for the San Diego site

A. Datum High Availability Design for San Diego
Document Author
Date
Jason Carlson
24th April 2010
Determine how high availability will be provided for all server roles in San Diego.
Proposals
Question: Will this site have offsite disaster recovery? If so, where should that site be located?
Question: How do you provide high availability for databases?
Question: How do you provide high availability for Client Access servers?
Question: How do you provide high availability for message transport?
Question: Is high availability required for the Edge Transport server role?
Question: How many Exchange servers will be located in this site? Which roles will they host?
Question: How will databases be configured on the DAG members?
Question: How will load balancing be performed for the Client Access server role?
Question: Is any additional configuration required for the Hub Transport server role
Task 4: Document the required configuration for the Vancouver site

A. Datum High Availability Design for Vancouver
Document Author
Date
Jason Carlson
24th April 2010
Determine how high availability will be provided for all server roles in Vancouver.
Proposals
Results: After this exercise, you should have created a high availability design for the San Diego and
Vancouver sites.

Scenario
In this exercise, you will implement part of the high availability plan for the Vancouver site. VAN-EX1 and
VAN-EX2 are the Mailbox servers located in Vancouver. VAN-EX3 is the Mailbox server located San Diego,
which will have a lagged copy of the database.
Note Due to restrictions in the virtualized environment, VAN-EX3 is not located in a
separate Active Directory site.
1.
Prepare VAN-DC1 to be a DAG witness server.
2.
Create a three-member DAG.
3.
Configure replication for Mailbox Database 1.
4.
Simulate the failure of VAN-EX1.
5.
Recover VAN-EX1.
Task 1: Prepare VAN-DC1 to be a DAG witness server

1.
On VAN-DC1, open Active Directory Users and Computers.
2.
Add Exchange Trusted Subsystem as a member of the Builtin\Administrators group.

Note This task configures the security to use a Domain Controller without Exchange
Server 2010 installed as the witness server. If a member server is used instead of a domain
controller, Exchange Trusted Subsystem should be added as a member of the local
Administrators group on the member server.
Task 2: Create a three-member DAG

1.
2.
Under Organization Configuration, on the Mailbox node, select the Database Availability Groups
tab and create a new DAG with the following settings:
Database availability group name: VancouverDAG
Witness Server: VAN-DC1
Witness Directory: C:\VanDAGWitness

Note Step 2 generates a warning, because the witness server is not an Exchange server.
This does not indicate a problem. The necessary permissions were configured in Task 1.
3.
Open the properties of VancouverDAG, and then add 10.10.0.200 as an IP address for the DAG.
Note Step 3 generates a warning, because the witness server is not an Exchange Server.
10
4.
Use the context menu of VancouverDAG to add VAN-EX1, VAN-EX2, and VAN-EX3 as DAG
members.
Task 3: Configure replication for Mailbox Database 1

1.
On VAN-EX3, in the Exchange Management Console, on the Database Management tab, add a copy
of Mailbox Database 1 to VAN-EX2.
2.
Add a copy of Mailbox Database 1 to VAN-EX3.
3.
In the Exchange Management Shell, use the following command to configure a replay lag time of six
hours for Mailbox Database 1 copy on VAN-EX3:
Set-MailboxDatabaseCopy Identity Mailbox Database 1\VAN-EX3 ReplayLagTime 0.6:0:0
4.
Use the following command to verify that the replay lag is configured correctly:
Get-MailboxDatabase Mailbox Database 1 | Format-List ReplayLagTimes
5.
Use the following command to view the status of the Mailbox Database 1 copy on VAN-EX3:
Get-MailboxDatabaseCopyStatus Identity Mailbox Database 1\VAN-EX3
Task 4: Simulate the failure of VAN-EX1

1.
On the host computer, in the 10233B-VAN-EX1 window, turn off VAN-EX1.
2.
On VAN-EX3, refresh the Exchange Management Console to view the status of the Mailbox
Database 1 copies.
3.
If any database copy has a status of Disconnected, refresh the view again.
Question: What is the status for Mailbox Database 1 on each server?
Question: Why is the server where the database is mounted selected?
Task 5: Recover VAN-EX1

1.
On the host computer, in the 10233B-VAN-EX1 window, start VAN-EX1.
2.
On VAN-EX3, refresh the Exchange Management Console to view the status of the Mailbox
Database 1 copies.
3.
If the status of Mailbox Database 1 on VAN-EX1 is initializing, wait a few minutes, and then click
Refresh again. You may need to select Mailbox Database 1 on VAN-EX1 to refresh its status.
Results: After this exercise, you should have implemented high availability for Mailbox Database 1 in
Vancouver.
11

following steps:
1.
2.
3.
4.
5.
6.
7.
8.
Lab Instructions: Planning a Disaster Recovery Solution
Module 9
Contents:
Exercise 1: Planning Disaster Recovery for Vancouver
Exercise 2: Planning Disaster Recovery for San Diego
Exercise 3: Implementing Single-Item Recovery
Lab: Planning a Disaster Recovery Solution
Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must do
the following:
1.
2.
Ensure that the 10233B-VAN-DC1, 10233B-VAN-EX1, and 10233B-VAN-CL1 virtual machines are
running.
3.

Lab Scenario
locations. A. Datum Corporation is an international corporation involved in technology research and
investment, and it is planning to upgrade from Exchange Server 2003 to Exchange Server 2010.
High availability planning is complete, but the disaster recovery plan needs to be further developed.
Specifically, you need to consider the details of the messaging SLA to ensure that disaster recovery is
possible within the appropriate time frame.
Finally, you must implement part of your proposed disaster recovery plan.

Scenario
The high-availability plan for Vancouver indicates that your organization will use a DAG to provide high
availability for mailbox databases. There will be two database copies in Vancouver, and another database
copy with a six-hour lag in San Diego, to provide site resilience. Each mailbox database has a maximum
size of 250 gigabytes (GB). Other messaging settings will use default values.
The Client Access servers in this site were customized with a company-specific look, including the
company logo. All changes have been documented.
There are customized Receive connectors configured on one Hub Transport server. The customized
Receive connectors support applications that need to relay messages through the Exchange Server
organization to the Internet.
There are two Edge Transport servers configured in the perimeter network of this location.
Disaster Recovery SLA Notes

The following requirements related to disaster recovery were taken from the messaging SLA:
There can be no data loss due the failure of a single server.
The failure of a single server should result in only minutes of downtime for users.
High availability can be considered a replacement for backup if there are at least two local copies of a
database, and a remote database copy in another site.
To consider high availability a replacement for backup, there must be one database copy that is
unaffected by logical corruption in another database copy for at least 12 hours.
Any message deleted by a user must be recoverable for 30 days.
Deleted mailboxes must be recoverable for 60 days.
Messaging functionality must be recoverable within one hour, while historical data can be recovered
up to 24 hours later.
When recovering data from a backup, there is a maximum data loss allowed of up to 4 hours.
Any location that is not configured with site resilience must archive weekly backups offsite.

1.
2.
3.
Document the required configuration for the Vancouver site.

Question: In the Disaster Recovery SLA Notes, what points are raised that impact your disaster
recovery plan for Vancouver?

A. Datum Disaster Recovery Plan for Vancouver
Document Author
Date
Jason Carlson
5th May 2010
Determine how disaster recovery will be provided for all server roles in Vancouver.
Proposals
Question: Does this site require backups?
Question: Do you need to make any changes to the DAG to meet the SLA requirements?
Question: Are any changes required for deleted item retention?
Question: Are any changes required for deleted mailbox retention?
Question: Do you need to back up data on Client Access servers?
Question: Do you need to back up data on Hub Transport servers?
Question: Do you need to back up data on Edge Transport servers?
Question: Would your backup plan change if public folders were present in Vancouver?
Results: After this exercise, you should have created a disaster recovery plan for the Vancouver site.

Scenario
The high-availability plan for San Diego indicates that a DAG will be used to provide high availability for
mailbox databases. There will be two database copies in San Diego. Each mailbox database has a
maximum size of 250 GB. Other messaging settings will use default values.
You evaluated various backup solutions, and determined that you can move 250 GB data over the
network in about 75 minutes. However, the available tape backup systems require about 120 minutes to
restore 250 GB of data.
The Client Access servers in this site were customized with a company-specific look, including the
company logo. All changes have been documented.
There are customized Receive connectors configured on one Hub Transport server. The customized
Receive connectors support applications that need to relay messages through the Exchange Server
organization to the Internet.
There are two Edge Transport servers configured in the perimeter network of this location.
1.
2.
3.
Document the required configuration for the San Diego site.

Question: In the Disaster Recovery SLA Notes, what points are raised that impact your
disaster recovery plan for San Diego?

A. Datum Disaster Recovery Plan for San Diego
Document Author
Date
Jason Carlson
5th May 2010
Determine how disaster recovery will be provided for all server roles in San Diego.
Proposals
Question: Does this site require backups? If so, how will you perform backups?
Question: Are any changes required for deleted-item retention?
Question: How will you meet the recovery requirement of one hour?
Question: Would your backup plan change if public folders were present in San Diego?
Results: After this exercise, you should have created a disaster recovery plan for the San Diego site.

Scenario
In this exercise, you will implement single-item recovery for a mailbox. This is part of the disaster recovery
plan for the Vancouver site.
To test the functionality of single-item recovery, you will configure Andreas as a member of the Discovery
Management role, with the ability to recover items after they have been purged and are no longer
accessible to users. Andreas will recover an item after it has been purged from a mailbox by performing a
mailbox search.
1.
Enable single-item recovery for a mailbox.
2.
Configure a user for message recovery.
3.
Delete and purge a message.
4.
Locate a recoverable message.
5.
Create a role group for exporting mailbox contents.
6.
Recover a message.
Task 1: Enable single-item recovery for a mailbox

1.
2.
Browse to the Organization Configuration node and click Mailbox. On the Database
Management tab, configure the following settings for Mailbox Database 1:
Keep deleted items for (days) :30
Keep deleted mailboxes for (days): 60
3.
4.
In the Exchange Management Shell, use the following command to enable single-item recovery for
Lucas mailbox:
Set-Mailbox Luca SingleItemRecoveryEnabled $true
Task 2: Configure a user for message recovery

1.
On VAN-CL1, if necessary, log off, and then log on as Luca using the password Pa$$w0rd.
2.
Use the Microsoft Internet Explorer browser to connect to Outlook Web App at
3.
Log on to Outlook Web App as Adatum\Administrator using the password Pa$$w0rd.
4.
Go to Options, and then click See All Options.
5.
Click Manage Myself and select to manage My Organization.
6.
In Roles & Auditing, go to the Administrator Roles tab, and then add Andreas Herbinger to the
Discovery Management role group.
7.
Close Internet Explorer.
Task 3: Delete and purge a message

1.
On VAN-CL1, use Outlook 2010 to send a message with the following settings:
To: Luca
Subject: Test of SIR
2.
Delete the Test of SIR message from the Inbox.
3.
Delete the Test of SIR message from Deleted Items.
4.
On the Folder tab, use the Recover Deleted Items option to purge the Test of SIR message.
Task 4: Locate a recoverable message

1.
On VAN-CL1, use Internet Explorer to connect to Outlook Web App at

2.
Log on to Outlook Web App as Adatum\Andreas using the password Pa$$w0rd.
3.
Go to Options, and then click See All Options.
4.
Select to manage My Organization.
5.
Go to Mail Control.
6.
Create a new Multi-Mailbox Search with the following settings:
Keywords: SIR
Mailbox to search: Luca Dellamore
Search name: Lucas lost message
Copy the search results to the destination mailbox
Mailbox to store the results: Discovery Search Mailbox
7.
Click the refresh icon to verify that the search succeeded.
8.
In the search results, click [open] to view the Discovery Search Mailbox.
9.
Expand the contents of the Lucas lost message folder until you see the Test of SIR message.
Task 5: Create a role group for exporting mailbox contents
On VAN-EX1, in the Exchange Management Shell, use the following command to create a new role
group with permissions to export and import mailbox contents with Andreas as a member:
New-RoleGroup Name ExportMail Roles Mailbox Import Export Members Andreas
Task 6: Recover a message

1.
On VAN-EX1, log off as Administrator, and then log on as Adatum\Andreas using the password
Pa$$w0rd.
2.
3.
In the Exchange Management Shell, use the following command to export the message from the
Discovery Search Mailbox to Lucas mailbox:
Search-Mailbox Discovery Search Mailbox SearchQuery Subject:SIR TargetMailbox
Luca TargetFolder Recovered
4.
On VAN-CL1, in Outlook 2010, expand all of the folders in the Recovered folder to locate the
recovered message.
Results: After this exercise, you should have implemented single-item recovery and recovered a message.

steps:
1.
2.
3.
4.
Repeat these steps for 10233B-VAN-EX1, 10233B-VAN-EX2, and 10233B-VAN-EX3. Close the
virtual machine connection windows.
5.
6.
7.
8.
9.
Lab Instructions: Planning Microsoft Exchange Server 2010 Monitoring and Troubleshooting
Module 10
Lab Instructions: Planning Microsoft Exchange Server 2010
Monitoring and Troubleshooting
Contents
Exercise 1: Establishing a Baseline for Performance
Exercise 2: Measuring the Production System Performance under

Additional Load
Lab: Planning Exchange Server 2010 Monitoring and

Troubleshooting
Lab Setup
1.
2.
Ensure that the 10233B-VAN-DC1, 10233B-VAN-EX1, 10233B-VAN-EX2, and the 10233B-VAN-EX3

virtual machines are running.
3.

Lab Scenario
locations. You have been tasked with creating a performance baseline for the new Exchange Server 2010
messaging system that your colleagues are about to deploy.

Scenario
You have created a test environment that is representative of the production messaging environment.
You must use the Load Generator to simulate the expected load.
1.
Create a User Defined data collector set.
2.
Configure Load Generator with suitable values to simulate the required load.
3.
Gather performance data, and analyze results.
Task 1: Create a User Defined data collector set

1.
On VAN-EX1, open Exchange Management Console, and then load the Performance Monitor from
the Toolbox.
2.
Create a User Defined data collector set with the following properties:
3.
Name: Baseline
Create manually (Advanced)
Data type: Performance counter
Counters:
Memory
MSExchangeIS
MSExchangeIS Mailbox
MSExchangeTransport Queues
MSExchangeTransport SmtpReceive
MSExchangeTransport SmtpSend
Physical Disk
Processor
Server
System
Sample interval: 1
Data save location: default
Save, but do not start the data collector set.
Task 2: Configure Load Generator with suitable values to simulate the required load
1.
Switch to the VAN-DC1 computer.
2.
Open Exchange Load Generator 2010 by clicking the Start menu, pointing to All Programs, and then
clicking the Microsoft Exchange folder.
3.
Start a new test using the following detailed steps:

a.
In Microsoft Exchange Load Generator 2010, click Start a new test.
b.
Click Create a new test configuration, and then click Continue.
c.
On the Specify test settings page, under Define the total length of the simulation, in the
Hours box, type 0.
d.
In the Minutes box, type 10.
Note
Do not configure the Define the length of a simulation day value.
e.
In the Directory Access Password box, type Pa$$w0rd.
f.
In the Mailbox Account Master Password box, type Pa$$w0rd, and then click Continue with
recipient management.
g.
On the User settings page, in the text box, type 12, and then click Distribute users evenly
across databases.
h.
Click Continue.
i.
On the Advanced recipient settings page, select the following check boxes.
Use distribution lists
Use dynamic distribution lists
Create one for all the users
Create one per mailbox database
Use contacts
j.
In the Number of contact box, type 20 and then click Continue.
k.
On the Specify test user groups page, click the PLUS SIGN (+).
l.
In the resulting item, in the Client Type list, click Outlook 2007 Online.
m. On the Specify test user groups page, click the PLUS SIGN(+).
n.
In the resulting item, in the Client Type list, click Outlook 2007 Cached, and in the Action
Profile list, click Heavy.
o.
Click Continue, and on the Remote configurations page, click Continue.
p.
On the Configuration summary page, click Save the configuration file as.
q.
In the Save As dialog box, in the File name box, type Baseline, and then click Save.
r.
In the Configuration Saved dialog box, click OK.
s.
Click Skip initialization phase and run the simulation immediately.
4.
Switch to VAN-EX1, and switch to Performance Monitor.
5.
Start the Baseline data collector set, and switch back to VAN-DC1. Once the simulation has
completed, switch back to VAN-EX1.
Note
This simulation runs for 10 minutes.
Task 3: Gather performance data, and analyze results

1.
On VAN-EX1, switch to Performance Monitor.
2.
Stop the Baseline data collector set.
3.
Click System Monitor. Click the red X in the toolbar repeatedly to remove all counters from the
display.
4.
Press CTRL+L.
5.
Click Log files, and then select the DataCollector01.blg log located in the Admin > Baseline > xxxx000001 folder.
6.
From the Data tab, add the following counters:

Performance object
Counter
Memory
Pages/sec
MSExchangeIS
RPC Requests
MSExchangeIS
User Count
Local delivery rate
Messages Delivered/sec
Messages Queued For Submission
Messages Sent/sec
Active Remote Delivery Queue Length
Retry Remote Delivery Queue Length
Submission Queue Length
Messages Received/sec
Messages Sent/sec
Physical Disk
% Disk Time
Physical Disk
Avg. Disk Queue length
Processor
% Processor Time
Server
Pool Nonpaged Failures
Server
Work Item Shortages
System
Processor Queue Length
Note If Performance Monitor experiences problems, close and restart it. Then continue
from step 3.
7.
Click OK twice, and then view the data as a report.
8.
Complete the following table.

Counter
Average
Memory Pages/sec
MSExchangeIS - User Count
MSExchangeIS - RPC Requests
MSExchangeIS Mailbox - Local delivery rate
MSExchangeIS Mailbox - Messages Delivered/sec
MSExchangeIS Mailbox - Messages Queued For Submission
MSExchangeIS Mailbox - Messages Sent/sec
MSExchangeTransport Queues - Active Remote Delivery Queue
Length
MSExchangeTransport Queues - Retry Remote Delivery Queue
Length
MSExchangeTransport Queues - Submission Queue Length
MSExchangeTransport SmtpReceive - Messages Received/sec
MSExchangeTransport SmtpSend Messages Sent/sec
Physical Disk - % Disk Time
Physical Disk - Avg. Disk Queue length
Processor - % Processor Time
Server - Pool Nonpaged Failures
Server - Work Item Shortages
System - Processor Queue Length
Note
Do not worry that some values are zero; this is a simulation.
Question: Do any counters indicate a bottleneck?
Results: After this exercise, you should have created an Exchange Server performance baseline.

Additional Load
Scenario
The server deployment is complete, but users are now complaining of reduced performance. You must
monitor the messaging system, and then compare the newly recorded results with the baseline that you
previously established.
Note As this is a training exercise, you will use Load Generator to simulate the load.
1.
Generate additional load with Load Generator to simulate the environment of heavier than planned
for usage.
2.
Compare the data with the baseline data.
Task 1: Generate additional load with Load Generator to simulate the environment
of heavier than planned for usage
1.
Switch to VAN-DC1.
2.
In Microsoft Exchange Load Generator, click Start a new test.
3.
Start a new test using the following steps:

a.
Click Use the following saved configuration file, and then click Browse.
b.
In the Please select a configuration file dialog box, double-click Baseline.xml, and then click
Continue.
c.
On the Specify test settings page, click Continue with recipient management.
d.
On the User settings page, in the text box, type 20, and then click Distribute users evenly
across databases.
e.
Click Continue.
f.
Create one per server
Use contacts
g.
In the Number of contact box, type 50 and then click Continue.
h.
i.
In the resulting item, in the Client Type list, click Outlook 2007 Online, and in the Action
Profile list, click Heavy.
j.
k.
In the resulting item, in the Client Type list, click Owa2010Module, and in the Action Profile
list, accept the defaults.
l.
Click Continue, and on the Remote configurations page, click Continue.
m. On the Configuration summary page, click Save the configuration file as.
n.
In the Save As dialog box, in the File name box, type Adatum, and then click Save.
o.
In the Configuration Saved dialog box, click OK.
p.
Click Skip initialization phase and run the simulation immediately.
4.
Switch to VAN-EX1, and switch to Performance Monitor.
5.
Start the Baseline data collector set, and then switch back to VAN-DC1.
6.
When the simulation completes, switch to VAN-EX1.
Task 2: Compare the data with the baseline data

1.
In Performance Monitor, stop the Baseline data collector set.
2.
In the right pane, right-click, and then click Properties.
3.
In the Performance Monitor Properties dialog box, click the Source tab, and then click Remove.
4.
Click Log files, and then click Add.
5.
In the Select Log File dialog box, click Up One Level, double-click the folder ending in 000002,
double-click DataCollector01.blg, and then click OK.
6.
View the counter values, and then complete the following table.
Counter
Memory Pages/sec
MSExchangeIS Mailbox - Messages Queued For
Submission
MSExchangeTransport Queues - Active Remote Delivery
Queue Length
MSExchangeTransport Queues - Retry Remote Delivery
Queue Length
MSExchangeTransport Queues - Submission Queue
Length
MSExchangeTransport SmtpReceive - Messages
Received/sec
Average
Counter
Average
MSExchangeTransport SmtpSend - Messages Sent/sec

Question: How do the values compare to the baseline data?
Results: After this exercise, you should have determined which server resources are likely to become
bottlenecked if server load continues to increase.

following steps:
1.
2.
3.
4.
Repeat these steps for 10233B-VAN-EX1, 10233B-VAN-EX2, and 10233B-VAN-EX3.

Note No virtual machines are required for the next lab.
Lab Instructions: Upgrading to Microsoft Exchange Server 2010
Module 11
Lab Instructions: Upgrading to Microsoft Exchange Server
2010
Contents:
Exercise 1: Discussion: Reviewing the Exchange Server 2010 Design
Lab: Upgrading to Exchange Server 2010
Lab Setup
This lab does not require any virtual machines.
Lab Scenario
The A. Datum Corporation headquarters in London and two remote locations (Vancouver and Tokyo) are
running Exchange Server 2003 and Outlook 2003. A. Datum Corporation will be adding two new
locations, and within the next six months it plans to migrate all existing users to Exchange Server 2010 and
Outlook 2010. Much of the Exchange Server 2010 messaging system design is complete.
The Trey Research location continues to run a POP3/SMTP messaging system, which you need to migrate
to Exchange Server 2010 and integrate with the rest of the Exchange organization. The Trey Research
domain is already deployed as a separate tree in the A. Datum forest. This integration of Trey Research will
be completed after the current infrastructure is upgraded.
Use the references on the following pages for this lab.
Adatum_ProposedADSiteDesign.vsd
Adatum_ProposedPerimeterDesign.vsd

Location
Internal users
Mobile users
London
(corporate
headquarters)
12,000 currently

800 Outlook users connecting through a virtual private
network (VPN)
London
(new office)
4,000 (anticipated)

San Diego
(former head
office of Trey
Research)
500
Vancouver
6,000

Tokyo
5,000

Chennai
(new office)
800 (anticipated)

A. Datum has deployed a single AD DS forest with a dedicated root domain named Adatum.com, and
three child domains in the same tree. These domains are:
EU.Adatum.com
NA.Adatum.com
AS.Adatum.com
Exchange_Server_2003_Configuration.doc
Location
Description
London
(corporate
headquarters)
Configured as a routing group

12 Exchange Server 2003 servers hosting mailboxes
Two load-balanced front-end servers to provide access for remote
users (mail.adatum.com)
A SPAM filtering appliance is in place
Vancouver

Eight Exchange Server 2003 servers hosting mailboxes
Tokyo

Eight Exchange Server 2003 servers hosting mailboxes

Scenario
In this exercise, you will design an upgrade strategy for the A. Datum organization. Based on the review of
the Exchange Server 2010 target state design, you will create an upgrade strategy for migrating from the
current environment to the target state design.
1.
2.
Update the A. Datum Upgrade Design document.
Review the following A Datum documentation:
Task 2: Update the A. Datum Upgrade Design document
Answer the questions in the A. Datum Upgrade Design Questions document, and then complete the
A. Datum Upgrade Design document.
A. Datum Upgrade Design
Document Author
Date
Jason Carlson
6th June 2010
Describe the upgrade strategy for the A. Datum organization.
Proposals
Question: Based on what you know about the A. Datum organization, what would be a reasonable
timeline for completing this migration?
Question: What are the factors that will affect the timeline?
Question: Where will you perform the schema upgrade?
Question: What is the process for preparing domains for Exchange Server 2010?
Question: How will you ensure that Exchange Server 2010 can coexist with Exchange Server 2003?
Question: Which site should be upgraded first?
Question: Which server role should be implemented first in that site?
(continued)
Question: Should coexistence occur in multiple sites or a single location?
Question: How will client access be configured to allow coexistence in the first site?
Question: How will message transport be configured to allow coexistence in the first site?
Question: How will mailboxes be moved in the first site?
Question: How will you move Internet message delivery from Exchange Server 2003 to Exchange
Server 2010 and use Edge Transport servers?
Question: When you begin migrating the second site to Exchange Server 2010, what process will you
use?
Question: How will you remove Exchange Server 2003?
Note
Results: After this exercise, you should have completed the A. Datum Upgrade document.

Lab Instructions: Integrating Microsoft Exchange Server 2010 with Other Messaging Systems
Module 12
Lab Instructions: Integrating Microsoft Exchange Server
2010 with Other Messaging Systems
Contents:
Exercise: Designing Exchange Server 2010 Integration with Office 365
Lab: Integrating Exchange Server 2010 with Other

Messaging Systems
Lab Scenario
locations. A. Datum Corporation is an international corporation involved in technology research and
investment, and has successfully implemented Exchange Server 2010 for messaging and collaboration.
As part of the growth strategy for A. Datum Corporation, your organization has purchased their
competitor company, Northwind Traders. You must design the integration of your Exchange Server 2010
organization, and the POP3/IMAP messaging system of Northwind Traders.

Scenario
After the purchase of Northwind Traders was finalized, the network group created a direct link between
the A. Datum Corporation data center and the Northwind Traders data center. User accounts, computers
accounts, and servers have been moved into the existing adatum.com domain.
The Northwind Traders data center is low on space. To reduce data center utilization, the existing
POP3/IMAP email system will be migrated to Office 365. You need to ensure that those users can receive
messages at their current email address (user@northwindtraders.com) in addition to the new adatum.com
domain that your organization uses. The adatum.com address will be configured as the primary address.
All incoming messages for A. Datum Corporation are scanned by an Edge Transport server in London. All
outbound messages are stamped with a legal disclaimer that includes a graphical company logo. It is not
possible to add a graphical logo with Exchange Server 2010 transport rules. So, third-party software is
installed on the Edge Transport server in London to add the legal disclaimer.
There are 800 mailboxes at Northwind Traders.
The main task for this exercise is as follows:
1.
Document the required configuration for migrating Northwind Traders email to Office 365.
Task 1: Document the required configuration for migrating Northwind Traders email to
Office 365

A. Datum Corporation and Northwind Traders Integration Plan
Document Author
Date
Jason Carlson
5th June 2010
Determine how to migrate Northwind Traders email to Office 365.
Proposals
Question: Does this scenario require a hybrid implementation of Office 365?
Question: Will inbound routing be to the on-premises Exchange Server organization or to
Office 365?
Question: Will outbound routing be centralized or decentralized?
Question: How will you configure MX records?
Question: How will you migrate mailboxes to Office 365?
Question: Will you configure single sign-on?
(continued)
Question: Do you need to configure a UPN to support single sign-on?
Question: What AD FS servers do you require to support single sign-on?
Question: What certificates do you need to support single sign-on?
Note
Results: After this exercise, you should have created a plan to migrate Northwind Traders email to
Office 365.
Lab Answer Key: Introduction to Designing a Microsoft Exchange Server 2010 Deployment
Module 1
Lab Answer Key: Introduction to Designing a Microsoft
Exchange Server 2010 Deployment
Contents
Exercise 3: Discussion: Real-World Best Practices for Setting

Budget Expectations
Module 1: Introduction to Designing a Microsoft Exchange

Server 2010 Deployment
Lab: Introduction to Designing an Exchange

Server 2010 Deployment
Task 1: Review A. Datum documentation
Adatum_Info.vsd
Requirements interview notes document
Task 2: Complete the appropriate sections in the Current Network Infrastructure

Analysis document
Complete the Current Network Infrastructure Analysis document.

Document Author
Date
Jason Carlson
31st January 2010
Active Directory Infrastructure Sites

Active Directory site name
Directory servers in each site
LondonSite
RD-LON-DC1
RD-LON-DC1
EU-LON-DC1
EU-LON-DC2
LondonSite2
EU-LON-DC3
VancouverSite
RD-TOR-DC1
NA-TOR-DC1
NA-TOR-DC2
SanDiegoSite
AD-SAN-DC1
AD-SAN-DC2
TokyoSite
RD-TOK-DC1
AS-TOK-DC1
AS-TOK-DC2
Chennai
AS-CHE-DC1
(continued)
Additional notes
Active Directory Infrastructure Forest and domain topology

Forest
Domains in each forest
Adatum.com Adatum.com
EU.Adatum.com
NA.Adatum.com
AS.Adatum.com
TreyResearch.net
Additional notes
Task 3: Complete the appropriate sections in the Current Messaging Infrastructure

Analysis document
Complete the relevant sections of the following document.

A Datum Current Messaging Infrastructure Analysis
Document Author
Date
Jason Carlson
31st January 2010

Server name
Exchange version and

SP level
Server role
Location
LON-MSG-FE1
Front-end server
London
LON-MSG-BH1
Front-end server
London
LON-MSG-BE1
Back-end server
London
LON-MSG-BE2
Back-end server
London
LON-MSG-BE3
Back-end server
London
LON-MSG-BE4
Back-end server
London
LON-MSG-BE5
Back-end server
London
LON-MSG-BE6
Back-end server
London
(continued)
A Datum Current Messaging Infrastructure Analysis
Server name
Exchange version and

SP level
Server role
Location
LON-MSG-PF1
Public Folder server
London
VAN-MSG-FE1
Front-end server
Vancouver
VAN-MSG-BH1
Front-end server
Vancouver
VAN-MSG-BE1
Back-end server
Vancouver
VAN-MSG-BE2
Back-end server
Vancouver
VAN-MSG-BE3
Back-end server
Vancouver
VAN-MSG-PF1
Vancouver
TOK-MSG-FE1
Front-end server
Vancouver
TOK-MSG-BH1
Front-end server
Vancouver
TOK-MSG-BE1
Back-end server
Vancouver
TOK-MSG-BE2
Back-end server
Vancouver
TOK-MSG-BE3
Back-end server
Vancouver
TOK-MSG-PF1
Vancouver
Additional notes
Exchange Organization information

Configuration
Settings
Administrative
groups
LondonAG, VancouverAG, TokyoAG, RoutingGroupAG
Administrator groups
LondonExAdmins, VancouverExAdmins, TokyoExAdmins,

EnterpriseExAdmins
Routing groups
LondonRG, VancouverRG, TokyoRG
SMTP namespaces
Adatum.com, TreyResearch.net
Additional notes
Results: After this exercise, you should have completed the appropriate sections in the Current Messaging
Infrastructure Analysis document.

Task 1: Discuss the questions
Discuss as a group. You will incorporate your answers in to the requirements documentation.
1.
2.
What are A. Datum Corporations requirements and pain points? Answers below:
Madeleine Kelly, the CEO, anticipates rapid growth and multiple acquisitions.
Karen Toh, VP Europe, says her Sales staff needs access to e-mail from anywhere.
Marcel Truempy, CIO, cited a period of unavailability that resulted in business lost; highavailability is important.
Scott MacDonald, VP North America, is concerned about legal and corporate regulatory
compliance issues.
Gareth Chan, VP Asia, needs a means of confidential communication with Contoso, Ltd.
Shane DeSeranno, Network Operations Manager, requires that all network traffic entering the
corporate network is encrypted.
Jason Carlson, Network Specialist, states that the wide area network (WAN) is pretty reliable, but
that it lacks bandwidth between some company locations.
Tzipi Butnaru, Directory Services Manager, explains that all domain controllers are running
Windows Server 2008 Service Pack 1 (SP1), and does not anticipate wanting to make additional
Active Directory Domain Services (AD DS) infrastructure changes.
Conor Cunningham, Messaging Services Manager, wants to make Outlook Web App available
to users currently using Post Office Protocol (POP) from home. Additionally, he states that many
users are requesting access to e-mail services from their mobile phones.
How can Exchange Server 2010 help address the requirements? Answers below:
Exchange Server 2010 is very scalable, and can easily support the anticipated mergers and
acquisitions.
Exchange Server 2010 supports e-mail from many devices, including web browsers and mobile
phones.
Exchange Server 2010 provides a number of high-availability features, including Database

Availability Groups, Mailbox Database Copies, and Active Manager.
Exchange Server 2010 implements features that enable organizations to remain compliant with
legal and corporate messaging policies. Features include: messaging records management, Multimailbox search, legal hold, information rights management protection, personal archive, and
transport rules.
Exchange Server 2010 can support secure communication channels between partner
organizations.
Exchange Server 2010 supports a number of encryption methods so that only encrypted traffic
can enter the corporate network through the internal firewall.
Exchange Server 2010 can be configured to use the existing site configuration, or to use an
Exchange-specific site configuration; this enables a network administrator to get the most out of
their WAN links.
There is no reason why the AD DS configuration needs to be modified in order to support

Exchange Server; however, Exchange Server does support an Exchange-specific site configuration.
Exchange Server 2010 supports the POP protocol. It also supports e-mail access from web
browsers and mobile phones. The users requirement for secure anywhere-access to their e-mail
is supported.
Task 2: Complete the appropriate sections in the Project Requirements Analysis

document

A Datum Project Requirements Analysis
Document Author
Date
Jason Carlson
31st January 2010
Summary of business requirements

This section provides a summary of the information collected during the business requirements
analysis task. It is important to clearly define the needs that must be addressed so that the
organization can perform its business tasks more effectively and efficiently:
The messaging solution must be very flexible and easily expanded.
The messaging solution must provide users with e-mail access anywhere in the world at any
time.
The messaging solution must be able to enforce compliance requirements.
Need to provide access to the mailbox servers for more messaging clients, including clients
with more functionality than POP3 and mobile clients.
Summary of functional requirements
This section lists the functional requirements identified during the requirements analysis task. The
functional requirements define how the proposed technology will address the projects business
requirements. This section may be quite extensive, as it relates to many areas such as performance,
security, manageability, usability, availability, and scalability:
The messaging system must have very high availability.
The messaging system must provide a high level of security for exchanging e-mail with
partner organizations.
Summary of additional requirements
This section lists the additional requirements identified during the requirements analysis task.
Additional requirements may include data related to additional stakeholders, required technology,
and user requirements:
Mailbox size limits need to be increased.
(continued)
A Datum Project Requirements Analysis
Project priorities and constraints
This section outlines the identified project priorities and constraints. During the requirements
analysis task, specific priorities should have been identified related to the schedule, resources, or
features that must, or must not, be included in the project:
The budget may be a constraint on the project.
Unencrypted traffic can be allowed into the perimeter network, but not to the internal network.
There may be resistance to making any changes to the Active Directory configuration.
Task 3: Discuss the components that you will need to include in the Exchange Server
design to meet the company requirements
Discuss the following questions:

1.
2.
business requirements?
Answer: Configure the Client Access server role to provide users with e-mail access
anywhere in the world at any time.
Answer: Configure the Hub Transport server role to enforce compliance requirements.
Answer: Configure the Client Access server role to provide access to the mailbox servers for
more messaging clients, including clients with more functionality than POP3 and mobile
clients.
technical and additional requirements?
Answer: Configure Database Availability Groups, Mailbox Database Copies, and Active
Manager to provide for high availability.
Answer: Configure the messaging transport to provide a high level of security for
exchanging e-mail with partner organizations.
Answer: Configure Mailbox policies to increase the mailbox size limits.
Results: After this exercise, you should have completed the A. Datum Project Requirements documents.
Exercise 3: Discussion: Real-World Best Practices for Setting Budget

Expectations
Task: Answer the following questions
1.
What information is required to set the preliminary budget?

Answer: Answers include:
2.
Project vision and scope
Business requirements (What business problems is this project expected to solve?)
Functional requirements
Project constraints
How do you resolve scenarios where addressing all of the requirements will cost significantly more
than the proposed budget?
Answer: This can be very complicated. In the projects early stage, the most important step is to alert
business sponsors that there may be budget issues. This enables them to prepare for a future tradeoff
discussion, or consider increasing the budget. You also may need to provide the business sponsor
with an initial proposal identifying the project components that will cost the most money.
Results: After this exercise, you should have answered the preceding questions.

Task 1: Review the High Availability Requirements document that the CIO and COO
have created
Review the High Availability Information Requirements document.
Task 2: Create a list of additional information needed to create the SLA

1.
Working with group members, brainstorm a list of other information that is required to create the
SLA.
2.

A Datum Refining the Scope of SLA Requirements
Document Author
Date
Jason Carlson
31st January 2010
Questions
Are these objectives specific and measurable?

Are these objectives reasonable and attainable?
Do these objectives add value to the organization?
What types of users are accessing the system and when?
Do all users have the same availability requirements?
How does an internal or Internet e-mail outage affect various user groups?
What availability percentage is our goal?
Which users have priority when restoring mailboxes?
Which business processes does an internal e-mail outage affect?
What is the cost of an internal e-mail outage?
Which business processes does an Internet e-mail outage affect?
What is the cost of an Internet e-mail outage?
What budget is available for high-availability infrastructure improvements?
What times are available for maintenance?
How will we measure internal message delivery times?
Within exactly how many minutes should message delivery occur?
Exactly what outage types are acceptable when an Exchange Server fails? Seconds? Minutes?
Hours?
When an Exchange Server fails, is it acceptable to quickly recover users ability to send and
receive e-mail, or do we also need to recover mailbox contents quickly?
Do all users have a requirement to lose no messages during a server failure?
How quickly do we need to recover if an entire physical location is lost?
What is the reliability of our existing network infrastructure?
What is the reliability of our existing Internet connection?
10
Task 3: Discuss your solution with the class
Participate in the discussion led by your instructor.
Results: After this exercise, you should have completed the High Availability Information document.

When you finish the lab, start the virtual machines that will be required for the next lab. To do this,
1.
2.
In Hyper-V Manager, click 10233B-NYC-DC1, and in the Actions pane, click Start.
3.
In the Actions pane, click Connect. Wait until the virtual machine starts.
4.
Log on using the following credentials:
5.
User name: Administrator
Password: Pa$$w0rd
Domain: Contoso
Repeat steps 2 to 4 for virtual machines 10233B-NYC-SVR1.
Lab Answer Key: Designing Microsoft Exchange Server 2010 Integration with the Current Infrastructure
Module 2
Lab Answer Key: Designing Microsoft Exchange Server
2010 Integration with the Current Infrastructure
Contents
Module 2: Designing Microsoft Exchange Server 2010

Integration with the Current Infrastructure
Lab: Designing Exchange Server Integration

with the Current Infrastructure
Task 1: Review the supplied documentation
Review the diagram and read the supporting documentation.

Question: Based on the supplied information, is there anything you might need to
reconfigure before deploying Exchange Server?
Answer: Answers will vary. However, it depends on how you propose to implement the
Microsoft Exchange Server for users in Branch Office 2. Exchange Server 2010 does not
support deployment in sites that contain read only domain controllers (RODCs). Therefore,
you must either remove the RODC and replace it with a domain controller, or else store user
mailboxes for that branch in the head office site in NYC. This latter solution may have
implications for the available bandwidth over the 10 megabits per second Mbps) link
between the head office and Branch Office 2. To mitigate, you could consider deploying
Microsoft Outlook Web App to Branch Office 2.
Question: What else do you need to know before you can begin deploying Exchange Server
2010?
Answer: Answers will vary. You will need to know:
Whether there is an existing version of Exchange Server or other messaging system installed.
What email clients users are currently using.
What the firewall configuration is (in terms of allowed ports) and both the Windows Firewall
settings and any firewalls that separate the corporate network from the Internet.
The specifics of the delegated administration Ed Meadows envisages at the branches.
Whether the current Domain Name System (DNS) configuration is appropriate to support
Exchange Server 2010, and both the internal DNS and external DNS.
Whether there is a certification authority (CA) in place to provide the necessary certificates for
Exchange Server. In the early test phases, using the self-signed certificates is acceptable; however,
thereafter, commercial certificates should be sought in the absence of a suitable internal Public
Key Infrastructure (PKI).
Task 3: Complete a report that provides information about necessary changes

required to the network and AD DS infrastructure to enable support for Exchange Server
2010

Document Author
Date
Jason Carlson
11th February 2010
To determine what changes, if any, are required to the existing network and AD DS infrastructure to
Proposals
Question: The internal and external DNS zone names are the same for Contosoi.e. Contoso.com.
What issue does this raise for clients connecting to their mailboxes using Outlook Web App from
their home computers?
Answer: You may need to configure split DNS to ensure host names are resolved the appropriate
internal or external IP address.
Question: What DNS records must you configure in the external Contoso.com DNS zone?
Answer: Host (A or AAAA) resource records, mail exchanger (MX) resource records, and Sender
Policy Framework (SPF) resource records are required.
Question: How do you propose to support the messaging needs of users in Branch Office 2?
Answer: As Exchange Server 2010 does not support deployment in sites that contain an RODC; the
RODC must either be removed and replaced with a full domain controller, or else the users must
use an Exchange Mailbox server in the head office site.
Question: What messaging client will you deploy to Branch Office 2?
Answer: That depends on how the RODC issue is resolved. If the RODC is removed, the users could
use Outlook Web App to ensure that the bandwidth of the connection to the head office is not
excessively consumed. If a full DC is deployed to the Branch Office 2 site, then any suitable client
including Microsoft Office Outlook 2007 or 2010could be deployed.
Question: What server role must you consider deploying in the head office to facilitate inbound
and outbound messaging to and from the Internet?
Answer: An Exchange Edge Transport server should be deployed in the perimeter network.
Question: How many Client Access servers do you envisage needing?
Answer: At least one per site where mailboxes reside; if Branch Office 2 does not host a Mailbox
server, then there is no need to provide a Client Access server there. For high availability, consider
deploying at least two Client Access servers per site.
(continued)
Question: How many Hub Transport servers are required?
Answer: At least one per site where mailboxes reside. If Branch Office 2 does not host a Mailbox
server, then there is no need to provide a Hub Transport server there. For high availability, consider
deploying at least two Hub Transport servers per site.
Question: Ed Meadows has explained that the administrators at the Branch Office 1 site needs to
be able to perform limited recipient management tasks. To which built-in role group should you
assign these branch administrators?
Answer: They should be assigned to the Help Desk role group.
Note
Results: After this exercise, you should have completed the Contoso Exchange Server network
infrastructure report.

Task 1: Evaluate the AD DS requirements
1.
On NYC-DC1, click Start, right-click Computer, and then click Properties.
2.
On the System page, in the Windows edition section, verify that the domain controller operating
system is compatible with Exchange Server 2010 requirements.
3.
Close the System page.
4.
Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
5.
Right-click Contoso.com, and then click Properties.
6.
In the Contoso.com Properties dialog box, verify that the domain and forest functional levels are
compatible with the Exchange Server 2010 requirements.
7.
Click OK, and then close Active Directory Users and Computers.
8.
Click Start, in the Search box, type adsiedit.msc, and then press Enter.
9.
Right-click ADSI Edit, and then click Connect to.
10. In the Connection Settings dialog box, in the Connection Point section, in the Select a well known
Naming Context list, click Configuration, and then click OK.
11. In the left pane, expand Configuration[NYC-DC1.Contoso.com], and then click
CN=Configuration,DC=Contoso,DC=com.
12. Expand CN=Services, and verify that the CN=Microsoft Exchange has not been created.
13. Close ADSI Edit.
Task 2: Evaluate the DNS requirements

1.
On NYC-SVR1, click Start, in the Search box, type cmd, and then press Enter.
2.
At the command prompt, type IPConfig /all, and then press Enter. Verify that the DNS server IP
address for the Local Area Connection is 10.10.10.10.
3.
At the command prompt, type Ping NYC-DC1.contoso.com. Verify that you have network
connectivity with the domain controller.
4.
At the command prompt, type Nslookup, and then press Enter.
5.
At the command prompt, type set type=all, and then press Enter.
6.
At the command prompt, type _ ldap._tcp.dc._msdcs.Contoso.com, and then press Enter. Verify that
an SRV record is returned.
7.
Close the command prompt.
Task 3: Evaluate the server requirements

1.
On NYC-SVR1, click Start, point to Administrative Tools, and then click Server Manager.
2.
In the left pane, click Features. Verify that no Windows Server 2008 features are installed, including
the Active Directory Domain Services (AD DS) management tools.
3.
In the left pane, click Roles. Verify that no Windows Server 2008 roles are installed.
4.
Click Start, and point to Administrative Tools. Verify that Internet Information Services (IIS)
Management is not listed.
5.
Click Start, click All Programs, click Accessories, click Windows PowerShell, and then click
Windows PowerShell.
6.
At the Windows PowerShell prompt, type help about_windows_powershell, and then press Enter.
Verify that about_Windows_PowerShell_2.0 is listed. It is installed with Windows PowerShell 2.0.
7.
Close Windows PowerShell.
8.
Click Start, and then click Control Panel.
9.
In Control Panel, click Programs.
10. In the Programs and Features window, click Programs and Features. Verify that Microsoft Filter
Pack 2.0 is installed.
11. Close the Programs and Features window.
Results: After this exercise, you should have evaluated whether your organization meets the AD DS, DNS,
and server requirements for installing Exchange Server 2010. You should have identified the additional
components that need to be installed or configured to meet the requirements.

Task 1: Install the Windows Server 2008 server roles and features
1.
On NYC-SVR1, in Server Manager, click Features, and then click Add Features.
2.
In the Select Features page, expand Remote Server Administration Tools, expand Role
Administration Tools, expand AD DS and AD LDS Tools, expand AD DS Tools, and then select the
AD DS Snap-Ins and Command-Line Tools check box.
3.
Expand .NET Framework 3.5.1 Features, and then select the .NET Framework 3.5.1 check box.
4.
Expand WCF Activation, select the HTTP Activation check box, and then click Add Required Role
Services.
5.
Select the RPC over HTTP Proxy check box, click Add Required Role Services, and then click Next.
6.
On the Web Server (IIS) page, click Next.
7.
On the Select Role Services page, under Security, select the Digest Authentication check box.
8.
Under Performance, select the Dynamic Content Compression check box.
9.
Under IIS 6 Management Compatibility, select the IIS 6 Management Console check box.
10. Click Next, and then click Install.

11. Click Close.
12. Click Start, point to Administrative Tools, and then click Services.
13. In the Services list, double-click Net.Tcp Port Sharing Service.
14. In the Net.TCP Port Sharing Service Properties dialog box, in the Startup type drop-down list,
click Automatic, and then click Apply.
15. Click Start, wait for the service to start, and then click OK.
16. Close the Services console.
Task 2: Prepare AD DS for the Exchange Server 2010 installation

This task requires that the Exchange Server 2010 .iso be attached to the NYC-SVR1 virtual machine as a
DVD drive. Complete the following steps to attach it.
1.
In the 10233B-NYC-SVR1 on localhost Virtual Machine Connection window, on the File menu, click
Settings.
2.
Click DVD Drive, and then click Image File.
3.
Click Browse, and browse to C:\Program Files\Microsoft Learning

\10233\Drives.
4.
Click EXCH2010SP2.iso, click Open, and then click OK.
5.
On NYC-SVR1, close the autoplay dialog box, and open a command prompt.
6.
Type D:\setup.com /PrepareAD /OrganizationName:Contoso, and then press Enter.
7.
When the task completes, close the command prompt window.
Results: After this exercise, you should have prepared the AD DS and server configuration for the
Exchange Server 2010 installation.

Task: Configure permissions for Adam Carter, the branch administrator
1.
On NYC-SVR1, open Active Directory Users and Computers.
2.
Expand Users, right-click Users, point to New and then click User.
3.
In the New Object User dialog box, in the Full Name box, type Adam Carter.
4.
In the User logon name box, type Adam, and then click Next.
5.
In the Password and Confirm password boxes, type Pa$$w0rd.
6.
Click Next and then click Finish.
7.
In Active Directory Users and Computers, click Microsoft Exchange Security Groups, and then
double-click Help Desk.
8.
On the Members tab, click Add.
9.
In the Enter the object names to select field, type Adam Carter, and then click OK twice.
Results: After this exercise, you should have delegated administration.

When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:
1.
2.
Right-click 10233B-NYC-DC1 in the Virtual Machines list, and then click Revert.
3.
4.
Repeat these steps for virtual machines 10233B-NYC-SVR1.
5.
6.
7.
8.
Lab Answer Key: Planning and Deploying Mailbox Services
Module 3
Contents:
10
12
Module 3: Planning and Deploying Mailbox Services
Lab: Planning and Deploying Mailbox

Services

Note
Question: In the Server Design Interviews, what points are raised that impact your Mailbox server
Answer:
A single server or component failure cannot be the cause of messaging system unavailability. Multiple
Mailbox servers must be deployed in each site.
The system must be scalable to grow capacity by at least 30 percent over 3 years.
There is a Storage Area Network (SAN) in London, Tokyo, and Toronto. These will be high
performance, but expensive.
San Diego and Chennai do not have a SAN and need to use direct access storage (DAS).
Mailbox sizes are increasing to 500 megabytes (MB) for basic users, and a personal archive of 1 GB.
Exceptional usersabout 25 percent of userswill have a mailbox of 1 GB and a personal archive of
2 GB.
Question: In the Server Design Statistics, what information is relevant to determining a server design, and
why?
Answer: All of the information in this document is relevant to developing a server design. This document
describes the size of mailboxes and the amount of user activity.
Task 3: Perform high level planning for Mailbox server storage in London

A. Datum high level planning for mailbox servers in London
Document Author
Date
Jason Carlson
2nd April 2010
Create a high level plan for Mailbox server storage in London.
N/A
Question: Assuming that there are 12,000 users in London, how much disk space is required for
mailbox databases?
Answer: There will be 9,000 users with a 500 MB mailbox and a personal archive of 1 GB. There will
be 3,000 users with a 1 GB mailbox and a 2 GB personal archive. The total storage space potentially
required is 22.5 terabytes (TB).
The initial deployment will not require this much space because user mailboxes will not all be at
their limit, but this shows the maximum potential size.
Question: Should the disk space for Mailbox servers be SAN or DAS?
Answer: The SAN has only 10 TB free and cannot support holding even a single copy of all mailbox
data. Expanding the SAN will be very expensive. Therefore, DAS should be used.
Question: If DAS is used, will the disk space use RAID or JBOD?
Answer: Because there are three replicated copies of the data, consider using JBOD. From a
performance perspective, there is no reason to use RAID. If the final design includes more than
three data copies, JBOD should be used.
Question: What size and speed of disk do you think is appropriate?
Answer: To support the large volume of data, slower and less expensive disks such as 7200 RPM
SAS disks should be used. The 7200 RPM SAS disks are close to the same price as SATA drives but
are more reliable. You do not need disks with a higher RPM because Exchange Server 2010 has
lower I/O requirements.
Question: Should transaction logs be stored on a separate LUN from database files?
Answer: When there are multiple replicated copies, you do not need a separate LUN for
transaction logs. Recovery is performed by using an alternate copy of the database rather than by
restoring and then replaying transaction logs. In most cases, circular logging is used and there is no
option to replay transaction logs.
Task 4: Use the Exchange 2010 Mailbox Server Role Requirements Calculator
spreadsheet to determine the configuration
1.
On VAN-CL1, open the \\VAN-EX1\E$\Labfiles\LabResources\E2010Calc18.2.xlsm spreadsheet.

Click Enable Content and then click Yes.
2.
Enter the following data on the Input tab:
Exchange Environment Configuration
Global Catalog Architecture: 64-bit
Server Multi-Role Configuration: No
Server Role Virtualization: No
High Availability Deployment: YES
Number of Mailbox Servers Hosting Active Mailboxes/DAG (Primary Datacenter): 2
Number of Database Availability Groups: 1
Mailbox Database Copy Configuration
Total Number of HA Database Copy Instances (Includes Active Copy) within DAG: 3
Total Number of Lagged Database Copy Instances within DAG: 0
Number of HA Database Copy Instances Deployed in Secondary Datacenter: 1
Exchange Data Configuration
Data Overhead Factor: 20%
Mailbox Moves / Week Percentage: 1%
Dedicated Maintenance / Restore LUN: Yes
LUN Free Space Percentage: 20%
Exchange I/O Configuration
I/O Overhead Factor: 20%
Additional I/O Requirement / Server: 0
Site Resilience Configuration
Site Resilient Deployment: Yes
Site Resilience User Distribution Model: Active/Passive
Site Resilience Recovery Point Objective (Hours): 24
Activation Block Secondary Datacenter Mailbox Servers: Yes
Database Configuration
Maximum Database Size Configuration: Default
Automatically Calculate Number of Unique Databases / DAG: Yes
Calculate Number of Unique Databases / DAG for Symmetrical Distribution: No
Total Number of Tier 1 User Mailboxes: 3000
Projected Mailbox Number Growth Percentage: 30%
Total Send/Receive Capability / Mailbox / Day: 100 messages
Average Message Size (KB): 50
Mailbox Size Limit (MB): 1000
Personal Archive Mailbox Size Limit (MB): 2000
Total Number of Tier 2 User Mailboxes: 9000
Projected Mailbox Number Growth Percentage: 30%
Total Send/Receive Capability / Mailbox / Day: 50 messages
Average Message Size (KB): 25
Mailbox Size Limit (MB): 500
Personal Archive Mailbox Size Limit (MB): 1000
Backup Configuration
Backup Methodology: Exchange Native Data Protection
Database and Log Isolation Configured: No
Backup/Truncation Failure Tolerance: 3
Network Failure Tolerance (Days): 0
Storage Options
Consider Storage Designs Utilizing JBOD (if applicable): Yes
Primary Datacenter Disk Configuration
3.
Database + Log: 2000 GB, 7.2K RPM SAS 3.5
Restore Lun: 2000 GB, 7.2K RPM SAS 3.5
Secondary Datacenter Disk Configuration
Database + Log: 2000 GB, 7.2K RPM SAS 3.5
Restore Lun: 2000 GB, 7.2K RPM SAS 3.5
Server Configuration
Primary Datacenter Mailbox Servers: 12 cores per server, SPECint2006 Rate of 400
Primary Datacenter Mailbox Servers: 12 cores per server, SPECint2006 Rate of 400
Log Replication Configuration
For Hours 1-5,20-24: 1%
For Hours: 6-7,18-19: 5%
For Hours 8-17, 7%
Network Configuration:
Network Link Type: Fast Ethernet
Network Link Latency: 50.00
Log off of VAN-CL1.
Task 5: Update the A. Datum Large Mailbox server design document

Document Author
Date
Jason Carlson
2nd April 2010
Determine the hardware configuration for large Mailbox servers that use DAS.
N/A
Proposals
Question: What is the processor configuration for each server?
Answer: 12 server cores with a SPECint2006 Rate value of 400
Question: What type of disks are being used?
Answer: 2000 GB, 7.2K RPM SAS
Question: How many databases are recommended?
Answer: The DAG requires 30 databases.
(continued)
Question: How many mailboxes are recommended for each database?
Answer: 500 mailboxes are recommended for each database.
Question: What is the recommended RAM for this server?
Answer: 96 GB
Question: What is the expected CPU utilization for this server?
Answer: 33 percent
Question: What is the recommended number of LUNs on the server?
Answer: Total recommended LUNs for Exchange are 31:
30 LUNs for databases and logs
1 LUN for restores
Question: How many databases are recommended per LUN?
Answer: 1
Question: What is the total disk space required per server?
Answer: The total disk space required is approximately 53 TB (53118 GB):
51553 GB for database and log LUNs
1565 GB for a restore LUN
Question: What type of RAID is recommended?
Answer: JBOD is recommended for the primary datacenter because there are three database
copies. RAID 1/0 (also known as RAID 10) is recommended for the secondary datacenter LUNs that
hold database copies and logs. RAID 5 is recommended for the secondary datacenter restore LUN.
Question: How many database disks are recommended for the primary datacenter servers?
Answer: 31
Question: How many database disks are recommended for the secondary datacenter server?
Answer: 59
Note


Note
Question: In the Recipient Management Interviews, what points are raised that impact your Mailbox
server deployment plan, and how do they impact it?
Answer: This entire document is relevant to the planning of recipient management. However, the specific
points raised are:
When sending mail, users must use the email address associated with their business unit, but when
receiving email, all domains must be allowed.
Information Technology (IT) Client Services staff in each location must be able to manage recipients
in that location only. Team leaders must be able to manage recipients throughout the entire
organization.
Automated booking of meeting rooms is desired, with exceptions approved by a designated person.
Group management by department representatives is desired.

Document Author
Date
Jason Carlson
2nd April 2010
Determine the configuration required to meet recipient management needs.
Proposals
Question: How will you ensure that recipients are assigned the correct email addresses?
Answer: Two email address policies need to be created:
The first e-mail address policy will have a condition that matches only A. Datum recipients.
The condition could be based on recipients in specific organizational units (OUs) or
recipients with the Company defined in Active Directory Domain Services.
The second e-mail address policy will have a condition that matches only Trey Research
recipients.
Each policy will be configured with both domains. The e-mail address policy for A. Datum
Corporation will use adatum.com as the Reply To address. The e-mail address policy for Trey
Research will use TreyResearch.net as the Reply To address.
(continued)
Question: How will you enable the IT Client Services staff to perform recipient management?
Answer: Team leaders can be made members of the Recipient Management role group. This group
has management permissions for the recipients in the entire Exchange Server organization.
New Recipient Management role groups should be created for each physical location. These role
groups will be scoped to limit management permissions to manage recipients only within a specific
OU that represents each physical location.
Question: How will you meet the needs for meeting room bookings?
Answer: Each meeting room will be created as a resource mailbox. You can then determine the inpolicy and out-of-policy settings for each meeting room. A delegate for each meeting room will be
configured to arbitrate conflicts, and approve or deny out-of-policy requests.
Question: How will you address the needs for distribution group management?
Answer: Exchange Server 2010 supports delegation of distribution group membership
management. The person that is configured as group manager is able to modify the distribution list
membership by using the Exchange Control Panel.
Question: How will you address the need for separating the address books for A. Datum and Trey
Research?
Answer: Create separate address lists for each organization and then distribute the appropriate
address lists by using address book policies. The appropriate address book policy must be
associated with each user. To simplify this you must have an identifying attribute that can be
queried when performing the assignment. You should also have an identifying attribute that can be
queried when specifying GAL members.
Note
10

Server Design Interview

Note
Question: In the Public Folder Interviews, what points are raised that impact your public folder
Answer: This entire document is relevant to the planning of recipient management. However, the specific
points raised are:
The Executives want a new public folder for private communication that is available quickly from any
location, and is not impacted by a server failure.
Requests for new public folders are being encouraged to evaluate Microsoft SharePoint as an
alternative.
IT Client Services would like a new collaboration tool.
Question: In the Server Design Interview, what points are raised that impact your public folder
Answer: Many clients still use Microsoft Office Outlook 2003. Office Outlook 2003 clients require public
folders to access free/busy information, and to download offline address books.
11

A. Datum public folder configuration
Document Author
Date
Jason Carlson
2nd April 2010
Determine the configuration required to meet public folder needs.
Proposals
Question: How will you address the executives desire for public folders?
Answer: Since Erik has made it clear that he does not want to use SharePoint, a public folder
should be created. This public folder should be replicated to all locations in the organization for fast
access regardless of location. The replication also helps ensure high availability.
Question: How will you address the IT Client Services request for a public folder?
Answer: IT Client Services should be encouraged to use SharePoint instead of public folders. This
will provide them with many more options for collaboration.
Question: Other than the public folder for executives, which other public folders are required?
Answer: To support Office Outlook 2003 clients, the system public folders for free/busy searches
and offline address books must be available in all locations. This requires that you create at least
one public folder database in each physical location. Public folder databases will not exist in each
physical location by default.
Note
12

Task 1: Configure an address book policy for Trey Research
1.
On VAN-EX1, click Start, point to Administrative Tools, and click Active Directory Users and
Computers.
2.
In Active Directory Users and Computers, right-click Adatum.com, point to New, and click
Organizational Unit.
3.
In the New Object Organizational Unit window, in the Name box, type Trey, and click OK.
4.
In the left pane, click Marketing then click and drag Wei Yu to the Trey organizational unit.
5.
In the Active Directory Domain Services window, click Yes.
6.
Close Active Directory Users and Computers.
7.
Click Start, point to All Programs, click Microsoft Exchange Server 2010, and then click Exchange
Management Console.
8.
In the Exchange Management Console, expand Microsoft Exchange On-Premises, expand

Organization Configuration, and then click Mailbox.
9.
In the Actions pane, click New Address List.
10. In the New Address List wizard, on the Introduction page, enter the following settings and click
Next.
Name: Trey Users
Display Name: Trey Users
Container: \
11. On the Filter Settings page, click Browse, click Trey, and click OK.
12. Click The following specific types, select the Users with Exchange mailboxes check box, and click
Next.
13. On the Conditions page, click Next.
14. On the Schedule page, click Next to apply all changes immediately.
15. On the New Address List page, click New.
16. On the Completion page, click Finish.
17. In the Actions pane, click New Address List.
18. In the New Address List wizard, on the Introduction page, enter the following settings and click
Next.
Name: Trey Rooms
Display Name: Trey Rooms
Container: \
19. On the Filter Settings page, click Browse, click Trey, and click OK.
20. Click The following specific types, select the Resource mailboxes check box, and click Next.
13
22. On the Schedule page, click Next to apply all changes immediately.
23. On the New Address List page, click New.
25. Click Start, point to All Programs, click Microsoft Exchange Server 2010, and then click Exchange
Management Shell.
26. In the Exchange Management Shell, type the following command, and then press ENTER.
New-GlobalAddressList TreyGAL RecipientContainer ou=Trey,dc=adatum,dc=com
New-OfflineAddressBook TreyOAB AddressLists TreyGAL
28. In the Exchange Management Console, click New Address Book Policy.
29. In the New Address Book Policy wizard, in the Name box, type TreyABP.
30. Beside the Global address list box, click Browse, click TreyGAL, and click OK.
31. Beside the Offline address list box, click Browse, click TreyOAB, and click OK.
32. Beside the Room list box, click Browse, click Trey Rooms, and click OK.
33. Under Address lists, click Add, click Trey Users, and click OK.
34. Click New.
36. Close the Exchange Management Console.
Get-Mailbox OrganizationalUnit Trey | Set-Mailbox AddressBookPolicy TreyABP
38. Close the Exchange Management Shell.

39. On NYC-CL1, log on as Adatum\Wei with the password Pa$$w0rd.
40. Click Start, point to All Programs, click Microsoft Office, and click Microsoft Outlook 2010.
41. In the Microsoft Outlook 2010 Startup wizard, click Next three times to configure Outlook.
42. Click Finish to close the wizard.
43. In the User Name window, click OK.
44. In the Welcome to Microsoft Office 2010 window, click Dont make changes and then click OK.
45. On the Home tab, click Address Book.
46. Notice that the Global Address List does not have any content because the OAB has not been
generated yet.
47. Select the Trey Users address book and verify that Wei is the only user listed.
48. Close all open windows and log off of VAN-CL1.
14
Task 2: Create and configure a resource mailbox

1.
On VAN-EX1, open the Exchange Management Console, browse to Recipient Configuration, and
then click Mailbox.
2.
In the Actions pane, click New Mailbox.
3.
In the New Mailbox window, click Room Mailbox, and then click Next.
4.
On the User Type page, click New user, and then click Next.
5.
On the User Information page, enter the following information, and then click Next.
First name: Room 100
User logon name: Room100
6.
On the Mailbox settings page, in the Alias box, type Room100, and then click Next.
7.
On the New Mailbox page, click New.
8.
On the Completion page, click Finish.
9.
Right-click Room 100, and then click Properties.
10. In the Room 100 Properties window, click the Resource General tab, and then select the Enable the
Resource Booking Attendant check box.
11. Click the Resource Policy tab. Under Specify delegates of this mailbox, click Add, click Andreas
Herbinger, and then click OK.
12. Click the Resource Out-of-Policy Requests tab, click Add, click Luca Dellamore, and then click OK.
13. In the Room 100 Properties window, click OK.
Task 3: Test the delegation of a resource mailbox

1.
On VAN-CL1, log on as Adatum\Luca using the password Pa$$w0rd.
2.
Click Start, point to All Programs, click Microsoft Office, and then click Microsoft Outlook 2010.
3.
In Outlook, click New Items and Meeting.
4.
In the Untitled Meeting window, enter the following, and then click the Check Names button.
To: Luca; Conor
Subject: Exchange Planning
Start time: Tomorrow 1pm
End Time: Tomorrow 2pm
5.
Click Rooms, double-click Room 100, and then click OK.
6.
Click Send.
Notice that an automatic response is received indicating that the booking was accepted by Room
100, because the request is in-policy. The response may take a minute or so to appear.
7.
In Outlook, click New Items, and then click Meeting.
8.
9.
15
In the Untitled Meeting window, enter the following, and then click the Check Names button.
To: Luca; Conor
Subject: Exchange Project Review
Start time: 9 months from today at 1pm
End Time: 9 months from today at 2pm
Click Rooms, double-click Room 100, and then click OK.
10. Click Send.

11. Wait for the response to be delivered, and then click the new message.
Notice that the request was received, but is pending approval. Because the request is Out-of-Policy, it
has been forwarded to the delegate.
12. On the taskbar, click Internet Explorer.
13. In the address bar for the Internet Explorer browser, type https://van-ex1.adatum.com/owa, and
then press ENTER.
14. Log on as Adatum\Andreas using the password Pa$$w0rd.
15. If prompted for language and time zone settings, click OK to accept the default.
16. If necessary, click the Exchange Project Review item in the Inbox.
17. In the reading pane, click the check mark, and then click Send the response now.
18. In Outlook, verify that the request is now accepted by Room 100.
Task 4: Configure a distribution group for delegated management and moderation

1.
On VAN-EX1, in the Exchange Management Console, in the console tree, expand Recipient
Configuration, and then click Distribution Group.
2.
Right-click Executives, and then click Properties.
3.
In the Executives Properties window, click the Group Information tab.
4.
Under Managed by, click Add, click Conor Cunningham, and then click OK.
5.
Click the Membership Approval tab, and verify that group membership is closed.
6.
Click the Mail Flow Settings tab.
7.
Click Message Moderation, and then click Properties.
8.
Select the Messages sent to this group have to be approved by a moderator check box.
9.
In the Message Moderation window, under Specify group moderators, click Add, click Luca
Dellamore, and then click OK.
10. Under Specify senders who dont require message approval, click Add, click Executives, and then
click OK.
11. In the Message Moderation window, click OK.
12. In the Executives Properties window, click OK.
16
Task 5: Test moderation of a distribution group

1.
On VAN-CL1, in Outlook Web App, click New.
2.
In the Untitled Message window, enter the following information and then click Send.
To: Executives
Subject: New Public Folder
Body: The Executives public folder has been created for you.
3.
In the left pane, click Sent Items, right-click New Public Folder, and then click Open Delivery
Report.
4.
When prompted to allow the pop-up, click Yes.
5.
In the Delivery Report window, notice that the message has been sent to the moderator, and then
click Close.
6.
In Office Outlook, in the Inbox, click the Approval requested: New Public Folder message, and read
the contents.
7.
Click the New Public Folder message, and then click Approve.
8.
In Outlook Web App, right-click New Public Folder, and then click Open Delivery Report.
9.
When prompted to allow the pop-up, click Yes.
10. In the Delivery Report window, notice that the message has been delivered to both group members,
and then click Close.

following steps:
1.
2.
3.
4.
Repeat these steps for 10233B-VAN-EX1, 10233B-VAN-EX2, and 10233B-VAN-CL1. Close the virtual
machine connection windows
5.
6.
7.
8.
Lab Answer Key: Planning and Deploying Client Access Services in Microsoft Exchange Server 2010
Module 4
Lab Answer Key: Planning and Deploying Client Access
Services in Microsoft Exchange Server 2010
Contents
Module 4: Planning and Deploying Client Access Services in

Microsoft Exchange Server 2010
Lab: Planning and Deploying Client Access

Services in Exchange Server 2010

Question: In the Server Design Interview Notes document, what points are raised that
impact your Client Access server deployment plan, and why?
Answer:
A single server or component failure cannot be the cause of messaging system unavailability.
Multiple Client Access servers must be deployed in each site that has a deployed Mailbox server.
Microsoft Office Outlook 2003 is still in use throughout the organization. Public folders are
required to support free/busy schedule information and offline address book distribution.
Question: In the Requirements Interview Notes document, what points are raised that
impact your Client Access server deployment plan, and why?
Answer:
The sales team requires anywhere access to their email, most likely by using their cell phones.
Microsoft Exchange ActiveSync addresses this need.
Various examples cite unavailable messaging and subsequent business losses because of this
unavailability. High availability is important.
The requirements allow unencrypted traffic into the perimeter network from the Internet, but not
into the corporate network. The inner firewalls block unencrypted network traffic. When planning
Client Access protocols, consider using Secure Sockets Layer (SSL) to secure traffic.
Question: In the AD DS and Routing Interview Notes document, what points are raised
that impact your Client Access server deployment plan, and why?
Answer:
There is currently widespread use of Outlook Web App in Exchange Server 2003, so ensure that
Outlook Web App makes a positive impact on users.
Simple Mail Transfer Protocol (SMTP) traffic for the Adatum.com organization currently passes to
and from the Internet through the London site.
Hypertext Transfer Protocol/Secure (HTTPS) traffic is allowed through most firewalls. Configure
Client Access servers to use SSL for services.
Question: Is there anything in the Adatum_CurrentPerimeterDesign.vsd diagram that

raises Client Access server deployment issues? If so, what?
Answer:
Only the firewall in the San Diego site allows Post Office Protocol version 3 (POP3) inbound
network traffic.
Only the London and San Diego sites allow for inbound and outbound SMTP traffic.
Question: Is there anything in the Adatum_CurrentADSiteDesign.vsd diagram that raises

Client Access server deployment issues? If so, what?
Answer: Answers will vary, but there do not appear to be any issues that will impact Client
Access server deployment decisions.
Task 3: Update the A. Datum Client Access server deployment plan document

A Datum Client Access Server Deployment Plan
Document Author
Date
Jason Carlson
4th April 2010
Determine the number and placement of Client Access servers within the existing network
infrastructure.
Proposals
Question: With reference to the Adatum_CurrentADSiteDesign diagram, how many Client Access
servers do you propose to deploy in each site?
Answer: Deploy at least two in each site to address the high availability concerns raised in the
documentation.
Question: Do you have sufficient information from the documents reviewed so far, to determine
whether some sites require additional Client Access servers?
Answer: No. You also need information about the number of users connecting to the Client Access
servers. This information is provided in a supplemental document that you will review in the next
exercise.
Question: Based on the documentation you have reviewed, what client types must you support?
Answer: Messaging Application Programming Interface (MAPI), Microsoft Exchange ActiveSync,
POP3/SMTP, and Outlook Web App. Outlook Anywhere is not mentioned in this documentation.
(continued)
A Datum Client Access Server Deployment Plan
Question: Is it clear from the documentation that you have reviewed which sites support which
client types?
Answer: No. Additional information is supplied in the A. Datum User Distribution Summary
document that you will review in the next exercise.
Answer: Answers will vary, but might include:
Upgrading the Office Outlook 2003 clients to Outlook 2010 would mean that Public folders
are no longer required. Additionally, this would mean that free/busy information would be
provided to users more quickly.
Replacing POP3 clients with another client type would simply firewall configuration. By
using either Outlook Anywhere or Outlook Web App, only HTTPS traffic (already permitted)
would be configured through the firewalls.
Question: Which Client Access servers do you propose to make Internet-facing?
Answer: Answers will vary. There are two choices:
Deploy Internet-facing Client Access servers in one site, and rely on redirection and/or
proxying (depending on the client type) to enable clients to connect to the appropriate
Client Access server in other sites. With this approach, you only need to configure one
namespace, which simplifies certificate deployment. However, not all client types support
redirection and proxying. For example, POP3 clients do not support redirection and
proxying.
Deploy Internet-facing Client Access servers in each site, and provide users with the
necessary URLs for the servers in the site that hosts their mailboxes. This means you must
obtain a certificate for each Client Access server, or else use a certificate that supports
multiple host names.
Question: How will you configure Autodiscover to support your Client Access server model?
Answer: Register a server connection point for each Client Access server on the Active Directory
site. This server connection point is the fully qualified domain name (FQDN) of the server that hosts
the role and is used by domain-joined computers to locate the Autodiscover service. Domaindisjoined computers use Domain Name System (DNS) to locate the Autodiscover service. Consider
modifying both these values (the server connector point and the DNS records) to match.
Note
Results: After this exercise, you should have completed the A. Datum Client Access server deployment
plan document.

Review the contents of the following documents:
A Datum User Distribution Summary.doc

Question: In the Policy Requirements document, what points are raised that impact your
Client Access server deployment plan, and why?
Answer: Mobile messaging will be very importantas far as executives are concerned, this is
principle reason for upgrading to Exchange Server 2010.
Security issues:
All users who access email on the Exchange server must be required to have an alphanumeric
password that is at least six characters long.
Users who want to download attachments to the device must have encryption enabled on the
device, and the device must be configured to lock after five failed logon attempts.
Exchange administrators must be able to remotely wipe any mobile devices.
All executives and managers must be able to download attachments to their mobile devices.
Other users do not require this functionality.
The Exchange administrators do not want to be involved every time a user gets a new mobile
device, but they also do not want users to have many mobile devices associated with their
mailboxes.
Question: In the A. Datum User Distribution Summary document, what points are raised
that impact your Client Access server deployment plan, and why?
Answer:
The number of internal users at each location will affect the number of required Client Access
servers.
There are a mix of remote client types at many locations, including Outlook Web App users,
Outlook Anywhere users, Office Outlook (over a virtual private network (VPN)) users, POP3 users,
and Exchange ActiveSync users.
Placement of Internet-facing Client Access servers in various sites raises the issue of the
namespace that you will use.
Using multiple Internet-facing Client Access servers means that you must carefully plan the
external URLs used on certificates. Certificates must support multiple computer names.
Task 3: Update the A. Datum Client Access server configuration document

Document Author
Date
Jason Carlson
4th April 2010
Determine the feature configuration for Client Access servers in the A Datum Exchange Server 2010
upgrade.
Proposals
Question: Based on the information in the A. Datum User Distribution Summary document, do you
envisage deploying additional Client Access servers in any sites?
Answer: Answers will vary. However, London, Toronto, and Tokyo have large numbers of users.
Two Client Access servers are probably insufficient to support timely connections to user mailboxes
and features.
Question: Which features must you enable on the Client Access servers to support the current
client-types?
Answer: Enable MAPI, Exchange ActiveSync, POP3/SMTP, Outlook Web App, and Outlook
Anywhere.
Question: Which client protocols must you enable through the firewalls?
Answer: Enable HTTPS, POP3, and SMTP.
Question: What would you do to address the security concerns raised regarding mobile clients?
Answer: Configure the following settings in Exchange ActiveSync:
At the organizational level, configure two Exchange ActiveSync Mailbox policies, one for Managers
and Executives, and one for everyone else. Configure both with the following security settings:
Require passwords
Require minimum password length of 6
Require encryption on storage card
Require encryption on device
Disallow simple password
Restrict number of failed attempts to 5
To support attachment downloads for executives and managers only, in Sync Settings, configure
the Allow attachments to be downloaded to device only for the Managers and Executives
policy.
Use Exchange Management Shell to assign the appropriate Exchange ActiveSync Mailbox policy to
the appropriate users.
(continued)
Question: To support the other client types, what other configuration changes must you make?
Answer: You must:
Configure the external URLs for services that you want to make available across the
Internet. For example, to support Exchange ActiveSync, configure the external URL value on
servers providing this feature.
Start the POP3 service on Client Access servers that provide this service.
Configure a SMTP connector to support remote client relaying. Typically, you do this on the
Hub Transport server role, and then publish using a reverse proxy such as a Microsoft
Internet Security and Acceleration (ISA) Server.
Configure the required authentication settings on all services. For example, Outlook Web
App uses forms-based authentication by default.
Obtain and install the required certificates to enable SSL.
Answer: Aside from those mentioned already, you should migrate Office Outlook users that
implement a connection over a VPN to Outlook Anywhere. This avoids the need for VPNs.
Note
Results: After this exercise, you should have completed the A. Datum Client Access server configuration
document.

Task 1: Verify the Exchange ActiveSync virtual directory configuration
1.
On VAN-EX2, click Start, point to All Programs, point to Microsoft Exchange Server 2010, and
then click Exchange Management Console.
2.
In the Exchange Management Console, expand Microsoft Exchange On-Premises, expand Server
Configuration, and then click Client Access.
3.
In the result pane, click VAN-EX2, and then in the work pane, click the Exchange ActiveSync tab.
4.
Right-click Microsoft-Server-ActiveSync (Default Web Site), and then click Properties.
5.
Review the information on the General tab.
6.
Click the Authentication tab. Notice that Basic authentication is enabled. This is acceptable, because
SSL will be used to secure the credentials in transit.
7.
Click OK.
Task 2: Create a new Exchange ActiveSync mailbox policy

1.
On VAN-EX2, in Exchange Management Console, in the console tree, expand Organization

Configuration, and then click Client Access.
2.
In the Actions pane, click New Exchange ActiveSync Mailbox Policy.
3.
In the Mailbox policy name box, type Executive Policy.
4.
Select the Allow non-provisionable devices check box. Confirm that the Allow attachments to be
downloaded to device option is selected.
5.
Select the Require password check box.
6.
Select the Enable password recovery check box. This will enable users to recover their Windows
Mobile password through the Exchange Control Panel.
7.
Select the Require encryption on device check box.
8.
Clear the Allow simple password check box.
9.
Select the Minimum password length check box, and then in the Minimum password length box,
type 6.
10. Click New to create the mobile mailbox policy.

11. Read the completion summary, and then click Finish.
12. Right-click Executive Policy, and then click Properties.
13. Click the Password tab, and then select the Require encryption on storage card check box.
14. Select the Number of failed attempts allowed check box, and then in the Number of failed
attempts allowed box, type 5.
15. On the Sync Settings tab, review the configuration options.
16. On the Device tab, review the configuration options.
17. On the Device Applications tab, review the configuration options. To implement these settings, you
must have an Enterprise Client Access License for each mailbox.
18. On the Other tab, review the options for allowing or blocking specific applications, and then click OK.
19. Close Exchange Management Console.

20. Click Start, point to All Programs, point to Microsoft Exchange Server 2010, and then click
Exchange Management Shell.
21. In the Exchange Management Shell, type the following command, and then press Enter.
Get-Mailbox -OrganizationalUnit Executives | Set-CASMailbox
-activesyncmailboxpolicy "Executive Policy"
22. Close the Exchange Management Shell.
Task 3: Configure Exchange ActiveSync settings from the Exchange Control Panel
(ECP)
1.
Click Start, point to All Programs, and then click Internet Explorer.
2.
In the address bar, type https://van-ex2.adatum.com/ecp and then press Enter.
3.
On the Outlook Web App webpage, in the Domain\user name box, type adatum\administrator.
4.
In the Password box, type Pa$$w0rd and then click Sign in.
5.
In the Exchange Control Panel, in the navigation pane on the left, click Phone & Voice.
6.
In the center pane, click ActiveSync Device Policy.
7.
In the results pane, click Executive Policy and then click Details.
8.
In the Executive Policy dialog box, expand Device Security. Review the settings.
9.
Expand Sync Settings. Review the settings.
10. Expand Device Settings. Notice that text messaging is allowed. Click Cancel.
11. In the center pane, click ActiveSync Access.
12. Under Device Access Rules, click New.
13. In the New Device Access Rule dialog box, under Device family, click Browse.
14. Select All families and click OK.
15. Under When devices of the selected family or model try to connect, click Quarantine Let me
decide to block or allow later, and then click Save.
16. In the Error dialog box, click Close. There are currently no devices in use in the Adatum organization.
Click Cancel.
17. Close Internet Explorer.
Results: After this exercise, you should have deployed and configured Exchange ActiveSync for members
of the Executives group.
10

steps:
1.
2.
3.
4.
Repeat these steps for 10233B-VAN-EX1, and 10233B-VAN-EX2. Close the virtual machine connection
windows.
5.
6.
7.
Wait for 10233B-VAN-DC1 to start, and then start 10223A-VAN-EX1. Connect to the virtual
machine.
8.
Wait for 10233B-VAN-EX1 to start, and then start 10223A-VAN-EX2. Connect to the virtual machine.
9.
Wait for 10233B-VAN-EX2 to start, and then start 10223A-VAN-EDG. Connect to the virtual
machine.
Lab Answer Key: Planning and Deploying Message Transport in Microsoft Exchange Server 2010
Module 5
Lab Answer Key: Planning and Deploying Message Transport
in Microsoft Exchange Server 2010
Contents
Module 5: Planning and Deploying Message Transport in

Microsoft Exchange Server 2010
Lab: Planning and Deploying Message

Transport in Exchange Server 2010
Adatum_Info.vsd
Task 2: Modify the A. Datum current AD DS site design diagram with proposed
1.
Use callouts in the following diagram to document proposed changes to the site design. For each
proposed change, provide:
2.
Indicate which server roles need to be deployed in each AD DS site.
3.
Document message flow within the organization. Document the changes that you will need to make
to the AD DS configuration to enable optimal message flow.
Note
Results: After this exercise, you should have successfully modified the A. Datum AD DS site design.

Adatum_Info.vsd
Task 2: Modify the A. Datum current perimeter design diagram with proposed
1.
Use callouts in the following diagram to document proposed changes to the perimeter design. For
each proposed change, provide:
2.
Indicate whether you need to deploy any additional server roles in each AD DS site.
3.
Indicate the required firewall changes to meet your design requirements.
4.
Indicate any other infrastructure changes that you must implement to meet your design
requirements.
5.
For each company location, document how messages are delivered to the Internet, and how inbound
messages are delivered to internal recipients.
Note
Results: After this exercise, you should have successfully designed the A. Datum messaging perimeter.

Task 1: Discuss as a class, and then answer the following questions
Question: What changes did you make to the AD DS site configuration and the
organizations message routing?
Answer: Answers should include:
The current site link setting will create very inefficient message routing. By default, the
DefaultIPSiteLink site link has a cost of 100, which means that all messages will be routed directly
to the site with the closest proximity. To use the network connections with the highest bandwidth
and ensure that messages are queued outside the main offices if a destination server is
unavailable, you must make the following changes:
The LondonSite to SanDiegoSite connection must have a higher cost than the LondonSiteVancouverSite-SanDiegoSite connection.
The LondonSite to ChennaiSite connection must have a higher cost than the LondonSiteTokyoSite-ChennaiSite connection.
The VancouverSite to TokyoSite connection must have a higher cost than the VancouverSiteLondonSite-TokyoSite connection.
You must create new site links to implement these changes. At a minimum, you will need new
three new site links:
LondonSite to SanDiegoSite
LondonSite to ChennaiSite
VancouverSite to TokyoSite
The cost for the new site links must be 201 or higher, or the routes Exchange cost must be
assigned at 201 or higher.
You should merge LondonSite and LondonSite2 to address the issues of messages remaining in
the categorizer queue, and with the global address list (GAL) lookups for clients. This enables the
LondonSite clients to access the global catalog server in the LondonSite2 location, and does not
require deployment of an additional domain controller.
You must deploy at least one Mailbox server role, one Hub Transport server role, and one Client
Access server role in each site.
Recommendation: Retain the domain controller in Chennai, and build the secure server room. If
this is not done, the users in Chennai will have a very poor experience, as the logon process and
access to any email services will be very slow. As an alternative, you could propose upgrading the
network connection between Chennai and London, or between Chennai and Tokyo.
Question: If your recommended changes are implemented, how will messages flow between
the AD DS sites? Where will messages be queued in the event of a server or network
connection failure?
Answer: Message routing will flow as follows:
From San Diego: San Diego-Vancouver-London-Tokyo-Chennai
From Vancouver: Vancouver-London-Tokyo-Chennai, and Vancouver-San Diego
From London: London-Tokyo-Chennai, and London-Vancouver-San Diego
From Tokyo: Tokyo-London-Vancouver-San Diego, and Tokyo-Chennai
From Chennai: Chennai-Tokyo-London-Vancouver-San Diego

In each case, the messages are queued on an available Hub Transport server in the Active
Directory site that is closest to the destination site.
Question: How did you design message routing to the Internet?

Answer: To save network bandwidth and to decrease the messages queued on the Hub
Transport server in London, install an Edge Transport server in Vancouver and in Tokyo, and
enable inbound and outbound SMTP traffic. You can save additional bandwidth by
deploying Edge Transport servers in San Diego and Chennai as well, but the network
administrators are hesitant to open more ports, so the two requirements will need to be
balanced. For outbound email, the Edge Transport server could be configured to send email
to the Internet through the local Internet connection in each location.
To ensure that inbound messages are distributed evenly between the three Edge Transport
servers, you should create three mail exchanger (MX) resource records in the Adatum.com
zone with equal priorities. One MX record should be created for the TreyResearch.net
domain, and should use the Edge Transport server in Vancouver.
Question: What conflicting requirements were presented in the scenario? How did you
resolve conflicting requirements?
Answer: Conflict may result from resistance to changing the AD DS structure. If this arises,
emphasize the fact that creating the additional site links is the only way to meet message
routing requirements. Thus, you either have to change the requirements, or modify the AD
DS structure. Suggest that if you do not change the AD DS site link costs, AD DS replication
remains unaffected. You can still control message flow by configuring Exchange costs to the
site links.
The requirement for creating a positive experience for Microsoft Outlook Web App users
conflicts with the network administrators requirement to reduce firewall changes.
In particular, this will create a problem in Chennai. If Outlook Web App users connect to a
Client Access server in Tokyo or London, the Client Access server will proxy the client request
to the Client Access server in Chennai across a very slow network connection. To resolve this
issue, you can:
Enable Internet access to the Client Access server in Chennai.
Move the mailboxes for Outlook Web App users from Chennai to London or Tokyo.
Significantly increase the bandwidth between Tokyo and Chennai, or between London and
Chennai.
Question: What additional information should you consider when designing message
routing in this scenario?
Answer: In a real-world scenario, an important additional piece of information that you need
is how many messages are sent between company locations. This may affect the design, and
in particular, this information may help to resolve some of the conflicting requirements.
Results: After this exercise, you should have successfully improved on the A. Datum AD DS and message
routing design.

Task 1: Determine the current organizational settings
1.
On VAN-EX1, click Start, point to All Programs, click Microsoft Exchange Server 2010, and then
click Exchange Management Console.
2.
In the navigation tree, expand Microsoft Exchange On-Premises, expand Organization

Configuration, click Hub Transport, and in the results pane, click the Send Connectors tab.
Question: Have any connectors been configured?
Answer: No
3.
Click the Edge Subscriptions tab.

Question: Has an Edge Subscription been defined?
Answer: No
Task 2: Examine the current routing topology

1.
In Exchange Management Console, click Toolbox, and then double-click Routing Log Viewer.
2.
In Routing Log Viewer, click the File menu, and then click Open log file.
3.
In the Open Routing Table Log File dialog box, click Browse server files.
4.
In the Open dialog box, double-click the most recently created file in the list.
5.
In Routing Log Viewer, on the Active Directory Sites & Routing Groups tab, expand Active
Directory sites.
6.
Expand Default-First-Site-Name.
Answer: No
7.
Expand Servers.
8.
Under Servers, click the VAN-EX1.Adatum.com link.

Question: What is the AD DS cost of the link to VAN-EX1.Adatum.com?
Answer: 0
9.
Click the Send Connectors tab.
10. Expand Delivery agent connectors.

Question: What Send Connectors are listed?
Answer: The following Send Connector is listed: Text Messaging Delivery Agent Connector.
11. Click the Address Spaces tab.
12. Expand OTHER.
Question: What Address Spaces are listed?
Answer: The following Address Space is listed: MOBILE:*
13. Close Routing Log Viewer.
Task 3: Add a new accepted domain

1.
In Exchange Management Console, and in the navigation pane, click Organization Configuration.
2.
In Organization Configuration, click Hub Transport, and in the results pane, click the Accepted
Domains tab.
3.
In the Actions pane, click New Accepted Domain.
4.
In the New Accepted Domain Wizard, in the Name box, type Contoso.
5.
In the Accepted Domain box, type Contoso.com.
6.
Click External Relay Domain, and then click New.
7.
Task 4: Configure a send connector to support the new accepted domain

1.
In the Actions pane, click New Send Connector.
2.
In the New Send Connector Wizard, in the Name box, type Contoso Connector.
3.
In the Select the intended use for this Send Connector list, click Partner, and then click Next.
4.
On the Address space page, click Add.
5.
In the SMTP Address Space dialog box, in the Address box, type Contoso.com.
6.
Select the Include all subdomains check box, in the Cost box, type 10, and then click OK.
7.
On the Address space page, click Next.
8.
On the Network settings page, click Next.
9.
On the Source Server page, click Next.
10. On the New Connector page, click New.

11. Click Finish.
Task 5: Update the default site configuration with Exchange Server-specific values
1.
Management Shell.
2.
At the Shell, type the following command, and then press Enter:
set-AdSite id Default-First-Site-Name HubSiteEnabled $true
3.
At the Shell, type the following command, and then press Enter:
set-AdSiteLink id DEFAULTIPSITELINK ExchangeCost 25
4.
Close the shell.
Task 6: Add an Edge subscription

1.
Switch to VAN-EDG.
2.
Management Shell.
10
3.
At the Exchange Management Shell, type the following command, and then press Enter:
new-edgesubscription filename C:\EdgeSubscriptionExport.xml
4.
When prompted, type Y, and then press Enter.
5.
At the Exchange Management Shell, type the following command, and then press Enter:
copy c:\EdgeSubscriptionExport.xml \\VAN-EX1\c$
6.
Switch to the VAN-EX1 server.
7.
In the Exchange Management Console, in the Actions pane, click New Edge Subscription.
8.
In the New Edge Subscription Wizard, on the New Edge Subscription page, adjacent to the Active
Directory site box, click Browse.
9.
In the Select Active Directory Site dialog box, double-click Default-First-Site-Name.
10. On the New Edge Subscription page, adjacent to the Subscription file box, click Browse.
11. In the File name box, type C:\EdgeSubscriptionExport.xml, and then click Open.
12. On the New Edge Subscription page, click New.
13. When prompted, click Finish.
Note
You may receive a warning. This is expected.
Task 7: Review the updated topology

1.
In Exchange Management Console, click Toolbox, and then double-click Routing Log Viewer.
2.
In Routing Log Viewer, click the File menu, and then click Open log file.
3.
In the Open Routing Table Log File dialog box, click Browse server files.
4.
In the Open dialog box, double-click the most recent file in the list.
5.
In Routing Log Viewer, on the Active Directory Sites & Routing Groups tab, expand Active
Directory sites.
6.
Expand Default-First-Site-Name.
Answer: Yes.
7.
Click the Send Connectors tab.
8.
Expand SMTP connectors.

Question: What SMTP Send Connectors are listed?
Answer: The following Send Connectors are listed:
9.
Contoso Connector
EdgeSync Default-First-Site-Name to Internet
EdgeSync Inbound to Default-First-Site-Name.
Click the Address Spaces tab.
11
10. Expand SMTP.

Question: What SMTP Address Spaces are listed?
Answer: *; --; *.contoso.com.
11. Expand *.contoso.com, expand Connectors, and then expand Contoso Connector.
Question: What is the connector cost for the Contoso Connector?
Answer: 10
12. Close the Routing Log Viewer.
Results: After this exercise, you should have modified the message routing topology.

following steps:
1.
2.
3.
4.
Repeat these steps for 10233B-VAN-EX1, 10233B-VAN-EX2, and 10233B-VAN-EDG. Close the virtual
5.
6.
7.
Wait for 10233B-VAN-DC1 to start, and then start 10233B-VAN-EX1. Connect to the virtual
machine.
8.
Lab Answer Key: Planning and Deploying Messaging Security
Module 6
Contents
Module 6: Planning and Deploying Messaging Security
Lab: Planning and Deploying Messaging

Security
Review the contents of the Message Security Requirements section in the Security Requirements.doc.
message security plan
Complete the relevant section of the following document. In the document, provide:

Document Author
Date
Jason Carlson
12th March 2010

Component type
Hub Transport rule
Adds a disclaimer to all messages sent to the Internet.

Apply to all users, and then configure an exception for members of the
Sales team.
Hub Transport rule
Adds a disclaimer to all messages sent to the Internet.

Apply to members of the Sales team.
Hub Transport rule
Block all messages with a Company Internal classification from being sent
to the Internet.
Send a response to users indicating they are not allowed to send messages
with this classification to the Internet.
Classification
Create a new classification named Strategic Acquisitions.
Hub Transport rule
Block messages with a classification of Strategic Acquisitions from being

sent to any user not on the Strategic Acquisitions team.
(continued)
Component type
SMTP Send and

Receive connectors
Install a certificate trusted by Contoso Simple Mail Transfer Protocol (SMTP)

servers on the Edge Transport server that will be used to send and receive
email from Contoso, Ltd.
Configure a Receive connector that will accept connections only from the
Contoso SMTP servers IP address.
Configure a Send connector that will use the Contosos SMTP servers as a
smart host.
Configure an address space on the SMTP Send connector of Contoso.com.
Configure inbound and outbound Domain Security.
SMTP Send and

Receive connectors
Configure a Receive connector that will accept connections only from the
Brussels law firms SMTP servers IP address.
Configure a Send connector that will use the law firms SMTP server as a
smart host.
Configure an address space on the SMTP Send connector that matches the
domain name of the law firm.
Configure the security on the Send and Receive connector as externally
secured.
S/MIME
configuration for
Office Outlook
Install an Enterprise certification authority (CA) on a Windows Server

2008. Configure the CA as a subordinate server to a commercial CA by
obtaining a subordinate CA certificate.
Configure an Active Directory Group Policy object that will assign a
certificate to all users in the Active Directory forest.
Provide instructions for users to configure Secure/Multipurpose Internet
Mail Extensions (S/MIME) in Office Outlook.
Additional notes
Note

Note
Question: How did you address the need to exchange secure email between A. Datum
Corporation and Contoso, Ltd.?
Answer: The design calls for the Domain Security solution to ensure that all email messages
are encrypted and connections are authenticated.
Question: Does your organization have a requirement for the Domain Security solution?
What barriers will there be to adopting this solution?
Answer: The Domain Security solution requires that you negotiate with the partner
organization to ensure that their Exchange Servers also are configured to support Domain
Security. This may be an issue in some organizations.
Results: After this exercise, you should have successfully designed message security for A Datum.

Review the contents of the Virus and Spam Filtering Requirements in the Security Requirements.doc.
antivirus and anti-spam solution
Complete both the Anti-Spam and Antivirus Solution Components section of the following
document. In the document, provide:

Document Author
Date
Jason Carlson
12th March 2010

Component type
Anti-spam software
Must be installed on each Edge Transport server that will accept incoming
email from the Internet.
IP Allow List provider
Configure the IP Allow List setting on the Edge Transport server to use the
IP Allow List provider.
IP Block List provider
Configure the IP Block List setting on the Edge Transport server to use the
IP Block List providers.
SMTP connectors
The messages from Contoso, Ltd will not be scanned for spam, because the
messages are Domain Secured. The messages from the law firm will not be
scanned for spam, because the messages will be treated as authenticated.
Content filter and

quarantine mailbox
In order to implement content filtering, but still ensure that not too many
false positives are filtered, configure a content filtering Quarantine mailbox,
and then regularly monitor the Quarantine mailbox for false positives.
Modify the content filter as required to reduce false positives.
Sender ID filtering
In order to reduce the number of messages with spoofed addresses, enable

Sender ID filtering. Configure the filter to mark all messages that do not
pass the Sender ID filter. Most of these messages will then be filtered by the
content filter.
Safelist aggregation
Implement edge synchronization between the Edge Transport server and

the Active Directory sites where inbound messages will be allowed. Then
implement safelist aggregation for all user mailboxes in the organization.
Blocked recipient lists Add the SMTP addresses for all distribution lists with more than 200
members to the blocked recipients list on the Edge Transport servers.
Note: You can also configure the distribution list properties to accept
messages from only authenticated users.
(continued)
Antivirus Solution Components
Component type
Antivirus software
Must be installed on each Edge Transport server that will accept incoming
email from the Internet, and on each Hub Transport server in the
organization.
Antivirus software
Must be installed on each client computer in the organization.
Antivirus stamping
The Hub Transport servers in the organization should be configured to not

scan any messages that have a valid antivirus stamp.
Edge Transport servers should scan all outbound and inbound messages,
whether the message has a valid antivirus stamp or not.
Antivirus update
Configure to automatically update the antivirus files on the Hub Transport

servers daily, and to update the antivirus files on the Edge Transport servers
every six hours.
On the Hub Transport servers, configure an alert if the files have not been
updated for two days. On the Edge Transport servers, configure an alert if
the files have not been updated for 12 hours.
Additional notes
Note

Note
Question: How did you design the antivirus and anti-spam solution for A. Datum
Corporation? How does this compare to the solution you would implement for your
organization?
Answer: Organizations will have varying requirements for designing the antivirus and antispam solutions.
Results: After this exercise, you should have successfully designed an antivirus and anti-spam strategy for
A Datum.

Task 1: Create a new certificate template
1.
On VAN-DC1, click Start, in the Search box, type mmc, and then press Enter.
2.
On the File menu, click Add/Remove Snap-in.
3.
In the Add or Remove Snap-ins dialog box, in the Available snap-ins list, double-click Certificate
Templates, and then click OK.
4.
In the console tree, click Certificate Templates.
5.
In the details pane, right-click the User template, and then click Duplicate Template.
6.
In the Duplicate Template dialog box, click Windows Server 2003 Enterprise, and then click OK.
7.
In Properties of New Template dialog box, on the General tab, in the Template display name box,
type S/MIME Certificate.
8.
Click the Security tab.
9.
In the Group or user names list, click Domain Users (ADATUM\Domain Users).
10. In Permissions for Domain Users, under Allow, select the Enroll and Autoenroll check boxes, and
then click OK.
11. Close Console1, and do not save changes.
Task 2: Import the certificate template

1.
Click Start, point to Administrative Tools, and then click Certification Authority.
2.
In certsrv [Certification Authority (Local)], expand AdatumCA, and then click Certificate
Templates.
3.
Right-click Certificate Templates, point to New, and then click Certificate Template to Issue.
4.
In the Enable Certificate Templates dialog box, in the Name list, double-click S/MIME Certificate.
5.
Close certsrv [Certification Authority (Local)].
Task 3: Configure user certificate auto-enrollment

1.
Click Start, point to Administrative Tools, and then click Group Policy Management.
2.
If necessary, expand Forest: Adatum.com, expand Domains, expand Adatum.com, and then click
Default Domain Policy. Click OK to close the Group Policy Management Console prompt.
3.
Right-click Default Domain Policy, and then click Edit.
4.
In Group Policy Management Editor, expand User Configuration, expand Policies, expand Windows
Settings, expand Security Settings, and then click Public Key Policies.
5.
In the Object Type list, double-click Certificate Services Client Auto-Enrollment.
6.
In the Certificate Services Client Auto-Enrollment Properties dialog box, in the Configuration
Model list, click Enabled.
7.
In the Certificate Services Client Auto-Enrollment Properties dialog box, select both the Renew
expired certificates, update pending certificates, and remove revoked certificates and the
Update certificates that use certificate templates check boxes, and then click OK.
8.
Close Group Policy Management Editor, and then close Group Policy Management.
Task 4: Update the group policy on VAN-CL1

1.
Switch to VAN-CL1.
2.
Click Start, in the Search box, type cmd, and then press Enter.
3.
At the command prompt, type gpupdate /force, and then press Enter.
4.
Close the command prompt.
5.
Log off VAN-CL1.
Task 5: Verify the presence of the certificate for Scott

1.
User name: Scott
Password: Pa$$w0rd
Domain: Adatum
2.
Click Start, in the Search box, type mmc, and then press Enter.
3.
4.
In the Add or Remove Snap-ins dialog box, in the Available snap-ins list, double-click Certificates,
and then click OK.
5.
In the console tree, expand Certificate Current User, expand Personal, and then click Certificates.
6.
Verify the presence of a certificate based on the Secure/Multipurpose Internet Mail Extensions
(S/MIME) Certificate template, and then close Console1. Do not save settings.
Task 6: Configure Outlook for Scott

1.
2.
In the Outlook 2010 Startup Wizard, click Next.
3.
On the Email Accounts page, click Yes, and then click Next.
4.
On the Auto Account Setup page, click Next.
5.
When prompted, click Finish.
6.
In User Name dialog box, click OK.
7.
In the Welcome to the Microsoft Office 2010 wizard, click Dont make changes and then click OK.
8.
Close Microsoft Outlook.
9.
Log off.
Task 7: Verify the presence of the certificate for Marcel

1.
User name: Marcel
Password: Pa$$w0rd
Domain: Adatum
2.
Click Start, in the Search box, type mmc, and then press Enter.
3.
4.
In the Add or Remove Snap-ins dialog box, in the Available snap-ins list, double-click Certificates,
and then click OK.
5.
In the console tree, expand Certificate Current User, expand Personal, and then click Certificates.
6.
Verify the presence of a certificate based on the S/MIME Certificate template, and then close
Console1. Do not save settings.
Task 8: Configure Outlook for Marcel

1.
2.
In the Outlook 2010 Startup Wizard, click Next.
3.
On the E-mail Accounts page, click Yes, and then click Next.
4.
On the Auto Account Setup page, click Next.
5.
When prompted, click Finish.
6.
In User Name dialog box, click OK.
7.
In the Welcome to the Microsoft Office 2010 wizard, click Dont make changes and then click OK.
Task 9: Send a signed and sealed message to Scott

1.
Click New E-mail.
2.
In the Untitled Message (HTML) dialog box, in the To box, type Scott, and then press the CTRL+K
keys.
3.
In the Subject box, type S/MIME Test.
4.
Click the Options tab.
5.
On the ribbon, expand More Options.
6.
In the Properties dialog box, click Security Settings.
7.
In the Security Properties dialog box, select the following check boxes, and then click OK:
Encrypt message contents and attachments
Add a digital signature to this message
Request S/MIME receipt for this message
8.
In the Properties dialog box, click Close, and then click Send.
9.
Close Microsoft Outlook.
10. Log off.
10
Task 10: Verify receipt of the secured message

1.
User name: Scott
Password: Pa$$w0rd
Domain: Adatum
2.
3.
Double-click the new message called S/MIME Test.
4.
In the message, click the padlock symbol. Read the information, and then click Close.
5.
In the message, click the symbol next to the padlock symbol. Read the information, and then click
Close.
Results: After this exercise, you should have successfully implemented some aspects of the messaging
security design for A Datum.

following steps:
1.
2.
3.
4.
Repeat these steps for 10233B-VAN-EX1 and 10233B-VAN-CL1. Close the virtual machine connection
windows.
5.
6.
7.
Lab Answer Key: Planning and Deploying Messaging Compliance
Module 7
Lab Answer Key: Planning and Deploying Messaging
Compliance
Contents:
Module 7: Planning and Deploying Messaging Compliance
Lab: Planning and Deploying Messaging

Compliance
Review the points related to message transport in the Exercise 1 scenario.
Task 2: Document the required configuration for message transport

A. Datum Message Transport Plan
Document Author
Date
Jason Carlson
15th Apr 2010
Determine how you will manage message transport.
Proposals
Question: Are transport rules required? If so, how should you configure them?
Answer: Yes. Four transport rules are required.
The first transport rule applies to Internet-delivered messages for the Sales group, and adds a
disclaimer to each email message.
The second transport rule applies to Internet-delivered messages for everyone except the Sales
group, and adds a disclaimer to each email message. An exception excludes members of the Sales
group.
The third transport rule applies to Internet-delivered messages with the Company Internal
classification, and blocks these messages.
The fourth transport rule applies to messages classified as Acquisitions Confidential. Exchange
Server blocks these messages if they are addressed to anyone other than the Strategic Acquisitions
team.
Question: Is message moderation required? If so, how should you configure it?
Answer: No. There are no requirements that indicate a need for message moderation.
Question: Are message classifications required? If so, how should you configure them?
Answer: Yes. You must create two classifications: Company Internal, and Strategic Acquisitions.
Note
Results: After this exercise, you should have created a message transport plan.


Note
Question: In the Message Compliance Interview, what points are raised that impact your message
journaling and archiving plan?
Answer:
You must create personal archives to replace personal folders (PST) files.
Auditors must be able to prevent specific users from deleting messages and must be able to review
the saved messages for those users.
Auditors need to monitor and review messages sent to the Executives group.
Task 3: Document the required configuration for journaling and archiving

Document Author
Date
Jason Carlson
15th Apr 2010
Determine how you will configure journaling and archiving.
Proposals
Question: Are personal archives required?
Answer: Yes. That is an explicit requirement.
Question: Should you remove PST files?
Answer: Yes. PST files are a management problem. You should prevent users from creating new
PST files, and you should provide them with instructions about how to move the content from PST
files to personal archives.
Question: How can users access personal archives? Does this affect which users will receive
personal archives usage?
Answer: Users can access personal archives by using the Microsoft Office Outlook 2010
messaging client, Office Outlook 2007, or Microsoft Outlook Web App. You may want to enable
personal archives only after users upgrade to a version of Outlook that supports personal archives.
(continued)
Question: Is journaling required? If so, how should you configure it?
Answer: Yes. The Executives group requires journaling. You can create a journal rule for messages
sent to this group.
Question: How can you prevent users from deleting messages?
Answer: Enable mailboxes with litigation holds to prevent the mailbox owners from deleting
messages.
Question: Can auditors prevent users from deleting messages?
Answer: Yes. You can assign auditors to the Legal Hold management role. The auditors can then
enable a litigation hold on a mailbox-by-mailbox basis.
Note
Results: After this exercise, you should have created a journaling and archiving plan.


Note
Question: In the Message Compliance Interview, what points are raised that impact your MRM plan?
Answer:
Archiving should affect only Exchange Server 2010 mailboxes.
Archive all messages after one year.
Archive deleted items after 30 days.
Allow users to mark individual items not to be archived.
Task 3: Document the required MRM configuration

A. Datum Messaging Records Management Plan
Document Author
Date
Jason Carlson
15th Apr 2010
Determine how you will implement MRM.
Proposals
Question: Will you use managed folder policies for MRM? If so, how should you configure them?
Answer: No, you will not use managed folder policies, because there are no requirements for them.
Managed folder policies cannot archive messages.
Question: Will you use retention policies for MRM? If so, how should you configure them?
Answer: Yes, you will use retention policies, because you can meet all of the requirements by using
them. The retention policies apply if a mailbox is on Exchange Server 2010.
Create one retention policy, in which the:
Default policy tag archives messages after one year.
Archive policy tag removes deleted items after 30 days.
Personal tag allows items to not be archived.
Apply the retention policy to all mailboxes on the Exchange Server 2010 Mailbox servers.
Note
Results: After this exercise, you should have created an MRM plan.

Task 1: Prevent Company Internal classification messages from being sent to the
Internet
1.
click Exchange Management Shell.
2.
New-MessageClassification -name Company Internal DisplayName Company Internal
-DisplayPrecedence Highest -RetainClassificationEnabled $true
-SenderDescription This message is for internal distribution only; it will not be
forwarded on to the Internet
3.
New-SystemMessage DsnCode 5.7.999 Text Internal recipients only
Internal $True Language En
4.
Management Console.
5.
Expand Microsoft Exchange On-Premises (van-ex1.adatum.com), and then expand Organization

Configuration.
6.
Click the Hub Transport node, and then, in the Actions pane, click New Transport Rule.
7.
In the New Transport Rule Wizard, on the Introduction page, in the Name box, type Company
Internal Rule, and then click Next.
8.
On the Conditions page, in the Step 1: Select condition(s) list, select the sent to users that are
inside or outside the organization, or partners check box.
9.
In the Step 2: Edit the rule description by clicking an underlined value box, click Inside the
organization.
10. In the Scope list, click Outside the organization, and then click OK.
11. In the Step 1: Select condition(s) list, select the marked with classification check box.
12. In the Step 2: Edit the rule description by clicking an underlined value box, click classification.
13. In the Select message classification window, click Company Internal, and then click OK.
15. On the Actions page, in the Step 1: Select actions list, select the send rejection message to sender
with enhanced status code check box.
16. In the Step 2: Edit the rule description by clicking an underlined value box, click rejection
message.
17. In the Specify rejection message dialog box, in the Bounce message box, type Messages
classified as Company Internal cannot be sent to the Internet, and then click OK.
18. In the Step 2: Edit the rule description by clicking an underlined value box, click enhanced
status code.
19. In the Specify Enhanced Status Code dialog box, in the text box, type 5.7.999, and then click OK.
20. On the Actions page, click Next.

21. On the Exceptions page, click Next.
22. On the Create Rule page, click New.
Task 2: Test the classification rules

1.
On VAN-EX1, click Start, point to All Programs and then click Internet Explorer.
2.
In the address bar for the Microsoft Internet Explorer browser, type
https://van-ex1.adatum.com/owa, and then press ENTER.
3.
Click This is a private computer.
4.
In the Domain\user name box, type adatum\paul.
5.
In the Password box, type Pa$$w0rd, and then click Sign in.
6.
On the Language page, click OK.
7.
In Outlook Web App, click New.
8.
In the To box, type bill@contoso.com.
9.
In the Subject box, type Company financial results.
10. In the menu bar, click the Permission button, and then click Company Internal.
11. Click Send.
12. After a moment, click the new message.
Question: Was the delivery successful?
Answer: No.
13. Scroll through the message.
Question: What error do you see?
Answer: #550 5.7.999 Messages classified as Company Internal cannot be sent to the Internet # #
Task 3: Enable personal archives for all mailboxes in Mailbox Database 1

1.
ON VAN-EX1, in the Exchange Management Console, expand Recipient Configuration, and then
click Mailbox.
2.
In the Mailbox Entire Forest pane, click Create Filter.
3.
Configure the filter as Database Equals Mailbox Database 1, and then click Apply Filter.
4.
Select all visible mailboxes by using SHIFT+click.
5.
Right-click the selected mailboxes, and then click Enable Archive.
6.
In the Enable Archive Mailbox window, click Create a local archive.
7.
Select the Select a specific mailbox database rather than having on selected automatically
check box.
8.
Click the Browse button, click Mailbox Database 1, and then click OK.
9.
In the Enable Archive Mailbox window, click OK.
10. In the warning window, click Yes.
Task 4: Review the default policy tags and retention policies

1.
In the Exchange Management Console, in Organization Configuration, click Mailbox.
2.
Click the Retention Policy Tags tab, and then read the list of retention policy tags.
3.
Click the Retention Policies tab, and then double-click Default Archive and Retention Policy.
4.
In the Default Archive and Retention Policy Properties window, on the General tab, review the list
of retention policy tags that are part of this policy.
5.
Click the Mailboxes tab, and then review the list of mailboxes that this retention policy is applied to.
6.
Click Cancel.
Task 5: Create the Standard Mailbox Retention Policy

1.
On VAN-EX1, in the Exchange Management Console, in the Actions pane, click New Retention
Policy Tag.
2.
In the New Retention Policy Tag Wizard, on the Introduction page, enter the following, and then
click New:
Tag Name: Default 1 year archive
Tag Type: All other folders in the mailbox
Action to take when the age limit is reached: Move To Archive
Comment: Archive messages after 1 year
3.
4.
In the Actions pane, click New Retention Policy Tag.
5.
In the New Retention Policy Tag Wizard, on the Introduction page, enter the following, and then
click New:
Tag Name: Deleted Items 30 day removal
Tag Type: Deleted Items
Action to take when the age limit is reached: Delete and Allow Recovery
Comment: Remove deleted items after 30 days
6.
7.
In the Actions pane, click New Retention Policy.
8.
In the New Retention Policy Wizard, on the Introduction page, in the Name box, type Standard
Mailbox Retention Policy.
9.
Click Add, click Default 1 year archive, and then click OK.
10. Click Add, click Deleted Items 30 day removal, and then click OK.
11. Click Next.
12. On the Select Mailboxes page, click Next.
13. On the New Retention Policy page, click New.
Task 6: Apply the retention policy to the mailboxes in Mailbox Database 1

1.
On VAN-EX1, in the Exchange Management Console, in Recipient Configuration, click Mailbox.

Notice that the filter for Mailbox Database 1 is still applied.
2.
Click Add Expression.
3.
Configure the new expression as Recipient Details Does Not Equal Discovery Mailbox, and then
click Apply Filter.
4.
Select all visible mailboxes by using SHIFT+click.
5.
Right-click the selected mailboxes, and then click Properties.
6.
In the User Mailbox Properties window, click the Mailbox Settings tab.
7.
On the Mailbox Settings tab, click Messaging Records Management, and then click Properties.
8.
In the Messaging Records Management window, select the Apply Retention Policy check box.
9.
Click Browse, click Standard Mailbox Retention Policy, and then click OK.
10. In the Messaging Records Management window, click OK.

11. In the User Mailbox Properties window, click OK.
12. In the Bulk Edit Summary window, click OK.
13. Click Paul West, and then click Properties.
14. In the Paul West Properties window, click the Mailbox Settings tab, and then double-click
Messaging Records Management.
15. In the Messaging Records Management window, confirm that the Standard Mailbox Retention
Policy is applied, and then click Cancel.
16. In the Paul West Properties window, click Cancel.
Results: After this exercise, you should have prevented messages classified as Company Internal from
being sent to the Internet, created a retention policy, and applied it to all of the mailboxes in Mailbox
Database 1.

When you finish the lab, revert the machines to their initial state. To do this, complete the following steps:
1.
On the host computer, start the Microsoft Hyper-V Manager.
2.
3.
10
4.
5.
6.
7.
8.
9.
Lab Answer Key: Planning and Deploying High Availability
Module 8
Contents:
Module 8: Planning and Deploying High Availability
Lab: Planning and Deploying High

Availability

Note
Question: In the High Availability Interviews, what points are raised that impact your high availability
design, and how do they impact it?
Answer: The High Availability Interviews raises the following points:
The Chief Information Officer (CIO) wants all locations to be highly available. A single server failure
should not affect functionality. This means that all server roles in all locations must be highly
available.
There is limited bandwidth on the wide area network (WAN) links. The WAN links may need to be
upgraded if transaction logs are replicated across them.
The major sites with more than 3,000 users should be configured with an alternate site for disaster
recovery. The alternate site for disaster recovery should be in a different city, in case of a major
infrastructure problem.
The major sites are using dedicated mailbox servers. Any restrictions caused by combining roles do
not apply in the major sites.
Existing Mailbox servers are at capacity, and should not be used to host passive database copies. The
major sites require additional Mailbox servers specifically for hosting failed-over databases.
Smaller sites will be highly available only within the site.
Smaller sites are currently supported by only a single server with combined roles. An additional server
must be added to support high availability.
Logical corruption should be prevented for 6 hours in each database availability group (DAG). There
should be one lagged copy in each DAG with a 6 hour delay.
Question: Is there anything in the User Distribution Summary that raises high availability issues? If so,
what is it?
Answer: The User Distribution Summary raises the following points:
It provides information about the number of users in each site. These figures are used to determine
whether offsite disaster recovery is required.
Question: Is there anything in the Network Configuration that raises high availability issues? If so, what is
it?
Answer: The Network Configuration raises the following points:
All sites except for LondonSite2 have a connection to the Internet. All sites with a connection to the
Internet have Edge Transport servers.
SanDiegoSite does not allow inbound traffic to Client Access servers. Access to the SanDiego Client
Access servers will be proxied through other sites.

Document Author
Date
Jason Carlson
24th April 2010
Determine how high availability will be provided for all server roles in San Diego.
Proposals
Answer: No, this is a small site with only 500 users. Offsite disaster recovery is not part of the
requirements.
Answer: Provide high availability by creating a DAG.
Answer: Provide high availability by creating a client access array.
Answer: Provide high availability by installing a second Hub Transport server.
Answer: Yes, outgoing mail is routed through a local Edge Transport server. To make it highly
available, there should be two Edge Transport servers in the San Diego site.
(continued)
Answer: There will be four servers, and in the perimeter network there will be two Edge Transport
servers.
On the internal network, there will be two Exchange servers. Each Exchange server on the internal
network will have the Mailbox, Hub Transport, and Client Access server roles.
Answer: Half of the active databases will be located on each server, with passive copies on the
other server. Even though a single server has the capacity to support all mailboxes, splitting the
load may improve performance.
Each passive database copy will be configured with a 6-hour replay lag to prevent logical
corruption of both databases.
Answer: Hardware load balancing must be used, because DAG members cannot be part of a
Network Load Balancing (NLB) cluster.
Question: Is any additional configuration required for the Hub Transport server role?
Answer: No, you can achieve high availability just by having two Hub Transport servers.

Document Author
Date
Jason Carlson
24th April 2010
Determine how high availability will be provided for all server roles in Vancouver.
Proposals
Answer: Yes, this is a large site with 5,000 users. Offsite disaster recovery is required.
To reduce the cost of network connectivity, the offsite disaster recovery should be located in North
America. The San Diego site can be used for offsite disaster recovery. Network links to San Diego
from Vancouver may need to be improved with increased bandwidth for communication.
Answer: Provide high availability by creating a DAG, which will include a server in San Diego for
offsite disaster recovery.
(continued)
Answer: Provide high availability by creating a client access array in Vancouver. The client access
array in San Diego can be used when offsite disaster recovery is performed.
Answer: Provide high availability by installing a second Hub Transport server in Vancouver. The
Hub Transport servers in San Diego will be used when offsite disaster recovery is performed.
Answer: Yes, incoming and outgoing mail is routed through a local Edge Transport server. To make
it highly available, there should be two Edge Transport servers in the San Diego site.
Answer: In the perimeter network, there will be two Edge Transport servers.
On the internal network there will be:
Two dedicated Hub Transport servers to provide high availability for message transport
within the site and between sites.
Three dedicated Client Access servers in a client access array. This ensures that even if a
Client Access server fails, there is sufficient capacity to support all users.
Three mailbox servers in Vancouver, and two additional Mailbox servers in San Diego. To
support the 6,000 users in Vancouver, two Mailbox servers are required. To provide high
availability in Vancouver, a third server is required. To provide site resilience, two Mailbox
servers are located in San Diego.
Answer: One third of the active databases will be located on each server, with passive copies on
another local server, and on a server in San Diego. Evenly spreading the load in Vancouver can
increase performance. In San Diego, two servers provide sufficient capacity to host all mailboxes, if
required.
Each passive database copy in San Diego will be configured with a 6-hour replay lag to prevent
logical corruption of the databases. Logical corruption is a very rare event. So, there will be no
replay lag for passive database copies in Vancouver.
Answer: The Client Access server role is not combined with the Mailbox server role. Therefore, NLB
can be used. It is also possible to use hardware load balancing, if desired.
Note

Task 1: Prepare VAN-DC1 to be a DAG witness server
1.
On VAN-DC1, click Start, point to Administrative Tools, and then click Active Directory Users and
Computers.
2.
In Active Directory Users and Computers, expand Adatum.com, and then click Builtin.
3.
Right-click Administrators, and then click Properties.
4.
In the Administrators Properties window, on the Members tab, click Add.
5.
In the Enter the object names to select box, type Exchange Trusted Subsystem, and then click
OK.
6.
In the Administrators Properties window, click OK.
7.
Close Active Directory Users and Computers.
Task 2: Create a three-member DAG

1.
2.

3.
Click the Database Availability Groups tab.
4.
In the Actions pane, click New Database Availability Group.
5.
In the New Database Availability Group window, in the Database availability group name box,
type VancouverDAG.
6.
Select the Witness Server check box, and then type VAN-DC1.
7.
Select the Witness Directory check box, type C:\VanDAGWitness, and then click New.
Note Step 7 will generate a warning, because the witness server is not an Exchange Server.
8.
9.
In the Exchange Management Console, right-click VancouverDAG, and then click Properties.
10. In the VancouverDAG Properties window, click the IP Addresses tab.

11. On the IP Addresses tab, click Add.
12. In the Add database availability group IP address(es) window, type 10.10.0.200 and click OK.
13. In the VancouverDAG Properties window, click OK.
Note Step 13 generates a warning, because the witness server is not an Exchange server.
This does not indicate a problem.
14. Open the properties of VancouverDAG, and then add 10.10.0.200 as an IP address for the DAG.
15. In the Microsoft Exchange Warning window, click OK.
16. In the Exchange Management Console, right-click VancouverDAG, and then click Manage Database
Availability Group Membership.
17. In the Manage Database Availability Group Membership window, click Add.
18. In the Select Mailbox Server window, press the CTRL key while clicking to select VAN-EX1, VANEX2, and VAN-EX3, and then click OK.
19. In the Manage Database Availability Group Membership window, click Manage.
Task 3: Configure replication for Mailbox Database 1

1.
On VAN-EX3, in the Exchange Management Console, click the Database Management tab, and then
click Mailbox Database 1.
2.
In the Actions pane, under Mailbox Database 1, click Add Mailbox Database Copy.
3.
In the Add Mailbox Database Copy window, click the Browse button.
4.
In the Select Mailbox Server window, click VAN-EX2, and then click OK.
5.
In the Add Mailbox Database Copy window, click Add.
6.
7.
In the Actions pane, under Mailbox Database 1, click Add Mailbox Database Copy.
8.
In the Add Mailbox Database Copy window, click the Browse button.
9.
In the Select Mailbox Server window, click VAN-EX3, and then click OK.
10. In the Add Mailbox Database Copy window, click Add.

12. Click Start, point to All Programs, click Microsoft Exchange Server 2010, and then click Exchange
Management Shell.
13. In the Exchange Management Shell, type the following command, and then press ENTER:
Set-MailboxDatabaseCopy Identity Mailbox Database 1\VAN-EX3 ReplayLagTime 0.6:0:0
Get-MailboxDatabase Mailbox Database 1 | Format-List ReplayLagTimes
Get-MailboxDatabaseCopyStatus Identity Mailbox Database 1\VAN-EX3
Task 4: Simulate the failure of VAN-EX1

1.
On the host computer, in the 10233B-VAN-EX1 window, click the Action menu, and then click Turn
Off.
2.
In the Turn Off Machine window, click Turn Off.
3.
On VAN-EX3, in the Exchange Management Console, in the Actions menu, click Refresh.
4.
If any database copy has a status of Disconnected, click Refresh again.

Answer: The status for Mailbox Database 1 on each server is as follows:
VAN-EX1: ServiceDown
VAN-EX2: Mounted
VAN-EX3: Healthy
Question: Why is the server where the database is mounted selected?

Answer: The database on VAN-EX3 is a lagged copy. During a failover, a non-lagged copy is
selected over a lagged copy.
Task 5: Recover VAN-EX1

1.
On the host computer, in the 10233B-VAN-EX1 window, click the Action menu, and then click Start.
2.
On VAN-EX1, select Start Windows Normally, and then press ENTER.
3.
Wait a few minutes for VAN-EX1 to start.
4.
On VAN-EX3, in the Exchange Management Console, in the Actions menu, click Refresh.
Answer: The status for Mailbox Database 1 on each server is as follows:
5.
VAN-EX1: Healthy
VAN-EX2: Mounted
VAN-EX3: Healthy
If the status of Mailbox Database 1 on VAN-EX1 is initializing, wait a few minutes, and then click
Refresh again. You may need to select Mailbox Database 1 on VAN-EX1 to refresh its status.

following steps:
1.
2.
3.
4.
5.
6.
7.
8.
Lab Answer Key: Planning a Disaster Recovery Solution
Module 9
Contents:
Module 9: Planning a Disaster Recovery Solution
Lab: Planning a Disaster Recovery Solution

In the Exercise 1 scenario, review the Disaster Recovery SLA Notes.

Question: In the Disaster Recovery SLA Notes, what points are raised that impact your
disaster recovery plan for Vancouver?
Answer:
There can be no data loss due to the failure of a single server.
You can consider high availability as a replacement for backup if there are at least two local
copies of a database, and a remote database copy in another site.
To consider high availability as a replacement for backup, you must have one database copy that
is unaffected by logical corruption in another database copy for at least 12 hours.

Document Author
Date
Jason Carlson
5th May 2010
Determine how disaster recovery will be provided for all server roles in Vancouver.
Proposals
Question: Does this site require backups?
Answer: No. According to the service level agreement (SLA) requirements, you do not need to back
up a database availability group (DAG) with three copies, including site resilience. A three-member
DAG meets the requirement for no data loss when a single server fails. It also meets the
requirement for only minutes of downtime.
Answer: Yes. The database copies in San Diego have only a 6-hour replay lag. The SLA specifies
that to use a DAG as a replacement for backup, you must have at least a 12-hour replay lag. A
longer replay lag provides more time to discover a corruption, and to stop the replay process.
(continued)
Question: Are any changes required for deleted item retention?
Answer: Yes. The default retention time for deleted items is 14 days. The SLA specifies that you
must increase deleted-item retention to retain messages for 30 days. Also, you should enable
single-instance recovery on the Mailbox servers. This ensures that you can recover even harddeleted messages for the full 30 days.
Answer: Yes. The default retention time for deleted mailboxes is 30 days. The SLA specifies that you
must increase deleted-mailbox retention to 60 days.
Question: Do you need to back up data on Client Access servers?
Answer: No, you do not need to back up each Client Access server. However, you do need to
document your configuration changes. If a Client Access server fails, you can replace it with a new
one, and then make the required configuration changes. You can copy customized webpages from
a remaining server, but it would be easier to have a copy of those pages stored elsewhere so that
you can easily restore them.
Question: Do you need to back up data on Hub Transport servers?
Answer: No. All Hub Transport configuration data is stored in Active Directory Domain Services
(AD DS), including the customized Receive connectors. When replacing a failed Hub Transport
server, reuse the same computer account to retain the configuration by installing in Recovery
mode.
Question: Do you need to back up data on Edge Transport servers?
Answer: No. There are two Edge Transport servers, so, you can export the configuration data from
the remaining server, and then import it to the new server. However, to speed up this process, you
could have a copy of the configuration data already exported and waiting for recovery.
Question: Would your backup plan change if public folders were present in Vancouver?
Answer: It depends on the type of data that is stored in the public folders. If the public folders
were being used only to support free/busy searches and offline address book downloads for
Microsoft Office Outlook 2003 clients, then a backup is not required. You can regenerate that
data. If the public folders are used for collaboration between users, then they do need to be backed
up, because public folder databases are not replicated in a DAG.
Note
Results: After this exercise, you should have created a disaster recovery plan for the Vancouver site.


Question: In the Disaster Recovery SLA Notes document, what points are raised that impact
your disaster recovery plan for San Diego?
Answer:
There can be no data loss due to the failure of a single server.
You can consider high availability as a replacement for backup if there are at least two local
copies of a database, and a remote database copy in another site.
Messaging functionality must be recoverable within one hour. You can recover historical data up
to 24 hours later.
When recovering data from a backup, the maximum allowable data loss is four hours.
Any location that is not configured with site resilience must archive backups offsite for one week.

A. Datum Disaster Recovery Plan for San Diego
Document Author
Date
Jason Carlson
5th May 2010
Determine how disaster recovery will be provided for all server roles in San Diego.
Proposals
Question: Does this site require backups? If so, how will you perform backups?
Answer: Yes, the site requires backups, because the DAG does not have site resilience. Therefore,
you must perform a backup for mailbox databases. The two-member DAG will mean that the
backup is seldom required.
A disk-based backup solution is the most efficient way to perform backups. The data loss
requirements mean that a backup must be performed every four hours. If you use a disk-based
backup solutionsuch as Microsoft System Center Data Protection Managerthen each backup
will finish very quickly.
To meet the archive requirements, you must back up to tape once a week for offsite storage.
Answer: No, this DAG does not require replay as part of the SLA, because a backup is being
performed.
Question: Are any changes required for deleted-item retention?
Answer: Yes. The default retention time for deleted items is 14 days. The SLA specifies that deleteditem retention must be increased to retain messages for 30 days. Also, you should enable singleinstance recovery on the Mailbox servers. This ensures that you can recover even hard-deleted
messages for 30 days.
Answer: Yes. The default retention time for deleted mailboxes is 30 days. The SLA specifies that you
must increase deleted mailbox retention to 60 days.
Question: How will you meet the recovery requirement of one hour?
Answer: If a server or database fails, you can use dial-tone recovery to quickly restore basic
messaging functionality. Next, you can restore historical data to a recovery database, and merge
the historical data into the dial-tone database.
Question: Would your backup plan change if public folders were present in San Diego?
Answer: No, backups are already being performed.
Note
Results: After this exercise, you should have created a disaster recovery plan for the San Diego site.

Task 1: Enable single-item recovery for a mailbox
1.
2.

3.
On the Database Management tab, right-click Mailbox Database 1, and then click Properties.
4.
In the Mailbox Database 1 Properties window, click the Limits tab.
5.
In the Keep deleted items for (days) box, type 30.
6.
In the Keep deleted mailboxes for (days) box, type 60, and then click OK.
7.
Management Shell.
8.
In Exchange Management Shell, type the following command, and then press ENTER:
Set-Mailbox Luca SingleItemRecoveryEnabled $true
Task 2: Configure a user for message recovery

1.
On VAN-CL1, if necessary, log off, and then log on as Luca using the password Pa$$w0rd.
2.
On the taskbar, click Internet Explorer.
3.
In the Address bar of the Microsoft Internet Explorer browser, type

https://van-ex1.adatum.com/owa, and then press ENTER.
4.
Log on as Adatum\Administrator using the password Pa$$w0rd.
5.
Click OK to accept the default time zone.
6.
Click Options, and then click See All Options.
7.
Click Manage Myself, and then click My Organization.
8.
Click Roles & Auditing, and then click the Administrator Roles tab.
9.
Click the Discovery Management role group, and then click Details.
10. In the Role Group window, scroll to Members, click Add, double-click Andreas Herbinger, and then
click OK.
11. Click Save.
Task 3: Delete and purge a message

1.
On VAN-CL1, click Start, point to All Programs, click Microsoft Office, and then click Microsoft
Outlook 2010.
2.
Click New E-mail to create a new message.
3.
In the Untitled Message (HTML) window, type the following, and then click Send:
To: Luca
Subject: Test of SIR
4.
In the Inbox, right-click the Test of SIR message, and then click Delete.
5.
Click the Deleted Items folder.
6.
Right-click the Test of SIR message, and then click Delete.
7.
Click Yes to permanently delete the item.
8.
Click the Folder tab, and then click Recover Deleted Items.
9.
In the Recover Deleted Items From Deleted Items window, click Test of SIR, and then click the X
to purge the message.
10. Click OK to confirm purging the message.
Task 4: Locate a recoverable message

1.
On VAN-CL1, on the taskbar, click Internet Explorer.
2.
In the Address bar, type https://van-ex1.adatum.com/owa, and then press ENTER.
3.
Log on as Adatum\Andreas using the password Pa$$w0rd.
4.
Click OK to accept the default time zone.
5.
Click Options, and then click See All Options.
6.
Click Manage Myself, and then click My Organization.
7.
Click Mail Control.
8.
In Multi-Mailbox Search, click New.
9.
In the New Mailbox Search window, in the Keywords area, type SIR.
10. Click Mailboxes to Search to expand the settings.

11. Click Search specific mailboxes or the mailboxes of members of distribution groups, and then
click Add.
12. In the Select Mailbox window, double-click Luca Dellamore, and then click OK.
13. In the New Mailbox Search window, click Search Name, Type, and Storage Location to expand
the settings.
14. In the Search name box, type Lucas lost message.
15. Click Copy the search results to the destination mailbox.
16. In Select a mailbox in which to store the search results, click Browse, click Discovery Search
Mailbox, and then click OK.
17. Click Save.
18. Click Lucas lost message to view the results. You may need to click the refresh button.
19. In the search results, click [open].
20. In the new Outlook Web App window, click OK to accept the default language and time zone.
21. Click the Lucas lost message folder.
22. Expand Lucas lost message, and then click Results -date and time,.
Task 5: Create a role group for exporting mailbox contents
On VAN-EX1, in the Exchange Management Shell, type the following command, and then press
ENTER:
New-RoleGroup Name ExportMail Roles Mailbox Import Export Members Andreas
Task 6: Recover a message

1.
On VAN-EX1, log off as Administrator, and then log on as Adatum\Andreas using the password
Pa$$w0rd.
2.
3.
In the Exchange Management Shell, type the following command, and then press ENTER:
Search-Mailbox Discovery Search Mailbox SearchQuery Subject:SIR TargetMailbox
Luca TargetFolder Recovered
4.
On VAN-CL1, in Microsoft Outlook 2010, in the folder list, expand Recovered, expand Discovery
Search MailboxDateandTime, expand Primary Mailbox, expand Lucas lost message, and then
click ResultsDateandTime.
Results: After this exercise, you should have implemented single-item recovery and recovered a message.

steps:
1.
2.
3.
4.
Repeat these steps for 10233B-VAN-EX1, 10233B-VAN-EX2, and 10233B-VAN-EX3. Close the
virtual machine connection windows.
5.
6.
7.
8.
9.
Lab Answer Key: Planning Microsoft Exchange Server 2010 Monitoring and Troubleshooting
Module 10
Lab Answer Key: Planning Microsoft Exchange Server 2010
Contents

Additional Load
Module 10: Planning Microsoft Exchange Server 2010

Lab: Planning Exchange Server 2010

Task 1: Create a User Defined data collector set
1.
On VAN-EX1, click Start, point to All Programs, point to Microsoft Exchange Server 2010, and
then click Exchange Management Console.
2.
In the console tree, expand Microsoft Exchange On-Premises (van-ex1.adatum.com), and then
click Toolbox.
3.
In the results pane, double-click Performance Monitor.
4.
In the left pane, expand Performance Logs and Alerts.
5.
Expand Data Collector Sets, right-click User Defined, click New, and then click Data Collector Set.
6.
In the Name box, type Baseline, click Create manually (Advanced), and then click Next.
7.
On the What type of data do you want to include page, select the Performance counter check
box, and then click Next.
8.
On the Which performance counters would you like to log page, click Add.
9.
In the Available counters list, click and expand each of the following objects, and for each, click Add.
Memory
MSExchangeIS
Physical Disk
Processor
Server
System
10. Click OK.

11. In the Sample Interval box, type 1, and then click Next.
12. On the Where would you like the data to be saved page, click Next.
13. On the Create the data collector set page, click Finish.
Task 2: Configure Load Generator with suitable values to simulate the required load
1.
Switch to the VAN-DC1 computer.
2.
Click Start, point to All Programs, click Microsoft Exchange, and then click Exchange Load
Generator 2010.
3.
In Microsoft Exchange Load Generator 2010, click Start a new test.
4.
Click Create a new test configuration, and then click Continue.

Note
Do not configure the Define the length of a simulation day value.
5.
On the Specify test settings page, under Define the total length of the simulation, in the Hours
box, type 0.
6.
In the Minutes box, type 10.
7.
In the Directory Access Password box, type Pa$$w0rd.
8.
In the Mailbox Account Master Password box, type Pa$$w0rd, and then click Continue with
recipient management.
9.
On the User settings page, in the text box, type 12, and then click Distribute users evenly across
databases.
10. Click Continue.

11. On the Advanced recipient settings page, select the following check boxes:
Use contacts
12. In the Number of contacts box, type 20 and then click Continue.
13. On the Specify test user groups page, click the PLUS SIGN (+).
14. In the resulting item, in the Client Type list, click Outlook 2007 Online.
15. On the Specify test user groups page, click the PLUS SIGN (+) sign.
16. In the resulting item, in the Client Type list, click Outlook 2007 Cached, and in the Action Profile
list, click Heavy.
17. Click Continue, and on the Remote configurations page, click Continue.
18. On the Configuration summary page, click Save the configuration file as.
19. In the Save As dialog box, in the File name box, type Baseline, and then click Save.
20. In the Configuration Saved dialog box, click OK.
21. Click Skip initialization phase and run the simulation immediately.
22. Switch to the VAN-EX1 computer.
23. Switch to Exchange Server Performance Monitor.

24. Right-click Baseline, and then click Start.
25. Switch back to VAN-DC1, and wait until the simulation has finished.
26. After the simulation has finished, switch back to the VAN-EX1 server.
Note
This simulation runs for 10 minutes.
Task 3: Gather performance data, and analyze results

1.
On VAN-EX1, switch to Exchange Server Performance Monitor.
2.
Right-click Baseline, and then click Stop.
3.
In the left pane, click System Monitor. Click the red X in the toolbar repeatedly to remove all
counters from the display.
4.
Press Ctrl+L.
5.
6.
In the Select Log File dialog box, double-click Admin, double-click Baseline, double-click the folder
that ends 000001, and then double-click DataCollector01.blg.
7.
Click the Data tab.
8.
Click Add.
9.
In Performance object list, expand Memory.
10. In Available counters list, select Pages/sec, and then click Add.
11. Use the information in the following table to add additional counters.
Performance object
Counter
MSExchangeIS
RPC Requests
MSExchangeIS
User Count
Local delivery rate
Messages Delivered/sec
Messages Queued For Submission
Messages Sent/sec
Active Remote Delivery Queue Length
Retry Remote Delivery Queue Length
Submission Queue Length
(continued)
Performance object
Counter
Messages Received/sec
Messages Sent/sec
Physical Disk
% Disk Time
Physical Disk
Avg. Disk Queue length
Processor
% Processor Time
Server
Pool Nonpaged Failures
Server
Work Item Shortages
System
Processor Queue Length
Note If Performance Monitor experiences problems, close and restart it. Then continue
from step 3.
12. Click OK, and then click OK again.
13. Click the down arrow on the toolbar, and then click Report.
14. View the counter values, and then complete the following table.
Counter
Memory Pages/sec
Submission
MSExchangeTransport Queues - Active Remote
Delivery Queue Length
Queue Length
Length
Average
(continued)
Counter
Average

Received/sec
Note
Do not worry that some values are zero; this is a simulation.
Question: Do any counters indicate a bottleneck?

Answer: No.
Results: After this exercise, you should have created an Exchange Server performance baseline.

Additional Load
Note As this is a training exercise, you will use Load Generator to simulate the load.
Task 1: Generate additional load with Load Generator to simulate the environment
of heavier than planned for usage
1.
Switch to VAN-DC1.
2.
In Microsoft Exchange Load Generator, click Start a new test.
3.
Click Use the following saved configuration file, and then click Browse.
4.
In the Please select a configuration file dialog box, double-click Baseline.xml, and then click
Continue.
5.
On the Specify test settings page, click Continue with recipient management.
6.
On the User settings page, in the text box, type 20, and then click Distribute users evenly across
databases.
7.
Click Continue.
8.
9.
Create one per server
Use contacts
In the Number of contacts box, type 50 and then click Continue.
11. In the resulting item, in the Client Type list, click Outlook 2007 Online, and in the Action Profile
list, click Heavy.
13. In the resulting item, in the Client Type list, click Owa2010Module, and in the Action Profile list,
accept the defaults.
14. Click Continue, and on the Remote configurations page, click Continue.
15. On the Configuration summary page, click Save the configuration file as.
16. In the Save As dialog box, in the File name box, type Adatum, and then click Save.
17. In the Configuration Saved dialog box, click OK.
18. Click Skip initialization phase and run the simulation immediately.
19. Switch to VAN-EX1.
20. Switch to Exchange Server Performance Monitor.

21. Expand Data Collector Sets, expand User Defined, right-click Baseline, and then click Start.
22. Switch to VAN-DC1.
23. When the simulation completes, switch to VAN-EX1.
Task 2: Compare the data with the baseline data

1.
Switch to Exchange Server Performance Monitor.
2.
Right-click Baseline, and then click Stop.
3.
In the right pane, right-click, and then click Properties.
4.
In the Performance Monitor Properties dialog box, click the Source tab, and then click Remove.
5.
6.
In the Select Log File dialog box, click Up One Level, double-click the folder ending in 000002,
double-click DataCollector01.blg, and then click OK.
7.
View the counter values, and then complete the following table.
Counter
Memory Pages/sec
Submission
MSExchangeTransport Queues - Active Remote
Delivery Queue Length
Queue Length
Length
Received/sec
Average
(continued)
Counter
Average

Question: How do the values compare with those you previously recorded in the baseline
data?
Answer: Answer may vary.
Processor resources are influenced by the increased load.
There has been an increase in paging suggesting additional memory load.
Disk load has not increased.
Results: After this exercise, you should have determined which server resources are likely to become
bottlenecked if server load continues to increase.

following steps:
1.
2.
3.
4.
Repeat these steps for 10233B-VAN-EX1, 10233B-VAN-EX2, and 10233B-VAN-EX3.

Note
You do not need to start any virtual machines, as this is the last lab of the course.
Lab Answer Key: Upgrading to Microsoft Exchange Server 2010
Module 11
Lab Answer Key: Upgrading to Microsoft Exchange Server
2010
Contents:
Module 11: Upgrading to Microsoft Exchange Server 2010
Lab: Upgrading to Microsoft Exchange

Server 2010
Exercise 1: Designing an Exchange Server 2010 Upgrade Strategy
Task 2: Update the A. Datum Upgrade Design document
Answer the questions in the A. Datum Upgrade Design Questions document, and then complete the
A. Datum Upgrade Design document.
Document Author
Date
Jason Carlson
6th June 2010
Describe the upgrade strategy for the A. Datum organization.
Proposals
Question: Based on what you know about the A. Datum organization, what would be a reasonable
timeline for completing this migration?
Answer: Answers will vary. Because this upgrade does not require any client reconfigurations for
users, the organization could pursue a fairly aggressive timeline. Estimates for completing the
upgrade should range from 3 to 12 months.
Question: What are the factors that will affect the timeline?
Answer: Factors that will impact the upgrade time line include:
Project budget
Resource availability (both personnel and hardware)
Test requirements
Question: Where will you perform the schema upgrade?
Answer: The schema upgrade must be done in the domain where the Schema Master is located. As
a best practice, you should disable schema replication on the Schema Master while performing the
upgrade. After the upgrade is successfully completed, you can re-enable replication. In a large
organization, allow enough time for the schema upgrade to replicate to all domain controllers
before you prepare the domains.
(continued)
Question: What is the process for preparing domains for Exchange Server 2010?
Answer: Each domain with Exchange Server 2010 users or servers must be prepared. After the
schema upgrade has replicated to all domain controllers, you can run the setup with the
PrepareAllDomains option.
Question: How will you ensure that Exchange Server 2010 can coexist with Exchange Server 2003?
Answer: Run setup with the PrepareLegacyExchangePermissions option.
Question: Which site should be upgraded first?
Answer: London is the best site to upgrade first. The most experienced Exchange Server
administrators are likely located in London, as well as the central team of administrators who have
permission throughout the organization. London is also the site with the most users and the frontend servers for Exchange Server 2003.
Question: Which server role should be implemented first in that site?
Answer: The Client Access server role should be implemented first. It is required to provide
coexistence between Exchange Server 2003 and Exchange Server 2010.
Question: Should coexistence occur in multiple sites or a single location?
Answer: In general, it is better to limit coexistence to a single location to simplify the migration
process. If only a single location has coexistence, it is easy to configure message routing with a
single routing group connector. If time constraints dictate that multiple locations must have
coexistence, it is possible, but complexity increases.
Question: How will client access be configured to allow coexistence in the first site?
Answer: A client access array will be configured in the London site. The client access array will use
the external name of mail.adatum.com, which is currently used by the load-balanced front-end
servers for Exchange Server 2003. A new legacy.adatum.com name will be configured for the loadbalanced front-end servers. The Exchange Server 2010 Client Access servers will be configured with
the legacy URL for the Exchange Server 2003 front-end servers.
All users will initially connect to mail.adatum.com. Outlook Web Access users with Exchange
Server 2003 mailboxes will be redirected to the Exchange Server 2003 front-end servers. The
Exchange Server 2010 Client Access server will proxy connections for ActiveSync users. The
Exchange Server 2010 Client Access server will communicate directly with Exchange Server 2003
computers hosting mailboxes for Outlook Anywhere users.
Question: How will message transport be configured to allow coexistence in the first site?
Answer: The initial installation will have a single routing group connector between Exchange
Server 2010 and the London routing group. This will allow messages to be delivered between
Exchange Server 2003 and Exchange Server 2010.
Question: How will mailboxes be moved in the first site?
Answer: Mailboxes can be moved from Exchange Server 2003 to Exchange Server 2010 as soon as
all of the Exchange Server 2010 infrastructure is in place in London. Live mailbox moves are not
supported from Exchange Server 2003 to Exchange Server 2010. So, you will need to move
mailboxes outside of standard business hours or arrange for downtime to move mailboxes.
(continued)
Question: How will you move Internet message delivery from Exchange Server 2003 to Exchange
Server 2010 and use Edge Transport servers?
Answer: Edge transport servers can be introduced before Exchange Server 2010 Hub Transport
servers, but there is no reason to do so because there is already an anti-spam solution in place.
After Exchange Server 2010 Hub Transport servers are introduced, then you can implement Edge
Synchronization, which simplifies the management of Edge Transport servers.
After Edge Synchronization is configured, then you can direct incoming messages to the new Edge
Transport servers rather than the existing anti-spam appliances. To support outgoing mail directly
from Exchange Server 2010 to the Internet, you must create a send connector. Then you must
disable outbound mail delivery from Exchange Server 2003 to the Internet.
Question: When you begin migrating the second site to Exchange Server 2010, what process will
you use?
Answer: The same process as was used in London. The Client Access server will be implemented
first, and then other server roles. After you verify that message delivery and all services work
correctly, you can begin migrating mailboxes in the site.
To ensure that message delivery is efficient, you should create an additional routing group
connector between Exchange Server 2010 and the routing group for the second site.
Question: How will you remove Exchange Server 2003?
Answer: Exchange Server 2003 cannot be completely removed until all mailboxes are migrated to
Exchange Server 2010. Any Exchange Server 2003 computers that no longer have mailboxes can be
uninstalled. Care should be taken to ensure that bridgehead servers are not accidentally removed,
which could affect message routing.
The Exchange Server 2003 front-end servers should be the last servers removed. They must remain
in place to provide external Outlook Web Access connectivity for all external users with Exchange
Server 2003 mailboxes.
Note
Results: After this exercise, you should have completed the A. Datum Upgrade document.

Lab Answer Key: Integrating Microsoft Exchange Server 2010 with Other Messaging Systems
Module 12
Lab Answer Key: Integrating Microsoft Exchange Server
2010 with Other Messaging Systems
Contents:
Module 12: Integrating Microsoft Exchange Server 2010

with Other Messaging Systems
Lab: Integrating Exchange Server 2010 with

Other Messaging Systems
Task 1: Document the required configuration for migrating Northwind Traders email to
Office 365

Document Author
Date
Jason Carlson
5th June 2010
Determine how to how migrate Northwind Traders email to Office 365.
Proposals
Question: Does this scenario require a hybrid implementation of Office 365?
Answer: Yes. For the best interoperability between the on-premises Exchange Server organization
for A. Datum and Office 365, you should implement a hybrid scenario.
Question: Will inbound routing be to the on-premises Exchange Server organization or to
Office 365?
Answer: Inbound routing should be through the on-premises Exchange Server organization. This
allows the Edge Transport server in London to perform anti-spam and antivirus scanning for all
messages. Using Microsoft Forefront Online Protection for Exchange (FOPE) in Office 365 to scan
all messages would be expensive because additional licenses for FOPE would need to be purchased
for thousands of A. Datum Corporation users that do not have Office 365 mailboxes.
Question: Will outbound routing be centralized or decentralized?
Answer: Outbound routing will be centralized through the on-premises Exchange Server
organization. This is the only way that the legal disclaimer that includes the company logo can be
applied to all outbound messages.
Question: How will you configure mail exchanger (MX) resource records?
Answer: After the mailboxes are moved, you should direct the MX records for
northwindtraders.com to the Edge Transport servers in the A. Datum Corporation data
center in London. The MX records for adatum.com are already directed to the Edge
Transport server in the A. Datum Corporation data center in London.
Question: How will you migrate mailboxes to Office 365?
Answer: The only option for migrating mailboxes from a POP3/IMAP messaging system to
Office 365 is to use the IMAP migration. This migrates mailbox contents through an Internet
message access protocol (IMAP) connection.
(continued)
Question: Will you configure single sign-on?
Answer: Yes. There are 800 users at Northwind Traders. That large number of users will generate
many help desk calls if they cannot use the same user credentials for email logon as they use
internally for AD DS.
Question: Do you need to configure a user principal name (UPN) to support single sign-on?
Answer: Yes. You need to verify that the UPN for the adatum.com domain is configured to be
adatum.com. This matches the email addresses of the users. This should be configured before
directory synchronization begins as part of the hybrid deployment.
Question: What Active Directory Federation Services (AD FS) servers do you require to support
single sign-on?
Answer: To be highly available, there should be two load balanced federation servers and two load
balanced federation server proxies. The federation servers can be installed on existing domain
controllers because there are fewer than 1,000 users. The federation server proxies can be installed
on existing web or proxy servers in the perimeter network.
Question: What certificates do you need to support single sign-on?
Answer: Single sign-on with AD FS requires two certificates. One SSL certificate is installed on the
Default Web Site of the federation servers and federation server proxies. The subject of this
certificate needs to be an Internet routable domain name that matches the DNS name configured
for load balancing on federation servers and federation server proxies. The subject name also needs
to match the DNS name that is configured as the Federation Service name.
The federation servers also use a token-signing certificate that is automatically generated. No
configuration is required for the token-signing certificate.
Results: After this exercise, you should have created a plan to migrate Northwind Traders email to
Office 365.

Sharepoint2010 Session 2

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Sharepoint2010 Session 2

Uploaded by

Copyright:

Available Formats

O F F I C I A L

Product Number: 10233B

Lab Instructions: Introduction to Designing a Microsoft Exchange Server 2010 Deployment

Exercise 3: Discussion: Real-World Best Practices for Setting

Exercise 4: Discussion: Refining the Scope of SLA Requirements

Lab Instructions: Introduction to Designing a Microsoft Exchange Server 2010 Deployment

Lab: Introduction to Designing an Exchange Server 2010

1,000 Outlook Web Access users

200 Outlook Web Access users

50 POP3 client users

800 Outlook Web Access users

Lab Instructions: Introduction to Designing a Microsoft Exchange Server 2010 Deployment

1,000 Outlook Web Access users

200 Outlook Web Access users

Lab Instructions: Introduction to Designing a Microsoft Exchange Server 2010 Deployment

Domain Controller Locations:

London Messaging Detail:

Lab Instructions: Introduction to Designing a Microsoft Exchange Server 2010 Deployment

Tokyo Messaging Detail:

Vancouver Messaging Details:

Lab Instructions: Introduction to Designing a Microsoft Exchange Server 2010 Deployment

Requirements Interview Notes Document

Karen Toh, Vice President Europe

Marcel Truempy, CIO

Scott MacDonald, Vice President North America

Gareth Chan, Vice President - Asia

Carole Poland, IT Manager

Lab Instructions: Introduction to Designing a Microsoft Exchange Server 2010 Deployment

Shane DeSeranno, Network Operations Manager

Jason Carlson, Network Specialist

Tzipi Butnaru, Directory Services Manager

Conor Cunnigham, Messaging Services Manager

Andreas Herbinger, Messaging Specialist

Luca Dellamore, Messaging Specialist

Lab Instructions: Introduction to Designing a Microsoft Exchange Server 2010 Deployment

Exercise 1: Evaluating an Existing Messaging Infrastructure

Diagrams describing the A. Datum environment

Interview notes from meetings with various personnel at A. Datum

The main tasks for this exercise are as follows:

Review A. Datum documentation.

Task 1: Review A. Datum documentation

Review the following information:

Requirements interview notes document

Lab Instructions: Introduction to Designing a Microsoft Exchange Server 2010 Deployment

Task 2: Complete the appropriate sections in the Current Network Infrastructure

Complete the Current Network Infrastructure Analysis document.

A. Datum Current Network Infrastructure Analysis

Active Directory Infrastructure - Sites

Directory servers in each site

Active Directory Infrastructure Forest and domain topology

Domains in each forest

Lab Instructions: Introduction to Designing a Microsoft Exchange Server 2010 Deployment

Task 3: Complete the appropriate sections in the Current Messaging Infrastructure

Complete the relevant sections of the following document.

Exchange Server Configuration

Lab Instructions: Introduction to Designing a Microsoft Exchange Server 2010 Deployment

Exchange Organization information

Lab Instructions: Introduction to Designing a Microsoft Exchange Server 2010 Deployment

Exercise 2: Creating a Requirements Document

Discuss the questions.

Complete the appropriate sections in the Project Requirements Analysis document.

Task 1: Discuss the questions