Contents
Preface xvii
Foreword xxi
1 Introduction 1
1.1 A decade and counting of Exchange deployments 1
1.1.1 The way we were 2
1.1.2 The protocol wars 2
1.1.3 Ever increasing mobility 4
1.1.4 Third-party products and management 6
1.1.5 Some interesting projects 6
1.1.6 The not so good points 7
1.1.7 Exchange’s connection with the Active Directory 10
1.1.8 Reviewing predictions made in 1996 11
1.2 Microsoft’s themes for Exchange 2007 12
1.2.1 The happy prospect of a migration 18
1.3 Preparing for Exchange 2007 20
1.4 Installing Exchange 2007 22
1.4.1 Modifying and removing servers 27
1.4.2 Validating the installation 27
1.4.3 Third-party software 28
1.5 Server roles 28
1.5.1 Services 32
1.6 Licensing 36
1.6.1 Version numbers 40
1.6.2 32-bit Exchange 2007? 41
1.7 Support 42
1.8 Challenges for Exchange 2007 42
1.9 Into the future 45
vi Contents
2 Exchange, Windows, and the Active Directory 47
2.1 Active Directory and Exchange 47
2.1.1 Domain Designs 48
2.2 Active Directory replication 50
2.2.1 Replication basics 51
2.2.2 When Active Directory replication happens 53
2.2.3 Active Directory naming contexts 55
2.2.4 Transforming Domain controllers into
Global Catalogs 58
2.2.5 USNs and replication 60
2.2.6 Urgent replication 64
2.2.7 Intrasite and Intersite replication 65
2.2.8 High-watermark vector and up-to-date vector tables 68
2.2.9 Changes in Active Directory replication in Windows 2003 70
2.3 Exchange’s Active Directory Topology service 71
2.3.1 DSAccess (or ADAccess) 72
2.3.2 How many Global Catalog servers do I need? 75
2.3.3 Where are my Global Catalogs? 76
2.4 Recovering deleted Active Directory accounts 78
2.5 Exchange and the Active Directory schema 80
2.5.1 Updating the schema with an installation 80
2.5.2 Changing the schema 82
2.5.3 Active Directory custom attributes for Exchange 85
2.5.4 Updating the schema to allow Ambiguous
Name Resolution 86
2.5.5 Exchange-specific permissions 87
2.5.6 Exchange property sets 88
2.6 Longhorn and Exchange 2007 90
2.7 The very important LegacyExchangeDN attribute 91
2.8 Brain surgery for the Active Directory: ADSIEDIT 93
2.8.1 LDP and LDIFDE 96
2.8.2 Active Directory for Exchange 98
3 The Basics of Managing Exchange 2007 99
3.1 Exchange Management Console 100
3.1.1 The importance of filters 104
3.1.2 Managing mixed organizations 109
3.1.3 Running EMC remotely or on a workstation 112
3.1.4 No more AD Users and Computers 113
3.1.5 Changing columns 115
Contents vii
Contents
3.1.6 Visual effects 116
3.2 Why some options have disappeared from EMC 118
3.2.1 Coping with change 122
3.3 Changes in the Exchange delegation model 124
3.4 Customized Recipient Management 128
3.4.1 Adieu RUS 130
3.4.2 Recipient types 132
3.5 Moving users 133
3.5.1 Moving mailboxes 134
3.5.2 Logging mailbox moves 138
3.6 Using distribution groups 140
3.6.1 Forming groups 142
3.6.2 Group changes in Exchange 2007 145
3.6.3 Expanding distribution lists 147
3.6.4 How many objects can I have in a group? 148
3.6.5 Managing group membership 149
3.6.6 Protected groups (and users) 152
3.7 Using groups for permissions 154
3.7.1 Managing distribution groups from Outlook 154
3.8 Dynamic distribution groups 156
3.8.1 Changing filters and conditions for dynamic
distribution groups 157
3.8.2 A note on OPATH 159
3.8.3 A new UI for dynamic groups 160
3.8.4 Creating New dynamic groups 162
3.8.5 Using dynamic Distribution groups 167
3.9 Mailbox quotas 168
3.9.1 Setting mailbox quotas 170
3.10 Email address policies 173
3.10.1 Mailbox moves and email address policies 178
3.10.2 Queries that drive email address policies 178
3.11 Address lists 183
3.11.1 Upgrading Address Lists to Exchange 2007 format 187
3.12 User naming conventions 188
3.13 Server naming conventions 192
3.14 Moving from the basics 194
4 The Exchange Management Shell 195
4.1 EMS: Exchange’s management shell 197
4.1.1 Working with PowerShell commands 199
4.1.2 Exchange shell commands 204
viii Contents
4.1.3 Command editing 208
4.1.4 Getting at more information about something 210
4.1.5 Using common and user-defined variables 214
4.1.6 Identities 217
4.1.7 Working in a multi-domain forest 219
4.1.8 Profiles 221
4.1.9 PowerShell in batch 223
4.1.10 Execution policies 224
4.1.11 Sending email from the shell 226
4.2 Learning from EMC 229
4.3 Using EMS to work with mailboxes 232
4.3.1 Creating a new mailbox with a template 232
4.3.2 Setting and retrieving mailbox properties 234
4.3.3 Other ways of interacting with mailboxes 244
4.3.4 Get-Recipient 245
4.3.5 Moving mailboxes 245
4.3.6 Accessing another user’s mailbox 249
4.3.7 Different commands and different properties 251
4.3.8 Contacts 252
4.4 Working with distribution groups 253
4.4.1 Working with dynamic distribution groups 257
4.4.2 Advanced group properties 262
4.5 Delegation through the shell 265
4.6 Creating efficient filters 267
4.7 Bulk updates 270
4.7.1 Creating sets of mailboxes 273
4.8 Reporting mailbox data 275
4.8.1 Special properties 282
4.9 Using the shell for other management tasks 284
4.10 Command validation 287
4.11 Working with remote servers 290
4.12 Working with non-Exchange 2007 servers 291
4.13 Testing Exchange 2007 292
4.13.1 Client connections 294
4.13.2 Mail Flow 295
4.13.3 Miscellaneous test commands 297
4.14 PowerShell for Exchange administrators 297
5 The Store 301
5.1 Introducing the Store 301
5.2 Differences in the Exchange 2007 Store 306
Contents ix
Contents
5.2.1 Are 64 bits that important? 307
5.2.2 Trading memory for I/O 312
5.2.3 The decrease in storage costs 317
5.3 No more streaming database 318
5.4 Tables and items 320
5.5 Storage groups 323
5.5.1 Creating a new storage group and database 327
5.5.2 Working with storage groups and databases 329
5.6 Transaction logs 331
5.6.1 Circular logging 335
5.6.2 Creating new transaction logs 337
5.6.3 Reserved logs 338
5.6.4 Transactions, buffers, and commitment 339
5.6.5 Transaction log I/O 341
5.6.6 Protecting transaction logs 341
5.6.7 Transaction log checksum 342
5.6.8 Maximum database size 343
5.7 Database portability 345
5.7.1 Zero database pages 349
5.8 MAPI connections and logons 349
5.9 The Deleted Items cache 350
5.9.1 Cleaning the Deleted Items cache 356
5.9.2 Recovering items and mailboxes 357
5.10 Background maintenance 360
5.10.1 Background tasks 364
5.10.2 Tracking background maintenance 367
5.11 Fixing failed databases 368
5.12 Exchange 2007 content indexing 375
5.12.1 Using content indexing 380
5.13 Public folders 383
5.13.1 Public folders and Exchange 2007 384
5.13.2 Changes in public folders administration since
Exchange 2003 386
5.13.3 Calming replication storms 388
5.13.4 Managing public folders with Exchange 2007 392
5.13.5 Permissions on top-level folders 405
5.13.6 Referrals 405
5.13.7 Migrating public folder content 406
5.14 Removing database size limits 408
5.15 Backups 408
5.15.1 NTBackup 410
x Contents
5.15.2 Other commercial backup products 410
5.15.3 Creating a backup strategy 413
5.15.4 Backups and storage groups 415
5.15.5 Checkpoint file 421
5.15.6 The future of streaming backups 426
5.16 Moving from the Store 427
6 Exchange Transport and Routing 429
6.1 The evolution of routing 429
6.2 Change through experience 430
6.2.1 Hidden administrative and routing groups 433
6.3 Exchange 2007 transport architecture 435
6.3.1 The critical role of hub transport servers 438
6.3.2 Receive connectors 440
6.3.3 Send connectors 447
6.3.4 Linking Exchange 2003 and Exchange 2007 453
6.3.5 Multiple routes into Exchange 2003 458
6.3.6 Decommissioning Exchange 2003 routing groups 458
6.3.7 Handling Exchange 2003 link state updates
during migration 458
6.3.8 Foreign connectors 459
6.3.9 Authorization 460
6.3.10 Accepted domains 460
6.3.11 Transport storage 461
6.4 Routing ABC 464
6.4.1 Resolving multiple paths 467
6.4.2 Most specific connector 467
6.4.3 Connector cost 469
6.4.4 Closest proximity 469
6.4.5 The role of hub routing sites 470
6.4.6 Site link costs versus routing costs 471
6.4.7 Instructing mailbox servers 472
6.4.8 Bypassing some connections 472
6.4.9 Protocol logging 473
6.4.10 X.400 support 474
6.4.11 Bifurcation 475
6.4.12 Header firewalls 476
6.5 Transport configuration 476
6.5.1 Transport configuration file 481
6.5.2 Routing logs 483
6.6 Queues 485
Contents xi
Contents
6.6.1 The Queue Viewer 488
6.6.2 The Unreachable queue 491
6.6.3 Poison messages 493
6.7 Back Pressure 494
6.8 Delivery Status Notifications 496
6.8.1 Customizing DSNs 501
6.8.2 Postmaster addresses 504
6.9 Transport agents 505
6.10 Transport summary 506
6.11 Edge servers 506
6.11.1 Edge or hub? 508
6.11.2 Basic Edge 510
6.11.3 Edge Synchronization 511
6.11.4 Basic Edge security 518
6.11.5 Fighting spam and email viruses 518
6.11.6 Defense in depth 522
6.11.7 Microsoft’s approach to mail hygiene 523
6.11.8 Forefront for Exchange 528
6.11.9 Mail Hygiene Agents 533
6.11.10 Agent logs 535
6.11.11 Connection filtering 536
6.11.12 Sender filtering 538
6.11.13 Address Rewrite agent 539
6.11.14 Sender ID agent 541
6.11.15 Content filtering 547
6.11.16 Content Filter updates 550
6.11.17 Per-user SCL processing 553
6.11.18 Safelist Aggregation 554
6.11.19 Sender reputation 557
6.11.20 Recipient filtering 559
6.11.21 Blocking file attachments 560
6.11.22 Attachment filtering 562
6.11.23 Edge transport rules 563
6.11.24 Available Edge 565
6.12 Client-side spam suppression 567
6.12.1 Outlook’s Junk Mail Filter 568
6.12.2 Postmarks 573
6.12.3 Restricting OOF and other notifications 574
6.13 Routing onwards 580
xii Contents
7 Clients 581
7.1 Outlook 583
7.1.1 Outlook web services 585
7.1.2 Understanding Outlook’s relationship with Exchange 591
7.1.3 Deploying cached Exchange mode 596
7.1.4 Address caching 599
7.1.5 MAPI compression and buffers 600
7.1.6 Conflict resolution 602
7.1.7 Preventing MAPI clients from connecting 603
7.1.8 Outlook 2007 and Exchange 5.5 607
7.2 Offline and personal Stores 608
7.2.1 Personal folders 609
7.2.2 Mail delivery to personal folders 611
7.2.3 Configuring PSTs 615
7.2.4 PST archiving 617
7.3 Offline folder files 619
7.3.1 OST synchronization 621
7.3.2 When things go wrong with your OST 623
7.4 Out of Office changes 624
7.4.1 The big question: Is Outlook 2007 worth the upgrade? 625
7.5 The Offline Address Book (OAB) 626
7.5.1 Downloading the OAB 627
7.5.2 OAB files on the PC 628
7.5.3 The evolving OAB format 630
7.5.4 OAB and cached Exchange mode 632
7.5.5 OAB generation and distribution 634
7.5.6 Creating a customized OAB 640
7.5.7 Allocating OABs to users 642
7.6 Outlook Anywhere 645
7.7 Outlook Web Access 650
7.7.1 New features in Outlook Web Access 2007 652
7.7.2 Outlook Web Access Light 658
7.7.3 International versions 662
7.7.4 Accessing legacy data 664
7.7.5 Managing Outlook Web Access 666
7.7.6 Authentication 667
7.7.7 Segmentation 671
7.7.8 Notifications 675
7.7.9 Controlling attachments 677
7.7.10 Themes 680
7.7.11 Client settings 684
Contents xiii
Contents
7.8 Internet client access protocols 684
7.8.1 IMAP4 685
7.8.2 The Exchange 2007 IMAP server 689
7.9 Mobile clients 694
7.9.1 Selecting mobile devices 696
7.9.2 Server-based ActiveSync 698
7.10 Windows Mobile 6.0 and Exchange 2007 702
7.10.1 ActiveSync policies 706
7.10.2 Managing mobile devices through EMC 711
7.10.3 Moving mailboxes to Exchange 2007 and ActiveSync 713
7.10.4 Estimating network traffic for mobile devices 715
7.10.5 Analyzing ActiveSync logs 717
7.10.6 Wiping mobile devices 719
7.10.7 Debugging synchronization 721
7.11 Comparing Windows Mobile and BlackBerry 723
7.11.1 Processing the mail 725
7.11.2 Other messaging options for Windows Mobile 730
7.11.3 Power management 731
7.11.4 Input flexibility 732
7.12 Unified Communications 735
7.13 Unified Messaging 737
7.13.1 Client Access to voicemail 741
7.13.2 Dealing with voicemail 745
7.13.3 Voice synthesis 747
7.13.4 Pure voicemail 748
7.13.5 The magic of SIP 749
7.13.6 Speech Grammars 752
7.13.7 Phonetic names 754
7.13.8 Cross-forest UM 756
7.14 Special mailboxes 756
7.15 Clients and users 759
8 Managing Users 761
8.1 Room and equipment mailboxes 762
8.1.1 Managing properties of room and equipment mailboxes 765
8.1.2 Converting old mailboxes to rooms 770
8.2 Helping users to use email better 771
8.2.1 Eliminating bad habits 771
8.2.2 Disclaimers 779
8.2.3 Out-of-Office Notifications 781
8.2.4 The last few bad email habits 781
xiv Contents
8.3 Customizing display templates 782
8.4 Exchange 2007 and compliance 787
8.4.1 The growing need for compliance 789
8.4.2 Transport rules 792
8.4.3 Using a rule to add disclaimer text to outgoing messages 794
8.4.4 Capturing selected messages 795
8.4.5 Becoming more complicated 797
8.4.6 Creating an ethical firewall 800
8.4.7 Transport rule storage 803
8.4.8 Rules and the shell 804
8.4.9 Journal rules 808
8.5 Messaging Record Management 815
8.5.1 Managing default folders 818
8.5.2 Managing custom folders 824
8.5.3 Allocating managed folders with policies 826
8.5.4 Applying policies to users 827
8.5.5 The Managed Folder Assistant 829
8.5.6 Logging Managed Folder activity 831
8.5.7 Using Managed Folders 833
8.5.8 Harvesting information from managed folders 835
8.6 Message classifications 837
8.6.1 Adding intelligence to classification through rules 844
8.7 Copying user mailboxes 848
8.7.1 Auditing 853
8.8 Free and busy 853
8.8.1 Looking at free and busy data 855
8.8.2 Free and busy in Exchange 2007 861
8.8.3 Changes in Outlook 2007 863
8.8.4 Cross-forest free and busy 866
9 Hardware and Performance 867
9.1 Moving toward 64-bit Exchange 867
9.2 Buying servers for Exchange 2007 870
9.3 The storage question 876
9.4 RPC pop-ups 881
9.5 Clusters and Exchange 882
9.6 Continuous replication and Exchange 2007 888
9.6.1 Concepts 889
9.7 Deploying Local Continuous Replication (LCR) 892
9.7.1 How LCR works 897
9.7.2 LCR operations 900
Contents xv
Contents
9.7.3 LCR restrictions 903
9.7.4 LCR database transition 904
9.8 Deploying Cluster Continuous Replication (CCR) 906
9.8.1 Comparing CCR and traditional clusters 910
9.8.2 CCR in practice 912
9.8.3 CCR failovers 915
9.8.4 Lost Log Resilience 919
9.8.5 The transport dumpster 921
9.8.6 Standby Continuous Replication 924
9.9 Continuous Log Replication: Good or bad? 924
9.10 Virtual Exchange 925
10 More useful things to Know about Exchange 929
10.1 Automated analysis 929
10.1.1 SSCP 932
10.1.2 Microsoft’s Release to Web (RTW) strategy 933
10.2 The Exchange Toolbox 935
10.2.1 Updates 936
10.2.2 Database Recovery Management 937
10.2.3 Database Troubleshooter 942
10.2.4 Mail Flow Troubleshooter 943
10.3 Messaging tracking logs 945
10.3.1 Generating message tracking logs 947
10.3.2 Log sizes and ages 950
10.3.3 Keeping track of message subjects 951
10.3.4 Accessing message tracking logs 951
10.3.5 Using the Troubleshooting Assistant to track messages 952
10.3.6 Tracking messages with EMS 956
10.3.7 Message delivery latency 959
10.4 Management frameworks 959
10.5 Utilities 963
10.5.1 Performance testing 963
10.5.2 The MFCMAPI utility 965
10.5.3 MDBVU32 968
10.5.4 ExMon—Exchange User Monitor 968
10.5.5 PFDavAdmin 971
10.5.6 LogParser 973
10.5.7 Outlook Spy 978
10.6 Bits and pieces 978
10.6.1 Where the Exchange team hangs out 978
10.6.2 Online Forums 979
xvi Contents
10.7 Conferences 979
10.7.1 Magazines 980
10.7.2 How Exchange uses registry keys 980
10.8 Good reference books 981
A Appendix 983
A.1 Message Tracking Log Format 983
A.2 Events noted in Message Tracking Logs 985
B Important Exchange PowerShell commands 987
B.1 Recipient management commands 987
B.2 Exchange server administrative Commands 990
B.3 Databases and Storage Groups 993
B.4 Address Lists and Email Policies 995
B.5 Queues and Messages 995
B.6 Edge Synchronization 996
B.7 Routing 997
B.8 ActiveSync 998
B.9 Public folders 999
B.10 Transport and journal rules 1000
B.11 IMAP and POP 1001
B.12 Active Directory commands 1002
B.13 Testing Exchange 2007 1003
B.14 Basic PowerShell 1004
B.15 PowerShell control commands 1005
Preface
By their very nature, every book that seeks to describe how technology works face challenges during its creation. Dealing with beta software and attempting to resolve the difference between how the software works and how the developers say it will work in the final version is a problem faced by any author, which is one reason why it is often best to wait to finalize text after you have a chance to work with released software. Looking back at this project, in some ways, this has been the hardest book of the seven that I have written about Exchange. I think that there are four reasons why this might be so. First, Exchange 2007 marks the boundary for substantial architectural change within the product, so it is similar to the degree of change that we experienced when we moved from Exchange 5.5 to Exchange 2000. Second, the nature of software is that it becomes more complex over time as the developers add new features and this is certainly true of Exchange 2007. The new features have to be considered, probed, and documented, all of which takes time. Third, the Exchange development team has done an excellent job since 2004 to document all aspects of Exchange in a more comprehensive manner than ever before.
The Exchange 2007 help file, TechNet, MSDN, and the excellent Exchange team blog at https://msexchangeteam.com/ default.aspx are interesting and productive hoards of information for authors to mine. Unfortunately, there is often too much material (a good complaint to have) and the material needs to be interpreted and analyzed in the light of your own experience with Exchange. Engineers write great blogs, but the scourge of cognitive dissonance often means that they omit some detail that makes all the difference to a newcomer in understanding why a component works the way that it does. Last but not least, you should not underestimate the degree of cultural change that Microsoft has incorporated into Exchange 2007 in the transition from a predominantly GUI-centric approach to server management to the use of the PowerShell scripting language as the basis of many management operations. The need to understand and appreciate the change has to occur before you can adequately document and describe the benefits and this increases the effort required to write the book. I must admit that it took me time to realize the full benefit of interacting with Exchange through the shell, but now I am at the point where I wonder why Microsoft never provided such a powerful interface in the past! The degree of change that exists in Exchange 2007 means that it is diffi- cult to cover everything in one book. I have therefore elected to cover the parts of Exchange that I think are of most interest to the majority of administrators and have left other components for you to discover through the material that Microsoft publishes or perhaps another book, written by me or someone else. Please accept my apology if I have not covered something that you think is important and treat this as a challenge and opportunity for you to write about the topic yourself. There are many magazines, blogs, and other ways of spreading information about Exchange. From time to time, I wander back down the path to consider some aspect of Exchange 2003. While this book is firmly focused on Exchange 2007, the vast majority of companies that will deploy Exchange 2007 will do so by migrating from Exchange 2003 and will therefore run both products alongside each other for some period. For large organizations, the period might extend to a year or more as it is unlikely that few will complete their migration to a pure Exchange 2007 environment quickly. With this in mind, it is fair and reasonable to document how things work with Exchange 2003, especially when these servers operate with Exchange 2007. So what is in the book? To set the context, Chapter 1 starts with an overview of the development of Exchange from 4.0 to 2007 and then describes the themes that Microsoft employed to focus the development priorities for Exchange 2007 and some of the changes that occur in this release. All successful deployments of Exchange since Exchange 2000 operate on a solid Active Directory foundation, so Chapter 2 reviews some of the critical intersection points between Exchange and the Active Directory including replication, the schema, and Global Catalogs. Chapter 3 goes into the basics of managing Exchange 2007 through the Exchange Management Console. Chapter 4 takes the management topic further by exploring the ins and outs of the new Exchange Management Shell, perhaps the most fundamental change to the product that Microsoft has made in Exchange 2007. Chapter 5 goes to the heart of Exchange and reviews how the Store works including topics such as databases, storage groups, and transaction logs to content indexing and backups. Chapter 6 looks at how the new transport system routes messages and includes topics such as the Edge server and anti-spam protection. Chapter 7 explains how clients from Outlook to Outlook Web Access to mobile devices allow users to work with their mailboxes. Chapter 8 then moves on to consider some elements of user management, including the important topic of compliance and records management. Chapter 9 addresses one of the more
Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com